digitalmars.D.learn - trouble calling function from windows dll
- maarten van damme <maartenvd1994 gmail.com> Mar 24 2012
- "John Chapman" <johnch_atms hotmail.com> Mar 25 2012
- "John Chapman" <johnch_atms hotmail.com> Mar 25 2012
- maarten van damme <maartenvd1994 gmail.com> Mar 25 2012
- maarten van damme <maartenvd1994 gmail.com> Mar 25 2012
- maarten van damme <maartenvd1994 gmail.com> Mar 25 2012
--047d7b339c237e0fc304bc01e8a6
Content-Type: text/plain; charset=ISO-8859-1
hi,
I'm trying to call NtUnmapViewOfSection from ntdll.dll. According to the
msdn docs it should look like
NTSTATUS NtUnmapViewOfSection(
__in HANDLE ProcessHandle,
__in_opt PVOID BaseAddress
);
I tried to call it by simply declaring
extern(Windows) uint NtUnmapViewOfSection(HANDLE hProcess,PVOID baseAddress);
But now I get
Error 42: Symbol Undefined _NtUnmapViewOfSection 8
I've also tried using GetProcAddress
cast(uint function(HANDLE hProcess,PVOID
address))GetProcAddress(Runtime.loadLibrary("ntdll.dll"),
"NtUnmapViewOfSection")
but when I looked at GetLastError I get error 127 (specified procedure
could not be found) and the function doesn't work.
It's likely I'm missing something easy here, I just can't figure out what it is.
Someone knows what it is?
Maarten
--047d7b339c237e0fc304bc01e8a6
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
hi,<div>I'm trying to call NtUnmapViewOfSection from ntdll.dll. Accordi=
ng to the msdn docs it should look like</div><div><pre style=3D"padding-top=
:5px;padding-right:5px;padding-bottom:5px;padding-left:5px;margin-top:0px;m=
argin-bottom:0px;font-family:Consolas,Courier,monospace;word-break:break-al=
l;word-wrap:break-word;overflow-x:auto;overflow-y:auto;font-size:12px">
NTSTATUS NtUnmapViewOfSection(
__in=A0=A0=A0=A0=A0=A0HANDLE ProcessHandle,
__in_opt=A0=A0PVOID BaseAddress
);</pre><pre style=3D"padding-top:5px;padding-right:5px;padding-bottom:5px;=
padding-left:5px;margin-top:0px;margin-bottom:0px;font-family:Consolas,Cour=
ier,monospace;word-break:break-all;word-wrap:break-word;overflow-x:auto;ove=
rflow-y:auto;font-size:12px">
<br></pre><pre style=3D"padding-top:5px;padding-right:5px;padding-bottom:5p=
x;padding-left:5px;margin-top:0px;margin-bottom:0px;font-family:Consolas,Co=
urier,monospace;word-break:break-all;word-wrap:break-word;overflow-x:auto;o=
verflow-y:auto;font-size:12px">
I tried to call it by simply declaring </pre><pre style=3D"padding-top:5px;=
padding-right:5px;padding-bottom:5px;padding-left:5px;margin-top:0px;margin=
-bottom:0px;word-break:break-all;word-wrap:break-word;overflow-x:auto;overf=
low-y:auto">
<font face=3D"Consolas, Courier, monospace"><span style=3D"font-size:12px">=
extern(Windows) uint NtUnmapViewOfSection(HANDLE hProcess,PVOID baseAddress=
);</span></font></pre><pre style=3D"padding-top:5px;padding-right:5px;paddi=
ng-bottom:5px;padding-left:5px;margin-top:0px;margin-bottom:0px;word-break:=
break-all;word-wrap:break-word;overflow-x:auto;overflow-y:auto">
<font face=3D"Consolas, Courier, monospace"><span style=3D"font-size:12px">=
But now I get </span></font></pre><pre style=3D"padding-top:5px;padding-rig=
ht:5px;padding-bottom:5px;padding-left:5px;margin-top:0px;margin-bottom:0px=
;word-break:break-all;word-wrap:break-word;overflow-x:auto;overflow-y:auto"=
Error 42: Symbol Undefined _NtUnmapViewOfSection 8</span></font></pre><pre=
style=3D"padding-top:5px;padding-right:5px;padding-bottom:5px;padding-left=
:5px;margin-top:0px;margin-bottom:0px;word-break:break-all;word-wrap:break-=
word;overflow-x:auto;overflow-y:auto">
<font face=3D"Consolas, Courier, monospace"><span style=3D"font-size:12px">=
<br></span></font></pre><pre style=3D"padding-top:5px;padding-right:5px;pad=
ding-bottom:5px;padding-left:5px;margin-top:0px;margin-bottom:0px;word-brea=
k:break-all;word-wrap:break-word;overflow-x:auto;overflow-y:auto">
<font face=3D"Consolas, Courier, monospace"><span style=3D"font-size:12px">=
I've also tried using GetProcAddress</span></font></pre><pre style=3D"p=
adding-top:5px;padding-right:5px;padding-bottom:5px;padding-left:5px;margin=
-top:0px;margin-bottom:0px;word-break:break-all;word-wrap:break-word;overfl=
ow-x:auto;overflow-y:auto">
<font face=3D"Consolas, Courier, monospace"><span style=3D"font-size:12px">=
cast(uint function(HANDLE hProcess,PVOID address))GetProcAddress(Runtime.lo=
adLibrary("ntdll.dll"), "NtUnmapViewOfSection")</span><=
/font></pre>
<pre style=3D"padding-top:5px;padding-right:5px;padding-bottom:5px;padding-=
left:5px;margin-top:0px;margin-bottom:0px;word-break:break-all;word-wrap:br=
eak-word;overflow-x:auto;overflow-y:auto"><font face=3D"Consolas, Courier, =
monospace"><span style=3D"font-size:12px">but when I looked at GetLastError=
I get error 127 (specified procedure could not be found) and the function =
doesn't work.</span></font></pre>
<pre style=3D"padding-top:5px;padding-right:5px;padding-bottom:5px;padding-=
left:5px;margin-top:0px;margin-bottom:0px;word-break:break-all;word-wrap:br=
eak-word;overflow-x:auto;overflow-y:auto"><font face=3D"Consolas, Courier, =
monospace"><span style=3D"font-size:12px"><br>
</span></font></pre><pre style=3D"padding-top:5px;padding-right:5px;padding=
-bottom:5px;padding-left:5px;margin-top:0px;margin-bottom:0px;word-break:br=
eak-all;word-wrap:break-word;overflow-x:auto;overflow-y:auto"><font face=3D=
"Consolas, Courier, monospace"><span style=3D"font-size:12px">It's like=
ly I'm missing something easy here, I just can't figure out what it=
is.</span></font></pre>
<pre style=3D"padding-top:5px;padding-right:5px;padding-bottom:5px;padding-=
left:5px;margin-top:0px;margin-bottom:0px;word-break:break-all;word-wrap:br=
eak-word;overflow-x:auto;overflow-y:auto"><font face=3D"Consolas, Courier, =
monospace"><span style=3D"font-size:12px">Someone knows what it is?</span><=
/font></pre>
<pre style=3D"padding-top:5px;padding-right:5px;padding-bottom:5px;padding-=
left:5px;margin-top:0px;margin-bottom:0px;word-break:break-all;word-wrap:br=
eak-word;overflow-x:auto;overflow-y:auto"><font face=3D"Consolas, Courier, =
monospace"><span style=3D"font-size:12px"><br>
</span></font></pre><pre style=3D"padding-top:5px;padding-right:5px;padding=
-bottom:5px;padding-left:5px;margin-top:0px;margin-bottom:0px;word-break:br=
eak-all;word-wrap:break-word;overflow-x:auto;overflow-y:auto"><font face=3D=
"Consolas, Courier, monospace"><span style=3D"font-size:12px">Maarten</span=
</font></pre>
left:5px;margin-top:0px;margin-bottom:0px;word-break:break-all;word-wrap:br=
eak-word;overflow-x:auto;overflow-y:auto"><font face=3D"Consolas, Courier, =
monospace"><span style=3D"font-size:12px"><br>
</span></font></pre></div>
--047d7b339c237e0fc304bc01e8a6--
Mar 24 2012
"John Chapman" <johnch_atms hotmail.com> On Saturday, 24 March 2012 at 19:11:38 UTC, maarten van damme wrote:hi, I'm trying to call NtUnmapViewOfSection from ntdll.dll. According to the msdn docs it should look like NTSTATUS NtUnmapViewOfSection( __in HANDLE ProcessHandle, __in_opt PVOID BaseAddress ); I tried to call it by simply declaring extern(Windows) uint NtUnmapViewOfSection(HANDLE hProcess,PVOID baseAddress); But now I get Error 42: Symbol Undefined _NtUnmapViewOfSection 8
Did you import ntoskrnl.lib?I've also tried using GetProcAddress cast(uint function(HANDLE hProcess,PVOID address))GetProcAddress(Runtime.loadLibrary("ntdll.dll"), "NtUnmapViewOfSection") but when I looked at GetLastError I get error 127 (specified procedure could not be found) and the function doesn't work. It's likely I'm missing something easy here, I just can't figure out what it is. Someone knows what it is?
Runtime.loadLibrary is the problem. Use the Win32 LoadLibrary instead.Maarten
Mar 25 2012
On Saturday, 24 March 2012 at 19:11:38 UTC, maarten van damme wrote:hi, I'm trying to call NtUnmapViewOfSection from ntdll.dll. According to the msdn docs it should look like NTSTATUS NtUnmapViewOfSection( __in HANDLE ProcessHandle, __in_opt PVOID BaseAddress ); I tried to call it by simply declaring extern(Windows) uint NtUnmapViewOfSection(HANDLE hProcess,PVOID baseAddress); But now I get Error 42: Symbol Undefined _NtUnmapViewOfSection 8 I've also tried using GetProcAddress cast(uint function(HANDLE hProcess,PVOID address))GetProcAddress(Runtime.loadLibrary("ntdll.dll"), "NtUnmapViewOfSection") but when I looked at GetLastError I get error 127 (specified procedure could not be found) and the function doesn't work. It's likely I'm missing something easy here, I just can't figure out what it is. Someone knows what it is?
Actually, Runtime.loadLibrary should return the function pointer correctly. Your call to GetLastError() is returning 127 because Runtime.loadLibrary itself calls GetProcAddress to see if it contains a GC-related function (which will fail if it's not a D DLL).Maarten
Mar 25 2012
--14dae9340993036a9904bc0e6f7c Content-Type: text/plain; charset=ISO-8859-1 I did not import ntoskrnl.lib because I'm trying to do everything in user mode and there I have access to ntdll.dll which contains ntunmapviewofsection. Thats why I started using implib to create an ntdll.dll import library but I couldn't get it to work. It's good to know that it actually returns the right function pointer. Now I only have to find where the real problem is :) Thank you for your help. --14dae9340993036a9904bc0e6f7c Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable I did not import=A0 <span style>ntoskrnl.lib because I'm trying to do everything in user mo= de and there I have access to ntdll.dll which contains ntunmapviewofsection= . Thats why I started using implib to create an ntdll.dll import library bu= t I couldn't get it to work.</span><div> <span style><br></span></div><div><span style>It's good to know that it= actually returns the right function pointer. Now I only have to find where= the real problem is :)</span></div><div><span style>Thank you for your hel= p.</span></div> --14dae9340993036a9904bc0e6f7c--
Mar 25 2012
--e89a8f2343cbde099804bc0ebb8e Content-Type: text/plain; charset=ISO-8859-1 Turns out it indeed got the right function pointer and that function is getting called correctly. What I was trying to do however was forking a process within another. One of the things I needed to do was unmapping the base module from memory from one of the exe's, align correctly and then write the second executable in the memory of the first one. NtUnmapViewOfSection seems to fail with error code STATUS_NOT_MAPPED_VIEW. I've found out this error appears on certain kinds of executable and one's written in D seem to be one of those. Is there any reason windows complains that the main module containing the code section is not mapped? --e89a8f2343cbde099804bc0ebb8e Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Turns out it indeed got the right function pointer and that function is get= ting called correctly. What I was trying to do however was forking a proces= s within another.<div>One of the things I needed to do was unmapping the ba= se module from memory from one of the exe's, align correctly and then w= rite the second executable in the memory of the first one.</div> <div>NtUnmapViewOfSection seems to fail with error code=A0<span style=3D"ba= ckground-color:rgb(255,255,255);font-family:'Segoe UI',Verdana,Aria= l;font-size:13px;line-height:18px;text-align:left">STATUS_NOT_MAPPED_VIEW.= =A0</span></div> <div><span style=3D"background-color:rgb(255,255,255);font-family:'Sego= e UI',Verdana,Arial;font-size:13px;line-height:18px;text-align:left"><b= r></span></div><div><span style=3D"background-color:rgb(255,255,255);font-f= amily:'Segoe UI',Verdana,Arial;font-size:13px;line-height:18px;text= -align:left">I've found out this error appears on certain kinds of exec= utable and one's written in D seem to be one of those. Is there any rea= son windows complains that the main module containing the code section is n= ot mapped?</span></div> <div><span style=3D"background-color:rgb(255,255,255);font-family:'Sego= e UI',Verdana,Arial;font-size:13px;line-height:18px;text-align:left"><b= r></span></div> --e89a8f2343cbde099804bc0ebb8e--
Mar 25 2012
--14dae93409a9ba4c9304bc0f0f31 Content-Type: text/plain; charset=ISO-8859-1 While I was playing around some more I noticed that the optimize flag causes my program to give an access violation while normal compilation doesn't give any error whatsoever. is this an old bug or have I stumbled upon a new bug? --14dae93409a9ba4c9304bc0f0f31 Content-Type: text/html; charset=ISO-8859-1 While I was playing around some more I noticed that the optimize flag causes my program to give an access violation while normal compilation doesn't give any error whatsoever. is this an old bug or have I stumbled upon a new bug? --14dae93409a9ba4c9304bc0f0f31--
Mar 25 2012