• maarten van damme (20/20) Mar 24 2012 hi,
• John Chapman (5/29) Mar 25 2012 Did you import ntoskrnl.lib?
• John Chapman (8/32) Mar 25 2012 Actually, Runtime.loadLibrary should return the function pointer
• maarten van damme (7/7) Mar 25 2012 I did not import ntoskrnl.lib because I'm trying to do everything in us...
• maarten van damme (10/10) Mar 25 2012 Turns out it indeed got the right function pointer and that function is
• maarten van damme (4/4) Mar 25 2012 While I was playing around some more I noticed that the optimize flag

maarten van damme <maartenvd1994 gmail.com> writes:

hi,
I'm trying to call NtUnmapViewOfSection from ntdll.dll. According to the
msdn docs it should look like

NTSTATUS NtUnmapViewOfSection(
  __in      HANDLE ProcessHandle,
  __in_opt  PVOID BaseAddress
);


I tried to call it by simply declaring

extern(Windows) uint NtUnmapViewOfSection(HANDLE hProcess,PVOID baseAddress);

But now I get

 Error 42: Symbol Undefined _NtUnmapViewOfSection 8


I've also tried using GetProcAddress

cast(uint function(HANDLE hProcess,PVOID
address))GetProcAddress(Runtime.loadLibrary("ntdll.dll"),
"NtUnmapViewOfSection")

but when I looked at GetLastError I get error 127 (specified procedure
could not be found) and the function doesn't work.


It's likely I'm missing something easy here, I just can't figure out what it is.

Someone knows what it is?


Maarten

"John Chapman" <johnch_atms hotmail.com> writes:

On Saturday, 24 March 2012 at 19:11:38 UTC, maarten van damme 
wrote:
 hi,
 I'm trying to call NtUnmapViewOfSection from ntdll.dll. 
 According to the
 msdn docs it should look like

 NTSTATUS NtUnmapViewOfSection(
   __in      HANDLE ProcessHandle,
   __in_opt  PVOID BaseAddress
 );


 I tried to call it by simply declaring

 extern(Windows) uint NtUnmapViewOfSection(HANDLE hProcess,PVOID 
 baseAddress);

 But now I get

  Error 42: Symbol Undefined _NtUnmapViewOfSection 8

Did you import ntoskrnl.lib?

 I've also tried using GetProcAddress

 cast(uint function(HANDLE hProcess,PVOID
 address))GetProcAddress(Runtime.loadLibrary("ntdll.dll"),
 "NtUnmapViewOfSection")

 but when I looked at GetLastError I get error 127 (specified 
 procedure
 could not be found) and the function doesn't work.


 It's likely I'm missing something easy here, I just can't 
 figure out what it is.

 Someone knows what it is?

Runtime.loadLibrary is the problem. Use the Win32 LoadLibrary 
instead.

 Maarten

"John Chapman" <johnch_atms hotmail.com> writes:

On Saturday, 24 March 2012 at 19:11:38 UTC, maarten van damme 
wrote:
 hi,
 I'm trying to call NtUnmapViewOfSection from ntdll.dll. 
 According to the
 msdn docs it should look like

 NTSTATUS NtUnmapViewOfSection(
   __in      HANDLE ProcessHandle,
   __in_opt  PVOID BaseAddress
 );


 I tried to call it by simply declaring

 extern(Windows) uint NtUnmapViewOfSection(HANDLE hProcess,PVOID 
 baseAddress);

 But now I get

  Error 42: Symbol Undefined _NtUnmapViewOfSection 8


 I've also tried using GetProcAddress

 cast(uint function(HANDLE hProcess,PVOID
 address))GetProcAddress(Runtime.loadLibrary("ntdll.dll"),
 "NtUnmapViewOfSection")

 but when I looked at GetLastError I get error 127 (specified 
 procedure
 could not be found) and the function doesn't work.


 It's likely I'm missing something easy here, I just can't 
 figure out what it is.

 Someone knows what it is?

Actually, Runtime.loadLibrary should return the function pointer 
correctly.

Your call to GetLastError() is returning 127 because 
Runtime.loadLibrary itself calls GetProcAddress to see if it 
contains a GC-related function (which will fail if it's not a D 
DLL).

 Maarten

maarten van damme <maartenvd1994 gmail.com> writes:

I did not import  ntoskrnl.lib because I'm trying to do everything in user
mode and there I have access to ntdll.dll which contains
ntunmapviewofsection. Thats why I started using implib to create an
ntdll.dll import library but I couldn't get it to work.

It's good to know that it actually returns the right function pointer. Now
I only have to find where the real problem is :)
Thank you for your help.

maarten van damme <maartenvd1994 gmail.com> writes:

Turns out it indeed got the right function pointer and that function is
getting called correctly. What I was trying to do however was forking a
process within another.
One of the things I needed to do was unmapping the base module from memory
from one of the exe's, align correctly and then write the second executable
in the memory of the first one.
NtUnmapViewOfSection seems to fail with error code STATUS_NOT_MAPPED_VIEW.

I've found out this error appears on certain kinds of executable and one's
written in D seem to be one of those. Is there any reason windows complains
that the main module containing the code section is not mapped?

maarten van damme <maartenvd1994 gmail.com> writes:

While I was playing around some more I noticed that the optimize flag
causes my program to give an access violation while normal compilation
doesn't give any error whatsoever. is this an old bug or have I stumbled
upon a new bug?