Hello

I have two questions regarding the Code Snippet Creator by Iczelion.

Let's suppose we have a function Func1 located at(for example) VA 4091B0h in our target. We insert our snippet written in MASM32 in a new section.

1. How to call the function at 4091B0h from the snippet?
Here is what I do:
The MASM32 doesn't allow just to write:

MyProc proc
call 4091B0h
MyProc endp

For that reason I use the following:
Func1:
;push parameters of 4091B0h here
push retAddr
push 4091B0h
ret
retAddr:
ret

MyProc proc
call Func1
MyProc endp

This works fine but I think this solution is not very elegant.
So the question is:
Is this the way to call functions in the target?

2. If this is the way there it is still something that is not very clear to me.
How to deal with the relocation problems that may arise with this
push 4091B0h
ret
mechanism?
Possible solutions are:
1. Patch the target relocation table
2. Use RVA instead of VA and calculate the real address at runtime i.e. GetModuleHandle + RVA

What do you think?

Regards!
Maldoror

Hi Maldoror,

I think the problem resides in the compiler you use, masm in this case. Infact, masm doesn't allow you to make a call with a direct address like you want to do. You have always to make a sort of indirect call using your push/ret combination or something like:
mov eax, <address>
call eax

or

address dd 4091B0h
...
call address

In this way you also should solve your relocation problem.

There is maybe another way to solve your problem. You can try to make the call using the code segment before the address. I have tried this way sometimes with jmp instruction and it worked fine. I have not tryed calling a 'Call' (sorry) in this way but you can try to use something like:

Call segment:address
or
Call dword ptr segment:address

Hope this help you.

ZaiRoN