Wow this looks like a really promise program :thup:, i have to try it. Thanks a lot nidud. I will give feedback on it later. :thumbsup:
It does not matter if more tools can do useful things, I use Pelle's polib to do a number of things but having extra tools is a good idea.
Hi nidud,
QuoteYou need a 64-bit EXE to load a 64-bit DLL.
That's true but one can code a 32-bit tool loading 64-bit DLLs as data files. The purpose would be to read the export section according to the MS PE specification and create DEF files.
Creating inc- and lib-files from system dllsinc-files - are text files containing a description of the data structures and Windows constants, and macros.
inc-files are formed by the programmer as the means of the operating system used by him expand. Similar to the header h/hpp- files used when programming in C/C++, sometimes you can generate inc-files from h-files using the h2inc.exe utility (it can be found in old MASM packages).
Purpose lib-files - providing link.exe with information about external links to WinAPI functions inside system dll files. A lib file is an archive that stores a set of "external character" mappings - a link to an object (COFF or PE) file. This "symbol" at the linking stage is either added to the executable image (in the case of COFF, from a precompiled object file), or is written in the import table (in the case of PE). That is, some external links are translated into your exe or dll.
link.exe processes the standard COFF libraries and COFF import libraries, which have a .lib extension. Standard libraries contain objects and are created using the lib.exe utility. Import libraries contain information about export to other programs and are created either by the link.exe compiler when building the program containing the export, or by the lib.exe utility.
To get the contents of the system dll-file I use the following bat-file
@ echo off
:: erase from the screen
cls
:: set the path to the masm64 directory
set masm64_path=\masm64\
:: name of the "prepared dll", start with user32
set FileName=user32
if exist %FileName%.inc del %FileName%.inc
if exist %FileName%.def del %FileName%.def
:: process user32.dll and get user32.txt file
%masm64_path%bin\dumpbin.exe /EXPORTS %windir%\System32\% FileName%.dll /OUT:%FileName%.txt
@echo EXPORTS >> %FileName%.def
for /f "skip=16 tokens=1-4" %%a in (%FileName%.txt ) do ( if "%%a"=="Summary" goto : exit
if "%%d"=="" ( @echo extern __imp_%FileName%_ordinal%%a:qword >> %FileName%.inc
@echo %FileName%_ordinal%%a TEXTEQU ^<__imp_%FileName%_ordinal %%a ^> >> %FileName%.inc
@echo %FileName%_ordinal%%a=ordinal%%a @ %%a NONAME >> %FileName%.def
) else ( if not "%%d"=="(forwarded" ( @echo extern __imp_%%d:qword >> %FileName%.inc
@echo %%d TEXTEQU ^<__imp_%%d ^> >> %FileName%.inc
@echo %%d=__imp_%%d >> %FileName%.def )))
: exit
%masm64_path%bin\link -lib /DEF: %FileName%.def /OUT: %FileName%.lib /MACHINE:X64
Parsing a bat-file:: erase from the screen
cls
:: set the path to the masm64 directory
set masm64_path=\masm64\
:: name of the "prepared dll", start with user32
set FileName=user32
:: process user32.dll and get user32.txt file
%masm64_path%bin\dumpbin.exe /EXPORTS %windir%\System32\%FileName%.dll /OUT:%FileName%.txt
Dump of file C:\Windows\System32\user32.dll
File Type: DLL
Section contains the following exports for USER32.dll
00000000 characteristics
4CE799CD time date stamp Sat Nov 20 17:50:05 2010
0.00 version
1500 ordinal base
1003 number of functions
830 number of names
ordinal hint RVA name
1502 0 000083C0 ActivateKeyboardLayout
1503 1 0002AD40 AddClipboardFormatListener
1504 2 000235B8 AdjustWindowRect
1505 3 00017CE4 AdjustWindowRectEx
....
2341 33C 0007B430 wvsprintfA
2342 33D 00020BFC wvsprintfW
1500 0002B260 [NONAME]
1501 0002AE80 [NONAME]
....
Summary
2000 .data
A000 .pdata
10000 .rdata
1000 .reloc
5B000 .rsrc
81000 .text
- after watching user32.txt seen that from user32.dll imported 846 functions, including 826 functions imported by name, 16 - on the ordinals and the functions DefDlgProcA, DefDlgProcW, DefWindowProcA, DefWindowProcW ported in user32.dll from the system library NTDLL.dll
Dump of file C:\Windows\System32\user32.dll
File Type: DLL
Section contains the following exports for USER32.dll
00000000 characteristics
4CE799CD time date stamp Sat Nov 20 17:50:05 2010
0.00 version
1500 ordinal base
1003 number of functions
830 number of names
ordinal hint RVA name
1502 0 000083C0 ActivateKeyboardLayout <--- useful information starts here
- if the user32.inc, user32.def, user32.lib files remaining from the previous processing of the dll-files already exist in the directory before starting processing, we delete them.
if exist %FileName%.inc del %FileName%.inc
if exist %FileName%.def del %FileName%.def
create user32.def file , which should begin with the line "EXPORTS"
@echo EXPORTS >> %FileName%.def
- useful information starts in user32.txt with line 16, so skip = 16 means - skip the first 16 lines in user32.txt
- when line-by-line parsing the user32.txt file, we use the first four words in the line to which we will assign the names %%a, %%b, %%c, %%d
for /f "skip=16 tokens=1-4" %%a in (%FileName%.txt ) do
if the first parameter is "Summary" - then all the functions included in the dll are processed, we stop processing, exit the user32.txt file and go to the label :exit
if "%%a"=="Summary" goto :exit
if the fourth parameter in the user32.txt file is empty - we have before us import by ordinals
%%a %%b %%c %%d
1500 0002B260 [NONAME]
save the first word (the ordinal of the WinAPI function) in the user32.txt line in the variable %%a, frame it and put it in two new lines in the user32.inc file
extern __imp_user32_ordinal1500: qword
user32_ordinal1500 TEXTEQU <__imp_user32_ordinal1500>
and user32.def
user32_ordinal1500 = ordinal1500 @ 1500 NONAME
if the fourth parameter is non-empty - we have before us import by function names
in the next line of user32.txt
%%a %%b %%c %%d
1502 0 000083C0 ActivateKeyboardLayout
the fourth word in the line (the name of the WinAPI function), save in the variable %%d, create two new lines in the user32.inc file , precede %%d "extern __imp_" end the line ":qword", add "TEXTEQU", "__imp_ ", we escape the control characters "<" and ">" (^<__ imp_%%d ^> so that the bat-file perceives them as ordinary characters.
extern __imp_ActivateKeyboardLayout:qword
ActivateKeyboardLayout TEXTEQU <__imp_ActivateKeyboardLayout>
and user32.def
ActivateKeyboardLayout = __ imp_ActivateKeyboardLayout
- if the fourth parameter is "(forwarded", then the WinAPI function is taken from another dll and we skip such a line.
%%a %%b %%c %%d
1657 94 DefDlgProcA (forwarded to NTDLL.NtdllDialogWndProc_A )
- from the contents of user32.def and user32.inc files, create user32.lib file
: exit
%masm64_path%bin\link -lib /DEF: %FileName%.def /OUT: %FileName%.lib/MACHINE: X64
the same result can be achieved by string
%masm64_path%bin\lib /DEF: %FileName%.def /OUT: %FileName%.lib /MACHINE:X64
- we transfer the user32.inc file to the masm64\include directory, and the user32.lib file to the masm64\lib directory
- remove software junk
if exist %FileName%.def del %FileName%.def
if exist %FileName%.exp del %FileName%.exp
if exist %FileName%.txt del %FileName%.txt