- To get the contents of the system dll I use the bat-file
:: erase from the screen
Cls
:: set the path and file name
Set masm64_path = \masm64\
Set filename = user32
% Masm64_path%bin\dumpbin.exe /EXPORTS %windir%\System32\%filename%.dll /OUT:%filename%.txtDump of file C:\Windows\System32\user32.dll
File Type: DLL
Section contains the following exports for USER32.dll
00000000 characteristics
4CE799CD time date stamp Sat Nov 20 17:50:05 2010
0.00 version
1500 ordinal base
1003 number of functions
830 number of names
Ordinal hint RVA name
1502 0 000083C0 ActivateKeyboardLayout
1503 1 0002AD40 AddClipboardFormatListener
1504 2 000235B8 AdjustWindowRect
1505 3 00017CE4 AdjustWindowRectEx
....
2341 33C 0007B430 wvsprintfA
2342 33D 00020BFC wvsprintfW
1500 0002B260 [NONAME]
1501 0002AE80 [NONAME]
....
Summary
2000 .data
A000 .pdata
10000 .rdata
1000 .reloc
5B000 .rsrc
81000 .textThen manually create the files user32.def and user32.inc from the file user32.txt
Extern __imp_user32_ordinal1500:qword
User32_ordinal1500 TEXTEQU <__imp_user32_ordinal1500>
Extern __imp_user32_ordinal1501:qword
User32_ordinal1501 TEXTEQU <__imp_user32_ordinal1501>
Extern __imp_ActivateKeyboardLayout:qword
ActivateKeyboardLayout TEXTEQU <__imp_ActivateKeyboardLayout>
Extern __imp_AddClipboardFormatListener:qword
AddClipboardFormatListener TEXTEQU <__imp_AddClipboardFormatListener>
Extern __imp_AdjustWindowRect:qword
AdjustWindowRect TEXTEQU <__imp_AdjustWindowRect>
Extern __imp_AdjustWindowRectEx:qword
AdjustWindowRectEx TEXTEQU <__imp_AdjustWindowRectEx>
Extern __imp_AlignRects: qword
...EXPORTS
User32_ordinal1500 = ordinal1500 @ 1500 NONAME
User32_ordinal1501 = ordinal1501 @ 1501 NONAME
ActivateKeyboardLayout = __imp_ActivateKeyboardLayout
AddClipboardFormatListener = __imp_AddClipboardFormatListener
AdjustWindowRect = __imp_AdjustWindowRect
AdjustWindowRectEx = __imp_AdjustWindowRectEx
....- Further with the help of bat
Set masm64_path =\masm64
Set filename = user32
% Masm64_path% \bin\link -lib /DEF:%filename%.def /OUT:%filename%.lib / MACHINE: X64- I receive user32.lib a file.
How to automate the manual work and transfer all the tedious work to the bat file?
P.S. I was surprised to find that there is no ExitProcess in kernel32.dll, and there is no DefWindowProcA in user32.dll , both functions are ported from ntdll.dll (RtlExitUserProcess and NtdllDefWindowProc_A respectively) (https://wasm.in/styles/smiles_s/smile3.gif)
Hi Mikl!
Program from the topic which I did not find (Hutch program) ... Or are you looking for a solution with a bat file only?
Hi LiaoMi!
Thank you for utilite!
Quote from: Mikl__ on July 10, 2017, 04:34:47 PM
Hi LiaoMi!
Thank you for utilite!
With administrator rights works better :idea:
QuoteI was surprised to find that there is no ExitProcess in kernel32.dll, and there is no DefWindowProcA in user32.dll , both functions are ported from ntdll.dll (RtlExitUserProcess and NtdllDefWindowProc_A respectively)
I've seen the right names before, and now it's even more interesting ..
(https://image.ibb.co/cE4zcv/Image_1.jpg)
Are you sure you want to use the ordinals in an include file? It will work on exactly one build of one Windows version...
Ciao, jj2007!
The question of importing functions by ordinals is not fundamental. I need to get rid of manual correction of inc/def-files. I would like that this work was done by bat-file, not by a human
Try expdef (http://purefractalsolutions.com/show.php?a=utils/expdef)
Comes with source, it is great for .def files.
It requires some change for 64-bit and rebuild, but I don't remember exactly what.
Hi aw27!
Thank you for expdef! (https://wasm.in/styles/smiles_s/smile3.gif)
An old example, an quite similar origins?
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <stdio.h>
void NTexports(DWORD_PTR base)
{
PIMAGE_DOS_HEADER pDOSHeader = (PIMAGE_DOS_HEADER) base;
PIMAGE_NT_HEADERS pNTHeaders = (PIMAGE_NT_HEADERS)(base + pDOSHeader->e_lfanew);
PIMAGE_EXPORT_DIRECTORY pExportDir = (PIMAGE_EXPORT_DIRECTORY)(base + pNTHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
PDWORD pAddr = (DWORD *)(base + pExportDir->AddressOfFunctions);
PDWORD pName = (DWORD *)(base + pExportDir->AddressOfNames);
printf("LIBRARY %s\nEXPORTS\n",(char *)(base+pExportDir->Name));
for(DWORD i=0;i<pExportDir->NumberOfNames;i++) {
puts(base+pName[i]);
}
}
int __cdecl main(int argc, char **argv)
{
HMODULE hmod = LoadLibrary(argv[1]);
if (argc>1) NTexports((DWORD_PTR)hmod);
return 0;
}
deleted
I have already done it using on of Pelle's tools. I have complete include and lib files for ml64.
deleted
I cound 1366, from h_read to ZombifyActCtx. Would be interesting to see where differences are - my version attached.
deleted
Not only - I used my own tool, it extracts the stuff from the 32-bit DLLs. Does anybody have code using the 64-bit DLLs?
I've seen only these two threads:
http://masm32.com/board/index.php?topic=95.msg114#msg114
http://masm32.com/board/index.php?topic=1983.msg20727#msg20727
deleted
Quote from: jj2007 on July 10, 2017, 10:56:51 PM
Not only - I used my own tool, it extracts the stuff from the 32-bit DLLs. Does anybody have code using the 64-bit DLLs?
I remembered now what you have to do in relationship with expdef: Just build expdef for 64-bit
That's all. The reason is that only a 64-bit exe can load a 64-bit dll.
Hi Mikl__,
Here is a tool to create import libraries from module definition files :
Module definition file to MS COFF import library converter (http://masm32.com/board/index.php?topic=1623.0)
In my perspective, the real pain with the manufacture of stdcall import libraries has to do with the name decoration (for example LoadLibraryA@4) which, as far as I know, has to be done by hand unless the functions are dllexported. MASM expects name decoration in order to use Invoke.
But if you use other assemblers like UASM or JWASM, name decoration can be waved with the switch -zt1 (or even -zt0 without the underscore).
Hi aw27,
With some macro tricks and new import libraries, it's possible to reduce the level of decoration of Masm object modules :
\PellesC\bin\polib /OUT:kernel32.lib /MACHINE:X86 %windir%\system32\kernel32.dll
\PellesC\bin\polib /OUT:user32.lib /MACHINE:X86 %windir%\system32\user32.dll
_invoke GetModuleHandle,NULL
mov hInstance,eax
_invoke GetCommandLine
mov CommandLine,eax
_invoke WinMain, hInstance,NULL,CommandLine,SW_SHOWDEFAULT
_invoke ExitProcess,eax
\masm32\bin\dumpbin.exe /SYMBOLS Window.obj > Symbols.txt
00B 00000000 UNDEF notype () External | _ExitProcess
00C 00000000 UNDEF notype () External | _GetCommandLineA
00D 00000000 UNDEF notype () External | _GetModuleHandleA
00E 00000000 UNDEF notype () External | _CreateWindowExA
00F 00000000 UNDEF notype () External | _DefWindowProcA
010 00000000 UNDEF notype () External | _DispatchMessageA
011 00000000 UNDEF notype () External | _GetMessageA
012 00000000 UNDEF notype () External | _LoadCursorA
013 00000000 UNDEF notype () External | _LoadIconA
014 00000000 UNDEF notype () External | _PostQuitMessage
015 00000000 UNDEF notype () External | _RegisterClassExA
016 00000000 UNDEF notype () External | _ShowWindow
017 00000000 UNDEF notype () External | _TranslateMessage
018 00000000 UNDEF notype () External | _UpdateWindow
019 00000000 SECT3 notype Static | hInstance
01A 00000000 SECT1 notype () External | _start
01B 00000009 SECT2 notype Static | AppName
Quote from: aw27 on July 11, 2017, 12:04:35 AMI remembered now what you have to do in relationship with expdef: Just build expdef for 64-bit
That's all. The reason is that only a 64-bit exe can load a 64-bit dll.
"Just build" is a bit more complicated. If you want to have a look, source is attached.
Or drag a bunch of DLLs over the exe and see the exports. It might choke if you drag more than ca 700 DLLs, though.
Processing Masm object files with an external tool and removing completely the decorations :
\PellesC\bin\polib /OUT:kernel32.lib /NOUND /MACHINE:X86 %windir%\system32\kernel32.dll
\PellesC\bin\polib /OUT:user32.lib /NOUND /MACHINE:X86 %windir%\system32\user32.dll
\masm32\bin\ml /c /coff Window.asm
undecor Window.obj
\masm32\bin\polink /SUBSYSTEM:WINDOWS Window.obj
No need of macros in this method.
Quote from: Vortex on July 11, 2017, 05:21:34 AM
With some macro tricks and new import libraries, it's possible to reduce the level of decoration of Masm object modules :
Hi Vortex,
Sure, but I was talking about Invoke not about any macro. :icon_exclaim:
Quote from: jj2007 on July 11, 2017, 05:25:35 AM
"Just build" is a bit more complicated. If you want to have a look, source is attached.
It is not more complicated. You used a different approach than ExpDef used and I was talking about ExpDef. :icon_exclaim:
Hi aw27,
My method based on object file undecoration with undecor.exe does not depend on any macros.
Quote from: Vortex on July 11, 2017, 05:36:49 AM
Processing Masm object files with an external tool and removing completely the decorations :
Postprocessing does the trick. Conclusion: there is always a workaround. :t
Just curious: How do you get the info for the PROTO, i.e. size/type+number of paras?
Quote from: jj2007 on July 11, 2017, 07:02:36 AM
Just curious: How do you get the info for the PROTO, i.e. size/type+number of paras?
If is not there, i.e, if it does not appear in dumpbin there is no direct way. Hence, there is a lot of manpower involved if you are dealing with a big dll like kernel32.dll
PS: Sorry, I don't think that you asked for this - I answered what I thought was in the context. The Info for the PROTO you get from the usual Microsoft channels, namely searching the web for the declarations.
Hi Erol,
nice work. Thank you very much!
Bat-file to create user32.inc from user32.txtSet FileName = user32
For / f "skip=16 tokens=1-4" %%a in (%FileName%.txt) do (
@echo extern __imp_%%d:qword >>%FileName%.inc
@echo %%d TEXTEQU ^<__imp_%%d^> >>%FileName%.inc
)Bat-file to create user32.def from user32.txtSet FileName = user32
@echo EXPORTS >>%FileName%.def
For / f "skip=16 tokens=1-4" %%a in (%FileName%.txt) do @echo %%d= __imp_%%d >>%FileName%.def Skip=16 skip the first 16 lines in user32.txtDump of file C:\Windows\System32\user32.dll
File Type: DLL
Section contains the following exports for USER32.dll
00000000 characteristics
4CE799CD time date stamp Sat Nov 20 17:50:05 2010
0.00 version
1500 ordinal base
1003 number of functions
830 number of names
ordinal hint RVA name
1502 0 000083C0 ActivateKeyboardLayout <-- useful information starts here^<__imp_%%d^> I escape the control characters "<" and ">" so that the bat-file perceives them as ordinary characters.
True, it is not yet possible to get from the lines1500 0002B260 [NONAME]Create strings in user32.defUser32_ordinal1500 = ordinal1500 @ 1500 NONAMEAnd user32.incextern __imp_user32_ordinal1500:qword
user32_ordinal1500 TEXTEQU <__imp_user32_ordinal1500>
And finally (http://wdesk.ru/_ph/22/2/884093696.gif) (Ba dum tss) inc_def.bat @echo off
cls
set masm64_path=\masm55\
set FileName=user32
%masm64_path%bin\dumpbin.exe /EXPORTS %windir%\System32\%FileName%.dll /OUT:%FileName%.txt
@echo EXPORTS >> %FileName%.def
for /f "skip=16 tokens=1-4" %%a in (%FileName%.txt) do (
if "%%a"=="Summary" exit
if "%%d"=="" @echo extern __imp_%FileName%_ordinal%%a:qword >> %FileName%.inc
if "%%d"=="" @echo %FileName%_ordinal%%a TEXTEQU ^<__imp_%FileName%_ordinal%%a^> >> %FileName%.inc
if "%%d"=="" @echo %FileName%_ordinal%%a=ordinal%%a @%%a NONAME >> %FileName%.def
if not "%%d"=="" @echo extern __imp_%%d:qword >> %FileName%.inc
if not "%%d"=="" @echo %%d TEXTEQU ^<__imp_%%d^> >> %FileName%.inc
if not "%%d"=="" @echo %%d=__imp_%%d >> %FileName%.def
)
@echo off
cls
set masm64_path=\masm55\
set FileName=user32
if exist %FileName%.inc del %FileName%.inc
if exist %FileName%.def del %FileName%.def
%masm64_path%bin\dumpbin.exe /EXPORTS %windir%\System32\%FileName%.dll /OUT:%FileName%.txt
@echo EXPORTS >> %FileName%.def
for /f "skip=16 tokens=1-4" %%a in (%FileName%.txt) do ( if "%%a"=="Summary" goto :exit
if "%%d"=="" ( @echo extern __imp_%FileName%_ordinal%%a:qword >> %FileName%.inc
@echo %FileName%_ordinal%%a TEXTEQU ^<__imp_%FileName%_ordinal%%a^> >> %FileName%.inc
@echo %FileName%_ordinal%%a=ordinal%%a @%%a NONAME >> %FileName%.def
) else ( if not "%%d"=="(forwarded" ( @echo extern __imp_%%d:qword >> %FileName%.inc
@echo %%d TEXTEQU ^<__imp_%%d^> >> %FileName%.inc
@echo %%d=__imp_%%d >> %FileName%.def )))
:exit
%masm64_path%bin\link -lib /DEF:%FileName%.def /OUT:%FileName%.lib /MACHINE:X64
I took a look at that expdef tool that AW posted a link to: http://purefractalsolutions.com/show.php?a=utils/expdef
Created a Dll2Def command line utility based on that: https://github.com/mrfearless/Dll2Def - download release: https://github.com/mrfearless/Dll2Def/releases/download/1.0.0.0/Dll2Def.zip
I was going to add in switches for handling using filename vs internal module name and remove underscores etc, but in the end didn't add those.
A simple PE export to def in C language.
I didn't test it much.