1. How do I enum all exported methods in .lib and .obj file?
2. Can I export the variable?
Dumpbin is the tool to do that.
For the sdk tool "dumpbin /ALL NameOfFile > result.txt"
search for "export" in the created file.
You can explode a Library in object files. (polib do that very well)
I don't know what you call "export the variable"
You can used all datas who have been declared PUBLIC.
Thank you ToutEnMasm
Sorry I forgot, How to programmatically?
You use it as a dos tool.
A batch make it easy to use
Quote
echo off
call "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\vcvars64.bat"
:dumpbin /?
dumpbin /ALL thislib.lib > thislib_lib.txt
pause
dumpbin /? give you a help screen
"MSDN dumpbin" give also help
Quote from: mabdelouahab on March 03, 2016, 07:56:10 PM
Sorry I forgot, How to programmatically?
pedump source code show how to do it?
From here (http://www.wheaty.net/downloads.htm) pedump.zip (http://www.wheaty.net/pedump.zip)
Pedump works only for 32 bits,just crash with 64
objconv (with source code) is better
Pelle's library manager polib.exe can be used to extract members from a library :
/EXPLODE Create object files for all members
Vortex,ToutEnMasm,TWell; Thanks for the help
Through search, I found these documents that talk about the struct of .Obj .Lib files
The COFF Symbol Table (http://jjhou.boolan.com/jjtbooks-win95-sys-prog-secrets-605-614.doc)
and
Under the Hood, MSJ April 1998.html (https://www.microsoft.com/msj/0498/hood0498.aspx)
(https://www.microsoft.com/msj/0498/hoodfig01.gif) (https://www.microsoft.com/msj/0498/hoodfig02.gif)
and this is my first attempt to answer the question:
include masm32rt.inc
__DumpFile PROTO :DWORD
.data
__IMAGE_ARCHIVE_START db "!<arch>",10
.code
Start:
invoke __DumpFile,chr$("Libmy.lib")
printf ("\n \n ")
inkey
exit
__DumpFile PROC filename
LOCAL hFile,hFileMapping,lpBaseAddr
LOCAL _d0,_d1,_d2,_d3,_d4,_d5,_d6,_d7,_d8
LOCAL pszSymbolName,pMemberOffsets,cSymbols,pSymbolsTable
; Map the file
mov hFile,rv(CreateFile,filename, GENERIC_READ, FILE_SHARE_READ, NULL,OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0)
.if hFile != INVALID_HANDLE_VALUE
mov hFileMapping,rv(CreateFileMapping,hFile, NULL, PAGE_READONLY, 0, 0, NULL)
.if hFileMapping != 0
mov lpBaseAddr ,rv(MapViewOfFile,hFileMapping, FILE_MAP_READ, 0, 0, 0)
.if lpBaseAddr
mov ecx,lpBaseAddr
.if [ecx].IMAGE_FILE_HEADER.Machine == IMAGE_FILE_MACHINE_I386 || [ecx].IMAGE_FILE_HEADER.Machine == IMAGE_FILE_MACHINE_ALPHA
.if [ecx].IMAGE_FILE_HEADER.SizeOfOptionalHeader == 0
;............. OBJFILE .............................................................
print " Obj File " ,13,10
mov ecx,lpBaseAddr
; The number of symbols in the COFF symbol table
mov eax,[ecx].IMAGE_FILE_HEADER.NumberOfSymbols
mov cSymbols,eax
; File offset of the COFF symbol table
add ecx,[ecx].IMAGE_FILE_HEADER.PointerToSymbolTable
mov pSymbolsTable,ecx
; The offset of the first symbol string
mov eax,cSymbols
mov edx,sizeof IMAGE_SYMBOL
mul edx
add eax,pSymbolsTable
mov pszSymbolName,eax
; Loop through every symbol in COFF symbol table
xor edx,edx
@@:
cmp edx,cSymbols
je @F
push edx
push ecx
; if StorageClass =IMAGE_SYM_CLASS_EXTERNAL & Export
.if [ecx].IMAGE_SYMBOL.StorageClass==IMAGE_SYM_CLASS_EXTERNAL && [ecx].IMAGE_SYMBOL.SectionNumber
.if [ecx].IMAGE_SYMBOL.N.Name1.Short1
;the symbol name has 8 characters or less
printf ("\n %s ",ecx)
.else
; else
mov ecx,[ecx].IMAGE_SYMBOL.N.Name1.Long1
add ecx,pszSymbolName
printf ("\n %s ",ecx)
.endif
.endif
pop ecx
add ecx,sizeof IMAGE_SYMBOL
pop edx
inc edx
jmp @B
@@:
.else
print " Unsupported format of file " ,13,10
.endif
.else
; All COFF libraries start with the string "!<arch>\n". Verify that this
; string is at the beginning of the mapped file
.if rv(crt_strncmp,lpBaseAddr,addr __IMAGE_ARCHIVE_START,IMAGE_ARCHIVE_START_SIZE) == 0
;............. LibFILE .............................................................
print " Lib File " ,13,10
; Point to the first archive member. This entry contains the LIB symbols,
; and immediately follows the archive start string ("!<arch>\n")
mov ecx,lpBaseAddr
add ecx,IMAGE_ARCHIVE_START_SIZE
; First DWORD after this member header is a symbol count
add ecx,sizeof IMAGE_ARCHIVE_MEMBER_HEADER
mov eax,dword ptr [ecx]
; The symbol count is stored in big endian format, so adjust as
; appropriate for the target architecture
bswap eax
mov cSymbols, eax
; Following the symbol count is an array of offsets to archive members
add ecx,4
mov pMemberOffsets ,ecx
; Following the array of member offsets is an array of offsets to symbol names.
mov eax,cSymbols ; cSymbols *4
add eax,eax
add eax,eax
add ecx,eax
mov pszSymbolName,ecx
; Loop through every symbol in the first archive member
mov ecx,pszSymbolName
xor edx,edx
@@:
cmp edx,cSymbols
je @F
push edx
push ecx
printf ("\n %s ", ecx)
pop ecx
; next symbol
NextSymb:
inc ecx
cmp byte ptr [ecx],0
jne NextSymb
inc ecx
pop edx
inc edx
jmp @B
@@:
.else
print " Unsupported format of file " ,13,10
.endif
printf ("\n \n ")
.endif
invoke UnmapViewOfFile,lpBaseAddr
.else
print "Unable to map wiew of file mapping object ", 13, 10
.endif
invoke CloseHandle,hFileMapping
.else
print "Unable to open file mapping object ", 13, 10
.endif
invoke CloseHandle,hFile
.else
print " Unable to open the file", 13, 10
.endif
ret
__DumpFile endp
End Start
IMAGE_FILE_MACHINE_AMD64 for amd64/x64
IMAGE_FILE_MACHINE_AMD64 = 0x8664
Thank you TWell, I've just added
Quote
.if [ecx].IMAGE_FILE_HEADER.Machine == IMAGE_FILE_MACHINE_I386 || \
[ecx].IMAGE_FILE_HEADER.Machine == IMAGE_FILE_MACHINE_ALPHA || \
[ecx].IMAGE_FILE_HEADER.Machine == IMAGE_FILE_MACHINE_AMD64
And now works with 32 and 64 obj and lib
Now I need a document that shows how to work with :
IMAGE_SYM_CLASS_STRUCT_TAG
IMAGE_SYM_CLASS_MEMBER_OF_STRUCT
IMAGE_SYM_CLASS_TYPE_DEFINITION
IMAGE_SYM_CLASS_ENUM_TAG Or at least how I export a
Struct,Type Def,Enum
Shouldnt be too hard to convert some of the c structs to assembler structs
some c based info for the internals: http://www.asmcommunity.net/forums/topic/?id=8096
so taking this structure as an example:
typedef struct _IMAGE_IMPORT_DESCRIPTOR {
union {
DWORD Characteristics; // 0 for terminating null import descriptor
DWORD OriginalFirstThunk; // RVA to original unbound IAT (PIMAGE_THUNK_DATA)
};
DWORD TimeDateStamp; // 0 if not bound,
// -1 if bound, and real date\time stamp
// in IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT (new BIND)
// O.W. date/time stamp of DLL bound to (Old BIND)
DWORD ForwarderChain; // -1 if no forwarders
DWORD Name;
DWORD FirstThunk; // RVA to IAT (if bound this IAT has actual addresses)
} IMAGE_IMPORT_DESCRIPTOR;
should convert to:
IMAGE_IMPORT_DESCRIPTOR STRUCT
Characteristics DWORD ? ; 0 for terminating null import descriptor
OriginalFirstThunk DWORD ? ; RVA to original unbound IAT (PIMAGE_THUNK_DATA)
TimeDateStamp DWORD ? ; 0 if not bound, -1 if bound, and real date\time stamp in IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT (new BIND) O.W. date/time stamp of DLL bound to (Old BIND)
ForwarderChain DWORD ? ; -1 if no forwarders
Name DWORD ? ;
FirstThunk DWORD ? ; RVA to IAT (if bound this IAT has actual addresses)
IMAGE_IMPORT_DESCRIPTOR ENDS
enum can be represented by defining constants, so in this example:
typedef enum IMPORT_OBJECT_TYPE
{
IMPORT_OBJECT_CODE = 0,
IMPORT_OBJECT_DATA = 1,
IMPORT_OBJECT_CONST = 2,
} IMPORT_OBJECT_TYPE;
converts to:
IMPORT_OBJECT_CODE EQU 0
IMPORT_OBJECT_DATA EQU 1
IMPORT_OBJECT_CONST EQU 2
deleted
I have tested this Structure:
MyStruct Struct
d1 dd 0
d2 dd 1
MyStruct ends
OllyDbg shown
(http://gdurl.com/Xn16)
But I do not know in any Section can be extracted,Because they do not exist in Symbols Table