News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

.LIB and .OBJ

Started by mabdelouahab, March 03, 2016, 05:41:13 PM

Previous topic - Next topic

mabdelouahab

1. How do I enum all exported methods in .lib and .obj file?
2. Can I export the variable?

TouEnMasm


Dumpbin is the tool to do that.
For the sdk tool "dumpbin /ALL NameOfFile > result.txt"
search for "export" in the created file.
You can explode a Library in object files. (polib do that very well)
I don't know what you call "export the variable"
You can used all datas who have been declared PUBLIC.
Fa is a musical note to play with CL

mabdelouahab

Thank you ToutEnMasm
Sorry I forgot, How to programmatically?

TouEnMasm

You use it as a dos tool.
A batch make it easy to use
Quote
echo off
call "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\vcvars64.bat"
:dumpbin /?
dumpbin  /ALL thislib.lib > thislib_lib.txt
pause
dumpbin /? give you a help screen
"MSDN dumpbin" give also help


Fa is a musical note to play with CL

TWell

Quote from: mabdelouahab on March 03, 2016, 07:56:10 PM
Sorry I forgot, How to programmatically?
pedump source code show how to do it?
From here pedump.zip

TouEnMasm

Pedump works only for 32 bits,just crash with 64
objconv (with source code) is better
Fa is a musical note to play with CL

Vortex

Pelle's library manager polib.exe can be used to extract members from a library :

/EXPLODE           Create object files for all members

mabdelouahab

Vortex,ToutEnMasm,TWell; Thanks for the help
Through search, I found these documents that talk about the struct of .Obj .Lib files
The COFF Symbol Table
and
Under the Hood, MSJ April 1998.html

 


and this is my first attempt to answer the question:
include masm32rt.inc
__DumpFile PROTO :DWORD
.data
__IMAGE_ARCHIVE_START db "!<arch>",10
.code

Start:

invoke __DumpFile,chr$("Libmy.lib")

printf ("\n \n ")
inkey
exit

__DumpFile PROC filename
LOCAL hFile,hFileMapping,lpBaseAddr
LOCAL _d0,_d1,_d2,_d3,_d4,_d5,_d6,_d7,_d8
LOCAL pszSymbolName,pMemberOffsets,cSymbols,pSymbolsTable
; Map the file
mov hFile,rv(CreateFile,filename, GENERIC_READ, FILE_SHARE_READ, NULL,OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0)
.if hFile != INVALID_HANDLE_VALUE
mov hFileMapping,rv(CreateFileMapping,hFile, NULL, PAGE_READONLY, 0, 0, NULL)
.if hFileMapping != 0
mov lpBaseAddr ,rv(MapViewOfFile,hFileMapping, FILE_MAP_READ, 0, 0, 0)
.if lpBaseAddr
    mov ecx,lpBaseAddr
    .if [ecx].IMAGE_FILE_HEADER.Machine == IMAGE_FILE_MACHINE_I386 || [ecx].IMAGE_FILE_HEADER.Machine == IMAGE_FILE_MACHINE_ALPHA
    .if [ecx].IMAGE_FILE_HEADER.SizeOfOptionalHeader == 0
;............. OBJFILE .............................................................
    print " Obj File  " ,13,10   
      mov ecx,lpBaseAddr
     
      ; The number of symbols in the COFF symbol table
      mov eax,[ecx].IMAGE_FILE_HEADER.NumberOfSymbols
      mov cSymbols,eax
     
      ; File offset of the COFF symbol table
      add ecx,[ecx].IMAGE_FILE_HEADER.PointerToSymbolTable
      mov pSymbolsTable,ecx

; The offset of the first symbol string
      mov eax,cSymbols
      mov edx,sizeof IMAGE_SYMBOL
      mul edx
      add eax,pSymbolsTable
mov pszSymbolName,eax

; Loop through every symbol in COFF symbol table
xor edx,edx
@@:
cmp edx,cSymbols
je @F
push edx
push ecx
; if StorageClass =IMAGE_SYM_CLASS_EXTERNAL & Export
.if [ecx].IMAGE_SYMBOL.StorageClass==IMAGE_SYM_CLASS_EXTERNAL && [ecx].IMAGE_SYMBOL.SectionNumber
.if [ecx].IMAGE_SYMBOL.N.Name1.Short1
;the symbol name has 8 characters or less
printf ("\n %s ",ecx)
.else
; else
mov ecx,[ecx].IMAGE_SYMBOL.N.Name1.Long1
add ecx,pszSymbolName
printf ("\n %s ",ecx)
.endif
.endif
pop  ecx
add ecx,sizeof IMAGE_SYMBOL
pop  edx
inc  edx
jmp @B
@@:

    .else
    print " Unsupported format of file " ,13,10 
    .endif
.else
    ; All COFF libraries start with the string "!<arch>\n".  Verify that this
      ; string is at the beginning of the mapped file
.if rv(crt_strncmp,lpBaseAddr,addr __IMAGE_ARCHIVE_START,IMAGE_ARCHIVE_START_SIZE) == 0
;............. LibFILE .............................................................
    print " Lib File  " ,13,10 
     
      ; Point to the first archive member.  This entry contains the LIB symbols,
      ; and immediately follows the archive start string ("!<arch>\n")
      mov ecx,lpBaseAddr
      add ecx,IMAGE_ARCHIVE_START_SIZE

; First DWORD after this member header is a symbol count
add ecx,sizeof IMAGE_ARCHIVE_MEMBER_HEADER
    mov eax,dword ptr [ecx]
   
    ; The symbol count is stored in big endian format, so adjust as
    ; appropriate for the target architecture
      bswap eax
      mov cSymbols, eax

; Following the symbol count is an array of offsets to archive members
add ecx,4
mov pMemberOffsets ,ecx
; Following the array of member offsets is an array of offsets to symbol names.
mov eax,cSymbols ; cSymbols *4
add eax,eax
add eax,eax

add ecx,eax
mov pszSymbolName,ecx

; Loop through every symbol in the first archive member
mov ecx,pszSymbolName
xor edx,edx
@@:
cmp edx,cSymbols
je @F
push edx
push ecx
printf ("\n %s ", ecx)
pop  ecx
; next symbol
NextSymb:
inc ecx
cmp byte ptr [ecx],0
jne NextSymb
inc ecx

pop  edx
inc  edx
jmp @B
@@:
    .else
    print " Unsupported format of file " ,13,10 
.endif
printf ("\n \n ")
.endif
invoke UnmapViewOfFile,lpBaseAddr
.else
print "Unable to map wiew of file mapping object ", 13, 10
.endif
invoke CloseHandle,hFileMapping
.else
print "Unable to open file mapping object ", 13, 10
.endif
invoke CloseHandle,hFile
    .else
print " Unable to open the file", 13, 10
.endif
ret
__DumpFile endp
End Start

TWell

IMAGE_FILE_MACHINE_AMD64 for amd64/x64
IMAGE_FILE_MACHINE_AMD64 = 0x8664

mabdelouahab

 Thank you TWell, I've just added
Quote
            .if    [ecx].IMAGE_FILE_HEADER.Machine == IMAGE_FILE_MACHINE_I386 || \
                   [ecx].IMAGE_FILE_HEADER.Machine == IMAGE_FILE_MACHINE_ALPHA || \
                   [ecx].IMAGE_FILE_HEADER.Machine == IMAGE_FILE_MACHINE_AMD64

And now works with 32 and 64 obj and lib

Now I need a document that shows how to work with :

IMAGE_SYM_CLASS_STRUCT_TAG
IMAGE_SYM_CLASS_MEMBER_OF_STRUCT
IMAGE_SYM_CLASS_TYPE_DEFINITION
IMAGE_SYM_CLASS_ENUM_TAG



Or at least how I export a Struct,Type Def,Enum

fearless

Shouldnt be too hard to convert some of the c structs to assembler structs

some c based info for the internals: http://www.asmcommunity.net/forums/topic/?id=8096

so taking this structure as an example:
typedef struct _IMAGE_IMPORT_DESCRIPTOR {
    union {
        DWORD   Characteristics;            // 0 for terminating null import descriptor
        DWORD   OriginalFirstThunk;         // RVA to original unbound IAT (PIMAGE_THUNK_DATA)
    };
    DWORD   TimeDateStamp;                  // 0 if not bound,
                                            // -1 if bound, and real date\time stamp
                                            //     in IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT (new BIND)
                                            // O.W. date/time stamp of DLL bound to (Old BIND)

    DWORD   ForwarderChain;                 // -1 if no forwarders
    DWORD   Name;
    DWORD   FirstThunk;                     // RVA to IAT (if bound this IAT has actual addresses)
} IMAGE_IMPORT_DESCRIPTOR;


should convert to:
IMAGE_IMPORT_DESCRIPTOR STRUCT
    Characteristics     DWORD ? ; 0 for terminating null import descriptor
    OriginalFirstThunk  DWORD ? ; RVA to original unbound IAT (PIMAGE_THUNK_DATA)
    TimeDateStamp       DWORD ? ; 0 if not bound, -1 if bound, and real date\time stamp in IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT (new BIND) O.W. date/time stamp of DLL bound to (Old BIND)
    ForwarderChain      DWORD ? ; -1 if no forwarders
    Name                DWORD ? ;
    FirstThunk          DWORD ? ; RVA to IAT (if bound this IAT has actual addresses)
IMAGE_IMPORT_DESCRIPTOR ENDS


enum can be represented by defining constants, so in this example:
typedef enum IMPORT_OBJECT_TYPE
{
    IMPORT_OBJECT_CODE = 0,
    IMPORT_OBJECT_DATA = 1,
    IMPORT_OBJECT_CONST = 2,
} IMPORT_OBJECT_TYPE;


converts to:
IMPORT_OBJECT_CODE      EQU 0
IMPORT_OBJECT_DATA      EQU 1
IMPORT_OBJECT_CONST     EQU 2

nidud

#11
deleted

mabdelouahab

I have tested this Structure:
MyStruct  Struct
d1 dd 0
d2 dd 1
MyStruct ends

OllyDbg shown

But I do not know in any Section can be extracted,Because they do not exist in Symbols Table