News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

Automation the creation of inc-, def- and lib-files

Started by Mikl__, July 10, 2017, 03:42:47 PM

Previous topic - Next topic

Mikl__

  • To get the contents of the system dll I use the bat-file
:: erase from the screen
Cls
:: set the path and file name
Set masm64_path = \masm64\
Set filename = user32
% Masm64_path%bin\dumpbin.exe /EXPORTS %windir%\System32\%filename%.dll /OUT:%filename%.txt
  • Contents of user32.txt
Dump of file C:\Windows\System32\user32.dll
File Type: DLL
Section contains the following exports for USER32.dll
00000000 characteristics
4CE799CD time date stamp Sat Nov 20 17:50:05 2010
0.00 version
1500 ordinal base
1003 number of functions
830 number of names
Ordinal hint RVA name
1502 0 000083C0 ActivateKeyboardLayout
1503 1 0002AD40 AddClipboardFormatListener
1504 2 000235B8 AdjustWindowRect
1505 3 00017CE4 AdjustWindowRectEx
....
2341 33C 0007B430 wvsprintfA
2342 33D 00020BFC wvsprintfW
1500 0002B260 [NONAME]
1501 0002AE80 [NONAME]
....
Summary
2000 .data
A000 .pdata
10000 .rdata
1000 .reloc
5B000 .rsrc
81000 .text
Then manually create the files user32.def and user32.inc from the file user32.txt
  • Contents of user32.inc
Extern __imp_user32_ordinal1500:qword
User32_ordinal1500 TEXTEQU <__imp_user32_ordinal1500>
Extern __imp_user32_ordinal1501:qword
User32_ordinal1501 TEXTEQU <__imp_user32_ordinal1501>
Extern __imp_ActivateKeyboardLayout:qword
ActivateKeyboardLayout TEXTEQU <__imp_ActivateKeyboardLayout>
Extern __imp_AddClipboardFormatListener:qword
AddClipboardFormatListener TEXTEQU <__imp_AddClipboardFormatListener>
Extern __imp_AdjustWindowRect:qword
AdjustWindowRect TEXTEQU <__imp_AdjustWindowRect>
Extern __imp_AdjustWindowRectEx:qword
AdjustWindowRectEx TEXTEQU <__imp_AdjustWindowRectEx>
Extern __imp_AlignRects: qword
...
  • Contents of user32.def
EXPORTS
User32_ordinal1500 = ordinal1500 @ 1500 NONAME
User32_ordinal1501 = ordinal1501 @ 1501 NONAME
ActivateKeyboardLayout = __imp_ActivateKeyboardLayout
AddClipboardFormatListener = __imp_AddClipboardFormatListener
AdjustWindowRect = __imp_AdjustWindowRect
AdjustWindowRectEx = __imp_AdjustWindowRectEx
....
  • Further with the help of bat
Set masm64_path =\masm64
Set filename = user32
% Masm64_path% \bin\link -lib /DEF:%filename%.def /OUT:%filename%.lib / MACHINE: X64
  • I receive user32.lib a file.
How to automate the manual work and transfer all the tedious work to the bat file?

P.S. I was surprised to find that there is no ExitProcess in kernel32.dll, and there is no DefWindowProcA in user32.dll , both functions are ported from ntdll.dll (RtlExitUserProcess and NtdllDefWindowProc_A respectively)

LiaoMi

#1
Hi Mikl!

Program from the topic which I did not find (Hutch program) ... Or are you looking for a solution with a bat file only?



Mikl__


LiaoMi

Quote from: Mikl__ on July 10, 2017, 04:34:47 PM
Hi LiaoMi!
Thank you for utilite!

With administrator rights works better  :idea:

QuoteI was surprised to find that there is no ExitProcess in kernel32.dll, and there is no DefWindowProcA in user32.dll , both functions are ported from ntdll.dll (RtlExitUserProcess and NtdllDefWindowProc_A respectively)

I've seen the right names before, and now it's even more interesting ..


jj2007

Are you sure you want to use the ordinals in an include file? It will work on exactly one build of one Windows version...

Mikl__

Ciao, jj2007!
The question of importing functions by ordinals is not fundamental. I need to get rid of manual correction of inc/def-files. I would like that this work was done by bat-file, not by a human

aw27

Try expdef
Comes with source, it is great for .def files.
It requires some change for 64-bit and rebuild, but I don't remember exactly what.

Mikl__


TWell

An old example, an quite similar origins?
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <stdio.h>

void NTexports(DWORD_PTR base)
{
  PIMAGE_DOS_HEADER pDOSHeader = (PIMAGE_DOS_HEADER) base;
  PIMAGE_NT_HEADERS pNTHeaders = (PIMAGE_NT_HEADERS)(base + pDOSHeader->e_lfanew);
  PIMAGE_EXPORT_DIRECTORY pExportDir = (PIMAGE_EXPORT_DIRECTORY)(base + pNTHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
  PDWORD pAddr = (DWORD *)(base + pExportDir->AddressOfFunctions);
  PDWORD pName = (DWORD *)(base + pExportDir->AddressOfNames);

  printf("LIBRARY %s\nEXPORTS\n",(char *)(base+pExportDir->Name));
  for(DWORD i=0;i<pExportDir->NumberOfNames;i++) {
        puts(base+pName[i]);
  }
}

int __cdecl main(int argc, char **argv)
{
HMODULE hmod = LoadLibrary(argv[1]);
if (argc>1) NTexports((DWORD_PTR)hmod);
return 0;
}

nidud

#9
deleted

hutch--

I have already done it using on of Pelle's tools. I have complete include and lib files for ml64.

nidud

#11
deleted

jj2007

I cound 1366, from h_read to ZombifyActCtx. Would be interesting to see where differences are - my version attached.


nidud

#13
deleted

jj2007

Not only - I used my own tool, it extracts the stuff from the 32-bit DLLs. Does anybody have code using the 64-bit DLLs?

I've seen only these two threads:
http://masm32.com/board/index.php?topic=95.msg114#msg114
http://masm32.com/board/index.php?topic=1983.msg20727#msg20727