News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

Tools for building 64-bit import libraries

Started by nidud, May 13, 2020, 10:05:32 PM

Previous topic - Next topic

nidud

deleted

felipe

Wow this looks like a really promise program  :thup:, i have to try it. Thanks a lot nidud. I will give feedback on it later.  :thumbsup:

TimoVJL

May the source be with you

nidud

#3
deleted

Vortex

Hi nidud,

Thanks for your new tools.

Polib can create module definition files from DLLs :

C:\PellesC\Bin>polib.exe /MAKEDEF:user32.def /MACHINE:x86 C:\Windows\System32\user32.dll

C:\PellesC\Bin>type user32.def | findstr "MessageBox"
"MessageBoxA" ; USER32.dll
"MessageBoxExA" ; USER32.dll
"MessageBoxExW" ; USER32.dll
"MessageBoxIndirectA" ; USER32.dll
"MessageBoxIndirectW" ; USER32.dll
"MessageBoxTimeoutA" ; USER32.dll
"MessageBoxTimeoutW" ; USER32.dll
"MessageBoxW" ; USER32.dll
"SoftModalMessageBox" ; USER32.dll

hutch--

It does not matter if more tools can do useful things, I use Pelle's polib to do a number of things but having extra tools is a good idea.

nidud

#6
deleted

Vortex

Hi nidud,

I didn't get any error messages on Windows 10 64-bit :

C:\PellesC\Bin>ver

Microsoft Windows [Version 10.0.18363.778]

C:\PellesC\Bin>polib.exe
Pelles Library Manager, Version 9.00.0
Copyright (c) Pelle Orinius 1997-2018

Syntax:
POLIB [ { option | file | @commandfile } ... ]


C:\PellesC\Bin>polib /makedef:msvcrt.def /machine:x64 C:\windows\system32\msvcrt.dll

C:\PellesC\Bin>ren msvcrt.def msvcrt64.def

C:\PellesC\Bin>polib /makedef:msvcrt.def /machine:x86 C:\windows\system32\msvcrt.dll

C:\PellesC\Bin>del msvcrt.def

C:\PellesC\Bin>polib /makedef:msvcrt32.def /machine:x86 C:\windows\syswow64\msvcrt.dll

Vortex

Hi nidud,

QuoteYou need a 64-bit EXE to load a 64-bit DLL.

That's true but one can code a 32-bit tool loading 64-bit DLLs as data files. The purpose would be to read the export section according to the MS PE specification and create DEF files.

nidud

#9
deleted

nidud

#10
deleted

Mikl__

#11
Creating inc- and lib-files from system dlls
inc-files - are text files containing a description of the data structures and Windows constants, and macros.
inc-files are formed by the programmer as the means of the operating system used by him expand. Similar to the header h/hpp- files used when programming in C/C++, sometimes you can generate inc-files from h-files using the h2inc.exe utility (it can be found in old MASM packages).
Purpose lib-files - providing link.exe with information about external links to WinAPI functions inside system dll files. A lib file is an archive that stores a set of "external character" mappings - a link to an object (COFF or PE) file. This "symbol" at the linking stage is either added to the executable image (in the case of COFF, from a precompiled object file), or is written in the import table (in the case of PE). That is, some external links are translated into your exe or dll.
link.exe processes the standard COFF libraries and COFF import libraries, which have a .lib extension. Standard libraries contain objects and are created using the lib.exe utility. Import libraries contain information about export to other programs and are created either by the link.exe compiler when building the program containing the export, or by the lib.exe utility.
To get the contents of the system dll-file I use the following bat-file@ echo off
:: erase from the screen
cls
:: set the path to the masm64 directory
set masm64_path=\masm64\
:: name of the "prepared dll", start with user32
set FileName=user32
if exist %FileName%.inc del %FileName%.inc
if exist %FileName%.def del %FileName%.def
:: process user32.dll and get user32.txt file
%masm64_path%bin\dumpbin.exe /EXPORTS %windir%\System32\% FileName%.dll /OUT:%FileName%.txt
@echo EXPORTS >> %FileName%.def
for /f "skip=16 tokens=1-4" %%a in (%FileName%.txt ) do ( if "%%a"=="Summary" goto : exit
if "%%d"=="" ( @echo extern __imp_%FileName%_ordinal%%a:qword >> %FileName%.inc
@echo %FileName%_ordinal%%a TEXTEQU ^<__imp_%FileName%_ordinal %%a ^> >> %FileName%.inc
@echo %FileName%_ordinal%%a=ordinal%%a @ %%a NONAME >> %FileName%.def
) else ( if not "%%d"=="(forwarded" ( @echo extern __imp_%%d:qword >> %FileName%.inc
@echo %%d TEXTEQU ^<__imp_%%d ^> >> %FileName%.inc
@echo %%d=__imp_%%d >> %FileName%.def )))
: exit
%masm64_path%bin\link -lib /DEF: %FileName%.def /OUT: %FileName%.lib /MACHINE:X64

Parsing a bat-file
  • preset bat file
:: erase from the screen
cls
:: set the path to the masm64 directory
set masm64_path=\masm64\
:: name of the "prepared dll", start with user32
set FileName=user32
:: process user32.dll and get user32.txt file
%masm64_path%bin\dumpbin.exe /EXPORTS %windir%\System32\%FileName%.dll /OUT:%FileName%.txt
  • user32.txt contents
Dump of file C:\Windows\System32\user32.dll
File Type: DLL
  Section contains the following exports for USER32.dll
    00000000 characteristics
    4CE799CD time date stamp Sat Nov 20 17:50:05 2010
        0.00 version
        1500 ordinal base
        1003 number of functions
         830 number of names
    ordinal hint RVA name
       1502 0 000083C0 ActivateKeyboardLayout
       1503 1 0002AD40 AddClipboardFormatListener
       1504 2 000235B8 AdjustWindowRect
       1505 3 00017CE4 AdjustWindowRectEx
....
       2341 33C 0007B430 wvsprintfA
       2342 33D 00020BFC wvsprintfW
       1500 0002B260 [NONAME]
       1501 0002AE80 [NONAME]
....
  Summary
        2000 .data
        A000 .pdata
       10000 .rdata
        1000 .reloc
       5B000 .rsrc
       81000 .text
  • after watching user32.txt seen that from user32.dll imported 846 functions, including 826 functions imported by name, 16 - on the ordinals and the functions DefDlgProcA, DefDlgProcW, DefWindowProcA, DefWindowProcW ported in user32.dll from the system library NTDLL.dll
Dump of file C:\Windows\System32\user32.dll
File Type: DLL
  Section contains the following exports for USER32.dll
    00000000 characteristics
    4CE799CD time date stamp Sat Nov 20 17:50:05 2010
        0.00 version
        1500 ordinal base
        1003 number of functions
         830 number of names
    ordinal hint RVA name
       1502 0 000083C0 ActivateKeyboardLayout <--- useful information starts here

  • if the user32.inc, user32.def, user32.lib files remaining from the previous processing of the dll-files already exist in the directory before starting processing, we delete them.
if exist %FileName%.inc del %FileName%.inc
if exist %FileName%.def del %FileName%.def
create user32.def file , which should begin with the line "EXPORTS"
@echo EXPORTS >> %FileName%.def
  • useful information starts in user32.txt with line 16, so skip = 16 means - skip the first 16 lines in user32.txt
  • when line-by-line parsing the user32.txt file, we use the first four words in the line to which we will assign the names %%a, %%b, %%c, %%d
for /f "skip=16 tokens=1-4" %%a in (%FileName%.txt ) doif the first parameter is "Summary" - then all the functions included in the dll are processed, we stop processing, exit the user32.txt file and go to the label :exit
if "%%a"=="Summary" goto :exitif the fourth parameter in the user32.txt file is empty - we have before us import by ordinals       %%a         %%b      %%c          %%d
       1500      0002B260 [NONAME]             
save the first word (the ordinal of the WinAPI function) in the user32.txt line in the variable %%a, frame it and put it in two new lines in the user32.inc file
extern __imp_user32_ordinal1500: qword
user32_ordinal1500 TEXTEQU <__imp_user32_ordinal1500>
and user32.def
user32_ordinal1500 = ordinal1500 @ 1500 NONAMEif the fourth parameter is non-empty - we have before us import by function names
in the next line of user32.txt%%a   %%b  %%c      %%d
1502 0 000083C0 ActivateKeyboardLayout
the fourth word in the line (the name of the WinAPI function), save in the variable %%d, create two new lines in the user32.inc file , precede %%d "extern __imp_" end the line ":qword", add "TEXTEQU", "__imp_ ", we escape the control characters "<" and ">" (^<__ imp_%%d ^> so that the bat-file perceives them as ordinary characters.
extern __imp_ActivateKeyboardLayout:qword
ActivateKeyboardLayout TEXTEQU <__imp_ActivateKeyboardLayout>

and user32.defActivateKeyboardLayout = __ imp_ActivateKeyboardLayout
  • if the fourth parameter is "(forwarded", then the WinAPI function is taken from another dll and we skip such a line.
%%a    %%b         %%c           %%d
1657       94      DefDlgProcA    (forwarded to NTDLL.NtdllDialogWndProc_A )

  • from the contents of user32.def and user32.inc files, create user32.lib file
: exit
%masm64_path%bin\link -lib /DEF: %FileName%.def /OUT: %FileName%.lib/MACHINE: X64

the same result can be achieved by string
%masm64_path%bin\lib /DEF: %FileName%.def /OUT: %FileName%.lib /MACHINE:X64

  • we transfer the user32.inc file to the masm64\include directory, and the user32.lib file to the masm64\lib directory
  • remove software junk
if exist %FileName%.def del %FileName%.def
if exist %FileName%.exp del %FileName%.exp
if exist %FileName%.txt del %FileName%.txt

nidud

#12
deleted

nidud

#13
deleted