flat assembler
Message board for the users of flat assembler.

flat assembler > Windows > hint in the _IMAGE_IMPORT_BY_NAME structure

Author
Thread Post new topic Reply to topic
Mikl___



Joined: 30 Dec 2014
Posts: 78
When importing the "by name" function, the _IMAGE_IMPORT_BY_NAME structure is used
Code:
struc _IMAGE_IMPORT_BY_NAME { .Hint DW ? .Name_ DB ? DUP (?), 0; the name of the imported function, ASCIIZ string .Pad DB ($ and 1) DUP (0); the length of the line is aligned to an even boundary of another 0 }

Hint ("MessageBoxA") = 0x1E2 = 482
Hint ("ExitProcess") = 0xBC = 188
Hint ("CreateWindowsExA") = 0x60 = 96
Hint ("DefWindowProcA") = 0x8E = 142
Hint ("GetMessageA") = 0x13C = 316
Hint is Hash("string") ?
1. What is hint for?
2. How is hint calculated?


Last edited by Mikl___ on 12 Apr 2017, 01:42; edited 1 time in total
Post 12 Apr 2017, 01:33
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 15870
Location: 162173 Ryugu
The hint is an index value used to quickly find the import name. It is just an incrementing number. If the hint is correct and the index points to the named function then the import is found quickly. If the hint is incorrect and doesn't point to the named function then a slower search by string is used to find the import.
Post 12 Apr 2017, 01:41
View user's profile Send private message Visit poster's website Reply with quote
Mikl___



Joined: 30 Dec 2014
Posts: 78
Hi, revolution!
Thank you very much for the quickest reply!
Post 12 Apr 2017, 01:46
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 15870
Location: 162173 Ryugu
So basically if you want faster DLL linking at program startup then use the correct hint value. Otherwise you can use random numbers for the hint and force the loader to use the slower string search algorithm. For programs with only a few imports most users won't notice any difference. But for larger programs with many thousands of imports there may be a perceived difference in load time.
Post 12 Apr 2017, 01:51
View user's profile Send private message Visit poster's website Reply with quote
Mikl___



Joined: 30 Dec 2014
Posts: 78
The BIND utility from the Win32 SDK fills the array FirstThunk by the addresses of the imported functions even before loading.
(Sorry for my bad english)
Post 12 Apr 2017, 02:21
View user's profile Send private message Visit poster's website Reply with quote
Mikl___



Joined: 30 Dec 2014
Posts: 78
I created bat-file
Code:
%masm64%\bin\dumpbin.exe /EXPORTS %windir%\System32\user32.dll /OUT:user32.txt
content of the user32.txt
Code:
Dump of file user32.dll File Type: DLL Section contains the following exports for USER32.dll 00000000 characteristics 4CE799CD time date stamp Sat Nov 20 17:50:05 2010 0.00 version 1500 ordinal base 1003 number of functions 830 number of names ordinal hint RVA name 1502 0 000083C0 ActivateKeyboardLayout 1503 1 0002AD40 AddClipboardFormatListener 1504 2 000235B8 AdjustWindowRect 1505 3 00017CE4 AdjustWindowRectEx 1506 4 0007F30C AlignRects 1507 5 00042164 AllowForegroundActivation 1508 6 00007D80 AllowSetForegroundWindow 1509 7 0001BFF0 AnimateWindow 1510 8 0007A810 AnyPopup 1511 9 0007D85C AppendMenuA 1512 A 000136F4 AppendMenuW 1513 B 00041B04 ArrangeIconicWindows 1514 C 0000D240 AttachThreadInput ..... 2040 20F 00042974 MenuWindowProcA 2041 210 00042908 MenuWindowProcW 2042 211 0001E6F0 MessageBeep 2043 212 000712B8 MessageBoxA 2044 213 00071370 MessageBoxExA 2045 214 00071394 MessageBoxExW ..... 2340 33B 0002099C wsprintfW 2341 33C 0007B430 wvsprintfA 2342 33D 00020BFC wvsprintfW 1500 0002B260 [NONAME] 1501 0002AE80 [NONAME] 1550 00076598 [NONAME] 1551 00076640 [NONAME] 1552 00076600 [NONAME] 1553 00023D2C [NONAME] 1554 00023DF8 [NONAME] 1555 00076668 [NONAME] 1556 00076698 [NONAME] 2000 00006B80 [NONAME] 2001 0006E738 [NONAME] 2002 00023E78 [NONAME] 2005 00003F00 [NONAME] 2500 000405D0 [NONAME] 2501 000405F4 [NONAME] 2502 0004062C [NONAME]

if (NameDLL == "user32.dll")
{if (Ordinal < 1500) Ordinal = hint + 1502
elseif (1501 < Ordinal < 1550) Ordinal = hint + 1504
elseif (1556 < Ordinal < 2000) Ordinal = hint + 1510
elseif (2002 < Ordinal < 2005) Ordinal = hint + 1513
elseif (2005 < Ordinal < 2500) Ordinal = hint + 1516}


Description:
Download
Filename: user32.zip
Filesize: 11.2 KB
Downloaded: 88 Time(s)

Post 12 Apr 2017, 10:28
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >

Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 2004-2018, Tomasz Grysztar.

Powered by rwasa.