flat assembler
Message board for the users of flat assembler.

Index > Macroinstructions > MS-COFF import libs in FASM

Author
Thread Post new topic Reply to topic
Quantum



Joined: 24 Jun 2005
Posts: 122
Quantum
ImpLib SDK
-- -----------

ImpLib SDK is intended for authoring custom MS-COFF Import Libraries with advanced features, like cdecl2stdcall thunks, import by ordinal and others.

+ Support import by ordinal
+ Support storing symbols from different DLLs in a single import lib.
+ Automatic cdecl2stdcall thunks allow calling CDECL DLLs directly from PureBasic and Visual Basic 6.
+ Thunk symbols and pubnames could have any valid name (not just '__imp__xxx@n')
+ compid watermarking is turned off
+ file size

Download:
http://implib.sf.net


Last edited by Quantum on 01 Feb 2007, 01:27; edited 6 times in total
Post 08 Nov 2006, 03:36
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7108
Location: Slovakia
vid
i don't understand this. Shouldn't COFF import with __imp__, and shouldn't it be linker who builds import section in resulting PE?
Post 08 Nov 2006, 09:54
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Quantum



Joined: 24 Jun 2005
Posts: 122
Quantum
Quote:

Shouldn't COFF import with __imp_

MS LINK always uses this prefix, but there are many other tools using MS COFF import libs (with polink), not necessarily using the same prefix. There is no an easy way to strip the '__imp_'s with MS tools.

Quote:

shouldn't it be linker who builds import section in resulting PE?

Linker always does, but it requires an import library for doing so. For example, if you made a DLL in FASM and want to use it in MSVC or you just found an interesting DLL in WINDOWS\SYSTEM32 without an import library in the PSDK (perharps, because it's undocumented) or you found the import library, but it lacks some important symbols... You can use link.exe to build or update an existing import library, but it has some limitations. I couldn't make it produce some special sort of symbols, so I decided to write my own import library compiler. ImpLib just offers some additional features link doesn't.

BTW, it's possible building a single import lib for more than one DLL.
Post 08 Nov 2006, 13:48
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7108
Location: Slovakia
vid
so you say you can build .lib file using this?
Post 08 Nov 2006, 14:34
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Quantum



Joined: 24 Jun 2005
Posts: 122
Quantum
Exactly, but only import lib, not a regular archive.
Post 08 Nov 2006, 15:30
View user's profile Send private message Reply with quote
Vortex



Joined: 17 Jun 2003
Posts: 335
Vortex
Quantum,

Very nice work, congratulations.

_________________
Code it... That's all...
Post 09 Nov 2006, 19:59
View user's profile Send private message Visit poster's website Reply with quote
Quantum



Joined: 24 Jun 2005
Posts: 122
Quantum
[*] Fixed a couple of small bugs
[+] Added an OpenAL versions 1.0 and 1.1 import lib example


Last edited by Quantum on 23 Jan 2007, 16:29; edited 1 time in total
Post 23 Jan 2007, 03:12
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7108
Location: Slovakia
vid
isn't it possible to build libraries like typical KERNEL32.LIB from MS, which import symbol by "__imp__" prefix, and then add call wrapper wth "_" prefix?
Post 23 Jan 2007, 07:23
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Quantum



Joined: 24 Jun 2005
Posts: 122
Quantum
vid wrote:
isn't it possible to build libraries like typical KERNEL32.LIB from MS, which import symbol by "__imp__" prefix, and then add call wrapper wth "_" prefix?

That's the idea. For example:
Code:
implib kernel32, SetFilePointer, _SetFilePointer@16    

Will generate the following code:
Code:
 ; Segment type: Pure code
 _text           segment word public 'CODE' use32
                 assume cs:_text
                 assume es:nothing, ss:nothing, ds:_idata$5, fs:nothing, gs:nothing

 ; Attributes: thunk
 ; __stdcall SetFilePointer(x, x, x, x)
                 public _SetFilePointer@16
 _SetFilePointer@16 proc near
                 jmp     __imp__SetFilePointer@16 ; SetFilePointer(x,x,x,x)
 _SetFilePointer@16 endp

 _text           ends

 ; Segment type: Pure data
 _idata$5        segment dword public 'DATA' use32
                 assume cs:_idata$5
                 ;org 6
                 public __imp__SetFilePointer@16
 ; __declspec(dllimport) __stdcall SetFilePointer(x, x, x, x)
 __imp__SetFilePointer@16 dd offset unk_E-6
                                         ; DATA XREF: SetFilePointer(x,x,x,x)r
 _idata$5        ends

 ; Segment type: Pure data
 _idata$4        segment dword public 'DATA' use32
                 assume cs:_idata$4
                 ;org 0Ah
                 dd offset unk_E-0Ah
 _idata$4        ends

 ; Segment type: Pure data
 _idata$6        segment word public 'DATA' use32
                 assume cs:_idata$6
                 ;org 0Eh
 unk_E           db    0                 ; DATA XREF: .idata$5:SetFilePointer(x,x,x,x)o
                                         ; .idata$4:0000000Ao
                 db    0
 aSetfilepointer db 'SetFilePointer',0
                 db    0
 _idata$6        ends

 ; Segment type: Externs
 ; UNDEF
                 extrn __IMPORT_DESCRIPTOR_kernel32:near
    

The following declaration will have the same effect:
Code:
implib kernel32, SetFilePointer, _SetFilePointer@16, __imp__SetFilePointer@16    

If you don't like name decoration and the __imp_ prefix, you can declare it this way:
Code:
implib kernel32, SetFilePointer, SetFilePointer, SetFilePointer    

and you will get an error:
-ERR: Duplicate symbol
since there's a symbol collision between the thunk name and the public name. So, let's rename the thunk:
Code:
implib kernel32, SetFilePointer, _SetFilePointer, SetFilePointer    

Here's what we get this time:
Code:
 ; Segment type: Pure code
 _text           segment word public 'CODE' use32
                 assume cs:_text
                 assume es:nothing, ss:nothing, ds:_idata$5, fs:nothing, gs:nothing

 ; Attributes: thunk
 _SetFilePointer proc near
                 jmp     SetFilePointer
 _SetFilePointer endp

 _text           ends

 ; Segment type: Pure data
 _idata$5        segment dword public 'DATA' use32
                 assume cs:_idata$5
                 ;org 6
                 public SetFilePointer
 SetFilePointer  dd offset unk_E-6       ; DATA XREF: _SetFilePointerr
 _idata$5        ends

 ; Segment type: Pure data
 _idata$4        segment dword public 'DATA' use32
                 assume cs:_idata$4
                 ;org 0Ah
                 dd offset unk_E-0Ah
 _idata$4        ends

 ; Segment type: Pure data
 _idata$6        segment word public 'DATA' use32
                 assume cs:_idata$6
                 ;org 0Eh
 unk_E           db    0                 ; DATA XREF: .idata$5:SetFilePointero
                                         ; .idata$4:0000000Ao
                 db    0
 aSetfilepointer db 'SetFilePointer',0
                 db    0
 _idata$6        ends

 ; Segment type: Externs
 ; UNDEF
                 extrn __IMPORT_DESCRIPTOR_kernel32:near
    
Post 23 Jan 2007, 16:24
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7108
Location: Slovakia
vid
Quantum: and is it possible to make version (or even better: command line switch) to create imports ONLY? without those calling wrappers (?thunks?) ?

For example in my FASMLIB code, i do following:
Code:
extrn '__imp__ExitProcess' as ExitProcess
call [ExitProces]    

so you see, i could use library without those calling wrappers. Can your tool be used to build such library for KERNEL32.DLL?

thanks.


PS: Why this?
Code:
_SetFilePointer proc near 
                 jmp     SetFilePointer 
 _SetFilePointer endp    


Wouldn't this be enough?
Code:
_SetFilePointer: jmp [SetFilePointer]    
Post 23 Jan 2007, 16:33
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Quantum



Joined: 24 Jun 2005
Posts: 122
Quantum
vid wrote:
Quantum: and is it possible to make version (or even better: command line switch) to create imports ONLY? without those calling wrappers (?thunks?) ?

Yes, that whould be easy, but not very useful, since MS linker complains when thunks are not present (/OPT:REF will not work correctly). It seems like an MS bug, since Polink works fine when thunks are stripped out from the library. That's why I desided to keep the thunks. BTW, they are stored as COMDATs and are not copied to the final executable image if you don't use them. That's why the only advantage in stripping the thunks whould be a smaller lib size, but it whouldn't affect the exe size.

vid wrote:

For example in my FASMLIB code, i do following:
Code:
extrn '__imp__ExitProcess' as ExitProcess
call [ExitProces]    

so you see, i could use library without those calling wrappers. Can your tool be used to build such library for KERNEL32.DLL?

Of course, you can use this code with an ImpLib's generated lib file (like KERNEL32.LIB) and it will link directly through the IAT without using any thunks. The thunks will be removed at the linking stage.

vid wrote:

PS: Why this?
Code:
_SetFilePointer proc near 
                 jmp     SetFilePointer 
 _SetFilePointer endp    


Wouldn't this be enough?
[code]_SetFilePointer: jmp [SetFilePointer]

It's almost exactly the same code Smile IDA Pro just thought it whould be nice to format it like a proc, but it's in fact a single jump.
Post 23 Jan 2007, 17:07
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7108
Location: Slovakia
vid
allright then, everything is okay. thanks.
Post 23 Jan 2007, 17:16
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
flaith



Joined: 07 Feb 2005
Posts: 122
Location: $300:20 58 FC 60 N 300G => Vietnam
flaith
Hi Quantum,

strange behaviour with your Lib maker : each lib are 389 bytes long !!!

_________________
Je suis sur de 'rien', mais je ne suis pas sur du 'tout'.
Post 23 Jan 2007, 20:40
View user's profile Send private message Visit poster's website Reply with quote
Quantum



Joined: 24 Jun 2005
Posts: 122
Quantum
2 flaith:
Fixed. Thanks!

----------------------
Fixed another small bug. Added a new tool Smile
Post 23 Jan 2007, 23:10
View user's profile Send private message Reply with quote
Quantum



Joined: 24 Jun 2005
Posts: 122
Quantum
v1.6 released. It is now hosted @ SF as a standalone project.
Changes:
http://sourceforge.net/project/shownotes.php?release_id=483009&group_id=188122

Download:
http://implib.sf.net
Post 01 Feb 2007, 01:29
View user's profile Send private message Reply with quote
Quantum



Joined: 24 Jun 2005
Posts: 122
Quantum
Post 09 Apr 2007, 03:29
View user's profile Send private message Reply with quote
Quantum



Joined: 24 Jun 2005
Posts: 122
Quantum
v1.8 released.

[*] Fixed a small compatibility issue with the latest GNU LD.
[*] Documentation: added Russian translation.
Post 11 Mar 2008, 01:45
View user's profile Send private message Reply with quote
daluca



Joined: 05 Nov 2005
Posts: 86
daluca
I like your tool Quantum but wen I try to create an import librarie with some large names like:
@import@kernel32@ExitProcess$pi
or something like that ,fasm gives an out of memory error even wen i have
1Gb of ram, i supouse is for the way the macrohandles strings
is there a way you could make a C vertion and not a fasm macro to increase speed
and performance like your tool dll2def?

if you were able to create such tool with fasm macro system,I don't think a C program
would be much of a problem.

why don't do it myself?

well wen I start to read these fasm macros it gives me a headache to say the truth

thanks anyway .Great tool!
Post 02 Apr 2010, 21:40
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr
daluca,

Quantum's last post here is two years ago.

Can you name the DLL which you've used to reproduce that error? Name appears to have Borland mangling scheme. Or better, post/attach the offending source.
Post 09 Apr 2010, 20:44
View user's profile Send private message Reply with quote
daluca



Joined: 05 Nov 2005
Posts: 86
daluca
thanks baldr.

I was trying to create my custom import library for the windows kernel32.dll
using borland C++ namespaces,so the decorated name in the sorces
gets 'maped' to the real name in the dll.
My idea was to create the whole library at once. but i had this out of memory
error.
anyway i choose to use the simple lib tool and no namespaces.

I have not found another tool capable of making custom import libraryes,
but i just wonder why is it created using fasm macro languaje?

Quote:


Quantum's last post here is two years ago.



yes but shurely Quantum is still out there right?
Post 11 Apr 2010, 19:52
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2019, Tomasz Grysztar.

Powered by rwasa.