MS-COFF import libs in FASM

Index > Macroinstructions > MS-COFF import libs in FASM

Author

Thread

Quantum

Joined: 24 Jun 2005
Posts: 122

Quantum 08 Nov 2006, 03:36

ImpLib SDK
-- -----------

ImpLib SDK is intended for authoring custom MS-COFF Import Libraries with advanced features, like cdecl2stdcall thunks, import by ordinal and others.

+ Support import by ordinal
+ Support storing symbols from different DLLs in a single import lib.
+ Automatic cdecl2stdcall thunks allow calling CDECL DLLs directly from PureBasic and Visual Basic 6.
+ Thunk symbols and pubnames could have any valid name (not just '__imp__xxx@n')
+ compid watermarking is turned off
+ file size

Download:
http://implib.sf.net

Last edited by Quantum on 01 Feb 2007, 01:27; edited 6 times in total

08 Nov 2006, 03:36

vid
Verbosity in development

Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia

vid 08 Nov 2006, 09:54

i don't understand this. Shouldn't COFF import with __imp__, and shouldn't it be linker who builds import section in resulting PE?

08 Nov 2006, 09:54

Quantum

Joined: 24 Jun 2005
Posts: 122

Quantum 08 Nov 2006, 13:48

Quote:

Shouldn't COFF import with __imp_

MS LINK always uses this prefix, but there are many other tools using MS COFF import libs (with polink), not necessarily using the same prefix. There is no an easy way to strip the '__imp_'s with MS tools.

Quote:

shouldn't it be linker who builds import section in resulting PE?

Linker always does, but it requires an import library for doing so. For example, if you made a DLL in FASM and want to use it in MSVC or you just found an interesting DLL in WINDOWS\SYSTEM32 without an import library in the PSDK (perharps, because it's undocumented) or you found the import library, but it lacks some important symbols... You can use link.exe to build or update an existing import library, but it has some limitations. I couldn't make it produce some special sort of symbols, so I decided to write my own import library compiler. ImpLib just offers some additional features link doesn't.

BTW, it's possible building a single import lib for more than one DLL.

08 Nov 2006, 13:48

vid
Verbosity in development

Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia

vid 08 Nov 2006, 14:34

so you say you can build .lib file using this?

08 Nov 2006, 14:34

Quantum

Joined: 24 Jun 2005
Posts: 122

Quantum 08 Nov 2006, 15:30

Exactly, but only import lib, not a regular archive.

08 Nov 2006, 15:30

Vortex

Joined: 17 Jun 2003
Posts: 318

Vortex 09 Nov 2006, 19:59

Quantum,

Very nice work, congratulations.

_________________
Code it... That's all...

09 Nov 2006, 19:59

Quantum

Joined: 24 Jun 2005
Posts: 122

Quantum 23 Jan 2007, 03:12

[*] Fixed a couple of small bugs
[+] Added an OpenAL versions 1.0 and 1.1 import lib example

Last edited by Quantum on 23 Jan 2007, 16:29; edited 1 time in total

23 Jan 2007, 03:12

vid
Verbosity in development

Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia

vid 23 Jan 2007, 07:23

isn't it possible to build libraries like typical KERNEL32.LIB from MS, which import symbol by "__imp__" prefix, and then add call wrapper wth "_" prefix?

23 Jan 2007, 07:23

Quantum

Joined: 24 Jun 2005
Posts: 122

Quantum 23 Jan 2007, 16:24

vid wrote:

isn't it possible to build libraries like typical KERNEL32.LIB from MS, which import symbol by "__imp__" prefix, and then add call wrapper wth "_" prefix?

That's the idea. For example:

Code:

implib kernel32, SetFilePointer, _SetFilePointer@16

Will generate the following code:

Code:

 ; Segment type: Pure code
 _text           segment word public 'CODE' use32
                 assume cs:_text
                 assume es:nothing, ss:nothing, ds:_idata$5, fs:nothing, gs:nothing

 ; Attributes: thunk
 ; __stdcall SetFilePointer(x, x, x, x)
                 public _SetFilePointer@16
 _SetFilePointer@16 proc near
                 jmp     __imp__SetFilePointer@16 ; SetFilePointer(x,x,x,x)
 _SetFilePointer@16 endp

 _text           ends

 ; Segment type: Pure data
 _idata$5        segment dword public 'DATA' use32
                 assume cs:_idata$5
                 ;org 6
                 public __imp__SetFilePointer@16
 ; __declspec(dllimport) __stdcall SetFilePointer(x, x, x, x)
 __imp__SetFilePointer@16 dd offset unk_E-6
                                         ; DATA XREF: SetFilePointer(x,x,x,x)r
 _idata$5        ends

 ; Segment type: Pure data
 _idata$4        segment dword public 'DATA' use32
                 assume cs:_idata$4
                 ;org 0Ah
                 dd offset unk_E-0Ah
 _idata$4        ends

 ; Segment type: Pure data
 _idata$6        segment word public 'DATA' use32
                 assume cs:_idata$6
                 ;org 0Eh
 unk_E           db    0                 ; DATA XREF: .idata$5:SetFilePointer(x,x,x,x)o
                                         ; .idata$4:0000000Ao
                 db    0
 aSetfilepointer db 'SetFilePointer',0
                 db    0
 _idata$6        ends

 ; Segment type: Externs
 ; UNDEF
                 extrn __IMPORT_DESCRIPTOR_kernel32:near

The following declaration will have the same effect:

Code:

implib kernel32, SetFilePointer, _SetFilePointer@16, __imp__SetFilePointer@16

If you don't like name decoration and the __imp_ prefix, you can declare it this way:

Code:

implib kernel32, SetFilePointer, SetFilePointer, SetFilePointer

and you will get an error:
-ERR: Duplicate symbol
since there's a symbol collision between the thunk name and the public name. So, let's rename the thunk:

Code:

implib kernel32, SetFilePointer, _SetFilePointer, SetFilePointer

Here's what we get this time:

Code:

 ; Segment type: Pure code
 _text           segment word public 'CODE' use32
                 assume cs:_text
                 assume es:nothing, ss:nothing, ds:_idata$5, fs:nothing, gs:nothing

 ; Attributes: thunk
 _SetFilePointer proc near
                 jmp     SetFilePointer
 _SetFilePointer endp

 _text           ends

 ; Segment type: Pure data
 _idata$5        segment dword public 'DATA' use32
                 assume cs:_idata$5
                 ;org 6
                 public SetFilePointer
 SetFilePointer  dd offset unk_E-6       ; DATA XREF: _SetFilePointerr
 _idata$5        ends

 ; Segment type: Pure data
 _idata$4        segment dword public 'DATA' use32
                 assume cs:_idata$4
                 ;org 0Ah
                 dd offset unk_E-0Ah
 _idata$4        ends

 ; Segment type: Pure data
 _idata$6        segment word public 'DATA' use32
                 assume cs:_idata$6
                 ;org 0Eh
 unk_E           db    0                 ; DATA XREF: .idata$5:SetFilePointero
                                         ; .idata$4:0000000Ao
                 db    0
 aSetfilepointer db 'SetFilePointer',0
                 db    0
 _idata$6        ends

 ; Segment type: Externs
 ; UNDEF
                 extrn __IMPORT_DESCRIPTOR_kernel32:near

23 Jan 2007, 16:24

vid
Verbosity in development

Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia

vid 23 Jan 2007, 16:33

Quantum: and is it possible to make version (or even better: command line switch) to create imports ONLY? without those calling wrappers (?thunks?) ?

For example in my FASMLIB code, i do following:

Code:

extrn '__imp__ExitProcess' as ExitProcess
call [ExitProces]

so you see, i could use library without those calling wrappers. Can your tool be used to build such library for KERNEL32.DLL?

thanks.

PS: Why this?

Code:

_SetFilePointer proc near 
                 jmp     SetFilePointer 
 _SetFilePointer endp

Wouldn't this be enough?

Code:

_SetFilePointer: jmp [SetFilePointer]

23 Jan 2007, 16:33

Quantum

Joined: 24 Jun 2005
Posts: 122

Quantum 23 Jan 2007, 17:07

vid wrote:

Quantum: and is it possible to make version (or even better: command line switch) to create imports ONLY? without those calling wrappers (?thunks?) ?

Yes, that whould be easy, but not very useful, since MS linker complains when thunks are not present (/OPT:REF will not work correctly). It seems like an MS bug, since Polink works fine when thunks are stripped out from the library. That's why I desided to keep the thunks. BTW, they are stored as COMDATs and are not copied to the final executable image if you don't use them. That's why the only advantage in stripping the thunks whould be a smaller lib size, but it whouldn't affect the exe size.

vid wrote:

For example in my FASMLIB code, i do following:
Code:
extrn '__imp__ExitProcess' as ExitProcess
call [ExitProces]    
so you see, i could use library without those calling wrappers. Can your tool be used to build such library for KERNEL32.DLL?

Of course, you can use this code with an ImpLib's generated lib file (like KERNEL32.LIB) and it will link directly through the IAT without using any thunks. The thunks will be removed at the linking stage.

vid wrote:

PS: Why this?
Code:
_SetFilePointer proc near 
                 jmp     SetFilePointer 
 _SetFilePointer endp    
Wouldn't this be enough?
[code]_SetFilePointer: jmp [SetFilePointer]

It's almost exactly the same code Smile

IDA Pro just thought it whould be nice to format it like a proc, but it's in fact a single jump.

23 Jan 2007, 17:07

vid
Verbosity in development

Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia

vid 23 Jan 2007, 17:16

allright then, everything is okay. thanks.

23 Jan 2007, 17:16

flaith

Joined: 07 Feb 2005
Posts: 122
Location: $300:20 58 FC 60 N 300G => Vietnam

flaith 23 Jan 2007, 20:40

Hi Quantum,

strange behaviour with your Lib maker : each lib are 389 bytes long !!!

_________________
Je suis sur de 'rien', mais je ne suis pas sur du 'tout'.

23 Jan 2007, 20:40

Quantum

Joined: 24 Jun 2005
Posts: 122

Quantum 23 Jan 2007, 23:10

2 flaith:
Fixed. Thanks!

----------------------
Fixed another small bug. Added a new tool Smile

23 Jan 2007, 23:10

Quantum

Joined: 24 Jun 2005
Posts: 122

Quantum 01 Feb 2007, 01:29

v1.6 released. It is now hosted @ SF as a standalone project.
Changes:
http://sourceforge.net/project/shownotes.php?release_id=483009&group_id=188122

Download:
http://implib.sf.net

01 Feb 2007, 01:29

Quantum

Joined: 24 Jun 2005
Posts: 122

Quantum 09 Apr 2007, 03:29

v1.7 released. Changes: http://sourceforge.net/project/shownotes.php?release_id=499696&group_id=188122

09 Apr 2007, 03:29

Quantum

Joined: 24 Jun 2005
Posts: 122

Quantum 11 Mar 2008, 01:45

v1.8 released.

[*] Fixed a small compatibility issue with the latest GNU LD.
[*] Documentation: added Russian translation.

11 Mar 2008, 01:45

daluca

Joined: 05 Nov 2005
Posts: 86

daluca 02 Apr 2010, 21:40

I like your tool Quantum but wen I try to create an import librarie with some large names like:
@import@kernel32@ExitProcess$pi
or something like that ,fasm gives an out of memory error even wen i have
1Gb of ram, i supouse is for the way the macrohandles strings
is there a way you could make a C vertion and not a fasm macro to increase speed
and performance like your tool dll2def?

if you were able to create such tool with fasm macro system,I don't think a C program
would be much of a problem.

why don't do it myself?

well wen I start to read these fasm macros it gives me a headache to say the truth

thanks anyway .Great tool!

02 Apr 2010, 21:40

baldr

Joined: 19 Mar 2008
Posts: 1651

baldr 09 Apr 2010, 20:44

daluca,

Quantum's last post here is two years ago.

Can you name the DLL which you've used to reproduce that error? Name appears to have Borland mangling scheme. Or better, post/attach the offending source.

09 Apr 2010, 20:44

daluca

Joined: 05 Nov 2005
Posts: 86

daluca 11 Apr 2010, 19:52

thanks baldr.

I was trying to create my custom import library for the windows kernel32.dll
using borland C++ namespaces,so the decorated name in the sorces
gets 'maped' to the real name in the dll.
My idea was to create the whole library at once. but i had this out of memory
error.
anyway i choose to use the simple lib tool and no namespaces.

I have not found another tool capable of making custom import libraryes,
but i just wonder why is it created using fasm macro languaje?

Quote:

Quantum's last post here is two years ago.

yes but shurely Quantum is still out there right?

11 Apr 2010, 19:52

< Last Thread | Next Thread >

Forum Rules:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum