Index
> Main > low level source code | PE DLL exports |
| Author |
|
|
mindcooler 20 Jun 2011, 04:39
This is what I used when I made my export macro:
http://www.osdever.net/documents/PECOFF.pdf 6.3 For great justice, here is the macro itself! Perhaps It's easier to understand thatn the supplied one? Code: macro export name*,[labels*] { common edata: dd 0 dd 0 dw 0 dw 0 dd exportname-imgbase dd 0 dd (ot-npt)/4 dd (ot-npt)/4 dd eat-imgbase dd npt-imgbase dd ot-imgbase eat: forward dd labels-imgbase common npt: forward dd labels#.export-imgbase common ot: ordinal=0 forward dw ordinal ordinal=ordinal+1 common ent: forward labels#.export: db `labels,0 common exportname: db `name,0 edata.end: } _________________ This is a block of text that can be added to posts you make. |
|||
20 Jun 2011, 04:39 |
|
|
idle 20 Jun 2011, 11:21
>>Also, I know a import entry is like dd 0,0,0,RVA dllname,RVA dlltable,
but can someone explain what each dword in each import entry means? Code: i doubt about 1st 0,$0000'0000,0, but $0000'0000 is a date-time stamp RVA dllname points to library name MINUS IMAGE_BASE example: 0,0,0,rva dllname,0,\ 0,0,0,0,0 <- the end :) ... dllname db 'my super duper puper name dot .dll',0 ... RVA dlltable says which funcs addresses to get, so you will use those happily soon :) example: 0,0,0,rva dllname,rva dlltable,\ 0,0,0,0,0 ... dllname db 'one more mega duper library',0 dlltable: procedure_you_use_in_your_source dd $8000'0000 + documented_procedure_number some_secret_proc_addres_will_lie_here dd name_of_secret_proc james_bond_location dd james_bond dd 0 <- the end :) name_of_secret_proc dw 0 <- dummy hint to loader about approximate documented_procedure_number location db 'MessageBox',0 james_bond dw 0 <- dummy db 'JamesBond',0 ... call [procedure_you_use_in_your_source] call [some_secret_proc_addres_will_lie_here] call [james_bond] ... |
|||
|
20 Jun 2011, 11:21 |
|
|
DOS386 02 Jul 2011, 04:26
> Hello, can someone give me an example of a DLL that doesn't use the export macro?
YES : http://board.flatassembler.net/topic.php?t=11170 (2010-Jun) http://board.flatassembler.net/download.php?id=5001 (170 KiB) See also: http://board.flatassembler.net/topic.php?t=13062 (2011-Jun) |
|||
|
02 Jul 2011, 04:26 |
|
|
idle 02 Jul 2011, 06:34
Code: ;wrong some_secret_proc_addres_will_lie_here dd name_of_secret_proc james_bond_location dd james_bond ;correct some_secret_proc_addres_will_lie_here dd RVA name_of_secret_proc james_bond_location dd RVA james_bond |
|||
|
02 Jul 2011, 06:34 |
|
< Last Thread | Next Thread > |
Forum Rules:
|