flat assembler
Message board for the users of flat assembler.

Index > Heap > [Windaube] Imports by ORDINAL

Author
Thread Post new topic Reply to topic
DOS386



Joined: 08 Dec 2006
Posts: 1901
DOS386
When looking on some "professional" mainstream software (brewn with MSVC rather than FASM), one can see that most imports, especially from "well known" and "useful" DLL's (KERNEL, USER, ...) are by name. But there are also imports by ORDINAL, usually from more obscure DLL's (COMCTL, ...). Anyone has a clue what's the point of doing so ?

When comparing ME vs XP or Wista, one can see that on same ORDINALS there are partially same function names, but partially different names and different functions !!! So an application using that ORDINAL will work on 1 of those versions of Windaube at best, but definitely NOT on both.

Am I missing something, or is Windaube really poorly designed to that extraORDINAL degree? Question

_________________
Bug Nr.: 12345

Title: Hello World program compiles to 100 KB !!!

Status: Closed: NOT a Bug
Post 06 Jun 2013, 09:28
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17287
Location: In your JS exploiting you and your system
revolution
OS ordinals are not published so using them is at your own risk. They are only intended to be used within the OS DLLs that have all been compiled together and thus have the ordinal numbers synchronised between each other.

The idea behind ordinals is for faster linking. Supposedly to improve startup times for programs. You can use ordinals within your own programs and DLLs also.
Post 06 Jun 2013, 09:36
View user's profile Send private message Visit poster's website Reply with quote
DOS386



Joined: 08 Dec 2006
Posts: 1901
DOS386
> They are only intended to be used within the OS DLLs that
> have all been compiled together and thus have the ordinal
> numbers synchronised between each other

So why do I see them in many applications ... referring to SYSTEM DLL's NOT being part of the application?

> The idea behind ordinals is for faster linking.
> Supposedly to improve startup times

and save a few Byte's (considering the absurd bloat of most of the affected apps and the OS even more ...) Shocked
Post 06 Jun 2013, 09:59
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17287
Location: In your JS exploiting you and your system
revolution
DOS386 wrote:
So why do I see them in many applications ... referring to SYSTEM DLL's NOT being part of the application?
Details?
Post 06 Jun 2013, 11:27
View user's profile Send private message Visit poster's website Reply with quote
DOS386



Joined: 08 Dec 2006
Posts: 1901
DOS386
> Details?

1 example of many: "setup.exe" from Wing-ZIP has 4 imports from SHELL32.DLL among them 1 by ordinal $02A8, and 1 import from COMCTL32.DLL by ordinal $11.

Found source code of the thing: http://goo.gl/wkZoP http://goo.gl/gFcem

Seems the worst ^^^ suspect has been confirmed Smile

_________________
Bug Nr.: 12345

Title: Hello World program compiles to 100 KB !!!

Status: Closed: NOT a Bug
Post 07 Jun 2013, 07:41
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17287
Location: In your JS exploiting you and your system
revolution
MS did not publish that list so there is no way of guaranteeing such code will work on any particular OS version. People that use such lists open up their code to potential compatibility problems. If you choose to use such lists then it is at your own risk (oh wait, didn't I already say that somewhere before?).
Post 07 Jun 2013, 11:48
View user's profile Send private message Visit poster's website Reply with quote
DOS386



Joined: 08 Dec 2006
Posts: 1901
DOS386
> People that use such lists open up their code to potential compatibility problems
> If you choose to use such lists then it is at your own risk

NOT my problem. But that's how the mainstream codes Smile Just check some of your pet programs for imports by ORDINAL. I doubt that you fail to find. Smile
Post 15 Jun 2013, 09:41
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.