flat assembler
Message board for the users of flat assembler.

Index > Windows > About Microsoft lib file structure.

Author
Thread Post new topic Reply to topic
Roman



Joined: 21 Apr 2012
Posts: 1847
Roman 11 Dec 2024, 10:00
Microsoft lib file.
Main code start from 64h and this is opcodes.
Why are the code addresses not immediately indicated in the lib header, where should the text be written from the date?
such a code must be marked that it uses data from the date section.
Otherwise, it is necessary to parse the asm opcode and if the asm command uses the address, then look in the date section.
And this is very expensive and inconvenient.


Description:
Filesize: 300.29 KB
Viewed: 771 Time(s)

lib microsoft.jpg




Last edited by Roman on 11 Dec 2024, 10:26; edited 1 time in total
Post 11 Dec 2024, 10:00
View user's profile Send private message Reply with quote
Roman



Joined: 21 Apr 2012
Posts: 1847
Roman 11 Dec 2024, 10:05
This is main asm code from hex editor.
Code:
format MS COFF

section '.code' code readable executable  

 public _demo

 _demo:
        push    0
        push    _caption     ;i marked this red color in hex editor. 68h opcode push
        push    _message     ;i marked this yellow color in hex editor.
        push    0
        mov eax,[MessageBox]
        call    eax 
        ret

section '.data' data readable writeable

 _caption db 'Win32 assembly',0
 _message db 'Coffee time!',0
 extrn '__imp__MessageBoxA@16' as MessageBox:dword
    


Last edited by Roman on 11 Dec 2024, 10:26; edited 1 time in total
Post 11 Dec 2024, 10:05
View user's profile Send private message Reply with quote
Roman



Joined: 21 Apr 2012
Posts: 1847
Roman 11 Dec 2024, 10:20
Common Object File Format (COFF)
Weird why in file header not using first 4 bytes COFF.
https://stackoverflow.com/questions/3811437/whats-the-format-of-lib-in-windows


Description:
Filesize: 190.83 KB
Viewed: 758 Time(s)

coff.jpg




Last edited by Roman on 14 Dec 2024, 12:34; edited 2 times in total
Post 11 Dec 2024, 10:20
View user's profile Send private message Reply with quote
Roman



Joined: 21 Apr 2012
Posts: 1847
Roman 11 Dec 2024, 10:30
From the offset 20 begin first section. Name 8 bytes and data(4 bytes size bytes, 4 bytes start offset).


Last edited by Roman on 14 Dec 2024, 08:22; edited 1 time in total
Post 11 Dec 2024, 10:30
View user's profile Send private message Reply with quote
Roman



Joined: 21 Apr 2012
Posts: 1847
Roman 11 Dec 2024, 10:49
Post 11 Dec 2024, 10:49
View user's profile Send private message Reply with quote
Roman



Joined: 21 Apr 2012
Posts: 1847
Roman 11 Dec 2024, 12:05
Post 11 Dec 2024, 12:05
View user's profile Send private message Reply with quote
Roman



Joined: 21 Apr 2012
Posts: 1847
Roman 12 Dec 2024, 14:02
Microsoft file lib consist !<arch> and several COFFs.
Read symbols table where is many sections(.text,.data,.rdata)
Get functions names for dll and code from Strings Table.
In Strings Table stored long names big than 8 bytes.
Because in symbols table section name only 8 bytes.


Description:
Download
Filename: lib c.rar
Filesize: 47.56 KB
Downloaded: 23 Time(s)

Post 12 Dec 2024, 14:02
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.