flat assembler
Message board for the users of flat assembler.
Index
> Windows > Manual Exports |
Author |
|
FrozenKnight 02 Jan 2007, 18:47
i just thought i'd tell everyone i figured it out. the Ordinals must always start at 0 and number upwards. if they dont then the whole thing becomes out of sync.
Code: section '.edata' export data readable dd 0,\ ;Characteristics 45984F00h ;TimeDateStamp dw 0,\ ;MajorVersion 1 ;MinorVersion dd RVA _szDllName,\ ;Name 100,\ ;Base 1,\ ;NumberOfFunctions 1,\ ;NumberOfNames RVA _FuncAddrs,\ ;AddressOfFunctions RVA _NameAddrs,\ ;AddressOfNames RVA _OrdinalsAddrs ;AddressOfNameOrdinals _FuncAddrs: dd RVA MT_Rand _NameAddrs: dd RVA _szMT_Rand _OrdinalsAddrs: dw 0 ;fix here a;ways start this with 0 and move upwards in increments of 1 _szDllName db 'RAND2.DLL', 0 _szMT_Rand db 'Rand', 0 i started this project so i could expert some of my functions by Ordinal only |
|||
02 Jan 2007, 18:47 |
|
Chewy509 22 May 2007, 03:44
What would the
Code: _OrdinalsAddrs: dw 0 ;fix here a;ways start this with 0 and move upwards in increments of 1 contain if using multiple exported functions? Also (newbie alert), do you have a decent description of the what the base field and characteristic fields can/should contain. (Just having problems manually constructing the .edata section myself). |
|||
22 May 2007, 03:44 |
|
Chewy509 22 May 2007, 04:20
I found the following resource on msdn which describes the PE format pretty well: http://msdn2.microsoft.com/en-us/library/ms809762.aspx
Your choice of an ordinal base of 100, seems unusual as reading through the documentation? (unless you snipped a lot of code). Also wouldn't the _OrdinalAddrs: start at 100? if you are using a base of 100? (as per your first example). Since the index into the function address table is based on (Ordinal - Base)? So if your base is 100, and you start the _OrdinalAddrs: at 100 and work up, the first function would be index 0 in the _FuncAddrs table? Or have I misread the structure of the .edata section? |
|||
22 May 2007, 04:20 |
|
asmfan 22 May 2007, 08:06
Loader set addresses accordingly to this:
Code: i = Search_ExportNamePointerTable (ExportName); ordinal = ExportOrdinalTable [i]; SymbolRVA = ExportAddressTable [ordinal - OrdinalBase + 1]; In MS Docs (*.doc) on PE available to download from their site there is error. (no "+1" but indeed it's needed). _________________ Any offers? |
|||
22 May 2007, 08:06 |
|
asmfan 22 May 2007, 08:41
Although according to my tests OrdinalBase is ignored(( by loader and tho only condition - ordinals should start from 0 to be loaded properly by loader. Weird MS!
|
|||
22 May 2007, 08:41 |
|
Hobo 24 Aug 2007, 11:28
can anyone see why this Export section wouldn't be working?
When i try to import the "Print" function into my application, i get the "procedure entry point 'Print' could not be located in the dynamic link library" However, SetStdHandles imports fine. Here's my export section code (2 functions exported) Code: Section '.eData' Export Data Readable DD 0 ; Characteristics DD 0 ; Time/Date Stamp DW 0 ; Major Version DW 0 ; Minor Version DD RVA _DllName ; DLL Name DD 0x00 ; Base DD 0x02 ; Number of Functions DD 0x02 ; Number of Names DD RVA FunctionAddrs ; Address of Functions DD RVA NameAddrs ; Address of Names DD RVA Ordinals ; Address of Name Ordinals FunctionAddrs: DD RVA SetStdHandles DD RVA Print NameAddrs: DD RVA _SetStdHandles DD RVA _Print Ordinals: DW 0x00 DW 0x01 _DllName DB 'ConLib.dll', 0 _SetStdHandles DB 'SetStdHandles', 0 _Print DB 'Print', 0 |
|||
24 Aug 2007, 11:28 |
|
FrozenKnight 24 Aug 2007, 11:33
I copied this straight from my working rand.dll this section works as is with the current version of fASM hope this helps.
Code: section '.edata' export data readable dd 0,\ ;Characteristics 45984F00h ;TimeDateStamp dw 0,\ ;MajorVersion 1 ;MinorVersion dd RVA _szDllName,\ ;Name 100,\ ;Base 5,\ ;NumberOfFunctions 5,\ ;NumberOfNames RVA _FuncAddrs,\ ;AddressOfFunctions RVA _NameAddrs,\ ;AddressOfNames RVA _OrdinalsAddrs ;AddressOfNameOrdinals _FuncAddrs: ;must match sorted according to ordeal order dd RVA MTRand dd RVA MTinitMan;MTinit dd RVA rand dd RVA srand dd RVA r4d6m1 _NameAddrs: ;must be sorted alphabetically or windows name search wont work dd RVA _szMTinit dd RVA _szMTRand dd RVA _szr4d6m1 dd RVA _szrand dd RVA _szsrand _OrdinalsAddrs: ;must start at 0 and count up dw 1 ;must match NameAddr order dw 0 dw 4 dw 2 dw 3 _szDllName db 'RAND.DLL', 0 _szMTRand db 'MTrand',0 _szMTinit db 'MTinit',0 _szr4d6m1 db 'r4d6m1',0 _szrand db 'rand',0 _szsrand db 'srand',0 |
|||
24 Aug 2007, 11:33 |
|
Hobo 24 Aug 2007, 11:48
haha lol thanks for the fast reply 5 minutes
thanks for your help, all i needed was to sort the export names alphabetically and are you sure the ordinals must match the name address order? i switched the numbers around and it made no difference . . . anyway, don't go out of your way to answer that, 'cause i got it working and thats all i wanted Thanks |
|||
24 Aug 2007, 11:48 |
|
FrozenKnight 24 Aug 2007, 20:17
Yes i'm sure i checked this with 2 debuggers to ensure everything worked correctly. if you don't do it this way things may not always work the way you expect.
|
|||
24 Aug 2007, 20:17 |
|
Hobo 25 Aug 2007, 03:14
ok, well thanks for your help, appreciate it
|
|||
25 Aug 2007, 03:14 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.