flat assembler
Message board for the users of flat assembler.

Index > Windows > Manual Exports

Author
Thread Post new topic Reply to topic
FrozenKnight



Joined: 24 Jun 2005
Posts: 128
FrozenKnight 01 Jan 2007, 20:56
i'm trying to write my exports section manually. but for some reason the name of my exports aren't linking correctly.
Code:
section '.edata' export data readable

dd 0,\                  ;Characteristics
   45984F00h            ;TimeDateStamp
dw 0,\                  ;MajorVersion
   1                    ;MinorVersion
dd RVA _szDllName,\     ;Name
   100,\                ;Base
   1,\                  ;NumberOfFunctions
   1,\                  ;NumberOfNames
   RVA _FuncAddrs,\     ;AddressOfFunctions
   RVA _NameAddrs,\     ;AddressOfNames
   RVA _OrdinalsAddrs   ;AddressOfNameOrdinals


_FuncAddrs:
dd RVA MT_Rand
_NameAddrs:
dd RVA _szMT_Rand
_OrdinalsAddrs:
dw 100
dw 0

_szDllName      db 'RAND2.DLL', 0
_szMT_Rand      db 'Rand', 0     

anyone know what might be wrong?
Post 01 Jan 2007, 20:56
View user's profile Send private message Reply with quote
FrozenKnight



Joined: 24 Jun 2005
Posts: 128
FrozenKnight 02 Jan 2007, 18:47
i just thought i'd tell everyone i figured it out. the Ordinals must always start at 0 and number upwards. if they dont then the whole thing becomes out of sync.

Code:
section '.edata' export data readable

dd 0,\                  ;Characteristics
   45984F00h            ;TimeDateStamp
dw 0,\                  ;MajorVersion
   1                    ;MinorVersion
dd RVA _szDllName,\     ;Name
   100,\                ;Base
   1,\                  ;NumberOfFunctions
   1,\                  ;NumberOfNames
   RVA _FuncAddrs,\     ;AddressOfFunctions
   RVA _NameAddrs,\     ;AddressOfNames
   RVA _OrdinalsAddrs   ;AddressOfNameOrdinals


_FuncAddrs:
dd RVA MT_Rand
_NameAddrs:
dd RVA _szMT_Rand
_OrdinalsAddrs:
dw 0 ;fix here a;ways start this with 0 and move upwards in increments of 1

_szDllName      db 'RAND2.DLL', 0
_szMT_Rand      db 'Rand', 0     



i started this project so i could expert some of my functions by Ordinal only
Post 02 Jan 2007, 18:47
View user's profile Send private message Reply with quote
Chewy509



Joined: 19 Jun 2003
Posts: 297
Location: Bris-vegas, Australia
Chewy509 22 May 2007, 03:44
What would the
Code:
_OrdinalsAddrs:
dw 0 ;fix here a;ways start this with 0 and move upwards in increments of 1
    

contain if using multiple exported functions?

Also (newbie alert), do you have a decent description of the what the base field and characteristic fields can/should contain.

(Just having problems manually constructing the .edata section myself).
Post 22 May 2007, 03:44
View user's profile Send private message Visit poster's website Reply with quote
Chewy509



Joined: 19 Jun 2003
Posts: 297
Location: Bris-vegas, Australia
Chewy509 22 May 2007, 04:20
I found the following resource on msdn which describes the PE format pretty well: http://msdn2.microsoft.com/en-us/library/ms809762.aspx

Your choice of an ordinal base of 100, seems unusual as reading through the documentation? (unless you snipped a lot of code).

Also wouldn't the _OrdinalAddrs: start at 100? if you are using a base of 100? (as per your first example).

Since the index into the function address table is based on (Ordinal - Base)?

So if your base is 100, and you start the _OrdinalAddrs: at 100 and work up, the first function would be index 0 in the _FuncAddrs table?

Or have I misread the structure of the .edata section?
Post 22 May 2007, 04:20
View user's profile Send private message Visit poster's website Reply with quote
asmfan



Joined: 11 Aug 2006
Posts: 392
Location: Russian
asmfan 22 May 2007, 08:06
Loader set addresses accordingly to this:
Code:
i = Search_ExportNamePointerTable (ExportName);
ordinal = ExportOrdinalTable [i];
SymbolRVA = ExportAddressTable [ordinal - OrdinalBase + 1];
    

In MS Docs (*.doc) on PE available to download from their site there is error. (no "+1" but indeed it's needed).

_________________
Any offers?
Post 22 May 2007, 08:06
View user's profile Send private message Reply with quote
asmfan



Joined: 11 Aug 2006
Posts: 392
Location: Russian
asmfan 22 May 2007, 08:41
Although according to my tests OrdinalBase is ignored(( by loader and tho only condition - ordinals should start from 0 to be loaded properly by loader. Weird MS!
Post 22 May 2007, 08:41
View user's profile Send private message Reply with quote
Hobo



Joined: 05 Jul 2007
Posts: 11
Hobo 24 Aug 2007, 11:28
can anyone see why this Export section wouldn't be working?

When i try to import the "Print" function into my application, i get the "procedure entry point 'Print' could not be located in the dynamic link library" However, SetStdHandles imports fine.

Here's my export section code (2 functions exported)

Code:
Section '.eData' Export Data Readable
  DD      0                                       ;       Characteristics
     DD      0                                       ;       Time/Date Stamp
     DW      0                                       ;       Major Version
       DW      0                                       ;       Minor Version
       DD      RVA     _DllName                        ;       DLL Name
    DD      0x00                                    ;       Base
        DD      0x02                                    ;       Number of Functions
 DD      0x02                                    ;       Number of Names
     DD      RVA     FunctionAddrs                   ;       Address of Functions
        DD      RVA     NameAddrs                       ;       Address of Names
    DD      RVA     Ordinals                        ;       Address of Name Ordinals
FunctionAddrs:
      DD      RVA     SetStdHandles
       DD      RVA     Print
NameAddrs:
     DD      RVA     _SetStdHandles
      DD      RVA     _Print
Ordinals:
     DW      0x00
        DW      0x01
        
    _DllName                                        DB      'ConLib.dll', 0
   _SetStdHandles                                  DB      'SetStdHandles', 0
        _Print                                          DB      'Print', 0    
Post 24 Aug 2007, 11:28
View user's profile Send private message Reply with quote
FrozenKnight



Joined: 24 Jun 2005
Posts: 128
FrozenKnight 24 Aug 2007, 11:33
I copied this straight from my working rand.dll this section works as is with the current version of fASM hope this helps.

Code:
section '.edata' export data readable

dd 0,\                  ;Characteristics
   45984F00h                ;TimeDateStamp
dw 0,\                       ;MajorVersion
   1                   ;MinorVersion
dd RVA _szDllName,\   ;Name
   100,\              ;Base
   5,\                        ;NumberOfFunctions
   5,\                   ;NumberOfNames
   RVA _FuncAddrs,\  ;AddressOfFunctions
   RVA _NameAddrs,\     ;AddressOfNames
   RVA _OrdinalsAddrs        ;AddressOfNameOrdinals


_FuncAddrs:    ;must match sorted according to ordeal order
dd RVA MTRand
dd RVA MTinitMan;MTinit
dd RVA rand
dd RVA srand
dd RVA r4d6m1

_NameAddrs:    ;must be sorted alphabetically or windows name search wont work
dd RVA _szMTinit
dd RVA _szMTRand
dd RVA _szr4d6m1
dd RVA _szrand
dd RVA _szsrand

_OrdinalsAddrs: ;must start at 0 and count up
dw 1               ;must match NameAddr order
dw 0
dw 4
dw 2
dw 3

_szDllName    db 'RAND.DLL', 0
_szMTRand db 'MTrand',0
_szMTinit    db 'MTinit',0
_szr4d6m1    db 'r4d6m1',0
_szrand      db 'rand',0
_szsrand       db 'srand',0    
Post 24 Aug 2007, 11:33
View user's profile Send private message Reply with quote
Hobo



Joined: 05 Jul 2007
Posts: 11
Hobo 24 Aug 2007, 11:48
haha lol thanks for the fast reply Very Happy 5 minutes Shocked

thanks for your help, all i needed was to sort the export names alphabetically

and are you sure the ordinals must match the name address order? i switched the numbers around and it made no difference . . .

anyway, don't go out of your way to answer that, 'cause i got it working and thats all i wanted Smile Thanks
Post 24 Aug 2007, 11:48
View user's profile Send private message Reply with quote
FrozenKnight



Joined: 24 Jun 2005
Posts: 128
FrozenKnight 24 Aug 2007, 20:17
Yes i'm sure i checked this with 2 debuggers to ensure everything worked correctly. if you don't do it this way things may not always work the way you expect.
Post 24 Aug 2007, 20:17
View user's profile Send private message Reply with quote
Hobo



Joined: 05 Jul 2007
Posts: 11
Hobo 25 Aug 2007, 03:14
ok, well thanks for your help, appreciate it Smile
Post 25 Aug 2007, 03:14
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.