flat assembler
Message board for the users of flat assembler.

Index > Windows > Using the import section for data

Author
Thread Post new topic Reply to topic
sinsi



Joined: 10 Aug 2007
Posts: 794
Location: Adelaide
sinsi 08 Jan 2008, 05:05
Can the import section be used for data? e.g.
Code:
section '.idata' import data readable writeable
hinst dd 0
hwnd dd 0
temp dd 0
var1 dd RVA kernel32_dll
var2 dd RVA kernel32_table
...
    

I was wondering if windows does any more to that section after it imports everything.
Quite a few of my programs only use 4 or 5 global vars, it would be nice not to have to create a new section for them.
Post 08 Jan 2008, 05:05
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 08 Jan 2008, 07:00
you can put some data inside import section, but surely not at beginning. pointer to thunks must be really first dword, etc...
Post 08 Jan 2008, 07:00
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
sinsi



Joined: 10 Aug 2007
Posts: 794
Location: Adelaide
sinsi 08 Jan 2008, 07:32
My point is that the import section is handled once by windows and then is dead space, so why not use it? If you are hand-coding an import section, then why not eh?
Post 08 Jan 2008, 07:32
View user's profile Send private message Reply with quote
asmfan



Joined: 11 Aug 2006
Posts: 392
Location: Russian
asmfan 08 Jan 2008, 08:19
If you put data to import section - FASM automatically adds this data size to size of of all import (IAT etc.) which stored in Optional Header Data Directories (Image Only) assuming that this is the size of only import.
If you need correct definition do as below
Code:
section '.idata' data readable writeable
data import
;...
end data
    

Avoid special words in section definition - e.g. import, export, fixups, etc

_________________
Any offers?
Post 08 Jan 2008, 08:19
View user's profile Send private message Reply with quote
sinsi



Joined: 10 Aug 2007
Posts: 794
Location: Adelaide
sinsi 09 Jan 2008, 07:10
Slight confusion...in the PEDEMO example is the following
Code:
section '.idata' import data readable writeable

  dd 0,0,0,RVA kernel_name,RVA kernel_table
    

From reading pecoff_v8.doc, the first dword of the five is supposed to be the RVA of the "import lookup table" - surely this can't be 0?
Post 09 Jan 2008, 07:10
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 09 Jan 2008, 07:19
Quote:
surely this can't be 0?

Depending on loader. If you set it, you can be sure it works everywhere. If you don't, you risk it won't works on some windows version.

AFAIK on most x86 windowses it work, but for example in WinCE, such PE wouldn't load.
Post 09 Jan 2008, 07:19
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
sinsi



Joined: 10 Aug 2007
Posts: 794
Location: Adelaide
sinsi 09 Jan 2008, 07:36
Thanks vid (WinCE eh? I use it at work on a touchscreen in the truck, but never programmed it.)
So if I do
Code:
section '.idata' import data readable writeable
hinst dd RVA kernel_lookup
hwnd  dd 0 ;timestamp of dll from loader - who cares?
etc1  dd 0 ;forwarder - no information on this: anyone know?
etc2  dd RVA kernel_name
etc3  dd RVA kernel_table
    

Then I treat them as uninitialised and use them in my code, since I assume the loader is all done with them.
Post 09 Jan 2008, 07:36
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 09 Jan 2008, 08:40
sinsi: no no, at least the "kernel_table" must stay unchanged, because pointers to actual APIs are written there.

anyway, my best advice is not to touch import data at all... there's no reason to do it, and it is prone to not work at certain windows.

look up some description of "PE file format", there is one on wikibooks, one on microsoft site, and there is iczlion's PE tutorial too (for MASM, but who cares)
Post 09 Jan 2008, 08:40
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
sinsi



Joined: 10 Aug 2007
Posts: 794
Location: Adelaide
sinsi 09 Jan 2008, 08:59
I'm not going to use kernel_table, since that's where the addresses from the dll go... Shocked but everything else is unused once the loader has done its stuff...
Post 09 Jan 2008, 08:59
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 09 Jan 2008, 09:59
WHY do you want to reuse that data?

Quote:
but everything else is unused once the loader has done its stuff...

i wouldn't be so sure about it
Post 09 Jan 2008, 09:59
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
sinsi



Joined: 10 Aug 2007
Posts: 794
Location: Adelaide
sinsi 09 Jan 2008, 10:12
vid wrote:
WHY do you want to reuse that data?
sinsi wrote:
Quite a few of my programs only use 4 or 5 global vars, it would be nice not to have to create a new section for them.


vid wrote:
i wouldn't be so sure about it

That's basically my question...
Post 09 Jan 2008, 10:12
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 09 Jan 2008, 10:29
Quote:
Quite a few of my programs only use 4 or 5 global vars, it would be nice not to have to create a new section for them.

no one would ever notice some 4KB difference. But you can create a flat section, holding both imports, data, and code. search forum for "flat section"
Post 09 Jan 2008, 10:29
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
sinsi



Joined: 10 Aug 2007
Posts: 794
Location: Adelaide
sinsi 09 Jan 2008, 10:39
vid wrote:
search forum for "flat section"

heh heh 35 pages worth, and this one is first... Laughing

edit: http://board.flatassembler.net/topic.php?t=8011
Has the same " dd 0,0,0,RVA ...etc"
Post 09 Jan 2008, 10:39
View user's profile Send private message Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 4060
Location: vpcmpistri
bitRAKE 09 Jan 2008, 21:50
Post 09 Jan 2008, 21:50
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.