Hi there.
If you ever take a look inside blah.lib files you would encounter strings
like: __imp_MesaageBoxA@16 or __imp__ExitProcess@4

or if you forget to put an includelib blah.lib in a source code
or providing the blah.lib file to linker on command line you would get a
fatal error from linker saying that is was unable to resolve function
__imp__blah@x

I know that they are necessary for dynamic linking and import table creation
but I want to know EXACTLY(in depth) what are these __imp__blah@NumByteArg
strings and what's the relation Between MessageBoxA and __imp__MessageBoxA@16
or better...What the hell are assembler and linker doing?

here is another:you are familiar with following code...
externdef _imp_ExitProcess@4:DWORD(or :PROC or :ptr DWORD or ....)
why do we put only one underscore before imp?!!
(as you see im trying to know how this name mangling happens)

thanks...

ps:please dont refer me to MATT's PE article on MSDN. :cool:
Posted on 2003-06-18 12:43:44 by titanwalker
If you use MASM with STDCALL calling convention as a default, MASM will add an underscore to the beginning of the name. If you originally wrote the name with one underscore at the beginning, the linker will see two underscores at the beginning.

The "imp" names are labels to DWORDs that will hold the actual addresses of DLL functions. The data is initialized after the corresponding DLL is loaded.

The .LIB files hold for each DLL function some code that looks something like this:
    .code

_API_function@nn:
jmp dword ptr [__imp__API_function@nn] ; indirect jump, address in "imp" variable

.icode segment
__imp__API_function@nn DWORD ?
.icode ends
The linker will create the .LIB file for you when you build your own DLL.
Posted on 2003-06-18 16:01:23 by tenkey
extern externdef <--- what is this ??
Posted on 2003-06-18 16:47:27 by AceEmbler
Here's a quicky explanation,

__imp_MessageBoxA@16

__imp_ = import - this is the decorated C name prefix a function (ie the name in the lib file)
MessageBoxA = the name of the function
@16 = the number of bytes it will remove from the stack

When you use invoke MessageBox in your program it is translated to MessageBoxA by User32.inc then sent to the assembler. The assembler will check to see if the function exists in your program and if not it will affix the prefix and add it to the import table. When you link your program it will search the libs for the import and add the proper thunk for that function to the linked executable.

EXTERNDEF [] name:type [[, [] name:type]]...

Defines one or more external variables, labels, or symbols called name whose type is type. If name is defined in the module, it is treated as PUBLIC. If name is referenced in the module, it is treated as EXTERN. If name is not referenced, it is ignored. The type can be ABS, which imports name as a constant. Normally used in include files.
Posted on 2003-06-18 17:03:25 by donkey
here is the code generated by VC++(/FA):
?hMomRgn@@3PAUHRGN__@@A DD 01H DUP (?) ; hMomRgn
?sBitmap@@3UtagBITMAP@@A DB 018H DUP (?) ; sBitmap
?hMemDC@@3PAUHDC__@@A DD 01H DUP (?) ; hMemDC
_BSS ENDS
PUBLIC ?WndProc@@YGJPAUHWND__@@IIJ@Z ; WndProc
EXTRN __imp__BitBlt@36:NEAR
EXTRN __imp__SendMessageA@16:NEAR
EXTRN __imp__DefWindowProcA@16:NEAR
EXTRN __imp__BeginPaint@8:NEAR
EXTRN __imp__EndPaint@8:NEAR
EXTRN __imp__PostQuitMessage@4:NEAR

as you can see all of external defines got TWO underscore...!!!
But as i said before we use one with EXTERNDEF!!!
I'm driving mad:(
Posted on 2003-06-19 06:51:02 by titanwalker
By the way as far as i know C name mangaling is so: foo(int,int)->_foo@8
Why that __imp is appeared at the beginnig?
Posted on 2003-06-19 06:53:19 by titanwalker
The __imp appears because in the C++ header files, the API functions are defined as DLL functions. I don't remember the underlying VC syntax extensions for doing this.
Posted on 2003-06-19 15:14:36 by tenkey
Posted on 2003-06-19 16:47:47 by donkey
OK I GOT IT!!
Thx to donkey.I will make a summary and put it up there(ofcourse after exams :grin: )
Posted on 2003-06-22 11:17:38 by titanwalker