For long time ago, i was trying to make a MASM proc that emulates the API LoadLibrary.
I have most of the problems resolved, but i cannot make an algo to resolve the imports, bcoz it works only in some dll's (not all).
Anyone have a code to parse the imports correctly?.
Thanks.
I have most of the problems resolved, but i cannot make an algo to resolve the imports, bcoz it works only in some dll's (not all).
Anyone have a code to parse the imports correctly?.
Thanks.
possibly your code only can resolve imports "by name", not "by ordinal" (bit 31 is set)?
Post your code or better: make 2 small test dlls, one with exports "by name", the other "by ordinal".
Post your code or better: make 2 small test dlls, one with exports "by name", the other "by ordinal".
I have attached part of my DPMI-Loader, which loads PEs as 32-bit DPMI client.
Ignore most of the code, only functions
searchname
searchexport
resolveimports
doimports
are interesting. Code is a bit old now and not very well documented I'm afraid.
Ignore most of the code, only functions
searchname
searchexport
resolveimports
doimports
are interesting. Code is a bit old now and not very well documented I'm afraid.
root,
here's code to parse the import table. it dont handle import by ordinals. if this is your problem, i can code to you a import parse routine that parse others dll export table for that ordinal imports.
that, of course, if your dll loader can really load a dll, and put it in module lists. if it just load in mem, and fix the image, you can figure ordinals by your own ;)
ancev
ps: nah, i am kidding. i code the ordinal importer even if your dll loader dont load dlls :)
here's code to parse the import table. it dont handle import by ordinals. if this is your problem, i can code to you a import parse routine that parse others dll export table for that ordinal imports.
that, of course, if your dll loader can really load a dll, and put it in module lists. if it just load in mem, and fix the image, you can figure ordinals by your own ;)
pushad
@@ientry:
mov eax, [esi.ID_Name]
test eax,eax
je @@import_end
mov ebx,eax
add ebx, [imagebase]
push ebx
call [GetModuleHandleA]
test eax, eax
jnz @@dll_found
push ebx
call [LoadLibraryA]
@@dll_found:
mov [esi.ID_ForwarderChain],eax
mov ebx,[esi.ID_FirstThunk]
add ebx, [imagebase]
cmp [ebx],edi
mov edi, ebx
jb @@no_bound
mov ebx,[esi.ID_OriginalFirstThunk]
add ebx, [imagebase]
@@no_bound:
xchg eax, ebx
push esi
mov esi, eax
;ebx==module handle
;edi==where put APIs
;esi==pointers to api names
@@apiloop:
lodsd
test eax,eax
jz @@dll_done
btr eax,31
jc @@ordinal
add ebx, [imagebase]
@@ordinal:
push eax
push ebx
call [GetProcAddress]
stosd
jmp @@apiloop
@@dll_done:
pop esi
add esi,IMAGE_SIZEOF_IMPORT_DESCRIPTOR
jmp @@ientry
@@import_end:
popad
ret
ancev
ps: nah, i am kidding. i code the ordinal importer even if your dll loader dont load dlls :)
Thanks for the support.