How to build your own MASM import library
ICZelion (Translation: Flower radish yqzq@163.net) 9.5.2000
This essay is to explain about the implementation of the MASM import library (IMPORT LIBRARIES), I assume that you already know what is import library. Below, I will focus on the method of establishing a MASM import library.
MASM import library format: MASM and VC can use the same import library, the MS import library uses a COFF file format that is different from the TASM's OMF format, which is why TASM and MASM's import library cannot be used interoperability, I will The format of the MS import library is not detailed. It can be said that each MS import library contains information about a function in a DLL (you will use this information to call functions in the DLL), including the function name and all of its parameters. If you open kernel32.lib with a text editor, you will find some information in the following format:
_Exitprocess @ 4 _createprocessa @ 40
The function name is decorated with "_", the number after "@" indicates the size of all parameters (bytes), and the EXITPROCESS function has only one DWORD parameter, so the number behind is 4. Why is the information of these parameter sizes in the lib? When you call the function with the Invoke, this information is used to detect whether the parameter passed to the function is correct. If you use "manual" to press the parameters into the stack, the MASM will not be able to detect whether the parameters are correct if the function is called via "call". This will result in almost no way to establish a DLL import library, because the DLL does not include clear information about parameter size.
Establishing the MASM Import Library from DLL If you are happy to call the function with the "Manual" method, you can build MASM's import library as any of the DLL:
With Dumpbin.exe, it can export the name of the DLL output function.
DUMPBIN / EXPORTS Blah.dll> Output.txt
After you get the function name list, build a module definition file (.def). For example: If the DLL only contains a function: getSomeline Enter the following in a text file:
Library Blah
Exports
GetSomeline
And save it as "Blah.def
This is like this, running lib.exe, establish an import library through the module definition file:
LIB /DEF :BLAH.DEF
It's it! You will get Blah.lib, as long as you don't use the Invoke call function, you can use it in MASM.
Create a MASM import library through an Invoke call function:
I don't oppose the methods you use, but Invoke is really a good way to call functions. This is also one of the reasons why I prefer Masm more than TASM. But as I emphasized earlier, we almost impossible to build a 100% MASM import library from a DLL. If you use Invoke, you will not create an MASM import library with the above method. For example, you can imagine if you modify the "@xx" section of the function in the .def file, the import library will still be established normally, but please believe me, he will not work. Building a simple way to use Invoke import library is to use MASM. If you write DLL code, you will find that you not only go to a DLL, but also get an import library, it's right, it's us! Our strategy is: 1: Get the function name and all parameters 2: Create a DLL source code containing the correct number and size 3: Create a module definition file (.def) 4 describing the corresponding function in the ASM source code. 4: Source code Press DLL Compilation You will get a full-featured MASM import library, the above steps should do more instructions Get function names and all parameter sizes This is the most difficult part of our handling process. If you only have DLL, you will experience meaningful adventures. Here is the method I can think of, but there is no 100% work. Using interactive anti-compilation tools (Ida) anti-compilation DLL, through this wonderful tool, you can get the probably size of the function parameters, but this information is incomplete, IDA is a powerful tool, but sometimes What is what we have to judge by us. You will have to analyze the anti-compilation results carefully. Observe the stack pointer to the value before and after the function. Methods as below:
Get the address of the function via getProcAddress. Call each function you want to test, but please note that when you call these functions, don't deliver any parameters. Please note the value of the ESP before calling. When the function returns, the value before the call function is called, the value of the ESP is compared. The basic principle is that the STDCALL parameter call protocol regulates, the function is responsible for restoring the stack, now know why we don't pass any parameters, we have not passed the parameters, but the function is self-intelligent "recover" ESP pointer, so the change value of ESP is We have to have the size of the parameter. However, the above method is not very unlucky, and these situations will result in failure:
If the function in the DLL uses a different parameter transfer agreement different from STDCALL. If the function fails when the stack is restored, we will not be able to get the correct value of the ESP. If this function is to do some dangerous things, such as hard drive formatting, even if we get ESP, I am afraid that the price is going to study existing DLL procedures, you can get these programs to get these programs The number and size of the function parameters. No matter how, as long as the function is in the DLL, there is no program to call it, you can use the above two methods.
Building our own DLL After you get the name and parameter size you get the function, you can build a DLL framework and add a function of the same name in the framework and other DLLs, files. For example, if the DLL contains only one function: getSomeline. It has 16bytes parameters. In the ASM file, you can write this:
.386
.Model flat, stdcall
.code
GetSomeline Proc Param1: DWORD, PARAM2: DWORD, PARAM3: DWORD, PARAM4: DWORD
GetSomeline Endp
end
You may ask, "What is this?" A program without processing part? Keep in mind: An import library does not record how a function is implemented, it is just the logo name and parameter size, and its task is to provide the name and size of the function. So we don't need to add a function of the function. When we set up a DLL, MASM will help us complete its import library. MASM does not care about the size of each specific parameter when establishing a warehouse, which is always like this: .386
.Model flat, stdcall
.code
GetSomeline Proc Param1: Byte, Param2: Byte, Param3: Byte, Param4: Byte
GetSomeline Endp
end
The MASM will then create _getsomeline @ 16 in the import library, and does not care about it is 4 Byte or something else.
Establishing a matching module definition file (.def) This is a simple job that you need this file to guide MASM to establish the correct DLL and the import library that matches it. A module definition file template is as follows:
Library
Exports
You just need to fill in the DLL name and then add the name of the function in Exports. Each function name is. Save the file and you will get a module definition file.
Compilation DLL source code
The last step is also the easiest step, just Ml.exe and Link.exe
ML / C / COFF / CP Blah.asm
LINK / DLL / NOENTRY /DEF :BLAH.DEF / SUBSYSTEM: Windows Blah.obj
Ok, check out your project catalog, you will find the import library and DLL you want,
