As Symbian exe files import by ordinal it is very helpful for an exe dumper like DmpE32 to map the import ordinals to the original function names.
Previously I'd been generating the import function name files(.fn) for each version of the sdk. Unfortunatley the zip of the latest .fn files was in the range of 300-400 KB. Offering these for download would require more bandwidth than I pay for (>0). Additionally, in the case of the series 60 specific files the mappings were inaccurate.
I had been using nm to dump the function names and post processing the output. Unfortunately nm sorts by object module and not ordinal. In some cases the numeric portion of the object module name matches the ordinal. A lucky coincidence but definitely not reliable.
Matt Pietrek's article on COFF libraries and source code proved very helpful. GNU's dlltool source provided insight on the various idata components.
I've added a tool for generating imported function to ordinal mapping to the DmpE32 package.
COFF Lib references:
Pietrek, Matt. "Under The Hood." Microsoft System Journal
Apr. 1998 <http://www.microsoft.com/msj/0498/hood0498.aspx>.
GNU Dlltool.c , GNU Binutils package.
Subscribe to:
Post Comments (Atom)
Protecting the ‘Metaverse ecosystem’…: Openness is healthy
Meta’s Reality Labs has an opening for “Malware Reverse Engineer” . Not an uncommon role, but this particular one is a bit more specific whe...
-
Keys can be a bother. You forget them inside the apartment, they're stuck in a pocket or bag with your arms full, or you just lose them.... -
The Internet of Things is not as complex as one would think. Smart Objects(e.g. Power meters, Fridge computers, etc.) or "Things" ...
No comments:
Post a Comment