As Symbian exe files import by ordinal it is very helpful for an exe dumper like DmpE32 to map the import ordinals to the original function names.
Previously I'd been generating the import function name files(.fn) for each version of the sdk. Unfortunatley the zip of the latest .fn files was in the range of 300-400 KB. Offering these for download would require more bandwidth than I pay for (>0). Additionally, in the case of the series 60 specific files the mappings were inaccurate.
I had been using nm to dump the function names and post processing the output. Unfortunately nm sorts by object module and not ordinal. In some cases the numeric portion of the object module name matches the ordinal. A lucky coincidence but definitely not reliable.
Matt Pietrek's article on COFF libraries and source code proved very helpful. GNU's dlltool source provided insight on the various idata components.
I've added a tool for generating imported function to ordinal mapping to the DmpE32 package.
COFF Lib references:
Pietrek, Matt. "Under The Hood." Microsoft System Journal
Apr. 1998 <http://www.microsoft.com/msj/0498/hood0498.aspx>.
GNU Dlltool.c , GNU Binutils package.
Subscribe to:
Post Comments (Atom)
Auto "Kill Switch", solving the wrong problem?
Consumer Watchdog, a consumer advocacy group, put out a report on the dangers of Internet connected cars. They received coverage on the nigh...
-
Consumer Watchdog, a consumer advocacy group, put out a report on the dangers of Internet connected cars. They received coverage on the nigh...
-
A number of factors drive malware on new platforms. The chance for pure discovery and experimentation, the desire to be the first, a need to...
No comments:
Post a Comment