Many thanks for answers. Please correct me if I am wrong. Using some sort of PE Explorer I can look through all the functions that one can call from DLL and linker goes through this information and replaces my labels in Object file with actual offsets from PE headers in DLL.
Looking at disassembled code I've never seen usage of "LoadLibrary" and "GetProcAddress" (except 'wglGetProcAddress" but it is completely different story) is this because in majority of cases early binding was chosen?
To the first question, not exactly... take a look at this tiny example:
; hello.asm for x86-64
bits 64
default rel
section .rodata
msg:
db `Hello\n`
msg_len equ $ - msg
section .text
extern __imp_GetStdHandle
extern __imp_WriteConsoleA
extern __imp_ExitProcess
global _start
_start:
mov ecx,-11 ; STD_OUTPUT_HANDLE
call [__imp_GetStdHandle]
mov ecx,eax
lea rdx,[msg]
mov r8d,msg_len
xor r9d,r9d
push byte 0
call [__imp_WriteConsoleA]
add rsp,8
xor ecx,ecx
jmp [__imp_ExitProcess]To compile:
$ nasm -fwin64 -o hello.o hello.asm
$ x86_64-w64-mingw32-ld -s -o hello.exe hello.o -lkernel32This was compiled with mingw64 on Linux (but works with m$ linker as well with different command line - probably _start isn't the default entrypoint with link.exe).
If you Search for these 3 functions names on your executable you'll find the 3 function names as in the picture attached. That's because the loader will early bind them. But notice the symbols used in the code has the `__imp_` prefix (these are the symbols defined in the imported static library kernel32.lib (or libkernel32.a, in case of linux).
To the second question... Yes, you don't see LoadLibrary/GetProcAddress/FreeLibrary because of early binding.
And, please, notice: I don't deal with Windows since 2007.
Recent Posts
