From: Liviu on 3 Oct 2009 20:03 "R.Wieser" <address(a)not.available> wrote... > > Thank you Glad to hear that it helped. FWIW the same info (and more, for example the syntax for forwarding to a "by ordinal" export) can be found on pages 60-61 of the pdf referenced by Remy in his very first reply above. IMHO and don't take it the wrong way, but your insistence on rejecting all things scripting-registration-eula-related offhand not only complicates your life (or hobby, rather) unnecessarily, but also makes it quite difficult for other people willing to help. > All this time I've been looking at the wrong spot for the > forwarding-table. Its there, in the *import*-section of the DLL. Don't know about that, since the docs place the forwards firmly in the EAT (not IAT). But maybe your terminology is different, or you are looking at it from the perspective of client code at the other end. Liviu
From: R.Wieser on 4 Oct 2009 07:32 Hello Liviu, > > All this time I've been looking at the wrong spot for the > > forwarding-table. Its there, in the *import*-section of the DLL. > > Don't know about that, since the docs place the forwards firmly in > the EAT (not IAT). But maybe your terminology is different, or you are > looking at it from the perspective of client code at the other end. I'm going to re-check that document you referred me to, as I, as far as I know, have got every field in the export-table nailed down (with nothing found in regard to forwarding). And yes, I expected the forwarding either there, or in its own table (hence my trying to make sense of that delayed-loading table). Alas, I have not found any DLL on my system (did a few quick probes) that has the "forward" pointer in the records of the IAT (the second table) set to anything else than -1 , so I can't verify its purpose. > IMHO and don't take it the wrong way, but your > insistence on rejecting all things scripting-registration- > eula-related offhand not only complicates your life > (or hobby, rather) unnecessarily, but also makes > it quite difficult for other people willing to help. Not quite off-hand. I've thought long-and-hard over it, and dicided it would be a wasps-nest I would not like to get caught in. Allso, and please do not take this the wrong way, people here seem to have adopted the position that "just press the "accept" button, and than simply forget you've ever done so (cause they will never come to your doorstep)" attitude. Its like promoting stealing 'cause you won't ever get caught (which is quite funny when putting "Random"-s response to my suggestion Remy could download and send it to me next to it (no offence ment) ). Yes, I do make my life harder because of my rejection. But if I ever want to publish any of the stuff I make I *must* make sure that the bully-of-the-block (with its 1000-pound legal goons) has no reason to lean on me. Not a funny realisation, but with the current state of (software-)patents a fact of life. Regards, Rudy Wieser -- Origional message: Liviu <lab2k1(a)gmail.c0m> schreef in berichtnieuws #s89gYIRKHA.764(a)TK2MSFTNGP02.phx.gbl... > > "R.Wieser" <address(a)not.available> wrote... > > > > Thank you > > Glad to hear that it helped. FWIW the same info (and more, for example > the syntax for forwarding to a "by ordinal" export) can be found on > pages 60-61 of the pdf referenced by Remy in his very first reply above. > > IMHO and don't take it the wrong way, but your insistence on rejecting > all things scripting-registration-eula-related offhand not only > complicates your life (or hobby, rather) unnecessarily, but also makes > it quite difficult for other people willing to help. > > > All this time I've been looking at the wrong spot for the > > forwarding-table. Its there, in the *import*-section of the DLL. > > Don't know about that, since the docs place the forwards firmly in > the EAT (not IAT). But maybe your terminology is different, or you are > looking at it from the perspective of client code at the other end. > > Liviu
From: Jonathan Wilson on 4 Oct 2009 09:34 A google search for "pe file format forwarding" (without the quotes) turns up some info on how forwarding (and delay loading) work (none of which requires agreeing to any EULAs). For example this link: http://msdn.microsoft.com/en-us/magazine/cc301808.aspx Shows both delay loading and forwarding and has no EULA required to access the information. Plus, since its hosted on an MSDN page, its clearly approved by Microsoft.
From: Liviu on 4 Oct 2009 11:28 "R.Wieser" <address(a)not.available> wrote... > > Allso, and please do not take this the wrong way, people here seem to > have adopted the position that "just press the "accept" button, and > than simply forget you've ever done so (cause they will never come > to your doorstep)" attitude. Its like promoting stealing 'cause you > won't ever get caught Sorry, but you sound overly presumptuous here. > Yes, I do make my life harder because of my rejection. My main point was that you had the right and full answer from Remy within a few hours of posting, but because you didn't "like" scribd.com it took you almost a week to find it elsewhere. A secondary point is that, like it or not, but Microsoft's document is the authoritative reference in this matter and up-to-date, while usenet talk or even that MSJ '02 article are neither. That said, to each his own and, again, I am glad that it all worked out for you in the end. Liviu
From: R.Wieser on 4 Oct 2009 16:46
Hello Jonathan, > A google search for "pe file format forwarding" > (without the quotes) turns up some info on how > forwarding (and delay loading) work (none of > which requires agreeing to any EULAs). What do you want me to say ? That I actually did not allready do that ? Sorry, can't do. I've searched for quite some time (and continued doing so even after posting my question).. Ofcourse, I had the handicap that I had no idea what to look for, so a lot of things *could* have escaped my attention. And actually, as I've stated before, most all documents I found are very good in either saying much about nothing, or hiding the important info somewhere (as I did not find it) > For example this link: > http://msdn.microsoft.com/en-us/magazine/cc301808.aspx > Shows both delay loading and forwarding and > has no EULA required to access the information. Yes, I've been offered that one quite recently. I did not find it myself. And I have to thank you. As I re-read the document for info I could show you as proof the delayed-import information is actually quite worthless I stumbled over a small, 13 line chapter named "Export Forwarding" and now it *did* catch my eye (probably because I am not that focussed on finding the delayed-import info anymore). It does contain the answer to my question in a few simple words : "How can you tell if a function is forwarded rather than exported normally? .... if the function's RVA is inside the exports section, the symbol is forwarded". Thats all I was looking for. As for that delay-load table ? What I found (in the above linkedt-to document) is this : ======= The delayload data is pointed to by the IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT entry in the DataDirectory. This is an RVA to an array of ImgDelayDescr structures ======= I'm sorry, but that is not what the DLLs (w98se as well as XP) I looked at show. All I see, when following that RVA, is an array of DWORDS (not a set of records). In other words : that document does not match what I see. Any idea why ? FYI, the first entry of such a table (in s98se, wsock32) is BFF76E30. The image-base of the DLL is 75E30000. The distance between them is just too big (much more than the total size of the sections in it). It does not make sense. Regards, Rudy Wieser -- Origional message: Jonathan Wilson <jfwfreo(a)tpgi.com.au> schreef in berichtnieuws #zOYudPRKHA.220(a)TK2MSFTNGP02.phx.gbl... > A google search for "pe file format forwarding" (without the quotes) turns > up some info on how forwarding (and delay loading) work (none of which > requires agreeing to any EULAs). > > For example this link: > http://msdn.microsoft.com/en-us/magazine/cc301808.aspx > Shows both delay loading and forwarding and has no EULA required to access > the information. > Plus, since its hosted on an MSDN page, its clearly approved by Microsoft. |