Here is the beginning of the dump
kbhook.dll: file format pei-x86-64
kbhook.dll
architecture: i386:x86-64, flags 0x0000013b:
HAS_RELOC, EXEC_P, HAS_DEBUG, HAS_SYMS, HAS_LOCALS, D_PAGED
start address 0x000000006cb01420
Characteristics 0x2026
executable
line numbers stripped
large address aware
DLL
Time/Date Tue Sep 20 09:37:02 2011
Magic 020b (PE32+)
MajorLinkerVersion 2
MinorLinkerVersion 21
SizeOfCode 00003000
SizeOfInitializedData 00004800
SizeOfUninitializedData 00000a00
AddressOfEntryPoint 0000000000001420
BaseOfCode 0000000000001000
ImageBase 000000006cb00000
SectionAlignment 0000000000001000
FileAlignment 0000000000000200
MajorOSystemVersion 4
MinorOSystemVersion 0
MajorImageVersion 0
MinorImageVersion 0
MajorSubsystemVersion 5
MinorSubsystemVersion 2
Win32Version 00000000
SizeOfImage 00023000
SizeOfHeaders 00000600
CheckSum 000265ba
Subsystem 00000003 (Windows CUI)
DllCharacteristics 00000000
SizeOfStackReserve 0000000000200000
SizeOfStackCommit 0000000000001000
SizeOfHeapReserve 0000000000100000
SizeOfHeapCommit 0000000000001000
LoaderFlags 00000000
NumberOfRvaAndSizes 00000010
The Data Directory
Entry 0 0000000000007000 0000016a Export Directory [.edata (or where ever we
found it)]
Entry 1 0000000000008000 0000093c Import Directory [parts of .idata]
Entry 2 0000000000000000 00000000 Resource Directory [.rsrc]
Entry 3 0000000000000000 00000000 Exception Directory [.pdata]
Entry 4 0000000000000000 00000000 Security Directory
Entry 5 000000000000b000 00000030 Base Relocation Directory [.reloc]
Entry 6 0000000000000000 00000000 Debug Directory
Entry 7 0000000000000000 00000000 Description Directory
Entry 8 0000000000000000 00000000 Special Directory
Entry 9 000000000000a000 00000028 Thread Storage Directory [.tls]
Entry a 0000000000000000 00000000 Load Configuration Directory
Entry b 0000000000000000 00000000 Bound Import Directory
Entry c 0000000000008260 000001e8 Import Address Table Directory
Entry d 0000000000000000 00000000 Delay Import Directory
Entry e 0000000000000000 00000000 CLR Runtime Header
Entry f 0000000000000000 00000000 Reserved
There is an import table in .idata at 0x6cb08000
The Import Tables (interpreted .idata section contents)
vma: Hint Time Forward DLL First
Table Stamp Chain Name Thunk
00008000 00008078 00000000 00000000 0000881c 00008260
DLL Name: libgcc_s_sjlj-1.dll
vma: Hint/Ord Member-Name Bound-To
8448 16 _Unwind_SjLj_Register
8460 17 _Unwind_SjLj_Resume
8478 19 _Unwind_SjLj_Unregister
00008014 00008098 00000000 00000000 00008834 00008280
DLL Name: libstdc++-6.dll
vma: Hint/Ord Member-Name Bound-To
8494 3417 __gxx_personality_sj0
00008028 000080a8 00000000 00000000 000088a4 00008290
DLL Name: KERNEL32.dll
vma: Hint/Ord Member-Name Bound-To
84ac 215 DeleteCriticalSection
84c4 247 EnterCriticalSection
84dc 460 GetCurrentProcess
84f0 461 GetCurrentProcessId
8506 465 GetCurrentThreadId
851c 527 GetLastError
852c 547 GetModuleHandleA
8540 649 GetSystemTimeAsFileTime
855a 675 GetTickCount
856a 759 InitializeCriticalSection
8586 841 LeaveCriticalSection
859e 847 LoadLibraryW
85ae 952 QueryPerformanceCounter
85c8 1024 RtlAddFunctionTable
85de 1025 RtlCaptureContext
85f2 1032 RtlLookupFunctionEntry
860c 1039 RtlVirtualUnwind
8620 1182 SetUnhandledExceptionFilter
863e 1195 Sleep
8646 1209 TerminateProcess
865a 1216 TlsGetValue
8668 1229 UnhandledExceptionFilter
8684 1259 VirtualProtect
8696 1261 VirtualQuery
0000803c 00008170 00000000 00000000 00008900 00008358
DLL Name: msvcrt.dll
vma: Hint/Ord Member-Name Bound-To
86a6 78 __dllonexit
86b4 83 __iob_func
86c2 121 _amsg_exit
86d0 297 _initterm
86dc 400 _lock
86e4 566 _onexit
86ee 734 _unlock
86f8 934 abort
8700 948 calloc
870a 980 free
8712 991 fwrite
871c 1036 malloc
8726 1044 memcpy
8730 1048 memset
873a 1056 puts
8742 1074 signal
874c 1094 strlen
8756 1097 strncmp
8760 1129 vfprintf
00008050 00008210 00000000 00000000 00008930 000083f8
DLL Name: USER32.dll
vma: Hint/Ord Member-Name Bound-To
876c 26 CallNextHookEx
877e 162 DispatchMessageA
8792 317 GetMessageA
87a0 523 PostThreadMessageA
87b6 578 SendInput
87c2 662 SetWindowsHookExA
87d6 694 TranslateMessage
87ea 698 UnhookWindowsHookEx
8800 724 VkKeyScanA
00008064 00000000 00000000 00000000 00000000 00000000
There is an export table in .edata at 0x6cb07000
The Export Tables (interpreted .edata section contents)
Export Flags 0
Time/Date stamp 4e78429e
Major/Minor 0/0
Name 000000000000705a kbhook.dll
Ordinal Base 1
Number in:
Export Address Table 00000005
[Name Pointer/Ordinal] Table 00000005
Table Addresses
Export Address Table 0000000000007028
Name Pointer Table 000000000000703c
Ordinal Table 0000000000007050
Export Address Table -- Ordinal Base 1
[ 0] +base[ 1] 1f06 Export RVA
[ 1] +base[ 2] 23da Export RVA
[ 2] +base[ 3] 1e56 Export RVA
[ 3] +base[ 4] 1e77 Export RVA
[ 4] +base[ 5] 24fd Export RVA
[Ordinal/Name Pointer] Table
[ 0] Java_ch_unifr_dokpe_shortkeys_KbHook_pastFromClpb
[ 1] Java_ch_unifr_dokpe_shortkeys_KbHook_registerHook
[ 2] Java_ch_unifr_dokpe_shortkeys_KbHook_releaseExtendedKeys
[ 3] Java_ch_unifr_dokpe_shortkeys_KbHook_sendToKeyboard
[ 4] Java_ch_unifr_dokpe_shortkeys_KbHook_unRegisterHook
PE File Base Relocations (interpreted .reloc section contents)
Virtual Address: 00004000 Chunk size 16 (0x10) Number of fixups 4
reloc 0 offset 10 [4010] DIR64
reloc 1 offset 20 [4020] DIR64
reloc 2 offset 30 [4030] DIR64
reloc 3 offset 38 [4038] DIR64
Virtual Address: 00009000 Chunk size 16 (0x10) Number of fixups 4
reloc 0 offset 18 [9018] DIR64
reloc 1 offset 30 [9030] DIR64
reloc 2 offset 38 [9038] DIR64
reloc 3 offset 0 [9000] ABSOLUTE
Virtual Address: 0000a000 Chunk size 16 (0x10) Number of fixups 4
reloc 0 offset 0 [a000] DIR64
reloc 1 offset 8 [a008] DIR64
reloc 2 offset 10 [a010] DIR64
reloc 3 offset 18 [a018] DIR64
Sections:
Idx Name Size VMA LMA File off Algn
0 .text 00002fa4 000000006cb01000 000000006cb01000 00000600 2**4
CONTENTS, ALLOC, LOAD, READONLY, CODE, DATA
1 .data 00000070 000000006cb04000 000000006cb04000 00003600 2**4
CONTENTS, ALLOC, LOAD, DATA
2 .rdata 000002c0 000000006cb05000 000000006cb05000 00003800 2**4
CONTENTS, ALLOC, LOAD, READONLY, DATA
3 .bss 000009a0 000000006cb06000 000000006cb06000 00000000 2**5
ALLOC
4 .edata 0000016a 000000006cb07000 000000006cb07000 00003c00 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
5 .idata 0000093c 000000006cb08000 000000006cb08000 00003e00 2**2
CONTENTS, ALLOC, LOAD, DATA
6 .CRT 00000058 000000006cb09000 000000006cb09000 00004800 2**3
CONTENTS, ALLOC, LOAD, DATA
7 .tls 00000048 000000006cb0a000 000000006cb0a000 00004a00 2**5
CONTENTS, ALLOC, LOAD, DATA
8 .reloc 00000030 000000006cb0b000 000000006cb0b000 00004c00 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
9 .debug_aranges 00000270 000000006cb0c000 000000006cb0c000 00004e00 2**4
CONTENTS, READONLY, DEBUGGING
10 .debug_pubnames 0000069b 000000006cb0d000 000000006cb0d000 00005200 2**0
CONTENTS, READONLY, DEBUGGING
11 .debug_pubtypes 00000d45 000000006cb0e000 000000006cb0e000 00005a00 2**0
CONTENTS, READONLY, DEBUGGING
12 .debug_info 00008175 000000006cb0f000 000000006cb0f000 00006800 2**0
CONTENTS, READONLY, DEBUGGING
13 .debug_abbrev 00001092 000000006cb18000 000000006cb18000 0000ea00 2**0
CONTENTS, READONLY, DEBUGGING
14 .debug_line 000016f6 000000006cb1a000 000000006cb1a000 0000fc00 2**0
CONTENTS, READONLY, DEBUGGING
15 .debug_frame 00000890 000000006cb1c000 000000006cb1c000 00011400 2**3
CONTENTS, READONLY, DEBUGGING
16 .debug_str 000002c9 000000006cb1d000 000000006cb1d000 00011e00 2**0
CONTENTS, READONLY, DEBUGGING
17 .debug_loc 00003997 000000006cb1e000 000000006cb1e000 00012200 2**0
CONTENTS, READONLY, DEBUGGING
18 .debug_ranges 00000680 000000006cb22000 000000006cb22000 00015c00 2**0
CONTENTS, READONLY, DEBUGGING
SYMBOL TABLE:
.....
François
-----Original Message-----
From: Kai Tietz [mailto:[email protected]]
Sent: mardi, 20. septembre 2011 09:59
To: [email protected]
Subject: Re: [Mingw-w64-public] Compiling a dll for JNI and java 64 bits
So,
Hmm, could you show me the dump of this DLL with objdump?
Call for this 'x86_64-w64-mingw32-objdump -x <dll-name> >dump.txt', and attach
me this file to mail. I am mainly interested in the export-section of this DLL.
Thanks,
Kai
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security threats,
fraudulent activity and more. Splunk takes this data and makes sense of it.
Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Mingw-w64-public mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mingw-w64-public
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Mingw-w64-public mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mingw-w64-public
