Application Security Testing: An Integral Part of DevOps
The tool I want to post is a DEF-file generator for people who want to use import by ordinals in large projects. The problem is that you should manually process the output of the DUMPBIN.EXE or similar utility and then manually edit large DEF-files. Another problem is that you should keep old ordinal numbers untouched to provide backward compatibility with older versions of your DLLs.
This utility uses a DEF-file and a binary module (usually a DLL) on input. If DEF-file does not exists MakeDef creates an empty one, otherwise DEF-file is opened in append-only mode (old contents remain unchanged anyway). MakeDef reads the DEF-file and compares its contents with the DLL's export table. Any differences would be recorded to the end of the DEF file with ordinal values greater than the maximum value used before. It guarantees that the newly added exports would not ever conflict with previous versions of DLL. All added exports have the NONAME attribute to strip them from the export table. It will significantly reduce the size of your DLLs, but you would not able to load such exports using LoadLibrary() function, so be careful.
MakeDef is a console mode utility suitable to use in makefiles and batch builds. The utility itself is very little (8704 bytes), only MSVCRT.DLL is required. It returns the various ERRORLEVELs to signal the processing results:
|0||Ok, but there were no new exports|
|1||Ok, and there were new exports written to the DEF file|
|100||Temporary file creation error|
|101||Incorrect format of the DEF-file|
|102||Incorrect DLL/EXE name|
|103||Missing or corrupted DOS header|
|104||Missing or corrupted PE image header|
|105||Invalid PE image (internal error while processing)|
The command line syntax is:
>MAKEDEF /DEF:<def_file_name> /IMAGE:<exe_or_dll_name> /IMPORTS:<dll_name>Where: