NO
« previous next »
Pages: [1]   Go Down

Author Topic: Removing a symbol at (or after) link time  (Read 2837 times)

sgirioni

  • Guest
Removing a symbol at (or after) link time
« on: October 02, 2014, 06:29:02 PM »
(Not sure if this is the right subforum for this question - if not, thanks for moving the thread accordingly)


I know about the "/include:symbol" option that can force polink to include a specific symbol.  What I would like to know is if there is an option to do just the opposite: force the linker NOT to include a symbol, even if it is part of one of the imported libraries.

In case there is no such option, could you think of another tool, workaround or method - even "dirty", such as manually editing the PE binary - to remove an unwanted symbol (or make it point to a null/NOP action)?

I'm just asking this out of curiosity, no specific reason other than generally studying the PE format and the Windows loader. 

I do understand that such an option would obviously be unsafe and would have to be manipulated carefully.

Hoping for an interesting discussion!
Logged

Offline frankie

  • Global Moderator
  • Member
  • *****
  • Posts: 2096
Re: Removing a symbol at (or after) link time
« Reply #1 on: October 03, 2014, 06:34:50 PM »
You want to do it with an obj file or an execurabke?
In an obj file for local symbols yuo can use static, in an exe file symbols are not exported unless you don't explicitily ask for...
In a DLL you can remove an exported symbol using /DEF:<symbol>=NONE
Logged
It is better to be hated for what you are than to be loved for what you are not. - Andre Gide

sgirioni

  • Guest
Re: Removing a symbol at (or after) link time
« Reply #2 on: October 03, 2014, 06:46:11 PM »
Thanks for replying!  I actually want to do it on a .EXE file, preferably at linking time (so, when turning the .OBJ into a .EXE, if my understanding is correct), or on a compiled .EXE - perhaps using a hex editor - if there is no easy command-line option in the linker.

Also I'm asking about symbols that are imported by the .EXE (not exported) from system DLLs. And yes, the goal is to break the .EXE, or rather see which specific imported functions/symbols I can remove without breaking it.

Hopefully I've managed to clarify my post somewhat - BTW I'm severely sleep deprived, so I can't guarantee that whatever I'm saying / asking makes any sense. :)
« Last Edit: October 03, 2014, 06:51:36 PM by sgirioni »
Logged

aardvajk

  • Guest
Re: Removing a symbol at (or after) link time
« Reply #3 on: October 03, 2014, 07:13:54 PM »
You can't remove any of them. If the names / ordinals aren't in the referenced dll, it won't load. That rules out changing the name or nulling them out (they have to be in alphabetical order).

You also can't remove them outright as that would require rewriting major parts of the exe since an import is referenced in two data tables and in the generated code.

Removing of one them means you'd have to adjust the header's pointers in both tables of every function that appears after it, as well as adjusting their generated code so they jump to the proper table entry.

Check out Matt Pietrek's articles on the exe/dll format for the nitty gritty.
Logged
Pages: [1]   Go Up
« previous next »