1

Let's say I'm using a c or c++ library (B) (with eventually inline and templates in header) that I use as a dynamic library (B) in my own library (A) or program.

What happens to the functions in the final assembly A (so/dll) ? In particular, if it's a template, an inline in the library B, or if it is part of an inlined function (in A) I defined ?

I'm interested to know if the assembly result finishes in my own assembly (ie., a bit of the external assembly is copied in my own assembly, parts of assembly B ends up in assembly A), and I can't distinguish it as a "used as external library function" vs "defined as my own code/assembly". In other words, will I be unable to see those functions as coming from an external library in the resulting library in a dynamic analysis, wether I provide symbols or not, in a release or debug assembly.

In particular, in a release assembly, will I see private (not exported) functions with a "meaningful" (call libraryBfunc or call __hiddenBfunc) in the assembly A or without (eg., call FUN_180032c4c) ? For instance, once I disassembled my library A, instead of some:

CALL qword ptr [->KERNEL32.DLL::GetFileType]

or

addr KERNEL32.DLL::RtlUnwindEx

will I get for instance:

CALL FUN_180032c4c

?

Another way to see this is: can I hide that I use a certain function from a dynamic library by inlining my function that uses it? is this hidding occurs systematically when the external library functions are templates or inlined functions?

Soleil
  • 6,404
  • 5
  • 41
  • 61
  • Functions written in assembly are put into the resulting library the same as functions written in C. – Barmar Jan 21 '21 at 06:50
  • @Barmar, I'm writting in c or c++, not in assembly. – Soleil Jan 21 '21 at 06:52
  • Oh, I thought you were asking about inline assembly with `asm()`. – Barmar Jan 21 '21 at 06:53
  • When a function is inlined, its code is inserted into the calling function as if you'd just written the code there instead of calling a function. – Barmar Jan 21 '21 at 06:54
  • Well you can't hide it from a determined-enough reverse engineer with access to that library... But why? – user202729 Jan 21 '21 at 06:55
  • Something with license?... – user202729 Jan 21 '21 at 06:56
  • @user202729 In a reverse project, I suspect some assembly chunks to come from openmp library, but I do not see a call of openmp dll; from what happens I suspect that the openmp calls where used in an inlined function, resulting in chuncks of openmp assembly to end up in the library I analyse. – Soleil Jan 21 '21 at 06:59
  • Probably static linking or something. – user202729 Jan 21 '21 at 07:00
  • @user202729 the external library is dynamically loaded for sure. – Soleil Jan 21 '21 at 07:01
  • In the case of Windows, if you use a binary editor on the program .exe file, a text search will show the function names from kernel32.dll (and probably kernel32.dll as well). Windows doesn't inline dynamic library functions that I'm aware of. – rcgldr Jan 21 '21 at 20:35

0 Answers0