dll exporting the same function it imports

[Trass3r]

Did a quick test on a proxy dll, it struggled a bit with the import and export having the same name and produced:

EXTERN __imp__DirectDrawCreate_disambig_0_0:PROC
EXTERN _DirectDrawCreate_disambig_0_0:PROC
...
$L_100075d0:
DirectDrawCreate_disambig_0x100075d0_0 PROC EXPORT
DirectDrawCreate_disambig_0x100075d0_0 ENDP
            push EBP
            mov EBP,ESP
...
            jmp DWORD PTR __imp__DirectDrawCreate_disambig_0_0

So when rebuilding that into a dll it can't find the import nor is the export correct. Removing the _disambig suffix everywhere fixes it (apart from a warning warning LNK4086: entrypoint '__EntryPoint' is not __stdcall with 12 bytes of arguments; image may not run).

ddisasm 1.5.4 (7026bf2b 2022-07-07) invoked like

ddisasm --asm d.asm --generate-import-libs ..\d.dll
ml /nologo /c /Zi d.asm
link /nologo /DLL /ENTRY:_EntryPoint /SUBSYSTEM:windows /DEBUG /OPT:REF /OPT:ICF d.obj

[aeflores]

Interesting, the _disambig_ is added by the pretty printer to avoid having multiple symbols with the same name. It sounds we should be making an exception for the case where one of the symbols is imported, and the other is locally defined.

We will address this ASAP.

[StarGazerM]

Hi, does this issue been solved now? I tried disassemble/reassemble Python windows today, seems when disasasembling python310.dll I saw similar probelm.

[aeflores]

It is not solved yet, but I am looking into it now.

[aeflores]

Hi @Trass3r would you have the example that you were trying available? That would help me figure out the best approach.

@StarGazerM I am not seeing this issue in python310.dll, which import/export symbol gets the _disambig_ suffix? Can you share the specific .dll where that happens?

[Trass3r]

I guess it can be replicated by something like https://godbolt.org/z/bzdrbvdra

extern "C"
{
__declspec(dllimport) int foo();
#pragma comment(linker, "/EXPORT:foo=_myfoo")
int myfoo() { return foo(); }
}