KERNEL32 imports in IDA Pro

[TQN]

What your Windows OS ?
In Win9x, many function in Kernel32 were exported by ordinal, not by name, but in WinNT and Win2K above, all functions in kernel32 were exported by name. Here is dumpin /exports kernel32.dll on my Win2k Server.
I still think you need recreate the kernel32.ids, manual add description, number of arguments... to the kernel32.idt by look into MSDN.
Regards !
TQN

Ok, mystery solved. If anyone's interested, here is the deal:

The original executable was UPX-Compressed, and the UPX-unpacker I used damaged the import segment, resulting in the WS2_32.DLL imports being marked as KERNEL32 ordinal imports. I decompressed it now using PE-Explorer, and, hey presto, everything makes sense! Those mysterious calls are functions like send, connect, etc, from WS2_32.DLL.
Thanks for your help, anyway!

[Shub-Nigurrath]

it's anyway interesting if anyone of u guys could share your updated and reworked kernel32.ids; just at least if it's so simple as it seems to be, as a time saver for others.

Thanks in advance!

[TQN]

Thanks for your idea, Shub-Nigurrath. I will recreate the kernel32.ids with detail comment, number of arguments. Wow, above 800 functions, a lot of tedious manual job.
Regards,
TQN

[Shub-Nigurrath]

well, so not so simple, "a tedious work" this is exactly what I suspected it could have been!

10x TQN, you're our beloved IDA hard-worker (also 4 Delphi stuffs)!

[TQN]

I have finished with about 500 functions in kernel32.dll. A lot of undocument functions in kernel32.dll. But I need your help !
I am using very old Dll2ids tool. Do you have the idsutils3 tool ? In the datarescue homepage, they said the idsutils3 was updated at 2003, and I can not dowload it. I can not access to our FTP. So, if you have, please send it to me or attach it in the reply.
Thank for your help !
Regards,
TQN

[Shub-Nigurrath]

Hi,
no problems, I have access to the ftp, but where is it supposed to be? I downloaded the whole flair archive and is not there..