How to translate "aKernel32_dll_0: unicode 0, <KERNEL.32>, 0" into a legal declaration?

Question

I use IDA Pro to disassemble SPEC 2006 binaries on Windows 7 32 bit.

It generates a variable declared like this:

aKernel32_dll_0 unicode 0, <KERNEL32.DLL>,0

In the .text section, I find usage of this variable like this:

push    offset aKernel32_dll_0
call    ds:__imp__GetModuleHandleW@4
......

What I am trying to do is to make these code/data reassemble.

So my questions are:

1. So basically declaration like **aKernel32_dll_0 unicode 0, ,0 ** can not be directly reassembled by masm/nasm, how should I adjust it?

2. I simply adjust it into aKernel32_dll_0 dd 0 and the code is like this:

and it would run into a strange situation every time after call ds:__imp__GetModuleHandleW@4

Comparing to the original binary using Ollydbg:

So it seems that aKernel32_dll_0 is actually a extern variable? So is the correct way delete the declaration and extern declare this variable? If so, then what is the name of this variable? I don't think it is aKernel32_dll_0 as it looks like a random name generated by IDA Pro.

Could anyone give me some help? Thank you!

Answer 1

You could of course just copy whatever bytes are there in your source material as a DB array. That said, we know GetModuleHandleW takes an unicode module name as argument. In nasm syntax it could look like:

aKernel32_dll_0 DW __utf16__('KERNEL32.DLL'), 0