Looking up return types and functions attributes(in/out parameters)from PE file format
in [Win32 API]
|
From: glitteringsounds on 1 Feb 2010 05:29 Hello, As we know that we can extract information like imported/exported functions after parsing PE file programatically. But we can only take the names (function names imported/exported) of methods. We cannot look up their parameters(in/out)names with their types and return type of method.(as these parts encoded as HEX) Is there any way out to extract these as well..? Regards Muhammad Usman Khalil
From: Kerem Gümrükcü on 1 Feb 2010 09:00 Hi, you can, but you will have to use the symbols for the PE if you have them, otherwise you have to write some disassembler to examine the call stacks/heap to see what has been passed to the next function on the call stack, but you can not get any names for the IN/OUT parameters, just addresses and thats all. You need the smybols or a user-defined way (list, database) to map the function names to function signatures, but here again the symbols come into play,... Here is a list of diassemblers/decomoilers: http://en.wikibooks.org/wiki/X86_Disassembly/Disassemblers_and_Decompilers You can have a look at the open source implementations to see how they handle CodeView/COFF stuff,...or Debugging Symbols and Debugging Information/Helper Functions in the MSDN for the case it is Windows you target on,... Regards K. -- ----------------------- Beste Gr�sse / Best regards / Votre bien devoue Kerem G�mr�kc� Latest Project: http://www.pro-it-education.de/software/deviceremover Latest Open-Source Projects: http://entwicklung.junetz.de ----------------------- "glitteringsounds" <muhammadusman.khalil(a)gmail.com> schrieb im Newsbeitrag news:d406f929-801f-4111-aeab-7c16511afe95(a)k36g2000prb.googlegroups.com... > Hello, > > As we know that we can extract information like imported/exported > functions after parsing PE file programatically. > But we can only take the names (function names imported/exported) of > methods. We cannot look up their parameters(in/out)names with their > types and return type of method.(as these parts encoded as HEX) > > Is there any way out to extract these as well..? > > Regards Muhammad Usman Khalil
|
Pages: 1 Prev: Code and Creation 89475 Next: PID for events generated by the clipboard and/or by OLE |