Need to extract Non Exported functions of dll
in [Win32 API]
|
From: glitteringsounds on 11 Feb 2010 08:14 Hello, I need to extract all non-exported (global or member functions of class) methods of certain DLL. GetProcAddress always takes decorated functions of exported functions and returns function pointers against these. Is it possible to look up non exported functions of certain DLL. How.?? Regards Muhammad Usman Khalil
From: Kerem Gümrükcü on 11 Feb 2010 09:31 Hi, yes it is, but as you will think for yourself: Nonexported means not intended for being called by you, so deal with it. Regards Kerem -- ----------------------- Beste Gr�sse / Best regards / Votre bien devoue Kerem G�mr�kc� Latest Project: http://www.pro-it-education.de/software/deviceremover Latest Open-Source Projects: http://entwicklung.junetz.de ----------------------- "glitteringsounds" <muhammadusman.khalil(a)gmail.com> schrieb im Newsbeitrag news:79711b52-9ee5-4785-bce5-cec101585c0e(a)p13g2000pre.googlegroups.com... > Hello, > > I need to extract all non-exported (global or member functions of > class) methods of certain DLL. GetProcAddress always takes decorated > functions of exported functions and returns function pointers against > these. > > Is it possible to look up non exported functions of certain DLL. > How.?? > > Regards > Muhammad Usman Khalil
From: D.Khasayev on 11 Feb 2010 13:44 On 11 Ñев, 16:14, glitteringsounds <muhammadusman.kha...(a)gmail.com> wrote: > Hello, > > I need to extract all non-exported (global or member functions of > class) methods of certain DLL. GetProcAddress always takes decorated > functions of exported functions and returns function pointers against > these. > > Is it possible to look up non exported functions of certain DLL. > How.?? > > Regards > Muhammad Usman Khalil Hi, Yes of course,but you must know the relative address of called function.If you don't know the address,i think that you must scan dll in memory for signature of function.But you must know signature,which will not be meeted in other places of dll. Good luck
From: [Jongware] on 12 Feb 2010 05:46 glitteringsounds wrote: > I need to extract all non-exported (global or member functions of > class) methods of certain DLL. GetProcAddress always takes decorated > functions of exported functions and returns function pointers against > these. > > Is it possible to look up non exported functions of certain DLL. > How.?? Not possible. Exported functions are identified by calling address -- and you need additional information on the parameters. GetProcAddress works for *any* DLL, but only MSVC generated DLLs will contain decorated names. In any case, the name decoration is not a standard or anything; virtually every other version of MSVC decorates in a slightly different way. And besides, other compiler brands have other ways of decorating. NON-EXPORTED functions, on the other hand, can be everything else in the file. You cannot "get" the address of a non-exported function. Disassembling the DLL will not guarantee you get all functions -- disassembling is *not* an exact science. Even if you get a reliable function address, there is *no* information at all about its parameters, or even the calling convention. You will have to disassemble the full function (and perhaps the functions that are called from it, and so on) before you even have an idea if it's expecting an unsigned char * __cdecl (struct &whatever, void **even_more_data) (etc.). Besides: there usually are lots and lots and lots of 'non-exported' functions in a DLL; and most are just for housekeeping (why make a system call to StrToLowerCase when you can just use "strlwr"?). What does "I need .." mean? If you intended "I want ..", I suggest: forget it. [Jw]
From: [Jongware] on 12 Feb 2010 05:48 [Jongware] wrote: >only MSVC generated DLLs will contain decorated names. -- well, I meant names that UnDecorateSymbolName can recognize and undecorate. These are those created with MSVC. [Jw]
|
Next
|
Last
Pages: 1 2 Prev: Recommended Debugger for PE? Next: List View: sort by "foo" does not keep "foo" hilited?? |