开发者

How to use a dll without knowing parameters?

I have a dll that I need to make use of. I also have a program that makes calls to this dll to use it. I need to be able to use this dll in another program, however 开发者_开发技巧previous programmer did not leave any documentation or source code. Is there a way I can monitor what calls are made to this dll and what is passed?


You can't, in general. This is from the Dependency Walker FAQ:

Q: How do I view the parameter and return types of a function?

A: For most functions, this information is simply not present in the module. The Windows' module file format only provides a single text string to identify each function. There is no structured way to list the number of parameters, the parameter types, or the return type. However, some languages do something called function "decoration" or "mangling", which is the process of encoding information into the text string. For example, a function like int Foo(int, int) encoded with simple decoration might be exported as _Foo@8. The 8 refers to the number of bytes used by the parameters. If C++ decoration is used, the function would be exported as ?Foo@@YGHHH@Z, which can be directly decoded back to the function's original prototype: int Foo(int, int). Dependency Walker supports C++ undecoration by using the Undecorate C++ Functions Command.

Edit: One thing you could do, I think, is to get a disassembler and disassemble the DLL and/or the calling code, and work out from that the number and types of the arguments, and the return types. You wouldn't be able to find out the names of the arguments though.


You can hook the functions in the DLL you wish to monitor (if you know how many arguments they take)


You can use dumpbin (Which is part of the Visual Studio Professional or VC++ Express, or download the platform kit, or even use OpenWatcom C++) on the DLL to look for the 'exports' section, as an example:

dumpbin /all SimpleLib.dll | more

Output would be:
  Section contains the following exports for SimpleLib.dll

    00000000 characteristics
    4A15B11F time date stamp Thu May 21 20:53:03 2009
        0.00 version
           1 ordinal base
           2 number of functions
           2 number of names

    ordinal hint RVA      name

          1    0 00001010 fnSimpleLib
          2    1 00001030 fnSimpleLib2

Look at the ordinals, there are the two functions exported...the only thing is to work out what parameters are used...

You can also use the PE Explorer to find this out for you. Working out the parameters is a bit tricky, you would need to disassemble the binary, and look for the function call at the offset in the file, then work out the parameters by looking at the 'SP', 'BP' registers.

Hope this helps, Best regards, Tom.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜