Does an Export table contain all entries of Win32 Exe functions?
I need to know all of a Win32 (PE File) functions or class methods contained inside its Export table. Where can I get this in开发者_开发问答formation? I understand every section of the PE file format but I don't know how to proceed.
The export table only contains entries for exported functions. If you debugging information available, there will usually be entries for most other functions as well. Without that, chances are pretty good that the executable simply doesn't contain any information about functions that haven't been exported.
Use dumpbin
that comes with Visual Studio C++ Express or download the OpenWatcom C/C++ package and in there there is a wdump
associated with it...
Open Watcom Executable Image Dump Utility Version 1.8 Portions Copyright (c) 1984-2002 Sybase, Inc. All Rights Reserved. Source code is available under the Sybase Open Watcom Public License. See http://www.openwatcom.org/ for details. Usage: wdump [-?abdefipqrsx] [-A] [-B] [-D] [-S] is a DOS EXE file, a Windows or OS/2 executable or DLL, a PharLap executable, NLM, a QNX executable, an ELF executable, shared library or object file, or a COFF object.
Edit: You cannot extract those export functions directly by programmatic means, the utility above will show the addresses using the command line switches including showing the address of the export functions for the 'LoadLibrary', 'FreeLibrary'. When a call to 'GetProcAddress' is used, internally, it is doing a look up on the export directory to find the relevant address of the exported function prior to returning back a function pointer for that exported function.
Edit#2: @UsMan: You can dump the addresses of the exports functions, but to find the signatures is not easy as you would need to disassemble the relevant EXE's and work out the parameters from looking at the call stack. Other than that, if you have a 3rd party DLL, but does not come with a header file and lib file, to show you the function signatures...you are pretty much out of luck except disassemble the code...If you are talking about a release EXE or DLL, it will be harder as the debugging info would have been stripped thereby, loading it into the debugger to work out the stack, calls used and parameters which would be a moot point.
Can you please edit your question to make it more specifically clearer on what is your objective as I'm shooting myself in the foot and risk getting downvoted as a result of your dis-satisfaction with this answer....is it an MFC, ATL, DLL, what is the EXE, DLL, etc...
精彩评论