Posted: Mon Mar 05, 2007 12:47 am
REMOVED (talking *ollox again!)
PureBasic Forums - English
http://www.purebasic.com
https://www.purebasic.fr/english/
List all exported functions in a dll or exe
Page 2 of 2
Posted: Mon Mar 05, 2007 12:47 am
Strange, netmaestro's code works fine for me with all .dll's so far including dwmapi.dll
Posted: Mon Mar 05, 2007 12:48 am
I'm running it on xp and it looks like dwmapi.dll requires an updated version of user32.dll.
Posted: Mon Mar 05, 2007 12:58 am
Okay, this one works on xp:
Code: Select all
;'DllFunctionDump'.
;-----------------
; Stephen Rodriguez.
; Created with Purebasic 4.02 for Windows.
;
; Based on some code by Torsten Rienow; http://www.powerbasic.com/support/forums/Forum7/HTML/001216.html
; Date: March 2007.
;
; Platforms: Windows only. Tested on XP professional SP2.
;
;Licence.
;-------
; You are not allowed to use this code or any derivative for any hacking (api hijacking)
; tools.
;
; No warranties... etc.
;******************************************************************************************
;
;The function GetDllFunctions() will retrieve all exported function names residing within
;the specified dll/exe file. The names are placed within a string array passed as a parameter
;to the Procedure.
;The function returns a count of the number of functions retrieved.
;It will also return zero in the case of an error.
;
;The array will be redimensioned as appropriate,
;******************************************************************************************
#IMAGE_DOS_SIGNATURE = $5A4D
#IMAGE_NT_SIGNATURE = $4550
;The following structure is not already defined by PB,
Structure _IMAGE_SECTION_HEADER
Name.b[8] ;8 bytes for a null-padded section name. UTF 8 format.
VirtualSize.l ;= 0
VirtualAddress.l ; = 0
SizeOfRawData.l
PointerToRawData.l
PointerToRelocations.l
PointerToLineNumbers.l ; = 0
NumberOfRelocations.w
NumberOfLineNumbers.w ; = 0
Characteristics.l
EndStructure
Procedure.l GetDllFunctions(filename.s, strTable.s(1))
Protected filesize, fileid, hFileMapping, filebase
Protected *idh.IMAGE_DOS_HEADER, *inth.IMAGE_NT_HEADERS
Protected *ExpDir.IMAGE_EXPORT_DIRECTORY, *section._IMAGE_SECTION_HEADER, *exsection._IMAGE_SECTION_HEADER
Protected exportsStartRVA, exportsEndRVA, entryPointRVA
Protected delta, *pFunctions.LONG, *pNames.LONG, currentsymname$
Protected flag, i, j, count, dirsize
;First job, check the filename.
filesize = FileSize(filename)
If filesize <=0 : ProcedureReturn 0 : EndIf
fileid=ReadFile(#PB_Any, filename)
If fileid = 0 : ProcedureReturn 0 : EndIf
;Create a file mapping object so that we can treat the dll as if it were in memory.
hFileMapping = CreateFileMapping_(FileID(fileid), 0, #PAGE_READONLY, 0, 0, 0)
If hFileMapping = 0 : CloseFile(fileid) : ProcedureReturn 0 : EndIf
;Map the file.
FileBase = MapViewOfFile_(hFileMapping, #FILE_MAP_READ, 0, 0, 0)
If FileBase = 0
CloseHandle_(hFileMapping)
CloseFile(fileid)
ProcedureReturn 0
EndIf
*idh=FileBase
If *idh\e_magic = #IMAGE_DOS_SIGNATURE
*inth=*idh + *idh\e_lfanew
;Check that the current process has access to the memory and the image is a valid pe dll/exe..
If IsBadReadPtr_(*inth, SizeOf(IMAGE_NT_HEADERS)) = 0 And*inth\Signature = #IMAGE_NT_SIGNATURE
;Good to go!
;Determine the RVA of the exports data directory.
exportsStartRVA = *inth\OptionalHeader\DataDirectory[#IMAGE_DIRECTORY_ENTRY_EXPORT]\VirtualAddress
exportsEndRVA = exportsStartRVA + *inth\OptionalHeader\DataDirectory[#IMAGE_DIRECTORY_ENTRY_EXPORT]\Size
;Get the first section.
*section = *inth + SizeOf(IMAGE_FILE_HEADER)+4 + *inth\FileHeader\SizeOfOptionalHeader
;Identify the section containing the exports. It is not always .edata !
For i=1 To *inth\FileHeader\NumberOfSections
If exportsStartRVA >= *section\VirtualAddress And exportsStartRVA < *section\VirtualAddress + *section\VirtualSize
*exsection = *section
Break
EndIf
*section +SizeOf(_IMAGE_SECTION_HEADER)
Next
If *exsection
;Calculate the difference between the RVA's and the file offsets for the current section.
delta = *exsection\VirtualAddress - *exsection\PointerToRawData
;Adjust the exportsStartRVa accordingly to give the file offset of the image export directory,
*ExpDir = *idh + exportsStartRVA - delta
*pFunctions = *idh+ *ExpDir\AddressOfFunctions - delta
*pNames = *idh+ *ExpDir\AddressOfNames - delta
For i = 0 To *ExpDir\NumberOfNames - 1
;Only add the function name if it actually points to some code!
entryPointRVA = *pFunctions\l : *pFunctions + SizeOf(LONG)
If entryPointRVA <> 0
;Add the name to the strTable() array and increase the count.
If *pNames\l
currentsymname$=PeekS(*pNames\l- delta + *idh,-1, #PB_Ascii)
ReDim strTable.s(count)
strTable(count)=currentsymname$
count+1
EndIf
EndIf
*pNames+SizeOf(LONG)
Next
EndIf
EndIf
EndIf
UnmapViewOfFile_(FileBase)
CloseHandle_(hFileMapping)
CloseFile(fileid)
ProcedureReturn count
EndProcedure
;Test.
Dim names.s(0)
num=GetDllFunctions("dwmapi.dll", names())
For i = 0 To num-1
Debug names(i)
Next
Posted: Mon Mar 05, 2007 1:13 am
OK, now it works. have to put the full path to the .dll but it works now. Thank You 
P.S. May want to look at your COFF code also that you posted earlier. It didn't work for Vista either.
P.S. May want to look at your COFF code also that you posted earlier. It didn't work for Vista either.
Posted: Mon Mar 05, 2007 1:18 am
Bloody Vista!
Actually, could you e-mail me an MSCOFF file built for Vista so that I can take a look.
Or is it that the MSCOFF symbol dump program simply doesn't run on Vista?
Actually, could you e-mail me an MSCOFF file built for Vista so that I can take a look.
Or is it that the MSCOFF symbol dump program simply doesn't run on Vista?
Posted: Mon Mar 05, 2007 1:24 am
The COFF code compiles, runs, then terminates. Debug never comes up and shows anything. Sure, I can email a .obj file to you, PM me the email address.srod wrote:Bloody Vista!
Actually, could you e-mail me an MSCOFF file built for Vista so that I can take a look.
Or is it that the MSCOFF symbol dump program simply doesn't run on Vista?
EDIT: OK, made a mistake. The code for the COFF dumper works fine. I was using a .obj that didn't have any functions in it by mistake. Sorry for the confusion.
Posted: Mon Mar 05, 2007 2:04 am
srod wrote:
Obviously it's there somewhere in the code, because it responds to the parameters you call the function with,
and has to know what to do with them. I know that you can get the info from some dll creators like for instance
RMCHARTS, who generously lists them on his site. I know that you can get the info on microsofts dll's
using the win32api list. But as for ones you can't find, really what good is knowing the function names, or
even printing them out like the programs listed here do, if you don't know the parameters needed to use it.
I'm just curious and really appreciate your expertise and experience on this question.
Thank you much for any help or suggestions.
Do you have any idea where one could get that information?just to say that dll's do not contain information on the parameters of the exported functions, so you'll search in vain for these!
Obviously it's there somewhere in the code, because it responds to the parameters you call the function with,
and has to know what to do with them. I know that you can get the info from some dll creators like for instance
RMCHARTS, who generously lists them on his site. I know that you can get the info on microsofts dll's
using the win32api list. But as for ones you can't find, really what good is knowing the function names, or
even printing them out like the programs listed here do, if you don't know the parameters needed to use it.
I'm just curious and really appreciate your expertise and experience on this question.
Thank you much for any help or suggestions.
Posted: Mon Mar 05, 2007 2:25 am
There is nothing in a dll which will give you any information on the number and type of parameters used by any exported function. I say nothing, obviously you could disassemble the code, but determining parameter info this way would be a very imprecise science at best!
Obviously, as a creator of a dll you would publish information on the individual functions; info such as calling convention, number of parameters etc.
It is possible to gleam some information from a dll's import library (if you have access to one), but this depends upon the naming convention used for the exported functions. E.g. _MessageBoxA@16 tells us that there are 4 parameters (16 bytes) etc. But this name only appears in the import lib and not the Windows dll etc.
Obviously, as a creator of a dll you would publish information on the individual functions; info such as calling convention, number of parameters etc.
It is possible to gleam some information from a dll's import library (if you have access to one), but this depends upon the naming convention used for the exported functions. E.g. _MessageBoxA@16 tells us that there are 4 parameters (16 bytes) etc. But this name only appears in the import lib and not the Windows dll etc.
Posted: Mon Mar 05, 2007 12:46 pm
srod, thank you very much for your input and explanation on my question.