Thread: DLL Export List

  1. #1
    Unregistered User Yarin's Avatar
    Join Date
    Jul 2007
    Posts
    2,158

    DLL Export List

    I have a program that will give me a list of DLL export functions, and their addresses, but is there a way I can figure out what arguments they accept?

  2. #2
    Frequently Quite Prolix dwks's Avatar
    Join Date
    Apr 2005
    Location
    Canada
    Posts
    8,057
    Sticking "dll export function arguments parameters" into google gives you lots of information.

    From http://www.heaventools.com/faq.htm#f6
    Q: How do I get parameters on function exports? I have the function name, but that is near useless unless I can figure out the parameters.

    If you don't have the source code and API documentation, the machine code is all there is. PE Explorer provides a Disassembler. There is only one way to figure out the parameters: run the disassembler and read the disassembly output. This task of reverse engineering the interface cannot be automated, sorry.

    PE Explorer comes bundled with descriptions for 39 various libraries, including the core Windows operating system libraries (eg. KERNEL32, GDI32, USER32, SHELL32, WSOCK32), key graphics libraries (DDRAW, OPENGL32) and more. But PE Explorer is unable to provide description sets for all libraries or functions ever written by humankind.
    So it depends on what DLL you are looking at.
    dwk

    Seek and ye shall find. quaere et invenies.

    "Simplicity does not precede complexity, but follows it." -- Alan Perlis
    "Testing can only prove the presence of bugs, not their absence." -- Edsger Dijkstra
    "The only real mistake is the one from which we learn nothing." -- John Powell


    Other boards: DaniWeb, TPS
    Unofficial Wiki FAQ: cpwiki.sf.net

    My website: http://dwks.theprogrammingsite.com/
    Projects: codeform, xuni, atlantis, nort, etc.

  3. #3
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    If you have MS Visual Studio, it comes with dumpbin, which, among other things, comes with a disassembler too. [I've not tried it, but I believe VS 2005 which is free from MS has this too]. It doesn't come with a set of 39 library description files tho' :-(

    It is usually fairly easy to determine the number of arguments and how those arguments are used if you have a decent idea of what the DLL does and how it's supposed to work. I figured out how to draw playing-cards with the "cards.dll" that comes with the Windows standard card games.

    Code:
    // Function Type declarations.
    typedef bool (__stdcall *CDTInit)(int *width, int *height);
    typedef void (__stdcall *CDTTerm)(void);
    typedef bool (__stdcall *CDTDraw)(HDC hdc, int x, int y, int index, int style, int color );
    
    // Load library and fetch functions. 
    	HMODULE h;
    	h = LoadLibrary("cards.dll");
    	if (h == NULL)
    	{
    		assert(false);
    		return FALSE;
    	}
    
    	cardFuncs.cdtInit = (CDTInit)GetProcAddress(h, "cdtInit");
    	assert(cardFuncs.cdtInit != NULL);
    	cardFuncs.cdtTerm = (CDTTerm)GetProcAddress(h, "cdtTerm");
    	assert(cardFuncs.cdtTerm != NULL);
    	cardFuncs.cdtDraw = (CDTDraw)GetProcAddress(h, "cdtDraw");
    	assert(cardFuncs.cdtDraw != NULL);
    
    	if (!cardFuncs.cdtInit(&cardSize.width, &cardSize.height))
    	{
    		assert(false);
    	}
    // How do draw cards.
    		int x = 0, y = 0;
    
    		for(int s = 0; s < 4; s++)
    		{
    			x = 0;
    			for(int i = 0; i < 13; i++)
    			{
    				if (!cardFuncs.cdtDraw(hdc, x, y, i*4+s, style, 0xffffff))
    				{
    					sprintf(buf, "Failed (index = %d)", i*4 + s);
    					pDC->TextOut(x, y, buf, strlen(buf));
    				}
    
    				x += 80;
    			}
    			y += 100;
    		}
    If I remember right, I probably spent about 4 hours from "start to finish", and that included the time to write the code above to draw cards and all. At first, I got the suites mixed up, because I thougth they were in suit-order, rather than all aces first, all kings last.

    --
    Mats
    Compilers can produce warnings - make the compiler programmers happy: Use them!
    Please don't PM me for help - and no, I don't do help over instant messengers.

  4. #4
    Unregistered User Yarin's Avatar
    Join Date
    Jul 2007
    Posts
    2,158
    It is usually fairly easy to determine the number of arguments and how those arguments are used if you have a decent idea of what the DLL does and how it's supposed to work.
    I do have a good idea as to what the DLL's functions do... How did you figure it out?
    EDIT:
    By trying these codes until you hit one that actually worked?
    Code:
    typedef bool (__stdcall *MyFunction)(LPVOID one_args);
    typedef bool (__stdcall *MyFunction)(LPVOID one_arg, two_args);
    typedef bool (__stdcall *MyFunction)(LPVOID one_args, two_args, three_args);
    typedef bool (__stdcall *MyFunction)(LPVOID one_args, two_args, three_args, four_args);
    // ect.....
    Last edited by Yarin; 09-13-2007 at 03:59 PM.

  5. #5
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    Quote Originally Posted by Yarin View Post
    I do have a good idea as to what the DLL's functions do... How did you figure it out?
    EDIT:
    By trying these codes until you hit one that actually worked?
    Code:
    typedef bool (__stdcall *MyFunction)(LPVOID one_args);
    typedef bool (__stdcall *MyFunction)(LPVOID one_arg, two_args);
    typedef bool (__stdcall *MyFunction)(LPVOID one_args, two_args, three_args);
    typedef bool (__stdcall *MyFunction)(LPVOID one_args, two_args, three_args, four_args);
    // ect.....
    With stdcall functions, it's easy to use disassembly to figure out "the amount of arguments" - as the stdcall calling convention says that the called function removes the arguments. So if the return is "ret 16", then you know almost certainly that it takes 4 32-bit arguments, unless you think it takes two doubles or one double + 2 32-bit values or such.

    As to what the arguments are used for, I followed each argument to see what it was used for, and then a bit of "advanced guessing" where it wasn't clear.

    It is a case of "reading assembly code with no comments", and it's not entirely trivial, but it's not impossible either.

    --
    Mats
    Compilers can produce warnings - make the compiler programmers happy: Use them!
    Please don't PM me for help - and no, I don't do help over instant messengers.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Conflicting types of typedef error
    By advocation in forum C++ Programming
    Replies: 4
    Last Post: 03-22-2005, 06:26 PM
  2. Replies: 3
    Last Post: 03-04-2005, 02:46 PM
  3. How can I traverse a huffman tree
    By carrja99 in forum C++ Programming
    Replies: 3
    Last Post: 04-28-2003, 05:46 PM
  4. Linked list with two class types within template.
    By SilasP in forum C++ Programming
    Replies: 3
    Last Post: 02-09-2002, 06:13 AM
  5. singly linked list
    By clarinetster in forum C Programming
    Replies: 2
    Last Post: 08-26-2001, 10:21 PM