Sign in to follow this  

given a dll file, can you find out how to import what it exports?

This topic is 3199 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Say you have a specific kind of scanner (pheripherical) and there is a dll that interfaces with the driver and you know the name of the functions it exports but don't have the header definiton for those functions. Is there a way to figure out the function definitions without the header file?

Share this post


Link to post
Share on other sites
Quote:
Original post by owl
Say you have a specific kind of scanner (pheripherical) and there is a dll that interfaces with the driver and you know the name of the functions it exports but don't have the header definiton for those functions. Is there a way to figure out the function definitions without the header file?


Dependency Walker will list the exports for you and you can load those via GetProcAddress after you call LoadLibrary on the DLL in your program.

For actually calling them though, you will need to do as outRider suggested and check an existing EXE that uses the DLL to find the proper usage. That is, unless you can find some documentation somewhere for using the API, which would make life a lot easier [wink]

Share this post


Link to post
Share on other sites
If you're lucky and the export names are mangled, you can retrieve the function signature with PE Explorer or UnDecorateSymbolName().

If the DLL uses stdcall convention (callee cleanup of function arguments), you get a second opportunity without needing a client of the DLL because the RET instruction indicates how many bytes of stack data a function uses. By analysing the function prolog (which IDA does automatically), you can differentiate between parameters and local variables and at least guess at the parameter count.

Share this post


Link to post
Share on other sites
Quote:
Original post by outRider
Disassemble the module that calls into the DLL and see what it's pushing onto the stack before each call.


That sounds logical. I guess I'll have to learn some assembler to do that...

Could you elaborate a bit on how to recognize function parameters and return values (and their types!) in assembler?

Thanks.

Share this post


Link to post
Share on other sites
Thanks. Yes, this utilities that look what functions a dll exports only tell the function names but not their parameters, return values and their types.

Share this post


Link to post
Share on other sites

This topic is 3199 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this