Jump to content
  • Advertisement

Archived

This topic is now archived and is closed to further replies.

poozer

Extracting function signatures from a DLL

This topic is 5931 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hi, I''m not a dll or linker expert, so please excuse me if this question is stupid... I was *legally* given a normal (non-COM) dll (written in C) that I must integrate into my company''s application over the weekend. The problem is that I was given no header files, and very little documentation. Sooooo... Is it possible to extract the function signatures from a dll? And can someone point me at some *good* reverse engineering tools? I did a "dumpbin /exports", but this only provides the function names, not the signatures. I also tried various freeware reverse engineering tools, but they all pretty much sucked. Any help is greatly appreciated. Thanks in advance!!! Note again, that I am not doing anything illegal. Our company has a contract to use this dll.

Share this post


Link to post
Share on other sites
Advertisement
Why is it neccessary to stress that what you''re doing is legal?

There''s no direct way to retrieve the signatures - the parameters - you could disassemble it and see how it twiddles the stack to get a better idea. Tedious and error prone are serious understatements.

It you got it legally, why don''t you have the header?

Magmai Kai Holmlor

"Oh, like you''ve never written buggy code" - Lee

[Look for information | GDNet Start Here | GDNet Search Tool | GDNet FAQ | MSDN RTF[L] | SGI STL Docs | STFW | Asking Smart Questions ]

[Free C++ Libraries | Boost | ACE | Loki | MTL | Blitz++ ]

Shamelessly ripped from Oluseyi

Share this post


Link to post
Share on other sites
quote:
Why is it neccessary to stress that what you''re doing is legal?

People on message forums (not just this one) tend to jump to conclusions. If I didn''t stress the legality, people would have labeled me a hacker or a software pirate, instead of answering my question.

quote:

It you got it legally, why don''t you have the header?


Incompetence, corporate bureacracy, project managers who have no technical experience, a ridiculous deadline, and lack of support on weekends.

Share this post


Link to post
Share on other sites
Hacking''s not illegal, and it''s occassioanlly neccessary to dig into undocumented functions in the nt or kernel dll''s for advanced OS features (taskman and outlook do it), of which the headers are not readily available.

Magmai Kai Holmlor

"Oh, like you''ve never written buggy code" - Lee

[Look for information | GDNet Start Here | GDNet Search Tool | GDNet FAQ | MSDN RTF[L] | SGI STL Docs | STFW | Asking Smart Questions ]

[Free C++ Libraries | Boost | ACE | Loki | MTL | Blitz++ ]

Shamelessly ripped from Oluseyi

Share this post


Link to post
Share on other sites
Grab a copy of Dependency Walke (http://www.dependencywalker.com/) - That will make it easy to extract the exported function names. Head over to msdn and dig around for the "Under the Hood" columns. IIRC one of them has pointers for how to figure out dll function sigs.

Share this post


Link to post
Share on other sites
No, you can''t.

If it were C++, the exported names may have been mangled, in which case you could demangle them, but if it''s C, even if the functions are exported by name (which isn''t mandatory), they won''t be mangled.

quote:
Hacking''s not illegal, and it''s occassioanlly neccessary to dig into undocumented functions in the nt or kernel dll''s for advanced OS features (taskman and outlook do it), of which the headers are not readily available.

Task Manager does (it''s part of the OS, it''s allowed to).

Outlook does not. This is not surprising; if it did depend on such things, it would no longer work on Windows 9x. But it does.

Share this post


Link to post
Share on other sites
Sound''s like you want the prototypes...

There are some tools about...on (i think) simtel.net there is a dissassembler called IDA (v4.1) - with this you should at least be able to figure out the number of variables going in

If you have some [binary] examples you might be able to dissassemble or run in a debugger.

Names might give you some clues as to what exactly the vars do.

Try searching for the function names on the web (it''s strange...sometimes these things actually pop-up in places you didn''t expect)

Otherwise you''re on your own...oh well if you''re sure it''s your suppliers fault you''ve got some kind of excuse - especially if you''ve tried.

I suppose the other thing you could do is paste up the function names & dll name and see if anyone else has any clues...

Share this post


Link to post
Share on other sites
quote:
Original post by DrPizza
Outlook does not. This is not surprising; if it did depend on such things, it would no longer work on Windows 9x. But it does.


So are you asserting that if I write a program that uses ntdll, it''s impossible for it to run on 9x? ...they are called dll''s for a reason; it''s not hard to try to load several different dlls, and implement a few features in a couple of different ways. IIRC, Outlook hooks into the file notification mechanisms of NT4 this way - in 9x it polls.

And it is possible to figure out the parameters, it''s just not easy.

Share this post


Link to post
Share on other sites
personally i would ask whoever supplied the dll to give you the headers or find the person that has them. it will take you much longer to acceptable reverse engineer the dll then it would to find a person with the header file with the function prototypes. i mean if someone else in the company is using the dll for stuff, then they most likly have the header files you seek. unfortunatly for you there is no magic tool that will tell you what the parms are, only how many bytes they take on the stack which is definatly not a lot to go on. plus the fact that in order to know what the actual parms are you would have to look at (and understand) the disasmebly of the code which then means you might as well write the fucntions yourself. things like pointers which are being used for structs you may not know about will serverly hinder your progress, as will return error codes that you will have a difficult time understanding.

if you company has a contract and is paying money for this, then they are getting ripped off and you should DEMAND appropriate header files at the very least. documenetation should also be adequate or their tech support should answer your questions. granted the real world is not perfect, but you shuld not have to reverse engineer a dll that you are using under a contract unless it was part of the contract to reverse engineer the dll which i highly doubt it was.

basically if you cant get the headers, you wont be able to do anythign much with the dll over the weekend. even experts in the field (of reverse engineering) take longer to accuratly figure out what a function does, the parms and return codes.

Share this post


Link to post
Share on other sites

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!