导出表是否包含 Win32 Exe 函数的所有条目?
我需要知道其导出表中包含的所有 Win32(PE 文件)函数或类方法。我在哪里可以获得这些信息?我了解 PE 文件格式的每个部分,但我不知道如何继续。
I need to know all of a Win32 (PE File) functions or class methods contained inside its Export table. Where can I get this information? I understand every section of the PE file format but I don't know how to proceed.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
导出表仅包含导出函数的条目。如果调试信息可用,通常也会有大多数其他功能的条目。如果没有这个,可执行文件很可能根本不包含有关尚未导出的函数的任何信息。
The export table only contains entries for exported functions. If you debugging information available, there will usually be entries for most other functions as well. Without that, chances are pretty good that the executable simply doesn't contain any information about functions that haven't been exported.
使用 Visual Studio C++ Express< 附带的
dumpbin/a> 或下载 OpenWatcom C/C++ 软件包,其中有一个wdump与之关联...Open Watcom Executable Image Dump Utility Version 1.8 Portions Copyright (c) 1984-2002 Sybase, Inc. All Rights Reserved. Source code is available under the Sybase Open Watcom Public License. See http://www.openwatcom.org/ for details. Usage: wdump [-?abdefipqrsx] [-A] [-B] [-D] [-S] is a DOS EXE file, a Windows or OS/2 executable or DLL, a PharLap executable, NLM, a QNX executable, an ELF executable, shared library or object file, or a COFF object.编辑:您无法通过编程方式直接提取这些导出函数,上面的实用程序将使用命令行开关显示地址,包括显示“加载库”、“自由库”。当使用“GetProcAddress”调用时,在内部,它会在导出目录中查找以查找导出函数的相关地址,然后返回该导出函数的函数指针。
Edit#2: @UsMan:您可以转储导出函数的地址,但要找到签名并不容易,因为您需要反汇编相关的 EXE 并通过查看调用堆栈。除此之外,如果您有第 3 方 DLL,但没有提供头文件和 lib 文件来向您显示函数签名...除了反汇编代码之外,您几乎不走运...如果您是谈论发布的 EXE 或 DLL 会更困难,因为调试信息将被删除,将其加载到调试器中以计算出堆栈、使用的调用和参数,这将是一个有争议的问题。
您能否编辑您的问题,使其更具体地清楚您的目标是什么,因为我正在搬起石头砸自己的脚,并且由于您对此答案不满意而冒着被否决的风险……它是 MFC吗? ATL、DLL,什么是EXE、DLL等...
Use
dumpbinthat comes with Visual Studio C++ Express or download the OpenWatcom C/C++ package and in there there is awdumpassociated with it...Open Watcom Executable Image Dump Utility Version 1.8 Portions Copyright (c) 1984-2002 Sybase, Inc. All Rights Reserved. Source code is available under the Sybase Open Watcom Public License. See http://www.openwatcom.org/ for details. Usage: wdump [-?abdefipqrsx] [-A] [-B] [-D] [-S] is a DOS EXE file, a Windows or OS/2 executable or DLL, a PharLap executable, NLM, a QNX executable, an ELF executable, shared library or object file, or a COFF object.Edit: You cannot extract those export functions directly by programmatic means, the utility above will show the addresses using the command line switches including showing the address of the export functions for the 'LoadLibrary', 'FreeLibrary'. When a call to 'GetProcAddress' is used, internally, it is doing a look up on the export directory to find the relevant address of the exported function prior to returning back a function pointer for that exported function.
Edit#2: @UsMan: You can dump the addresses of the exports functions, but to find the signatures is not easy as you would need to disassemble the relevant EXE's and work out the parameters from looking at the call stack. Other than that, if you have a 3rd party DLL, but does not come with a header file and lib file, to show you the function signatures...you are pretty much out of luck except disassemble the code...If you are talking about a release EXE or DLL, it will be harder as the debugging info would have been stripped thereby, loading it into the debugger to work out the stack, calls used and parameters which would be a moot point.
Can you please edit your question to make it more specifically clearer on what is your objective as I'm shooting myself in the foot and risk getting downvoted as a result of your dis-satisfaction with this answer....is it an MFC, ATL, DLL, what is the EXE, DLL, etc...