我如何知道系统调用属于哪个 DLL?
我有一个很长的列表,列出了我所执行的程序的所有调用。我需要知道的是每个调用属于哪个DLL。我怎样才能发现这一点?
谢谢,
I have a long list of all the calls a program I have does. What i need to know is which DLL each call belongs to. How would I find this out?
Thanks,
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
嗯......你的标题和你的问题指向不同的事情。系统调用的含义非常具体,即对操作系统内核的调用(这些不在 dll 中)。
事实上,Windows 并不直接公开这些 API,而是公开系统 DLL 中的 API,这些 API 负责调用系统调用本身。
假设您实际上没有系统调用列表,而是调用列表。该列表是从二进制文件生成的吗?二进制文件实际上有一个它们所依赖的 dll 列表,并且
dumpbin /imports binary.exe实际上会列出您所要求的内容。hum... your title and your questions point to different things. syscalls mean something very specific, a call to the OS kernel (and those are not in dlls).
As it happens, Windows does not expose those directly, but rather exposes APIs in system DLLs that are responsible to call the syscall themselves.
So let's say you don't actually have a list of syscalls, but a list of calls. Is this list generated from a binary ? binaries actually have a list of the dlls they depend on, and a
dumpbin /imports binary.exewill actually list exactly what you're asking for.给定可执行文件,最简单的方法可能是
dumpbin /imports。这将产生如下输出:根据您的可执行文件,您很有可能获得更多无关信息。由于您已经有了您关心的函数列表,因此应该很容易过滤此列表以获取您需要的信息并忽略其余信息。
Given the executable, the easiest way would probably be
dumpbin /imports <exe_name>. This will produce output like this:Depending on your executable, there's a pretty fair chance that you'll get more extraneous information. Since you already have a list of functions you care about, it should be pretty easy to filter this to get the information you need and leave out the rest.