我如何知道系统调用属于哪个 DLL?

发布于 2024-08-28 14:04:04 字数 75 浏览 16 评论 0原文

我有一个很长的列表,列出了我所执行的程序的所有调用。我需要知道的是每个调用属于哪个DLL。我怎样才能发现这一点?

谢谢,

I have a long list of all the calls a program I have does. What i need to know is which DLL each call belongs to. How would I find this out?

Thanks,

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

∞梦里开花 2024-09-04 14:04:04

嗯......你的标题和你的问题指向不同的事情。系统调用的含义非常具体,即对操作系统内核的调用(这些不在 dll 中)。

事实上,Windows 并不直接公开这些 API,而是公开系统 DLL 中的 API,这些 API 负责调用系统调用本身。

假设您实际上没有系统调用列表,而是调用列表。该列表是从二进制文件生成的吗?二进制文件实际上有一个它们所依赖的 dll 列表,并且 dumpbin /imports binary.exe 实际上会列出您所要求的内容。

hum... your title and your questions point to different things. syscalls mean something very specific, a call to the OS kernel (and those are not in dlls).

As it happens, Windows does not expose those directly, but rather exposes APIs in system DLLs that are responsible to call the syscall themselves.

So let's say you don't actually have a list of syscalls, but a list of calls. Is this list generated from a binary ? binaries actually have a list of the dlls they depend on, and a dumpbin /imports binary.exe will actually list exactly what you're asking for.

你是暖光i 2024-09-04 14:04:04

给定可执行文件,最简单的方法可能是 dumpbin /imports。这将产生如下输出:

KERNEL32.dll
           405020 Import Address Table
           4060FC Import Name Table
                0 time date stamp
                0 Index of first forwarder reference

             126 GetModuleHandleA
             150 GetStartupInfoA

USER32.dll
           405480 Import Address Table
           40655C Import Name Table
                0 time date stamp
                0 Index of first forwarder reference

              F0 GetClientRect
             17A InvalidateRect
              B7 EnableWindow
             291 UpdateWindow

GDI32.dll
           405000 Import Address Table
           4060DC Import Name Table
                0 time date stamp
                0 Index of first forwarder reference

              37 CreateFontIndirectA
             1AF Rectangle
              4D CreateSolidBrush
              44 CreatePen
             1C7 SelectObject
              53 DeleteObject
             14F GetObjectA

根据您的可执行文件,您很有可能获得更多无关信息。由于您已经有了您关心的函数列表,因此应该很容易过滤此列表以获取您需要的信息并忽略其余信息。

Given the executable, the easiest way would probably be dumpbin /imports <exe_name>. This will produce output like this:

KERNEL32.dll
           405020 Import Address Table
           4060FC Import Name Table
                0 time date stamp
                0 Index of first forwarder reference

             126 GetModuleHandleA
             150 GetStartupInfoA

USER32.dll
           405480 Import Address Table
           40655C Import Name Table
                0 time date stamp
                0 Index of first forwarder reference

              F0 GetClientRect
             17A InvalidateRect
              B7 EnableWindow
             291 UpdateWindow

GDI32.dll
           405000 Import Address Table
           4060DC Import Name Table
                0 time date stamp
                0 Index of first forwarder reference

              37 CreateFontIndirectA
             1AF Rectangle
              4D CreateSolidBrush
              44 CreatePen
             1C7 SelectObject
              53 DeleteObject
             14F GetObjectA

Depending on your executable, there's a pretty fair chance that you'll get more extraneous information. Since you already have a list of functions you care about, it should be pretty easy to filter this to get the information you need and leave out the rest.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文