Parsing plain Win32 PE File (Exe/DLL) in .NET

Question

I need to parse plain Win32 DLL/Exe and get all imports and exports from it to show on console or GUI (i.e. Win Forms). Is it possible to parse Win32 DLL/Exe in C#.NET by re

Answer 1

As regards the second part of your question, getting the method signatures, this is, as a general rule, impossible. That information is not usually stored in the PE itself. For C++ functions it can be possible, because the mangled name will encode that information, but many DLLs do not expose C++ interfaces. For COM interfaces, this information is stored in a type library, often embedded as a resource in the PE. To see if this is possible for the specific dlls you have in mind you can use dumpbin and undec to see if the functions are C++ mangled names. If not, you will need some other source of information like header files to create proper P/Invoke signatures (in which case you probably don't need to parse the PE file).

Answer 2

Have a look at the PeNet library for .Net. It can parse and list you all Exports/Imports of a DLL. You can get it from github or directly as a NuGet package. https://github.com/secana/PeNet https://www.nuget.org/packages/PeNet/

(disclaimer: I'm the author of the project)

Answer 3

Parsing PE files is possible using the Microsoft Portable Executable Specification Document. However, as Logan noted, the signatures are not included in the PE file; only the names of the exported functions are included.

UPDATE: If your dll is a C++ dll created by a recent version of Microsoft's C++ compiler, then you can undecorate the mangled name to get most of the signature by calling this function: UnDecorateSymbolName from Debugging Tools for Windows. However, the return value is not included in the mangled name.