问题
I've found the Software DLL Export Viewer which can retrieve the name of the exported functions from a dll library file:
I would like to know how I can start trying to mimic the same feature of the function-name retrieval in VB.NET or C# code (I don't need to retrieve the adreesses), for a C++ library.
The C++ dll which I would like to test is MediaInfo
Anyone can guide me?
回答1:
The file format of .exe and .dll in modern windows are Portable Executable (most common PE or PE32, there is an 64bits version of the format that change the size of some data and extend others).
Info about the format:
Microsoft PE and COFF Specification
An In-Depth Look into the Win32 Portable Executable File Format, Part 1
An In-Depth Look into the Win32 Portable Executable File Format, Part 2
Peering Inside the PE: A Tour of the Win32 Portable Executable File Format (search for PE File Exports)
corkami Website(with really good info about goodies in binary formats)
In your specific case you are interesting in the exported data directory (which is the data structure that hold the info about the exported functions of the binary (not only dll can have exported functions)). This data structure contains info about the total number of exported functions, the list of the address of the exported functions, the name (if exist) and ordinals of the exported functions, etc...)
If you want to mimic DLL Export Viewer functionality you need to be able to load the PE File (ex: your .dll file and parse necessary data to reach Export Data Directory, like, MZ Header, PE Header, and finally parse Export Data Directory structures).
There is a very good python library named PyFile (that you can use or at least can give you insides and a way to check for problems), there is also PeLib in C++.
The road to take if you want to doit yourself is:
-Load MZ Header (get PE Header offset)
-Load PE Header (get Export Data Directory Offset)
-Load Export Data Directory Structure (get Numbers of Exported Functions and address of the list of exported functions info)
-Loop the list Loading exported functions info (get the address of the name of exported function)
-Read the name.
来源:https://stackoverflow.com/questions/24780311/retrive-list-of-entrypoints-in-a-external-c-lib