最近为了分析一个没有代码的DLL有哪些函数,找了各种方法。
把结果分享一下:三个方法都没法得到函数的参数,有点让我失望。
DLL Export Viewer
NikPEViewer
Dumpbin
配置说明参考:https://docs.microsoft.com/en-us/previous-versions/756as972%28v%3dvs.140%29
C:\Program Files (x86)\Microsoft Visual Studio\2017\Professional\VC\Tools\MSVC\14.15.26726\bin\Hostx64\x64>dumpbin.exe /exports C:\bregonig.dll
Microsoft (R) COFF/PE Dumper Version 14.15.26730.0
Copyright (C) Microsoft Corporation. All rights reserved. Dump of file C:\bregonig.dll File Type: DLL Section contains the following exports for bregonig.dll 00000000 characteristics
5413D4DA time date stamp Sat Sep 13 14:23:38 2014
0.00 version
1 ordinal base
20 number of functions
20 number of names ordinal hint RVA name 1 0 000501D0 BMatch
2 1 00050200 BMatchEx
3 2 00051460 BMatchExW
4 3 00051430 BMatchW
5 4 000501A0 BRegexpVersion
6 5 00051400 BRegexpVersionW
7 6 00050450 BRegfree
8 7 00050450 BRegfreeW
9 8 000503E0 BSplit
10 9 000515A0 BSplitW
11 A 00050230 BSubst
12 B 00050260 BSubstEx
13 C 000514C0 BSubstExW
14 D 00051490 BSubstW
15 E 00050290 BTrans
16 F 000514F0 BTransW
17 10 00050470 BoMatch
18 11 00051610 BoMatchW
19 12 00050540 BoSubst
20 13 000516E0 BoSubstW Summary 6000 .data
3000 .reloc
1000 .rsrc
75000 .text
DLL调用方法
[DllImport("GP\\GPP.dll", EntryPoint = "GPPGetString", CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
static extern int getString(int nFont, int nBtwChar, string psString, int nSize, int nFontSizeVal);
CallingConvention的设置是依赖与DLL内部方法的定义是否有__stdcall。