高手关照：关于如何得到DLL文件中的重要信息问题。（100分）(100分)

uranium235 · 2002-10-18

有些程序调用了DLL链接库，其中有一些很有用处的函数 和过程，所以问题来了。 有以下几个： 1.如何得到DLL库中的函数、过程名； 2.如何得到它们的参数（包括函数、过程的参数及类型、函数的返回值类型等信息）； 3.暂时想不出来。。。。。。 期待大虾及与我一样的菜鸟能热烈的讨论！ 还望高手予以详解，最好附上使用的例程。

wql · 2002-10-19

>>

uranium235 · 2002-10-21

????  >>是什么意思？？？？ 请大家看看。

antic_ant · 2002-10-23

只能显示DLL可导出函数 uses DLLTools; function TForm1.ListExport( const name: String; ordinal: Integer; address

ointer ): Boolean; var listentry: TLIstItem; begin Result := true; listentry:= listview.Items.Add; listentry.Caption := Format('%p',[address] ); listentry.Subitems.Add( format('%d',[ordinal] )); listentry.Subitems.Add( name ); end; procedure TForm1.Button1Click(Sender: TObject); begin if opendialog.execute then begin listview.items.clear; ListDLLExports( opendialog.filename, listexport ); end; end; ***** DLLTOOLS 单元 ***** unit dlltools; interface Uses Windows, Classes, Sysutils, imagehlp ; type TDLLExportCallback = function (const name: String; ordinal: Integer; address: Pointer): Boolean of Object; { Note: address is a RVA here, not a usable virtual address! } DLLToolsError = Class( Exception ); Procedure ListDLLExports( const filename: String; callback: TDLLExportCallback ); Procedure DumpExportDirectory( Const ExportDirectory: TImageExportDirectory; lines: TStrings; const Image: LoadedImage ); Function RVAToPchar( rva: DWORD; const Image: LoadedImage ): PChar; Function RVAToPointer( rva: DWORD; const Image: LoadedImage ): Pointer; implementation resourcestring eDLLNotFound = 'ListDLLExports: DLL %s does not exist!'; {+---------------------------------------------------------------------- Procedure EnumExports Parameters : ExportDirectory: IMAGE_EXPORT_DIRECTORY record to enumerate image : LOADED_IMAGE record for the DLL the export directory belongs to. callback : callback function to hand the found exports to, must not be Nil Description: The export directory of a PE image contains three RVAs that point at tables which describe the exported functions. The first is an array of RVAs that refer to the exported function names, these we translate to PChars to get the exported name. The second array is an array of Word that contains the export ordinal for the matching entry in the names array. The ordinal is biased, that is we have to add the ExportDirectory.Base value to it to get the actual export ordinal. The biased ordinal serves as index for the third array, which is an array of RVAs that give the position of the function code in the image. We don't translate these RVAs since the DLL is not relocated since we load it via MapAndLoad. The function array is usually much larger than the names array, since the ordinals for the exported functions do not have to be in sequence, there can be (and frequently are) gaps in the sequence, for which the matching entries in the function RVA array are garbage. Error Conditions: none Created: 9.1.2000 by P. Below +----------------------------------------------------------------------} Procedure EnumExports( const ExportDirectory : TImageExportDirectory ; const image : LoadedImage ; callback : TDLLExportCallback ) ; Type TDWordArray = Array [0..$FFFFF] of DWORD; Var i: Cardinal; pNameRVAs, pFunctionRVas: ^TDWordArray; pOrdinals: ^TWordArray; name: String; address: Pointer; ordinal: Word; Begin { EnumExports } pNameRVAs := RVAToPointer( DWORD(ExportDirectory.AddressOfNames), image ); pFunctionRVAs := RVAToPointer( DWORD(ExportDirectory.AddressOfFunctions), image ); pOrdinals := RVAToPointer( DWORD(ExportDirectory.AddressOfNameOrdinals), image ); For i:= 0 to Pred( ExportDirectory.NumberOfNames ) Do Begin name := RVAToPChar( pNameRVAs^, image ); ordinal := pOrdinals^; address := Pointer( pFunctionRVAs^[ ordinal ] ); If not callback( name, ordinal+ExportDirectory.Base, address ) Then Exit; End; { For } End; { EnumExports } {+---------------------------------------------------------------------- Procedure ListDLLExports Parameters : filename : full pathname of DLL to examine callback : callback to hand the found exports to, must not be Nil Description: Loads the passed DLL using the LoadImage function, finds the exported names table and reads it. Each found entry is handed to the callback for further processing, until no more entries remain or the callback returns false. Note that the address passed to the callback for a exported function is an RVA, so not identical to the address the function would have in a properly loaded and relocated DLL! Error Conditions: Exceptions are raised if - the passed DLL does not exist or could not be loaded - no callback was passed (only if assertions are on) - an API function failed Created: 9.1.2000 by P. Below +----------------------------------------------------------------------} Procedure ListDLLExports( const filename : String ; callback : TDLLExportCallback ) ; Var imageinfo: LoadedImage; pExportDirectory: PImageExportDirectory; dirsize: Cardinal; Begin { ListDLLExports } Assert( Assigned( callback )); If not FileExists( filename ) Then raise DLLToolsError.CreateFmt( eDLLnotFound, [filename] ); If MapAndLoad( PChar( filename ), nil, @imageinfo, true, true ) Then try pExportDirectory := ImageDirectoryEntryToData( imageinfo.MappedAddress, false, IMAGE_DIRECTORY_ENTRY_EXPORT, dirsize ); If pExportDirectory = Nil Then RaiseLastWin32Error Else EnumExports( pExportDirectory^, imageinfo, callback ); finally UnMapAndLoad( @imageinfo ); end Else RaiseLastWin32Error; End; { ListDLLExports } {+---------------------------------------------------------------------- Procedure DumpExportDirectory Parameters : ExportDirectory: a IMAGE_EXPORT_DIRECTORY record lines : a TStrings descendend to put the info into, must not be Nil Description: Dumps the fields of the passed structure to the passed strings descendent as strings. Error Conditions: will raise an exception if lines is Nil and assertions are enabled. Created: 9.1.2000 by P. Below +----------------------------------------------------------------------} Procedure DumpExportDirectory( Const ExportDirectory : TImageExportDirectory; lines : TStrings; const Image: LoadedImage ) ; Begin { DumpExportDirectory } Assert( Assigned( lines )); lines.add( 'Dump of IMAGE_EXPORT_DIRECTORY' ); lines.add( format('Characteristics: %d', [ExportDirectory.Characteristics])); lines.add( format('TimeDateStamp: %d', [ExportDirectory.TimeDateStamp])); lines.add( format('Version: %d.%d', [ExportDirectory.MajorVersion, ExportDirectory.MinorVersion])); lines.add( format('Name (RVA): %x', [ExportDirectory.Name])); lines.add( format('Name (translated): %s', [RVAToPchar( ExportDirectory.name, Image )])); lines.add( format('Base: %d', [ExportDirectory.Base])); lines.add( format('NumberOfFunctions: %d', [ExportDirectory.NumberOfFunctions])); lines.add( format('NumberOfNames: %d', [ExportDirectory.NumberOfNames])); lines.add( format('AddressOfFunctions (RVA): %p', [Pointer(ExportDirectory.AddressOfFunctions)])); lines.add( format('AddressOfNames (RVA): %p', [Pointer(ExportDirectory.AddressOfNames)])); lines.add( format('AddressOfNameOrdinals (RVA): %p', [Pointer(ExportDirectory.AddressOfNameOrdinals)])); End; { DumpExportDirectory } {+---------------------------------------------------------------------- Function RVAToPointer Parameters : rva : a relative virtual address to translate Image : LOADED_IMAGE structure for the image the RVA relates to Returns : translated address Description: Uses the ImageRVAToVA function to translate the RVA to a virtual address. Error Conditions: Will raise an exception if the translation failed Created: 9.1.2000 by P. Below +----------------------------------------------------------------------} Function RVAToPointer( rva : DWORD ; const Image : LoadedImage ) : Pointer; var pDummy: PImageSectionHeader; Begin { RVAToPchar } pDummy := nil; Result := ImageRvaToVa( Image.FileHeader, Image.MappedAddress, rva, pDummy ); If Result = Nil Then RaiseLastWin32Error; End; { RVAToPointer } {+---------------------------------------------------------------------- Function RVAToPchar Parameters : rva : a relative virtual address to translate Image : LOADED_IMAGE structure for the image the RVA relates to Returns : translated address Description: Uses the RVAToPointer function to translate the RVA to a virtual address. Note that we do not check that the address does indeed point to a zero-terminated string! Error Conditions: Will raise an exception if the translation failed Created: 9.1.2000 by P. Below +----------------------------------------------------------------------} Function RVAToPchar( rva : DWORD ; const Image : LoadedImage ) : PChar ; Begin { RVAToPchar } Result := RVAToPointer( rva, image ); End; { RVAToPchar } end.

张鸿林 · 2002-10-23

普通DLL的输出函数可以用Windows的Quickvew查看，或用 delphi/bin/tdump.exe工具 但无法获得参数说明，这是普通dll的特性，微软的dll都有相应的帮助。 第三方写的dll,如果要共享，也必须提供帮助。 另外一种类型的dll属于Com/Com+组件，可以使用 delphi菜单中的Import libaruay命令，导出***_tlb.pas 文件，这个文件包含函数声明和参数，信息齐全，往往可以 不用帮助就调用，当然，要看这个写组件的人是否语无伦次， 还有，你对这个技术的理解程度

阿乐 · 2002-10-24

我知道可以用exescope查看函数或过程名，十分简单，不过，参数是没有的。。。呵呵。

KOKS · 2002-10-24

Turbo Dump  Version 5.0.16.12 Copyright (c) 1988, 2000 Inprise Corporation Syntax:   TDUMP [options] [InputFile] [ListFile] [options]   -a      Display file in 8-bit ASCII  -a7     Display file in 7-Bit ASCII   -b#     Start at offset #            -C      Dump OBJ, LIB COFF info   -d      Dump OBJ, LIB debug info     -e      Dump as EXE   -ed     No EXE debug info            -ee[=x] PE exports only (x=srch)   -eiID   EXE tbls:HDR,OBJ,FIX,NAM,ENT -el     No EXE line numbers   -em[=x] PE imports only (x=srch)     -em.[x] PE imp. modules (x=srch)   -ep     No EXE PE header display     -er     No EXE relocation records   -ea[:v] Dump Exports

v sort on RVA) -ex     No New Executable dump   -h      Output in hex                -iID    Incl dbg tbl:[?/abc...rst]   -l      Dump as LIB (OMF)            -le[=x] Dump EXPDEF recs (x=srch)   -li[=x] Dump IMPDEF recs (x=srch)    -m      No C++ de-mangling   -o      Dump as OBJ (OMF)            -oc     Do OMF CRC check   -oiID   Include OMF rec (? for list) -oxID   Exclude OMF rec (? for list)   -q      Suppress copyright message   -r      Raw dump of records   -R      Dump PE relocation table     -s[=x]  Dump strings (x=srch)   -su[=x] Dump unix style strings      -um     Unmangle file list of names   -v      Verbose dump of records      -xID    Excl dbg tbl:[?/abc...rst]   -?      Display a better help screen

alang_xy · 2002-10-24

//显示DLL可导出函数   // 为了测试，你需要在Form上放置一个TButton、TOpenDialog和TListView构件   // 完整的DLLTools单元的代码在示例代码之后   uses DLLTools;   function TForm1.ListExport( const name: String; ordinal: Integer; address

ointer ): Boolean;   var   listentry: TLIstItem;   begin   Result := true;   listentry:= listview.Items.Add;   listentry.Caption := Format('%p',[address] );   listentry.Subitems.Add( format('%d',[ordinal] ));   listentry.Subitems.Add( name );   end;   procedure TForm1.Button1Click(Sender: TObject);   begin   if opendialog.execute then   begin   listview.items.clear;   ListDLLExports( opendialog.filename, listexport );   end;   end;   *****   DLLTOOLS 单元   *****   unit dlltools;   interface   Uses Windows, Classes, Sysutils, imagehlp ;   type   TDLLExportCallback = function (const name: String; ordinal: Integer;   address: Pointer): Boolean of Object;   { Note: address is a RVA here, not a usable virtual address! }   DLLToolsError = Class( Exception );   Procedure ListDLLExports( const filename: String; callback:   TDLLExportCallback );   Procedure DumpExportDirectory( Const ExportDirectory: TImageExportDirectory;   lines: TStrings; const Image: LoadedImage );   Function RVAToPchar( rva: DWORD; const Image: LoadedImage ): PChar;   Function RVAToPointer( rva: DWORD; const Image: LoadedImage ): Pointer;   implementation   resourcestring   eDLLNotFound =   'ListDLLExports: DLL %s does not exist!';   {+----------------------------------------------------------------------   | Procedure EnumExports   |   | Parameters :   | ExportDirectory: IMAGE_EXPORT_DIRECTORY record to enumerate   | image : LOADED_IMAGE record for the DLL the export directory belongs   | to.   | callback : callback function to hand the found exports to, must not be   Nil   | Description:   | The export directory of a PE image contains three RVAs that point at   tables   | which describe the exported functions. The first is an array of RVAs   that   | refer to the exported function names, these we translate to PChars to   | get the exported name. The second array is an array of Word that   contains   | the export ordinal for the matching entry in the names array. The   ordinal   | is biased, that is we have to add the ExportDirectory.Base value to it   to   | get the actual export ordinal. The biased ordinal serves as index for   the   | third array, which is an array of RVAs that give the position of the   | function code in the image. We don't translate these RVAs since the DLL   | is not relocated since we load it via MapAndLoad. The function array is   | usually much larger than the names array, since the ordinals for the   | exported functions do not have to be in sequence, there can be (and   | frequently are) gaps in the sequence, for which the matching entries in   the   | function RVA array are garbage.   | Error Conditions: none   | Created: 9.1.2000 by P. Below   +----------------------------------------------------------------------}   Procedure EnumExports( const ExportDirectory : TImageExportDirectory ;   const image : LoadedImage ;   callback : TDLLExportCallback ) ;   Type   TDWordArray = Array [0..$FFFFF] of DWORD;   Var   i: Cardinal;   pNameRVAs, pFunctionRVas: ^TDWordArray;   pOrdinals: ^TWordArray;   name: String;   address: Pointer;   ordinal: Word;   Begin { EnumExports }   pNameRVAs :=   RVAToPointer( DWORD(ExportDirectory.AddressOfNames), image );   pFunctionRVAs :=   RVAToPointer( DWORD(ExportDirectory.AddressOfFunctions), image );   pOrdinals :=   RVAToPointer( DWORD(ExportDirectory.AddressOfNameOrdinals), image );   For i:= 0 to Pred( ExportDirectory.NumberOfNames ) Do Begin   name := RVAToPChar( pNameRVAs^, image );   ordinal := pOrdinals^;   address := Pointer( pFunctionRVAs^[ ordinal ] );   If not callback( name, ordinal+ExportDirectory.Base, address ) Then   Exit;   End; { For }   End; { EnumExports }   {+----------------------------------------------------------------------   | Procedure ListDLLExports   |   | Parameters :   | filename : full pathname of DLL to examine   | callback : callback to hand the found exports to, must not be Nil   | Description:   | Loads the passed DLL using the LoadImage function, finds the exported   | names table and reads it. Each found entry is handed to the callback   | for further processing, until no more entries remain or the callback   | returns false. Note that the address passed to the callback for a   exported   | function is an RVA, so not identical to the address the function would   | have in a properly loaded and relocated DLL!   | Error Conditions:   | Exceptions are raised if   | - the passed DLL does not exist or could not be loaded   | - no callback was passed (only if assertions are on)   | - an API function failed   | Created: 9.1.2000 by P. Below   +----------------------------------------------------------------------}   Procedure ListDLLExports( const filename : String ; callback :   TDLLExportCallback ) ;   Var   imageinfo: LoadedImage;   pExportDirectory: PImageExportDirectory;   dirsize: Cardinal;   Begin { ListDLLExports }   Assert( Assigned( callback ));   If not FileExists( filename ) Then   raise DLLToolsError.CreateFmt( eDLLnotFound, [filename] );   If MapAndLoad( PChar( filename ), nil, @imageinfo, true, true ) Then   try   pExportDirectory :=   ImageDirectoryEntryToData(   imageinfo.MappedAddress, false,   IMAGE_DIRECTORY_ENTRY_EXPORT, dirsize );   If pExportDirectory = Nil Then   RaiseLastWin32Error   Else   EnumExports( pExportDirectory^, imageinfo, callback );   finally   UnMapAndLoad( @imageinfo );   end   Else   RaiseLastWin32Error;   End; { ListDLLExports }   {+----------------------------------------------------------------------   | Procedure DumpExportDirectory   |   | Parameters :   | ExportDirectory: a IMAGE_EXPORT_DIRECTORY record   | lines : a TStrings descendend to put the info into, must not be Nil   | Description:   | Dumps the fields of the passed structure to the passed strings   descendent   | as strings.   | Error Conditions:   | will raise an exception if lines is Nil and assertions are enabled.   | Created: 9.1.2000 by P. Below   +----------------------------------------------------------------------}   Procedure DumpExportDirectory( Const ExportDirectory : TImageExportDirectory;   lines : TStrings; const Image: LoadedImage ) ;   Begin { DumpExportDirectory }   Assert( Assigned( lines ));   lines.add( 'Dump of IMAGE_EXPORT_DIRECTORY' );   lines.add( format('Characteristics: %d',   [ExportDirectory.Characteristics]));   lines.add( format('TimeDateStamp: %d',   [ExportDirectory.TimeDateStamp]));   lines.add( format('Version: %d.%d',   [ExportDirectory.MajorVersion,   ExportDirectory.MinorVersion]));   lines.add( format('Name (RVA): %x',   [ExportDirectory.Name]));   lines.add( format('Name (translated): %s',   [RVAToPchar( ExportDirectory.name, Image )]));   lines.add( format('Base: %d',   [ExportDirectory.Base]));   lines.add( format('NumberOfFunctions: %d',   [ExportDirectory.NumberOfFunctions]));   lines.add( format('NumberOfNames: %d',   [ExportDirectory.NumberOfNames]));   lines.add( format('AddressOfFunctions (RVA): %p',   [Pointer(ExportDirectory.AddressOfFunctions)]));   lines.add( format('AddressOfNames (RVA): %p',   [Pointer(ExportDirectory.AddressOfNames)]));   lines.add( format('AddressOfNameOrdinals (RVA): %p',   [Pointer(ExportDirectory.AddressOfNameOrdinals)]));   End; { DumpExportDirectory }   {+----------------------------------------------------------------------   | Function RVAToPointer   |   | Parameters :   | rva : a relative virtual address to translate   | Image : LOADED_IMAGE structure for the image the RVA relates to   | Returns : translated address   | Description:   | Uses the ImageRVAToVA function to translate the RVA to a virtual   | address.   | Error Conditions:   | Will raise an exception if the translation failed   | Created: 9.1.2000 by P. Below   +----------------------------------------------------------------------}   Function RVAToPointer( rva : DWORD ; const Image : LoadedImage ) : Pointer;   var   pDummy: PImageSectionHeader;   Begin { RVAToPchar }   pDummy := nil;   Result :=   ImageRvaToVa( Image.FileHeader, Image.MappedAddress, rva,   pDummy );   If Result = Nil Then   RaiseLastWin32Error;   End; { RVAToPointer }   {+----------------------------------------------------------------------   | Function RVAToPchar   |   | Parameters :   | rva : a relative virtual address to translate   | Image : LOADED_IMAGE structure for the image the RVA relates to   | Returns : translated address   | Description:   | Uses the RVAToPointer function to translate the RVA to a virtual   | address. Note that we do not check that the address does indeed point   | to a zero-terminated string!   | Error Conditions:   | Will raise an exception if the translation failed   | Created: 9.1.2000 by P. Below   +----------------------------------------------------------------------}   Function RVAToPchar( rva : DWORD ; const Image : LoadedImage ) : PChar ;   Begin { RVAToPchar }   Result := RVAToPointer( rva, image );   End; { RVAToPchar }   end.  ----------------------------------------- 取得某一dll所有输出函数名     取得某一dll所有输出函数名 在uses里加上ImageHlp procedure ListDLLFunctions(DLLName: String; List: TStrings); type   chararr = array [0..$FFFFFF] of Char;   var   H: THandle;   I,   fc: integer;   st: string;   arr: Pointer;   ImageDebugInformation: PImageDebugInformation; begin   List.Clear;   DLLName := ExpandFileName(DLLName);   if FileExists(DLLName) then   begin     H := CreateFile(PChar(DLLName), GENERIC_READ, FILE_SHARE_READ or       FILE_SHARE_WRITE, nil, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);     if H<>INVALID_HANDLE_VALUE then       try         ImageDebugInformation := MapDebugInformation(H, PChar(DLLName), nil, 0);         if ImageDebugInformation<>nil then           try             arr := ImageDebugInformation^.ExportedNames;             fc := 0;             for I := 0 to ImageDebugInformation^.ExportedNamesSize - 1 do               if chararr(arr^)=#0 then               begin                 st := PChar(@chararr(arr^)[fc]);                 if Length(st)>0 then                   List.Add(st);                 if (I>0) and (chararr(arr^)[I-1]=#0) then                   Break;                 fc := I + 1               end           finally             UnmapDebugInformation(ImageDebugInformation)           end       finally         CloseHandle(H)       end   end end; procedure TForm1.Button1Click(Sender: TObject); var   List: TStrings;   I: integer;   S: String; begin   List := TStringList.Create;   ListDLLFunctions('c:/windows/system/Abcsda.dll', List);   showmessage(inttostr(list.count));   S := 'List of functions';   for I := 0 to List.Count - 1 do     S := S + #13#10 + List;   ShowMessage(S);   List.Free end;

uranium235 · 2002-10-26

好大一段英文程序…… KOKS的是什么东东？ 突然发现上面两位引用的是同一个程序～！◎＃￥％……

fssky · 2002-11-08

>>>> [

]

uranium235 · 2003-02-15

问题搁了好久，该结了！

高手关照：关于如何得到DLL文件中的重要信息问题。（100分）(100分)

uranium235

Unregistered / Unconfirmed

wql

Unregistered / Unconfirmed

uranium235

Unregistered / Unconfirmed

antic_ant

Unregistered / Unconfirmed

张鸿林

Unregistered / Unconfirmed

阿乐

Unregistered / Unconfirmed

KOKS

Unregistered / Unconfirmed

alang_xy

Unregistered / Unconfirmed

uranium235

Unregistered / Unconfirmed

fssky

Unregistered / Unconfirmed

uranium235

Unregistered / Unconfirmed

Similar threads