Is it possible to get an exported (C style?) function's signature (parameter count/types, return type) from a DLL? I can view the list of function names, addresses, ordinals, etc. with DLL Export Viewer but I can't view the signatures. I only have the dll file and don't have neither .h nor .def files.
是否可以从DLL中获取导出(C风格?)函数的签名(参数计数/类型,返回类型)?我可以使用DLL导出查看器查看函数名、地址、序号等列表,但不能查看签名。我只有dll文件,没有.h和.def文件。
UPDATE: Using a tool called API Monitor, I can attach to a process that uses the mentioned dll and see the calls to the functions. This lets me to see the number of parameters, return value and their integer values (pointers?) but this doesn't help a lot. I probably should find a way to determine what type of structures those pointers are pointing to at the call time.
更新:使用名为API Monitor的工具,我可以附加到使用上述dll的进程,并查看对函数的调用。这让我可以看到参数的数量、返回值和它们的整数值(指针?),但这并没有多大帮助。
3 个解决方案
#1
17
DLLs do not store the signatures of the functions they export. Other answers have mentioned C++, and when a C++ function is exported as C++, then the name will indeed be mangled. Demangle it with the right compiler's mangling scheme, and you'll have the signature. But most DLLs do not export C++ functions using their C++ names. Instead, the functions a DLL chooses to export are exported using C-style names, so even if the DLL was written in C++, the exported functions still won't have any signature information.
dll不存储它们导出的函数的签名。其他的答案也提到了c++,当一个c++函数被导出为c++时,这个名称就会被错误地打乱。使用正确的编译器的混乱模式分解它,您将得到签名。但是大多数dll不使用它们的c++名称导出c++函数。相反,DLL选择导出的函数使用C样式的名称进行导出,因此即使DLL是用c++编写的,导出的函数仍然没有任何签名信息。
You don't have the header? Most vendors include that sort of thing in their SDKs. If you didn't get one, then complain to the vendor. If you weren't supposed to get one, then maybe you're going about your task the wrong way; are you sure you're supposed to use that DLL directly?
你没有标题?大多数供应商都在他们的SDKs中包含这类东西。如果你没有收到,就向供应商投诉。如果你不应该得到一个,那么也许你的任务是错误的;你确定你应该直接使用那个DLL吗?
If you do not have the header file, then you might also ask yourself whether you're really allowed, legally, to use the DLL in your program anyway. If it's just an arbitrary DLL you found on your system, then even if you can write code for it, you're probably not allowed to redistribute it when you ship your program.
如果您没有头文件,那么您可能还会问自己,在法律上,是否真的允许在程序中使用DLL。如果它只是你在你的系统上找到的一个任意的DLL,那么即使你可以为它写代码,你也不允许在你发布你的程序时重新发布它。
#2
3
In C++, the function signatures are "mangled" into the name in a compiler-dependent way. This doesn't happen in C. So, if you have C functions in your DLL, you'll see unmangled names. If it's a C++ one, you'll see mangled ones.
在c++中,函数签名以一种依赖于编译器的方式“分解”到名称中。这在C中不会发生,所以,如果你的DLL中有C函数,你会看到未损坏的名称。如果它是c++语言,你会看到被损坏的。
C++ needs mangled names to allow the linker to resolve overloaded functions with different signatures.
c++需要损坏的名称,以允许链接器使用不同的签名来解析重载的函数。
I don't think there's any way for you to get the function singatures from a "C" DLL. They simply aren't present.
我认为没有任何方法可以让你从一个“C”DLL中获得函数。他们根本不存在。
#3
3
For C functions, this information is not stored in the DLL at all. The only thing I can suggest is to disassemble the function and look at how it interacts with variables on the stack and then try to determine the signature.
对于C函数,这个信息根本不存储在DLL中。我唯一能建议的是分解函数,看看它如何与堆栈上的变量交互,然后尝试确定签名。
Good luck!
好运!
#1
17
DLLs do not store the signatures of the functions they export. Other answers have mentioned C++, and when a C++ function is exported as C++, then the name will indeed be mangled. Demangle it with the right compiler's mangling scheme, and you'll have the signature. But most DLLs do not export C++ functions using their C++ names. Instead, the functions a DLL chooses to export are exported using C-style names, so even if the DLL was written in C++, the exported functions still won't have any signature information.
dll不存储它们导出的函数的签名。其他的答案也提到了c++,当一个c++函数被导出为c++时,这个名称就会被错误地打乱。使用正确的编译器的混乱模式分解它,您将得到签名。但是大多数dll不使用它们的c++名称导出c++函数。相反,DLL选择导出的函数使用C样式的名称进行导出,因此即使DLL是用c++编写的,导出的函数仍然没有任何签名信息。
You don't have the header? Most vendors include that sort of thing in their SDKs. If you didn't get one, then complain to the vendor. If you weren't supposed to get one, then maybe you're going about your task the wrong way; are you sure you're supposed to use that DLL directly?
你没有标题?大多数供应商都在他们的SDKs中包含这类东西。如果你没有收到,就向供应商投诉。如果你不应该得到一个,那么也许你的任务是错误的;你确定你应该直接使用那个DLL吗?
If you do not have the header file, then you might also ask yourself whether you're really allowed, legally, to use the DLL in your program anyway. If it's just an arbitrary DLL you found on your system, then even if you can write code for it, you're probably not allowed to redistribute it when you ship your program.
如果您没有头文件,那么您可能还会问自己,在法律上,是否真的允许在程序中使用DLL。如果它只是你在你的系统上找到的一个任意的DLL,那么即使你可以为它写代码,你也不允许在你发布你的程序时重新发布它。
#2
3
In C++, the function signatures are "mangled" into the name in a compiler-dependent way. This doesn't happen in C. So, if you have C functions in your DLL, you'll see unmangled names. If it's a C++ one, you'll see mangled ones.
在c++中,函数签名以一种依赖于编译器的方式“分解”到名称中。这在C中不会发生,所以,如果你的DLL中有C函数,你会看到未损坏的名称。如果它是c++语言,你会看到被损坏的。
C++ needs mangled names to allow the linker to resolve overloaded functions with different signatures.
c++需要损坏的名称,以允许链接器使用不同的签名来解析重载的函数。
I don't think there's any way for you to get the function singatures from a "C" DLL. They simply aren't present.
我认为没有任何方法可以让你从一个“C”DLL中获得函数。他们根本不存在。
#3
3
For C functions, this information is not stored in the DLL at all. The only thing I can suggest is to disassemble the function and look at how it interacts with variables on the stack and then try to determine the signature.
对于C函数,这个信息根本不存储在DLL中。我唯一能建议的是分解函数,看看它如何与堆栈上的变量交互,然后尝试确定签名。
Good luck!
好运!