在没有标题的情况下调用c ++ dll中的函数

时间:2021-11-07 09:05:14

I would like to call a method from an dll, but i don't have the source neither the header file. I tried to use the dumpbin /exports to see the name of the method, but i can found the methods signature?

我想从一个DLL调用一个方法,但我没有源文件头文件。我试图使用dumpbin / exports来查看方法的名称,但我可以找到方法签名?

Is there any way to call this method?

有没有办法调用这种方法?

Thanks,

6 个解决方案

#1


It is possible to figure out a C function signature by analysing beginnig of its disassembly. The function arguments will be on the stack and the function will do some "pops" to read them in reverse order. You will not find the argument names, but you should be able to find out their number and the types. Things may get more difficult with return value - it may be via 'eax' register or via a special pointer passed to the function as the last pseudo-argument (on the top of the stack).

通过分析其反汇编的beginnig,可以找出C函数签名。函数参数将在堆栈上,函数将执行一些“弹出”以相反的顺序读取它们。您将找不到参数名称,但您应该能够找到它们的编号和类型。返回值可能会变得更加困难 - 它可能是通过'eax'寄存器或通过传递给函数的特殊指针作为最后一个伪参数(在堆栈顶部)。

#2


If the function is a C++ one, you may be able to derive the function signature from the mangled name. Dependency Walker is one tool that will do this for you. However, if the DLL was created with C linkage (Dependency Walker will tell you this), then you are out of luck.

如果函数是C ++函数,则可以从损坏的名称派生函数签名。 Dependency Walker是一个可以为您完成此任务的工具。但是,如果DLL是使用C链接创建的(Dependency Walker会告诉你),那么你运气不好。

#3


The C++ language does not know anything about dlls.

C ++语言对dll一无所知。

Is this on Windows? One way would be to:

这是在Windows上吗?一种方法是:

  • open the dll up in depends.exe shipped with (Visual Studio)
  • 打开随附的depends.exe中的DLL(Visual Studio)

  • verify the signature of the function you want to call
  • 验证要调用的函数的签名

  • use LoadLibrary() to get load this dll (be careful about the path)
  • 使用LoadLibrary()来加载这个dll(注意路径)

  • use GetProcAddress() to get a pointer to the function you want to call
  • 使用GetProcAddress()获取指向要调用的函数的指针

  • use this pointer-to-function to make a call with valid arguments
  • 使用此指针到函数来使用有效参数进行调用

  • use FreeLibrary() to release the handle
  • 使用FreeLibrary()来释放句柄

BTW: This method is also commonly referred to as runtime dynamic linking as opposed to compile-time dynamic linking where you compile your sources with the associated lib file.

BTW:此方法通常也称为运行时动态链接,而不是编译时动态链接,您可以使用关联的lib文件编译源代码。

There exists some similar mechanism for *nixes with dlopen, but my memory starts to fail after that. Something called objdump or nm should get you started with inspecting the function(s).

对于带有dlopen的* nix,存在一些类似的机制,但之后我的记忆开始失败。名为objdump或nm的东西应该让你开始检查函数。

#4


As you have found, the exports list in a DLL only stores names, not signatures. If your DLL exports C functions, you will probably have to disassemble and reverse engineer the functions to determine method signatures. However, C++ encodes the method signature in the export name. This process of combining the method name and signature is called "name mangling". This * question has a reference for determining the method signature from the mangled export name.

如您所见,DLL中的导出列表仅存储名称,而不存储签名。如果您的DLL导出C函数,您可能必须对这些函数进行反汇编和反向工程以确定方法签名。但是,C ++会在导出名称中对方法签名进行编码。将方法名称和签名组合在一起的过程称为“名称重整”。此*问题有一个参考,用于从损坏的导出名称确定方法签名。

Try the free "Dependency Walker" (a.k.a. "depends") utility. The "Undecorate C++ Functions" option should determine the signature of a C++ method.

尝试免费的“Dependency Walker”(a.k.a。“依赖”)实用程序。 “Undecorate C ++ Functions”选项应确定C ++方法的签名。

#5


If you indeed know or strongly suspect the function is there, you can dynamically load the DLL with loadLibrary and get a pointer to the function with getProcAddress. See MSDN

如果您确实知道或强烈怀疑该函数存在,您可以使用loadLibrary动态加载DLL并使用getProcAddress获取指向该函数的指针。请参阅MSDN

Note that this is a manual, dynamic way to load the library; you'll still have to know the correct function signature to map to the function pointer in order to use it. AFAIK there is no way to use the dll in a load-time capability and use the functions without a header file.

请注意,这是一种加载库的手动动态方式;你仍然需要知道正确的函数签名来映射到函数指针才能使用它。 AFAIK无法在加载时功能中使用dll并使用没有头文件的函数。

#6


Calling non-external functions is a great way to have your program break whenever the 3rd party DLL is updated.

调用非外部函数是在第三方DLL更新时让程序中断的好方法。

That said, the undname utility may also be helpful.

也就是说,undname实用程序也可能有用。

#1


It is possible to figure out a C function signature by analysing beginnig of its disassembly. The function arguments will be on the stack and the function will do some "pops" to read them in reverse order. You will not find the argument names, but you should be able to find out their number and the types. Things may get more difficult with return value - it may be via 'eax' register or via a special pointer passed to the function as the last pseudo-argument (on the top of the stack).

通过分析其反汇编的beginnig,可以找出C函数签名。函数参数将在堆栈上,函数将执行一些“弹出”以相反的顺序读取它们。您将找不到参数名称,但您应该能够找到它们的编号和类型。返回值可能会变得更加困难 - 它可能是通过'eax'寄存器或通过传递给函数的特殊指针作为最后一个伪参数(在堆栈顶部)。

#2


If the function is a C++ one, you may be able to derive the function signature from the mangled name. Dependency Walker is one tool that will do this for you. However, if the DLL was created with C linkage (Dependency Walker will tell you this), then you are out of luck.

如果函数是C ++函数,则可以从损坏的名称派生函数签名。 Dependency Walker是一个可以为您完成此任务的工具。但是,如果DLL是使用C链接创建的(Dependency Walker会告诉你),那么你运气不好。

#3


The C++ language does not know anything about dlls.

C ++语言对dll一无所知。

Is this on Windows? One way would be to:

这是在Windows上吗?一种方法是:

  • open the dll up in depends.exe shipped with (Visual Studio)
  • 打开随附的depends.exe中的DLL(Visual Studio)

  • verify the signature of the function you want to call
  • 验证要调用的函数的签名

  • use LoadLibrary() to get load this dll (be careful about the path)
  • 使用LoadLibrary()来加载这个dll(注意路径)

  • use GetProcAddress() to get a pointer to the function you want to call
  • 使用GetProcAddress()获取指向要调用的函数的指针

  • use this pointer-to-function to make a call with valid arguments
  • 使用此指针到函数来使用有效参数进行调用

  • use FreeLibrary() to release the handle
  • 使用FreeLibrary()来释放句柄

BTW: This method is also commonly referred to as runtime dynamic linking as opposed to compile-time dynamic linking where you compile your sources with the associated lib file.

BTW:此方法通常也称为运行时动态链接,而不是编译时动态链接,您可以使用关联的lib文件编译源代码。

There exists some similar mechanism for *nixes with dlopen, but my memory starts to fail after that. Something called objdump or nm should get you started with inspecting the function(s).

对于带有dlopen的* nix,存在一些类似的机制,但之后我的记忆开始失败。名为objdump或nm的东西应该让你开始检查函数。

#4


As you have found, the exports list in a DLL only stores names, not signatures. If your DLL exports C functions, you will probably have to disassemble and reverse engineer the functions to determine method signatures. However, C++ encodes the method signature in the export name. This process of combining the method name and signature is called "name mangling". This * question has a reference for determining the method signature from the mangled export name.

如您所见,DLL中的导出列表仅存储名称,而不存储签名。如果您的DLL导出C函数,您可能必须对这些函数进行反汇编和反向工程以确定方法签名。但是,C ++会在导出名称中对方法签名进行编码。将方法名称和签名组合在一起的过程称为“名称重整”。此*问题有一个参考,用于从损坏的导出名称确定方法签名。

Try the free "Dependency Walker" (a.k.a. "depends") utility. The "Undecorate C++ Functions" option should determine the signature of a C++ method.

尝试免费的“Dependency Walker”(a.k.a。“依赖”)实用程序。 “Undecorate C ++ Functions”选项应确定C ++方法的签名。

#5


If you indeed know or strongly suspect the function is there, you can dynamically load the DLL with loadLibrary and get a pointer to the function with getProcAddress. See MSDN

如果您确实知道或强烈怀疑该函数存在,您可以使用loadLibrary动态加载DLL并使用getProcAddress获取指向该函数的指针。请参阅MSDN

Note that this is a manual, dynamic way to load the library; you'll still have to know the correct function signature to map to the function pointer in order to use it. AFAIK there is no way to use the dll in a load-time capability and use the functions without a header file.

请注意,这是一种加载库的手动动态方式;你仍然需要知道正确的函数签名来映射到函数指针才能使用它。 AFAIK无法在加载时功能中使用dll并使用没有头文件的函数。

#6


Calling non-external functions is a great way to have your program break whenever the 3rd party DLL is updated.

调用非外部函数是在第三方DLL更新时让程序中断的好方法。

That said, the undname utility may also be helpful.

也就是说,undname实用程序也可能有用。