最近為了分析一個沒有代碼的DLL有哪些函數,找了各種方法。
把結果分享一下:三個方法都沒法得到函數的參數,有點讓我失望。
DLL Export Viewer
NikPEViewer
Dumpbin
配置說明參考:https://docs.microsoft.com/en-us/previous-versions/756as972%28v%3dvs.140%29
C:\Program Files (x86)\Microsoft Visual Studio\2017\Professional\VC\Tools\MSVC\14.15.26726\bin\Hostx64\x64>dumpbin.exe /exports C:\bregonig.dll Microsoft (R) COFF/PE Dumper Version 14.15.26730.0 Copyright (C) Microsoft Corporation. All rights reserved. Dump of file C:\bregonig.dll File Type: DLL Section contains the following exports for bregonig.dll 00000000 characteristics 5413D4DA time date stamp Sat Sep 13 14:23:38 2014 0.00 version 1 ordinal base 20 number of functions 20 number of names ordinal hint RVA name 1 0 000501D0 BMatch 2 1 00050200 BMatchEx 3 2 00051460 BMatchExW 4 3 00051430 BMatchW 5 4 000501A0 BRegexpVersion 6 5 00051400 BRegexpVersionW 7 6 00050450 BRegfree 8 7 00050450 BRegfreeW 9 8 000503E0 BSplit 10 9 000515A0 BSplitW 11 A 00050230 BSubst 12 B 00050260 BSubstEx 13 C 000514C0 BSubstExW 14 D 00051490 BSubstW 15 E 00050290 BTrans 16 F 000514F0 BTransW 17 10 00050470 BoMatch 18 11 00051610 BoMatchW 19 12 00050540 BoSubst 20 13 000516E0 BoSubstW Summary 6000 .data 3000 .reloc 1000 .rsrc 75000 .text
DLL調用方法
[DllImport("GP\\GPP.dll", EntryPoint = "GPPGetString", CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)] static extern int getString(int nFont, int nBtwChar, string psString, int nSize, int nFontSizeVal);
CallingConvention的設置是依賴與DLL內部方法的定義是否有__stdcall。