Get signatures of exported functions in a DLL

2019-01-07 22:08发布

问题:

Is it possible to get an exported (C style?) function's signature (parameter count/types, return type) from a DLL? I can view the list of function names, addresses, ordinals, etc. with DLL Export Viewer but I can't view the signatures. I only have the dll file and don't have neither .h nor .def files.

UPDATE: Using a tool called API Monitor, I can attach to a process that uses the mentioned dll and see the calls to the functions. This lets me to see the number of parameters, return value and their integer values (pointers?) but this doesn't help a lot. I probably should find a way to determine what type of structures those pointers are pointing to at the call time.

回答1:

DLLs do not store the signatures of the functions they export. Other answers have mentioned C++, and when a C++ function is exported as C++, then the name will indeed be mangled. Demangle it with the right compiler's mangling scheme, and you'll have the signature. But most DLLs do not export C++ functions using their C++ names. Instead, the functions a DLL chooses to export are exported using C-style names, so even if the DLL was written in C++, the exported functions still won't have any signature information.

You don't have the header? Most vendors include that sort of thing in their SDKs. If you didn't get one, then complain to the vendor. If you weren't supposed to get one, then maybe you're going about your task the wrong way; are you sure you're supposed to use that DLL directly?

If you do not have the header file, then you might also ask yourself whether you're really allowed, legally, to use the DLL in your program anyway. If it's just an arbitrary DLL you found on your system, then even if you can write code for it, you're probably not allowed to redistribute it when you ship your program.



回答2:

In C++, the function signatures are "mangled" into the name in a compiler-dependent way. This doesn't happen in C. So, if you have C functions in your DLL, you'll see unmangled names. If it's a C++ one, you'll see mangled ones.

C++ needs mangled names to allow the linker to resolve overloaded functions with different signatures.

I don't think there's any way for you to get the function singatures from a "C" DLL. They simply aren't present.



回答3:

For C functions, this information is not stored in the DLL at all. The only thing I can suggest is to disassemble the function and look at how it interacts with variables on the stack and then try to determine the signature.

Good luck!



标签: c++ c dll function