We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

DLL import functions???

john_m
john_m asked
on
Medium Priority
337 Views
Last Modified: 2010-04-04
Given a DLL with no supporting documentation around what functions it contains, and what parameters it takes for each function, how would you go about finding this information out?

I know how to get hold of the functions that it contains, the main problem that I have is I don't know what parameters each function takes...


I won't accept the response 'Talk to the author, what DLL is it' and other related statements.
Comment
Watch Question

Author

Commented:
Edited text of question
Unfortunatelly you can't. You can get names of exported function and paramcount for this, however you don't know what you can do with this. If this can help you then try find NEWEXE.ZIP at FtpSearch. This is utility for dumping exe and dll (without flat drivers).

good luck.
You can get a decompiler, and decompile the dll. then you can check the parametrs of the function, and what it does

Author

Commented:
Unfortunately I know all this already. If you could recommend a decompiler though, maybe that would be worth some points...
Commented:
This is obviously a tough one.

I managed to reverse engineer an interface in the Trumpet Winsock  
DLL, which is used by the Trumpet "TCP meter" application. (It's probably all changed now).

What I did was put the DLL call into my code, and then step through the code by assembler instructions. When you step into the called routine, you can see the assembler code for it. Now you need to 80x86 assembler and know what calling conventions are used, i.e. where and how parameters are passed. They are usually passed on stack, but may also be passed in registers. In the called routine look for access to the stack to get parameters. You can tell if the called routine is expecting an address.

Similarly, returned parameters are left in registers or are pushed back onto the stack before the routine returns.

Using this I was able to deduce the interface, though there was one parameter I never worked out! I had a pretty good idea that the routine returned two ints, one for received and transmitted bytes.

Note the above was done with BPW not Delphi, but the principle is the same. I have seen a decompiler that works on TPUs, and also on (C) .exe programs. Working out the types is possible, if you know how compilers generate code (which I do) to access them. It would be very difficult without knowledge of what the routines are supposed to do.

I would be interested to know what DLL you want to decode and why, unless it is just an academic exercise.

Regards,

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
egrates,
Cheers for the info. Although I don't have enough information to continue with what I wanted to do, you did at least give a fair answer to a fair question. FYI the DLL I have been looking at is DCC.DLL as supplied with Delphi 3... Doubtful that I'll get anywhere with it though...
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.