Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 308
  • Last Modified:

DLL import functions???

Given a DLL with no supporting documentation around what functions it contains, and what parameters it takes for each function, how would you go about finding this information out?

I know how to get hold of the functions that it contains, the main problem that I have is I don't know what parameters each function takes...


I won't accept the response 'Talk to the author, what DLL is it' and other related statements.
0
john_m
Asked:
john_m
1 Solution
 
john_mAuthor Commented:
Edited text of question
0
 
mirek071497Commented:
Unfortunatelly you can't. You can get names of exported function and paramcount for this, however you don't know what you can do with this. If this can help you then try find NEWEXE.ZIP at FtpSearch. This is utility for dumping exe and dll (without flat drivers).

good luck.
0
 
MikeP090797Commented:
You can get a decompiler, and decompile the dll. then you can check the parametrs of the function, and what it does
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
john_mAuthor Commented:
Unfortunately I know all this already. If you could recommend a decompiler though, maybe that would be worth some points...
0
 
ergatesCommented:
This is obviously a tough one.

I managed to reverse engineer an interface in the Trumpet Winsock  
DLL, which is used by the Trumpet "TCP meter" application. (It's probably all changed now).

What I did was put the DLL call into my code, and then step through the code by assembler instructions. When you step into the called routine, you can see the assembler code for it. Now you need to 80x86 assembler and know what calling conventions are used, i.e. where and how parameters are passed. They are usually passed on stack, but may also be passed in registers. In the called routine look for access to the stack to get parameters. You can tell if the called routine is expecting an address.

Similarly, returned parameters are left in registers or are pushed back onto the stack before the routine returns.

Using this I was able to deduce the interface, though there was one parameter I never worked out! I had a pretty good idea that the routine returned two ints, one for received and transmitted bytes.

Note the above was done with BPW not Delphi, but the principle is the same. I have seen a decompiler that works on TPUs, and also on (C) .exe programs. Working out the types is possible, if you know how compilers generate code (which I do) to access them. It would be very difficult without knowledge of what the routines are supposed to do.

I would be interested to know what DLL you want to decode and why, unless it is just an academic exercise.

Regards,
0
 
john_mAuthor Commented:
egrates,
Cheers for the info. Although I don't have enough information to continue with what I wanted to do, you did at least give a fair answer to a fair question. FYI the DLL I have been looking at is DCC.DLL as supplied with Delphi 3... Doubtful that I'll get anywhere with it though...
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now