SOBRE DLL

Post Reply
claudio.leiva
Posts: 18
Joined: Thu Aug 17, 2023 8:37 pm

SOBRE DLL

Post by claudio.leiva »

estimados..

como se puede leer y editar una DLL
existe algun descompilador o soft que deje ver el codigo interno
User avatar
karinha
Posts: 7910
Joined: Tue Dec 20, 2005 7:36 pm
Location: São Paulo - Brasil
Been thanked: 3 times
Contact:

Re: SOBRE DLL

Post by karinha »

Holá, para archivo.DLL, archivo.RC ó archivo.RES, uso el editor de recursos: WORKSHOP.exe de Borland.

Regards, saludos.
João Santos - São Paulo - Brasil - Phone: +55(11)95150-7341
User avatar
Antonio Linares
Site Admin
Posts: 42393
Joined: Thu Oct 06, 2005 5:47 pm
Location: Spain
Has thanked: 9 times
Been thanked: 41 times
Contact:

Re: SOBRE DLL

Post by Antonio Linares »

claudio.leiva wrote:estimados..

como se puede leer y editar una DLL
existe algun descompilador o soft que deje ver el codigo interno
Puedes ver el listado de las funciones que exporta, y usando el debugger de Visual Studio podrias seguir su ejecución

Es de 32 ó 64 bits ? Proporciona un enlace para descargarla y la revisamos
regards, saludos

Antonio Linares
www.fivetechsoft.com
User avatar
sysctrl2
Posts: 1042
Joined: Mon Feb 05, 2007 7:15 pm
Has thanked: 2 times
Contact:

Re: SOBRE DLL

Post by sysctrl2 »

Sería interesante
poder ver las funciones y poder estudiar como trabajan
claro desde FWH
saludos maestro
Cesar Cortes Cruz
SysCtrl Software
Mexico

' Sin +- FWH es mejor "
User avatar
Antonio Linares
Site Admin
Posts: 42393
Joined: Thu Oct 06, 2005 5:47 pm
Location: Spain
Has thanked: 9 times
Been thanked: 41 times
Contact:

Re: SOBRE DLL

Post by Antonio Linares »

Estimado Claudio,

Abre la DLL usando esta utilidad:
https://github.com/FiveTechSoft/FWH_too ... peinfo.exe

y selecciona en el folder "Exports"
regards, saludos

Antonio Linares
www.fivetechsoft.com
User avatar
Antonio Linares
Site Admin
Posts: 42393
Joined: Thu Oct 06, 2005 5:47 pm
Location: Spain
Has thanked: 9 times
Been thanked: 41 times
Contact:

Re: SOBRE DLL

Post by Antonio Linares »

Este código en FWH devuelve todos los módulos exportados de una DLL.

Funciona bien desde Visual Studio, pero construyéndolo con buildh.bat no.

Os agradezco si lo probais y me decis que valor os devuelve:

Code: Select all | Expand

#include "FiveWin.ch"

function Main()

    XBrowse( ExportedFunctions( "user32.dll" ) )
    
return nil    

#pragma BEGINDUMP

#include <windows.h>
#include <tlhelp32.h>
#include <imagehlp.h>
#include <hbapi.h>

static void ExportedFunctions( const char * dllName )
{
    HMODULE hModule = LoadLibrary( dllName );
    PIMAGE_NT_HEADERS pNTHeaders = ImageNtHeader( hModule );
    PIMAGE_EXPORT_DIRECTORY pExportDir = ( PIMAGE_EXPORT_DIRECTORY ) ImageRvaToVa( pNTHeaders, hModule, pNTHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress, NULL );
    DWORD nFunctions = pExportDir->NumberOfFunctions;
    PDWORD pNames = (PDWORD)ImageRvaToVa(pNTHeaders, hModule, pExportDir->AddressOfNames, NULL);
    PWORD pOrdinals = (PWORD)ImageRvaToVa(pNTHeaders, hModule, pExportDir->AddressOfNameOrdinals, NULL);
    PDWORD pAddresses = (PDWORD)ImageRvaToVa(pNTHeaders, hModule, pExportDir->AddressOfFunctions, NULL);
    DWORD i;

    hb_reta( nFunctions );

    for( i = 0; i < nFunctions; i++)
    {
       char * name = ( char * ) ImageRvaToVa( pNTHeaders, hModule, pNames[ i ], NULL );
       // WORD ordinal = pOrdinals[ i ];
       // FARPROC address = GetProcAddress(hModule, name);

       hb_arraySetC( hb_param( -1, HB_IT_ARRAY ), i + 1, name );
    }

    FreeLibrary( hModule );
}

HB_FUNC( EXPORTEDFUNCTIONS )
{
   ExportedFunctions( hb_parc( 1 ) ); 
}

#pragma ENDDUMP
regards, saludos

Antonio Linares
www.fivetechsoft.com
User avatar
Antonio Linares
Site Admin
Posts: 42393
Joined: Thu Oct 06, 2005 5:47 pm
Location: Spain
Has thanked: 9 times
Been thanked: 41 times
Contact:

Re: SOBRE DLL

Post by Antonio Linares »

Funcionando. No se puede usar la técnica anterior porque se obtiene la información desde la memoria. Gracias a Bruno Cantero por su amistad y paciencia conmigo :-)

Con esta técnica se obtienen los nombres de las funciones exportadas directamente desde el fichero DLL:

Code: Select all | Expand

#include "FiveWin.ch"

function Main()

   XBROWSER ExportedFunctions( "c:\Windows\System32\user32.dll" ) ;
      SHOW RECID TITLE "user32.dll exported functions"
    
return nil    

#pragma BEGINDUMP

#include <stdio.h>
#include <windows.h>
#include <hbapi.h>

// A helper function to convert RVAs to file offsets
DWORD RvaToFileOffset(DWORD rva, PIMAGE_SECTION_HEADER pSectionHeaders, WORD nSections)
{
    WORD i;

    for ( i = 0; i < nSections; i++)
    {
        if (rva >= pSectionHeaders[i].VirtualAddress && rva < pSectionHeaders[i].VirtualAddress + pSectionHeaders[i].SizeOfRawData)
        {
            return rva - pSectionHeaders[i].VirtualAddress + pSectionHeaders[i].PointerToRawData;
        }
    }
    return 0;
}

// A function to list the names of the exported functions of a DLL without loading the DLL
void ExportedFunctions(LPCTSTR dllName)
{
    // Declare the variables at the top
    HANDLE hFile;
    HANDLE hFileMapping;
    LPVOID lpFileBase;
    PIMAGE_DOS_HEADER pDosHeader;
    PIMAGE_NT_HEADERS pNtHeaders;
    PIMAGE_OPTIONAL_HEADER pOptionalHeader;
    PIMAGE_DATA_DIRECTORY pDataDirectory;
    PIMAGE_EXPORT_DIRECTORY pExportDirectory;
    DWORD nNames, i;
    PDWORD pAddressOfNames;
    PDWORD pAddressOfFunctions;
    PWORD pAddressOfNameOrdinals;
    DWORD nameRva;
    DWORD nameOffset;
    LPSTR name;

    // Open the DLL file and get a handle to it
    hFile = CreateFile(dllName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
    if (hFile == INVALID_HANDLE_VALUE)
    {
        printf("Failed to open %s\n", dllName);
        return;
    }

    // Create a file mapping object for the DLL file and get a handle to it
    hFileMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL);
    if (hFileMapping == NULL)
    {
        printf("Failed to create file mapping for %s\n", dllName);
        CloseHandle(hFile);
        return;
    }

    // Map a view of the file mapping object into the address space of the current process and get a pointer to it
    lpFileBase = MapViewOfFile(hFileMapping, FILE_MAP_READ, 0, 0, 0);
    if (lpFileBase == NULL)
    {
        printf("Failed to map view of file for %s\n", dllName);
        CloseHandle(hFileMapping);
        CloseHandle(hFile);
        return;
    }

    // Access the DOS header of the DLL file
    pDosHeader = (PIMAGE_DOS_HEADER)lpFileBase;

    // Access the PE header of the DLL file
    pNtHeaders = (PIMAGE_NT_HEADERS)((DWORD)lpFileBase + pDosHeader->e_lfanew);

    // Verify that the DLL file is a valid PE file
    if (pNtHeaders->Signature != IMAGE_NT_SIGNATURE)
    {
        printf("%s is not a valid PE file\n", dllName);
        UnmapViewOfFile(lpFileBase);
        CloseHandle(hFileMapping);
        CloseHandle(hFile);
        return;
    }

    // Access the optional header of the DLL file
    pOptionalHeader = &pNtHeaders->OptionalHeader;

    // Access the data directory array of the DLL file
    pDataDirectory = pOptionalHeader->DataDirectory;

    // Access the export directory of the DLL file
    pExportDirectory = (PIMAGE_EXPORT_DIRECTORY)((DWORD)lpFileBase + RvaToFileOffset(pDataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress, IMAGE_FIRST_SECTION(pNtHeaders), pNtHeaders->FileHeader.NumberOfSections));

    // Get the number and addresses of exported names, functions, and ordinals
    nNames = pExportDirectory->NumberOfNames;
    hb_reta( nNames );
    pAddressOfNames = (PDWORD)((DWORD)lpFileBase + RvaToFileOffset(pExportDirectory->AddressOfNames, IMAGE_FIRST_SECTION(pNtHeaders), pNtHeaders->FileHeader.NumberOfSections));
    pAddressOfFunctions = (PDWORD)((DWORD)lpFileBase + RvaToFileOffset(pExportDirectory->AddressOfFunctions, IMAGE_FIRST_SECTION(pNtHeaders), pNtHeaders->FileHeader.NumberOfSections));
    pAddressOfNameOrdinals = (PWORD)((DWORD)lpFileBase + RvaToFileOffset(pExportDirectory->AddressOfNameOrdinals, IMAGE_FIRST_SECTION(pNtHeaders), pNtHeaders->FileHeader.NumberOfSections));

    // Loop through each exported name and print it
    for ( i = 0; i < nNames; i++)
    {
        nameRva = pAddressOfNames[i];
        nameOffset = RvaToFileOffset(nameRva, IMAGE_FIRST_SECTION(pNtHeaders), pNtHeaders->FileHeader.NumberOfSections);
        name = (LPSTR)((DWORD)lpFileBase + nameOffset);
        hb_arraySetC( hb_param( -1, HB_IT_ARRAY ), i + 1, name );
    }

    // Unmap the view of the file, close the file mapping object and the file handle
    UnmapViewOfFile(lpFileBase);
    CloseHandle(hFileMapping);
    CloseHandle(hFile);
}

HB_FUNC( EXPORTEDFUNCTIONS )
{
   ExportedFunctions( hb_parc( 1 ) ); 
}

#pragma ENDDUMP
regards, saludos

Antonio Linares
www.fivetechsoft.com
User avatar
sysctrl2
Posts: 1042
Joined: Mon Feb 05, 2007 7:15 pm
Has thanked: 2 times
Contact:

Re: SOBRE DLL

Post by sysctrl2 »

Excelente maestro, vamos a probar
saludos !
Cesar Cortes Cruz
SysCtrl Software
Mexico

' Sin +- FWH es mejor "
Post Reply