estimados..
como se puede leer y editar una DLL
existe algun descompilador o soft que deje ver el codigo interno
SOBRE DLL
- karinha
- Posts: 7910
- Joined: Tue Dec 20, 2005 7:36 pm
- Location: São Paulo - Brasil
- Been thanked: 3 times
- Contact:
Re: SOBRE DLL
Holá, para archivo.DLL, archivo.RC ó archivo.RES, uso el editor de recursos: WORKSHOP.exe de Borland.
Regards, saludos.
Regards, saludos.
João Santos - São Paulo - Brasil - Phone: +55(11)95150-7341
- Antonio Linares
- Site Admin
- Posts: 42393
- Joined: Thu Oct 06, 2005 5:47 pm
- Location: Spain
- Has thanked: 9 times
- Been thanked: 41 times
- Contact:
Re: SOBRE DLL
Puedes ver el listado de las funciones que exporta, y usando el debugger de Visual Studio podrias seguir su ejecuciónclaudio.leiva wrote:estimados..
como se puede leer y editar una DLL
existe algun descompilador o soft que deje ver el codigo interno
Es de 32 ó 64 bits ? Proporciona un enlace para descargarla y la revisamos
Re: SOBRE DLL
Sería interesante
poder ver las funciones y poder estudiar como trabajan
claro desde FWH
saludos maestro
poder ver las funciones y poder estudiar como trabajan
claro desde FWH
saludos maestro
Cesar Cortes Cruz
SysCtrl Software
Mexico
' Sin +- FWH es mejor "
SysCtrl Software
Mexico
' Sin +- FWH es mejor "
- Antonio Linares
- Site Admin
- Posts: 42393
- Joined: Thu Oct 06, 2005 5:47 pm
- Location: Spain
- Has thanked: 9 times
- Been thanked: 41 times
- Contact:
Re: SOBRE DLL
Estimado Claudio,
Abre la DLL usando esta utilidad:
https://github.com/FiveTechSoft/FWH_too ... peinfo.exe
y selecciona en el folder "Exports"
Abre la DLL usando esta utilidad:
https://github.com/FiveTechSoft/FWH_too ... peinfo.exe
y selecciona en el folder "Exports"
- Antonio Linares
- Site Admin
- Posts: 42393
- Joined: Thu Oct 06, 2005 5:47 pm
- Location: Spain
- Has thanked: 9 times
- Been thanked: 41 times
- Contact:
Re: SOBRE DLL
Este código en FWH devuelve todos los módulos exportados de una DLL.
Funciona bien desde Visual Studio, pero construyéndolo con buildh.bat no.
Os agradezco si lo probais y me decis que valor os devuelve:
Funciona bien desde Visual Studio, pero construyéndolo con buildh.bat no.
Os agradezco si lo probais y me decis que valor os devuelve:
Code: Select all | Expand
#include "FiveWin.ch"
function Main()
XBrowse( ExportedFunctions( "user32.dll" ) )
return nil
#pragma BEGINDUMP
#include <windows.h>
#include <tlhelp32.h>
#include <imagehlp.h>
#include <hbapi.h>
static void ExportedFunctions( const char * dllName )
{
HMODULE hModule = LoadLibrary( dllName );
PIMAGE_NT_HEADERS pNTHeaders = ImageNtHeader( hModule );
PIMAGE_EXPORT_DIRECTORY pExportDir = ( PIMAGE_EXPORT_DIRECTORY ) ImageRvaToVa( pNTHeaders, hModule, pNTHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress, NULL );
DWORD nFunctions = pExportDir->NumberOfFunctions;
PDWORD pNames = (PDWORD)ImageRvaToVa(pNTHeaders, hModule, pExportDir->AddressOfNames, NULL);
PWORD pOrdinals = (PWORD)ImageRvaToVa(pNTHeaders, hModule, pExportDir->AddressOfNameOrdinals, NULL);
PDWORD pAddresses = (PDWORD)ImageRvaToVa(pNTHeaders, hModule, pExportDir->AddressOfFunctions, NULL);
DWORD i;
hb_reta( nFunctions );
for( i = 0; i < nFunctions; i++)
{
char * name = ( char * ) ImageRvaToVa( pNTHeaders, hModule, pNames[ i ], NULL );
// WORD ordinal = pOrdinals[ i ];
// FARPROC address = GetProcAddress(hModule, name);
hb_arraySetC( hb_param( -1, HB_IT_ARRAY ), i + 1, name );
}
FreeLibrary( hModule );
}
HB_FUNC( EXPORTEDFUNCTIONS )
{
ExportedFunctions( hb_parc( 1 ) );
}
#pragma ENDDUMP
- Antonio Linares
- Site Admin
- Posts: 42393
- Joined: Thu Oct 06, 2005 5:47 pm
- Location: Spain
- Has thanked: 9 times
- Been thanked: 41 times
- Contact:
Re: SOBRE DLL
Funcionando. No se puede usar la técnica anterior porque se obtiene la información desde la memoria. Gracias a Bruno Cantero por su amistad y paciencia conmigo
Con esta técnica se obtienen los nombres de las funciones exportadas directamente desde el fichero DLL:
Con esta técnica se obtienen los nombres de las funciones exportadas directamente desde el fichero DLL:
Code: Select all | Expand
#include "FiveWin.ch"
function Main()
XBROWSER ExportedFunctions( "c:\Windows\System32\user32.dll" ) ;
SHOW RECID TITLE "user32.dll exported functions"
return nil
#pragma BEGINDUMP
#include <stdio.h>
#include <windows.h>
#include <hbapi.h>
// A helper function to convert RVAs to file offsets
DWORD RvaToFileOffset(DWORD rva, PIMAGE_SECTION_HEADER pSectionHeaders, WORD nSections)
{
WORD i;
for ( i = 0; i < nSections; i++)
{
if (rva >= pSectionHeaders[i].VirtualAddress && rva < pSectionHeaders[i].VirtualAddress + pSectionHeaders[i].SizeOfRawData)
{
return rva - pSectionHeaders[i].VirtualAddress + pSectionHeaders[i].PointerToRawData;
}
}
return 0;
}
// A function to list the names of the exported functions of a DLL without loading the DLL
void ExportedFunctions(LPCTSTR dllName)
{
// Declare the variables at the top
HANDLE hFile;
HANDLE hFileMapping;
LPVOID lpFileBase;
PIMAGE_DOS_HEADER pDosHeader;
PIMAGE_NT_HEADERS pNtHeaders;
PIMAGE_OPTIONAL_HEADER pOptionalHeader;
PIMAGE_DATA_DIRECTORY pDataDirectory;
PIMAGE_EXPORT_DIRECTORY pExportDirectory;
DWORD nNames, i;
PDWORD pAddressOfNames;
PDWORD pAddressOfFunctions;
PWORD pAddressOfNameOrdinals;
DWORD nameRva;
DWORD nameOffset;
LPSTR name;
// Open the DLL file and get a handle to it
hFile = CreateFile(dllName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if (hFile == INVALID_HANDLE_VALUE)
{
printf("Failed to open %s\n", dllName);
return;
}
// Create a file mapping object for the DLL file and get a handle to it
hFileMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL);
if (hFileMapping == NULL)
{
printf("Failed to create file mapping for %s\n", dllName);
CloseHandle(hFile);
return;
}
// Map a view of the file mapping object into the address space of the current process and get a pointer to it
lpFileBase = MapViewOfFile(hFileMapping, FILE_MAP_READ, 0, 0, 0);
if (lpFileBase == NULL)
{
printf("Failed to map view of file for %s\n", dllName);
CloseHandle(hFileMapping);
CloseHandle(hFile);
return;
}
// Access the DOS header of the DLL file
pDosHeader = (PIMAGE_DOS_HEADER)lpFileBase;
// Access the PE header of the DLL file
pNtHeaders = (PIMAGE_NT_HEADERS)((DWORD)lpFileBase + pDosHeader->e_lfanew);
// Verify that the DLL file is a valid PE file
if (pNtHeaders->Signature != IMAGE_NT_SIGNATURE)
{
printf("%s is not a valid PE file\n", dllName);
UnmapViewOfFile(lpFileBase);
CloseHandle(hFileMapping);
CloseHandle(hFile);
return;
}
// Access the optional header of the DLL file
pOptionalHeader = &pNtHeaders->OptionalHeader;
// Access the data directory array of the DLL file
pDataDirectory = pOptionalHeader->DataDirectory;
// Access the export directory of the DLL file
pExportDirectory = (PIMAGE_EXPORT_DIRECTORY)((DWORD)lpFileBase + RvaToFileOffset(pDataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress, IMAGE_FIRST_SECTION(pNtHeaders), pNtHeaders->FileHeader.NumberOfSections));
// Get the number and addresses of exported names, functions, and ordinals
nNames = pExportDirectory->NumberOfNames;
hb_reta( nNames );
pAddressOfNames = (PDWORD)((DWORD)lpFileBase + RvaToFileOffset(pExportDirectory->AddressOfNames, IMAGE_FIRST_SECTION(pNtHeaders), pNtHeaders->FileHeader.NumberOfSections));
pAddressOfFunctions = (PDWORD)((DWORD)lpFileBase + RvaToFileOffset(pExportDirectory->AddressOfFunctions, IMAGE_FIRST_SECTION(pNtHeaders), pNtHeaders->FileHeader.NumberOfSections));
pAddressOfNameOrdinals = (PWORD)((DWORD)lpFileBase + RvaToFileOffset(pExportDirectory->AddressOfNameOrdinals, IMAGE_FIRST_SECTION(pNtHeaders), pNtHeaders->FileHeader.NumberOfSections));
// Loop through each exported name and print it
for ( i = 0; i < nNames; i++)
{
nameRva = pAddressOfNames[i];
nameOffset = RvaToFileOffset(nameRva, IMAGE_FIRST_SECTION(pNtHeaders), pNtHeaders->FileHeader.NumberOfSections);
name = (LPSTR)((DWORD)lpFileBase + nameOffset);
hb_arraySetC( hb_param( -1, HB_IT_ARRAY ), i + 1, name );
}
// Unmap the view of the file, close the file mapping object and the file handle
UnmapViewOfFile(lpFileBase);
CloseHandle(hFileMapping);
CloseHandle(hFile);
}
HB_FUNC( EXPORTEDFUNCTIONS )
{
ExportedFunctions( hb_parc( 1 ) );
}
#pragma ENDDUMP
Re: SOBRE DLL
Excelente maestro, vamos a probar
saludos !
saludos !
Cesar Cortes Cruz
SysCtrl Software
Mexico
' Sin +- FWH es mejor "
SysCtrl Software
Mexico
' Sin +- FWH es mejor "