1-click AWS Deployment 1-click Azure Deployment
Overview
DLL Export Viewer is a downloadable Windows-based application that serves as a practical utility in displaying the list of all exported functions and virtual memory addresses for specified DLL files from a computer device. … When this process is called, the debugger will stop in the beginning of that specific function.
Since DLLs are essentially the same as EXEs, the choice of which to produce as part of the linking process is for clarity, since it is possible to export functions and data from either.
It is not possible to directly execute a DLL, since it requires an EXE for the operating system to load it through an entry point, hence the existence of utilities like RUNDLL.EXE or RUNDLL32.EXE which provide the entry point and minimal framework for DLLs that contain enough functionality to execute without much support.
DLLs provide a mechanism for shared code and data, allowing a developer of shared code/data to upgrade functionality without requiring applications to be re-linked or re-compiled. From the application development point of view Windows and OS/2 can be thought of as a collection of DLLs that are upgraded, allowing applications for one version of the OS to work in a later one, provided that the OS vendor has ensured that the interfaces and functionality are compatible.
DLLs execute in the memory space of the calling process and with the same access permissions which means there is little overhead in their use but also that there is no protection for the calling EXE if the DLL has any sort of bug.
A simple application that allows you to extract the available function names from a DLL-file in order to save them to a text file :
DLL Analyzer allows you to load the resources included in a DLL file in order to view the names of the included functions. It allows developers to view the available function names and save the list to their computer.
DLL (dynamic link library) files include a variety of functions, data and other resources which are accessed by other executable files. The functions enable the developer to integrate the library in their programs which makes them important for the development process.
While most development environment applications include the ability to view the included resources, these programs are complex and require a lot of space on your computer. This tool aims to provide you with a lightweight alternative solely for viewing the available functions.
All you need to do is specify the DLL file and select the function type before scanning the file. The app displays the number of detected items and lists their names in the main window. You have the option to display line numbers in order to quickly locate a certain entry.
If you need to save the list to your hard drive you can copy the names to your clipboard or export all the details to a plain text file. Unfortunately, you need to create separate files for each category if you need to save all the functions.
In addition to the graphical interface, you have the possibility to quickly generate the text file by using command line arguments. The usage is described in the included documentation if you want to access this feature.
Overall, the DLL Analyzer is a simple software solution that can help you browse and export the list of available functions from a DLL file.
Methods of exporting a function from DLL :
You can export functions from a DLL using two methods:
- Create a module definition (. def) file and use the . def file when building the DLL. Use this approach if you want to export functions from your DLL by ordinal rather than by name.
- Use the keyword __declspec(dllexport) in the function’s definition.
Pros:
- You can build DLLs separately.
- It could be faster to re-build one DLL
Cons:
- Calling code from DLL is slower
- It would be slower to re-build hole project with all DLLs
- Function names are visible. It is easier to reverse code that uses dynamic DLLs
-This utility displays the list of all exported functions and their virtual memory addresses for the specified DLL files. You can easily copy the memory address of the desired function, paste it into your debugger, and set a breakpoint for this memory address. When this function is called, the debugger will stop in the beginning of this function.
For example: If you want to break each time that a message box is going to be displayed, simply put breakpoints on the memory addresses of message-box functions: MessageBoxA, MessageBoxExA, and MessageBoxIndirectA (or MessageBoxW, MessageBoxExW, and MessageBoxIndirectW in unicode based applications) When one of the message-box functions is called, your debugger should break in the entry point of that function, and then you can look at call stack and go backward into the code that initiated this API call.
Features
-Major Features of DLL Export Viewer
- Load all functions from standard system DLLs: This is the default option. If you select it, the exported API functions of standard Windows DLLs (kernel32.dll, user32.dll, and so on…) will be displayed.
- Load functions from the specified DLL file: If you select this option, you have to specify the DLL file that you want to load in the text-box below this option. You can also specify a wildcard for loading multiple DLL files. If for some reason, you want to view all API functions on your system, you can specify something like ‘c:\windows\system32\*.dll’ – but I must warn you… You’ll get a very long functions list, probably more than 50,000 functions !
- Load functions from the DLL files specified in the following text file: If you select this option, the specified text file should contain a list of DLL files, separated by Enter characters (CR-LF). All exported functions from the specified DLLs will be loaded.
- Load functions from all DLLs attached to the selected process: This is the most useful option if you want to use this utility for debugging. Select the process that you are currently debugging, and the exported functions of all DLLs attached to the selected process will be displayed.
videos
What is a DLL file?