DLL Simple Question

[News VS.NET \( MS ILM \)]

Hello VC,

Given a non-DotNET dll from some unknown place
How do I know the classes in it, or how do I view the classes, methods,
properties etc..

Thank you

 

[William DePalo [MVP VC++ ]]

Given a non-DotNET dll from some unknown place
How do I know the classes in it, or how do I view the classes, methods,
properties etc..

Short answer: you don't.

Longer answer:

You can inspect what a DLL exports (using the MS tools) with this command

dumpbin/exports randomDLL.dll

That gets you the public name of the functions that are exported by name.
Functions may be exported without names. Not all member functions in classes
need to be exported.

In many (all?) cases, it turns out that C++ member functions have names
which are decorated (mangled) by the compiler to include information about
the number and type of arguments and return value. However, C++ compilers
don't use the same decoration scheme. So, if you know the compiler used to
generate the object code you may glean some information but not a lot.

Regards.
Will

 

[News VS.NET \( MS ILM \)]

Thank Will
I will try it

Short answer: you don't.

Longer answer:

You can inspect what a DLL exports (using the MS tools) with this command

dumpbin/exports randomDLL.dll

That gets you the public name of the functions that are exported by name.
Functions may be exported without names. Not all member functions in classes
need to be exported.

In many (all?) cases, it turns out that C++ member functions have names
which are decorated (mangled) by the compiler to include information about
the number and type of arguments and return value. However, C++ compilers
don't use the same decoration scheme. So, if you know the compiler used to
generate the object code you may glean some information but not a lot.

Regards.
Will

 

[News VS.NET \( MS ILM \)]

I have tried to use the dumpbin and all I get the following

C:\Temp>dumpbin/exports "C:\Program Files\SOYO\HW Monitor\itevio.dll"
(null) : error : cannot execute LINK.EXE

 

[Carl Daniel [VC++ MVP]]

I have tried to use the dumpbin and all I get the following

C:\Temp>dumpbin/exports "C:\Program Files\SOYO\HW Monitor\itevio.dll"
(null) : error : cannot execute LINK.EXE

You're not running on a properly configured command prompt. It's easiest if
you use the "Visual Studio Command Prompt" shortcut that's installed in the
start menu when you install visual studio. If you did do that and got he
above error, then your Visual Studio installation is messed up somehow.

-cd

 

[News VS.NET \( MS ILM \)]

Carl Daniel, Thank you very much

After dumpbin/exports "C:\Program Files\SOYO\HW Monitor\itevio.dll"

I get the following: How do I read this, I need to know the function names
that my code can call
I am trying to get the CPU temperature using this Soyo .dll? any ideas?
thank you

Dump of file C:\Program Files\SOYO\HW Monitor\itevio.dll

File Type: DLL

Section contains the following exports for itevio.dll

00000000 characteristics
0 time date stamp Wed Dec 31 16:00:00 1969
0.00 version
1 ordinal base
5 number of functions
5 number of names

ordinal hint RVA name

4 0 0000158D Inb
3 1 0000157C Outb
2 2 000012BF ReadReg
1 3 000012A8 WriteReg
5 4 0000A17C ___CPPdebugHook

Summary

7000 .data
1000 .edata
1000 .idata
1000 .reloc
1000 .rsrc
9000 .text
1000 .tls

 

[William DePalo [MVP VC++ ]]

I get the following: How do I read this, I need to know the function names
that my code can call
I am trying to get the CPU temperature using this Soyo .dll? any ideas?
...
ordinal hint RVA name

4 0 0000158D Inb
3 1 0000157C Outb
2 2 000012BF ReadReg
1 3 000012A8 WriteReg
5 4 0000A17C ___CPPdebugHook

The section above reports that Inb, Outb, ReadReg, WriteReg and
__CPPdebugHook are functions which "clients" of this DLL may call. (The last
export is a clue, I think, that Borland tools were used to link the DLL.).
That does you little good, however as it doesn't speak to calling
conventions or the requirements imposed by those functions.

Now, it may be a violation of licensing, but one thing that you can do to
further your investigation is to build set break points at those functions
to get a feel for what is being passed into, and returned from, those
functions. The column labeled RVA gives the "relative virtual address" of
the functions which is the offset from the base of the DLL.

Another hack is to build a DLL in assembly language with the same name and
with the same set of "naked exports" (one's with neither prolog nor epilog).
Those exports would do little more than load the real DLL and jump to the
corresponding export in the original DLL. Note that I said jump and not
call. That's because you don't want to muck with the stack until you
understand how parameters are passed on the stack before the call and how
they are popped off after the call. The advantage here to doing this is that
it is easier to set breakpoints in code you wrote with your development
environment than to set them in someone else's binary where all you have is
an address.

<aside>
I did this once and I can tell you that it is not fun. :-(
</aside>

Regards,
Will

 

[Craig Powers]

Given a non-DotNET dll from some unknown place
How do I know the classes in it, or how do I view the classes, methods,
properties etc..

Depends will give the friendliest output for straight C++, since it
will decode C++ name mangling.

The OLE/COM object viewer will do a fine job with a COM type library,
which many COM dlls will have attached.

 

[News VS.NET \( MS ILM \)]

Will,

You are a person endowed with transcendent mental superiority.
You blew my mind away.
I am trying to get the cpu temperature. I was hoping that the soyo .dll will
give me the function I need as is
Thank you for your experties you defenetly tought me something
I don't know how long it will take me to figure it out or find a simpler
solution
Thanks again Will.

 

[William DePalo [MVP VC++ ]]

You are a person endowed with transcendent mental superiority.
You blew my mind away.

I am trying to get the cpu temperature. I was hoping that the soyo .dll will
give me the function I need as is
Thank you for your experties you defenetly tought me something
I don't know how long it will take me to figure it out or find a simpler
solution

I hope my reply didn't come off as pedantic. I didn't mean it to be. But the
problem you are trying to solve is not one that has an easy solution. It is
a lot like this problem:

Assumptions:

I am looking at a function in a source file in a DLL that I wrote. It's
name is foo(). It is used to get the outside temperature here on the east
coast.

Problem:

Guess how I call it. <g>

It could do anything in just about any way. The simple solution would be to
ask me.

But in your case, the problem is harder in that you can not in any sense
"ask" the binary how it does what it does. Your only option is to inspect
it. That's tedious, error prone and frustrating. <g>

Development environments that support "reflection" (e.g. Java, .Net, etc)
provide a way to query a method for its signature but C and C++ do not.

Regards,
Will

 

[News VS.NET \( MS ILM \)]

Craig,

Depends? Sorry I am not familiar with.
Can you please give more info
Thank you for your help

 

[News VS.NET \( MS ILM \)]

Will thank you again and I know you did not mean to be.
Thank you for your explaining that to me.
I will ask if I can be given a road map to some function to use.

Thanks again

 

[Craig Powers]

Craig,

Depends? Sorry I am not familiar with.

More properly, the dependency walker utility. It may be in your start
menu, under the Visual Studio tools. If it's not there, it will be
somewhere in the Visual Studio directory tree, and you should be able
to find it by searching for "depends.exe".

If you run depends.exe, it will show you a number of things about a
dll, including its dependencies, its imports, and its exports.

 

[Mihai N.]

Dump of file C:\Program Files\SOYO\HW Monitor\itevio.dll

...
ordinal hint RVA name

4 0 0000158D Inb
3 1 0000157C Outb
2 2 000012BF ReadReg
1 3 000012A8 WriteReg
5 4 0000A17C ___CPPdebugHook

What William said is true, there is not much you can find out
unless you don't spend a lot of time "spying" the calls and/or
dissasembling it. This can be illegal though.

But here is something than can save you some time (but not solve the
problem):

Dump of file C:\Program Files\SOYO\HW Monitor\itevio.dll

This tells me the DLL has something to do with a "Hardware Monitor"
for some hardware produced by SOYO (http://www.soyousa.com/).
Assumption: a motherboard.

Then I look at the function names:
Inb, Outb = in and out a byte to/from a port.
Most probable signatures:
int Outb( unsigned short port, int databyte );
int Inb( unsigned short port );
ReadReg, WriteReg = read and write some registry values
No clue about signatures.

But the main point is this: the functions are pretty low level,
even if you will figure out the parameters, there is no much use.
You have to figure out how to control the hardware using such low
level access (port and registryu level).
I can assure you, without documentation it may be not only difficult,
but also risky (not for you, for the motherboard

Mihai

 

[News VS.NET \( MS ILM \)]

Thank you for the info
FYI, I am looking on how to get the temperature of my CPU

Thanks again,

 

[Steve Miller]

Craig,
Thank you
I Searched for depends.exe but could not find it anywhere.
I am using VS.NET may be that is the reason.
possibly the name has changed.

You can always get the latest from...

http://www.dependencywalker.com

- Steve

 

[News VS.NET \( MS ILM \)]

Thank you Steve

"News VS.NET \( MS ILM \)" <[email protected]> wrote in message

You can always get the latest from...

http://www.dependencywalker.com

- Steve