Is Export table contains all entries of Win32 Exe functions?

Use dumpbin that comes with Visual Studio C++ Express or download the OpenWatcom C/C++ package and in there there is a wdump associated with it...

Open Watcom Executable Image Dump Utility Version 1.8
Portions Copyright (c) 1984-2002 Sybase, Inc. All Rights Reserved.
Source code is available under the Sybase Open Watcom Public License.
See http://www.openwatcom.org/ for details.

Usage: wdump [-?abdefipqrsx] [-A] [-B] [-D] [-S] 
   is a DOS EXE file, a Windows or OS/2 executable or DLL,
            a PharLap executable, NLM, a QNX executable,
            an ELF executable, shared library or object file,
            or a COFF object.

Edit: You cannot extract those export functions directly by programmatic means, the utility above will show the addresses using the command line switches including showing the address of the export functions for the 'LoadLibrary', 'FreeLibrary'. When a call to 'GetProcAddress' is used, internally, it is doing a look up on the export directory to find the relevant address of the exported function prior to returning back a function pointer for that exported function.

Edit#2: @UsMan: You can dump the addresses of the exports functions, but to find the signatures is not easy as you would need to disassemble the relevant EXE's and work out the parameters from looking at the call stack. Other than that, if you have a 3rd party DLL, but does not come with a header file and lib file, to show you the function signatures...you are pretty much out of luck except disassemble the code...If you are talking about a release EXE or DLL, it will be harder as the debugging info would have been stripped thereby, loading it into the debugger to work out the stack, calls used and parameters which would be a moot point.

Can you please edit your question to make it more specifically clearer on what is your objective as I'm shooting myself in the foot and risk getting downvoted as a result of your dis-satisfaction with this answer....is it an MFC, ATL, DLL, what is the EXE, DLL, etc...

What it'll do..To me It will temporary show all the lists of non exported funcs(simple Win32 Exe functions). I need to Extract all of those prgramatically and required addresses of all of those to call them as well.

Usman 2010-03-17 16:10:39

@Usman: you DO have Visual Studio ? And no, it is not 'temporary show all the lists of non-exported functions'...

tommieb75 2010-03-17 16:28:15

yup Visual Studio 2008.NET , VS.2003.NET .My job is to extract all signatures of Win32 exe(Not Win32 DLL's Exported funcs. I know every export table contains all functions addresses and decorated names).I need to EXTRACT ADDRESSES OF WIN 32 EXE FUNCS and FULL SIGNATURES.

Usman 2010-03-17 16:38:47

@tommieb75 : Let say I have simplest Win32 Exe having function say..void TestFunc(int x,int y){cout<<"do nothing"}. I need to test this Exe(name it Test.exe).As this is not the DLL, so I can't it load into my testing(another Exe) exe. What my testing exe need all test.exe's TestFunc signature, so that it should know how much arguments TestFunc have and their types(let say i display signature on MFC GUI and later on user will interact with it). When this function after that needs to be called by other exe(in my case Tester exe), it also need to know about its address along with its params. How?

Usman 2010-03-17 17:50:14

So here there are two EXEs. One a tester exe(Which is going to test other EXES) and other one is testing exe(Which one is going to be tested). Tester exe needs to know all function signatures, parameters which it taking and finally the address which it needs to know FOR CALLING that function(it was TestFunc).See how I will call.TESTING.EXEvoid TestFunc(int,x,int y){ cout<<"do nothing";}TESTER.EXE_asm{ push arg_1 push arg_2 push arg_n call proc ; this would be address of that function which is inside another exe(TESTING EXE)}

Usman 2010-03-17 17:55:06

@Usman: Use LoadLibrary to load the Executable...see here http://msdn.microsoft.com/en-us/library/ms684175(VS.85).aspx, it is not just confined to just DLLs! You're asking for a very awkward question...signature wise, if you know the signature, then that should not be a problem...you cannot just pull in some EXE and guess what signature that function is...unless you *know* what is the signature as per a header file which clues you in on it...

tommieb75 2010-03-17 19:01:29

OK Sir LoadLibrary was'nt actually a problem. by any means we can load the Win 32 Exe(either by spawning a new process or just use any other Win32 API function to execute Win32 Exe in memory)!! I AM TALING ABOUT RUNTIME INVOKING OF METHODS by MY CHOICE.AT ANY TIME USER CAN CLICK MFC GUI(ON which all signatures of methods contained in Win32 Exe). Now user at its own choice can right click on any function signature and select "EXECUTE"...Sir this decision is being at RUNTIME which function user want to execute. So this would be execute handler which needs to know then addresses and all params.

Usman 2010-03-18 07:35:12

And at Last !! Executer(Which dynamically on RUNTIME executes functions) is standalon one exe(I called it TESTER.EXE) and another EXE is TESTING Exe(of which all signatures being pulled out on MFC GUI) which will test call all those functions, So here that exe needs to know the addresses of all those functions and parameters as well. THIS PROBLEM IS CALLING FUNCTIONS AT RUNTIME. At RUNTIME USER WILL MADE DECSISION AT WHICH FUNCTION HE/SHE WANTS TO EXECUTE. This is not compile time problem. No code generation is expected here.Just like we call DLL functions via GetProcAddress at runtime.

Usman 2010-03-18 07:43:12

In fact this would be kind OF REVERSE ENGINEERING

Usman 2010-03-18 08:21:05

I am stripping all debugging information to seperate PDB file and my project compiled as "Release" mode.

Usman 2010-03-17 16:13:08

@Usman: Assuming the pdb file is available, you can use Windows' debug functions (especially SymInitialize and company) to get data about the functions (exported or otherwise).

Jerry Coffin 2010-03-17 16:35:33

If really is it possible in the presence of dbg files, that we can take all the addresses of non exported, simple win32 exe funcs and addresses then dbghelp api would assist to perform all of those operations? That would be nice enough.

Usman 2010-03-17 16:42:57

Usman 2010-03-17 16:50:43

Yes, the debug API can use symbols in PDB, DBG, CV, and at least a couple of other formats I don't remember right away. I believe it also allows you to add your own DLL to allow a debugger to access symbols in other fiel formats as well (though I'm going from memory there, and have never done it, so I could be remembering incorrectly).

Jerry Coffin 2010-03-17 17:12:22

ansaurus

tags:

views:

answers:

Is Export table contains all entries of Win32 Exe functions?

related questions