views:

452

answers:

4

I need to parse plain Win32 DLL/Exe and need to get all imports and exports from it and to show it on console or GUI(say Win Forms). Is it possible to parse Win32 DLL/Exe in C#.NET, read its export table,import table and get managed types from it. As its unmanaged PE(.NET doesn't allows you to convert unmanaged PE files to managed .NET assemblies, only it generates COM managed assemblies).

So how to parse export and import tables of PE files and take all methods(signatures from it) in managed form.(e.g if char* as argument, it should display as IntPtr)

A: 

There is an open source project on codeplex called "PInvoke Interop Assistant" which allows extraction of method signatures from native dlls i.e for exported functions:

http://clrinterop.codeplex.com/releases/view/14120

If your intentions comply with the licensing agreement, perhaps you could look at the source code for that.

Update

Oops jumped the gun there. The tool I mentioned above does not work with native dlls, it only works with header files...

chibacity
This is only for COM. You have to first convert unmanaged COM binary to managed assembly using tlbimp.exe and then this will show up all signatures. For case of plain Win32(Exe/Dll), first we cannot convert it to manage assemblies(i.e Interop not possible for getting types) As tlbimp always looks for tlbs which are part of COM binaries. So Win32 DLL failed to be work for InterOp Assistant
Usman
It is not for COM, it is for generating PInvoke signatures but does not actually work with native dlls - only header files. I will edit my answer.
chibacity
+2  A: 

As regards the second part of your question, getting the method signatures, this is, as a general rule, impossible. That information is not usually stored in the PE itself. For C++ functions it can be possible, because the mangled name will encode that information, but many DLLs do not expose C++ interfaces. For COM interfaces, this information is stored in a type library, often embedded as a resource in the PE. To see if this is possible for the specific dlls you have in mind you can use dumpbin and undec to see if the functions are C++ mangled names. If not, you will need some other source of information like header files to create proper P/Invoke signatures (in which case you probably don't need to parse the PE file).

Logan Capaldo
+1  A: 

Parsing PE files is possible using the Microsoft Portable Executable Specification Document. However, as Logan noted, the signatures are not included in the PE file; only the names of the exported functions are included.

UPDATE: If your dll is a C++ dll created by a recent version of Microsoft's C++ compiler, then you can undecorate the mangled name to get most of the signature by calling this function: UnDecorateSymbolName from Debugging Tools for Windows. However, the return value is not included in the mangled name.

Stephen Cleary
names are decorated. When you undecorate them you get exact signatures(apart from parameter names, just types). SO by this way you got almost 90% of the signature.
Usman
The vast majority of Windows's DLLs have C style interfaces and unmangled names with no parameter information. If you have some specific dlls in mind, then like I said you can check those with dumpbin.
Logan Capaldo
See updated answer re undecorating mangled C++ names.
Stephen Cleary
yes this is what actual answer is..We can undecorate the mangled C++ name and can get actual signature most of but return type if not included then problems and worries here..:-(
Usman
A: 

There is a parser known as PeParser - available at www.wintor.net/en/pestudio.html. Using PInvoke, you can consume it from .NET and get details shown by PeStudio.

marc ochsenmeier