How to get the function name from the ordinal number in a COM dll

views:

608

answers:

+1 Q:

How to get the function name from the ordinal number in a COM dll

Hi, I am trying to get actual function names from their ordinal numbers from a COM dll. I tried using dumpbin.exe but it only returns [NONAME] for each ordinal (except the first few).

    ordinal hint RVA      name

         21    0 00002439 DllCanUnloadNow
         25    1 00007F41 DllGetClassObject
        116    2 0000539C DllMain
        138    3 00008633 DllRegisterServer
        176    4 00008640 DllUnregisterServer
          1      0009152E [NONAME]
          2      00154CA7 [NONAME]
          3      00154C0B [NONAME]
          4      000140C9 [NONAME]
        ...

The directory containing the .dll file doesn't contain any other files (*.tlb, *.lib, *.def).

Could someone tell me how to get a list of these? Or at least the name of a specific ordinal using registry or something?

[EDIT: Additional info] I cannot find the .def file for the COM dll, so I cannot use it to get the name. I am not interested in instantiating the COM class, I only want to know what function is related to a specified ordinal.

My original problem is that I have found an exception using WinDbg, which happens in ChartFXClientServerCore!Ordinal5507(+0x97b7), so I would like to see the specific function to try to isolate the problem.

+2 A:

You can use the OleView tool (OLE/COM Object Viewer), which ships (among others) with the Windows SDK, http://www.microsoft.com/downloads/details.aspx?FamilyId=F26B1AA4-741A-433A-9BE5-FA919850BDBF&displaylang=en. In that tool, go to File->View TypeLib and then browse to your DLL.

EDIT: In response to the question about the relationship between DLL ordinals and method names exposed by the typelib: It is not too common for methods exposed via COM to be also exposed via the DEF file or via __declspec(dllimport). Typically you access COM methods via their IUnknown-derived interface, after having created the corresponding class via CoCreateInstance() or similar.

The programmer of the DLL can also choose to expose some of the COM methods in the DEF file, but AFAIK the only way to figure out the mapping is to look at the output of dumpbin /exports, un-decorate the returned names (with undname.exe) and visually find a correspondence in the typelib.

Guido Domenici 2009-03-16 08:47:31

Thanks, I am browsing my file using the tool right now, but just can't find the relation between the ordinal number and the function name.I can't find the .def file for the library, so I have no idea how this tool works (does it get the info from registry or something?)

Groo 2009-03-16 09:25:35

If your COM component is not marked safe for scripting, it's likely that OLEView will not have any real information (i.e. it's not ment to be called from a script, so all the info (typelib) for how to call it is compiled in via the idl).

Something like mIDA can get you most of that information. You could also search openrce, for NDR RPC IDL, also on woodmann, try the symbolviewer. (RIP fravia).

RandomNickName42 2009-07-18 14:12:51

ansaurus

tags:

views:

answers:

How to get the function name from the ordinal number in a COM dll

related questions