What rules apply to the name that ends up in the exports section of an PE (Portable Executable)? Roughly, I see names starting with an '_' underscore, a '?' question mark or an '@' at-sign. What do those mean, and what about the rest of the name? Also - How can I reverse the naming convention into something more usable? ...
I've successfully read a PE header from an unmanaged module loaded into memory by another process. What I'd like to do now is read the names of this module's exports. Basically, this is what I have so far (I've left out a majority of the PE parsing code, because I already know it works): Extensions public static IntPtr Increment(this I...
I'm writing a little PE reader, so I run dumpbin alongside my test application to confirm that the values are being read correctly. Everything it working so far, except for the export table. The file I'm testing with is a DLL. My application reads the file in as a byte array, which gets passed to my PE reader class. The values align wit...
I just found out how to break into the SetTimer function inside a windows dll (user32.dll). link text However i need to know what arguments its called with. I think that the arguments are pushed onto the data stack right before calling the function, but I have found no way to display a threads data stack in visual studio 2010. ...