tags:

views:

70

answers:

5
+3  Q: 

Finding external calls in a C++ dll

We currently use a hardware driver's DLL for a particular piece of hardware we interface with. However, we also have an old internally developed DLL written with VC++ around 2002 that wraps that DLL for a few core functions. This code has been long lost, and was developed well before I came on the scene. So, it cannot be supported or even viewed in the case of a failure. We're trying to cut out the middleman by accessing the driver directly from our C#.NET application.

I do know this DLL simply wraps the hardware vendor's DLL, but the method signatures do not equal up. It looks like it is calling multiple driver functions in the single method. My question is this: how would I be able to view all the external calls this wrapper DLL is making to the driver DLL for this particular function? I'm not concerned about any of the other code; I'm fairly certain I can deduce that if I can just figure out the calls it's making to the driver.

Edit: A more concise explanation (that is made up)...

Driver.dll has a function called StartAcquisition(int, string). It also has a variety of setup functions.

Wrapper.dll has a function called StartAcquisition(int, string, double, int).

I suspect Wrapper.dll is calling Driver.dll's StartAcquisition(int, string) in addition to a few other calls (likely those setup functions). I want to know what those other calls could be.

A: 

DLL export viewer

karlphillip  2010-07-23 19:14:28
This simply shows me the exports for a particular DLL. I already know the exports of both the driver and the wrapper DLLs. I want to know which exports of the driver DLL are being called by a particular function in the wrapper DLL.
drharris  2010-07-23 19:19:33
+2  A: 

I think that PE.Explorer might help you.

Even if it doesn't list it directly, you can still get the dissassembly and check for import tables mapping. Maybe by pairing this tool with another one like Windbg or OllyDbg you might get interesting results.

Any tool that can help you WILL have to deal with dissassembly. With the current Portable Executable format (PE), there are explicit sections for imports/exports. To map these tables with code needs some kind of interpretation, that's why I don't think a tool that does it straight away exists.

Eric  2010-07-23 19:52:24
This is a great little disassembler, though there was a several minute learning curve to get it there. Sadly my ability to read assembly is weak, but it was fairly obvious looking at it that it only jumped to one external function, StartAcquisition(). So, I guess I can assume it's not calling any of the other setup functions and the extra variables are likely unused! All it's doing is `push` and `mov`, so I'm assuming it should be a direct move over to the driver DLL minus a few arguments.
drharris  2010-07-23 20:20:02
+1  A: 

You could try a disassembler like IDA Pro (http://www.hex-rays.com/idapro/).

 2010-07-23 19:54:03
I tried this out (IDA Free) after PE.Explorer, and it's a nice disassembler! It did a good job of analysis and allowing me to rename stack variables with highlighting and such. I do wish I could find something where I could input the PInvoke statement and it would automatically match up the variables, but I think this got me far enough.
drharris  2010-07-23 20:23:05
A: 

It looks like you will have to build your own little utility to find and disassemble existing programs, and then use your favorite utility to scan the output text and search for your call. I hope you don't have to, but it might be faster than finding an utility that already does that.

luiscolorado  2010-07-23 20:01:41
A: 

If you have access to the interface of the vendor DLL, you could build your own mock replacement library and put it in the path so the legacy DLL come to use it. The mock library would do nothing and just report when any of the exports was called and when.

ssegvic  2010-07-23 20:02:13
This is a good idea, and what I was planning to do if nobody else came through. But this could have been a several day battle of wills to try to get the exports to match up properly.
drharris  2010-07-23 20:24:14

related questions

Of Memory Management, Heap Corruption, and C++
How do I make a GUI?
Alpha blending sprites in Nintendo DS Homebrew
Thread safe lazy contruction of a singleton in C++
Interview Programming Questions - In house Exam
Link issues (VC6)
What are the barriers to understanding pointers and what can be done to overcome them?
Why are professors or schools picking Java over C++ to teach to students?
What is the best way to create a sparse array in C++
C/C++ library for reading MIDI signals from a USB MIDI device
How do you pack a visual studio c++ project for release?
How to set up unit testing for Visual Studio C++
How do I configure and communicate with a serial port?
Lightweight IDE for Linux
Mapping Stream data to data structures in C#
CPU throttling in C++
Asynchronous multi-direction server-client communication over the same open socket?
Exceptions in C++
Heap corruption under Win32; how to locate?
Build for Windows NT 4.0 using Visual Studio 2005?
C++: Should I use nested classes in this case?
BerkeleyDB Concurrency
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS