Discussion:
Using VS2008 to view imported functions
(too old to reply)
PaulH
2008-02-29 23:25:00 UTC
Permalink
Can Visual Studio 2008 be used to view a list of the functions
imported by an executable? How?

I can use another application, PE Explorer to do this. But, I can't
seem to get it to find the symbols for the DLLs I want, so all I get
is a list of ordinals.

-PaulH
Alex Blekhman
2008-03-01 00:59:05 UTC
Permalink
Post by PaulH
Can Visual Studio 2008 be used to view a list of the functions
imported by an executable? How?
Not VS itself, but the Dependency Walker tool, which included with
VS. Also, you can alwas download the latest version of Dependency
Walker here: www.dependencywalker.com

HTH
Alex
PaulH
2008-03-03 15:46:09 UTC
Permalink
Post by Alex Blekhman
Post by PaulH
Can Visual Studio 2008 be used to view a list of the functions
imported by an executable? How?
Not VS itself, but the Dependency Walker tool, which included with
VS. Also, you can alwas download the latest version of Dependency
Walker here:www.dependencywalker.com
HTH
Alex
I don't think I've used this before, I like it a lot, thanks!
Unfortunately (but not unexpectedly), it shows the same information as
PE Explorer does. Where can I get the debugging symbols for coredll to
relate those ordinals back to function names?

I can find the regular symbols for XP, 2000, etc... here:
http://www.microsoft.com/whdc/DevTools/Debugging/symbolpkg.mspx
But, this is a windows mobile 2005 platform, and I don't see symbols
for that anywhere.

Thanks,
PaulH
Alex Blekhman
2008-03-03 17:29:19 UTC
Permalink
Post by PaulH
Unfortunately (but not unexpectedly), it shows the same
information as PE Explorer does. Where can get the debugging
symbols for coredll to relate those ordinals back to function
names?
If a DLL maker didn't include symbols, then you can't see them.
Ordinals is all you have.

Alex
Yuri Rai [Heaventools]
2008-03-02 15:26:53 UTC
Permalink
Paul,
Post by PaulH
I can use another application, PE Explorer to do this. But, I can't
seem to get it to find the symbols for the DLLs I want, so all I get
is a list of ordinals.
That means a list of ordinals is all there is.



Yuri Rai
Heaventools Software
---------------------------------------------------------
PE Explorer: Peeking Inside Your EXE File
Resource Tuner: Extract And Edit Resources With Ease
RTC: Automate Editing of Resources in Windows Executables
http://www.heaventools.com
PaulH
2008-03-03 15:47:00 UTC
Permalink
Post by Yuri Rai [Heaventools]
Paul,
Post by PaulH
I can use another application, PE Explorer to do this. But, I can't
seem to get it to find the symbols for the DLLs I want, so all I get
is a list of ordinals.
That means a list of ordinals is all there is.
Yuri Rai
  Heaventools Software
  ---------------------------------------------------------
  PE Explorer: Peeking Inside Your EXE File
  Resource Tuner: Extract And Edit Resources With Ease
  RTC: Automate Editing of Resources in Windows Executables
 http://www.heaventools.com
Is there any way to relate the ordinals from COREDLL.DLL back to a
function name the way it does for WS2.DLL?

Thanks,
PaulH
PaulH
2008-03-03 15:59:44 UTC
Permalink
Post by Yuri Rai [Heaventools]
Paul,
Post by PaulH
I can use another application, PE Explorer to do this. But, I can't
seem to get it to find the symbols for the DLLs I want, so all I get
is a list of ordinals.
That means a list of ordinals is all there is.
Yuri Rai
  Heaventools Software
  ---------------------------------------------------------
  PE Explorer: Peeking Inside Your EXE File
  Resource Tuner: Extract And Edit Resources With Ease
  RTC: Automate Editing of Resources in Windows Executables
 http://www.heaventools.com
I just re-read my original post and I realize some more information
might be useful. From WS2.DLL, I get information like this:
WS2.dll 00013024h 0040h inet_addr
WS2.dll 00013028h 004Ah sendto
WS2.dll 0001302Ch 002Dh closesocket

For COREDLL.DLL, I get something more like this:
COREDLL.dll 00013000h Ord COREDLL.496
COREDLL.dll 00013004h Ord COREDLL.858
COREDLL.dll 00013008h Ord COREDLL.56


-PaulH
Tom Walker
2008-03-03 16:53:45 UTC
Permalink
Post by PaulH
Post by Yuri Rai [Heaventools]
Paul,
Post by PaulH
I can use another application, PE Explorer to do this. But, I can't
seem to get it to find the symbols for the DLLs I want, so all I get
is a list of ordinals.
That means a list of ordinals is all there is.
Yuri Rai
Heaventools Software
---------------------------------------------------------
I just re-read my original post and I realize some more information
WS2.dll 00013024h 0040h inet_addr
WS2.dll 00013028h 004Ah sendto
WS2.dll 0001302Ch 002Dh closesocket
COREDLL.dll 00013000h Ord COREDLL.496
COREDLL.dll 00013004h Ord COREDLL.858
COREDLL.dll 00013008h Ord COREDLL.56
Like Yuri said, some DLLs only export by ordinal, not by name. For example
the MFC DLLs do this. The .def file used for building mfc90.dll has entries
that look like this:

EXPORTS
??0CDocument@@***@XZ @ 388 NONAME

where the symbol is exported by ordinal 388 and the NONAME keyword prevents
the name from being exported.
PaulH
2008-03-03 20:45:43 UTC
Permalink
Post by Tom Walker
Post by PaulH
Post by Yuri Rai [Heaventools]
Paul,
Post by PaulH
I can use another application, PE Explorer to do this. But, I can't
seem to get it to find the symbols for the DLLs I want, so all I get
is a list of ordinals.
That means a list of ordinals is all there is.
Yuri Rai
Heaventools Software
---------------------------------------------------------
I just re-read my original post and I realize some more information
 WS2.dll 00013024h 0040h inet_addr
 WS2.dll 00013028h 004Ah sendto
 WS2.dll 0001302Ch 002Dh closesocket
 COREDLL.dll 00013000h Ord COREDLL.496
 COREDLL.dll 00013004h Ord COREDLL.858
 COREDLL.dll 00013008h Ord COREDLL.56
Like Yuri said, some DLLs only export by ordinal, not by name. For example
the MFC DLLs do this. The .def file used for building mfc90.dll has entries
EXPORTS
where the symbol is exported by ordinal 388 and the NONAME keyword prevents
the name from being exported.
So, I would need the .def or the .map and .pdb files to get the names?
j***@gmail.com
2013-06-27 13:57:46 UTC
Permalink
Post by PaulH
Post by Tom Walker
Post by PaulH
Post by Yuri Rai [Heaventools]
Paul,
Post by PaulH
I can use another application, PE Explorer to do this. But, I can't
seem to get it to find the symbols for the DLLs I want, so all I get
is a list of ordinals.
That means a list of ordinals is all there is.
Yuri Rai
Heaventools Software
---------------------------------------------------------
I just re-read my original post and I realize some more information
 WS2.dll 00013024h 0040h inet_addr
 WS2.dll 00013028h 004Ah sendto
 WS2.dll 0001302Ch 002Dh closesocket
 COREDLL.dll 00013000h Ord COREDLL.496
 COREDLL.dll 00013004h Ord COREDLL.858
 COREDLL.dll 00013008h Ord COREDLL.56
Like Yuri said, some DLLs only export by ordinal, not by name. For example
the MFC DLLs do this. The .def file used for building mfc90.dll has entries
EXPORTS
where the symbol is exported by ordinal 388 and the NONAME keyword prevents
the name from being exported.
So, I would need the .def or the .map and .pdb files to get the names?
I know this was posted a long time ago, but where can you find the .def file in the public domain?

Thank you.

Loading...