C++ 在没有标题的c ++ dll中调用函数

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/554551/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-08-27 15:56:27  来源:igfitidea点击:

Call function in c++ dll without header

c++dllsignaturemethod-signaturedumpbin

提问by mileschet

I would like to call a method from an dll, but i don't have the source neither the header file. I tried to use the dumpbin /exports to see the name of the method, but i can found the methods signature?

我想从 dll 调用一个方法,但我没有源文件和头文件。我尝试使用 dumpbin /exports 来查看方法的名称,但是我可以找到方法签名?

Is there any way to call this method?

有没有办法调用这个方法?

Thanks,

谢谢,

采纳答案by Peter Neubauer

It is possible to figure out a C function signature by analysing beginnig of its disassembly. The function arguments will be on the stack and the function will do some "pops" to read them in reverse order. You will not find the argument names, but you should be able to find out their number and the types. Things may get more difficult with return value - it may be via 'eax' register or via a special pointer passed to the function as the last pseudo-argument (on the top of the stack).

可以通过分析其反汇编的开始来找出 C 函数签名。函数参数将在堆栈上,函数将执行一些“弹出”操作以相反的顺序读取它们。您不会找到参数名称,但您应该能够找到它们的编号和类型。返回值可能会变得更加困难 - 它可能通过“eax”寄存器或通过作为最后一个伪参数(在堆栈顶部)传递给函数的特殊指针。

回答by zdan

If the function is a C++ one, you may be able to derive the function signature from the mangled name. Dependency Walkeris one tool that will do this for you. However, if the DLL was created with C linkage (Dependency Walker will tell you this), then you are out of luck.

如果该函数是 C++ 函数,则您可以从损坏的名称中导出函数签名。Dependency Walker是一种可以为您执行此操作的工具。但是,如果 DLL 是使用 C 链接创建的(Dependency Walker 会告诉您这一点),那么您就不走运了。

回答by dirkgently

The C++ language does not know anything about dlls.

C++ 语言对 dll 一无所知。

Is this on Windows? One way would be to:

这是在 Windows 上吗?一种方法是:

  • open the dll up in depends.exeshipped with (Visual Studio)
  • verify the signature of the function you want to call
  • use LoadLibrary()to get load this dll (be careful about the path)
  • use GetProcAddress()to get a pointer to the function you want to call
  • use this pointer-to-function to make a call with valid arguments
  • use FreeLibrary()to release the handle
  • depends.exe(Visual Studio) 中打开 dll
  • 验证要调用的函数的签名
  • 使用LoadLibrary()得到加载这个DLL(小心的路径)
  • 用于GetProcAddress()获取指向要调用的函数的指针
  • 使用此函数指针以有效参数进行调用
  • 用于FreeLibrary()释放手柄

BTW: This method is also commonly referred to as runtime dynamic linking as opposed to compile-time dynamic linking where you compile your sources with the associated libfile.

顺便说一句:此方法通常也称为运行时动态链接,而不是编译时动态链接,您可以在其中使用关联lib文件编译源代码。

There exists some similar mechanism for *nixes with dlopen, but my memory starts to fail after that. Something called objdumpor nmshould get you started with inspecting the function(s).

*nixes with 存在一些类似的机制dlopen,但在那之后我的记忆开始失败。调用objdumpnm应该让您开始检查函数的东西。

回答by Peter Neubauer

As you have found, the exports list in a DLL only stores names, not signatures. If your DLL exports C functions, you will probably have to disassemble and reverse engineer the functions to determine method signatures. However, C++ encodes the method signature in the export name. This process of combining the method name and signature is called "name mangling". This Stackoverflow questionhas a reference for determining the method signature from the mangled export name.

如您所见,DLL 中的导出列表仅存储名称,而不存储签名。如果您的 DLL 导出 C 函数,您可能需要对这些函数进行反汇编和逆向工程以确定方法签名。但是,C++ 在导出名称中对方法签名进行编码。这种将方法名称和签名组合在一起的过程称为“名称修改”这个 Stackoverflow 问题有一个参考,用于从损坏的导出名称确定方法签名。

Try the free "Dependency Walker" (a.k.a. "depends")utility. The "Undecorate C++ Functions" option should determine the signature of a C++ method.

试用免费的“Dependency Walker”(又名“depends”)实用程序。“Undecorate C++ Functions”选项应确定 C++ 方法的签名。

回答by HUAGHAGUAH

Calling non-external functions is a great way to have your program break whenever the 3rd party DLL is updated.

调用非外部函数是让您的程序在 3rd 方 DLL 更新时中断的好方法。

That said, the undnameutility may also be helpful.

也就是说,undname实用程序也可能会有所帮助。

回答by Matt

If you indeed know or strongly suspect the function is there, you can dynamically load the DLL with loadLibrary and get a pointer to the function with getProcAddress. See MSDN

如果您确实知道或强烈怀疑该函数存在,则可以使用 loadLibrary 动态加载 DLL,并使用 getProcAddress 获取指向该函数的指针。见MSDN

Note that this is a manual, dynamic way to load the library; you'll still have to know the correct function signature to map to the function pointer in order to use it. AFAIK there is no way to use the dll in a load-time capability and use the functions without a header file.

请注意,这是一种手动、动态加载库的方式;您仍然必须知道正确的函数签名才能映射到函数指针才能使用它。AFAIK 无法在加载时功能中使用 dll 并使用没有头文件的函数。