7

I know it's impossible to reverse a dll into a c++ code so I would like to collect as much as possible details from it. It's not my dll, so I don't have the source code of course. Which program should I use?

Imri Persiado
  • 1,857
  • 8
  • 29
  • 45
  • 1
    A popular binary reverse engineering tool is IDA Pro – there's a free version, that suffice most basic needs. – datenwolf Mar 01 '13 at 01:36
  • 2
    Do you have some understanding of what the DLL does? How large is it? Do you know what language it was written in originally? What are you actually trying to achieve? – Mats Petersson Mar 01 '13 at 01:36
  • 1
    I added some "key phrases" as tags. Look them up. –  Mar 01 '13 at 01:48
  • It's definitely not "impossible". Difficult, maybe, but if you have the code, you can almost always write an equivalent source that will produce the same results. Though it may take a long time. – Igor Skochinsky Mar 01 '13 at 10:50

3 Answers3

16

Well, if you are skilled you can disassemble the DLL and understand all of its functions. This takes a substantial amount of time, but if you do that you can reverse it back to source by hand.

Otherwise, you can start by using a tool like Dependency Walker to get the DLLs and functions it depends on, and the functions it exports. From there you can find functions that interest you, and use a disassembler like IDA to see what they do.

nneonneo
  • 171,345
  • 36
  • 312
  • 383
  • 3
    No one, except silly people who have too much time at their hand would reverse *everything*. You'd always go with something like IDA and follow the call paths that interest you. Besides, you can see exports in IDA itself. No need for an intermediary. +1 still – 0xC0000022L Mar 01 '13 at 02:30
  • 3
    Not everyone has IDA, or wants to learn it. So, I suggest Dependency Walker as a very simple way to get useful information. (Of course, if you are good at IDA, you can of course do everything there :) ) – nneonneo Mar 01 '13 at 02:32
2

You can see the list of exported functions by using the dumpbin tool. If C++ functions are exported, you might be able to infer parameters by the name mangling.

You can extract all the resources from the DLL by just "opening" it as a file for resource viewing in Visual Studio. If the DLL is a COM based DLL, there's a small chance the Type Library is embedded as a resource inside it. And if you have the Type Library, you can #import it to reconstruct the header files for the public interfaces.

That's about as good as it gets.

selbie
  • 100,020
  • 15
  • 103
  • 173
  • 1
    I disagree that that's about as good as it gets - it all depends how much time/skill/effort you have available. See nneonneo's answer. – JBentley Mar 01 '13 at 01:49
1

You need a PE file viewer. This will tell you the exports from the DLL and you can get the data in the .text section to see the machine code.

James
  • 9,064
  • 3
  • 31
  • 49