0

It's possible to call a function from a DLL file without knowing about function prototype ? I try to extract all exported function from a DLL file using pe-parser library, But i only have the function name and i don't know about function input/output. Is there any solution to find exported function input/output from dll files ? or call functions without knowing about function prototype ?

WhozCraig
  • 65,258
  • 11
  • 75
  • 141
Ghasem Ramezani
  • 2,683
  • 1
  • 13
  • 32
  • 2
    You can certainly call a function in the DLL without knowing its signature, but unless you happen to get the signature correct, the program will have undefined behaviour. The arguments the function needs will be picked from the stack, and if you haven't put those arguments there, it'll pick what it can find on the stack, believing that it is indeed proper arguments. The same goes for the return value. This is not the correct way. – Ted Lyngmo Nov 24 '19 at 11:22
  • 3
    Not sure what you're trying to do, but the short answer is no, there isn't. You have to know what you're calling before you call it. Just having the function address isn't enough, and short of some c++ name demangling and/or some significant time on the business end of a disassembler, you just don't have it. that's why libraries intending to be publicly called provide proper headers describing arguments, calling convention, etc. – WhozCraig Nov 24 '19 at 11:22
  • @WhozCraig, _headers describing arguments_ I don't have header file. And find exported function inside DLL file but i don't know how can i call the function. – Ghasem Ramezani Nov 24 '19 at 13:06
  • 4
    I understand what you want. What I (and everyone else) is telling you is *there is no silver bullet to get it*. As the prophet Jagger proclaimed decades ago, "You can't always get what you want." Without a function pointer type with proper calling convention and argument description, the best you can do is ad-hoc, hit-and-miss, old-school disassembly. That's a bumpy ride, so best of luck. If you had the PDB, it would help immensely, but if you don't even have a header, I'm assuming a PDB is way off the radar. – WhozCraig Nov 24 '19 at 13:09

2 Answers2

2

TL;DR - No.

In order to call the function properly, you need to know the function prototype. It is usually provided in an h file that ships with the DLL.

You can try to reverse-engineer the DLL in order to figure out the prototype but this information is not a part of the PE file.

If you have a PDB file you can extract the relevant information from it. See this answer.

Yosef Arbiv
  • 360
  • 2
  • 9
1

I don't understand why everybody is surprised, it is perfectly normal question. There is a program, named "Dependency walker" by Steve P.Miller: https://www.dependencywalker.com/ This program was once distributed with Windows SDK, but at some point Microsoft decided to forget about it. I am still using this program.

I use version 2.2.6000, built on October 29, 2006, it is perfectly fine.

Andrei Kalantarian
  • 346
  • 1
  • 8