DLL monitoring

Question

DLL monitoring

Is there an application that allows me to see what is being sent to the DLL from the process?

I have a process, and I have a DLL, and I would like to track the parameters that are sent to the functions so that I can use the DLL myself.

EXPORT DLLs.

?? 0CCPCompressor @@ AAE @XZ
?? 0CCPExpandor @@ AAE @XZ
?? 1CCPCompressor @@ AAE @XZ
?? 1CCPExpandor @@ AAE @XZ
? Clear @CCPCompressor @@ QAEHXZ
? Clear @CCPExpandor @@ QAEHXZ
..Compress @CCPCompressor ..
..Delete @CCPCompressor ..
..Delete @CCPExpandor ..
..Expand @CCPExpandor ..
..Free @CCPCompressor ..
..Free @CCPExpandor ..
.. Init @CCPCompressor ..
..Init @CCPExpandor ..
..New @CCPCompressor ..
..New @CCPExpandor ..

+3

c ++ windows dll

None__ Oct 25 '10 at 20:09

source share

4 answers

Eugene Mayevski 'Allied Bits · Answer 1 · 2010-10-25T20:35:01+0000

, . , DLL, , . : DoMathOperation (Add, 1, 2), , DoMathOperation (Multiply, 2, 2), , .

Chris Becke · Answer 2 · 2010-10-26T08:01:28+0000

- dll dll, , . DLL LoadLibrary dll .

: dll ++, : ++ , ++ "" ++ ( GetProcAddress) .

, dim , .

, , dll :

Shim1:

dll defintion, dll, :

 class __decldpec(dllexport) CCPCompressor {
  ...

Depends , Undname.exe Visual Studio.

LoadLibrary(), shimdll2.dll, dll. GetProcAddress() , shimdll2.dll

Shim2:

dll dim dll, . DLL dll :

class __declspec(dllimport) CCPCompressor {
  ...

dll, dll, . shim2.dll, shim1.dll , CCPCompressor.

NB. : CCPCompressor , , , , DLL-, ( ).

: Visual Studio 20XX "" > "" > "Visual Studio 20XX → ".

c:\...\VC>undname ?Clear@CCPCompressor@@QAEHXZ
Microsoft (R) C++ Name Undecorator

Undecoration of :- "?Clear@CCPCompressor@@QAEHXZ"
is :- "public: int __thiscall CCPCompressor:Clear(void)"

c:\...\VC>_

, dll (undname - , ), , def.

Daniel Mošmondor · Answer 3 · 2010-10-26T10:42:23+0000

detours, ?

:

. , . .

Detours - Win32 x86, x64 IA64. Detours Win32, . Detours DLL ( ) Win32.

( ) . .

Detours , DCOM, thunking COM- OS API. Microsoft .

Mark gk · Answer 4 · 2011-10-19T05:07:15+0000

The only reliable way is to debug your program (using any debugger like OllyDBG), and set a breakpoint on the desired export function. Then you can simply track the stack parameters sent to the calling function. This is only the beginning, you need to fully analyze the functional commands in the debugger or disassembler to find out what each parameter does and its type.

DLL monitoring

More articles: