在 Windows 中查找未记录的 API [英] Finding undocumented APIs in Windows
问题描述
我很好奇人们如何在 Windows 中找到未记录的 API.
I was curious as to how does one go about finding undocumented APIs in Windows.
我知道使用它们所涉及的风险,但这个问题的重点是找到它们,而不是是否使用它们.
I know the risks involved in using them but this question is focused towards finding them and not whether to use them or not.
推荐答案
使用工具从共享库(例如,kernel32.dll 等 .dll)中转储导出表.您将看到命名入口点和/或有序入口点.通常对于 Windows,命名的入口点是未损坏的(extern "C").您很可能需要查看汇编代码并从堆栈帧(如果有的话)和寄存器用法派生参数(类型、数字、顺序、调用约定等).如果没有堆栈帧,这有点困难,但仍然可行.参考以下链接:
Use a tool to dump the export table from a shared library (for example, a .dll such as kernel32.dll). You'll see the named entry points and/or the ordinal entry points. Generally for windows the named entry points are unmangled (extern "C"). You will most likely need to do some peeking at the assembly code and derive the parameters (types, number, order, calling convention, etc) from the stack frame (if there is one) and register usage. If there is no stack frame it is a bit more difficult, but still doable. See the following links for references:
- http://www.sf.org.cn/symbian/Tools/symbian_18245.html
- http://msdn.microsoft.com/en-us/library/31d242h4.aspx
查看诸如 dumpbin 等工具用于调查出口部分.
Check out tools such as dumpbin for investigating export sections.
还有一些网站和书籍试图保留未记录的 Windows API 的更新列表:
There are also sites and books out there that try to keep an updated list of undocumented windows APIs:
这些相同的原则适用于多种操作系统,但是,您需要更换用于转储导出表的工具.例如,在 Linux 上,您可以使用 nm 转储目标文件并列出它的出口部分(除其他外).您还可以使用 gdb 设置断点并逐步执行入口点的汇编代码以确定参数应该是什么.
These same principles work on a multitude of operating systems however, you will need to replace the tool you're using to dump the export table. For example, on Linux you could use nm to dump an object file and list its exports section (among other things). You could also use gdb to set breakpoints and step through the assembly code of an entry point to determine what the arguments should be.
这篇关于在 Windows 中查找未记录的 API的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
