在DLL调用不导出函数 [英] Calling a non-exported function in a DLL

问题描述

我有它加载的DLL程序，我需要调用它包含非导出的功能之一。有没有什么办法可以做到这一点，通过在调试器或其他搜索？有人问之前，是我对函数的原型和东西。

I have a program which loads DLLs and I need to call one of the non-exported functions it contains. Is there any way I can do this, via searching in a debugger or otherwise? Before anyone asks, yes I have the prototypes and stuff for the functions.

推荐答案

是的，有，至少那种，但它是不是一个好主意。

Yes there is, at least sort of, but it isn't a good idea.

在C / C ++所有的函数指针，是在内存中的地址。所以，如果你以某种方式在哪里能找到这个函数的地址，你可以把它。

In C/C++ all a function pointer is, is an address in memory. So if you somehow where able to find the address of this function you could call it.

让我问一些问题，虽然，你是怎么知道这个DLL包含此功能？你有源$ C ​​$ C？否则，我不知道你怎么能肯定知道这个功能的存在，或者如果它是安全的呼叫。但如果你有源$ C ​​$ C，那么就暴露功能。如果DLL作家没有揭穿这个功能，他们从来没有指望你调用它，可以更改/删除随时实施。

Let me ask some questions though, how do you know this DLL contains this function? Do you have the source code? Otherwise I don't know how you could know for certain that this function exists or if it is safe to call. But if you have the source code, then just expose the function. If the DLL writer didn't expose this function, they never expect you to call it and can change/remove the implementation at any time.

警告放在一边，你可以，如果你有调试符号或一个的地图文件你可以找到DLL中的偏移量。如果你没有什么，但DLL，那么有没有办法知道在DLL中存在的功能 - 它没有存储在DLL本身

Warnings aside, you can find the function address if you have debug symbols or a MAP file you can find the offset in the DLL. If you don't have anything but the DLL, then there is no way to know where that function exists in the DLL - it is not stored in the DLL itself.

一旦偏移则可以插入到code，像这样：

Once you have the offset you can then insert that into the code like so:

const DWORD_PTR funcOffset = 0xDEADBEEF;
typedef void (UnExportedFunc)();

....
void CallUnExportedFunc() {
     // This will get the DLL base address (which can vary)
     HMODULE hMod = GetModuleHandle("My.dll"); 
     // Calcualte the acutal address 
     DWORD_PTR funcAddress = (DWORD_PTR)hMod + funcOffset;
     // Cast the address to a function poniter
     UnExportedFunc func = (UnExportedFunc)funcAddress;
     // Call the function
     func();
}

也意识到这个功能失调会改变每次DLL被重建，所以这是很脆弱的，让我再说一遍，不是一个好主意。

Also realize that the offset of this function WILL CHANGE EVERY TIME the DLL is rebuilt so this is very fragile and let me say again, not a good idea.

这篇关于在DLL调用不导出函数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！