在DLL中调用未导出的函数 [英] Calling a non-exported function in a DLL

问题描述

我有一个加载DLL的程序，我需要调用其中包含的非导出函数之一。有什么办法可以通过在调试器中搜索或者其他方式来做到这一点吗？在任何人问之前，是的，我有原型和功能的东西。

解决方案

是的，至少有一些，但是这不是一个好主意。

在C / C ++中，所有的函数指针都是内存中的一个地址。所以如果你以某种方式找到这个函数的地址，你可以调用它。

让我问一些问题，你怎么知道这个DLL包含这个功能？你有源代码吗？否则我不知道你如何知道这个功能是存在的还是可以安全的。但是如果你有源代码，那么只是暴露了这个功能。如果DLL的作者没有公开这个功能，他们从来没有希望你可以调用它，并可以随时更改/删除实现。

警告一边，你可以找到功能地址，如果您有调试符号或 MAP文件你可以在DLL中找到偏移量。如果你没有任何DLL，那么没有办法知道DLL中的哪个函数存在，它不存储在DLL本身中。

一旦你有偏移量，你可以把它插入代码，如下所示：

  const DWORD_PTR funcOffset = 0xDEADBEEF; 
 typedef void（* UnExportedFunc）（）; 
 
 .... 
 void CallUnExportedFunc（）{
 //这将获得DLL基地址（可以变化）
 HMODULE hMod = GetModuleHandle（My .DLL）; 
 // Calculatete acutal address 
 DWORD_PTR funcAddress =（DWORD_PTR）hMod + funcOffset; 
 //将地址转换为函数poniter 
 UnExportedFunc func =（UnExportedFunc）funcAddress; 
 //调用函数
 func（）; 
} 
  

同时意识到这个函数的偏移将改变每次重建DLL所以这很脆弱，让我再说一次，不是一个好主意。

I have a program which loads DLLs and I need to call one of the non-exported functions it contains. Is there any way I can do this, via searching in a debugger or otherwise? Before anyone asks, yes I have the prototypes and stuff for the functions.

解决方案

Yes there is, at least sort of, but it isn't a good idea.

In C/C++ all a function pointer is, is an address in memory. So if you somehow where able to find the address of this function you could call it.

Let me ask some questions though, how do you know this DLL contains this function? Do you have the source code? Otherwise I don't know how you could know for certain that this function exists or if it is safe to call. But if you have the source code, then just expose the function. If the DLL writer didn't expose this function, they never expect you to call it and can change/remove the implementation at any time.

Warnings aside, you can find the function address if you have debug symbols or a MAP file you can find the offset in the DLL. If you don't have anything but the DLL, then there is no way to know where that function exists in the DLL - it is not stored in the DLL itself.

Once you have the offset you can then insert that into the code like so:

const DWORD_PTR funcOffset = 0xDEADBEEF;
typedef void (*UnExportedFunc)();

....
void CallUnExportedFunc() {
     // This will get the DLL base address (which can vary)
     HMODULE hMod = GetModuleHandle("My.dll"); 
     // Calcualte the acutal address 
     DWORD_PTR funcAddress = (DWORD_PTR)hMod + funcOffset;
     // Cast the address to a function poniter
     UnExportedFunc func = (UnExportedFunc)funcAddress;
     // Call the function
     func();
}

Also realize that the offset of this function WILL CHANGE EVERY TIME the DLL is rebuilt so this is very fragile and let me say again, not a good idea.

这篇关于在DLL中调用未导出的函数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！