Re: [BLACKBOX] Decorated names in dlls from [at]} on 2011-06-13 (BB-FullArchive.mbox)

From: [at]} <Alexander>
Date: Mon, 13 Jun 2011 10:55:12 +0600

----boundary-LibPST-iamunique-1619990833_-_-
Content-type: text/plain

Hello!

DGD> I have been having a devil of time getting a dll (given to me by
DGD> a third party) to find the exported procedures.

DGD> Well it turns out that they have "decorated names" produced by C++
DGD> even though the people who created the dll don't know that.
DGD> Only by opening the dll in hex mode and scanning for the supposed
DGD> name was I able to find the actual name.

DGD> Perhaps a comment by Oberon Microsystems in their documentation
DGD> on using dlls in BlackBox would be helpful to others trying to do the same
DGD> thing.

  Can you show an example of expected vs. decorated name?

  To get a list of functions from a DLL I use xlib.exe from the XDS
  compiler suite:

    xlib /edf filename c:\windows\system32\kernel32.dll

  produces filename.edf file looking like this:

LIBRARY KERNEL32.dll

EXPORTS
   AcquireSRWLockExclusive
   AcquireSRWLockShared
   ActivateActCtx
   AddAtomA
   AddAtomW
   AddConsoleAliasA
   AddConsoleAliasW
   AddIntegrityLabelToBoundaryDescriptor
   AddLocalAlternateComputerNameA
   AddLocalAlternateComputerNameW
   AddRefActCtx
   AddSIDToBoundaryDescriptor
   AddSecureMemoryCacheCallback
   AddVectoredContinueHandler
   AddVectoredExceptionHandler
   AdjustCalendarDate
   AllocConsole
   AllocateUserPhysicalPages
   AllocateUserPhysicalPagesNuma
   ApplicationRecoveryFinished
   ApplicationRecoveryInProgress
   AreFileApisANSI
   AssignProcessToJobObject
   AttachConsole
   BackupRead
   BackupSeek
   BackupWrite
   BaseCheckAppcompatCache
   BaseCheckAppcompatCacheEx
   BaseCheckRunApp
   ...

---===---
Alexander

----
To unsubscribe, send a message with body "SIGNOFF BLACKBOX" to LISTSERV{([at]})nowhere.xy----boundary-LibPST-iamunique-1619990833_-_-
Content-type: application/rtf
Content-transfer-encoding: base64
Content-Disposition: attachment; filename="rtf-body.rtf"
e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZnJvbXRleHQgXGRlZmYwe1xmb250dGJsDQp7XGYwXGZz
d2lzcyBBcmlhbDt9DQp7XGYxXGZtb2Rlcm4gQ291cmllciBOZXc7fQ0Ke1xmMlxmbmlsXGZjaGFy
c2V0MiBTeW1ib2w7fQ0Ke1xmM1xmbW9kZXJuXGZjaGFyc2V0MCBDb3VyaWVyIE5ldzt9fQ0Ke1xj
b2xvcnRibFxyZWQwXGdyZWVuMFxibHVlMDtccmVkMFxncmVlbjBcYmx1ZTI1NTt9DQpcdWMxXHBh
cmRccGxhaW5cZGVmdGFiMzYwIFxmMFxmczIwIEhlbGxvIVxwYXINClxwYXINCkRHRD4gSSBoYXZl
IGJlZW4gaGF2aW5nIGEgZGV2aWwgb2YgdGltZSBnZXR0aW5nIGEgZGxsIChnaXZlbiB0byBtZSBi
eVxwYXINCkRHRD4gYSB0aGlyZCBwYXJ0eSkgdG8gZmluZCB0aGUgZXhwb3J0ZWQgcHJvY2VkdXJl
cy5ccGFyDQpccGFyDQpER0Q+IFdlbGwgaXQgdHVybnMgb3V0IHRoYXQgdGhleSBoYXZlICJkZWNv
cmF0ZWQgbmFtZXMiIHByb2R1Y2VkIGJ5IEMrK1xwYXINCkRHRD4gZXZlbiB0aG91Z2ggdGhlIHBl
b3BsZSB3aG8gY3JlYXRlZCB0aGUgZGxsIGRvbid0IGtub3cgdGhhdC5ccGFyDQpER0Q+IE9ubHkg
Ynkgb3BlbmluZyB0aGUgZGxsIGluIGhleCBtb2RlIGFuZCBzY2FubmluZyBmb3IgdGhlIHN1cHBv
c2VkXHBhcg0KREdEPiBuYW1lIHdhcyBJIGFibGUgdG8gZmluZCB0aGUgYWN0dWFsIG5hbWUuXHBh
cg0KXHBhcg0KREdEPiBQZXJoYXBzIGEgY29tbWVudCBieSBPYmVyb24gTWljcm9zeXN0ZW1zIGlu
IHRoZWlyIGRvY3VtZW50YXRpb25ccGFyDQpER0Q+IG9uIHVzaW5nIGRsbHMgaW4gQmxhY2tCb3gg
d291bGQgYmUgaGVscGZ1bCB0byBvdGhlcnMgdHJ5aW5nIHRvIGRvIHRoZSBzYW1lXHBhcg0KREdE
PiB0aGluZy5ccGFyDQpccGFyDQogIENhbiB5b3Ugc2hvdyBhbiBleGFtcGxlIG9mIGV4cGVjdGVk
IHZzLiBkZWNvcmF0ZWQgbmFtZT9ccGFyDQpccGFyDQogIFRvIGdldCBhIGxpc3Qgb2YgZnVuY3Rp
b25zIGZyb20gYSBETEwgSSB1c2UgeGxpYi5leGUgZnJvbSB0aGUgWERTXHBhcg0KICBjb21waWxl
ciBzdWl0ZTpccGFyDQpccGFyDQogICAgeGxpYiAvZWRmIGZpbGVuYW1lIGM6XFx3aW5kb3dzXFxz
eXN0ZW0zMlxca2VybmVsMzIuZGxsXHBhcg0KXHBhcg0KICBwcm9kdWNlcyBmaWxlbmFtZS5lZGYg
ZmlsZSBsb29raW5nIGxpa2UgdGhpczpccGFyDQpccGFyDQpMSUJSQVJZIEtFUk5FTDMyLmRsbFxw
YXINClxwYXINCkVYUE9SVFNccGFyDQogICBBY3F1aXJlU1JXTG9ja0V4Y2x1c2l2ZVxwYXINCiAg
IEFjcXVpcmVTUldMb2NrU2hhcmVkXHBhcg0KICAgQWN0aXZhdGVBY3RDdHhccGFyDQogICBBZGRB
dG9tQVxwYXINCiAgIEFkZEF0b21XXHBhcg0KICAgQWRkQ29uc29sZUFsaWFzQVxwYXINCiAgIEFk
ZENvbnNvbGVBbGlhc1dccGFyDQogICBBZGRJbnRlZ3JpdHlMYWJlbFRvQm91bmRhcnlEZXNjcmlw
dG9yXHBhcg0KICAgQWRkTG9jYWxBbHRlcm5hdGVDb21wdXRlck5hbWVBXHBhcg0KICAgQWRkTG9j
YWxBbHRlcm5hdGVDb21wdXRlck5hbWVXXHBhcg0KICAgQWRkUmVmQWN0Q3R4XHBhcg0KICAgQWRk
U0lEVG9Cb3VuZGFyeURlc2NyaXB0b3JccGFyDQogICBBZGRTZWN1cmVNZW1vcnlDYWNoZUNhbGxi
YWNrXHBhcg0KICAgQWRkVmVjdG9yZWRDb250aW51ZUhhbmRsZXJccGFyDQogICBBZGRWZWN0b3Jl
ZEV4Y2VwdGlvbkhhbmRsZXJccGFyDQogICBBZGp1c3RDYWxlbmRhckRhdGVccGFyDQogICBBbGxv
Y0NvbnNvbGVccGFyDQogICBBbGxvY2F0ZVVzZXJQaHlzaWNhbFBhZ2VzXHBhcg0KICAgQWxsb2Nh
dGVVc2VyUGh5c2ljYWxQYWdlc051bWFccGFyDQogICBBcHBsaWNhdGlvblJlY292ZXJ5RmluaXNo
ZWRccGFyDQogICBBcHBsaWNhdGlvblJlY292ZXJ5SW5Qcm9ncmVzc1xwYXINCiAgIEFyZUZpbGVB
cGlzQU5TSVxwYXINCiAgIEFzc2lnblByb2Nlc3NUb0pvYk9iamVjdFxwYXINCiAgIEF0dGFjaENv
bnNvbGVccGFyDQogICBCYWNrdXBSZWFkXHBhcg0KICAgQmFja3VwU2Vla1xwYXINCiAgIEJhY2t1
cFdyaXRlXHBhcg0KICAgQmFzZUNoZWNrQXBwY29tcGF0Q2FjaGVccGFyDQogICBCYXNlQ2hlY2tB
cHBjb21wYXRDYWNoZUV4XHBhcg0KICAgQmFzZUNoZWNrUnVuQXBwXHBhcg0KICAgLi4uXHBhcg0K
XHBhcg0KXHBhcg0KLS0tPT09PT0tLS1ccGFyDQogQWxleGFuZGVyXHBhcg0KXHBhcg0KXHBhcg0K
LS0tLVxwYXINClRvIHVuc3Vic2NyaWJlLCBzZW5kIGEgbWVzc2FnZSB3aXRoIGJvZHkgIlNJR05P
RkYgQkxBQ0tCT1giIHRvIExJU1RTRVJWQExJU1RTLk9CRVJPTi5DSH19ALk6IXU
----boundary-LibPST-iamunique-1619990833_-_---

Received on Mon Jun 13 2011 - 06:55:12 UTC

This archive was generated by hypermail 2.3.0 : Thu Sep 26 2013 - 06:30:14 UTC