DLL简单分析与调用方法

最近为了分析一个没有代码的DLL有哪些函数，找了各种方法。

把结果分享一下：三个方法都没法得到函数的参数，有点让我失望。

DLL Export Viewer 

NikPEViewer

Dumpbin

配置说明参考：https://docs.microsoft.com/en-us/previous-versions/756as972%28v%3dvs.140%29

C:\Program Files (x86)\Microsoft Visual Studio\2017\Professional\VC\Tools\MSVC\14.15.26726\bin\Hostx64\x64>dumpbin.exe /exports C:\bregonig.dll
Microsoft (R) COFF/PE Dumper Version 14.15.26730.0
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file C:\bregonig.dll

File Type: DLL

  Section contains the following exports for bregonig.dll

    00000000 characteristics
    5413D4DA time date stamp Sat Sep 13 14:23:38 2014
        0.00 version
           1 ordinal base
          20 number of functions
          20 number of names

    ordinal hint RVA      name

          1    0 000501D0 BMatch
          2    1 00050200 BMatchEx
          3    2 00051460 BMatchExW
          4    3 00051430 BMatchW
          5    4 000501A0 BRegexpVersion
          6    5 00051400 BRegexpVersionW
          7    6 00050450 BRegfree
          8    7 00050450 BRegfreeW
          9    8 000503E0 BSplit
         10    9 000515A0 BSplitW
         11    A 00050230 BSubst
         12    B 00050260 BSubstEx
         13    C 000514C0 BSubstExW
         14    D 00051490 BSubstW
         15    E 00050290 BTrans
         16    F 000514F0 BTransW
         17   10 00050470 BoMatch
         18   11 00051610 BoMatchW
         19   12 00050540 BoSubst
         20   13 000516E0 BoSubstW

  Summary

        6000 .data
        3000 .reloc
        1000 .rsrc
       75000 .text

DLL调用方法

        [DllImport("GP\\GPP.dll", EntryPoint = "GPPGetString", CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
        static extern int getString(int nFont, int nBtwChar, string psString, int nSize, int nFontSizeVal);

CallingConvention的设置是依赖与DLL内部方法的定义是否有__stdcall。