DLL Export Viewer--察看DLL导出的函数及其虚拟内存地址
DescriptionThis utility displays the list of all exported functions and their virtual memory addresses for the specified DLL files. You can easily copy the memory address of the desired function, paste it into your debugger, and set a breakpoint for this memory address. When this function is called, the debugger will stop in the beginning of this function.
For example: If you want to break each time that a message box is going to be displayed, simply put breakpoints on the memory addresses of message-box functions: MessageBoxA, MessageBoxExA, and MessageBoxIndirectA (or MessageBoxW, MessageBoxExW, and MessageBoxIndirectW in unicode based applications) When one of the message-box functions is called, your debugger should break in the entry point of that function, and then you can look at call stack and go backward into the code that initiated this API call.
This utility doesn't require any installation process or additional DLLs, in order to start using it, just run the executable file - dllexp.exe
When DLL Export Viewer is loaded, you have to choose one of the following options:
Load all functions from standard system DLLs: This is the default option. If you select it, the exported API functions of standard Windows DLLs (kernel32.dll, user32.dll, and so on...) will be displayed.
Load functions from the specified DLL file: If you select this option, you have to specify the DLL file that you want to load in the text-box below this option. You can also specify a wildcard for loading multiple DLL files. If for some reason, you want to view all API functions on your system, you can specify something like 'c:\windows\system32\*.dll' - but I must warn you... You'll get a very long functions list, probably more than 50,000 functions !
Load functions from the DLL files specified in the following text file: If you select this option, the specified text file should contain a list of DLL files, separated by Enter characters (CR-LF). All exported functions from the specified DLLs will be loaded.
Load functions from all DLLs attached to the selected process: This is the most useful option if you want to use this utility for debugging. Select the process that you are currently debugging, and the exported functions of all DLLs attached to the selected process will be displayed.
System Requirements
This utility works properly on all 32-bit/64-bit versions of Windows, including Windows 98/ME, Windows NT, Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows 8, and Windows 10. If you want to use it on Windows NT, you should add psapi.dll into your system32 folder.
32位:
X64:
简单中文配置文件:
页:
[1]