Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am looking at an application with a debugger (I don’t have the source code!).
I put a breakpoint in a certain function (exported function) and I look at the stack trace.
Obviously I cannot see the symbols, but I can see the DLL name and an ordinal.
My question is how can I tell if the functions I see in the stack trace are exported ? or to be more accurate, Are the ordinals I see in the stack trace are the same ordinals I see in dependency walker?
Thanks a lot! 🙂
TCS: I was hinting at the fact that there is more than one debugger, and more than one linker that may generate different type of metadata in DLL’s.
To the point, I’ve had good ‘debugging’ (inspecting/auditing) third-party software (including DLL’s) with
OllyDbg, of which there now seems to be a brand-new version 2.0 (here).It makes code analysis a whizz (if you know your way around assembly language and dynamic loading, I guess). It certainly makes easy work of tracking what module calss which and mapping those (calls) to symbolic names if available1. OllyDbg in particular is free.
On the commercial front, I believe there are several similar tools, of which I recall IDA Pro to be the biggest name.
Hope that helps.
1 It will leverage debug symbols (such as the ones you can download from Microsoft) and it will even translate arguments to Win32 APIs into their meaningful names (i.e. WM_PAINT instead of a constant, knowing the expected LPPARAM layout too etc).