0

How do you get the signature of an exported function of a DLL? I know this is possible since a program analysis tool such as IDA (and ollydbg) manages to get the following for GetVersionExA:

push    offset VersionInformation ; lpVersionInformation
mov     edi, offset dword_4D3B94
mov     esi, offset aSS ; "%s - %s"
call    GetVersionExA

Using a hex editor to search through PDBs, I could not find the string lpVersionInformation. So where and how can I extract the signature?

simonzack
  • 19,729
  • 13
  • 73
  • 118
  • I suppose these programs know the signature of most of the standard win32 functions – Jabberwocky Nov 17 '17 at 16:46
  • _[THIS link](https://stackoverflow.com/a/1128453/645128)_ can help you to enumerate the exported functions using Win32 structs, not sure if you can extrapolate from there... – ryyker Nov 17 '17 at 16:59
  • @ryyker Thanks for the suggestion. I am aware of this but I don't think parameter information is present in the dll itself. – simonzack Nov 17 '17 at 17:03

0 Answers0