View imported dll's windows executable

[Tuckle]

Cum as putea sa vad modulele importate de un executabil intr-un mod automat si rapid a unui executabil windows?

Am niste fisiere/executabile care in fisier raw nu are importate anumite dll-uri pe care le folosesti si am nevoie sa stiu ce dll-uri sau functii de winapi foloseste in executia lui;

Se poate vedea asta intr-o anumita masura si sa se poata face asta intr-un mod automat(gen script python sau commandline tool)?

 

Pana acum am gasit dependency walker dar nu pare sa pot automatiza procesul si dureaza un pic pana obtin lista de dll-uri, respectiv listdlls de la sysinternals, dar e pentru procese care ruleaza deja, nu pentru fisiere/executabile statice

Edited April 22, 2018 by Tuckle

[dancezar]

C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.10.25017\bin\HostX64\x64>dumpbin /imports D:\test.exe
Microsoft (R) COFF/PE Dumper Version 14.10.25019.0
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file D:\test.exe

File Type: EXECUTABLE IMAGE

  Section contains the following imports:

    KERNEL32.dll
                41E218 Import Address Table
                41E050 Import Name Table
                     0 time date stamp
                     0 Index of first forwarder reference

                   AB CreateProcessW
                   D4 DeleteCriticalSection
                   EF EnterCriticalSection
                  11E ExpandEnvironmentStringsW
                  15F FormatMessageA
                  18B GetCommandLineW
                  1C4 GetCurrentProcess
                  1C5 GetCurrentProcessId
                  1C9 GetCurrentThreadId
                  1E0 GetEnvironmentVariableW
                  1E2 GetExitCodeProcess
                  203 GetLastError
                  214 GetModuleFileNameW
                  215 GetModuleHandleA
                  245 GetProcAddress
                  263 GetShortPathNameW
                  265 GetStartupInfoW
                  27B GetSystemTimeAsFileTime
                  288 GetTempPathW
                  297 GetTickCount
                  2EB InitializeCriticalSection
                  326 LeaveCriticalSection
                  329 LoadLibraryA
                  32B LoadLibraryExW
                  355 MultiByteToWideChar
                  393 QueryPerformanceCounter
                  415 SetDllDirectoryW
                  41B SetEnvironmentVariableW
                  467 SetUnhandledExceptionFilter
                  474 Sleep
                  482 TerminateProcess
                  489 TlsGetValue
                  496 UnhandledExceptionFilter
                  4B6 VirtualProtect
                  4B9 VirtualQuery
                  4C2 WaitForSingleObject
                  4DA WideCharToMultiByte

    msvcrt.dll
                41E2B0 Import Address Table
                41E0E8 Import Name Table
                     0 time date stamp
                     0 Index of first forwarder reference
......

Dar asta ai incercat?

http://www.dependencywalker.com/help/html/hidr_command_line_help.htm

Edited April 22, 2018 by dancezar

[Tuckle]

@dancezar dumpbin-ul scoate doar importurile care se gasesc in fisier, asta pot face si cu pefile, dar commandline-ul de la dependencywalker e exact ce as avea nevoie, in sensul ca commandline-ul la mine ar fi cam: /of:file.out /c si result de care am nevoie. Singurul downside la dependencywalker este ca dureaza destul de mult pentru un fisier sa scoata importurile(cateva minute bune) si as avea nevoie sa se intample in mai putin de un minut totul, dar momentan o sa mai incerc niste optiuni de la dependencywalker. Cmdline-ul e exact ce aveam nevoie, mai ales ca am optiunea sa nu mai afiseze consola si dupa tot ce am nevoie e sa parsez fisierele de output ca sa iau ce ma intereseaza pe mine. Mersi mult!