最新消息:20210816 当前crifan.com域名已被污染,为防止失联,请关注(页面右下角的)公众号

dumpbin IMPORTS and EXPORTS output

tmp_todo crifan 2775浏览 0评论

the usage of dumpbin, please refer here:

DUMPBIN 实用程序的说明

http://support.microsoft.com/kb/177429

1.

D:Program FilesMicrosoft Visual Studio 10.0VC>dumpbin /IMPORTS bin/c1.dll > c1_dll_imports.txt

Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.

Dump of file bin/c1.dll

File Type: DLL

Section contains the following imports:

    ADVAPI32.dll
              4F001000 Import Address Table
              4F09CA88 Import Name Table
                     0 time date stamp
                     0 Index of first forwarder reference

                   CB CryptReleaseContext
。。。。

    KERNEL32.dll
              4F001020 Import Address Table
              4F09CAA8 Import Name Table
                     0 time date stamp
                     0 Index of first forwarder reference

                  139 FindFirstFileW
                  33E LoadLibraryExW
                  218 GetModuleHandleW
。。。

    MSVCR100.dll
              4F00115C Import Address Table
              4F09CBE4 Import Name Table
                     0 time date stamp
                     0 Index of first forwarder reference

                  5E3 realloc
                  628 vsprintf_s
。。。。

    mspdb100.dll
              4F001338 Import Address Table
              4F09CDC0 Import Name Table
                     0 time date stamp
                     0 Index of first forwarder reference

。。。

    MSVCP100.dll
              4F001150 Import Address Table
              4F09CBD8 Import Name Table
                     0 time date stamp
。。。。

    ole32.dll
              4F001354 Import Address Table
              4F09CDDC Import Name Table
                     0 time date stamp
                     0 Index of first forwarder reference

。。。

Section contains the following delay load imports:

    mscoree.dll
              00000001 Characteristics
              4F0A2ECC Address of HMODULE
              4F0A2B88 Import Address Table
              4F09C9B8 Import Name Table
              4F09C9F0 Bound Import Name Table
              00000000 Unload Import Name Table
                     0 time date stamp

          4F0984F3               0 LoadLibraryShim
          4F0984D8               0 GetCORSystemDirectory

Summary

       30000 .data
        D000 .reloc
        1000 .rsrc
       9D000 .text

2.

D:Program FilesMicrosoft Visual Studio 10.0VC>dumpbin /EXPORTS bin/c1.dll > c1_dll_exports.txt

Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.

Dump of file bin/c1.dll

File Type: DLL

Section contains the following exports for c1.dll

    00000000 characteristics
    4BA1DC00 time date stamp Thu Mar 18 15:53:36 2010
        0.00 version
           1 ordinal base
           3 number of functions
           3 number of names

    ordinal hint RVA      name

          1    0 00043740 _AbortCompilerPass@4
          2    1 00042340 _CloseTypeServerPDB@0
          3    2 00042290 _InvokeCompilerPassW@16

Summary

       30000 .data
        D000 .reloc
        1000 .rsrc
       9D000 .text

3.

D:Program FilesMicrosoft Visual Studio 10.0VC>dumpbin /IMPORTS C:windowsnotepad.exe > import_notepad.txt

Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.


Dump of file C:windowsnotepad.exe

File Type: EXECUTABLE IMAGE

Section contains the following imports:

    comdlg32.dll
               10012C4 Import Address Table
               1007990 Import Name Table
。。。。

    SHELL32.dll
               1001174 Import Address Table
。。。。

    WINSPOOL.DRV
               10012B4 Import Address Table
               1007980 Import Name Table
              FFFFFFFF time date stamp
。。。。

    COMCTL32.dll
               1001020 Import Address Table
。。。

   ADVAPI32.dll
               1001000 Import Address Table
               10076CC Import Name Table
              FFFFFFFF time date stamp
              FFFFFFFF Index of first forwarder reference

。。。。。。。。。。。。。

Header contains the following bound import information:
    Bound to comdlg32.dll [4802BDA2] Mon Apr 14 10:12:50 2008
    Bound to SHELL32.dll [4802BDB6] Mon Apr 14 10:13:10 2008
    Bound to WINSPOOL.DRV [4802BDCA] Mon Apr 14 10:13:30 2008
    Bound to COMCTL32.dll [4802BD6C] Mon Apr 14 10:11:56 2008
    Bound to msvcrt.dll [4802BD6C] Mon Apr 14 10:11:56 2008
    Bound to ADVAPI32.dll [4802BD89] Mon Apr 14 10:12:25 2008
    Bound to KERNEL32.dll [4802BDC6] Mon Apr 14 10:13:26 2008
      Contained forwarders bound to NTDLL.DLL [4802BDC5] Mon Apr 14 10:13:25 2008
    Bound to GDI32.dll [4802BD81] Mon Apr 14 10:12:17 2008
    Bound to USER32.dll [4802BDBD] Mon Apr 14 10:13:17 2008

Summary

        2000 .data
        8000 .rsrc
        8000 .text

其中,上面的Bound to 。。。表示了,已经进行了DLL绑定,以避免每次程序启动都要去解析符号地址,由此来提高启动速度。

转载请注明:在路上 » dumpbin IMPORTS and EXPORTS output

发表我的评论
取消评论

表情

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
80 queries in 0.171 seconds, using 22.04MB memory