C++ Learning Community Forum
September 09, 2010, 07:41:36 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Hello. Smiley
 
   Home   Help Search Login Register  
C++ Learning Community Forum > C++ Creations > Finished Products > Dependency Stalker
Pages: [1]
« previous next »
  Print  
Author Topic: Dependency Stalker  (Read 1235 times)
adeyblue
Dr. of C++ology
****
Posts: 653

Taming the turntables a beat at a time


View Profile WWW
« on: July 14, 2007, 02:55:20 AM »
Well I was bored the other day and, like you do, got to thinking about which Windows functions are the most popular among the executable image files in system32. So I made this little dependency walker type thingymabob that can list imported and exported data/functions for 32bit images. It works with single files or directories (optionally recursing into subdirs) and if you're as nosey as I am, you can get a vector of the x most popular functions imported.

Anyhoo, the code is attached as there's a few files. It's quite heavily commented for me so I think it's followable. Since there's no way I'm doing exercises from a book or writing an article, consider this my small offering unto the general "how do I read an import table" populous Smiley

Sample output:
Code:
d:\windows\system32\chcfg.exe imports these functions:
From advapi32.dll
RegCloseKey
RegOpenKeyA
RegQueryValueExA

From dsound.dll
DirectSoundCreate
DirectSoundEnumerateA

From kernel32.dll
DeviceIoControl
LocalAlloc
LocalFree
GetLastError
CloseHandle
CreateFileA
GetCPInfo
FreeEnvironmentStringsA
GetModuleFileNameA
SetStdHandle
SetFilePointer
FlushFileBuffers
LoadLibraryA
HeapReAlloc
VirtualAlloc
HeapAlloc
GetStringTypeW
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
GetProcAddress
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
GetStringTypeA
GetStartupInfoA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile

From setupapi.dll
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA

From user32.dll
GetWindowTextA
SendMessageA
RegisterWindowMessageA
EnumWindows

Oh for anybody wondering about the most popular, this is what I got for system32 on my XP SP2:
Quote
The most popular imports are:
kernel32.dll - GetLastError      1077 times imported
kernel32.dll - GetCurrentThreadId      1012 times imported
kernel32.dll - GetCurrentProcess      1007 times imported
kernel32.dll - CloseHandle      953 times imported
kernel32.dll - GetTickCount      949 times imported
kernel32.dll - GetCurrentProcessId      948 times imported
kernel32.dll - TerminateProcess      947 times imported
advapi32.dll - RegCloseKey      929 times imported
kernel32.dll - GetProcAddress      907 times imported
kernel32.dll - UnhandledExceptionFilter      901 times imported
* ImageRead.zip (14.39 KB - downloaded 95 times.)
Logged
All WM_ message names - Getting kernel thread stacks the Process Explorer way
C-Man
Does anyone even read this ?
Global Moderator
Dr. of C++ology
*****
Posts: 988



View Profile WWW
« Reply #1 on: July 14, 2007, 07:26:16 AM »
that's pretty nice , :thumbsup:
Logged

Please comeby #coding, #coding stats
Pages: [1]
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC Valid XHTML 1.0! Valid CSS!