-
Notifications
You must be signed in to change notification settings - Fork 0
/
DLLExports.py
34 lines (32 loc) · 1.22 KB
/
DLLExports.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
#Write a text file with the Ordinal and Function Names inside a .DLL file. NB: load .PDB first so that both the mangled (decorated) and ordinal are available (see httpsdocs.microsoft.comen-uscppbuildreferencedecorated-names)
#@author bjaan
#@category Symbol
#@keybinding
#@menupath
#@toolbar
parser = ghidra.app.util.demangler.microsoft.MicrosoftDemangler()
symTab = currentProgram.getSymbolTable()
iter = symTab.getSymbolIterator("Ordinal_*", True)
f = open("exports.txt", 'w')
for sym in iter:
ordinal = sym.getName()[len("Ordinal_"):]
symAddr = sym.getAddress()
primary = symTab.getPrimarySymbol(symAddr)
realName = primary.getName()
symbolsAt = symTab.getSymbols(symAddr);
for i in range(0, len(symbolsAt)-1):
if sym.getName() == symbolsAt[i].getName():
if i + 1 < len(symbolsAt):
realName = symbolsAt[i + 1].getName()
break;
if realName.startswith("Ordinal_"):
continue
demangledObject = parser.demangle(realName, True)
if demangledObject is None:
demangled = ""
else:
demangled = demangledObject.toString()
f.write(ordinal + "\t" + realName)
if len(demangled) > 0:
f.write("\t" + demangled)
f.write('\n')