March 29, 2024, 06:03:10 AM

News:

Own IWBasic 2.x ? -----> Get your free upgrade to 3.x now.........


DLL api scanner

Started by sapero, September 17, 2007, 07:01:27 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

sapero

September 17, 2007, 07:01:27 AM Last Edit: June 13, 2011, 01:22:32 AM by sapero
This tool will scan given folder for executable images that exports specified api. It supports wildcards in api and file name.
Has implemented search history - 20 recent strings are saved, in same way as does Total commander.
Uses also shell context menu to be more user friendly.

It is pretty usefull for me, if I do a C header conversion and need to find what lib is required. I've started yesterday with this proggy.

Example settings:
API to find = Load*
Search path = c:\windows
FileName filter = *.acm;*.ax;*.cpl;*.des;*.dll;*.drv;*.ds;*.exe;*.ime;*.ocx;*.plw;*.scr;*.sys;*.xvd;*.wcx
Case sensitive = false
Whole word = false
Search tree = true

Semicolon in the FileName filter box is reserved - it is used as an terminator for tokens.

EDIT:
Added option to search for partial string if the main search found nothing. "LoadLibrary" will find "LoadLibraryA/W/ExA/ExW" in kernel32.dll.
Added exceptions handling to ScanExportDir, to propertly handle compressed PE without executing any additional code.

Note: the scanner is loading PE images in protected mode (LoadLibraryEx with the DONT_RESOLVE_DLL_REFERENCES flag), so the DllMain entry-point will be not called. The PE image is loaded as raw data, without permissions to execute any code. This increases application security and stability.

EDIT2:
degraded requirements to win98se with IE6
removed 50% of combobox flickering
added hot-filter in api list (double click any found dll)