AutoHotkey Community

This utility displays the list of all exported functions and their virtual memory addresses for the specified DLL files.

http://www.nirsoft.net/utils/dll_export_viewer.html

(Try it on corrupt's nice Cmdret dll)

_________________

Very handy. Thanks

I don't know the software you recommand, but for such functionnality and (perhaps) more, I usually use Dependency Walker which is free and powerful: it can even find runtime dependencies (LoadLibrary).

This is not true. Dependencies due to LoadLibrary calls are not detected by Dependency Walker.

Maybe I wasn't clear enough.

DW doesn't detect statically dependencies created by LoadLibrary.

This is not possible, or at least extremly difficult, supposing to disassemble the code to find a call to this library. And even then, if the name of the called DLL is dynamically built, it is not possible to know it.

But if you run the analyzed program, or a program calling the analyzed DLL, DW will be able to detect a call to LoadLibrary and know which DLL is loaded (and which functions are called).

Of course, it will detect only the DLLs called at runtime: a program may dynamically depend, say on a JPeg reading library, but if you never load such image in your testing, you will not see it.

HTH.

Dependencies created by LoadLibrary are usually not referred to as static dependencies. Static dependencies are those when a DLL is linked using an export library (.lib) file.



Sorry, I don't understand. What do you mean by "run the analyzed program, or a program calling the analyzed DLL" ? Which analyzed program are you talking about ?

I didn't wrote about static dependencies, but, statically detecting dependencies, ie. without running analyzed code.



LoadLibrary can be called from within a program ("the analyzed program") or from a DLL routine, which must be called from an external program, even if it is just RunDLL32 or AutoHotkey. AFAIK, a DLL can't run alone, it is a piece of code designed to extend a program, to be called by a program (or another DLL). So to perform a dynamic analysis of a DLL, you must have a program calling the functions inside the DLL.