List all functions from an executable

delphi package - full disassembler
Post Reply
Keiner
Posts: 2
Joined: Mon Nov 17, 2008 10:28 am

List all functions from an executable

Post by Keiner »

Hi,

is it possible to list all functions of an executable? Can ParseFunction return a pointer to the next function?

take care, keiner
Nico Bendlin
Posts: 46
Joined: Fri Apr 28, 2006 1:17 pm

Post by Nico Bendlin »

Compilers are free to overlap any code sequences. So there might be no "next" function. Another problem are function "tails" (code fragments of a function outside of the function’s main "body" - e.g. MSVC’s PGO).
Keiner
Posts: 2
Joined: Mon Nov 17, 2008 10:28 am

Post by Keiner »

How does IDA/OllyDBG handle those problems? I mean the results aren't 100% correct but at least its a point where i can start.
Nico Bendlin
Posts: 46
Joined: Fri Apr 28, 2006 1:17 pm

Post by Nico Bendlin »

Well, for ParseFunction one needs the entry point of the function (your task). This implies, that it is intended to analyze one function - not the whole program control flow (a job for IDA). The analyzed function could be followed by anything (e.g. hundreds and thousands of data bytes).

topic: Back to your initial question: TFunctionInfo.CodeLen
madshi
Site Admin
Posts: 10749
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Nico is right, of course.

One option would be to disassemble the EXE's entry point function plus every exported function. Then for every disassembled function you can enumerate the call instructions. You can then disassemble the call targets. This will again give you a new list of call instructions. You can do this recursively. That will probably not result in a full disassembly of the whole EXE, but it might cover the majority of functions. Of course there are problems: E.g. some calls are hard to trace. And if a thread is created, you will probably miss the thread function and all functions it calls inside etc...
_NN_
Posts: 55
Joined: Mon Jan 21, 2013 4:00 pm

Re: List all functions from an executable

Post by _NN_ »

I understand there still is no available lib for madDisAsm, right ?
madshi
Site Admin
Posts: 10749
Joined: Sun Mar 21, 2004 5:25 pm

Re: List all functions from an executable

Post by madshi »

It's kind of part of the madCodeHook32/64.lib file, but there's no way to access the disasm functionality atm.
Post Reply