Monday, August 16, 2004

Check whether a dll calls a fucntion

It is difficult to determine whether executable content can be trusted. One test is to use the DumpBin tool to determine if the executable code makes calls to certain APIs. DumpBin is included with many Win32 API developer tools.

To use DumpBin to check for calls made
1.
At the command prompt, to determine whether MyISAPI.dll calls RevertToSelf(), type

dumpbin /imports MyISAPI.DLL | find "RevertToSelf"

If no result appear, MyISAPI.dll does not call RevertToSelf() directly. It might call the API through LoadLibrary(), in which case you should search for this.

0 Comments:

Post a Comment

<< Home