Is there a way to find out what Registry Keys the DLL is accessing?
#Pe explorer dll export viewer code#
I know that somewhere inside this dll, there is a piece of code that is retrieving a information from the Windows Registry. How to inspect a DLL for information Is there a way to inspect a single(C++ compiled) DLL file and find out what Win32 function calls it makes? pdb files has information/directions to get you to function. You will need the Source Code Files which contains the function which you want to debug. Then the debugger will stop when calling into “GetMessageW” Just set a function breakpoint at this address. Now check the image base of “user32.dll” in the VS debugger’s “Modules” windows, the values is “7E410000” on my laptop (Generally, the system dlls would not be relocated, so the image base value here is equal to the value written in PE file). For instance, “RVA” of “GetMessageW” is “000091C6”. For example, just type “dumpbin /exports C:\Windows\System32\user32.dll” in the Visual Studio command line, you can get “RVA” of each exported symbol in “user32.dll”. Get the relative address of the function in which you want to set breakpoint with some PE tools. If you don’t like to load the NT symbols, there is another method Then set breakpoint on wrapper_func.but you need to do some work to call the wrapper func instead of the dll func.Īnother way is set breakpoint on function address Std::cout<<"after call dll func"<