Reputation: 35276
Getting class offset in a Win32 binary
For a Win32 Portable Executable (PE)
- How can I get the list of classes used
- How to get the offset of a given class
Upvotes: 0
Views: 364
Answers (1)
Reputation: 61341
A class does not have an offset - its methods have offsets. If the PE file is a DLL, and a class is exported, you can get offsets of its methods from the exported function table. The names will be mangled though. The mangling scheme is compiler- and version-specific.
You can use the DUMPBIN tool (available with Visual Studio, or in Platform SDK) to watch the export table. IIRC, it can even unmangle the names for you. If you want to do it programmatically, use the functions from the ImageHlp API - ImageLoad() and so forth.
There's no good way to get offsets of nonexported class methods.
Also, offsets can be found in a MAP file, or in debug symbols, or in a PDB file. If it's a third party product, those won't be available to you, most likely.
EDIT re: Microsoft DLLs. Microsoft makes debug symbols for a lot of their files (both Win32 and .NET) available via the Microsoft Symbol Server. Visual Studio since v. 2005 can pull those symbols automatically upon DLL loading.
Upvotes: 2
Related Questions
- c++ access PEB_LDR_DATA struct member by offset
- Proper method for opening files at a particular offset with Win32 api using c++
- How to call GetClassInfo with a retrieved ATOM (or is it necessary)?
- Reading memory from ".exe" + offset?
- How to get PE file signature offset?
- How to get the Window Class Name and Id from HWND?
- Can I find an offset of a resource in an EXE file with C++?
- Using WinAPI to retrieve a class pointer?
- Is it possible to manually calculate the byte-offset of a class member?
- How to get readable classname and title from HWND handle? in WinApi c++