First thing to do if you don’t already have them is to get the debug symbols
for this thing. They are available for this DLL, I have one on my system.
Next goto a command line and
dumpbin /exports netcfg.dbg > netcfg.txt
To get a nice printout of all the exported functions with decorated names.
Then just find your function and try and interpret it’s decorated name
(there’s a method to the decorated names, and although I don’t have the link
handy, you should be able to find an MSDN article on what the decoration
method/madness is).
You can also do the same dumpbin on the netcfg.dll itself and get the
function address. If you know a program that uses this .dll, use Visual
Studio to Attach to Process. Then, find the base address of the DLL in
memory, add the function’s offset to that, and put a breakpoint there.
You’ll have to be an assembly hack to figure out the next part, but you
should be able to step and see what happens when the function returns.
Depending upon the calling convention, it should pop parameters and a return
value off the stack and you’ll have a good idea of what it’s doing at that
point.
It’s sometimes helpful to grep on the header files and see if the function
is referred to at all (sometimes a comment will refer to a function that
doesn’t get documented). If you find a group of similar functions you might
be able to infer the arguments from those functions. Also, look in the DDK
headers to see if there’s a similar kernel mode function.
I assume that you know how to call a DLL function from your program without
linking to it’s export library (LoadLibrary + GetProcAddress), right?
Good luck!
ERX
-----Original Message-----
From: xxxxx@nai.com [mailto:xxxxx@nai.com]
Sent: Thursday, March 15, 2001 8:00 PM
To: NT Developers Interest List
Subject: [ntdev] undocumented functions in netcfg.dll
Hi, does anybody know where/how to find out the undocumented
functions that
exports from netcfg.dll under NT4.0? For example, there is function
NetSetupFindHardwareComponent that exported from netcfg.dll,
I want to find
out what parameters need for this function and what this
function does?
Any books or reference URL that can point me to this
information will be
greatly helpful.
Thanks in advance!
You are currently subscribed to ntdev as: xxxxx@mediasite.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com