PDA

View Full Version : Profiling / debuggin Dll method calls at run time


tallashk
December 24th, 2007, 09:52
Hi

I want to profile/ Debug method calls made to dll in an application.

This is a third party application and I need to know how does it process (infact need to know the algo)

Is there any way to profile it or debug it.

The application is a delphi com + application

Please help

Regards,

Aimless
December 24th, 2007, 10:09
I am assuming that the methods/calls are exported. If they are, there are HUGE amount of tools available on the net that do so:

1. AQtime
2. ANTS profiler
3. Intel Vtune
4. ... and so many, many more...

hell, you can even CRUDE profile with Ollydbg...

All versions of all softwares mentioned above are boldly cracked and available for free on the internet... if you know how to use google, that is.

Have Phun

tallashk
December 24th, 2007, 11:11
problem is that these programs gives me assembly code of it.. I need to know the method calls if possible. I tried Ollydbg but still getting assembly code. Is it possible to find out when a dll is loaded in memory and find the exact method call when there is some event.
Its a third party application with loads of dlls. All that i need is to know which particular methods have been called...

dELTA
December 24th, 2007, 13:42
If you are just interested in which exported DLL functions have been called, why do you care about assembly code or source code at all? What you seem to need is an API logger / DLL call logger.

tallashk
December 24th, 2007, 13:45
yes thats exactly i need
Most softwares are not giving anything like this.. is it possible if you can guide me few tools that can help.

dELTA
December 24th, 2007, 13:47
BoundsChecker, AutoDebug, ...

tallashk
December 24th, 2007, 13:49
cheers ill try them.

tallashk
December 24th, 2007, 14:42
AUTOdebug i can go and can find out the calls to dlls but still i dont know which methods are being called and used.

am I missing something or do i need to do something extra to know the exact calls (readable way ) not the assembly.

Sorry if I am being awkward here.

dELTA
December 24th, 2007, 21:20
You seem to be after the source code after all, and in that case you're looking for a decompiler:

http://www.woodmann.com/collaborative/tools/index.php/Categoryecompilers

Be warned though that this task is not easy at all, and especially not with object oriented languages, which apparently seems to be the case with your target...

JMI
December 24th, 2007, 21:33
He wouldn't be attempting to "borrow" the code....would he???

Regards,

tallashk
January 2nd, 2008, 05:58
no all that I am after is to see particular method calls. Its a delphi Com application that calls some server dll components and I want to use them to do some automation work by using those components. I am not attempting to borrow code as all that I am trying to do is to write a component for same application that will ease the job.

disavowed
January 2nd, 2008, 11:30
Set a breakpoint on every function in the server DLL and log the arguments passed to them.

I think Process Stalker has this kind of functionality (although you may have to do some tweaks).

tallashk
January 2nd, 2008, 17:49
is it possible to get real name of functions as all that i am looking for is particular methods calling in a module of application instead of getting assembly. of the code. ( I am not good in assembly )

tallashk
January 3rd, 2008, 06:20
The way this application process is this.
Loads the exe, calls the hook and resource dll and then it calls the related dll's through hook. I can see the methods in exe but can't see the method calling at run time. I tried saveral tools but most of them shows that dll is loaded but the funcation calls at run time is not coming up in clear way.
I am not good in reverse engineering and assembly so thats why I am asking again n again ... sorry for being odd...
cheers...

dELTA
January 3rd, 2008, 07:39
Just like I already told you above, a decompiler is your only choice in that case, if you don't have access to debug symbols or source code.

disavowed
January 6th, 2008, 13:08
Quote:
[Originally Posted by tallashk;71401]is it possible to get real name of functions

To rephrase what Delta said above: no, not without symbols (the .pdb). (It wasn't clear to me that Delta was answerring your specific question above.)

Without symbols, the only other way you might be able to get the original function names is if they're exported by name in the PE header, but that's very uncommon for .EXEs.