如何获取系统所有api函数

元始天尊 发表于 2014-3-4 13:28:14

1.(for %i in (dir /s /b c:\windows\system32\*.dll) do dumpbin -exports %i) >out.txt
前200行：

G:\Users\Administrator\Desktop>dumpbin -exports dir
Microsoft (R) COFF Binary File Dumper Version 6.00.8168
Copyright (C) Microsoft Corp 1992-1998. All rights reserved.

Dump of file dir
DUMPBIN : fatal error LNK1181: cannot open input file "dir"
G:\Users\Administrator\Desktop>dumpbin -exports /s
Microsoft (R) COFF Binary File Dumper Version 6.00.8168
Copyright (C) Microsoft Corp 1992-1998. All rights reserved.
DUMPBIN : warning LNK4044: unrecognized option "s"; ignored
Summary

G:\Users\Administrator\Desktop>dumpbin -exports /b
Microsoft (R) COFF Binary File Dumper Version 6.00.8168
Copyright (C) Microsoft Corp 1992-1998. All rights reserved.
DUMPBIN : warning LNK4044: unrecognized option "b"; ignored
Summary

G:\Users\Administrator\Desktop>dumpbin -exports c:\windows\system32\6to4svc.dll
Microsoft (R) COFF Binary File Dumper Version 6.00.8168
Copyright (C) Microsoft Corp 1992-1998. All rights reserved.

Dump of file c:\windows\system32\6to4svc.dll
File Type: DLL
Section contains the following exports for 6to4Svc.dll
      0 characteristics
4B73DA0D time date stamp Thu Feb 11 18:21:01 2010
   0.00 version
      1 ordinal base
      1 number of functions
      1 number of names
ordinal hint RVA    name
      1 0 00015150 ServiceMain
Summary
   3000 .data
   2000 .reloc
   1000 .rsrc
   16000 .text
G:\Users\Administrator\Desktop>dumpbin -exports c:\windows\system32\aaaamon.dll
Microsoft (R) COFF Binary File Dumper Version 6.00.8168
Copyright (C) Microsoft Corp 1992-1998. All rights reserved.

Dump of file c:\windows\system32\aaaamon.dll
File Type: DLL
Section contains the following exports for AAAAMON.dll
      0 characteristics
3B7D796D time date stamp Sat Aug 18 04:07:09 2001
   0.00 version
      1 ordinal base
      1 number of functions
      1 number of names
ordinal hint RVA    name
      1 0 00001B42 InitHelperDll
Summary
   1000 .data
   1000 .reloc
   3000 .rsrc
   4000 .text
G:\Users\Administrator\Desktop>dumpbin -exports c:\windows\system32\aaclient.dll
Microsoft (R) COFF Binary File Dumper Version 6.00.8168
Copyright (C) Microsoft Corp 1992-1998. All rights reserved.

Dump of file c:\windows\system32\aaclient.dll
File Type: DLL
Section contains the following exports for aaclient.dll
      0 characteristics
47917FE8 time date stamp Sat Jan 19 12:43:20 2008
   0.00 version
      1 ordinal base
      6 number of functions
      4 number of names
ordinal hint RVA    name
      1 0 0000BA85 LoadClientAdapter
      5 1 0000DEFD OpenKeyReader
      6 2 0000DF0D OpenKeyReaderWriter
      4 3 0001F7F4 g_fnStartTransport
Summary
   2000 .data
   3000 .reloc
   1000 .rsrc
   1E000 .text
G:\Users\Administrator\Desktop>dumpbin -exports c:\windows\system32\acctres.dll
Microsoft (R) COFF Binary File Dumper Version 6.00.8168
Copyright (C) Microsoft Corp 1992-1998. All rights reserved.

Dump of file c:\windows\system32\acctres.dll
File Type: DLL
Summary
   1000 .reloc
   10000 .rsrc
G:\Users\Administrator\Desktop>dumpbin -exports c:\windows\system32\acledit.dll
Microsoft (R) COFF Binary File Dumper Version 6.00.8168
Copyright (C) Microsoft Corp 1992-1998. All rights reserved.

Dump of file c:\windows\system32\acledit.dll
File Type: DLL
Section contains the following exports for ACLEDIT.dll
      0 characteristics
3B7D7CDE time date stamp Sat Aug 18 04:21:50 2001
   0.00 version
      1 ordinal base
      8 number of functions
      8 number of names
ordinal hint RVA    name
      4 0 00004BC6 DllMain
      1 1 0000323A EditAuditInfo
      2 2 00004010 EditOwnerInfo
      3 3 00003248 EditPermissionInfo
      5 4 00004ED6 FMExtensionProcW
      6 5 0000590A SedDiscretionaryAclEditor
      7 6 0000593F SedSystemAclEditor
      8 7 0000532C SedTakeOwnership
Summary
   1000 .data
   1000 .reloc
   C000 .rsrc
   13000 .text
G:\Users\Administrator\Desktop>dumpbin -exports c:\windows\system32\aclui.dll
Microsoft (R) COFF Binary File Dumper Version 6.00.8168
Copyright (C) Microsoft Corp 1992-1998. All rights reserved.

Dump of file c:\windows\system32\aclui.dll
File Type: DLL
Section contains the following exports for ACLUI.dll
      0 characteristics
48023D0E time date stamp Mon Apr 14 01:04:14 2008
   0.00 version
      1 ordinal base
      16 number of functions
      3 number of names
ordinal hint RVA    name
      1 0 0000ACFD CreateSecurityPage
      2 1 0000ADAE EditSecurity
      16 2 0000132C IID_ISecurityInformation
Summary
   1000 .data
   2000 .reloc
   5000 .rsrc
   12000 .text
G:\Users\Administrator\Desktop>dumpbin -exports c:\windows\system32\activeds.dll
Microsoft (R) COFF Binary File Dumper Version 6.00.8168

2.findstr /X ".*.*$" out.txt > out2.txt
前100行：
      1 0 00015150 ServiceMain
      1 0 00001B42 InitHelperDll
      1 0 0000BA85 LoadClientAdapter
      5 1 0000DEFD OpenKeyReader
      6 2 0000DF0D OpenKeyReaderWriter
      4 3 0001F7F4 g_fnStartTransport
      4 0 00004BC6 DllMain
      1 1 0000323A EditAuditInfo
      2 2 00004010 EditOwnerInfo
      3 3 00003248 EditPermissionInfo
      5 4 00004ED6 FMExtensionProcW
      6 5 0000590A SedDiscretionaryAclEditor
      7 6 0000593F SedSystemAclEditor
      8 7 0000532C SedTakeOwnership
      1 0 0000ACFD CreateSecurityPage
      2 1 0000ADAE EditSecurity
      16 2 0000132C IID_ISecurityInformation
      4 0 00004E37 ADsBuildEnumerator
      8 1 00004F79 ADsBuildVarArrayInt
      7 2 00004ECD ADsBuildVarArrayStr
      6 5 00004EAD ADsEnumerateNext
      5 6 00004E89 ADsFreeEnumerator
      3 8 00004723 ADsGetObject
      9 9 000051CD ADsOpenObject
      23 B 00013790 AdsFreeAdsValues
      22 C 0001376E AdsTypeToPropVariant
      29 10 00005020 BinarySDToSecurityDescriptor
      27 11 00016889 ConvertSecDescriptorToVariant
      28 12 000158F6 ConvertSecurityDescriptorToSecDes
      10 13 000040B2 DllCanUnloadNow
      11 14 0000405A DllGetClassObject
      31 15 000040CC DllRegisterServer
      32 16 000043DB DllUnregisterServer
      21 19 00013A20 PropVariantToAdsType
      30 1D 00005064 SecurityDescriptorToBinarySD
      4 0 00001100 DllCanUnloadNow
      5 1 00010C20 DllGetClassObject
      6 2 00011776 DllRegisterServer
      7 3 000117A2 DllUnregisterServer
      3 4 0001172B GetProxyDllInfo
      15 0 00008470 AdmClose
      16 1 000082ED AdmFinished
      17 2 00008D61 AdmInit
      18 3 00008337 AdmReset
      19 4 000084EE AdmSaveData
      20 5 0000927A CheckDuplicateKeys
      21 6 00008F22 CreateAdmUi
      12 7 00008202 DllMain
      22 8 00009071 GetAdmCategories
      23 9 00009654 GetFontInfo
      13 A 000084D6 IsAdmDirty
      14 B 000084E1 ResetAdmDirtyFlag
      1 0 00002209 CreateSocketPort
      2 1 000022BC DeleteSocketPort
      3 2 00004384 FwBindFwInterfaceToAdapter
      4 3 000045B0 FwConnectionRequestFailed
      5 4 000040E1 FwCreateInterface
      6 5 00004195 FwDeleteInterface
      7 6 00004504 FwDisableFwInterface
      8 7 0000455A FwEnableFwInterface
      9 8 0000427B FwGetInterface
      10 9 0000464E FwGetNotificationResult
      11 A 000047A8 FwGetStaticNetbiosNames
      12 B 00003C81 FwIsStarted
      13 C 00004606 FwNotifyConnectionRequest
      14 D 000041EB FwSetInterface
      15 E 00004737 FwSetStaticNetbiosNames
      16 F 00003940 FwStart
      17 10 00003F48 FwStop
      18 11 000044AE FwUnbindFwInterfaceFromAdapter
      19 12 00004079 FwUpdateConfig
      20 13 0000466F FwUpdateRouteTable
      21 14 00002B3B GetAdapterNameFromMacAddrW
      22 15 00002B1E GetAdapterNameW
      23 16 0000495E GetFilters
      24 17 00002443 IpxAdjustIoCompletionParams
      25 18 0000358B IpxCreateAdapterConfigurationPort
      26 19 000032B7 IpxDeleteAdapterConfigurationPort
      27 1A 00002968 IpxDoesRouteExist
      28 1B 00003746 IpxGetAdapterConfig
      29 1C 00002763 IpxGetAdapterList
      30 1D 0000234B IpxGetOverlappedResult
      31 1E 000025FF IpxGetQueuedAdapterConfigurationStatus
      32 1F 000023BC IpxGetQueuedCompletionStatus
      33 20 000024C5 IpxPostQueuedCompletionStatus
      34 21 00002593 IpxRecvPacket
      35 22 000024E3 IpxSendPacket
      36 23 00003699 IpxWanCreateAdapterConfigurationPort
      37 24 00002BEC IpxWanQueryInactivityTimer
      38 25 00002B40 IpxWanSetAdapterConfiguration
      39 26 00005506 ServiceMain
      40 27 000048BF SetFilters
      1 0 00003EC1 DllCanUnloadNow
      2 1 00003EE4 DllGetClassObject
      1 0 00018C7C ??0CLexer@@QAE@PAG@Z
      2 1 00018CC0 ??1CLexer@@QAE@XZ
      54 2 000192A0 ?GetNextToken@CLexer@@QAEJPAGPAK@Z
   135 3 00018E38 ?SetAtDisabler@CLexer@@QAEXH@Z
   136 4 00018E60 ?SetExclaimnationDisabler@CLexer@@QAEXH@Z
   137 5 00018E4C ?SetFSlashDisabler@CLexer@@QAEXH@Z

3.findstr /V "@$ \. : DllCanUnloadNow DllGetClassObject DllRegisterServer DllUnregisterServer ServiceMain DllMain CPlApplet DllGetVersion DllInstall" out2.txt > out3.txt
前50行：
      1 0 00001B42 InitHelperDll
      1 0 0000BA85 LoadClientAdapter
      5 1 0000DEFD OpenKeyReader
      6 2 0000DF0D OpenKeyReaderWriter
      4 3 0001F7F4 g_fnStartTransport
      1 1 0000323A EditAuditInfo
      2 2 00004010 EditOwnerInfo
      3 3 00003248 EditPermissionInfo
      5 4 00004ED6 FMExtensionProcW
      6 5 0000590A SedDiscretionaryAclEditor
      7 6 0000593F SedSystemAclEditor
      8 7 0000532C SedTakeOwnership
      1 0 0000ACFD CreateSecurityPage
      2 1 0000ADAE EditSecurity
      16 2 0000132C IID_ISecurityInformation
      4 0 00004E37 ADsBuildEnumerator
      8 1 00004F79 ADsBuildVarArrayInt
      7 2 00004ECD ADsBuildVarArrayStr
      6 5 00004EAD ADsEnumerateNext
      5 6 00004E89 ADsFreeEnumerator
      3 8 00004723 ADsGetObject
      9 9 000051CD ADsOpenObject
      23 B 00013790 AdsFreeAdsValues
      22 C 0001376E AdsTypeToPropVariant
      29 10 00005020 BinarySDToSecurityDescriptor
      27 11 00016889 ConvertSecDescriptorToVariant
      28 12 000158F6 ConvertSecurityDescriptorToSecDes
      21 19 00013A20 PropVariantToAdsType
      30 1D 00005064 SecurityDescriptorToBinarySD
      3 4 0001172B GetProxyDllInfo
      15 0 00008470 AdmClose
      16 1 000082ED AdmFinished
      17 2 00008D61 AdmInit
      18 3 00008337 AdmReset
      19 4 000084EE AdmSaveData
      20 5 0000927A CheckDuplicateKeys
      21 6 00008F22 CreateAdmUi
      22 8 00009071 GetAdmCategories
      23 9 00009654 GetFontInfo
      13 A 000084D6 IsAdmDirty
      14 B 000084E1 ResetAdmDirtyFlag
      1 0 00002209 CreateSocketPort
      2 1 000022BC DeleteSocketPort
      3 2 00004384 FwBindFwInterfaceToAdapter
      4 3 000045B0 FwConnectionRequestFailed
      5 4 000040E1 FwCreateInterface
      6 5 00004195 FwDeleteInterface
      7 6 00004504 FwDisableFwInterface
      8 7 0000455A FwEnableFwInterface
      9 8 0000427B FwGetInterface

4.notepad++正则表达式将^.*{8} (+)$替换为($1)得到out4.txt
前25行：
InitHelperDll
LoadClientAdapter
OpenKeyReader
OpenKeyReaderWriter
g_fnStartTransport
CPlApplet
DebugMain
EditAuditInfo
EditOwnerInfo
EditPermissionInfo
FMExtensionProcW
SedDiscretionaryAclEditor
SedSystemAclEditor
SedTakeOwnership
CreateSecurityPage
EditSecurity
IID_ISecurityInformation
ADsBuildEnumerator
ADsBuildVarArrayInt
ADsBuildVarArrayStr
ADsEnumerateNext
ADsFreeEnumerator
ADsGetObject
ADsOpenObject
AdsFreeAdsValues

5.对out4.txt进行正则搜索{60,}，发现最长的api是66个字母

6.对API排序，并去重
open RESULT,'out4.txt';
my $hash=();
foreach $key (<RESULT>)
{
   chomp $key;
   $hash{$key}=length $key;
}
close RESULT;

open RESULT,'>out5.txt';
select RESULT;

for $i (sort keys %hash)
{
   print $hash{$i},"\t",$i,"\n";
}
close RESULT;

结果：

Anonymous 发表于 2014-3-27 20:24:55

顶一个。。。。。。。。。。。。。

fsjaky 发表于 2014-7-7 13:01:21

支持一下，谢谢分享

bigwind 发表于 2017-9-28 19:08:27

好东西下载了

55AA 发表于 2017-10-9 17:47:24

6的飞起

页: [1]

技术宅的结界's Archiver

如何获取系统所有api函数