you can, but you will have to use the symbols for the
PE if you have them, otherwise you have to write some
disassembler to examine the call stacks/heap to see what has
been passed to the next function on the call stack, but
you can not get any names for the IN/OUT parameters,
just addresses and thats all. You need the smybols or a
user-defined way (list, database) to map the function names
to function signatures, but here again the symbols come
Here is a list of diassemblers/decomoilers:
You can have a look at the open source implementations to see
how they handle CodeView/COFF stuff,...or Debugging Symbols
and Debugging Information/Helper Functions in the MSDN for the
case it is Windows you target on,...
Beste Gr�sse / Best regards / Votre bien devoue
Latest Project: http://www.pro-it-education.de/software/deviceremover
Latest Open-Source Projects: http://entwicklung.junetz.de
"glitteringsounds" <firstname.lastname@example.org> schrieb im Newsbeitrag
> As we know that we can extract information like imported/exported
> functions after parsing PE file programatically.
> But we can only take the names (function names imported/exported) of
> methods. We cannot look up their parameters(in/out)names with their
> types and return type of method.(as these parts encoded as HEX)
> Is there any way out to extract these as well..?
> Regards Muhammad Usman Khalil