MFC 应用程序和共享库

Question

I have a application which seems has written in MFC (process hacker and DependencyWalker show link to MFC90).

Also, There is a library(FTD2XX) in the installation path. But the DependencyWalker won't show the MFC90 link for the lib and show:

SetupAPI.dll
KERNEL32.dll
USER32.dll
ADVAPI32.dll

In what framework the lib is built? I don't have experience in MFC. I don't have information in its compiler and if VC++ libs can be used to link with MFC apps.

Answer 1

If you want to log calls going to a dll, the best way is to write a proxy dll (a dll redirection). But for that you must know the signature (syntax) of the function which you are going to override , ie exact number of parameters, their types and return type etc. If I can assume that you somehow can find out signature of all the functions in ftd2xx.dll, then it is merely simple to get it done.

Get dll functions and Ordinal numbers: For this just use dumpbin.exe comes with Visual Studio (use it by running Visual Studio command prompt)

dumpbin.exe /exports {yourpath}\\ftd2xx.dll > ftd2xx.txt

Now your ftd2xx.txt has all the function names and ordinal numbers of the ftd2xx.dll. You can even use your dependency walker to export and get this list.

Create you own dll named ftd2xx.dll: Open Visual Studio, choose VC++ >> Win32 >> Win32 Project >> Dll (with Export symbols option) and finally use #pragma directive to declare all your exported original dll functions within your dll code like below,

//#pragma comment (linker, "/export:<function>=<origdll_name>.<function>,@<ordinal_number>")

#pragma comment (linker, "/export:FT_Open=ftd2xx_.FT_Open,@1")
#pragma comment (linker, "/export:FT_Close=ftd2xx_.FT_Close,@2")
// :
// :
// :
// delcare all your exported functions here with ordinal number
// :
// :
BOOL APIENTRY DllMain( HMODULE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
                     )
{
}

Now, you need to write your own function which can pretend as an original function of ftd2xx.dll which will get called when the application calls a original function of ftd2xx.dll. The below code is just to explain how it works. As I said earlier you need to know the exact signature of the dll functions which you want to override (redirect). And also keep in mind that you need to call the original function after whatever you wanted to do, otherwise you may endup having unexpected behaviour with your application.

Assuming FT_Close() function takes no parameter and returns void, I am putting this just for example in which I override FT_Close() function of ftd2xx.dll with a proxy NewFT_Close() function. Note that, if you override a function, then remove it from #pragma directive and add it in a .def file (add a new ftd2xx.def file to your project and declare your new functions like below).

DEF file example

LIBRARY ftd2xx.dll
EXPORTS
FT_Close = NewFT_Close @2

Dll code example

HINSTANCE   hInstance = NULL;        // handle to ftd2xx.dll
FARPROC     fpFTClose = {NULL};      // function pointer to hold original function address

extern "C" void __stdcall NewFT_Close()
{
    // This is our proxy function for FT_Close()
    // Do whatever you want to do here and the 
    // finally call the original FT_Close() using 
    // the function pointer we got from GetProcAddress()
    typedef void (__stdcall *PFTCLOSE)();
    PFTCLOSE pFc = (PFTCLOSE)fpFTClose;
    if(pFc) pFc();
}

BOOL APIENTRY DllMain( HMODULE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
                     )
{
    switch (ul_reason_for_call)
    {
        case DLL_PROCESS_ATTACH:
            // Load the original dll in to the memory and get the handle
            hInstance = LoadLibraryA("ftd2xx_.dll");
            if(!hInstance) return FALSE;
            // Get the address of the function to be overriden
            fpFTClose = GetProcAddress(hInstance,"FT_Close");
        case DLL_THREAD_ATTACH:
        case DLL_THREAD_DETACH:
        case DLL_PROCESS_DETACH:
            // Our dll is getting unloaded from the application, unload original as well
            FreeLibrary(hInstance);
            break;
    }
    return TRUE;
}

Note that the original dll is referred as ftd2xx_.dll in LoadLibraryA() call. So, rename the original dll to ftd2xx_.dll or name it whatever you want. Build your proxy dll code and take your proxy dll (ftd2xx.dll) to the path where the original ftd2xx.dll present. Now, your application will call ftd2xx.dll (proxy) as usual, but ftd2xx.dll will call the original dll ftd2xx_.dll internally.

Update #1: I kept mentioning that you need to know the signature of the functions your are trying to override, and by luck I just found the ftd2xx.h file in the linux version of the driver.

Linux version of ftd2xx

Download the libftd2xx-i386-1.3.6.tgz file from above link and extract it to a folder (I used 7zip), further extract the .tar file to get the release folder and you'll find ftd2xx.h file within the "release" folder. There you go, now you got complete function signatures of the dll and you know how to write a proxy dll. Good Luck.