Is Export table contains all entries of Win32 Exe functions?

Question

I need to know all of the Win32.exe functions or class methods contained inside its exported table (PE File). Where can I get this information? I understand every section of the PE file format but please tell me how to proceed.

Regards,

Muhammad Usman

Answer 1

The export table only contains entries for exported functions. If you debugging information available, there will usually be entries for most other functions as well. Without that, chances are pretty good that the executable simply doesn't contain any information about functions that haven't been exported.

Answer 2

Use dumpbin that comes with Visual Studio C++ Express or download the OpenWatcom C/C++ package and in there there is a wdump associated with it...

Open Watcom Executable Image Dump Utility Version 1.8
Portions Copyright (c) 1984-2002 Sybase, Inc. All Rights Reserved.
Source code is available under the Sybase Open Watcom Public License.
See http://www.openwatcom.org/ for details.

Usage: wdump [-?abdefipqrsx] [-A] [-B] [-D] [-S] 
   is a DOS EXE file, a Windows or OS/2 executable or DLL,
            a PharLap executable, NLM, a QNX executable,
            an ELF executable, shared library or object file,
            or a COFF object.

Edit: You cannot extract those export functions directly by programmatic means, the utility above will show the addresses using the command line switches including showing the address of the export functions for the 'LoadLibrary', 'FreeLibrary'. When a call to 'GetProcAddress' is used, internally, it is doing a look up on the export directory to find the relevant address of the exported function prior to returning back a function pointer for that exported function.

Edit#2: @UsMan: You can dump the addresses of the exports functions, but to find the signatures is not easy as you would need to disassemble the relevant EXE's and work out the parameters from looking at the call stack. Other than that, if you have a 3rd party DLL, but does not come with a header file and lib file, to show you the function signatures...you are pretty much out of luck except disassemble the code...If you are talking about a release EXE or DLL, it will be harder as the debugging info would have been stripped thereby, loading it into the debugger to work out the stack, calls used and parameters which would be a moot point.

Can you please edit your question to make it more specifically clearer on what is your objective as I'm shooting myself in the foot and risk getting downvoted as a result of your dis-satisfaction with this answer....is it an MFC, ATL, DLL, what is the EXE, DLL, etc...