Extracting a single procedure from an object file?
https://stackoverflow.com/questions/9002428
-
19-04-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have a 64-bit COFF object file (no source code or debug info) from which I need to extract a single procedure.
The procedure is relatively short, and its only dependencies are:
- One global variable.
- A couple of imported procedure.
I have already tried disassembling and re-assembling the code; however, for some odd reason, even though the code looks the same in a debugger and a disassembler, it doesn't behave the same way. (I've already tried making sure that the executable sections have the correct flags, etc. but to my knowledge, all of these are correct, and the values also match what they "should" be at runtime.)
So is there any way to directly copy over the function to a new object file (or to delete everything except that function), without having to disassembling and reassemble the code in the process?
La solution
I am not sure, there is are easy way in general case.
For example, multiple procedures can refer for one shared piece of code (i.e. static function). So you need to build call graph for all code blocks in file and and take code blocks that are referred by your procedure. Than you should fix addresses in all jumps and calls, since there will be new code layout.
