Breaking Eggs And Making Omelettes

Topics On Multimedia Technology and Reverse Engineering


Seeing The Forest For The Call Trees

January 16th, 2005 by Multimedia Mike

Since Microsoft was kind enough to freely release certain of their multimedia libraries with extensive symbolic information, I thought I would go one step further and start extracting useful intelligence from the libraries in a methodical manner. To that end, I wrote a Perl script that analyzes the disassembly output of a “dumpbin.exe /disasm <file>” command (standard with the Microsoft development tools) and outputs a list of all the functions in the file as well as all the functions the function calls. The list is divided into functions that are not called within the code (these are suspected to be top-level functions) and functions that are referenced.

This is the Perl script in question, Now that I have composed this tool, I fully recognize that many folks will write in and tell me about standard and much better tools for accomplishing the same task. In any case, I have hosted the output data from several different multimedia-related files from the WinCE toolkit in the Practical Reverse Engineering section of this site:

I threw in Cinepak for old time’s sake. Anyone who has worked on RE’ing the DriverProc() function of a Microsoft VfW interface codec will appreciate the elegance of this bit of script output:

-> _DriverProc

Posted in Reverse Engineering, Windows Media | Comments Off

Comments are closed.