Seeing The Forest For The Call Trees

Since Microsoft was kind enough to freely release certain of their multimedia libraries with extensive symbolic information, I thought I would go one step further and start extracting useful intelligence from the libraries in a methodical manner. To that end, I wrote a Perl script that analyzes the disassembly output of a “dumpbin.exe /disasm <file>” command (standard with the Microsoft development tools) and outputs a list of all the functions in the file as well as all the functions the function calls. The list is divided into functions that are not called within the code (these are suspected to be top-level functions) and functions that are referenced.

This is the Perl script in question, gen-calltree-dumpbin.pl. Now that I have composed this tool, I fully recognize that many folks will write in and tell me about standard and much better tools for accomplishing the same task. In any case, I have hosted the output data from several different multimedia-related files from the WinCE toolkit in the Practical Reverse Engineering section of this site:

I threw in Cinepak for old time’s sake. Anyone who has worked on RE’ing the DriverProc() function of a Microsoft VfW interface codec will appreciate the elegance of this bit of script output:


-> _DriverProc
_Load
_Free
_Open
_Close
_QueryAbout
_About
_QueryConfigure
_Configure
_GetState
_SetState
_GetInfo
_Get
_Set
_GetQuality
_SetQuality
_GetDefaultQuality
_GetDefaultKeyframeRate
_CompressQuery
_CompressBegin
_CompressGetFormat
_CompressGetSize
_SetStatusProc
_CompressFramesInfo
_CompressFrames
_Compress
_CompressEnd
_DecompressGetFormat
_DecompressGetPalette
_DecompressSetPalette
_DecompressQuery
_DecompressBegin
_Decompress
_DecompressEnd