Win2000 module analysis tool
It is well known that many applications for Windows are not only available to Exe files, but also need assistance modules, these modules have different color, and the category is quite, where the most dynamic connection library (DLL) is also: OCX, SYS, etc. Like applications can be divided into 16 bits, 32 bits, 64-bit programs, and modules are also divided into 16-bit, 32-bit, and 64-bit modules. When deleting an application or executable file, the related dynamic link settlement or module often cannot delete clean, time long, forming many "junk files" that makes people. So, usually many people using Windows have concentrated on the DLL files to study which are useful, which is useless, with a view to accurately delete the useless part, complete the so-called system to lose weight, but this is not the center of this discussion. Our purpose is to study the module file from another aspect. The following is one such tool.
a. Introduction
There is a tool for analyzing module files in the Support Tools of Windows2000. The English name is: Dependency Walker, translation is "from the verger", this name is from other words, does not meet the characteristics of Chinese expression. By using verification and viewing reference, translate it as "Module Resolution Tool" is more appropriate. Unlike the above-mentioned purpose, the module analysis tool can detect: the slave relationship of the module, the establishment, function interface, call relationship, and even the programming language used by the module file, the link device used when the program is used. Wait for information, the parsed slave relationship is displayed in a icon format similar to a directory tree. Of course, it is possible to say that there is at least which associated files need to be used, along with the full path of the file, the basic address, version number, computer type, DEBUG information, and other information, etc., it can be described as all aspects.
It is not difficult to see from the nature of this information. For system administrators, system testers, programmers, automatic installation scripts, such information is larger. For ordinary users, be smaller. But it is also not available. Ordinary users can use these resolution results to exclude system failures caused by modules, and system failures caused by modules mainly include:
1. The module is lost. 2. Invalid module. 3. Export / Entrance is incorrect. 4. Cycle error. 5. Module and computer type matching error.
Although the tool is Win2K support tool, it can also run in the operating system environment of Win9x, WinNT3.51, Winnt 4.0, and even Windows CE. The latest version of Dependency Walker is 2.0. This version only supports parsing 32 Bit or 64-bit modules have no 16-bit module.
b. Lookarily negotiated with other tools, this tool has only the version of the GUI interface without command line versions. If you have already installed Support Tools, you can open: "Start -> Program -> Support Tools-> Tools-> Dependency Walker". This is also a tool for an English interface and has an English help file for reference. Let's take a brief introduction: 1. First click on "File | Open" with the mouse. 2. Open an EXE, DLL, OCX, or SYS file to be parsed, and after finding it, the mouse double-click the file name. 3. After double-click, it turns out to "lively" on the window, showing the resolution result of the selected module.
A total of five windows, identify in the rectangular wire frame of five colors,
1. The window of the red wire frame is displayed in a represented method similar to the directory tree. It is displayed by the slave relationship between the modules. Click " " or "-" on the node to expand or fold the branch or fold. This actually shows the call relationship of the module, such as the famous kernel32.dll, is not stopped at one point, that is, this module is called multiple or more.
2. The window of the blue wire frame. Display information about the selected module (ie the blue cursor in the red wire box): This information is: serial number, clue number, function, and login pointer.
3. The green wire box is shown in the C language-based module information: the item is the same, but the method is different, the most obvious is the function section, listing the c function used in the module when the C environment is developed. Name, this is a useful place for programmers for module analysis. The rest is similar to the above.
4. This is a corresponding window with the first red line box, but the information contained more details. The window shows that the information finishing results are as follows:
Project Name Introduction Project Name Introduction Module Name DLL file name first address with hexadecimal address file time flag file establishment time real address (no display valid information) connection time flag file link time actual size with hexadecimal Indicates that the file size does not need to interpret the load order Generally only displaying whether to load attributes, read-only hidden properties file versions, this bank does not need to explain the connection check and link check Product version Real checksum is also used to test the destination icon file version CPU Types No Explanation Linkr Version Subsystem The System Operating System Version Symbols Its Role Not Details Subsystem Version
5. Yellow Rectangle Box is a display error message if you select a 16-bit module file, because the tool does not support 16-bit module resolution, this window displays the relevant error message. When parsing a module file, the items displayed on the menu will be 3 items compared to the above: Edit, Windows, and Profile, which is easy to use. Windiws' role is not to say. Only Profile is more sparsely, and it is marked with a cyan ellipse box in Figure 2, which is an option to establish a so-called "contour file". For the menu item shown in Figure 2, it is difficult to introduce usage one by one, and there is actually necessary to completely introduce it, so only 2 items are introduced: 1. View: This is determined which parses information is displayed. After opening, there are many types of items available for display, information about computer environment, such as system information, etc .; also have window layout, such as toolbars, such as toolbars Status strip, etc., more or about the information of the selected module, you can display the corresponding information as needed to click on the corresponding item as needed. 2. PROFILE: Create "contour file", Figure 4 is a dialog box that appears after the item. Just enter the corresponding parameters and select the list of items, you can generate a corresponding contour file. For the role of contour files and related knowledge, please find the corresponding reference. C. Conclusion Dependency Walker can parse a lot, especially for the debugging of the dynamic connection programs in programming. This tool provides detailed English help files. Help files can be used when Dependency Walker is opened, but can be used alone even if you don't open the Dependency Walker, you can use the path to open the help file to find it in Tools Help.
