CodeExplorer Posted June 27, 2009 Posted June 27, 2009 Link:http://www.the-interweb.com/serendipity/in...statistics.htmlYesterday I saw a talk given by Frank Boldewin where he mentioned the FreeIconList trick to fool code emulators. At this point I started to wonder what other Win32 API functions are basically unused. Using Ero Carrera's Python library pefile to parse PE files I wrote a small Python script that tries to find out what Win32 API are basically unused.The modus operandi was simple. I read the exported functions of all DLL files in WindowsDir and WindowsDir/system32 and compared them to the functions imported by all EXE/DLL files in WindowsDir, WindowsDir/system32 and my entire Program Files directory.The first result is that most exported functions are apparently basically never used. My script managed to find 127569 exported functions in 1225 DLL files. 104608 of those are never used by the 6615 EXE/DLL files which import functions ("used" is liberally defined as "imported through the import directory" here, of course). That leaves 22961 functions which are actually used.
delldell Posted July 9, 2009 Posted July 9, 2009 very interesting kernel32.dllRandom noteskernel32.dll is surprisingly dominant while gdi32.dll is surprisingly "unused"pefile is extremely awesome and easy to useDon't be confused that API functions like lstrlen are imported 0 times, check lstrlenA and lstrlenW
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now