Identify the list of API’s used in the source code

When we are tasked with auditing a large code base, we are always left with no clue about the product/module. Many a times we can get a clue about the product/module just by looking at its API usage. You can use the STI’s Understand C++ tools scripting feature to get all this information.

I just cooked up a script from the samples provided by the vendor to extract this information.

sub usage($)
    print shift,”\n”;
    print “Usage:\n”;
    print ”  -db database   Specify the Understand database if run from uperl\n”;

use Understand;
use Getopt::Long;
use strict;

sub start()

my ($db, $argDb);
my $help;

       “db=s” => \$argDb,
       “help” => \$help,

# help message
die usage(“”) if ($help);

# open the database
$db = Understand::Gui::db();
if (!$db)
     return usage(“Error, database not specified”) unless $argDb;
     my $status;
     ($db,$status) = Understand::open($argDb);
     return print(“Error opening database: $status\n”) if $status;

foreach my $ent ($db->ents(“Unknown Function”)) {
  #foreach my $ent ($db->ents(“Unknown”)) {
    print $ent->name(),”  [“,$ent->kindname(),”]\n”;
  #print “\n Done.”;

Lets run this script against “minispy” (a sample code provided by Microsoft with its WDK)

You need to run this command against understand DB:
    maintain_uperl “D:\Program Files (x86)\STI\sample\scripts\” -db minispy.udb

    ASSERT  [Unknown Function]
    CONTAINING_RECORD  [Unknown Function]
    ExAllocateFromNPagedLookasideList  [Unknown Function]
    except  [Unknown Function]
    ExDeleteNPagedLookasideList  [Unknown Function]
    ExFreeToNPagedLookasideList  [Unknown Function]
    ExInitializeNPagedLookasideList  [Unknown Function]
    FIELD_OFFSET  [Unknown Function]
    FlagOn  [Unknown Function]
    FltAllocateContext  [Unknown Function]
    FltBuildDefaultSecurityDescriptor  [Unknown Function]
    FltCloseClientPort  [Unknown Function]
    FltCloseCommunicationPort  [Unknown Function]
    FltCreateCommunicationPort  [Unknown Function]
    FltDeleteContext  [Unknown Function]
    FltFreeSecurityDescriptor  [Unknown Function]
    FltGetDeviceObject  [Unknown Function]
    FltGetFileNameInformation  [Unknown Function]
    FltGetRoutineAddress  [Unknown Function]
    FltParseFileNameInformation  [Unknown Function]
    FltRegisterFilter  [Unknown Function]
    FltReleaseContext  [Unknown Function]
    FltReleaseFileNameInformation  [Unknown Function]
    FltStartFiltering  [Unknown Function]
    FltUnregisterFilter  [Unknown Function]
    GetExceptionCode  [Unknown Function]
    InitializeListHead  [Unknown Function]
    InitializeObjectAttributes  [Unknown Function]
    InsertHeadList  [Unknown Function]
    InsertTailList  [Unknown Function]
    InterlockedDecrement  [Unknown Function]
    InterlockedExchange  [Unknown Function]
    InterlockedIncrement  [Unknown Function]
    InterlockedOr  [Unknown Function]
    IS_ALIGNED  [Unknown Function]
    IsListEmpty  [Unknown Function]
    KeAcquireSpinLock  [Unknown Function]
    KeInitializeSpinLock  [Unknown Function]
    KeQuerySystemTime  [Unknown Function]
    KeReleaseSpinLock  [Unknown Function]
    NT_SUCCESS  [Unknown Function]
    ObDereferenceObject  [Unknown Function]
    PAGED_CODE  [Unknown Function]
    PsGetCurrentProcessId  [Unknown Function]
    PsGetCurrentThreadId  [Unknown Function]
    REMAINING_NAME_SPACE  [Unknown Function]
    RemoveHeadList  [Unknown Function]
    ROUND_TO_SIZE  [Unknown Function]
    RtlCopyMemory  [Unknown Function]
    RtlInitUnicodeString  [Unknown Function]
    RtlZeroMemory  [Unknown Function]
    UNREFERENCED_PARAMETER  [Unknown Function]
    ZwClose  [Unknown Function]
    ZwOpenKey  [Unknown Function]
    ZwQueryValueKey  [Unknown Function]

This entry was posted in C/C++, Code review experiance, Windows, Windows VC++ and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s