A Simple Python Wrapper to Undecorate Visual Studio Linker Symbol Names

While writing a Windows binary program analyzer, I needed a name unmangler which returns a function name and its namespace. Since I am writing the program analyzer with Python and C++, I first tried to find a python name unmangler. But so far, there is no python unmangler. There was a discussion about the need of the python unmangler script at OpenRCE. Anyway, I planed to write a C function that calls the UnDecorateSymbolName function (in Debug Help Library) and a python wrapper using SWIG. 

To use UnDecorateSymbolName function, DbgHelp.dll is required, which is contained in 'Debugging Tools for Windows' from msdn. The syntax of UnDecorateSymbolName function is

DWORD WINAPI UnDecorateSymbolName(
  __in   PCTSTR DecoratedName,
  __out  PTSTR UnDecoratedName,
  __in   DWORD UndecoratedLength,
  __in   DWORD Flags
);

Of the 'Flags' parameter options, 'UNDNAME_NAME_ONLY' option was what I needed. 

I wrote a C function to unmangle a name. 









/* undname2.c */


#include <windows.h>


#include <dbghelp.h>


#include <stdio.h>






char* getUndecorateSymbolName(char* name)


{

	char buf[1000];	

	int und_len;

	char* ret;





	buf[0] = 0;

	und_len = UnDecorateSymbolName(name, buf, sizeof(buf), UNDNAME_NAME_ONLY);

	if (und_len == NULL) {

		return name;

	}

	else

	{

		ret = (char*)malloc(und_len+1);

		strncpy(ret,buf,und_len);

		ret[und_len]=0;

		return ret;

	}


}










This function tries to unmangle a name and returns a string of unmangled name if success, and returns the input argument if fail. 






And here is an interface file for SWIG. 









/* undname2.i */


%module undname2


%{


extern char* getUndecorateSymbolName(char* name);


%}


extern char* getUndecorateSymbolName(char* name);













The instructions are how I built this project with Visual Studio 2005. 






1. generate wrapper C file using SWIG.








D:\home\undname_python_wrapper>swig -python undname2.i






We now have two C file - 'undname2.c' and 'undname2_wrap.c'.






2. Create a Visual Studio project using Empty Project and change project properties.













3. Change the configuration type to DLL. 








4. Add include directories. "$(DBGSDK_INC_PATH)";"$(PYTHON_INCLUDE)"



The following environments should be added first. 








SET PYTHON_INCLUDE=C:\Python25\include


SET DBGSDK_INC_PATH=C:\Program Files\Debugging Tools for Windows (x86)\sdk\inc








The environment variables varies depending the directories that the debugging tools and python are installed. 
















5. Change output file as follow. 















6. Add additional libraries. "$(PYTHON_LIB)" "$(DBGSDK_LIB_PATH)\i386\dbghelp.lib"


The following environments should be added first. 







SET DBGSDK_LIB_PATH=C:\Program Files\Debugging Tools for Windows (x86)\sdk\lib




SET PYTHON_LIB=C:\Python25\libs\python25.lib












The environment variables varies depending the directories that the debugging tools and python are installed. 












7. Build solution. 






After building the solution, we can test python wrapper. 






The example is as follow. 









D:\home\undname_python_wrapper>python


Python 2.5.1 (r251:54863, Apr 18 2007, 08:51:08) [MSC v.1310 32 bit (Intel)] on


win32


Type "help", "copyright", "credits" or "license" for more information.


>>> import undname2


>>>


>>> undname2.getUndecorateSymbolName('?AfxGetResourceHandle@@YGPAUHINSTANCE__@@XZ')


'AfxGetResourceHandle'


>>> undname2.getUndecorateSymbolName(

'?DEREncode@AsymmetricAlgorithm@CryptoPP@@QBEXAAVBufferedTransformation@2@@Z')


'CryptoPP::AsymmetricAlgorithm::DEREncode'


>>>


>>>

Here is essential files to run my python wrapper. 

undname_python_wrapper.zip

Here is the src code. 

undname_python_wrapper_src.zip