I would like to list all exported functions in a DLL and dump their bytes. It's pretty trivial to list all the exports using either dumpbin or rabin2 from the radare2 package. I also found a way to disassemble the whole DLL using dumpbin but there's no way to see function boundaries in the dump.
I'm looking for a way to disassemble (with bytes) or ideally just dump the bytes for for a specific or all functions inside a DLL. I don't mind parsing the output if it's got some other information in it. I've tried all kids of tools and so far I was not able to achieve what I need.
One of the possible directions would be to script radare2 to do that.
In order to dump a function's bytes, you will have to know where that function ends.
You could do some static analysis which might work or you could do one of the following:
For 64-bit executables, you can parse the .pdata section which contains a list of RUNTIME_FUNCTIONs. DUMPBIN can do that using either the /unwindinfo or /pdata option.
Note that this may not include every exported function, see reference.
The second option, which works for both 32 and 64-bit executables, is to make use of the DIA SDK
(see IDiaSymbol::get_length). This should cover all exported and non-exported functions but requires you to have access to the executable's .pdb file.