Re: DLL Exports, determine Arg types and RetVal?




Gerry_uk wrote:
Hi,

IMHO the best tool for the job is "IDA Pro".

This looks too good to be true, I want to buy it already!

Merely loading the DLL and switching to "text" view I'm seeing stuff
like below (beware LINE WRAP), maybe it's too early to get excited but
it appears (?) to have done the job for me, I mean it's decoded the
functions, no other program/debugger I tried was able to show me this info.

---------------------------------------------------------------------------
.text:10006F1D align 10h
.text:10006F20 ; Exported entry 1. DoProcess
.text:10006F20
.text:10006F20 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E
.text:10006F20
.text:10006F20 ; Attributes: bp-based frame
.text:10006F20
.text:10006F20 ; int __cdecl DoProcess(int,int,int,LPCSTR lpFileName,int)
.text:10006F20 public DoProcess
.text:10006F20 DoProcess proc near

So how did IDA do it?

--
Gerry_uk

Note that you can find the free (4.3) version of IDA on the internet if
you look around for it. Certainly not as good as the latest version,
but still better than most of the other disassemblers out there.

Someone also told me that Data Rescue has stopped selling IDA Pro to
just any hacker out there. Seems bizarre to me, but maybe they're
afraid of being busted via the DMCA.
Cheers,
Randy Hyde

.