Re: RosAsm - exports issue with some DLLs
- From: Betov <betov@xxxxxxx>
- Date: 11 Nov 2006 14:19:53 GMT
Gerry_uk <gerry666uk@xxxxxxxxx> écrivait news:1163246896.14631.0
@demeter.uk.clara.net:
It's important if the list tool isn't working properly in hexacode. Of
course if they're both broken (as they were at the time of writing) it
makes it even more difficult to check them against each other.
Well, i gave you the fix, but i fail to understand the reason
why you would need the Hexa form, if you can't solve the other
problems... What help do you expect form the Hexa, anyway?
The list tool also doesn't show the address, not sure why. The case Ipoint
described before where two exports can have different ordinals but
to the same address would be hard to spot in the list tool right now,
but WOULD show up in the DLL scanner tool.
The DLLScanner is a simple toy for viewing the Exports of a DLL.
The [List]/[Exports] is a kind of "Search" Function showing nothing
but what is found inside the Source. These are Functions of the
Sources Editor. It is just more "friendly" than a regular search
on "::".
I know you said it's not possible to have two exports pointing to the
same address but having the scanning tool working will enable me to
check this.
The only explanation i could imagine for having such a case, would
be about downward compatibility purposes. That is, two old Functions
would have been grouped into a single one... with two different
Names...
Admitting this would be the case, what relationship would this have
with the research of the types of Parameters, passed by the caller?
I understand that you search for a Tool that would tell you what
a DLL Function expects to eat, but there does not exist any, able
to do this: There is no "escape way" out of what you have been told
before. That is:
* You see i the DLL that 'Function1' expects 3 Parameters (ret 0C)
* you see in the original:
push 1
...
push Address
push D§Value
...
call 'DllName.Function1'
* Then, you like it or not, you _have_ to track up what these pushed
things are.
For example, you can guess that '1' is a Flag, like &TRUE, and see,
in the DLL, if you see something like:
Function1::
...
cmp D§ebp+8 1 | je Here
cmp D§ebp+8 0 | jne There
Then, you can make a bet for it to be either &TRUE of &FALSE, but
this can be nothing but a _bet_. There can be as many interpretation
as the human brain is able to invent...
For things like 'Address' or 'D§Value', there does not exist any
way, but to go and see, in the caller, what these things are. If
'Address' is the one of a String, this is easy. If 'D§Value' holds
a pointer to a pointer, you are in the ++ hell... and need to make
node in your head, at tracking _what_ it is, instead of seaching
for a tool that will do it for you: It does not exist.
Betov.
< http://rosasm.org >
PS. About another question, you asked, no, RosAsm cannot debug
the caller and the callee, in two different processes, at once.
At best, when stepping inside the caller, you can enter the DLL
Function with [F7]... which will not help you much, if you have
no cue on what is on the Stack, at this given time.
.
- Follow-Ups:
- Re: RosAsm - exports issue with some DLLs
- From: Gerry_uk
- Re: RosAsm - exports issue with some DLLs
- References:
- RosAsm - exports issue with some DLLs
- From: Gerry_uk
- Re: RosAsm - exports issue with some DLLs
- From: Betov
- Re: RosAsm - exports issue with some DLLs
- From: Gerry_uk
- Re: RosAsm - exports issue with some DLLs
- From: Betov
- Re: RosAsm - exports issue with some DLLs
- From: Gerry_uk
- Re: RosAsm - exports issue with some DLLs
- From: Betov
- Re: RosAsm - exports issue with some DLLs
- From: Gerry_uk
- RosAsm - exports issue with some DLLs
- Prev by Date: Re: Win32 - Debug into Child Process?
- Next by Date: Re: Problem with NASM
- Previous by thread: Re: RosAsm - exports issue with some DLLs
- Next by thread: Re: RosAsm - exports issue with some DLLs
- Index(es):
Relevant Pages
|
