Calling functions from VB and using OllyDbg

From: Jim Carlock (anonymous_at_127.0.0.1)
Date: 04/18/04

  • Next message: Jim Carlock: "Re: MOV AX,5100" 
    Date: Sun, 18 Apr 2004 18:25:10 +0000 (UTC)

    I have been tracing through VB created programs, and there
    are a lot of initial calls to msvbvm6.dll before the program
    seems to start. I'm seeing that there is alot of the same thing
    happening other programs as well, but they're not going
    through the msvbvm file. I like OllyDbg quite a bit, but it
    seems to start crashing if I keep digging deeper or if I click
    on the Analyze All Files (the crash occurs if the debugging
    session is already started). I'm very weak in all this, but I'm
    trying to figure out how the following function is working.

    It seems to require two parameters, one being a pointer to
    an array, one being a 4byte number which represents a
    number of files.

    The particular function is:

    SfcGetFiles and is declared in VB6 in this manner:

    Public Declare Function SfcGetFiles Lib "sfcfiles.dll" _
      (ByVal iFileList As Long, ByRef iNumFiles As Long) _
       As Long

    Longs are 32-bit. The file list is supposed to be a pointer
    to a string array. I'm a little off target in that respect. It is
    undocumented and the only thing I've found in reference
    to it is located on the web at:

    http://assarbad.net/stuff/!export/apis_revealed.txt

    Everything else is my babbling about it in Microsoft news-
    groups.

    I am currently using it to throw back a number, which I'm
    thinking is a number of files. I've just started stepping through
    today using OllyDebug and I'm not quite advanced in its
    use, and am looking for some pointers. Or maybe another
    method. And because I'm kind of stumbling through it, it's
    going real slow, so any suggestions at all, hints, help are
    and will be greatly appreciated and I promise to not call
    Georgey a monkey.

    ;-) 

    -- 
Jim Carlock
http://www.bushorchimp.com/
  • Next message: Jim Carlock: "Re: MOV AX,5100"

    Relevant Pages

    • Re: C question : Returning 2D string arrays.
      ... > I'm having problems try to return my string array from my parsing ... This is a typical "dangling pointer" problem. ... Note that it is not ideal to fix the size of your array, ... might end up with a very empty data structure if the input is small. ...
      (comp.programming)
    • Re: String Array from Pointer?
      ... >>I was able to successfully send a string array to an API function. ... >>I have an IntPtr received from another function which should be a pointer ...
      (microsoft.public.dotnet.framework.interop)
    • Re: How to reuse a deleted pointer?
      ... > trying to reuse the deleted pointer but it won't compile. ... > of declaring a pointer to a string array. ...
      (comp.lang.cpp)
    • Re: How to reuse a deleted pointer?
      ... > trying to reuse the deleted pointer but it won't compile. ... > of declaring a pointer to a string array. ...
      (alt.comp.lang.learn.c-cpp)
    • Re: ByVal
      ... >> a pointer to a pointer which would not be valid. ... Public Declare Function BMP_From_DIB Lib "that.dll" (ByVal DIB As Long) As ...
      (microsoft.public.vb.general.discussion)