I am writing some kind of program, that hooks the API by substituting the DLL wth proxy DLL. But I have one problem:
The parameters for function are passed throgh stack using convention (_STDCALL, PASCAL, ...). But I can't find the way to get the total number of parameters (in stack), their length. May be someone knows how to manage this?
The parameters for function are passed throgh stack using convention (_STDCALL, PASCAL, ...). But I can't find the way to get the total number of parameters (in stack), their length. May be someone knows how to manage this?
Maestro,
Iczelion tries that problem in:
http://spiff.tripnet.se/~iczelion/importlib.html
Is not easy to know the number of parameters passed in the
stack when calling a function.
Sometimes we can disassemble the original called function and
look for the "ret" instruction; if you find "ret 8", sure the
function works with two parameters DWORD size.
You can look for (first parameter);
(second parameter), if the first instructions of the function
are "push ebp - mov ebp, esp". Is not very hard write a
code that look for the opcode of these instructions. A library
to path process ("detour") does so.
Well, is only a idea...
Iczelion tries that problem in:
http://spiff.tripnet.se/~iczelion/importlib.html
Is not easy to know the number of parameters passed in the
stack when calling a function.
Sometimes we can disassemble the original called function and
look for the "ret" instruction; if you find "ret 8", sure the
function works with two parameters DWORD size.
You can look for (first parameter);
(second parameter), if the first instructions of the function
are "push ebp - mov ebp, esp". Is not very hard write a
code that look for the opcode of these instructions. A library
to path process ("detour") does so.
Well, is only a idea...