Jump to content

How to find out how to call in dll without documentation about the dll

TomCat

By TomCat
in AutoIt General Help and Support

 Share

Recommended Posts

TomCat Wayfarer

TomCat

Posted
Posted (edited)

Hi I wand to call an not documented dll file to get some ID back.

I have an Programm (written in vb) that use this dll to get the ID but i want to use it in my own autoit programm.

All i have is some code from my disassembler: (IDA)

; CODE XREF: sub_401000+2EFj

.text:00401190 lea ecx, [esp+0B74h+var_404]

.text:00401197 push ecx

.text:00401198 call ds:?GenerateTextKey@CPlayerAccount@@SA_NPAD@Z ; CPlayerAccount::GenerateTextKey(char *)

.text:0040119E lea edx, [esp+774h]

.text:004011A5 push edx

.text:004011A6 call ds:?SetTextKey@CPlayerAccount@@SA_NPAD@Z ; CPlayerAccount::SetTextKey(char *)

.text:004011AC push 0FFh

.text:004011B1 lea eax, [esp+67Dh]

.text:004011B8 push ebx

.text:004011B9 push eax

.text:004011BA mov [esp+684h], bl

.text:004011C1 call sub_4060D0

.text:004011C6 push 0FFh

.text:004011CB lea ecx, [esp+381h]

.text:004011D2 push ebx

.text:004011D3 push ecx

.text:004011D4 mov [esp+388h], bl

.text:004011DB call sub_4060D0

.text:004011E0 push 0FFh

.text:004011E5 lea edx, [esp+48Dh]

.text:004011EC push ebx

.text:004011ED push edx

.text:004011EE mov [esp+494h], bl

.text:004011F5 call sub_4060D0

.text:004011FA mov edx, [esp+0B98h+var_B58.lStructSize]

.text:004011FE add esp, 2Ch

.text:00401201 lea eax, [esp+0B6Ch+flOldProtect]

.text:00401205 push eax

.text:00401206 lea ecx, [esp+674h]

.text:0040120D push ecx

.text:0040120E push ebx

.text:0040120F push ebx

.text:00401210 push offset aInstallkey ; "InstallKey"

.text:00401215 push edx

.text:00401216 mov [esp+0B84h+flOldProtect], ebp

.text:0040121A call edi

.text:0040121C mov edx, [esp+0B74h+hKey]

.text:00401220 lea eax, [esp+0B74h+cbData]

.text:00401224 push eax

.text:00401225 lea ecx, [esp+0B78h+var_80C]

.text:0040122C push ecx

.text:0040122D push ebx

.text:0040122E push ebx

.text:0040122F push offset aMpaccountname ; "MPAccountName"

.text:00401234 push edx

.text:00401235 mov [esp+0B8Ch+cbData], ebp

.text:00401239 call edi

.text:0040123B mov edx, [esp+0B74h+hKey]

.text:0040123F lea eax, [esp+0B74h+cbData]

.text:00401243 push eax

.text:00401244 lea ecx, [esp+0B78h+var_70C]

.text:0040124B push ecx

.text:0040124C push ebx

.text:0040124D push ebx

.text:0040124E push offset aMpaccountnames ; "MPAccountNameSig"

.text:00401253 push edx

.text:00401254 mov [esp+0B8Ch+cbData], ebp

.text:00401258 call edi

.text:0040125A lea eax, [esp+0B74h+var_60C]

.text:00401261 push offset aWt ; "wt"

.text:00401266 push eax

.text:00401267 call sub_401560

.text:0040126C mov esi, eax

.text:0040126E add esp, 8

.text:00401271 cmp esi, ebx

.text:00401273 jnz short loc_40128A

.text:00401275 push 10h ; uType

.text:00401277 push offset aError ; lpCaption

.text:0040127C push offset aErrorWritingFi ; lpText

.text:00401281 push ebx ; hWnd

.text:00401282 call ds:MessageBoxA

.text:00401288 jmp short loc_4012E2

.text:0040128A ; ---------------------------------------------------------------------------

The red parts are the funtions im interested in ^^

Green are the 3 Strings I want to get from this dll file. But this is all new for me :) is here anybody who know about such things who can help me ?

Its nothing illegal :)

Edited by TomCat
trancexx Universalist

trancexx

Posted
Posted

Hi I wand to call an not documented dll file to get some ID back.

I have an Programm (written in vb) that use this dll to get the ID but i want to use it in my own autoit programm.

All i have is some code from my disassembler: (IDA)

; CODE XREF: sub_401000+2EFj

.text:00401190 lea ecx, [esp+0B74h+var_404]

.text:00401197 push ecx

.text:00401198 call ds:?GenerateTextKey@CPlayerAccount@@SA_NPAD@Z ; CPlayerAccount::GenerateTextKey(char *)

.text:0040119E lea edx, [esp+774h]

.text:004011A5 push edx

.text:004011A6 call ds:?SetTextKey@CPlayerAccount@@SA_NPAD@Z ; CPlayerAccount::SetTextKey(char *)

.text:004011AC push 0FFh

.text:004011B1 lea eax, [esp+67Dh]

.text:004011B8 push ebx

.text:004011B9 push eax

.text:004011BA mov [esp+684h], bl

.text:004011C1 call sub_4060D0

.text:004011C6 push 0FFh

.text:004011CB lea ecx, [esp+381h]

.text:004011D2 push ebx

.text:004011D3 push ecx

.text:004011D4 mov [esp+388h], bl

.text:004011DB call sub_4060D0

.text:004011E0 push 0FFh

.text:004011E5 lea edx, [esp+48Dh]

.text:004011EC push ebx

.text:004011ED push edx

.text:004011EE mov [esp+494h], bl

.text:004011F5 call sub_4060D0

.text:004011FA mov edx, [esp+0B98h+var_B58.lStructSize]

.text:004011FE add esp, 2Ch

.text:00401201 lea eax, [esp+0B6Ch+flOldProtect]

.text:00401205 push eax

.text:00401206 lea ecx, [esp+674h]

.text:0040120D push ecx

.text:0040120E push ebx

.text:0040120F push ebx

.text:00401210 push offset aInstallkey ; "InstallKey"

.text:00401215 push edx

.text:00401216 mov [esp+0B84h+flOldProtect], ebp

.text:0040121A call edi

.text:0040121C mov edx, [esp+0B74h+hKey]

.text:00401220 lea eax, [esp+0B74h+cbData]

.text:00401224 push eax

.text:00401225 lea ecx, [esp+0B78h+var_80C]

.text:0040122C push ecx

.text:0040122D push ebx

.text:0040122E push ebx

.text:0040122F push offset aMpaccountname ; "MPAccountName"

.text:00401234 push edx

.text:00401235 mov [esp+0B8Ch+cbData], ebp

.text:00401239 call edi

.text:0040123B mov edx, [esp+0B74h+hKey]

.text:0040123F lea eax, [esp+0B74h+cbData]

.text:00401243 push eax

.text:00401244 lea ecx, [esp+0B78h+var_70C]

.text:0040124B push ecx

.text:0040124C push ebx

.text:0040124D push ebx

.text:0040124E push offset aMpaccountnames ; "MPAccountNameSig"

.text:00401253 push edx

.text:00401254 mov [esp+0B8Ch+cbData], ebp

.text:00401258 call edi

.text:0040125A lea eax, [esp+0B74h+var_60C]

.text:00401261 push offset aWt ; "wt"

.text:00401266 push eax

.text:00401267 call sub_401560

.text:0040126C mov esi, eax

.text:0040126E add esp, 8

.text:00401271 cmp esi, ebx

.text:00401273 jnz short loc_40128A

.text:00401275 push 10h ; uType

.text:00401277 push offset aError ; lpCaption

.text:0040127C push offset aErrorWritingFi ; lpText

.text:00401281 push ebx ; hWnd

.text:00401282 call ds:MessageBoxA

.text:00401288 jmp short loc_4012E2

.text:0040128A ; ---------------------------------------------------------------------------

The red parts are the funtions im interested in ^^

Green are the 3 Strings I want to get from this dll file. But this is all new for me :) is here anybody who know about such things who can help me ?

Its nothing illegal :)

What it means to call not documented dll file? You mean to call exported function(s)?

♡♡♡

.

eMyvnE

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...