|
Thank you very much! it worked flawlessly!
Gosh! I even tried to use __asm() to pop values off the stack, comparing them and trying to find them to replace them. Can't believe the solution was so simple
Thanks again!
|
|
|
|
|
On My System i got en error when i use it like
typedef int (__stdcall *pS)(SOCKET,char*,int,int);
pS pps = (pS)p[63*4];
int rv = pps(x,b,l,pr);
i have to remove the *4, but only in the none asm code!
if i don't do it i got an exception!
But my a other software is not working with this dll, it crashes!
Can it be that a programm uses fixed addresses of functions in dlls and not a function to get the adresses?
So can i also create a dll wich has the same adresses for the functions?
|
|
|
|
|
also, Wrappit genertaes the following code:
#pragma pack(j)
this should be:
#pragma pack(1)
|
|
|
|
|
"Note that the naked attribute is only valid on x86, and is not available on x64 or Itanium"
(source: Microsoft, Visual C++ Language Reference naked (C++) )
can your Wrappit be enhanced to check the HW platform?
Thank you
|
|
|
|
|
Hi
I have an DLL, when I dump it, all fuctions seems like what you did on your example but there are some functions like this :
5598 15DD 00106288 ?ye@RW@@QBEIXZ
5599 15DE 000DE7E0 @VLDll@16
5606 15E1 000CB368 KingReport
5601 15E2 0004BDF1 _Em@20
do you know what that KingReport is ? and how to create a proxy dll for this kind of dll ?
|
|
|
|
|
First, big thx for your tool.
But you wrote:
typedef int (__stdcall *pS)(SOCKET,char*,int,int);
pS pps = (pS)p[63*4];
int rv = pps(x,b,l,pr);
I need to do this:
typedef int (__stdcall *pS)(SOCKET,char*,int,int);
pS pps = (pS)p[63];
int rv = pps(x,b,l,pr);
Then everything works fine.
|
|
|
|
|
First: Great tool/code, really helped me out!
Line 204:
fprintf(fcpp,"\t\tp[%u] = GetProcAddress(hL,(LPCSTR)%u);\r\n",i,v[i].o);
Should be changed (remove quotes around ordinal number), otherwise GetProcAddress will return 0;
Also, in Visual Studio Express 2005 some warnings occur when the dll has one of the following functions exported:
DllCanUnloadNow,DllGetClassObject,DllInstall,DllRegisterServer,DllUnregisterServer
Those functions should always be private (why?) and are never loaded by ordinal value.
In the DEF file replace
DllCanUnloadNow=__E__4__ @163
by
DllCanUnloadNow=__E__4__ PRIVATE
|
|
|
|
|
When i try to make a proxy for ws2_32.dll with your tool, i get the following error:
Entry Point Not Found - The procedure entry point wsagetlasterror could not be located in the dynamic link library wsock32.dll
So i tried to proxy wsock32.dll too but then the program says it could not be initialized.
Any idea about what happening ?
|
|
|
|
|
Check the parameters of the linker (/def)
|
|
|
|
|
"/def" ??
Is that a command i did not see and missed or are you talking about the generated def file? I work with visual C++ 8.
|
|
|
|
|
http://msdn.microsoft.com/en-us/library/28d6s79h.aspx[^]
The /DEF option passes a module-definition file (.def) to the linker. Only one .def file can be specified to LINK. For details about .def files, see Module-Definition Files.
To set this linker option in the Visual Studio development environment
Open the project's Property Pages dialog box. For details, see Setting Visual C++ Project Properties.
Click the Linker folder.
Click the Input property page.
Modify the Module Definition File property.
To specify a .def file from within the development environment, you should add it to the project along with other files and then specify the file to the /DEF option.
|
|
|
|
|
Any idea about this means ?
http://img228.imageshack.us/img228/7624/again.jpg
When the program loads the proxy DLL this error occures.
modified on Wednesday, July 29, 2009 11:15 AM
|
|
|
|
|
Is this the same machine where you installed Visual Studio?
Send me the Project and revised it.
|
|
|
|
|
Hi, I created this application based on the above to remove the dependencies to other tools (dumpbin). It is a test and can be improved.
Regards.
<br />
#include "stdafx.h"<br />
#include "stdafx.h"<br />
#include "windows.h"<br />
#include "winnt.h"<br />
#include <assert.h><br />
#include <stdio.h><br />
#include <stdlib.h><br />
#include "string.h"<br />
<br />
<br />
int main(int argc, char* argv[])<br />
{<br />
char DefFile[255];<br />
char CppFile[255];<br />
<br />
if(argc!=3)<br />
{<br />
printf("\nMissing parameters ex:");<br />
printf("\nExtractDllExports ws2_32.dll ws2_32");<br />
return 2;<br />
}<br />
memset(DefFile,0,sizeof(DefFile));<br />
memset(CppFile,0,sizeof(CppFile));<br />
sprintf(DefFile,"%s.def",argv[2]);<br />
sprintf(CppFile,"%s.cpp",argv[2]);<br />
FILE *fpdef; <br />
FILE *fpcpp;<br />
if((fpdef=fopen(DefFile, "w+"))==NULL) <br />
{<br />
printf("\Error in CreateFile %s",DefFile);<br />
return 1;<br />
}<br />
if((fpcpp=fopen(CppFile, "w+"))==NULL) <br />
{<br />
printf("\Error in CreateFile %s",CppFile);<br />
return 1;<br />
}<br />
<br />
<br />
HMODULE lib = LoadLibraryExA(argv[1], NULL, DONT_RESOLVE_DLL_REFERENCES);<br />
if(lib==NULL)<br />
{<br />
printf("\nError in LoadLibraryExA. Dll:%s",argv[1]);<br />
return 1;<br />
}<br />
assert(((PIMAGE_DOS_HEADER)lib)->e_magic == IMAGE_DOS_SIGNATURE);<br />
PIMAGE_NT_HEADERS header =PIMAGE_NT_HEADERS((BYTE *)lib + ((PIMAGE_DOS_HEADER)lib)->e_lfanew);<br />
assert(header->Signature == IMAGE_NT_SIGNATURE);<br />
assert(header->OptionalHeader.NumberOfRvaAndSizes > 0);<br />
PIMAGE_EXPORT_DIRECTORY exports = PIMAGE_EXPORT_DIRECTORY((BYTE *)lib + header->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);<br />
PVOID names = (BYTE *)lib + exports->AddressOfNames;<br />
WORD *Ordinals = (WORD*)((BYTE *)lib + exports->AddressOfNameOrdinals);<br />
fputs("\n//**** remember to add the /def parameter to linker ****",fpcpp);<br />
fputs("\n#include <windows.h>",fpcpp);<br />
fputs("\n\nHINSTANCE hLThis = 0;",fpcpp);<br />
fputs("\nHINSTANCE hL = 0;",fpcpp);<br />
char Farproc[255];<br />
memset(Farproc,0,sizeof(Farproc));<br />
sprintf(Farproc,"\nFARPROC p[%d] = {0};",exports->NumberOfNames);<br />
fputs(Farproc,fpcpp);<br />
fputs("\nBOOL WINAPI DllMain(HINSTANCE hInst,DWORD reason,LPVOID)",fpcpp);<br />
fputs("\n{",fpcpp);<br />
fputs("\n if (reason == DLL_PROCESS_ATTACH)",fpcpp);<br />
fputs("\n {",fpcpp);<br />
fputs("\n hLThis = hInst;",fpcpp);<br />
char DllName[255];<br />
memset(DllName,0,sizeof(DllName));<br />
sprintf(DllName,"\n hL = LoadLibrary(\"%s\");",argv[1]);<br />
fputs(DllName,fpcpp);<br />
fputs("\n if (!hL) return false;",fpcpp);<br />
<br />
fputs("EXPORTS",fpdef);<br />
for (int i = 0; i < exports->NumberOfNames; i++)<br />
{<br />
char txtFunction[255];<br />
memset(txtFunction,0,sizeof(txtFunction));<br />
WORD w=(WORD )(BYTE *)lib + ((WORD *)Ordinals)[i]+1; <br />
sprintf(txtFunction,"\n%s=__E__%d__ @%d", (BYTE *)lib + ((DWORD *)names)[i],i,w);<br />
fputs(txtFunction,fpdef);<br />
char txtPointer[255];<br />
memset(txtPointer,0,sizeof(txtPointer));<br />
sprintf(txtPointer,"\n p[%d] = GetProcAddress(hL,\"%s\");",i,(BYTE *)lib + ((DWORD *)names)[i]);<br />
fputs(txtPointer,fpcpp);<br />
<br />
}<br />
fputs("\n }",fpcpp);<br />
fputs("\n if (reason == DLL_PROCESS_DETACH)",fpcpp);<br />
fputs("\n {",fpcpp);<br />
fputs("\n FreeLibrary(hL);",fpcpp);<br />
fputs("\n }",fpcpp);<br />
fputs("\n return 1;",fpcpp);<br />
fputs("\n}",fpcpp);<br />
fputs("\n// gethostname",fpcpp);<br />
fputs("\n// Example replace functions ",fpcpp);<br />
fputs("\n//extern \"C\" int __stdcall __E__92__(char *name, int namelen)",fpcpp);<br />
fputs("\n// {",fpcpp);<br />
fputs("\n//call original gethostname",fpcpp);<br />
fputs("\n// typedef int (__stdcall *pS)(char*,int);",fpcpp);<br />
fputs("\n// pS pps = (pS)p[92];",fpcpp);<br />
fputs("\n// int rv = pps(name,namelen);",fpcpp);<br />
fputs("\n// if(rv==0)",fpcpp);<br />
fputs("\n// {",fpcpp);<br />
fputs("\n// memset(name,0,namelen);",fpcpp);<br />
fputs("\n//Manipulate result",fpcpp);<br />
fputs("\n// strcpy(name,\"TestName\");",fpcpp);<br />
fputs("\n// }",fpcpp);<br />
fputs("\n// return rv;",fpcpp);<br />
fputs("\n// }",fpcpp);<br />
fputs("\n//end example;",fpcpp);<br />
for (int i = 0; i < exports->NumberOfNames; i++)<br />
{<br />
char Comentario[255];<br />
char Encabezado[255];<br />
char Salto[255];<br />
memset(Comentario,0,sizeof(Comentario));<br />
memset(Encabezado,0,sizeof(Encabezado));<br />
memset(Salto,0,sizeof(Salto));<br />
sprintf(Comentario,"\n\n//%s",(BYTE *)lib + ((DWORD *)names)[i]);<br />
sprintf(Encabezado,"\nextern \"C\" __declspec(naked) void __stdcall __E__%d__()",i);<br />
sprintf(Salto,"\n jmp p[%u*%u];",i,sizeof(void*));<br />
fputs(Comentario,fpcpp);<br />
fputs(Encabezado,fpcpp);<br />
fputs("\n{",fpcpp);<br />
fputs("\n __asm",fpcpp);<br />
fputs("\n {",fpcpp);<br />
fputs(Salto,fpcpp);<br />
fputs("\n }",fpcpp);<br />
fputs("\n}",fpcpp);<br />
<br />
}<br />
fcloseall();<br />
return 0;<br />
}<br />
<br />
<br />
|
|
|
|
|
There is an error in the last example. It must not be
pS pps = (pS)p[63*4];
but
pS pps = (pS)p[69];
Someone in previous comments got access violation - it is due to this error, not because "(naked)" or something else.
|
|
|
|
|
Hi!
I am new to c++ programming so this question might sound silly.
I am trying to manipulate the parameters and proxy this function:
D3DXMATRIX* WINAPI D3DXMatrixLookAtRH
( D3DXMATRIX *pOut, CONST D3DXVECTOR3 *pEye, CONST D3DXVECTOR3 *pAt,
CONST D3DXVECTOR3 *pUp );
And the code from my proxy dll looks like this:
extern "C" D3DXMATRIX* WINAPI __stdcall __E__205__(D3DXMATRIX *pOut,CONST D3DXVECTOR3 *pEye, CONST D3DXVECTOR3 *pAt, CONST D3DXVECTOR3 *pUp)
{
typedef D3DXMATRIX* (WINAPI __stdcall *pS)(D3DXMATRIX*, CONST D3DXVECTOR3*, CONST D3DXVECTOR3*, CONST D3DXVECTOR3*);
pS pps = (pS)p[205*4];
D3DXMATRIX* rv = pps(pOut,pEye,pAt,pUp);
return rv;
}
I get an unhandled exception. Any idea what am I doing wrong?
|
|
|
|
|
At first glance, I don't see anything wrong. Do ALL functions crash ? If not, then chances are that you calling the function with bad parameters.
1. Is it for a 64-bit dll ? (then you need 205*8!)
2. WINAPI = __stdcall so you do not need both.
3. Check the value of the rv while debugging.
|
|
|
|
|
For the first test I just pass on the parameters on and don't manipulate them. What is interesting if I do this:
(debugging it)
<br />
extern "C" D3DXMATRIX* __stdcall __E__205__(D3DXMATRIX *pOut,CONST D3DXVECTOR3 *pEye, CONST D3DXVECTOR3 *pAt, CONST D3DXVECTOR3 *pUp)<br />
{<br />
<br />
std::ofstream outdata;<br />
outdata.open("C:\\out.txt");<br />
outdata << "Eye:" << pEye->x << " " << pEye->y << " " << pEye->z << std::endl;<br />
outdata.close();<br />
return NULL;<br />
}<br />
The function calls seem to succeed. Because the parameters do have the right values. So I am shore the function is called.
Maybe it has something to do with the first function parameter being the [in, out] parameter? The function out parameter and the returning type are the same. (according to documentation: http://msdn.microsoft.com/en-us/library/bb205343(VS.85).aspx[^])
if I put the rest of the function in I get an unhandled exception at this line of code:
<br />
D3DXMATRIX* rv = pps(pOut,pEye,pAt,pUp);<br />
|
|
|
|
|
When i try to use "proxy2.exe dumpbin /exports wsock32.dll > exports.txt" i get the following written into the exports.txt :
Wrappit. Copyright (C) Chourdakis Michael
Usage: WRAPPIT <dll> <txt> <convention> <new dll="" name=""> <cpp> <def>
==================================================================
I tried diffrent dlls but it didnt work either...
Thanks for answers
Thelod
|
|
|
|
|
Hi there.
Be patient for a few days and I will put wrappit2.cpp which has many bugs fixed.
Michael.
|
|
|
|
|
I 've created a second version which works without inline assembly, by using forwards - and it works with PPC and x64. If anyone interested, mail me , I should update the CP article soon.
|
|
|
|
|
Hey, it's a very handy tool, excellent work.
Can you email me your new version?
Thank you very much.
visit me at
http://usuarios.lycos.es/hernandp
|
|
|
|
|
Thanks for sharing your code with us. Can you send me version 2 please.
I can't make work v1 correctly with borland compiled dll. The original dll uses DLLEntyPoint, which seems to cause the calling application to crash when using the proxy dll.
Another issue in the original code is that the generated name of all functions was always the same because i was not incremented while parsing <txt>.
|
|
|
|
|
|
Thank you for the quick reply Michael.
|
|
|
|
|