?
Solved

How to get a pointer to a function not declared in the interface section?

Posted on 2002-07-22
15
Medium Priority
?
268 Views
Last Modified: 2010-04-04
I need to get a pointer to the InternalReadComponentRes function of the classes unit. The problem is that this function is not declared in the interface section.

Anyone has a solution?
0
Comment
Question by:fsanchez
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 7
15 Comments
 
LVL 20

Expert Comment

by:Madshi
ID: 7171099
Can't you just copy the source code of this function to your own unit? Finding the pointer to this function is quite difficult. You have 3 possibilities:

(1) Use a disassembler unit that programmatically parses your own binary to find the pointer. Possible, but *very* difficult.
(2) Create a map file to your project (see linker options) and parse this file. The address of the function should be in there.
(3) Compile your project with debugger infos and parse those infos (that's possible somehow, but I don't know how).

Regards, Madshi.
0
 
LVL 1

Author Comment

by:fsanchez
ID: 7171134
I have to intercept calls to this function along the whole project, and these calls are always done within the VCL, so copying the function won't work.

I was thinking on a solution similar to (1): detect at runtime the address of the function and modify its code, maybe to derive the execution to my own code or maybe to substitute the TResourceStream it uses by my own class. I don't know if this is possible at all.
0
 
LVL 20

Expert Comment

by:Madshi
ID: 7171176
Look here:

http://help.madshi.net/Data/madCodeHook.htm

This Delphi package allows you to easily hook such a function, it also contains a little disassembler, which may help you finding the address of the function. The package "madCodeHook" is free for non-commercial purpose only.

Regards, Madshi.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 20

Accepted Solution

by:
Madshi earned 800 total points
ID: 7171194
Let me just show you the power of my package. This will probably work to get the desired pointer (not tested):

uses ..., madDisAsm;

procedure Find_InternalReadComponentRes : pointer;
begin
  ParseFunction(@ReadComponentResEx).FarCalls[0].Target;
end;

This little innocent looking code disassembles the function "ReadComponentResEx", and gives you the address of the first function that "ReadComponentResEx" calls, which should be "InternalReadComponentRes". Nice, isn't it?   :-)

Regards, Madshi.
0
 
LVL 1

Author Comment

by:fsanchez
ID: 7171484
It looks great. But I can't use it because I have to distribute full source code.

I have been looking your website and it seems that I need the 'Simple Code Overwriting' approach. I suppose this would not work if the project is compiled with runtime packages, isn't it?

Thank you.
0
 
LVL 20

Expert Comment

by:Madshi
ID: 7171494
>> It looks great. But I can't use it because I have to distribute full source code.

That's bad...   :-(

>> I have been looking your website and it seems that I need the 'Simple Code Overwriting' approach.

Right. Well, I'd prefer the Extended Code Overwriting, but basically the Simple variant works, too...

>> I suppose this would not work if the project is compiled with runtime packages, isn't it?

It should work nevertheless. Hmmmm... Perhaps it would need some tweaking, but I think it should work.

Regards, Madshi.
0
 
LVL 1

Author Comment

by:fsanchez
ID: 7173804
Hi,

I have already found how to get the address of the function. Now I just have to put the jump to my function. I think I have to use the following API:

VirtualProtect(ImportJump^.Proc,5,PAGE_EXECUTE_READWRITE,@SaveProtect);

but I'm not sure about the exact implementation, mainly how to determine the jump address. Can you show me some sample code?

In any case, I have given you the points, you deserve them.

Regards,
Francisco Sanchez
0
 
LVL 20

Expert Comment

by:Madshi
ID: 7173830
"ImportJump"? So I guess you're relying on runtime packages, right? Is that good enough for your purpose? That won't work without runtime packages.

Yes, you have to unprotect the code by using VirtualProtect, that is right. Then you have to create a jump call, 5 bytes are needed. The first byte has to be $E9 (relative JMP assembler instruction), followed by a 4 byte integer, which calculates like this:

dword(@YourHookFunction) - dword(@OriginalFunction) - 5

This calculation may violate integer overflow checking, if your function is located in a lower memory position than the original function is. So please turn the integer overflow check off. Alternatively check which address is bigger to avoid the overflow.

Regards, Madshi.
0
 
LVL 20

Expert Comment

by:Madshi
ID: 7173831
P.S: With overflow checking turned off, the possible overflow is "correct" and works correctly.
0
 
LVL 1

Author Comment

by:fsanchez
ID: 7173837
Sorry about the ImportJump, I was just copying and pasting from an API hook code I have been using. It should be:

VirtualProtect(IRCR,5,PAGE_EXECUTE_READWRITE,@SaveProtect);

where IRCR is a pointer to InternalReadComponentRes.

Thank you again.
0
 
LVL 1

Author Comment

by:fsanchez
ID: 7173838
Sorry about the ImportJump, I was just copying and pasting from an API hook code I have been using. It should be:

VirtualProtect(IRCR,5,PAGE_EXECUTE_READWRITE,@SaveProtect);

where IRCR is a pointer to InternalReadComponentRes.

Thank you again.
0
 
LVL 1

Author Comment

by:fsanchez
ID: 7181755
Any clue on what would be needed to make this work with runtime packages?

I could create a new entry with more points for you if you can give me a working solution with full source code.

Regards,
Francisco Sanchez
0
 
LVL 20

Expert Comment

by:Madshi
ID: 7181757
Browse the export table of the vcl/rtl runtime package(s). I guess "InternalReadComponentRes" should be exported there. So this way it's probably even easier to get the address of the function when using runtime packages. The hooking should be the same.

Regards, Madshi.
0
 
LVL 1

Author Comment

by:fsanchez
ID: 7181790
I have no idea how can I browse the export table programmatically. Or are you talking about a manual process? I have to do this at runtime.
0
 
LVL 20

Expert Comment

by:Madshi
ID: 7181797
Browse it manually to find the exported name, it's a bit cryptical, but contains the full function name. Then at runtime simply call GetProcAddress.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an auto free TStringList The TStringList is a basic and frequently used object in Delphi. On many occasions, you may want to create a temporary list, process some items in the list and be done with the list. In such cases, you have to…
Introduction I have seen many questions in this Delphi topic area where queries in threads are needed or suggested. I know bumped into a similar need. This article will address some of the concepts when dealing with a multithreaded delphi database…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question