• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 734
  • Last Modified:

Exported functions from injected DLL

I am injecting a DLL into another EXE process. The other EXE process has other DLL's loaded into it.
What I want to do is use the exported functions of the other DLL's. The other DLL doesn't have actual function names but I do have the cardinal name of the function.
Here is an example of a function from the DLL. This is the GetTextWidth function:

type
TGetTextWidth=function(text: widestring): integer;
var
GetTextWidth: TGetTextWidth;
myint: integer;
begin
hmod:=GetModuleHandle('EXTRAFUNCS.DLL');
@GetTextWidth:=GetProcAddress(hmod,pchar($2789));
myint:=GetTextWidth('test');

for some reason the value returned is always "504". I believe this is the address or offset to the value but it is Definetly not the correct value. (I haven't tried booting my computer to see if it changes).

Another note:the DLL is made in C++. The function GetTextWidth goes like this : int __fastcall, (wchar_t * wText)

I need to know if I am declaring the function wrong or calling it wrong. Any help is appreciated and will get some points. Thanks!
0
GiulianoB
Asked:
GiulianoB
  • 5
  • 4
1 Solution
 
MadshiCommented:
It has to be:

type TGetTextWidth=function(text: PWideChar): integer;

C++ doesn't know Delphi's "wideString" type.
0
 
GiulianoBAuthor Commented:
that didn't make a difference. Am I calling GetProcAddress correctly to get an ordinal function ?
0
 
MadshiCommented:
Looks alright to me.

Try using this:

var strVar;
begin
  madDisAsm.ParseFunction(@GetTextWidth, strVar);

Then save that strVar into a text file and post it here. Maybe we can see what's wrong then.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
GiulianoBAuthor Commented:
what type is strVar ?
0
 
GiulianoBAuthor Commented:
6f8aa2a0 public #10121:                   ; function entry point
6f8aa2a0   push    ebx
6f8aa2a1   push    ebp
6f8aa2a2   push    esi
6f8aa2a3   push    edi
6f8aa2a4   mov     esi, ecx
6f8aa2a6   call    dword ptr [$6f8ba06c]  ; ?strlen@Unicode@@SIHPBU1@@Z
6f8aa2a6
6f8aa2ac   xor     edi, edi
6f8aa2ae   xor     ebx, ebx
6f8aa2b0   cmp     [esi], di
6f8aa2b3   mov     ebp, eax
6f8aa2b5   jz      loc_6f8aa2db
6f8aa2b5
6f8aa2b7 loc_6f8aa2b7:
6f8aa2b7   cmp     edi, ebp
6f8aa2b9   jge     loc_6f8aa2db
6f8aa2b9
6f8aa2bb   mov     cx, [esi]
6f8aa2be   cmp     cx, $a
6f8aa2c2   jz      loc_6f8aa2d1
6f8aa2c2
6f8aa2c4   call    dword ptr [$6f8fe20c]
6f8aa2c4
6f8aa2ca   xor     ecx, ecx
6f8aa2cc   mov     cl, [eax+3]
6f8aa2cf   add     ebx, ecx
6f8aa2d1
6f8aa2d1 loc_6f8aa2d1:
6f8aa2d1   add     esi, 2
6f8aa2d4   inc     edi
6f8aa2d5   cmp     word ptr [esi], 0
6f8aa2d9   jnz     loc_6f8aa2b7
6f8aa2d9
6f8aa2db loc_6f8aa2db:
6f8aa2db   pop     edi
6f8aa2dc   pop     esi
6f8aa2dd   mov     eax, ebx
6f8aa2df   pop     ebp
6f8aa2e0   pop     ebx
6f8aa2e1   ret
0
 
MadshiCommented:
Hmmmm... Delphi stores the first parameter in EAX, C++ seems to use ECX when using fastcall. Try this:

type TGetTextWidth=function(dummy1, dummy2: integer; text: PWideChar): integer;

Fill in 0 for the dummy parameters.
0
 
GiulianoBAuthor Commented:
Wow! You never seize to amaze me Madshi ^_^

Looking at the ASM code my only guess is that we want to store the parameter in ECX so the first two pushes, you put the dummy ints for them.
is that right ?
0
 
GiulianoBAuthor Commented:
btw: Delphi doesn't have any way to do fastcalls ?
0
 
MadshiCommented:
>> is that right ?

Yes.

>> btw: Delphi doesn't have any way to do fastcalls ?

Not directly. But seemingly you can simulate it with those dummy parameters.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now