passing reference object from win32 dll to mfc dll

0
votes

I have hooked a exported MFC DLL function using naked function.

the definition of naked function is as follows :


__declspec(naked)
static void __cdecl GenericHook(void* __this,class CScrollViewAccess* objParam1, class CRect& objParam2,unsigned int iParam1, unsigned long iParam2, char* szParam1,
void* vParam1, class CFont* objParam3,class CFont* objParam4,
                                class CBrush* objParam5)
{       /*function body start*/

    __asm pushad;                   /* first "argument", which is also used to store registers */
    __asm push ecx;                 /* padding so that ebp+8 refers to the first "argument" */

    /* set up standard prologue */
    __asm push ebp;
    __asm mov ebp, esp;
    __asm sub esp, __LOCAL_SIZE;



    if(flg == false)
    {

        //RECT* rct = reinterpret_cast(&objParam2);

        hInst   =   LoadLibrary("C:\\Sample.dll"); /// MFC Dll
        funcPTR =   (CMYCLASS_)(((int)hInst)+((int)0x00001032));
        funcPTR(__this,objParam2);

    /* standard epilogue */
     __asm mov esp, ebp;
     __asm pop ebp;

     __asm pop ecx;                 /* clear padding */
     __asm popad;                   /* clear first "argument" */
     __asm jmp [Trampoline];

}   

    /*function body end*/

The Mfc dll has following function:


    void CMyClass::returnRect(class CRect& objParam)
    {
        int width   = objParam.Width();
        int height  = objParam.Height();
        CPoint pt   = objParam.TopLeft();

        FILE* fp;
        char szEnter[6] = {13,0,10,0,0,0};
        fp = fopen("c:\\LogFolder\\log.txt","ab+");
        fprintf(fp,"Width: %d Height: %d X co-ord: %d Y co-ord: %d\n%s",width,height,pt.x,pt.y,szEnter);
        fclose(fp);
    }

after passing CRect& parameter to the MFC DLL the values logged are wrong.

How to process the reference object?

1
winapivisual-c++mfchook
How CMYCLASS_ (I suppose it's pointer to function) is defined? - Rost
yes it is a pointer to function - rohank
What is the call type for returnRect? If it is __thiscall, this is passed in ecx not onthe stack. - TheSteve
@TheSteve: correct, the calling convention is __stdcall. - rohank
Is it possible to use a debugger and set a break point in returnRect. I might also recommend use ollydbg to step through the generated assember code bit by bit. For the record, passing a CRect & and a CRect* should be the same at the assember level. - TheSteve

1 Answers

0
votes

I have solved this hooking problem as follows:


    extern "C"  __declspec(naked) __declspec(dllexport) void __stdcall GenericHook()
    {        /*function body start*/
        /* set up standard prologue */
        __asm push ebp;
        __asm mov ebp, esp;
        __asm pushad;

       // __asm sub esp, __LOCAL_SIZE;            // Grow stack size
        __asm mov eax,[ebp+4];                    //Return Address
        __asm mov objParam1,eax;
        __asm mov eax,DWORD ptr[ebp+8];            //arg1
        __asm mov objParam2,eax;
        __asm mov eax,DWORD ptr[ebp+12];        //arg2
        __asm mov objParam3,eax;
        __asm mov eax,DWORD ptr[ebp+16];        //arg3
        __asm mov objParam4,eax;
        __asm mov eax,DWORD ptr[ebp+20];        //arg4
        __asm mov objParam5,eax;

        /*-------------PROCESSING START---------------------*/
        fp = fopen("c:\\LogFolder\\log.txt","ab+");
        fprintf(fp,"arg1: %lu~arg2: %lu~arg3: %lu~arg4: %lu~ar5: %lu\n",objParam1,objParam2,objParam3,objParam4,objParam5);
        fprintf(fp,"==========================================================================\n\n");
        fclose(fp);
        /*-------------PROCESSING END-----------------------*/




        /* standard epilogue    
         __asm add esp, __LOCAL_SIZE;*/
         __asm popad;
         __asm mov esp, ebp;   
         __asm pop ebp;
         __asm jmp [Trampoline];   
    }