-
September 11th, 2012, 04:11 PM
#1
GetProcAddress()
When using GetProcAddress() to retrieve the address of a DLL function - how do we know whether the function has cdecl calling convention or stdcall?
"A problem well stated is a problem half solved.” - Charles F. Kettering
-
September 11th, 2012, 07:32 PM
#2
Re: GetProcAddress()
Originally Posted by John E
When using GetProcAddress() to retrieve the address of a DLL function - how do we know whether the function has cdecl calling convention or stdcall?
You're assuming this information is available using GetProcAddress. It isn't.
The only way I know of without having the calling convention documented is to take a look at the assembly code and see how the parameters are placed on the stack and how the return is handled.
Regards,
Paul McKenzie
-
September 13th, 2012, 03:39 AM
#3
Re: GetProcAddress()
Completing what Paul already stated.
Generally, when you are using a function exported from whatever DLL, you have its documentation so you know which calling convention is used.
Othewise, can guess that most of WinAPI functions uses __stdcall for smaller resulted code reason, while CRT may use __cdecl which allows variable-arguments functions call.
I said this just FYI, as long as both WinAPI and CRT are well documented.
See also __stdcall and __cdecl in MSDN.
-
September 13th, 2012, 08:20 AM
#4
Re: GetProcAddress()
Originally Posted by John E
how do we know whether the function has cdecl calling convention or stdcall?
There always should be some documentation for the DLL, at least header file should be in hands. This is where you know from.
But when you have no header, you can only guess.
Say you can see the following export: ?foo@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAV?$CArray@NABN@@@Z
You're lucky, as this is C++ function with normal mangled name which you can decipher alright:
Code:
E:\Temp\668>undname ?foo@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAV?$CArray@NABN@@@Z
Microsoft (R) C++ Name Undecorator
Copyright (C) Microsoft Corporation. All rights reserved.
Undecoration of :- "?foo@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAV?$CArray@NABN@@@Z"
is :- "class ATL::CStringT<char,class StrTraitMFC_DLL<char,class ATL::ChTraitsCRT<char> > > __cdecl foo(class CArray<double,double const &> &)"
And say you can see this: _boo@8
Again you're lucky as this is _boo@8 explicitly indicates that boo is extern "C" __stdcall.
The worst case is: goo
This can be anything, as any specific mangling is stripped off by using DEF file. And now you can find out the calling convention only from .h file or by getting to disassembler.
Good news, x64 architecture implements only a single convention type, so you always know it.
Best regards,
Igor
-
September 13th, 2012, 08:21 AM
#5
Re: GetProcAddress()
Originally Posted by John E
how do we know whether the function has cdecl calling convention or stdcall?
There always should be some documentation for the DLL, at least header file should be in hands. This is where you know from.
But when you have no header, you can only guess.
Say you can see the following export: ?foo@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAV?$CArray@NABN@@@Z
You're lucky, as this is C++ function with normal mangled name which you can decipher alright:
Code:
E:\Temp\668>undname ?foo@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAV?$CArray@NABN@@@Z
Microsoft (R) C++ Name Undecorator
Copyright (C) Microsoft Corporation. All rights reserved.
Undecoration of :- "?foo@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAV?$CArray@NABN@@@Z"
is :- "class ATL::CStringT<char,class StrTraitMFC_DLL<char,class ATL::ChTraitsCRT<char> > > __cdecl foo(class CArray<double,double const &> &)"
And say you can see this: _boo@8
Again you're lucky as this _boo@8 explicitly indicates that boo is extern "C" __stdcall.
The worst case is: goo
This can be anything, as any specific mangling is stripped off by using DEF file. And now you can find out the calling convention only from .h file or by getting to disassembler.
Good news, x64 architecture implements only a single convention type, so you always know it.
Best regards,
Igor
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|