flat assembler
Message board for the users of flat assembler.

Home Search Register
Log in to check your private messages Log in

Index > Windows > Prototypes Of Native Apis
Author
Thread Post new topic Reply to topic
shakuni



Joined: 11 Oct 2007
Posts: 24
shakuni 14 Nov 2007, 19:18
How can I manually find the prototypes of native APIs ?

Please don't post some link or some book's name (like Gary Nebbet's book) listing the prototypes of the native APIs.
What I want is how can I reverse engineer the ntdll.dll and ntoskrnl.exe to find the prototype myself.(I have fairly good knowledge of reverse engineering so you can use the jargon associated with that).
Code:
push sth
push sth_else
call 0x12345

How do I know what is sth (is it a window handle or pointer to a string or whatever) and sth_else ?

_________________
There is no rule, law or tradition that apply universally... including this one.
Post 14 Nov 2007, 19:18
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7103
Location: Slovakia
vid 14 Nov 2007, 20:25
well, download IDA, open NTDLL.DLL, look at exported procedures, figure out how many arguments procedure thakes and what they mean (using your reversing skills), and there you go.
Post 14 Nov 2007, 20:25
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Main index Download Documentation Examples Message board

Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.