Results 1 to 2 of 2
  1. 10-31-2015 #1
    xelipe
    xelipe is offline
    New Member
    xelipe's Avatar
    Join Date
    Oct 2015
    Gender
    male
    Posts
    1
    Reputation
    10
    Thanks
    0
    Send a message via Birdie™ to xelipe Chile

    How to find a function parameters ?

    Hello,

    I have not had trouble finding functions by Olly but do not know how to find the parameters , they could guide me please .

    Example:
    Code:
    004FA860   55               PUSH EBP
004FA861   8BEC             MOV EBP,ESP
004FA863   83EC 14          SUB ESP,14
004FA866   68 66924000      PUSH <JMP.&MSVBVM60.__vbaExceptHandler>
004FA86B   64:A1 00000000   MOV EAX,DWORD PTR FS:[0]
004FA871   50               PUSH EAX
004FA872   64:8925 00000000 MOV DWORD PTR FS:[0],ESP
004FA879   83EC 58          SUB ESP,58
004FA87C   53               PUSH EBX
004FA87D   56               PUSH ESI
004FA87E   57               PUSH EDI
004FA87F   8965 EC          MOV DWORD PTR SS:[EBP-14],ESP
004FA882   C745 F0 F0594000 MOV DWORD PTR SS:[EBP-10],Imperium.00405>
004FA889   33F6             XOR ESI,ESI
004FA88B   8975 F4          MOV DWORD PTR SS:[EBP-C],ESI
004FA88E   8975 F8          MOV DWORD PTR SS:[EBP-8],ESI
004FA891   8975 C4          MOV DWORD PTR SS:[EBP-3C],ESI
004FA894   8975 B4          MOV DWORD PTR SS:[EBP-4C],ESI
004FA897   8975 A4          MOV DWORD PTR SS:[EBP-5C],ESI
004FA89A   8975 A0          MOV DWORD PTR SS:[EBP-60],ESI
004FA89D   6A 11            PUSH 11
004FA89F   68 045F4300      PUSH Imperium.00435F04
004FA8A4   8D45 CC          LEA EAX,DWORD PTR SS:[EBP-34]
004FA8A7   50               PUSH EAX
004FA8A8   FF15 98114000    CALL DWORD PTR DS:[<&MSVBVM60.__vbaAryCo>; MSVBVM60.__vbaAryConstruct2
004FA8AE   6A 01            PUSH 1
004FA8B0   FF15 F8104000    CALL DWORD PTR DS:[<&MSVBVM60.__vbaOnErr>; MSVBVM60.__vbaOnError
004FA8B6   6A 02            PUSH 2
004FA8B8   8D4D 08          LEA ECX,DWORD PTR SS:[EBP+8]
004FA8BB   51               PUSH ECX
004FA8BC   8B55 D8          MOV EDX,DWORD PTR SS:[EBP-28]
004FA8BF   52               PUSH EDX
004FA8C0   E8 5F04F3FF      CALL Imperium.0042AD24
004FA8C5   FF15 A8104000    CALL DWORD PTR DS:[<&MSVBVM60.__vbaSetSy>; MSVBVM60.__vbaSetSystemError
004FA8CB   8D45 CC          LEA EAX,DWORD PTR SS:[EBP-34]
004FA8CE   8945 A0          MOV DWORD PTR SS:[EBP-60],EAX
004FA8D1   8D4D A0          LEA ECX,DWORD PTR SS:[EBP-60]
004FA8D4   894D AC          MOV DWORD PTR SS:[EBP-54],ECX
004FA8D7   C745 A4 11600000 MOV DWORD PTR SS:[EBP-5C],6011
004FA8DE   56               PUSH ESI
004FA8DF   6A 40            PUSH 40
004FA8E1   8D55 A4          LEA EDX,DWORD PTR SS:[EBP-5C]
004FA8E4   52               PUSH EDX
004FA8E5   8D45 B4          LEA EAX,DWORD PTR SS:[EBP-4C]
004FA8E8   50               PUSH EAX
004FA8E9   FF15 68124000    CALL DWORD PTR DS:[<&MSVBVM60.#717>]     ; MSVBVM60.rtcStrConvVar2
004FA8EF   8D4D B4          LEA ECX,DWORD PTR SS:[EBP-4C]
004FA8F2   51               PUSH ECX
004FA8F3   FF15 4C104000    CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrVa>; MSVBVM60.__vbaStrVarMove
004FA8F9   8BD0             MOV EDX,EAX
004FA8FB   8D4D C4          LEA ECX,DWORD PTR SS:[EBP-3C]
004FA8FE   FF15 84134000    CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMo>; MSVBVM60.__vbaStrMove
004FA904   8D4D B4          LEA ECX,DWORD PTR SS:[EBP-4C]
004FA907   FF15 40104000    CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVar
004FA90D   FF15 E0104000    CALL DWORD PTR DS:[<&MSVBVM60.__vbaExitP>; MSVBVM60.__vbaExitProc
004FA913   68 53A94F00      PUSH Imperium.004FA953
004FA918   EB 26            JMP SHORT Imperium.004FA940
004FA91A   FF15 E0104000    CALL DWORD PTR DS:[<&MSVBVM60.__vbaExitP>; MSVBVM60.__vbaExitProc
004FA920   68 53A94F00      PUSH Imperium.004FA953
004FA925   EB 19            JMP SHORT Imperium.004FA940
004FA927   F645 F4 04       TEST BYTE PTR SS:[EBP-C],4
004FA92B   74 09            JE SHORT Imperium.004FA936
004FA92D   8D4D C4          LEA ECX,DWORD PTR SS:[EBP-3C]
004FA930   FF15 CC134000    CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>; MSVBVM60.__vbaFreeStr
004FA936   8D4D B4          LEA ECX,DWORD PTR SS:[EBP-4C]
004FA939   FF15 40104000    CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVar
004FA93F   C3               RETN
004FA940   8D55 CC          LEA EDX,DWORD PTR SS:[EBP-34]
004FA943   8955 A0          MOV DWORD PTR SS:[EBP-60],EDX
004FA946   8D45 A0          LEA EAX,DWORD PTR SS:[EBP-60]
004FA949   50               PUSH EAX
004FA94A   6A 00            PUSH 0
004FA94C   FF15 C8104000    CALL DWORD PTR DS:[<&MSVBVM60.__vbaAryDe>; MSVBVM60.__vbaAryDestruct
004FA952   C3               RETN
    and also the type

    Thank you
    Reply With Quote Reply With Quote
  2. 11-03-2015 #2
    ioctl
    ioctl is offline
    New Member
    ioctl's Avatar
    Join Date
    Nov 2015
    Gender
    female
    Posts
    4
    Reputation
    10
    Thanks
    0
    Send a message via Birdie™ to ioctl United Kingdom
    That function only has one parameter passed to it. Inside EBP+8.
    Code:
    004FA8B8   8D4D 08          LEA ECX,DWORD PTR SS:[EBP+8]
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. How to find function through call
    By NB81 in forum Assembly
    Replies: 3
    Last Post: 11-17-2013, 03:00 PM
  2. [Help] how to find functions with cheat engine debugger
    By iwiniwin in forum General Game Hacking
    Replies: 0
    Last Post: 03-02-2013, 03:32 PM
  3. Advanced Hacking tutorial (How to find adresses for the coolest trainer functions)
    By nukeist_ in forum WarRock - International Hacks
    Replies: 8
    Last Post: 07-09-2007, 03:15 PM
  4. [Tutorial]How to find some Hacks
    By mental81 in forum WarRock - International Hacks
    Replies: 22
    Last Post: 04-06-2007, 10:50 AM
  5. how to find rar pw?
    By tekmo in forum General
    Replies: 1
    Last Post: 10-23-2006, 10:08 AM