Function Arguments (Types?)

xUsername · **Joined:** 17 Jan 2010 01:13 **Posts:** 6

Hello.

I have a question. I found a function that encrypts and decrypts packets. I have already tried many ways. I get a crash all the time. Sometimes it is a buffer overflow. Sometimes, accessing a memory address that does not exist.

Here is the function call to the encrypt function:

Code:

004C7D7F  |. 8B56 30        MOV EDX,DWORD PTR DS:[ESI+30]
004C7D82  |. 57             PUSH EDI
004C7D83  |. 03D0           ADD EDX,EAX
004C7D85  |. 8B46 24        MOV EAX,DWORD PTR DS:[ESI+24]
004C7D88  |. 8D4E 42        LEA ECX,DWORD PTR DS:[ESI+42]
004C7D8B  |. 51             PUSH ECX
004C7D8C  |. 52             PUSH EDX
004C7D8D  |. 0346 2C        ADD EAX,DWORD PTR DS:[ESI+2C]
004C7D90  |. 50             PUSH EAX
004C7D91  |. E8 EA24FBFF    CALL XXXXX.0047A280

How do I know what will be used for parameter types?

I am grateful for any help.

Sincerely,
xUsername

aluigi · **Posted:** 25 Jan 2010 14:56

when you reach 004c7d91 watch the stack window and check the arguments.
those where you can use "Follow in Dump" are pointers to memory like input and output buffers or context fields, the other are sizes and flags.

maybe that function is nothing else than a:
decrypt(&ctx, input, output, size);

Luigi Auriemma

Function Arguments (Types?)