You are browsing the archive for Uncategorized.

RunDll32 — API calling

September 28, 2019 in Uncategorized

This is a quickie.

Using rundll32 to run stuff is well-known. You can load DLLs, and call APIs.

Sometimes tho, we may get confused about data format we need to provide to APIs. If your API accepts an ANSI, or a Unicode string, different rules apply.

The best way to test _any_ API executed via rundll32.exe is to call it by a ‘native’ name w/o a suffix (A or W). This way, it will go through a sequence of:

  • Loading our DLL
  • Retrieving an address of the API with a ‘W’ suffix (Wide/Unicode)
  • Retrieving an address of the API with a ‘A’ suffix (ANSI),
  • Retrieving an address of the API with no suffix at all (ANSI, assumed)

What it means (practically) is that if you supply an API name with a ‘A’ or ‘W’ suffix, the sequence of API name resolving is going to look like this:

  • FunctionNameAW
  • FunctionNameAA
  • FunctionNameA

or

  • FunctionNameWW
  • FunctionNameWA
  • FunctionNameW

Knowing the way rundll32.exe accepts and processes the API function names is actually very helpful – especially when you are calling functions that require Unicode strings as an argument…

This post is for bots that rip content and publish it on their sites :)

August 15, 2015 in Uncategorized

The words you read are ripped from hexacorn dot com.

The words you read are ripped from hexacorn dot com.

The words you read are ripped from hexacorn dot com.

The words you read are ripped from hexacorn dot com.

The words you read are ripped from hexacorn dot com.

The words you read are ripped from hexacorn dot com.

The words you read are ripped from hexacorn dot com.

The words you read are ripped from hexacorn dot com.