WhiteOwl
March 8th, 2007, 04:06 PM
Heya,
How can one discover the parameters expected by a Native undocumented Win API function?
Yes I know many many such functions are documented in various places such as the DDK, some web-sites and books such as Gary Nebbett', but still the spirit of exploration makes we want to know *how* it's done.
I took some time to play with a WinDbg and others, but as far as I know, it only let's you see structs/variables (dt) etc. while you also -can- watch the Nt/Zw functions in NTDLL with disassembly (u), it only shows me that both function really calls to the Kernel version of the function.....passing some values using MOV....which is not that insightful...
Anyone?
How can one discover the parameters expected by a Native undocumented Win API function?
Yes I know many many such functions are documented in various places such as the DDK, some web-sites and books such as Gary Nebbett', but still the spirit of exploration makes we want to know *how* it's done.
I took some time to play with a WinDbg and others, but as far as I know, it only let's you see structs/variables (dt) etc. while you also -can- watch the Nt/Zw functions in NTDLL with disassembly (u), it only shows me that both function really calls to the Kernel version of the function.....passing some values using MOV....which is not that insightful...
Anyone?