0

I'm a C# programmer who's doing some reverse-engineering work and I'm having some trouble.

What I'm trying to do is to hook a library function in a remote process and log some data.

I've used API Monitor with some custom type and function definitions for an unknown library (libcef.dll) and I am able to intercept the functions that are defined.

I want to write my own application that hooks those functions. I've opted to use EasyHook in C++ as it seems simpler than having to marshal so much in C# using the managed EasyHook library.

EasyHook requires I define the function I want to hook with the correct function calling convention, identifier and parameters.

However, with the limited knowledge of C++ that I have, I'm able to convert the type definitions that I have for API Monitor (in an XML file) to C++ code which I can then use when defining the function I want to hook (which is cef_parse_url).

So the question is: How do I convert the below API Monitor type definitions (XML) to C++ code?

<ApiMonitor>

<Include Filename="Headers\common.h.xml" />

<Module Name="libcef.dll" CallingConvention="CDECL" OnlineHelp="Google">

    <Variable Name="cef_string_t" Type="Struct">
        <Field Type="wchar_t*"    Name="str" />
        <Field Type="size_t"   Name="length" />
        <Field Type="void*"    Name="dtor" />
    </Variable>
    <Variable Name="const cef_string_t" Type="Alias" Base="cef_string_t" />
    <Variable Name="cef_string_t*" Type="Pointer" Base="cef_string_t" />
    <Variable Name="const cef_string_t*" Type="Pointer" Base="const cef_string_t" />

    <Variable Name="cef_urlparts_t" Type="Struct">
        <Field Type="cef_string_t"  Name="spec" />
        <Field Type="cef_string_t"  Name="scheme" />
        <Field Type="cef_string_t"  Name="username" />
        <Field Type="cef_string_t"  Name="password" />
        <Field Type="cef_string_t"  Name="host" />
        <Field Type="cef_string_t"  Name="port" />
        <Field Type="cef_string_t"  Name="origin" />
        <Field Type="cef_string_t"  Name="path" />
        <Field Type="cef_string_t"  Name="query" />
    </Variable>
    <Variable Name="const cef_urlparts_t" Type="Alias" Base="cef_urlparts_t" />
    <Variable Name="cef_urlparts_t*" Type="Pointer" Base="cef_urlparts_t" />
    <Variable Name="const cef_urlparts_t*" Type="Pointer" Base="const cef_urlparts_t" />

    <!-- Parse funcs -->
  
    <Api Name="cef_parse_url">
        <Param Type="const cef_string_t*"   Name="url" />
        <Param Type="cef_urlparts_t*"      Name="parts" />
        <Return Type="int" />
    </Api>

</Module>

If someone could help me it would mean the world to me. I believe for someone who's intermediate in C++ would be able to easily be able to help me.

Thanks in advance!

StayOnTarget
  • 11,743
  • 10
  • 52
  • 81
kazmerk
  • 11
  • 2

1 Answers1

1

Alright never mind.

The answer was actually quite easy. The extra definitions which made it look so complex aren't important I found.

typedef struct _cef_string_t {
    wchar_t* str;
    size_t length;
    void(*dtor)(wchar_t* str);
} cef_string_t;

typedef struct _cef_urlparts_t {
    cef_string_t spec;
    cef_string_t scheme;
    cef_string_t username;
    cef_string_t password;
    cef_string_t host;
    cef_string_t port;
    cef_string_t path;
    cef_string_t query;
} cef_urlparts_t;

int _cdecl cef_parse_url(const cef_string_t* url, _cef_urlparts_t* parts);
kazmerk
  • 11
  • 2