I am looking for the signature of mainCRTStartup. Is it :
int mainCRTStartup( int argc, char *argv[] )
Or something else ?
I find it so irritating that microsoft isn't even able to give the définition of their own entry points...
Thanks for your help.
In the crtexe.c file, distributed with VisualStudio, you can see the definition. It is:
int mainCRTStartup(void);
The command line is not obtained as an argument to the entry point, but recovered by using the function GetCommandLine().
Related
This is my first time using Ghidra and debugging. My project deals with reverse engineering a Dos executable from 2007, to understand how it generates a code.
I looked for the strings I can read when launching the program through wine (debugging under linux) and found one place :
/* Reverses the string */
__strrev(local_8);
local_4 = 0;
DISPLAY_MESSAGE(s__Code_=_%s_0040704c);
with DISPLAY_MESSAGE being :
int __cdecl DISPLAY_MESSAGE(byte *param_1)
{
int iVar1;
int errorCode;
iVar1 = FUN_004019c0((undefined4 *)&DAT_004072e8);
errorCode = FUN_00401ac0((char **)&DAT_004072e8,param_1,(undefined4 *)&stack0x00000008);
FUN_00401a60(iVar1,(int *)&DAT_004072e8);
return errorCode;
}
I named the function "DISPLAY_MESSAGE" because I saw the string on the screen ;-). I would like to name it printf but its signature does not match the one of printf since it takes byte * instead of char *, ... as input parameters and returns an int instead of void for the actual printf.
The string "Code = %s" (stripping the CRs and new lines) is actually located at address "0040704c", and I am very surprised not to see the variable holding the generated code value instead (that could help me rename the variables).
If I change the signature to the one of printf it yields :
DISPLAY_MESSAGE(s__Code_=_%s_0040704c,local_8)
which looks better, because local_8 could be the code, but I don't know if it is correct to change the signature like this (since then the local variable that I renamed errorCode is never used whereas it was returned before signature change).
void __cdecl DISPLAY_MESSAGE(char *param_1,...)
{
int iVar1;
int errorCode;
iVar1 = FUN_004019c0((undefined4 *)&DAT_004072e8);
FUN_00401ac0((char **)&DAT_004072e8,(byte *)param_1,(undefined4 *)&stack0x00000008);
FUN_00401a60(iVar1,(int *)&DAT_004072e8);
return;
}
So my questions are :
Why is Ghidra appending _0040704c to the string (should it help me, and how should I make use of this piece of info) ?
If my signature change is correct, what prevents Ghidra from finding the correct signature from its analysis ?
Should I think there is a problem with the function signature whenever I see undefinedX as it appears in DISPLAY_MESSAGE ?
Any help greatly appreciated!
I've got an issue with an assignment, but I'm not asking for help to do the assignment, just single problem.
My code is like this:
#include "linux/kernel.h"
#include "linux/unistd.h"
#include <linux/slab.h>
typedef _msg_t msg_t;
struct msg_t { /* members here */ };
static msg_t *bottom = NULL;
static msg_t *top = NULL;
int function_one (argA, argB) {
/* function is working, no need to show code*/
}
int function_two (argA, argB) {
/* function is working, so no need I guess to show the code*/
}
int main(int argc, char ** argv) {
char *in = "This is a testing message";
char msg[50];
int mlen;
function_one(in, strlen(in)+1);
mlen = function_two(msg, 50);
}
Here's the problem: When I do the make command from the directory, I get the error
/home/<username hidden by me>/dm510/linux-3.18.2/arch/um/os-linux/main.c:118:
multipli definition of 'main'
arch/um/kernel/built-in.o:
/home/<username hidden again>/dm510/linux-3.18.2/arch/um/kernel/file_i_created.c:60
first defined here"
What does this error mean? I only defined the main method one time in my own file
The message says you have (at least) two C files, main.c and file_i_created.c that are included in the build. Both have main() functions. (In C, the term is "function", not "method".) Remove one of those source files, or remove/rename the main() function in one of them.
You have multiple approaches here:
Usually there is only one main in a program. If so, decide, which is the actual main and rename the other one
If both mains are essential, you could try putting them in seperate namespaces
Really can't tell without seeing the file_i_created.c code though. Could be something else as well.
I was trying to solve this old lab sheet-
http://csis.bits-pilani.ac.in/faculty/murali/dsa-10/labsheet3_sec4.pdf
So my question is I have to use this method -
int createMaze(Maze *pm, char *mazefilename)
This will enter values in the Maze.But since it is not returning the Maze how can I use it in this method-
Boolean findCheese(Maze m, int n, int posi, int posj, char
**path_so_far, int past_i, int past_j)
Also I cant call findCheese method from createMaze I have to call both of them from another driver.c file.SO is the definitions of the methods wrong or is there someway I can use Maze in both the methods?
In the document you linked to, it says:
Create a driver file maze.c for meeting the objectives of this problem.
This creates the Maze using createMaze. It then calls findCheese to determine the path.
The code will look something like:
Maze m;
createMaze(&m, "some file name");
findCheese(m, ... rest of the arguments ...);
It was working correctly a while ago. But i dont know what was is the error.
My Code:
char oldfn[] = "d://booksdata.txt";
char newfn[] = "d://booksdata_temp.txt";
remove(oldfn);
rename(newfn, oldfn);
Remove function works correctly but my rename function does not work.
From ISO/IEC9899:
7.19.4.2 The rename function
Synopsis
1 #include < stdio.h>
int rename(const char *old, const char *new);
As you can see by the prototype: you are using the old and new arguments in the wrong place.
Just switch then and one error is fixed.
If there is still one... Tell us the error text please.
I think you have the rename() call backwards. It should be:
rename(oldfn, newfn);
Although it wouldn't hurt to have copied the error message in the first place!
Can anybody help me to find out how to call rrd_update_r function of the rrdtool c API from http://oss.oetiker.ch/rrdtool/index.en.html?
It was quite easy to call the non-threadsafe version of rrd_update, but this one is more tricky...
normal rrd_update:
char *updateparams[] = {
"rrdupdate",
rrd_file,
values,
NULL
};
rrd_clear_error();
result = rrd_update(3, updateparams); //argc is first arg
Because the programm has to run in a multithreaded environment I got several errors by not using the threadsafe functions!
But it is not so easy to use rrd_update_r, because it requires a template too...
int rrd_update_r(const char *filename, const char *_template,
int argc, const char **argv);
and I really have no idea how to create one...
char *updateparams[] = {
"rrdupdate",
rrd_file,
values,
NULL
};
rrd_clear_error();
result = rrd_update_r(rrd_file, NULL,3, updateparams);
does not work and produces the following error when executing it...
error: /var/tmp/rrds/1.rrd: expected timestamp not found in data source from rrdupdate
Hopefully someone can help me!
thx and br,
roegi
Well, looking at the source code...
It appears that rrd_update_r does not want to see the "rrupdate" argument. So try just passing rrd_file and values as a 2-element argv.
Actually the source for rrd_update is not hard to read; you can find it in src/rrd_update.c. And rrd_update_r appears to be a much lower-level function that rrd_update itself calls. So this may not actually fix your underlying problem.
Now it is working!
Nemo - thx for your help!
It was not exactly your solution but it was a hint to the right direction!
It works with:
/*
rrd_file is a char * to "/var/tmp/1.rrd"
NULL says not to use a template
1 --> argc
values is a char * to "N:value-1:value-2:.....:value-n"
*/
result = rrd_update_r(rrd_file, NULL, 1, (void *) &values);