Page 1 of 1

Injected DLL need length of function

Posted: Tue Jun 11, 2019 8:34 pm
by JuanHuerta
Hi everybody

We have a injected dll file into a process and need to calculate a length of a certain function in memory. Can we use madCodeHook for this like we do for injection or something the disasembler make it easy for this? We would like to now how this can be done

~Juan

Re: Injected DLL need length of function

Posted: Tue Jun 11, 2019 9:06 pm
by iconic
If you're using Delphi you can do this:

Code: Select all

uses madDisasm;

dwCodeLen := ParseFunction(pFunc).CodeLen;
Where "pFunc" is the entrypoint of the function you're targeting (i.e> GetProcAddress() returns this for exported functions). If it's not exported you'll need to provide the pointer yourself through other means, of course.

--Iconic