I see, but I still don't understand the method used here. How can you see the stack entries if you don't disassemble the file? The only way I know of is through WineDbg and that does not seem to be correct. The method on that wiki page appears to require looking at the assembly code. Specifically, it says "ret hhll (where hhll is the number of bytes to remove, i.e. the number of arguments times 4)". As farĀ as I know, ret is assembly code. So the method listed requires disassembly, no?
On Mon, Dec 27, 2021 at 9:00 PM Mohamad Al-Jaf <mohamadaljaf@gmail.com> wrote:
>
> I don't understand this, I thought disassembly of Microsoft DLLs wasn't allowed? Why then does the example show assembly code of the undocumented function?
They're just example functions that some Wine developer wrote and
compiled on their own to validate this method of guessing function
arguments. They're not Microsoft code.
-Alex