I'm looking for a way to determine programmatically what the arguments to a Win32 API implemented in Wine are. I'm trying to implement an API redirection stub that I can use to trace calls into all of the Wine-implemented DLLs. My stub needs to know what each argument passed into the Win32 API, their types and sizes, and whether they reside on the stack or register when calling the routine and finally their return value.
In researching Wine, I have come to find out two tools, winedump and winebuild that may be helpful in doing this but I have yet to find out how to use them correctly to get the information I seek. Maybe they just don't have that capability or maybe I just haven't played with them enough to find all of its uses.
For example, I found that each DLL has a *.spec file which looks to have some of the info I need:
@ stdcall GetSystemTimeAsFileTime(ptr)
Looking at the man pages, this tells me that GetSystemTimeAsFileTime takes in an argument as a pointer but I don't see any return value information here. Also, does this file ever represent arguments passed by value on the stack, like a structure? If so, does it capture how big the structure is? What about function prototypes with variable arguments (similar to printf(...)).. are those capture in the file? Can I also assume (based on the calling convention listed as stdcall) which arguments will be on registers and which will be on the stack?
I know that the DWARF debug info can give me some of what I need but I would have to write a big parser for which I lack the time now. Are there other tools that may make this easier if winedump and winebuild can't help me?
I know this is a lot to ask here but I'm just getting started with Wine and need to come up to speed very fast. Thanks in advance for any help you can provide me.
Roger R. Cruz
Hi Roger,
On Mon, Apr 2, 2012 at 10:41 AM, Roger Cruz roger_r_cruz@yahoo.com wrote:
I'm looking for a way to determine programmatically what the arguments to a Win32 API implemented in Wine are. I'm trying to implement an API redirection stub that I can use to trace calls into all of the Wine-implemented DLLs. My stub needs to know what each argument passed into the Win32 API, their types and sizes, and whether they reside on the stack or register when calling the routine and finally their return value.
I think you want to look at winapi (http://source.winehq.org/source/tools/winapi/).
In researching Wine, I have come to find out two tools, winedump and winebuild that may be helpful in doing this but I have yet to find out how to use them correctly to get the information I seek. Maybe they just don't have that capability or maybe I just haven't played with them enough to find all of its uses.
For example, I found that each DLL has a *.spec file which looks to have some of the info I need:
@ stdcall GetSystemTimeAsFileTime(ptr)
Looking at the man pages, this tells me that GetSystemTimeAsFileTime takes in an argument as a pointer but I don't see any return value information here. Also, does this file ever represent arguments passed by value on the stack, like a structure? If so, does it capture how big the structure is? What about function prototypes with variable arguments (similar to printf(...)).. are those capture in the file? Can I also assume (based on the calling convention listed as stdcall) which arguments will be on registers and which will be on the stack?
Yes. stdcall, cdecl, and fastcall are all documented as to their calling convention. In particular, stdcall and cdecl both accept all arguments on the stack and return through EAX. (They differ in who pops arguments from the stack.) This is basic Win32 stuff, any Windows reference in the last 25+ years ought to tell you it. fastcall is more recent, but they're all up on Wikipedia: http://en.wikipedia.org/wiki/X86_calling_conventions
--Juan
Hi Juan,
Thanks for replying. I am looking at that tool's directory and I'm not sure how to use it. There is little documentation on the sources and a google search didn't provide much help. No matter what directory I run the executables found there, they all give me this error. Is there any documentation on how to use these tools and what is their purpose?
~/sandbox/wine/sources/wine-1.3.36$ ~/sandbox/wine/sources/wine-1.3.36/tools/winapi/winapi_extract winapi_extract: You must run this tool in the main Wine directory or a sub directory
Thanks Roger R. Cruz
________________________________ From: Juan Lang juan.lang@gmail.com To: Roger Cruz roger_r_cruz@yahoo.com Cc: "wine-devel@winehq.org" wine-devel@winehq.org Sent: Monday, April 2, 2012 3:45 PM Subject: Re: Programmatically determining arguments to a WinAPI function
Hi Roger,
On Mon, Apr 2, 2012 at 10:41 AM, Roger Cruz roger_r_cruz@yahoo.com wrote:
I'm looking for a way to determine programmatically what the arguments to a Win32 API implemented in Wine are. I'm trying to implement an API redirection stub that I can use to trace calls into all of the Wine-implemented DLLs. My stub needs to know what each argument passed into the Win32 API, their types and sizes, and whether they reside on the stack or register when calling the routine and finally their return value.
I think you want to look at winapi (http://source.winehq.org/source/tools/winapi/).
In researching Wine, I have come to find out two tools, winedump and winebuild that may be helpful in doing this but I have yet to find out how to use them correctly to get the information I seek. Maybe they just don't have that capability or maybe I just haven't played with them enough to find all of its uses.
For example, I found that each DLL has a *.spec file which looks to have some of the info I need:
@ stdcall GetSystemTimeAsFileTime(ptr)
Looking at the man pages, this tells me that GetSystemTimeAsFileTime takes in an argument as a pointer but I don't see any return value information here. Also, does this file ever represent arguments passed by value on the stack, like a structure? If so, does it capture how big the structure is? What about function prototypes with variable arguments (similar to printf(...)).. are those capture in the file? Can I also assume (based on the calling convention listed as stdcall) which arguments will be on registers and which will be on the stack?
Yes. stdcall, cdecl, and fastcall are all documented as to their calling convention. In particular, stdcall and cdecl both accept all arguments on the stack and return through EAX. (They differ in who pops arguments from the stack.) This is basic Win32 stuff, any Windows reference in the last 25+ years ought to tell you it. fastcall is more recent, but they're all up on Wikipedia: http://en.wikipedia.org/wiki/X86_calling_conventions
--Juan