Flag: Tornado!
Hurricane!
|
|
 Error: Authentication required to access requested resource.
Topic created on: by  .
hi,
the GetPrivateProfileString() function doesn't need a file handle to be passed to, it just opens the file itself (check last param of the API function, first push in the disassembly respectively: http://msdn.microsoft.com/en-us/library/ms724353(VS.85).aspx)
If you were looking for how CreateFile() works internally, you might want to have a look at its callchains (https://www.openrce.org/reference_library/win32_call_chains/XPSP2/KERNEL32/GetPrivateProfileStringA) or disassemble it yourself.
If you disassemble it yourself, you can see the function calling: BaseDllReadWriteIniFile() -> BaseDllReadWriteIniFileOnDisk() -> BaseDllOpenIniFileOnDisk() -> NtOpenFile() and NtReadFile()
|
hi Dennis,
Thanks for your quick reply. Actually while debugging it, I could find CrateFile getting called for the ini file. Another question why cant I see BaseDllReadWriteIniFile, BaseDllReadWriteIniFileOnDisk etc. in my kernel32.dll? :-(
|
hi,
you probably haven't loaded any symbols for kernel32.dll if you can't see BaseDllReadWriteIniFile() and the like. But putting a breakpoint on NtOpenFile() could do the trick if you're debugging the application.
|
|
Thanks a lot for your inputs. It really helped.
|
Note: Registration is required to post to the forums.
|
|
|
|
There are 28,224 total registered users.
|
|
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}