"ParseFunction" examines the function which has the entry point "func". The
result is a complex structure which tells us a lot of things about the
examined function: e.g. the beginning and the end of the function code block,
or whether the function can be intercepted by code overwriting. Or whether
there are jumps/calls to unknown targets and so on.
You can also easily get a full disassembly of any function by just giving in
it's start address. The "disAsm" parameter will receive a fully formatted
clear text disassembly of the whole function.
 |
function ParseFunction (func: pointer ) : TFunctionInfo; overload;
function ParseFunction (func: pointer; var disAsm: string) : TFunctionInfo; overload;
|
|
Here is the complete type declaration for "ParseFunction".
|
type
TFunctionInfo = record
IsValid : boolean;
EntryPoint : pointer;
CodeBegin : pointer;
CodeLen : integer;
LastErrorAddr : pointer;
LastErrorNo : cardinal;
LastErrorStr : string;
CodeAreas : array of record
AreaBegin : pointer;
AreaEnd : pointer;
CaseBlock : boolean;
OnExceptBlock : boolean;
CalledFrom : pointer;
Registers : array [0..7] of pointer;
end;
FarCalls : array of record
Call : boolean;
CodeAddr1 : pointer;
CodeAddr2 : pointer;
Target : pointer;
RelTarget : boolean;
PTarget : pointer;
PPTarget : TPPointer;
end;
UnknownTargets : array of record
Call : boolean;
CodeAddr1 : pointer;
CodeAddr2 : pointer;
end;
Interceptable : boolean;
Copy : record
IsValid : boolean;
BufferLen : integer;
LastErrorAddr : pointer;
LastErrorNo : cardinal;
LastErrorStr : string;
end;
end;
|
|