ParseFunction 

www.madshi.net

"ParseFunction" examines the function which has the entry point "func". The result is a complex structure which tells us a lot of things about the examined function: e.g. the beginning and the end of the function code block, or whether the function can be intercepted by code overwriting. Or whether there are jumps/calls to unknown targets and so on.

You can also easily get a full disassembly of any function by just giving in it's start address. The "disAsm" parameter will receive a fully formatted clear text disassembly of the whole function.

function ParseFunction (func: pointer                    ) : TFunctionInfo; overload;
function ParseFunction (func: pointer; var disAsm: string) : TFunctionInfo; overload;

Here is the complete type declaration for "ParseFunction".

type
  TFunctionInfo = record
    IsValid        : boolean;
    EntryPoint     : pointer;
    CodeBegin      : pointer;
    CodeLen        : integer;
    LastErrorAddr  : pointer;
    LastErrorNo    : cardinal;
    LastErrorStr   : string;
    CodeAreas      : array of record
                       AreaBegin     : pointer;
                       AreaEnd       : pointer;
                       CaseBlock     : boolean;
                       OnExceptBlock : boolean;
                       CalledFrom    : pointer;
                       Registers     : array [0..7] of pointer;
                     end;
    FarCalls       : array of record
                       Call          : boolean;  // is it a CALL or a JMP?
                       CodeAddr1     : pointer;  // beginning of call instruction
                       CodeAddr2     : pointer;  // beginning of next instruction
                       Target        : pointer;
                       RelTarget     : boolean;
                       PTarget       : pointer;
                       PPTarget      : TPPointer;
                     end;
    UnknownTargets : array of record
                       Call          : boolean;
                       CodeAddr1     : pointer;
                       CodeAddr2     : pointer;
                     end;
    Interceptable  : boolean;
    Copy           : record
                       IsValid       : boolean;
                       BufferLen     : integer;
                       LastErrorAddr : pointer;
                       LastErrorNo   : cardinal;
                       LastErrorStr  : string;
                     end;
  end;