Sign in with
Sign up | Sign in
Your question

Help With EXE Procedure Calls

Last response: in Applications
Share
May 29, 2010 10:47:13 PM

Hey guys

I have some very urgent help I need from some of you experts out there

I have a bunch of DLLs I replaced for a Windows application with the same names.

The DLLs procedures are slightly different though.

Now my EXE won't run, because of procedure entry point errors.

I need some tools and basic directions on how I can go in to this EXE and edit its procedure calls, so it can execute the DLLs properly.

I do NOT have the language or source code for this exe.

Any help would ROCK!

Windows 7 Ult. x64

More about : exe procedure calls

a b L Programming
June 1, 2010 11:53:49 PM

By "slightly different" what do you mean? I'm not a windows developer but I think as long as the functions have the same signature (return type, name, parameters), it should still link since DLLs are dynamic.
June 2, 2010 5:23:47 AM

Well here's the short version --> I'm making an undistributable patch for a program someone else made (forget the copyright stuff lolz, I've cleared it and I'm following the EULA). The patched DLLs are mainly the same, they just have a few different lines of procedure calls in them. For example 2 or 3 are added/deleted to each DLL, and a few are rewritten.

As a result, the entire import section of the executable needs to change, so that it lines up and each DLL can be properly called. Here's an example:

?get@iterator@ConfigParser@@QBE_NAAM@Z

might be slightly changed to

?get@iterator@Config@@QBE@Z@@I@E

Unless I change the imports of the executable to match that new revised call, it'll just tell me


The procedure entry for "?get@iterator@ConfigParser@@QBE_NAAM@Z" could not be found in "blank.dll", because it no longer exists in the DLL it's looking for.

Get what I mean?
Related resources
a b L Programming
June 2, 2010 1:59:45 PM

Beside the signature I'm not quite able to decode, can you tell me exactly what was changed in the method itself (return type, name, parameter,...)? The thing is I'm not quite sure how .exe are compiled, my fear is that the file uses some kind of explicit addressing internally so adding or removing bytes could screw-up the whole thing. Maybe someone with more low-level knowledge could help.
June 2, 2010 5:41:16 PM

I'm just using examples here. I could paste the 2..3.. maybe 5 or more revisions to each DLL that's been made, compared to the older files. But with something like 5 API Name revisions per DLL, and a little over 50 DLL files in total, I'm not sure you'd want me listing 250+ lines of code haha.

I can't quite seem to explain the situation unless people were able to look at my screen I guess, so I'm trying really hard to put it into words. I'll give it 1 more go and I'll be as specific as possible here:

I have an installed program that I'm trying to patch. The patch is for a slightly different version of my program though.

The patch, replaces about 52 DLLs, the main executable, and adds a new DLL. I can NOT have this new DLL it adds running on my system. It'll instantly crash the program. This keeps me from just replacing the DLLs, adding the new exe, and going.

I need to either replace the DLLs, keep my original exe, and then edit it's import table to match that of the patched exe, or remove this bad DLL from its tie ins to the new/patched executable, so I don't have to redo the import table of MY exe.

If I just replace the DLL files I want, and leave the executable how it is, I'll get something that looks like this:


Because like I said, some of the API names in the new patched DLLs export tables was changed, and the way it's API's are called need be changed.

Here's an example:

[Original Program]
hello.exe | world.dll | Unrelated Folders

[Patch]
PATCHEDhello.exe | world.dll | bad!.dll


The world.dll file used to have an export table that looked like this:

Ordinal 001 RVA 00001690 Offset 00001690 Function Name ??0ModelTimeQuantizer@@QAE@XZ

And now has an export table that looks like this:

Ordinal 001 RVA 00002012 Offset 00002012 Function Name ??0ModelTimeNEWCODE@@QAE@NEWCODE


Likewise, in the PATCHEDhello.exe, the import table section of world.dll has the revision made to it as well.

!