progress report iii

Gepostet am: Aug 08, 2011 10:49:56 PM

so, here we are. it's been a really productive day...and i'm beginning to learn directdraw by hand. jeez.

anyway, i was sitting in front of this code:

okay, the first call is easy to understand. by looking at the msdn entry for DirectDrawCreate, we learn that the 1st param being 0 means that the DDraw display wil be the current one, and that the 2nd param is a pointer to a pointer... which will be set to the vtable of a IDirectDraw object. nothing unusual here, we've seen that often enough before.

the second call, however, is problematic. we don't have a vtable nor any imports, and tracing the call with the debugger leads us into code areas deep in windows without names. so, we open the file ddraw.h in visual studio and search for "IDirectDraw" until we find the function table (click to enlarge):

theoretically, we're nearly done. practically, one thing is missing (as i don't have the slightest motivation to count the functions in 4-byte sequences)... so we create a new file and place a comment in it:

time to combine the two things together... drag the panel with the comment-file out until you see some strange symbol in the screen center:

drag the panel onto the leftmost button and release it => you created a split-window. by the way, the same trick with a really similar button works also in IDA.

resize the left panel until you can't see anything in it except the green comment and the scrollbar:

rings a bell, am i correct? now scroll the right and/or the left panel until the stuff properly aligns... and you have a perfect offset-reading table!

i'd keep it in decimals however, as IDA will in most cases make the offsets in decimal numbers, too (to switch the IDA display, right-click on the integer and press decimal). our offset was 0x50 or 80... so go to the line and see that the method is called SetCooperativeLevel!

and indeed, the parameters match (and the function is a verbatim copy of various DDraw tutorials, except that the object is not NULLed if SetCooperativeLevel fails!).

always keep yourself one of these offset-tables around, they're a great help.