Dynamic Log ESP EBP
Dynamic Log ESP EBP is an advanced technology which invented by the founder of Dll Decompiler in February 2017. It can log the ESP and EBP values to identify all used function arguments and local variables automatically. What you need to do is just run the software then the logger will log all the ESP and EBP values. Then with the ESP EBP log, DFA can identify all the function arguments and local variables which have been used.
How to identify all used function arguments and local variables
Open the DLL file with
DLL to C, check the option "
Disassemble the code section", and select the Disassemble Mode "
Disassemble with Complete Structure Mode". Then click the button "
Start Convert".
When the conversion is complete, DLL to C will generate a dfa file. Open the dfa file with DFA.exe. Click the "
Build Options" button, make sure the option "
Log ESP EBP" is checked. Then click the button "
BUILD CODE" to build the code of the DLL.
With the output code, you can create a new DLL to replace the original DLL. Or you can just call the output code in your VC project. In a suitable location, call the output log function
Win32Dll_OutputEspEbp to output the ESP EBP Log.
Run the software or just invoke the code in your VC project, then
Win32Dll_OutputEspEbp will output the ESP EBP Log which contains the ESP EBP values.
Open the dfa file again, click the menu "
File", then click "
Import ESP EBP Log", and open the file "
Win32Dll_EspEbp.txt". And then click the "
BUILD CODE" button again to rebuild the code. The new code will contain all the function arguments and local variables which have been used.
You can find this sample in the directory "
FullVersion\CompleteStructureMode\ExportAllFunctions\TestWin32Dll" of
DLL to C.
