Question
Could you tell me a way to debug an export function of a DLL with specific arguments through rundll32.exe using IDA pro?
rundll32.exe calls an export function with unintentional arguments.
Detail
I used following settings in process options to debug a 32bit DLL in Windows10(x64).
Application: C:\Windows\SysWOW64\rundll32.exe
Input file: C:\Users\xxxx\AppData\Local\Temp\92D7.dll
Directory: C:\Users\xxxx\AppData\Local\Temp
Parameters: C:\Users\xxxx\AppData\Local\Temp\92D7.dll, abc arg1 arg2
After starting debugging, I can see the arguments passed from rundll32 in the stack.
1st arg: Window handler return from CreateWindowExA()
2nd arg: BaseImage of the DLL
3rd arg: Pointer to "arg1 arg2"
4th arg: Size of "arg1 arg2"
That's why, the export function is called as below.
abc(hwnd, baseImage, "arg1 arg2", sizeof("arg1 arg2"));
I'd like to know how to call it as the following.
abc("arg1", "arg2");
I will compile a simple binary to call it as above if there's no way through rundll32.