Looked into the DLL before, only a little but I wasn't able to figure out the calls being made. Just for example it could be: Code: BOOL GetApplicationInformation( __inLPCTSTR lpAppID, __inDWORD dwType, __outLPTSTR lpBuffer ); I'm not sure if anyones put any time trying to find out the API function calls but without these it's a dead end.
It could result in a few hours of trial and error testing. If you get close the error codes for the function call will start changing too. That example actually has an issue. Its return type would likely be DWORD so that you know how much info was returned... Then again theres a ton of ways a function could be wrote and I'm tired anyway
How could this be used in IORRT if I never check rearms. Would this be a way to see if IORRT would work based on if it had say 0 rearms it would return a error msg? Is that what you mean?
If possible why not set a breakpoint at SLGetApplicationInformation api? http://msdn.microsoft.com/en-us/library/windows/desktop/hh971163(v=vs.85).aspx
Had a look at OSPPREARM.EXE to see if SLGetApplicationInformation is used to return rearm count. It seems SLGetApplicationInformation is not called see code below, maybe upload ospprun.exe?. push eax CALL SLOpen PUSH EAX ; /Arg2 PUSH 2D591190 ; |Arg1 = UNICODE "{59a52881-a989-479d-af46-f275c6370663}" CALL ole32.CLSIDFromString PUSH EBX PUSH EBX LEA EAX,[EBP-14] PUSH EAX PUSH DWORD PTR SS:[EBP-18] CALL SLReArm SLReArm stack Address Value ASCII Comments 0036FEB4 /003F6CB8 hSLC 0036FEB8 |0036FED4 pApplicationId 16 byte return by CLSIDFromString 0036FEBC |00000000 pProductSkuId 0036FEC0 |00000000 dwFlags PUSH DWORD PTR SS:[EBP-18] CALL SLClose
Code: byte[] descBuffer = new byte[4]; GetApplicationInformation allocates a buffer itself. You only need a 32bit unsigned int pointer. ( descSize == 4 bytes ) What does GetApplicationInformation return? ( 0x80070057 == One or more arguments are not valid. )