Hello,

I have the following problem:

When decompiling an executable with IDA pro i noticed the classes and member functions were also showing (exe was compiled with vc6). What i would like to do is call these member functions from another process (and get the return values). I can inject a dll into the running process, but then i can only call winAPI functions and not the member functions. So is this even possible?

Dunno how it got the class & function names but guess it was compiled in debug mode.

Maybe you're able to parse the debug info (maybe a pdb file) and get the function adresses...

but guess it was compiled in debug mode.

I think you guessed right. The pdb file should contain all debug info, or at least contain a path to the orig source, but I rather think that the names are directly in that file.

As far as i can tell it is a release build, but it is not protected or packed. So basically there is no way to call those functions?

Sure there is a way. Just write down the addresses where the victim function begins and call that address from your injected library.

What i would like to do is call these member functions from another process (and get the return values)

If I'm not mistaken you can do this with PaiMei.

http://paimei.openrce.org

I remember seeing something like that in this demo

http://www.archive.org/details/Pedram_Amini_PaiMei_and_the_Five_Finger_Exploding_Palm_RE_Techniques

You just need to know some Python

Yeah, i figured it out LOL. Just have to be careful with the function call types. thx 4 the help