Functions within a Dll

Google "semcomn.dll" gives you a number of places to download the file.
I use this one -- hxxp://203.64.35.73/OFFICE10/SHAREPT/SQL/X86/BINN/ .
It seems to be a part of SQL server that comes with Office 2000, anyway
it's somewhat old, 1998 or 1999. Search "semcomn.lib" or "semcomn.h" yields
nothing, so the best way is IDA. In fact functions Encrypt() and Decrypt()
are fairly short, I'll list them below.

BTW, where is SOLAR's attachment?

Here is an attached text file of IDA disassembly of semcomn.dll!Encrypt()

Here is an attached text file of IDA disassembly of semcomn.dll!Decrypt()

Look for those arg_0, arg_4 ... they are the parameters passed to the
functions. So Encrypt() has 3 arguments and Decrypt() has 4. You can
read the assemblies directly, it's not very hard, but the two functions
all call some other subroutines.

To build a test program, you need more than just semcomn.dll due to
dependencies. This is what I downloaded

08/24/2004 14:45 90,112 SEMCOMN.DLL
08/24/2004 15:26 24,576 SQLRESLD.DLL
08/24/2004 15:30 147,456 SFC.DLL
08/24/2004 15:35 364,544 SQLGUI.DLL
08/24/2004 15:37 32,768 W95SCM.DLL
08/24/2004 15:38 94,208 SQLSVC.DLL
6 File(s) 753,664 bytes

08/24/2004 15:43 53,248 SQLGUI.RLL
08/24/2004 15:43 24,576 SQLSVC.RLL
08/24/2004 15:44 24,576 SFC.RLL
08/24/2004 15:44 24,576 SEMCOMN.RLL
4 File(s) 126,976 bytes

Then create two programs, here called en.c and de.c

Code:

C:>type en.c

#include <stdio.h>
#include <windows.h>

#define PlainStr "This is a test."

int main(int argc, char * argv[])
{
  BYTE Buff[100];
  FARPROC pEncrypt;
  HINSTANCE hSEMCOMN;
  DWORD dwSize, i;

  hSEMCOMN = LoadLibrary("SEMCOMN.DLL");

  if (hSEMCOMN != NULL)
  {
    pEncrypt = GetProcAddress(hSEMCOMN, "Encrypt");

    if (pEncrypt != NULL)
    {
      dwSize = sizeof(Buff);
      (pEncrypt)(PlainStr, Buff, &dwSize);

      printf("EncStr: ");
      for(i = 0; i < dwSize; i++)
        printf("%c", Buff[i]);
      printf("\n");

      printf("EncStr: ");
      for(i = 0; i < dwSize; i++)
        printf("%x ", Buff[i]);
      printf("\n");
    }
  }

  if (hSEMCOMN)
    FreeLibrary(hSEMCOMN);

  return 0;
}

C:\>type de.c

#include <stdio.h>
#include <windows.h>

#define EncStr1 "\x5b\x06\x86\x01\x26\x7b\xfd\x79\
\x21\x73\xe2\x48\x8f\x79\x8e\xbb\xb4\x2d\xb6\xbb\
\xf2\xe7\x99\x62\xba\x58\x91\xc9\x04\xca\x79\x33"

#define EncStr2 "\x7c\x3b\x57\x65\xee\xe0\x7c\x11\
\x3a\x5a\xe0\x41\xf8\xa3\x21\x16\x63\xb8\xf6\xbe\
\xf7\xd6\xfd\x3f\xb5\x19\x4b\xbe\x6b\xc0\xd9\x53"

int main(int argc, char * argv[])
{

  BYTE Buff1[100], Buff2[100];
  FARPROC pDecrypt;
  HINSTANCE hSEMCOMN;
  DWORD dwSize1, dwSize2, i;

  hSEMCOMN = LoadLibrary("SEMCOMN.DLL");

  if(hSEMCOMN!=NULL)
  {
    pDecrypt = GetProcAddress(hSEMCOMN, "Decrypt");

    if(pDecrypt!=NULL)
    {
      dwSize1 = sizeof(Buff1);
      dwSize2 = sizeof(Buff2);
      (pDecrypt)(EncStr1, sizeof(EncStr1), Buff1, &dwSize1);
      (pDecrypt)(EncStr2, sizeof(EncStr2), Buff2, &dwSize2);

      printf("PlainStr1: ");
      for(i = 0; i < dwSize1; i++)
        printf("%c", Buff1[i]);
      printf("\n");

      printf("PlainStr2: ");
      for(i = 0; i < dwSize2; i++)
        printf("%c", Buff2[i]);
      printf("\n");
    }
  }

  if (hSEMCOMN)
    FreeLibrary(hSEMCOMN);

  return 0;
}

Here are the results

Quote:

C:\>cl en.c
Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 13.10.3077 for 80x86
Copyright (C) Microsoft Corporation 1984-2002. All rights reserved.

en.c
Microsoft (R) Incremental Linker Version 7.10.3077
Copyright (C) Microsoft Corporation. All rights reserved.

/out:en.exe
en.obj

C:\>en.exe
EncStr: [♠å☺&{²y!s��HÅyÄ�[��-�f�[�ݦ�Öb�UXæ�X♦�my3
EncStr: 5b 6 86 1 26 7b fd 79 21 73 e2 48 8f 79 8e bb b4 2d b6 bb f2 e7 99 62 ba 58 91 c9 4 ca 79 33

C:\>cl de.c
Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 13.10.3077 for 80x86
Copyright (C) Microsoft Corporation 1984-2002. All rights reserved.

de.c
Microsoft (R) Incremental Linker Version 7.10.3077
Copyright (C) Microsoft Corporation. All rights reserved.

/out:de.exe
de.obj

C:\>de.exe
PlainStr1: This is a test.
PlainStr2: s e c u r i t y

It should be quite straight-forward. Note EncStr1 in de.c is the output of
en.exe, and EncStr2 comes from SOLAR's original code. The first output of
en.exe is distorted because of HTML char settings, but the second is fine.
Run it yourself and you'll see.

[EDIT JMI: truth- You were trying to be and were very helpful for solar, but we really do not need pages and pages of IDA printout displayed on the forum, nor should you post four posts in a row. I've consolidated your posts and made the IDA printouts text attachments. If this was a discussion of more general nature, rather than about this one dll, it might have been more appropriate to leave all that code, but it is better to use attached text files.]

[SOLAR]

Thank u everyone for ur assistance esp u truth.

I got the code work. . Initially I tried compiling the source with M$ VC++ compiler and it gave errors..However compiling the same source with another compiler line GCC or other it works perfectly...Apparently this is a problem with M$'s compiler...it's unable to handle ESP.


Thanx again everyone!

Problem solved...thread closed(on my side)

��OLAR