Thursday, March 22, 2007


It's Ayumi Hamasaki's latest album. The defining song of the album is also called `secret', as the ending theme for the movie Confession of Pain. I quite agree with this review. It is so emotional and beautiful. Many thanks to admire for explaining the lyric since I've no idea about Japanese:-)
それ违う少女达 眩しくて目をそらした
无邪気なままの 子供のような

暗暗の向こう侧 光射す场所を求め
ひとつ残った 翼広げても


飞ぶ事に疲れても 羽下ろす勇気もない
もしも愿いが ひとつ也叶うなら


As what Ayu's singing,
Even now, I am as always
Searching for a place to be
I wish at least
You could feel my feelings
There is nothing else I'd rather have

Monday, March 19, 2007

Wrap Vararg Functions

In my mind to wrap a vararg function I have to call its corresponding v-function (e.g. printf and vprintf). For those functions that do not have such counterparts, I intended to use Zhenyu's assembly code to inspect the stack. Last weekend when looking into cURL's source code, I found out that using the va_arg macro and passing the resulting pointer directly to vararg functions worked quite well. It's so easy! Phew!

Monday, March 12, 2007


Two rejections in one week, isn't it perfect?

At least I can listen to Beyond, the band I've been loving since I was a kid. Even Ka-Kui has passed for over ten years, their songs are still uniquely encouraging, inspiring and giving hope to us.

Some things never change, but some things do.

Thursday, March 01, 2007

Hook Unexported Functions

PDB files provide a simple approach to locate and hook unexported functions, especially for those static-linked functions, and usually they can be easily obtained in addition to pre-built release files (e.g. Apache, PHP, Subversion). Moreover, I'm lazy and do not want to modify and recompile a large project such as Subversion to export some internal API functions just for instrumentation. DIA provides a group of convenient interfaces though it is COM:-)

There are some pitfalls as well. First, remember to call the method ISession::put_loadAddress to set the base address of a module before any other invocation, otherwise retrieved function addresses would be invalid. Besides, the documentation of GetModuleInformation which can be used to get the base address of a module is wrong: providing NULL for the first parameter hProcess for current calling process, as is described in MSDN, leads to unexpected failure. Use INVALID_HANDLE_VALUE(-1) or GetCurrentProcess() instead.