I'm not looking for the addCommand() method to call, I'm looking for its parameters. Surely they are stored in the arx file.
I tried to move code from the console app to an AutoCAD plug-in with hoping the AutoCAD host will automatically wire all native assemblies. But it still does not work know, and crashes out AutoCAD. I think to keep working more on it to learn some new things, even it may not work :-(
About C++ disassembly tools, I did install some searched programs and nothing may help to crack C++ code at this moment. We somewhat just want to crack the parameters passed-in in a C++ function.
Tools like dumpbin.exe and Dependency Walker for sure are really helpful for developers, to find all C++ unsafe functions and native dependencies. However, ARX commands are still invisible when using those tools. It is interesting if we can hack the box of unmanaged calls in the world of managed .NET.
I played a little with disassembling tools (PEViewer and pe_view) and you can see the acrxEntryPoint() and acrxGetApiVersion() dissasemblies.
I can also see the command strings in the string table, so theoretically we can get the string addresses from the method instructions (I say theoretically because I don't know how to do it in practice)
It's also interesting to notice the differrence between acrxGetApiVersion() for Acad14 (just 2 instructions: mov eax 0x000e0000; ret) and Acad2004 (quite a few instructionsfor returning a simple int).
What do you think about the possibility of loading a fake dll containing the methods acrxEntryPoint calls?. If we can do that; we can intercept the call, get the string arguments and do nothing else.
ARX or native assembly is C++ machine code and it links to the names of other dependent DLLs. I still don’t know if it will work if we replace the real DLL with the fake DLL (with the same name). If it just references to the name, not any other info of manifest, it may be ok.
I am not sure if acad.exe is the native assembly that contains all sub method calls inside acrxEntryPoint() or not. The Dependency Walker tool may tell acad.exe is the suspected candidate. If it is, we have to create a new "fake" acad.exe which has only needed methods to retrieve AutoCAD command strings. Then we need to use VS to create a new C++ application for this fake acad.exe. It is similar to the way Autodesk create AutoCAD 2013 Core Console (accoreconsole.exe) to run command-line only AutoCAD without GUI. I wish to have the C++ source code of accoreconsole.exe to learn how AutoCAD 2013 work without GUI, how to load native assemblies.
Since we don’t know how the code (C++) of AutoCAD 2013 Core Console works, to write a similar console app to reference AutoCAD assemblies, the new idea is to learn how to use it. I guess we can use accoreconsole.exe to load an ARX file, then try to find loaded command names from this ARX. So don’t be afraid to try a new thing as we can learn from our failure.