Can you derive the function declaration from the output of the following command DUMPBIN /SYMBOLS command ? I ran this command as follows: DUMPBIN /SYMBOLS libinfinityhook.lib and got the following from the dump:
IfhInitialize@@YAJP6AXIPEAPEAX@Z@Z (long __cdecl IfhInitialize(void (__cdecl*)(unsigned int,void * *)))
What would the function declaration of the above output be ? Perhaps something like the following:
NTSTATUS IfhInitialize(
_In_ INFINITYHOOKCALLBACK InfinityHookCallback);
assuming the following typedef:
typedef void (__fastcall * INFINITYHOOKCALLBACK)(_In_ unsigned int SystemCallIndex, _Inout_ void** SystemCallFunction);
Microsoft Visual Studio comes with a utility called undname.exe which will reverse most decorated names into undecorated names.
GNU Binutils has c++filt which will do the same for GCC name mangling.
LLVM has llvm-cxxfilt the symbol name demangler, which is compatible with GNU Binutils c++filt because LLVM and GCC use the same name mangling scheme.
On a related note, in process, Boost demangle allows undecorating symbol names from the typeid name(). Keeping in mind that the typeid name() is not dictated by the C++ standard, rather is compiler specific. So it is not portable, and not suitable for cross-platform serialization/deserialization. Alas.