[Failure] I suck at reverse engineering

Hey /prog/, here's my problem. I have a dll with a couple of functions that I'm currently attempting to figure out what they do, but the fact that I seem to be completely lost at this, plus the fact that Windows crap is alien to me and all the tutorials/FAQs/etc I find in Google are all about ``cracking r3gg3d warez appz'' isn't helping. All I have is that dll and an executable that calls functions from that dll. I obviously already have the names of the dll's functions and how many arguments they take for all but one function (OllyDbg's ``Call DLL Export'' was able to guess from the RETNs, but even I could have done that).

A few basic questions:
- Opening the executable directly in OllyDbg doesn't work, I have to launch the program and then attach to the process. Not really a problem, but is this some sort of lame anti-debugging feature or something else?

- In Windows, arguments are passed on the registers, on the stack or what? I'm guessing registers.

- In the main executable, how can I search for calls to the DLL? I can set breakpoints in the DLL's functions, but that doesn't let me see where in the original exe they were called.

- How can I figure out the types a function is expecting/returns (and the number of arguments when there's no RETN at the end)? I realize the answer to this is ``Go read the disassembly, you dumbass,'' but are there any basic pointers that might make this easier?

Basically, any input related to disassembly and reverse engineering that isn't "how 2 insert NOPs 4 n00bz" or "how2make a keygen if upay me enouhg ;)" is highly appreciated.

>>1

1) Most likely the application is calling LoadLibraryA/W on the DLL, to actually bring it into the process space. This isn't an anti-debug feature, it's what normally happens... Try set a breakpoint on LoadLibrary and inspect the arguments in Olly, to see if it's loading your DLL. Speaking about arguments...

2) Arguments are passed on the stack, from right to left. This is true for the "stdcall" calling convention, which all of the Win32 API uses, as well as what is typically (almost always) used for exported functions in dlls.
However, just be aware that there is a calling convention known as "fastcall" whereby the first two arguments are passed in ECX and EDX, with the remaining args passed on the stack.

3) If the function you're reversing has a "normal" stack frame (push ebp; mov ebp,esp; sub esp, XXX), then the function accesses the arguments via [ebp+8], [ebp+C], [ebp+(4N+4)] where N is the number of arguments. Just be aware that this is assuming that the stack frame is not destroyed by the compiler, and that the stdcall convention is being used.