|
Thanks for your reply. But I need to know how to compute this address. Pls let me know if there is any way of computing it.
Is the size of binary after adding any functionality creates any problem? However if I am deleting some function calls from code then there will be no crashing but program will crash as soon as I am adding a single function call. Pls suggest.
jhghjghj
|
|
|
|
|
SNI wrote: But I need to know how to compute this address
Undo all the changes in the code( I mean removing all the newly added functionality ). Debug the code and step in(F11) at the line "Call ECX". At this time if your code has debug information, debugger will display the name of the function at 0402EE0h.
After this, add the new functionalities, find the new address of the function and replace the address in assembly code. How ever if possible try to call this function in normal way. The same problem may again come in the future...
|
|
|
|
|
Thanks for this i am trying for this option. But I want to know whether the same code will work in .Net framwork after conversion. because when I am porting the same code in VC++ .Net then it is crashing. Let me know if addresses that mentioned are going to change or remains same.
Also let me know is there any tool available to find out the new address of function (once we identify the function) after changing binaries. We have multithreaded application and it is difficult to find out function name and their addresses in debug version. We can run debug version get the address but how can we able to find out the same for release version.
jhghjghj
|
|
|
|
|
I am not a .net expert, how ever i think calling a function with hard coded function address will make situation more comlpex. In my understanding , the .net codes are generated at run time. so I guess all the function address will be having dynamic address. Some time, each time you run the exe, the function address may change( I am not sure ). So it will be little diffcult to get it worked in .net environment.
You better get ask some .net experts about the run time compilation in .net. Also isn't it possible to call the function in normal method..?
|
|
|
|
|
No it is not possible to call funcion directly because we need to perform some operations before calling that function.
jhghjghj
|
|
|
|
|
|
The problem is the above assemply code is written in a thread and this thread is gets called on some event has occured.
jhghjghj
|
|
|
|
|
Thats ok. My question is what is it, that prevents you from calling the function as normal function call ?
|
|
|
|
|
Because if we are not able to debug, we are not able to find out what is that function that we need to call. Finding out the right function name for which the address has been passed.
jhghjghj
|
|
|
|
|
I'd expect you'll find the problem to be in the call ecx command.
Basically, this code appears to be designed to call a function that resides in the code segment of your program - I'm more than a little surprised that the address of the function in memory is hard-coded into the function like that - the danger being that the code crashes.
All the code is doing is making a single call to a function, then cleaning up the stack afterwards.
__asm {
; push value of ebx onto stack
Push EBX
; set eax to 1
Mov EAX, 1
; push eax(1) onto stack
Push EAX
; push eax(1) onto stack
Push EAX
; set ecx to 0x402EE0
Mov ECX, 0402EE0h
; call the function at 0x402EE0, with the arguments: 1, 1, whatever_was_in_ebx
Call ECX
; adjust the stack pointer - 'undoes' the 3 push instructions - quicker than 3 pop instructions
Add ESP, 0Ch
; save the result of the call to the memory location 14 bytes past what ebx was pointing to
Mov [EBX + 014h], EAX
}
If you were to comment out the last and 3rd last instructions, this code would no longer crash (though something following it will fail to work, of course)
|
|
|
|
|
I use the wizard to create a new MFC ActiveX control, and debug it with tstcon32.exe.
Just add a simplest method,
VARIANT test(VARIANT & v1,VARIANT & v2,VARIANT & v3);
It leaks memory, why?
logics
|
|
|
|
|
hi
i've just a simple question which i couldn't find anywhere a proper answer for it.
in this function, pNMHDR is reinterpreted to LPNMLISTVIEW as u know. i like to know what's the meaning of the last parameter of this struct. i mean lParam. it says it's the application defined 32 bit value. how can the application define this value? is this the same 32 bit value which is assigned to each item by SetItemData?
thx
|
|
|
|
|
ilostmyid2 wrote: is this the same 32 bit value which is assigned to each item by SetItemData?
Yes.
|
|
|
|
|
A common use for the per-item data is allocating a struct with new and storing a pointer to that struct in the lParam . Then when the item is deleted from the list, you delete the struct.
|
|
|
|
|
Hi,
I have 2 Process which I am using in Client/server Mode
The Client is Dos Console Project The Server is a Windows GUI
I am using Event(s) to Synchronize the Process(s) When I spawn the
Child Process I set bInheritHandles to TRUE
In The Parent Process when I Create the Event i specify an name to
identify the Event in Addition to I set the Security Attributes
structure I set bIheritHandle to TRUE however I set
lpSecurityDescriptor to NULL
Later in the Child Process When I try OpenEvent, using the name
I used to Create The Event to get the the Event handle
NULL is returned
The Only think I can think the I missed is setting the
SecurityDescriptor
Would anyone Know if this neccesary for me to do in Order to
Inherit the Event in the Child Process
Thankx
|
|
|
|
|
ForNow wrote: I used to Create The Event to get the the Event handle
NULL is returned
How did you communicate across process, the details of the event! Event Handles do not cross Process Boundaries as far as I know.
BTW why not read a few books about the subject first!
regards
Bram van Kampen
|
|
|
|
|
ok
thankx for responding
I'll be more specfic If I do a WriteFile using the Async method
Meaning the named pipe was Created with FILE_OVERLAPPED I/O
In The GUI process
Then When the DOS console process does A ReadFile
then isn't hEvent in the Overlapped structure Shared or Inhertted by
both process ???
unless I'm misundertanding The Read/Write File
used by Named Pipes for InterProcess Communication ???
|
|
|
|
|
In the book Windows via C/C++
By Jeffery Richter
In Chap 3 on Kernel Objects
On Page 43 The paragraph titled SHARING KERNEL OBJECTS ACROSS PROCESS BOUNDRIES
These are 3 bullets re: some of the reason to share Kernel Objects
the second bullet mentions named pipes
while the third bullet says events are shared across process boundries for syncronization
guess thats where I got the idea
I could not be understanding why kernel objects are shared by process
|
|
|
|
|
Are you sure your event has been created before opening in the child process? Please ensure using WinObj.
-Sarath.
"Great hopes make everything great possible" - Benjamin Franklin
|
|
|
|
|
I Checked the handle return from CreateEvent
it had a valid Value
I added code to Create Security DisCriptor TO the Create Event
I am going to try that out
The Only thing I am not 100% certin is Whether Readfile And Write
Share/Inherit the same OverLapped.hEvent
Logically it would seem they would
|
|
|
|
|
Did you check the error using GetLastError()? What's the error code/message you're getting?
-Sarath.
"Great hopes make everything great possible" - Benjamin Franklin
|
|
|
|
|
Yes it was 0x002 FILE_NOT_FOUND
Does really make sense ???
|
|
|
|
|
ForNow wrote: Yes it was 0x002 FILE_NOT_FOUND
Does really make sense ???
It should make sense. I strongly believe the event doesn't exist in the system when you tried to open it. So please check the source where the even being created and also check if the application calling "CloseHandle" before spawning the child process.
Debug your client program and just before you open the event, verify whether it exists or not using tools like WinObj.
-Sarath.
"Great hopes make everything great possible" - Benjamin Franklin
|
|
|
|
|
|
I couldn't get anywhere with WinOBJ However I did notice the Handles Column in Task Manager go up by one
When after I executed the CreateEvent
|
|
|
|