CONTEXT_FULL flag is not set, ZERO is obviously incorrect
mrgone,
In case you have SoftIce, load it (ctrl-d) and type
GDT to display ALL selectors.
I doubt you can find selector 0000.
In case you have SoftIce, load it (ctrl-d) and type
GDT to display ALL selectors.
I doubt you can find selector 0000.
Wish I did have soft ice. They want about a grand for it don't they?
Jmp Far f000:FFF0 worked in 16bit
I keep getting Email that someone responded but when I go to link I just see my reply.....lol. You know there are several back doors. I'm just getting into this MASM32 stuff myself. These guys have made it possible for us to program Windows with our crude low level methods of programming. But as far as "jmp" goes I don't have alot of time to get into problem right now but a suggestion would be that if the jump instruction is not supported in MASM then put some NOP's in your program. Then open the EXE file with DOS "DEBUG" and machine code the instruction yourself. Make sure you have all the litterature on COFF / PE file particulars.
First I just did: mov eax,cs and I got "1b"
then I used thid code and got "1b" again
DisplayAllRegs:
pushad
mov context.ContextFlags, CONTEXT_FULL
invoke GetThreadContext,pi.hThread, addr context
invoke wsprintf, addr buffer, addr displayregs,context.regCs,context.regDs,context.regEs,context.regSs,
context.regEax,context.regEbx,context.regEcx,context.regEdx,context.regEip,context.regEsp,context.regEbp,
context.regEsi,context.regEdi,context.regFs,context.regGs,context.regFlag
invoke MessageBox,0, addr buffer, addr AppName, MB_OK+MB_ICONINFORMATION
popad
ret
I do have a problem I've been looking into where after CreateProcess I'm supposes to have full thread access but after a the first single step operation it does not set the Eip to the child process like it does in Win98. Trying to figure out why.
then I used thid code and got "1b" again
DisplayAllRegs:
pushad
mov context.ContextFlags, CONTEXT_FULL
invoke GetThreadContext,pi.hThread, addr context
invoke wsprintf, addr buffer, addr displayregs,context.regCs,context.regDs,context.regEs,context.regSs,
context.regEax,context.regEbx,context.regEcx,context.regEdx,context.regEip,context.regEsp,context.regEbp,
context.regEsi,context.regEdi,context.regFs,context.regGs,context.regFlag
invoke MessageBox,0, addr buffer, addr AppName, MB_OK+MB_ICONINFORMATION
popad
ret
I do have a problem I've been looking into where after CreateProcess I'm supposes to have full thread access but after a the first single step operation it does not set the Eip to the child process like it does in Win98. Trying to figure out why.