Hello

I have a problem with a file I put to memory. Under Win95, OK. NT4 SP6/XP : HS.
Ollydbg 1.09 says : C0000008 EXCEPTION (INVALID HANDLE).

I browsed the forum for half an hour, tried the solution given in thread 6236... the same.
I checked the attributes of my file : full rights OK, nothing special... :confused:
I changed my 12 Mb file to a 12 bytes file, the same.

It DOES read the correct filesize, but it puts nothing to memory.
Does anyone have an idea ?
Thx
Posted on 2003-06-02 05:47:22 by valy
source looks well to me :| you should check the alignment of dwBytesWritten and of esp before ReadFile.
Posted on 2003-06-02 07:09:31 by beaster
Thx beaster. All is aligned, though.

Ollydbg shows me there is a crush into the stack.
The place for the handle file (EBP-5C in my case) is crushed when call to GetFileSize, dunno why.
It puts result of GetFileSize exactly at the location of the handle file.
Pb with locals/prototyping (none actually)/??? Still thinking.

***

Hey, it works if I replace :

Mfile2mem proc ;SFILE:DWORD ;INPUT stringfile offset == EAX ;OUTPUT value of Tfp, i.e. mem_offset of LUT file
LOCAL fsz:DWORD
LOCAL Thf:DWORD
LOCAL Tfp:DWORD
LOCAL OFN:OPENFILENAME
LOCAL hfile:DWORD

with

Mfile2mem proc ;SFILE:DWORD ;INPUT stringfile offset == EAX ;OUTPUT value of Tfp, i.e. mem_offset of LUT file
LOCAL fsz:DWORD
LOCAL Thf:DWORD
LOCAL Tfp:DWORD
LOCAL hfile:DWORD
LOCAL OFN:OPENFILENAME ;<== !!!

Luck ? LOCAL does not support STRUCT, or my syntax is erroneous ? Anyway why does it work with Win95 ?!?

***
Posted on 2003-06-02 07:43:38 by valy
option PROLOGUE:none


And the locals are set up how?

Mirno
Posted on 2003-06-02 12:21:39 by Mirno
My standards are these :

.686P
.mmx
.xmm
.model flat, stdcall
option casemap:none ; case sensitive ;all ;case insensitive
option prologue:none
option epilogue:none
option dotname

I do not initialize any locals.
Posted on 2003-06-03 02:39:31 by valy
You seem to have missed the point somewhat.
The default prologue performs two functions, firstly it sets up a stack frame, this means that ebp can be used to reference locals, and arguments to the function itself. Secondly it subtracts an appropriate value from esp to provide space for any local variables declared within the function.
By disabling the prologue macro, you have stopped both of these functions taking place, and subsequent accesses to these variables will result in errors.

MASM still assembles the code as if the prologue had been implemented.
In essence the local directive is as follows:


MyProc PROC
locals_size = 0
; LOCAL a:DWORD
a EQU DWORD PTR [ebp - 4]
locals_size = locals_size + SIZEOF(DWORD)

...
add esp, - locals_size


If you assemble the code above, and compare it to the actual local implementation, you'll see they are roughly equivelent.

So you fall down on two points:
#1 ebp hasn't been adjusted for the new stack frame (not necessarily a problem).
#2 esp hasn't been adjusted, so pushing anything onto the stack will corrupt local variables.

You may also find that the return address is corrupted by accessing the local variables too.

Mirno
Posted on 2003-06-03 12:30:07 by Mirno