There seems to be a bug in Thegun. It is triggered when it's main window receives a message > 1024, for example a custom window message obtained with RegisterWindowMessage. In theory, all window procedures should handle all messages, and make no assumptions about the kind of messages it can receive.

I have found that, apparently, explorer.exe registers it's own messages and broadcasts them to all windows in some circumstances (in my case, when I open any folder for browsing; I have Win98 and IE 5.0).

This bug causes Thegun.exe to execute arbitrary code. I think it could be caused by a bug in it's main window message dispatcher (see this post for more details).

I'm attaching here some code to trigger this bug. Other apps besides Thegun could have this bug, so be careful.
Posted on 2003-06-30 11:46:43 by QvasiModo
This is a screencap of gobug of the code that causes the bug in Thegun.
Posted on 2003-07-02 10:22:57 by QvasiModo
QvasiModo,

I did answer the question elsewhere but it is not a bug in the code, the code in fact does not handle messages above 1024 so it will crash if another app uses the HWND_BROADCAST format. When I get time I will rewrite that part to handle the external message. It does not internally use messages above 1024 so it was not an obvious problem at the time of writing.

Regards,

http://www.asmcommunity.net/board/cryptmail.php?tauntspiders=in.your.face@nomail.for.you&id=2f46ed9f24413347f14439b64bdc03fd

LATER : This is what it takes to fix it.


cmp uMsg, 1023
jle @F
ret
@@:

This code before the dispatch code ensures that no message about 1023 is processed.
Posted on 2003-07-02 22:01:18 by hutch--
Thanks for answering my question. I hope you can fix Thegun soon, because I can't use it since it crashes every time an explorer or IE window opens. :(
Regards
Posted on 2003-07-03 13:12:32 by QvasiModo