hi !
I have written a little app, but when the key engine (run's in a thread) is start it crash's after 15 seconds.
I use a PIII 667 mhz / 256MB - Win98 SE

what do the app:
read a encoded key (string) from the registry ( is the key not pressent it use a default one).the key is a product from the software 'WinControl99' used a simple algo to encode the password. a random char routine (not finnish now) calculat's password's and encode the password used the algo from WinControl99, then compare the coded one with the one from the registry. if the strings are equal the routine stop. i think the problem is the thread but im not sure. the not finished random char call is ok,
when I run the app without this routine (used a fixed string) I have the same result.

can any one help my ?
thanks for all help
sorr for my poor english and all mistakes!

the code :

.386P
.model flat,stdCALL
option casemap:none
DlgProc PROTO :DWORD,:DWORD,:DWORD,:DWORD
include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc
include \masm32\include\masm32.inc
include \masm32\include\advapi32.inc
includelib \masm32\lib\advapi32.lib
includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\masm32.lib


.const
TIMERID equ 1
ICONA equ 100
IDE_PERMIN equ 1000
IDE_PASSW equ 1001
IDE_KEY equ 1002
IDE_KEYS equ 1003
IDC_RUNE equ 2000
IDC_STOPE equ 2001
IDC_EXIT equ 2003


.data
count_ dd 0
stop_flag dd 0
DlgName db "KEY",0
hkey dd 80000002h
wico99 db "Software\Salfeld",0
pass_w db "ID",0
valuetyp dd 1
space db " ",0
slash_ db "/",0
minus db "-",0
fmat_s db "%lu",0
qkey_len dd sizeof qkey_
def_key db "265-78/26456",0 ; default coded password "Win32"


.data?
hthread dd ?
hWnd_ dd ?
hInstance dd ?
ethread dd ?
keynumber dd ?
hkey_ dd ?
hpassw dd ?
hicon dd ?
pKey dd ?
Disp dd ?
random_size dd ?
summ_ dd ?
calc_keys db 10 DUP (?)
qkey_ db 60 DUP (?)
space_1 db 20 DUP (?)
space_2 db 20 DUP (?)
space_3 db 20 DUP (?)
space_4 db 20 DUP (?)
space_5 db 20 DUP (?)
space_6 db 20 DUP (?)
end_str db 20 DUP (?)
output_k db 35 DUP (?)
random_string db 35 DUP (?)
stime SYSTEMTIME <?>


.code
start:
push 0
CALL GetModuleHandle
mov hInstance,eax

push 0
push offset DlgProc
push 0
push offset DlgName
push hInstance
CALL DialogBoxParam

ret


;######################################################################################

DlgProc proc hWnd:HWND, uMsg:UINT, wParam:WPARAM, lParam:LPARAM
push hWnd
pop hWnd_
cmp uMsg,WM_CLOSE
je wmdestroy
cmp uMsg,WM_COMMAND
je wmcommand
cmp uMsg,WM_INITDIALOG
je initdig
cmp uMsg,WM_TIMER
je check_number
xor eax,eax
ret




wmcommand:
cmp wParam,IDC_EXIT
je wmdestroy
cmp wParam,IDC_STOPE
je stopkey
cmp wParam,IDC_RUNE
je startkey
xor eax,eax
ret




check_number: ; all 10 second's
mov eax,keynumber
push eax
xor eax,eax
mov keynumber,eax
push offset fmat_s
push offset calc_keys
CALL wsprintf

push offset calc_keys
push IDE_PERMIN
push hWnd
CALL SetDlgItemText

xor eax,eax
ret





stopkey:
inc stop_flag

push IDC_STOPE
push hWnd
CALL GetDlgItem
push 0
push eax
CALL EnableWindow

push IDC_RUNE
push hWnd
CALL GetDlgItem
push 1
push eax
CALL EnableWindow
xor eax,eax
ret




wmdestroy:
push 0
CALL ExitProcess
xor eax,eax
ret




initdig:
push ICONA
push hInstance
CALL LoadIcon
mov hicon,eax

push eax
push ICONA
push WM_SETICON
push hWnd
CALL SendMessage

push offset Disp
push offset pKey
push 0
push KEY_ALL_ACCESS
push 0
push 0
push 0
push offset wico99
push hkey
CALL RegCreateKeyEx

push offset qkey_len
push offset qkey_
push offset valuetyp
push 0
push offset pass_w
push pKey
CALL RegQueryValueEx ; passwort from registry !

push pKey
CALL RegCloseKey

lea eax,qkey_
cmp dword ptr,0
je not_installed ; not installed ? default key

push offset qkey_
push IDE_KEYS
push hWnd
CALL SetDlgItemText
jmp install_ok

not_installed:
push offset def_key ; default key "Win32"
push IDE_KEYS
push hWnd
CALL SetDlgItemText

install_ok:
push IDE_KEY
push hWnd
CALL GetDlgItem
mov hkey_,eax

push IDE_PASSW
push hWnd
CALL GetDlgItem
mov hpassw,eax

mov random_size,5
xor eax,eax
ret





startkey: ; start key engine
push IDC_RUNE
push hWnd_
CALL GetDlgItem
push 0
push eax
CALL EnableWindow

push IDC_STOPE
push hWnd
CALL GetDlgItem
push 1
push eax
CALL EnableWindow

lea eax,keythread
push offset hthread
push 0
push 0
push eax
push 0
push 0
CALL CreateThread

push hthread
push offset ethread
CALL GetExitCodeThread ; save threads exit code
xor eax,eax
ret


ret
DlgProc endP


;##############################################################################################

keythread proc

push 0
push 10000
push TIMERID
push hWnd_
CALL SetTimer

calc_:
inc keynumber
cmp stop_flag,0
je ok_go_
mov stop_flag,0

push TIMERID
push hWnd_
CALL KillTimer

push ethread
CALL ExitThread
xor eax,eax
mov keynumber,eax
ret

ok_go_:
CALL rand_char

lea esi,random_string
mov ecx,random_size
xor eax,eax
mov summ_,eax

generate: ; decode the random passwort
mov edx,summ_
lodsb
add edx,eax
imul edx,3
mov summ_,edx
dec ecx
cmp ecx,0
jne generate

imul edx,4
imul edx,2
mov summ_,edx
sub edx,1234

push edx
push offset fmat_s
push offset space_2
CALL wsprintf

lea esi,space_2
lea edi,end_str
mov ecx,5
rep movsb

push summ_
push offset fmat_s
push offset space_6
CALL wsprintf

lea esi,space_6
lea edi,space_3
movsb
movsb
movsb

push offset minus
push offset space_3
CALL lstrcat

push offset space_3
CALL lstrlen

lea edi,space_3
add edi,eax
push edi

lea esi,space_3
lea edi,space_4
movsb
movsb

push offset space_4
CALL atodw
imul eax,3
pop edi

push eax
push offset fmat_s
push edi
CALL wsprintf

push offset slash_
push offset space_3
CALL lstrcat

push offset space_3
push offset output_k
CALL lstrcat

push offset end_str
push offset output_k
CALL lstrcat

push offset output_k
push 0
push WM_SETTEXT
push hkey_
CALL SendMessage

push offset random_string
push 0
push WM_SETTEXT
push hpassw
CALL SendMessage

push offset output_k
push offset qkey_
CALL lstrcmp
cmp eax,0
jne clear_buffers
mov stop_flag,1

clear_buffers: ; clear all buffer's
lea edi,space_1
mov ecx,210
xor al,al
rep stosb

jmp calc_

keythread endp


;#########################################################################################

; the routine is not finish, now return's only a string between 3 and 10 bytes length filled with
; chars from 'a' - 'z'
; I have the app testet without this call, used a fixed string eg. 'win32asm' but it crash's to !

rand_char proc

.if random_size==10
mov ecx,9
.elseif random_size==9
mov ecx,8
.elseif random_size==8
mov ecx,7
.elseif random_size==7
mov ecx,6
.elseif random_size==6
mov ecx,5
.elseif random_size==5
mov ecx,4
.elseif random_size==4
mov ecx,3
.elseif random_size==3
mov ecx,10
.endif

mov random_size,ecx
mov count_,ecx
lea edi,random_string


@@1:
push offset stime
CALL GetLocalTime
mov ax,stime.wMilliseconds
@@2:

.if al>=97 && al<=122
stosb
dec count_
.elseif al>=122
sub al,27
jmp @@2
.elseif al<=97
add al,19
jmp @@2
.endif

cmp count_,0
jne @@1
ret
rand_char endp

END start



rsrc.rc:

#include "\masm32\include\resource.h"
ICONA ICON "key.ICO"
#define IDC_STATIC -1
#define ICONA 100
#define IDE_PERMIN 1000
#define IDE_PASSW 1001
#define IDE_KEY 1002
#define IDE_KEYS 1003
#define IDC_RUNE 2000
#define IDC_STOPE 2001
#define IDC_EXIT 2003





KEY DIALOGEX 0, 0, 199, 120
STYLE DS_ABSALIGN | DS_MODALFRAME | DS_SETFOREGROUND | DS_3DLOOK | DS_CENTER |
WS_POPUP | WS_VISIBLE | WS_CAPTION | WS_SYSMENU
EXSTYLE WS_EX_CLIENTEDGE | WS_EX_STATICEDGE
CAPTION "key"
FONT 8, "MS Sans Serif"
BEGIN
PUSHBUTTON "Stop Engine",IDC_STOPE,126,35,58,12
PUSHBUTTON "Exit",IDC_EXIT,126,51,58,12
EDITTEXT IDE_PASSW,12,89,86,14,ES_CENTER | ES_READONLY
GROUPBOX "Passwort",IDC_STATIC,6,78,100,30
GROUPBOX "Calculated key...",IDC_STATIC,6,42,100,30
EDITTEXT IDE_KEY,12,53,86,14,ES_CENTER | ES_READONLY
PUSHBUTTON "Start Engine",IDC_RUNE,126,19,58,12
EDITTEXT IDE_KEYS,12,17,86,14,ES_CENTER | ES_READONLY
GROUPBOX "Wico99 coded key...",IDC_STATIC,6,6,100,30
GROUPBOX "Calculated key's (10sec)",IDC_STATIC,112,78,84,31
EDITTEXT IDE_PERMIN,127,89,47,12,ES_AUTOHSCROLL | ES_READONLY
END
Posted on 2001-10-14 15:57:40 by Marcello
wsprintf uses 'C' calling convention.
(All any other Win32 API functions use 'STDCALL' calling convention except wsprintf.)

So, you should restore stack frame pointer value.
Try this:

push ???
push ???
push ???
call wsprintf
add esp,(4*x) 'x' is the number of pushed arguments.

But, If you use 'INVOKE',
This is done by your MASM assembler. (Very easy!)
Posted on 2001-10-14 19:35:49 by nyam
hi nyam !

I have restored the stack after all wsprintf calls, and now it work's fine !

thank's for your help !
marcello.
Posted on 2001-10-15 05:15:40 by Marcello
marcello, why are you using manual pushes and call instead of the
nice feature of masm, invoke? It looks cleaner, it takes up less code
lines, you don't have to worry about pushing in reverse order...
and you avoid stupid bugs and mistakes like the one you just had.
Posted on 2001-10-15 13:25:28 by f0dder
happy birthday f0dder !

ok using invoke it's the better way, but the old method is in my brain ;-)
for my next work i use invoke !

marcello.
Posted on 2001-10-15 15:59:47 by Marcello