The following code is an interesting one.
When executed normally, the program displays an annoying Message.'Prgm has performed an Illegal fnctn call'-
But when i,inserted 'int 3 ',and in Soft ICE a 'I3HERE ON', then just go'n with F10.--hey the program really works.!!
Why is so.?What's the Magic go' on when SOFT ICE comes into the picture.
Is that B'cze, Stack and Memory adjustments are done by the SOFT ICE itself...??
Btw,Intention was to create a key in the Registry , for the automatic START UP of the program.
.data


h_regkey DWORD 0
subkey DB "Software\Microsoft\Windows\CurrentVersion\run", 0
subkey_descrp DB "MyRegEntry", 0
CommandLine LPSTR 0

.code
start:
INVOKE RegOpenKeyEx, HKEY_LOCAL_MACHINE, ADDR subkey, NULL,
KEY_ALL_ACCESS, ADDR h_regkey

.IF EAX == ERROR_SUCCESS ;If it is
int 3
;we look for the subkey, ("MyRegEntry")
INVOKE RegQueryValueEx, h_regkey, ADDR subkey_descrp, NULL, NULL, NULL, NULL

.IF EAX == ERROR_SUCCESS ;If it does exist
Invoke MessageBoxA,0,offset szMSG, offset szTitle, MB_OK ; Display Any thing......
.ENDIF

;Create the Registry Key.
Invoke RegCreateKeyEx, HKEY_LOCAL_MACHINE, ADDR subkey, NULL, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, ADDR h_regkey, NULL

;Get the App path & SET it into REGISTRY.
INVOKE GetCommandLine
MOV CommandLine, EAX
INVOKE lstrlen, CommandLine

INVOKE RegSetValueEx, h_regkey, ADDR subkey_descrp, NULL, REG_SZ, CommandLine, EAX

;The key is closed
INVOKE RegCloseKey, h_regkey
.ENDIF
Invoke ExitProcess,0
Posted on 2003-10-29 12:14:23 by zakham
Please look at this Code.!!
The previous problem of creating a New Registry Key, was re-defined as follows.
I made a separate Procedure named SET_AT_STARTUP.
Problem is, it's Working...Ya ..But it again displays an err msg "'Prgm has performed
an Illegal fnctn call'-
NOTE: PROGRAM SUCCSESSFULLY completed it's INTENTIONS even in Normal execution..But still an err Msg??!!!


.data
h_regkey DWORD 0
subkey DB "Software\Microsoft\Windows\CurrentVersion\run", 0
subkey_descrp DB "MyRegEntry", 0
szTitle db "My Attempts",13,10,0
szMSG db "The Key Has SuccessFully Found",13,10,0

.code
start:
Invoke SET_AT_STARTUP
Invoke ExitProcess,0

SET_AT_STARTUP PROC
LOCAL temp_buffer:DWORD

AND temp_buffer, 0

;Memory Get Allocated
INVOKE GlobalAlloc, GPTR, 1000
MOV temp_buffer, EAX

INVOKE GetCommandLine
INVOKE lstrcpy, temp_buffer, EAX

;Now Create the Key
INVOKE RegCreateKeyEx, HKEY_LOCAL_MACHINE, ADDR subkey, NULL, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, ADDR h_regkey, NULL
INVOKE lstrlen, temp_buffer

;Now EAX=Length of temp_buffer, and set the subkey values.
INVOKE RegSetValueEx, h_regkey, ADDR subkey_descrp, NULL, REG_SZ, temp_buffer, EAX

;The memory is deallocated
INVOKE GlobalFree, temp_buffer

;The Key is Closed.
INVOKE RegCloseKey, h_regkey

SET_AT_STARTUP ENDP

end start
Posted on 2003-10-29 12:21:28 by zakham
Uhm, you're not really returning from SET_AT_STARTUP in your last source ... so ofcourse there'll be an error msg.

Fake
Posted on 2003-10-29 12:33:31 by Fake51
also be careful with things like this INVOKE RegSetValueEx, h_regkey, ADDR subkey_descrp, NULL, REG_SZ, temp_buffer, EAX

where you use invoke + EAX (EAX is not guaranteed to stay the same during this)
so it's better to move it in EBX for example and pass EBX instead of EAX
Posted on 2003-10-29 13:14:56 by Hiroshimator

where you use invoke + EAX (EAX is not guaranteed to stay the same during this)
The exception is the last value of an INVOKE - it is pushed first, so it is always okay to use EAX as the last value. Or more specifically, ADDR is what modifies EAX - so working backwards from last parameter, using EAX prior to ADDR is okay. If this paragraph is confusing then just listen to what Hiroshimator is saying. :)
Posted on 2003-10-29 20:52:22 by bitRAKE
yes but it's the habit that you need to fight :P
Posted on 2003-10-30 01:46:26 by Hiroshimator
The exception is the last value of an INVOKE - it is pushed first, so it is always okay to use EAX as the last value. Or more specifically, ADDR is what modifies EAX - so working backwards from last parameter, using EAX prior to ADDR is okay.
From what I observed I can say, that this is true only with local (stack-based) variables. For global variables ADDR variable simply pushes its addres:

.data

val1 dd 1
val2 dd 2
.code
dummy proc param1:DWORD, param2:DWORD
ret
dummy endp

a_proc proc
local lval1 : DWORD
local lval2 : DWORD

invoke dummy, addr lval1, eax
[b]invoke dummy, eax, addr lval2[/b]
ret
a_proc endp


start:
invoke dummy, addr val1, eax
invoke dummy, eax, addr val2
invoke ExitProcess,0
end start
This will give an error in highlighted line only, because using ADDR on local variable makes the assembler encode it as
lea eax,
push eax


and using it on a global variable simply does
push dword ptr DS:[401000]
Posted on 2003-10-30 02:07:16 by Morris