ASM Community

Hi, i have a strange problem (becoz it works in C++ but not in asm). I want to start a Process in suspended state and after it getting its image base address. I solve this with CreateToolhelp32Snapshot and Module32First. The following code works converted to C++, but not in asm, perhaps anybody of you sees the error or has an advice for me:

mov [startup.cb],68

invoke SetCurrentDirectory,dir1

invoke    CreateProcess,filename,commandline,0,0,0,CREATE_SUSPENDED,0,0,startup,procinfo

invoke CreateToolhelp32Snapshot,8,[procinfo.dwProcessId]

mov [snaphandle],eax

mov [modinf.dwSize],0x224

invoke Module32First,[snaphandle],modinf

invoke ResumeThread,[procinfo.hThread]



;The structures have this format:



struc PROCESSINFORMATION{

      .hProcess DD 0

      .hThread DD 0

      .dwProcessId DD 0

      .dwThreadId DD 0

}



struc MODULEENTRY32{

      .dwSize DD 0   ;0x224

      .th32ModuleID DD 0

      .th32ProcessID DD 0

      .GlblcntUsage DD 0

      .ProccntUsage DD 0

      .modBaseAddr  DD 0

      .modBaseSize  DD 0

      .hModule DD 0

      .szModule: times 256 db 0

      .szExePath: times 260 db 0

}                        

The Problem is that CreateToolhelpSnapshot seems to work and gives me

Mh, there was at least a little difference in my codes, i started in c++ the process not in suspended state. I dont know why, but its not possible to use Module32First and Module32Next when the main thread of the process is in suspended state.

I thought about that too, but i decided now to have bedder compatibility to win 9x to read out the image base from the PE header of the file.