Hi, i seem to be getting different values on ESI under different circumstances.
like if it was started from qeditor program, or debugger, or from plain windows explorer.

I am talking about the value of esi on program entry. right when the module recieves control. the values i usually get are these:

0040000 : program base in memory
0000000 : null
77D4CBDC : an address at user32.dll

this is on my windows xp machine. i still have no clue as to why these values change or for what reason there values is defined the way it is.
this is on my winxp box. i would like any info you can give me even on different windows, and what your esi was, and if you know anything about this :)
Posted on 2004-10-26 02:58:48 by pwn
esi is a reserved register in the STDCALL convention, that is, all STDCALL routines expect all other STDCALL routines to save it. Traditionally, it is used as a register variable, that is, it is used to store some data (which isn't really definable). I assume your debugger calls your program (which it assumes to be STDCALL) in a slightly different manner, with a different use for esi, than what Windows and qeditor does.

And yeah here's a bit of a peculiarity of qeditor:
When Windows Explorer starts up a program, the arg[0] (which is supposed to contain the path of the program file) has quotation marks around it. (this is for Win98)
But in qeditor, the arg[0] has quotation marks only if there is a space somewhere in the path.
Posted on 2004-10-26 19:09:08 by AmkG