Need your help......
1.How can we identifying the WinMain Function by the Arguments passed to it .
2.What are in these eax, esi, ebx.
.text:00401804 push eax
.text:00401805 push esi
.text:00401806 push ebx
.text:00401807 push ebx
.text:00401808 call ds:GetModuleHandleA
.text:0040180E push eax
.text:0040180F call _WinMain@16
.text:00401814 mov , eax
.text:00401817 push eax
.text:00401818 call ds:exit
Thanx!
1.How can we identifying the WinMain Function by the Arguments passed to it .
2.What are in these eax, esi, ebx.
.text:00401804 push eax
.text:00401805 push esi
.text:00401806 push ebx
.text:00401807 push ebx
.text:00401808 call ds:GetModuleHandleA
.text:0040180E push eax
.text:0040180F call _WinMain@16
.text:00401814 mov , eax
.text:00401817 push eax
.text:00401818 call ds:exit
Thanx!
Generally it refers to something like this.
push CmdShow
push lpCmdLine
push HINSTANCE,
push HINSTANCE,
call WinMain proc
As a rule when I write the code I name my win procs names I can remember then after compiling with debug symbols easy to identify ;)
best regards,
czDrillard
push CmdShow
push lpCmdLine
push HINSTANCE,
push HINSTANCE,
call WinMain proc
As a rule when I write the code I name my win procs names I can remember then after compiling with debug symbols easy to identify ;)
best regards,
czDrillard
yes?thanx?
eax, ebx, ecx, edx, esi, edi, ebp, esp, eip are all the names of the 'registers'. 'Register' is a 32-bit 'variable' which resides inside the CPU (so it's very fast). There are more registers than these.
If you don't know what registers are I'd suggest reading the basic document every starting assembly programmer should read "The art of assembly" by Randall Hyde (document can be found on google)
1.How can we identifying the WinMain Function by the Arguments passed to it .
When YOU write your code, you could always add some NOP's to the code before the call
to winMain, to make it easier to find when you dis-assemble it.
The classical typing with the invoke statement :
invoke WinMain, hInstance,NULL,CommandLine, SW_SHOWDEFAULTiNeedSpeed,
The "WinMain" program is the root program in a Windows program. You do not need to set up still another layer of routine calls with "invoke WinMain, hInstance,NULL,CommandLine, SW_SHOWDEFAULT" . Just code what you want to do in WinMain and include the starting label. I never use a call to WinMain is my programs. I can send you the template I use as an example if you like. Ratch
The "WinMain" program is the root program in a Windows program. You do not need to set up still another layer of routine calls with "invoke WinMain, hInstance,NULL,CommandLine, SW_SHOWDEFAULT" . Just code what you want to do in WinMain and include the starting label. I never use a call to WinMain is my programs. I can send you the template I use as an example if you like. Ratch
to All of you,thank you !
Ratch, I am glad with your help.
my email : joymyway@163.com.
Ratch, I am glad with your help.
my email : joymyway@163.com.
iNeedSpeed,
Here is the template. Edit out what you do not want or need. As you can see, you do not need to make any calls to WinMain. Ask if you have any questions. Ratch
Here is the template. Edit out what you do not want or need. As you can see, you do not need to make any calls to WinMain. Ask if you have any questions. Ratch
;*****WINMAIN*******************************************************************
WMSTRUC STRUC
msg MSG {} ;message structure ****ALWAYS KEEP MSG STRUCTURE AT BEGINNING
WMSTRUC ENDS
MAIN:
XOR EBP,EBP ;handy constant zero
SUB ESP,WMSTRUC ;make local space
INVOKE GetModuleHandle,EBP
MOV ESI,EAX ;now ESI=module handle
;*****CLASS REGISTRATION********************************************************
APPNAME EQU '%%%%%'
IF TRUE ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
RPUSHIT EBP,LTEXT(szAppName,APPNAME,0) ;for no menu
ELSE ;<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
RPUSHIT LTEXT(szAppName,APPNAME,0),@ szAppName ; for menu
ENDIF ;<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
IF TRUE ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
PUSH COLOR_WINDOW+1 ;for window background color
ELSE ;<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
INVOKE CreateSolidBrush,WHITE_BRUSH ;
PUSH EAX
ENDIF ;<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
INVOKE LoadCursor,EBP,IDC_ARROW
PUSH EAX ;cursor handle
IF TRUE ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
INVOKE LoadIcon,EBP,IDI_APPLICATION ;EBP=0
ELSE ;<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
INVOKE LoadIcon,ESI,######### ;ESI=hInst
ENDIF ;<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
S1=CS_HREDRAW OR CS_VREDRAW
RPUSHIT S1,@ WINCALLBACK,EBP,EBP,ESI,EAX ;ESI=hInst
INVOKE RegisterClass,ESP
IF DBUG
TEST EAX,EAX
.IF ZERO?
INVOKE MessageBox,ESI,TEXT('Class registration failed.',0),EBP,EBP ;EBP=0
JMP EXIT
.ENDIF
ENDIF
ADD ESP,WNDCLASS ;balance stack from WNDCLASS
; ADD ESP,WNDCLASSEX ;balance stack from WNDCLASSEX
;*****END OF CLASS REGISTRATION*************************************************
;*****WINDOW CREATION***********************************************************
MOV ECX,CW_USEDEFAULT
S1=WS_OVERLAPPEDWINDOW
INVOKE CreateWindowEx,EBP,@ szAppName,@ szAppName,\
S1,ECX,ECX,ECX,ECX,EBP,EBP,ESI,EBP ;EBP=0
IF DBUG
TEST EAX,EAX
.IF ZERO?
INVOKE MessageBox,ESI,TEXT('Main CreateWindow call error',0),EBP,EBP ;EBP=0
JMP EXIT
.ENDIF
ENDIF
MOV ,EAX ;window handle
MOV ESI,EAX ;now ESI=hwnd=window handle
;*****END OF WINDOW CREATION****************************************************
INVOKE ShowWindow,ESI,SW_SHOWNORMAL
INVOKE UpdateWindow,ESI
IF DBUG
TEST EAX,EAX
.IF ZERO?
INVOKE MessageBox,ESI,TEXT('UpdateWindow call error',0),EBP,EBP ;EBP=0
JMP EXIT
.ENDIF
ENDIF
MOV EBX,ESP ;EBX=ESP=&msg
.WHILE NOT 0 ;beginning of message loop
INVOKE GetMessage,EBX,EBP,EBP,EBP ;
TEST EAX,EAX
IF DBUG
JS GMERR ;jump out on GetMessage error
ELSE
JS EXIT ;jump out on GetMessage error
ENDIF
.BREAK .IF ZERO? ;jump out on WM_QUIT message
IF FALSE ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
CMP ,EBP
JZ F@
INVOKIT IsDialogMessage,,EBX ;ESI=dialog box handle,EBX=&msg
TEST EAX,EAX
.CONTINUE .IF !ZERO?
@@:
ENDIF ;<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
IF FALSE ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
INVOKE TranslateAccelerator,ESI,,EBX ;EBX=&msg
TEST EAX,EAX
.CONTINUE .IF !ZERO?
ENDIF ;<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
INVOKE TranslateMessage,EBX ;EBX=&msg
INVOKE DispatchMessage, EBX ;EBX=&msg
.ENDW ;repeat message loop
MOV EAX,
EXIT:
ADD ESP,WMSTRUC ;recover local space
INVOKE ExitProcess,EAX
IF DBUG
GMERR: ;display error message via message box & jmp to EXIT
INVOKE MessageBox,ESI,TEXT('GetMessage call error',0),EBP,EBP ;EBP=0
JMP EXIT
ENDIF
;*****END OF WINMAIN************************************************************
yeah! thank you..................