I tried this and it messes up due to the xchg instructions

  xchg eax,dword
        xchg eax,dword
        xchg eax,dword
         
                    mov  ,eax
                    mov  ,eax
                    mov  ,CS_HREDRAW or CS_VREDRAW
                    mov  ,window_procedure
                    mov  ,wClsName
                    mov  ,COLOR_WINDOW+1
          invoke    LoadIcon,NULL,IDI_APPLICATION  <------- MESSES UP HERE

Why won't it work with xchg and does work with mov?
Posted on 2005-11-06 23:05:11 by shism2
Because you are editing the values in that location when you are not supposed to be doing that. Why would you want to use xchg? I don't see a reason for you to do that.
Posted on 2005-11-07 00:15:15 by roticv
it uses less bytes and now I see what you mean... sigh should of noticied that
Posted on 2005-11-07 00:23:57 by shism2
You are wrong.

xchg eax, fs:[18h] is one more byte longer than mov eax, fs:[18h]
xchg eax, fs: is same length as mov eax, fs:

You only save a byte if you do

xchg eax, reg instead of mov eax, reg
Posted on 2005-11-07 01:50:13 by roticv
Well I didn't know it was only with a reg...
'

How did you calculate that?
Posted on 2005-11-07 14:21:22 by shism2

mov eax,dword
mov eax,dword
mov eax,dword

...12 bytes.


invoke GetModuleHandle, 0

...7 bytes, and is documented.
Posted on 2005-11-07 14:30:24 by f0dder
Wouldn't having the code directly in the program be faster?
Posted on 2005-11-07 14:49:49 by shism2
Dude, you don't need speed for something like this. You typically need GetModuleHandle(0) one time in your app, right at startup. It's an entirely non-critical piece of code, and doesn't take many processor cycles to execute, even if it needs a call/ret pair.

Doing the GetModuleHandle(0) call is clearer, doesn't set up dependencies on undocumented kernel structures, etc.
Posted on 2005-11-07 14:58:28 by f0dder
Your right about that ... but I'm just hella bored and want to code a program like this just for the hell of it .
Posted on 2005-11-07 15:19:33 by shism2
Hehe - just don't adopt that attitude for general programming, save your efforts for where they matter (and won't cause trouble).
Posted on 2005-11-07 15:24:18 by f0dder
Doing the GetModuleHandle(0) call is clearer, doesn't set up dependencies on undocumented kernel structures, etc.



Well, I just thought what I could do to make it clearer ;)

macro @GetmoduleHandle

{
          mov eax,dword ; API : GetModuleHandleA
          mov eax,dword ;---------------
          mov eax,dword ;--------------------

}


macro @GetLastError

{
          mov eax,dword ; API : GetLastError----------
          mov eax,dword ;--------------------------

}

HEHE.. Hey I need some help with NtCreateMutant parameters... Can you give me a hand  :)??

deskha db "IM ALIVE BIYATCH WOOT WOOT",0

obuf  db  20h dup (?)

invoke  MultiByteToWideChar,1251,1,deskha,20h,obuf,20h
   
   
          invoke CreateMutex,0,1,obuf


I used the Wide character version becuase it's faster than the ANSI version due to the fact that CreateMutexA calls CreateMutexW either way. Thus less clock cylces..

Posted on 2005-11-07 15:29:52 by shism2
Haha, I can say that I manaully encoded it but I got lazy and cheated using Ollydbg. Anyway I do know for sure that xchg eax, reg is 1 byte because I have tried to code a disassembler before.

Clocks cycles and bytes aren't everything imo. It is more about doing things correctly.
Posted on 2005-11-07 20:48:29 by roticv

Clocks cycles and bytes aren't everything imo. It is more about doing things correctly.

Especially in silly cases like this where there aren't any real advantages from the "more funky way" :)
Posted on 2005-11-07 21:00:26 by f0dder
SIGH.... Well I just like doing it this way ... EVEN though it might be dumb to you guys...
Posted on 2005-11-07 22:40:18 by shism2
Just to note that this way your software might not run on newer or other Microsoft OSes. They can easily decide to change the structure of the object, pointed to by  FS. I might be wrong - haven't read much about win32's internals, but looking at FS-using API, I'm inclined to think that most struct-members there are easy to change/move around.

But I have your spirit in the PalmOS domain :). Though the OS creators personally told me not to do similar things, I continue doing so :P
Posted on 2005-11-07 23:12:29 by Ultrano
Well, I could just detect the OS and jmp to the correct code :). Even though ya It will be different in other oses.
Posted on 2005-11-07 23:42:57 by shism2