Hi
I am new at this but am trying to learn.
I want to use teh NetGroupGetUsers function but my exe keeps generating illegal memory references. I am sure it has something to do with my lack of understanding of pointers to buffers, but have spent many hours trying to solve this to no avail.
My declarations look like this:
ervername db 0
groupname db 0
level DWORD 0
bufptr db ' ',0
prefmaxlen DWORD 20
resumehandle db 0
entriesread dd ?
totalentries dd ?
And my code looks like this:
invoke NetGroupGetUsers,NULL,NULL,level,addr bufptr,
prefmaxlen, addr entriesread,
addr totalentries,NULL
Can anyone help plz?
Wongdai
I am new at this but am trying to learn.
I want to use teh NetGroupGetUsers function but my exe keeps generating illegal memory references. I am sure it has something to do with my lack of understanding of pointers to buffers, but have spent many hours trying to solve this to no avail.
My declarations look like this:
ervername db 0
groupname db 0
level DWORD 0
bufptr db ' ',0
prefmaxlen DWORD 20
resumehandle db 0
entriesread dd ?
totalentries dd ?
And my code looks like this:
invoke NetGroupGetUsers,NULL,NULL,level,addr bufptr,
prefmaxlen, addr entriesread,
addr totalentries,NULL
Can anyone help plz?
Wongdai
bufferptr dd ?
numentries dd ?
allentries dd ?
NetGroupGetUsers, 0, 0, 0, addr bufferptr, MAX_PREFERRED_LENGTH, addr numentries, addr allentries, 0
(...) do something with the data pointed by 'bufferptr' (...)
NetApiBufferFree, bufferptrAssuming that the second parameter may be 0, this should work.
Thank you kindly for that.
It now runs, but doesn't seem to return anything.
Here is my code:
invoke NetGroupGetUsers,0,0,0,addr bufptr,
MAX_PREFERRED_LENGTH, addr entriesread,
addr totalentries,0
.IF eax==ERROR_ACCESS_DENIED
invoke ShellAbout,hWin,addr AccessDenied,addr AboutMsg,NULL
.elseif eax==NERR_InvalidComputer
invoke ShellAbout,hWin,addr InvalidComputer,addr AboutMsg,NULL
.elseif eax==NERR_GroupNotFound
invoke ShellAbout,hWin,addr GroupNotFound,addr AboutMsg,NULL
.elseif eax==ERROR_MORE_DATA
invoke ShellAbout,hWin,addr MoreData,addr AboutMsg,NULL
.else
invoke MessageBox,NULL,ADDR bufptr,OFFSET AppName,MB_OK
.ENDIF
As you can see I check for all the known error return codes. When I run it falls through to teh final "else", but the messagebox doesn't display any text (which would be at the addr bufptr).
Any ideas of what I am doing wrong?
Also, is there a way I can step through the source with ollydbg and see what is going on? I have tried using it, but I can't correlate my source to what I see in olly.
Thanks for your help
Wongdai
It now runs, but doesn't seem to return anything.
Here is my code:
invoke NetGroupGetUsers,0,0,0,addr bufptr,
MAX_PREFERRED_LENGTH, addr entriesread,
addr totalentries,0
.IF eax==ERROR_ACCESS_DENIED
invoke ShellAbout,hWin,addr AccessDenied,addr AboutMsg,NULL
.elseif eax==NERR_InvalidComputer
invoke ShellAbout,hWin,addr InvalidComputer,addr AboutMsg,NULL
.elseif eax==NERR_GroupNotFound
invoke ShellAbout,hWin,addr GroupNotFound,addr AboutMsg,NULL
.elseif eax==ERROR_MORE_DATA
invoke ShellAbout,hWin,addr MoreData,addr AboutMsg,NULL
.else
invoke MessageBox,NULL,ADDR bufptr,OFFSET AppName,MB_OK
.ENDIF
As you can see I check for all the known error return codes. When I run it falls through to teh final "else", but the messagebox doesn't display any text (which would be at the addr bufptr).
Any ideas of what I am doing wrong?
Also, is there a way I can step through the source with ollydbg and see what is going on? I have tried using it, but I can't correlate my source to what I see in olly.
Thanks for your help
Wongdai
1) bufptr is a pointer to the data, NOT the data. so it'll more probably work with invoke MessageBox,NULL,bufptr,OFFSET AppName,MB_OK but i doubt it because...
2) ...The returned data must be text in order to display it with messagebox. the SDK says that the returned data is a 'structure' of some sort, not the text. and don't try to do messagebox with it until you're sure that it's zero-terminated somewhere. otherwise you'll get GP fault. It's probably refering to the GROUP_USERS_INFO_0 structure.
So the return value is (probably) pointing to an array of these structures. number of these structures is returned in 'entriesread' dword.
Try something like this:
2) ...The returned data must be text in order to display it with messagebox. the SDK says that the returned data is a 'structure' of some sort, not the text. and don't try to do messagebox with it until you're sure that it's zero-terminated somewhere. otherwise you'll get GP fault. It's probably refering to the GROUP_USERS_INFO_0 structure.
So the return value is (probably) pointing to an array of these structures. number of these structures is returned in 'entriesread' dword.
Try something like this:
push ebx
xor ebx, ebx
push esi
mov esi, bufptr
cmp ebx, entriesread
jae skip
shownext:
call MessageBoxW, 0, esi, 0, 0
add ebx, 1
add esi, 4
cmp ebx, entriesread
jb shownext
skip:
pop esi
pop ebxThanks Ti_mo_n
I am back to having GPFs now, so something amiss.
You have put me on the correct path, so I will try and do some more research and figure out how to get this going. I haven't been able to find any code examples using the NetGroupGetUsers function, so it is difficult. As you can tell me asm is not great, but it is improving and I will not give up.
I need a source code debugger to help me understand where it is going wrong.
Thanks again
Wongdai
I am back to having GPFs now, so something amiss.
You have put me on the correct path, so I will try and do some more research and figure out how to get this going. I haven't been able to find any code examples using the NetGroupGetUsers function, so it is difficult. As you can tell me asm is not great, but it is improving and I will not give up.
I need a source code debugger to help me understand where it is going wrong.
Thanks again
Wongdai
download yourself Ollydbg.