I am new at this but am trying to learn.

I want to use teh NetGroupGetUsers function but my exe keeps generating illegal memory references. I am sure it has something to do with my lack of understanding of pointers to buffers, but have spent many hours trying to solve this to no avail.

My declarations look like this:

ervername db 0
groupname db 0
level DWORD 0
bufptr db '                                                            ',0
prefmaxlen DWORD 20
resumehandle db 0
entriesread dd ?
totalentries dd ?

And my code looks like this:

invoke NetGroupGetUsers,NULL,NULL,level,addr bufptr,
prefmaxlen, addr entriesread,
addr totalentries,NULL

Can anyone help plz?

Posted on 2005-12-22 00:27:46 by WongDai
bufferptr dd ?
numentries dd ?
allentries dd ?

NetGroupGetUsers, 0, 0, 0, addr bufferptr, MAX_PREFERRED_LENGTH, addr numentries, addr allentries, 0

(...) do something with the data pointed by 'bufferptr' (...)

NetApiBufferFree, bufferptr

Assuming that the second parameter may be 0, this should work.
Posted on 2005-12-22 00:44:34 by ti_mo_n
Thank you kindly for that.

It now runs, but doesn't seem to return anything.

Here is my code:
invoke NetGroupGetUsers,0,0,0,addr bufptr,
MAX_PREFERRED_LENGTH, addr entriesread,
addr totalentries,0

invoke ShellAbout,hWin,addr AccessDenied,addr AboutMsg,NULL
    .elseif eax==NERR_InvalidComputer
invoke ShellAbout,hWin,addr InvalidComputer,addr AboutMsg,NULL
    .elseif eax==NERR_GroupNotFound
invoke ShellAbout,hWin,addr GroupNotFound,addr AboutMsg,NULL
    .elseif eax==ERROR_MORE_DATA
invoke ShellAbout,hWin,addr MoreData,addr AboutMsg,NULL
invoke MessageBox,NULL,ADDR bufptr,OFFSET AppName,MB_OK

As you can see I check for all the known error return codes.  When I run it falls through to teh final "else", but the messagebox doesn't display any text (which would be at the addr bufptr).

Any ideas of what I am doing wrong? 

Also, is there a way I can step through the source with ollydbg and see what is going on?  I have tried using it, but I can't correlate my source to what I see in olly.

Thanks for your help

Posted on 2005-12-22 01:33:55 by WongDai
1) bufptr is a pointer to the data, NOT the data. so it'll more probably work with invoke MessageBox,NULL,bufptr,OFFSET AppName,MB_OK  but i doubt it because...
2) ...The returned data must be text in order to display it with messagebox. the SDK says that the returned data is a 'structure' of some sort, not the text. and don't try to do messagebox with it until you're sure that it's zero-terminated somewhere. otherwise you'll get GP fault. It's probably refering to the GROUP_USERS_INFO_0 structure.

So the return value is (probably) pointing to an array of these structures. number of these structures is returned in 'entriesread' dword.

Try something like this:
push ebx
xor ebx, ebx
push esi
mov esi, bufptr
cmp ebx, entriesread
jae skip


call MessageBoxW, 0, esi, 0, 0
add ebx, 1
add esi, 4
cmp ebx, entriesread
jb shownext


pop esi
pop ebx
Posted on 2005-12-22 02:00:22 by ti_mo_n
Thanks Ti_mo_n

I am back to having GPFs now, so something amiss.

You have put me on the correct path, so I will try and do some more research and figure out how to get this going.  I haven't been able to find any code examples using the NetGroupGetUsers function, so it is difficult.  As you can tell me asm is not great, but it is improving and I will not give up.

I need a source code debugger to help me understand where it is going wrong.

Thanks again

Posted on 2005-12-22 07:15:38 by WongDai
download yourself Ollydbg.
Posted on 2005-12-22 21:12:36 by ti_mo_n