Does anyone have an idea as to why Windows is crashing my app when i try to jump to a piece of code exported to a different location in memory???? My code that i have goes something like this: .data Txt_ThaMessage BYTE "dUdE",0 .data? hMem HANDLE ? OldProtect DWORD ? .code IMPLANT_START equ $ invoke MessageBox ,0,ADDR Txt_ThaMessage,0,0 ret IMPLANT_END equ $ start: ;Program Entry Point invoke GlobalAlloc ,GMEM_FIXED,IMPLANT_END - IMPLANT_START ;Allocate the memory mov hMem,eax ;Save the pointer invoke VirtualProtect ,hMem,IMPLANT_END - IMPLANT_START,PAGE_EXECUTE_READWRITE,ADDR OldProtect ;Change the protection attributes of the mem mov esi,IMPLANT_START ;Copy the implant mov edi,hMem mov ecx,IMPLANT_END - IMPLANT_START rep movsb mov ebx,hMem ;Call the copied code via ebx register call dword ptr ebx invoke ExitProcess ,NO_ERROR The most confusing thing is, that when run, an exception occours at 0000:00510d4a, somewhere in the system area. Also the exception occours only at the point of the call....its not a memory allocation error or anything. I have tried playing round with the segment registers, i.e call assumes the destination to be in the cs segment, while i am calling the ds segment, but nothin seems to work. Thanks anyone
Posted on 2001-01-14 23:21:00 by manimal
Could it be something to do with your using esi, edi, and ebx. Don't these registers need to be preserved? Mirno
Posted on 2001-01-15 07:10:00 by Mirno
Does INVOKE use a direct or indirect CALL? A "direct" call encodes a displacement to the target address, so when you move the code, it no longer calls the target routine (MessageBox).
Posted on 2001-01-15 16:38:00 by tank