Does anyone have an idea as to why Windows is crashing my app when i try to jump to a piece of code exported to a different location in memory???? My code that i have goes something like this: .data Txt_ThaMessage BYTE "dUdE",0 .data? hMem HANDLE ? OldProtect DWORD ? .code IMPLANT_START equ $ invoke MessageBox ,0,ADDR Txt_ThaMessage,0,0 ret IMPLANT_END equ $ start: ;Program Entry Point invoke GlobalAlloc ,GMEM_FIXED,IMPLANT_END - IMPLANT_START ;Allocate the memory mov hMem,eax ;Save the pointer invoke VirtualProtect ,hMem,IMPLANT_END - IMPLANT_START,PAGE_EXECUTE_READWRITE,ADDR OldProtect ;Change the protection attributes of the mem mov esi,IMPLANT_START ;Copy the implant mov edi,hMem mov ecx,IMPLANT_END - IMPLANT_START rep movsb mov ebx,hMem ;Call the copied code via ebx register call dword ptr ebx invoke ExitProcess ,NO_ERROR The most confusing thing is, that when run, an exception occours at 0000:00510d4a, somewhere in the system area. Also the exception occours only at the point of the call....its not a memory allocation error or anything. I have tried playing round with the segment registers, i.e call assumes the destination to be in the cs segment, while i am calling the ds segment, but nothin seems to work. Thanks anyone
Could it be something to do with your using esi, edi, and ebx. Don't these registers need to be preserved? Mirno
Does INVOKE use a direct or indirect CALL? A "direct" call encodes a displacement to the target address, so when you move the code, it no longer calls the target routine (MessageBox).