01 .386
02 .model flat
03 extrn ExitProcess:proc
04 extrn MessageBoxA:proc
05 extrn CreateFileA:proc
;
07 generic_read equ 80000000h
08 generic_write equ 40000000h
09 mb_ok equ 0
10 hwnd equ 0
11 open_existing equ 3
12 normal equ 80h
;
14 .data
15 capError db "Error",0
16 bodyerror db "file to open not found ",0
17 capSuccess db "Success",0
18 bodySuccess db "file to open found ",0
19 filName db "bbb.exe",0
20 fhandle dd ?
;
22 .code
23 start:
23 push 0
25 push normal
26 push open_existing
27 push 0
28 push 0
29 push generic_read + generic_write
30 push offset filName
32 Call CreateFileA
34 mov fhandle,eax
35 cmp eax,0ffffffffh
36 jz notFoundCreateFile Function opens a file and returns a handle to the register eax. Using td32, i executed the code line by line but, i was not able to find any value change in eax, even though the createFile function has executed successfully.
How does one view the returned value ?
i have attached the source.
thank you.
First, you could use something more advanced like Ollydbg. And the only thing that matters is the value that EAX has after the call. It doesn't matter if it doesn't change.
Compare the return value with the RETURN values in the CreateFile MSDN documentation and you'll know if there's a problem or not.
http://msdn.microsoft.com/en-us/library/aa363858(VS.85).aspx
Compare the return value with the RETURN values in the CreateFile MSDN documentation and you'll know if there's a problem or not.
http://msdn.microsoft.com/en-us/library/aa363858(VS.85).aspx
Thank you ChaperonNoir..
i tried to open the exe in Ollydbg. (though, iam not very familiar with Olly). Here again the Eax maintains the same unconcerned stance.
Anyway, with the 2 files (aaa.exe and bbb.exe) in the same directory,
when aaa.exe is run, i get the expected message ‘file found’ and if the bbb.exe is removed from the directory, the likely ‘file not found’ message is received.
So, can i assume that createFile function is successful in finding and opening the specific file (bbb.exe)?
Another uncertainty,
Without closing an opened file, if the ExitProcess is called. i suppose there is a possibility of process freezing. if my view is correct, how does one explain the result that followed (no freezing) relevant to aaa.exe?
regards.
i tried to open the exe in Ollydbg. (though, iam not very familiar with Olly). Here again the Eax maintains the same unconcerned stance.
Anyway, with the 2 files (aaa.exe and bbb.exe) in the same directory,
when aaa.exe is run, i get the expected message ‘file found’ and if the bbb.exe is removed from the directory, the likely ‘file not found’ message is received.
So, can i assume that createFile function is successful in finding and opening the specific file (bbb.exe)?
Another uncertainty,
Without closing an opened file, if the ExitProcess is called. i suppose there is a possibility of process freezing. if my view is correct, how does one explain the result that followed (no freezing) relevant to aaa.exe?
regards.
ExitProcess doesn't freeze when you have open handles (not only handles to files but any handles). On NT it closes all handles for you but it's generally a good habit to close them yourself before you exit.
Well!
It’s really instructive; i had put up with this uncertainty for quite some time.
thank you for showing the right course of action.
regards!
On NT it closes all handles for you but it's generally a good habit to close them yourself before you exit.
It’s really instructive; i had put up with this uncertainty for quite some time.
thank you for showing the right course of action.
regards!