Why mov EDI, OFFSET LABEL is not allowed in a DLL and mov ESI, OFFSET LABEL don't has problems?
It's not the problem specific to DLL: under Win32, you MUST preserve edi in every callback function. You can use it in your code but you must restore its value before your code returns to Windows
Hi, dont forget to preserve also esi and ebx (and edi). Forget to save this registers doesnt much under Win95 but fails under NT. beaster.
When writing callback functions, you must preserve these registers (EBX, ESI, EDI) because you don't know how the calling functions are using them. Most of the 32-bit code in the OS is compiled under C which generates code using these assumptions about register preservation. The actual need for preservation depends on the register usage (determined by the compiler) surrounding a call. It takes only one routine in a chain of calls to break code that doesn't properly preserve registers. The probability of failure is higher in NT, because NT isn't going to switch between 16-bit and 32-bit code (which presumably forces register preservation.) This makes NT code more dependent on proper preservation.