hi there. i just wanted to know what the difference is between a regular ret and the ExitProcess API? I heard that if you do a ret at the end of your program, the processor will jump to a routine in kernel.dll (it should be CreateProcess, right?). If you do a ret, you have to save esp at the beginning of the program, because the kernel routine where the processor jumps to after the ret needs ebp for local variables and such. But what happens if i exit my programm using ExitProcess? Oh, btw: Does anybody know the difference between iret and iretd?
Posted on 2001-02-09 09:49:00 by hadez
hadez, RET is the matching mnemonic for CALL where ExitProcess is an API that terminates a running process in Windows. This is one area where it is worth doing it the documented way, use ExitProcess to close your application. These trick to save 1 API call often lead to unreliable pereformance across different versions of Windows and with the problems between versions, adding another one does not help. Regards, hutch@pbq.com.au
Posted on 2001-02-09 16:27:00 by hutch--
but what if i wanna write a virus. i'm not gonna use any api calls in a virus. so i will do a ret at the end of the program. i know that it does work and i know that a ret belongs to a former call and i also know that windows "must" do a call (a tss segment selector or a call gate descriptor as the argument) to call an application. the only thing i can't understand is, where will the processor execute the next instruction after the ret. shouldn't it be the same adress as the one after an ExitProcess. i just don't get it.
Posted on 2001-02-10 04:07:00 by hadez
I do my best never to contribute to the destruction of other people's life, time or interest so I do not support virus writing, writers or distributors at all. I am yet to see the point of trashing a computer that someone owns, especially when the people who are most effected are those who do the least harm to the general computer industry. I am not of the view that virus writers are some form of elite coders, I see them as a bunch of jerks who don't have the talent to write real code. Regards, hutch@pbq.com.au ohoh what happens to the poor virus writer now: Posted on 2001-02-10 05:27:00 by hutch--