Hi, It's best to have only one ret in your procedure. This should work :
WndProc proc hwnd:dword, uMsg:dword, wParam:dword, lParam:dword .if \ uMsg == WM_COMMAND xor eax, eax ; set eax to zero when you handle a message .elseif \ uMsg == WM_DESTROY invoke PostQuitMessage, NULL xor eax, eax .else invoke DefWindowProc, hwnd, uMsg, wParam, lParam .endif RET WndProc endp
Your bytes at CS:EIP Bytes at CS:EIP: a3 20 10 40 00 e8 49 01 00 00 a3 24 10 40 00 6a disassembles to a3 20 10 40 00 mov ,eax that means, you are trying to write to your code section (ok, you told us not to tell you anything like that) japheth
japheth :) it's alright. hmm. strange. i'm not sure if WndProc is the one that is halting. let me go over my source very carefully this time.
Make sure the section has write access. Given what Japheth said, EIP is very close to the data. The problem is close to the start of your app! Either that or you are trying self modifying code.... Mirno
But cs and ds are different, are you sure the program writes in the code section ?
Mirno, you're right. after what japheth said, i set to explore and try to find out what halt my program. I use Delphi debugger, but that didn't do the job, so i open up w32dasm and foudn out, that GetModuleHandleA is the problem.
the question now is, how do i set READ to code segment? by the way, i have both DATA and CODE in one segment... --------------------------------------------------------------------- Karim, it's my fault, i think i'll have to think twice next time. however, i have a general question for you.
:00401020 00000000000000000000 BYTE 8 DUP(0) <--- GHandle //************** Program Entry Point ****************** :00401028 6A00 push 0000000000 * Reference To: KERNEL32.GetModuleHandleA, Ord:0111h :0040102A E85F010000 Call 0040118E <------ call GetModuleHandle :0040102F A320104000 mov dword ptr , eax <----- mov GHandle, eax ^ | +------that's the address -----what window gave me: 015f:0040102F <-- address that caused an invalid page fault. Bytes at CS:EIP: a3 20 10 40 00 e8 4f 01 00 00 a3 24 10 40 00 6a ^ | +----corresond to move. :)
why is that WM_PAINT and WM_DESTORY always have return 0 at the end? why not every other messages? this is something i'm not very clear. This message was edited by disease_2000, on 6/26/2001 12:43:53 PM This message was edited by disease_2000, on 6/26/2001 12:45:22 PM
.elseif uMsg == WM_CREATE szText font1,"Times New Roman" invoke CreateFont,16,8,0,0,500,0,0,0, \ DEFAULT_CHARSET,0,0,0,\ DEFAULT_PITCH,ADDR font1 mov hFont, eax szText adrTxt,0 szText lbl1," Text Box 1" invoke Static,ADDR lbl1,hWin,50,30,200,17,0 szText lbl2," Text Box 2" invoke Static,ADDR lbl2,hWin,50,80,200,17,0 szText lbl3," Text Box 3" invoke Static,ADDR lbl3,hWin,50,130,200,17,0 invoke EditSl,ADDR adrTxt,50,50,250,23,hWin,700 mov hEdit1, eax invoke EditSl,ADDR adrTxt,50,100,250,23,hWin,701 mov hEdit2, eax invoke EditSl,ADDR adrTxt,50,150,250,23,hWin,702 mov hEdit3, eax szText ButnTxt,"Register" invoke PushButton,ADDR ButnTxt,hWin,125,215,100,25,500 mov hButn1, eax .elseif uMsg == WM_PAINT invoke BeginPaint,hWin,ADDR Ps mov hDC, eax invoke Paint_Proc,hWin,hDC invoke EndPaint,hWin,ADDR Ps return 0 .elseif uMsg == WM_CLOSE invoke DeleteObject,hFont .elseif uMsg == WM_DESTROY invoke PostQuitMessage,NULL return 0 .endif
hold on. let me make it more clearer...
10 minute ago, i use IDA to view my exe and here's what i get:
_TEXT segment para '_TEXT' public ;;;;; ;;;;;this is where all of my data reside... ;;;;; code: ;;;;code _TEXT ends end code
mov ds:hInstance, eax ds:hInstancce ??? strange... ----------------------------------------------------------------- now the problem becoems abit clearer to me. in the past, i've never had problem like this, that's because i have two sectioin. one for data and one for code. _DATA segment... _DATA ends _TEXT segment assume cs:_TEXT, ds:_DATA _TEXT ends which works. but now, this is my first time grouping data and code into one section this way. but then again, IDA tells me that i'm not trying to write into Code Segment which prove Karim point that CS and DS are two different things. or could it be that my code confused IDA? This message was edited by disease_2000, on 6/26/2001 1:29:15 PM
.text:00401028 push 0 ; lpModuleName .text:0040102A call GetModuleHandleA .text:0040102F mov ds:hInstance, eax
Disease2000, eax must be set to zero when an application process a message. It's documented in the MSDN. The other problem is that your code section is not writeable. Try to link it with /SECTION:_TEXT,ERW
thanx alot karim!! i got it working now. :) link /SECTION:.text,ERW
hey, i just found another solution myself. :D /MERGE:.text=.data IDA shows: mov ds:GHandle <--- that mean it's trying to access data segment when in fact, it's located in Code segment. so i sat and think with Karim's solution and asked myself: "Why enable write access to Code segment when all i wanted was to group text into data?" so, what i did was group _text into _data. the reason i'm doing this is because i want to protect my exe against w32dasm and it works just fine. i alone discovered that w32dasm will not list info on exe that has no code segment. the reason i'm coding in this style is because i want full control of the system. anyway, that's about it. take care. and try it out yourself. doesn't matter how you code your app. LINK it with: /MERGE:.text=.data and w32dasm will not be able to load your app (it will load, but code are not shown).