I got some problems with Win32, I hope somebody can shed some light on it.

At a certain point in my code (normal ring 3 execution), for my internal debugger, when I invoke my debug function (via JMP after saving into a var the return address) I need to "switch stack". That is, I save into a variable the content of ESP, and then set ESP to the top of an area of memory, aligned, which I want to use as temporary stack, so to not damage/corrupt what's below ESP in the code I want to debug (I got good reasons to be so careful about this).

All works well until I call some Win32 functions.. in that case, KERNEL32 crashes.

The OS crashes maybe because it checks if my ESP points to an area of memory which wasn't originally meant as stack, but as normal data? (i.e. it doesn't allow the stack to be outside the bounds specified in the PE?).

Is there any such annoying (and in this case detrimental) "stack checking" built in the Win32 functions?

Thanks in advance for any info.


PS: Is it unsafe to assume that anything below ESP would survive a context switch?
If I wanted to really muck around with my stack pointer within my application, would I be violating any conventions?
Posted on 2002-03-29 08:28:25 by Maverick
As long as esp point into allocated memory, there shouldn't be any
trouble. Well, at least not as long as ESP is 4byte aligned.
What sorta crash do you get, and on which functions?
Posted on 2002-03-29 09:16:25 by f0dder
On Windows2000 it is ok, on ME/98 crash. Functions are e.g. MessageBoxA, other do not crash.

I've made research on Usenet and there were many others talking about this problem.

My own solution is to reserve some stack space at the begin of my program, and then use it in these particular cases (like into my debugger). Will test it now and report tonight.
Posted on 2002-03-29 09:24:52 by Maverick
Where I went to test this I had no Internet connection, so I'm reporting now:
Allocating a piece of stack for these uses just when my EXE starts fixed the problem (4KB should be more than enough, but I keep 64KB just to be sure that all Windows functions I may use do not fail when I've to use the alternate stack).
Now I only hope that the OS never ruins what's below ESP, since I'd have a tricky use for that. I'm also making sure I've no callback procedures who would popup without my control, and corrupt the stack below ESP. I hope the OS doesn't find a way to do it anyway.
Also I would be interested in checking if multithreading (which shouldn't pose problems because AFAIK every thread has its own stack) doesn't cause anyway corruption of what's below ESP.
Since I don't do classic Win32 apps anyway (e.g. I use DirectX, not GDI, messages, etc..), my only interest in multithreading is to exploit the power of multiprocessor (or hyperthreading CPU) systems.. which will be more and more common in the next future.
Posted on 2002-03-29 17:52:12 by Maverick
Found a better solution.. just avoid that annoying stack check, as I reported in this post

MOV U32 ,0xFFFFFFFF
MOV U32 ,0x00000000
Posted on 2002-04-01 02:43:05 by Maverick