|
EAX = 00000000 EBX = 7FFDF000 ECX = 00000000 EDX = 00000000 ESI = 00000000 EDI = 00000000 EIP = 004114DA ESP = 0012FE90 EBP = 0012FF68 EFL = 00000000
This is what I get.
(!!! second chance !!!) how to get this message.
I used VS2005 simple console application contains only the above code(Created from empty project)
|
|
|
|
|
Rajkumar_R wrote: (!!! second chance !!!) how to get this message.
I use WinDBG[^].
Can you show me your code?
Steve
|
|
|
|
|
#include <iostream><br />
#include <windows.h><br />
void main(){ <br />
typedef void (*PFun_t)(); <br />
PFun_t pFun = NULL;
(*pFun)();<br />
}
|
|
|
|
|
Can you show me the machine code. Mine is as follows:
7: void main()
8: {
00401010 push ebp
00401011 mov ebp,esp
00401013 sub esp,44h
00401016 push ebx
00401017 push esi
00401018 push edi
00401019 lea edi,[ebp-44h]
0040101C mov ecx,11h
00401021 mov eax,0CCCCCCCCh
00401026 rep stos dword ptr [edi]
9: typedef void (*PFun_t)();
10: PFun_t pFun = NULL;
00401028 mov dword ptr [ebp-4],0
11:
12:
13: (*pFun)();
0040102F mov esi,esp
00401031 call dword ptr [ebp-4]
00401034 cmp esi,esp
00401036 call __chkesp (00401060)
14: }
0040103B pop edi
0040103C pop esi
0040103D pop ebx
0040103E add esp,44h
00401041 cmp ebp,esp
00401043 call __chkesp (00401060)
00401048 mov esp,ebp
0040104A pop ebp
0040104B ret
The bold line will push the return address onto the stack then set EIP to [ebp-4] (NULL).
EIP can be set to NULL as I showed. I can't tell why you're not getting the same results without looking at the machine code.
Steve
|
|
|
|
|
void main(){ <br />
004114B0 push ebp <br />
004114B1 mov ebp,esp <br />
004114B3 sub esp,0CCh <br />
004114B9 push ebx <br />
004114BA push esi <br />
004114BB push edi <br />
004114BC lea edi,[ebp-0CCh] <br />
004114C2 mov ecx,33h <br />
004114C7 mov eax,0CCCCCCCCh <br />
004114CC rep stos dword ptr es:[edi] <br />
typedef void (*PFun_t)(); <br />
PFun_t pFun = NULL;
004114CE mov dword ptr [pFun],0 <br />
(*pFun)();<br />
004114D5 mov esi,esp <br />
004114D7 call dword ptr [pFun] <br />
004114DA cmp esi,esp <br />
004114DC call @ILT+410(__RTC_CheckEsp) (41119Fh) <br />
}<br />
004114E1 xor eax,eax <br />
004114E3 pop edi <br />
004114E4 pop esi <br />
004114E5 pop ebx <br />
004114E6 add esp,0CCh <br />
004114EC cmp ebp,esp <br />
004114EE call @ILT+410(__RTC_CheckEsp) (41119Fh) <br />
004114F3 mov esp,ebp <br />
004114F5 pop ebp <br />
004114F6 ret
|
|
|
|
|
The code looks basically the same. Perhaps the difference in behaviour in CPU dependant. Clearly however, the behaviour described by the OP is possible on some systems (such as mine and, by the looks of things, his).
Steve
|
|
|
|
|
Hi Steve,
please try this on VS2005 and erase "by the looks of things". In VC6 I get EIP as NULL, hence this bahaviour is not because of CPU dependency. Clearly, depends on platform(sw/hw) that I specified explicitly in my first post.
And I think the behaviour is because of exception handler based on VC8 crt, which changes back the eip to address of exception occured instruction called fixup address. May be you can give better definitions for the behaviour, research a little moments for this.
Best Regards,
Raj
|
|
|
|
|
Rajkumar_R wrote: please try this on VS2005 and erase "by the looks of things". In VC6 I get EIP as NULL, hence this bahaviour is not because of CPU dependency. Clearly, depends on platform(sw/hw) that I specified explicitly in my first post
But I inspected the generated code from both versions and concluded it wasn't due to code generation differences.
Steve
|
|
|
|
|
I think particularly in a OS based environment generated code doesnot going to be dumbly executed in the CPU. Even, the before calling our main() function, there are CRT based code executed.
I meant May be VS2005 exception handler differs.
|
|
|
|
|
I want to use some memory manipulation while debugging and wish to get into a function which is not normally called by the function. how do I do that.
Any good tutorials on memory dumps debugging I have read one on codeproject but it does not suffice.
|
|
|
|
|
I'm sorry. It is difficulty to understand your question for me.
<br />
wish to get into a function which is not normally called by the function. <br />
Do you mean want to execute the function not normally call?
Or you mean to set breakpoint when the function called?
|
|
|
|
|
I want this one
Do you mean want to execute the function not normally call?
|
|
|
|
|
I think you want to inject or execute code to other process.
if so, try read [ this ] article.
|
|
|
|
|
tom groezer wrote: get into a function which is not normally called by the function
Your question seems strange for me...
While debugging, you can try Next statement, Step into, Set Next statement options to control and analyze the program flow and the contextual values.
You can verify the memory locations by entering the adress or dragging the variables (it's adress) in the Memory Window of Visual Studio.
If you want to check the memory leak in your code,, by defining the macro _CRTDBG_MAP_ALLOC. If this one is defined, CRT will note down each memory allocation and de-allocation. And when we call _CrtDumpMemoryLeaks(), it will dump the leaks to Output window of Visual Studio. In release version it will have no effect. ForIt should be done in release version itself.
#define _CRTDBG_MAP_ALLOC
#include <crtdbg.h>
void Foo()
{
int* pnNumbers = new int[100];
// Dump the leak summery.
_CrtDumpMemoryLeaks();
}
-Sarath.
"Great hopes make everything great possible" - Benjamin Franklin
|
|
|
|
|
Any pointers to named pipes, slots and mailboxes for sharing memory?
-- modified at 23:16 Tuesday 12th June, 2007
|
|
|
|
|
I'd suggest changing your subject line, it implied you had a question about pointers.
Christian Graus - Microsoft MVP - C++
Metal Musings - Rex and my new metal blog
"I am working on a project that will convert a FORTRAN code to corresponding C++ code.I am not aware of FORTRAN syntax" ( spotted in the C++/CLI forum )
|
|
|
|
|
Do you want handles of all such objects?
|
|
|
|
|
How can I specify that my dlls are called from particular applications only and none other
|
|
|
|
|
|
you can't. You can add password type parameters to stop other programs from using you dll, that's about it.
Christian Graus - Microsoft MVP - C++
Metal Musings - Rex and my new metal blog
"I am working on a project that will convert a FORTRAN code to corresponding C++ code.I am not aware of FORTRAN syntax" ( spotted in the C++/CLI forum )
|
|
|
|
|
Yes basically this topic arose during password hacking of a dll by means of a malicious application. How do i prevent that using what u r saying.
|
|
|
|
|
Something like this may interest you:
#pragma optimize( "y", off ) // Make sure we have standard stack frames.
void ExportedFunction()
{
LPCVOID pReturnAddress;
__asm
{
mov eax, [ebp+4]
mov pReturnAddress, eax
}
MEMORY_BASIC_INFORMATION mbi;
DWORD res = VirtualQuery(pReturnAddress, &mbi, sizeof(mbi));
if (res!=sizeof(mbi))
{
return;
}
HMODULE hModCaller = reinterpret_cast<HMODULE>(mbi.AllocationBase);
char ModName[MAX_PATH];
if ( GetModuleFileName(hModCaller, ModName, MAX_PATH) )
{
MessageBox(NULL, ModName, "Calling module's name is", MB_OK);
}
}
#pragma optimize( "", on ) // Reset to default.
Printing the module's name is just an example. This shows how you can identify your caller however.
Steve
|
|
|
|
|
Hi.
Is it possible to ShellExecute Windows Explorer; ie) simply opening and displaying a folders' content, without the explorer tree pane. In this specific case the user does not need to be distracted by the left hand directory tree pane ?.
Regards.
James
|
|
|
|
|
Maybe EXPLORER.EXE drive:\path ?
Mark
"Posting a VB.NET question in the C++ forum will end in tears." Chris Maunder
|
|
|
|
|
Thanks for the update.
I already have a fully qualified target path, I would like to be able to open the folder without the anoying left hand tree pane.
James.
|
|
|
|