Results 1 to 3 of 3

Thread: assembler loader problem

  1. #1
    jockew
    Guest

    assembler loader problem

    Hello!

    I'm writing a debugging loader for an application using masm32.
    I've stumbled upon a very strange thing (bug), well strange to me.

    I've read Iczelion's assembler tutorials on "Win32 Debug API" and my code looks alot like his tutorial (part 1).

    Now on to my problem...

    I'm trying to read a few bytes from the debugee using ReadProcessMemory win32 api. I get an access violation exception when I try to push pi.hProcess member to ReadProcessMemory.

    the code's like this in WinAsm (I will shorten it):

    .data?
    pi PROCESS_INFORMATION <>

    .code
    invoke CreateProcess ; shorten but ofcource "pi" is set here

    invoke WriteProcessMemory ; this one is used without any problem with pi.hProcess

    mov eax, 00401F00h
    invoke ReadProcessMemory,pi.hProcess, eax, addr buffer, 14, NULL

    here is what masm32 compiles it to, taken from olly.

    MOV EAX, 43F100
    PUSH 0 ; /pBytesRead = NULL
    PUSH 0E ; |BytesToRead = E (14.)
    PUSH 403144 ; |Buffer = test.00403144
    PUSH EAX ; |pBaseAddress => 43F100
    PUSH DWORD PTR DS:[403388] ; |hProcess = 000001C0 (window)
    CALL 0040126A ; \ReadProcessMemory

    And the message from olly about the exception:

    Access violation when reading [CC403388]

    It seems like it adds a 0xCC to the address. Why? It doesn't do it when i call the WriteProcessMemory.

    I hope someone can spread some light on this.

    *edit*
    PS. perhaps this was posted in the wrong section of this forum. Sorry for that. DS.


    Thanks!

    // Jockew
    Last edited by jockew; June 27th, 2008 at 17:50.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    King of Redonda
    Join Date
    Jul 2006
    Posts
    109
    Blog Entries
    4
    It looks like you have a software breakpoint halfway in the instruction. Go to Olly's breakpoint window and remove them all.
    <[TN]FBMachine> i got kicked out of barnes and noble once for moving all the bibles into the fiction section

  3. #3
    jockew
    Guest
    That was exactly it!
    Thanks!

    Hate it when you stare yourself blind at a pretty simple problem.

    // Jockew
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. assembler instrukcja
    By Xgrzyb90 in forum Advanced Reversing and Programming
    Replies: 5
    Last Post: August 11th, 2010, 16:33
  2. HLA assembler or not?
    By stthspl in forum The Newbie Forum
    Replies: 6
    Last Post: November 17th, 2006, 10:56
  3. assembler, nasm or fasm?
    By Crystal321 in forum The Newbie Forum
    Replies: 6
    Last Post: November 9th, 2006, 13:07
  4. assembler
    By ant in forum Malware Analysis and Unpacking Forum
    Replies: 3
    Last Post: May 22nd, 2001, 16:15
  5. Use an assembler ;-)
    By Carpathia in forum Advanced Reversing and Programming
    Replies: 4
    Last Post: November 15th, 2000, 14:22

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •