Results 1 to 2 of 2

Thread: Assembly incorrect for the written code

  1. #1

    Assembly incorrect for the written code


    writing code and studying the compiled exe inside OllyDbg I have code that seems to be compiled to generate incorrect assembly. This happens in release mode ... in debug mode the assembly seems to be what I would expect. BTW I'm using VC++ 6.

    <pre>while((boRet = GetMessage(&sttMsg, NULL, 0, 0)) != 0)
    if (boRet == -1)
    // handle the error and possibly exit
    if(!IsDialogMessage(g_hDlg, &sttMsg))

    This code seems to produce the following:

    <pre>004011EB PUSH 0 ; /MsgFilterMax = 0
    004011ED PUSH 0 ; |MsgFilterMin = 0
    004011EF LEA EAX,DWORD PTR SS:[ESP+C] ; |
    004011F3 PUSH 0 ; |hWnd = NULL
    004011F5 PUSH EAX ; |pMsg
    004011F6 CALL ESI ; &#92;GetMessageA
    004011F8 TEST EAX,EAX
    004011FA JE SHORT Dummy.0040124A
    004011FC PUSH EBX
    004011FD MOV EBX,DWORD PTR DS:[<&USER32.DispatchM>; USER32.DispatchMessageA
    00401203 PUSH EBP
    00401204 MOV EBP,DWORD PTR DS:[<&USER32.IsDialogM>; USER32.IsDialogMessageA
    0040120A PUSH EDI
    0040120B MOV EDI,DWORD PTR DS:[<&USER32.Translate>; USER32.TranslateMessage
    00401211 /CMP EAX,-1
    00401214 |JE SHORT Dummy.00401236
    00401216 |MOV EDX,DWORD PTR DS:[403048]
    0040121C |LEA ECX,DWORD PTR SS:[ESP+10]
    00401220 |PUSH ECX
    00401221 |PUSH EDX
    00401222 |CALL EBP
    00401224 |TEST EAX,EAX
    00401226 |JNZ SHORT Dummy.00401236
    00401228 |LEA EAX,DWORD PTR SS:[ESP+10]
    0040122C |PUSH EAX
    0040122D |CALL EDI
    0040122F |LEA ECX,DWORD PTR SS:[ESP+10]
    00401233 |PUSH ECX
    00401234 |CALL EBX
    00401236 |PUSH 0
    00401238 |PUSH 0
    0040123A |LEA EDX,DWORD PTR SS:[ESP+18]
    0040123E |PUSH 0
    00401240 |PUSH EDX
    00401241 |CALL ESI
    00401243 |TEST EAX,EAX
    00401245 &#92;JNZ SHORT Dummy.00401211</pre>

    Which I'd say is not correct since all the calls to GetMessage, IsDialogMessage, TranslateMessage and DispatchMessage are out of the loop.
    Anyone got an idea?


  2. #2

    Assembly incorrect for the written code

    Sorry just noticed the function addresses are saved in the registers ... the functions do get called.


Similar Threads

  1. Hardlock E-Y-E dumped...incorrect Seed?
    By trcharlie in forum The Newbie Forum
    Replies: 12
    Last Post: February 22nd, 2008, 19:01
  2. dongle app written in dos
    By ksbrace in forum The Newbie Forum
    Replies: 41
    Last Post: February 8th, 2006, 16:01
  3. +puark's never written articles
    By yaa in forum The Newbie Forum
    Replies: 0
    Last Post: December 8th, 2002, 01:29
  4. Replies: 3
    Last Post: November 21st, 2002, 03:09
  5. how do i use SICE to do what i want to do with programs written in VB
    By yobo in forum Malware Analysis and Unpacking Forum
    Replies: 1
    Last Post: April 26th, 2001, 14:37


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts