Re: Reading a Wnd structure...

Please do not top-post in your reply when I have bottom-posted to the
original posting....

I'm not sure what the purpose of your assembly language version of this
function is - are you saying that it is unsafe compared to my C-version?
If this is the case then I would have to agree. Your code is unportable,
not because it is in assembly, but because you appear to be using a
hard-coded offset to the function to be called. Without any supporting
code it seems you are also not taking into account any change in the
op-code sequence of GetWindowRect between releases of the NT/2000/XP OSs.

There are hundreds of versions of user32.dll floating around - the
function I posted uses the memchr function to find the first CALL
instruction in GetWindowRect. This is important as it will be safe across
all *current* versions of NT. So I do not agree that your assembly-code is
simpler as you are missing a great deal of functionality - How are you
calculating dwOffsetToValidateHwnd? how do you get the base-address to
hUser32?

regards,
James

The problem is that you're searching for 'call' opcode at the begining of
GetWindowRect. This is unsafe, because in next builds code of GetWindowRect
might be changed and the fisrt call will be a call to another function. But
your code will treat this function as ValidateHwnd. A bit strange, yes?

My proposition is to open user32.dll in IdaPro, find the offset to
ValidateHwnd and use it in your code - the same unsafe but simpler.

Second thing is that using ecx for passing params also might fail in next
builds of user32.dll

--
Vladimir


.

Relevant Pages

  • Re: Reading a Wnd structure...
    ... I don't see the advantages when the way is unsafe. ... op-code sequence of GetWindowRect between releases of the NT/2000/XP ... assembly-code is simpler as you are missing a great deal of ... ValidateHwnd and use it in your code - the same unsafe but simpler. ...
    (microsoft.public.win32.programmer.kernel)
  • Re: Reading a Wnd structure...
    ... function is - are you saying that it is unsafe compared to my C-version? ... op-code sequence of GetWindowRect between releases of the NT/2000/XP OSs. ... So I do not agree that your assembly-code ... ValidateHwnd and use it in your code - the same unsafe but simpler. ...
    (microsoft.public.win32.programmer.kernel)
  • Re: Reading a Wnd structure...
    ... function is - are you saying that it is unsafe compared to my ... change in the op-code sequence of GetWindowRect between releases of the ... assembly-code is simpler as you are missing a great deal of ... Microsoft MVP - Windows SDK ...
    (microsoft.public.win32.programmer.kernel)
  • Re: Reading a Wnd structure...
    ... this function is - are you saying that it is unsafe compared to my ... instruction in GetWindowRect. ... assembly-code is simpler as you are missing a great deal of ... Microsoft MVP - Windows SDK ...
    (microsoft.public.win32.programmer.kernel)
Loading