Re: Reading a Wnd structure...

"Scherbina Vladimir" <vladimir.scherbina@xxxxxxxxxxxx> wrote in message
news:eLggHmXfGHA.764@xxxxxxxxxxxxxxxxxxxxxxx
"James Brown [MVP]" <not@home> wrote in message
news:5qydnQHZ6bgP_uzZnZ2dnUVZ8qOdnZ2d@xxxxxxxxxxxx
"Scherbina Vladimir" <vladimir.scherbina@xxxxxxxxxxxx> wrote in message
news:O4$zpWWfGHA.4080@xxxxxxxxxxxxxxxxxxxxxxx
Please do not top-post in your reply when I have bottom-posted to the
original posting....

I'm not sure what the purpose of your assembly language version of this
function is - are you saying that it is unsafe compared to my
C-version? If this is the case then I would have to agree. Your code is
unportable, not because it is in assembly, but because you appear to be
using a hard-coded offset to the function to be called. Without any
supporting code it seems you are also not taking into account any
change in the op-code sequence of GetWindowRect between releases of the
NT/2000/XP OSs.

There are hundreds of versions of user32.dll floating around - the
function I posted uses the memchr function to find the first CALL
instruction in GetWindowRect. This is important as it will be safe
across all *current* versions of NT. So I do not agree that your
assembly-code is simpler as you are missing a great deal of
functionality - How are you calculating dwOffsetToValidateHwnd? how do
you get the base-address to hUser32?

regards,
James

The problem is that you're searching for 'call' opcode at the begining
of GetWindowRect. This is unsafe, because in next builds code of
GetWindowRect might be changed and the fisrt call will be a call to
another function. But your code will treat this function as
ValidateHwnd. A bit strange, yes?

My proposition is to open user32.dll in IdaPro, find the offset to
ValidateHwnd and use it in your code - the same unsafe but simpler.

Second thing is that using ecx for passing params also might fail in
next builds of user32.dll

--
Vladimir



but your assembly-language version solves none of these problems, it just
contributes to them. At least with my version it runs on all *current*
versions of Windows - yours only runs on *one* version - the version you
happened to disassemble.

James

--
Microsoft MVP - Windows SDK
www.catch22.net
Free Win32 Source and Tutorials





I don't see the advantages when the way is unsafe.

--
Vladimir


You are still top-posting.....

But your method is even worse! where is the code to limit you to a specific
version of Windows? how do you know, for certain, that you are running with
the same version of user32.dll that you disassembled yourself? You may have
to use checksums to verify this. If you get any of those checks wrong you
are finished. You are talking about an enormous amount of additional code to
support a method that adds no value whatsover - and just because you think
it is 'clever'. It's not. So my original code, which is still 5 lines long,
is completley stand-alone, requires no extra support, and works on all
current versions of Windows. Anyone can now download this code from the
newsgroup and it will work instantly for them. I was clear up front that it
should not be used for production code and the original poster has confirmed
his intended use. All you have succeeded in doing is confusing the issue and
making it more complicated than it needs to be.

You can't seriously believe that a hard-coded assembly version is
preferable?

James

--
Microsoft MVP - Windows SDK
www.catch22.net
Free Win32 Source and Tutorials



.

Relevant Pages

  • Re: Reading a Wnd structure...
    ... this function is - are you saying that it is unsafe compared to my ... instruction in GetWindowRect. ... assembly-code is simpler as you are missing a great deal of ... Microsoft MVP - Windows SDK ...
    (microsoft.public.win32.programmer.kernel)
  • Re: Reading a Wnd structure...
    ... op-code sequence of GetWindowRect between releases of the NT/2000/XP OSs. ... So I do not agree that your assembly-code is ... This is unsafe, because in next builds code of GetWindowRect ... ValidateHwnd and use it in your code - the same unsafe but simpler. ...
    (microsoft.public.win32.programmer.kernel)
  • Re: Reading a Wnd structure...
    ... I don't see the advantages when the way is unsafe. ... op-code sequence of GetWindowRect between releases of the NT/2000/XP ... assembly-code is simpler as you are missing a great deal of ... ValidateHwnd and use it in your code - the same unsafe but simpler. ...
    (microsoft.public.win32.programmer.kernel)
  • Re: Reading a Wnd structure...
    ... function is - are you saying that it is unsafe compared to my C-version? ... op-code sequence of GetWindowRect between releases of the NT/2000/XP OSs. ... So I do not agree that your assembly-code ... ValidateHwnd and use it in your code - the same unsafe but simpler. ...
    (microsoft.public.win32.programmer.kernel)