Re: Reading a Wnd structure...

You are still top-posting.....
That because most part of guys in this forum ( IMHO 90% ) prefer that way.
Maybe I'm wrong , but bottom posting is *X guys way on their forums.
Arkady

"James Brown [MVP]" <not@home> wrote in message
news:QqCdnRpAeOOweOzZnZ2dnUVZ8t2dnZ2d@xxxxxxxxxxxx
"Scherbina Vladimir" <vladimir.scherbina@xxxxxxxxxxxx> wrote in message
news:eLggHmXfGHA.764@xxxxxxxxxxxxxxxxxxxxxxx
"James Brown [MVP]" <not@home> wrote in message
news:5qydnQHZ6bgP_uzZnZ2dnUVZ8qOdnZ2d@xxxxxxxxxxxx
"Scherbina Vladimir" <vladimir.scherbina@xxxxxxxxxxxx> wrote in message
news:O4$zpWWfGHA.4080@xxxxxxxxxxxxxxxxxxxxxxx
Please do not top-post in your reply when I have bottom-posted to the
original posting....

I'm not sure what the purpose of your assembly language version of
this function is - are you saying that it is unsafe compared to my
C-version? If this is the case then I would have to agree. Your code
is unportable, not because it is in assembly, but because you appear
to be using a hard-coded offset to the function to be called. Without
any supporting code it seems you are also not taking into account any
change in the op-code sequence of GetWindowRect between releases of
the NT/2000/XP OSs.

There are hundreds of versions of user32.dll floating around - the
function I posted uses the memchr function to find the first CALL
instruction in GetWindowRect. This is important as it will be safe
across all *current* versions of NT. So I do not agree that your
assembly-code is simpler as you are missing a great deal of
functionality - How are you calculating dwOffsetToValidateHwnd? how do
you get the base-address to hUser32?

regards,
James

The problem is that you're searching for 'call' opcode at the begining
of GetWindowRect. This is unsafe, because in next builds code of
GetWindowRect might be changed and the fisrt call will be a call to
another function. But your code will treat this function as
ValidateHwnd. A bit strange, yes?

My proposition is to open user32.dll in IdaPro, find the offset to
ValidateHwnd and use it in your code - the same unsafe but simpler.

Second thing is that using ecx for passing params also might fail in
next builds of user32.dll

--
Vladimir



but your assembly-language version solves none of these problems, it
just contributes to them. At least with my version it runs on all
*current* versions of Windows - yours only runs on *one* version - the
version you happened to disassemble.

James

--
Microsoft MVP - Windows SDK
www.catch22.net
Free Win32 Source and Tutorials





I don't see the advantages when the way is unsafe.

--
Vladimir


You are still top-posting.....

But your method is even worse! where is the code to limit you to a
specific version of Windows? how do you know, for certain, that you are
running with the same version of user32.dll that you disassembled
yourself? You may have to use checksums to verify this. If you get any of
those checks wrong you are finished. You are talking about an enormous
amount of additional code to support a method that adds no value
whatsover - and just because you think it is 'clever'. It's not. So my
original code, which is still 5 lines long, is completley stand-alone,
requires no extra support, and works on all current versions of Windows.
Anyone can now download this code from the newsgroup and it will work
instantly for them. I was clear up front that it should not be used for
production code and the original poster has confirmed his intended use.
All you have succeeded in doing is confusing the issue and making it more
complicated than it needs to be.

You can't seriously believe that a hard-coded assembly version is
preferable?

James

--
Microsoft MVP - Windows SDK
www.catch22.net
Free Win32 Source and Tutorials





.

Relevant Pages

  • Re: Reading a Wnd structure...
    ... op-code sequence of GetWindowRect between releases of the NT/2000/XP OSs. ... So I do not agree that your assembly-code is ... This is unsafe, because in next builds code of GetWindowRect ... ValidateHwnd and use it in your code - the same unsafe but simpler. ...
    (microsoft.public.win32.programmer.kernel)
  • Re: Reading a Wnd structure...
    ... I don't see the advantages when the way is unsafe. ... op-code sequence of GetWindowRect between releases of the NT/2000/XP ... assembly-code is simpler as you are missing a great deal of ... ValidateHwnd and use it in your code - the same unsafe but simpler. ...
    (microsoft.public.win32.programmer.kernel)
  • Re: Reading a Wnd structure...
    ... function is - are you saying that it is unsafe compared to my ... change in the op-code sequence of GetWindowRect between releases of the ... assembly-code is simpler as you are missing a great deal of ... Microsoft MVP - Windows SDK ...
    (microsoft.public.win32.programmer.kernel)
  • Re: Reading a Wnd structure...
    ... function is - are you saying that it is unsafe compared to my C-version? ... op-code sequence of GetWindowRect between releases of the NT/2000/XP OSs. ... So I do not agree that your assembly-code ... ValidateHwnd and use it in your code - the same unsafe but simpler. ...
    (microsoft.public.win32.programmer.kernel)
Loading