Re: CallWindowProc

---

• From: "Michael C" <nospam@xxxxxxxxxx>
• Date: Fri, 6 Jan 2006 23:50:59 +1100

---

"J French" <erewhon@xxxxxxxxxx> wrote in message
news:43bceff3.95095972@xxxxxxxxxxxxxxxxxxxxxxx
> The StdCall convention puts the parameters on the Stack from right to
> left, it then puts the return address on the Stack
>
> When exiting the procedure it rolls back the stack and jumps to the
> return address

Correct.

> However it does it, there is definitely some mechanism, otherwise
> CallWindowProc would be unable to detect an invalid parameter count.

I don't think it detects it, it just fails because the stack pointer gets
out of wack. The stack would look something like this when the function was
called

Param 5
Param 4
Param 3
Param 2
Param 1
Return address (to vb code)
Param 4
Param 3
Param 2
Param 1
Return address (to CallWindowProc api)

Assuming the function being called has, say 2 parameters, the stack would
look like this after that function returns:

Param 5
Param 4
Param 3
Param 2
Param 1
Return address (to vb code)
Param 4
Param 3

Now when CallWindowProc reaches it's RET 14h it's going consider param3 to
be the return address. As param3 wasn't used it will probably have the value
0 so execution will go to 0 and cause a gpf.

Assuming that is correct the question is how did it work in win98? What I
suspect is that CallWindowProc rearranged the stack by popping off the
return address and param 1, then pushing the return address back on and
doing a *jump* to the address that was in Param1. This way when that
function returns it returns to the correct address in VB code and VB can
repair the stack and raise the runtime error. Also, I think this is why the
address of the function to call is the first parameter, it makes it easy to
modify the stack.

Which is interesting because it means that if CallWindowProc was redefined
in vb with the correct number of params for the function being called then
it would work perfectly in win98 without the need to trap an error.

Michael


.

---

• References:
  • CallWindowProc
    • From: Howard Kaikow
  • Re: CallWindowProc
    • From: J French
  • Re: CallWindowProc
    • From: Michael C
  • Re: CallWindowProc
    • From: J French

• Prev by Date: Re: About uses NetBios() to get MAC,HELP!!!
• Next by Date: Re: Long file names
• Previous by thread: Re: CallWindowProc
• Next by thread: Re: CallWindowProc
• Index(es):
  • Date
  • Thread

---

Relevant Pages Using CallWindowProc To Call Non-WndProc Functions ... I've seen examples of using the CallWindowProc Windows API function to ... emulate C-like function pointer semantics. ... CallWindowProc naturally expects to be given a pointer to a window ... where the caller cleans the parameters off the stack). ... (microsoft.public.dotnet.languages.vb) Re: CallWindowProc failing for some reason ... how does CallWindowProc actually corrupt the stack? ... CallWindowProcA when it called the ProcAddr). ... (microsoft.public.vb.winapi) Re: Validating a Function Address ... ThimerProc has the ideal number of parameters for CallWindowProc ... when calling SetTimer. ... Juggling the stack is nothing new CDECL does it all the time ... to add in rigorous error handling. ... (microsoft.public.vb.winapi) Re: VC++ Runtime Error in a haystack... ... > Runtime Error! ... When you see the error message, do not click OK but attach a debugger ... You might need good symbols for system DLLs to be able to see the call stack. ... You can get them from the symbol server, ... (microsoft.public.vc.language) Re: Cant Explain Runtime Error ... I've never actually seen that one, but it could be you are writing past the end of some memory on the stack somewhere. ... everytime the dialog will close i will have this runtime error. ... (microsoft.public.vc.mfc)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > VB  > microsoft.public.vb.winapi  > 2006-01