Text only | Text with Images

The MASM Forum Archive 2004 to 2012

General Forums => The Campus => Topic started by: ragdog on November 22, 2008, 05:17:27 PM

Title: Browse for folder Xp Crash
Post by: ragdog on November 22, 2008, 05:17:27 PM
Hi

I have a routine Browse for folder under xp-sp2 works fine
Why crash this under xp-without sp2?

Code Select

_GetOpenDirectoryName proc uses esi, hWnd:DWORD
LOCAL binfo:BROWSEINFO
LOCAL lpIDList :DWORD

mov eax, hWnd
    mov binfo.hwndOwner, eax
    mov binfo.pidlRoot, 0
    mov binfo.pszDisplayName, 0

    mov binfo.lpszTitle,offset szBrowseTitle
    mov binfo.iImage, 0
mov binfo.ulFlags, BIF_RETURNONLYFSDIRS or BIF_DONTGOBELOWDOMAIN or BIF_RETURNONLYFSDIRS
    invoke SHBrowseForFolder, addr binfo
mov lpIDList, eax

    .if eax != 0
        invoke  SHGetPathFromIDList, lpIDList , addr bbf 
        invoke  lstrlen,addr  bbf     
           mov  esi,offset bbf   
           add  esi,eax                     
           cmp  byte ptr [esi-1], '\'       
            je  @F
           mov  byte ptr [esi], '\'
           mov  byte ptr [esi+1], 0
        @@:
           mov  eax,offset bbf
    .endif
   ret
_GetOpenDirectoryName endp


This Crash by xp without sp here in the Shell32.dll
Code Select

774B0D5C SHEnableServiceObject    XOR EAX,EAX
774B0D5E                          CMP DWORD PTR SS:[ESP+8],EAX
774B0D62                          SETNE AL
774B0D65                          INC EAX
774B0D66                          INC EAX
774B0D67                          PUSH EAX
774B0D68                          PUSH DWORD PTR SS:[ESP+8]
774B0D6C                          CALL 774B0CF5
774B0D71                          RETN 8
774B0D74                          MOV EAX,DWORD PTR SS:[ESP+4]
774B0D78                          MOV ECX,DWORD PTR DS:[EAX+18]
774B0D7B                          TEST ECX,ECX <-------- = 0F
774B0D7D                          JE SHORT 774B0D91 <-------- ----------------------------
774B0D7F                          PUSH DWORD PTR DS:[EAX+1C]
774B0D82                          PUSH DWORD PTR SS:[ESP+10]
774B0D86                          PUSH DWORD PTR SS:[ESP+10]
774B0D8A                          PUSH DWORD PTR DS:[EAX+20]
774B0D8D                          CALL ECX
774B0D8F                          JMP SHORT 774B0D93
774B0D91                          XOR EAX,EAX
774B0D93                          RETN 0C


TEST ECX,ECX // ECX = 0000000F



Greets,
Title: Re: Browse for folder Xp Crash
Post by: askm on November 22, 2008, 09:55:57 PM
OllyDbg ?

How is the register ecx being used while in your proc ?
   ...while in XP with SP2 ?
   ...while in XP with SP3 ?
   ...while Win 2000 SP4 ?

Should it hold a dword size value at all times when
being referenced ?

Should it be pushed or popped ?

Can you post a real usage snippet ?
Title: Re: Browse for folder Xp Crash
Post by: donkey on November 23, 2008, 12:56:20 AM
Be sure to zero BROWSEINFO.lpfn which I suspect is your problem, when you use a LOCAL structure there is bound to be random data in the structure.

Donkey
Title: Re: Browse for folder Xp Crash
Post by: askm on November 23, 2008, 04:14:37 AM

Some say zero or NULL the entire BROWSEINFO structure ...
Title: Re: Browse for folder Xp Crash
Post by: donkey on November 23, 2008, 04:31:19 AM
Quote from: askm on November 23, 2008, 04:14:37 AM

Some say zero or NULL the entire BROWSEINFO structure ...

He explicitly sets the rest of the members though it wouldn't hurt to zero everything it is not necessary in this case.
Title: Re: Browse for folder Xp Crash
Post by: ragdog on November 23, 2008, 07:29:36 AM
Thanks for your Reply

Mean you this?
mov bi.lpfn, offset cbBrowse

And must i set this?
invoke CoTaskMemFree,lpIDList

Regards,
Title: Re: Browse for folder Xp Crash
Post by: donkey on November 23, 2008, 04:25:17 PM
Quote from: ragdog on November 23, 2008, 07:29:36 AM
Thanks for your Reply

Mean you this?
mov bi.lpfn, offset cbBrowse

No, I mean mov bi.lpfn, 0

QuoteAnd must i set this?
invoke CoTaskMemFree,lpIDList,

Yes, you must free the memory allocated to the ID list
Title: Re: Browse for folder Xp Crash
Post by: ragdog on November 23, 2008, 09:35:36 PM
Thanks for this info

Gives a way to add a Combobox to this browser dialog with the Browser Callback?
with CreateWindow....

Greets
Text only | Text with Images