some time ago, we were playing around with this stuff...
http://www.masm32.com/board/index.php?topic=11541.msg87615#msg87615
i wanted a more robust function for this, so i wrote one
it would be nice to verify that it works under different OS's
GetCurrentProcess results: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
0040118A: E8 00000339
004011B5: E9 0000030E
004011E0: 0F84 000002E2
0040120C: FF25 00402004
00401233: FF15 00402004
************************** 14 branches dereferenced **************************
GetCurrentProcess results: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
0040118A: E8 7C40CD06
004011B5: E9 7C40CCDB
004011E0: 0F84 7C40CCAF
0040120C: 90E9 7C40CC83
00401233: 90E8 7C40CC5C
it seems to work fine under XP, and probably will under win98 and win2K
it is vista and win7 that worries me :P
EDIT: updated the attachment to correct an error 7-24-2011
Hi Dave, works just fine in Vista Home Premium on a IP D 2.8
GetCurrentProcess results: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
0040118A: E8 00000339
004011B5: E9 0000030E
004011E0: 0F84 000002E2
0040120C: FF25 00402004
00401233: FF15 00402004
************************** 14 branches dereferenced **************************
GetCurrentProcess results: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
0040118A: E8 7546B996
004011B5: E9 7546B96B
004011E0: 0F84 7546B93F
0040120C: 90E9 7546B913
00401233: 90E8 7546B8EC
Press any key to continue ...
Win7 Pro x64 here
GetCurrentProcess results: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
0040118A: E8 00000339
004011B5: E9 0000030E
004011E0: 0F84 000002E2
0040120C: FF25 00402004
00401233: FF15 00402004
************************** 14 branches dereferenced **************************
GetCurrentProcess results: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
0040118A: E8 763E067A
004011B5: E9 763E064F
004011E0: 0F84 763E0623
0040120C: 90E9 763E05F7
00401233: 90E8 763E05D0
Hi Dave,
Tested on Win 2000 and Win 98 even if you were not
worried.
Cheers,
Steve
Win 2000
GetCurrentProcess results: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
0040118A: E8 00000339
004011B5: E9 0000030E
004011E0: 0F84 000002E2
0040120C: FF25 00402004
00401233: FF15 00402004
************************** 14 branches dereferenced **************************
GetCurrentProcess results: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
0040118A: E8 7C1967C6
004011B5: E9 7C19679B
004011E0: 0F84 7C19676F
0040120C: 90E9 7C196743
00401233: 90E8 7C19671C
Press any key to continue ...
Win 98
GetCurrentProcess results: 7FFFFFFF 7FFFFFFF 7FFFFFFF 7FFFFFFF 7FFFFFFF
0040118A: E8 00000339
004011B5: E9 0000030E
004011E0: 0F84 000002E2
0040120C: FF25 00402004
00401233: FF15 00402004
************************** 14 branches dereferenced **************************
GetCurrentProcess results: 7FFFFFFF 7FFFFFFF 7FFFFFFF 7FFFFFFF 7FFFFFFF
0040118A: E8 BFB951B8
004011B5: E9 BFB9518D
004011E0: 0F84 BFB95161
0040120C: 90E9 BFB95135
00401233: 90E8 BFB9510E
Press any key to continue ...
thanks guys :U
excellent response :bg
interesting, the win98 addresses and return values
DAVE !!!
Great stuff,...thanks for posting code and reference to original EXE Jump Tables (http://www.masm32.com/board/index.php?topic=11541.0) thread.
By the way, the original thread has got to be one of the all-time MASM Forum great topics.
I think you guys should get an award or official recognition for the discussion in the original thread. Something that's the exact opposite of a PORN ALERT.
thanks - lol - i think
thought i found a bug in it, but i was mistaken :P
ok - i DID find a bug
this one has bitten me on the ass before
some people never learn - lol
OPTION PROLOGUE:None
OPTION EPILOGUE:None
DeRef PROC lpStart:DWORD,lpStop:DWORD,lpExclusions:DWORD
;
;
;
DeRef ENDP
OPTION PROLOGUE:None <-------- NOT !!!!
OPTION EPILOGUE:None <-------- NOT !!!!
i have updated the attachment above