I think I almost have this fixed. I think the commented out code was causing an endless loop.
It's ends properly, or at least I think so.
I am now trying to figure out how to close or eliminate that last window that opens.
-------------------------------
Thanks.
WndProc proc hWnd:HWND, uMsg:UINT, wParam:WPARAM, lParam:LPARAM
LOCAL bResult:BOOL
LOCAL bLoop:BOOL
.IF uMsg==WM_DESTROY
invoke PostQuitMessage,NULL
.ELSEIF uMsg==WM_CREATE
mov eax,FALSE
mov bResult,eax
invoke MessageBox,0,OFFSET startedtext,OFFSET started,MB_OK
invoke KillProcess,OFFSET ProcessName
mov bResult,eax
.IF bResult==FALSE
invoke MessageBox,0,OFFSET failedtext,OFFSET started,MB_OK
.ELSE
invoke MessageBox,0,OFFSET successtext,OFFSET started,MB_OK
.ENDIF
mov bLoop,FALSE
;.WHILE !bLoop
; invoke GetAsyncKeyState,VK_ESCAPE
; .IF eax < 0
; invoke MessageBox,0,OFFSET quittext,OFFSET started,MB_OK
; invoke SendMessage,hWnd,WM_DESTROY,0,0
; mov bLoop,TRUE
; .ENDIF
;ENDW
ret
.ELSE
invoke DefWindowProc,hWnd,uMsg,wParam,lParam
ret
.ENDIF
xor eax,eax
ret
WndProc endp
The problem is that registers are treated as unsigned unless you specifically say others.
So you're compraing eax (unsigned) against zero, but if it's unsigned then eax will never be negative.
Easily fixed with: .IF SDWORD PTR eax < 0
Although you should really be doing..
test eax,8000000h
.IF !ZERO?
I have been reading the built in help files. I didn't find endm, but I did find endsw.
I remember having difficulty in C with switch statements.
I have commented the different attempts.
1. No window opens if notepad isn't open and task manager gets a new "residual" addition.
2. If notepad is open, it closes it, and I like to be consistent and fill up task manager.
.IF uMsg==WM_DESTROY
invoke PostQuitMessage,NULL
.ELSEIF uMsg==WM_CREATE
mov eax,FALSE
mov bResult,eax
invoke MessageBox,0,OFFSET startedtext,OFFSET started,MB_OK
invoke KillProcess,OFFSET ProcessName
mov bResult,eax
.IF bResult==FALSE
invoke MessageBox,0,OFFSET failedtext,OFFSET started,MB_OK
.ELSE
invoke MessageBox,0,OFFSET successtext,OFFSET started,MB_OK
.ENDIF
mov bLoop,FALSE
.WHILE !bLoop
invoke GetAsyncKeyState,VK_ESCAPE ; see if key is up or down What does this do ?
; .IF eax < 0 ; this doesn't work
; .IF SDWORD PTR eax < 0 ; this doesn't work either
test eax,8000000h ; no go here
.IF !ZERO? ; if NOT zero bit set
invoke MessageBox,0,OFFSET quittext,OFFSET started,MB_OK
invoke SendMessage,hWnd,WM_DESTROY,0,0
mov bLoop,TRUE
.ENDIF
.ENDW
ret
.ELSE
invoke DefWindowProc,hWnd,uMsg,wParam,lParam
ret
.ENDIF
xor eax,eax
ret
Hi,
I think, bResult and bLoop must be global variables, not local.
Should you send your window WM_DESTROY during WM_CREATE?
I would either send WM_CLOSE or return EAX=-1 from the WM_CREATE code.
Thanks for the 2 suggestions.
This assembler stuff is way cool !
This negative one stuff just triggered my first Dr. Watson log file. I need to figure how
to git 'er done for my bartshel.exe problem. :-)
Looks like I am using the process of elimination here. After you have made all the mistakes you can,
eventually you'll find the answer.
Gotta run to my camera training class.
.IF uMsg==WM_DESTROY
invoke PostQuitMessage,NULL
.ELSEIF uMsg==WM_CREATE
mov eax, -1 ;FALSE
STOP
mov bResult,eax
invoke MessageBox,0,OFFSET startedtext,OFFSET started,MB_OK
invoke KillProcess,OFFSET ProcessName
mov bResult,eax ; don't see why we need two of these
STOP
QuoteLooks like I am using the process of elimination here. After you have made all the mistakes you can, eventually you'll find the answer.
Don't forget OPM (Other People's Mistakes)...
QuoteIf the application returns –1, the window is destroyed and the CreateWindowEx or CreateWindow function returns a NULL handle.
Since WM_CREATE happens before CreateWindowEx returns, your WinMain should check the return value and abort on EAX=0
QuoteThis negative one stuff just triggered my first Dr. Watson log file.
Yay a virgin! You must be good to have gone this far without the doctor showing up... :bdg
This negative one stuff just triggered my first Dr. Watson log file.
Yay a virgin! You must be good to have gone this far without the doctor showing up... BadGrin
But the Dr. is usually not turned on. :-)
After making the change below, I stepped thru the code.
This is first place where it tells me FILE_NOT_FOUND
Maybe I put this in the wrong place in WinMain.
Once I can see the program flow, I should have an easier time fixing it.
7C9012D7 8B7C24 0C MOV EDI,DWORD PTR SS:[ESP+C]
data db "The only way for evil to prevail is for good men to do nothing.",0
invoke RegisterClassEx, addr wc
.IF eax != 0 ; if eax ISN'T zero, leave town.
invoke MessageBox, NULL,addr BoofText, addr MsgCaption, MB_OK
invoke ExitProcess,0
.ENDIF
When I ran the attached code, my comm prog crashed show my int 3 as a FAULT.
Should I take those out and use some other kind of marker ?
[attachment deleted by admin]
One other thing I noticed is that GetAsyncKeyState returns a SHORT, so you need to check AX - not EAX
this code works fine for me
WndProc proc hWnd:HWND, uMsg:UINT, wParam:WPARAM, lParam:LPARAM
LOCAL bResult:BOOL
LOCAL bLoop:BOOL
.IF uMsg==WM_DESTROY
invoke PostQuitMessage,NULL
.ELSEIF uMsg==WM_CREATE
mov eax,FALSE
mov bResult,eax
invoke MessageBox,0,OFFSET startedtext,OFFSET started,MB_OK
invoke KillProcess,OFFSET ProcessName
mov bResult,eax
.IF bResult==FALSE
invoke MessageBox,0,OFFSET failedtext,OFFSET started,MB_OK
.ELSE
invoke MessageBox,0,OFFSET successtext,OFFSET started,MB_OK
.ENDIF
mov bLoop,FALSE
.WHILE !bLoop
invoke GetAsyncKeyState,VK_ESCAPE
.IF ax != 0
invoke MessageBox,0,OFFSET quittext,OFFSET started,MB_OK
invoke SendMessage,hWnd,WM_SYSCOMMAND,SC_CLOSE,NULL
mov bLoop,TRUE
.ENDIF
.ENDW
ret
.ELSE
invoke DefWindowProc,hWnd,uMsg,wParam,lParam
ret
.ENDIF
xor eax,eax
ret
WndProc endp
Quote from: sinsi on May 13, 2007, 01:32:05 AM
One other thing I noticed is that GetAsyncKeyState returns a SHORT, so you need to check AX - not EAX
Yes and no :bdg
It does return a long (test it!) but for compatability it actually sign-extends the top bits, so it works the same whether you check the top bit of eax or just ax.
About GetAsyncKeyState (as skywalker was asking):
If the top bit is set then the key is currently held down, it the bottom bit is set (bit 0) then the key has been pressed since the last call of GetAsyncKeyState.
RTFM :wink
What I suggested was to fix the endless looping (which is the thing you mentioned) - and it does (I checked) - however, depending on what you want to achieve with the rest of the code, there may be problems elsewhere.
For killing (are we murdering or telling to close?) a process, what's wrong with FindWindow followed by sending a WM_CLOSE message? Not that I've tested this, but it seems like a friendlier way to do it; unless the real process you want to kill has no window, and then you'd need to go 'round the back.' But again, you still don't want to be looping within wm_create - in fact, you don't even need to create a window at all, just do the find-process part, kill it, then ExitProcess - no window, no mess.
I am currently adding explanations and more details of things not already commented.
Learning the actual program flow
Trying to figure out why the program even checks for a keypress
I am making progress. The program will end notepad, just still working on why it wants to stay resident.
Wondering why Ollydbg says file not found, when program is sucessfully terminated
It's be nice if the debugger would say If, Else, etc. :-)
Andy
The program now works, even if you have a blank window that you have to close.
At least it doesn't stay in memory using 94% of my resources.
WndProc proc hWnd:HWND, uMsg:UINT, wParam:WPARAM, lParam:LPARAM
LOCAL bResult:BOOL
LOCAL bLoop:BOOL
.IF uMsg==WM_DESTROY
invoke PostQuitMessage,NULL
.ELSEIF uMsg==WM_CREATE
mov eax, -1 ;FALSE
STOP
mov bResult,eax
invoke MessageBox,0,OFFSET startedtext,OFFSET started,MB_OK
invoke KillProcess,OFFSET ProcessName
mov bResult,eax ; don't see why we need two of these
STOP
.IF bResult==FALSE
invoke MessageBox,0,OFFSET failedtext,OFFSET started,MB_OK
.ELSE
invoke MessageBox,0,OFFSET successtext,OFFSET started,MB_OK
.ENDIF
mov bLoop,FALSE
; .WHILE !bLoop
; invoke GetAsyncKeyState,VK_ESCAPE ; determines whether key is up or down
; ; .IF eax < 0
; ; .IF SDWORD PTR eax < 0 ; this doesn't work
; test eax,8000000h ; or this
; .IF !ZERO? ; "
; invoke MessageBox,0,OFFSET quittext,OFFSET started,MB_OK
; invoke SendMessage,hWnd,WM_DESTROY,0,0
; mov bLoop,TRUE
; .ENDIF
; .WHILE !bLoop ; WHY is this checking for a key press ?
; invoke GetAsyncKeyState,VK_ESCAPE
; .IF ax != 0
; invoke MessageBox,0,OFFSET quittext,OFFSET started,MB_OK
; invoke SendMessage,hWnd,WM_SYSCOMMAND,SC_CLOSE,NULL ; closes window ?
; mov bLoop,TRUE
; .ENDIF
;.ENDW
ret
.ELSE
invoke DefWindowProc,hWnd,uMsg,wParam,lParam
ret
.ENDIF
xor eax,eax
ret
WndProc endp
[attachment deleted by admin]
; This is the window that we don't need ? Figure if we really need it.
INVOKE CreateWindowEx,NULL,ADDR ClassName,ADDR AppName,\
WS_OVERLAPPEDWINDOW,CW_USEDEFAULT,\
CW_USEDEFAULT,CW_USEDEFAULT,CW_USEDEFAULT,NULL,NULL,\
hInst,NULL