CreateFile Crashes in INT3 Exception???

[c_07]

I don't see how it is possible, seeing the only non-flag parameter passed is the filename, which I have double-checked in OllyDbg. But the call into createfile crashes in NTDLL with an INT3 exception. Does anyone have any ideas about what this could be??

I am trying to open a file in a module's path.

Code Select Expand

LOCAL hFile:HFILE
LOCAL dwFileSize:DWORD
LOCAL noread:DWORD
LOCAL thismodule:HANDLE

invoke GetModuleHandle,addr thismodulename
mov thismodule,eax
invoke GetModuleFileName,thismodule,addr pathtofilename,256
invoke lstrlen,addr pathtofilename
mov ebx,eax
mov ecx,eax
mov al,'\'
lea edi,pathtofilename
add edi,ebx ;Start at the end of the pathname
std ;Go backwards
loop1:
scasb
loopnz loop1

lea edi,pathtofilename
add edi,ecx ;Move to the last '\'
inc edi
mov BYTE PTR [edi],0 ;Cut it off

;Now append the filename to the module's path
invoke wsprintf,addr pathtofilename2,addr directoryfileformat,addr pathtofilename,addr lookupfile

;Open the file
        ;Crashes in CreateFile with INT3 Exception. A string reference all over the stack reads "Free heap block ... modified at ... after it was freed"
        ;Both pathtofilename and pathtofilename2 are global data declared in the .inc file like "pathtofilename db 512 dup(0)"
invoke CreateFile,addr pathtofilename2,GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL
mov hFile,eax
cmp eax,-1
je nogood

...


Thanks!

[sinsi]

Make sure the direction flag is clear before calling API functions - STDCALL requires it. Once you've scanned your string backwards, use CLD to clear it.

[c_07]

Thank you!!!! (also for quick reply) Worked like a charm!