Wierd Probs on Win7 x64

[test]

I'm just learning asm with masm and so far I've been vary confused. I'm trying to learn Win32 apis at the moment and when I go from one to the next I have weird things happen such as the program jumping to an invalid location in memory when the debugger I'm using (ollydbg) shows the correct location and the same code has worked before. Or I pass a module handle to a handle variable and it causes an exception and the program fails when it worked in previous compilations. Sometimes I can zero out the registers before an api call and it will work. The part that is really freaking me out is in Olly it will show me an address or instruction but it will do something completely different. Any help would be much appreciated!

Thanks

[test]

I hate to say this but after all the time spent I may have found the answer right after my first post. Because I'm constantly testing different apis and add and subtracting new code all my break points were getting messed up in Olly. I believe they were disappearing in the code because there are at different offsets each time it is compiled and loaded into memory. So I think it's due to these invisible break points? Will post again tomorrow.

[dedndave]

when i first started learning windows API, i had problems knowing when to pass the variable, and when to pass a pointer to the variable
this seems to be a common issue with beginners
for a while, i thought error 0xc0000005 was my best friend - lol
now that i have done it a while, it all makes sense, of course
check the documentation for the API you are using
read it carefully and make sure you understand what is required

learn the modified Hungarian notation that MS uses

[theunknownguy]

I hate to say this but after all the time spent I may have found the answer right after my first post. Because I'm constantly testing different apis and add and subtracting new code all my break points were getting messed up in Olly. I believe they were disappearing in the code because there are at different offsets each time it is compiled and loaded into memory. So I think it's due to these invisible break points? Will post again tomorrow.

1.- Remove your breakpoints from the breakpoint list, for example if you keep the .UDD files inside, do a new compilation + breakpoint between opcodes it wont show and when execute will probably generate an exception.
2.- Registers before calling an API is not nesesarie, all arguments are pushed before into the stack, and no matter if you override the arguments, for example if LoadLibrary ask you 2 arguments and for some odd reason you push 3, it will still work, the alingment its inside the API and will read 2 arguments + restoring stack frame and leave the last argument ready for retrieve (make sure to check this)
3.- Rely on API documentation has dedndave say and avoid undocumented APIs.

[test]

Hey thank you all very much! As a newbie to all this I really appreciate the help from a bunch of veterans like yourselves. I believe that was the problem as it hasn't happened since. It feels good to have all those unexplainable problems gone. Thanks... :U