Author Topic: LockResource  (Read 2999 times)

jj2007

  • Member
  • *****
  • Posts: 7539
  • Assembler is fun ;-)
    • MasmBasic
LockResource
« on: May 29, 2012, 05:58:19 PM »
Guess what? This works!

Code: [Select]
include \masm32\include\masm32rt.inc

.code
start: invoke LockResource, 12345678h
print hex$(eax)
exit

end start

At least, it works on Win XP and Win 7. I wonder if older versions produce something else ::)

Under the hood, you can admire the immense improvements of Win7 over WinXP :biggrin:

LockResource      8BFF             mov edi, edi      ; See TheOldNewThing on hot patches
75C302DB          55               push ebp
75C302DC          8BEC             mov ebp, esp
75C302DE          5D               pop ebp
75C302DF          EB 05            jmp short 75C302E6                                                ; Jump to KERNELBASE.LockResource
75C302E1          90               nop
75C302E2          90               nop
75C302E3          90               nop
75C302E4          90               nop
75C302E5          90               nop
75C302E6          FF25 2C1BBF75    jmp near [75BF1B2C] aka &API-MS-Win-Core-LibraryLoader-L.LockResource
... ^ ^ ^ Win XP does not have the part above ^ ^ ^ ...
LockResource      8BFF             mov edi, edi   ; the address in [75BF1B2C]
758A8D47          55               push ebp
758A8D48          8BEC             mov ebp, esp
758A8D4A          8B45 08          mov eax, [ebp+8]  <<<<<<<<<< now guess what you will get in eax?
758A8D4D          5D               pop ebp
758A8D4E          C2 0400          retn 4


hutch--

  • Administrator
  • Member
  • ******
  • Posts: 4805
  • Mnemonic Driven API Grinder
    • The MASM32 SDK
Re: LockResource
« Reply #1 on: May 29, 2012, 06:29:28 PM »
 :biggrin:

Do I detect a note of sarcasm here ?  :P
hutch at movsd dot com
http://www.masm32.com    :biggrin:  :biggrin: