Author Topic: Embarrassingly Simple Problem  (Read 7167 times)

dedndave

  • Member
  • *****
  • Posts: 8825
  • Still using Abacus 2.0
    • DednDave
Re: Embarrassingly Simple Problem
« Reply #15 on: August 03, 2014, 09:54:34 AM »
i sometimes see this....
Code: [Select]
    INVOKE  Proc1,something   ;returns a result in EAX
    mov     edx,eax
    INVOKE  Proc2,edx,addr somethingelse

that's silly - well, you don't notice it until you disassemble it   :biggrin:

this would be a better solution
Code: [Select]
    INVOKE  Proc1,something
    lea     edx,somethingelse
    INVOKE  Proc2,eax,edx

Zen

  • Member
  • ****
  • Posts: 962
  • slightly red-shifted
Re: Embarrassingly Simple Problem
« Reply #16 on: August 05, 2014, 05:04:33 AM »
DAVE !!!
Yeah,...good stuff, thanks. And, I didn't use the eax register with LEA,...
And,...LEA edx, [ecx],...with ecx being the address to the ACCESS_ALLOWED_ACE structure, works fine,...as does the LEA instruction with any of the structure members of the ACE_HEADER structure,...
Every ACE structure begins with an ACE_HEADER structure,...so this is where you begin. You access the AceType member of the ACE_HEADER structure,...so you can determine what format the rest of the data has,...this works correctly in my program (I have four Access Allowed ACEs, I have verified that the pointers are valid, and correspond with the size, in bytes of the ACE,...)
Something else is interfering with my project. I've had alot of simple code sequences fail for no apparent reason,...stuff that doesn't even make sense,...even, to my deranged mentality,...:dazzled:
My thinking is that I'm running a 32-bit app on Windows Seven, 64-bit version, and the computer uses an Intel 64-bit processor,...
...Also,...I'm using a public terminal at a public Library,...and, who the hell knows what kind of software they're running,...

What amazes me is that this FAILS:
Code: [Select]
        mov ecx, dwptrACE    ;    dwptrACE is a pointer to the ACE returned from GetAce.   
        ASSUME ecx: PTR ACCESS_ALLOWED_ACE       
        LEA edx, [ecx]   ;    This works, but is not the correct address of the SID.   
        ADD edx, 8    ;    8 bytes is the offset to the SidStart member of the ACCESS_ALLOWED_ACE structure.
        ASSUME ecx: NOTHING
        mov dwptrAceSID, edx    ;    dwptrAceSID is a pointer to the SID enclosed in an ACE.   
        invoke IsValidSid, dwptrAceSID

The above code block compiles but, the App hangs (for no apparent reason),... :dazzled:
...If I comment out the, ADD edx, 8 line,...it compiles and works perfectly,...except, of course, that edx is not the correct address of the SID,...And, yes,...it is an ACCESS ALLOWED ACE (there are 13 different types of ACEs, and each different variety uses a different structure to access its data),...
Have you EVER seen an ADD instruction FAIL ???
Zen

dedndave

  • Member
  • *****
  • Posts: 8825
  • Still using Abacus 2.0
    • DednDave
Re: Embarrassingly Simple Problem
« Reply #17 on: August 05, 2014, 05:32:58 AM »
you realize that
Code: [Select]
LEA edx, [ecx]
is the same as
Code: [Select]
mov edx,ecx

dedndave

  • Member
  • *****
  • Posts: 8825
  • Still using Abacus 2.0
    • DednDave
Re: Embarrassingly Simple Problem
« Reply #18 on: August 05, 2014, 05:35:35 AM »
IsValidSid requires a pointer to an SID structure - not an SID

you can combine these lines
Code: [Select]
        LEA edx, [ecx]   ;    This works, but is not the correct address of the SID.   
        ADD edx, 8    ;    8 bytes is the offset to the SidStart member of the ACCESS_ALLOWED_ACE structure.

Code: [Select]
lea edx,[ecx+8]

Zen

  • Member
  • ****
  • Posts: 962
  • slightly red-shifted
Re: Embarrassingly Simple Problem
« Reply #19 on: August 05, 2014, 05:36:37 AM »
Yeah,...I know,...
In fact,...I used that EXACT line of code (lea edx,[ecx+8]), as my first attempt (it's in the very first post of this thread),...
This COULD be a DARK MATTER problem,...I haven't explored that one yet,...
And, thanks,...DAVE,...you guys have just confirmed what I already thought,...
At this point, I'm giving up, and proceeding to more exciting scenarios,...
THANKS AGAIN FOR YOUR HELP,...
Zen

dedndave

  • Member
  • *****
  • Posts: 8825
  • Still using Abacus 2.0
    • DednDave

Zen

  • Member
  • ****
  • Posts: 962
  • slightly red-shifted
Re: Embarrassingly Simple Problem
« Reply #21 on: August 05, 2014, 06:00:12 AM »
DAVE !!!
You will LOVE this one:
There is actually a function named,...ConvertSecurityDescriptorToStringSecurityDescriptor,...
Here is a Raymond Chen blog entry: What Is the Default Security Descriptor?, Mar 2004
...I've already got this one invoked in my code (is this exciting, or what ???)
Here is what my Log File reports (about the DACL):
Quote
ConvertSecurityDescriptorToStringSecurityDescriptor SUCCEEDED.
The size, in TCHARs, of the security descriptor string is: 97
Zen