News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests

Main Menu

WriteFile access violation writing 0x0000000

Started by jmw457, July 10, 2017, 10:06:55 AM

Previous topic - Next topic

jmw457

I have two nearly identical code blocks to write a single DWord value into a file.  Both blocks successfully write the information into the
file, but after the call to the second block, I get "access violation writing 0x0000000" even though the write was successful.  The final write
is the last statement in the program, so no code after that point could have caused the error message. 

Here are the two code blocks:

mov AuditWrite,12
mov ebp,OFFSET AuditWrite
mov SizeReadWrite,4
invoke WriteFile,hFile,ebp,SizeReadWrite,ebx,NULL

mov AuditWrite,1
mov ebp,OFFSET AuditWrite
mov SizeReadWrite,4
invoke WriteFile,hFile,ebp,SizeReadWrite,edx,NULL

I don't understand why I would get an access violation after the code successfully performed the write operation. 

Thanks for any ideas on this problem. 


jmw457

Moments later I solved the problem, and I wanted to post the solution so others will know in the future. 

For the second write (where the crash occurs), the number of bytes written is returned in edx, so I pushed edx on the stack before the call to WriteFile and popped it after the call:

mov AuditWrite,1
push edx
mov ebp,OFFSET AuditWrite
mov SizeReadWrite,4
invoke WriteFile,hFile,ebp,SizeReadWrite,edx,NULL
pop edx

and it worked. 


hutch--

Unless you have set up a no stack frame procedure and have preserved EBP, using EBP is your problem. Use another register AFTER you write the PUSH / POP code to do so.

push esi

; your code

pop esi
ret

jmw457

Hi, Hutch,

It's a no stack frame procedure.  It works as it stands now, but I can try replacing ebp with another register anyway. 

RuiLoureiro

#4
Quote from: jmw457 on July 10, 2017, 10:18:49 AM
Moments later I solved the problem, and I wanted to post the solution so others will know in the future. 

For the second write (where the crash occurs), the number of bytes written is returned in edx, so I pushed edx on the stack before the call to WriteFile and popped it after the call:

mov AuditWrite,1
push edx
;  mov ebp,OFFSET AuditWrite                                                   <<<<< removed
mov SizeReadWrite,4
invoke WriteFile,hFile, addr AuditWrite,SizeReadWrite,edx,NULL     ; <<<< no EBP
pop edx

and it worked.
If you need to use EBP do something like this:
ThisProcA       proc   ; without any parameters. If there is parameters DONT USE EBP
                     push  ebp           ; <<<< -- preserve ebp

                     ; use ebp here, there is no problem, your EBP is preserved by all other procedures

                     pop    ebp
                     ret
ThisProcA       endp

jmw457

Thank you, RuiLoureiro.  I think it's a good idea.