Author Topic: RAHexEd - HexViewMem example  (Read 1047 times)

fearless

  • Member
  • ***
  • Posts: 469
    • LetTheLightIn
RAHexEd - HexViewMem example
« on: July 18, 2018, 11:25:31 PM »
An example of using RadASM HexEd control. Compiled as a static control.

HexViewMem can show current process memory (itself) or a files hex view. There is a limit of size it can view, I forget offhand what it is, i changed the internal RAHexEd to use more memory.
HexView.asm has all the supporting functions i wrote to help with reading the data in from file, process or memory. I added a few additional custom sendmessage methods in the RAHexEd control (which i tested a little in another project) HEM_GETWORD, HEM_SETWORD, HEM_GETDWORD, HEM_SETDWORD and HEM_CLEARALL.

For some strange reason the reading processes only seems to work if i compile it with debug information or if i include specifically:
Code: [Select]
DEBUGEXE textequ <'DbgWin.exe'>

.data
RDBG_DbgWin                    DB DEBUGEXE,0
RDBG_SPYVARNAME                DB 256 DUP (0)
ALIGN 16
XMMSAVEBUFFER                  DB 512 DUP (0)

I have tried to make sure im not including debug32 anywhere in the files or other associated files or libraries that would require these variables, but im clearly not seeing something. Im sure in time someone might spot something obvious i missed - overwriting a variable, register not preserved, alignment? or something.


The reading files and memory as far as i know doesnt have this issue.

included in the files is RAHexEd.lib and RAHexEd.inc and I am using the msftedit version of richedit and register the RAHexEd class at startup like so:

Code: [Select]
    ; Required for hex editor/viewer class to be registered when we call HexViewCreate
    Invoke RAHexEdInstall, hInstance, FALSE
   
    invoke LoadLibrary, Addr RichEditDLL ; use msftedit for RichEdit control
    .IF eax!=0
        mov hRichEditDLL, eax
        Invoke WinMain, hInstance, NULL, CommandLine, SW_SHOWDEFAULT
    .ENDIF
fearless

CM690II Case, HX1000 PSU, Asus Z97, Intel i7-4790K, Seidon 120v Cooler, 16GB DDR3, MSI GTX 980TI

My Github  Twitter

HSE

  • Member
  • *****
  • Posts: 1148
  • <AMD>< 7-32>
Re: RAHexEd - HexViewMem example
« Reply #1 on: July 19, 2018, 12:26:01 AM »
A note: It's not original KetilO RAHexEd library. Results reading process are different.