News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests

Main Menu

RAHexEd - HexViewMem example

Started by fearless, July 18, 2018, 11:25:31 PM

Previous topic - Next topic

fearless

An example of using RadASM HexEd control. Compiled as a static control.

HexViewMem can show current process memory (itself) or a files hex view. There is a limit of size it can view, I forget offhand what it is, i changed the internal RAHexEd to use more memory.
HexView.asm has all the supporting functions i wrote to help with reading the data in from file, process or memory. I added a few additional custom sendmessage methods in the RAHexEd control (which i tested a little in another project) HEM_GETWORD, HEM_SETWORD, HEM_GETDWORD, HEM_SETDWORD and HEM_CLEARALL.

For some strange reason the reading processes only seems to work if i compile it with debug information or if i include specifically:
DEBUGEXE textequ <'DbgWin.exe'>

.data
RDBG_DbgWin                    DB DEBUGEXE,0
RDBG_SPYVARNAME                DB 256 DUP (0)
ALIGN 16
XMMSAVEBUFFER                  DB 512 DUP (0)


I have tried to make sure im not including debug32 anywhere in the files or other associated files or libraries that would require these variables, but im clearly not seeing something. Im sure in time someone might spot something obvious i missed - overwriting a variable, register not preserved, alignment? or something.


The reading files and memory as far as i know doesnt have this issue.

included in the files is RAHexEd.lib and RAHexEd.inc and I am using the msftedit version of richedit and register the RAHexEd class at startup like so:

    ; Required for hex editor/viewer class to be registered when we call HexViewCreate
    Invoke RAHexEdInstall, hInstance, FALSE
   
    invoke LoadLibrary, Addr RichEditDLL ; use msftedit for RichEdit control
    .IF eax!=0
        mov hRichEditDLL, eax
        Invoke WinMain, hInstance, NULL, CommandLine, SW_SHOWDEFAULT
    .ENDIF

HSE

A note: It's not original KetilO RAHexEd library. Results reading process are different.
Equations in Assembly: SmplMath