Why does GetModuleHandle not work in my code.
.386
.MODEL Flat, STDCALL
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\user32.inc
includelib \masm32\lib\user32.lib
include \masm32\include\kernel32.inc
includelib \masm32\lib\kernel32.lib
.data
HelloWorld db "Hello World!",13,10,0
consoleTitle db "HI",0
.data?
hInstance dd ?
.code
start:
push 0
call GetModuleHandle
mov hInstance, eax
push offset consoleTitle
call SetConsoleTitleA
push hInstance
call DestroyWindow
push 10000
call Sleep
push 0
call ExitProcess
end start
The call to GetModuleHandle (http://msdn.microsoft.com/en-us/windows/desktop/ms683199(v=vs.85).aspx) is succeeding.
The only problem I see is the call to DestroyWindow (http://msdn.microsoft.com/en-us/library/windows/desktop/ms632682(v=vs.85).aspx).
include \masm32\include\masm32rt.inc
.data
HelloWorld db "Hello World!",13,10,0
consoleTitle db "HI",0
.data?
hInstance dd ?
.code
start:
push 0
call GetModuleHandle
mov hInstance, eax
printf("%Xh\n",eax)
push offset consoleTitle
call SetConsoleTitleA
push hInstance
call DestroyWindow
.IF eax == 0
printf("%s\n",LastError$())
.ENDIF
push 10000
call Sleep
push 0
call ExitProcess
end start
400000h
Invalid window handle.
yes - i don't know what you expect to see if you destroy the window
but, GetModuleHandle returns a module handle, not a window handle
in the case of NULL, it is supposed to be a handle to the EXE file that created the process
DestroyWindow expects a handle to a window
if it were successful, the window should disappear :biggrin:
if you want a handle to the console window, call GetConsoleWindow
your code could be a little cleaner if you used INVOKE
and - you shouldn't have to specify the A or W on function names
INVOKE SetConsoleTitle,offset consoleTitle
It still does not work, and why I am not using invoke its because Ollydbg does not have invoke in it. Ollydbg push's to the stack via push. Also call GetConsoleWindow does not work.
What eax holds after callling GetConsoleWindow is 6058Ch
And another thing what is 6058Ch like what on earth is the h,and c on the end of it, is this hex?
How do I convert it to normal text.
yes - it's a hexadecimal value
it's a dword, so the range is 0 to FFFFFFFFh
a handle should just be viewed as an arbitrary, but unique, number
what i mean by unique is, no other window will have the same handle
so - you can see it in decimal, but it won't mean anything
Michael used printf, so you just have to set the format
i don't use printf, but i think "%u" will get you an unsigned integer in decimal form
printf("%u\n",eax)
by the way, GetConsoleWindow is working, or the return value would be 0
store the value in a variable or push it on the stack because printf destroys the contents of EAX
Quote from: iphone4life4 on September 24, 2013, 01:33:31 AMOllydbg does not have invoke in it. Ollydbg push's to the stack via push.
OllyDbg is an debugger, MASM is an assembler!
Quote from: iphone4life4 on September 24, 2013, 01:33:31 AMAlso call GetConsoleWindow does not work.[...]What eax holds after callling GetConsoleWindow is 6058Ch
So it does work! EAX holds a so called "handle", a value that references a system object/resource (in this case a window).
Quote from: iphone4life4 on September 24, 2013, 01:33:31 AMAnd another thing what is 6058Ch like what on earth is the h,and c on the end of it, is this hex?
"h" is MASM's suffix for hexadecimal numbers.
Quote from: iphone4life4 on September 24, 2013, 01:33:31 AMHow do I convert it to normal text.
a classical method (especially for beginners) is to divide the number by the wished number base until the quotient gets zero. The corresponding modulo values are the number digits: e.g. 123 mod 10 = 3 -> 12 mod 10 = 2 -> 1 mod 10 = 1.
Quote from: dedndave on September 24, 2013, 02:24:51 AM
yes - it's a hexadecimal value
it's a dword, so the range is 0 to FFFFFFFFh
a handle should just be viewed as an arbitrary, but unique, number
what i mean by unique is, no other window will have the same handle
so - you can see it in decimal, but it won't mean anything
Michael used printf, so you just have to set the format
i don't use printf, but i think "%u" will get you an unsigned integer in decimal form
printf("%u\n",eax)
by the way, GetConsoleWindow is working, or the return value would be 0
store the value in a variable or push it on the stack because printf destroys the contents of EAX
Ok, so why does this still not work tho. It does not close the window right after opening it?
.data?
hWnd dd ?
.code
start:
push 0
call GetConsoleWindow
mov hWnd,eax
push hWnd
call DestroyWindow
push offset consoleTitle
call SetConsoleTitle
push 10000
call Sleep
inkey "Press a key to continue ..."
push 0
call ExitProcess
end start
good question - lol
the console window is not meant to be destroyed this way
after DestroyWindow, i used GetLastError and got ERROR_ACCESS_DENIED
i would imagine the operating system has "locked out" the console handle to prevent it from being destroyed this way
there is more to a console than just a window, and it probably wants to do some clean-up
what you might be able to do is send it a WM_SYSCOMMAND message with SC_CLOSE
INVOKE PostMessage,hwndConsole,WM_SYSCOMMAND,SC_CLOSE,0
that seems to work
in "olly-ese", that would be
push 0
push SC_CLOSE
push WM_SYSCOMMAND
push hwndConsole
CALL PostMessageA
:biggrin:
Quote from: dedndave on September 24, 2013, 03:09:39 AM
good question - lol
the console window is not meant to be destroyed this way
after DestroyWindow, i used GetLastError and got ERROR_INVALID_WINDOW_HANDLE
i would imagine the operating system has "locked out" the console handle to prevent it from being destroyed this way
there is more to a console than just a window, and it probably wants to do some clean-up
what you might be able to do is send it a WM_SYSCOMMAND message with SC_CLOSE
INVOKE PostMessage,hwndConsole,WM_SYSCOMMAND,SC_CLOSE,0
let me try it....
ok thanks for the help man :biggrin:
one last thing will this work?
push offset exeName
call getmoduleHandle
push eax
call DestroyWindow
no - GetModuleHandle returns a different kind of handle
normally, you just use NULL if you want a handle to the current EXE
although, i suppose it would work if you passed a pointer to a filename string
provided the file was in the current folder, or in the system folder, or it was a fully qualified path
DestroyWindow is used in GUI apps
if you want to play with it, write a GUI program :t
Quote from: dedndave on September 24, 2013, 03:17:43 AM
no - GetModuleHandle returns a different kind of handle
normally, you just use NULL if you want a handle to the current EXE
although, i suppose it would work if you passed a pointer to a filename string
provided the file was in the current folder, or in the system folder, or it was a fully qualified path
DestroyWindow is used in GUI apps
if you want to play with it, write a GUI program :t
ok this is what i have so far and it give me the error
The specified module could not be found.
exeName db "explorer.exe",0
.data?
hWnd dd ?
.code
start:
push offset exeName
call GetModuleHandle
printf("%s\n",LastError$())
push eax
call DestroyWindow
push offset consoleTitle
call SetConsoleTitle
push 10000
call Sleep
inkey "Press a key to continue ..."
push 0
call ExitProcess
end start
i get ERROR_MOD_NOT_FOUND from GetModuleHandle
that file probably isn't in the system folder and you have not provided a fully qualified path
explorer.exe is loaded and running, so you are saying I need to give it a direct path to the exe in order for it to get a handle to that process?
again - it is a module handle
essentially a special file handle
process handles and window handles are different kinds of handles
if you want to get the window handle to an EXE that is running, you can enumerate windows or something
that is somewhat complex
what is it you are trying to do, exactly ?
DestroyWindow is not a good thing to do, unless you have created the window :redface:
lol ok its fine, and I am just learning/playing around with asm.