The MASM Forum

Hello

I translate a cpp Structur to Masm  but i have a mistake


typedef struct _HVITEM {
    UINT Mask;
    UINT State;
    ULONG64 Address;
    SIZE_T NumberOfItem;
    BYTE Value;
    } HVITEM, *PHVITEM;

typedef struct _NMHVDISPINFO {
    NMHDR NmHdr;
    HVITEM Item;
    } NMHVDISPINFO, *PNMHVDISPINFO;



My Translate is


HVITEM struct
Mask_ DWORD ? ;[eax+10h]
State DWORD ? ;[eax+14h]
Address ULONG64 ? ;[eax+18h]  eax   [eax+1Ch] edx   ULONG64 = qword
NumberOfItem DWORD ? ;[eax+20h]
Value BYTE ? ;[eax+24h]
HVITEM ends

PHVITEM typedef ptr HVITEM

NMHVDISPINFO struct
NmHdr NMHDR <>  ;3 dword´s
dword ?                 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Item HVITEM <>  ;1 +
NMHVDISPINFO ends


I have test it with a little Cpp example to get the sizeof Struct

This return the struct size 40 decimal
  printf("%d\n\n",sizeof(NMHVDISPINFO));


I have make from cpp project a assemply output to get the pointer to the struct entrys and all [eax+xx] is correct
in my HVITEM struct.

But i must add a dword in the NMHVDISPINFO but why.

Can any tell me where is the mistake?

Regards,

Because there is a 64bit integer in the structure and the default alignment for structures in windows is 8, the second member must be aligned by 8. MASM do that for you if you write a 8 after the keyword STRUCT (or use the cmd-line option /Zp8).

HVITEM struct 8 ; (due to order, HVITEM.Address is alrady aligned to 8)
...
NMHVDISPINFO struct 8 ; <-- needed
...

BTW; "ULONG64 Address" looks suspicious: the name implies a pointer type, which should be 32Bit.

Thank you Qword

For the  align trick.

BTW; "ULONG64 Address" looks suspicious: the name implies a pointer type, which should be 32Bit then.

Why suspicious ULONG64 is your name  :biggrin:

Windows.inc
ULONG64                     typedef QWORD

This works with 32bit address and 64bit

How i can find ou if a struct already aligned or not?
In Olly?

Edit:Works fine

Quote from: ragdog on January 16, 2016, 08:11:33 AM
How i can find ou if a struct already aligned or not?
In Olly?

not sure what you mean.

YOu have found the mistake that the struct is not aligned  by 8.

How do you know?

And must i each next members set a  aligned by 4/8 etc?

Example

my Struct
Qword ?
my ends

my1 Struct 8
my1 ends

my2 Struct 8
my2 ends

Or only this one after the member what use the Qword?

Quote from: ragdog on January 16, 2016, 09:12:22 AM
How do you know?

long a go i stumbled in the same problem. My favorite search engine told me the answer.

Quote from: ragdog on January 16, 2016, 09:12:22 AM
And must i each next members set a  aligned by 4/8 etc?

The idea is to align each member in an structure on its natural boundaries. See Structure Alignment (https://msdn.microsoft.com/en-us/library/aa296569%28v=vs.60%29.aspx)

Quote from: ragdog on January 16, 2016, 06:55:39 AM
I have test it with a little Cpp example to get the sizeof Struct

This return the struct size 40 decimal

Code Select Expand

  printf("%d\n\n",sizeof(NMHVDISPINFO));

I'm not sure but I think that if the size of the NMHVDISPINFO is 40:
NMHDR   =12
    UINT Mask = 4
    UINT State =4
    ULONG64 Address =8
    SIZE_T NumberOfItem=8
    BYTE Value  ( Align)= 4

12+4+4+8+8+4=40

HVITEM   struct   4
   Mask_      DWORD   ?      
   State      DWORD   ?      
   Address      ULONG64   ?      
   NumberOfItem   QWORD   ?      
   Value      BYTE   ?         
HVITEM   ends

Quote from: ragdog on January 16, 2016, 08:11:33 AM
How i can find ou if a struct already aligned or not?
In Olly?

I don't know about Olly, but you can check the alignment of the structure or its members with this:

    ;---------------------------------------------
    ; This macro returns the maximum alignment of
    ; _ptr, or zero for a null pointer.
    ;---------------------------------------------
   
    alignment MACRO _ptr
        push ecx
        xor eax, eax
        mov ecx, _ptr
        bsf ecx, ecx
        jz @F
        mov eax, 1
        shl eax, cl
      @@:
        pop ecx
        EXITM <eax>
    ENDM


The size is 40


00000000 _NMHVDISPINFO   struc ; (sizeof=0x28, standard type)
00000000 NmHdr           tagNMHDR ?
0000000C                 db ? ; undefined
0000000D                 db ? ; undefined
0000000E                 db ? ; undefined
0000000F                 db ? ; undefined
00000010 Item            _HVITEM ?
00000028 _NMHVDISPINFO   ends



00000000 _HVITEM         struc ; (sizeof=0x18, standard type)
00000000 Mask            dd ?
00000004 State           dd ?
00000008 Address         dq ?
00000010 NumberOfItem    dd ?
00000014 Value           db ?
00000015 _padding        db 3 dup(?)
00000018 _HVITEM         ends


Thank you all

Yes Guga or  mabdelouahab the struct size is 40
My first test by translate a cpp struct is to make a little cpp project and look with printf and sizeof.

And Qwords soulution to add the alignment by 8 works fine.

@Guga how have you make this Dump of structurs?

@MIchael
Thank you i try it.

I compiled the file that uses this https://code.msdn.microsoft.com/HexView-Control-fa70df05

...and opened it in IdaPro. (It was late to do it by hand. I was a bit tired, so i did the fast way ;)

On Ida there is a option to see the structures loaded with the file (When it contains a pdb or dbg, specially)

Btw..this little app (hexview) looks nice :)

Ahh ok but i have no Ida

Yes look nice and works very good
a Other good option is RadHex control.