Hello, prompt please why at me the program hangs on "invoke HeapSize"? That is, the program works like this:
Start{HeapCreate,HeapAlloc} -> recursive{HeapSize,HeapReAlloc} -> recursive{HeapSize and it also hangs}
Recursive proc
invoke HeapSize, dword ptr[ebp], HEAP_NO_SERIALIZE, dword ptr[ebp+4]
add eax, 4
invoke HeapReAlloc, dword ptr[ebp], HEAP_ZERO_MEMORY, dword ptr[ebp+4], eax
...
pusha
invoke Recursive
popa
...
ret
Recursive endp
start:
invoke HeapCreate, 0, 0, 1000
mov ebx,eax
invoke HeapAlloc, eax, HEAP_ZERO_MEMORY, 595
mov dword ptr[eax], ebx
mov dword ptr[eax+4], eax
mov ebp, eax
...
pusha
invoke Recursive
popa
end start
All code :
.data
szCurrDrive db "A:\\",0
.code
RecursiveSearch proc ptmemory:DWORD
mov ebp, ptmemory
inc dword ptr[ebp+12]
invoke HeapSize, dword ptr[ebp], HEAP_NO_SERIALIZE, dword ptr[ebp+4]
add eax, 4
invoke HeapReAlloc, dword ptr[ebp], HEAP_ZERO_MEMORY, dword ptr[ebp+4], eax
push "*"
mov eax, esp
mov edx, ebp
add ebp, 16
invoke lstrcat, ebp, eax
pop edx
mov edx, ebp
add edx, 261
invoke FindFirstFile, ebp, edx
sub ebp, 16
push eax
mov eax, 4
mul dword ptr[ebp+12]
add eax, ebp
add eax, 595
pop ebx
mov dword ptr[eax],ebx
push eax ;;;;;;;;;;;;;;;;
mov edx, ebp
add edx, 16
push edx
invoke lstrlen, edx
pop edx
add eax, edx
mov byte ptr[eax-1],0
push eax ;;;;;;;;;;;;;;;;
pop eax
push eax
.if dword ptr[eax]==INVALID_HANDLE_VALUE
ret
.endif
.REPEAT
mov ecx, ebp
add ecx, 321
push "."
mov eax, esp
invoke lstrcmp, eax, ecx
pop ecx
push eax
mov ecx, ebp
add ecx, 321
push ".."
mov eax, esp
mov ebx, edx
invoke lstrcmp, eax, ecx
pop ecx
pop ebx
.if ((eax!=0)&&(ebx!=0))
mov ecx, ebp
add ecx, 321
push ecx
mov ecx, ebp
add ecx, 16
push ecx
call lstrcat
.if(dword ptr[ebp+277]==FILE_ATTRIBUTE_DIRECTORY)
push "\\"
mov ebx, esp
mov eax, ebp
add eax, 16
invoke lstrcat, eax, ebx
pop ecx
mov eax, ebp
add eax, 16
pusha
invoke RecursiveSearch, ebp
popa
.else
nop
nop
nop
nop
nop
.endif
.endif
pop eax ;;;;;;;;;;;;;;;;
mov byte ptr[eax-1],0
pop eax
push eax
mov ebx,ebp
add ebx,277
invoke FindNextFile, [eax], ebx
.UNTIL al==0h
pop ebx ;;;;;;;;;;;;;;;;
invoke FindClose, [ebx]
ret
RecursiveSearch endp
start:
invoke HeapCreate, 0, 0, 1000
mov ebx,eax
invoke HeapAlloc, eax, HEAP_ZERO_MEMORY, 595
mov dword ptr[eax], ebx
mov dword ptr[eax+4], eax
mov ebp, eax
invoke GetLogicalDrives
xor edx,edx
.WHILE edx < 26
mov ebx, eax
and ebx, 1
.if bl == 1
pusha
mov eax, ebp
add eax, 16
invoke lstrcpy, eax, addr(szCurrDrive)
invoke RecursiveSearch, ebp
popa
.endif
inc edx
shr eax,1
inc [szCurrDrive]
.ENDW
exit
end start
end main
The EBP register should not be used to pass values in a function.
It appears that you forgot that a frame will be built at the start of the function.
I have long had the problem of being a voice crying in the wilderness about observing the Intel 32 bit ABI but have also been long shouted down by the brigade saying "yes but it works on my Win ??? version". Those who get it right go on to write reliable code, the rest fade away after it explodes in their face. The 32 bit code I wrote for Win95 OEM (the first version) still works fine if a bit long in the tooth these days because it was written the right way the first time.
Quote from: hutch-- on June 30, 2017, 10:01:58 AM
I have long had the problem of being a voice crying in the wilderness about observing the Intel 32 bit ABI but have also been long shouted down by the brigade saying "yes but it works on my Win ??? version". Those who get it right go on to write reliable code, the rest fade away after it explodes in their face. The 32 bit code I wrote for Win95 OEM (the first version) still works fine if a bit long in the tooth these days because it was written the right way the first time.
I am still trying to figure out why alex-rudenkiy believes that
Recursive proc
...
is the same as
RecursiveSearch proc ptmemory:DWORD
mov ebp, ptmemory
...
Come on, folks, Alex is playing with the stack frame: pusha
mov eax, ebp
add eax, 16
invoke lstrcpy, eax, addr(szCurrDrive)
invoke RecursiveSearch, ebp
popa
It may not be 100% correct, but haven't we all tried such tricks...? That's the fun of assembler: Try whatever the cpu understands, launch Olly (http://www.ollydbg.de/version2.html) and BANG! Learning by crashing :P
Quote from: jj2007 on June 30, 2017, 05:04:05 PM
Try whatever the cpu understands, launch Olly (http://www.ollydbg.de/version2.html) and BANG! Learning by crashing :P
There are many ASM examples of recursive file search. For example this (http://www.asmcommunity.net//forums/topic/?id=14133)
I suspect, Alex would learn something by looking at what has been done before and also have a lot of fun with the nice colors of Olly (http://www.ollydbg.de/version2.html) :biggrin: