Hello,
I've run into a problem attempting to call findfirstfile. Searching the web has yielded nothing, but I did come up with an old post by Vortex submitted to this site on January 9, 2017. Although Vortex wrote in POASM and I'm using ml64/link Vortex's example seems to me to show that what I'm trying to do isn't nuts.
Here"s the code:
Quote
includelib ..\masm32\lib64\msvcrt.lib
includelib ..\masm32\lib64\kernel32.lib
include myincludes64.INC
FindFirstFileA PROTO :QWORD, :QWORD
FindClose PROTO :QWORD
.data
filname db "gs.asm"
wfd WIN32_FIND_DATA < >
.data?
hndl QWORD ?
.code
main PROC
sub rsp, 40h
lea rcx, filname
lea rdx, wfd
call FindFirstFileA
mov hndl, rax
mov rcx, hndl
call FindClose
add rsp, 40h
ret
main ENDP
END
I included MSVCRT only because I had a plan to use some of the functions there; as you can see, the program doesn't call any of them. The myincludes64.inc file contains the two necessary structures. They are as follows:
Quote
FILETIME struct
dwLowDateTime DWORD ?
dwHighDateTime DWORD ?
FILETIME ends
...And:
Quote
WIN32_FIND_DATAA struct
dwFileAttributes DWORD ?
ftCreationTime FILETIME <>
ftLastAccessTime FILETIME <>
ftLastWriteTime FILETIME <>
nFileSizeHigh DWORD ?
nFileSizeLow DWORD ?
dwReserved0 DWORD ?
dwReserved1 DWORD ?
cFileName CHAR MAX_PATH dup (?)
cAlternateFileName CHAR 14 dup (?)
WIN32_FIND_DATAA ends
The program compiles and links successfully. It also appears to run. But, when the program hits the call to findfirstfileA it goes off into never-never land. Doesn't even return an error code in RAX.
I've worked on this several days with no success. I'd really like to get the bug out.
Regards,
Mark Allyn
filename db "gs.asm",0
HSE,
Among the many things I have tried was zero-terminating the file name. Just tried it again. It still doesn't work.
Thanks, though, for the suggestion!
Mark
deleted
Hi Nidud,
I haven't completely checked yet, but a quick glance at x64dbg indicates that you have fixed the problem. Will do more checking tomorrow morning.
You could do me a huge favor if you could briefly explain why this seemingly small change would have such a huge and beneficial impact.
Again, many thanks for looking this over.
Regards,
Mark Allyn
sub rsp, 64 is not 16-byte aligned but sub 40 is ?
deleted
Good morning Nidud and InfiniteLoop,
Well, so if I had done like this:
Quote
and rsp, -10h
sub rsp, 40h
..it would have been OK? As I read your responses I could have subtracted any amount from rsp as long as it wsa divisible by 8?
Nidud's main doesn't add back 40d before the ret instruction. Why not?
And in Nidud's "Using base pointer" and "Enter stack" doesn't add or sub anything. Is this because he "leaves" before the ret?
Obviously I need to understand the stack better. I apologize for these very elementary questions.
Regards,
Mark Allyn
deleted
Good morning once again, NIDUD,
Your tutorials have been very helpful. I knew about spill space but I didn't understand the necessity of aligning the stack prior to the call. I assumed, as you can see, that sub 64 (40h), because it is divisible by 8 and also allowed for plenty of spill and some parms, would do the job. Not so!
Given my naivete we will no doubt meet again in future.
Regards,
Mark Allyn