[Help] GetModuleHandle not working.

[iphone4life4]

Why does GetModuleHandle not work in my code.

<sup>.386
.MODEL Flat, STDCALL
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\user32.inc
includelib \masm32\lib\user32.lib
include \masm32\include\kernel32.inc
includelib \masm32\lib\kernel32.lib

.data
   HelloWorld db "Hello World!",13,10,0
   consoleTitle db "HI",0
.data?
   hInstance   dd ?
.code
   start:
      push 0
      call GetModuleHandle
      mov hInstance, eax
      
      push offset consoleTitle
      call SetConsoleTitleA
      
      push hInstance
      call DestroyWindow
      
      push 10000
      call Sleep
      
      push 0
      call ExitProcess
end start</sup>

[MichaelW]

The call to GetModuleHandle is succeeding.

The only problem I see is the call to DestroyWindow.

Code Select Expand


include \masm32\include\masm32rt.inc
.data
   HelloWorld db "Hello World!",13,10,0
   consoleTitle db "HI",0
.data?
   hInstance   dd ?
.code
   start:
      push 0
      call GetModuleHandle
      mov hInstance, eax
      printf("%Xh\n",eax)

      push offset consoleTitle
      call SetConsoleTitleA

      push hInstance
      call DestroyWindow
      .IF eax == 0
          printf("%s\n",LastError$())
      .ENDIF

      push 10000
      call Sleep

      push 0
      call ExitProcess
end start


Code Select Expand


400000h
Invalid window handle.


[dedndave]

yes - i don't know what you expect to see if you destroy the window
but, GetModuleHandle returns a module handle, not a window handle
in the case of NULL, it is supposed to be a handle to the EXE file that created the process

DestroyWindow expects a handle to a window
if it were successful, the window should disappear   

if you want a handle to the console window, call GetConsoleWindow

your code could be a little cleaner if you used INVOKE
and - you shouldn't have to specify the A or W on function names

Code Select Expand

    INVOKE  SetConsoleTitle,offset consoleTitle

[iphone4life4]

It still does not work, and why I am not using invoke its because Ollydbg does not have invoke in it. Ollydbg push's to the stack via push. Also call GetConsoleWindow does not work.

What eax holds after callling GetConsoleWindow is 6058Ch

And another thing what is 6058Ch like what on earth is the h,and c on the end of it, is this hex?
How do I convert it to normal text.

[dedndave]

yes - it's a hexadecimal value
it's a dword, so the range is 0 to FFFFFFFFh
a handle should just be viewed as an arbitrary, but unique, number
what i mean by unique is, no other window will have the same handle
so - you can see it in decimal, but it won't mean anything

Michael used printf, so you just have to set the format
i don't use printf, but i think "%u" will get you an unsigned integer in decimal form

Code Select Expand

      printf("%u\n",eax)

by the way, GetConsoleWindow is working, or the return value would be 0
store the value in a variable or push it on the stack because printf destroys the contents of EAX

[qWord]

Ollydbg does not have invoke in it. Ollydbg push's to the stack via push.

OllyDbg is an debugger, MASM is an assembler!

Also call GetConsoleWindow does not work.[...]What eax holds after callling GetConsoleWindow is 6058Ch

So it does work! EAX holds a so called "handle", a value that references a system object/resource (in this case a window).

And another thing what is 6058Ch like what on earth is the h,and c on the end of it, is this hex?

"h" is MASM's suffix for hexadecimal numbers.

How do I convert it to normal text.

a classical method (especially for beginners) is to divide the number by the wished number base until the quotient gets zero. The corresponding modulo values are the number digits: e.g. 123 mod 10 = 3 -> 12 mod 10 = 2 -> 1 mod 10 = 1.

[iphone4life4]

yes - it's a hexadecimal value
it's a dword, so the range is 0 to FFFFFFFFh
a handle should just be viewed as an arbitrary, but unique, number
what i mean by unique is, no other window will have the same handle
so - you can see it in decimal, but it won't mean anything

Michael used printf, so you just have to set the format
i don't use printf, but i think "%u" will get you an unsigned integer in decimal form

Code Select Expand

      printf("%u\n",eax)

by the way, GetConsoleWindow is working, or the return value would be 0
store the value in a variable or push it on the stack because printf destroys the contents of EAX

Ok, so why does this still not work tho. It does not close the window right after opening it?

_{.data?
   hWnd dd ?
.code
   start:   
      push 0
      call GetConsoleWindow
      mov hWnd,eax
      
      push hWnd
      call DestroyWindow
      
      push offset consoleTitle
      call SetConsoleTitle
      
      push 10000
      call Sleep
      
      inkey "Press a key to continue ..."
      push 0
      call ExitProcess
end start}

[dedndave]

good question - lol

the console window is not meant to be destroyed this way

after DestroyWindow, i used GetLastError and got ERROR_ACCESS_DENIED
i would imagine the operating system has "locked out" the console handle to prevent it from being destroyed this way
there is more to a console than just a window, and it probably wants to do some clean-up

what you might be able to do is send it a WM_SYSCOMMAND message with SC_CLOSE

Code Select Expand

    INVOKE  PostMessage,hwndConsole,WM_SYSCOMMAND,SC_CLOSE,0

that seems to work

in "olly-ese", that would be

Code Select Expand

    push    0
    push    SC_CLOSE
    push    WM_SYSCOMMAND
    push    hwndConsole
    CALL    PostMessageA

[iphone4life4]

good question - lol

the console window is not meant to be destroyed this way

after DestroyWindow, i used GetLastError and got ERROR_INVALID_WINDOW_HANDLE
i would imagine the operating system has "locked out" the console handle to prevent it from being destroyed this way
there is more to a console than just a window, and it probably wants to do some clean-up

what you might be able to do is send it a WM_SYSCOMMAND message with SC_CLOSE

Code Select Expand

    INVOKE  PostMessage,hwndConsole,WM_SYSCOMMAND,SC_CLOSE,0

let me try it....

ok thanks for the help man 
one last thing will this work?

Code Select Expand


push offset exeName
call getmoduleHandle

push eax
call DestroyWindow


[dedndave]

no - GetModuleHandle returns a different kind of handle
normally, you just use NULL if you want a handle to the current EXE
although, i suppose it would work if you passed a pointer to a filename string
provided the file was in the current folder, or in the system folder, or it was a fully qualified path

DestroyWindow is used in GUI apps
if you want to play with it, write a GUI program   :t

[iphone4life4]

no - GetModuleHandle returns a different kind of handle
normally, you just use NULL if you want a handle to the current EXE
although, i suppose it would work if you passed a pointer to a filename string
provided the file was in the current folder, or in the system folder, or it was a fully qualified path

DestroyWindow is used in GUI apps
if you want to play with it, write a GUI program   :t

ok this is what i have so far and it give me the error

Code Select Expand

The specified module could not be found.

Code Select Expand


exeName db "explorer.exe",0
.data?
hWnd dd ?
.code
start:
push offset exeName
call GetModuleHandle
printf("%s\n",LastError$())

push eax
call DestroyWindow

push offset consoleTitle
call SetConsoleTitle

push 10000
call Sleep

inkey "Press a key to continue ..."
push 0
call ExitProcess
end start


[dedndave]

i get ERROR_MOD_NOT_FOUND from GetModuleHandle
that file probably isn't in the system folder and you have not provided a fully qualified path

[iphone4life4]

explorer.exe is loaded and running, so you are saying I need to give it a direct path to the exe in order for it to get a handle to that process?

[dedndave]

again - it is a module handle
essentially a special file handle

process handles and window handles are different kinds of handles

if you want to get the window handle to an EXE that is running, you can enumerate windows or something
that is somewhat complex

what is it you are trying to do, exactly ?

DestroyWindow is not a good thing to do, unless you have created the window   :redface:

[iphone4life4]

lol ok its fine, and I am just learning/playing around with asm.