News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests

Main Menu

FINDFIRSTFILE problem

Started by markallyn, September 20, 2021, 08:12:18 AM

Previous topic - Next topic

markallyn

Hello,

I've run into a problem attempting to call findfirstfile.  Searching the web has yielded nothing, but I did come up with an old post by Vortex submitted to this site on January 9, 2017.  Although Vortex wrote in POASM and I'm using ml64/link Vortex's example seems to me to show that what I'm trying to do isn't nuts.

Here"s the code:
Quote

includelib   ..\masm32\lib64\msvcrt.lib
includelib   ..\masm32\lib64\kernel32.lib

include myincludes64.INC

FindFirstFileA  PROTO   :QWORD, :QWORD
FindClose   PROTO    :QWORD

.data
filname   db   "gs.asm"
wfd     WIN32_FIND_DATA < >   

.data?
hndl   QWORD   ?

.code
main   PROC
sub   rsp,   40h
lea   rcx,   filname
lea   rdx,    wfd
call    FindFirstFileA
mov   hndl,   rax
mov   rcx,   hndl
call   FindClose
add   rsp,   40h
ret
main   ENDP
END

I included MSVCRT only because I had a plan to use some of the functions there; as you can see, the program doesn't call any of them.  The myincludes64.inc file contains the two necessary structures.  They are as follows:

Quote
FILETIME   struct
dwLowDateTime   DWORD   ?
dwHighDateTime   DWORD   ?
FILETIME   ends

...And:
Quote
WIN32_FIND_DATAA   struct
dwFileAttributes   DWORD   ?
ftCreationTime   FILETIME   <>
ftLastAccessTime   FILETIME   <>
ftLastWriteTime   FILETIME   <>
nFileSizeHigh   DWORD   ?
nFileSizeLow   DWORD   ?
dwReserved0   DWORD   ?
dwReserved1   DWORD   ?
cFileName   CHAR MAX_PATH dup (?)
cAlternateFileName   CHAR 14 dup (?)
WIN32_FIND_DATAA   ends

The program compiles and links successfully.  It also appears to run.  But, when the program hits the call to findfirstfileA it goes off into never-never land.  Doesn't even return an error code in RAX.

I've worked on this several days with no success.  I'd really like to get the bug out.

Regards,

Mark Allyn

HSE

Equations in Assembly: SmplMath

markallyn

HSE,

Among the many things I have tried was zero-terminating the file name.  Just tried it again.  It still doesn't work.

Thanks, though, for the suggestion!

Mark


nidud

#3
deleted

markallyn

Hi Nidud,

I haven't completely checked yet, but a quick glance at x64dbg indicates that you have fixed the problem.  Will do more checking tomorrow morning.

You could do me a huge favor if you could briefly explain why this seemingly small change would have such a huge and beneficial impact.

Again, many thanks for looking this over.

Regards,
Mark Allyn

InfiniteLoop

sub rsp, 64 is not 16-byte aligned but sub 40 is ?

nidud

#6
deleted

markallyn

Good morning Nidud and InfiniteLoop,

Well, so if I had done like this:

Quote
  and rsp, -10h
  sub rsp, 40h

..it would have been OK?  As I read your responses I could have subtracted any amount from rsp as long as it wsa divisible by 8?

Nidud's main doesn't add back 40d before the ret instruction.  Why not?

And in Nidud's "Using base pointer" and "Enter stack" doesn't add or sub anything.  Is this because he "leaves" before the ret?

Obviously I need to understand the stack better.  I apologize for these very elementary questions.

Regards,
Mark Allyn


nidud

#8
deleted

markallyn

Good morning once again, NIDUD,

Your tutorials have been very helpful.  I knew about spill space but I didn't understand the necessity of aligning the stack prior to the call.  I assumed, as you can see, that sub 64 (40h), because it is divisible by 8 and also allowed for plenty of spill and some parms, would do the job.  Not so!

Given my naivete we will no doubt meet again in future.

Regards,
Mark Allyn