flat assembler
Message board for the users of flat assembler.

Index > Main > Program fails on invoke ExitProcess, 0

Author
Thread Post new topic Reply to topic
DSblizzard



Joined: 23 Oct 2019
Posts: 13
Location: Ryazan, Russia
DSblizzard
Program executes all instructions before
Code:
invoke ExitProcess, 0    

but on this command fails. Is it definitely bug in fasm, or it can be something on my side? Program is ~3500 lines, so I'm lazy to locate bug more precisely.
Post 02 Dec 2019, 18:56
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16891
Location: In your JS exploiting you and your system
revolution
In theory ExitProcess cannot fail. It should close the program and all open resources without ever returning.

But what do you mean by "fails"? Crashes? Won't close? Something else?

Try to cut down your code to the minimal code that produces the failure. Post your code here and we might be able to help.
Post 02 Dec 2019, 19:40
View user's profile Send private message Visit poster's website Reply with quote
DSblizzard



Joined: 23 Oct 2019
Posts: 13
Location: Ryazan, Russia
DSblizzard
Windows message box "Прекращена работа программы 1.exe" ("The program 1.exe stopped" or something like this)
Details: (sorry, in Russian)
Сигнатура проблемы:
Имя события проблемы: APPCRASH
Имя приложения: 1.exe
Версия приложения: 0.0.0.0
Отметка времени приложения: 5de55d1c
Имя модуля с ошибкой: ntdll.dll
Версия модуля с ошибкой: 6.1.7601.23915
Отметка времени модуля с ошибкой: 59b94ee4
Код исключения: c0000005
Смещение исключения: 000000000004e664
Версия ОС: 6.1.7601.2.1.0.256.48
Код языка: 1049
Дополнительные сведения 1: b31c
Дополнительные сведения 2: b31cfdaf05d416b0a7d396d7b4049a84
Дополнительные сведения 3: 90e7
Дополнительные сведения 4: 90e75a2f5888e05373d1c95572b47705
Post 02 Dec 2019, 20:01
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16891
Location: In your JS exploiting you and your system
revolution
That is a crash.

So you might have corrupted your import section and the pointer to ExitProcess leads to an unknown place.
Post 02 Dec 2019, 20:28
View user's profile Send private message Visit poster's website Reply with quote
DSblizzard



Joined: 23 Oct 2019
Posts: 13
Location: Ryazan, Russia
DSblizzard
I printed values of ExitProcess and [ExitProcess] after entry point of program and just before "invoke ExitProcess, 0". They are preserved. But ExitProcess is different from its value in "empty" program.
Post 03 Dec 2019, 08:33
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16891
Location: In your JS exploiting you and your system
revolution
Because of ASLR you can get different values for the API calls.

Are you sure it is ExitProcess? That would be very unlikely IMO. Perhaps you have another problem.
Post 03 Dec 2019, 08:43
View user's profile Send private message Visit poster's website Reply with quote
DimonSoft



Joined: 03 Mar 2010
Posts: 604
Location: Belarus
DimonSoft
Heap corruption?
Post 03 Dec 2019, 09:31
View user's profile Send private message Visit poster's website Reply with quote
edfed



Joined: 20 Feb 2006
Posts: 4224
Location: 2018
edfed
try it with ollydbg or ida
Post 03 Dec 2019, 10:14
View user's profile Send private message Visit poster's website Reply with quote
DSblizzard



Joined: 23 Oct 2019
Posts: 13
Location: Ryazan, Russia
DSblizzard
Thank you all, especially DimonSoft. I reduced program, then printed addresses in all mov [], ... commands, and finally spot the problem: in malloc size was assumed 8 bytes but really it was 16 - type and value.
Post 03 Dec 2019, 11:38
View user's profile Send private message Reply with quote
guignol



Joined: 06 Dec 2008
Posts: 640
guignol
reminds of a waitress in a diner
Post 04 Dec 2019, 09:51
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2019, Tomasz Grysztar.

Powered by rwasa.