flat assembler
Message board for the users of flat assembler.

Index > Windows > How windows execute settimer ?

Goto page Previous  1, 2, 3
Author
Thread Post new topic Reply to topic
AsmGuru62



Joined: 28 Jan 2004
Posts: 1657
Location: Toronto, Canada
AsmGuru62 28 Nov 2024, 23:46
I think my debugger was set to not ignore the kernel exceptions, so I did not even get to the CreateWindowExW.
The opcodes I saw at the crash point were looking like MMX technology related.
Post 28 Nov 2024, 23:46
View user's profile Send private message Send e-mail Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20416
Location: In your JS exploiting you and your system
revolution 29 Nov 2024, 10:10
AsmGuru62 wrote:
... looking like MMX technology related.
I can't figure out how the fault is triggered.

Without the AC bit set I can't find any MMX instruction that can trigger an alignment fault. Some of the 128-bit XMM stuff can, but not MMX. I must have missed something fundamental. Confused

And even then, with the AC bit, those potential alignment faults are all for 8-byte qwords and 16-byte dqwords, not for 2-byte words.
Post 29 Nov 2024, 10:10
View user's profile Send private message Visit poster's website Reply with quote
sinsi



Joined: 10 Aug 2007
Posts: 794
Location: Adelaide
sinsi 29 Nov 2024, 10:49
I debugged it as far as I could, got to here
Code:
win32u!NtUserRegisterClassExWOW:
00007ffe`cd0526c0 4c8bd1          mov     r10,rcx
00007ffe`cd0526c3 b8a2100000      mov     eax,10A2h
00007ffe`cd0526c8 f604250803fe7f01 test    byte ptr [SharedUserData+0x308 (00000000`7ffe0308)],1 ds:00000000`7ffe0308=00
00007ffe`cd0526d0 7503            jne     win32u!NtUserRegisterClassExWOW+0x15 (00007ffe`cd0526d5) [br=0]
00007ffe`cd0526d2 0f05            syscall
    

Last error was 0 before the syscall and 3E6 after.
Post 29 Nov 2024, 10:49
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20416
Location: In your JS exploiting you and your system
revolution 29 Nov 2024, 11:23
I think it is a software check.
Code:
test esi,1
jne .exit_with_error_3E6
; do the thing
ret
.exit_with_error_3E6:
mov eax,0x3e6
ret    
Post 29 Nov 2024, 11:23
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.