flat assembler
Message board for the users of flat assembler.
Index
> Windows > API from ntdll.dll |
Author |
|
at0mic 23 Mar 2005, 14:25
API ->RtlCompareString from ntdll.dll gives an exception.
why? How can I use it? best THX, _________________ at0mic! |
|||
23 Mar 2005, 14:25 |
|
Nikolay Petrov 23 Mar 2005, 18:37
--------------------------------------
RtlCompareString The RtlCompareString routine compares two counted strings. LONG RtlCompareString( IN PSTRING String1, IN PSTRING String2, BOOLEAN CaseInSensitive ); Parameters String1 Pointer to the first string. String2 Pointer to the second string. CaseInSensitive If TRUE, case should be ignored when doing the comparison. Return Value RtlCompareString returns a signed value that gives the results of the comparison: Zero String1 equals String2. < Zero String1 is less than String2. > Zero String1 is greater than String2 ----------------------------------------------- It's a info from MSDN - http://msdn.microsoft.com |
|||
23 Mar 2005, 18:37 |
|
at0mic 24 Mar 2005, 08:13
Code: include '%fasminc%\win32ax.inc' .data endl db 10,13,0 hntdll dd ? RtlCompareString dd ? string1 db 'compare this string',0 string2 db 'compare with it',0 buforek rd 100 .code start: invoke LoadLibrary,"ntdll.dll" mov [hntdll],eax invoke GetProcAddress,[hntdll],"RtlCompareString" mov [RtlCompareString],eax xor eax,eax ;invoke RtlCompareString,string1,string2,TRUE cinvoke wsprintf,buforek,"ntdll handle: 0x%x%sRtlCompareString address: 0x%x%sHow many chars are the same: %d%s",\ [hntdll],endl,[RtlCompareString],endl,\ eax,endl; invoke MessageBox,0,buforek,"info",0 invoke ExitProcess,0 .end start let delete ';' before RtlCompareString calling (from source above) and let think more complex than before (if you want of course;) I think everyone knows msdn help online _________________ at0mic! |
|||
24 Mar 2005, 08:13 |
|
Torrey 24 Mar 2005, 11:09
The problem is that you misread the msdn. Look at the comments section, it specifically says, "Callers of RtlCompareString must be running at IRQL = PASSIVE_LEVEL."
PASSIVE_LEVEL is exclusive to device drivers. There's your answer. [edit] What happens when you trace through the call for RtlCompareString the program ends up getting killed when edi and esi are pointing to some strange value, most likely a memory address that your application doesn't have access to. Last edited by Torrey on 24 Mar 2005, 11:15; edited 1 time in total |
|||
24 Mar 2005, 11:09 |
|
at0mic 24 Mar 2005, 11:12
Right!
good for you Torrey! _________________ at0mic! |
|||
24 Mar 2005, 11:12 |
|
Torrey 24 Mar 2005, 11:16
Heh, you're quick to reply. I thought my edit would go through before you saw the reply post.
|
|||
24 Mar 2005, 11:16 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.