flat assembler
Message board for the users of flat assembler.

Index > Windows > CreateRemoteThread terminates calling process?

Author
Thread Post new topic Reply to topic
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu 25 Apr 2009, 04:06
Code:
int3
stdcall [CreateRemoteThread],dword[esi],0,0,edi,0,0,0    
Crashes (as expected) but
Code:
stdcall [CreateRemoteThread],dword[esi],0,0,edi,0,0,0
int3    
exits instantly.. I can't find anything in the documentation that it should end should the calling process? Why is it doing this? I have no problem using ReadProcessMemory/WriteProcessMemory/VirtualProtectEx/SetSecurityInfo/TerminateProcess etc.. they all work fine.. only CreateRemoteThread closes my process. Please help :/ since my process dies immediately after I can't even check the return value or call GetLastError..



P.S. dword[esi] is the handle of target process returned by OpenProcess and edi is address of memory in that process returned by VirtualAllocEx (I checked both of these and they are right)
Post 25 Apr 2009, 04:06
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 25 Apr 2009, 04:53
OK, since we have to believe that the error is located only in those lines then try this: disable any anti-virus and/or try on another computer (with no anti-virus at all if possible).

Another possibility could be that you destroyed the SEH chain somehow but I think if that is the reason then I don't know why int3 is handled by the default handler...

[edit]Example:
Code:
format pe gui 4.0
sub esp, $4000
int3    

Will die silently because exception handling cannot work properly[/edit]
Post 25 Apr 2009, 04:53
View user's profile Send private message Reply with quote
comrade



Joined: 16 Jun 2003
Posts: 1150
Location: Russian Federation
comrade 25 Apr 2009, 16:12
Azu, can you send me a sample EXE when this happens?
Post 25 Apr 2009, 16:12
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu 25 Apr 2009, 17:22
Whoops it was my antivirus :s I thought it would show something if it was blocking it.. but it didn't.

Thanks for the hint.
Post 25 Apr 2009, 17:22
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.