flat assembler
Message board for the users of flat assembler.

Index > Windows > Win64 newbie questions

Author
Thread Post new topic Reply to topic
TimK



Joined: 14 Feb 2010
Posts: 20
TimK
My Win64 Dll code:
Code:
proc Install

        sub     rsp, 20h

        ...

        mov     rcx,WH_CALLWNDPROC
        mov     rdx,MessageHookProc
        mov     r8,[HInstance]
        xor     r9,r9
        call    [SetWindowsHookEx]
        mov     [MessageHook],rax
        test    rax,rax
        jz      .free

        mov     rcx,WH_SHELL
        mov     rdx,ShellHookProc
        mov     r8,[HInstance]
        xor     r9,r9
        call    [SetWindowsHookEx]
        mov     [ShellHook],rax
        test    rax,rax
        jnz     .exit

  .free:
        call    FreeHooks
        xor     rax,rax

  .exit:
        add     rsp, 20h
        ret
endp


proc Uninstall

        sub     rsp, 20h
        call    FreeHooks
        add     rsp, 20h
        ret
endp


proc FreeHooks

        mov     rcx,[MessageHook]
        test    rcx,rcx
        jz      @f

        call    [UnhookWindowsHookEx]
        mov     [MessageHook],0

  @@:
        mov     rcx,[ShellHook]
        test    rcx,rcx
        jz      @f

        call    [UnhookWindowsHookEx]
        mov     [ShellHook],0

  @@:
        ret
endp
    


Questions:
1. I must handle rsp in FreeHooks too? ie:
Code:
proc FreeHooks
        sub     rsp, 20h
        ... 
        add     rsp, 20h
        ret
endp
    

2. Can i safe replace "call FreeHooks" by "jmp FreeHooks" (IDA reports "sp-analysis failed" for Install in this case)?
Post 08 Jun 2010, 01:26
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.