flat assembler
Message board for the users of flat assembler.

Index > Windows > GWL_USERDATA - understending

Author
Thread Post new topic Reply to topic
Everhest



Joined: 26 Jun 2008
Posts: 84
Location: Russia
Everhest
Hi. Please help me find a bug.

Code:
load_user_data:
                pusha
                invoke  SetLastError, 0
                invoke  GetWindowLong,[hwnd],GWL_USERDATA
                or      eax, eax
                jz      defwndproc
                mov     [button_memory], eax

                cld
                mov     esi, eax;[button_memory]
                lea     edi, [button_data]
                mov     ecx, len_btn_data
                rep     movsb

                mov     eax, [button_memory]
                mov     edx, [eax+CREATESTRUCT.lpszClass]
                invoke  MessageBox, 0, edx, 0, 0
                popa
                ret

        save_user_data:
                pusha
                cld
                lea     esi, [button_data]        
                mov     edi, [button_memory]     
                mov     ecx, len_btn_data        
                rep     movsb

                invoke  SetLastError, 0
                mov     eax, [button_memory]
                invoke  SetWindowLong, [hwnd], GWL_USERDATA, eax
                or      eax, eax
                jz      error_wnd_long
                popa
                ret    


Description: source
Download
Filename: 1.zip
Filesize: 9.08 KB
Downloaded: 24 Time(s)


_________________
Forgive for my bad english, I from russia...
Post 03 Feb 2011, 20:54
View user's profile Send private message ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17287
Location: In your JS exploiting you and your system
revolution
Please describe your bug. What is (not) happening that you wish (not) to happen?
Post 03 Feb 2011, 21:01
View user's profile Send private message Visit poster's website Reply with quote
Everhest



Joined: 26 Jun 2008
Posts: 84
Location: Russia
Everhest
I debugged and have understood that by a call save_user_data the code is carried out ideally. Value button_memory saved in GWL_USERDATA. I consider that the error should be here:

load_user_data:
pusha
invoke SetLastError, 0
invoke GetWindowLong,[hwnd],GWL_USERDATA
or eax, eax
jz defwndproc
mov [button_memory], eax

cld
mov esi, eax;[button_memory]
lea edi, [button_data]
mov ecx, len_btn_data
rep movsb


mov eax, [button_memory]
mov edx, [eax+CREATESTRUCT.lpszClass]
invoke MessageBox, 0, edx, 0, 0
popa
ret

MessageBox doesn't show a string lpszClass. Pointer is crashed! Why???


ps. please look source

_________________
Forgive for my bad english, I from russia...
Post 03 Feb 2011, 21:52
View user's profile Send private message ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17287
Location: In your JS exploiting you and your system
revolution
How have you defined "button_memory" and/or "button_data"? You didn't show all your code so we don't know what those variables are. Are they global variables or local variables?

BTW: Show all your code please. Us having to guess what you have done is not helping you to solve the problem faster.
Post 03 Feb 2011, 22:25
View user's profile Send private message Visit poster's website Reply with quote
Everhest



Joined: 26 Jun 2008
Posts: 84
Location: Russia
Everhest
All my source code it is attached in the first post Smile
Post 03 Feb 2011, 22:47
View user's profile Send private message ICQ Number Reply with quote
MHajduk



Joined: 30 Mar 2006
Posts: 6034
Location: Poland
MHajduk
Everhest
in such situations I usually "go one step backwards", i.e. I cut "suspicious" parts of my code trying to obtain as clear working code as it's possible.

I recommend you to put temporarily all the button-specific data to the global structure and see if it will help. BTW, you don't really need to copy all data from the reserved block to the local variables - you may use virtual structures associated with a chosen register to which you will load (by 'GetWindowLong, [hwnd], GWL_USERDATA') the pointer of the reserved memory block. Besides, pay more attention to the values returned by the API functions. Wink
Post 03 Feb 2011, 23:47
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17287
Location: In your JS exploiting you and your system
revolution
Everhest wrote:
All my source code it is attached in the first post Smile
Hehe, you are right, I am blind. Embarassed

The answer is: When you copy the data at wmcreate all the lpsz pointers point to the stack and the data is temporary. You also have to copy each string from the stack into a buffer before exiting from wmcreate.
Code:
  wmcreate:
               invoke  VirtualAlloc, 0, len_btn_data, MEM_COMMIT, PAGE_READWRITE
           or      eax, eax
            jz      error_mem
           mov     [button_memory], eax

            invoke  SetWindowLong, [hwnd], GWL_USERDATA, [button_memory]
               ; or      eax, eax
          ; jz      error_set_wnd_long

             cld
         mov     esi, [lparam]
               lea     edi, [button_data]
          mov     ecx, sizeof.CREATESTRUCT
            rep     movsb
;add somethng like this
    mov     esi, [lparam]
       mov     esi, [esi+CREATESTRUCT.lpszClass]
   lea     edi, [some_global_buffer_for_the_class_name]
        mov     ecx, sizeof.some_global_buffer_for_the_class_name
   rep     movsb
;---------------------
            ; lea     eax, [button_data]
        ; mov     edx, [eax+CREATESTRUCT.lpszClass]
         ; invoke  MessageBox, 0, edx, 0, 0
           mov     ebx, [lpcs.lpszName]
                invoke  GetParent, [hwnd]
           invoke  SendMessage, eax, WM_SETTEXT, 0, ebx
                call    save_user_data
              xor     eax, eax
            jmp     @finish    
Post 04 Feb 2011, 04:07
View user's profile Send private message Visit poster's website Reply with quote
Everhest



Joined: 26 Jun 2008
Posts: 84
Location: Russia
Everhest
Quote:
;add somethng like this
mov esi, [lparam]
mov esi, [esi+CREATESTRUCT.lpszClass]
lea edi, [some_global_buffer_for_the_class_name]
mov ecx, sizeof.some_global_buffer_for_the_class_name
rep movsb

Hm... Why? I want to create new component (see source) and if use global value in the code that at creation of 2 and more buttons, they will read the same sites of memory it is bad.

Quote:
I recommend you to put temporarily all the button-specific data to the global structure and see if it will help.
I will try today Sad


There is one question why then this code works in new attached source code


Description:
Download
Filename: old.zip
Filesize: 51.4 KB
Downloaded: 18 Time(s)


_________________
Forgive for my bad english, I from russia...
Post 04 Feb 2011, 09:15
View user's profile Send private message ICQ Number Reply with quote
Everhest



Joined: 26 Jun 2008
Posts: 84
Location: Russia
Everhest
see places in the source not far SetWindowLong\GetWindowLong functions.
Post 04 Feb 2011, 09:22
View user's profile Send private message ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17287
Location: In your JS exploiting you and your system
revolution
Everhest wrote:
Hm... Why? I want to create new component (see source) and if use global value in the code that at creation of 2 and more buttons, they will read the same sites of memory it is bad.
You have no choice. After returning from wmcreate the stack is lost, and with it the names are also lost. Unless you copy them from the stack to a safe place then you will have no chance of finding the lpsz names again. Windows stores the structure and names on the stack, after you have returned from wmcreate Windows essentially erases the stack by discarding it.
Post 04 Feb 2011, 09:24
View user's profile Send private message Visit poster's website Reply with quote
Everhest



Joined: 26 Jun 2008
Posts: 84
Location: Russia
Everhest
I know and on it I do so
Code:
        wmcreate:
                invoke  VirtualAlloc, 0, len_btn_data, MEM_COMMIT, PAGE_READWRITE ; Create safe place
                or      eax, eax
                jz      error_mem
                mov     [button_memory], eax

                cld                                                   ; Copy lparam to stack data
                mov     esi, [lparam]
                lea     edi, [button_data]
                mov     ecx, sizeof.CREATESTRUCT
                rep     movsb
                lea     eax, [button_data]
                mov     edx, [eax+CREATESTRUCT.lpszClass]
                invoke  MessageBox, 0, edx, 0, 0                                  ; Test (copy it's ok)
                mov     ebx, [lpcs.lpszName]
                invoke  GetParent, [hwnd]
                invoke  SendMessage, eax, WM_SETTEXT, 0, ebx
                invoke  SetWindowLong, [hwnd], GWL_USERDATA, [button_memory]  ; We adhere USERDATA to control the memory address (a safe place)
                call    save_user_data                                                                       ; copy stack data to sfe place
                xor     eax, eax
                jmp     @finish     

_________________
Forgive for my bad english, I from russia...
Post 04 Feb 2011, 12:40
View user's profile Send private message ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17287
Location: In your JS exploiting you and your system
revolution
Everhest wrote:
I know and on it I do so
Code:
;...
                mov     ebx, [lpcs.lpszName]
                invoke  GetParent, [hwnd]
                invoke  SendMessage, eax, WM_SETTEXT, 0, ebx
;...    
What if you have many different children under the same parent? They can't all store data in the Window title at the same time.
Post 04 Feb 2011, 12:52
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17287
Location: In your JS exploiting you and your system
revolution
A much better and less problematic solution is to increase the size of len_btn_data buffer and store whatever text you need in there.
Post 04 Feb 2011, 12:54
View user's profile Send private message Visit poster's website Reply with quote
Everhest



Joined: 26 Jun 2008
Posts: 84
Location: Russia
Everhest
All problems consisted in pointers... Laughing

revolution and MHajduk big thanks...

_________________
Forgive for my bad english, I from russia...
Post 04 Feb 2011, 15:29
View user's profile Send private message ICQ Number Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.