flat assembler
Message board for the users of flat assembler.

Home Search Register
Log in to check your private messages Log in

Index > Windows > Something weird in Windows x64
Author
Thread Post new topic Reply to topic
AsmGuru62



Joined: 28 Jan 2004
Posts: 1692
Location: Toronto, Canada
AsmGuru62 15 Feb 2024, 01:48
When starting the program R12 ... R15 are all zeroes.
When I am in WNDPROC -- R13 is same as RDX (message identifier).
But I was thinking that R13 is saved by Windows x64 API.
I am sure that R13 is saved by a usual API call, like GetDlgItem.
But here we are looking at a CALLBACK function.
R12, R14, R15 are all zeroes, just like they have been at the Entry Point.
Weird, but OK.
Post 15 Feb 2024, 01:48
View user's profile Send private message Send e-mail Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20513
Location: In your JS exploiting you and your system
revolution 15 Feb 2024, 04:15
When Windows calls your callback function it is its copy of the registers that your see, not your copy.

Just like when you can set r12-r15 to anything of your choosing and then call an API, Windows doesn't expect you to call with the original values that r12-r15 had when the program was started.
Post 15 Feb 2024, 04:15
View user's profile Send private message Visit poster's website Reply with quote
AsmGuru62



Joined: 28 Jan 2004
Posts: 1692
Location: Toronto, Canada
AsmGuru62 15 Feb 2024, 04:40
I see.
Thanks, that sounds good.
Post 15 Feb 2024, 04:40
View user's profile Send private message Send e-mail Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20513
Location: In your JS exploiting you and your system
revolution 15 Feb 2024, 06:01
AsmGuru62 wrote:
When starting the program R12 ... R15 are all zeroes.
That is not part of any spec. It appears to be a hack to avoid leaking secrets or something.

I wouldn't recommend relying on that behaviour..
Post 15 Feb 2024, 06:01
View user's profile Send private message Visit poster's website Reply with quote
MatQuasar



Joined: 25 Oct 2023
Posts: 105
MatQuasar 19 May 2024, 15:37
Sorry to hijack this thread to ask a simple question: Is Handle value in Windows 64-bit API function also 64-bit?
Post 19 May 2024, 15:37
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20513
Location: In your JS exploiting you and your system
revolution 19 May 2024, 15:49
MatQuasar wrote:
Sorry to hijack this thread to ask a simple question: Is Handle value in Windows 64-bit API function also 64-bit?
Yes.
Post 19 May 2024, 15:49
View user's profile Send private message Visit poster's website Reply with quote
MatQuasar



Joined: 25 Oct 2023
Posts: 105
MatQuasar 19 May 2024, 15:51
revolution wrote:
MatQuasar wrote:
Sorry to hijack this thread to ask a simple question: Is Handle value in Windows 64-bit API function also 64-bit?
Yes.


Thank you!
Post 19 May 2024, 15:51
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Main index Download Documentation Examples Message board

Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.