0

my code:

...
DWORD WINAPI myGWTHPID(HWND hWnd, LPDWORD lpdwProcessId){
	__asm
		{
		MOV EDI,EDI
		PUSH EBP
		MOV EBP,ESP
		JMP [DLLFunc]
		}

}

int main(){
hInst = LoadLibraryA("user32.dll");
DLLFunc = (DWORD)GetProcAddress(hInst, "GetWindowThreadProcessId" + 5); 

HWND hwn= FindWindowA(NULL,"Untitled - Notepad");
cout<<"Window handle: "<<hwn<<"\n";
DWORD pID;
myGWTHPID(hwn,&pID);
cout<<"Process id: "<<pID;


getch();
return 0;
}

The problem seems to be with "myGWTHPID" function, it generates the following error:

Unhandled exception at 0x00000000 in test.exe: 0xC0000005: Access violation.

I'm guessing it's messing with the registers but I have no idea how to fix it.
Please help :$

2
Contributors
2
Replies
3
Views
5 Years
Discussion Span
Last Post by R3AL
0

I think you are accessing memory that you shouldn't be. Maybe there is a pointer out of bounds that wasn't initialized properly? Or maybe the stack hasn't been restored properly since you did push EBP. And in line 5, did you mean to mov EDI into itself? I would say to just adjust some things one at a time and see if you can narrow down what part of the code is causing the access violation.

0

What my code is supposed to do is to set up the first 5 bytes of the GetWindowThreadProcessId function in my custom function (if u fire up olly you'll see that the instructions are the same ) and then jump at the original function's location + 5 bytes.

The strange thing is if i remove all ASM code except the jump and also remove the 5 byte offset used when calling GetProcAdress I still get an access violation.

I'll keep on trying to pinpoint the problem but some help would really be appreciated :)

Attachments Untitled.png 68.92 KB
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.