Member Avatar for R3AL

my code:

...
DWORD WINAPI myGWTHPID(HWND hWnd, LPDWORD lpdwProcessId){
	__asm
		{
		MOV EDI,EDI
		PUSH EBP
		MOV EBP,ESP
		JMP [DLLFunc]
		}

}

int main(){
hInst = LoadLibraryA("user32.dll");
DLLFunc = (DWORD)GetProcAddress(hInst, "GetWindowThreadProcessId" + 5); 

HWND hwn= FindWindowA(NULL,"Untitled - Notepad");
cout<<"Window handle: "<<hwn<<"\n";
DWORD pID;
myGWTHPID(hwn,&pID);
cout<<"Process id: "<<pID;


getch();
return 0;
}

The problem seems to be with "myGWTHPID" function, it generates the following error:

Unhandled exception at 0x00000000 in test.exe: 0xC0000005: Access violation.

I'm guessing it's messing with the registers but I have no idea how to fix it.
Please help :$

  • 2 Contributors
  • 2 Replies
  • 142 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by R3AL

Recommended Answers

All 2 Replies

Member Avatar for MandrewP

I think you are accessing memory that you shouldn't be. Maybe there is a pointer out of bounds that wasn't initialized properly? Or maybe the stack hasn't been restored properly since you did push EBP. And in line 5, did you mean to mov EDI into itself? I would say to just adjust some things one at a time and see if you can narrow down what part of the code is causing the access violation.

Member Avatar for R3AL

What my code is supposed to do is to set up the first 5 bytes of the GetWindowThreadProcessId function in my custom function (if u fire up olly you'll see that the instructions are the same ) and then jump at the original function's location + 5 bytes.

The strange thing is if i remove all ASM code except the jump and also remove the 5 byte offset used when calling GetProcAdress I still get an access violation.

I'll keep on trying to pinpoint the problem but some help would really be appreciated :)

Untitled.png 68.92 KB
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.