Quote
; __________________________________________________________________________________
; _______________________ DlgProc __________________________________________________
; __________________________________________________________________________________
ALIGN 16
DlgProc PROC __hWnd:HWND,__uMsg:DWORD,__wParam:WPARAM,__lParam:LPARAM PARMAREA=4*QWORD
LOCAL _hDialog:HWND
mov _hDialog,rcx
cmp rdx,WM_COMMAND
jne @Exit
cmp r8d,IDOK
je @Go
cmp r8d,IDCANCEL
je @Cancel
xor rax,rax
ret
; ================================================================================
; ================================================================================
ALIGN 16
@Go :
shr r8,16
and r8,0000ffffh
test r8,r8 ;cmp r8,BN_CLICKED
jne @Termine
mov r8,OFFSET szUrlToScan
mov rdx,IDC_EDIT_01
mov QWORD PTR [r8],0
mov r9,SIZEOF szUrlToScan
call GetDlgItemTextA
test eax,eax
jz @Empty
mov rcx,OFFSET szUrlToScan
call PathIsURLA
test rax,rax
jz @NotValid
mov rdx,IDOK
; ================================================================================
; ================================================================================
@Finished :
mov rcx,_hDialog ;<-------------------------------------
mov rax,OFFSET @Termine
push rax
jmp EndDialog
; ================================================================================
; ================================================================================
ALIGN 16
@Termine :
xor rax,rax
ret
; ================================================================================
; ================================================================================
ALIGN 16
@NotValid :
; mov rcx,OFFSET szError_11
; call Error
mov rcx,_hDialog ;<-------------------------------------
mov rdx,IDC_EDIT_01
call GetDlgItem
mov rcx,rax
call SetFocus
ret
; ================================================================================
; ================================================================================
ALIGN 16
@Cancel :
shr r8,16
and r8,0000ffffh
test r8,r8 ;cmp r8,BN_CLICKED
jne @Termine
mov rdx,IDCANCEL
jmp @Finished
; ================================================================================
; ================================================================================
ALIGN 16
@Empty :
mov rcx,__hWnd
mov rdx,IDC_EDIT_01
call GetDlgItem
mov rcx,rax
call SetFocus
mov rcx,OFFSET szError_11
call Error
ret
; ================================================================================
; ================================================================================
ALIGN 16
@Exit :
mov eax,TRUE
ret
DlgProc ENDP
Anywhere poasm sees "mov rcx,_hDialog" it translates it in "mov rcx,rcx"
You can verify with Timo's Tool :
Quote
000000A4 mov [rsp+30h], rcx ;<-------------------------------------hDialog
000000A9 cmp rdx, 111h
000000B0 jnz 00000000000001C0h
000000B6 cmp r8d, 01h
000000BA jz 00000000000000D0h
000000BC cmp r8d, 02h
000000C0 jz 0000000000000170h
000000C6 xor rax, rax
000000C9 add rsp, 38h
000000CD ret
000000CE nop
000000D0 shr r8, 10h
000000D4 and r8, FFFFh
000000DB test r8, r8
000000DE jnz 0000000000000140h
000000E0 mov szUrlToScan
000000EA mov rdx, 3EEh
000000F1 mov qword ptr [r8], 00
000000F8 mov r9, 800h
000000FF call GetDlgItemTextA
00000104 test eax, eax
00000106 jz 0000000000000190h
0000010C mov szUrlToScan
00000116 call PathIsURLA
0000011B test rax, rax
0000011E jz 0000000000000150h
00000120 mov rdx, 01h
00000127 mov rcx, [rsp+30h] ;<-------------------------------------hDialog
0000012C mov DlgProc.@Termine
00000136 push rax
00000137 jmp EndDialog
0000013C nop
00000140 xor rax, rax
00000143 add rsp, 38h
00000147 ret
00000148 nop
0000014C nop
00000150 mov rcx, [rsp+30h] ;<-------------------------------------hDialog
00000155 mov rdx, 3EEh
0000015C call GetDlgItem
00000161 mov rcx, rax
00000164 call SetFocus
00000169 add rsp, 38h
0000016D ret
0000016E nop
00000170 shr r8, 10h
00000174 and r8, FFFFh
0000017B test r8, r8
0000017E jnz 0000000000000140h
00000180 mov rdx, 02h
00000187 jmp 0000000000000127h
00000189 nop
0000018D nop
00000190 mov rcx, rcx ;<-------------------------------------
00000193 mov rdx, 3EEh
0000019A call GetDlgItem
0000019F mov rcx, rax
000001A2 call SetFocus
000001A7 mov szError_11
000001B1 call 0000000000000000
000001B6 add rsp, 38h
000001BA ret
000001BB nop
000001BE nop
000001C0 mov eax, 01h
000001C5 add rsp, 38h
000001C9 ret
What podump show?
Could you give that object file for testing with other disassemblers.
There is bug in my code as register name dissapeared :(
..
0000012C mov DlgProc.@Termine
Podump shows the same thing.
I added all the project, the obj file and the podump output.
Look at this address in the podump listing.
The bug has gone away without doing any change!
Timo look at these addresses :
Quote
000003B0 mov szRootUrl
0000051E mov ShowTheFilePlease.@Exit
I join the final project.
First hotfix for it.
I have to examine what ZydisDecodedInstruction offers for that.
Could you verify with that new version where I use adresses+rip