A FILE HANDLE question [Archive] - RCE Messageboard's Regroupment

View Full Version : A FILE HANDLE question

Limee AKA Lamer

September 17th, 2004, 12:04

I found a question,The FILE HANDLE IS ZERO.
I can't understand.

00425304 push 00000000 ; HANDLE IS ZERO
00425306 lea eax, dword ptr [ebp-04]
00425309 push eax
0042530A push 0000001E
0042530C push 0042BB84
00425311 mov eax, dword ptr [0042BB7C]
00425316 push eax
00425317 Call kernel32.ReadFile
0042531C mov eax, dword ptr [0042BB84]
00425321 cmp eax, 04034B50
00425326 je 00425333 --->
00425328 cmp eax, 50000000
0042532D je 00425333 --->
0042532F xor ebx, ebx ;
00425331 jmp 00425335 --->

Neitsa

September 17th, 2004, 12:27

Hi,

according to MSDN:

Code:



BOOL ReadFile(

  HANDLE hFile,

  LPVOID lpBuffer,

  DWORD nNumberOfBytesToRead,

  LPDWORD lpNumberOfBytesRead,

  LPOVERLAPPED lpOverlapped

);

Parameters are pushed from right to left (or from bottom to top here), then the API is called. So the first parameter in your code isn't the file handle but the pointer to an overlapped struct. As it is NULL, there's no pointer to that struct.

Code:



00425304 push 00000000 ;lpOverlapped

//cut

00425311 mov eax, dword ptr [0042BB7C]

00425316 push eax ; EAX==File handle

Check on the MSDN for how parameters can be pushed before a call (_fastcall , _cdecl , _stdcall ...)

Regards, Neitsa.

JMI

September 17th, 2004, 22:00

You are expecting someone like Limee AKA Lamer to actually read the MSDN? His general way of proceeding is to ask lamer question here.

Regards,