Imported functions pointed wrong address

CoolGuy 21 Reputation points
2022-01-21T03:13:04.467+00:00

167014-%E1%84%89%E1%85%B3%E1%84%8F%E1%85%B3%E1%84%85%E1%85%B5%E1%86%AB%E1%84%89%E1%85%A3%E1%86%BA3.png

-Sorry for my bad english...-

this is my source code
i think, it seems nothing wrong
but, when i run it with program.exe
it crashed

167084-adfasdf.png

i have no idea, why imported functions from kernel library pointed wrong address...

i need help!!!

---entry.dll(that loads thread_entry_point)------ 

.model FLAT  
  
extern __imp__LoadLibraryExA@12 : DWORD  
extern __imp__GetProcAddress@8 : DWORD  
extern __imp__CreateThread@24 : DWORD  
extern __imp__CloseHandle@4 : DWORD  
  
.data  
  
PluginMain BYTE "tf/addons/plugin_main.dll",0  
entry_point_name BYTE "_thread_entry_point@0",0  
  
DLL_PROCESS_ATTACH = 1  
DONT_RESOLVE_DLL_REFERENCES = 1  

.code  
  
_entry PROC  
  
push ebp  
mov ebp, esp  
mov al, [ebp+4+8]  
cmp al, DLL_PROCESS_ATTACH  
jne exit  
  
push DONT_RESOLVE_DLL_REFERENCES   
push 0  
push offset [PluginMain]  
call [__imp__LoadLibraryExA@12]  
test eax, eax  
jz exit  
  
push offset [entry_point_name]  
push eax  
call [__imp__GetProcAddress@8]  
  
push 0 ;lpThreadId  
push 0 ;dwCreationFlags  
push 0 ;lpParameter  
push eax ;lpStartAddress  
push 0 ;dwStackSize  
push 0 ;lpThreadAttributes  
call [__imp__CreateThread@24]  
push eax  
call [__imp__CloseHandle@4]  
  
exit:  
xor eax, eax  
pop ebp  
ret 12  
  
_entry ENDP  
  
END _entry

----plugin_main.dll(thread_entry_point)------ 

.model FLAT  
  
extern __imp__FindFirstFileA@8 : DWORD  
extern __imp__FindClose@4 : DWORD  
  
.data  
  
plugins_folder_path BYTE "tf/addons/plugins*"  
  
INVALID_HANDLE_VALUE = 0FFFFFFFFh  
  
.code  
  
thread_entry_point PROC STDCALL EXPORT  
  
push ebp  
mov ebp, esp  
sub esp, 328  
  
lea eax, [ebp-4]  
push eax  
push offset [plugins_folder_path]  
call [__imp__FindFirstFileA@8]  
cmp eax, INVALID_HANDLE_VALUE  
je continue  
  
push eax  
call [__imp__FindClose@4]  
add esp, 328  
  
continue:  
  
think:  
jmp think  
  
thread_entry_point ENDP  
  
END
Windows Forms
Windows Forms
A set of .NET Framework managed libraries for developing graphical user interfaces.
1,835 questions
C++
C++
A high-level, general-purpose programming language, created as an extension of the C programming language, that has object-oriented, generic, and functional features in addition to facilities for low-level memory manipulation.
3,537 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
8,221 questions
Accepted answer
  1. Limitless Technology 39,371 Reputation points
    2022-01-25T16:50:32.763+00:00

    Hi there,

    Check the correct executable path of the environment. Open a new terminal window and see if this helps.

    Start a standard session from the terminal and type this:

    >> import sys
    >> sys.executable

    Do the same in the notebook:

    In [1]: import sys
    sys.executable

    -Compare the results. Hopefully, this gives you a clue about what is going on.

    --If the reply is helpful, please Upvote and Accept it as an answer--

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Guido Franzke 2,196 Reputation points
    2022-01-21T06:52:12.873+00:00

    Hello,
    I don't think it's a problem of the kernel function. It's a problem of your code. It looks like when you call the function, you give it a NULL pointer. Showing us the assembler code of the kernel function does not help. Show us the code of your code where you call the function. But check in the debugger that the parametere variables are all valid (and not NULL).
    Regards, Guido

    Edit: if you don't know where in your code the function is called, check the call stack in the debugger when your programme "crashes".