Win32 Kernel32.CreateThread from assembler
Question
Hi to all....
////////////////////////////////////////////
PUSH 214D84DD // thread id address out
PUSH 0
PUSH 0
PUSH 214D84CD // my function address to run in the thread
PUSH 0
PUSH 0
CALL DWORD PTR DS:[4EBD1204] // KERNEL32.CreateThread
waiting_label:
NOP
JMP waiting_label
////////////////////////////////////////////
I have put a breakpoint on my function (214D84CD), but after the CreateThread, in the "waiting loop" my function is not invoked. Otherwise, if I call after CreateThread my application (and not the waiting loop) with many others threads, my function is invoked.
Why? There is some "DoEvents" api to force in my loop to call my thread function?
The thread id (214D84DD) and the return value EAX are not null. I'm run my application in a debugger (OllyDbg). And I'm not using any compiler.
Many thanks, Riccardo
3 answers
solution1
1 2011-10-12 14:28:51
HANDLE WINAPI CreateThread(
__in_opt LPSECURITY_ATTRIBUTES lpThreadAttributes,
__in SIZE_T dwStackSize,
__in LPTHREAD_START_ROUTINE lpStartAddress,
__in_opt LPVOID lpParameter,
__in DWORD dwCreationFlags,
__out_opt LPDWORD lpThreadId
);
you are passing them wrong. Since in stdcall, you have to push the argument in a reverse order, lpThreadId should be pushed first. Thus 214D84CD and 214D84DD should be flipped.
solution2
0 2011-10-12 12:41:21
您必须通过“线程”窗口手动切换到新创建的线程。
solution3
0 2011-10-13 13:02:27
Is because the CreateThread is in the initialization routine of a DLL.... :(
"During process startup and DLL initialization routines, new threads can be created, but they do not begin execution until DLL initialization is done for the process."
http://msdn.microsoft.com/en-us/library/windows/desktop/ms682453%28v=vs.85%29.aspx
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.