[MASM] Why does it crash?

[ShadowRayz]

start:
invoke ShellExecute,NULL ,NULL ,addr Notepad ,NULL ,NULL, SW_SHOWNORMAL
end start

that's the whole code, besides the Notepad variable

Notepad db "C:\Windows\Notepad.exe",0

it opens notepad but then i get a memory crash, mem cannot be read.

why is that?.

[DrPepUr]

Try this

.dataszNotepad db "Notepad.exe",0
szAction db "Open",0.code
invoke ShellExecute,NULL ,Addr szAction ,addr szNotepad ,NULL ,NULL, SW_SHOWNORMAL
invoke ExitProcess,00

Edited September 7, 2008 by DrPepUr

[ShadowRayz]

I know that the ExitProcess would 'kill' the crash error but i thought its just a cheap way to avoiding something that i might have forgotten, but if its the way it should be then thx

[mudlord]

it opens notepad but then i get a memory crash, mem cannot be read.

could have got your notepad var wrong.

In Win32 C, paths that are accepted by ShellExecute are expected to be like this:

"C:\\Windows\\Notepad.exe"

That could be your issue....

Edited September 7, 2008 by mudlord

[Killboy]

The two backslashes are just needed for C(++) since \ denotes a special char, so you need two backslashes to indicate you want the '\' character itself.

The resulting string looks like the one posted by ShadowRayz, just one backslash

It seems like MASM doesnt need that

[ShadowRayz]

Actaully i debugged the .exe and i saw that MASM Does use double \\, or so Olly say's, but the string in the dump remins C:\Windows\Notepad.exe

[HVC]

start:
invoke ShellExecute,NULL ,NULL ,addr Notepad ,NULL ,NULL, SW_SHOWNORMAL
end start

The app crashes because once the API call is executed, section padding starts executed as code.

(Relatively to the compiler, a code section is filled with 000h or 0CCh bytes, till its size is rounded up to the next multiple of an alignment value defined in the "SectionAlignment" member of the optional header - MASM linker sets this value by default to 1000h.)

So, the application crashes, cause the alignment bytes start being executed as code, with unpredictable results.

00401000 > $ 6A 01		  PUSH 1		; /IsShown = 1
00401002   . 6A 00		  PUSH 0		; |DefDir = NULL
00401004   . 6A 00		  PUSH 0		; |Parameters = NULL
00401006   . 68 00304000	PUSH Test.00403000; |FileName = "C:\Windows\Notepad.exe"
0040100B   . 6A 00		  PUSH 0		; |Operation = NULL
0040100D   . 6A 00		  PUSH 0		; |hWnd = NULL
0040100F   . E8 00000000	CALL <JMP.&shell32.ShellExecuteA>; \ShellExecuteA
00401014   $-FF25 00204000  JMP DWORD PTR DS:[<&shell32.ShellExecute>;  shell32.ShellExecuteA
0040101A	 0000		   ADD BYTE PTR DS:[EAX],AL;---------|
0040101C	 0000		   ADD BYTE PTR DS:[EAX],AL;---------|
0040101E	 0000		   ADD BYTE PTR DS:[EAX],AL;---------| ALIGNMENT BYTES TREATED AS CODE
00401020	 0000		   ADD BYTE PTR DS:[EAX],AL;---------|
00401022	 0000		   ADD BYTE PTR DS:[EAX],AL;---------|
00401024	 0000		   ADD BYTE PTR DS:[EAX],AL;---------|
.............

You need to terminate the program somehow... If this is all you want your executable to do, terminating it by the method DrPepUr suggested is not a "cheap" way - it's the recommended way.

Edited September 7, 2008 by HVC

[human]

you have to close program, if i remember correctly you can put ret instead of exitprocess and it will work same way.

without close it will continue from code after that call, so random behaviour.

[metr0]

The retn thingy caused some problems for me in the past, the top of the stack holds ExitThread, but it seems like some compiler like to overwrite this value, replacing it with local variables. :x - If the simple retn does not work for you, just call ExitProcess/-Thread which will terminate your application in a rather secure way.