weird bug

delphi package - easy access to kernel objects etc.
Post Reply
HammerHead
Posts: 10
Joined: Wed May 05, 2004 10:43 pm

weird bug

Post by HammerHead »

Hi,

Found a bug in exportlist :
It resolves wrong ExportName :

Code: Select all

procedure TForm1.Button2Click(Sender: TObject);

var s1, s2 : string;
    p      : pointer;
begin
  p := GetProcAddress(GetModuleHandle('kernel32.dll'), 'LockResource');
  s1 := Process('explorer.exe').Exportlist.FindItem(p).Name;
  s2 := Process('explorer.exe').Exportlist.FindItem(p).ExportModule.FileName;
  s2 := ExtractFileName(S2);
  Label1.Caption:=s1;
end;

It should say as result : LockResource but instead u get SetHandleCount

weird..

gtz HammerHead
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

In which OS did you test that?
HammerHead
Posts: 10
Joined: Wed May 05, 2004 10:43 pm

Post by HammerHead »

win2k sp4
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Hmmmm... It works in my XP. Unfortunately right now I don't have a running w2k here. Could you please give me some more information?

(1) What does "GetProcAddress(GetModuleHandle(kernel32), 'LockResource')" return?

(2) What does "GetProcAddress(GetModuleHandle(kernel32), 'SetHandleCount')" return?

(3) What does "Process('explorer.exe').Exportlist.FindItem(p).Address" return?

Thanks!
HammerHead
Posts: 10
Joined: Wed May 05, 2004 10:43 pm

Post by HammerHead »

p:= GetProcAddress(GetModuleHandle(kernel32), 'LockResource');---->$7C573ED1
p:=Process('explorer.exe').Exportlist.FindItem(p).Address;---->$7C573ED1
p:= GetProcAddress(GetModuleHandle(kernel32), 'SetHandleCount');---->$7C573ED1
p:=Process('explorer.exe').Exportlist.FindItem(p).Address;---->$7C573ED1

----------------------

Seems they return all the same values (bug in GetProcAddress??)

grtz HammerHead
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

I think kernel32 really exports those 2 APIs with the same address. Don't ask me why, I've no idea. They are different in XP. Anyway, it doesn't seem to be a bug in madKernel... :wink:
Post Reply