Hello guys,
I posted in morning about how can I read specific address from the file, and CPallini had answered me and the solution he gave me worked.
Now, the problem is when I use SetPointerEx twice I got this error "ERROR_INVALID_PARAMETER", I read in msdn about it and msdn gave me what the problem is but msdn didn't gave me how can I solve it.
Here is my code in MASM32:
PUSH NULL ; /hTemplateFile = NULL
PUSH FILE_ATTRIBUTE_NORMAL ; |Attributes = FILE_ATTRIBUTE_NORMAL
PUSH OPEN_EXISTING ; |Mode = OPEN_EXISTING
PUSH 0 ; |pSecurity = NULL
PUSH FILE_SHARE_READ + FILE_SHARE_WRITE ; |ShareMode = FILE_SHARE_READ|FILE_SHARE_WRITE
PUSH GENERIC_ALL ; |Access = GENERIC_ALL
PUSH FileName ; |FileName = "*.exe"
CALL CreateFileA ; \CreateFileA
MOV hFile,EAX
PUSH 0 ; /pFileSizeHigh = NULL
PUSH hFile ; |hFile = hFile
CALL GetFileSize ; \GetFileSize
CMP EAX, 0h
JZ Exit
PUSH FILE_BEGIN ; /dwMoveMethod = FILE_BEGIN
PUSH NULL ; |lpNewFilePointer = NULL
PUSH 03Ch ; |liDistanceToMove = 03Ch
PUSH hFile ; |hFile = hFile
CALL SetFilePointerEx ; \SetFilePointerEx
MOV BytesToRead, 04h
PUSH 0 ; /pOverlapped = NULL
LEA EAX, pBytesRead
PUSH EAX ; |pBytesRead = ?
PUSH BytesToRead ; |BytesToRead = 04h
LEA EAX, Buffer
PUSH EAX ; |Buffer
PUSH hFile ; |hFile = hFile
CALL ReadFile ; \ReadFile
MOV EAX, Buffer
MOV PEsig, EAX
MOV EAX, PEsig
ADD EAX, 028h
PUSH FILE_BEGIN ; /dwMoveMethod = FILE_BEGIN
PUSH NULL ; |lpNewFilePointer = NULL
PUSH EAX ; |liDistanceToMove = PEsig + 28h
PUSH hFile ; |hFile = hFile
CALL SetFilePointerEx ; \SetFilePointerEx
MOV BytesToRead, 04h
PUSH 0 ; /pOverlapped = NULL
LEA EAX, pBytesRead
PUSH EAX ; |pBytesRead = ?
PUSH BytesToRead ; |BytesToRead = 04h
LEA EAX, Buffer
PUSH EAX ; |Buffer
PUSH hFile ; |hFile = hFile
CALL ReadFile ; \ReadFile
MOV EAX, Buffer
MOV EntryPoint, EAX
PUSH hFile ; /hObject = hFile
CALL CloseHandle ; \CloseHandle
In first call the function works prefectly but in the second call the error occured.
According to this
link
"If the hFile handle was opened with the FILE_FLAG_NO_BUFFERING flag set, an application can move the file pointer only to sector-aligned positions. A sector-aligned position is a position that is a whole number multiple of the volume's sector size. An application can obtain a volume's sector size by calling the GetDiskFreeSpace function. If an application calls SetFilePointerEx with distance-to-move values that result in a position that is not sector-aligned and a handle that was opened with FILE_FLAG_NO_BUFFERING, the function fails, and GetLastError returns ERROR_INVALID_PARAMETER. For additional information, see File Buffering."
And I have see the next
link
"Alignment and File Access Requirements
As previously discussed, an application must meet certain requirements when working with files opened with FILE_FLAG_NO_BUFFERING. The following specifics apply:
File access sizes, including the optional file offset in the OVERLAPPED structure, if specified, must be for a number of bytes that is an integer multiple of the volume sector size. For example, if the sector size is 512 bytes, an application can request reads and writes of 512, 1,024, 1,536, or 2,048 bytes, but not of 335, 981, or 7,171 bytes.
File access buffer addresses for read and write operations should be physical sector-aligned, which means aligned on addresses in memory that are integer multiples of the volume's physical sector size. Depending on the disk, this requirement may not be enforced."
So, How can I solve the problem? how can I achieve these requirements? What should I do?