Using Strpos to exclude winold.mod and wowexec.exe for the filename returned when calling VDNEnumTaskWowEx, a 16bit api.
I found a situation using strpos where it will return a result greater than the filename.
Any ideas how that happens?
Well as usual, it would help if you showed your code and what values are in fields so we can do something more than just guess!
Btw welcome back
Cheers
ISWA = windows api
IS = my WA function wrapper (in the appgen)
Calls the 16bit VDM callback
Loc:ProcessIdentifier is from winapi GetWindowThreadProcessID
Loc:NTVDMTasksRunning = ISWA_VDMEnumTaskWOWEx( Loc:ProcessIdentifier, address( IS_NTVDMProcessTasks ), address( Loc:CommandLine ) )
Defined as a local procedure in the embeds.
IS_NTVDMProcessTask procedure( ulong dwThreadId, short hMod16, short hTask16, *cstring pszModName, long lParam ) ! Bool, pascal
Loc:NTVDMCommandLine cstring(1024) ! Cant poke the 16bit pszModName directly can only assign to a var belonging to the app before poking
Code
If NOT StrPos( pszModName,' {{\\\SYSTEM32\\\WOWEXEC.EXE|\\\SYSTEM32\\\WINOLDAP.MOD}$',True)
Loc:NTVDMCommandLine = pszModName
Poke(lParam, Loc:NTVDMCommandLine)
End
Return False ! Carry on enumerating because cant gaurantee the order pszModName is returned in. Might not always be first!
Where it messes up is if you remove the double backslashes and then I get a StrPos value 32 which is beyond the length of pszModName if you use this param output: ProcessTasks callback function (Windows) | Microsoft Learn
Note the extra pszFilename. If you add that to the IS_NTVDM prototype it messes up.
Its as if the pszModName and pszFilename is actually an āeither orā, aka pszModName|pszFilename .
Unless the *cstring is not a long cstring but short cstringā¦ I havent checked that in the debugger yet, but as these are 16bit values, no reason to assume *cstring is a four byte address, but actually a two byte address.
Whats the encapsulate code thing called for this forum?
Is it the POKE that āwrites as many bytes as are in the source variableā ?
Your source, Loc:NTVDMCommandLine = CSTRING(1024)
Its the strpos thats messing up, but I might have found the reason. The call back is chucking out 16bit data and thats where it might be messing up, ie shortcstring instead of longcstring which Im prototyping as *cstring.
Iāll change the callback prototype to shorts and see what happens then in the debugger.
Edit: I dont think its a short cstring issue as lparm is a long, so its this machine playing up in a clever wayā¦
Just like this phone is playing up on this website again.
Oh well, Iāll just keep banging my head against a brick wallā¦
I have to admit Iām not sure I understand where your problem is, are you having a problem in the callback?
This is what I get in my test app.
! **************************************************************************************************************************
VDM_Task_CB Function(dwThreadID,hMod16,hTask16,pszModName,pszFilename,lpUserDefined)
! https://learn.microsoft.com/en-us/windows/win32/api/vdmdbg/nf-vdmdbg-vdmenumtaskwowex
! https://learn.microsoft.com/en-us/previous-versions/bb963828(v=vs.85)
! **************************************************************************************************************************
Code
PZATRACE:TraceText('VDM_Task_CB', dwThreadID & ' ' & hMod16 & ' ' & hTask16)
VDMTaskQ:ThreadID = dwThreadID
VDMTaskQ:ModuleHdl = hMod16
VDMTaskQ:TaskHdl = hTask16
VDMTaskQ:ModuleName = PZARTL:DerefStrPtrA(pszModName)
VDMTaskQ:FileName = PZARTL:DerefStrPtrA(pszFilename)
Add(VDMTaskQ)
Return(False)
This machine keeps playing up, Im now getting errors on an exe thats not changed for days:
Link error: Duplicate symbol: Export
Link error: Duplicate symbol: List
Link error: Duplicate symbol: the
Link error: Duplicate symbol: export
Do you think someone is trying to tell me something?
Edit. Deleting appgen libs and regenerating them didnt fix this problem but making the exe only call the data dll did.
Time to add the code back inā¦ again.
Edit.
These compiler error messages are caused by a !comment placed in the global embeds, top of export list embed and inside export list embed.
Give up and take a break? 
Sorry, canāt help with that except to say delete the objs & libs and try building it again.
Why delete the libs?
Because if theyāre built by the compiler then it doesnāt matter, deleting them doesnāt hurt anything
Obviously if theyāre built using libmaker thatās a bad idea
So you think it might be an appgen lib causing problems trying to trick the compiler with the dynamic dll loading then?
Edit. How can win11 perform windows updates when its never been online, unless its a spurious message?
No idea, I donāt know enough about what youāre doing to be able to answer. But in a hand coded app that loads & calls the VDM API at runtime it seems to work OK for me (saying that based on the picture above)
Yeah handcode prjās work fine, its trying to get some of this working inside the appgen that the problems show up.
Can you screenshot what the duplicates are?
Its gone now, so cant reproduce, but where would I have find those duplicates?
Hi Richard
I am not completely clear on the problem but think you are having problems with strpos where there are doubled up backslashes.
If NOT StrPos( pszModName,' {{\\\SYSTEM32\\\WOWEXEC.EXE|\\\SYSTEM32\\\WINOLDAP.MOD}$',True)
granted you have had various issues with strPos in the past, maybe just use a simple check for the strings instead?
If I am understanding correctly, I think you are trying to see if pszModName ends with ā\SYSTEM32\WOWEXEC.EXEā or ā\SYSTEM32\WINOLDAP.MODā
I canāt remember if you said you had StringTheory or not, but if using that you could simply say:
if not (st.endsWith('\SYSTEM32\WOWEXEC.EXE') or st.endsWith('\SYSTEM32\WINOLDAP.MOD'))
do whatever
end
or some people may prefer that to be written without the not:
if st.endsWith('\SYSTEM32\WOWEXEC.EXE') or st.endsWith('\SYSTEM32\WINOLDAP.MOD')
! do nothing (or cycle if in a loop etc)
else
do whatever
end
but you could do similar with either string slicing or substr(), something like:
str1 string('\SYSTEM32\WOWEXEC.EXE')
str2 string('\SYSTEM32\WINOLDAP.MOD')
if substr(pszModName, len(pszModName)-size(str1)+1, size(str1)) = str1 or |
substr(pszModName, len(pszModName)-size(str2)+1, size(str2)) = str2
! do nothing (or cycle if in a loop etc)
else
do whatever
end
I think that is correct but it is not tested which is one reason why I prefer to use ST as I can concentrate on the bigger picture and not worry about lower-level details and whether I have got all the details correct.
tl;dr if strpos() is causing you grief, just side-step the problem and move on.
Had too many issues with code not working suddenly and not knowing why. Im not putting up with it anymore.
OK, hereās a self contained prj/clw pair with the .a file thatās used and the c6 executable that it builds. This is as small an example as I can make it.
vdm2.zip (332.6 KB)
EDIT
Thereās an extra INCLUDE of an .EQ8 file in the .CLW I left in by mistake, you can take it out.
1 Like
Iāll check it out once I can figure out why this laptop has suddenly stopped charging and is currently dead.
Thanks.
Iāve only looked at the source not followed in the debugger yet, but 42, not a hitchhikers 42, but the hard coded number thats the 1st number after the zeroād ebx, ecx, edx, is this some sort of padding before the first winapi param is passed?
Why the use of Longs instead of Ulongs?
Is this simply because because its a 4 byte data type thats perhaps most commonly used?
When Chapman came round my house, they said just use Longs but I never got a satisfactory reason why just to use Longs when other data types, ie appropriate use of Ulongs provides accurate/best representation of data values in the debugger and apps.
In other words, are Longs used for expediency and obsfuscation?
Tia
Edit.
Those pdfs in the zip file when viewed in MS Edge crashes my win11 laptop but they dont crash firefox or samsung notes when I view them on the phone.
What did you use to make those pdfās?