Win32 Kernel32.CreateThread from assembler

Hi to all....

////////////////////////////////////////////

PUSH 214D84DD // thread id address out
PUSH 0  
PUSH 0
PUSH 214D84CD // my function address to run in the thread
PUSH 0
PUSH 0
CALL DWORD PTR DS:[4EBD1204]  // KERNEL32.CreateThread


waiting_label:
NOP
JMP waiting_label

////////////////////////////////////////////

I have put a breakpoint on my function (214D84CD), but after the CreateThread, in the "waiting loop" my function is not invoked. Otherwise, if I call after CreateThread my application (and not the waiting loop) with many others threads, my function is invoked.

Why? There is some "DoEvents" api to force in my loop to call my thread function?

The thread id (214D84DD) and the return value EAX are not null. I'm run my application in a debugger (OllyDbg). And I'm not using any compiler.

Many thanks, Riccardo

Upvotes: 0

Answers (3)

Rick

Reputation: 1072

Is because the CreateThread is in the initialization routine of a DLL.... :(

"During process startup and DLL initialization routines, new threads can be created, but they do not begin execution until DLL initialization is done for the process."

http://msdn.microsoft.com/en-us/library/windows/desktop/ms682453%28v=vs.85%29.aspx

Upvotes: 0

JosephH

Reputation: 8825

HANDLE WINAPI CreateThread(
  __in_opt   LPSECURITY_ATTRIBUTES lpThreadAttributes,
  __in       SIZE_T dwStackSize,
  __in       LPTHREAD_START_ROUTINE lpStartAddress,
  __in_opt   LPVOID lpParameter,
  __in       DWORD dwCreationFlags,
  __out_opt  LPDWORD lpThreadId
);

you are passing them wrong. Since in stdcall, you have to push the argument in a reverse order, lpThreadId should be pushed first. Thus 214D84CD and 214D84DD should be flipped.

Upvotes: 1

BlackBear

Reputation: 22989

You have to manually switch to the newly created thread via the 'threads' window.

Upvotes: 0

Win32 Kernel32.CreateThread from assembler

Answers (3)

Related Questions