You have not written code to place a zero in RCX for use as a comparand. You have written code to write 0 to the qword at the address contained in rcx.
Good Luck.
Dave Cattley
if you want to make ecx 0 for comaprison
use mov ecx, 0 / mov rcx ,0 , xor ecx, ecx xor rcx rcx etc
do not write to bogus memory
ecx rcx is as DT said undefined and is a sure cause to crash
On 12/6/16, Dave Cattley wrote:
> You have not written code to place a zero in RCX for use as a comparand.
> You have written code to write 0 to the qword at the address contained in
> rcx.
>
> Good Luck.
> Dave Cattley
>
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list online at:
> http:
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and software
> drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at
> http:</http:></http:></http:>
> mov qword ptr rcx, 0h
Ok this instruction does compile but it is not needed. To check for a NULL returned value do the following:
call RAX; RAX is loaded with GetProcessAddress
test RAX, RAX; if RAX is loaded with 0, the 0 flag bit is set by the test instruction
je _GetProcAddress_Failed; jump to the error Handler if GetProcAddress returned NULL