Crash on Windows 8

[GoogleCodeExporter]

Calling to GetModuleHandle64 causes the crash.
I think, M$ changed something in Windows 8 64.

SOME OF ASM:
14D821F7 - 8B 4D F8              - mov ecx,[ebp-08]
14D821FA - F7 D9                 - neg ecx
14D821FC - 1B C9                 - sbb ecx,ecx
14D821FE - F7 D1                 - not ecx
14D82200 - 23 4D F4              - and ecx,[ebp-0C]
14D82203 - 8B 41 60              - mov eax,[ecx+60]
14D82206 - 8B 48 18              - mov ecx,[eax+18]
14D82209 - 8B 79 10              - mov edi,[ecx+10] <-- crash 0xC0000005 here
14D8220C - 8D 59 10              - lea ebx,[ecx+10]
14D8220F - 0FB7 4F 58            - movzx ecx,word ptr [edi+58]
14D82213 - 8B 55 08              - mov edx,[ebp+08]
14D82216 - 8B 77 60              - mov esi,[edi+60]
14D82219 - 83 F9 04              - cmp ecx,04
14D8221C - 72 16                 - jb 14D82234
14D8221E - 8B FF                 - mov edi,edi

Original issue reported on code.google.com by chris.st...@gmail.com on 13 Nov 2012 at 8:31

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

I've debugged it and now I'm sure that the problem is caused by LDR pointer to 
ntdll.dll @ Windows 8. Ntdll.dll is located at high base address, higher than 
0xFFFFFFFF and it's impossible to access that using standard x86 registers. 
When you fix it, you will have to fix GetModuleHandle64 (to retrieve DWORD64) 
and make some tricks to call ntdll.dll procedures.

I can also tell you, that they didn't change any offsets in PEB64, LDR or TEB64.

Original comment by chris.st...@gmail.com on 6 Jan 2013 at 9:03

[GoogleCodeExporter]

Problem solved in v1.0.0.3

Original comment by g...@rewolf.pl on 19 Oct 2013 at 3:25

• Changed state: Fixed