Stupid function errr

[James]

I'm in a bit of a pickle. There is a problem with one of the multi million dollar progs we use for work.
Basically, it's not creating the driver correctly. All of our printers are network printers and for some odd reason the application doesn't print intermittently. It works sometimes and doesn't at other times. It's a really annoying issue that the company has been dealing with for 3 years and unfortunately, their development team sucks hard core.

I am seriously considering in taking matters to my own hands, and I think it comes down to hooking the function and rewriting it so that it supports network printers. Basically here is a log of the assemble of the function where it crashes:

Code:

008748AC  /$  55            PUSH EBP
008748AD  |.  8BEC          MOV EBP,ESP
008748AF  |.  83C4 F4       ADD ESP,-0C
008748B2  |.  8945 FC       MOV DWORD PTR SS:[EBP-4],EAX
008748B5  |.  8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
008748B8  |.  8B40 1E       MOV EAX,DWORD PTR DS:[EAX+1E]
008748BB  |.  8B10          MOV EDX,DWORD PTR DS:[EAX]
008748BD  |.  FF12          CALL DWORD PTR DS:[EDX]
008748BF  |.  33C0          XOR EAX,EAX
008748C1  |.  8945 F8       MOV DWORD PTR SS:[EBP-8],EAX
008748C4  |.  33C0          XOR EAX,EAX
008748C6  |.  55            PUSH EBP
008748C7  |.  68 324A8700   PUSH MHC.00874A32
008748CC  |.  64:FF30       PUSH DWORD PTR FS:[EAX]
008748CF  |.  64:8920       MOV DWORD PTR FS:[EAX],ESP
008748D2  |.  8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
008748D5  |.  8378 0A 00    CMP DWORD PTR DS:[EAX+A],0
008748D9  |.  0F85 31010000 JNZ MHC.00874A10
008748DF  |.  E8 88400000   CALL MHC.0087896C
008748E4  |.  8B55 FC       MOV EDX,DWORD PTR SS:[EBP-4]
008748E7  |.  8B52 2B       MOV EDX,DWORD PTR DS:[EDX+2B]
008748EA  |.  E8 1DF0FFFF   CALL MHC.0087390C
008748EF  |.  8945 F4       MOV DWORD PTR SS:[EBP-C],EAX
008748F2  |.  837D F4 00    CMP DWORD PTR SS:[EBP-C],0
008748F6  |.  0F84 14010000 JE MHC.00874A10
008748FC  |.  8B45 F4       MOV EAX,DWORD PTR SS:[EBP-C]
008748FF  |.  8078 1C 00    CMP BYTE PTR DS:[EAX+1C],0
00874903  |.  0F84 07010000 JE MHC.00874A10
00874909  |.  8B45 F4       MOV EAX,DWORD PTR SS:[EBP-C]
0087490C  |.  8B15 DCFA8600 MOV EDX,DWORD PTR DS:[86FADC]            ;  MHC.0086FB28
00874912  |.  E8 0908B9FF   CALL MHC.00405120
00874917  |.  84C0          TEST AL,AL
00874919  |.  74 30         JE SHORT MHC.0087494B
0087491B  |.  8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
0087491E  |.  8078 26 00    CMP BYTE PTR DS:[EAX+26],0
00874922  |.  74 18         JE SHORT MHC.0087493C
00874924  |.  B9 484A8700   MOV ECX,MHC.00874A48                     ;  ASCII "Screen printer does not support printing."
00874929  |.  B2 01         MOV DL,1
0087492B  |.  A1 54D08600   MOV EAX,DWORD PTR DS:[86D054]
00874930  |.  E8 E710BAFF   CALL MHC.00415A1C
00874935  |.  E8 D20FB9FF   CALL MHC.0040590C
0087493A  |.  EB 6C         JMP SHORT MHC.008749A8
0087493C  |>  6A 00         PUSH 0                                   ; /hWnd = NULL
0087493E  |.  E8 6151B9FF   CALL <JMP.&user32.GetDC>                 ; \GetDC
00874943  |.  8B55 FC       MOV EDX,DWORD PTR SS:[EBP-4]
00874946  |.  8942 0A       MOV DWORD PTR DS:[EDX+A],EAX
00874949  |.  EB 5D         JMP SHORT MHC.008749A8
0087494B  |>  8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
0087494E  |.  8078 26 00    CMP BYTE PTR DS:[EAX+26],0
00874952  |.  74 2B         JE SHORT MHC.0087497F
00874954  |.  8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
00874957  |.  E8 F4FEFFFF   CALL MHC.00874850
0087495C  |.  50            PUSH EAX                                 ; /pInitData
0087495D  |.  8B45 F4       MOV EAX,DWORD PTR SS:[EBP-C]             ; |
00874960  |.  8B40 0C       MOV EAX,DWORD PTR DS:[EAX+C]             ; |
00874963  |.  50            PUSH EAX                                 ; |Output
00874964  |.  8B45 F4       MOV EAX,DWORD PTR SS:[EBP-C]             ; |
00874967  |.  8B40 08       MOV EAX,DWORD PTR DS:[EAX+8]             ; |
0087496A  |.  50            PUSH EAX                                 ; |Device
0087496B  |.  8B45 F4       MOV EAX,DWORD PTR SS:[EBP-C]             ; |
0087496E  |.  8B40 04       MOV EAX,DWORD PTR DS:[EAX+4]             ; |
00874971  |.  50            PUSH EAX                                 ; |Driver
00874972  |.  E8 154AB9FF   CALL <JMP.&gdi32.CreateDCA>              ; \CreateDCA
00874977  |.  8B55 FC       MOV EDX,DWORD PTR SS:[EBP-4]
0087497A  |.  8942 0A       MOV DWORD PTR DS:[EDX+A],EAX
0087497D  |.  EB 29         JMP SHORT MHC.008749A8
0087497F  |>  8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
00874982  |.  E8 C9FEFFFF   CALL MHC.00874850
00874987  |.  50            PUSH EAX                                 ; /pDevmode
00874988  |.  8B45 F4       MOV EAX,DWORD PTR SS:[EBP-C]             ; |
0087498B  |.  8B40 0C       MOV EAX,DWORD PTR DS:[EAX+C]             ; |
0087498E  |.  50            PUSH EAX                                 ; |Output
0087498F  |.  8B45 F4       MOV EAX,DWORD PTR SS:[EBP-C]             ; |
00874992  |.  8B40 08       MOV EAX,DWORD PTR DS:[EAX+8]             ; |
00874995  |.  50            PUSH EAX                                 ; |Device
00874996  |.  8B45 F4       MOV EAX,DWORD PTR SS:[EBP-C]             ; |
00874999  |.  8B40 04       MOV EAX,DWORD PTR DS:[EAX+4]             ; |
0087499C  |.  50            PUSH EAX                                 ; |Driver
0087499D  |.  E8 3A4AB9FF   CALL <JMP.&gdi32.CreateICA>              ; \CreateICA
008749A2  |.  8B55 FC       MOV EDX,DWORD PTR SS:[EBP-4]
008749A5  |.  8942 0A       MOV DWORD PTR DS:[EDX+A],EAX
008749A8  |>  8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
008749AB  |.  8378 0A 00    CMP DWORD PTR DS:[EAX+A],0
008749AF  |.  75 3D         JNZ SHORT MHC.008749EE
008749B1  |.  8B45 F4       MOV EAX,DWORD PTR SS:[EBP-C]
008749B4  |.  C640 1C 00    MOV BYTE PTR DS:[EAX+1C],0
008749B8  |.  8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
008749BB  |.  8078 26 00    CMP BYTE PTR DS:[EAX+26],0
008749BF  |.  75 2D         JNZ SHORT MHC.008749EE

ASCII "Screen printer does not support printing."

This is actually the error message that comes up when the printer fails creating the driver. From the looks of it, I will have to hook and rewrite these 2 functions to get it working.

http://msdn.microsoft.com/en-us/libr...8VS.85%29.aspx
http://msdn.microsoft.com/en-us/libr...8VS.85%29.aspx
http://msdn.microsoft.com/en-us/libr...8VS.85%29.aspx

Anyone have any better suggestions?

[Razo[R]apiD]

Check whats stored in EBP-4, it seems like it's some kind of WinAPI structure that holds some info about the driver. Before message appears, it compares a value from this struct with 0. (It's a 9th/10th field of structure)

[James]

Here is what I've gathered from debugging:

Code:

Stack SS:[0018EE94]=0D010308
EAX=0D010308

Stack SS:[0018EE94]=0D010308
EAX=00000000

Stack SS:[0018EE94]=0D010308
EDX=00000890

------------------
DS:[0086FADC]=0086FB28 (MHC.0086FB28)
EDX=068352B8, (ASCII "\\earth\IS_Copier")
------------------

Stack SS:[0018EE94]=0D010308
EAX=00000000
Jump from 00874919

------------------
Stack SS:[0018EE94]=0D010308
EAX=0D010308
Jump from 00874952
------------------

EAX=10888CE0, (ASCII "\\earth\IS_Copier")
Stack SS:[0018EE8C]=06861BD8
EAX=10888CE0, (ASCII "\\earth\IS_Copier")

DS:[06861BE0]=068352F4, (ASCII "\\earth\IS_Copier")
EAX=06861BD8

EAX=068352F4, (ASCII "\\earth\IS_Copier")

Stack SS:[0018EE8C]=06861BD8
EAX=068352F4, (ASCII "\\earth\IS_Copier")



Stack SS:[0018EE94]=0D010308
EDX=034B40F0

Stack SS:[0018EE94]=0D010308
EAX=0D010308
Jumps from 008749AF, 008749BF, 008749D1

[James]

I have yet another idea. Since this program is having so much problems with printing, I was thinking I can redo that function and direct it to a different print function that would also print what I need from the program. Since this clinical program seems to be the only application that seems to be having a print related issue, I was curious what function an application like Microsoft Word uses? Does anyone have any ideas?

I'm hoping replacing the print function with a print function from Word will resolve my problem hassle free. Hopefully this isn't too complicated of a task to accomplish.