Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Windows system calls [duplicate]

I have a (very) basic understanding of assembly using system calls on Linux (I use the GNU assembler as). On Windows 7, I am using the MinGW (32-bit) port of the GCC compiler suite to produce assembler programs. On Linux I regularily use the C library for some OS interactions in my assembler programs, and on my Windows platform this works perfectly as well using MinGW. Sometimes, however, I want to use low-level system calls -- mostly to keep my executables as small as possible. On Linux I know how to do this:

movl        $0, %ebx
movl        $1, %eax
int $0x80   ; exit with code 0

I also use these system calls for reading/writing chars to/from the terminal (for writing syscall with 4 in EAX for example). I was wondering how to do this on a Windows NT platform. Is it possible? I looked at this table, but I don't really understand the names of the syscalls. Any help is welcome.

like image 375
DiscobarMolokai Avatar asked Jan 12 '14 11:01

DiscobarMolokai


People also ask

What is DuplicateHandle?

DuplicateHandle can be called by either the source process or the target process (or a process that is both the source and target process). For example, a process can use DuplicateHandle to create a noninheritable duplicate of an inheritable handle, or a handle with different access than the original handle.

How many system calls does Windows have?

There are mainly 5 types of system calls available. Process Control: It handles the system calls for process creation, deletion, etc. Examples for process control system calls are: Load, Execute, Abort, Wait Signal events for process.

What are Windows system calls?

Windows System Calls System calls in Windows are used for file system control, process control, interprocess communication, main memory management, I/O device handling, security etc. The programs interact with the Windows operating system using the system calls.


1 Answers

The Nt* set of functions are undocumented with good reason: it's internal to Windows and changes between versions, meaning that programs that target it directly are at high-risk of breaking between Windows versions.

Really, there is not that big an overhead with targeting public, documented functions, and you get Microsoft's guarantee that your program will work with future versions of Windows provided you use the API correctly.

For that reason, I won't provide you with the answer you want. I strongly advise you to use the public console API: http://msdn.microsoft.com/en-us/library/windows/desktop/ms682073%28v=vs.85%29.aspx

Update

I assume that is for experimentation or fun, indeed the OP wrote:

Sometimes, however, I want to use low-level system calls -- mostly to keep my executables as small as possible.

...I find this line of reasoning problematic and I don't want to act as an enabler for these kinds of development practices, especially as there is no practical benefit to using syscalls for console tasks.

If someone wants to know how to use low-level syscalls in Windows then please post a new question, suitably framed, and I'll gladly answer it.

But as a starting point, see https://j00ru.vexillium.org/syscalls/nt/64/ for a reverse-engineered table of x64 NT system-call numbers broken down by Windows kernel version. (Do not use in portable code, only for experiments to satisfy your curiosity about how Windows and/or asm works.)

like image 75
Dai Avatar answered Sep 19 '22 14:09

Dai