delorie.com/archives/browse.cgi   search  
Mail Archives: djgpp/2000/04/03/23:05:51

Date: Mon, 3 Apr 2000 18:26:22 -0700 (PDT)
From: Mark Geisert <admin AT xenon DOT gem DOT net>
To: Eli Zaretskii <eliz AT is DOT elta DOT co DOT il>
cc: djgpp AT delorie DOT com
Subject: Re: Is DOS dead?
In-Reply-To: <Pine.SUN.3.91.1000402115200.9367u-100000@is>
Message-ID: <Pine.BSD/.3.91.1000403180956.7718A-100000@xenon.gem.net>
MIME-Version: 1.0
Reply-To: djgpp AT delorie DOT com
Errors-To: nobody AT delorie DOT com
X-Mailing-List: djgpp AT delorie DOT com
X-Unsubscribes-To: listserv AT delorie DOT com

Hello Eli,
I have some good news and some bad news, as the saying goes.

First, the bad news.  The service numbers (that would be loaded into EAX
before invoking Int 0x2E) can change from Windows version to version.  For 
example, I wanted to code a nice, benign, syscall ZwYieldExecution, which 
is the NT API equivalent of the Win32 SwitchToThread().  This is service
number 0xD2 on Windows NT but 0xF7 on Windows 2000.

A new-for-Win2000 syscall ZwQueryDefaultUILanguage is service number 
0x7C, but Windows NT uses 0x7C for ZwQuerySystemInformation.

So we can't depend on service numbers.

Next, the good news (possibly..)

When NT creates a new process, the process' FS register contains a selector 
that can be used to address the TEB, Thread Environment Block.  There is a
way to use this to get the Windows version.  This is how GetVersion() works, 
BTW, it's not a wrapper on a syscall but a bunch of load-relatives from FS.

Is the FS register available with it's original contents to DJGPP-built 
programs running from a Command Prompt window?
Cheers,

..mark


On Sun, 2 Apr 2000, Eli Zaretskii wrote:

> 
> On Sun, 2 Apr 2000, Mark Geisert wrote:
> 
> > > What service would you suggest to try this method?
> > 
> > Hi Eli,
> > 
> > The NT syscalls are amazingly underdocumented considering how widely NT 
> > is used.  I don't have a specific syscall in mind.
> > 
> > My understanding is that the list of syscalls changes from release to
> > release and syscalls could even be added by service pack.  I've not been 
> > able to find the mapping between syscalls (the Zw... exports from 
> > NTDLL.DLL I think (don't have my notes handy)) and the service numbers
> > that you'd put in EAX to invoke the syscall via Int 0x2E.  I have some 
> > leads on that which I haven't yet followed.
> 
> Yes, I asked the question precisely because this is not documented 
> anywhere, and because I don't use NT/W2K enough to know myself.
> 
> > I was actually considering something risky to determine if this strategy 
> > would work at all, which would be to just try various small values in EAX.  
> 
> I think it could work, but we need a real example to try.

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019