Date: Sun, 2 Apr 2000 11:53:35 +0200 (IST)
From: Eli Zaretskii <eliz AT is DOT elta DOT co DOT il>
X-Sender: eliz AT is
To: Mark Geisert <admin AT xenon DOT gem DOT net>
cc: djgpp AT delorie DOT com
Subject: Re: Is DOS dead?
In-Reply-To: <Pine.BSD/.3.91.1000402010100.22941A-100000@xenon.gem.net>
Message-ID: <Pine.SUN.3.91.1000402115200.9367u-100000@is>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Reply-To: djgpp AT delorie DOT com
Errors-To: nobody AT delorie DOT com
X-Mailing-List: djgpp AT delorie DOT com
X-Unsubscribes-To: listserv AT delorie DOT com
Precedence: bulk


On Sun, 2 Apr 2000, Mark Geisert wrote:

> > What service would you suggest to try this method?
> 
> Hi Eli,
> 
> The NT syscalls are amazingly underdocumented considering how widely NT 
> is used.  I don't have a specific syscall in mind.
> 
> My understanding is that the list of syscalls changes from release to
> release and syscalls could even be added by service pack.  I've not been 
> able to find the mapping between syscalls (the Zw... exports from 
> NTDLL.DLL I think (don't have my notes handy)) and the service numbers
> that you'd put in EAX to invoke the syscall via Int 0x2E.  I have some 
> leads on that which I haven't yet followed.

Yes, I asked the question precisely because this is not documented 
anywhere, and because I don't use NT/W2K enough to know myself.

> I was actually considering something risky to determine if this strategy 
> would work at all, which would be to just try various small values in EAX.  

I think it could work, but we need a real example to try.