1

I want to write assembly program using

windows syscall Interrupt number

, so in order to use system call in assembly level using int of sys call, In windows are there kernel calls like posix library unitsd.h in assembly level. where can i find windows system call list for opening file, mkdir,etc.(interrupt number), like the one in like _NR_write 4 in linux or unix.

asked Jul 21, 2016 at 16:14
2
  • What you're looking for would be the DOS API, but according to this, it isn't supported by modern windows, so you have to call the OS-provided standard libary function instead. Commented Jul 21, 2016 at 17:34
  • 1
    How does POSIX fit into this? Commented Jul 21, 2016 at 22:34

1 Answer 1

5

Yes.

The Windows NT kernel API (which is traditionally accessed by using the functions defined in ntdll.dll) can be accessed directly by use of the int 2e instruction. However this is not a supported way of using the system, and details of the implementation (including function codes) are likely to change between Windows versions.

The basic approach is:

  • place parameters to the function on the stack
  • put function code in EAX
  • execute int 2e
  • result is in EAX

There is a table of function codes here: http://j00ru.vexillium.org/ntapi/

answered Jul 21, 2016 at 21:31
1
  • Do you have a reference for amd64 ? Commented Jul 23, 2016 at 17:38

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.