This question already has answers here:
System Calls in Windows & Native API?
(5 answers)
Closed 4 years ago.
I have a (very) basic understanding of assembly using system calls on Linux (I use the GNU assembler as).
On Windows 7, I am using the MinGW (32-bit) port of the GCC compiler suite to produce assembler programs. On Linux I regularily use the C library for some OS interactions in my assembler programs, and on my Windows platform this works perfectly as well using MinGW. Sometimes, however, I want to use low-level system calls -- mostly to keep my executables as small as possible. On Linux I know how to do this:
movl $0, %ebx
movl $1, %eax
int $0x80 ; exit with code 0
I also use these system calls for reading/writing chars to/from the terminal (for writing syscall with 4 in EAX for example). I was wondering how to do this on a Windows NT platform. Is it possible? I looked at this table, but I don't really understand the names of the syscalls. Any help is welcome.
The Nt* set of functions are undocumented with good reason: it's internal to Windows and changes between versions, meaning that programs that target it directly are at high-risk of breaking between Windows versions.
Really, there is not that big an overhead with targeting public, documented functions, and you get Microsoft's guarantee that your program will work with future versions of Windows provided you use the API correctly.
For that reason, I won't provide you with the answer you want. I strongly advise you to use the public console API: http://msdn.microsoft.com/en-us/library/windows/desktop/ms682073%28v=vs.85%29.aspx
Update
I assume that is for experimentation or fun, indeed the OP wrote:
Sometimes, however, I want to use low-level system calls -- mostly to keep my executables as small as possible.
...I find this line of reasoning problematic and I don't want to act as an enabler for these kinds of development practices, especially as there is no practical benefit to using syscalls for console tasks.
If someone wants to know how to use low-level syscalls in Windows then please post a new question, suitably framed, and I'll gladly answer it.
But as a starting point, see https://j00ru.vexillium.org/syscalls/nt/64/ for a reverse-engineered table of x64 NT system-call numbers broken down by Windows kernel version. (Do not use in portable code, only for experiments to satisfy your curiosity about how Windows and/or asm works.)
Related
This question already has answers here:
System Calls in Windows & Native API?
(5 answers)
How to write hello world in assembly under Windows?
(9 answers)
Make a program using only system-calls not windows dll's [duplicate]
(1 answer)
Closed 11 months ago.
I still coudnt find any hint and hope somebody can usher me to the right pad:
If I want to programm in the pure plattform-indipendent x-86 assembler code without any NASM macros or functions with (), but with push, call and pull. How I can I find the right functions? The translator into opcode does find them. However do their places change in the different versions? Since there are no different versions of the Compiler into opcode, I suppose they do not. I hardly can find any adresses on the internet
What I actually search is something like the dos interrupts for windows 10 or 11
I also struggled finding sources on what to do. Platform independent coding basically means you are writing your own operating system. This is because it requires you to write a boot loader that takes your program, and moves it into the memory. It also requires you to make your own drivers and libraries: VGA driver, stdout (print functions), stdin, etc.
If you like, you can check out my repo here. I already hacked together my own boot-loader, linker script, etc. that handles the boringly complicated things! I also have a library (located in BODY/data.s) that features a ton of functions that I wrote myself. You can use these to help guide you in writing your own drivers if you'd like!
In order to use this development platform however, you need to install:
GNU binutils
GRUB (already included on most linux)
XORRISO
QEMU
This is all meant to run in linux. If you are using macos or windows, I recommend using either WSL or virtual box to install linux on your system! The code might also be slightly different that what you are used to, as it's called GAS assembly, which alters from the intel syntax.
Please reply if you have any issues with this, or need a better tutorial on how to set this up.
Finally, I recommend checking out osdev.org. There's great info on ports (how you communicate with the kb, mouse, etc.) and how the VGA ram works.
This question already has an answer here:
Make a program using only system-calls not windows dll's [duplicate]
(1 answer)
Closed 4 years ago.
For educational purposes, I am trying to create a (32-bit) exe on Windows from assembly code that does not rely on the standard C library or Windows DLLs.
I can create a program that starts to run (and that I am able to debug with gdb) however I am not sure how to cleanly exit the program. All tutorials either link to the standard C library and define a main function or use the ExitProcess WinAPI call which is defined in a DLL.
On 32-Bit Linux, I'd use the int 0x80 instruction with the exit syscall. Apparently, Windows does not meaningfully implement these interrupts.
So, is there a way to cleanly return from my program?
Windows has some system calls like all (traditional) operating systems. Read Operating Systems: Three Easy Pieces to learn more about OS.
But Microsoft Windows is proprietary software. The system call interface is undocumented by Microsoft, could be specific to a particular version, and you need time-consuming efforts to reverse engineer it. See also this.
People have already done the reverse engineering and published the results at https://j00ru.vexillium.org/syscalls/nt/32/.
So making system calls directly is possible, but very unpractical except as a learning experiment on your own desktop (not for executables you distribute).
The other part of what you want, avoiding having any DLLs loaded/mapped into your process's virtual address space, may actually be impossible.
sorry if this is a basic question, but I can't seem to find the answer anywhere online.
I am learning assembly. Dev environment is VS2013 & MASM on Windows 7. I have a decent understanding of string manipulation and now I am trying to print a char to the console. The methods that I can find on the internet involve including MASM files, using MessageBoxA, or modifying the project settings to use DOS interrupts.
Including external files and modifying project settings are two things that I definitely don't want to do. MessageBoxA seems cool, but is there not a way to print to console in pure ASM? Thanks!
Windows is not DOS and has not been for a long time. Windows NT based versions does not allow you to write directly to hardware without a kernel driver.
If you don't care about Unicode then you just need to call GetStdHandle(STD_OUTPUT_HANDLE) to get a handle to stdout and then use this handle with WriteFile.
Use WriteConsole to write Unicode strings if GetConsoleMode returns true.
I need to hijack all operating system calls of my own process. I cannot rewrite code as it is partly not my code (plug-ins). I need to be able to decide within my implementation of a specific system call, if I want to call the original implementation or not.
Operating systems will be at first windows xp and higher versions. Later os x 10.5 and higher will follow. Starting on windows with 32 bit versions, later for all operating systems also 64 bit versions.
I found a lot of documentation and tools about hooking other processes but I would hope my job is much simpler and I would hope for some source code.
Thanks a lot in advance, Bernd.
There are many hooking libraries that will let you do this, for example Detours or madCodeHook on Windows. No doubt there are similar libraries on OSX, I just don't know them!
It's very easy to hook a routine and replace it with your own implementation. It's less easy to retain the option of running the original routine in some circumstances, and that's where using a hooking library will take the pain away for you.
On Mac OS X, you can override functions with the DYLD_INTERPOSE macro (and DYLD_INSERT_LIBRARIES, if needed). This answer has an example: Ansi C patch using dlsym compiles OK under linux but fails on Mac Os X
For Windows, there is the open source alternative to Microsoft Detours called EasyHook:
CodePlex: EasyHook
Code Project: EasyHook - The reinvention of Windows API hooking
Okay. I want to learn how to assemble programs on my Mac (Early 2009 MBP, Intel Core 2 Duo). So far, I understand only that Assembly languages are comprised of direct one-to-one mnemonics for CPU instructions. After some Googling, I've seen a lot of terms, mostly "x86" and "x86_64". I've also seen MASM, NASM, and GAS, among others.
Correct me if I'm wrong:
x86 and x86_64 are instruction sets. If I write something using these instruction sets (as raw machine code), I'm fine so long as my program stays on the processor it was designed for.
NASM, MASM, and GAS are all different assemblers.
There are different Assembly languages. There's the AT&T syntax and the Intel syntax, for example. Support for these syntaxes differ across assemblers.
Now, questions:
As a Mac user, which instruction sets should I be concerned about?
Xcode uses GCC. Does this mean it also uses GAS?
If it does use GAS, then should I be learning the AT&T syntax?
Is there a book I can get on this. Not a tutorial, not a reference manual on the web. Those things assume to much about me; for example, as far as I know, a register is just a little bit of memory on the CPU. That's how little I really know.
Thanks for your help.
If you want to learn assembly language, start with the x86 instruction set. That's the basic set.
A good book on the subject is Randall Hyde's the Art of Assembly Language, which is also available on his website. He uses a high-level assembler to make things easy to grasp and to get going, but deep down it uses GAS.
I don't believe that XCode comes with any assembler, but you can for example find GAS in MacPort's binutils package.
If you just want to make programs on your Mac and you're not that interested in the life of all the bits in the CPU, you're much better off with a more high-level language like Python or Ruby.
"I'm fine so long as my program stays on the processor it was designed for." Not really. In many cases, assembler programs will also make assumptions about the operating system they run on (e.g. when they call library functions or make system calls). Otherwise, your assumpptions are correct.
Onto questions:
Current Macs support both x86 and x86-64 (aka AMD64 aka EM64T aka Intel64). Both 32-bit and 64-bit binaries can be run on recent systems; Apple itself ships its libraries in "fat" (aka "universal") mode, i.e. machine code for multiple architectures.
Use "as -v" to find out what precise assembler you have; mine reports as "Apple Inc version cctools-698.1~1, GNU assembler version 1.38". So yes, it's GAS.
Yes.
https://stackoverflow.com/questions/4845/good-x86-assembly-book
I'll answer the first question:
Macs use Intel chips now, and modern processors are 64-bit.