System Calls in windows & Native API?

by

If you’re doing assembly programming under Windows you don’t do manual syscalls. You use NTDLL and the Native API to do that for you.

The Native API is simply a wrapper around the kernelmode side of things. All it does is perform a syscall for the correct API.

You should NEVER need to manually syscall so your entire question is redundant.

Linux syscall codes do not change, Windows’s do, that’s why you need to work through an extra abstraction layer (aka NTDLL).

EDIT:

Also, even if you’re working at the assembly level, you still have full access to the Win32 API, there’s no reason to be using the NT API to begin with! Imports, exports, etc all work just fine in assembly programs.

EDIT2:

If you REALLY want to do manual syscalls, you’re going to need to reverse NTDLL for each relevant Windows version, add version detection (via the PEB), and perform a syscall lookup for each call.

However, that would be silly. NTDLL is there for a reason.

People have already done the reverse-engineering part: see https://j00ru.vexillium.org/syscalls/nt/64/ for a table of system-call numbers for each Windows kernel. (Note that the later rows do change even between versions of Windows 10.) Again, this is a bad idea outside of personal-use-only experiments on your own machine to learn more about asm and/or Windows internals. Don’t inline system calls into code that you distribute to anyone else.

More Related Contents:

  1. What characters are forbidden in Windows and Linux directory names?
  2. Why does Windows64 use a different calling convention from all other OSes on x86-64?
  3. How can I determine whether a specific file is open in Windows? [closed]
  4. Windows system calls [duplicate]
  5. How to convert Windows end of line in Unix end of line (CR/LF to LF)
  6. Compiling assembly in Visual Studio
  7. What is the ‘shadow space’ in x64 assembly?
  8. What is the difference between mutex and critical section?
  9. Is it valid to write below ESP?
  10. Why is creating a new process more expensive on Windows than Linux?
  11. Hello world using nasm in windows assembly
  12. Concurrency in a GIT repo on a network shared folder
  13. ^M at the end of every line in vim
  14. Which versions of Windows support/require which CPU multimedia extensions? (How to check if SSE or AVX are fully usable?)
  15. Does Windows have Inode Numbers like Linux?
  16. Is x86 32-bit assembly code valid x86 64-bit assembly code?
  17. Shadow space example
  18. Powershell: null file always generated (output of Compare-Object)
  19. Getting MAC Address
  20. How do I run Redis on Windows?
  21. How to set shell for npm run-scripts in Windows
  22. Using another language (code page) in a batch file made for others
  23. CALL command vs. START with /WAIT option
  24. Node npm windows file paths are too long to install packages
  25. How do I link gtk library more easily with cmake in windows?
  26. How do I prevent DLL injection
  27. Can I handle the killing of my windows process through the Task Manager?
  28. Run a Command Prompt command from Desktop Shortcut
  29. How can I source variables from a .bat file into a PowerShell script?
  30. Global NPM package installed but command not found

Leave a Comment