flat assembler
Message board for the users of flat assembler.
![]() |
Author |
|
bitRAKE 16 Sep 2024, 20:34
There is a useful database of syscall numbers organized by build number. With fasmg there is a simple way to create an abstraction that utilizes these files directly:
Code: define SYSCALLS SYSCALLS ; searchable namespace namespace SYSCALLS ; the expectation is a name followed by a number calminstruction reader line& match =mvmacro?= any?,line jno go assemble line exit go: match name= value,line jno unkwn ; compute value,value ; note: `transform doesn't work with numerical values publish name:,value exit unkwn: stringify line display "invalid syscall listing: " display line err end calminstruction ; ntoskrnl service table include "x86_64\NT10\ntos\" bappend SYSCALL_BUILD bappend ".txt",\ mvmacro ?,reader mvmacro reader,? ; Win32k service table include "x86_64\NT10\win32k\" bappend SYSCALL_BUILD bappend ".txt",\ mvmacro ?,reader mvmacro reader,? purge reader end namespace ; SYSCALLS calminstruction syscall? function transform function,SYSCALLS jyes known arrange function,=syscall function assemble function exit known: arrange function,=mov =eax, function assemble function arrange function,=syscall assemble function end calminstruction Code: include 'syscall.g', SYSCALL_BUILD equ "22000" ; change to your system build ... mov r10, [hStdOut] syscall NtClose xor edx, edx ; NTSTATUS mov r10, NtCurrentProcess ; HANDLE, optional syscall NtTerminateProcess Syscall usage can be much more complex than the Win32 APIs. So, expect a steep learning curve. Example on github. |
|||
![]() |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.