Index
> Windows > KiSystemService and KiSystemFastCall |
| Author |
|
|
crc 18 Dec 2005, 19:48
The first is part of the Native API (see http://www.sysinternals.com/Information/NativeApi.html)
Quote: The Native API exception handler in kernel mode is named KiSystemService, and it is invoked whenever a Native API is executed in user mode. Its task is to determine if the API's index number is valid, and if so, pass control to the appropriate system service in kernel mode to service the request. It does this by simply using the index number passed from user mode to index into an array called KiSystemServiceTable. Each entry in this array includes a pointer to the appropriate function and the number of parameters the function expects. KiSystemService takes the parameters passed on the user mode stack (pointed to in the edx register on x86) and pushes them on the kernel stack before calling the function specified in the array for the index. I found some references to KiFastCall, but not to KiSystemFastCall. Google for "windows native api functions" or something similar and perhaps you can dig up more details on these undocumented APIs  |
|||
18 Dec 2005, 19:48 |
|
|
chris 05 Jan 2006, 12:10
they are not exported, from the prefix you can tell.
|
|||
|
05 Jan 2006, 12:10 |
|
|
shism2 05 Jan 2006, 21:24
??? Where are these apis at then?
|
|||
|
05 Jan 2006, 21:24 |
|
|
crc 06 Jan 2006, 01:17
I think the actual code for the functions may be implemented in ntoskernel.exe; possibly you might want to check and see if anyone developing ReactOS (http://reactos.com) is certain since they're making a lot of headway on a their Windows-compatible OS.
|
|||
|
06 Jan 2006, 01:17 |
|
< Last Thread | Next Thread > |
Forum Rules:
|