flat assembler
Message board for the users of flat assembler.

Index > Windows > syscalls

Author
Thread Post new topic Reply to topic
zxcv
Guest




zxcv 25 Dec 2007, 06:18
im gona learn windows syscalls. Is it good idea to write portable code?
Can i access 'raw socket' by syscall? Where can i find good documentation of it (cant find anything on msdn)?
Post 25 Dec 2007, 06:18
Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20309
Location: In your JS exploiting you and your system
revolution 25 Dec 2007, 06:40
MS don't publicly announce how to use such things. You might get something working on your current Windows build only to find later it is broken on the next update.

Also there is nothing special about things like syscall, it won't give you any extra privileges or magic powers that the standard API doesn't give you.
Post 25 Dec 2007, 06:40
View user's profile Send private message Visit poster's website Reply with quote
asmfan



Joined: 11 Aug 2006
Posts: 392
Location: Russian
asmfan 25 Dec 2007, 10:04
Portable - NO
magic powers - NO:) (not in R3) (only in R0 where some Nt* funcs isn't exported - accessed only by syscall num)
Post 25 Dec 2007, 10:04
View user's profile Send private message Reply with quote
zxcv
Guest




zxcv 25 Dec 2007, 15:25
Yes, i want to write in R0. Is it possible to access network driver and send my own packet? Kernel do it, so why i cant.
Post 25 Dec 2007, 15:25
Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20309
Location: In your JS exploiting you and your system
revolution 25 Dec 2007, 16:07
Easiest way to get R0 is to write a simple driver and install it on the fly. There are examples on the net, my website has lots of details about it. There have also been some examples posted here on this board previously.

A driver is preferred since the interface is public and is not likely to be broken by a monthly update. Once your driver is running then you are in R0 and can do whatever the hell you want.
Post 25 Dec 2007, 16:07
View user's profile Send private message Visit poster's website Reply with quote
zxcv
Guest




zxcv 25 Dec 2007, 16:11
ok, do i have to write additional drivers for diffrent network cards/modems?
Or 1 is enought for all hardware?
Post 25 Dec 2007, 16:11
Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20309
Location: In your JS exploiting you and your system
revolution 25 Dec 2007, 16:18
A driver is hardware specific.
Post 25 Dec 2007, 16:18
View user's profile Send private message Visit poster's website Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 25 Dec 2007, 21:34
Post 25 Dec 2007, 21:34
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
f0dder 26 Dec 2007, 14:08
You can do raw sockets from ring3 as long as you have admin privileges.

Forget about doing syscalls directly, there's nothing "cool" about it, it doesn't win you anything, and since you risk breaking on the next service pack/update, is a waste of time. Spend your time doing something constructive.
Post 26 Dec 2007, 14:08
View user's profile Send private message Visit poster's website Reply with quote
zxcv
Guest




zxcv 27 Dec 2007, 06:40
Quote:
You can do raw sockets from ring3 as long as you have admin privileges.

not in sp2, wich is most popular version =/
Post 27 Dec 2007, 06:40
Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
f0dder 27 Dec 2007, 08:16
zxcv wrote:
Quote:
You can do raw sockets from ring3 as long as you have admin privileges.

not in sp2, wich is most popular version =/


There's enough support for what most legitimate people need. Sure, it sucks that fagtard steve gibson made enough noise to reduce raw sock functionality, but it's not something that affects most people. And given your track record of posts here, I suspect you want to use raw socks for malicious purposes.

Anyway, if your goals are legitimate, you won't mind using winpcap.

_________________
Image - carpe noctem
Post 27 Dec 2007, 08:16
View user's profile Send private message Visit poster's website Reply with quote
zxcv
Guest




zxcv 27 Dec 2007, 09:11
Quote:
I suspect you want to use raw socks for malicious purposes.

no, i want write port scanner, like nmap.

Code:
socket(0, 3, 0)    

return -1, and i have installed winpcap.
Post 27 Dec 2007, 09:11
Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
f0dder 27 Dec 2007, 12:28
Perhaps you should look at the winpcap documentation, and learn to use symbolic names instead of magic values as well.
Post 27 Dec 2007, 12:28
View user's profile Send private message Visit poster's website Reply with quote
System86



Joined: 15 Aug 2007
Posts: 77
System86 07 Jan 2008, 21:00
How does windows XP do syscalls internally? Do they use some interrupt, or do they use sysenter/sysexit, or something else?

By the way, syscalls won't let you get to ring 0 from ring 3 or let you gain direct hardware access.
Post 07 Jan 2008, 21:00
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 07 Jan 2008, 21:26
It is hardware dependant, it uses Int $2E when syscall/sysenter and sysret/sysexit isn't present.
Post 07 Jan 2008, 21:26
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.