flat assembler
Message board for the users of flat assembler.
Index
> Windows > syscalls |
Author |
|
revolution 25 Dec 2007, 06:40
MS don't publicly announce how to use such things. You might get something working on your current Windows build only to find later it is broken on the next update.
Also there is nothing special about things like syscall, it won't give you any extra privileges or magic powers that the standard API doesn't give you. |
|||
25 Dec 2007, 06:40 |
|
asmfan 25 Dec 2007, 10:04
Portable - NO
magic powers - NO:) (not in R3) (only in R0 where some Nt* funcs isn't exported - accessed only by syscall num) |
|||
25 Dec 2007, 10:04 |
|
zxcv 25 Dec 2007, 15:25
Yes, i want to write in R0. Is it possible to access network driver and send my own packet? Kernel do it, so why i cant.
|
|||
25 Dec 2007, 15:25 |
|
revolution 25 Dec 2007, 16:07
Easiest way to get R0 is to write a simple driver and install it on the fly. There are examples on the net, my website has lots of details about it. There have also been some examples posted here on this board previously.
A driver is preferred since the interface is public and is not likely to be broken by a monthly update. Once your driver is running then you are in R0 and can do whatever the hell you want. |
|||
25 Dec 2007, 16:07 |
|
zxcv 25 Dec 2007, 16:11
ok, do i have to write additional drivers for diffrent network cards/modems?
Or 1 is enought for all hardware? |
|||
25 Dec 2007, 16:11 |
|
revolution 25 Dec 2007, 16:18
A driver is hardware specific.
|
|||
25 Dec 2007, 16:18 |
|
LocoDelAssembly 25 Dec 2007, 21:34
|
|||
25 Dec 2007, 21:34 |
|
f0dder 26 Dec 2007, 14:08
You can do raw sockets from ring3 as long as you have admin privileges.
Forget about doing syscalls directly, there's nothing "cool" about it, it doesn't win you anything, and since you risk breaking on the next service pack/update, is a waste of time. Spend your time doing something constructive. |
|||
26 Dec 2007, 14:08 |
|
zxcv 27 Dec 2007, 06:40
Quote: You can do raw sockets from ring3 as long as you have admin privileges. not in sp2, wich is most popular version =/ |
|||
27 Dec 2007, 06:40 |
|
f0dder 27 Dec 2007, 08:16
zxcv wrote:
There's enough support for what most legitimate people need. Sure, it sucks that fagtard steve gibson made enough noise to reduce raw sock functionality, but it's not something that affects most people. And given your track record of posts here, I suspect you want to use raw socks for malicious purposes. Anyway, if your goals are legitimate, you won't mind using winpcap. _________________ - carpe noctem |
|||
27 Dec 2007, 08:16 |
|
zxcv 27 Dec 2007, 09:11
Quote: I suspect you want to use raw socks for malicious purposes. no, i want write port scanner, like nmap. Code: socket(0, 3, 0) return -1, and i have installed winpcap. |
|||
27 Dec 2007, 09:11 |
|
f0dder 27 Dec 2007, 12:28
Perhaps you should look at the winpcap documentation, and learn to use symbolic names instead of magic values as well.
|
|||
27 Dec 2007, 12:28 |
|
System86 07 Jan 2008, 21:00
How does windows XP do syscalls internally? Do they use some interrupt, or do they use sysenter/sysexit, or something else?
By the way, syscalls won't let you get to ring 0 from ring 3 or let you gain direct hardware access. |
|||
07 Jan 2008, 21:00 |
|
LocoDelAssembly 07 Jan 2008, 21:26
It is hardware dependant, it uses Int $2E when syscall/sysenter and sysret/sysexit isn't present.
|
|||
07 Jan 2008, 21:26 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.