Search code examples
windowsassemblyx86system-calls

Windows system calls

I have a (very) basic understanding of assembly using system calls on Linux (I use the GNU assembler as). On Windows 7, I am using the MinGW (32-bit) port of the GCC compiler suite to produce assembler programs. On Linux I regularily use the C library for some OS interactions in my assembler programs, and on my Windows platform this works perfectly as well using MinGW. Sometimes, however, I want to use low-level system calls -- mostly to keep my executables as small as possible. On Linux I know how to do this:

movl        $0, %ebx
movl        $1, %eax
int $0x80   ; exit with code 0

I also use these system calls for reading/writing chars to/from the terminal (for writing syscall with 4 in EAX for example). I was wondering how to do this on a Windows NT platform. Is it possible? I looked at this table, but I don't really understand the names of the syscalls. Any help is welcome.

Solution

  • The Nt* set of functions are undocumented with good reason: it's internal to Windows and changes between versions, meaning that programs that target it directly are at high-risk of breaking between Windows versions.

    Really, there is not that big an overhead with targeting public, documented functions, and you get Microsoft's guarantee that your program will work with future versions of Windows provided you use the API correctly.

    For that reason, I won't provide you with the answer you want. I strongly advise you to use the public console API: http://msdn.microsoft.com/en-us/library/windows/desktop/ms682073%28v=vs.85%29.aspx

    Update

    I assume that is for experimentation or fun, indeed the OP wrote:

    Sometimes, however, I want to use low-level system calls -- mostly to keep my executables as small as possible.

    ...I find this line of reasoning problematic and I don't want to act as an enabler for these kinds of development practices, especially as there is no practical benefit to using syscalls for console tasks.

    If someone wants to know how to use low-level syscalls in Windows then please post a new question, suitably framed, and I'll gladly answer it.

    But as a starting point, see https://j00ru.vexillium.org/syscalls/nt/64/ for a reverse-engineered table of x64 NT system-call numbers broken down by Windows kernel version. (Do not use in portable code, only for experiments to satisfy your curiosity about how Windows and/or asm works.)