Windows 系统调用 [英] Windows system calls

问题描述

我对在 Linux 上使用系统调用进行汇编有(非常)基本的了解(我使用 GNU 汇编器 as).在 Windows 7 上，我使用 GCC 编译器套件的 MinGW(32 位)端口来生成汇编程序.在 Linux 上，我经常在我的汇编程序中使用 C 库进行一些操作系统交互，而在我的 Windows 平台上，这与使用 MinGW 一样完美.然而，有时我想使用低级系统调用——主要是为了使我的可执行文件尽可能小.在 Linux 上我知道怎么做:

movl $0, %ebxmovl $1, %eax整数 $0x80 ;退出代码 0

我还使用这些系统调用从终端读取/写入字符(例如，在 EAX 中使用 4 写入系统调用).我想知道如何在 Windows NT 平台上执行此操作.是否可以?我查看了这张表，但我不太了解系统调用的名称.欢迎任何帮助.

解决方案

Nt* 函数集没有记录是有充分理由的:它是 Windows 内部的并且在版本之间发生变化，这意味着针对它直接存在于 Windows 版本之间中断的高风险.

实际上，针对公开的、记录在案的函数并没有那么大的开销，并且您得到 Microsoft 的保证，只要您正确使用 API，您的程序将适用于未来版本的 Windows.>

因此，我不会为您提供您想要的答案.我强烈建议您使用公共控制台 API:http://msdn.microsoft.com/en-us/library/windows/desktop/ms682073%28v=vs.85%29.aspx

更新

我认为这是为了实验或娱乐，实际上 OP 写道:

<块引用>

然而，有时我想使用低级系统调用——主要是为了让我的可执行文件尽可能小.

...我发现这种推理方式有问题，我不想成为这类开发实践的推动者，尤其是因为将系统调用用于控制台任务并没有实际好处.

如果有人想知道如何在 Windows 中使用低级系统调用，那么请发布一个新问题，适当地提出来，我很乐意回答.

但作为起点，请参阅 https://j00ru.vexillium.org/syscalls/nt/64/ 用于按 Windows 内核版本分解的 x64 NT 系统调用号的逆向工程表.(请勿在可移植代码中使用，仅用于实验以满足您对 Windows 和/或 asm 工作原理的好奇心.)

I have a (very) basic understanding of assembly using system calls on Linux (I use the GNU assembler as). On Windows 7, I am using the MinGW (32-bit) port of the GCC compiler suite to produce assembler programs. On Linux I regularily use the C library for some OS interactions in my assembler programs, and on my Windows platform this works perfectly as well using MinGW. Sometimes, however, I want to use low-level system calls -- mostly to keep my executables as small as possible. On Linux I know how to do this:

movl        $0, %ebx
movl        $1, %eax
int $0x80   ; exit with code 0

I also use these system calls for reading/writing chars to/from the terminal (for writing syscall with 4 in EAX for example). I was wondering how to do this on a Windows NT platform. Is it possible? I looked at this table, but I don't really understand the names of the syscalls. Any help is welcome.

解决方案

The Nt* set of functions are undocumented with good reason: it's internal to Windows and changes between versions, meaning that programs that target it directly are at high-risk of breaking between Windows versions.

Really, there is not that big an overhead with targeting public, documented functions, and you get Microsoft's guarantee that your program will work with future versions of Windows provided you use the API correctly.

For that reason, I won't provide you with the answer you want. I strongly advise you to use the public console API: http://msdn.microsoft.com/en-us/library/windows/desktop/ms682073%28v=vs.85%29.aspx

Update

I assume that is for experimentation or fun, indeed the OP wrote:

Sometimes, however, I want to use low-level system calls -- mostly to keep my executables as small as possible.

...I find this line of reasoning problematic and I don't want to act as an enabler for these kinds of development practices, especially as there is no practical benefit to using syscalls for console tasks.

If someone wants to know how to use low-level syscalls in Windows then please post a new question, suitably framed, and I'll gladly answer it.

But as a starting point, see https://j00ru.vexillium.org/syscalls/nt/64/ for a reverse-engineered table of x64 NT system-call numbers broken down by Windows kernel version. (Do not use in portable code, only for experiments to satisfy your curiosity about how Windows and/or asm works.)

这篇关于Windows 系统调用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！