Windows系统调用 [英] Windows system calls
问题描述
我对使用Linux上的系统调用的汇编有一个(非常)基本的了解(我使用GNU汇编器as).
在Windows 7上,我使用GCC编译器套件的MinGW(32位)端口生成汇编程序.在Linux上,我经常在汇编程序中使用C库进行某些OS交互,而在Windows平台上,使用MinGW则可以很好地工作.但是,有时我想使用低级系统调用-主要是为了使我的可执行文件尽可能的小.在Linux上,我知道该怎么做:
movl $0, %ebx
movl $1, %eax
int $0x80 ; exit with code 0
我还使用这些系统调用来向终端读取/写入字符(例如,在EAX中以4写入系统调用).我想知道如何在Windows NT平台上执行此操作.是否有可能?我查看了此表,但我并不真正理解系统调用的名称.欢迎任何帮助.
更新
我认为这是出于实验或娱乐目的,实际上OP写道:
但是,有时我想使用低级系统调用-主要是为了使我的可执行文件尽可能小.
...我发现这一类推理是有问题的,我不想充当此类开发实践的推动者,尤其是因为将syscall用于控制台任务并没有实际好处.
如果有人想知道如何在Windows中使用低级的syscall,请发布一个新的问题,并对其进行适当的构架,我很乐意回答.
但作为起点,请参见> https://j00ru.vexillium.org/syscalls/nt/64/以获得按Windows内核版本细分的x64 NT系统调用编号的反向工程表. (请勿在可移植代码中使用,仅用于满足您对Windows和/或asm的工作原理的好奇心的实验.)
I have a (very) basic understanding of assembly using system calls on Linux (I use the GNU assembler as).
On Windows 7, I am using the MinGW (32-bit) port of the GCC compiler suite to produce assembler programs. On Linux I regularily use the C library for some OS interactions in my assembler programs, and on my Windows platform this works perfectly as well using MinGW. Sometimes, however, I want to use low-level system calls -- mostly to keep my executables as small as possible. On Linux I know how to do this:
movl $0, %ebx
movl $1, %eax
int $0x80 ; exit with code 0
I also use these system calls for reading/writing chars to/from the terminal (for writing syscall with 4 in EAX for example). I was wondering how to do this on a Windows NT platform. Is it possible? I looked at this table, but I don't really understand the names of the syscalls. Any help is welcome.
The Nt* set of functions are undocumented with good reason: it's internal to Windows and changes between versions, meaning that programs that target it directly are at high-risk of breaking between Windows versions.
Really, there is not that big an overhead with targeting public, documented functions, and you get Microsoft's guarantee that your program will work with future versions of Windows provided you use the API correctly.
For that reason, I won't provide you with the answer you want. I strongly advise you to use the public console API: http://msdn.microsoft.com/en-us/library/windows/desktop/ms682073%28v=vs.85%29.aspx
Update
I assume that is for experimentation or fun, indeed the OP wrote:
Sometimes, however, I want to use low-level system calls -- mostly to keep my executables as small as possible.
...I find this line of reasoning problematic and I don't want to act as an enabler for these kinds of development practices, especially as there is no practical benefit to using syscalls for console tasks.
If someone wants to know how to use low-level syscalls in Windows then please post a new question, suitably framed, and I'll gladly answer it.
But as a starting point, see https://j00ru.vexillium.org/syscalls/nt/64/ for a reverse-engineered table of x64 NT system-call numbers broken down by Windows kernel version. (Do not use in portable code, only for experiments to satisfy your curiosity about how Windows and/or asm works.)
这篇关于Windows系统调用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
