The MASM Forum

deleted

are there any documented functions in there ?   :P
i am curious
i thought the primary purpose of NTVDM is to run 16-bit programs under a 32-bit environment

Quote from: dedndave on December 15, 2012, 02:56:49 AM
are there any documented functions in there ?   :P

Check the exports of C:\Windows\System32\wow32.dll ...

The following functions are exported by this dll:
CopyDropFilesFrom16   CopyDropFilesFrom32   GetCommHandle   GetCommShadowMSR
W32Dispatch   W32HungAppNotifyThread   W32Init   WOW32DriverCallback
WOW32ResolveHandle   WOW32ResolveMemory   WOWCallback16   WOWCallback16Ex
WOWDirectedYield16   WOWFreeMetafile   WOWGetVDMPointer   WOWGetVDMPointerFix
WOWGetVDMPointerUnfix   WOWGlobalAlloc16   WOWGlobalAllocLock16   WOWGlobalFree16
WOWGlobalLock16   WOWGlobalLockSize16   WOWGlobalUnlock16   WOWGlobalUnlockFree16
WOWHandle16   WOWHandle32   WOWUseMciavi16   WOWYield16
http://www.win7dll.info/wow32_dll.html

Dave,

Here is an undocumented item.

It's comes in handy to give a message without requiring any user input.

Andy


invoke MessageBoxTimeout,NULL,ADDR msg_No, NULL, MB_OK or MB_SETFOREGROUND or MB_SYSTEMMODAL or MB_ICONWARNING,NULL,2000 ; close after 2 seconds


yah - there are a number of undocumented API's
i read someplace that all MessageBox functions call that one, internally - lol

but, i was wondering about what useful functions might exist in NTVDM

Hi nidud,

Here is my version of the import library. It has a much more small size of 32 Kb. Kindly, could you test it?

The functions in this section are 32-bit WOW API elements exported by WOW32.DLL.
WOWCallback16
 
DWORD WINAPI WOWCallback16(DWORD vpfn16, DWORD dwParam);

Used in 32-bit code called from 16-bit code (through generic thunks) to call back to the 16-bit side (generic callback).
·        The return value comes from the callback routine. If the callback routine returns a WORD types instead of a DWORD types, the upper 16 bits of the return value are undefined. If the callback routine has no return value, the entire return value of this function is undefined.
 
vpfn16
Pointer to 16-bit callback routine, which is passed from the 16-bit side.
dwParam
Parameter for the 16-bit callback routine.
This function will not work when called in a 32-bit process.
The 16-bit function to be called must be declared with one of the following types.
 
   LONG FAR PASCAL CallbackRoutine(DWORD dwParam);

   LONG FAR PASCAL CallbackRoutine(VOID FAR *vp);
 
The type used is determined by whether the parameter is a pointer.
If you are passing a pointer, you will need to get the pointer by using either the WOWGlobalAlloc16 or WOWGlobalAllocLock16 function.

More attached ;-)

"_WaitIfIdle@0"
"_call_ica_hw_interrupt@12"

those look interesting   :P
along with maybe some of the debug ones

Quote from: jj2007 on December 15, 2012, 03:19:32 AM
Check the exports of C:\Windows\System32\wow32.dll ...

Folgendes in deutsch wg. Deiner lausigen Englischkenntnisse:

Falsche Baustelle. Das ist die NT Win16-Emulation. NTVDM ist ein v86-Monitor zur DOS-Emulation - und auch soweit ganz gut dokumentiert - für MS-Verhältnisse jedenfalls. Siehe Win2000-DDK.

Quote from: dedndave on December 15, 2012, 05:16:58 AM
yah - there are a number of undocumented API's
i read someplace that all MessageBox functions call that one, internally - lol

but, i was wondering about what useful functions might exist in NTVDM

Is that a windows DLL, if so open that puppy up and look thru it.

I am sure that searching thru DLLs etc. is a major source of W**d0w2 exploits.

I have found this advanced search to be real good.

It's will narrow your search down.

http://us.yhs4.search.yahoo.com/web/advanced?ei=UTF-8&fr=altavista&p=

hi Andy

i can use the dependancy walker to find the function names
i was just too lazy   :lol:

Erol did it for us - if you look at his attachment, he created a .DEF file

anyways, you might like this...

http://www.dependencywalker.com/ (http://www.dependencywalker.com/)

Quote from: japheth on December 15, 2012, 05:26:35 AM
Folgendes in deutsch wg. Deiner lausigen Englischkenntnisse

Dankeschoen, Andreas. Man kann halt immer was von Dir lernen :t

Dave,

I was referring to searching the internet for all the undocumented functions in various dlls, etc.  :t

Andy

http://undocumented.ntinternals.net/aindex.html (http://undocumented.ntinternals.net/aindex.html)

i tend not to use them
i usually try to find a documented way to do it
there are a few things, though   :P

Jeder macht Fehler.

i feel like i am watching Firefly/Serenity, except it's German instead of Chinese   :lol:

Sorry Dave, I could tell you but then I would have to snuff you out. (JOKE)

Andy

deleted

deleted

deleted

On my Windows 2000 system there is a ntvdm.exe and a ntvdmd.dll, but no ntvdm.dll. On my Windows XP SP3 system there is only ntvdm.exe, and this is the DEF file for it:

LIBRARY ntvdm.exe
EXPORTS
BlockWOWIdle
CurrentMonitorTeb DATA
DBGNotifyDebugged
DBGNotifyNewTask
DBGNotifyRemoteThreadAddress
DispatchInterrupts
Dos_Flag_Addr DATA
DpmiSetIncrementalAlloc
ExpLdt DATA
FlatAddress DATA
GetDOSAppName
GetWOWShortCutInfo
IsCdRomFile
MGetVdmPointer
RegisterWOWIdle
ResumeTimerThread
SelectorLimit DATA
SetShadowDescriptorEntries
Sim32pGetVDMPointer
SoftPcEoi
SuspendTimerThread
VDDAllocMem
VDDAllocateDosHandle
VDDAssociateNtHandle
VDDDeInstallIOHook
VDDDeInstallMemoryHook
VDDDeInstallUserHook
VDDExcludeMem
VDDFreeMem
VDDIncludeMem
VDDInstallIOHook
VDDInstallMemoryHook
VDDInstallUserHook
VDDQueryDMA
VDDReleaseDosHandle
VDDReleaseIrqLine
VDDRequestDMA
VDDReserveIrqLine
VDDRetrieveNtHandle
VDDSetDMA
VDDSimulate16
VDDTerminateVDM
VdmDbgAttach
VdmGetParametersInfoError
VdmMapFlat
VdmParametersInfo
VdmTraceEvent
WOWSysErrorBox
WaitIfIdle
call_ica_hw_interrupt
cmdCheckTemp
cmdCheckTempInit
cpu_createthread
demClientErrorEx
demFileDelete
demFileFindFirst
demFileFindNext
demGetCurrentDirectoryLCDS
demGetFileTimeByHandle_WOW
demGetPhysicalDriveType
demIsShortPathName
demLFNCleanup
demLFNGetCurrentDirectory
demSetCurrentDirectoryGetDrive
demSetCurrentDirectoryLCDS
demWOWLFNAllocateSearchHandle
demWOWLFNCloseSearchHandle
demWOWLFNEntry
demWOWLFNGetSearchHandle
demWOWLFNInit
fSeparateWow DATA
getAF
getAH
getAL
getAX
getBH
getBL
getBP
getBX
getCF
getCH
getCL
getCS
getCX
getDF
getDH
getDI
getDL
getDS
getDX
getEAX
getEBP
getEBX
getECX
getEDI
getEDX
getEFLAGS
getEIP
getES
getESI
getESP
getFS
getGS
getIF
getIP
getIntelRegistersPointer
getMSW
getOF
getPF
getSF
getSI
getSP
getSS
getZF
host_CreateThread
host_ExitThread
host_com_close
host_direct_access_error
host_simulate
pDeviceChain DATA
setAF
setAH
setAL
setAX
setBH
setBL
setBP
setBX
setCF
setCH
setCL
setCS
setCX
setDF
setDH
setDI
setDL
setDS
setDX
setEAX
setEBP
setEBX
setECX
setEDI
setEDX
setEFLAGS
setEIP
setES
setESI
setESP
setFS
setGS
setIF
setIP
setMSW
setOF
setPF
setSF
setSI
setSP
setSS
setZF


The exports for the Windows 2000 ntvdm.exe are largely the same, but there are some significant differences.

An example how to use the exports of ntvdm.exe in a Win32 dll ( VDD ): wde031.zip (http://www.japheth.de/Download/wde031.zip) ( it's binary and source, GPL license! )

The DOS program, WDE, is a disk editor. If the disk is FAT, it knows how to handle it - but no NTSF. The VDD makes this program work in a NT DOS-Box ( admin privileges! ).


WDe Copyright(C)2005 Ben Cadieux (ben.cadieux@gmail.com)

WDe.com         V0.30b MD5: 0908554d480fc646c594fe046fd3e985
WDeTest.com     V0.30b MD5: 9d427d3aa2f6ab394ad873271d9870c5

About/License:
  WDe is designed to be a modular disk editor capable of allowing users
  to manipulate data stored in various ways on different kinds of storage
  mediums.

  WDe is currently capable of editing logical, physical and CD-Rom drives
  on MS-DOS V4.0+ or compatible.  It should (theoretically) be able to edit
  drives up to 2 TB in size.

  I strongly recommend using a cache utility (such as SMARTDrive) to speed
  up functions that would otherwise be quite slow.

  This program is free software; you can redistribute it and/or modify it
  under the terms of the GNU General Public License (Version 2) as published
  by the Free Software Foundation.

  This program is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  for more details.

  You should have received a copy of the GNU General Public License
  along with this program; if not, write to the Free Software
  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

Notes about V0.22b:
  Included in this release is WDeTest.com; a semi-completed new menu
  system being considered for future releases of WDe.  This version should
  only be used as a preview for feedback to the author, since a great
  deal of code needed to be moved or changed to allow for the new menu.
  WDeTest.com may also lack some fixes found in WDe.com.

  The project's future is uncertain, WDe may be ported to Linux or moved
  towards being OS-independant.  There are plans to add support for more
  partition types such as NTFS, UFS and Ext2/3.  Comments, ideas and
  suggestions would be appreciated; a simple e-mail might change WDe's path.

Updates in V0.30b:
  - fixed a small bug in the hex printing code
  - separated int 13h buffers for getting drive info and reading/writing,
  - reversed display of attribute bits in directory view to match binary
  - fixed root cluster number display bug
  - enhanced finding MBR; less chance of a false positive
  - sector saving/restoring can no longer read/write outside drive parameters
  - fixed bug in fat functions allowing them to read/write past fat tables
  - added workaround to Win9x bug for theoretical writes to CD-Roms
  - fixed bootsector display bug that occurred under certain conditions
  - read functions fixed and reversed back to oldest to newest
  - fixed bug switching to drives that were unable to be edited
  - optimized code that converts values to hex strings
  - modified menu system to be more versatile
  - fixed bug getting fat entry data for last few allowable clusters
    on maximally sized Fat12 and Fat16 partitions
  - enhanced/corrected directory detection; less false negatives/positives
  - updated file/path character checking; this further improves directory
    finding and accepts more characters as valid input when undeleting
  - unformat function has been re-designed, re-written and implemented
  - bytes per sector returned by int 13h/48h now used for hard disks
  - hitting enter in the fat area now works regardless of the view set
  - fixed bug causing restore chain to default to second fat in directories
  - fixed rare bug causing Fat16 partitions to be shown as Fat32
  - file sharing violation crashes under windows fixed by having int 24h
    return "fail" instruction to the calling code
  - running out of disk space while writing a file now aborts with an error
  - last sector bound now kept for non-physical drives restricted as physical
  - restricting above as physical now always correctly sets last sector
  - defaults to Fat1 if saving/restoring Fat2 when none exists
  - fixed major partition saving bug (saving was starting at MBR)
  - fixed partition saving/restoring bug causing it to miss last sector
  - fixed CHS display code for high sector numbers
  - CHS no longer displayed when switching from physical to non-physical
  - workarounds added for CHS reading with poorly written BIOSes
  - searching for String/Hex on CDs no longer randomly stops
  - excessive amounts of code clean-up & optimization for speed and size
  - much better system implemented to generate random values
  - fixed some fat type detection problems
  - MBR view now shows Linux, FreeBSD and NTFS as partition types

Planned Updates:
  - directory location function
  - defrag function (maybe)
  - further modularization of source code
  - better CHS hard disk identification (int13h/ah=25h, ah=48h)
  - bootsector view changes to make easy Fat1x/Fat32 distinction
  - 2gb file limit check revising for append
  - 4gb file limit check for fat32
  - rather than filesize limits; file splitting options
  - case insensitive search
  - fat32 root save/restore implemented for all linked clusters
  - better fat finding (entry repetition checking)
  - file chain saving guess cluster order for deleted files
  - restore previous video mode on quit
  - some CD "goto" functions
  - revision of "goto" functions for physical reading of floppy drives
  - drive scan function to report/fix errors
  - editing support (with tab) in view area
  - lfn support for undeleting files
  - support for reading sector numbers that are bigger than a dword
  - searches should move cursor to start of found string
  - searching should have a "find again" feature
  - bug finding fat12 partitions on hard disks (descriptor byte)
  - unreadable sectors should be shown as blanked/dashed
  - save/restore entire hard drive needed
  - ability to mount drives as drive letters (maybe)
  - file manager mode (maybe)


Hi nidud,

You are right. I modified my def2lib tool to create the correct entries in the import library. I modified the .def file too. Kindly, could you check the attachment again?

deleted

Hi nidud,

Thanks for testing the import library.

nidud, Thank you for writing this program. It solved an issue in which a DOS BOP command was unable to register a Win32 VDD DLL which was compiled using the NTVDM.LIB included with MASM 10 and 11.

Vortex: I tried the second version of the NTVDM.LIB which you created using your def2lib tool, but for some reason the resulting DLL would not work with my application. Could I get a copy of def2lib to play around with?
[Edit] I should have said I tried both your posted LIB files, with and without the patch fix.

Regards,  Mike

def2lib does not create DLL's - it creates import libraries (LIB)

Erol (Vortex) has many great tools for working with libraries and object modules, etc...

http://www.vortex.masmcode.com/ (http://www.vortex.masmcode.com/)

Hi pcMike,

As Dave said, def2lib does not create DLLs. The purpose of this tool is to convert a module definition file ( .def ) to a MS COFF import library.

Here is a small test environment :

lib2def .\ntvdm1999\NTVDM.LIB

def2lib ntvdm.def -e

lib2def creates a .def file from the import library stored in the ntvdm1999 folder.

def2lib will convert this .def file to the import library ntvdm.lib  In other words, the import library is recreated from the module definition file.

The attachment contains lib2def, def2lib, the .def file and the import libraries.

You can also download the tools from my website.

Hi Dedndave and Vortex,

I understand that def2lib does not create DLL files.

Let me clarify what I was trying to say... I tested the version of NTVDM.LIB which Vortex created using his def2lib tool, and both versions he made available in this thread would not allow me to build a functional VDD DLL file, as the file could not be registered by a using a DOS BOP "register VDD" command. 

I had the same issue with Hutch's NTVDM.LIB file when I upgraded to MASM32 version 10,  since earlier versions of MASM32 did not include NTVDM.LIB so I always used my own version of that Library (the 1999 version) which has always worked fine over the years.  I didn't like the idea of replacing the original MASM32 library files with a different version, because in my old age I might forget that this is needed a few years later down the road when I upgrade things. Actually this just occurred, as I finally got around to upgrading to MASM32 version 11 this week, and then I encountered he same issue, causing my software to fail to function after compiling it with the MASM32 NTVDM.LIB file.

Hopefully now that Hutch is aware of the issue and it's cause, he can patch the library file in the next MASM32 release. :)

Vortex, thanks for posting the def2lib tool, I'll try playing with it.

Regards,  Mike

Mike,

I think you misunderstand what the MASM32 project is aimed at.

> Hopefully now that Hutch is aware of the issue and it's cause, he can patch the library file in the next MASM32 release. :)

The library in the MASM32 SDK will never be patched to fit such an obscure non Win32 task. If you have specialised requirements, you either use your existing library that works OK or you learn its format and create new ones that do what you need.

Hi Hutch,

Ok, I won't try to convince you otherwise, I'll just put a note in my source code reminding me that if I upgrade MASM32 (or perform a clean install on a new computer), I will need to use a different version of NTVDM.LIB :)

I agree that DOS programs that use Win32 Virtual Device Drivers in this day and age are rather obscure. It's a shame that Microsoft is not willing to extend the NTVDM environment to support Win64.

Regards,  Mike

>It's a shame that Microsoft is not willing to extend the NTVDM environment to support Win64.
Once you are in 64-bit mode you no longer have access to V86 mode. Blame Intel/AMD, not MS.

Hi Sinsi,

>>It's a shame that Microsoft is not willing to extend the NTVDM environment to support Win64.
>Once you are in 64-bit mode you no longer have access to V86 mode. Blame Intel/AMD, not MS.

True... but if Microsoft wanted to, they could extend the NTVDM to run fully in software emulation mode under 64-bit Windows.   They already allow some 16-bit protected mode applications to run this way, such as legacy InstallShield and Acme installer files (16-bit installers used to install 32-bit applications). The performance of DOS applications would not be as fast as in Virtual 8086 mode, but as modern CPU's become faster the difference becomes marginal.

Regards,  Mike

Well, they make VirtualPC (for older Windows) or more recently Hyper-V.
You also have bochs, qemu, dosbox, VirtualBox, VMWare...

Quote from: pcMike on September 13, 2015, 08:48:18 AM
I tested the version of NTVDM.LIB which Vortex created using his def2lib tool, and both versions he made available in this thread would not allow me to build a functional VDD DLL file, as the file could not be registered by a using a DOS BOP "register VDD" command. 

You didn't download the zip file I posted here :

http://masm32.com/board/index.php?topic=1086.msg49342#msg49342

The post count is zero so I assume you downloaded lib2def and def2lib from my website.

My ntdm.lib should work with your project. Are you sure that you specified the -e option to build the import library?

def2lib ntvdm.def -e

The -e switch will instruct def2lib to create the correct entries in the library, ntvdm.exe   Without the -e option, you will get the .dll extension instead of .exe

Hi Vortex,

I downloaded both the def2lib and dll2inc tools from your web site.  I tested it today and the resulting DLL works perfectly. :)

Regards,  Mike

Hello pcMike,

Glad to learn that it worked for you. Kindly, could you please tell if you used the -e option to build the import library? Thanks.

def2lib ntvdm.def -e

Hi Vortex,

Yes, the -e option is needed in order for it to work with the DOS BOP "register VDD" function.
Otherwise the BOP command fails with AX=1 (Can't find DLL).

Regards,  Mike

Hi Sensi,

>Well, they make VirtualPC (for older Windows) or more recently Hyper-V.
>You also have bochs, qemu, dosbox, VirtualBox, VMWare...

Someone has started an NTVDM-alike project for 64-bit Windows, but it is still far from complete.
http://sourceforge.net/projects/nxvdm/

Regards,  Mike

https://en.wikipedia.org/wiki/Virtual_DOS_machine
dosbox is a real good alternative who allow  old dos game to run on actual machine