Author Topic: ntvdm.dll  (Read 28766 times)

nidud

  • Member
  • *****
  • Posts: 2388
    • https://github.com/nidud/asmc
ntvdm.dll
« on: December 14, 2012, 10:00:21 PM »
deleted
« Last Edit: February 25, 2022, 06:01:20 AM by nidud »

dedndave

  • Member
  • *****
  • Posts: 8828
  • Still using Abacus 2.0
    • DednDave
Re: ntvdm.dll
« Reply #1 on: December 15, 2012, 02:56:49 AM »
are there any documented functions in there ?   :P
i am curious
i thought the primary purpose of NTVDM is to run 16-bit programs under a 32-bit environment

jj2007

  • Member
  • *****
  • Posts: 13347
  • Assembly is fun ;-)
    • MasmBasic
Re: ntvdm.dll
« Reply #2 on: December 15, 2012, 03:19:32 AM »
are there any documented functions in there ?   :P

Check the exports of C:\Windows\System32\wow32.dll ...

The following functions are exported by this dll:
CopyDropFilesFrom16   CopyDropFilesFrom32   GetCommHandle   GetCommShadowMSR
W32Dispatch   W32HungAppNotifyThread   W32Init   WOW32DriverCallback
WOW32ResolveHandle   WOW32ResolveMemory   WOWCallback16   WOWCallback16Ex
WOWDirectedYield16   WOWFreeMetafile   WOWGetVDMPointer   WOWGetVDMPointerFix
WOWGetVDMPointerUnfix   WOWGlobalAlloc16   WOWGlobalAllocLock16   WOWGlobalFree16
WOWGlobalLock16   WOWGlobalLockSize16   WOWGlobalUnlock16   WOWGlobalUnlockFree16
WOWHandle16   WOWHandle32   WOWUseMciavi16   WOWYield16
http://www.win7dll.info/wow32_dll.html

Magnum

  • Member
  • *****
  • Posts: 2390
Re: ntvdm.dll
« Reply #3 on: December 15, 2012, 03:51:15 AM »
Dave,

Here is an undocumented item.

It's comes in handy to give a message without requiring any user input.

Andy

Code: [Select]
invoke MessageBoxTimeout,NULL,ADDR msg_No, NULL, MB_OK or MB_SETFOREGROUND or MB_SYSTEMMODAL or MB_ICONWARNING,NULL,2000 ; close after 2 seconds
Take care,
                   Andy

Ubuntu-mate-18.04-desktop-amd64

http://www.goodnewsnetwork.org

dedndave

  • Member
  • *****
  • Posts: 8828
  • Still using Abacus 2.0
    • DednDave
Re: ntvdm.dll
« Reply #4 on: December 15, 2012, 05:16:58 AM »
yah - there are a number of undocumented API's
i read someplace that all MessageBox functions call that one, internally - lol

but, i was wondering about what useful functions might exist in NTVDM

Vortex

  • Member
  • *****
  • Posts: 2724
Re: ntvdm.dll
« Reply #5 on: December 15, 2012, 05:20:44 AM »
Hi nidud,

Here is my version of the import library. It has a much more small size of 32 Kb. Kindly, could you test it?

jj2007

  • Member
  • *****
  • Posts: 13347
  • Assembly is fun ;-)
    • MasmBasic
Re: ntvdm.dll
« Reply #6 on: December 15, 2012, 05:23:39 AM »
The functions in this section are 32-bit WOW API elements exported by WOW32.DLL.
WOWCallback16
 
DWORD WINAPI WOWCallback16(DWORD vpfn16, DWORD dwParam);
 
Used in 32-bit code called from 16-bit code (through generic thunks) to call back to the 16-bit side (generic callback).
·        The return value comes from the callback routine. If the callback routine returns a WORD types instead of a DWORD types, the upper 16 bits of the return value are undefined. If the callback routine has no return value, the entire return value of this function is undefined.
 
vpfn16
Pointer to 16-bit callback routine, which is passed from the 16-bit side.
dwParam
Parameter for the 16-bit callback routine.
This function will not work when called in a 32-bit process.
The 16-bit function to be called must be declared with one of the following types.
 
   LONG FAR PASCAL CallbackRoutine(DWORD dwParam);
 
   LONG FAR PASCAL CallbackRoutine(VOID FAR *vp);
 
The type used is determined by whether the parameter is a pointer.
If you are passing a pointer, you will need to get the pointer by using either the WOWGlobalAlloc16 or WOWGlobalAllocLock16 function.

More attached ;-)

dedndave

  • Member
  • *****
  • Posts: 8828
  • Still using Abacus 2.0
    • DednDave
Re: ntvdm.dll
« Reply #7 on: December 15, 2012, 05:24:16 AM »
"_WaitIfIdle@0"
"_call_ica_hw_interrupt@12"

those look interesting   :P
along with maybe some of the debug ones

japheth

  • Guest
Re: ntvdm.dll
« Reply #8 on: December 15, 2012, 05:26:35 AM »
Check the exports of C:\Windows\System32\wow32.dll ...

Folgendes in deutsch wg. Deiner lausigen Englischkenntnisse:

Falsche Baustelle. Das ist die NT Win16-Emulation. NTVDM ist ein v86-Monitor zur DOS-Emulation - und auch soweit ganz gut dokumentiert - für MS-Verhältnisse jedenfalls. Siehe Win2000-DDK.


Magnum

  • Member
  • *****
  • Posts: 2390
Re: ntvdm.dll
« Reply #9 on: December 15, 2012, 05:48:14 AM »
yah - there are a number of undocumented API's
i read someplace that all MessageBox functions call that one, internally - lol

but, i was wondering about what useful functions might exist in NTVDM

Is that a windows DLL, if so open that puppy up and look thru it.

I am sure that searching thru DLLs etc. is a major source of W**d0w2 exploits.

I have found this advanced search to be real good.

It's will narrow your search down.

http://us.yhs4.search.yahoo.com/web/advanced?ei=UTF-8&fr=altavista&p=
Take care,
                   Andy

Ubuntu-mate-18.04-desktop-amd64

http://www.goodnewsnetwork.org

dedndave

  • Member
  • *****
  • Posts: 8828
  • Still using Abacus 2.0
    • DednDave
Re: ntvdm.dll
« Reply #10 on: December 15, 2012, 06:02:34 AM »
hi Andy

i can use the dependancy walker to find the function names
i was just too lazy   :lol:

Erol did it for us - if you look at his attachment, he created a .DEF file

anyways, you might like this...

http://www.dependencywalker.com/

jj2007

  • Member
  • *****
  • Posts: 13347
  • Assembly is fun ;-)
    • MasmBasic
Re: ntvdm.dll
« Reply #11 on: December 15, 2012, 06:42:46 AM »
Folgendes in deutsch wg. Deiner lausigen Englischkenntnisse

Dankeschoen, Andreas. Man kann halt immer was von Dir lernen :t

Magnum

  • Member
  • *****
  • Posts: 2390
Re: ntvdm.dll
« Reply #12 on: December 15, 2012, 07:17:51 AM »
Dave,

I was referring to searching the internet for all the undocumented functions in various dlls, etc.  :t

Andy
Take care,
                   Andy

Ubuntu-mate-18.04-desktop-amd64

http://www.goodnewsnetwork.org

dedndave

  • Member
  • *****
  • Posts: 8828
  • Still using Abacus 2.0
    • DednDave
Re: ntvdm.dll
« Reply #13 on: December 15, 2012, 07:20:30 AM »
http://undocumented.ntinternals.net/aindex.html

i tend not to use them
i usually try to find a documented way to do it
there are a few things, though   :P

Magnum

  • Member
  • *****
  • Posts: 2390
Re: ntvdm.dll
« Reply #14 on: December 15, 2012, 07:24:07 AM »
Jeder macht Fehler.

Take care,
                   Andy

Ubuntu-mate-18.04-desktop-amd64

http://www.goodnewsnetwork.org