News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests

Main Menu

ntvdm.dll

Started by nidud, December 14, 2012, 10:00:21 PM

Previous topic - Next topic

nidud

deleted

dedndave

are there any documented functions in there ?   :P
i am curious
i thought the primary purpose of NTVDM is to run 16-bit programs under a 32-bit environment

jj2007

Quote from: dedndave on December 15, 2012, 02:56:49 AM
are there any documented functions in there ?   :P

Check the exports of C:\Windows\System32\wow32.dll ...

The following functions are exported by this dll:
CopyDropFilesFrom16   CopyDropFilesFrom32   GetCommHandle   GetCommShadowMSR
W32Dispatch   W32HungAppNotifyThread   W32Init   WOW32DriverCallback
WOW32ResolveHandle   WOW32ResolveMemory   WOWCallback16   WOWCallback16Ex
WOWDirectedYield16   WOWFreeMetafile   WOWGetVDMPointer   WOWGetVDMPointerFix
WOWGetVDMPointerUnfix   WOWGlobalAlloc16   WOWGlobalAllocLock16   WOWGlobalFree16
WOWGlobalLock16   WOWGlobalLockSize16   WOWGlobalUnlock16   WOWGlobalUnlockFree16
WOWHandle16   WOWHandle32   WOWUseMciavi16   WOWYield16
http://www.win7dll.info/wow32_dll.html

Magnum

Dave,

Here is an undocumented item.

It's comes in handy to give a message without requiring any user input.

Andy


invoke MessageBoxTimeout,NULL,ADDR msg_No, NULL, MB_OK or MB_SETFOREGROUND or MB_SYSTEMMODAL or MB_ICONWARNING,NULL,2000 ; close after 2 seconds

Take care,
                   Andy

Ubuntu-mate-18.04-desktop-amd64

http://www.goodnewsnetwork.org

dedndave

yah - there are a number of undocumented API's
i read someplace that all MessageBox functions call that one, internally - lol

but, i was wondering about what useful functions might exist in NTVDM

Vortex

Hi nidud,

Here is my version of the import library. It has a much more small size of 32 Kb. Kindly, could you test it?

jj2007

The functions in this section are 32-bit WOW API elements exported by WOW32.DLL.
WOWCallback16
 
DWORD WINAPI WOWCallback16(DWORD vpfn16, DWORD dwParam);

Used in 32-bit code called from 16-bit code (through generic thunks) to call back to the 16-bit side (generic callback).
·        The return value comes from the callback routine. If the callback routine returns a WORD types instead of a DWORD types, the upper 16 bits of the return value are undefined. If the callback routine has no return value, the entire return value of this function is undefined.
 
vpfn16
Pointer to 16-bit callback routine, which is passed from the 16-bit side.
dwParam
Parameter for the 16-bit callback routine.
This function will not work when called in a 32-bit process.
The 16-bit function to be called must be declared with one of the following types.
 
   LONG FAR PASCAL CallbackRoutine(DWORD dwParam);

   LONG FAR PASCAL CallbackRoutine(VOID FAR *vp);
 
The type used is determined by whether the parameter is a pointer.
If you are passing a pointer, you will need to get the pointer by using either the WOWGlobalAlloc16 or WOWGlobalAllocLock16 function.

More attached ;-)

dedndave

"_WaitIfIdle@0"
"_call_ica_hw_interrupt@12"

those look interesting   :P
along with maybe some of the debug ones

japheth

Quote from: jj2007 on December 15, 2012, 03:19:32 AM
Check the exports of C:\Windows\System32\wow32.dll ...

Folgendes in deutsch wg. Deiner lausigen Englischkenntnisse:

Falsche Baustelle. Das ist die NT Win16-Emulation. NTVDM ist ein v86-Monitor zur DOS-Emulation - und auch soweit ganz gut dokumentiert - für MS-Verhältnisse jedenfalls. Siehe Win2000-DDK.


Magnum

Quote from: dedndave on December 15, 2012, 05:16:58 AM
yah - there are a number of undocumented API's
i read someplace that all MessageBox functions call that one, internally - lol

but, i was wondering about what useful functions might exist in NTVDM

Is that a windows DLL, if so open that puppy up and look thru it.

I am sure that searching thru DLLs etc. is a major source of W**d0w2 exploits.

I have found this advanced search to be real good.

It's will narrow your search down.

http://us.yhs4.search.yahoo.com/web/advanced?ei=UTF-8&fr=altavista&p=
Take care,
                   Andy

Ubuntu-mate-18.04-desktop-amd64

http://www.goodnewsnetwork.org

dedndave

hi Andy

i can use the dependancy walker to find the function names
i was just too lazy   :lol:

Erol did it for us - if you look at his attachment, he created a .DEF file

anyways, you might like this...

http://www.dependencywalker.com/

jj2007

Quote from: japheth on December 15, 2012, 05:26:35 AM
Folgendes in deutsch wg. Deiner lausigen Englischkenntnisse

Dankeschoen, Andreas. Man kann halt immer was von Dir lernen :t

Magnum

Dave,

I was referring to searching the internet for all the undocumented functions in various dlls, etc.  :t

Andy
Take care,
                   Andy

Ubuntu-mate-18.04-desktop-amd64

http://www.goodnewsnetwork.org

dedndave

http://undocumented.ntinternals.net/aindex.html

i tend not to use them
i usually try to find a documented way to do it
there are a few things, though   :P

Magnum

Take care,
                   Andy

Ubuntu-mate-18.04-desktop-amd64

http://www.goodnewsnetwork.org