News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

Converting 16bit to 32bit(str_remove program)

Started by Syre Lancaster, October 05, 2013, 03:09:43 AM

Previous topic - Next topic

nidud

#15
deleted

sinsi

The ABI is the mechanics of doing an API call, in Windows it filters down to an INT, same for Linux, same for DOS.
Quote from: japhethThe Win32 ABI is a M$ invention - so M$ just followed their own ABI.
In this instance japheth is correct. The OS defines the ABI.

ps, do we really need the M$ crap? It gets tiresome...

nidud

#17
deleted

Paulo

Quote from: sinsi on October 05, 2013, 09:11:10 PM
The ABI is the mechanics of doing an API call, in Windows it filters down to an INT, same for Linux, same for DOS.

I'm intrigued, I know that in 16 bit DOS apps we have BIOS and DOS INTs and in Linux INT 80h is used,
but how does this apply to Win32?

sinsi

To make a ring3 to ring0 call you would use an interrupt gate, the NT calls boil down to loading the registers and an INT (2D maybe?).

dedndave

for the most part, however, we call windows functions by pushing values on the stack and using CALL
the assembler has an internal macro named INVOKE to do this
    INVOKE  WriteFile,hFile,offset buffer,nNumberOfBytes,offset NumberOfBytesWritten,NULL

this is how WriteFile is defined for C
BOOL WINAPI WriteFile(
  _In_         HANDLE hFile,
  _In_         LPCVOID lpBuffer,
  _In_         DWORD nNumberOfBytesToWrite,
  _Out_opt_    LPDWORD lpNumberOfBytesWritten,
  _Inout_opt_  LPOVERLAPPED lpOverlapped
);

http://msdn.microsoft.com/en-us/library/windows/desktop/aa365747%28v=vs.85%29.aspx

there are some 10 to 100 thousand such functions
not as easy to memorize as the DOS interrupts, but much more powerful   :P

Paulo

@sinsi

OK INT3h is used for debugging and INT 2dh mostly for drivers?
Are there others that are used for a "normal" user mode app running at Ring3
or as dedndave writes we simply push onto the stack and call the required API?

I have used INT3h many times and am comfortable with the Windows API, but never heard of other INTs
hence the reason for asking.

dedndave

the win32 ABI becomes more evident when you start writing GUI applications
the OS sends messages to your window by calling a WndProc function that is defined by you
you must obey the rules of the ABI when handling these messages
so - if you want to call a function from WndProc, that function should obey the rules

Paulo

OK but how does the ABI relate to INTs and which ones?
That is the part I don't understand.
Are you saying that Windows messages are INT based?

dedndave

well - in 16-bit DOS - there was a different ABI - not sure it was ever called that
you passed values in registers and, in some cases, certain registers were preserved
then, you call the function with INT

the use of INT may be internal to some win32 functions
truthfully, i don't know how much INT's are used by the OS
probably used more for "housekeeping" operations than anything

for win32, you can more-or-less forget about INT's
you will use INT 3 for debugging
but, unless you are writing drivers, that's about all you'll see of them

Paulo

Still not clear on how INTs relate to Win32.

In DOS we do like so:



        MOV AH,9
        INT 21H
        RET


and in Linux (32 bit CLI app):


section     .text
global      _start                              ;must be declared for linker (ld)

_start:                                         ;tell linker entry point

mov     edx,len                             ;message length
mov     ecx,msg                             ;message to write
mov     ebx,1                               ;file descriptor (stdout)
mov     eax,4                               ;system call number (sys_write)
int     0x80                                ;call kernel

mov     eax,1                               ;system call number (sys_exit)
int     0x80                                ;call kernel

section     .data

msg     db  'Hello, world!',0xa                 ;our string
len     equ $ - msg                             ;length of our string


But in Win32, I have only ever seen the use of the API, pushing onto the stack and calling.

sinsi

Eventually you need to get to ring0, this is the true windows kernel e.g. your exe calls a function in kernel32.dll which calls a function in ntdll.dll which calls a function in...until you get to the lowest user level. then it's load the regs and perform an int.
Ring3 to ring0 is expensive as far as cycles go so a lot of user-type information is cached, it stays in userland.

Paulo

@dedndave

OK got it, you updated your previous post after I wrote mine.

@sinsi

I understand that certain functions require Ring0, which normally use NTDLL but other then that?


GoneFishing

#28
...

dedndave

sorry about that, Paulo
i am an old fart - seems like everything is an afterthought - lol