I can't find ntdll.inc and the ntdll.lib in no versions of masm32. Do anyone have a copy of them or know where they can be found.
Thanks in advance
Quote from: ic2 on December 08, 2006, 02:07:35 AM
I can't find ntdll.inc and the ntdll.lib in no versions of masm32. Do anyone have a copy of them or know where they can be found.
Thanks in advance
There are none because NTDLL is a sub-set of Kernel32.DLL....You need to know specifically what the NTDLL function requires before calling it.
If you are really interested in NTDLL.DLL usages, etc....You'll want to get the DDK (Device Driver Kit) so you can understand what NTDLL functions require. They aren't as simple as the higher level OS DLLs around. Also, ALL strings MUST be in UNICODE when calling any function in NTDLL.
Relvinian
not exactly true about the unicode thing, and api's are api's, no difference in simplicity once you learn how to use them, there are some issues with some of the ntdll api's requiring aligned data chunks (and/or chunks NOT from the stack), but thats easily discovered when using a debugger. most kernel api's end up in ntdll anyways.. so learning ntdll isn't really a bad thing, as it could help when optimising code etc..
The server 2003 DDK has a library for NTDLL.DLL. You will need to make an include file from it using the tools from the masm32 project or one of Erols conversion tools but its reasonably straight foeward if you need it. It is not part of the masm32 project because it is not a standard documented windows DLL and it is subject to change from one windows version to another.
hi ic2
you can find the ntdll.lib and ntdll.inc in KmdKit v1.8 by Four-F
http://www.freewebs.com/four-f/
and other wk2 & nt libarys for masm32
greets
ragdog
Hi ic2,
You can get ntdll.inc and ntdll.lib from here :
http://www.masm32.com/board/index.php?topic=2124.0
In such few words you explained it all so well, I often wonder what it was all about even though I never saw it inside masm32 inc. I never founded or hear any details about it until now.
Thanks Relvinian and ALL for such a hand full of serious help. I will be studying into it some day soon.
After a quick review of a the tips given here i understand why the masm32 project must to stick with the standards.
Be back after I learn how to do more if time or my brain don't chicken-out :) I always wanted to learn how to write a drivers anyway. Now I got an excuse to do so... WoW what a forum!!!
Thanks again
Quote from: evlncrn8 on December 08, 2006, 12:11:37 PM
not exactly true about the unicode thing, and api's are api's, no difference in simplicity once you learn how to use them, there are some issues with some of the ntdll api's requiring aligned data chunks (and/or chunks NOT from the stack), but thats easily discovered when using a debugger. most kernel api's end up in ntdll anyways.. so learning ntdll isn't really a bad thing, as it could help when optimising code etc..
That is NOT true...APIs are NOT APIs..
Take this code for example:
.data
myFile db 'c:\windows\system32\kernel32.dll', 0
.code
myFunc proc
invoke CreateFile, offset myFile, GENERIC_READ, FILE_SHARE_READ|FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL
invoke CloseHandle, eax
myFunc endp
This code will call the CreateFileA function in Kernel32.dll...That function will translate the string to UNICODE then call CreateFileW in Kernel32.dll. Once that has been done, CreateFileW calls ntCreateFile in ntdll.dll and then finally calls zwCreateFile in ntdll.dll. So, you can't just directly call a ntdll.dll function (which uses strings), as you would with higher level APIs because of the ANSI/UNICODE problems.
So, if you blinding assume APIs are APIs for both ANSI and UNICODE build when working with strings, you are SERIOUSLY mistaken.
Relvinian
im not what i meant was you have to understand the parameters for some of the apis and handle them (hence my 'apis are apis), but not all are ansi or unicode, some even return ansi data.. like hmm NtQuerySystemInformation for example..
and i know the operating system ntdll, kernel, user, etc pretty damned well so lets not try and turn this into a pissing contest by pasting code shall we?