how uses the functions of ntdll?

[RHL]

hello to all :)
and wanted to use the library functions ntdll
I have this code but do not achieve it and use any
I could help as well would please

Code Select Expand

.386
.model flat,stdcall
include windows.inc
include kernel32.inc
include ntdll.inc

includelib kernel32.lib
includelib ntdll.lib

.data
dat dd ?
.code
main:

invoke Nt... ; call function

end main

[donkey]

Well you have the inc and lib so you should be able to call the function via invoke. I have attached the version on my machine because I seem to remember there was an issue with the names in the masm32 version though I'm probably mistaken about that.

[RHL]

Thanks man!
and tried but could not and still
attempt to call the functions NT ... For example, function ntopenprocess and all those beginning with the letters nt :/

[qWord]

What is the problem? assembling, linking, runtime?

[RHL]

I am using as IDE the radasm and the time to write a native function that begins with the letters "nt" no I get the functions suggestion,
however if you write such RtlMoveMemory invoke ... If you show me the suggestion of the parameters

if someone could use for example the native api NTopenprocess?  :(

[donkey]

RadAsm does not have code completion for every possible API function, you can find the list in the winasmapi.api file in the API folder. However you can just type in the function and assemble it and it will still work fine. For NtOpenProcess use the parameters for ZwOpenProcess.

[RHL]

Very thaks!  :green
I have worked:

Code Select Expand


mov v1,PROCESS_ALL_ACCESS
invoke NtOpenProcess,addr h,v1,addr dat1,addr dat2