4

I need to do a system call (syscall) in x86 assembly code that targets the Windows platform.

On Linux, I would just do something like int 0x80, but this doesn't work on Windows. What should the code look like to do a syscall on Windows?

(I am using AT&T syntax and writing 64-bit code, if it matters, but the answer should be the same for Intel syntax and 32-bit code.)

Cody Gray - on strike
  • 239,200
  • 50
  • 490
  • 574
Nikolskyy
  • 51
  • 2
  • 7
  • 2
    You will want to call WinAPI functions calls rather than making system calls directly. – Michael Petch Dec 04 '16 at 16:33
  • 2
    I find it very hard to believe that we do not have one already, but I haven't been able to find a duplicate target for this question. It gets asked pretty often, so maybe we should consider turning this one into a canonical question? Anyone with more intimate knowledge of the x86 tag than me know of one that I'm missing? I did find [this one](http://stackoverflow.com/questions/2489889) and [this one](http://stackoverflow.com/questions/21074334), but they are too focused on the NT Native (undocumented) APIs, which are irrelevant to the basic question of translating *NIX syscalls to Windows. – Cody Gray - on strike Dec 05 '16 at 13:02
  • 3
    BTW, for 64-bit code on Linux you should be using the 64-bit ABI via `syscall`, not the 32-bit ABI via `int $0x80`, since it clobbers r8-r15, truncates your pointers to 32-bit, and uses the 32-bit version of any structs. See links in the [x86 tag wiki](http://stackoverflow.com/tags/x86/info) for the calling convention and syscall numbers for `syscall`. (i.e. look in unistd_64.h) – Peter Cordes Dec 07 '16 at 07:02

1 Answers1

0

Windows don't allow you to use interrupts like you use on DOS or Linux. You need to call WinAPI or C library instead. On 32-bit operating systems you have NTVDM, that's virtual machine for DOS apps, that allows you to use int 21h. Note that programs that access disk at low level (using these interrupts) can be marked as a false positive. This is example call to windows function without using interrputs (altrough assembly on Windows is nonsense):

global  _main
    extern  _printf

    section .text
_main:
    push    message
    call    _printf
    add     esp, 4
    ret
message:
    db  'Hello, World', 10, 0
Kamila Szewczyk
  • 1,874
  • 1
  • 16
  • 33