hi all
how do i link the nt native calls if i have to use them. Somebody told me
to include extern __declspec(dllexport) NtXxx
But when i do a build then they come out as unresolved external synbols
Any specific libraries to be included ??
thanks
Mayank
Hello Mayank,
Wednesday, July 2, 2003, 1:01:38 PM, you wrote:
MK> hi all
MK> how do i link the nt native calls if i have to use them. Somebody told me
MK> to include extern __declspec(dllexport) NtXxx
MK> But when i do a build then they come out as unresolved external synbols
MK> Any specific libraries to be included ??
MK> thanks
MK> Mayank
Mistake, use ZwXxx routines…
MK> —
MK> You are currently subscribed to ntdev as: xxxxx@nadatel.com
MK> To unsubscribe send a blank email to xxxxx@lists.osr.com
–
Best regards,
Michael mailto:xxxxx@nadatel.com
The only library against you have to link is ntoskrnl.lib, which is by
default linked by the build environment for device drivers. However,
you must pay attention to the calling conventions, because declaring a
function stdcall, cdecl, or fastcall will rsult in different names
being generated in the object file. Those are elementary questions you
ask. Stick to whats documented in DDK, untill you really understand
whats going on.
As for the rest, not all system calls are exported by ntoskrnl.exe,
ans there is a good reson for this. You dont have to / you cant use
them in kernel mode. For example your ZwSupsendThread() is not
exported by kernel. ntdll.dll do export all sycalls, but thats a user
mode dynalink library and you cant link a device driver against it.
MK> hi all
MK> how do i link the nt native calls if i have to use them. Somebody told me
MK> to include extern __declspec(dllexport) NtXxx
MK> But when i do a build then they come out as unresolved external synbols
MK> Any specific libraries to be included ??
MK> thanks
MK> Mayank
MK> —
MK> You are currently subscribed to ntdev as: xxxxx@rdsor.ro
MK> To unsubscribe send a blank email to xxxxx@lists.osr.com
–
Best regards,
Dan mailto:xxxxx@rdsor.ro
hi michael
the problem still persists after changing to ZwXxx routines in declspec
definition
thanks
Mayank
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Michael
Sent: Wednesday, July 02, 2003 7:34 PM
To: NT Developers Interest List
Subject: [ntdev] Re: how to link native nt calls with the driver
Hello Mayank,
Wednesday, July 2, 2003, 1:01:38 PM, you wrote:
MK> hi all
MK> how do i link the nt native calls if i have to use them. Somebody told
me
MK> to include extern __declspec(dllexport) NtXxx
MK> But when i do a build then they come out as unresolved external synbols
MK> Any specific libraries to be included ??
MK> thanks
MK> Mayank
Mistake, use ZwXxx routines…
MK> —
MK> You are currently subscribed to ntdev as: xxxxx@nadatel.com
MK> To unsubscribe send a blank email to xxxxx@lists.osr.com
–
Best regards,
Michael mailto:xxxxx@nadatel.com
You are currently subscribed to ntdev as:
xxxxx@intersolutions.stpn.soft.net
To unsubscribe send a blank email to xxxxx@lists.osr.com
M> Mistake, use ZwXxx routines…
NtXxxx variants are exported by ntoskrnl. There is just a subtle
difference between using a ZwXxx and a NtxxxXxx variant, mainly the
Ntxxx variant never alter the thread previous mode. This have a great
deal of impact on validation of the parameters passed to most calls.
–
Best regards,
Dan mailto:xxxxx@rdsor.ro
Hi,
Try to Use ZwXxxx routines to do that… Good luck!
Best regards,
Michael
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.
osr.com] On Behalf Of Mayank Kumar
Sent: 2003??7??2?? 17:02
To: NT Developers Interest List
Subject: [ntdev] how to link native nt calls with the driver
hi all
how do i link the nt native calls if i have to use them. Somebody told
me
to include extern __declspec(dllexport) NtXxx
But when i do a build then they come out as unresolved external synbols
Any specific libraries to be included ??
thanks
Mayank
You are currently subscribed to ntdev as: xxxxx@neouza.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Hello Dan,
Wednesday, July 2, 2003, 1:12:44 PM, you wrote:
DP> The only library against you have to link is ntoskrnl.lib, which is by
DP> default linked by the build environment for device drivers. However,
DP> you must pay attention to the calling conventions, because declaring a
DP> function stdcall, cdecl, or fastcall will rsult in different names
DP> being generated in the object file. Those are elementary questions you
DP> ask. Stick to whats documented in DDK, untill you really understand
DP> whats going on.
DP> As for the rest, not all system calls are exported by ntoskrnl.exe,
DP> ans there is a good reson for this. You dont have to / you cant use
DP> them in kernel mode. For example your ZwSupsendThread() is not
DP> exported by kernel. ntdll.dll do export all sycalls, but thats a user
DP> mode dynalink library and you cant link a device driver against it.
I’m not agree. You can use all ZwXxx routines in kernel even if they
are not exported by ntoskrnl.exe or ntdll.dll. For example you may use
them as:
extern __declspec(dllexport/dllimport) _stdcall/_cdecl ZwXxx
or directly through SSDT.
All ways are well documented and safe.
As I already said - inside the kernel you are like a God, you can do
everything you want.
–
Best regards,
Michael mailto:xxxxx@nadatel.com
Hello Mayank,
Wednesday, July 2, 2003, 1:17:09 PM, you wrote:
Your pice of code pls …
MK> hi michael
MK> the problem still persists after changing to ZwXxx routines in declspec
MK> definition
MK> thanks
MK> Mayank
MK> -----Original Message-----
MK> From: xxxxx@lists.osr.com
MK> [mailto:xxxxx@lists.osr.com]On Behalf Of Michael
MK> Sent: Wednesday, July 02, 2003 7:34 PM
MK> To: NT Developers Interest List
MK> Subject: [ntdev] Re: how to link native nt calls with the driver
MK> Hello Mayank,
MK> Wednesday, July 2, 2003, 1:01:38 PM, you wrote:
MK>> hi all
MK>> how do i link the nt native calls if i have to use them. Somebody told
MK> me
MK>> to include extern __declspec(dllexport) NtXxx
MK>> But when i do a build then they come out as unresolved external synbols
MK>> Any specific libraries to be included ??
MK>> thanks
MK>> Mayank
MK> Mistake, use ZwXxx routines…
MK>> —
MK>> You are currently subscribed to ntdev as: xxxxx@nadatel.com
MK>> To unsubscribe send a blank email to xxxxx@lists.osr.com
MK> –
MK> Best regards,
MK> Michael mailto:xxxxx@nadatel.com
MK> —
MK> You are currently subscribed to ntdev as:
MK> xxxxx@intersolutions.stpn.soft.net
MK> To unsubscribe send a blank email to xxxxx@lists.osr.com
MK> —
MK> You are currently subscribed to ntdev as: xxxxx@nadatel.com
MK> To unsubscribe send a blank email to xxxxx@lists.osr.com
–
Best regards,
Michael mailto:xxxxx@nadatel.com
tried this also and still the problem persists
is thery anybody who has used Native calls like Ntxx or Zwxx
and for that what method has he used. Remember that i am talking
about undocumented calls
thanks
Mayank
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Michael
Sent: Wednesday, July 02, 2003 7:50 PM
To: NT Developers Interest List
Subject: [ntdev] Re: how to link native nt calls with the driver
Hello Dan,
Wednesday, July 2, 2003, 1:12:44 PM, you wrote:
DP> The only library against you have to link is ntoskrnl.lib, which is by
DP> default linked by the build environment for device drivers. However,
DP> you must pay attention to the calling conventions, because declaring a
DP> function stdcall, cdecl, or fastcall will rsult in different names
DP> being generated in the object file. Those are elementary questions you
DP> ask. Stick to whats documented in DDK, untill you really understand
DP> whats going on.
DP> As for the rest, not all system calls are exported by ntoskrnl.exe,
DP> ans there is a good reson for this. You dont have to / you cant use
DP> them in kernel mode. For example your ZwSupsendThread() is not
DP> exported by kernel. ntdll.dll do export all sycalls, but thats a user
DP> mode dynalink library and you cant link a device driver against it.
I’m not agree. You can use all ZwXxx routines in kernel even if they
are not exported by ntoskrnl.exe or ntdll.dll. For example you may use
them as:
extern __declspec(dllexport/dllimport) _stdcall/_cdecl ZwXxx
or directly through SSDT.
All ways are well documented and safe.
As I already said - inside the kernel you are like a God, you can do
everything you want.
–
Best regards,
Michael mailto:xxxxx@nadatel.com
You are currently subscribed to ntdev as:
xxxxx@intersolutions.stpn.soft.net
To unsubscribe send a blank email to xxxxx@lists.osr.com
Hello Michael,
Well, declaring them as extern declspec(dllimport) wont gain you
nothing if you try to link against a library which do not export those
APIs. Im sure you realize this. As for fetching a SSDT pointer to use an
unexported routine, this works of course, but you need to know the Id of
the Zw call you are trying to fetch. And to get run-time the Id, you
might have again to use undocumented sycalls.
> All ways are well documented and safe.
Well, the Nt native API is not officialy documented in totality
anywhere. Second, there are native APIs which are unsafe to call from
kernel mode and can cause problems.
Ya, you said that in kernel your just a God. This mentality leads to
to improper written drivers, which cause more problems than provide
real solutions. “Godlike” developers, with very few exceptions only
give to the rest of the device driver community grief. You should not
advice ppl to stick to undocumented solutions as long there are
documented, clean ways to accomplish what you want.
Stick to whats documented, especially if you cant figure out why your driver dont
link corectly. As This guy said earlier, he wants to use
Supsend / Resume on system threads, gimme a break, there are 1001 better
methods to implement a worker thread mechanism.
M> I’m not agree. You can use all ZwXxx routines in kernel even if they
M> are not exported by ntoskrnl.exe or ntdll.dll. For example you may use
M> them as:
M> extern __declspec(dllexport/dllimport) _stdcall/_cdecl ZwXxx
M> or directly through SSDT.
M> All ways are well documented and safe.
M> As I already said - inside the kernel you are like a God, you can do
M> everything you want.
–
Best regards,
Dan mailto:xxxxx@rdsor.ro
Hello Mayank,
Wednesday, July 2, 2003, 1:54:53 PM, you wrote:
MK> tried this also and still the problem persists
MK> is thery anybody who has used Native calls like Ntxx or Zwxx
MK> and for that what method has he used. Remember that i am talking
MK> about undocumented calls
MK> thanks
MK> Mayank
Show us your pice of code… I don’t understand why do you have such
problems. Everything is easy.
–
Best regards,
Michael mailto:xxxxx@nadatel.com
Hi Michael
i am using the following lines in a header file
extern __declspec(dllexport) _stdcall NtResumeThread();
i have tried both _stdcall and _cdecl and still the problem is there
the Sources file contains:-
TARGETLIBS=$(DDK_LIB_PATH)\ndis.lib \
$(DDK_LIB_PATH)\ntoskrnl.lib
and the source files just make a call to these .
i have tried both the Zw as well as Nt calls
i am building a ndis 5.0 driver under the checked build environment
and building it using build -czw
thanks
Mayank
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Michael
Sent: Wednesday, July 02, 2003 8:25 PM
To: NT Developers Interest List
Subject: [ntdev] Re: how to link native nt calls with the driver
Hello Mayank,
Wednesday, July 2, 2003, 1:54:53 PM, you wrote:
MK> tried this also and still the problem persists
MK> is thery anybody who has used Native calls like Ntxx or Zwxx
MK> and for that what method has he used. Remember that i am talking
MK> about undocumented calls
MK> thanks
MK> Mayank
Show us your pice of code… I don’t understand why do you have such
problems. Everything is easy.
–
Best regards,
Michael mailto:xxxxx@nadatel.com
You are currently subscribed to ntdev as:
xxxxx@intersolutions.stpn.soft.net
To unsubscribe send a blank email to xxxxx@lists.osr.com
Hello Mayank,
Wednesday, July 2, 2003, 11:26:16 AM, you wrote:
MK> Hi Michael
MK> i am using the following lines in a header file
MK> extern __declspec(dllexport) _stdcall NtResumeThread();
MK> i have tried both _stdcall and _cdecl and still the problem is there
MK> the Sources file contains:-
MK> TARGETLIBS=$(DDK_LIB_PATH)\ndis.lib \
MK> $(DDK_LIB_PATH)\ntoskrnl.lib
MK> and the source files just make a call to these .
MK> i have tried both the Zw as well as Nt calls
MK> i am building a ndis 5.0 driver under the checked build environment
MK> and building it using build -czw
MK> thanks
MK> Mayank
MK> -----Original Message-----
MK> From: xxxxx@lists.osr.com
MK> [mailto:xxxxx@lists.osr.com]On Behalf Of Michael
MK> Sent: Wednesday, July 02, 2003 8:25 PM
MK> To: NT Developers Interest List
MK> Subject: [ntdev] Re: how to link native nt calls with the driver
MK> Hello Mayank,
MK> Wednesday, July 2, 2003, 1:54:53 PM, you wrote:
MK>> tried this also and still the problem persists
MK>> is thery anybody who has used Native calls like Ntxx or Zwxx
MK>> and for that what method has he used. Remember that i am talking
MK>> about undocumented calls
MK>> thanks
MK>> Mayank
MK> Show us your pice of code… I don’t understand why do you have such
MK> problems. Everything is easy.
MK> –
MK> Best regards,
MK> Michael mailto:xxxxx@nadatel.com
MK> —
MK> You are currently subscribed to ntdev as:
MK> xxxxx@intersolutions.stpn.soft.net
MK> To unsubscribe send a blank email to xxxxx@lists.osr.com
dint I told you once that ZwSuspendThread is not exported by ntoskrnl
? Whatever Michale tells you, decalring this function in any way wont
gain you norhing. Your chasing pink ghosts. As for the way you declare
APIs, I recomad you to learn basic C language first, then try to write
a NT device driver.
you can decalre it anyway you want, it simply woint work this way.
And beleive me, you dont want to call this API on system threads.
MK> —
MK> You are currently subscribed to ntdev as: xxxxx@rdsor.ro
MK> To unsubscribe send a blank email to xxxxx@lists.osr.com
–
Best regards,
Dan mailto:xxxxx@rdsor.ro
hi Dan
Ok then can u tell me what is the way out. If michael says that he has done
it like this
then probably there is a way. And yes i am surely a newbie to drivers but
not to the C language.
Instead of being impatient if u can just point the mistake in declaration
that would be great.
thanks
Mayank
dint I told you once that ZwSuspendThread is not exported by ntoskrnl
? Whatever Michale tells you, decalring this function in any way wont
gain you norhing. Your chasing pink ghosts. As for the way you declare
APIs, I recomad you to learn basic C language first, then try to write
a NT device driver.
you can decalre it anyway you want, it simply woint work this way.
And beleive me, you dont want to call this API on system threads.
MK> —
MK> You are currently subscribed to ntdev as: xxxxx@rdsor.ro
MK> To unsubscribe send a blank email to xxxxx@lists.osr.com
–
Best regards,
Dan mailto:xxxxx@rdsor.ro
You are currently subscribed to ntdev as:
xxxxx@intersolutions.stpn.soft.net
To unsubscribe send a blank email to xxxxx@lists.osr.com
Hello Dan,
Yeap, in particular this procedure ZwResumeThread may be used only via
SSDT pointer.
Smth like that:
ZwResumeThreadProc = KeServiceDescriptorTable.ServiceTableBase[ZwResumeThreadId];
where ZwResumeThreadId = 0x0B5
then:
ZwResumeThreadProc(…);
Regards,
Michael
PS: but I think that Dan is right, there is a “documented” way to
solve your problem.
Wednesday, July 2, 2003, 2:48:12 PM, you wrote:
DP> Hello Mayank,
DP> Wednesday, July 2, 2003, 11:26:16 AM, you wrote:
MK>> Hi Michael
MK>> i am using the following lines in a header file
MK>> extern __declspec(dllexport) _stdcall NtResumeThread();
MK>> i have tried both _stdcall and _cdecl and still the problem is there
MK>> the Sources file contains:-
MK>> TARGETLIBS=$(DDK_LIB_PATH)\ndis.lib \
MK>> $(DDK_LIB_PATH)\ntoskrnl.lib
MK>> and the source files just make a call to these .
MK>> i have tried both the Zw as well as Nt calls
MK>> i am building a ndis 5.0 driver under the checked build environment
MK>> and building it using build -czw
MK>> thanks
MK>> Mayank
MK>> -----Original Message-----
MK>> From: xxxxx@lists.osr.com
MK>> [mailto:xxxxx@lists.osr.com]On Behalf Of Michael
MK>> Sent: Wednesday, July 02, 2003 8:25 PM
MK>> To: NT Developers Interest List
MK>> Subject: [ntdev] Re: how to link native nt calls with the driver
MK>> Hello Mayank,
MK>> Wednesday, July 2, 2003, 1:54:53 PM, you wrote:
MK>>> tried this also and still the problem persists
MK>>> is thery anybody who has used Native calls like Ntxx or Zwxx
MK>>> and for that what method has he used. Remember that i am talking
MK>>> about undocumented calls
MK>>> thanks
MK>>> Mayank
MK>> Show us your pice of code… I don’t understand why do you have such
MK>> problems. Everything is easy.
MK>> –
MK>> Best regards,
MK>> Michael mailto:xxxxx@nadatel.com
MK>> —
MK>> You are currently subscribed to ntdev as:
MK>> xxxxx@intersolutions.stpn.soft.net
MK>> To unsubscribe send a blank email to xxxxx@lists.osr.com
DP> dint I told you once that ZwSuspendThread is not exported by ntoskrnl
DP> ? Whatever Michale tells you, decalring this function in any way wont
DP> gain you norhing. Your chasing pink ghosts. As for the way you declare
DP> APIs, I recomad you to learn basic C language first, then try to write
DP> a NT device driver.
DP> you can decalre it anyway you want, it simply woint work this way.
DP> And beleive me, you dont want to call this API on system threads.
MK>> —
MK>> You are currently subscribed to ntdev as: xxxxx@rdsor.ro
MK>> To unsubscribe send a blank email to xxxxx@lists.osr.com
–
Best regards,
Michael mailto:xxxxx@nadatel.com
Hi all
then can somebody tell me that what’s a good way of suspending/resuming a
thread both from within the threads context
as well as from outside the threads context.
Can there be a single way of accomplishing both
thanks
Mayank
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Michael
Sent: Wednesday, July 02, 2003 9:27 PM
To: NT Developers Interest List
Subject: [ntdev] Re: how to link native nt calls with the driver
Hello Dan,
Yeap, in particular this procedure ZwResumeThread may be used only via
SSDT pointer.
Smth like that:
ZwResumeThreadProc =
KeServiceDescriptorTable.ServiceTableBase[ZwResumeThreadId];
where ZwResumeThreadId = 0x0B5
then:
ZwResumeThreadProc(…);
Regards,
Michael
PS: but I think that Dan is right, there is a “documented” way to
solve your problem.
Wednesday, July 2, 2003, 2:48:12 PM, you wrote:
DP> Hello Mayank,
DP> Wednesday, July 2, 2003, 11:26:16 AM, you wrote:
MK>> Hi Michael
MK>> i am using the following lines in a header file
MK>> extern __declspec(dllexport) _stdcall NtResumeThread();
MK>> i have tried both _stdcall and _cdecl and still the problem is there
MK>> the Sources file contains:-
MK>> TARGETLIBS=$(DDK_LIB_PATH)\ndis.lib \
MK>> $(DDK_LIB_PATH)\ntoskrnl.lib
MK>> and the source files just make a call to these .
MK>> i have tried both the Zw as well as Nt calls
MK>> i am building a ndis 5.0 driver under the checked build environment
MK>> and building it using build -czw
MK>> thanks
MK>> Mayank
MK>> -----Original Message-----
MK>> From: xxxxx@lists.osr.com
MK>> [mailto:xxxxx@lists.osr.com]On Behalf Of Michael
MK>> Sent: Wednesday, July 02, 2003 8:25 PM
MK>> To: NT Developers Interest List
MK>> Subject: [ntdev] Re: how to link native nt calls with the driver
MK>> Hello Mayank,
MK>> Wednesday, July 2, 2003, 1:54:53 PM, you wrote:
MK>>> tried this also and still the problem persists
MK>>> is thery anybody who has used Native calls like Ntxx or Zwxx
MK>>> and for that what method has he used. Remember that i am talking
MK>>> about undocumented calls
MK>>> thanks
MK>>> Mayank
MK>> Show us your pice of code… I don’t understand why do you have such
MK>> problems. Everything is easy.
MK>> –
MK>> Best regards,
MK>> Michael mailto:xxxxx@nadatel.com
MK>> —
MK>> You are currently subscribed to ntdev as:
MK>> xxxxx@intersolutions.stpn.soft.net
MK>> To unsubscribe send a blank email to xxxxx@lists.osr.com
DP> dint I told you once that ZwSuspendThread is not exported by ntoskrnl
DP> ? Whatever Michale tells you, decalring this function in any way wont
DP> gain you norhing. Your chasing pink ghosts. As for the way you declare
DP> APIs, I recomad you to learn basic C language first, then try to write
DP> a NT device driver.
DP> you can decalre it anyway you want, it simply woint work this way.
DP> And beleive me, you dont want to call this API on system threads.
MK>> —
MK>> You are currently subscribed to ntdev as: xxxxx@rdsor.ro
MK>> To unsubscribe send a blank email to xxxxx@lists.osr.com
–
Best regards,
Michael mailto:xxxxx@nadatel.com
You are currently subscribed to ntdev as:
xxxxx@intersolutions.stpn.soft.net
To unsubscribe send a blank email to xxxxx@lists.osr.com
If you want your own work queues , you should do what I pointed you
first time, search www.osronline.com for their work queeue articles.
Here is the link:
http://www.osronline.com/article.cfm?id=65
Remember , you have to register ,free of charge, to gain access to
this article. It shows you a basic implementation of a work queue,
and from where you can figure out how to use EVENT objects to
block / release a thread.
Never resort on using undoc techniques for things which can be
extremly simple to be done in a different, legal way. Some ppl
on this list already told you to use event objects to accomplish
what you want. follow the advice of the ppl on this list , they know
what they are talking about. Im not impatient, but you was told
already how you should solve your problem using events, and not
resorting to things like suspend resume thread.
As for your C knowledge anyone should know that a function declaration
in C language must include the parameters and return value type as
well.
so the correct declaration for ZwSuspendThread is:
NTSYSAPI
NTSTATUS
NTAPI ZwSuspendThread(
IN HANDLE ThreadHandle,
OUT PULONG PreviousSuspendCount OPTIONAL
);
and not by a long shoot something like extern __declspec(whatever)ZwSuspendThread()
Hello Dan,
DP> so the correct declaration for ZwSuspendThread is:
DP> NTSYSAPI
DP> NTSTATUS
DP> NTAPI ZwSuspendThread(
DP> IN HANDLE ThreadHandle,
DP> OUT PULONG PreviousSuspendCount OPTIONAL
DP> );
DP> and not by a long shoot something like extern __declspec(whatever)ZwSuspendThread()
Don’t you wanna say that this is incorrect? 
extern __declspec(dllexport) NTSTATUS __stdcall ZwQuerySection (IN HANDLE SectionHandle,
IN SECTION_INFORMATION_CLASS SectionInformationClass,
OUT PVOID SectionInformation,
IN ULONG SectionInformationLength,
OUT PULONG ResultLength OPTIONAL);
exactly the same meaning as NTSYSAPI NTSTATUS NTAPI …
–
Best regards,
Michael mailto:xxxxx@nadatel.com
Except then you go and run this code on an XP machine and end up calling
NtRaiseException, because NtResumeThread is no longer at index 0xb5. You
don’t need this call and you’re just asking for your code to break by doing
things like this.
-scott
–
Scott Noone
Software Engineer
OSR Open Systems Resources, Inc.
http://www.osr.com
“Michael” wrote in message news:xxxxx@ntdev…
>
> Hello Dan,
>
> Yeap, in particular this procedure ZwResumeThread may be used only via
> SSDT pointer.
> Smth like that:
>
> ZwResumeThreadProc =
KeServiceDescriptorTable.ServiceTableBase[ZwResumeThreadId];
>
> where ZwResumeThreadId = 0x0B5
> then:
>
> ZwResumeThreadProc(…);
>
> Regards,
> Michael
>
> PS: but I think that Dan is right, there is a “documented” way to
> solve your problem.
>
> Wednesday, July 2, 2003, 2:48:12 PM, you wrote:
>
> DP> Hello Mayank,
>
> DP> Wednesday, July 2, 2003, 11:26:16 AM, you wrote:
>
> MK>> Hi Michael
>
> MK>> i am using the following lines in a header file
>
> MK>> extern __declspec(dllexport) _stdcall NtResumeThread();
>
> MK>> i have tried both _stdcall and _cdecl and still the problem is there
>
> MK>> the Sources file contains:-
> MK>> TARGETLIBS=$(DDK_LIB_PATH)\ndis.lib <br>> MK>> $(DDK_LIB_PATH)\ntoskrnl.lib
> MK>> and the source files just make a call to these .
> MK>> i have tried both the Zw as well as Nt calls
>
> MK>> i am building a ndis 5.0 driver under the checked build environment
> MK>> and building it using build -czw
>
> MK>> thanks
> MK>> Mayank
>
>
>
>
> MK>> -----Original Message-----
> MK>> From: xxxxx@lists.osr.com
> MK>> [mailto:xxxxx@lists.osr.com]On Behalf Of Michael
> MK>> Sent: Wednesday, July 02, 2003 8:25 PM
> MK>> To: NT Developers Interest List
> MK>> Subject: [ntdev] Re: how to link native nt calls with the driver
>
>
> MK>> Hello Mayank,
>
> MK>> Wednesday, July 2, 2003, 1:54:53 PM, you wrote:
>
> MK>>> tried this also and still the problem persists
> MK>>> is thery anybody who has used Native calls like Ntxx or Zwxx
> MK>>> and for that what method has he used. Remember that i am talking
> MK>>> about undocumented calls
> MK>>> thanks
> MK>>> Mayank
>
> MK>> Show us your pice of code… I don’t understand why do you have such
> MK>> problems. Everything is easy.
>
> MK>> –
> MK>> Best regards,
> MK>> Michael mailto:xxxxx@nadatel.com
>
>
>
>
> MK>> —
> MK>> You are currently subscribed to ntdev as:
> MK>> xxxxx@intersolutions.stpn.soft.net
> MK>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
> DP> dint I told you once that ZwSuspendThread is not exported by ntoskrnl
> DP> ? Whatever Michale tells you, decalring this function in any way wont
> DP> gain you norhing. Your chasing pink ghosts. As for the way you declare
> DP> APIs, I recomad you to learn basic C language first, then try to write
> DP> a NT device driver.
>
> DP> you can decalre it anyway you want, it simply woint work this way.
> DP> And beleive me, you dont want to call this API on system threads.
>
>
>
>
>
> MK>> —
> MK>> You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> MK>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
>
>
>
> –
> Best regards,
> Michael mailto:xxxxx@nadatel.com
>
>
>
>
>
>> Don’t you wanna say that this is incorrect?
Well, I do. Actually correct is __declspec(dllimport).
Sorry, but you asked for it 
And syscall IDs may be different from OS build to OS build, so
is a mistake to give out a numerical Id and say this is the Id for
whatever systemcall.
Wednesday, July 2, 2003, 5:59:11 PM, you wrote:
M> Hello Dan,
DP>> so the correct declaration for ZwSuspendThread is:
DP>> NTSYSAPI
DP>> NTSTATUS
DP>> NTAPI ZwSuspendThread(
DP>> IN HANDLE ThreadHandle,
DP>> OUT PULONG PreviousSuspendCount OPTIONAL
DP>> );
DP>> and not by a long shoot something like extern __declspec(whatever)ZwSuspendThread()
M> Don’t you wanna say that this is incorrect?
M> extern __declspec(dllexport) NTSTATUS __stdcall ZwQuerySection (IN HANDLE SectionHandle,
M> IN SECTION_INFORMATION_CLASS SectionInformationClass,
M> OUT PVOID SectionInformation,
M> IN ULONG SectionInformationLength,
M> OUT PULONG ResultLength OPTIONAL);
M> exactly the same meaning as NTSYSAPI NTSTATUS NTAPI …
–
Best regards,
Dan mailto:xxxxx@rdsor.ro