Hello Scott,
Wednesday, July 2, 2003, 4:44:27 PM, you wrote:
SN> Except then you go and run this code on an XP machine and end up calling
SN> NtRaiseException, because NtResumeThread is no longer at index 0xb5. You
SN> don’t need this call and you’re just asking for your code to break by doing
SN> things like this.
SN> -scott
Sure! It was just basic example. To satisfy all 2K/XP/.NET it’s
necessary to use names for searching through SSDT.
–
Best regards,
Michael mailto:xxxxx@nadatel.com
“Mayank Kumar” wrote in message
news:xxxxx@ntdev…
>
> hi all
> how do i link the nt native calls if i have to use them. Somebody told me
> to include extern __declspec(dllexport) NtXxx
> But when i do a build then they come out as unresolved external synbols
> Any specific libraries to be included ??
> thanks
> Mayank
>
Lots of people are going to great lengths to show you how to declare the
function prototypes for undocumented ZwXxxx functions in preparation for
calling them.
I’d like to point out that all DOCUMENTED ZwXxxx functions already have
prototypes in ntddk.h. (Or in ntifs.h if you have the IFS kit. There are
many more functions documented in that one.) The normal DDK build
environment will already set up the right libraries to link with.
It’s certainly POSSIBLE to call undocumented ZwXxxx functions using an
assortment of tricks. However, be prepared for your code to break if the
uncodumented interfaces change. MS has no commitment to preserve the
semantics and behavior of undocumented interfaces. They’re even free to
remove them in future versions of Windows.
Carl
> Supsend / Resume on system threads, gimme a break, there are 1001
better
methods to implement a worker thread mechanism.
Thread suspend is evil, since it is very, very deadlock-prone. For
instance, Sun have removed this functionality from Java.
Max