Problem with int 2Eh sys call

OSR_Community_User · August 6, 2003, 7:53am

hello,
I am calling the following function from my VC++ Code instead of _NtUserCreateWindowEx@52 using _asm function.
But it crashes.Is i need to check any register values. From int 2EH it goes to some other invalid instruction.

mov eax,114Dh
lea edx,[esp+4]
int 2Eh

-Thomas

Sify Mail - now with Anti-virus protection powered by Trend Micro, USA.
Know more at http://mail.sify.com

Sify Power mail- a Premium Service from Sify Mail!
know more at http://mail.sify.com

Loren_Wilton · August 6, 2003, 8:28am

Why are you bypassing ntdll.dll? This is not generally a clever thing to do
unless you are writing a virus.

Loren

----- Original Message -----
From: “thomas mathew”
To: “Windows System Software Developers Interest List”
Sent: Wednesday, August 06, 2003 4:55 AM
Subject: [ntdev] Problem with int 2Eh sys call

> hello,
> I am calling the following function from my VC++ Code instead of
_NtUserCreateWindowEx@52 using _asm function.
> But it crashes.Is i need to check any register values. From int 2EH it
goes to some other invalid instruction.
>
> mov eax,114Dh
> lea edx,[esp+4]
> int 2Eh
>

OSR_Community_User · August 6, 2003, 9:02am

Hello,
Well i am not writing the virus any way.I need to pass the append
parameter and other stuff to the NtUserCreateWindow Sys call that’s why i
am doing.

So is any way to execute INT 2EH properly, what it require . I think
some proper information in EAX register, EDX register . But i am not
appending these register in my program .Is these register appended by
itself by tranfering the call from NtUserCreateWindow to mine function and
again from my function to NtUserCreateWindow ???How they are changed by
itself and how to stop or cause original value to register to set itself.

-Thomas

Srin_Kumar · August 7, 2003, 12:37am

Thomas,
The code would not work on all systems for example on my machine
WinXP SP1 It is
mov eax, 01157h
mov edx, esp
syscall

the system call number is different for each version of windows
definitely.

-Srin.

-----Original Message-----
From: thomas mathew [mailto:xxxxx@sify.com]
Sent: Wednesday, August 06, 2003 4:55 AM
To: Windows System Software Developers Interest List
Subject: [ntdev] Problem with int 2Eh sys call

hello,
I am calling the following function from my VC++ Code instead of
_NtUserCreateWindowEx@52 using _asm function.
But it crashes.Is i need to check any register values. From int 2EH it
goes to some other invalid instruction.

mov eax,114Dh
lea edx,[esp+4]
int 2Eh

-Thomas

Sify Mail - now with Anti-virus protection powered by Trend Micro,
USA.
Know more at http://mail.sify.com

Sify Power mail- a Premium Service from Sify Mail!
know more at http://mail.sify.com

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@nai.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Maxim_S_Shatskih · August 9, 2003, 3:55am

> I am calling the following function from my VC++ Code instead of

_NtUserCreateWindowEx@52 using _asm function.

Why is user32!CreateWindowEx bad?

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com