Can someone tell me as to what is the parm passed in
“edx in int 2e / 80”
how does one remove the following reg entried
“HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_???”
thankx
kudrt
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
On Wednesday, March 07, 2001 2:05 PM “kudrt si” wrote:
Can someone tell me as to what is the parm passed in
“edx in int 2e / 80”
Int 2eh is the system function dispatcher; you may also see
it being referred to as KiSystemService or _KiSystemService.
The EAX register holds the system service code and EDX
holds a pointer to the arguments for that specific service:
thus, you must check what arguments are expected for
system service 80h (assuming that’s what you’re asking) and
set EDX properly.
how does one remove the following reg entried
“HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_???”
If you’re developing a “legacy” driver (e.g. a NT-like kernel-mode
driver) this key is added by Win2K each time a new service is added to
the Registry; you may not remove it by hand (using Regedit) and I’m not
sure if you may remove it calling the local Service Control Manager; I
suppose this key is harmless for testing purposes, but if you really
want
to remove it you may “trick” Regedit by «cleaning it up» (exporting all
keys
to a file, then importing them back from the file). Note that this is a
*lenghty*
process, risky (prone to cause errors) and you should NOT try this on
your
development machine (by the way, you’re not testing/installing your
driver
on the development machine, are you?!)… usual precautions (backups,
common sense, etc.) should be taken (and you should know what you’re
doing, of course).
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
P.S. - Maybe for system service 80h (terminate process, as u say)
the expected value for register EDX is the process handle?.. (See
also ZwTerminateProcess)
On Wednesday, March 07, 2001 2:05 PM “kudrt si” wrote:
Can someone tell me as to what is the parm passed in
“edx in int 2e / 80”
Int 2eh is the system function dispatcher; you may also see
it being referred to as KiSystemService or _KiSystemService.
The EAX register holds the system service code and EDX
holds a pointer to the arguments for that specific service:
thus, you must check what arguments are expected for
system service 80h (assuming that’s what you’re asking) and
set EDX properly.
how does one remove the following reg entried
“HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_???”
If you’re developing a “legacy” driver (e.g. a NT-like kernel-mode
driver) this key is added by Win2K each time a new service is added to
the Registry; you may not remove it by hand (using Regedit) and I’m not
sure if you may remove it calling the local Service Control Manager; I
suppose this key is harmless for testing purposes, but if you really
want
to remove it you may “trick” Regedit by «cleaning it up» (exporting all
keys
to a file, then importing them back from the file). Note that this is a
*lenghty*
process, risky (prone to cause errors) and you should NOT try this on
your
development machine (by the way, you’re not testing/installing your
driver
on the development machine, are you?!)… usual precautions (backups,
common sense, etc.) should be taken (and you should know what you’re
doing, of course).
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
It is not 80 as i had written y’day “edx in int 2e /
80” its “edx in int 2e / E0” for terminating process.
kudrt
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com