hello-i386-nt.s - devel/hello-world - Rivoreo Source Code Repositories


 # Copyright 2017-2026 Rivoreo

 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to
 # deal in the Software without restriction, including without limitation the
 # rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
 # sell copies of the Software, and to permit persons to whom the Software is
 # furnished to do so, subject to the following conditions:

 # The above copyright notice and this permission notice shall be included in
 # all copies or substantial portions of the Software.

 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 # COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
 # WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
 # IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 # SOFTWARE.


 # To build for NT 5.0 kernel:
 # as --defsym SYS_NtQueryInformationProcess=134 --defsym SYS_NtWriteFile=237 --defsym SYS_NtDisplayString=57 --defsym SYS_NtTerminateProcess=224 hello-i386-nt.s -o hello-i386-nt.o
 # ld -m i386pe --strip-all --no-insert-timestamp --entry _NtProcessStartup hello-i386-nt.o -o hello-i386-nt


 # NT 3.5 kernel
 #	.set	SYS_NtQueryInformationProcess, 98
 #	.set	SYS_NtWriteFile, 184
 #	.set	SYS_NtDisplayString, 41
 #	.set	SYS_NtTerminateProcess, 170
 #	.set	SYS_NtTerminateThread, 171
 # NT 3.51 kernel
 #	.set	SYS_NtQueryInformationProcess, 103
 #	.set	SYS_NtWriteFile, 192
 #	.set	SYS_NtDisplayString, 43
 #	.set	SYS_NtTerminateProcess, 178
 #	.set	SYS_NtTerminateThread, 179
 # NT 5.0 kernel
 #	.set	SYS_NtQueryInformationProcess, 134
 #	.set	SYS_NtWriteFile, 237
 #	.set	SYS_NtDisplayString, 57
 #	.set	SYS_NtTerminateProcess, 224
 #	.set	SYS_NtTerminateThread, 225
 # NT 5.1 kernel
 #	.set	SYS_NtQueryInformationProcess, 154
 #	.set	SYS_NtWriteFile, 274
 #	.set	SYS_NtDisplayString, 67
 #	.set	SYS_NtTerminateProcess, 257
 #	.set	SYS_NtTerminateThread, 258
 # NT 5.2 kernel
 #	.set	SYS_NtQueryInformationProcess, 161
 #	.set	SYS_NtWriteFile, 284
 #	.set	SYS_NtDisplayString, 70
 #	.set	SYS_NtTerminateProcess, 266
 #	.set	SYS_NtTerminateThread, 267
 # NT 6.0.6000 kernel
 #	.set	SYS_NtQueryInformationProcess, 228
 #	.set	SYS_NtWriteFile, 359
 #	.set	SYS_NtDisplayString, 128
 #	.set	SYS_NtTerminateProcess, 338
 #	.set	SYS_NtTerminateThread, 339
 # NT 6.0.6001 kernel
 #	.set	SYS_NtQueryInformationProcess, 228
 #	.set	SYS_NtWriteFile, 355
 #	.set	SYS_NtDisplayString, 128
 #	.set	SYS_NtTerminateProcess, 334
 #	.set	SYS_NtTerminateThread, 335
 # NT 6.1 kernel
 #	.set	SYS_NtQueryInformationProcess, 234
 #	.set	SYS_NtWriteFile, 396
 #	.set	SYS_NtDisplayString, 109
 #	.set	SYS_NtTerminateProcess, 370
 #	.set	SYS_NtTerminateThread, 371
 # NT 6.2 kernel
 #	.set	SYS_NtQueryInformationProcess, 176
 #	.set	SYS_NtWriteFile, 5
 #	.set	SYS_NtDisplayString, 305
 #	.set	SYS_NtTerminateProcess, 35
 #	.set	SYS_NtTerminateThread, 34
 # NT 6.3 kernel
 #	.set	SYS_NtQueryInformationProcess, 179
 #	.set	SYS_NtWriteFile, 6
 #	.set	SYS_NtDisplayString, 309
 #	.set	SYS_NtTerminateProcess, 35
 #	.set	SYS_NtTerminateThread, 34

 	.section	.rodata
 	.align	0

 helloworld:
 	.ascii	"Hello world\n"

 helloworld_w:
 	.ascii	"H\0e\0l\0l\0o\0 \0w\0o\0r\0l\0d\0\n\0\0"

 helloworld_nt_string:
 	.short	24
 	.short	26
 	.long	helloworld_w

 	.text

 	.global	_NtProcessStartup
 _NtProcessStartup:
 	leal	-20-24(%esp), %eax
 	pushl	$0
 	pushl	$24
 	pushl	%eax
 	pushl	$0
 	pushl	$-1
 	movl	$SYS_NtQueryInformationProcess, %eax
 	movl	%esp, %edx
 	int	$0x2e
 	movl	-20(%esp), %eax		# PebBaseAddress
 	addl	$20, %esp
 	movl	16(%eax), %eax		# ProcessParameters
 	movl	28(%eax), %eax		# StandardOutput
 	testl	%eax, %eax
 	jle	skip_to_display_string
 	leal	-36-8(%esp), %edx
 	pushl	$0
 	pushl	$0
 	pushl	$12
 	pushl	$helloworld
 	pushl	%edx
 	pushl	$0
 	pushl	$0
 	pushl	$0
 	pushl	%eax
 	movl	$SYS_NtWriteFile, %eax
 	movl	%esp, %edx
 	int	$0x2e
 	addl	$36, %esp
 skip_to_display_string:
 	pushl	$helloworld_nt_string
 	movl	$SYS_NtDisplayString, %eax
 	movl	%esp, %edx
 	int	$0x2e
 	addl	$4, %esp
 	pushl	$0
 	pushl	$-1
 	movl	$SYS_NtTerminateProcess, %eax
 	movl	%esp, %edx
 	int	$0x2e

	# Copyright 2017-2026 Rivoreo

	# Permission is hereby granted, free of charge, to any person obtaining a copy
	# of this software and associated documentation files (the "Software"), to
	# deal in the Software without restriction, including without limitation the
	# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
	# sell copies of the Software, and to permit persons to whom the Software is
	# furnished to do so, subject to the following conditions:

	# The above copyright notice and this permission notice shall be included in
	# all copies or substantial portions of the Software.

	# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
	# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
	# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
	# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
	# IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
	# SOFTWARE.


	# To build for NT 5.0 kernel:
	# as --defsym SYS_NtQueryInformationProcess=134 --defsym SYS_NtWriteFile=237 --defsym SYS_NtDisplayString=57 --defsym SYS_NtTerminateProcess=224 hello-i386-nt.s -o hello-i386-nt.o
	# ld -m i386pe --strip-all --no-insert-timestamp --entry _NtProcessStartup hello-i386-nt.o -o hello-i386-nt


	# NT 3.5 kernel
	# .set SYS_NtQueryInformationProcess, 98
	# .set SYS_NtWriteFile, 184
	# .set SYS_NtDisplayString, 41
	# .set SYS_NtTerminateProcess, 170
	# .set SYS_NtTerminateThread, 171
	# NT 3.51 kernel
	# .set SYS_NtQueryInformationProcess, 103
	# .set SYS_NtWriteFile, 192
	# .set SYS_NtDisplayString, 43
	# .set SYS_NtTerminateProcess, 178
	# .set SYS_NtTerminateThread, 179
	# NT 5.0 kernel
	# .set SYS_NtQueryInformationProcess, 134
	# .set SYS_NtWriteFile, 237
	# .set SYS_NtDisplayString, 57
	# .set SYS_NtTerminateProcess, 224
	# .set SYS_NtTerminateThread, 225
	# NT 5.1 kernel
	# .set SYS_NtQueryInformationProcess, 154
	# .set SYS_NtWriteFile, 274
	# .set SYS_NtDisplayString, 67
	# .set SYS_NtTerminateProcess, 257
	# .set SYS_NtTerminateThread, 258
	# NT 5.2 kernel
	# .set SYS_NtQueryInformationProcess, 161
	# .set SYS_NtWriteFile, 284
	# .set SYS_NtDisplayString, 70
	# .set SYS_NtTerminateProcess, 266
	# .set SYS_NtTerminateThread, 267
	# NT 6.0.6000 kernel
	# .set SYS_NtQueryInformationProcess, 228
	# .set SYS_NtWriteFile, 359
	# .set SYS_NtDisplayString, 128
	# .set SYS_NtTerminateProcess, 338
	# .set SYS_NtTerminateThread, 339
	# NT 6.0.6001 kernel
	# .set SYS_NtQueryInformationProcess, 228
	# .set SYS_NtWriteFile, 355
	# .set SYS_NtDisplayString, 128
	# .set SYS_NtTerminateProcess, 334
	# .set SYS_NtTerminateThread, 335
	# NT 6.1 kernel
	# .set SYS_NtQueryInformationProcess, 234
	# .set SYS_NtWriteFile, 396
	# .set SYS_NtDisplayString, 109
	# .set SYS_NtTerminateProcess, 370
	# .set SYS_NtTerminateThread, 371
	# NT 6.2 kernel
	# .set SYS_NtQueryInformationProcess, 176
	# .set SYS_NtWriteFile, 5
	# .set SYS_NtDisplayString, 305
	# .set SYS_NtTerminateProcess, 35
	# .set SYS_NtTerminateThread, 34
	# NT 6.3 kernel
	# .set SYS_NtQueryInformationProcess, 179
	# .set SYS_NtWriteFile, 6
	# .set SYS_NtDisplayString, 309
	# .set SYS_NtTerminateProcess, 35
	# .set SYS_NtTerminateThread, 34

	.section .rodata
	.align 0

	helloworld:
	.ascii "Hello world\n"

	helloworld_w:
	.ascii "H\0e\0l\0l\0o\0 \0w\0o\0r\0l\0d\0\n\0\0"

	helloworld_nt_string:
	.short 24
	.short 26
	.long helloworld_w

	.text

	.global _NtProcessStartup
	_NtProcessStartup:
	leal -20-24(%esp), %eax
	pushl $0
	pushl $24
	pushl %eax
	pushl $0
	pushl $-1
	movl $SYS_NtQueryInformationProcess, %eax
	movl %esp, %edx
	int $0x2e
	movl -20(%esp), %eax # PebBaseAddress
	addl $20, %esp
	movl 16(%eax), %eax # ProcessParameters
	movl 28(%eax), %eax # StandardOutput
	testl %eax, %eax
	jle skip_to_display_string
	leal -36-8(%esp), %edx
	pushl $0
	pushl $0
	pushl $12
	pushl $helloworld
	pushl %edx
	pushl $0
	pushl $0
	pushl $0
	pushl %eax
	movl $SYS_NtWriteFile, %eax
	movl %esp, %edx
	int $0x2e
	addl $36, %esp
	skip_to_display_string:
	pushl $helloworld_nt_string
	movl $SYS_NtDisplayString, %eax
	movl %esp, %edx
	int $0x2e
	addl $4, %esp
	pushl $0
	pushl $-1
	movl $SYS_NtTerminateProcess, %eax
	movl %esp, %edx
	int $0x2e