int 2eh 方式调用Native api

Posted on

小技巧。但是用的人好像不多。例子: Windows 2000 下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
NtQuerySystemInformationNo = 0x97;

_declspec(naked)
NTSTATUS __stdcall PrivateNtQuerySystemInformation
    (IN     SYSTEM_INFORMATION_CLASS,
    IN OUT PVOID,
    IN     ULONG,
    OUT    PULONG OPTIONAL)
{

    _asm {
        mov eax, NtQuerySystemInformationNo
        lea edx, [esp+4]
        int 2Eh
        ret 10h
    }

}