NT Native API was (Re: Question about WINE and adding the "low-level"
CD access APIs...)
Jonathan Wilson
jonwil at tpgi.com.au
Tue Jul 15 05:00:11 CDT 2003
> Hmm, I'm confused. ntdll exists in kernel space too? I guess I always
> imagined the internals of the kernel would have its own symbol fixup
> system, without DLLs. But perhaps not.
Well basicly, the userland versions of these exported functions load a
"system call number" into eax, load a pointer to the parameters into eax
and then call an INT 2E. This call maps down to something in the kernel
which uses the "system call number" as an index into a lookup table.
See http://www.sysinternals.com/ntw2k/info/ntdll.shtml for the gory details
> IIRC the kernel functions use a particular naming scheme. I forget
> exactly what it is, but IoCompleteRequest and IofCompleteRequest are not
> the same, but one is a variant of the other - much like FooA and FooW
> are in userland Win32.
ok, I didnt know that :)
> Yeah, but is it any simpler than just reverse engineering and cloning
> the driver? Drivers aren't needed all that often.
1.implementing these APIs and using the SafeDisk .sys file makes it more
likely that things will just "work" if a new version of SafeDisk comes out.
(plus, as more things get implemented, more drivers will just "work")
and 2.more imporantly, implementing this stuff (as opposed to cloning
secdrv.sys) is a lot less likely to cause the SafeDisk people to sue WINE
under the DMCA (in fact, a clone of an older version of secdrv.sys was
created but not added because of this DMCA fear)
More information about the wine-devel
mailing list