Expand description
§windows-syscall: Windows syscalls for Rust
The syscall! macro provides a type-safe way to invoke a Windows system service.
§Available Features
| Feature | Description |
|---|---|
windows-syscall-typesafe (default) | The macro attempts calling the provided function in a dead branch, ensuring type-safety (enabled by default). |
windows-syscall-use-linked | The macro directly invokes the provided function instead of performing an inline syscall. This is only useful for testing/debugging and is equivalent to directly calling the function. |
§Example
#![feature(asm_const, maybe_uninit_uninit_array, maybe_uninit_array_assume_init)]
use phnt::ffi::{NTSTATUS, HANDLE, NtClose, NtTestAlert}; // = "0.0.25"
use windows_syscall::syscall;
fn main() {
const INVALID_HANDLE: HANDLE = core::ptr::null_mut();
assert!(syscall!(NtClose(INVALID_HANDLE)).is_err());
assert!(syscall!(NtTestAlert()).is_ok());
}§Platform Support
| Arch | |
|---|---|
| x86_64 (64-bit) | ✅ Yes |
| x86 (32-bit) | ❌ No (on request) |
| AArch64 | ❌ No (on request) |
This crate only implements calls to ntoskrnl services, if you require win32k services or an additional architecture please create an issue and let me know!
crate version: 0.0.x aka work-in-progress.
Macros§
Constants§
- PROLOGUE_
BYTES 4c 8b d1 mov r10, rcx
b8 _ _ _ _ mov eax, {sysno}- STACK_
ALLOC 32 bytesmsabi: shadow stack space
8 bytesisa: return address- SYSCALL_
BYTES 0f 05 syscall