From: vikrant_sapre@yahoo.com
Sent: Sunday, August 26, 2001 9:54 PM
To: NT Developers Interest List
Subject: [ntdev] Re: System-call numbers needed

Hi,

You can get the system call nos. for the requeired functions by inspecting 
the disassembly of ntdll.dll. You can use the dumpbin.exe for this purpose. 
First get the address of the system call you wish to hook by inspecting the 
exported system calls list. (Use dumpbin ntdll.dll /exports command.) Once 
you get the address, then get the disassembly of ntdll.dll by using the 
"dumpbin ntddl.dll /disasm" command. Then go to the address of the sys. 
call in the assembly code by adding the base address of ntdll.dll in the 
offset address of the syscall. There you will see the code of the system 
call. The number that is moved in the EAX register is what you need.

Regards.

---
You are currently subscribed to ntdev as: GlennEverhart@FirstUSA.com
To unsubscribe send a blank email to leave-ntdev-247T@lists.osr.com