These unprecedable Windows 2000 core function calls (Windows NT 4.0 can also be called)
Intel 80386 (i386) The above CPU, no transplantability, may be the reason why Microsoft does not disclose these calls.
These calls typically begin with KE386 or KEI386, partial calls are quite useful, and the author only analyzes a part of the call.
Function prototype, then analyze the remaining calls later.
1, Ke386SetioAccessmap
Function prototype: Void Ke386SetioAccessMap (int, IOPM *);
Export symbol: _Ke386setioAccessmap @ 8
2, Ke386QueryioAccessMap
Function prototype: Void Ke386QueryioAccessMap (int, IOPM *);
Export symbol: _Ke386QueryioAccessmap @ 8
3, Ke386ioseetAccessProcess
Function prototype: Void Ke386ioseetAccessProcess (peprocess, int);
Export symbol: _Ke386ioseetaccessProcess @ 8
The above three calls allow NT / 2000 like Windows 95/98 in Ring 3 freely through the In / OUT instruction.
Hardware I / O, the specific use method The author will be described in subsequent articles.
4, ke386callbios
Function prototype: unknown
Export symbol: _Ke386callbios @ 8
Call function: May be BIOS function call
5, Kei386SETGDTSELECTOR
Function prototype: NTSTATUS Ke386SETGDTSELECTOR (in Ulong Sels, In PVOID DESC);
Export symbol: _KEi386seTGDTSELECTOR @ 8
Call function: Set a global descriptor
6, kei386releaselid
Function prototype: unknown
Export symbol: _Kei386Releaselid @ 8
Calling function: unknown
7, Kei386ReleaseGdtselectors
Function prototype: NTSTATUS Kei386ReleaseGDTSELECTORS (Out Pushort SelaRay,
INT Numofselectors;
Export symbol: _Kei386ReleaseGDTSELECTORS @ 8
Calling function: release a global descriptor
8, Kei386MachineType
Function prototype: unknown
Export symbol: _KEi386machineType
Calling function: May be the type of computer (CPU)
9, Kei386Getlid
Function prototype: unknown
Export symbol: _KEi386Getlid @ 20
Calling function: unknown
10, kei386flattogdtselector
Function prototype: unknown
Export symbol: _KEI386FLATTOGDTSELECTOR @ 12
Calling function: may be related to memory address transformation
11, Kei386Call16bitFunction
Function prototype: unknown
Export symbol: _KEi386call16bitfunction @ 4
Calling function: May be related to calling 16-bit code
12, Kei386Call16bitcStylefunction
Function prototype: unknown
引 出 符: _KEI386Call16bitcStylefunction @ 16 call function: May be related to the 16-bit code
13, Kei386allocategdtselectors
Function prototype: ntstatus kei386allocategdtselectors (Out Pushort Selarray,
INT Numofselectors;
Export symbol: _Kei386allocategdtselectors @ 8
Calling function: Assign a global descriptor
This feature is functioning with the Kei386SETGDTSELECTOR function, and the Kei386ReleaseGdtSelectors function can be used.
Modify GDT, which can define your own call doors, enter the real NT Ring 0 layer, so you can directly modify GDT,
IDT, LDT, directly accessing all memory and all hardware, and is extremely powerful.
14, Kei386abioscall
Function prototype: unknown
Terminal symbol: _KEi386abioscall @ 16
Call function: May be related to the BIOS function call
15, Kii386Spinonlock
Function prototype: unknown
Export symbol: kii386spinonspinlock @ 8
Calling function: unknown
16, kei386eoihelper
Function prototype: unknown
Terminal symbol: kei386eoihelper @ 0
Call function: may be related to interrupt processing
