Writing subsystem for NT

The place to bring up any design issues, or post your own creations

Moderator: Moderator Team

Post Reply
lopidas
Posts: 6
Joined: Sat Jul 06, 2013 6:36 pm

Writing subsystem for NT

Post by lopidas »

I am studying possibilities for writing subsystem.

Why to write subsystem:
need fixed prebasing as described here http://www.nynaeve.net/?p=198
want to have set of system calls

What are some other reasons to write subsystem?

It has these possible parts:
API dll loaded to every exe with appropriate subsystem optional header field - like ntdll.dll kernel32.dll and user32.dll
registration exe which registers subsystem number - to fill in the registry entries
driver - for system calls

Subsystem looks like it can be of 2 types:
1. register server dll to csrss.exe like basesrv.dll consrv.dll winsrv.dll
2. run server exe which uses csrsrv.dll like psxss.exe

To which extent will server exe need to call csrss.exe?
When should I use which approach?
Did I miss something, what I need to do to have working subsystem or can do to make better subsystem?
hbelusca
Developer
Posts: 1204
Joined: Sat Dec 26, 2009 10:36 pm
Location: Zagreb, Croatia

Re: Writing subsystem for NT

Post by hbelusca »

Hi lopidas!
lopidas wrote:Subsystem looks like it can be of 2 types:
1. register server dll to csrss.exe like basesrv.dll consrv.dll winsrv.dll
2. run server exe which uses csrsrv.dll like psxss.exe

To which extent will server exe need to call csrss.exe?
When should I use which approach?
Did I miss something, what I need to do to have working subsystem or can do to make better subsystem?
It's a bit more complicated: {csrss.exe + csrsrv.dll} + its server dlls basesrv.dll, winsrv.dll is the Windows subsystem. Also, the (hardcoded) number of server dlls csrss can support is limited to a maximum number of four (see: http://git.reactos.org/?p=reactos.git&a ... ER_DLL_MAX ), at least on Windows Server 2003.
psxss.exe (the Posix subsystem) is a subsystem of its own, like csrss.exe, and doesn't use csrsrv.dll at all (I've checked that on Windows 2000). There's also os2ss.exe (the OS/2 subsystem).

To make subsystems, you need to interface yourself with smss.exe, the Subsystem Manager. In csrss.exe, this is done by some calls in the CsrServerInitialization function that csrss calls in csrsrv.dll. Basically you open a LPC communication channel with smss .
lopidas
Posts: 6
Joined: Sat Jul 06, 2013 6:36 pm

Re: Writing subsystem for NT

Post by lopidas »

so that means i need to have these:
API dll loaded to every exe with appropriate subsystem optional header field - like ntdll.dll kernel32.dll and user32.dll
registration exe which registers subsystem number - to fill in the registry entries
driver - for system calls
and exe server which interfaces with smss.
How is the subsystem field handled in Posix subsystem?
Does it set driver notification, can i do it without driver notification?
hbelusca
Developer
Posts: 1204
Joined: Sat Dec 26, 2009 10:36 pm
Location: Zagreb, Croatia

Re: Writing subsystem for NT

Post by hbelusca »

lopidas wrote:API dll loaded to every exe with appropriate subsystem optional header field - like ntdll.dll kernel32.dll and user32.dll
You mean, the /SUBSYSTEM: flag that sets correctly the subsystem field in the PE image?
lopidas wrote:registration exe which registers subsystem number - to fill in the registry entries
I don't understand this point.
lopidas wrote:driver - for system calls
It's up to you.
lopidas wrote:and exe server which interfaces with smss.
Yes. See how it is done in csrss.
lopidas wrote:How is the subsystem field handled in Posix subsystem?
It's done by smss.
lopidas wrote:Does it set driver notification, can i do it without driver notification?
It's up to you (if the driver accompanying your subsystem needs to know when some app initializes with your subsystem, then you may need to send it a notification).
lopidas
Posts: 6
Joined: Sat Jul 06, 2013 6:36 pm

Re: Writing subsystem for NT

Post by lopidas »

Hello,
I am writing it and I hit one thing:
who (server or driver) and how should it load API dll to process at the fixed base.

If both approaches are possible, which is simpler?
lopidas
Posts: 6
Joined: Sat Jul 06, 2013 6:36 pm

Re: Writing subsystem for NT

Post by lopidas »

I think I found it. If it is mapped at one place from beginning it will try to be automatically mapped at the same place. So if I loaded it in my library at that address in my subsys process it will try to load it there. It looks like that kernel32 and user32 have it hardcoded there.

Edit: Stripping relocations looks like having the same effect.
Post Reply

Who is online

Users browsing this forum: No registered users and 17 guests