I am studying possibilities for writing subsystem.
Why to write subsystem:
need fixed prebasing as described here http://www.nynaeve.net/?p=198
want to have set of system calls
What are some other reasons to write subsystem?
It has these possible parts:
API dll loaded to every exe with appropriate subsystem optional header field - like ntdll.dll kernel32.dll and user32.dll
registration exe which registers subsystem number - to fill in the registry entries
driver - for system calls
Subsystem looks like it can be of 2 types:
1. register server dll to csrss.exe like basesrv.dll consrv.dll winsrv.dll
2. run server exe which uses csrsrv.dll like psxss.exe
To which extent will server exe need to call csrss.exe?
When should I use which approach?
Did I miss something, what I need to do to have working subsystem or can do to make better subsystem?
Writing subsystem for NT
Moderator: Moderator Team
Re: Writing subsystem for NT
Hi lopidas!
psxss.exe (the Posix subsystem) is a subsystem of its own, like csrss.exe, and doesn't use csrsrv.dll at all (I've checked that on Windows 2000). There's also os2ss.exe (the OS/2 subsystem).
To make subsystems, you need to interface yourself with smss.exe, the Subsystem Manager. In csrss.exe, this is done by some calls in the CsrServerInitialization function that csrss calls in csrsrv.dll. Basically you open a LPC communication channel with smss .
It's a bit more complicated: {csrss.exe + csrsrv.dll} + its server dlls basesrv.dll, winsrv.dll is the Windows subsystem. Also, the (hardcoded) number of server dlls csrss can support is limited to a maximum number of four (see: http://git.reactos.org/?p=reactos.git&a ... ER_DLL_MAX ), at least on Windows Server 2003.lopidas wrote:Subsystem looks like it can be of 2 types:
1. register server dll to csrss.exe like basesrv.dll consrv.dll winsrv.dll
2. run server exe which uses csrsrv.dll like psxss.exe
To which extent will server exe need to call csrss.exe?
When should I use which approach?
Did I miss something, what I need to do to have working subsystem or can do to make better subsystem?
psxss.exe (the Posix subsystem) is a subsystem of its own, like csrss.exe, and doesn't use csrsrv.dll at all (I've checked that on Windows 2000). There's also os2ss.exe (the OS/2 subsystem).
To make subsystems, you need to interface yourself with smss.exe, the Subsystem Manager. In csrss.exe, this is done by some calls in the CsrServerInitialization function that csrss calls in csrsrv.dll. Basically you open a LPC communication channel with smss .
Re: Writing subsystem for NT
so that means i need to have these:
API dll loaded to every exe with appropriate subsystem optional header field - like ntdll.dll kernel32.dll and user32.dll
registration exe which registers subsystem number - to fill in the registry entries
driver - for system calls
and exe server which interfaces with smss.
How is the subsystem field handled in Posix subsystem?
Does it set driver notification, can i do it without driver notification?
API dll loaded to every exe with appropriate subsystem optional header field - like ntdll.dll kernel32.dll and user32.dll
registration exe which registers subsystem number - to fill in the registry entries
driver - for system calls
and exe server which interfaces with smss.
How is the subsystem field handled in Posix subsystem?
Does it set driver notification, can i do it without driver notification?
Re: Writing subsystem for NT
You mean, the /SUBSYSTEM: flag that sets correctly the subsystem field in the PE image?lopidas wrote:API dll loaded to every exe with appropriate subsystem optional header field - like ntdll.dll kernel32.dll and user32.dll
I don't understand this point.lopidas wrote:registration exe which registers subsystem number - to fill in the registry entries
It's up to you.lopidas wrote:driver - for system calls
Yes. See how it is done in csrss.lopidas wrote:and exe server which interfaces with smss.
It's done by smss.lopidas wrote:How is the subsystem field handled in Posix subsystem?
It's up to you (if the driver accompanying your subsystem needs to know when some app initializes with your subsystem, then you may need to send it a notification).lopidas wrote:Does it set driver notification, can i do it without driver notification?
Re: Writing subsystem for NT
Hello,
I am writing it and I hit one thing:
who (server or driver) and how should it load API dll to process at the fixed base.
If both approaches are possible, which is simpler?
I am writing it and I hit one thing:
who (server or driver) and how should it load API dll to process at the fixed base.
If both approaches are possible, which is simpler?
Re: Writing subsystem for NT
I think I found it. If it is mapped at one place from beginning it will try to be automatically mapped at the same place. So if I loaded it in my library at that address in my subsys process it will try to load it there. It looks like that kernel32 and user32 have it hardcoded there.
Edit: Stripping relocations looks like having the same effect.
Edit: Stripping relocations looks like having the same effect.
Who is online
Users browsing this forum: No registered users and 22 guests