No such system call

Discussions related to mouse, keyboard and Graphical User Interface
Post Reply
User avatar
hellomike
Posts: 13
Joined: Sat 09 Jun 2018, 09:47

No such system call

Post by hellomike » Sun 10 Jun 2018, 13:46

Hi all,

Probably more a Microsoft issue but maybe someone from the forum knows as well.

Why is the system call "RtlMoveMemory" accepted but not the system call "RtlCopyMemory"?

I.e.

Code: Select all

      DIM M% 99, N% 99
      SYS "RtlMoveMemory", M%, N%, 100
      PRINT "Move done."

      SYS "RtlCopyMemory", M%, N%, 100
      PRINT "Copy done."
      END
gives:

Code: Select all

Move done.

No such system call
>
The documentation from MSDN is pretty similar.

Thanks

Mike

DDRM
Administrator
Posts: 75
Joined: Mon 02 Apr 2018, 18:04

Re: No such system call

Post by DDRM » Mon 11 Jun 2018, 08:10

Hi Mike,

I suspect it may be because they are in different MS libraries (=DLLs?). BBB4W loads certain libraries, and their routines can be called by name, but otherwise you need to load them and find the names yourself. Have a look at the section in the manual called "accessing the windows API", in the intro section. If that doesn't help you to an answer, come back, and I'll have a go, in the absence of Richard, who would be able to tell you immediately, but I'm in a marking crisis at the moment...

Best wishes,

D

User avatar
hellomike
Posts: 13
Joined: Sat 09 Jun 2018, 09:47

Re: No such system call

Post by hellomike » Mon 11 Jun 2018, 20:53

Hi,

Thanks for the answer.
The requirements section in the MS documentation between

https://docs.microsoft.com/en-us/window ... movememory

and

https://docs.microsoft.com/en-us/window ... copymemory

are slightly different. Maybe it has to do with User Mode vs Kernel Mode or something.

I'm not knowledgeable enough to figure it out.
SYS "RtlMoveMemory" works perfectly so it isn't a showstopper by far. I was just wondering.

Hope you solve the marking crisis soon.

Regards,

Mike

DDRM
Administrator
Posts: 75
Joined: Mon 02 Apr 2018, 18:04

Re: No such system call

Post by DDRM » Tue 12 Jun 2018, 12:14

Hi Mike,

It's in the nature of deadlines that they pass... :-)

I've had a quick play, but I can't make it work, either. I tried loading NtDLL, which succeeds (it returns an address), but then when I search with GetProcAddress it doesn't find RtlCopyMemory (returns a 0 address). I checked that it can load RtlMoveMemory, and that works fine (and does the right thing).

Best wishes,

D

Code: Select all

      DIM dest% 99, source% 99
      !source%=&4030201
      source%!4=&8070605

      FOR x%=0 TO 8
        PRINT dest%?x%,source%?x%
      NEXT x%

      SYS "RtlMoveMemory", dest%, source%, 100
      PRINT "Move done."

      FOR x%=0 TO 8
        PRINT dest%?x%,source%?x%
      NEXT x%

      SYS "LoadLibrary", "NtDll.DLL" TO ntl_dll%
      PRINT ~ntl_dll%
      SYS "GetProcAddress", ntl_dll%, "RtlMoveMemory" TO mmove%
      PRINT "mmove%: ", mmove%
      SYS "GetProcAddress", ntl_dll%, "RtlCopyMemory" TO mcop%
      PRINT "mcop%: ",mcop%
      END

User avatar
hellomike
Posts: 13
Joined: Sat 09 Jun 2018, 09:47

Re: No such system call

Post by hellomike » Tue 12 Jun 2018, 14:20

Hi,

Yes that's a good test as well illustrating that "RtlCopyMemory" isn't in the same DLL as "RtlMoveMemory".

Oh well. I'll stick to using SYS "RtlMoveMemory" which works just fine AND protects careless programmers when area's overlap.

Cheers,

Mike

Zaphod
Posts: 39
Joined: Sat 23 Jun 2018, 15:51

Re: No such system call

Post by Zaphod » Wed 27 Jun 2018, 15:58

I was intrigued by this and did a bit of digging and "RtlCopyMemory" does not exist as a system call only as a macro nowadays. It was removed by Microsoft because it was deemed unsafe sometime around 2009. The place holder in the dll exists as people found but the call isn't in the recent dll's.
It is listed here.
It was not that it was inherently unsafe but that it was too often misused and that presented security issues.

Z

User avatar
hellomike
Posts: 13
Joined: Sat 09 Jun 2018, 09:47

Re: No such system call

Post by hellomike » Fri 29 Jun 2018, 08:14

Hi Z,

That's an awesome find! Microsofts considerations to ban such functions are understandable but not their failing to clearly mention this in the documentation for these functions.

Cheers,

Mike

Post Reply