mingw usage?

[phra]

hello,

i am trying to use the library with https://github.com/tpoechtrager/wclang in order to compile a PE from linux. i have tried with both clang-6 and clang-8 but i always get the following error:

$ ./x86_64-w64-mingw32-clang++ -Wall --pedantic hello.cpp -o hello.exe
In file included from hello.cpp:8:
In file included from ./inline_syscall/include/in_memory_init.hpp:20:
In file included from ./inline_syscall/include/inline_syscall.hpp:103:
./inline_syscall/include/inline_syscall.inl:61:28: warning: inline variables are a C++17 extension [-Wc++17-extensions]
                "_sysc")]] inline static JM_INLINE_SYSCALL_ENTRY_TYPE entry{ Hash };
                           ^
hello.cpp:18:24: error: implicit instantiation of undefined template 'jm::syscall_function<long long (*)()>'
    NTSTATUS status  = INLINE_SYSCALL(NtAllocateVirtualMemory)((HANDLE)-1, &allocation, 0, &size, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
                       ^
./inline_syscall/include/inline_syscall.hpp:26:5: note: expanded from macro 'INLINE_SYSCALL'
    INLINE_SYSCALL_MANUAL(               \
    ^
./inline_syscall/include/inline_syscall.hpp:44:5: note: expanded from macro 'INLINE_SYSCALL_MANUAL'
    ::jm::syscall_function<decltype(function_pointer)> { syscall_id }
    ^
./inline_syscall/include/inline_syscall.hpp:55:11: note: template is declared here
    class syscall_function;
          ^
1 warning and 1 error generated.

The source code of hello.cpp is the following:

#include <winternl.h>
#include <ntstatus.h>
#include <windows.h>
#include <iostream>

// This header contains the initialization function.
// If you already initialized, inline_syscall.hpp contains all you need.
#include "inline_syscall/include/in_memory_init.hpp"

int main() {
    FARPROC NtAllocateVirtualMemory = GetProcAddress(GetModuleHandle("NTDLL.DLL"), "NtAllocateVirtualMemory");
    // Needs to be called once at startup before INLINE_SYSCALL is used.
    jm::init_syscalls_list();

    // Usage of the main macro INLINE_SYSCALL
    void* allocation = nullptr;
    SIZE_T size      = 0x1000;
    NTSTATUS status  = INLINE_SYSCALL(NtAllocateVirtualMemory)((HANDLE)-1, &allocation, 0, &size, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
    return 0;
}

any idea on how to fix the template error?

[JustasMasiulis]

• Try adding c++17 flag -std=c++17
• NtAllocateVirtualMemory needs to have the correct type:

  
  #include <winternl.h>
  #include <ntstatus.h>
  #include <windows.h>
  #include <iostream>

// This header contains the initialization function. // If you already initialized, inline_syscall.hpp contains all you need.

include "inline_syscall/include/in_memory_init.hpp"

// I'd recommend https://github.com/processhacker/phnt for these definitions NTSTATUS NtAllocateVirtualMemory(HANDLE ProcessHandle, PVOID *BaseAddress, ULONG_PTR ZeroBits, PSIZE_T RegionSize, ULONG AllocationType, ULONG Protect);

int main() { // Needs to be called once at startup before INLINE_SYSCALL is used. jm::init_syscalls_list();

// Usage of the main macro INLINE_SYSCALL
void* allocation = nullptr;
SIZE_T size      = 0x1000;
NTSTATUS status  = INLINE_SYSCALL(NtAllocateVirtualMemory)((HANDLE)-1, &allocation, 0, &size, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
return 0;

}

[phra]

it works, thank you @JustasMasiulis !

i have another question: is it possible to check at runtime if the syscall is available on the host operating system? eg:

if (!GetProcAddress(GetModuleHandle("NTDLL.DLL"), "NtQuerySecurityPolicy")) {
    // NtQuerySecurityPolicy is not available, os < win10
}

[JustasMasiulis]

• You can use modified version of init function (didn't test - wrote it up in the comment editor)

template<std::uint32_t Hash>
JM_INLINE_SYSCALL_FORCEINLINE bool syscall_present_impl() {
    ::jm::detail::exports_directory exports(static_cast<const char*>(::jm::detail::ntdll_base()));
    for(auto i = exports.size();; --i) {
        if(::jm::hash(exports.name(i)) == Hash)
            return true;
    }
    return false;
}
#define SYSCALL_PRESENT(syscall_name) (syscall_present_impl<::jm::hash(#syscall_name)>())

• Define syscall entry type to syscall_entry_full and check if ID is 0 (won't work for 0th syscall but eh)
• Create your own init function which does more handling.

[phra]

thanks again!