No such system call

[hellomike]

Hi all,

Probably more a Microsoft issue but maybe someone from the forum knows as well.

Why is the system call "RtlMoveMemory" accepted but not the system call "RtlCopyMemory"?

I.e.

Code: Select all

      DIM M% 99, N% 99
      SYS "RtlMoveMemory", M%, N%, 100
      PRINT "Move done."

      SYS "RtlCopyMemory", M%, N%, 100
      PRINT "Copy done."
      END

gives:

Code: Select all

Move done.

No such system call
>

The documentation from MSDN is pretty similar.

Thanks

Mike

[DDRM]

Hi Mike,

I suspect it may be because they are in different MS libraries (=DLLs?). BBB4W loads certain libraries, and their routines can be called by name, but otherwise you need to load them and find the names yourself. Have a look at the section in the manual called "accessing the windows API", in the intro section. If that doesn't help you to an answer, come back, and I'll have a go, in the absence of Richard, who would be able to tell you immediately, but I'm in a marking crisis at the moment...

Best wishes,

D

[hellomike]

Hi,

Thanks for the answer.
The requirements section in the MS documentation between

https://docs.microsoft.com/en-us/window ... movememory

and

https://docs.microsoft.com/en-us/window ... copymemory

are slightly different. Maybe it has to do with User Mode vs Kernel Mode or something.

I'm not knowledgeable enough to figure it out.
SYS "RtlMoveMemory" works perfectly so it isn't a showstopper by far. I was just wondering.

Hope you solve the marking crisis soon.

Regards,

Mike

[DDRM]

Hi Mike,

It's in the nature of deadlines that they pass...

I've had a quick play, but I can't make it work, either. I tried loading NtDLL, which succeeds (it returns an address), but then when I search with GetProcAddress it doesn't find RtlCopyMemory (returns a 0 address). I checked that it can load RtlMoveMemory, and that works fine (and does the right thing).

Best wishes,

D

Code: Select all

      DIM dest% 99, source% 99
      !source%=&4030201
      source%!4=&8070605

      FOR x%=0 TO 8
        PRINT dest%?x%,source%?x%
      NEXT x%

      SYS "RtlMoveMemory", dest%, source%, 100
      PRINT "Move done."

      FOR x%=0 TO 8
        PRINT dest%?x%,source%?x%
      NEXT x%

      SYS "LoadLibrary", "NtDll.DLL" TO ntl_dll%
      PRINT ~ntl_dll%
      SYS "GetProcAddress", ntl_dll%, "RtlMoveMemory" TO mmove%
      PRINT "mmove%: ", mmove%
      SYS "GetProcAddress", ntl_dll%, "RtlCopyMemory" TO mcop%
      PRINT "mcop%: ",mcop%
      END

[hellomike]

Hi,

Yes that's a good test as well illustrating that "RtlCopyMemory" isn't in the same DLL as "RtlMoveMemory".

Oh well. I'll stick to using SYS "RtlMoveMemory" which works just fine AND protects careless programmers when area's overlap.

Cheers,

Mike

[Zaphod]

I was intrigued by this and did a bit of digging and "RtlCopyMemory" does not exist as a system call only as a macro nowadays. It was removed by Microsoft because it was deemed unsafe sometime around 2009. The place holder in the dll exists as people found but the call isn't in the recent dll's.
It is listed here.
It was not that it was inherently unsafe but that it was too often misused and that presented security issues.

Z

[hellomike]

Hi Z,

That's an awesome find! Microsofts considerations to ban such functions are understandable but not their failing to clearly mention this in the documentation for these functions.

Cheers,

Mike