Magus Ex Machina – a product of a 48h codejam

(Collaborative post by Gynvael Coldwind and Mateusz “j00ru” Jurczyk)

Five weeks ago, we have taken part in a fancy game-development competition aka Google GameJam 48h. As the name implies, the contest lasted for precisely two days; unfortunately, we were proven to lack supernatural powers and had to spend some of the precious time sleeping :-) The theme of the event was “Magic versus Science”, and in our case, those two days of hardcore coding resulted in a 2D logic game called Magus Ex Machina. In the end, four teams in total managed to create and present games with actual gameplay; interestingly, we were the only ones making use of a native technology (i.e. OpenGL + SDL + a few other minor libraries), as the other competitors decided to go for pure browser (html + css + javascript) productions. Although we didn’t get the first place, we believe that the game is still fun to play, and thus worth sharing with a larger audience :-)

Read more

Refreshed Windows System Call Table (NT/2000/XP/2003/Vista/2008/7/8) released

Long time no see, huh? :-)

TL;DR: I created and released a complete Windows NT-family syscall table. See the bottom of the post for a link.

For the last couple of years, the Metasploit project (gritz skape!) has been hosting a table of the core Windows kernel services, also known as system calls (originally available at http://dev.metasploit.com/users/opcode/syscalls.html). In its final version, the table included information regarding Windows NT (all recent service packs), 2000 (all service packs), XP (up to SP2), 2003 (up to SP1) and Vista (up to SP0). As years passed, new operating system editions were being released by Microsoft, while existing ones had new Service Packs made available for them. Consequently, due to lack of active maintainance, the project has became partially outdated, and eventually disappeared from the metasploit domain around four weeks ago.

Today, I would like to present a table based on the same concept (well, even the layout doesn’t differ too much), but supplemented with information about the originally missing Windows versions, including Windows 8 Developer Preview available since less than two months. The table contains a list of every Windows kernel service found at any point in the history of Windows NT-family, together with the syscall id for all OS editions it was present on. Unfortunately, it lacks the corresponding syscall handlers’ definitions; that’s simply because most of the NTAPI interface is not publicly documented by Microsoft. As such, the project has a primarily informative purpose – you can observe how the Windows native api has evolved through all these years, what kind of functionality might have been introduced in new system versions and which parts were removed, and so on. I believe you can also use it to pick an interesting Windows internals research subject, if you feel like performing one :-)

The most recent version of the table can be found here: https://j00ru.vexillium.org/syscalls/nt/32/

Read more