Techly NewsGet the app

Get the latest tech news

Retrowin32: Redoing Syscalls


This post is part of a series on retrowin32. The "Windows emulator" half of retrowin32 is an implementation of the Windows API, which means it provides implementations of functions exposed by Windows.

An executable I was trying to get to run was calling LoadLibrary() and was attempting to traverse the various DLL file headers found at that pointer. It makes me think of a mini-rant I heard Rob Pike give about dynamic linking (it was clearly a canned speech for him, surely a pet peeve) and how much Go just attempts to not do it. Then, at link time, the linker sees that it actually needs this call to resolve to an IAT reference, and so it generates this extra bit of code containing the jmp(which ghidra labels a "thunk").

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Retrowin32

Retrowin32

Photo of Redoing Syscalls

Redoing Syscalls

« This is how much iPhone storage Apple Intelligence will require
Dumped orange peel transformed a barren pasture (2017) »