Getting free resource under Windows 95

How to call 16-bit dll API from 32-bit application.

Windows 95 secret finally revealed.

One of the most frequently asked question about Windows95 is
“How does Windows Explorer get the amount of system resources available?”

The Microsoft documentation states that the GetFreeSystemResources function
is discontinued for Win32. Win32 documentation also says that system resources
are virtually unlimited now. However Windows Explorer Help About dialog
shows that it is not correct (at least for Windows95). I haven’t tested this
on Windows98 as of yet and and I believe that the documentation is correct with
regards to WindowsNT. However, for Windows95, they documentation is definitely
in error.

The 16-bit module USER.EXE still exists in Windows95 and 16-bit applications
can get retrieve the desired resource information using the 16-bit
GetFreeSystemResources function. So, the question is, Why can’t Explorer (or any 32-bit
application) also make this call?

The code snippet below demonstrates how to invoke a function exported from a 16-bit
DLL from a 32-bit application. Please note that the GetK32ProcAddress function was
provided courtesy of Andrew Schulman’s “Unauthorized Windows 95 Update”. For the more
curious among you, here are the links to the header and implentation files for that
function.


http://ftp.uni-mannheim.de/info/OReilly/windows/win95.update/k32exp.c


http://ftp.uni-mannheim.de/info/OReilly/windows/win95.update/k32exp.h

(Since k32exp.c is included as a separate module, I’m guessing that it is protected
by copyright.)


WORD GetFreeSystemResources(WORD type)
{
//Decarations “c” style
typedef HINSTANCE (WINAPI* LOADLIB16)(char*);
typedef LONG (WINAPI* GETPROC16)(HINSTANCE, LPCSTR);
typedef BOOL (WINAPI* FREELIB16)(HINSTANCE);
FARPROC QT_Thunk;

LOADLIB16 pLoadLib16;
GETPROC16 pGetProc16;
FREELIB16 pFreeLib16;
HINSTANCE hInst;
DWORD pGetRes;
WORD user_fsr;
WORD _type;
HMODULE hKernel;

//Usuall Windows API calls
hKernel = GetModuleHandle(“KERNEL32”);
QT_Thunk = GetProcAddress(hKernel, “QT_Thunk”);

//Andrew Schulman’s
pLoadLib16 = (LOADLIB16) GetK32ProcAddress(LOADLIBRARY16_ORD);
pGetProc16 = (GETPROC16) GetK32ProcAddress(GETPROCADDRESS16_ORD);
pFreeLib16 = (FREELIB16) GetK32ProcAddress(FREELIBRARY16_ORD);

//Usuall for “c”-style calls – by pointer to function
hInst = (*pLoadLib16)(“user”);
(*pFreeLib16)(hInst);
pGetRes = (*pGetProc16)(hInst,”GetFreeSystemResources”);

//How to call 16-bit dll API from 32-bit .exe using QT_Thunk function
_type = type;
if (pGetRes)
_asm
{
push _type
mov edx, [pGetRes]
call QT_Thunk
mov [user_fsr], ax
}
return user_fsr;
}

The demo project included in this article is a console application
that retrieves the free system resources for Windows 95. Simply build it
and run it from the command line.

How do you know that the Windows95 Explorer uses the 16-bit USER.EXE to
get free system resources? Just ask your buddy hacker to make
GetFreeSystemResources in USER.EXE return zero and examine what Windows
Explorer shows for free resources!. In my USER.EXE version 4.00.950,
GetFreeSystemResources starts at the 0x444FF byte offset.

Download demo project – 5 in KB KB

Date Last Updated: February 8, 1999

More by Author

Must Read