vwin32 and win32 service table

[ajron]

Does anybody know if win32 service table in this vxd differ in different (95/9x/me) windows version? I woud like to hook some service by "ordinal" but I saw in icedump sources this code:

FindVWIN32Win32APIs:
push ecx
mov eax,[VWIN32.W32ServiceTable]
mov ecx,[eax] ; W32 API count
sub ecx,byte 4
add eax,byte 4 ; walk the parameter count list
.next:
add eax,byte 8
cmp [eax],byte 2
loopnz .next
jnz @F
cmp [eax+8],byte 2
jnz .next
cmp [eax+8+8],byte 5
jnz .next
cmp [eax+8+8+8],byte 5
jnz .next
sub eax,[VWIN32.W32ServiceTable]
shr eax,3
mov [VWIN32.W32_SetThreadContext],eax
dec eax
mov [VWIN32.W32_GetThreadContext],eax
...

This code search services by specific parameters numbers sequence instead of simple get by ordinal. So?

[gabri3l]

There is some information here on the compuware site hxxp://frontline.compuware.com/nashua/kb/doc/1322.asp

Just a little bit of advice, calling a function by an ordinal can get very messy. A simple udate can move ordinal 1 to ordinal 2 and cause you a big headache. Also some compilers (borland compiler last time i used it) will not let you import a function using an ordinal.

[ajron]

I know that calling by ordinal isn't the good idea, but win32_service_table in vwin32.vxd isn't exported by name (it isn't generally exported). But it's not a problem in a vxd world, where all calls are done by ordinal . I'm not afraid of updates, because win 95/9x/me is no longer supported, but I must know if my vxd will be specific only to my computer. Maybe must I use a trick like icedump to avoid problem on others windows?