Getting free resource under Windows 95

Monday Feb 8th 1999 by Sergey Karyshev

Getting free resource under Windows 95

How to call 16-bit dll API from 32-bit application.

Windows 95 secret finally revealed.

One of the most frequently asked question about Windows95 is "How does Windows Explorer get the amount of system resources available?"

The Microsoft documentation states that the GetFreeSystemResources function is discontinued for Win32. Win32 documentation also says that system resources are virtually unlimited now. However Windows Explorer Help About dialog shows that it is not correct (at least for Windows95). I haven't tested this on Windows98 as of yet and and I believe that the documentation is correct with regards to WindowsNT. However, for Windows95, they documentation is definitely in error.

The 16-bit module USER.EXE still exists in Windows95 and 16-bit applications can get retrieve the desired resource information using the 16-bit GetFreeSystemResources function. So, the question is, Why can't Explorer (or any 32-bit application) also make this call?

The code snippet below demonstrates how to invoke a function exported from a 16-bit DLL from a 32-bit application. Please note that the GetK32ProcAddress function was provided courtesy of Andrew Schulman's "Unauthorized Windows 95 Update". For the more curious among you, here are the links to the header and implentation files for that function.

(Since k32exp.c is included as a separate module, I'm guessing that it is protected by copyright.)

WORD GetFreeSystemResources(WORD type)
 //Decarations  "c" style
 typedef HINSTANCE (WINAPI* LOADLIB16)(char*);
 LOADLIB16 pLoadLib16;
 GETPROC16 pGetProc16;
 FREELIB16 pFreeLib16;
 DWORD pGetRes;
 WORD user_fsr;
 WORD _type;
 HMODULE hKernel;

 //Usuall Windows API calls
 hKernel = GetModuleHandle("KERNEL32");
 QT_Thunk = GetProcAddress(hKernel, "QT_Thunk");

 //Andrew Schulman's 
 pLoadLib16 = (LOADLIB16) GetK32ProcAddress(LOADLIBRARY16_ORD);
 pGetProc16 = (GETPROC16) GetK32ProcAddress(GETPROCADDRESS16_ORD);
 pFreeLib16 = (FREELIB16) GetK32ProcAddress(FREELIBRARY16_ORD);

 //Usuall for "c"-style calls - by pointer to function 
 hInst = (*pLoadLib16)("user");
 pGetRes = (*pGetProc16)(hInst,"GetFreeSystemResources");

 //How to call 16-bit dll API from 32-bit .exe using QT_Thunk function
 _type = type;
 if (pGetRes)
  push    _type
  mov     edx, [pGetRes] 
  call    QT_Thunk 
  mov     [user_fsr], ax
 return user_fsr;
The demo project included in this article is a console application that retrieves the free system resources for Windows 95. Simply build it and run it from the command line.

How do you know that the Windows95 Explorer uses the 16-bit USER.EXE to get free system resources? Just ask your buddy hacker to make GetFreeSystemResources in USER.EXE return zero and examine what Windows Explorer shows for free resources!. In my USER.EXE version 4.00.950, GetFreeSystemResources starts at the 0x444FF byte offset.

Download demo project - 5 in KB KB

Date Last Updated: February 8, 1999

Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved