Windows API/System Calls

Discussions on more advanced topics such as monolithic vs micro-kernels, transactional memory models, and paging vs segmentation should go here. Use this forum to expand and improve the wiki!
Post Reply
User avatar
BMW
Member
Member
Posts: 286
Joined: Mon Nov 05, 2012 8:31 pm
Location: New Zealand

Windows API/System Calls

Post by BMW »

Hi all,

I was wondering how windows system calls work.

Say if I make a windows application, and make a system call through the Windows API such as OpenProcess(...). Would the OpenProcess API function just make a system call, e.g. through an interrupt, or how does it work?
Currently developing Lithium OS (LiOS).

Recursive paging saves lives.
"I want to change the world, but they won't give me the source code."
User avatar
iansjack
Member
Member
Posts: 4703
Joined: Sat Mar 31, 2012 3:07 am
Location: Chichester, UK

Re: Windows API/System Calls

Post by iansjack »

As on Linux, system calls in Windows are implemented via an interrupt routine (32-bit) or the syscall instruction (64-bit). Unlike Linux, you should never, never make a direct call to a Windows system call. The numbers change with different versions of the OS, so it would be a nightmare trying to ensure the correct call. Use the .dlls; that's what they are there for.
Gigasoft
Member
Member
Posts: 856
Joined: Sat Nov 21, 2009 5:11 pm

Re: Windows API/System Calls

Post by Gigasoft »

System calls are exported from ntdll.dll. These are autogenerated stubs that place a function number in EAX followed by an int 2eh or sysenter instruction. The system looks up the correct number of parameters in a table and copies them to the system stack before executing the requested function.
User avatar
qw
Member
Member
Posts: 792
Joined: Mon Jan 26, 2009 2:48 am

Re: Windows API/System Calls

Post by qw »

See Windows Internals page 132 and further.
User avatar
BMW
Member
Member
Posts: 286
Joined: Mon Nov 05, 2012 8:31 pm
Location: New Zealand

Re: Windows API/System Calls

Post by BMW »

Thanks for the helpful replies.

So if I understand correctly, all the windows API functions that are included via header files such as <Windows.h> are just stubs that generate an interrupt or syscall, then the kernel does the functions work?
Currently developing Lithium OS (LiOS).

Recursive paging saves lives.
"I want to change the world, but they won't give me the source code."
User avatar
sortie
Member
Member
Posts: 931
Joined: Wed Mar 21, 2012 3:01 pm
Libera.chat IRC: sortie

Re: Windows API/System Calls

Post by sortie »

Dude, what? No, that's not true. The Windows API is a layer implemented in various DLLs that is built upon the actual (undocumented) real kernel API. Don't underestimate the amount of stuff that happens between a call to the Windows API and the kernel, if the kernel is even called at all. But yes, programs do communicate with the kernel through system calls, but a lot of stuff is between you and the raw system calls.

Contrast this with Unix systems where most libc system call functions are but a thin layer upon the a system call with the same semantics, unless you hit a compatibility layer in the C library that emulates such system calls on kernel that doesn't have them.
chickendinner
Posts: 11
Joined: Thu Aug 01, 2013 9:47 am

Re: Windows API/System Calls

Post by chickendinner »

BMW wrote:Thanks for the helpful replies.

So if I understand correctly, all the windows API functions that are included via header files such as <Windows.h> are just stubs that generate an interrupt or syscall, then the kernel does the functions work?
Yes. Bear in mind some calls are executed competely or partially inside the dll as they don't need to perform a system call, if execution inside the kernel isn't actually required.

Also note that you should not use these system call interfaces directly. the DLL's for each version of Windows may use a different syscall interface with differing arguments and vectors. So while most of them probably stay the same across a few versions, your code may break if its ever changed. The only reason for accessing them directly would be perhaps to write teeny tiny programs for competitions or fun where standards compliance is not a factor.

Linux works in a similar way. They support the POSIX standard however (Strictly speaking it's actually a superset of it, that does have quirks) so a lot of the vectors and arguments are standardized and kept the same. So if you wanted to write small binaries for a particular architecture on linux you could micro-optimize the overhead of calling the stub code away (The compiler mostly does this anyway, but you could remove redundant error checking you've already done yourself .etc) inside hot loops with a lesser impact on the portability of your program.
Post Reply