Hacker News new | ask | show | jobs
by pjmlp 2187 days ago
Only UNIX based OSes use libc as part of the stable interface, which on UNIXes case actually means ISO C + POSIX.

On non-POSIX OSes like NT and plenty of others, libc is part of whatever compiler one decides to use and as such not part of any OS interface as such.

On NT the stable OS APIs are provided via the OS personalities, meaning OS/2 (dead now), the old POSIX one (also dead and replaced by WSL), and Win32 (actually User, Kernel, GDI as the main ones), which as of Windows 8 and MinWin refactoring is split into redirection dlls know as API sets, https://docs.microsoft.com/en-us/windows/win32/apiindex/wind....

Which is why on code that never intends to be portable, you will see calls like ZeroMemory instead of memset.
2 comments
anaisbetts 2187 days ago
Yep, ntdll is the bottom of the stack. Raw syscall numbers are not guaranteed across Windows versions and in fact, can be changed by as something as small as a security update. They end up being generated automatically at build time, so there's no guarantee of any kind of stability.
link
yjftsjthsd-h 2187 days ago
Oh, interesting; I'd assumed that NT was just using libc as its stable ABI, but on further reading it looks more like ntdll.dll (probably just for that personality?). Similar concept, slightly different place. Still, my point was that under the "Windows" personalities, you talk to a library, never directly to the kernel.

EDIT: Found https://web.archive.org/web/20121224002314/http://netcode.cz... which if I'm reading right indicates that ntdll is indeed the bottom-layer library that's allowed to actually talk to the kernel.

link
pjmlp 2187 days ago
Yes, ntdll is the lowest level, but you aren't supposed to use it directly, and if you do, well no one is going to help when a patch Tuesday or something like that breaks the application.

The personality DLLs are the applications entry point with the kernel.

link
monocasa 2187 days ago
Most of ntdll.dll is officially sanctioned at this point. It's officially documented, and obviously plays into the backwards compat choices they make.
link
pjmlp 2186 days ago
Not really, Windows Internals always refers to the few public ones as "take care when relying on this", very few entries do exist on MSDN or Technet, and those that do exist are mostly tailored for device drivers scenarios.
link
ChrisSD 2187 days ago
Sort of. Many NT functions are officially documented. But they're also officially documented as unstable. They probably won't break many of the oldest functions but they reserve the right to do so at some point.
link