Hi, I just want to ask, I know that standart system calls in Linux are done by int instruction pointing into Interrupt Vector Table. I assume this is similiar on Windows. But, how do you call some higher-level specific system routines? Such as how do you tell Windows to create a window? I know this is handled by the code in the dll, but what actually happend at assembler-instruction level? Does the routine in dll calls software interrupt by int instruction, or is there any different approach to handle this? Thanks.
A:
Making a Win32 call to create a window is not really related to an interrupt. The client application is already linked with the .dll that provides the call which exposes the address for the linker to use. Since you are asking about the difference in calling mechanism, I'm limiting the discussion here to those Win32 calls that are available to any application as opposed to kernel-level calls or device drivers. At an assembly language level, it would be the same as any other function call since most Win32 calls are user-level calls which internally make the needed kernel calls. The linker provides the address of the Win32 function as the target for some sort of branching instruction, the specifics would depend on the compiler.
[Edit]
It looks like you are right about the interrupts and the int. vector table. CodeGuru has a good article with the OS details on how NT kernel calls work. Link:
http://www.codeguru.com/cpp/w-p/system/devicedriverdevelopment/article.php/c8035
Kelly French
2010-05-03 15:55:04
Yes, I know that dll has the needed calls inside, I wrote that. But basicly everything I ask for is: Has the dll routine for drawing a windows syscalls in form of software interrupts, or, if not, how does it tell windows kernel to make a window? Becouse as far as I know you cannot switch from the space your program is running another way than int instruction becouse of ringl evel limitaion.
B.Gen.Jack.O.Neill
2010-05-03 17:01:31
b-gen-jack-o-neill: AFAIK the kernel is not responsible for window managment.
Billy ONeal
2010-05-03 17:13:02
On newer processors, the sysenter/sysexit instructions are used instead of issuing a software interrupt with the INT instruction. The concept is the same, it's a way to switch to kernel mode. A window is not managed in the kernel though, you won't find a CreateWindow system call, instead it's built on top of numerous other system calls, including communicating with other processes - such as a window manager
nos
2010-05-03 17:44:28
Wow, finally I am closing to desired answer. So, I thought that every action that you want OS to perform is represented in one or more kernel calls. So, based of what you wrote, there is a window manager process that runs in kernel mode, which you communicate with using .dll library that hous routines that establish interprocess communication with windows manager thru kernel calls? Maybe, can you recommend me some good article about this? Thank you.
B.Gen.Jack.O.Neill
2010-05-04 14:04:15
+1
A:
The Win32 API is a layer that runs in user mode (ring 3). Windows used to also support an OS/2 and POSIX API layer but they fell into disuse and were removed. The window manager is pure user mode code, no kernel calls are involved. Only API calls that use kernel resources (CreateThread, VirtualAlloc, etc) will call into the "real" operating system (ntdll.dll) and trap into ring 0 with a software interrupt (int 0x2e).
Hans Passant
2010-05-03 18:01:34
This is not quite the whole story. Since NT4 the window manager has been in kernel model (win32k.sys) and it has a whole bunch of syscalls to call it. Even before that, it lived in CSRSS, and you had to call through the kernel to get to it (using LPC) so there was still a kernel call involved. Also, Windows hasn't used int 0x2e to get into kernel mode for a while. It depends on which architecture you're on but typically now it uses sysenter to get into kernel mode on x86.
Stewart
2010-10-26 15:04:06