Comment by derefr
1 day ago
Kind of funny to realize, the NT kernel ABI isn’t even all that stable itself; it is just wrapped in a set of very stable userland exposures (Win32, UWP, etc.), and it’s those exposures that Windows executables are relying on. A theoretical Windows PE binary that was 100% statically linked (and so directly contained NT syscalls) wouldn’t be at-all portable between different Windows versions.
Linux with glibc is the complete opposite; there really does exist old Linux software that static-links in everything down to libc, just interacting with the kernel through syscalls—and it does (almost always) still work to run such software on a modern Linux, even when the software is 10-20 years old.
I guess this is why Linux containers are such a thing: you’re taking a dynamically-linked Linux binary and pinning it to a particular entire userland, such that when you run the old software, it calls into the old glibc. Containers work, because they ultimately ground out in the same set of stable kernel ABI calls.
(Which, now that I think of it, makes me wonder how exactly Windows containers work. I’m guessing each one brings its own NTOSKRNL, that gets spun up under HyperV if the host kernel ABI doesn’t match the guest?)
IIRC, Windows containers require that the container be built with a base image that matches the host for it to work at all (like, the exact build of Windows has to match). Guessing that’s how they get a ‘stable ABI’.
…actually, looks like it’s a bit looser these days. Version matrix incoming: https://learn.microsoft.com/en-us/virtualization/windowscont...
The ABI was stabilised for backwards compatibility since Windows Server 2022, but is not stable for earlier releases.
> Kind of funny to realize, the NT kernel ABI isn’t even all that stable itself
This is not a big problem if it's hard/unlikely enough to write a code that accidentally relies on raw syscalls. At least MS's dev tooling doesn't provide an easy way to bypass the standard DLLs.
> makes me wonder how exactly Windows containers work
I guess containers do the syscalls through the standard Windows DLLs like any regular userspace application. If it's a Linux container on Windows, probably the WSL syscalls, which I guess, are stable.
> NT kernel ABI isn’t even all that stable itself
Can you give an example where a breaking change was introduced in NT kernel ABI?
https://j00ru.vexillium.org/syscalls/nt/64/
(One example: hit "Show" on the table header for Win11, then use the form at the top of the page to highlight syscall 8c)
Changes in syscall numbers aren't necessarily breaking changes as you're supposed to use ntdll.dll to call kernel, not direct syscalls.
4 replies →
The syscall numbers change with every release: https://j00ru.vexillium.org/syscalls/nt/64/
Syscall numbers shouldn't be a problem if you link against ntdll.dll.
7 replies →
Apparently there are 3 kinds of Windows containers, one using HyperV, and the others sharing the kernel (like Linux containers)
https://thomasvanlaere.com/posts/2021/06/exploring-windows-c...
Docker on windows isn't simply a glorified virtual machine running a Linux. aka Linux subsystem v2