No. On NT, kernel ABI isn't defined by the syscalls but NTDLL. Win32 and all other APIs are wrappers on top of NTDLL, not syscalls. Syscalls are how NTDLL implements kernel calls behind the scenes, it's an implementation detail. Original point of the thread was about Win32, UWP and other APIs that build a new layer on top of NTDLL.
Syscall numbers shouldn't be a problem if you link against ntdll.dll.
So now you're talking about the ntdll.dll ABI instead of the kernel ABI. ntdll.dll is not the kernel.
NTDLL is NT’s kernel ABI, not syscalls. Nothing on Windows uses syscalls to call the kernel.
NTDLL isn’t some higher level library. It’s just a series of entry points into NT kernel.
1 reply →
...isn't that the point of this entire subthread? The kernel itself doesn't provide the stable ABI, userland code that the binary links to does.
No. On NT, kernel ABI isn't defined by the syscalls but NTDLL. Win32 and all other APIs are wrappers on top of NTDLL, not syscalls. Syscalls are how NTDLL implements kernel calls behind the scenes, it's an implementation detail. Original point of the thread was about Win32, UWP and other APIs that build a new layer on top of NTDLL.
I argue that NT doesn't break its kernel ABI.
2 replies →