No. On NT, kernel ABI isn't defined by the syscalls but NTDLL. Win32 and all other APIs are wrappers on top of NTDLL, not syscalls. Syscalls are how NTDLL implements kernel calls behind the scenes, it's an implementation detail. Original point of the thread was about Win32, UWP and other APIs that build a new layer on top of NTDLL.
So now you're talking about the ntdll.dll ABI instead of the kernel ABI. ntdll.dll is not the kernel.
NTDLL is NT’s kernel ABI, not syscalls. Nothing on Windows uses syscalls to call the kernel.
NTDLL isn’t some higher level library. It’s just a series of entry points into NT kernel.
Yes, the fact that functions in NTDLL issue a syscall instruction is a platform-specific implementation detail.
...isn't that the point of this entire subthread? The kernel itself doesn't provide the stable ABI, userland code that the binary links to does.
No. On NT, kernel ABI isn't defined by the syscalls but NTDLL. Win32 and all other APIs are wrappers on top of NTDLL, not syscalls. Syscalls are how NTDLL implements kernel calls behind the scenes, it's an implementation detail. Original point of the thread was about Win32, UWP and other APIs that build a new layer on top of NTDLL.
I argue that NT doesn't break its kernel ABI.
NTDLL APIs are very stable[0] and you can even compile and run x86 programs targeting NT 3.1 Build 340[1] which will still work on win11.
[0] as long as you don't use APIs they decided to add and remove in a very short period (longer read: https://virtuallyfun.com/2009/09/28/microsoft-fortran-powers...)
[1] https://github.com/roytam1/ntldd/releases/tag/v250831
macOS and iOS too — syscalls aren’t stable at all, you’re expected to link through shared library interfaces.
> No
...and you go on to not disagree with me at all? Why comment then?