I read somewhere that there are many subsystems in windows(any version) like win32 subsystem POSIX subsystem etc.To support all of these potential subsystems, Microsoft made unified set of APIs which are called wrappers of each subsystem. In short, all subsystems have all the needed libraries for them to work. For example Win32 apps call the Win32 Subsystem APIs, which in fact call NT APIs (native APIs, or just natives). Natives don't require any subsystem to run.

Now since natives don't require any subsystem to run are they same as interrupts or do they use interrupts.And what are system calls.Please differentiate between the terms syscalls, interrupts, native api and dll wrappers.
Posted on 2007-10-23 14:11:13 by shakuni
AFAIK, Win32 subsystem translates calls to native subsystem calls, and these call interrupts
Posted on 2007-10-23 14:22:29 by vid
Acutally "syscall" is a ambiguous term. Some people use it as "System Call" which refers anything(call gates, interrupts, etc...) make a request to kernel.
In fact, there is instruction is called "SYSCALL" and it's a very fast way to make request to kernel. (For example, win2k uses int2Eh, but winxp uses SYSCALL)
Posted on 2007-10-23 15:00:14 by Dite
I can't remember where I read about this, but it seems that the idea of subsystems is quickly being deprecated by Microsoft. The Win32 Subsystem reigns supreme.

As for "native interrupts", Windows NT has the INT 0x2E kernel interface. It works similar in design to Linux's INT 0x80 interface, except that in Windows the function name to number correlation can change at will. Your standard library files, such as Kernel32.dll, encapsulate those call numbers for whatever major system release (or service pack) you are running on. That is pretty much why you can't copy Kernel32.dll from across NT/XP/etc... else you invoke the anger of Mr. BSOD (I never tried doing it, but a BSOD sounds appropriate :P )
Posted on 2007-10-23 16:55:18 by SpooK
I hope not a BSOD, it would speak too bad of Windows, so much protections and by just calling a system call in a wrong way will BSOD the system? I think that such things died on Win9x and if happens in NT then a patch should be provided since that by the design a user-mode app can't trigger BSODs (but can stimulate bugged kernel-mode binaries to trigger a BSOD).
Posted on 2007-10-23 17:22:11 by LocoDelAssembly
Win32 subsystem ends up calling the native API, which in turn does the syscall (either with int whatever or, on >=XP with recent processor the SYSCALL instruction).

Wrong libraries shouldn't result in BSOD, but "strange things might happen" - basically, applications would break. Btw, people have been writing "fuzzers" to check random syscall/parameter combinations to try and get BSODs...
Posted on 2007-10-24 06:26:07 by f0dder