Recently, due to my thesis, I had to chance to look closely at Windows Operating System, especially how a process will be created, managed, terminated, and so on. If you are programming on a higher abstraction level, maybe you did not care about how some methods such as exit() work on the OS level.
In the operating system, there is mainly so-called two space which is User and Kernel space. To interact with the kernel you need to use some system call method/well-known syscalls. Let’s see how programming leverage appears: From Top to bottom.
Here is an simple c++ program that invoke exit() function:
- Step: Application Layer
This is the application layer where you developed any arbitrary application with C++.
If we compile and execute this program, it will dive one level deeper after language runtime, to Win32 API which Microsoft Windows API an application interface written in C. Our simple main function will invoke via exit(42) function which implemented in iostream where the inherit the exit from stdlib.h.
2. Step: Win32 API Layer
Going one more layer deeper. How it will looks if we implement via Native API:
#include <windows.h>int main()
As you see we include windows.h header to access API function directly.
3. Step: NativeWindows API
we can implement our sample program for native API as:
auto self = GetCurrentProcess();
4. Step: Layer on C level
extern “C” NTSTATUS NTAPI
IN NTSTATUS ExitStatus); //32 bit
5. Layer assembly layer
mov eax,2Ch //eax is 32 register
PS: will be completed soon.