From Top to Bottom on Windows NT

Recently, due to my thesis, I had to chance to look closely at Windows Operating System, especially how a process will be created, managed, terminated, and so on. If you are programming on a higher abstraction level, maybe you did not care about how some methods such as exit() work on the OS level.

In the operating system, there is mainly so-called two space which is User and Kernel space. To interact with the kernel you need to use some system call method/well-known syscalls. Let’s see how programming leverage appears: From Top to bottom.

Roger Orr accu 2019

Here is an simple c++ program that invoke exit() function:

  1. Step: Application Layer

This is the application layer where you developed any arbitrary application with C++.

#include<iostream>int main()

If we compile and execute this program, it will dive one level deeper after language runtime, to Win32 API which Microsoft Windows API an application interface written in C. Our simple main function will invoke via exit(42) function which implemented in iostream where the inherit the exit from stdlib.h.

2. Step: Win32 API Layer

Going one more layer deeper. How it will looks if we implement via Native API:

#include <windows.h>int main()

As you see we include windows.h header to access API function directly.

3. Step: NativeWindows API

we can implement our sample program for native API as:

#include <windows.h>
int main()
auto self = GetCurrentProcess();
TerminateProcess(self, 42);

4. Step: Layer on C level

IN NTSTATUS ExitStatus); //32 bit

5. Layer assembly layer

mov r10,rcx
mov eax,2Ch //eax is 32 register

PS: will be completed soon.

Computer Science And DevOps things :)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store