Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
derefr 15 hours ago

Kind of funny to realize, the NT kernel ABI isn’t even all that stable itself; it is just wrapped in a set of very stable userland exposures (Win32, UWP, etc.), and it’s those exposures that Windows executables are relying on. A theoretical Windows PE binary that was 100% statically linked (and so directly contained NT syscalls) wouldn’t be at-all portable between different Windows versions.

Linux with glibc is the complete opposite; there really does exist old Linux software that static-links in everything down to libc, just interacting with the kernel through syscalls—and it does (almost always) still work to run such software on a modern Linux, even when the software is 10-20 years old.

I guess this is why Linux containers are such a thing: you’re taking a dynamically-linked Linux binary and pinning it to a particular entire userland, such that when you run the old software, it calls into the old glibc. Containers work, because they ultimately ground out in the same set of stable kernel ABI calls.

(Which, now that I think of it, makes me wonder how exactly Windows containers work. I’m guessing each one brings its own NTOSKRNL, that gets spun up under HyperV if the host kernel ABI doesn’t match the guest?)

easton 13 hours ago | parent | next [-]

IIRC, Windows containers require that the container be built with a base image that matches the host for it to work at all (like, the exact build of Windows has to match). Guessing that’s how they get a ‘stable ABI’.

…actually, looks like it’s a bit looser these days. Version matrix incoming: https://learn.microsoft.com/en-us/virtualization/windowscont...

my123 11 hours ago | parent [-]

The ABI was stabilised for backwards compatibility since Windows Server 2022, but is not stable for earlier releases.

senfiaj 15 hours ago | parent | prev | next [-]

> Kind of funny to realize, the NT kernel ABI isn’t even all that stable itself

This is not a big problem if it's hard/unlikely enough to write a code that accidentally relies on raw syscalls. At least MS's dev tooling doesn't provide an easy way to bypass the standard DLLs.

> makes me wonder how exactly Windows containers work

I guess containers do the syscalls through the standard Windows DLLs like any regular userspace application. If it's a Linux container on Windows, probably the WSL syscalls, which I guess, are stable.

sedatk 12 hours ago | parent | prev | next [-]

> NT kernel ABI isn’t even all that stable itself

Can you give an example where a breaking change was introduced in NT kernel ABI?

andrewf 9 hours ago | parent | next [-]

https://j00ru.vexillium.org/syscalls/nt/64/

(One example: hit "Show" on the table header for Win11, then use the form at the top of the page to highlight syscall 8c)

sedatk 8 hours ago | parent [-]

Changes in syscall numbers aren't necessarily breaking changes as you're supposed to use ntdll.dll to call kernel, not direct syscalls.

LeFantome 3 hours ago | parent | next [-]

That was his point exactly.

sedatk 2 hours ago | parent [-]

Nope. https://news.ycombinator.com/item?id=46440942

6 hours ago | parent | prev [-]
[deleted]
mrpippy 9 hours ago | parent | prev [-]

The syscall numbers change with every release: https://j00ru.vexillium.org/syscalls/nt/64/

sedatk 8 hours ago | parent [-]

Syscall numbers shouldn't be a problem if you link against ntdll.dll.

immibis an hour ago | parent | next [-]

So now you're talking about the ntdll.dll ABI instead of the kernel ABI. ntdll.dll is not the kernel.

MangoToupe 8 hours ago | parent | prev [-]

...isn't that the point of this entire subthread? The kernel itself doesn't provide the stable ABI, userland code that the binary links to does.

sedatk 7 hours ago | parent [-]

No. On NT, kernel ABI isn't defined by the syscalls but NTDLL. Win32 and all other APIs are wrappers on top of NTDLL, not syscalls. Syscalls are how NTDLL implements kernel calls behind the scenes, it's an implementation detail. Original point of the thread was about Win32, UWP and other APIs that build a new layer on top of NTDLL.

I argue that NT doesn't break its kernel ABI.

roytam87 3 hours ago | parent | next [-]

NTDLL APIs are very stable[0] and you can even compile and run x86 programs targeting NT 3.1 Build 340[1] which will still work on win11.

[0] as long as you don't use APIs they decided to add and remove in a very short period (longer read: https://virtuallyfun.com/2009/09/28/microsoft-fortran-powers...)

[1] https://github.com/roytam1/ntldd/releases/tag/v250831

KerrAvon 7 hours ago | parent | prev [-]

macOS and iOS too — syscalls aren’t stable at all, you’re expected to link through shared library interfaces.

dist-epoch 13 hours ago | parent | prev | next [-]

Apparently there are 3 kinds of Windows containers, one using HyperV, and the others sharing the kernel (like Linux containers)

https://thomasvanlaere.com/posts/2021/06/exploring-windows-c...

Zardoz84 15 hours ago | parent | prev [-]

Docker on windows isn't simply a glorified virtual machine running a Linux. aka Linux subsystem v2