> NT system calls use the same syscall numbering as recent Windows, to support applications that hardcode syscall numbers.

Other than antivirus software and maybe MAYBE kernel-level "anticheat" slop - who in their right mind does straight syscalls to the kernel?

▲

StrauXX 3 hours ago | parent | next [-]

Some programming language compilers generate asm that does call systemcalls directly. Go for example.

	▲	teraflop 3 hours ago \| parent [-]
		Go does hardcode system call numbers on Linux, but it doesn't on Windows. Instead it follows the normal Windows convention of calling the userspace wrappers from kernel32.dll and similar libraries. https://cs.opensource.google/go/go/+/refs/tags/go1.25.6:src/... Unlike on Linux, the low-level syscall numbers on the NT kernel are highly unstable across releases, so programs that try to call them directly will generally only work on a very specific kernel version.

▲

userbinator an hour ago | parent | prev | next [-]

Does it matter? The closer they get to being indistinguishable from Windows, the better.

	▲	mschuster91 9 minutes ago \| parent [-]
		The problem is, Windows syscalls change around a lot. Keeping up with that is Sisyphean.

▲

tux3 3 hours ago | parent | prev | next [-]

Userland DRMs do all sort of nonsense. Kernel anticheats wouldn't use the syscalls, they're already able to call the kernel routines they want directly.

▲

kachapopopow 2 hours ago | parent | prev | next [-]

anti tamper, drm, library call obfuscation and they all do it wrong, really wrong.

▲

3 hours ago | parent | prev [-]

[deleted]