Is there an official stance on whether ntdll is stable? Obviously they're not going to change things arbitrarily since applications depend on it, but I'm wondering if there is a guarantee like the linux syscall interface or how you can run a win32 application compiled in 2004 on Win11.

▲

monocasa 2 hours ago | parent [-]

It's partially stable.

Basically any thing documented on msdn in the API docs is considered stable.

Such as: https://learn.microsoft.com/en-us/windows/win32/api/winternl...

	▲	delta_p_delta_x 2 hours ago \| parent \| next [-]
		Indeed. Anything documented has a function wrapper. `NtCreateFile` is a function wrapper for the syscall number, so any user-mode code that has `NtCreateFile` instead of directly loading the syscall number 0x55 will be stable. The latter might not. In fact, it is not; the number has increased by 3 since Windows XP[1]. One could probably produce some sort of function pointer loader library with these tables, but at that point... Why not just use the documented APIs? [1]: https://github.com/j00ru/windows-syscalls/blob/8a6806ac91486...
	▲	cmovq 2 hours ago \| parent \| prev [-]
		Interesting, some functions explicitly mention: > [NtQuerySystemTime may be altered or unavailable in future versions of Windows. Applications should use the GetSystemTimeAsFileTime function.] [0] So it does seem like a bad idea for a standard library. [0]: https://learn.microsoft.com/en-us/windows/win32/api/winternl...