Remix.run Logo
cmovq 2 hours ago

Is there an official stance on whether ntdll is stable? Obviously they're not going to change things arbitrarily since applications depend on it, but I'm wondering if there is a guarantee like the linux syscall interface or how you can run a win32 application compiled in 2004 on Win11.

monocasa 2 hours ago | parent [-]

It's partially stable.

Basically any thing documented on msdn in the API docs is considered stable.

Such as: https://learn.microsoft.com/en-us/windows/win32/api/winternl...

delta_p_delta_x 2 hours ago | parent | next [-]

Indeed. Anything documented has a function wrapper. `NtCreateFile` is a function wrapper for the syscall number, so any user-mode code that has `NtCreateFile` instead of directly loading the syscall number 0x55 will be stable. The latter might not. In fact, it is not; the number has increased by 3 since Windows XP[1].

One could probably produce some sort of function pointer loader library with these tables, but at that point... Why not just use the documented APIs?

[1]: https://github.com/j00ru/windows-syscalls/blob/8a6806ac91486...

cmovq 2 hours ago | parent | prev [-]

Interesting, some functions explicitly mention:

> [NtQuerySystemTime may be altered or unavailable in future versions of Windows. Applications should use the GetSystemTimeAsFileTime function.] [0]

So it does seem like a bad idea for a standard library.

[0]: https://learn.microsoft.com/en-us/windows/win32/api/winternl...