System Calls (Windows CE 5.0)
A system call is a function that resides in another process and that the kernel, Nk.exe, is notified about. The kernel then calls the proper server process to handle the system call.
Every system call causes an exception that is caught by the kernel. When a process calls a system call, it calls into a wrapper function for that system call that is defined in Coredll.dll. That function prepares the function's parameters for the kernel and causes a software exception to occur. The exception can be an undefined address exception or a CPU trap.
The kernel then handles this exception and determines the correct destination process to send the function call request to or which .exe file can fulfill the request. The process that owns the function executes it using the same stack and register values that the original thread contains in the calling process. Because the function call exists in another process, the existence of that process must be verified in order to successfully execute the system call.
During the whole process, the user mode thread is the same thread that executes in the process space for the system .exe file. As a thread migrates, its access rights change to reflect the process in which it is operating.
The overhead of a system call can be measured with the measurement tool OSBench.exe.
See Also
Determining if an API is Ready | Kernel Overview | GetCurrentProcessId | GetCallerProcess | GetOwnerProcess
Send Feedback on this topic to the authors