System Calls
A version of this page is also available for
4/8/2010
A system call is a function that resides in another process and that the kernel, Nk.exe, is notified about. The kernel then calls the proper server process to handle the system call.
Every system call causes an exception that is caught by the kernel. When a process makes a system call, it calls into a wrapper function for that system call that is defined in Coredll.dll. That function prepares the function parameters for the kernel and causes a software exception to occur. The exception can be an undefined address exception or a CPU trap.
The kernel then handles this exception and determines the correct destination process to send the function call request to or which .exe file can fulfill the request. The process that owns the function runs it using the same stack and register values that the original thread contains in the calling process. Because the function call exists in another process, the existence of that process must be verified in order to successfully run the system call.
The same user-mode thread runs at each step in the system call, migrating from the caller process to the system call process and back. As a thread migrates, its access rights change to reflect the process in which it is operating.
The overhead of a system call can be measured with the measurement tool OSBench.exe.
See Also
Concepts
Kernel Overview
Determining if an API is Ready