ntdll.dll vs. ntoskrnl.exe
Casper Hornstrup
chorns at users.sourceforge.net
Sat Sep 14 19:29:26 CDT 2002
> -----Original Message-----
> From: wine-devel-admin at winehq.com
> [mailto:wine-devel-admin at winehq.com] On Behalf Of Jan Kratochvil
> Sent: 15. september 2002 01:52
> To: Steven Edwards
> Cc: wine-devel at winehq.com
> Subject: Re: ntdll.dll vs. ntoskrnl.exe
>
>
> Hi,
>
> On Sun, 15 Sep 2002 01:36:36 +0200, Steven Edwards wrote:
> > Jan Kratochvil wrote:
> > > What are the differences between "ntdll.dll" and "ntoskrnl.exe"?
> ...
> > If you are talking about Rtl and Zw functions I think that ntdll
> > should
> > still export the same things that ntoskrnl.exe does but
> under a differnt
> > name. What functions are you speaking of that are missing
> from ntdll but
> > are in ntoskrnl?
>
> Out of 101 functions imported from "ntoskrnl.exe" only 21 are
> found also in "ntdll.dll". Missing ones are
> IoReleaseVpbSpinLock, IoAcquireVpbSpinLock,
> KeInitializeSpinLock, MmProbeAndLockPages etc.
Those functions you mention that are missing are kernel-mode only APIs,
ie. only kernel-mode drivers use them.
>
> But I was more interested in the backround - how it is ever
> possible that Windows system at all has two basic libraries
> from one vendor with similiar function name interfaces with
> function name colliding each other?
Calling ntoskrnl.exe a "basic library" is a major understatement ;-)
Ntoskrnl.exe is _the_ core OS component. It provides OS services like
memory management, process and thread management, I/O infrastructure,
etc. Ntdll.dll is the kernel-mode/user-mode gateway between ntoskrnl.exe
and applications (ie. the syscall interface). Ntdll.dll wraps services
that are available to applications.
> OK, there is no technical
> problem as it has different namespaces but just why they did
> it?
To provide OS services to applications.
> And do behave functions in these two libraries on the
> native W32 system exactly the same?
They are the same functions. They are just accessed differently
depending
on where you call them from (kernel-mode or user-mode).
> It is described just once
> in the documentation. :-?
Most of these APIs are undocumented by MS. Most likely done to be able
to
change the APIs in future versions of Windows if needed.
>
> Regards,
> Jan Kratochvil
Casper Hornstrup
More information about the wine-devel
mailing list