Page 348 - DCAP103_Principle of operating system
P. 348

Unit 11: Operating System Structure



                                                                                                  Notes
                   Figure 11.7: Various Routes Taken to Implement Win32 API Function Calls




























            In some cases, the DLL calls another DLL (ntdll.dll) that actually traps to the operating system.
            This path is shown as steps 2a and 3a in Figure 11.7. It is also possible that the DLL does all
            the work itself without making a system call at all. For other Win32 API calls, a different route
            is taken, namely, first a message is sent to the Win32 subsystem process (csrss.exe), which then
            does some work and then makes a system call (steps 2b, 3b, and 4b). Here, too, in some cases
            the environment subsystem does all the work in user space and just returns immediately. The
            message passing between the application process and the Win32 subsystem process has been
            carefully optimized for performance using a special local procedure call mechanism implemented
            by the executive and shown as LPC in Figure 11.1.

            In  the  first  version  of  Windows  NT,  virtually  all  the  Win32  API  calls  took  route  2b,  3b,  4b,
            putting a large chunk of the operating system in user space (e.g., the graphics). However, starting
            with NT 4.0, most of the codes were put into kernel mode (in the Win32/GDI driver in Figure
            11.1) for performance reasons. In Windows 2000, only a small number of Win32 API calls (for
            example process and thread creation) take the long route. The other ones take the direct route,
            by passing the Win32 environment subsystem.

            The three most important DLLs are shown in Figure 11.7, but they are not the only the ones.
            There are over 800 separate DLLs in the \winnt\system32 directory to talling 130 MB. To avoid
            any confusion, the number of DLL files are over 800; the number of API calls contained in them
            exceeds 13,000. (The 29 million lines of code had to compile into something, after all.) A few of
            the more important DLLs are listed in Figure 11.8. The number of exported functions (i.e., those
            visible outside the file) in each one is given, but these tend to change (meaning increase) over
            time. The number of exported functions in the first public release of ntdll.dll in Windows 2000
            is 1179. These are the real system calls. The 1209 calls exported by ntoskrnl.exe are the functions
            available to device drivers and other code linked with the kernel. The list of exported functions
            in any .exe or .dll file can be viewed using the depends program in the platform SDK Kit.







                                             LOVELY PROFESSIONAL UNIVERSITY                                   341
   343   344   345   346   347   348   349   350   351   352   353