- What are system calls in Operating System?
- Types of System Calls
- Process Control
- File Management
- Device Management
- Information Maintenance
- Communication
- write()
- close()
- System Calls in Unix and Windows
- Unix System Calls
- Windows System Calls
- Call from windows operating system
- WindowProc callback function
- Syntax
- Parameters
- Return value
- Remarks
- Requirements
What are system calls in Operating System?
The interface between a process and an operating system is provided by system calls. In general, system calls are available as assembly language instructions. They are also included in the manuals used by the assembly level programmers. System calls are usually made when a process in user mode requires access to a resource. Then it requests the kernel to provide the resource via a system call.
A figure representing the execution of the system call is given as follows −
As can be seen from this diagram, the processes execute normally in the user mode until a system call interrupts this. Then the system call is executed on a priority basis in the kernel mode. After the execution of the system call, the control returns to the user mode and execution of user processes can be resumed.
In general, system calls are required in the following situations −
- If a file system requires the creation or deletion of files. Reading and writing from files also require a system call.
- Creation and management of new processes.
- Network connections also require system calls. This includes sending and receiving packets.
- Access to a hardware devices such as a printer, scanner etc. requires a system call.
Types of System Calls
There are mainly five types of system calls. These are explained in detail as follows −
Process Control
These system calls deal with processes such as process creation, process termination etc.
File Management
These system calls are responsible for file manipulation such as creating a file, reading a file, writing into a file etc.
Device Management
These system calls are responsible for device manipulation such as reading from device buffers, writing into device buffers etc.
Information Maintenance
These system calls handle information and its transfer between the operating system and the user program.
Communication
These system calls are useful for interprocess communication. They also deal with creating and deleting a communication connection.
Some of the examples of all the above types of system calls in Windows and Unix are given as follows −
| Types of System Calls | Windows | Linux |
|---|---|---|
| Process Control | CreateProcess() ExitProcess() WaitForSingleObject() | fork() exit() wait() |
| File Management | CreateFile() ReadFile() WriteFile() CloseHandle() | open() read() write() close() |
| Device Management | SetConsoleMode() ReadConsole() WriteConsole() | ioctl() read() write() |
| Information Maintenance | GetCurrentProcessID() SetTimer() Sleep() | getpid() alarm() sleep() |
| Communication | CreatePipe() CreateFileMapping() MapViewOfFile() | pipe() shmget() mmap() |
There are many different system calls as shown above. Details of some of those system calls are as follows −
The open() system call is used to provide access to a file in a file system. This system call allocates resources to the file and provides a handle that the process uses to refer to the file. A file can be opened by multiple processes at the same time or be restricted to one process. It all depends on the file organisation and file system.
The read() system call is used to access data from a file that is stored in the file system. The file to read can be identified by its file descriptor and it should be opened using open() before it can be read. In general, the read() system calls takes three arguments i.e. the file descriptor, buffer which stores read data and number of bytes to be read from the file.
write()
The write() system calls writes the data from a user buffer into a device such as a file. This system call is one of the ways to output data from a program. In general, the write system calls takes three arguments i.e. file descriptor, pointer to the buffer where data is stored and number of bytes to write from the buffer.
close()
The close() system call is used to terminate access to a file system. Using this system call means that the file is no longer required by the program and so the buffers are flushed, the file metadata is updated and the file resources are de-allocated.
System Calls in Unix and Windows
The interface between a process and an operating system is provided by system calls. In general, system calls are available as assembly language instructions. They are also included in the manuals used by the assembly level programmers.
Unix System Calls
System calls in Unix are used for file system control, process control, interprocess communication etc. Access to the Unix kernel is only available through these system calls. Generally, system calls are similar to function calls, the only difference is that they remove the control from the user process.
There are around 80 system calls in the Unix interface currently. Details about some of the important ones are given as follows —
| System Call | Description |
|---|---|
| access() | This checks if a calling process has access to the required file |
| chdir() | The chdir command changes the current directory of the system |
| chmod() | The mode of a file can be changed using this command |
| chown() | This changes the ownership of a particular file |
| kill() | This system call sends kill signal to one or more processes |
| link() | A new file name is linked to an existing file using link system call. |
| open() | This opens a file for the reading or writing process |
| pause() | The pause call suspends a file until a particular signal occurs. |
| stime() | This system call sets the correct time. |
| times() | Gets the parent and child process times |
| alarm() | The alarm system call sets the alarm clock of a process |
| fork() | A new process is created using this command |
| chroot() | This changes the root directory of a file. |
| exit() | The exit system call is used to exit a process. |
Windows System Calls
System calls in Windows are used for file system control, process control, interprocess communication, main memory management, I/O device handling, security etc. The programs interact with the Windows operating system using the system calls. Since system calls are the only way to access the kernel, all the programs requiring resources must use system calls.
Details about some of the important system calls in Windows are given as follows —
Call from windows operating system
Windows System Call Tables
The repository contains system call tables collected from all modern and most older releases of Windows, starting with Windows NT.
Both 32-bit and 64-bit builds were analyzed, and the tables were extracted from both the core kernel image ( ntoskrnl.exe ) and the graphical subsystem ( win32k.sys ).
The data is formatted in the CSV and JSON formats for programmatic use, and as an HTML table for manual inspection.
The HTML files are also hosted on my blog under the following links:
The following major versions of Windows are included in the tables:
| System | x86 versions | x64 versions |
|---|---|---|
| Windows NT | SP3 Terminal Server, SP3, SP4, SP5, SP6 | – |
| Windows 2000 | SP0, SP1, SP2, SP3, SP4 | – |
| Windows XP | SP0, SP1, SP2, SP3 | SP1, SP2 |
| Windows Server 2003 | SP0, SP1, SP2, R2, R2 SP2 | SP0, SP2, R2, R2 SP2 |
| Windows Vista | SP0, SP1, SP2 | SP0, SP1, SP2 |
| Windows Server 2008 | SP0, SP2 | SP0, SP2, R2, R2 SP1 |
| Windows 7 | SP0, SP1 | SP0, SP1 |
| Windows Server 2012 | – | SP0, R2 |
| Windows 8 | 8.0, 8.1 | 8.0, 8.1 |
| Windows 10 | 1507, 1511, 1607, 1703, 1709, 1803, 1809, 1903, 1909, 2004, 20H2 | 1507, 1511, 1607, 1703, 1709, 1803, 1809, 1903, 1909, 2004, 20H2 |
Windows Server 2016 and later are not included, as their syscall tables are equivalent to that of Windows 10:
| Windows Server version | Windows 10 release |
|---|---|
| 2016 LTSC (1607) | 1607 |
| 1709 | 1709 |
| 1803 | 1803 |
| 2019 LTSC (1809) | 1809 |
| 1903 | 1903 |
| 1909 | 1909 |
| 2004 | 2004 |
| 20H2 | 20H2 |
Historical system call counts
Below is a line chart showing the progression of Windows system call development over time. It covers all major desktop versions of Windows starting with Windows NT 4.0 released in August 1996, up to the most recent versions of Windows 10. Server editions are not included as their kernels are equivalent to their desktop counterparts. The analysis was performed on x86 builds for consistency, as this is the only CPU architecture which covers all available systems. There might be very small differences on x64 builds of the kernel or the less popular editions (e.g. Windows NT 4.0 Terminal Server), but they are insignificant for the purpose of this overview chart.
We would like to thank the following contributors to the project: Woodmann, Deus, Gynvael Coldwind, MeMek, Alex, Omega Red, Wandering Glitch.
WindowProc callback function
An application-defined function that processes messages sent to a window. The WNDPROC type defines a pointer to this callback function.
WindowProc is a placeholder for the application-defined function name.
Syntax
Parameters
hwnd [in]
Type: HWND
A handle to the window.
uMsg [in]
Type: UINT
For lists of the system-provided messages, see System-Defined Messages.
wParam [in]
Type: WPARAM
Additional message information. The contents of this parameter depend on the value of the uMsg parameter.
lParam [in]
Type: LPARAM
Additional message information. The contents of this parameter depend on the value of the uMsg parameter.
Return value
The return value is the result of the message processing and depends on the message sent.
Remarks
If your application runs on a 32-bit version of Windows operating system, uncaught exceptions from the callback will be passed onto higher-level exception handlers of your application when available. The system then calls the unhandled exception filter to handle the exception prior to terminating the process. If the PCA is enabled, it will offer to fix the problem the next time you run the application.
However, if your application runs on a 64-bit version of Windows operating system or WOW64, you should be aware that a 64-bit operating system handles uncaught exceptions differently based on its 64-bit processor architecture, exception architecture, and calling convention. The following table summarizes all possible ways that a 64-bit Windows operating system or WOW64 handles uncaught exceptions.
| Behavior type | How the system handles uncaught exceptions |
|---|---|
| 1 | The system suppresses any uncaught exceptions. |
| 2 | The system first terminates the process, and then the Program Compatibility Assistant (PCA) offers to fix it the next time you run the application. You can disable the PCA mitigation by adding a Compatibility section to the application manifest. |
| 3 | The system calls the exception filters but suppresses any uncaught exceptions when it leaves the callback scope, without invoking the associated handlers. |
The following table shows how a 64-bit version of Windows operating system or WOW64 handles uncaught exceptions. Notice that behavior type 2 only applies to the 64-bit version of the Windows 7 operating system.
| Operating System | WOW64 | 64-bit Windows |
|---|---|---|
| Windows XP | 3 | 1 |
| Windows Server 2003 | 3 | 1 |
| Windows Vista | 3 | 1 |
| Windows Vista SP1 | 1 | 1 |
| Windows 7 and later | 1 | 2 |
NoteВ В On Windows 7 with SP1 (32-bit, 64-bit or WOW64), the system calls the unhandled exception filter to handle the exception prior to terminating the process. If the PCA is enabled, it will offer to fix the problem the next time you run the application.
If you need to handle exceptions in your application, you can use structured exception handling to do so. For more information on how to use structured exception handling, see Structured Exception Handling.
Requirements
Minimum supported client
WindowsВ 2000 Professional [desktop apps only]
