System Calls in Unix and Windows

The interface between a process and an operating system is provided by system calls. In general, system calls are available as assembly language instructions. They are also included in the manuals used by the assembly level programmers.

Unix System Calls

System calls in Unix are used for file system control, process control, interprocess communication etc. Access to the Unix kernel is only available through these system calls. Generally, system calls are similar to function calls, the only difference is that they remove the control from the user process.

There are around 80 system calls in the Unix interface currently. Details about some of the important ones are given as follows —

System Call	Description
access()	This checks if a calling process has access to the required file
chdir()	The chdir command changes the current directory of the system
chmod()	The mode of a file can be changed using this command
chown()	This changes the ownership of a particular file
kill()	This system call sends kill signal to one or more processes
link()	A new file name is linked to an existing file using link system call.
open()	This opens a file for the reading or writing process
pause()	The pause call suspends a file until a particular signal occurs.
stime()	This system call sets the correct time.
times()	Gets the parent and child process times
alarm()	The alarm system call sets the alarm clock of a process
fork()	A new process is created using this command
chroot()	This changes the root directory of a file.
exit()	The exit system call is used to exit a process.

Windows System Calls

System calls in Windows are used for file system control, process control, interprocess communication, main memory management, I/O device handling, security etc. The programs interact with the Windows operating system using the system calls. Since system calls are the only way to access the kernel, all the programs requiring resources must use system calls.

Details about some of the important system calls in Windows are given as follows —

What are system calls in Operating System?

The interface between a process and an operating system is provided by system calls. In general, system calls are available as assembly language instructions. They are also included in the manuals used by the assembly level programmers. System calls are usually made when a process in user mode requires access to a resource. Then it requests the kernel to provide the resource via a system call.

A figure representing the execution of the system call is given as follows −

As can be seen from this diagram, the processes execute normally in the user mode until a system call interrupts this. Then the system call is executed on a priority basis in the kernel mode. After the execution of the system call, the control returns to the user mode and execution of user processes can be resumed.

In general, system calls are required in the following situations −

• If a file system requires the creation or deletion of files. Reading and writing from files also require a system call.
• Creation and management of new processes.
• Network connections also require system calls. This includes sending and receiving packets.
• Access to a hardware devices such as a printer, scanner etc. requires a system call.

Types of System Calls

There are mainly five types of system calls. These are explained in detail as follows −

Process Control

These system calls deal with processes such as process creation, process termination etc.

File Management

These system calls are responsible for file manipulation such as creating a file, reading a file, writing into a file etc.

Device Management

These system calls are responsible for device manipulation such as reading from device buffers, writing into device buffers etc.

Information Maintenance

These system calls handle information and its transfer between the operating system and the user program.

Communication

These system calls are useful for interprocess communication. They also deal with creating and deleting a communication connection.

Some of the examples of all the above types of system calls in Windows and Unix are given as follows −

Types of System Calls	Windows	Linux
Process Control	CreateProcess() ExitProcess() WaitForSingleObject()	fork() exit() wait()
File Management	CreateFile() ReadFile() WriteFile() CloseHandle()	open() read() write() close()
Device Management	SetConsoleMode() ReadConsole() WriteConsole()	ioctl() read() write()
Information Maintenance	GetCurrentProcessID() SetTimer() Sleep()	getpid() alarm() sleep()
Communication	CreatePipe() CreateFileMapping() MapViewOfFile()	pipe() shmget() mmap()

There are many different system calls as shown above. Details of some of those system calls are as follows −

The open() system call is used to provide access to a file in a file system. This system call allocates resources to the file and provides a handle that the process uses to refer to the file. A file can be opened by multiple processes at the same time or be restricted to one process. It all depends on the file organisation and file system.

The read() system call is used to access data from a file that is stored in the file system. The file to read can be identified by its file descriptor and it should be opened using open() before it can be read. In general, the read() system calls takes three arguments i.e. the file descriptor, buffer which stores read data and number of bytes to be read from the file.

write()

The write() system calls writes the data from a user buffer into a device such as a file. This system call is one of the ways to output data from a program. In general, the write system calls takes three arguments i.e. file descriptor, pointer to the buffer where data is stored and number of bytes to write from the buffer.

close()

The close() system call is used to terminate access to a file system. Using this system call means that the file is no longer required by the program and so the buffers are flushed, the file metadata is updated and the file resources are de-allocated.

What is a system call in windows written in c?

What is a system call in windows written in c? Cannot find an explanation on what it is in Google.

That is what we are asked to do: Your assignment is to implement Windows utility named HeadTail that receives a file name and an integer N as its parameters, and output to the console (standard output) N first lines of the file followed by N last lines reversed.

2 Answers 2

In computing, a system call is how a program requests a service from an operating system’s kernel that it does not normally have permission to run. System calls provide the interface between a process and the operating system. Most operations interacting with the system require permissions not available to a user level process, e.g. I/O performed with a device present on the system, or any form of communication with other processes requires the use of system calls.

For example fopen is not a system call, and ReadFile is .

All of the core windows APIs exported from kernel32.dll and advapi32.dll are typically considered system calls (there are others and there are lower level APIs but this will probably meet your requirements (the lower level APIs are undocumented and much harder to use)).

To use them in your C application, if you’re using visual studio or the Windows SDK build environment, you simply have to add:

to your source file. You can then make any of the API calls from your C program.

You might have to add kernel32.lib when linking your application.

System calls on Windows

I just want to ask, I know that standart system calls in Linux are done by int instruction pointing into Interrupt Vector Table. I assume this is similiar on Windows. But, how do you call some higher-level specific system routines? Such as how do you tell Windows to create a window? I know this is handled by the code in the dll, but what actually happend at assembler-instruction level? Does the routine in dll calls software interrupt by int instruction, or is there any different approach to handle this? Thanks.

2 Answers 2

Making a Win32 call to create a window is not really related to an interrupt. The client application is already linked with the .dll that provides the call which exposes the address for the linker to use. Since you are asking about the difference in calling mechanism, I’m limiting the discussion here to those Win32 calls that are available to any application as opposed to kernel-level calls or device drivers. At an assembly language level, it would be the same as any other function call since most Win32 calls are user-level calls which internally make the needed kernel calls. The linker provides the address of the Win32 function as the target for some sort of branching instruction, the specifics would depend on the compiler.

[Edit] It looks like you are right about the interrupts and the int. vector table. CodeGuru has a good article with the OS details on how NT kernel calls work. Link:
http://www.codeguru.com/cpp/w-p/system/devicedriverdevelopment/article.php/c8035

Windows doesn’t let you call system calls directly because system call numbers can change between builds, if a new system call gets added the others can shift forward or if a system call gets removed others can shift backwards. So to maintain backwards compatability you call the win32 or native functions in DLLs.

Now there are 2 groups of system calls, those serviced by the kernel (ntoskrnl) and by the win32 kernel layer (win32k).

Kernel system call stubs are easily accessible from ntdll.dll, while win32k ones are not exported, they’re private within user32.dll. Those stubs contain the system call number and the actual system call instruction which does the job.

So if you wanted to create a window, you’d call CreateWindow in user32.dll, then the extended version CreateWindowEx gets called for backwards compatability, that calls the private system call stub NtUserCreateWindowEx , which invokes code within the win32k window manager.

System calls: What are system calls and why are they necessary?

Especially nowadays, operating systems have to provide users not only with the highest possible level of comfort, but also with maximum stability and security. That is why the developers of systems like Linux or Windows endeavor to keep the risk of potential system complications as a result of unintentional negligence or of targeted attacks from outside as low as possible. One of the most important steps taken to this end is the strict separation of the operation system core (the kernel) and application programs or user processes. The consequence of this is that programs and processes that do not belong to the system have no direct access to the CPU and the memory, and instead rely on so-called system calls.

What exactly do these calls involve, and what kinds are there?

What is a system call (syscall)?

A system call, or syscall or short, is a method used by application programs to communicate with the system core. In modern operating systems, this method is used if a user application or process needs to pass information onto the hardware, other processes or the kernel itself, or if it needs to read information from these sources. This makes these calls a link between user mode and kernel mode, the two key access and security modes for processing CPU commands in computer systems.

Until a system call has been processed and the data required has been transmitted or received, the system core takes control of the program or process, which will temporarily stop running. As soon as the action required by a system call is carried out, the kernel gives control back again, and the program code is continued from the point it had reached before the syscall was started.

Most modern operating systems makes certain system calls available as library functions, which can be executed via a program interface that is also provided. This makes software developers’ work much easier, as it means that no more precise knowledge of the internal functionalities of different system software is then needed.

Why are system calls necessary?

The need for system calls is closely tied to the modern operating system model with user mode and kernel mode, which was implemented as a response to the rising number of processes being carried out simultaneously in computers’ main memory (working memory) In this way, each individual process has its own data with special access permissions, and it is only possible for system and application programs to run properly if resources are divided up fairly.

The more privileged kernel mode is the pivotal control system here because – as mentioned already – not only are all services and processes in the system itself run there, but also system-critical actions by application programs that are blocked in user mode. One requirement is the right system call through the respective program, which in most cases is simply for access to processing power (CPU) or memory structures (working memory and hard drive space). If an application needs more computing power or storage space, for example, or an application-external file (open, read, edit, etc.) is required, system calls are essential.

To put it simply, system calls are necessary whenever a process running in user mode wishes to run a function that can only be run in the kernel mode.

What kinds of system calls are there?

As already mentioned, all system calls can essentially be used as control units for the communication between application processes and the operating system or the hardware. Established system calls can also be classified into different categories, though, whereby the following five classification types are generally accepted:

• Process control: All processes in a computer system must be monitored so that they can be stopped at any time or be controlled by other processes. For this reason, system calls in this category monitor the start and running or the abortion of processes.
• File management: This kind of system call is needed by application programs to gain access to typical file operations. These methods of file manipulation include ‘create’, ‘delete’, ‘open’, ‘close’, ‘write’ and ‘read’.
• Device management: This category includes all system calls that request or manage hardware resources such as processing power or storage space.
• Information maintenance: Processes are linked to a great deal of information that must be up-to-date and correct. To exchange or demand this information, application programs use system calls to manage and maintain information.
• Inter-process communication: The operating system and the various active application programs are only guaranteed to interact smoothly if the individual processes are well-coordinated with one another. For this reason, communication via relevant system calls is essential.

Windows and Linux: An overview of system calls

The extent to which the kinds of system calls listed can be made and implemented depends primarily on the hardware used and the system architecture, but also on the operating system used. In Linux, for example, system calls are stored directly in the Linux core in the ‘system call table’. Each entry in this table is assigned a unique number and a certain function to be run in kernel mode. To execute any desired Linux system call, the respective number is loaded in the CPU memory and then loaded with software interrupt 128 (a cue for a subfunction of the operating system that interrupts the program running in user mode).