Windows NT calls system services by using an "int 2e" software interrupt. The "int 2e" instruction uses both an interrupt gate and a code segment descriptor to find the interrupt service routine (KiSystemService) which services the "int 2e" software interrupt. Since the CPU will have to load one interrupt gate and one segment descriptor from memory in order to know what interrupt service routine to call, significant overhead is involved in making an "int 2e" system call. The SYSENTER instruction drastically reduces this overhead.

Learn about the exact mechanism that Windows NT uses when switching to kernel mode to execute a system service. The description is for an x86-compatible CPU running in protected mode. Other platforms supported by Windows NT will have a similar mechanism for switching to kernel mode.