Articles Written by John Gulbrandsen

System Call Optimization with the SYSENTER Instruction

Windows NT calls system services by using an "int 2e" software interrupt. The "int 2e" instruction uses both an interrupt gate and a code segment descriptor to find the interrupt service routine (KiSystemService) which services the "int 2e" software interrupt. Since the CPU will have to load one interrupt gate and one segment descriptor from memory in order to know what interrupt service routine to call, significant overhead is involved in making an "int 2e" system call. The SYSENTER instruction drastically reduces this overhead.

How Do Windows NT System Calls REALLY Work?

Learn about the exact mechanism that Windows NT uses when switching to kernel mode to execute a system service. The description is for an x86-compatible CPU running in protected mode. Other platforms supported by Windows NT will have a similar mechanism for switching to kernel mode.

Top White Papers and Webcasts

  • It's time high-level executives and IT compliance officers recognize and acknowledge the danger of malicious insiders, an increased attack surface and the potential for breaches caused by employee error or negligence. See why there is extra emphasis on insider threats.

  • Live Event Date: May 6, 2014 @ 1:00 p.m. ET / 10:00 a.m. PT While you likely have very good reasons for remaining on WinXP after end of support -- an estimated 20-30% of worldwide devices still are -- the bottom line is your security risk is now significant. In the absence of security patches, attackers will certainly turn their attention to this new opportunity. Join Lumension Vice President Paul Zimski in this one-hour webcast to discuss risk and, more importantly, 5 pragmatic risk mitigation techniques …

Most Popular Programming Stories

More for Developers

Latest Developer Headlines

RSS Feeds