|
I've always wondered how transitions from user-mode to kernel-mode work in Windows.
But there is one thing I don't understand that I haven't seen addressed in any online articles.
I have read that kernel functions are called by a privileged "syscall" instruction. However, if this instruction is privileged, then that implies that it cannot be called by user code.
If it cannot be called from user mode, then how does kernel32.dll make calls into the kernel, since that dll is obviously loaded into user-mode processes?
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
Good question. I think if they tell you, they'll have to kill you.
BDF
I often make very large prints from unexposed film, and every one of them turns out to be a picture of myself as I once dreamed I would be.
-- BillWoodruff
|
|
|
|
|
On Windows it's sysenter, and it's not a priviledged instruction.
Now quick, add some pun so we don't get punished for programming technical serious questions in the loung!
|
|
|
|
|
Oh! Well that solves it. Thanks.
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
"syscall" isn't privileged, so there's no problem there.
"sysenter" isn't privileged either.
In ye olde days it used to use "int 0x2E" for system calls, which isn't privileged either.
|
|
|
|
|
Thanks for clearing that up!
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
Would you also like to know how it is that 32bit code can make system calls into a 64bit kernel?
|
|
|
|
|
This is a standard feature of nearly all computers. The syscall instruction (or whatever it may be called) does a context switch from user to kernel mode. This is managed by the hardware or microcode depending on the architecture of the machine.
|
|
|
|