2

I'm noob on kernel-land of OS. Recently I've studied about how program works in kernel-land.

I know several windows api calls are just wrapper of system call for kernel-land. That finally execute syscall/sysret/sysenter to enter kernel-land, and kernel-land receiver(KiFastCallEntry and etc) receives it and throw it to handler which is responsible to parse and act with it.

But the other way for communicating kernel-land I know is IOCTL, like DeviceIoControl(). I've used it to communicate my custom device drivers.

My question is that, What is differences between syscall and DeviceIoControl()? Why two(or more) ways are available/splitted to communicate kernel-land in Windows? Can I use series of syscall for communicating my custom device drivers without calling DeviceIoControl?

Thanks for reading my question. Have a good day :)

ManyPenguinsAreHere
  • 21
  • 1
  • 1
    (1) There aren't two different mechanisms; DeviceIoControl() uses the same mechanism to enter kernel mode as every other API, which might vary depending on the Windows version and exact CPU architecture. (2) No, Windows does not provide any mechanism for a device driver to add its own syscalls. – Harry Johnston Dec 28 '16 at 11:39
  • Thanks for answer Harry. – ManyPenguinsAreHere Dec 28 '16 at 11:59
  • I understand what you mean as that both DeviceControl() and SYSCALL/SYSRET/etc is used to communicate kernel-land but Both is different. Is it right? – ManyPenguinsAreHere Dec 28 '16 at 12:01
  • I guess/think/understand SYSCALL/SYSRET is used to call Windows-default-provided features like read()/write() but DeviceIoControl() is usually used for just driver-communication. – ManyPenguinsAreHere Dec 28 '16 at 12:05
  • 1
    No. ReadFile(), WriteFile(), and DeviceIoControl() all enter kernel mode in exactly the same way. If the CPU architecture is appropriate, they all use SYSCALL/SYSRET. There's no difference. – Harry Johnston Dec 28 '16 at 12:14
  • A-ha. I got it! Thanks @HarryJohnston ! – ManyPenguinsAreHere Dec 30 '16 at 03:18

0 Answers0