The transition from user mode to kernel mode is not a context switch. There
is an ‘interrupt gate’ (Int 21) used on x86 systems to switch from user to
kernel mode, but this is much less overhead than a context switch. Basically
the transition gives the thread a new stack and opens up the kernel
protected VA space to the thread.
The Zw calls all have slightly less overhead than the equivalent NT system
service apis (the ones named Nt rather than Zw.) You would basically just be
saving the overhead of the INT 21 processing for user-kernelmode transition,
and that is not huge. Win32 of course adds an additional layer of software
on top of the system service api, but once again it is not overly bloated.
Of course the answer is that it would be marginally faster to do everything
in kernel mode. We could in fact all just abandon the concept of protected
rings of execution and have everybody execute their applications in one big
shared memory address space. We could call the resulting mess the ‘MacOS’
You should put code in a device driver because it is the only way to access
kernel protected resources. For NT4 - your use of a driver was correct as it
was the only way to get at the functionality you required. For W2K rather
than considering putting more of your application into the kernel you should
be considering getting it all out of the kernel.
-----Original Message-----
From: Rob Newberry [mailto:xxxxx@grouplogic.com]
Sent: Friday, October 06, 2000 10:55 AM
To: NT Developers Interest List
Subject: [ntdev] is doing stuff in kernel mode faster?
I have a particular operation that opens a file, reads part
of it, then
rewrites it. Currently, I use normal NT/Win32 APIs to open, read and
rewrite the file. This is all done in user mode in my application.
My application also includes a very simple device driver
component – the
purpose of this component was to utilize LSA APIs that were
kernel-only
until Windows 2000.
So, the question is, would this particular operation (which
happens a LOT)
be any faster if I moved the code into my device driver? Basically, I
would change my NT/Win32 APIs with the Zw routines (ZwCreateFile,
ZwReadFile, ZwWriteFile). Presumably, this would save
context switches
between user and kernel mode (since the entire set of APIs
would execute
in kernel mode, instead of entering kernel mode/leaving
kernel mode for
each API call), but I’m not sure – a Microsoft engineer told
me that the
Zw APIs are only mappers onto the external APIs so that one could use
those APIs in a device driver.
So, what’s the consensus? Would moving to kernel mode make such a
sequence of operations perform faster?
Rob
Rob Newberry
Director of Fajita Technology
Group Logic, Inc.
You are currently subscribed to ntdev as: xxxxx@stratus.com
To unsubscribe send a blank email to $subst(‘Email.Unsub’)