flat assembler
Message board for the users of flat assembler.

Index > Main > Interrupts vs. Calls

Author
Thread Post new topic Reply to topic
itsnobody



Joined: 01 Feb 2008
Posts: 93
Location: Silver Spring, MD
itsnobody
Just wondering, which is actually faster? Interrupts or calls?
Post 09 Feb 2008, 19:42
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17716
Location: In your JS exploiting you and your system
revolution
What sort of calls? Near? Far? What mode? Real? PM? What code setting? 16? 32?
Post 09 Feb 2008, 20:05
View user's profile Send private message Visit poster's website Reply with quote
edfed



Joined: 20 Feb 2006
Posts: 4242
Location: 2018
edfed
near calls are faster than interrupts.
far calls to another task is slower than interrupts.
jmp far is faster than call far
jmp to another task is slow.
task switch is slow
segment change in real mode is faster than segment change in protected mode.
but interrupt is not as easy to operate as calls (for system coder).
but interrupts are easyer to use as application programmer, it is more convenient for librairy sharing, linux does this, via int80h

more precisions will come via other members.
Post 09 Feb 2008, 21:30
View user's profile Send private message Visit poster's website Reply with quote
itsnobody



Joined: 01 Feb 2008
Posts: 93
Location: Silver Spring, MD
itsnobody
So which would be faster? The Linux interrupts or Windows API (assuming both do the samethings)?
Post 11 Feb 2008, 19:41
View user's profile Send private message Reply with quote
System86



Joined: 15 Aug 2007
Posts: 77
System86
Quote:

So which would be faster? The Linux interrupts or Windows API (assuming both do the samethings)?


Windows API is not the lowest layer. The Win32 functions end up calling the NT native functions, which then generate an int 2Eh to make a kernel call.
Post 11 Feb 2008, 23:14
View user's profile Send private message Reply with quote
OzzY



Joined: 19 Sep 2003
Posts: 1029
Location: Everywhere
OzzY
System86 wrote:
Quote:

So which would be faster? The Linux interrupts or Windows API (assuming both do the samethings)?


Windows API is not the lowest layer. The Win32 functions end up calling the NT native functions, which then generate an int 2Eh to make a kernel call.


Is it possible to make a kernel call or an int 2Eh directly without windows API?
Post 12 Feb 2008, 01:26
View user's profile Send private message Reply with quote
edfed



Joined: 20 Feb 2006
Posts: 4242
Location: 2018
edfed
windows api come from a file loaded in memory at boot time.
a .dll
for use of these libs need an include '*.inc', to import the list of pointers and equates.
Post 12 Feb 2008, 01:53
View user's profile Send private message Visit poster's website Reply with quote
System86



Joined: 15 Aug 2007
Posts: 77
System86
Quote:

Is it possible to make a kernel call or an int 2Eh directly without windows API?


Theoretically yes, but Int 2Eh is undocumented internal interface and sometimes changes between windows versions, so using it is nonportable (unlike int 21h for DOS or int 80h for Linux, which are standard interfaces).

If you want low level access to Windows, better use Native API, which is still mostly officially undocumented but is more well known. See http://undocumented.ntinternals.net/ for NT native functions.
Post 12 Feb 2008, 02:18
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17716
Location: In your JS exploiting you and your system
revolution
OzzY wrote:
Is it possible to make a kernel call or an int 2Eh directly without windows API?
Yes and no.

Yes in the sense that there is no restriction and you can directly call int 0x2e if you want. Although there is very little advantage to doing so because the whole interface is not officially documented and can change at any time with an update or service pack. Note that many kernel32 API's are simply wrappers to int 0x2e functions, so in effect you already do call the kernel directly.

No in the sense that you are forced to load at least one API DLL into your address space, ntdll.dll will always be mapped in and depending on the OS version ntdll will subsequently load in kernel32.dll. My testing shows that Win2K and WinXP behave differently, one will allow an exe file with no imports and the other will not. I forget which one works and which doesn't, but it is not important anyway, it is enough to know that doing so is unreliable.
Post 12 Feb 2008, 02:20
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.