CritSectionVsKernelObject

This is a repo with the sample code for my blog post:

Critical Section vs Kernel Objects

Spinning in user-mode versus entering kernel - the cost of a SYSCALL in Windows.

This POC project demonstrates performance difference between a critical section and a synchronization kernel object in Windows.

It covers the following topics:

• Intro

• Critical Section

  • Critical Section Internals

• Kernel Synchronization Objects

• Entering Kernel From a User-Mode

• The Cost of a SYSCALL

  • Entering SYSCALL
  • syscall Instruction
  • Beginning of The System Call Handler
  • Kernel Stack Layout
  • KiSystemServiceUser
  • KiSystemServiceStart - System Service Number
  • System Service Descriptor Tables
  • System Service Number To Service Function
  • Service Function Input Parameters
  • Calling The Service Function

• Leaving SYSCALL

  • Return From The Service Function
  • Processing User-Mode APCs
  • Security Mitigations At Exit
  • Instrumentation Callback
  • More Security Mitigations At Exit
  • sysretq Instruction
  • System Exit With Meltdown Mitigations

• Alternative Exit

• KiServiceInternal

• Zw* Kernel Functions Prolog

• Nt* Kernel Functions

• POC To Illustrate The Performance Impact

• Conclusion