Questions tagged [sysenter]

SYSENTER is a companion instruction to SYSEXIT.

Executes a fast call to a level 0 system procedure or routine. SYSENTER is a companion instruction to SYSEXIT. The instruction is optimized to provide the maximum performance for system calls from user code running at privilege level 3 to operating system or executive procedures running at privilege level 0.
Prior to executing the SYSENTER instruction, software must specify the privilege level 0 code segment and code entry point, and the privilege level 0 stack segment and stack pointer by writing values to the following MSRs:

• IA32_SYSENTER_CS — Contains a 32-bit value, of which the lower 16 bits are 
the segment selector for the privilege level 0 code segment. This value is also 
used to compute the segment selector of the privilege level 0 stack segment.
• IA32_SYSENTER_EIP — Contains the 32-bit offset into the privilege level 0 code 
segment to the first instruction of the selected operating procedure or routine.
• IA32_SYSENTER_ESP — Contains the 32-bit stack pointer for the privilege level 
0 stack.

10 questions

votes

2 answers

Syscall or sysenter on 32 bits Linux?

Since MS‑DOS, I know system invocation using interrupts. In old papers, I saw reference to int 80h to invoke system functions on Linux. Since a rather long time now, I know int 80h is deprecated in favour of the syscall instruction. But I can't get…

asked Mar 24 '13 at 12:54

Hibou57

6,870
6
52
56

votes

1 answer

How is SYSENTER used in 64-bit mode, and what is IA32_SYSENTER_CS?

Reading the description of the SYSENTER instruction, I came across the following: IA32_SYSENTER_CS Contains ring 0 code segment (CS) I thought that 64 bit systems now use virtual memory address scheme (pagination), which basically no longer relies…

assembly kernel x86-64 sysenter

asked Jun 21 '17 at 03:13

Rustam Issabekov

3,279
6
24
31

votes

1 answer

Windows 7 x86 perform a direct system call using sysenter

I'm trying to write some program to directly call a system call without going through ntdll.dll My code ( Visual Studio syntax...): #include int main() { _asm{ push arg1 push arg2 push arg3 mov…

windows kernel system-calls sysenter

asked Nov 03 '13 at 13:38

John Smith

votes

0 answers

Sysenter Results In SIGILL Signal. How To Test Int0x80 / Sycall / Sysenter On A x86_64?

. I have a school project, recoding a strace-like command on a x86_64 OpenSUSE. (Intell i7) For this purpose we are, of course, using ptrace system call but it is forbiden to use PTRACE_SYSCALL. We have to use PTRACE_SINGLESTEP and detect systems…

system-calls strace sysenter

asked May 06 '15 at 09:03

Lks

votes

0 answers

Linux system call register saving

I have two simple questions regarding 32bit Linux system call. in x86 Linux, there are 2 ways for calling system call. First one is using int 0x80, another is sysenter. I know the basic conceptual difference between these two (sysenter uses…

linux x86 system-calls sysenter

asked Mar 19 '14 at 18:00

daehee

5,047
7
44
70

votes

2 answers

CPU raises with attributesOfItemAtPath:error:

I am using [NSFileManager attributesOfItemAtPath:error:] function for fetching attributes of file. But sometimes my application cpu is going upto 100%. I am using this function for 100k(approx.) files. Sample of my application: …

objective-c macos cocoa nsfilemanager sysenter

asked May 14 '12 at 09:12

Parag Bafna

22,812
8
71
144

vote

0 answers

Hooking Windows Kernel Dispatcher for System Calls

I'm trying to hook SYSENTER dispatch function from the kernel and during the past few days I was studying about what happens when a program executes SYSENTER and wants to enter to kernel then I realized IA32_SYSENTER_EIP and IA32_SYSENTER_ESP are…

windows hook system-calls sysenter

asked Oct 28 '18 at 14:47

Embrace

vote

0 answers

How to Disable SYSENTER Syscall Support and Only Use int $0x80 in Linux

I am trying to disable SYSENTER syscall support and let all system calls fall back through int $0x80 interrupts in Linux without any use of ptrace. I have found two ways： Disable VDSO entirely by modifying /proc/sys/vm/vdso_enabled file to 0 Modify…

linux kernel system-calls sysenter

asked Nov 14 '12 at 19:41

andrew

votes

3 answers

C++ SYSENTER x86 calls in inline assembly

I'm about to learning how sysenter on x86 works. and i created a simple console application on x86 platform, which should call the NtWriteVirtualMemory function manually in inline assembly. i started with this code here, but it seems that the…

c++ windows assembly x86 sysenter

asked Aug 18 '20 at 15:21

Steven.Hawks

votes

2 answers

why linux kernel don't restore all register when using sysenter/sysexit?

In linux kernel 2.6.11, when use sysenter to do the system call, it is almost the same as init 0x80, using save_all to push all register on the kernel stack, but after the call is finished, if relevant flag is not set, we use sysexit to return, but…

linux x86 system-calls calling-convention sysenter

asked Apr 21 '15 at 02:05

gankme