Hi to all  :P

I don't know much about Ring 0 so I was wondering if you tell me about advantages and disadvantages of programming in Ring 0?

What can I do in that mode?

How I get from Ring 3 to Ring 0? (I heard that I've to use "sysenter" an "sysexit" but I'm not sure, and I tried to use these instructions and masm gives me an error :|)

Thanks,
Germain :)
Posted on 2009-12-10 15:28:19 by GermainR27
What OS are we talking about?
Posted on 2009-12-10 19:12:20 by ti_mo_n
Sorry, I forgot to tell you that xD

It's Windows
Posted on 2009-12-10 19:58:57 by GermainR27
You don't "get into ring 0" under Windows (at least not without using any h@x). You either write user-mode programs or kernel-mode drivers. Please read Kernel-Mode Driver Architecture Design Guide.
Posted on 2009-12-10 20:39:13 by ti_mo_n
The advantage of Ring-0 is that you have full access to all CPU instructions, and you can access whatever memory you want whereas Ring-3 processes are pretty limited.

This is also a disadvantage of Ring-0: make mistakes and you can crash the entire OS, not just your own process. You don't really need Ring-0 unless you're writing drivers, and code running in Ring-0 doesn't really run faster than Ring-3.
Posted on 2009-12-11 02:29:56 by f0dder
Yup, don't use ring0 unless you really have to.
Even Microsoft is still working on that one. For example, the old DirectX design was based on the old Windows 9x architecture. The API layer would build a command, and then send it off to the device driver in ring0, via the special interrupt mechanism. The problem was that this API layer was hardware-independent, so you were already in ring0 by the time you got your data... and then the ring0 part had to translate it to hardware-specific stuff, causing a lot of extra overhead.
According to MS, about 20% of all Windows XP bluescreens were caused by the display driver.

Moral of the story: Don't use ring0 unless you really have to...
Also, avoid switching between ring0 and ring3, as it can be relatively costly.
It's best for stability and performance to do as much as possible in ring3, and use ring0 only as a 'window' to the hardware/lowlevel OS functionality when required.
Generally you won't require ring0 unless you are writing your own driver for some special hardware, or when you want some kind of OS extension that requires direct access to the kernel (things like virus scanners, firewalls, disk defragmenters may need that from time to time).
Posted on 2009-12-11 03:11:57 by Scali
mm ok

Thanks  :P
Posted on 2009-12-11 13:05:03 by GermainR27