Function RTCallRing0

This function allows executing a function at CPL 0 within a program running at CPL 3 or 0:

typedef DWORD (__fastcall * RTRing0Function)(void * P); 

DWORD RTCallRing0(RTRing0Function Ring0Func, void * P);

The function to be called has a single 32-bit parameter, a 32-bit function result, and must use register calling conventions. RTCallRing0 will pass its parameter P to Ring0Func in registers EAX and ECX and will return the value returned by Ring0Func in EAX.

If the calling program runs at CPL 0, RTCallRing0 will simply call Ring0Func. If the program executes at CPL 3, RTCallRing0 will use a call gate to transfer control to Ring0Func. In addition, interrupts are disabled and the interrupt state is restored when the function returns.

When RTTarget-32 flag RT_PREFETCH_RING0 is set, this function will prefetch code and data required to call ring 3 to reduce the interrupt latency at the expense of execution time.

A few things should be noted if this function is used in programs running at CPL 3:

Ring0Func may call other functions. Such called functions will also execute at CPL 0.
Interrupts are disabled and must not be reenabled. Thus, the function should be short.
You cannot set debugger breakpoints within the Ring0Func or any function it calls.
The function will execute on the boot code's ring 0 stack, which has a size of only 256 bytes. Please be sure not to use more stack space.
All privileged instructions except HLT can be executed. To execute HLT from CPL 0, see function RTHaltCPL3.
Write protection for read-only and system pages is not enforced.
Code executing at CPL 0 may never raise an exception, be it a Win32 structured or C++ exception. Exceptions cannot be propagated across privilege levels.
You cannot execute floating point instructions if the emulator is being used.
Segment selector 3Bh (index 7) is used for the call gate and must not be used by the application.

Function RTSectionName

Down Function RTRaiseCPUException