The exact method depends on the processor architecture and what operations it defines for transferring to kernel mode. One approach, and the traditional one on x86, was to use a software interrupt. It turns out this wasn't very fast for the general case so later, Intel added SYSCALL
and AMD added SYSENTER
. Windows XP and later choose an appropriate system call technique for the platform, at boot time.
You could choose to use specific software interrupt numbers for specific functions, but generally the processor doesn't have enough interrupts to cover all the system functions, so it's necessary to make one of the registers contain the function number required. If you're doing that anyway, it's not much of a hardship to only use the one system call function.
Windows CE, before version 6.0, uses a side-by-side process virtual address model that actually allows processes to call into each other directly. The page protections are set up so that when this is done, an access violation fault occurs: the kernel gets control, fixes up the process address space (moving the called process into slot 0), fixes up slot-0-based arguments to point to the calling process, and returns to user mode. Because the return address is in another process, when the function call returns, the reverse process occurs. Unfortunately this model only allows very small virtual address spaces for each process (32MB) and a low number of processes (32), so Windows CE 6.0 reverts to a more traditional system call model.