Interesting, I wonder how much overhead is added to syscalls to look up the process type. Does NT still do this check when no WSL processes are running?
Pretty sure these are different entry points, so you wouldn't need to do anything different for normal Windows processes whether WSL is running or not.
I don't think so... both linux and windows binaries are using the same SYSCALL cpu instruction, and thus must be going to the same handler in the NT kernel.