Is there any difference between KeWaitForSingleObject with timeout set to 0 and KeReadStateSemaphore?
There is a very big difference. While KeReadStateSemaphore simply returns the state of the semaphore, KeWaitForSingleObject with a timeout of 0 will actually process side-effects should the wait be satisfied (i.e. the side-effect is to decrement the signal state). Use the former to poll, and use the latter to try to acquire a semaphore without waiting.