how do WinAPI functions enter the kernel mode?
perhaps they perform a software interrupt by means of an
INT instruction and then it will be called a certain kernel-mode routine specified by the contents of the EAX register?
how do WinAPI functions enter the kernel mode?
perhaps they perform a software interrupt by means of an
INT instruction and then it will be called a certain kernel-mode routine specified by the contents of the EAX register?
I think this article should answer your question.