In Windows older versions the user calls were routed to their corresponding system calls through interrupt 2e which was handled by system service dispatcher.
I mean say for the user mode function read_file() there was a corresponding kernel mode function.
The system call index was fed in eax register and was used to index into system call table to find the corresponding kernel mode function.
But in newer windows versions I heard this has changed and interrupts are no more used.
Will anyone let me know what is the new mechanism to handle system calls?
Any good link will help.
0 · ·