SYSCALL Instruction in x64 Processes

closed account (13bSLyTq)
Hi,

As this question is nothing relating to C\C++, I posted my question here.

I have been lately debugging x64 applications call conventions in Wow64 Enviroment (obviously). I have mapped out nearly all call chain but, I have been confused what happens after x64 call of NT*** functions.

From my research, I found this: http://i.imgur.com/62h9YMo.png

I know SYSENTER and SYSCALL are different but my question here is where does SYSCALL (Not SYSENTER) lead to. As SYSENTER leads to KiFastSystemCall so there must be a System Stub call for SYSCALL. If not what does it do. If there is a System Call stub what is the name of the system call stub.
Topic archived. No new replies allowed.