Q. What is the difference between the Nt and Zw versions of native APIs in kernel mode?

View solution

Q. Why would you want to go through the system-call mechanism when calling an API from kernel mode?

View solution

Q. What is the purpose of the safety mechanism employed by the system when calling an API from user mode?

View solution

Q. What is the benefit of calling the Zw APIs in kernel mode?

View solution

Q. What is the system calling mechanism?

View solution

Q. When does a system call take place?

View solution

Q. Why is it not possible to directly call a kernel function from user mode?

View solution

Q. What is the dispatch routine in the system calling mechanism?

View solution

Q. How did the system call mechanism change after Windows 2000?

View solution

Q. What is a system call?

View solution

Q. What is the purpose of the system calling mechanism?

View solution

Q. What does the EAX register contain during a system call?

View solution

Q. What is the IDT?

View solution

Q. What happens when an application calls an operating system API?

View solution

Q. What is the mechanism used by operating systems for switching from user mode to kernel mode?

View solution

Q. Why is it important for reversers to have a basic understanding of executable formats?

View solution

Q. What is the executable format used in Windows?

View solution

Q. Where can you find a full listing of the individual fields of the Portable Executable (PE) format?

View solution

Q. Why is understanding executable formats important for hackers?

View solution

Q. What is the most important thing to bear in mind when dealing with executable files?

View solution