Comment by sedatk
11 hours ago
NTDLL is NT’s kernel ABI, not syscalls. Nothing on Windows uses syscalls to call the kernel.
NTDLL isn’t some higher level library. It’s just a series of entry points into NT kernel.
11 hours ago
NTDLL is NT’s kernel ABI, not syscalls. Nothing on Windows uses syscalls to call the kernel.
NTDLL isn’t some higher level library. It’s just a series of entry points into NT kernel.
Yes, the fact that functions in NTDLL issue a syscall instruction is a platform-specific implementation detail.