Where can you find a list or example of system calls which execute in kernel mode on Windows NT 5.1?
+1
A:
This answer doesn't have too many specifics in it, but may help set you looking in the right direction. Kernel mode is ring 0, and most of the things that run there are drivers or critical parts of the OS.
I notice that the doco released by Microsoft these days doesn't make any mention of what ring the API code runs in. You can find some functions by checking the doco that comes with the DDK (driver development kit) or by going to the websites of companies like osr.com that do articles on driver development.
Alternatively you could get the right version of Ntdll.dll and check all the functions exported from it. IIRC there were quite a lot of API functions that were prefixed with the letters Zw or Nt that run in kernel mode.
slugster
2010-07-03 03:46:09