| <<< Hello, World, step-by-step, Cont. | Index | SYSENTER Instruction, Cont. >>> |
When tracing the runtime execution, OllyDbg debugger stops before each SYSENTER instruction.
SYSENTER instruction, as Intel manual indicates, "is optimized to provide the maximum performance for transitions to protection ring 0", which is the way Windows XP/Vista and Linux applications invoke system services.
The OllyDbg call stack window indicates our current application state. It is a great opportunity for us to explore the functions of our application:
Clicking on the "Procedure" column of the stack window takes us to the beginning of a procedure being currently invoked (more precisely, the information about the procedure found in the corresponding stack frame.)
Clicking on the "Called from" column takes us to the responsible CALL instruction.
| <<< Hello, World, step-by-step, Cont. | Index | SYSENTER Instruction, Cont. >>> |