I am trying to figure out how syscalls are performed on kernel, Are there any good explanation about what exactly happens on kernel, when a "syscall" instruction is encountered. What are the ways to view those kernel-mode callbacks and maybe documenting some undocumented functions.
Basically what I'm asking
mov eax, 23h ; NtQueryVirtualMemorysyscall ; Any way to view what OS does, how it fills registers, sets return value etc. after executing this instructionThanks.