Kernel Debugging is an essential day to day activity in many reversing sessions, certainly more so for the Windows platforms as it is a closed source, unlike Linux (open source) where reversing has a different connotation mainly related to hardware protocols and understanding of the system as a whole. Therefore, it is advantageous to have a general idea about how the various APIs in Windows work together, how user mode Ring 3 code can communicate with native APIs in Ring 0 or kernel mode, and how the different APIs mechanisms are abstracted from each other. User mode code does not have a direct interface to the kernel and has to implement it via ntdll.dll as a gateway to ntoskrnl.exe which is the OS kernel in Windows. Many calls to ntdll.dll are done via kernel32.dll which acts yet another upper level abstraction user mode wrapper. The SYSENTER and SYSEXIT assembly mnemonics(opcodes), not a call-return pair though...