Glossary
System Call
A controlled transition from user space to the OS kernel to request a privileged operation such as reading a file or allocating memory.
A system call (syscall) is the mechanism by which a user-space program requests a service from the operating system kernel — for example, reading a file (read), creating a process (fork/CreateProcess), or allocating memory (mmap/VirtualAlloc). On x86-64 Linux, a syscall is triggered with the syscall instruction, with the syscall number in RAX and arguments in RDI, RSI, RDX, etc. On Windows, syscalls are made indirectly through ntdll.dll stubs. Monitoring system calls (via strace, API Monitor, or API hooking) during dynamic analysis reveals what a program actually does at the OS level, making it a powerful malware-analysis technique.