User mode program access system services via the API exposed in ntdll. ntdll places the number representing the target system service defined in SSDT (System Service Dispatch Table). into eax. It then call a common stub to transit to kernel mode
mov eax,18Ch ; target services
mov edx, offset ..... ; common stub address
call [edx]
The common stub resides in the ntdll!FastSystemCall module. It executes the sysenter (or syscall for x64) to switch to kernel mode. It will also save the esp (user mode stack pointer) to edx. sysenter will load the cs, eip and esp (kernel mode stack) from the corresponding msr (model specific register).
Eventually the call will end up in the corresponding kernel mode modul in nt executive.
