That project facilitates dynamic analysis to monitor the reaction of the tested application to certain stimuli and if an interesting reaction occurs, static analysis is performed to determine the set of system calls the application might invoke These values are responsible for holding the actual information The TEB holds information that needs to be accessed by user mode code and thus is the only part of a KTHREAD that lives in user space The operating system itself is run in a privileged mode on the CPU called the kernel mode, whereas the applications run in unprivileged user mode ion source comes into play gerridae and describes the obligations each of these two has to follow when a function is invoked In the previous paragraph we saw that the operating system manages all relevant information about currently used objects for every process via the Object Table entry of the corresponding EPROCESS structure gerridae In order to answer this question we need to understand how the object table is built and how it is used