Ntdll acts as a crucial interface that enables transitions from user-mode to kernel-mode whenever applications or processes need to access system-level resources beyond the capabilities of user-mode code. It also plays a key role in supporting various Windows subsystem DLLs, such as Kernel32.dll, AdvApi32.dll, and others. In most scenarios, public Windows API functions like CreateFile(A/W), OpenProcess, CreateThread have native equivalents within Ntdll.dll, typically distinguished by the Nt or Zw prefix, for instance, CreateFile maps to NtCreateFile. These native functions handle parameter validation and mediate the transition between user and kernel mode.