Alright, so I'm debugging a process, and I trace into a Kernel32 call. At some point I arrive at the sysenter command, and then when I trace over it, it says status: running, and does nothing. What does this mean, and what is the sysenter command??

sysenter is a wrapper for passing from ring 3 (user mode code) to ring 0 (kernel mode code)
in windows you cant access kernel directly from user mode code
you need a device driver (called vxd wdm) to access kernel code

the ntdll.dll is a dll which takes user mode code referances
and passes it to NTExecutive (ntoskrnl.exe) or hardware abstarction layer
hal.dll

in w9x series there were vxdcalls there were many loop holes that allowed code to access kernel without having a device driver it was modified in w2k it was int 2e which was called NTcall it had some speed overheads iirc so it was modified to sysenter in xp

if you prefer to read about NTcalls
visit sysinternals website and find NATIVE API referances
or get undocumented windows internals some thing book by
sven_b_schreiber

simply speaking CreateFileA() that you code in your program
calls CreateFileW which in turn calls
ntCreateFile in ntdll which calls the NTExecutive with sysenter
the system creates the files and returns back to your code

I might point to some earlier post/answer by me regarding that topic

http://ollydbg.win32asmcommunity.net/?action=vthread&forum=1& topic=680 ("http://ollydbg.win32asmcommunity.net/?action=vthread&forum=1&topic=680")

Hope it helps...

Thanks focht, that helped a lot.