diff --git a/thesis/src/01.introduction.tex b/thesis/src/01.introduction.tex
index eeb764c..2d4db38 100644
--- a/thesis/src/01.introduction.tex
+++ b/thesis/src/01.introduction.tex
@@ -21,17 +21,38 @@ The availability of source code is a key concern when trying to intercept functi
 
 \section{Definitions}\label{sec:definitions}
 
-Lorem Ipsum.
-
-
-\subsection{System Calls}\label{subsec:system-calls}
-
-Lorem Ipsum.
+First, function calls, system calls and their differences need to be defined.
+The following subsections concern these definitions.
 
 
 \subsection{Function Calls}\label{subsec:function-calls}
 
-Lorem Ipsum.
+Generally, a function in C (and also most other programming languages) is a piece of code which may be called and therefore executed from elsewhere.
+Functions have zero or more arguments and return a single value.
+When calling a function, the caller places the return address onto the stack.
+This address indicates where the function should continue executing when it is finished.
+
+Functions are used to structure programs, reuse functionality, or expose functionality in libraries.
+Other languages than C differentiate between functions, methods, procedures and so on.
+A function written in the source code is almost always compiled to a function in the resulting binary.
+
+Intercepting calls to functions would one allow to see the name of the function, arguments, return value, and return address.
+
+
+\subsection{System Calls}\label{subsec:system-calls}
+
+In contrast to functions, system calls are calls to the kernel itself.
+Many operations on a modern operating system require special privileges, which a simple user-space process does not have.
+By invoking a system call, the (user-space) process hands control over to the (privileged) kernel and requests an operation to be performed.
+
+How exactly these system calls work is architecture and system specific.
+But generally, the process places the system call number, and its arguments in defined registers and then executes a special system call opcode.
+Then the kernel executes the requested operation and places the return value inside another register, and lastly hands the execution back to the process.
+
+Intercepting calls to system calls would one allow to see the system call number, arguments and return value.
+One has to keep in mind, that many system-related functionalities are not in fact translated to system calls one-to-one.
+For example \texttt{malloc}~\cite{malloc.3} has no dedicated system call, it is managed by the C standard library internally.
+Many system calls have corresponding wrapper functions in the C standard library (like \texttt{open}, \texttt{close}, \texttt{sem\_wait}).
 
 
 \section{Related Work}\label{sec:related-work}