In this article, we will explore the fascinating world of Windows Native API and everything this concept or person has to offer. From its historical origins to its relevance today, Windows Native API has played a fundamental role in various aspects of society. Throughout these pages, we will analyze its impact on culture, technology, politics and many other areas. Additionally, we will delve into its different facets, examining how Windows Native API has evolved over time and how it continues to influence our lives. Get ready to immerse yourself in a journey of discovery through this exciting topic, in which we will explore its meaning, its implications and its relevance in the contemporary world.
The topic of this article may not meet Wikipedia's general notability guideline. (February 2022) |
The Native API is a lightweight application programming interface (API) used by Windows NT and user mode applications. This API is used in the early stages of Windows NT startup process, when other components and APIs are still unavailable. Therefore, a few Windows components, such as the Client/Server Runtime Subsystem (CSRSS), are implemented using the Native API. The Native API is also used by subroutines such as those in kernel32.dll that implement the Windows API, the API based on which most of the Windows components are created.
Most of the Native API calls are implemented in ntoskrnl.exe and are exposed to user mode by ntdll.dll. The entry point of ntdll.dll is LdrInitializeThunk
. Native API calls are handled by the kernel via the System Service Descriptor Table (SSDT).
The Native API comprises many functions. They include C runtime functions that are needed for a very basic C runtime execution, such as strlen(), sprintf(), memcpy() and floor(). Other common procedures like malloc(), printf(), scanf() are missing (the first because it does not specify a heap to allocate memory from and the second and third because they use the console, accessed only via KERNEL32.DLL). The vast majority of other Native API routines, by convention, have a 2 or 3 letter prefix, which is:
user32.dll and gdi32.dll include several other calls that execute an interrupt into kernel mode. These were not part of the original Windows NT design, as can be seen in Windows NT 3.5. However, due to performance issues of hardware of that age, it was decided to move the graphics subsystem into kernel mode. As such, system call in the range of 0x1000-0x1FFF are satisfied by win32k.sys (instead of ntoskrnl.exe as done for 0-0x0FFF), and are declared in user32.dll and gdi32.dll. These functions have the NtUser and NtGdi prefix (e.g. NtUserLockWorkStation and NtGdiEnableEudc).
Uses of Native API functions includes but not limited to: