Native API
   HOME

TheInfoList



Click Here for Items Related To - Native API
OR:
Native API on:   [Wikipedia]   [Google]   [Amazon]

The Native API is a lightweight application programming interface (API) used by
Windows NT Windows NT is a proprietary graphical operating system produced by Microsoft, the first version of which was released on July 27, 1993. It is a processor-independent, multiprocessing and multi-user operating system. The first version of Wi ...
and
user mode A modern computer operating system usually segregates virtual memory into user space and kernel space. Primarily, this separation serves to provide memory protection and hardware protection from malicious or errant software behaviour. Kernel ...
applications. This API is used in the early stages of Windows NT startup process, when other components and APIs are still unavailable. Therefore, a few Windows components, such as the Client/Server Runtime Subsystem (CSRSS), are implemented using the Native API. The Native API is also used by
subroutines In computer programming, a function or subroutine is a sequence of program instructions that performs a specific task, packaged as a unit. This unit can then be used in programs wherever that particular task should be performed. Functions may ...
such as those in kernel32.dll that implement the
Windows API The Windows API, informally WinAPI, is Microsoft's core set of application programming interfaces (APIs) available in the Microsoft Windows operating systems. The name Windows API collectively refers to several different platform implementations ...
, the API based on which most of the Windows components are created. Most of the Native API calls are implemented in ntoskrnl.exe and are exposed to user mode by ntdll.dll. The
entry point In computer programming, an entry point is the place in a program where the execution of a program begins, and where the program has access to command line arguments. To start a program's execution, the loader or operating system passes c ...
of ntdll.dll is LdrInitializeThunk. Native API calls are handled by the
kernel Kernel may refer to: Computing * Kernel (operating system), the central component of most operating systems * Kernel (image processing), a matrix used for image convolution * Compute kernel, in GPGPU programming * Kernel method, in machine lea ...
via the
System Service Descriptor Table The System Service Descriptor Table (SSDT) is an internal dispatch table within Microsoft Windows. Function The SSDT maps syscalls to kernel function addresses. When a syscall is issued by a user space application, it contains the service index ...
(SSDT).


Function groups

The Native API comprises many functions. They include C runtime functions that are needed for a very basic C runtime execution, such as strlen(), sprintf(), memcpy() and floor(). Other common procedures like malloc(), printf(), scanf() are missing (the first because it does not specify a
heap Heap or HEAP may refer to: Computing and mathematics * Heap (data structure), a data structure commonly used to implement a priority queue * Heap (mathematics), a generalization of a group * Heap (programming) (or free store), an area of memory f ...
to allocate memory from and the second and third because they use the console, accessed only via KERNEL32.DLL). The vast majority of other Native API routines, by convention, have a 2 or 3 letter prefix, which is: * Nt or Zw are
system call In computing, a system call (commonly abbreviated to syscall) is the programmatic way in which a computer program requests a service from the operating system on which it is executed. This may include hardware-related services (for example, acc ...
s declared in ntdll.dll and ntoskrnl.exe. When called from ntdll.dll in user mode, these groups are almost exactly the same; they trap into
kernel mode In computer science, hierarchical protection domains, often called protection rings, are mechanisms to protect data and functionality from faults (by improving fault tolerance) and malicious behavior (by providing computer security). Compute ...
and call the equivalent function in ntoskrnl.exe via the SSDT. When calling the functions directly in ntoskrnl.exe (only possible in kernel mode), the Zw variants ensure kernel mode, whereas the Nt variants do not. The Zw prefix does not stand for anything. * Rtl is the second largest group of ntdll calls. These comprise the (extended) C Run-Time Library, which includes many utility functions that can be used by native applications, yet don't directly involve kernel support. * Csr are client-server functions that are used to communicate with the Win32 subsystem process, csrss.exe (''csrss'' stands for client/server runtime sub-system). * Dbg are
debugging In computer programming and software development, debugging is the process of finding and resolving ''bugs'' (defects or problems that prevent correct operation) within computer programs, software, or systems. Debugging tactics can involve in ...
functions such as a software
breakpoint In software development, a breakpoint is an intentional stopping or pausing place in a program, put in place for debugging purposes. It is also sometimes simply referred to as a pause. More generally, a breakpoint is a means of acquiring knowl ...
. * Ki are upcalls from kernel mode for events like APC dispatching. * Ldr are loader functions for PE file handling and starting of new processes. * Nls for National Language Support (similar to code pages). * Pfx for prefix handling. * Tp for threadpool handling. user32.dll and gdi32.dll include several other calls that trap into kernel mode. These were not part of the original Windows NT design, as can be seen in Windows NT 3.5. However, due to performance issues of hardware of that age, it was decided to move the graphics subsystem into kernel mode. As such, system call in the range of 0x1000-0x1FFF are satisfied by win32k.sys (instead of ntoskrnl.exe as done for 0-0x0FFF), and are declared in user32.dll and gdi32.dll. These functions have the NtUser and NtGdi prefix (e.g. NtUserLockWorkStation and NtGdiEnableEudc).


Uses

Uses of Native API functions includes but not limited to: *Enabling and disabling privileges (RtlAdjustPrivilege) *Creating remote thread within processes that are running in different session (RtlCreateUserThread) *Running native application (RtlCreateUserProcess) *Performing force shutdown (NtShutdownSystem)


See also

*
List of Microsoft Windows components The following is a list of Microsoft Windows components. Configuration and maintenance User interface Applications and utilities Windows Server components File systems Core components Services This list is not all-inclusiv ...


References


External links


A website that documents most of the Native API functions

Inside Native Applications



Open source native applications development framework

Compiling Free Pascal programs for the native API

Windows NT Native Tools - A free native applications development util

Native shell - Windows command prompt which can start before Winlogon and Win32 subsystem
{{Microsoft APIs Microsoft application programming interfaces Operating system APIs Windows NT kernel