http://debianws.lexgopc.com/wiki143/index.php?action=history&feed=atom&title=Windows_Native_APIWindows Native API - Revision history2026-05-01T17:40:17ZRevision history for this page on the wikiMediaWiki 1.43.1http://debianws.lexgopc.com/wiki143/index.php?title=Windows_Native_API&diff=2399175&oldid=previmported>InternetArchiveBot: Rescuing 1 sources and tagging 0 as dead.) #IABot (v2.0.9.5) (Whoop whoop pull up - 224052025-01-07T21:56:33Z<p>Rescuing 1 sources and tagging 0 as dead.) #IABot (v2.0.9.5) (<a href="/wiki143/index.php?title=User:Whoop_whoop_pull_up&action=edit&redlink=1" class="new" title="User:Whoop whoop pull up (page does not exist)">Whoop whoop pull up</a> - 22405</p>
<p><b>New page</b></p><div>{{primary sources|date=January 2018}}<br />
{{notability|date=February 2022}}<br />
The '''Native API''' is a lightweight [[application programming interface]] (API) used by [[Windows NT]]'s [[Ntoskrnl.exe|kernel]] and [[user mode]] applications. This API is used in the early stages of [[Windows NT startup process]], when other components and APIs are still unavailable. Therefore, a few Windows components, such as the [[Client/Server Runtime Subsystem]] (CSRSS), are implemented using the Native API. The Native API is also used by [[subroutine]]s such as those in [[kernel32.dll]] that implement the [[Windows API]], the API based on which most of the Windows components are created.<br />
<br />
Most of the Native API calls are implemented in [[ntoskrnl.exe]] and are exposed to user mode by '''ntdll.dll'''. The [[entry point]] of ntdll.dll is <code>LdrInitializeThunk</code>. Native API calls are handled by the [[Windows NT kernel|kernel]] via the [[System Service Descriptor Table]] (SSDT).<br />
<br />
== Function groups ==<br />
The Native API comprises many functions. They include [[C standard library|C runtime functions]] that are needed for a very basic [[C (programming language)|C]] runtime execution, such as strlen(), sprintf(), memcpy() and floor(). Other common procedures like malloc(), printf(), scanf() are missing (the first because it does not specify a [[Dynamic memory allocation|heap]] to allocate memory from and the second and third because they use the console, accessed only via KERNEL32.DLL). The vast majority of other Native API routines, by convention, have a 2 or 3 letter prefix, which is:<br />
* '''Nt''' or '''Zw''' are [[system call]]s declared in ntdll.dll and ntoskrnl.exe. When called from ntdll.dll in user mode, these groups are almost exactly the same; they execute an [[interrupt]] into [[Ring (computer security)#Supervisor mode|kernel mode]] and call the equivalent function in ntoskrnl.exe via the [[System Service Dispatch Table|SSDT]]. When calling the functions directly in ntoskrnl.exe (only possible in kernel mode), the Zw variants ensure kernel mode, whereas the Nt variants do not.<ref>{{cite journal | author=The NT Insider | journal=OSR Online | volume=10 | issue=4 | date=August 27, 2003 | url=http://www.osronline.com/article.cfm?article=257 | title=Nt vs. Zw - Clearing Confusion On The Native API | publisher=OSR Open Systems Resources | access-date=2013-09-16 }}</ref> The Zw prefix does not stand for anything.<ref name="oldnewthing">{{cite web | author=Raymond Chen | year=2009 | url=https://devblogs.microsoft.com/oldnewthing/?p=18043 | title=The Old New Thing : What does the "Zw" prefix mean? | publisher=[[Microsoft Corporation]] | access-date=2009-06-13 }}</ref><br />
* '''Rtl''' is the second largest group of ntdll calls. These comprise the (extended) C Run-Time Library, which includes many utility functions that can be used by native applications, yet don't directly involve kernel support.<br />
* '''Csr''' are client-server functions that are used to communicate with the Win32 subsystem process, [[csrss.exe]] (''csrss'' stands for client/server runtime sub-system).<br />
* '''Dbg''' are [[debugging]] functions such as a software [[breakpoint]].<br />
* '''Ki''' are upcalls from kernel mode for events like [[Asynchronous procedure call|APC]] dispatching.<br />
* '''Ldr''' are loader functions for [[Portable Executable|PE]] file handling and starting of new processes.<br />
* '''Nls''' for [[Internationalization and localization|National Language Support]] (similar to code pages).<br />
* '''Pfx''' for prefix handling.<br />
* '''Tp''' for threadpool handling.<br />
<br />
user32.dll and gdi32.dll include several other calls that execute an interrupt into kernel mode. These were not part of the original Windows NT design, as can be seen in [[Windows NT 3.5]]. However, due to performance issues of hardware of that age, it was decided to move the graphics subsystem into kernel mode. As such, system call in the range of 0x1000-0x1FFF are satisfied by [[win32k.sys]] (instead of ntoskrnl.exe as done for 0-0x0FFF), and are declared in user32.dll and gdi32.dll. These functions have the '''NtUser''' and '''NtGdi''' prefix (e.g. '''NtUserLockWorkStation''' and '''NtGdiEnableEudc''').<br />
<br />
==Uses==<br />
Uses of Native API functions includes but not limited to:<br />
<br />
*Enabling and disabling privileges (RtlAdjustPrivilege)<br />
*Creating remote threads within processes that are running in different session (RtlCreateUserThread)<br />
*Running native applications (RtlCreateUserProcess)<br />
*Performing a forced shutdown (NtShutdownSystem)<br />
*Causing a BSOD in User mode (NtRaiseHardError)<br />
*Displaying a string in Native Mode (NtDisplayString)<br />
<br />
== See also ==<br />
* [[List of Microsoft Windows components]]<br />
<br />
== References ==<br />
{{Reflist}}<br />
<br />
==External links==<br />
* [https://undocumented.ntinternals.net/ A website that documents most of the Native API functions] {{Webarchive|url=https://web.archive.org/web/20171025041949/http://undocumented.ntinternals.net/ |date=2017-10-25 }}<br />
* [https://technet.microsoft.com/sysinternals/bb897447.aspx Inside Native Applications]<br />
* [https://web.archive.org/web/20121224002314/http://netcode.cz/img/83/nativeapi.html Inside the Native API]<br />
* [http://zenwinx.sourceforge.net/ Open source native applications development framework]<br />
* [http://wiki.lazarus.freepascal.org/Target_NativeNT Compiling Free Pascal programs for the native API]<br />
* [https://sourceforge.net/projects/nativetools/ Windows NT Native Tools - A free native applications development util]<br />
* [http://hex.pp.ua/nt-native-applications-shell-eng.php Native shell - Windows command prompt which can start before Winlogon and Win32 subsystem] {{Webarchive|url=https://web.archive.org/web/20150811102814/http://hex.pp.ua/nt-native-applications-shell-eng.php |date=2015-08-11 }}<br />
<br />
{{Microsoft APIs}}<br />
{{Microsoft Windows components}}<br />
<br />
[[Category:Microsoft application programming interfaces]]<br />
[[Category:Operating system APIs]]<br />
[[Category:Windows NT kernel]]</div>imported>InternetArchiveBot