Название: Windows Native API Programming Автор: Pavel Yosifovich Издательство: Leanpub Год: 2024-06-21 Страниц: 391 Язык: английский Формат: pdf (true) Размер: 10.1 MB
Low-level user-mode programming for Windows usually involves working with the documented Windows API, exported from subsystem DLLs, such as Kernel32.dll, user32.dll, advapi32.dll, kernelbase.dll, and more. Lurking beneath most of these APIs are system calls, invoked under the covers to access the kernel. Anything worthwhile in Windows (or any other OS for that matter) must talk to the kernel to get system-level things done, such as allocating memory, creating processes and threads, performing I/O operations, and more.
The native API, implemented in a couple of DLLs is used to make the transition to the kernel. The most important one is NtDll.dll - a system wide user-mode DLL that serves this critical role. This book is about this DLL’s API, as it pertains to invoking system calls that transition the processor to kernel-mode to perform the requested operation. Other APIs discussed are not system calls per-se, but are still part of NtDll, and are interesting to get to know. Most of these functions start with Rtl (Runtime Library).
As a simple example, the CreateFile documented Windows API (provided by kernel32.dll) invokes NtCreateFile in NtDll.Dll to ask the kernel to perform the operation. Most of the native APIs are undocumented - hence this book.
The sample code for this book can be found on Github.
Who should read the book: The book is for anyone interested in learning about the Windows native API provided by NtDll.dll. This may be for pure curiosity, reverse engineering, or utilization in applications and tools. The reader should have a solid understanding of the foundations of Windows, such as processes, threads, virtual memory, and DLLs. Also recommended is a good familiarity of the Windows documented API. See my book “Windows 10 System Programming, Part 1” for the required background. The various Windows concepts used in this book include brief explanations only before diving into the native API details.
Внимание
Уважаемый посетитель, Вы зашли на сайт как незарегистрированный пользователь.
Мы рекомендуем Вам зарегистрироваться либо войти на сайт под своим именем.
Информация
Посетители, находящиеся в группе Гости, не могут оставлять комментарии к данной публикации.