Wikipedia

Microsoft Windows library files: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
UCRT: Merge duplicate references.
NTDLL.DLL: Use {{cite conference}} for a conference paper.
Line 14:
 
=== NTDLL.DLL ===
NTDLL.DLL exports the Windows [[Native API]]. The Native API is the interface used by user-mode components of the operating system that must run without support from [[Win32]] or other API subsystems. Most of this API is implemented in '''NTDLL.DLL''' and at the upper edge of [[ntoskrnl.exe]] (and its variants), and the majority of exported symbols within these libraries are prefixed '''Nt''', for example '''NtDisplayString'''. Native APIs are also used to implement many of the "kernel APIs" or "base APIs" exported by KERNEL32.DLL.<ref name="Eldad-2011-pp68-69">{{cite book|author=Eilam, Eldad|title=Reversing: Secrets of Reverse Engineering|publisher=John Wiley & Sons|year=2011|isbn=978-1-118-07976-8|pages=68–69|url=https://books.google.com/books?id=_78HnPPRU_oC&pg=PT68}}</ref><ref name="nativeapplications">{{cite web|url=http://www.microsoft.com/technet/sysinternals/information/NativeApplications.mspx|title=Inside Native Windows Applications|website=[[Microsoft]]|archive-url=https://web.archive.org/web/20100912231625/http://technet.microsoft.com/en-us/sysinternals/bb897447.aspx|archive-date=2010-09-12|access-date=2011-12-14}}</ref><ref>{{cite book|author1=Russinovich, Mark A. |author2=Solomon, David A. |name-list-style=amp |title=Windows® Internals|publisher=O'Reilly Media|year=2009|isbn=978-0-7356-3796-2|page=136|url=https://books.google.com/books?id=VgjAQjsc6g8C&pg=PT136}}</ref> The large majority of Windows applications do not call NTDLL.DLL directly.<ref>{{cite bookconference|chaptertitle=Modular behavior profiles in systems with shared libraries|editor=Neng, Peng |display-editors=etal |book-title=Information and Communications Security: 8th International Conference, ICICS 2006{{snd}} Raleigh, NC, USA, December 4–7, 2006{{snd}} proceedings|publisher=Springer|year=2006|isbn=978-3-540-49496-6|page=371|chapter-url=https://books.google.com/books?id=U9pY5GfzqsIC&pg=PA371|author1=Marceau, Carla |author2=Stillerman, Matt |name-list-style=amp }}</ref>
 
Applications that are [[Linker (computing)|linked]] directly against this library are said to use the '''native subsystem'''; the primary reason for their existence is to perform tasks that must run early in the system startup sequence before the Win32 subsystem is available. An obvious but important example is the creation of the Win32 subsystem process, [[csrss.exe]]. Before the csrss.exe process exists, no Win32 processes may be created, therefore the process that creates it (Smss.exe, the "session manager") must use the native subsystem. [[csrss.exe]] itself is such an application.
Retrieved from "https://en.wikipedia.org/wiki/Microsoft_Windows_library_files"