Content deleted Content added
No edit summary |
→Ntdll.dll (Native API): There is a nt.lib that is like libc.lib. |
||
Line 19:
The '''Native API''' (with capitalized N) is the publicly mostly undocumented [[application programming interface]] used internally by the [[Windows NT]] family of [[operating system]]s produced by [[Microsoft]], with only about 25 of its 250 functions described in the Windows NT Device Driver Kit.<ref name="nativeapplications">Russinovich, M: [http://www.microsoft.com/technet/sysinternals/information/NativeApplications.mspx Inside Native Windows Applications], ''SysInternals Information''</ref> Most of them are in '''ntdll.dll''' and [[ntoskrnl.exe]] (and its variants); the majority of exported symbols within these libraries are prefixed '''Nt''', e.g. '''NtDisplayString'''.
Applications that are [[linker|linked]] directly against this library are known as '''Native Applications'''; the primary reason for their existence is to perform low-level tasks such as direct disk [[Input/output|I/O]] that cannot be achieved through the documented Windows API. An example is the '''autochk''' binary that runs '''[[chkdsk]]''' during the system initialisation "[[Blue Screen of Death#Windows NT|Blue Screen]]". Unlike [[Win32]] Applications, Native Applications instantiate within the Kernel runtime code ([[ntoskrnl.exe]]) and so must manage their own memory using the '''Rtl''' heap API, obtain their command-line arguments via a pointer to an in-memory structure, and return execution with a call to '''NtProcessTerminate''' (as opposed to
Despite their API being undocumented, Native Applications can be built using the [http://www.microsoft.com/whdc/devtools/ddk/default.mspx Windows Driver Development Kit]; many [[AntiVirus]] and other utility software vendors incorporate Native Applications within their products, usually to perform some boot-time task that cannot be carried out in [[Userspace]].
| |||