Chapter-1 Windows Internals - Concepts and Tools

WINDOWS INTERNALS Chapter 1: Concepts and Tools Windows API: Windows API is the application programming interface of Microsoft Operating Systems ( Windows NT, XP, 2000, 95, 98, ME) Each operating system implements a different subset of the API. Windows API contains thousands of functions separated into categories. Base Services Component Services User Interface Services Graphics and Multimedia Services Messaging and Collaboration Networking Web Services Services, F unctions, a nd Routines: Windows API functions: callable subroutines in the Windows API. Ex: CreateProcess, CreateFile Native system services: underlying services in the OS that are callable from user-space. Ex: NtCreateProcess (uses Windows CreateProcess function) Kernel support functions (routines): Subroutines inside the Windows can be called only from kernel mode. Ex: ExAllocatePool used to allocate memory from system heap for device drivers. Windows services: Processes started by Windows service control manager. Ex: Task Scheduler DLL (dynamic link library): A set of callable subroutines linked together as a binary file that can be dynamically loaded by applications using the subroutines. Ex: Msvcrt.dll (the C runtime library) Kernel32.dll (one of Windows API subsystem library) Processes, T hreads, and Jobs: Although programs and processes appear similar on surface they are fundamentally different. A program is static sequence of instructions. A process is a container for a set of resources used when executing the instance of the program. A Windows process consists of: A virtual address space. Executable program
