|
Ntdll.dll
The Native API is a lightweight application programming interface (API) used by Windows NT and user mode applications. This API is used in the early stages of Windows NT startup process, when other components and APIs are still unavailable. Therefore, a few Windows components, such as the Client/Server Runtime Subsystem (CSRSS), are implemented using the Native API. The Native API is also used by subroutines such as those in kernel32.dll that implement the Windows API, the API based on which most of the Windows components are created. Most of the Native API calls are implemented in ntoskrnl.exe and are exposed to user mode by ntdll.dll. The entry point of ntdll.dll is LdrInitializeThunk. Native API calls are handled by the kernel via the System Service Descriptor Table (SSDT). Function groups The Native API comprises many functions. They include C runtime functions that are needed for a very basic C runtime execution, such as strlen(), sprintf(), memcpy() and floor(). Ot ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Ntoskrnl
ntoskrnl.exe (short for Windows NT operating system kernel executable), also known as the kernel image, contains the kernel and executive layers of the Microsoft Windows NT kernel, and is responsible for hardware abstraction, process handling, and memory management. In addition to the kernel and executive mentioned earlier, it contains the cache manager, security reference monitor, memory manager, scheduler (Dispatcher), and blue screen of death (the prose and portions of the code).Russinovich, MSystems Internals Tips and Trivia ''SysInternals Information'' Overview ntoskrnl.exe depends on bootvid.dll, hal.dll and kdcom.dll. However, it is not a native application. In other words, it is not linked against ntdll.dll. Instead, ntoskrnl.exe containing a standard "start" entry point that calls the architecture-independent kernel initialization function. Because it requires a static copy of the C Runtime objects, the executable is usually about 10 MB in size. In Windows XP and ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
System Call
In computing, a system call (commonly abbreviated to syscall) is the programmatic way in which a computer program requests a service from the operating system on which it is executed. This may include hardware-related services (for example, accessing a hard disk drive or accessing the device's camera), creation and execution of new processes, and communication with integral kernel services such as process scheduling. System calls provide an essential interface between a process and the operating system. In most systems, system calls can only be made from userspace processes, while in some systems, OS/360 and successors for example, privileged system code also issues system calls. Privileges The architecture of most modern processors, with the exception of some embedded systems, involves a security model. For example, the '' rings'' model specifies multiple privilege levels under which software may be executed: a program is usually limited to its own address space so th ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Windows NT Kernel
The architecture of Windows NT, a line of operating systems produced and sold by Microsoft, is a layered design that consists of two main components, user mode and kernel mode. It is a preemptive, reentrant multitasking operating system, which has been designed to work with uniprocessor and symmetrical multiprocessor (SMP)-based computers. To process input/output (I/O) requests, they use packet-driven I/O, which utilizes I/O request packets (IRPs) and asynchronous I/O. Starting with Windows XP, Microsoft began making 64-bit versions of Windows available; before this, there were only 32-bit versions of these operating systems. Programs and subsystems in user mode are limited in terms of what system resources they have access to, while the kernel mode has unrestricted access to the system memory and external devices. Kernel mode in Windows NT has full access to the hardware and system resources of the computer. The Windows NT kernel is a hybrid kernel; the architecture compris ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
System Service Dispatch Table
The System Service Descriptor Table (SSDT) is an internal dispatch table within Microsoft Windows. Function The SSDT maps syscalls to kernel function addresses. When a syscall is issued by a user space application, it contains the service index as parameter to indicate which syscall is called. The SSDT is then used to resolve the address of the corresponding function within ntoskrnl.exe. In modern Windows kernels, two SSDTs are used: One for generic routines (''KeServiceDescriptorTable'') and a second (''KeServiceDescriptorTableShadow'') for graphical routines. A parameter passed by the calling userspace application determines which SSDT shall be used. Hooking Modification of the SSDT allows to redirect syscalls to routines outside the kernel. These routines can be either used to hide the presence of software or to act as a backdoor to allow attackers permanent code execution with kernel privileges. For both reasons, hooking SSDT calls is often used as a technique in both W ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Microsoft Application Programming Interfaces
Microsoft Corporation is an American multinational corporation, multinational technology company, technology corporation producing Software, computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washington, United States. Its best-known software products are the Microsoft Windows, Windows line of operating systems, the Microsoft Office Productivity software#Office suite, suite, and the Internet Explorer and Microsoft Edge, Edge web browsers. Its flagship hardware products are the Xbox video game consoles and the Microsoft Surface lineup of touchscreen personal computers. Microsoft ranked No. 21 in the 2020 Fortune 500 rankings of the largest United States corporations by total revenue; it was the world's List of the largest software companies, largest software maker by revenue as of 2019. It is one of the Big Tech, Big Five American information technology companies, alongside Alphabet ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
List Of Microsoft Windows Components
The following is a list of Microsoft Windows components. Configuration and maintenance User interface Applications and utilities Windows Server components File systems Core components Services This list is not all-inclusive. DirectX * Direct3D * DirectDraw * DirectInput * DirectMusic * DirectPlay * DirectShow * DirectSound * DirectX Media Objects * DirectX plugin * DirectX Video Acceleration Networking * Administrative share * Distributed File System * My Network Places (formerly Network Neighborhood) * Network Access Protection * Remote Installation Services * Server Message Block * Windows Rights Management Services Scripting and command-line * Batch file * CHKDSK * Cmd.exe * ComSpec * Ipconfig * Net / Net Send * Netdom.exe: Windows Domain Manager * Netsh * Netstat * QBasic * Regsvr32 * Robocopy * Win32 console * Windows Script Host * Windows PowerShell * XCOPY Kernel * Commit charge * Kernel Transaction Manager * Win32 Thread Informat ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Windows NT 3
Windows NT 3.x may refer to either of, or all of the following versions of Microsoft Windows: * Windows NT 3.1 * Windows NT 3.5 * Windows NT 3.51 Windows NT 3.51 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It is the third version of Windows NT and was released on May 30, 1995, eight months following the release of Windows NT ... 3.x {{Short pages monitor ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Internationalization And Localization
In computing, internationalization and localization ( American) or internationalisation and localisation (British English), often abbreviated i18n and L10n, are means of adapting computer software to different languages, regional peculiarities and technical requirements of a target locale. Internationalization is the process of designing a software application so that it can be adapted to various languages and regions without engineering changes. Localization is the process of adapting internationalized software for a specific region or language by translating text and adding locale-specific components. Localization (which is potentially performed multiple times, for different locales) uses the infrastructure or flexibility provided by internationalization (which is ideally performed only once before localization, or as an integral part of ongoing development). Naming The terms are frequently abbreviated to the numeronyms ''i18n'' (where ''18'' stands for the number of lette ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Portable Executable
The Portable Executable (PE) format is a file format for executables, object code, DLLs and others used in 32-bit and 64-bit versions of Windows operating systems. The PE format is a data structure that encapsulates the information necessary for the Windows OS loader to manage the wrapped executable code. This includes dynamic library references for linking, API export and import tables, resource management data and thread-local storage (TLS) data. On NT operating systems, the PE format is used for EXE, DLL, SYS (device driver), MUI and other file types. The Unified Extensible Firmware Interface (UEFI) specification states that PE is the standard executable format in EFI environments. On Windows NT operating systems, PE currently supports the x86-32, x86-64 (AMD64/Intel 64), IA-64, ARM and ARM64 instruction set architectures (ISAs). Prior to Windows 2000, Windows NT (and thus PE) supported the MIPS, Alpha, and PowerPC ISAs. Because PE is used on Windows CE, it c ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Asynchronous Procedure Call
Asynchronous procedure call is a unit of work in a computer. Usually a program works by executing a series of synchronous procedure calls on some thread. But if some data are not ready (for example, a program waits user to reply), then keeping thread in wait state is impractical, as a thread allocates considerable amount of memory for procedure stack, and this memory is not used. So such a procedure call is formed as an object with small amount of memory for input data, and this object is passed to the service which receive user inputs. When the user's reply is received, the service puts it in the object and passes that object to an execution service. Execution service consists of one or more dedicated worker threads and a queue for tasks. Each worker thread reads in a loop task queue and, when a task is retrieved, executes it. When there is no tasks, worker threads are waiting and so their memory is not used, but the number of worker threads is small enough (no sense to have more ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Breakpoint
In software development, a breakpoint is an intentional stopping or pausing place in a program, put in place for debugging purposes. It is also sometimes simply referred to as a pause. More generally, a breakpoint is a means of acquiring knowledge about a program during its execution. During the interruption, the programmer inspects the test environment (general purpose registers, memory, logs, files, etc.) to find out whether the program is functioning as expected. In practice, a breakpoint consists of one or more conditions that determine when a program's execution should be interrupted. Breakpoints were invented for ENIAC, one of the earliest digital computers, by programmer Betty Holberton. In the initial design of ENIAC, program flow was set by plugging cables from one unit to another. To make the program stop at a certain point, a cable was removed, called a ''breakpoint''. Machine breakpoints Early mainframe computers, such as the IBM/360, had console switches/dial ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
