Windows NT/2000 Native API Reference [Paperback]

Gary Nebbett (Author)

Book Description

ISBN-10: 1578701996 | ISBN-13: 978-1578701995 | Publication Date: February 20, 2000 | Edition: 1

Windows NT/2000 Native API Reference is absolutely unique. Currently, documentation on WIndows NT's native APIs can only be found through access to the source code or occasionally Web sites where people have chosen to share bits of insight gained through reverse engineering. This book provides the first complete reference to the API functions native to Windows NT and covers the set of services that are offered by Windows NT to both kernel- and user-mode programs. Ideal for the intermediate and advanced level user- and kernel-mode developers of Windows systems, this books is devoted to the NT native API and consists of documentation of the 210 routines included in the API. Also included are all the functions added in Windows 2000.

Editorial Reviews

Amazon.com Review

Under the hood, how does Windows 2000 really work? Windows NT/2000 Native API Reference provides a thorough listing of all available internal or "native" API calls, many of them undocumented. For any advanced C/C++ programmer who writes Win32 device drivers or system utilities, this is an indispensable resource to some truly impossible-to-find information.

The book first explains what native APIs are and what they are good for. Native APIs (which all begin with the "Nt" or "Zw" prefixes) run closer to the operating system (in kernel mode), so they are perfect for those who write device drivers, debuggers, profilers, or other system utilities.

This book lists several hundred native APIs, the C structures they use, and the Win32 calls that invoke them. As a reference, this text is a model of clarity, with each function clearly documented and explained. APIs are grouped by functionality, from finding system information to processes and threads, memory management, file I/O, and other categories. One standout here is the sample code that polls the system for low-level information, which mimics developer utilities that let you view process and thread information. Other short examples include techniques for accessing debugging, profiling, and exception information.

For programmers who write device drivers, this title also includes the plug-and-play and power management APIs used by today's Windows. Interesting appendices include a guide to the way the Win32 NTFS file system organizes data on disks, along with sample code to access--and even decompress--this information.

Whether you want to write device drivers or system utilities, or you just want to learn more about the operating system, this comprehensive guide takes the lid off Windows 2000 and looks inside at its internal functions. --Richard Dragan

Topics covered: Native API overview, native API vs. Win32 API, system information and control, APIs for objects, object directories and symbolic links, virtual memory, sections for memory-mapped files, threads, processes, building ToolHelp utilities with native APIs, Windows 2000 API for jobs, tokens, working with synchronization objects, execution profiling, ports and local procedure calls (LPCs), debugging support with LPCs, opening, reading and writing files, NTFS disk structures, Registry keys, security and auditing, plug-and-play and power management, miscellaneous native APIs, exception and debugging.

From the Back Cover

Windows NT/2000 Native API Reference is absolutely unique. Currently, documentation on WIndows NT's native APIs can only be found through access to the source code or occasionally Web sites where people have chosen to share bits of insight gained through reverse engineering. This book provides the first complete reference to the API functions native to Windows NT and covers the set of services that are offered by Windows NT to both kernel- and user-mode programs. Ideal for the intermediate and advanced level user- and kernel-mode developers of Windows systems, this books is devoted to the NT native API and consists of documentation of the 210 routines included in the API. Also included are all the functions added in Windows 2000.

See all Editorial Reviews

Product Details

• Paperback: 528 pages
• Publisher: Sams; 1 edition (February 20, 2000)
• Language: English
• ISBN-10: 1578701996
• ISBN-13: 978-1578701995
• Product Dimensions: 9 x 6 x 1.2 inches
• Shipping Weight: 1.6 pounds (View shipping rates and policies)
• Average Customer Review: 4.2 out of 5 stars  See all reviews (13 customer reviews)
• Amazon Best Sellers Rank: #683,406 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

22 of 23 people found the following review helpful:

5.0 out of 5 stars The missing DDK chapter, April 16, 2000

By 

Sven B. Schreiber "rawol.com" (Fürth (Bayern)) - See all my reviews
(REAL NAME)   

This review is from: Windows NT/2000 Native API Reference (Paperback)

This is the missing chapter of the Windows 2000 device driver kit! Why doesn't Microsoft publish such a book? It documents ALL native API functions and relevant structures very accurately. The author must have spent several months of disassembly and reverse engineering. The book is a must-have reference for anyone writing NT/Win2K system-level software, like debuggers, spying/monitoring utilities, system info tools, drivers, and the like.

However, keep in mind that it's a REFERENCE in its purest sense. Although there is some interspersed sample code, it's NOT a tutorial. You need to know already what you're doing before you will benefit from this book.

17 of 17 people found the following review helpful:

5.0 out of 5 stars A must-read for anyone writing for NT, March 16, 2000

By 

Felix Kasza "Felix Kasza" (Redmond, WA) - See all my reviews

Amazon Verified Purchase

This review is from: Windows NT/2000 Native API Reference (Paperback)

Disclaimer: I wrote one of the inside cover blurbs. Don't expect me to slam the book.

The Native API Reference not only shows you the neat and very useful things that NT can do but does not expose through its Win32 personality; it also tells you which areas are covered by documented Win32 APIs, lessening, one hopes, the gratuitous use of officially undocumented functionality. Right from the start, you will find the NtQuery...() functions fascinating, and if you write kernel-mode code, you will *love* having a complete reference to the Zw...() functions -- no more cursing the horrible DDK documentation.

Intended audience: If you don't know what a handle is, or how Win32 deals with I/O, synchronization, and the like, then this book is not for you; read Richter's _Advanced Windows_ first.

My only wish is for MTP to have chosen a font slightly larger than Flyspeck 3, and maybe less of the black splotches that make the book's pages look like an unbroken string of obituaries.

19 of 20 people found the following review helpful:

5.0 out of 5 stars Native API background, April 21, 2000

By 

Nelson Kidd "software engineer" (Portland, OR USA) - See all my reviews
(REAL NAME)   

This review is from: Windows NT/2000 Native API Reference (Paperback)

Things to note:

0. Read the reviews after mine. People are right about what they say.

1. Native API is (or now was) officially unpublished. Microsoft does not want you to know about this API. In fact, the publisher almost did not publish the book for fear of legal issues.

2. Usually, you need to talk to Microsoft to learn of Native API calls. This book is easier than dealing with Microsoft.

3. Native API evolves. Only Microsoft (and those who've obtained the proper source licenses) know of the new API functions that were added after this book went to print.

4. Native API will help you do a lot of black-magic kernel-mode things, without having to hack/patch the OS. (think memory pools, devices, etc.)

5. This book will not teach you how to do program kernel mode modules. Yet, cnsider this book to be an ESSENTIAL supplement for kernel mode things.