Under the hood, how does Windows 2000 really
work? Windows NT/2000 Native API Reference
provides a thorough listing of all available internal or "native" API calls, many of them undocumented. For any advanced C/C++ programmer who writes Win32 device drivers or system utilities, this is an indispensable resource to some truly impossible-to-find information.
The book first explains what native APIs are and what they are good for. Native APIs (which all begin with the "Nt" or "Zw" prefixes) run closer to the operating system (in kernel mode), so they are perfect for those who write device drivers, debuggers, profilers, or other system utilities.
This book lists several hundred native APIs, the C structures they use, and the Win32 calls that invoke them. As a reference, this text is a model of clarity, with each function clearly documented and explained. APIs are grouped by functionality, from finding system information to processes and threads, memory management, file I/O, and other categories. One standout here is the sample code that polls the system for low-level information, which mimics developer utilities that let you view process and thread information. Other short examples include techniques for accessing debugging, profiling, and exception information.
For programmers who write device drivers, this title also includes the plug-and-play and power management APIs used by today's Windows. Interesting appendices include a guide to the way the Win32 NTFS file system organizes data on disks, along with sample code to access--and even decompress--this information.
Whether you want to write device drivers or system utilities, or you just want to learn more about the operating system, this comprehensive guide takes the lid off Windows 2000 and looks inside at its internal functions. --Richard Dragan
Topics covered: Native API overview, native API vs. Win32 API, system information and control, APIs for objects, object directories and symbolic links, virtual memory, sections for memory-mapped files, threads, processes, building ToolHelp utilities with native APIs, Windows 2000 API for jobs, tokens, working with synchronization objects, execution profiling, ports and local procedure calls (LPCs), debugging support with LPCs, opening, reading and writing files, NTFS disk structures, Registry keys, security and auditing, plug-and-play and power management, miscellaneous native APIs, exception and debugging.