Windows Core API Documentation

Memory Management

VirtualAlloc

LPVOID VirtualAlloc(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect);

Allocates or reserves, or commits or decommits an allocation of pages in the virtual address space of the calling process.

Parameters:

  • lpAddress: The starting address of the region of pages to be allocated.
  • dwSize: The size, in bytes, of the region of pages to allocate.
  • flAllocationType: The type of memory allocation.
  • flProtect: The memory protection for the region of pages to be allocated.

Return Value:

If the function succeeds, the return value is the base address of the allocated region of pages. If the function fails, the return value is NULL.

Remarks:

This function is used for detailed memory management in Windows.

#include <windows.h>

// Example: Allocate 4KB of memory
LPVOID ptr = VirtualAlloc(
    NULL,            // System determines where to allocate
    4096,           // Size in bytes
    MEM_COMMIT | MEM_RESERVE, // Allocation type
    PAGE_READWRITE    // Memory protection
);

if (ptr == NULL) {
    // Handle allocation error
} else {
    // Use the allocated memory at 'ptr'
    // ...
    VirtualFree(ptr, 0, MEM_RELEASE); // Free the memory
}

Process Management

CreateProcess

BOOL CreateProcess(LPCTSTR lpApplicationName, LPTSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCTSTR lpCurrentDirectory, LPSTARTUPINFO lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation);

Creates a new process and its primary thread. The new process runs in the security context of the calling process.

Parameters:

  • lpApplicationName: The name of the module to be executed.
  • lpCommandLine: The command line string.
  • lpProcessAttributes: Security attributes for the process.
  • lpThreadAttributes: Security attributes for the thread.
  • bInheritHandles: Whether handles are inherited.
  • dwCreationFlags: Flags that control the priority class and behavior of the new process.
  • lpEnvironment: New environment block for the child process.
  • lpCurrentDirectory: Current directory for the child process.
  • lpStartupInfo: STARTUPINFO structure used to specify window properties.
  • lpProcessInformation: PROCESS_INFORMATION structure that receives identification information about the new process.

Return Value:

If the function succeeds, the return value is nonzero. If the function fails, the return value is zero.

Remarks:

Used to launch other executables or scripts.

#include <windows.h>
#include <tchar.h>

STARTUPINFO si;
PROCESS_INFORMATION pi;

ZeroMemory(&si, sizeof(si));
si.cb = sizeof(si);
ZeroMemory(&pi, sizeof(pi));

// Start the child process.
if (!CreateProcess(
    NULL,          // No module name (use command line)
    LPTSTR(TEXT("notepad.exe")), // Command line
    NULL,          // Process handle not inheritable
    NULL,          // Thread handle not inheritable
    FALSE,         // Set handle inheritance to FALSE
    0,             // No creation flags
    NULL,          // Use parent's environment block
    NULL,          // Use parent's starting directory
    &si,           // Pointer to STARTUPINFO structure
    &pi )          // Pointer to PROCESS_INFORMATION structure
) {
    // Handle error
    return FALSE;
}

// Wait until child process exits.
WaitForSingleObject(pi.hProcess, INFINITE);

// Close process and thread handles.
CloseHandle(pi.hProcess);
CloseHandle(pi.hThread);

Thread Management

CreateThread

HANDLE CreateThread(LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId);

Creates a new thread within the virtual address space of the calling process.

Parameters:

  • lpThreadAttributes: Security attributes for the thread.
  • dwStackSize: The initial size, in bytes, of the stack for the new thread.
  • lpStartAddress: A pointer to the application-defined function to be executed by the thread.
  • lpParameter: A pointer to a variable to be passed to the thread function.
  • dwCreationFlags: Flags that control the creation of the thread.
  • lpThreadId: A pointer to a variable that receives the thread identifier.

Return Value:

If the function succeeds, the return value is a handle to the new thread. If the function fails, the return value is NULL.

Remarks:

Essential for multitasking within a single application.

#include <windows.h>

// Thread function definition
DWORD WINAPI MyThreadFunction(LPVOID lpParam) {
    // Thread code here
    int data = *(int*)lpParam;
    // ... do something with data ...
    return 0; // Exit thread
}

// In main function or another thread:
HANDLE hThread;
DWORD threadID;
int threadData = 123;

hThread = CreateThread(
    NULL,             // Default security attributes
    0,                // Default stack size
    MyThreadFunction,     // Thread function pointer
    &threadData,          // Parameter to thread function
    0,                // Default creation flags
    &threadID);           // Receive thread identifier

if (hThread == NULL) {
    // Handle thread creation error
} else {
    // Thread created successfully
    // Wait for the thread to finish (optional)
    WaitForSingleObject(hThread, INFINITE);
    CloseHandle(hThread); // Close the thread handle
}

Inter-Process Communication (IPC)

CreatePipe

BOOL CreatePipe(PHANDLE hReadPipe, PHANDLE hWritePipe, LPSECURITY_ATTRIBUTES lpPipeAttributes, DWORD nSize);

Creates an anonymous pipe, a unidirectional data-flow mechanism.

Parameters:

  • hReadPipe: Pointer to a variable that receives the handle to the read end of the pipe.
  • hWritePipe: Pointer to a variable that receives the handle to the write end of the pipe.
  • lpPipeAttributes: Security attributes for the pipe.
  • nSize: The size, in bytes, of the pipe's buffer.

Return Value:

If the function succeeds, the return value is nonzero. If the function fails, the return value is zero.

Remarks:

Commonly used with CreateProcess to redirect standard input/output/error streams between parent and child processes.

System Information

GetComputerName

BOOL GetComputerName(LPTSTR lpBuffer, LPDWORD nSize);

Retrieves the name of the computer on which the current thread is running.

Parameters:

  • lpBuffer: A pointer to the buffer that receives the null-terminated string specifying the computer name.
  • nSize: A pointer to a variable that specifies the size, in TCHARs, of the buffer pointed to by lpBuffer.

Return Value:

If the function succeeds, the return value is nonzero and lpBuffer contains a copy of the computer name. If the function fails, the return value is zero.

#include <windows.h>
#include <tchar.h>
#include <iostream>

// ...
TCHAR computerName[MAX_COMPUTERNAME_LENGTH + 1];
DWORD size = sizeof(computerName) / sizeof(computerName[0]);

if (GetComputerName(computerName, &size)) {
    std::wcout << TEXT("Computer Name: ") << computerName << std::endl;
} else {
    std::wcerr << TEXT("Failed to get computer name.") << std::endl;
}