Windows API Reference: Kernel Base
The Kernel-Base API contains fundamental functions for accessing and managing the Windows kernel. These functions provide core operating system services for processes, threads, memory management, and inter-process communication.
Core Concepts
Understanding the Kernel-Base API involves grasping concepts such as:
- Process and Thread Management
- Memory Allocation and Virtual Memory
- Synchronization Objects (Mutexes, Semaphores, Events)
- Error Handling and Status Codes
- I/O Operations and File System Access
Key Functions
Process Management
CreateProcessA
BOOL CreateProcessA(
LPCSTR lpApplicationName,
LPSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCSTR lpCurrentDirectory,
LPSTARTUPINFOA lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation
);
LPCSTR lpApplicationName,
LPSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCSTR lpCurrentDirectory,
LPSTARTUPINFOA lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation
);
Creates a new process and its primary thread. The new process runs in the security context of the calling process.
Parameters:
- lpApplicationName: The name of the module to be executed.
- lpCommandLine: The command line for the process to be executed.
- lpProcessAttributes: Security attributes for the process.
- lpThreadAttributes: Security attributes for the primary thread.
- bInheritHandles: Whether the new process inherits handles.
- dwCreationFlags: Flags that control the priority class and behavior of the new process.
- lpEnvironment: Environment block for the new process.
- lpCurrentDirectory: Current directory for the new process.
- lpStartupInfo: Startup information for the new process.
- lpProcessInformation: Receives information about the new process and its primary thread.
Return Value:
- Nonzero indicates success. Zero indicates failure.
See Also: ExitProcess, TerminateProcess
GetCurrentProcessId
DWORD GetCurrentProcessId(void);
Retrieves the identifier of the current process. This identifier is unique among all processes running on the system.
Return Value:
- The return value is the process identifier.
See Also: GetCurrentProcess, GetCurrentThreadId
Memory Management
VirtualAlloc
LPVOID VirtualAlloc(
LPVOID lpAddress,
SIZE_T dwSize,
DWORD flAllocationType,
DWORD flProtect
);
LPVOID lpAddress,
SIZE_T dwSize,
DWORD flAllocationType,
DWORD flProtect
);
Reserves, commits, or changes the state of a region of pages in the virtual address space of the calling process.
Parameters:
- lpAddress: The starting address of the region to allocate.
- dwSize: The size, in bytes, of the region of the stack to allocate.
- flAllocationType: The type of memory allocation operation.
- flProtect: The memory protection for the region of pages.
Return Value:
- If the function succeeds, the return value is the base address of the allocated region. If the function fails, the return value is NULL.
See Also: VirtualFree, VirtualAllocEx
Synchronization Objects
CreateMutexA
HANDLE CreateMutexA(
LPSECURITY_ATTRIBUTES lpMutexAttributes,
BOOL bInitialOwner,
LPCSTR lpName
);
LPSECURITY_ATTRIBUTES lpMutexAttributes,
BOOL bInitialOwner,
LPCSTR lpName
);
Creates or opens a mutex object. A mutex is a synchronization object that can be used to protect shared resources from simultaneous access by multiple threads.
Parameters:
- lpMutexAttributes: Security attributes for the mutex object.
- bInitialOwner: If TRUE, the calling thread is given initial ownership of the mutex object.
- lpName: The name of the mutex object.
Return Value:
- If the function succeeds, the return value is a handle to the newly created or opened mutex object. If the function fails, the return value is NULL.
See Also: ReleaseMutex, OpenMutex