Windows API Reference - Kernel Base Services

Kernel Base Services Overview

The Kernel Base Services provide fundamental functionalities for Windows applications, enabling interaction with the operating system's core components. This section details key APIs for managing system resources, processes, memory, files, and more.

Processes and Threads

Manage the lifecycle and attributes of processes and threads within the Windows environment.

Process Creation

`CreateProcess`

BOOL CreateProcess(
    _In_opt_ LPCTSTR lpApplicationName,
    _Inout_opt_ LPTSTR lpCommandLine,
    _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes,
    _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes,
    _In_ BOOL bInheritHandles,
    _In_ DWORD dwCreationFlags,
    _In_opt_ LPVOID lpEnvironment,
    _In_opt_ LPCTSTR lpCurrentDirectory,
    _In_ LPSTARTUPINFO lpStartupInfo,
    _Out_ LPPROCESS_INFORMATION lpProcessInformation
);

Creates a new process and its primary thread. The new process is created with a security context, priority class, and other attributes specified in the creation function.

lpApplicationName: The name of the module to be executed.
lpCommandLine: The command line for the process.
lpProcessInformation: Receives information about the new process and its primary thread.

Thread Creation

`CreateThread`

HANDLE CreateThread(
    _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes,
    _In_ SIZE_T dwStackSize,
    _In_ LPTHREAD_START_ROUTINE lpStartAddress,
    _In_opt_ LPVOID lpParameter,
    _In_ DWORD dwCreationFlags,
    _Out_opt_ LPDWORD lpThreadId
);

Creates a thread to execute within the virtual address space of the calling process.

lpStartAddress: A pointer to the application-defined function to be executed by the thread.
lpParameter: A pointer to a variable to be passed to the thread function.

Memory Management

APIs for allocating, deallocating, and managing memory regions.

Virtual Memory Allocation

`VirtualAlloc`

LPVOID VirtualAlloc(
    _In_opt_ LPVOID lpAddress,
    _In_ SIZE_T dwSize,
    _In_ DWORD flAllocationType,
    _In_ DWORD flProtect
);

Reserves, commits, or changes the state of a region of pages in the virtual address space of the calling process.

dwSize: The size of the region of memory to allocate.
flAllocationType: The type of memory allocation (e.g., MEM_COMMIT, MEM_RESERVE).
flProtect: The memory protection for the region (e.g., PAGE_READWRITE).

`VirtualFree`

BOOL VirtualFree(
    _In_ LPVOID lpAddress,
    _In_ SIZE_T dwSize,
    _In_ DWORD dwFreeType
);

Releases, decommits, or releases and decommits a range of pages in the virtual address space of the calling process.

File and I/O Management

APIs for interacting with the file system, including creating, reading, writing, and deleting files.

File Creation and Writing

`CreateFile`

HANDLE CreateFile(
    _In_ LPCTSTR lpFileName,
    _In_ DWORD dwDesiredAccess,
    _In_ DWORD dwShareMode,
    _In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes,
    _In_ DWORD dwCreationDisposition,
    _In_ DWORD dwFlagsAndAttributes,
    _In_opt_ HANDLE hTemplateFile
);

Creates or opens a handle to the specified file or device.

lpFileName: The name of the file or device to be created or opened.
dwDesiredAccess: The generic access rights to the file (e.g., GENERIC_READ, GENERIC_WRITE).
dwCreationDisposition: Action to take if file exists or doesn't exist.

`WriteFile`

BOOL WriteFile(
    _In_ HANDLE hFile,
    _In_const_ LPCVOID lpBuffer,
    _In_ DWORD nNumberOfBytesToWrite,
    _Out_opt_ LPDWORD lpNumberOfBytesWritten,
    _Inout_opt_ LPOVERLAPPED lpOverlapped
);

Writes data to the specified file or input/output (I/O) device.

File Reading

`ReadFile`

BOOL ReadFile(
    _In_ HANDLE hFile,
    _Out_ LPVOID lpBuffer,
    _In_ DWORD nNumberOfBytesToRead,
    _Out_opt_ LPDWORD lpNumberOfBytesRead,
    _Inout_opt_ LPOVERLAPPED lpOverlapped
);

Reads data from the specified file or input/output (I/O) device.

Registry Access

APIs for querying and modifying the Windows Registry.

Opening Registry Keys

`RegOpenKeyEx`

LONG RegOpenKeyEx(
    _In_ HKEY hKey,
    _In_ LPCTSTR lpSubKey,
    _In_ DWORD ulOptions,
    _In_ REGSAM samDesired,
    _Out_ PHKEY phkResult
);

Opens an existing subkey of the specified key. If the subkey does not exist, the function can create it.

System Information

Retrieve information about the system's hardware and software configuration.

Get Operating System Version

`GetVersionEx`

BOOL GetVersionEx(
_Inout_ LPOSVERSIONINFO lpVersionInformation
);

Retrieves version information for the currently running Windows operating system.

Note: This function is deprecated. Use `VerifyVersionInfo` or `GetVersion` for newer applications.

Error Handling

Mechanisms for retrieving detailed error information.

Get Last Error

`GetLastError`

DWORD GetLastError(
);

Retrieves the last error code set by a call to the Windows API. Error codes are 32-bit values with bit flags defined for extended error information.

Return Value: The return value is the last error code set by the function that failed.