Windows API Reference

Kernel-User Mode API Reference

This section provides detailed information about the Windows API functions and structures that facilitate interaction between user-mode applications and the Windows kernel. These APIs allow applications to leverage core operating system services, manage system resources, and ensure security and stability.

Processes and Threads

APIs for creating, managing, and querying processes and threads.

  • CreateProcess - Creates a new process and its primary thread.
  • OpenProcess - Opens an existing process object.
  • CreateThread - Creates a new thread to execute within the virtual address space of the calling process.
  • GetCurrentProcessId - Retrieves the process identifier of the calling process.
  • GetCurrentThreadId - Retrieves the thread identifier of the calling thread.

Memory Management

Functions for allocating, deallocating, and manipulating memory.

  • VirtualAlloc - Reserves, commits, or changes the state of a region of pages in the virtual address space of the calling process.
  • VirtualFree - Decommits a committed region of pages in the virtual address space of the calling process and releases that region so that it may be used or freed.
  • HeapAlloc - Allocates a block of memory from a heap.

Synchronization

APIs for thread synchronization, preventing race conditions.

  • CreateMutex - Creates or opens a mutex object.
  • WaitForSingleObject - Waits until the specified object is in the signaled state or the time-out interval elapses.
  • CreateEvent - Creates or opens a named or unnamed event object.
  • SetEvent - Sets the specified event object to the signaled state.

Interprocess Communication (IPC)

Mechanisms for enabling communication between different processes.

  • CreatePipe - Creates an unnamed pipe, which consists of two ends for reading and writing.
  • CreateFileMapping - Creates or opens a named or unnamed file mapping object.
  • MapViewOfFile - Maps a view of a file mapping into the address space of the calling process.

Object Management

APIs for managing kernel objects like files, events, and mutexes.

  • CreateFile - Creates or opens a handle to the specified file or device.
  • CloseHandle - Closes an open object handle.

Security Descriptors

APIs for working with security descriptors to control object access.

  • InitializeSecurityDescriptor - Initializes a new security descriptor.
  • SetSecurityDescriptorDacl - Sets the Discretionary Access Control List (DACL) in a security descriptor.
  • GetSecurityDescriptorDacl - Retrieves a pointer to the DACL in a security descriptor.