Kernel32.dll

The Kernel32.dll dynamic-link library provides access to the core functionality of the Windows operating system. This includes process and thread management, memory management, security, and I/O operations.

Common Functions

CreateProcess

Creates a new process and its primary thread in the virtual address space of the calling process.

BOOL CreateProcess( LPCTSTR lpApplicationName, LPTSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCTSTR lpCurrentDirectory, LPSTARTUPINFO lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation );
Parameters:
  • lpApplicationName: The name of the module to be executed.
  • lpCommandLine: The command line for the process to be executed.
  • lpProcessAttributes: A pointer to a SECURITY_ATTRIBUTES structure.
  • lpThreadAttributes: A pointer to a SECURITY_ATTRIBUTES structure.
  • bInheritHandles: If this parameter is TRUE, each handle in the calling process is inherited by the new process.
  • dwCreationFlags: Flags that control the priority class and behavior of the new process.
  • lpEnvironment: A pointer to the environment block for the new process.
  • lpCurrentDirectory: The fully qualified path of the working directory for the new process.
  • lpStartupInfo: A pointer to a STARTUPINFO structure that specifies the window station, the stdin, stdout, and stderr handles, and the priority class of the new process.
  • lpProcessInformation: A pointer to a PROCESS_INFORMATION structure that receives identification information about the new process and its primary thread.
Return Value:
  • TRUE: If the function succeeds.
  • FALSE: If the function fails.
Remarks:

Use this function to create new processes. You can specify the command line, environment, and various other attributes for the new process.

CreateFile

Creates or opens a file or I/O device (such as a disk file, a pipe, or a communications resource).

HANDLE CreateFile( LPCTSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile );
Parameters:
  • lpFileName: The name of the file or device to be created or opened.
  • dwDesiredAccess: The access to the file or device.
  • dwShareMode: A bitmask of attributes that specify how an attribute handle that is to be created can be shared.
  • lpSecurityAttributes: A pointer to a SECURITY_ATTRIBUTES structure.
  • dwCreationDisposition: An action to take if file or device specified by lpFileName exists and what to do if it does not exist.
  • dwFlagsAndAttributes: The file or device attributes and flags for the file or overlapping I/O.
  • hTemplateFile: A handle to the template file for which generic attributes are to be copied.
Return Value:
  • A handle to the specified file or device if the function succeeds.
  • INVALID_HANDLE_VALUE if the function fails.
Remarks:

Essential for file I/O operations, allowing you to get a handle to a file for reading, writing, or both.

GetCurrentProcessId

Retrieves the process identifier of the calling process.

DWORD GetCurrentProcessId(void);
Return Value:

The return value is the process identifier of the calling process.

GetCurrentThreadId

Retrieves the thread identifier of the calling thread.

DWORD GetCurrentThreadId(void);
Return Value:

The return value is the thread identifier of the calling thread.

VirtualAlloc

Reserves, commits, or changes the state of a region of pages in the virtual address space of the calling process.

LPVOID VirtualAlloc( LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect );
Parameters:
  • lpAddress: The starting address of the region of pages to be allocated.
  • dwSize: The size, in bytes, of the region of pages to be allocated.
  • flAllocationType: The type of memory allocation.
  • flProtect: The memory protection for the region of pages to be allocated.
Return Value:
  • If the function succeeds, the return value is the base address of the allocated region of pages.
  • If the function fails, the return value is NULL.
Remarks:

Used for dynamic memory allocation within the process's address space.

VirtualFree

Releases, frees, or uncommits a region of pages within the virtual address space of the calling process.

BOOL VirtualFree( LPVOID lpAddress, SIZE_T dwSize, DWORD dwFreeType );
Parameters:
  • lpAddress: A pointer to the starting address of the region of pages to be freed.
  • dwSize: The size, in bytes, of the region of pages to be freed.
  • dwFreeType: The type of operation to perform on the specified memory region.
Return Value:
  • If the function succeeds, the return value is TRUE.
  • If the function fails, the return value is FALSE.
Remarks:

The counterpart to VirtualAlloc, used to deallocate memory.

WriteFile

Writes data to a specified file or input/output (I/O) device.

BOOL WriteFile( HANDLE hFile, const void *lpBuffer, DWORD nNumberOfBytesToWrite, LPDWORD lpNumberOfBytesWritten, LPOVERLAPPED lpOverlapped );
Parameters:
  • hFile: A handle to the file or I/O device (for example, a file handle that CreateFile returns).
  • lpBuffer: A pointer to the buffer that contains the data to be written to the file or device.
  • nNumberOfBytesToWrite: The number of bytes to write to the file or device.
  • lpNumberOfBytesWritten: A pointer to a variable that receives the number of bytes written.
  • lpOverlapped: A pointer to an OVERLAPPED structure.
Return Value:
  • TRUE if the function succeeds.
  • FALSE if the function fails.
Remarks:

Writes data from a buffer to a file or device.

ReadFile

Reads data from a specified file or input/output (I/O) device.

BOOL ReadFile( HANDLE hFile, LPVOID lpBuffer, DWORD nNumberOfBytesToRead, LPDWORD lpNumberOfBytesRead, LPOVERLAPPED lpOverlapped );
Parameters:
  • hFile: A handle to the file or I/O device (for example, a file handle that CreateFile returns).
  • lpBuffer: A pointer to the buffer that receives the data read from the file or device.
  • nNumberOfBytesToRead: The maximum number of bytes to be read.
  • lpNumberOfBytesRead: A pointer to a variable that receives the number of bytes read.
  • lpOverlapped: A pointer to an OVERLAPPED structure.
Return Value:
  • TRUE if the function succeeds.
  • FALSE if the function fails.
Remarks:

Reads data from a file or device into a buffer.

CloseHandle

Closes an open object handle.

BOOL CloseHandle( HANDLE hObject );
Parameters:
  • hObject: A handle to an open object.
Return Value:
  • If the function succeeds, the return value is nonzero.
  • If the function fails, the return value is zero.
Remarks:

Closes a handle to a process, thread, file, or other system object.