- Windows library files
Like most modern operating systems,
Microsoft Windows supportsshared libraries , collections of code which can be used by multiple processes while only being loaded once into memory. Windows terms its shared libraries Dynamic-link libraries (DLL's).Most core Windows functionality is contained within Native Applications and a set of DLL's, which together provide the various subsystems in which code can run (Win32, SUA,
Virtual DOS machine , etc.).Hal.dll
Hal.dll is the core of Windows'
Hardware Abstraction Layer , which allows applications to access devices in the system without knowledge of the specific protocol used by any one device.Although drivers for most hardware are contained in external files, core drivers (which are required to support the kernel) are compiled into Hal.dll. Different sets of drivers may be selected depending on whether the system uses multiple processors, the presence of
ACPI or anAPIC , etc.Msvcrt.dll
Msvcrt.dll (the Microsoft Visual C++ Run-Time) provides basic services, such as string comparison, memory allocation, etc., to programs compiled with
Visual C++ , versions 4.2 to 6.In older versions of Windows, programs which linked against Msvcrt.dll were expected to install a copy in the
System32 folder, but this contributed toDLL Hell . Newer versions of the operating system include the file to circumvent this problem.Ntdll.dll (Native API)
The
Native API is the interface used by user-space components of the NT kernel and programs requiring low-level access to hardware.Russinovich, M: [http://www.microsoft.com/technet/sysinternals/information/NativeApplications.mspx Inside Native Windows Applications] , "SysInternals Information"] Most of this API is implemented in ntdll.dll andntoskrnl.exe (and its variants); the majority of exported symbols within these libraries are prefixed Nt, e.g., NtDisplayString.Applications that are linked directly against this library are known as Native Applications; the primary reason for their existence is to perform low-level tasks such as direct disk I/O that cannot be achieved through the documented Windows API. An example is the autochk binary that runs
chkdsk during the system initialisation "Blue Screen" . Other prominent examples are the services that implement the various subsystems, such ascsrss.exe .Unlike
Win32 Applications, Native Applications instantiate within the Kernel runtime code (ntoskrnl.exe ) and so must manage their own memory using the Rtl heap API, obtain their command-line arguments via a pointer to an in-memory structure, and return execution with a call to NtTerminateProcess (as opposed to ExitProcess). Despite having a ".exe" file extension, Native Applications cannot be executed by the user (or any program in the Win32 or other subsystems), as they have a different entry point, NtProcessStartup, rather than (w)(Win)MainCRTStartup, as is found in a Win32 application. A common library linked with Native applications is nt.lib, which contains startup code for Native applications, similar to how the C runtime provides startup code for Win32 apps.Though most of the API is undocumented, Native Applications can be built using the [http://www.microsoft.com/whdc/devtools/ddk/default.mspx Windows Driver Development Kit] ; many
AntiVirus and other utility software vendors incorporate Native Applications within their products, usually to perform some boot-time task that cannot be carried out inuserspace .Ordinary Windows applications do not linked directly against this library, but rather to one or more of the well-documented "client" libraries; this allows portability across Windows platforms and prevents ordinary programs from violating security restrictions or damaging the system.
hscrap.dll
shscrap.dll implements support for shell scrap files. These are automatically created when you drag selected content from an OLE-capable application into an Explorer window (or onto the Desktop) [ [http://support.microsoft.com/kb/138275/en-us WD: What is a Scrap (.shs) file? - Microsoft Knowledge Base] ] , but you can also use the
Object Packager to create them. They can then be dragged into another OLE-capable application. Scrap (.shs) files are sometimes used by viruses because they can contain a wide variety of files (including executable code), and the file extension is not shown even when "Hide file extensions from known file types" is disabled. [ [http://www.symantec.com/security_response/writeup.jsp?docid=2000-121915-4852-99 VBS.Stages.A - Symantec.com] ]User32.dll
user32.dll allows programs to implement agraphical user interface . It contains basic functions, such as window management, user input, text, etc.shell32.dll uses these functions to implement Windows' standard controls, including buttons, check boxes, and input fields.See also
*
Windows NT Startup Process
*List of Microsoft Windows components
*Windows API Notes
External links
* [http://www.andreavb.com/API_USER32.html API calls list - USER32.DLL] - Tips for using the User API Client Library with Visual Basic
* [http://www.sysinternals.com/Information/NativeApi.html Native API reference]
* [http://undocumented.ntinternals.net/ Unofficial website that documents most of the Native API methods]
Wikimedia Foundation. 2010.
