Native API

The Native API (with capitalized N) is the mostly undocumented application programming interface (API) used internally by the Windows NT family of operating systems produced by Microsoft. It is predominately used during system boot, when other components of Windows are unavailable, and by routines such as those in kernel32.dll that implement the Windows API. The program entry point is called DriverEntry, the same as for a Windows device driver. However, the application runs in ring 3 the same as a regular Windows application. Most of the Native API calls are implemented in ntoskrnl.exe and are exposed to user mode by ntdll.dll. Some Native API calls are implemented in user mode directly within ntdll.dll.

While most of Microsoft Windows is implemented using the documented and well-defined Windows API, a few components, such as the Client/Server Runtime Subsystem, are implemented using the Native API, as they can be started earlier in the Windows NT Startup Process when the Windows API is not yet available.

Some malware make use of the Native API to hide their presence from malware detection software.

Read more about Native API:  Function Groups

Famous quotes containing the word native:

    There is something in this native land business and you cannot get away from it, in peace time you do not seem to notice it much particularly when you live in foreign parts but when there is a war and you are all alone and completely cut off from knowing about your country well then there it is, your native land is your native land, it certainly is.
    Gertrude Stein (1874–1946)