This articlerelies excessively onreferences toprimary sources. Please improve this article by addingsecondary or tertiary sources. Find sources: "Windows Native API" – news ·newspapers ·books ·scholar ·JSTOR(January 2018) (Learn how and when to remove this message)

The topic of this articlemay not meet Wikipedia'sgeneral notability guideline. Please help to demonstrate the notability of the topic by citingreliable secondary sources that areindependent of the topic and provide significant coverage of it beyond a mere trivial mention. If notability cannot be shown, the article is likely to bemerged,redirected, ordeleted. Find sources: "Windows Native API" – news ·newspapers ·books ·scholar ·JSTOR(February 2022) (Learn how and when to remove this message)

TheNative API is a lightweightapplication programming interface (API) used byWindows NT'skernel anduser mode applications. This API is used in the early stages ofWindows NT startup process, when other components and APIs are still unavailable. Therefore, a few Windows components, such as theClient/Server Runtime Subsystem (CSRSS), are implemented using the Native API. The Native API is also used bysubroutines such as those inkernel32.dll that implement theWindows API, the API based on which most of the Windows components are created.

Most of the Native API calls are implemented inntoskrnl.exe and are exposed to user mode byntdll.dll. Theentry point of ntdll.dll isLdrInitializeThunk. Native API calls are handled by thekernel via theSystem Service Descriptor Table (SSDT).

The Native API comprises many functions. They includeC runtime functions that are needed for a very basicC runtime execution, such as strlen(), sprintf(), memcpy() and floor(). Other common procedures like malloc(), printf(), scanf() are missing (the first because it does not specify aheap to allocate memory from and the second and third because they use the console, accessed only via KERNEL32.DLL). The vast majority of other Native API routines, by convention, have a 2 or 3 letter prefix, which is:

• Nt orZw aresystem calls declared in ntdll.dll and ntoskrnl.exe. When called from ntdll.dll in user mode, these groups are almost exactly the same; they execute aninterrupt intokernel mode and call the equivalent function in ntoskrnl.exe via theSSDT. When calling the functions directly in ntoskrnl.exe (only possible in kernel mode), the Zw variants ensure kernel mode, whereas the Nt variants do not.^[1] The Zw prefix does not stand for anything.^[2]
• Rtl is the second largest group of ntdll calls. These comprise the (extended) C Run-Time Library, which includes many utility functions that can be used by native applications, yet don't directly involve kernel support.
• Csr are client-server functions that are used to communicate with the Win32 subsystem process,csrss.exe (csrss stands for client/server runtime sub-system).
• Dbg aredebugging functions such as a softwarebreakpoint.
• Ki are upcalls from kernel mode for events likeAPC dispatching.
• Ldr are loader functions forPE file handling and starting of new processes.
• Nls forNational Language Support (similar to code pages).
• Pfx for prefix handling.
• Tp for threadpool handling.

user32.dll and gdi32.dll include several other calls that execute an interrupt into kernel mode. These were not part of the original Windows NT design, as can be seen inWindows NT 3.5. However, due to performance issues of hardware of that age, it was decided to move the graphics subsystem into kernel mode. As such, system call in the range of 0x1000-0x1FFF are satisfied bywin32k.sys (instead of ntoskrnl.exe as done for 0-0x0FFF), and are declared in user32.dll and gdi32.dll. These functions have theNtUser andNtGdi prefix (e.g.NtUserLockWorkStation andNtGdiEnableEudc).

Uses of Native API functions includes but not limited to:

• Enabling and disabling privileges (RtlAdjustPrivilege)
• Creating remote threads within processes that are running in different session (RtlCreateUserThread)
• Running native applications (RtlCreateUserProcess)
• Performing a forced shutdown (NtShutdownSystem)
• Causing a BSOD in User mode (NtRaiseHardError)
• Displaying a string in Native Mode (NtDisplayString)

• List of Microsoft Windows components

• A website that documents most of the Native API functionsArchived 2017-10-25 at theWayback Machine
• Inside Native Applications
• Inside the Native API
• Open source native applications development framework
• Compiling Free Pascal programs for the native API
• Windows NT Native Tools - A free native applications development util
• Native shell - Windows command prompt which can start before Winlogon and Win32 subsystemArchived 2015-08-11 at theWayback Machine

• Microsoft application programming interfaces
• Operating system APIs
• Windows NT kernel

• Articles with short description
• Short description is different from Wikidata
• Articles lacking reliable references from January 2018
• All articles lacking reliable references
• Articles with topics of unclear notability from February 2022
• All articles with topics of unclear notability
• Webarchive template wayback links