The following are the key components in the Win32 API:
■■ Kernel APIs(also called the BASE APIs) are implemented in the
KERNEL32.DLLmodule and include all non-GUI-related services, such
as file I/O, memory management, object management, process and
thread management, and so on. KERNEL32.DLLtypically calls low-
level native APIs from NTDLL.DLLto implement the various services.
Kernel APIs are used for creating and working with kernel-level objects
such as files, synchronization objects, and so on, all of which are imple-
mented in the system’s object manager discussed earlier.
■■ GDI APIsare implemented in the GDI32.DLLand include low-level
graphics services such as those for drawing a line, displaying a bitmap,
and so on. GDI is generally not aware of the existence of windows or
controls. GDI APIs are primarily implemented in the kernel, inside the
WIN32K.SYSmodule. GDI APIs make system calls into WIN32K.SYS
to implement most APIs. The GDI revolves around GDI objects used for
drawing graphics, such as device contexts, brushes, pens, and so on.
These objects are not managed by the kernel’s object manager.
■■ USER APIsare implemented in the USER32.DLLmodule and include
all higher-level GUI-related services such as window-management,
menus, dialog boxes, user-interface controls, and so on. All GUI objects
are drawn by USER using GDI calls to perform the actual drawing;
USER heavily relies on GDI to do its business. USER APIs revolve
around user-interface related objects such as windows, menus, and the
like. These objects are not managed by the kernel’s object manager.The Native API
The native APIis the actual interface to the Windows NT system. In Windows
NT the Win32 API is just a layer above the native API. Because the NT kernel
has nothing to do with GUI, the native API doesn’t include any graphics-
related services. In terms of functionality, the native API is the most direct
interface into the Windows kernel, providing interfaces for direct interfacing
with the memory manager, I/O System, object manager, processes and
threads, and so on.
Application programs are never supposed to directly call into the native
API—that would break their compatibility with Windows 9x. This is one of the
reasons why Microsoft never saw fit to actually document it; application pro-
grams are expected to only use the Win32 APIs for interacting with the system.
Also, by not exposing the native API, Microsoft retained the freedom to
change and revise it without affecting Win32 applications.90 Chapter 3