The Native API (with capitalized N) is the mostly undocumented application programming interface (API) used internally by the Windows NT family of operating systems produced by Microsoft. It is predominately used during system boot, when other components of Windows are unavailable, and by routines such as those in kernel32.dll that implement the Windows API. The program entry point is called DriverEntry, the same as for a Windows device driver. However, the application runs in ring 3 the same as a regular Windows application. Most of the Native API calls are implemented in ntoskrnl.exe and are exposed to user mode by ntdll.dll. Some Native API calls are implemented in user mode directly within ntdll.dll.
While most of Microsoft Windows is implemented using the documented and well-defined Windows API, a few components, such as the Client/Server Runtime Subsystem, are implemented using the Native API, as they can be started earlier in the Windows NT Startup Process when the Windows API is not yet available.
Some malware make use of the Native API to hide their presence from malware detection software.
Read more about Native API: Function Groups
Famous quotes containing the word native:
“For most visitors to Manhattan, both foreign and domestic, New York is the Shrine of the Good Time. “I don’t see how you stand it,” they often say to the native New Yorker who has been sitting up past his bedtime for a week in an attempt to tire his guest out. “It’s all right for a week or so, but give me the little old home town when it comes to living.” And, under his breath, the New Yorker endorses the transfer and wonders himself how he stands it.”
—Robert Benchley (1889–1945)