The Native API (with capitalized N) is the mostly undocumented application programming interface (API) used internally by the Windows NT family of operating systems produced by Microsoft. It is predominately used during system boot, when other components of Windows are unavailable, and by routines such as those in kernel32.dll that implement the Windows API. The program entry point is called DriverEntry, the same as for a Windows device driver. However, the application runs in ring 3 the same as a regular Windows application. Most of the Native API calls are implemented in ntoskrnl.exe and are exposed to user mode by ntdll.dll. Some Native API calls are implemented in user mode directly within ntdll.dll.
While most of Microsoft Windows is implemented using the documented and well-defined Windows API, a few components, such as the Client/Server Runtime Subsystem, are implemented using the Native API, as they can be started earlier in the Windows NT Startup Process when the Windows API is not yet available.
Some malware make use of the Native API to hide their presence from malware detection software.
Read more about Native API: Function Groups
Famous quotes containing the word native:
“Would it not be worth while to discover nature in Milton? be native to the universe? I, too, love Concord best, but I am glad when I discover, in oceans and wildernesses far away, the material of a million Concords: indeed, I am lost, unless I discover them.”
—Henry David Thoreau (1817–1862)