NT has a mostly undocumented API, called the "Native API", upon which the common subsystems (i.e. the Windows API, OS/2 API, and POSIX (usually called "Interix" nowadays) subsystems) are implemented.
Several books and websites exist which attempt to document this API:
- A few of these functions are documented in the Windows Driver Kit
- Undocumented Windows 2000 Secrets, A Programmers Cookbook, by Sven V. Schreiber
- Undocumented NTernals
- Windows NT/2000 Native API Reference, by Gary Nebbett
- NirSoft's Windows Vista Kernel Structures
Unfortunately, not a single one of the books or websites I can get my hands on attempts to touch the 64 bit versions of Windows (except for the WDK of course, but the WDK is limited....). The API calls themselves are the same -- the big issue has to do with the structure definitions themselves. Namely -- that a pointer value and DWORD are the same size on 32 bit platforms, but different on x64 platforms. Therefore, the "unknown padding" bits of the structures which are often defined as an array of DWORDs are wrong on x64 windows -- and the result is utter garbage.
I've been manually working around these kinds of things by adding additional padding in by hand per API call, but this is getting really frustrating, and it would be nice to have a resource that just documented these things such that they'd correctly use pointers instead of DWORDs where required, so that a single structure definition could serve for both 32 bit and 64 bit Windows.
Does such a resource exist?
