Windows development

PE (Portable Executable) format

Windows binaries follow the PE format (while Linux binaries follow the ELF format).

Common suffixes of PE-files are .exe, .dll or .sys.

Console application vs Windows application

A windows executable is linked for a specific subsystem. In most cases, this is either a console application or a Windows application (apparently aka SFU or native application)

In case of a console application, the CreateProcess WinAPI function will create a console window and attach STDIN, STDOUT and STDERR streams to the console.

These streams will be closed for windows applications.

Threads

Each thread has its own input queue.

The current thread's window that receives input can be obtained with GetActiveWindow (Or ist it GetFocus()???). (Compare with GetForegroundWindow which reterns the window that currently is receiving input).

Misc / TODO

NtAPI - Syscalls

Unlike in Unix, Windows applications don't call sys calls. Rather, they call the WinAPI which in turn calls functions from the native API (NtAPI) which in turn do the sys calls.

The NtAPI is implemented in ntdll.dll and is not documented.

However, there are sys calls in Windows. The Windows X86 System Call Table (for NT/2000/XP/2003/Vista/2008/7/8/10) shows how instable the syscall numbers are across Windows versions. (See also https://github.com/hfiref0x/SyscallTables)

See also: Adventures in Windows debugging and reverse engineering - http://www.nynaeve.net/?p=48.

No MSVCRT

https://github.com/henkman/no-msvcrt: a few modules that require no msvcrt: console, args, bstr and regexp.

Stefan Kanthak's Minimalist Runtime Library for Microsoft® C Compiler

Subsystems

There are two main subsystems to program for: CONSOLE and WINDOWS.

Checked builds

Checked builds were available on older versions of Windows before Windows 10, version 1803.

Links

docs.microsoft.com: documentation for end users, developers and IT professionals.