Solved

Kernel32.dll Question

Posted on 1998-08-11
12
330 Views
Last Modified: 2013-12-03
Does anyone out there know where I can find documentation of kernel32.dll, user....etc?  I found LISTS of function calls, but no parameters for them, and no description.  If anyone could please point me in the right direction, it would be appreciated!  Thanks!

~Aaron
0
Comment
Question by:BudVVeezer
  • 3
  • 3
  • 2
  • +3
12 Comments
 
LVL 2

Expert Comment

by:kinkajou
ID: 1413342
Just a guess without verification but you may want to do a global find for some of those funcition calls on you machine, and I bet you will find at least their function names and parameters in files like Winuser.h (which is in my DevStudio\VC\include). Also, a neat tool included with MSVC++ is dumpbin.exe that you can use via command line to find out the IMPORTS or EXPORTS of any DLL/EXE. This would allow you to find out what functions the Kernel32.dll used, for instance.
0
 
LVL 22

Expert Comment

by:nietod
ID: 1413343
Are you just looking for documentation for windows functions?

For that you want the windows SDK, MSDN,  or any development product that is distributed with the windows docs, like VC++, or BC.

Are you looking for informaiton on the windows internals?  for that see the Andrew Shulman "inside windows..." books.
0
 
LVL 22

Expert Comment

by:nietod
ID: 1413344
What is it that you are hoping to learn/do?
0
 
LVL 3

Expert Comment

by:xyu
ID: 1413345
BudVVeezer is new pretender on GetAdmin/SecHole family of hackers :)
0
 
LVL 3

Author Comment

by:BudVVeezer
ID: 1413346
LoL, thanks xyu, yeah, you ALMOST have it right.  I just like to KNOW things.  Doesn't matter what it is.  All I'm hoping to do is learn how to do new things, ya know?  Like registering things to/from the task list, how do disable cntrl-alt-del.  Stuff like that.  But it's NOT for hacking purposes.  If ya know of any FREE material, it would be appreciated, for I am a POOR college student!  Thanks!

~Aaron
0
 
LVL 11

Expert Comment

by:alexo
ID: 1413347
Actually the so called "hacking" sites are full of free resources (the old-fasioned hacker did it for the sake of knowledge).  Best place to start looking is the alt.hack* and alt.2600 hierarchies on usenet (warning: 99% of what you'll see is crap).

The "legit" sites include www.sysinternals.com and the various magazines (www.microsoft.com/msj, www.ddj.com, www.cuj.com)
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 3

Expert Comment

by:xyu
ID: 1413348
Good luck !!!!
0
 
LVL 8

Expert Comment

by:Answers2000
ID: 1413349
Buy Microsoft Visual C++, Borland (now called Inprise C++) or another programming tool.  These contain the documentation you need.

Also buy a good book on Windows programming.  Petzold's books give a concise introduction to Windows progrmaming in C, I recommend Jeff Prosise for MFC (a Microsoft library for making it easier to write Windows programs) & C++.  Neither of these books will teach you the C/C++ program language, so buy an introductory book on that too if you don't already know that.

Incidentally the functions in thesese modules (Kernel, user etc) are the famous Windows API (Application Programmer Interface) so if you hear about that it's the same thing!

Finally if you are completely new to programming I'd suggest you start with Microsoft Visual Basic which is easier to get started with.
0
 
LVL 3

Author Comment

by:BudVVeezer
ID: 1413350
I'm not that new to programming.  And I'm not talking about typical API calls either.  I'm asking for the not-so-run-of-the-mill function calls.  UNdocumented schtuff.  I have Microsoft Visual C++ V5, but it's not enough to sate my curiosity!

~Aaron
0
 
LVL 8

Accepted Solution

by:
Answers2000 earned 50 total points
ID: 1413351
OKay Bud/Aaron, sorry about that :-)

The functions you see are
(1) Export Window/Dialog Procs (called back, just like the Window/Dialog Procs in your code)
(2) Stuff used by device drivers (some "undocumented" functions are actually documented in the DDK)
(3) Functions internal to windows.  For example USER is supposed to sit on top of the documented functions in GDI & KERNEL, and USER on top of the documented functions in GDI.  However this is not how it turned out when writing (hacking together) Windows, for example sometimes one of these modules needs to get internal state from another module (e.g. exported variables, exported "helper" functions) or call in an unexpected direction (yes there is call or two from KERNEL to USER).
(4) Left overs - some functions appear to be internal to a module - but accidentally exported.
(5) A few undocumented calls and special hacks.  For example some common apps "relied" on bugs in earlier versions of Windows.  Windowws can actually reinstate many of these "bugs" for these apps that it knows about.

* Andrew Schulman has written a book on Undocumented Windows, which covers the functions in Win 3.1
* Matt Pietrik wrote an additional book on Windows Internals which explains a lot about how Windows works internally (3.1)
* MS removed a lot of the undocumented exports when moving from 16 to 32 bit - As apart of a general cleanup & to avoid accusations of using Windows ownership as an advantage in selling there apps.

If you buy either Pietrik or Schulman book, they explain how to disassemble functions and figure out the parameters to calls.  

0
 
LVL 8

Expert Comment

by:Answers2000
ID: 1413352
(3) should have read:
.  For example USER is supposed to sit on top of the documented functions in GDI & KERNEL, and GDI on top of the documented functions in KERNEL.
0
 
LVL 3

Author Comment

by:BudVVeezer
ID: 1413353
That works for me!  =o)  Thanks for the info.  I was just perusing the kernel, user and gdi exports, and was coming across things like: ByeByeGDI and WinOldAppHackoMatic...any clues on WHAT these are for?  That's the kind of things I like to know about.  Do you know of any FREE docs, not books?

~Aaron
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

This article shows how to make a Windows 7 gadget that extends its U/I with a flyout panel -- a window that pops out next to the gadget.  The example gadget shows several additional techniques:  How to automatically resize a gadget or flyout panel t…
This article surveys and compares options for encoding and decoding base64 data.  It includes source code in C++ as well as examples of how to use standard Windows API functions for these tasks. We'll look at the algorithms — how encoding and decodi…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now