Windows NT provides a largely undocumented set of base system services, called the Native API which is somewhat similar to the interrupt based system call interface present in the UNIX operating systems. These kernel-mode base system services are used by the operating environment subsystems like Win32, Posix and OS2 ( Windows NT is a modified micro-kernel architecture operating system ) for the implementation of their operating environments, on top of the Windows NT micro-kernel. Under Win32 user-mode, access to this Native API is implemented via the exported functions of NTDLL.DLL ( as extensively used by KERNEL32.DLL, where some of it's exported functions are nothing but direct forwards into NTDLL.DLL functions ). However the Native API, accessible both in user-mode and kernel-mode, in every operating environment subsystem is really implemented via an INT 2EH system trap, called the Native Call Interface ( NCI ). Native API functions NTDLL.DLL provide are just a set wrappers to this NCI.

Click Here to download this article