1
Windows API
Windows are revolutionary in personal
computers. They brought multitasking and
multiprocessing in our personal computers.
We are now able to surf the Internet, listen
to MP3 and use a word processor at the same
time! Before this, there was the dark age
of DOS (Disk Operating System), which was
single tasking. One could run only one
program at the time (ok, there were some TSR
programs, but that’s another story). So if
you wanted to play a game and then write a
document, you should terminate the game
and run the word processor. There were many
limitations of course in the hardware
devices that were supported, Internet
capabilities, available memory to programs, etc.
Windows brought the user close to the PC.
And they did this by introducing an
open architecture to the developers. Windows
programmers have now common
guidelines on how to create their programs.
In DOS, each program had (if it had) a
different user interface. Some used mouse,
some didn’t. Anyway, the similarities were
few if any. Now with windows, no matter what
application we are using, we expect
certain features to exist and behave as
expected. Consider the caption bar of any
window, the click buttons, the check boxes
etc.
Therefore, the user can easily control any
windows application. But how is it
possible that a programmer can use the same
type of buttons (sometimes with slight
variations)? Windows come with the API
(Application Programming Interface), which
consists of hundreds of functions, available
to any windows program. Most of the API
functions are coded in DLL (Dynamic Link
Libraries) and the programmer can use them
if he links his program to these DLLs.
The only problem is that, API changes since
Windows change. New functions are
introduced, bugs are fixed, old function
become obsolete. For that reason, a program
that worked well with Windows 95, may not
work well or at all with Windows ME. API
changes are available in three ways:
" Windows upgrades (i.e.
Win 95 to Win 2000)
" Windows updates (i.e. Win
95 to Win 95b)
" Service packs (i.e. Win
2000 to Win 2000 sp1)
Detailed information about the API can be
found in Microsoft Platform SDK web site
(http://www.microsoft.com/msdownload/platformsdk/setuplauncher.asp). There you can
download for free and use the latest edition
of the platform SDK which includes detailed
description of all the documented API
functions (there are also undocumented API
functions, reserved for Microsoft’s
reference only %)
Why are we interested in Windows API?
Because all programs use some
functions of the windows API. Each time a
button is clicked, text is retrieved from a text
box or a window is moved, a certain API
function is executed. With the debugger we
can set trap and intercept program’s
execution that lies between these functions, as
we’ll see later.
3.2 File
System
In the beginning there was FAT (also known
as FAT16). FAT was the file system
used by DOS, Windows 3.x and Windows 95
first edition. Windows 95 second edition,
Windows 98 and Windows 2000 can use FAT32
and FAT16. Windows NT4 and Windows
2000 can use NTFS (NT File System).
FAT stands for File Allocation Table. It
resides in the hard disk and contains
information that is used by the operating
system to determine where in the hard disk is
a particular file. A file can start at a
location, then be interrupted and restart at another
location. A file like this is fragmented and
when we defragment the hard disk, we join all
the pieces of fragmented files like this.
To access (read or write) the hard drive (or
the floppy disk, CD-Rom, DVD), a
programmer has to resolve to windows API and
perform this access via the operating
system. However, certain operations
(formatting illegally sectors, unmarking bad
clusters, etc) require direct access. This
is rather simple with assembly, under Win9x
and Windows ME, VWIN32.VXD driver must be
used or the equivalent direct access API
under Windows NT and Windows 2000.
3.3 File
Anatomy
Each file, no matter its contents, has a
purpose. It may be an executable file, a
media file (image, cursor, icon, sound,
midi, etc), a text file, an application specific file
(like Corel Draw file, Excel document,
Powerpoint Presentation, etc) or anything else the
user and programmer may want and need.
It is important and necessary that the
Operating System is aware with which
application it should process a certain
file. The concept of file extensions (the part of the
filename which comes after the fullstop) has
been created to assist the OS and the users
to identify a file. Consider the filename “mykids.jpg”.
The extension jpg informs us that
we should expect a JPEG image file, which
should be processed by an image
viewer/editor.
What happens if we change this extension
from jpg to bmp? Sure they are both
image files, but the operating system will
*think* that this is a jpg file. It’s up to the
application to understand that this file is
not a bitmap, but a JPEG. Also, consider the
following: the two files logo.sys, logos.sys
and logow.sys are image files (the startup
and shutdown logo screens in windows) and
have the same extension with msdos.sys
which is a text file. Still clever programs
like ACDSee can identify that logo.sys is an
image file, while msdos.sys is not. So there
has to be something more.
Most of the files come with a header (apart
from plain ASCII files). The header is
a small part that resides in the beginning
of the file and contains information regarding
its contents. For example, every executable
starts with MZ (Old DOS format) and
contains a small loader that can operate in
DOS. Thus, if we try to execute a windows
file under DOS, an error message will appear,
indicating “This program cannot be run in
DOS mode” and inform the user that he should
run the program in Windows.
