# Win32 API

* Users are able to send systemcalls to the kernel without invoking direct kernel mode
* Header files and DLLs are referenced to call standard functions, [Windows.h](https://en.wikipedia.org/wiki/Windows.h)
* There are core and supplemental DLLs
    * Core DLLs are KERNEL32, USER32 and ADVAPI32
    * Supplemental DLLs are NTDLL, COM or FVEAPI
* API calls have a call structure with explicit parameters
* ASLR is used

## API Calls

* [Win32 API calls doc](https://docs.microsoft.com/en-us/windows/win32/apiindex/windows-api-list)
* [MalAPI.io](http://malapi.io/) provides API calls to exploit
* Extend functionality by extending the naming scheme
    * __A__ is ANSI
    * __W__ is Unicode
    * __Ex__ is extended functionalities for I/O

### C API

* `windows.h` can be included to provide functionality
* Instantiate a variable with a function provided by the API

### P/Invoke

* DLL imports and external methods can be imported via [P/Invoke](https://docs.microsoft.com/en-us/dotnet/standard/native-interop/pinvoke)
* Subsitutes the `windows.h` implementation and may be used instead of it for __powershell__ and __.NET__
```C#
using System;
using System.Runtime.InteropServices;

public class Program
{
    [DllImport("user32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
    private static extern int MessageBox(IntPtr hWnd, string lpText, string lpCaption, uint uType);
    ...
} 
```