The Windows API

The Windows API is a broad set of functionality that governs the way that malware interacts with the Microsoft libraries. The Windows API is so extensive that developers of Windows-only applications have little need for third-party libraries.

The Windows API uses certain terms, names, and conventions that you should become familiar with before turning to specific functions.

Types and Hungarian Notation

Much of the Windows API uses its own names to represent C types. For example, the DWORD and WORD types represent 32-bit and 16-bit unsigned integers. Standard C types like int, short, and unsigned int are not normally used.

Windows generally uses Hungarian notation for API function identifiers. This notation uses a prefix naming scheme ...

Get Practical Malware Analysis now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.