Course 25 - API Python Hacking | Episode 2: Foundations of Windows Internals and API Mechanisms

In this lesson, you’ll learn about:

• Fundamentals of Windows Processes and Threads
  • A process is a running program with its own virtual memory space
  • Threads are units of execution inside processes, allocated CPU time to perform tasks
  • Access tokens manage privileges and access rights; privileges can be enabled, disabled, or removed but cannot be added to an existing token
• Key System Programming Terminology
  • Handles: Objects that act as pointers to memory locations or system resources
  • Structures: Memory formats used to store and pass data during API calls
• Windows API Mechanics
  • How applications interact with the OS via user space → kernel space transitions
  • Anatomy of an API call, including parameters and naming conventions:
    • "A" → Unicode version
    • "W" → ANSI version
    • "EX" → Extended or newer version
• Core Dynamically Linked Libraries (DLLs)
  • kernel32.dll: Process and memory management
  • user32.dll: Graphical interface and user interaction
  • Researching functions using Windows documentation and tools like Dependency Walker to identify both documented and undocumented API calls
• Key Outcome
  • Understanding of how Windows manages processes, threads, and privileges, along with the workflow for interacting with the operating system through APIs and DLLs.