Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Finding undocumented APIs in Windows

Tags:

winapi

I was curious as to how does one go about finding undocumented APIs in Windows.

I know the risks involved in using them but this question is focused towards finding them and not whether to use them or not.

like image 970
Prashast Avatar asked May 28 '09 03:05

Prashast

People also ask

Where are Windows API functions stored?

These functions reside in kernel.exe , krnl286.exe or krnl386.exe files on 16-bit Windows, and kernel32. dll and KernelBase. dll on 32 and 64 bit Windows. These files reside in the folder \Windows\System32 on all versions of Windows.

How do I access Windows API?

To call a Windows API using the DllImport attributeOpen a new Windows Application project by clicking New on the File menu, and then clicking Project. The New Project dialog box appears. Select Windows Application from the list of Visual Basic project templates. The new project is displayed.

What is undocumented API?

A private API or undocumented method is any object or method that is not part of the official documentation.

2 Answers

Use a tool to dump the export table from a shared library (for example, a .dll such as kernel32.dll). You'll see the named entry points and/or the ordinal entry points. Generally for windows the named entry points are unmangled (extern "C"). You will most likely need to do some peeking at the assembly code and derive the parameters (types, number, order, calling convention, etc) from the stack frame (if there is one) and register usage. If there is no stack frame it is a bit more difficult, but still doable. See the following links for references:

  1. http://www.sf.org.cn/symbian/Tools/symbian_18245.html
  2. http://msdn.microsoft.com/en-us/library/31d242h4.aspx

Check out tools such as dumpbin for investigating export sections.

There are also sites and books out there that try to keep an updated list of undocumented windows APIs:

  1. The Undocumented Functions
  2. A Primer of the Windows Architecture
  3. How To Find Undocumented Constants Used by Windows API Functions
  4. Undocumented Windows
  5. Windows API

Edit: These same principles work on a multitude of operating systems however, you will need to replace the tool you're using to dump the export table. For example, on Linux you could use nm to dump an object file and list its exports section (among other things). You could also use gdb to set breakpoints and step through the assembly code of an entry point to determine what the arguments should be.

like image 83
Adam Markowitz Avatar answered Sep 28 '22 22:09

Adam Markowitz

IDA Pro is your best bet here, but please please double please don't actually use them for anything ever.

They're internal because they change; they can (and do) even change as a result of a Hotfix, so you're not even guaranteed your undocumented API will work for the specific OS version and Service Pack level you wrote it for. If you ship a product like that, you're living on borrowed time.

like image 30
Ana Betts Avatar answered Sep 28 '22 23:09

Ana Betts
Sign in to Comment

Related questions

How to detect the current screen resolution?
IntPtr, SafeHandle and HandleRef - Explained
Symlinks on windows?
Rendering controls on glass: Solution found, needs double-buffering/perfecting
How can a Windows service application be written in Haskell?
Bringing Window to the Front in C# using Win32 API
How to check if directory exist using C++ and winAPI [duplicate]
C++ #include <atlbase.h> is not found
Which Font is the default for MFC Dialog Controls?
Best way to do non-flickering, segmented graphics updates in Delphi?
How can I customize the system menu of a Windows Form?
Foreground Vs Active window
MSBuild on CI Server can't find AL.exe
How do I measure time in C?
API for Windows 10 virtual desktops [duplicate]
Embed Text File in a Resource in a native Windows Application
How to execute GetLastError() while debugging in Visual Studio
Win32 API function to programmatically enable/disable device
Difference between InvalidateRect and RedrawWindow
Using WinRT from C?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!