Windows library files
From Wikipedia, the free encyclopedia
This is an amalgamation of information regarding specific Microsoft Windows Dynamic-link library (DLL) files.
Contents |
[edit] Hal.dll
Hal.dll is the core file of the Windows NT family of operating systems that provides and handles the interaction of software and hardware via the Hardware Abstraction Layer. Without hal.dll being present, any machine running a Windows NT based operating system will fail to function, if it even boots.
Windows includes several HALs to support different kinds of hardware; the appropriate HAL is chosen during the initial installation of Windows. Generally speaking, the determining factors for HAL selection are uni- vs. multi-processor CPU, ACPI vs. non-ACPI, and APIC vs. PIC.
[edit] Msvcrt.dll
Msvcrt.dll is a DLL that contains the C Run-Time Library for programs compiled with Visual C++, versions 4.2 to 6.
In newer Windows operating systems (e.g., Windows XP) this file is included as part of the operating system and should only be updated by a service pack or hotfix (although it is also used for compatibility with Visual C++ 4.2 to 6 programs). The debug version of this file is called msvcrtd.dll.
[edit] Ntdll.dll (Native API)
The Native API (with capitalized N) is the publicly mostly undocumented application programming interface used internally by the Windows NT family of operating systems produced by Microsoft, with only about 25 of its 250 functions described in the Windows NT Device Driver Kit[1]. Most of them are in ntdll.dll and ntoskrnl.exe (and its variants); The majority of exported symbols within these libraries are prefixed Nt, e.g. NtDisplayString.
Applications that are linked directly against this library are known as Native Applications; the primary reason for their existence is to perform low-level tasks such as direct disk I/O that cannot be achieved through the documented Windows API. An example is the autochk binary that runs chkdsk during the system initialisation "Blue Screen". Unlike Win32 Applications, Native Applications instantiate within the Kernel runtime code (ntoskrnl.exe) and so must manage their own memory using the Rtl heap API, obtain their command-line arguments via a pointer to an in-memory structure, and return execution with a call to NtProcessTerminate (as opposed to just terminating). They also have a different entry point of NtProcessStartup as opposed to main/winmain to distinguish them from normal Windows binaries - main is normally a stub that causes Windows to display a warning message, such as "The %PATH% application cannot be run in Win32 mode."[1]
Despite their API being undocumented, Native Applications can be built using the Windows Driver Development Kit; many AntiVirus and other utility software vendors incorporate Native Applications within their products, usually to perform some boot-time task that cannot be carried out in Userspace.
Ordinary Windows applications are not linked directly against this library, but to one or more of the "client" libraries with well-documented APIs; This is to retain portability across Windows Platforms among other reasons.
[edit] User32.dll
user32.dll is a DLL that implements the Windows User API Client Library. It is a core file for several versions of the Microsoft Windows operating system. If this file is damaged or deleted, the operating system will not work.
[edit] Viruses
Because this file is a core Windows DLL, several viruses attempt to infect it. Some of these viruses are:
- Backdoor.Hebolani
- Ceydem.6750.Worm
- Trojan.Anicmoo
- Trojan.Anicmoo.B
- Trojan.Anicmoo.C
- Trojan.Anicmoo.D
[edit] Notes
- ^ a b Russinovich, M: Inside Native Windows Applications, SysInternals Information
[edit] External links
- API calls list - USER32.DLL - Tips for using the User API Client Library with Visual Basic
- Native API reference
- Unofficial website that documents most of the Native API methods
- Missing or Corrupt hal.dll Recovery (English)
- Instructions for Missing hal.dll Recovery (Turkish)
