WINDOWS API

Windows API –is a set of APIs developed by Microsoft, available on Windows operating systems, enabling user applications to directly interact with the Windows OS. Typically, the use of this API is encapsulated within the auxiliary libraries of programming languages or compilers. Direct use of the Windows API can be necessary for solving non-standard tasks, such as those related to security or other system-level functions. Originally designed for writing programs in C/C++, these APIs consist of libraries with numerous functions, data structures, and numerical constants following the conventions of these languages. This API can also be used in other languages that support the Windows API function call model and its data structures, including languages like C#, Go, and Python.

NATIVE API И WDM

Native API – is an API available only on Windows systems but accessible at the early stages of the Windows startup process. Unlike Windows API, Native API provides many C-language functions used by system libraries implementing the Windows API. One key application of Native API is driver development. A driver is a special software module that ensures the operation of external devices and configures some basic operating system functionality. Drivers function as an interface layer between hardware and software, allowing client applications to control connected equipment.

WDM – (Windows Driver Model) defines the driver model for Windows 98, Windows 2000, and newer operating systems, standardizing requirements and reducing code complexity. WDM drivers are designed for direct compatibility, meaning a driver written for an earlier version of Windows can run on a later version. WDM drivers communicate with each other through Input Output Request Packets (IRPs). WDM was developed to enhance functionality and simplify driver development for Windows.

At the Basic Level, Drivers are Divided into Two Categories:

  1. User-Mode Drivers: These are executed in user mode and provide an interface between applications and kernel-mode drivers. Examples include printer drivers and virtual device drivers.

  2. Kernel-Mode Drivers: These operate at the kernel level and have maximum privileges in the system, with the capacity to perform any operations. Examples include file system drivers

Kernel-Mode Drivers are Further Divided into Layers:

  1. High-Level Drivers: These include file system drivers.

  2. Intermediate-Level Drivers: These support virtual disks and mirroring.

  3. Low-Level Drivers: These control the I/O bus, connecting peripheral devices

Situations Leveraging Native API at the Driver Level:

  • Disk and file encryption.

  • Antivirus operations requiring low-level system access.

  • Firewall operations.

  • Intrusion prevention and detection systems (IPS/IDS).

  • File change monitoring for data backup systems and antivirus software

WMI И WINRM

WinRM – Implements the WS-Management Protocol, allowing interaction with hardware and OSs from different manufacturers, enabling remote command execution and system information retrieval.

WMI – is an interface for managing operations and data on machines with Windows operating systems. It can be used in any Windows applications, but is most widely used in corporate applications.

WMI is intended for C/C++ programmers or scripting languages ​​capable of handling Microsoft ActiveX objects. However, with the help of special libraries, it can also be used in C#.

If the remote computer does not have Windows installed, but another OS that supports the WS-Management protocol, then WinRM will also allow you to establish a remote session with this computer.

WinRM is used by specialists to automate server management, or to develop software that needs to work with remote computers.

VSS

VSS – Volume shadow copy service is a set of components that allow you to create consistent shadow copies of data, which can then be used to restore the state of the system or individual objects in the event of a system failure.

VSS allows you to solve the following problems that arise when creating a backup:

Data is usually backed up while the application is running, therefore, there is a problem of determining the moment when it is worth creating a shadow copy so that no data writing activity is taking place at that moment. Otherwise, after recovery, the data may not be completely restored, or the data as a whole cannot be restored, due to the fact that some of the necessary information is missing.

If the data set is large, backing up everything at once may be difficult.

VSS CONSISTS OF SEVERAL PARTS:

VSS Service is a part of the Windows operating system that ensures interaction between other parts of VSS.

VSS Requester is a component that requests the creation of shadow copies, usually a backup application.

VSS Writer is a component that ensures the consistency of the data being backed up. This component guarantees that when a copy is created, the data will be consistent. This component is supplied with third-party applications that support VSS. Moreover, for system components, VSS Writer is already included in Windows.

VSS Provider is a component that creates and maintains shadow copies.

Features of ensuring data consistency:

After the VSS Requester has sent a request to create a shadow snapshot, the VSS Service sequentially notifies the VSS Writer components that they need to prepare their data for creating a shadow snapshot.

Each VSS Writer prepares the data appropriately, for example, by completing all open transactions and flushing caches. When the data is ready for shadow copying, the VSS Writer notifies the VSS Service, and the VSS Writer component must meet the deadline of 60 seconds or return an error, in which case the shadow copy for the application is not created, and the error is recorded in the logs.

Also, during the creation of the shadow copy, the application's write requests are suspended to also ensure data consistency, while read requests are not limited.

It should also be noted that the VSS Provider then has 10 seconds to create the shadow copy, after which the write requests are defrosted.

LDAP И ADSI

ADSI - Active Directory Service Interface technology was developed by Microsoft to access directory services. A directory service is that part of a distributed computer system that provides the means to find and use available network resources of various types (registered users, network folders and printers, etc.). In a heterogeneous computer network, several different directory services can function simultaneously. ADSI technology provides uniform access to the functions of various directories that does not depend on a specific network protocol.

Developers can use ADSI services to obtain a list of resources in a directory service and manage them, regardless of what network environment contains the resource.

ADSI simplifies common administrative tasks such as adding new users, managing printers, and finding resources in a distributed computing environment.

LDAP (Lightweight Directory Access Protocol) is an application-level protocol for accessing the Active Directory directory service. LDAP is a relatively simple protocol that uses TCP/IP and allows authentication, search and comparison operations, as well as operations for adding, changing or deleting records. It is one of the providers for the ADSI technology described above.

BITS

BITS — (Background Intelligent Transfer Service) background intelligent file transfer service between the client and the HTTP server.

BITS is used by system applications, for example, to download updates. But this technology can also be used by third-party applications by creating tasks that are then placed in a queue.

File transfer can continue until the user on whose behalf the download was started logs out. When the user logs in, file transfer resumes. BITS adapts to current costs and network congestion so that the background task does not affect the user's interaction with the system.

BITS continues to transfer files after the application has finished working as long as the user who initiated the transfer remains logged in and the network connection is maintained. This is very convenient for background downloading of application updates that can be installed already when the application is launched.

DIRECTX

DirectX — is a set of APIs that allow developers of games and other interactive applications to access specific hardware features without having to write hardware-specific code. DirectX is based on a set of COM interfaces, and is a specification of an interface in which functions are called through pointers. Thus, COM objects can be described by programming languages ​​such as C/C++. However, there are libraries that allow the use of this set of APIs in languages ​​such as C#.

WEBDAV

WebDAV — a set of extensions and additions to the HTTP protocol that support collaborative work between users on editing files and managing files on remote web servers. It is used as a network file system that is effective for working on the Internet and is capable of processing files in their entirety, maintaining good performance in environments with high latency.

Some of the mechanisms implemented in WebDAV:

Lock — long-term document write locks prevent loss of information when multiple users edit a document simultaneously.

Properties — arbitrary metadata can be stored as properties described in XML. An example would be a list of authors of a document or its short summary.

Named areas — a section that supports renaming and moving web resources. The mechanism is implemented in the protocol using collections that perform a function similar to folders in a file system.

One of the applications of WebDAV technologies is the creation of virtual disks available to a Windows user in the same way as local ones, but the actual data is located on a remote storage, for example, in the cloud.

WINDOWS FILTERING PLATFORM

Windows Filtering Platform (WFP) – is a set of APIs and system services that enable developers to create applications for filtering network traffic. The WFP API enables developers to write code that controls the packet processing that occurs at multiple layers of the system's network stack. Network data can be filtered and modified before it reaches its destination.

WFP is intended to replace previous technologies for capturing network packets by providing a simpler and more intuitive development platform.

With the WFP API, developers can implement their own firewalls, intrusion detection systems, antivirus programs, and network monitoring tools. WFP integrates with firewall features such as authenticated communications and dynamic firewall configuration.

The Windows Filtering Platform is designed for use by C/C++ programmers who are familiar with networking concepts and the structure of systems using user-mode and kernel-mode components.

The employees of the 2K-Software company have experience in developing system applications in the following areas:

  • computer security: network firewalls, intrusion detection and prevention systems, antivirus solutions, low-level encryption of file objects.

  • IT infrastructure management.

  • backup for physical and virtual machines.

  • IT infrastructure monitoring.