Windows Concepts

Concepts related to code execution on Windows.

Check in the target:

Architecture (32-bit or 64-bit)
Character encoding (ASCII or Unicode)

WOW64

Windows 64-bit also allows running 32-bit applications with Windows On Windows 64-bit (WOW64, C:\Windows\SysWOW64). Utilizes four 64-bit libraries: Ntdll.dll, Wow64.dll, Wow64Win.dll, Wow64Cpu.dll.

The Windows operating system, and its various applications are written in a variety of programming languages ranging from assembly to C# but many of those make use of the Windows-provided built-in application programming interfaces (or APIs).

Win32 API

Win32 API offer developers pre-built functionality.

Note: In function name: suffix "A": ASCII (ex. GetUserNameA) suffix "W": Wide Char, Unicode (ex. GetUserNameW)

Windows Registry

The Registry is effectively a database that consists of a massive number of keys with associated values. These keys are sorted hierarchically using subkeys. The Registry can be edited using either the GUI (regedit) or the Win32 API.

At the root, multiple registry hivesrhive contain logical divisions of registry keys.

HKCU (HKEY_CURRENT_USER)

Information related to the current user and writable by the current user.

HKLM (HKEY_LOCAL_MACHINE)

information related to the operating system itself and requires administrative privileges.

Last updated 17 hours ago

hashtagWOW64

hashtagWin32 API

hashtagWindows Registry

WOW64

Win32 API

Windows Registry