This repository contains some nice demos of using the native API on Windows, including these:
- process: uses NtCreateUserProcess to run
calc.exe. Works on Windows 11. - template: a template
mainCRTStartupfunction
There is also a support library that implements the security cookie functions and eventually other ones if needed.
There is a Visual Studio 2022 solution with some hand edited project files. The mknew.py
script can make new projects, which can then be added to the solution. You need the WDK because there
are additional exports and some support code in ntdllp.lib which is part of the WDK.
The phnt headers from Process Hacker are (obviously) used for their massive wealth of definitions and declarations.
There are also import libraries generated from Windows libraries such as win32u.dll.