A header only wrapper library around native windows system APIs.
System information:
- Handles enumeration -> ntw::system::handles
- Process enumeration -> ntw::system::processes
- Threads enumeration -> ntw::system::thread_info
- Loaded drivers enumeration -> ntw::system::loaded_drivers
- Memory operations with RAII constructs -> ntw::memory
Object manipulation:
- Process -> ntw::obj::unique_process
- Loaded modules enumeration -> ntw::obj::process_module_info
- Thread -> ntw::obj::unique_thread
- File -> ntw::obj::unique_file
- Token -> ntw::obj::unique_token
- Registry -> ntw::obj::unique_registry
- Handle -> ntw::obj::unique_handle
- No exceptions - if a function can fail it will return a status code.
- No overhead - every single abstraction is costless and is as fast as it can be.
- Strict control over imports - every call is made trough a macro which allows turning the lazy importer off or easy switched to direct syscalls.
- Ease of developer use - it is a much more consistent and pleasant to work with compared to win32.
The main reason to choose this library over existing windows constructs are:
- Speed - even with lazy_importer you code is likely to be faster compared to win32 API.
- Ease of use - the language of choice is c++ and allows you to use modern alternatives to old C.
- Obfuscation - it is a lot harder to reverse engineer an application which uses obfuscated imports or direct syscalls.
nt_wrapper uses modified headers licensed under GNU GPL v3 that were taken from process hacker.