API-MS-Win-Core-ProcessThreads-L1-1-0

All the many functions in the API-MS-Win-Core-ProcessThreads-L1-1-0 set are documented exports from KERNEL32 in version 6.1 and higher. Most date from much earlier. Those that are new to KERNEL32 in version 6.1 have long been exported from ADVAPI32.

• CreateProcessA
• CreateProcessW
• CreateProcessAsUserW (ADVAPI32 only before 6.1)
• CreateRemoteThread
• CreateRemoteThreadEx
• CreateThread
• DeleteProcThreadAttributeList
• ExitProcess
• ExitThread
• FlushProcessWriteBuffers
• GetCurrentProcess
• GetCurrentProcessId
• GetCurrentThread
• GetCurrentThreadId
• GetExitCodeProcess
• GetExitCodeThread
• GetPriorityClass
• GetProcessId
• GetProcessIdOfThread
• GetProcessTimes
• GetProcessVersion
• GetStartupInfoW
• GetThreadId
• GetThreadPriority
• GetThreadPriorityBoost
• InitializeProcThreadAttributeList
• OpenProcessToken (ADVAPI32 only before 6.1)
• OpenThread
• OpenThreadToken (ADVAPI32 only before 6.1)
• ProcessIdToSessionId
• QueryProcessAffinityUpdateMode
• QueueUserAPC
• ResumeThread
• SetPriorityClass
• SetProcessAffinityUpdateMode
• SetProcessShutdownParameters
• SetThreadPriority
• SetThreadPriorityBoost
• SetThreadStackGuarantee
• SetThreadToken (ADVAPI32 only before 6.1)
• SuspendThread
• SwitchToThread
• TerminateProcess
• TerminateThread
• TlsAlloc
• TlsFree
• TlsGetValue
• TlsSetValue
• UpdateProcThreadAttribute

The ADVAPI32 functions continue to be exported from ADVAPI32 in version 6.1 and higher, but only as stub implementations that transfer the handling to wherever the schema redirects the API Set. As exports from KERNEL32 version 6.1 and higher, all but a few have similar stub implementations or are forwarded to the API Set. The exceptions are:

• CreateProcessA, CreateProcessW and CreateProcessAsUserW, which retain substantial implementations in KERNEL32;
• CreateThread, in which KERNEL32 pre-processes the transfer;
• ExitProcess, which KERNEL32 forwards to a corresponding NTDLL function (x64) or has a stub that calls the NTDLL function (x86);
• ExitThread and FlushProcessWriteBuffers, which KERNEL32 forwards to a corresponding NTDLL function;
• GetExitCodeProcess, in which KERNEL32 post-processes the transfer.

New Locations

For each function that KERNEL32 version 6.1 transfers to the API Set, a non-trivial implementation is exported from KERNELBASE version 6.1 and higher.

The three functions that KERNEL32 forwards to an NTDLL function are also exported from KERNELBASE version 6.1 and higher, also as forwards to the NTDLL function. KERNELBASE does not export the three functions for which KERNEL32 retains substantial implementations.

Schema Redirection

The Windows 7 schema redirects this API Set to KERNEL32, except that when KERNEL32 itself imports from the API Set, the redirection is to KERNELBASE. Thus:

• high-level executables, which do not use the API Set, continue to import these functions from KERNEL32 or ADVAPI32;
• low-level executables have their imports from the API Set redirected to KERNEL32;
• as a particular case of the preceding, stub implementations in ADVAPI32 import from KERNEL32;
• stub implementations in KERNEL32 import from underlying implementations in KERNELBASE.