Upgrade your Internet Experience
Microsoft.com
Welcome Sign in
Windows Embedded Developer Center
Click to Rate and Give Feedback

  Switch on low bandwidth view
Privileged APIs
Windows Mobile SupportedWindows Embedded CE Not Supported
8/28/2008

The following API functions can be called only by privileged applications.

The following table shows file-based API functions that are influenced by the SYSTEM attribute that can be set on a file.

API API

CreateFile

CreateFileForMapping

CopyFile

DeleteFile

DeleteAndRenameFile

MoveFile

RemoveDirectory

SetFileAttributes

In addition, the debug flags DEBUG_ONLY_THIS_PROCESS and DEBUG_PROCESS of the CreateProcess API are restricted. If these flags are used by a non-privileged application, the identified process will still launch but no debugging will occur.

Debug flags, DEBUG_ONLY_THIS_PROCESS and DEBUG_PROCESS, in the CreateProcess API are restricted as well.

Because most of the registry is unprotected, original equipment manufacturers must place all-important registry information in one of the protected keys.

Note:
All applications have read-only access to all registry keys and values.

In Windows Mobile powered devices, the following registry root keys and their subkeys are protected from normal applications:

  • HKEY_LOCAL_MACHINE\Comm
  • HKEY_LOCAL_MACHINE\Drivers
  • HKEY_LOCAL_MACHINE\HARDWARE
  • HKEY_LOCAL_MACHINE\Init
  • HKEY_LOCAL_MACHINE\Services
  • HKEY_LOCAL_MACHINE\SYSTEM
  • HKEY_LOCAL_MACHINE\WDMDrivers
  • HKEY_LOCAL_MACHINE\Security
  • HKEY_CURRENT_USER\Security
  • HKEY_LOCAL_MACHINE\Loader

Normal applications are also not allowed to modify protected data. They receive the ERROR_ACCESS_DENIED return value if they attempt to use the following registry functions:

  • RegSetValueEx
  • RegCreateKeyEx
  • RegDeleteKey
  • RegDeleteValue

The following table shows the API functions that can be called only by privileged applications.

API API

CeSetThreadPriority

CeSetThreadQuantum

ContinueDebugEvent

CryptUnprotectData

DebugActiveProcess

LoadDriver

NTLMAddGroup

NTLMAddUserToGroup

NTLMDeleteUser

NTLMEnumGroups

NTLMEnumUser

NTLMGetGroupList

NTLMGetUserList

NTLMRemoveGroup

NTLMRemoveUserFromGroup

NTLMSetUserInfo

ReadProcessMemory

RegCopyFile

RegRestoreFile

RegReplaceKey

RegSaveKey

SetCurrentUser

SetUserData

Toolhelp32ReadProcessMemory

WriteProcessMemory

WaitForDebugEvent

The following API functions are available to the original equipment manufacturer (OEM) only. Information on these API functions can be viewed at this Microsoft Web site.

API API

AllocPhysMem

CeSetMemoryAttributes

CheckPassword

CreateWatchDogTimer

DrWatsonClear

DrWatsonFlush

DrWatsonGetSize

DrWatsonReadData

DrWatsonWriteData

ForcePageout

FreeIntChainHandler

FreePhysMem

InterruptDisable

InterruptDone

InterruptInitialize

KernelLibIoControl

LoadIntChainHandler

LoadKernelLibrary

LockPages

OpenWatchDogTimer

PowerOffSystem

RefreshWatchDogTimer

SetCleanRebootFlag

SetInterruptEvent

SetPassword

SetKMode

SetProcPermissions

SetPasswordStatus

SetSystemMemoryDivision

StopWatchDogTimer

StartWatchDogTimer

UnlockPages

VirtualSetPageFlags

VirtualCopy

In Windows Mobile software there are additional APIs and registry root keys that are also protected from normal applications.

The following table shows the Extended Telephony Application Program Interface (ExTAPI) functions that can be called by privileged applications.

API API

lineGetGeneralInfo

lineSetCallWaitingState

lineGetNumberCalls

lineSetEquipmentState

lineGetUSSD

lineSetGPRSClass

lineRegister

lineSetHSCSDState

lineSendUSSD

lineSetPreferredOperator

lineSetCallBarringPassword

lineSetSendCallerIDState

lineSetCallBarringState

lineUnregister

The following table shows the SIM Manager functions that can be called by privileged applications.

API API

SimChangeLockingPassword

SimReadRecord

SimDeleteMessage

SimSetLockingStatus

SimGetRecordInfo

SimUnlockPhone

SimGetSmsStorageStatus

SimWriteMessage

SimReadMessage

SimWriteRecord

The following table shows the Short Message Service (SMS) functions that can be called by privileged applications.

API

SmsClearMessageNotification

SmsSetMessageNotification

SmsSetSMSC

The following table shows other functions that can be called by privileged applications.

API

Connection Manager function ConnMgrProviderMessage

Critical Process Monitor function CPMRegister (Reboot)

Other Resources

Core OS Reference

Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
© 2009 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Page view tracker