Welcome to the Windows Fundamentals MCQs Page

Dive deep into the fascinating world of Windows Fundamentals with our comprehensive set of Multiple-Choice Questions (MCQs). This page is dedicated to exploring the fundamental concepts and intricacies of Windows Fundamentals, a crucial aspect of Reverse Engineering. In this section, you will encounter a diverse range of MCQs that cover various aspects of Windows Fundamentals, from the basic principles to advanced topics. Each question is thoughtfully crafted to challenge your knowledge and deepen your understanding of this critical subcategory within Reverse Engineering.

Check out the MCQs below to embark on an enriching journey through Windows Fundamentals. Test your knowledge, expand your horizons, and solidify your grasp on this vital area of Reverse Engineering.

Note: Each MCQ comes with multiple answer choices. Select the most appropriate option and test your understanding of Windows Fundamentals. You can click on an option to test your knowledge before viewing the solution for a MCQ. Happy learning!

Windows Fundamentals MCQs | Page 15 of 26

Explore more Topics under Reverse Engineering

01

Introduction to Reverse Engineering

02

Low Level Software 🔒

03

Reversing Tools 🔒

04

Beyond the Documentation

05

Deciphering File Formats

06

Auditing Program Binaries 🔒

07

Reversing Malware 🔒

08

Piracy and Copy Protection

09

Antireversing Techniques 🔒

10

Breaking Protections 🔒

11

Reversing .NET 🔒

12

Decompilation

13

Deciphering Code Structures 🔒

14

Understanding Compiled Arithmetic

15

Deciphering Program Data 🔒

Q141.

What are GDI APIs?

Non-GUI-related services, such as file I/O, memory management, object management, process and thread management, and so on.

Low-level graphics services in Windows NT.

High-level GUI-related services in Windows NT.

Direct interfaces into the Windows kernel, providing interfaces for direct interfacing with the memory manager, I/O System, object manager, processes and threads, and so on.

Discuss

Answer: (b).Low-level graphics services in Windows NT. Explanation:GDI APIs are low-level graphics services in Windows NT, such as those for drawing a line, displaying a bitmap, and so on.

Q142.

What are USER APIs?

Non-GUI-related services, such as file I/O, memory management, object management, process and thread management, and so on.

Low-level graphics services in Windows NT.

High-level GUI-related services in Windows NT.

Direct interfaces into the Windows kernel, providing interfaces for direct interfacing with the memory manager, I/O System, object manager, processes and threads, and so on.

Discuss

Answer: (c).High-level GUI-related services in Windows NT. Explanation:USER APIs are high-level GUI-related services in Windows NT, such as window-management, menus, dialog boxes, user-interface controls, and so on.

Q143.

What is the Native API?

The actual interface to the Windows NT system.

The layer above the Win32 API in Windows NT.

The graphics-related services in Windows NT.

The high-level interface an application employs to communicate with the OS.

Discuss

Answer: (a).The actual interface to the Windows NT system. Explanation:The Native API is the actual interface to the Windows NT system. It provides interfaces for direct interfacing with the memory manager, I/O System,etc .

Q144.

What prefixes do APIs in the native API start with?

Nt and Zk

Nt and Zw

Ns and Zw

Ns and Zk

Discuss

Answer: (b).Nt and Zw Explanation:APIs in the native API always start with one of two prefixes: either Nt or Zw, so that functions have names like NtCreateFile or ZwCreateFile.

Q145.

What is the difference between the Nt and Zw versions of native APIs in kernel mode?

They are identical

The Nt versions are stubs that go through the system-call mechanism

The Zw versions are the actual implementations of the APIs

The Nt versions are the actual implementations of the APIs, while the Zw versions are stubs that go through the system-call mechanism

Discuss

Answer: (d).The Nt versions are the actual implementations of the APIs, while the Zw versions are stubs that go through the system-call mechanism Explanation:In kernel mode, the Nt versions are the actual implementations of the APIs, while the Zw versions are stubs that go through the system-call mechanism.

Q146.

Why would you want to go through the system-call mechanism when calling an API from kernel mode?

To simplify the process of calling functions

To prove to the API being called that you're actually calling it from kernel mode

To verify that all parameters only contain user-mode addresses

None of the above

Discuss

Answer: (b).To prove to the API being called that you're actually calling it from kernel mode Explanation:The reason you would want to go through the system-call mechanism when calling an API from kernel mode is to "prove" to the API being called that you're actually calling it from kernel mode.

Q147.

What is the purpose of the safety mechanism employed by the system when calling an API from user mode?

To simplify the process of calling functions

To prove to the API being called that you're actually calling it from kernel mode

To verify that all parameters only contain user-mode addresses

None of the above

Discuss

Answer: (c).To verify that all parameters only contain user-mode addresses Explanation:This is a safety mechanism employed by the system to make sure user mode calls don't corrupt the system by passing kernel-memory pointers.

Q148.

What is the benefit of calling the Zw APIs in kernel mode?

To simplify the process of calling functions

To prove to the API being called that you're actually calling it from kernel mode

To verify that all parameters only contain user-mode addresses

To pass regular kernel-mode pointers

Discuss

Answer: (d).To pass regular kernel-mode pointers Explanation:For kernel-mode code, calling the Zw APIs is a way to simplify the process of calling functions because you can pass regular kernel-mode pointers.

Q149.

What is the system calling mechanism?

A way to switch from kernel mode to user mode.

A way to switch from user mode to kernel mode.

A way to switch between processes in user mode.

A way to switch between processes in kernel mode.

Discuss

Answer: (b).A way to switch from user mode to kernel mode. Explanation:The system calling mechanism is a way to switch from user mode to kernel mode.

Q150.

When does a system call take place?

When kernel-mode code needs to call a user-mode function.

When user-mode code needs to call a kernel-mode function.

When user-mode code needs to call another user-mode function.

When kernel-mode code needs to call another kernel-mode function.

Discuss

Answer: (b).When user-mode code needs to call a kernel-mode function. Explanation:A system call takes place when user-mode code needs to call a kernel-mode function.

Page 15 of 26

Low Level Software 🔒

Reversing Tools 🔒

Auditing Program Binaries 🔒

Reversing Malware 🔒

Antireversing Techniques 🔒

Breaking Protections 🔒

Reversing .NET 🔒

Deciphering Code Structures 🔒

Deciphering Program Data 🔒

Welcome to the Windows Fundamentals MCQs Page

Windows Fundamentals MCQs | Page 15 of 26

Explore more Topics under Reverse Engineering

Introduction to Reverse Engineering

Beyond the Documentation

Deciphering File Formats

Piracy and Copy Protection

Decompilation

Understanding Compiled Arithmetic

Suggested Topics

HTML

PHP

Systems Programming

DBMS

Computer Graphics

Reverse Engineering

Python

Big Data Computing

Internet of Things (IoT)