Windows exposes two faces to developers in user mode: the familiar Win32 (Windows API) layer and a far leaner, more powerful interface the operating system itself relies on - the Native API. In this course Pavel Yosifovich guides you past the Win32 façade and straight to that inner doorway. You begin with the NT architecture and the system-call path, then master the data types, processes, threads, objects and memory structures that everything in Windows is built on. Each subsequent module peels back another layer: spawning true Native executables, leveraging  the object manager’s namespace, tracing handles, using virtual memory, streaming data through the I/O manager, and editing the Registry atomically. Short labs turn every concept into working code in Visual Studio using open-source headers, so by the final lesson you can create, probe and control any kernel-backed resource from user mode-skills that underpin debuggers, forensic tools and custom loaders alike.