Abstract: Systems and methods for composing a dynamic runtime API set schema employing a base API set schema and a set of API set schema extensions are disclosed. A base API set schema may be loaded into system memory at boot time with an associated set of host base binaries. A set of API set schema extensions binaries may also be loaded into system memory at boot time. At a second time, the API set schema extensions may be merged into the base API set schema on a dynamic as-needed basis.

Abstract: A set of application programming interfaces (“APIs”) is provided that enables an application to perform operations on multiple system resources as a single logical unit of work through a transaction. The application can then commit or roll back the entire group of changes as a single unit in a coordinated manner. The APIs expose functions and methods that take a reference to a transaction context, such as a handle, name, or pointer, as one of their parameters so that the application can manipulate the resource as a transacted operation. The transaction is bound to all created handles so that all operations on the resource using those handles are also transacted. In an illustrative example, the set of APIs are transacted name-based WIN32 APIs that take a transaction handle. The transacted APIs expose transacted operations to the application for durable system resources in the OS kernel, including the NTFS file system (New Technology File System) and registry.

Abstract: A mechanism is provided for isolating application-specific data in an environment where multiple applications share a same user account. This mechanism enables data specific to an application to be accessed only by the application. When an application requests application-specific data, the data is loaded and a handle to the data is returned to the application. Access to the data is allowed only though the handle. Therefore, only the application possessing the handle can access the data. A counter may be associated with the loaded data. The counter's value is incremented whenever a handle is created for the data and decremented whenever a handle for the data is terminated. When the value of the counter reaches zero, the data is automatically unloaded.

Abstract: A set of application programming interfaces (“APIs”) is provided that enables an application to perform operations on multiple system resources as a single logical unit of work through a transaction. The application can then commit or roll back the entire group of changes as a single unit in a coordinated manner. The APIs expose functions and methods that take a reference to a transaction context, such as a handle, name, or pointer, as one of their parameters so that the application can manipulate the resource as a transacted operation. The transaction is bound to all created handles so that all operations on the resource using those handles are also transacted. In an illustrative example, the set of APIs are transacted name-based WIN32 APIs that take a transaction handle. The transacted APIs expose transacted operations to the application for durable system resources in the OS kernel, including the NTFS file system (New Technology File System) and registry.

Abstract: A mechanism is provided for isolating application-specific data in an environment where multiple applications share a same user account. This mechanism enables data specific to an application to be accessed only by the application. When an application requests application-specific data, the data is loaded and a handle to the data is returned to the application. Access to the data is allowed only though the handle. Therefore, only the application possessing the handle can access the data. A counter may be associated with the loaded data. The counter's value is incremented whenever a handle is created for the data and decremented whenever a handle for the data is terminated. When the value of the counter reaches zero, the data is automatically unloaded.

Abstract: Described is a revert preview mechanism, which gives the user a chance to temporarily remount a storage volume with the contents of a shadow copy, and then evaluate the computer system as if reverted, including allowing full I/O read and write operations to the storage volume. A temporary storage location is provided to cache data writes. Read requests are read back from the temporary storage location if the corresponding volume location has been written, or are read back from the shadow copy of the volume if not written since the revert preview operation began. In the case of a revert preview of the boot volume, an API is used to specify a correct shadow copy instance of the system registry hive, which needs to be loaded following reboot, but before the shadow copy driver is loaded. Use of the API loads the correct instance on the next reboot.

Abstract: Granting an executable object (e.g., an application program, thread, or process) access to a namespace object (e.g., a named object, resource, file, or folder). A request by the executable object for the namespace object is intercepted and processed to determine whether a local namespace associated with the executable object, user, or session stores a copy of the requested namespace object. If the copy exists in one of the local namespaces, the request is granted and allowed to operate on that local namespace. If the requested namespace object exists only in a global namespace, the namespace object is copied to a local namespace. The request is then granted and allowed to operate on the copy of the namespace object in the local namespace. Protecting the namespace objects stored in the global namespace from modification improves the stability of the application program and operating system.

Abstract: Managing the installation, execution, and removal of application programs by an operating system via an application identity associated with each application program. A method of the invention assigns the application identity to each application program and a resource identity to each resource associated with each application program. The method relates the assigned application identity and resource identity to enable manipulation of the application program and its resources.

Abstract: Granting an application program access to a resource as a function of a privilege associated with the application program. An embodiment of the invention employs a persistent, individual identity associated with the components of an application program or a group of application programs to allow an operating system to identify and differentiate between different application programs or groups of application programs installed on a computing system. The identity associated with each component of an application program enables the identification and removal or uninstallation of the application program. The identity also enables isolation of resources of the application program and protection of operating system resources.