As other people have commented, some applications may make use of
undocumented API calls.
In a lot of cases the undocumented APIs may just be used internally,
with no intention of 3rd-party software using them.
Whatever the case, it's worth documenting the undocumented APIs first of
all, and leaving them unimplemented. Where they are necessary for the
core components to function, we should substitute our own.
Then we wait for people to start filing bug reports saying application X
doesn't run, and if it turns out a missing undocumented API function is
needed, we implement it.
And/or we could stub the function calls and have them throw up an error
message to indicate that an undocumented API is being used, and to tell
the user to notify the devs or something.
But documentation is important in this case.
In summary:
1) Document all known undocumented APIs
2) Don't implement any of them (or, at most, stubs.)
3) Create an alternative for any undocumented API used internally
4) Only implement an undocumented API in the same way as Windows if
third-party components depend on it.