附录 B
内核API函数(Kernel API Functions)
附录B包含在第二章讨论的系统模块:win32k.sys、ntdll.dll和ntoskrnl.exe导出的函数列表。N/A表示不支持(Not Available)。
表B-1. Windows 2000 Native API
| 函数名称 | INT 2eh | Ntdll.Nt* | Ntdll.Zw* | Ntoskrnl.Nt* | Ntoskrnl.Zw* |
1 | NtAcceptConnectPort | 0x0000 |
|
| N/A | N/A |
2 | NtAccessCheck | 0x0001 |
|
| N/A | N/A |
3 | NtAccessCheckAndAuditAlarm | 0x0002 |
|
| N/A |
|
4 | NtAccessCheckByType | 0x0003 |
|
| N/A | N/A |
5 | NtAccessCheckByTypeAndAuditAlarm | 0x0004 |
|
| N/A | N/A |
6 | NtAccessCheckByTypeResultList | 0x0005 |
|
| N/A | N/A |
7 | NtAccessCheckByTypeResultListAndAuditAlarm | 0x0006 |
|
| N/A | N/A |
8 | NtAccessCheckByTypeResultListAndAuditAlarmByHandle | 0x0007 |
|
| N/A | N/A |
9 | NtAddAtom | 0x0008 |
|
|
| N/A |
10 | NtAdjustGroupsToken | 0x0009 |
|
| N/A | N/A |
11 | NtAdjustPrivilegesToken | 0x000A |
|
|
|
|
12 | NtAlertResumeThread | 0x000B |
|
| N/A | N/A |
13 | NtAlertThread | 0x000C |
|
| N/A |
|
14 | NtAllocateLocallyUniqueld | 0x000D |
|
|
| N/A |
15 | NtAllocateUserPhysicalPages | 0x000E |
|
| N/A | N/A |
16 | NtAllocateUuids | 0x000F |
|
|
| N/A |
17 | NtAllocateVirtualMemory | 0x0010 |
|
|
|
|
18 | NtAreMappedFilesTheSame | 0x0011 |
|
| N/A | N/A |
19 | NtAssignProcessToJobObject | 0x0012 |
|
| N/A | N/A |
20 | NtBuildNumber | N/A | N/A | N/A |
| N/A |
21 | NtCallbackReturn | 0x0013 |
|
| N/A | N/A |
22 | NtCancelDeviceWakeupRequest | 0x0016 |
|
| N/A | N/A |
23 | NtCancelloFile | 0x0014 |
|
| N/A |
|
24 | NtCancelTimer | 0x0015 |
|
| N/A |
|
25 | NtClearEvent | 0x0017 |
|
| N/A |
|
26 | NtClose | 0x0018 |
|
|
|
|
27 | NtCloseObjectAuditAlarm | 0x0019 |
|
| N/A |
|
28 | NtCompleteConnectPort | 0x001A |
|
| N/A | N/A |
29 | NtConnectPort | 0x001B |
|
|
|
|
30 | NtContinue | 0x001C |
|
| N/A | N/A |
31 | NtCreateChannel | 0x00F1 |
|
| N/A | N/A |
32 | NtCreateDirectoryObject | 0x001D |
|
| N/A |
|
33 | NtCreateEvent | 0x001E |
|
|
|
|
34 | NtCreateEventPair | 0x001F |
|
| N/A | N/A |
35 | NtCreateFile | 0x0020 |
|
|
|
|
36 | NtCreateloCompletion | 0x0021 |
|
| N/A | N/A |
37 | NtCreateJobObject | 0x0022 |
|
| N/A | N/A |
38 | NtCreateKey | 0x0023 |
|
| N/A |
|
39 | NtCreateMailslotFile | 0x0024 |
|
| N/A | N/A |
40 | NtCreateMutant | 0x0025 |
|
| N/A | N/A |
41 | NtCreateNamedPipeFile | 0x0026 |
|
| N/A | N/A |
42 | NtCreatePagingFile | 0x0027 |
|
| N/A | N/A |
43 | NtCreatePort | 0x0028 |
|
| N/A | N/A |
44 | NtCreateProcess | 0x0029 |
|
| N/A | N/A |
45 | NtCreateProfile | 0x002A |
|
| N/A | N/A |
46 | NtCreateSection | 0x002B |
|
|
|
|
47 | NtCreateSemaphore | 0x002C |
|
| N/A | N/A |
48 | NtCreateSymbolicLinkObject | 0x002D |
|
| N/A |
|
49 | NtCreateThread | 0x002E |
|
| N/A | N/A |
50 | NtCreateTimer | 0x002F |
|
| N/A |
|
51 | NtCreateToken | 0x0030 |
|
| N/A | N/A |
52 | NtCreateWaitablePort | 0x0031 |
|
| N/A | N/A |
53 | NtCurrentTeb | N/A |
| N/A | N/A | N/A |
54 | NtDelayExecution | 0x0032 |
|
| N/A | N/A |
55 | NtDeleteAtom | 0x0033 |
|
|
| N/A |
56 | NtDeleteFile | 0x0034 |
|
|
|
|
57 | NtDeleteKey | 0x0035 |
|
| N/A |
|
58 | NtDeleteObjectAuditAlarm | 0x0036 |
|
| N/A | N/A |
59 | NtDeleteValueKey | 0x0037 |
|
| N/A |
|
60 | NtDeviceloControlFile | 0x0038 |
|
|
|
|
61 | NtDisplayString | 0x0039 |
|
| N/A |
|
62 | NtDuplicateObject | 0x003A |
|
|
|
|
63 | NtDuplicateToken | 0x003B |
|
|
|
|
64 | NtEnumerateKey | 0x003C |
|
| N/A |
|
65 | NtEnumerateValueKey | 0x003D |
|
| N/A |
|
66 | NtExtendSection | 0x003E |
|
| N/A | N/A |
67 | NtFilterToken | 0x003F |
|
| N/A | N/A |
68 | NtFindAtom | 0x0040 |
|
|
| N/A |
69 | NtFlushBuffersFile | 0x0041 |
|
| N/A | N/A |
70 | NtFlushlnstructionCache | 0x0042 |
|
| N/A |
|
71 | NtFlushKey | 0x0043 |
|
| N/A |
|
72 | NtFlushVirtualMemory | 0x0044 |
|
| N/A |
|
73 | NtFlushWriteBuffer | 0x0045 |
|
| N/A | N/A |
74 | NtFreeUserPhysicalPages | 0x0046 |
|
| N/A | N/A |
75 | NtFreeVirtualMemory | 0x0047 |
|
|
|
|
76 | NtFsControlFile | 0x0048 |
|
|
|
|
77 | NtGetContextThread | 0x0049 |
|
| N/A | N/A |
78 | NtGetDevicePowerState | 0x004A |
|
| N/A | N/A |
79 | NtGetPlugPlayEvent | 0x004B |
|
| N/A | N/A |
80 | NtGetTickCount | 0x004C |
|
| N/A | N/A |
81 | NtGetWriteWatch | 0x004D |
|
| N/A | N/A |
82 | NtGlobalFlag | N/A | N/A | N/A |
| N/A |
83 | NtlmpersonateAnonymousToken | 0x004E |
|
| N/A | N/A |
84 | NtlmpersonateClientOfPort | 0x004F |
|
| N/A | N/A |
85 | NtlmpersonateThread | 0x0050 |
|
| N/A | N/A |
86 | NtlnitializeRegistry | 0x0051 |
|
| N/A | N/A |
87 | NtlnitiatePowerAction | 0x0052 |
|
| N/A |
|
88 | NtlsSystemResumeAutomatic | 0x0053 |
|
| N/A | N/A |
89 | NtListenChannel | 0x00F2 |
|
| N/A | N/A |
90 | NtListenPort | 0x0054 |
|
| N/A | N/A |
91 | NtLoadDriver | 0x0055 |
|
| N/A |
|
92 | NtLoadKey | 0x0056 |
|
| N/A |
|
93 | NtLoadKey2 | 0x0057 |
|
| N/A | N/A |
94 | NtLockFile | 0x0058 |
|
|
| N/A |
95 | NtLockVirtualMemory | 0x0059 |
|
| N/A | N/A |
96 | NtMakeTemporaryObject | 0x005A |
|
| N/A |
|
97 | NtMapUserPhysicalPages | 0x005B |
|
| N/A | N/A |
98 | NtMapUserPhysicalPagesScatter | 0x005C |
|
| N/A | N/A |
99 | NtMapViewOf Section | 0x005D |
|
|
|
|
100 | NtNotifyChangeDirectoryFile | 0x005E |
|
|
| N/A |
101 | NtNotifyChangeKey | 0x005F |
|
| N/A |
|
102 | NtNotifyChangeMultipleKeys | 0x0060 |
|
| N/A | N/A |
103 | NtOpenChannel | 0x00F3 |
|
| N/A | N/A |
104 | NtOpenDirectoryObject | 0x0061 |
|
| N/A |
|
105 | NtOpenEvent | 0x0062 |
|
| N/A |
|
106 | NtOpenEventPair | 0x0063 |
|
| N/A | N/A |
107 | NtOpenFile | 0x0064 |
|
|
|
|
108 | NtOpenloCompletion | 0x0065 |
|
| N/A | N/A |
109 | NtOpenJobObject | 0x0066 |
|
| N/A | N/A |
110 | NtOpenKey | 0x0067 |
|
| N/A |
|
111 | NtOpenMutant | 0x0068 |
|
| N/A | N/A |
112 | NtOpenObjectAuditAlarm | 0x0069 |
|
| N/A | N/A |
113 | NtOpenProcess | 0x006A |
|
|
|
|
114 | NtOpenProcessToken | 0x006B |
|
|
|
|
115 | NtOpenSection | 0x006C |
|
| N/A |
|
116 | NtOpenSemaphore | 0x006D |
|
| N/A | N/A |
117 | NtOpenSymbolicLinkObject | 0x006E |
|
| N/A |
|
118 | NtOpenThread | 0x006F |
|
| N/A |
|
119 | NtOpenThreadToken | 0x0070 |
|
| N/A |
|
120 | NtOpenTimer | 0x0071 |
|
| N/A |
|
121 | NtPlugPlayControl | 0x0072 |
|
| N/A | N/A |
122 | NtPowerlnformation | 0x0073 |
|
| N/A |
|
123 | NtPrivilegeCheck | 0x0074 |
|
| N/A | N/A |
124 | NtPrivilegedServiceAuditAlarm | 0x0075 |
|
| N/A | N/A |
125 | NtPrivilegeObjectAuditAlarm | 0x0076 |
|
| N/A | N/A |
126 | NtProtectVirtualMemory | 0x0077 |
|
| N/A | N/A |
127 | NtPulseEvent | 0x0078 |
|
| N/A |
|
128 | NtQueryAttributesFile | 0x007A |
|
| N/A | N/A |
129 | NtQueryDefaultLocale | 0x007B |
|
| N/A |
|
130 | NtQueryDefaultUILanguage | 0x007C |
|
| N/A |
|
131 | NtQueryDirectoryFile | 0x007D |
|
|
|
|
132 | NtQueryDirectoryObject | 0x007E |
|
| N/A |
|
133 | NtQueryEaFile | 0x007F |
|
|
|
|
134 | NtQueryEvent | 0x0080 |
|
| N/A | N/A |
135 | NtQueryFullAttributesFile | 0x0081 |
|
| N/A | N/A |
136 | NtQuerylnformationAtom | 0x0079 |
|
|
| N/A |
137 | NtQuerylnformationFile | 0x0082 |
|
|
|
|
138 | NtQuerylnformationJobObject | 0x0083 |
|
| N/A | N/A |
139 | NtQuerylnformationPort | 0x0085 |
|
| N/A | N/A |
140 | NtQuerylnformationProcess | 0x0086 |
|
|
|
|
141 | NtQuerylnformationThread | 0x0087 |
|
| N/A | N/A |
142 | NtQuerylnformationToken | 0x0088 |
|
|
|
|
143 | NtQuerylnstallUILanguage | 0x0089 |
|
| N/A |
|
144 | NtQuerylntervalProfile | 0x008A |
|
| N/A | N/A |
145 | NtQueryIoCompletion | 0x0084 |
|
| N/A | N/A |
146 | NtQueryKey | 0x008B |
|
| N/A |
|
147 | NtQueryMultipleValueKey | 0x008C |
|
| N/A | N/A |
148 | NtQueryMutant | 0x008D |
|
| N/A | N/A |
149 | NtQueryObject | 0x008E |
|
| N/A |
|
150 | NtQueryOpenSubKeys | 0x008F |
|
| N/A | N/A |
151 | NtQueryPerformanceCounter | 0x0090 |
|
| N/A | N/A |
152 | NtQueryQuotalnformationFile | 0x0091 |
|
|
| N/A |
153 | NtQuerySection | 0x0092 |
|
| N/A |
|
154 | NtQuerySecurityObject | 0x0093 |
|
|
|
|
156 | NtQuerySemaphore | 0x0094 |
|
| N/A | N/A |
157 | NtQuerySymbolicLinkObject | 0x0095 |
|
| N/A |
|
158 | NtQuerySystemEnvironment Value | 0x0096 |
|
| N/A | N/A |
159 | NtQuerySystemlnformation | 0x0097 |
|
|
|
|
160 | NtQuerySystemTime | 0x0098 |
|
| N/A | N/A |
161 | NtQuery Timer | 0x0099 |
|
| N/A | N/A |
162 | NtQueryTimerResolution | 0x009A |
|
| N/A | N/A |
163 | NtQueryValueKey | 0x009B |
|
| N/A |
|
164 | NtQuery VirtualMemory | 0x009C |
|
| N/A | N/A |
165 | NtQuery VolumelnformationFile | 0x009D |
|
|
|
|
166 | NtQueueApcThread | 0x009E |
|
| N/A | N/A |
167 | NtRaiseException | 0x009F |
|
| N/A | N/A |
168 | NtRaiseHardError | 0x00A0 |
|
| N/A | N/A |
169 | NtReadFile | 0x00Al |
|
|
|
|
170 | NtReadFileScatter | 0x00A2 |
|
| N/A | N/A |
171 | NtReadRequestData | 0x00A3 |
|
| N/A | N/A |
172 | NtReadVirtualMemory | 0x00A4 |
|
| N/A | N/A |
173 | NtRegisterThreadTerminatePort | 0x00A5 |
|
| N/A | N/A |
174 | NtReleaseMutant | 0x00A6 |
|
| N/A | N/A |
175 | NtReleaseSemaphore | 0x00A7 |
|
| N/A | N/A |
176 | NtRemoveloCompletion | 0x00A8 |
|
| N/A | N/A |
177 | NtReplaceKey | 0x00A9 |
|
| N/A |
|
178 | NtReplyPort | 0x00AA |
|
| N/A | N/A |
179 | NtReplyWaitReceivePort | 0x00AB |
|
| N/A | N/A |
180 | NtReplyWaitReceivePortEx | 0x00AC |
|
| N/A | N/A |
181 | NtReplyWaitReplyPort | 0x00AD |
|
| N/A | N/A |
182 | NtReplyWaitSendChannel | 0x00F4 |
|
| N/A | N/A |
183 | NtRequestDeviceWakeup | 0x00AE |
|
| N/A | N/A |
184 | NtRequestPort | 0x00AF |
|
|
| N/A |
185 | NtRequestWaitReplyPort | 0x00B0 |
|
|
|
|
186 | NtRequestWakeupLatency | 0x00Bl |
|
| N/A | N/A |
187 | NtResetEvent | 0x00B2 |
|
| N/A |
|
188 | NtResetWriteWatch | 0x00B3 |
|
| N/A | N/A |
189 | NtRestoreKey | 0x00B4 |
|
| N/A |
|
190 | NtResumeThread | 0x00B5 |
|
| N/A | N/A |
191 | NtSaveKey | 0x00B6 |
|
| N/A |
|
192 | NtSaveMergedKeys | 0x00B7 |
|
| N/A | N/A |
193 | NtSecureConnectPort | 0x00B8 |
|
| N/A | N/A |
194 | NtSendWaitReplyChannel | 0x00F5 |
|
| N/A | N/A |
195 | NtSetContextChannel | 0x00F6 |
|
| N/A | N/A |
196 | NtSetContextThread | 0x00BA |
|
| N/A | N/A |
197 | NtSetDefaultHardErrorPort | 0x00BB |
|
| N/A | N/A |
198 | NtSetDefaultLocale | 0x00BC |
|
| N/A |
|
199 | NtSetDefaultUILanguage | 0x00BD |
|
| N/A |
|
200 | NtSetEaFile | 0x00BE |
|
|
|
|
201 | NtSetEvent | 0x00BF |
|
|
|
|
202 | NtSetHighEventPair | 0x00C0 |
|
| N/A | N/A |
203 | NtSetHighWaitLowEventPair | 0x00Cl |
|
| N/A | N/A |
204 | NtSetlnformationFile | 0x00C2 |
|
|
|
|
205 | NtSetlnformationJobObject | 0x00C3 |
|
| N/A | N/A |
206 | NtSetlnformationKey | 0x00C4 |
|
| N/A | N/A |
207 | NtSetlnformationObject | 0x00C5 |
|
| N/A |
|
208 | NtSetlnformationProcess | 0x00C6 |
|
|
|
|
209 | NtSetlnformationThread | 0x00c7 |
|
|
|
|
210 | NtSetlnformationToken | 0x00C8 |
|
| N/A | N/A |
211 | NtSetlntervalProfile | 0x00C9 |
|
| N/A | N/A |
212 | NtSetloCompletion | 0x00B9 |
|
| N/A | N/A |
213 | NtSetLdtEntries | 0x00CA |
|
| N/A | N/A |
214 | NtSetLowEventPair | 0x00CB |
|
| N/A | N/A |
215 | NtSetLowWaitHighEventPair | 0x00CC |
|
| N/A | N/A |
216 | NtSetQuotalnformationFile | 0x00CD |
|
|
| N/A |
217 | NtSetSecurityObject | 0x00CE |
|
|
|
|
218 | NtSetSystemEnvironment Value | 0x00CF |
|
| N/A | N/A |
219 | NtSetSystemlnformation | 0x00D0 |
|
| N/A |
|
220 | NtSetSystemPowerState | 0x00Dl |
|
| N/A | N/A |
221 | NtSetSystemTime | 0x00D2 |
|
| N/A |
|
222 | NtSetThreadExecutionState | 0x00D3 |
|
| N/A | N/A |
223 | NtSetTimer | 0x00D4 |
|
| N/A |
|
224 | NtSetTimerResolution | 0x00D5 |
|
| N/A | N/A |
225 | NtSetUuidSeed | 0x00D6 |
|
| N/A | N/A |
226 | NtSetValueKey | 0x00D7 |
|
| N/A |
|
227 | NtSetVolumelnformationFile | 0x00D8 |
|
|
|
|
228 | NtShutdownSystem | 0x00D9 |
|
| N/A | N/A |
229 | NtSignalAndWaitForSingleObject | 0x00DA |
|
| N/A | N/A |
230 | NtStartProfile | 0x00DB |
|
| N/A | N/A |
231 | NtStopProfile | 0x00DC |
|
| N/A | N/A |
232 | NtSuspendThread | 0x00DD |
|
| N/A | N/A |
233 | NtSystemDebugControl | 0x00DE |
|
| N/A | N/A |
234 | NtTerminateJobObject | 0x00DF |
|
| N/A | N/A |
235 | NtTerminateProcess | 0x00E0 |
|
| N/A |
|
236 | NtTerminateThread | 0x00El |
|
| N/A | N/A |
237 | NtTestAlert | 0x00E2 |
|
| N/A | N/A |
238 | NtUnloadDriver | 0x00E3 |
|
| N/A |
|
239 | NtUnloadKey | 0x00E4 |
|
| N/A |
|
240 | NtUnlockFile | 0x00E5 |
|
|
| N/A |
241 | NtUnlockVirtualMemory | 0x00E6 |
|
| N/A | N/A |
242 | NtUnmapViewOfSection | 0x00E7 |
|
| N/A |
|
243 | NtVdmControl | 0x00E8 |
|
|
| N/A |
244 | NtWaitForMultipleObjects | 0x00E9 |
|
| N/A |
|
245 | NtWaitForSingleObject | 0x00EA |
|
|
|
|
246 | NtWaitHighEventPair | 0x00EB |
|
| N/A | N/A |
247 | NtWaitLowEventPair | 0x00EC |
|
| N/A | N/A |
248 | NtWriteFile | 0x00ED |
|
|
|
|
249 | NtWriteFileGather | 0x00EE |
|
| N/A | N/A |
250 | NtWriteRequestData | 0x00EF |
|
| N/A | N/A |
251 | NtWriteVirtualMemory | 0x00F0 |
|
| N/A | N/A |
252 | NtYieldExecution | 0x00F7 |
|
| N/A |
|