| Special Files |
| |||||||||||
| These APIs are used to create files that have custom characteristics. |
| |||||||||||
| NtCreateMailslotFile | CreateMailSlot | Creates a mailslot end-point. |
| |||||||||
| NtCreateNamedPipeFile | CreateNamedPipe | Creates a named-pipe end-point. |
| |||||||||
| NtCreatePagingFile |
| The System applet uses this API to create paging files. Parameters specify the name, as well as minimum and maximum size. |
| |||||||||
|
|
| |||||||||||
| Drivers |
| |||||||||||
| These functions are used by NT to load and unload device driver images from system memory. |
| |||||||||||
| NtLoadDriver | CreateFile with Service Control Manager | Loads a device driver based on information provided under HKLM/System/CurrentControlSet/Services/driver name |
| |||||||||
| NtUnloadDriver | Service Control Manager supported | Unloads the specified driver from memory, presuming the driver supports an unload interface. |
| |||||||||
| NtRegisterNewDevice |
| NT 3.51 only. |
| |||||||||
|
|
| |||||||||||
| Processor and Bus |
| |||||||||||
| Processor registers and components can be controlled via these functions. |
| |||||||||||
| NtFlushInstructionCache |
| The NT kernel debugger uses this API, which flushes the processor instruction cache using the HAL. |
| |||||||||
| NtFlushWriteBuffer |
| The processor's memory write buffer is flushed by this function, which uses the HAL. |
| |||||||||
| NtSetLdtEntries |
| X86 Local Descriptor Table entries are initialized using this function. |
| |||||||||
| NtEnumerateBus |
| NT 3.51 only. |
| |||||||||
| NtGetCurrentProcessorNumber |
| New to Server 2K3. Gets the number of the processor on which a thread is executing. |
| |||||||||
|
|
| |||||||||||
| Debugging and Profiling |
| |||||||||||
| The profiling APIs provide a mechanism for sample-based profiling of kernel-mode execution. The Kernprof tool in the DDK makes use of them, and a recent Windows Developer's Journal presented a source code to a Kernprof clone. The debug control function is used by WinDbg for obtaining internal kernel information and controlling thread and process execution. |
| |||||||||||
| NtCreateProfile |
| Creates a profile object. |
| |||||||||
| NtQueryIntervalProfile |
| Returns profiled data. |
| |||||||||
| NtSetIntervalProfile |
| Specified sampling interval. |
| |||||||||
| NtStartProfile |
| Starts sampling. |
| |||||||||
| NtStopProfile |
| Stops sampling. |
| |||||||||
| NtSystemDebugControl |
| Implements a range of debugger support commands. |
| |||||||||
| NtRegisterThreadTerminatePort |
| A debugger registers for thread termination notification with this API. |
| |||||||||
| NtCreateDebugObject |
| New to WinXP. Creates a debug object. |
| |||||||||
| NtDebugActiveProcess | DebugActiveProcess | New to WinXP. Enables a debugger to attach to an active process and debug it. |
| |||||||||
| NtDebugContinue | Continue DebugEvent | New to WinXP. Allows a process to contiue a thread that has generated a debug event. |
| |||||||||
| NtQueryDebugFilterState |
| New to WinXP. Queries the debug filter state level for a specific component. |
| |||||||||
| NtRemoveProcessDebug | DebugActiveProcessStop | New to WinXP. Stops debugging the specified process. |
| |||||||||
| NtSetDebugFilterState |
| New to WinXP. Sets the debug output filter level for the specified component. |
| |||||||||
| NtSetInformationDebugObject |
| New to WinXP. Sets the attributes of a debug object. |
| |||||||||
| NtWaitForDebugEvent | WaitForDebugEvent | New to WinXP. Waits for a debugging event on a process being debugged. |
| |||||||||
|
|
| |||||||||||
| Channels |
| |||||||||||
| These functions were introduced in NT 4.0 and are present in Win2K Beta 1. However, they are all stubs that return STATUS_NOT_IMPLEMENTED. Their names imply that they were intended to provide access to a communications mechanism. Why are they in the released versions of NT if they are not implemented? |
| |||||||||||
| NtCreateChannel |
| Not implemented. |
| |||||||||
| NtOpenChannel |
| Not implemented. |
| |||||||||
| NtListenChannel |
| Not implemented. |
| |||||||||
| NtSetContextChannel |
| Not implemented. |
| |||||||||
| NtReplyWaitSendChannel |
| Not implemented. |
| |||||||||
| NtSendWaitReplyChannel |
| Not implemented. |
| |||||||||
|
|
| |||||||||||
| Power |
| |||||||||||
| There's only one Native API for power management in NT 4.0. Interestingly, this API was introduced in NT 4.0, but was a stub that returned STATUS_NOT_IMPLEMENTED. Win2K fleshes out the API and adds more commands. |
| |||||||||||
| NtSetSystemPowerState |
| Not implemented in NT 4.0. |
| |||||||||
| NtInitiatePowerAction |
| New to Win2K. Initiate a power event (e.g. suspend) |
| |||||||||
| NtPowerInformation | GetSystemPowerStatus | New to Win2K. Get the system's power state. |
| |||||||||
| NtSetThreadExecutionState | SetThreadExecutionState | New to Win2K. Sets a thread's system power state requirement. |
| |||||||||
| NtRequestWakeupLatency |
| New to Win2K. Sets a process' wakeup latency. |
| |||||||||
|
|
| |||||||||||
| Plug-and-Play |
| |||||||||||
| Like the Power API, some of these were introduced in NT 4.0 as unimplemented functions. Win2K fleshes them out and adds more. |
| |||||||||||
| NtGetPlugPlayEvent |
| Present, but not implemented in NT 4.0. Sets plug and play events. |
| |||||||||
| NtPlugPlayControl |
| Present, but not implemented in NT 4.0. Sends commands to the plug-and-play subsystem. |
| |||||||||
|
|
| |||||||||||
| Objects |
| |||||||||||
| Object manager namespace objects are created and manipualted with these routines. A couple of these, like NtClose, are general in that they are used with any object type. |
| |||||||||||
| NtClose | CloseHandle | Closes a handle to any object type. |
| |||||||||
| NtDuplicateObject | DuplicateHandle | Duplicates a handle to an object. |
| |||||||||
| NtCreateDirectoryObject |
| Creates a directory in the object manager namespace. |
| |||||||||
| NtCreateSymbolicLinkObject |
| Creates a symbolic link in the object manager namespace. The Win32 DefineDosDevice command lets you create links, but only in the /?? subdirectory. |
| |||||||||
| NtMakeTemporaryObject |
| Causes a permanent object to be deleted during NT shutdown so that it isn't present at the next boot. |
| |||||||||
| NtOpenDirectoryObject |
| Opens an object manager namespace directory. |
| |||||||||
| NtQueryDirectoryObject |
| Used to enumerate the objects located in an directory object. |
| |||||||||
| NtOpenSymbolicLinkObject |
| Opens a symbolic link object. |
| |||||||||
| NtQuerySymbolicLinkObject |
| Returns the name of the object that the symbolic link points at. |
| |||||||||
| NtQueryObject |
| Queries an an object's attributes, such as its name. |
| |||||||||
| NtSetInformationObject |
| Sets an object's attributes. |
| |||||||||
| NtMakePermanentObject |
| New to WinXP. Sets the permanent flag on an object. |
| |||||||||
| NtTranslateFilePath |
| New to WinXP. Translates a file path from one format (e.g. NT, ARC, EFI) to another. |
| |||||||||
|
|
| |||||||||||
| Registry |
| |||||||||||
| Win32 Registry functions basically map directly to these APIs, and many of them are documented in the DDK. |
| |||||||||||
| NtCreateKey | RegCreateKey | Creates or opens a Registry key. |
| |||||||||
| NtOpenKey | RegOpenKey | Opens an existing Registry key. |
| |||||||||
| NtDeleteKey | RegDeleteKey | Deletes a Registry key. |
| |||||||||
| NtDeleteValueKey | RegDeleteValue | Deletes a value. |
| |||||||||
| NtEnumerateKey | RegEnumKey, RegEnumKeyEx | Enumerates the subkeys of a key. |
| |||||||||
| NtEnumerateValueKey | RegEnumValue | Enumerates the values within a key. |
| |||||||||
| NtFlushKey | RegFlushKey | Flushes changes back to the Registry on disk. |
| |||||||||
| NtInitializeRegistry |
| Gets the Registry rolling. The single parameter to this specifies whether its a setup boot or a normal boot. |
| |||||||||
| NtNotifyChangeKey | RegNotifyChangeKeyValue | Allows a program to be notified of changes to a particular key or its subkeys. |
| |||||||||
| NtQueryKey | RegQueryKey | Queries information about a key. |
| |||||||||
| NtQueryMultiplValueKey | RegQueryMultipleValues | Retrieves information about multiple specified values. This API was introduced in NT 4.0. |
| |||||||||
| NtQueryValueKey | RegQueryValue, RegQueryValueEx | Retrieves information about a specified value. |
| |||||||||
| NtReplaceKey | RegReplaceKey | Changes the backing file for a key and its subkeys. Used for backup/restore. |
| |||||||||
| NtSaveKey | RegSaveKey | Saves the contents of a key and subkey to a file. |
| |||||||||
| NtRestoreKey | RegRestoreKey | Loads the contents of a key from a specified file. |
| |||||||||
| NtSetInformationKey |
| Sets attributes of a key. |
| |||||||||
| NtSetValueKey | RegSetValue, RegSetValueEx | Sets the data associated with a value. |
| |||||||||
| NtLoadKey | RegLoadKey | Loads a hive file into the Registry. |
| |||||||||
| NtLoadKey2 |
| Introduced in NT 4.0. Allows for options on loading a hive. |
| |||||||||
| NtUnloadKey | RegUnloadKey | Unloads a hive from the Registry. |
| |||||||||
| NtCompactKeys |
| New to WinXP. Makes key storage adjacent. |
| |||||||||
| NtCompressKey |
| New to WinXP. Performs in-place compaction of a hive. |
| |||||||||
| NtLockRegistryKey |
| New to WinXP. Locks a registry key for modification. |
| |||||||||
| NtRenameKey |
| New to WinXP. Renames a Registry key. |
| |||||||||
| NtSaveKeyEx | RegSaveKeyEx | New to WinXP. Saves the contents of a key and its subkeys to a file. |
| |||||||||
| NtUnloadKeyEx |
| New to WinXP. Unloads a hive from the Registry. |
| |||||||||
| NtLoadKeyEx |
| New to Server 2K3. Loads a hive into the Registry. |
| |||||||||
| NtUnloadKey2 |
| New to Serer 2K3. Unloads a hive from the Registry. |
| |||||||||
| NtQueryOpenSubKeysEx |
| New to Server 2003. Returns the keys opened beneath a specified key. |
| |||||||||
|
|
| |||||||||||
| Local Procedure Call |
| |||||||||||
| LPC is NT's core interprocess communications mechanism. If you use RPC between processes on the same computer you are using LPC indirectly. |
| |||||||||||
| NtCreatePort |
| Creates a port object. |
| |||||||||
| NtAcceptConnectPort |
| Accepts a port connection. |
| |||||||||
| NtCompleteConnectPort |
| Completes a connection. |
| |||||||||
| NtConnectPort |
| Connects a port to another port that is accepting connections. |
| |||||||||
| NtImpersonateClientOfPort |
| Thread impersonates the identify of the process on the other end of a port. |
| |||||||||
| NtListenPort |
| Listens on a port for connection requests. |
| |||||||||
| NtQueryInformationPort |
| Obtains information on a port. |
| |||||||||
| NtReadRequestData |
| Reads data associated with a port message. |
| |||||||||
| NtReplyPort |
| Sends a reply message. |
| |||||||||
| NtReplyWaitReceivePort |
| Sends a reply message and then waits for an incoming request message. |
| |||||||||
| NtReplyWaitReplyPort |
| Sends a reply message and then waits for an incoming reply message. |
| |||||||||
| NtRequestPort |
| Sends a request message. |
| |||||||||
| NtRequestWaitReplyPort |
| Sends a request message and waits for an incoming reply message. |
| |||||||||
| NtWriteRequestData |
| Fills in data for a request message |
| |||||||||
| NtSecureConnectPort |
| New to Win2K. Creates a secure connection port. |
| |||||||||
| NtQueryPortInformationProcess |
| New to WinXP. Used to determine if a process has an associated exception or debug port. |
| |||||||||
|
|
| |||||||||||
| Security |
| |||||||||||
| The Native security APIs are mapped almost directly by Win32 security APIs. |
| |||||||||||
| NtAccessCheck | AccessCheck | Checks to see whether current thread has access to an object based on its security descriptor. |
| |||||||||
| NtAccessCheckAndAuditAlarm | AccessCheckAuditAlarm | Generates an audit message related to access checking. |
| |||||||||
| NtAdjustGroupsToken | AdjustTokenGroups | Adds or removes groups associated with a token. |
| |||||||||
| NtAdjustPrivilegesToken | AdjustTokenPrivileges | Enables or disables privileges associated with a token. |
| |||||||||
| NtCloseObjectAuditAlarm | ObjectCloseAuditAlarm | Generates an audit message indicating that an object was closed. |
| |||||||||
| NtCreateToken | CreateToken | Creates a token object. |
| |||||||||
| NtDeleteObjectAuditAlarm | ObjectDeleteAuditAlarm | Generated an audit event indicating that an object was deleted. |
| |||||||||
| NtDuplicateToken | DuplicateToken, DuplicateTokenEx | Duplicates a token object. |
| |||||||||
| NtOpenObjectAuditAlarm | ObjectOpenAuditAlarm | Generated an audit event indicating that an object was opened. |
| |||||||||
| NtImpersonateThread | ImpersonateLoggedOnUser | Allows a thread to impersonate the identity of another user. |
| |||||||||
| NtOpenProcessToken | OpenProcessToken | Obtains a handle to the token of a specified process. |
| |||||||||
| NtOpenThreadToken | OpenThreadToken | Opens a handle to the token of a specified thread. |
| |||||||||
| NtPrivilegeCheck | PrivilegeCheck | Checks to see whether a token has the specified privileges enabled. |
| |||||||||
| NtPrivilegeObjectAuditAlarm | ObjectPrivilegeAuditAlarm | Generates an audit event record associated with a privilege check. |
| |||||||||
| NtPrivilegedServiceAuditAlarm | PrivilegedServiceAuditAlarm | Generates an audit message indicating the attempt to use specified privileges. |
| |||||||||
| NtQueryInformationToken | GetTokenInformation | Obtains information about a token. |
| |||||||||
| NtQuerySecurityObject | GetUserObjectSecurity, GetPrivateObjectSecurity | Retrieves information about an object's security settings. |
| |||||||||
| NtSetInformationToken | SetTokenInformation | Sets a token's attributes. |
| |||||||||
| NtSetSecurityObject | SetUserObjectSecurity, SetrivateSecurityObject | Sets the security information of an object. |
| |||||||||
| NtAccessCheckByType | AccessCheckByType | New object-specific security support in Win2K. |
| |||||||||
| NtAccessCheckByTypeAndAuditAlarm | AccessCheckByTypeAndAuditAlarm | New object-specific security support in Win2K. |
| |||||||||
| NtAccessCheckByTypeResultList | AccessCheckByTypeResultList, AccessCheckByTypeResultListAndAuditAlarm | New object-specific security support in Win2K. |
| |||||||||
| NtFilterToken | CreateRestrictedToken | New object-specific security support in Win2K. |
| |||||||||
| NtCompareToken |
| New object-specific security support in Win2K. |
| |||||||||
| NtOpenProcessTokenEx |
| New to WinXP. Compares two tokens. |
| |||||||||
| NtOpenThreadTokenEx |
| New to WinXP. Opens a process token. |
| |||||||||
|
|
| New to WinXP. Opens a thread token. | ||||||||||
| Processes and Threads |
| |||||||||||
| These functions control processes and threads. Many have direct Win32 equivalents. |
| |||||||||||
| NtAlertResumeThread |
| Resumes a thread. |
| |||||||||
| NtAlertThread |
| Sends an alert to a thread. |
| |||||||||
| NtTestAlert |
| Tests for whether a thread has a pending alert. |
| |||||||||
| NtCreateProcess | CreateProcess | Creates a new process. |
| |||||||||
| NtCreateThread | CreateThread | Creates a new thread. |
| |||||||||
| NtCurrentTeb |
| Returns a pointer to a thread's environment block. |
| |||||||||
| NtDelayExecution | Sleep, SleepEx | Pauses a thread for a specified time. |
| |||||||||
| NtGetContextThread | GetThreadContext | Retrieves the hardware context (registers) of a thread. |
| |||||||||
| NtSetContextThread | SetThreadContext | Sets the hardware context (registers) of a thread. |
| |||||||||
| NtOpenProcess | OpenProcess | Opens a handle to a specified process. |
| |||||||||
| NtOpenThread | OpenThread | Opens a handle to a specified thread. |
| |||||||||
| NtQueryInformationProcess | GetProcessTimes, GetProcessVersion, GetProcessWorkingSetSize, GetProcessPriorityBoost, GetProcessAffinityMask, GetPriorityClass, GetProcessShutdownParameters | Obtains information about a process' attributes. |
| |||||||||
| NtQueryInformationThread | GetThreadTimes, GetThreadPriority, GetThreadPriorityBoost | Obtains information about a thread's attributes. |
| |||||||||
| NtQueueApcThread | QueueUserApc | Introduced in NT 4.0. Queues an Asynchornous Procedure Call to a thread. |
| |||||||||
| NtResumeThread | ResumeThread | Wakes up a suspended thread. |
| |||||||||
| NtSetInformationProcess | SetProcessAffinityMask, SetPriorityClass, SetProcessPriorityBoost, SetProcessShutdownParameters, SetProcessWorkingSetSize | Sets a process' attributes. |
| |||||||||
| NtSetInformationThread | SetThreadAffinityMask, SetThreadIdealProcessor, SetThreadPriority, SetThreadPriorityBoost | Sets a thread's attributes. |
| |||||||||
| NtSetLowWaitHighThread |
| NT 4.0 only (not in Win2K). |
| |||||||||
| NtSetHighWaitLowThread |
| NT 4.0 only (not in Win2K). |
| |||||||||
| NtSuspendThread | SuspendThread | Suspends a thread's execution. |
| |||||||||
| NtTerminateProcess | TerminateProcess | Deletes a process. |
| |||||||||
| NtTerminateThread | TerminateThread | Deletes a thread. |
| |||||||||
| NtYieldExecution | SwitchToThread | Introduced in NT 4.0. Causes thread to give up CPU. |
| |||||||||
| NtCreateProcessEx |
| New to WinXP. Creates a new process. |
| |||||||||
| NtResumeProcess |
| New to WinXP. Resumes a suspended process. |
| |||||||||
| NtSuspendProcess |
| New to WinXP. Suspends a process. |
| |||||||||
| NtApphelpCacheControl |
| New to Server 2003. Controls the application-compatibility shim cache. |
| |||||||||
|
|
| |||||||||||
| Atoms |
| |||||||||||
| Atoms allow for the efficient storage and referencing of character strings. |
| |||||||||||
| NtAddAtom | AddAtom | Introduced in NT 4.0. Adds a character string to an atom table. |
| |||||||||
| NtDeleteAtom | DeleteAtom | Introduced in NT 4.0. Removes an atom from an atom table. |
| |||||||||
| NtFindAtom | FindAtom | Introduced in NT 4.0. Looks up an atom in an atom table. |
| |||||||||
| NtQueryInformationAtom | GetAtomName | Introduced in NT 4.0. Retrieves information about an atom. |
| |||||||||
|
|
| |||||||||||
| Error Handling |
| |||||||||||
| Device drivers and debuggers rely on these error handling routines. |
| |||||||||||
| NtRaiseException | RaiseException | Signals an exception condition to trigger exception handler execution. |
| |||||||||
| NtContinue | try/except | Allows error processing handling to continue to the next handler. |
| |||||||||
| NtRaiseHardError |
| Used to raise an error message box. |
| |||||||||
| NtSetDefaultHardErrorPort | SetErrorMode | Used by programs to disable hard error message boxes cause by their actions. |
| |||||||||
|
|
| |||||||||||
| Execution Environment |
| |||||||||||
| These functions are related to general execution environment. |
| |||||||||||
| NtQueryDefaultLocale | GetLocaleInfo | Retrieves information about the locale. |
| |||||||||
| NtSetDefaultLocale | SetLocaleInfo | Sets locale information. |
| |||||||||
| NtQuerySystemEnvironmentValue | GetEnvironmentVariable | Gets the value of an environment variable. |
| |||||||||
| NtSetSystemEnvironmentValue | SetEnvironmentVariable | Sets the value of an environment variable. |
| |||||||||
| NtQueryDefaultUILanguage |
| New to Win2K. Win2K supports on-the-fly language changes. Queries the current language. |
| |||||||||
| NtSetDefaultUILanguage |
| New to Win2K. Win2K supports on-the-fly language changes. Sets the current language. |
| |||||||||
| NtEnumerateSystemEnvironmentValuesEx |
| New to WinXP. Enumerates the system environment variables. |
| |||||||||
| NtQuerySystemEnvironmentValueEx |
| New to WinXP. Queries the value of an environment variable. |
| |||||||||
|
|
| |||||||||||
| Timers and System Time |
| |||||||||||
| Virtually all these routines have functionality accessible via Win32 APIs. |
| |||||||||||
| NtCancelTimer | CancelWaitableTimer, timeKillEvent | Cancels a timer. |
| |||||||||
| NtCreateTimer | CreateWaitableTimer | Creates a timer. |
| |||||||||
| NtOpenTimer | OpenWaitableTimer | Opens a timer object. |
| |||||||||
| NtQueryTimer |
| Queries a timer's attributes. |
| |||||||||
| NtQueryTimerResolution | timeGetDevCaps | Queries the system's timer resolution. |
| |||||||||
| NtSetTimer | timeSetEvent | Sets a timer for an expiration event. |
| |||||||||
| NtSetTimerResolution | timeBeginPeriod, timeEndPeriod | Sets the system timer resolution. |
| |||||||||
| NtQueryPerformanceCounter | QueryPerformanceCounter, QueryPerformanceFrequency | Queries the system performance counter. |
| |||||||||
| NtQuerySystemTime | GetSystemTime | Gets the current time. |
| |||||||||
| NtSetSystemTime | SetSystemTime | Sets the system time. |
| |||||||||
| NtGetTickCount | GetTickCount | Get the ticks since system boot. |
| |||||||||
|
|
| |||||||||||
| Synchronization |
| |||||||||||
| Most synchronization objects have Win32 APIs, with the notable exception of event pairs. Event pairs are used for high-performance interprocess synchronization by the LPC facility. |
| |||||||||||
| NtCreateEvent | CreateEvent | Creates an event object. |
| |||||||||
| NtOpenEvent | OpenEvent | Opens an event object. |
| |||||||||
| NtClearEvent |
| Clears the signalled state of an event. |
| |||||||||
| NtPulseEvent | PulseEvent | Signals an event and then resets it. |
| |||||||||
| NtQueryEvent |
| Queries the state of an event. |
| |||||||||
| NtResetEvent | ResetEvent | Resets an event to a non-signalled state. |
| |||||||||
| NtSetEvent | SetEvent | Sets an event to the signalled state. |
| |||||||||
| NtCreateEventPair |
| Creates an event pair. |
| |||||||||
| NtOpenEventPair |
| Opens an event pair. |
| |||||||||
| NtSetHighEventPair |
| Sets the high half of an event pair to signalled state. |
| |||||||||
| NtSetHighWaitLowEventPair |
| Sets the high half of an event pair to signalled state and waits for the low half to become signalled. |
| |||||||||
| NtSetLowEventPair |
| Sets the low half of an event pair. |
| |||||||||
| NtSetLowWaitHighEventPair |
| Sets the low half of an event pair and waits for the high-half to become signalled. |
| |||||||||
| NtWaitHighEventPair |
| Waits for the high-half of an event pair to become signalled. |
| |||||||||
| NtWaitLowEventPair |
| Waits for the low-half of an event pair to become signalled. |
| |||||||||
| NtCreateMutant | CreateMutex | Creates a mutant object (known as a mutex in user mode). |
| |||||||||
| NtOpenMutant | OpenMutex | Opens a mutant object (known as a mutex in user mode). |
| |||||||||
| NtQueryMutant |
| Queries the state of a mutant object. |
| |||||||||
| NtReleaseMutant | ReleaseMutex | Signals a mutant |
| |||||||||
| NtReleaseProcessMutant |
| 3.51 only. |
| |||||||||
| NtReleaseThreadMutant |
| 3.51 only. |
| |||||||||
| NtCreateSemaphore | CreateSemaphore | Creates a semaphore object. |
| |||||||||
| NtOpenSemaphore | OpenSemaphore | Opens a semaphore object. |
| |||||||||
| NtQuerySemaphore |
| Queries the state of a semaphore. |
| |||||||||
| NtReleaseSemaphore | ReleaseSemaphore | Signals a semaphore. |
| |||||||||
| NtSignalAndWaitForSingleObject |
| Introduced in NT 4.0. Signals a synchornization object and then waits for it to be signalled again. |
| |||||||||
| NtWaitForMultipleObjects | WaitForMultipleObjects, WaitForMultipleObjectsEx | Waits for multiple objects to become signalled. |
| |||||||||
| NtWaitForSingleObject | WaitForSingleObject, WaitForSingleObjectEx | Waits for a single object to become signalled. |
| |||||||||
| NtCreateKeyedEvent |
| New to WinXP. Creates a keyed event object. |
| |||||||||
| NtOpenKeyedEvent |
| New to WinXP. Opens a named keyed event object. |
| |||||||||
| NtReleaseKeyedEvent |
| New to WinXP. Signals a keyed event object. |
| |||||||||
| NtWaitForKeyedEvent |
| New to WinXP. Waits for a keyed event to become signalled. |
| |||||||||
| NtSetEventBoostPriority |
| New to WinXP. Signals an event and sets the priority of woken threads. |
| |||||||||
|
|
| |||||||||||
| Memory |
| |||||||||||
| Most of NT's virtual memory APIs are accessible via Win32. |
| |||||||||||
| NtAllocateVirtualMemory | VirtualAlloc, VirtualAllocEx | Allocates virtual memory. |
| |||||||||
| NtFreeVirtualMemory | VirtualFree, VirtualFreeEx | Frees virtual memory. |
| |||||||||
| NtQueryVirtualMemory | VirtualQuery, VirtualQueryEx | Queries a range of virtual memory's attributes. |
| |||||||||
| NtProtectVirtualMemory | VirtualProtect, VirtualProtectEx | Sets the protection for a range of virtual memory. |
| |||||||||
| NtLockVirtualMemory | VirtualLock | Locks a range of virtual memory. |
| |||||||||
| NtUnlockVirtualMemory | VirtualUnlock | Unlocks a range of virtual memory. |
| |||||||||
| NtReadVirtualMemory | ReadProcessMemory | Reads a range of virtual memory from a specied process. |
| |||||||||
| NtWriteVirtualMemory | WriteProcessMemory | Writes a range of virtual memory from a specied process. |
| |||||||||
| NtFlushVirtualMemory | FlushViewOfFile | Flushes a memory mapped range of memory to the file on disk. |
| |||||||||
| NtCreateSection | CreateFileMapping | Creates a range of memory backed by a file. |
| |||||||||
| NtOpenSection | OpenFileMapping | Opens a named memory mapping section object. |
| |||||||||
| NtExtendSection |
| Extends an existing range of virtual memory backed by a file. |
| |||||||||
| NtMapViewOfSection | MapViewOfFile | Maps a portion of a file into virtual memory. |
| |||||||||
| NtUnmapViewOfSection | UnmapViewOfFile | Unmaps a portion of virtual memory backed by a file. |
| |||||||||
| NtAllocateVirtualMemory64 | VirtualAllocVlm | New to Win2K. Allocates 64-bit virtual memory. |
| |||||||||
| NtFreeVirtualMemory64 | VirtualFreeVlm | New to Win2K. Frees 64-bit virtual memory. |
| |||||||||
| NtMapViewOfVlmSection | MapViewOfFileVlm | New to Win2K. Maps a file into 64-bit virtual memory. |
| |||||||||
| NtUnmapViewOfVlmSection | UnmapViewOfFileVlm | New to Win2K. Unmaps a view of a file mapped into 64-bit virtual memory. |
| |||||||||
| NtAreMappedFilesTheSame |
| New to Win2K. The loader uses this to efficiently see if a given file has already been mapped into memory. |
| |||||||||
| NtProtectVirtualMemory64 | VirtualProtectVlm | New to Win2K. Sets protection on 64-bit virtual memory. |
| |||||||||
| NtQueryVirtualMemory64 | VirtualQueryVlm | New to Win2K. Queries the attributes of 64-bit virtual memory. |
| |||||||||
| NtReadVirtualMemory64 | ReadProcessMemoryVlm | New to Win2K. Reads data from 64-bit memory of the specified process. |
| |||||||||
| NtWriteVirtualMemory64 | WriteProcessMemoryVlm | New to Win2K. Writes data to 64-bit memory of the specified process. |
| |||||||||
|
|
| |||||||||||
| File and General I/O |
| |||||||||||
| File I/O is the best documented of the native APIs since many device drivers must make use of it. |
| |||||||||||
| NtCancelIoFile | CancelIo | Cancels an I/O request. |
| |||||||||
| NtCreateFile | CreateFile, CreateDirectory, CreateDirectoryEx | Create or opens a file, directory or device object. |
| |||||||||
| NtCreateIoCompletion | CreateIoCompletionPort | Tells the I/O manager that a thread wishes to be notified when an I/O completes. |
| |||||||||
| NtOpenIoCompletion |
| Opens a named I/O completion object. |
| |||||||||
| NtSetIoCompletion |
| Sets an I/O completion object's attributes. |
| |||||||||
| NtQueryIoCompletion |
| Retrieves specific information about an I/O completion object. |
| |||||||||
| NtRemoveIoCompletion |
| Removes an I/O completion callback. |
| |||||||||
| NtDeleteFile | DeleteFile | Deletes a file object. |
| |||||||||
| NtDeviceIoControlFile | DeviceIoControl | Sends an IOCTL to a device's device driver, which represented by an open file object. |
| |||||||||
| NtFlushBuffersFile | FlushFileBuffers | Flushes in-memory file data to disk. |
| |||||||||
| NtFsControlFile | DeviceIoControl | Sends an I/O control (IOCTL) to a driver represented by an open device object. These are typically used for file system-related special commands. |
| |||||||||
| NtLockFile | LockFile, LockFileEx | Locks a range of a file for synchronized access. |
| |||||||||
| NtUnlockFile | UnlockFile | Unlocks a range of a file for synchronized access. |
| |||||||||
| NtNotifyChangeDirectoryFile | FindFirstChangeNotification, FindNextChangeNotification | Registers that a thread wishes to be notified when a directory's contents change. |
| |||||||||
| NtOpenFile | OpenFile | Opens an existing file. |
| |||||||||
| NtQueryAttributesFile | GetFileAttributesEx | Gets a file's attributes. |
| |||||||||
| NtQueryDirectoryFile | FindFirstFile, FindFirstFileEx, FindNextFile | Retrieves a directory's contents. |
| |||||||||
| NtQueryEaFile |
| Retrieves a file's extended attributes. |
| |||||||||
| NtSetEaFile |
| Sets the extended attributes of a file. |
| |||||||||
| NtQueryFullAttributesFile |
| Introduced in NT 4.0. Gets a file's full attributes. |
| |||||||||
| NtQueryInformationFile | GetShortPathName, GetLongPathName, GetFullPathName, GetFileType, GetFileSize, GetFileTime | Retrieves specific information regarding a file. |
| |||||||||
| NtSetInformationFile | SetEndOfFile, SetFileAttributes, SetNamedPipeHandleState, SetMailslotInfo | Sets specific information regarding a file. |
| |||||||||
| NtQueryVolumeInformationFile | GetDiskFreeSpace, GetDriveType | Retrieves specific information regarding a disk volume. |
| |||||||||
| NtSetVolumeInformationFile | SetVolumeLabel | Sets information about a volume. |
| |||||||||
| NtReadFile | ReadFile, ReadFileEx | Reads data from a file. |
| |||||||||
| NtWriteFile | WriteFile, WriteFileEx | Writes data to a file. |
| |||||||||
| NtReadFileScatter | ReadFileScatter | Introduced in NT 4.0 SP2 for SQL Server. Reads data from a file into virtually discontiguous buffers. |
| |||||||||
| NtWriteFileGather | WriteFileGather | Introduced in NT 4.0 SP2 for SQL Server. Writes data to a file from virtually discontiguous buffers. |
| |||||||||
| NtQueryQuotaInformationFile | IDiskQuotaControl:: | New to Win2K. Win2K supports NTFS disk quotas. Queries disk quota information. |
| |||||||||
| NtSetQuotaInformationFile | IDiskQuotaControl:: | New to Win2K. Win2K supports NTFS disk quotas. Sets disk quota information. |
| |||||||||
| NtReadFile64 | ReadFileVlm | New to Win2K. Reads data from a file into 64-bit virtual memory. |
| |||||||||
| NtWriteFile64 | WriteFileVlm | New to Win2K. Writes data to a file from 64-bit virtual memory. |
| |||||||||
|
|
| |||||||||||
| Miscellaneous |
| |||||||||||
| These functions don't fall neatly into other categories. |
| |||||||||||
| NtAllocateLocallyUniqueId | AllocateLocallyUniqueId | Allocates an ID that is unique to the system with respect to other IDs allocate by this function. The security subsystem makes extensive use of this. |
| |||||||||
| NtAllocateUuids |
| Allocates UUIDs. |
| |||||||||
| NtDisplayString |
| Displays a string on the Blue Screen. This is used both during system boot and for writing on the Blue Screen of Death. |
| |||||||||
| NtQuerySystemInformation |
| While this function isn't directly documented, the Performance Counters in the Registry export much of the information obtainable via this call. |
| |||||||||
| NtSetSystemInformation |
| Various administrative applets use this function. For instance, quantum boosting is set with this API. |
| |||||||||
| NtShutdownSystem | ExitWindows | Shuts down NT with options for rebooting. |
| |||||||||
| NtVdmControl |
| Sends commands to a Virtual DOS Machine. |
| |||||||||
| NtCallbackReturn |
| For returning from Win32 into a caller. |
| |||||||||
| NtW32Call |
| For calling into Win32 user mode. |
| |||||||||
| NtQueryOleDirectoryFile |
| NT 4.0 only. |
| |||||||||
| NtLockProductActivationKeys |
| New to WinXP. Locks the product activation keys for writing. |
| |||||||||
|
|
| |||||||||||
| Jobs |
| |||||||||||
| These functions implement Job objects, which are new to Win2K. They are essentially a group of associated processes that can be controlled as a single unit and that share job-execution time restrictions. |
| |||||||||||
| NtCreateJobObject | CreateJobObject | New to Win2K. Creates a job object. |
| |||||||||
| NtOpenJobObject | OpenJobObject | New to Win2K. Opens a named Job Object. |
| |||||||||
| NtQueryInformationJobObject | QueryInformationJobObject | New to Win2K. Retrieves information about a Job Object. |
| |||||||||
| NtAssignProcessToJobObject | AssignProcessToJobObject | New to Win2K. Assigns a process to a Job Object. |
| |||||||||
| NtSetInformationJobObject | SetInformationJobObject | New to Win2K. Sets a Job Object's attributes (e.g. priority). |
| |||||||||
| NtTerminateJobObject | TerminateJobObject | New to Win2K. Terminates a Job Object, which terminates all of its associated processes. |
| |||||||||
| NtCreateJobSet |
| New to WinXP. Creates a job set from multiple job objects. |
| |||||||||
|
|
| |||||||||||
| IA64 Boot.ini |
| |||||||||||
| These functions are for managing the IA64 version of Boot.ini, which is stored in non-volatile RAM. On non-IA64 systems these return STATUS_NOT_IMPLEMENTED. |
| |||||||||||
| NtAddBootEntry |
| New to WinXP. Adds an entry to the boot menu. |
| |||||||||
| NtDeleteBootEntry |
| New to WinXP. Deletes an entry from the boot menu. |
| |||||||||
| NtEnumerateBootEntries |
| New to WinXP. Enumerates the boot menu entries. |
| |||||||||
| NtModifyBootEntry |
| New to WinXP. Modifies an existing boot menu entry. |
| |||||||||
| NtQueryBootEntryOrder |
| New to WinXP. Queries the order of boot menu entries. |
| |||||||||
| NtQueryBootOptions |
| New to WinXP. Queries the options associated with a boot menu entry. |
| |||||||||
| NtSetBootEntryOrder |
| New to WinXP. Sets the order of boot menu entries. |
| |||||||||
| NtSetBootOptions |
| New to WinXP. Sets the options associated with a boot menu entry. |
| |||||||||
|
|
| |||||||||||
| EFI Drivers |
| |||||||||||
| These functions are for managing IA64 Extensible Firmware Interface device drivers. On non-IA64 systems these return STATUS_NOT_IMPLEMTNED. |
| |||||||||||
| NtAddDriverEntry |
| New to Server 2003. Adds a driver. |
| |||||||||
| NtDeleteDriverEntry |
| New to Server 2003. Deletes a driver entry. |
| |||||||||
| NtEnumerateDriverEntries |
| New to Server 2003. Enumerates driver entries. |
| |||||||||
| NtModifyDriverEntry |
| New to Server 2003. Modifies an existing driver entry. |
| |||||||||
| NtQueryDriverEntryOrder |
| New to Server 2003. Queries the order of driver entries. |
| |||||||||
| NtSetDriverEntryOrder |
| New to Server 2003. Sets the order of driver entries. |
| |||||||||
|
|
| |||||||||||
扫一扫
593
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
