File Maps
|
Special Files | |||
|
These APIs are used to create files that have custom characteristics. | |||
|
NtCreateMailslotFile |
CreateMailSlot |
Creates a mailslot end-point. |
|
|
NtCreateNamedPipeFile |
CreateNamedPipe |
Creates a named-pipe end-point. |
|
|
NtCreatePagingFile |
|
The System applet uses this API to create paging files. Parameters specify the name, as well as minimum and maximum size. |
|
|
| |||
|
Drivers | |||
|
These functions are used by NT to load and unload device driver images from system memory. | |||
|
NtLoadDriver |
CreateFile with Service Control Manager |
Loads a device driver based on information provided under HKLM\System\CurrentControlSet\Services\driver name |
|
|
NtUnloadDriver |
Service Control Manager supported |
Unloads the specified driver from memory, presuming the driver supports an unload interface. |
|
|
NtRegisterNewDevice |
|
NT 3.51 only. |
|
|
| |||
|
Processor and Bus | |||
|
Processor registers and components can be controlled via these functions. | |||
|
NtFlushInstructionCache |
|
The NT kernel debugger uses this API, which flushes the processor instruction cache using the HAL. |
|
|
NtFlushWriteBuffer |
|
The processor's memory write buffer is flushed by this function, which uses the HAL. |
|
|
NtSetLdtEntries |
|
X86 Local Descriptor Table entries are initialized using this function. |
|
|
NtEnumerateBus |
|
NT 3.51 only. |
|
|
NtGetCurrentProcessorNumber |
|
New to Server 2K3. Gets the number of the processor on which a thread is executing. |
|
|
| |||
|
Debugging and Profiling | |||
|
The profiling APIs provide a mechanism for sample-based profiling of kernel-mode execution. The Kernprof tool in the DDK makes use of them, and a recent Windows Developer's Journal presented a source code to a Kernprof clone. The debug control function is used by WinDbg for obtaining internal kernel information and controlling thread and process execution. | |||
|
NtCreateProfile |
|
Creates a profile object. |
|
|
NtQueryIntervalProfile |
|
Returns profiled data. |
|
|
NtSetIntervalProfile |
|
Specified sampling interval. |
|
|
NtStartProfile |
|
Starts sampling. |
|
|
NtStopProfile |
|
Stops sampling. |
|
|
NtSystemDebugControl |
|
Implements a range of debugger support commands. |
|
|
NtRegisterThreadTerminatePort |
|
A debugger registers for thread termination notification with this API. |
|
|
NtCreateDebugObject |
|
New to WinXP. Creates a debug object. |
|
|
NtDebugActiveProcess |
DebugActiveProcess |
New to WinXP. Enables a debugger to attach to an active process and debug it. |
|
|
NtDebugContinue |
Continue DebugEvent |
New to WinXP. Allows a process to contiue a thread that has generated a debug event. |
|
|
NtQueryDebugFilterState |
|
New to WinXP. Queries the debug filter state level for a specific component. |
|
|
NtRemoveProcessDebug |
DebugActiveProcessStop |
New to WinXP. Stops debugging the specified process. |
|
|
NtSetDebugFilterState |
|
New to WinXP. Sets the debug output filter level for the specified component. |
|
|
NtSetInformationDebugObject |
|
New to WinXP. Sets the attributes of a debug object. |
|
|
NtWaitForDebugEvent |
WaitForDebugEvent |
New to WinXP. Waits for a debugging event on a process being debugged. |
|
|
| |||
|
Channels | |||
|
These functions were introduced in NT 4.0 and are present in Win2K Beta 1. However, they are all stubs that return STATUS_NOT_IMPLEMENTED. Their names imply that they were intended to provide access to a communications mechanism. Why are they in the released versions of NT if they are not implemented? | |||
|
NtCreateChannel |
|
Not implemented. |
|
|
NtOpenChannel |
|
Not implemented. |
|
|
NtListenChannel |
|
Not implemented. |
|
|
NtSetContextChannel |
|
Not implemented. |
|
|
NtReplyWaitSendChannel |
|
Not implemented. |
|
|
NtSendWaitReplyChannel |
|
Not implemented. |
|
|
| |||
|
Power | |||
|
There's only one Native API for power management in NT 4.0. Interestingly, this API was introduced in NT 4.0, but was a stub that returned STATUS_NOT_IMPLEMENTED. Win2K fleshes out the API and adds more commands. | |||
|
NtSetSystemPowerState |
|
Not implemented in NT 4.0. |
|
|
NtInitiatePowerAction |
|
New to Win2K. Initiate a power event (e.g. suspend) |
|
|
NtPowerInformation |
GetSystemPowerStatus |
New to Win2K. Get the system's power state. |
|
|
NtSetThreadExecutionState |
SetThreadExecutionState |
New to Win2K. Sets a thread's system power state requirement. |
|
|
NtRequestWakeupLatency |
|
New to Win2K. Sets a process' wakeup latency. |
|
|
| |||
|
Plug-and-Play | |||
|
Like the Power API, some of these were introduced in NT 4.0 as unimplemented functions. Win2K fleshes them out and adds more. | |||
|
NtGetPlugPlayEvent |
|
Present, but not implemented in NT 4.0. Sets plug and play events. |
|
|
NtPlugPlayControl |
|
Present, but not implemented in NT 4.0. Sends commands to the plug-and-play subsystem. |
|
|
| |||
|
Objects | |||
|
Object manager namespace objects are created and manipualted with these routines. A couple of these, like NtClose, are general in that they are used with any object type. | |||
|
NtClose |
CloseHandle |
Closes a handle to any object type. |
DDK |
|
NtDuplicateObject |
DuplicateHandle |
Duplicates a handle to an object. |
|
|
NtCreateDirectoryObject |
|
Creates a directory in the object manager namespace. |
DDK |
|
NtCreateSymbolicLinkObject |
|
Creates a symbolic link in the object manager namespace. The Win32 DefineDosDevice command lets you create links, but only in the \?? subdirectory. |
DDK |
|
NtMakeTemporaryObject |
|
Causes a permanent object to be deleted during NT shutdown so that it isn't present at the next boot. |
DDK |
|
NtOpenDirectoryObject |
|
Opens an object manager namespace directory. |
|
|
NtQueryDirectoryObject |
|
Used to enumerate the objects located in an directory object. |
|
|
NtOpenSymbolicLinkObject |
|
Opens a symbolic link object. |
|
|
NtQuerySymbolicLinkObject |
|
Returns the name of the object that the symbolic link points at. |
|
|
NtQueryObject |
|
Queries an an object's attributes, such as its name. |
|
|
NtSetInformationObject |
|
Sets an object's attributes. |
|
|
NtMakePermanentObject |
|
New to WinXP. Sets the permanent flag on an object. |
|
|
NtTranslateFilePath |
|
New to WinXP. Translates a file path from one format (e.g. NT, ARC, EFI) to another. |
|
|
| |||
|
Registry | |||
|
Win32 Registry functions basically map directly to these APIs, and many of them are documented in the DDK. | |||
|
NtCreateKey |
RegCreateKey |
Creates or opens a Registry key. |
DDK |
|
NtOpenKey |
RegOpenKey |
Opens an existing Registry key. |
DDK |
|
NtDeleteKey |
RegDeleteKey |
Deletes a Registry key. |
DDK |
|
NtDeleteValueKey |
RegDeleteValue |
Deletes a value. |
DDK |
|
NtEnumerateKey |
RegEnumKey, RegEnumKeyEx |
Enumerates the subkeys of a key. |
DDK |
|
NtEnumerateValueKey |
RegEnumValue |
Enumerates the values within a key. |
DDK |
|
NtFlushKey |
RegFlushKey |
Flushes changes back to the Registry on disk. |
DDK |
|
NtInitializeRegistry |
|
Gets the Registry rolling. The single parameter to this specifies whether its a setup boot or a normal boot. |
|
|
NtNotifyChangeKey |
RegNotifyChangeKeyValue |
Allows a program to be notified of changes to a particular key or its subkeys. |
|
|
NtQueryKey |
RegQueryKey |
Queries information about a key. |
DDK |
|
NtQueryMultiplValueKey |
RegQueryMultipleValues |
Retrieves information about multiple specified values. This API was introduced in NT 4.0. |
|
|
NtQueryValueKey |
RegQueryValue, RegQueryValueEx |
Retrieves information about a specified value. |
DDK |
|
NtReplaceKey |
RegReplaceKey |
Changes the backing file for a key and its subkeys. Used for backup/restore. |
|
|
NtSaveKey |
RegSaveKey |
Saves the contents of a key and subkey to a file. |
|
|
NtRestoreKey |
RegRestoreKey |
Loads the contents of a key from a specified file. |
|
|
NtSetInformationKey |
|
Sets attributes of a key. |
|
|
NtSetValueKey |
RegSetValue, RegSetValueEx |
Sets the data associated with a value. |
DDK |
|
NtLoadKey |
RegLoadKey |
Loads a hive file into the Registry. |
|
|
NtLoadKey2 |
|
Introduced in NT 4.0. Allows for options on loading a hive. |
|
|
NtUnloadKey |
RegUnloadKey |
Unloads a hive from the Registry. |
|
|
NtCompactKeys |
|
New to WinXP. Makes key storage adjacent. |
|
|
NtCompressKey |
|
New to WinXP. Performs in-place compaction of a hive. |
|
|
NtLockRegistryKey |
|
New to WinXP. Locks a registry key for modification. |
|
|
NtRenameKey |
|
New to WinXP. Renames a Registry key. |
|
|
NtSaveKeyEx |
RegSaveKeyEx |
New to WinXP. Saves the contents of a key and its subkeys to a file. |
|
|
NtUnloadKeyEx |
|
New to WinXP. Unloads a hive from the Registry. |
|
|
NtLoadKeyEx |
|
New to Server 2K3. Loads a hive into the Registry. |
|
|
NtUnloadKey2 |
|
New to Serer 2K3. Unloads a hive from the Registry. |
|
|
NtQueryOpenSubKeysEx |
|
New to Server 2003. Returns the keys opened beneath a specified key. |
|
|
| |||
|
Local Procedure Call | |||
|
LPC is NT's core interprocess communications mechanism. If you use RPC between processes on the same computer you are using LPC indirectly. | |||
|
NtCreatePort |
|
Creates a port object. |
|
|
NtAcceptConnectPort |
|
Accepts a port connection. |
|
|
NtCompleteConnectPort |
|
Completes a connection. |
|
|
NtConnectPort |
|
Connects a port to another port that is accepting connections. |
|
|
NtImpersonateClientOfPort |
|
Thread impersonates the identify of the process on the other end of a port. |
|
|
NtListenPort |
|
Listens on a port for connection requests. |
|
|
NtQueryInformationPort |
|
Obtains information on a port. |
|
|
NtReadRequestData |
|
Reads data associated with a port message. |
|
|
NtReplyPort |
|
Sends a reply message. |
|
|
NtReplyWaitReceivePort |
|
Sends a reply message and then waits for an incoming request message. |
|
|
NtReplyWaitReplyPort |
|
Sends a reply message and then waits for an incoming reply message. |
|
|
NtRequestPort |
|
Sends a request message. |
|
|
NtRequestWaitReplyPort |
|
Sends a request message and waits for an incoming reply message. |
|
|
NtWriteRequestData |
|
Fills in data for a request message |
|
|
NtSecureConnectPort |
|
New to Win2K. Creates a secure connection port. |
|
|
NtQueryPortInformationProcess |
|
New to WinXP. Used to determine if a process has an associated exception or debug port. |
|
|
| |||
|
Security | |||
|
The Native security APIs are mapped almost directly by Win32 security APIs. | |||
|
NtAccessCheck |
AccessCheck |
Checks to see whether current thread has access to an object based on its security descriptor. |
|
|
NtAccessCheckAndAuditAlarm |
AccessCheckAuditAlarm |
Generates an audit message related to access checking. |
|
|
NtAdjustGroupsToken |
AdjustTokenGroups |
Adds or removes groups associated with a token. |
|
|
NtAdjustPrivilegesToken |
AdjustTokenPrivileges |
Enables or disables privileges associated with a token. |
|
|
NtCloseObjectAuditAlarm |
ObjectCloseAuditAlarm |
Generates an audit message indicating that an object was closed. |
|
|
NtCreateToken |
CreateToken |
Creates a token object. |
|
|
NtDeleteObjectAuditAlarm |
ObjectDeleteAuditAlarm |
Generated an audit event indicating that an object was deleted. |
|
|
NtDuplicateToken |
DuplicateToken, DuplicateTokenEx |
Duplicates a token object. |
|
|
NtImpersonateThread |
ImpersonateLoggedOnUser |
Allows a thread to impersonate the identity of another user. |
|
|
NtOpenObjectAuditAlarm |
ObjectOpenAuditAlarm |
Generated an audit event indicating that an object was opened. |
|
|
NtOpenProcessToken |
OpenProcessToken |
Obtains a handle to the token of a specified process. |
|
|
NtOpenThreadToken |
OpenThreadToken |
Opens a handle to the token of a specified thread. |
|
|
NtPrivilegeCheck |
PrivilegeCheck |
Checks to see whether a token has the specified privileges enabled. |
|
|
NtPrivilegeObjectAuditAlarm |
ObjectPrivilegeAuditAlarm |
Generates an audit event record associated with a privilege check. |
|
|
NtPrivilegedServiceAuditAlarm |
PrivilegedServiceAuditAlarm |
Generates an audit message indicating the attempt to use specified privileges. |
|
|
NtQueryInformationToken |
GetTokenInformation |
Obtains information about a token. |
|
|
NtQuerySecurityObject |
GetUserObjectSecurity, GetPrivateObjectSecurity |
Retrieves information about an object's security settings. |
|
|
NtSetInformationToken |
SetTokenInformation |
Sets a token's attributes. |
|
|
NtSetSecurityObject |
SetUserObjectSecurity, SetrivateSecurityObject |
Sets the security information of an object. |
|
|
NtAccessCheckByType |
AccessCheckByType |
New object-specific security support in Win2K. |
|
|
NtAccessCheckByTypeAndAuditAlarm |
AccessCheckByTypeAndAuditAlarm |
New object-specific security support in Win2K. |
|
|
NtAccessCheckByTypeResultList |
AccessCheckByTypeResultList, AccessCheckByTypeResultListAndAuditAlarm |
New object-specific security support in Win2K. |
|
|
NtFilterToken |
CreateRestrictedToken |
New object-specific security support in Win2K. |
|
|
NtCompareToken |
|
New to WinXP. Compares two tokens. |
|
|
NtOpenProcessTokenEx |
|
New to WinXP. Opens a process token. |
|
|
NtOpenThreadTokenEx |
|
New to WinXP. Opens a thread token. |
|
|
| |||
|
Processes and Threads | |||
|
These functions control processes and threads. Many have direct Win32 equivalents. | |||
|
NtAlertResumeThread |
|
Resumes a thread. |
|
|
NtAlertThread |
|
Sends an alert to a thread. |
|
|
NtTestAlert |
|
Tests for whether a thread has a pending alert. |
|
|
NtCreateProcess |
CreateProcess |
Creates a new process. |
|
|
NtCreateThread |
CreateThread |
Creates a new thread. |
|
|
NtCurrentTeb |
|
Returns a pointer to a thread's environment block. |
|
|
NtDelayExecution |
Sleep, SleepEx |
Pauses a thread for a specified time. |
|
|
NtGetContextThread |
GetThreadContext |
Retrieves the hardware context (registers) of a thread. |
|
|
NtSetContextThread |
SetThreadContext |
Sets the hardware context (registers) of a thread. |
|
|
NtOpenProcess |
OpenProcess |
Opens a handle to a specified process. |
DDK |
|
NtOpenThread |
OpenThread |
Opens a handle to a specified thread. |
|
|
NtQueryInformationProcess |
GetProcessTimes, GetProcessVersion, GetProcessWorkingSetSize, GetProcessPriorityBoost, GetProcessAffinityMask, GetPriorityClass, GetProcessShutdownParameters |
Obtains information about a process' attributes. |
DDK |
|
NtQueryInformationThread |
GetThreadTimes, GetThreadPriority, GetThreadPriorityBoost |
Obtains information about a thread's attributes. |
DDK |
|
NtQueueApcThread |
QueueUserApc |
Introduced in NT 4.0. Queues an Asynchornous Procedure Call to a thread. |
|
|
NtResumeThread |
ResumeThread |
Wakes up a suspended thread. |
|
|
NtSetInformationProcess |
SetProcessAffinityMask, SetPriorityClass, SetProcessPriorityBoost, SetProcessShutdownParameters, SetProcessWorkingSetSize |
Sets a process' attributes. |
DDK |
|
NtSetInformationThread |
SetThreadAffinityMask, SetThreadIdealProcessor, SetThreadPriority, SetThreadPriorityBoost |
Sets a thread's attributes. |
DDK |
|
NtSetLowWaitHighThread |
|
NT 4.0 only (not in Win2K). |
|
|
NtSetHighWaitLowThread |
|
NT 4.0 only (not in Win2K). |
|
|
NtSuspendThread |
SuspendThread |
Suspends a thread's execution. |
|
|
NtTerminateProcess |
TerminateProcess |
Deletes a process. |
|
|
NtTerminateThread |
TerminateThread |
Deletes a thread. |
|
|
NtYieldExecution |
SwitchToThread |
Introduced in NT 4.0. Causes thread to give up CPU. |
|
|
NtCreateProcessEx |
|
New to WinXP. Creates a new process. |
|
|
NtResumeProcess |
|
New to WinXP. Resumes a suspended process. |
|
|
NtSuspendProcess |
|
New to WinXP. Suspends a process. |
|
|
NtApphelpCacheControl |
|
New to Server 2003. Controls the application-compatibility shim cache. |
|
|
| |||
|
Atoms | |||
|
Atoms allow for the efficient storage and referencing of character strings. | |||
|
NtAddAtom |
AddAtom |
Introduced in NT 4.0. Adds a character string to an atom table. |
|
|
NtDeleteAtom |
DeleteAtom |
Introduced in NT 4.0. Removes an atom from an atom table. |
|
|
NtFindAtom |
FindAtom |
Introduced in NT 4.0. Looks up an atom in an atom table. |
|
|
NtQueryInformationAtom |
GetAtomName |
Introduced in NT 4.0. Retrieves information about an atom. |
|
|
| |||
|
Error Handling | |||
|
Device drivers and debuggers rely on these error handling routines. | |||
|
NtRaiseException |
RaiseException |
Signals an exception condition to trigger exception handler execution. |
|
|
NtContinue |
try/except |
Allows error processing handling to continue to the next handler. |
|
|
NtRaiseHardError |
|
Used to raise an error message box. |
|
|
NtSetDefaultHardErrorPort |
SetErrorMode |
Used by programs to disable hard error message boxes cause by their actions. |
|
|
| |||
|
Execution Environment | |||
|
These functions are related to general execution environment. | |||
|
NtQueryDefaultLocale |
GetLocaleInfo |
Retrieves information about the locale. |
|
|
NtSetDefaultLocale |
SetLocaleInfo |
Sets locale information. |
|
|
NtQuerySystemEnvironmentValue |
GetEnvironmentVariable |
Gets the value of an environment variable. |
|
|
NtSetSystemEnvironmentValue |
SetEnvironmentVariable |
Sets the value of an environment variable. |
|
|
NtQueryDefaultUILanguage |
|
New to Win2K. Win2K supports on-the-fly language changes. Queries the current language. |
|
|
NtSetDefaultUILanguage |
|
New to Win2K. Win2K supports on-the-fly language changes. Sets the current language. |
|
|
NtEnumerateSystemEnvironmentValuesEx |
|
New to WinXP. Enumerates the system environment variables. |
|
|
NtQuerySystemEnvironmentValueEx |
|
New to WinXP. Queries the value of an environment variable. |
|
|
| |||
|
Timers and System Time | |||
|
Virtually all these routines have functionality accessible via Win32 APIs. | |||
|
NtCancelTimer |
CancelWaitableTimer, timeKillEvent |
Cancels a timer. |
|
|
NtCreateTimer |
CreateWaitableTimer |
Creates a timer. |
|
|
NtOpenTimer |
OpenWaitableTimer |
Opens a timer object. |
|
|
NtQueryTimer |
|
Queries a timer's attributes. |
|
|
NtQueryTimerResolution |
timeGetDevCaps |
Queries the system's timer resolution. |
|
|
NtSetTimer |
timeSetEvent |
Sets a timer for an expiration event. |
|
|
NtSetTimerResolution |
timeBeginPeriod, timeEndPeriod |
Sets the system timer resolution. |
|
|
NtQueryPerformanceCounter |
QueryPerformanceCounter, QueryPerformanceFrequency |
Queries the system performance counter. |
|
|
NtQuerySystemTime |
GetSystemTime |
Gets the current time. |
|
|
NtSetSystemTime |
SetSystemTime |
Sets the system time. |
|
|
NtGetTickCount |
GetTickCount |
Get the ticks since system boot. |
|
|
| |||
|
Synchronization | |||
|
Most synchronization objects have Win32 APIs, with the notable exception of event pairs. Event pairs are used for high-performance interprocess synchronization by the LPC facility. | |||
|
NtCreateEvent |
CreateEvent |
Creates an event object. |
|
|
NtOpenEvent |
OpenEvent |
Opens an event object. |
|
|
NtClearEvent |
|
Clears the signalled state of an event. |
|
|
NtPulseEvent |
PulseEvent |
Signals an event and then resets it. |
|
|
NtQueryEvent |
|
Queries the state of an event. |
|
|
NtResetEvent |
ResetEvent |
Resets an event to a non-signalled state. |
|
|
NtSetEvent |
SetEvent |
Sets an event to the signalled state. |
|
|
NtCreateEventPair |
|
Creates an event pair. |
|
|
NtOpenEventPair |
|
Opens an event pair. |
|
|
NtSetHighEventPair |
|
Sets the high half of an event pair to signalled state. |
|
|
NtSetHighWaitLowEventPair |
|
Sets the high half of an event pair to signalled state and waits for the low half to become signalled. |
|
|
NtSetLowEventPair |
|
Sets the low half of an event pair. |
|
|
NtSetLowWaitHighEventPair |
|
Sets the low half of an event pair and waits for the high-half to become signalled. |
|
|
NtWaitHighEventPair |
|
Waits for the high-half of an event pair to become signalled. |
|
|
NtWaitLowEventPair |
|
Waits for the low-half of an event pair to become signalled. |
|
|
NtCreateMutant |
CreateMutex |
Creates a mutant object (known as a mutex in user mode). |
|
|
NtOpenMutant |
OpenMutex |
Opens a mutant object (known as a mutex in user mode). |
|
|
NtQueryMutant |
|
Queries the state of a mutant object. |
|
|
NtReleaseMutant |
ReleaseMutex |
Signals a mutant |
|
|
NtReleaseProcessMutant |
|
3.51 only. |
|
|
NtReleaseThreadMutant |
|
3.51 only. |
|
|
NtCreateSemaphore |
CreateSemaphore |
Creates a semaphore object. |
|
|
NtOpenSemaphore |
OpenSemaphore |
Opens a semaphore object. |
|
|
NtQuerySemaphore |
|
Queries the state of a semaphore. |
|
|
NtReleaseSemaphore |
ReleaseSemaphore |
Signals a semaphore. |
|
|
NtSignalAndWaitForSingleObject |
|
Introduced in NT 4.0. Signals a synchornization object and then waits for it to be signalled again. |
|
|
NtWaitForMultipleObjects |
WaitForMultipleObjects, WaitForMultipleObjectsEx |
Waits for multiple objects to become signalled. |
|
|
NtWaitForSingleObject |
WaitForSingleObject, WaitForSingleObjectEx |
Waits for a single object to become signalled. |
|
|
NtCreateKeyedEvent |
|
New to WinXP. Creates a keyed event object. |
|
|
NtOpenKeyedEvent |
|
New to WinXP. Opens a named keyed event object. |
|
|
NtReleaseKeyedEvent |
|
New to WinXP. Signals a keyed event object. |
|
|
NtWaitForKeyedEvent |
|
New to WinXP. Waits for a keyed event to become signalled. |
|
|
NtSetEventBoostPriority |
|
New to WinXP. Signals an event and sets the priority of woken threads. |
|
|
| |||
|
Memory | |||
|
Most of NT's virtual memory APIs are accessible via Win32. | |||
|
NtAllocateVirtualMemory |
VirtualAlloc, VirtualAllocEx |
Allocates virtual memory. |
|
|
NtFreeVirtualMemory |
VirtualFree, VirtualFreeEx |
Frees virtual memory. |
|
|
NtQueryVirtualMemory |
VirtualQuery, VirtualQueryEx |
Queries a range of virtual memory's attributes. |
|
|
NtProtectVirtualMemory |
VirtualProtect, VirtualProtectEx |
Sets the protection for a range of virtual memory. |
|
|
NtLockVirtualMemory |
VirtualLock |
Locks a range of virtual memory. |
|
|
NtUnlockVirtualMemory |
VirtualUnlock |
Unlocks a range of virtual memory. |
|
|
NtReadVirtualMemory |
ReadProcessMemory |
Reads a range of virtual memory from a specied process. |
|
|
NtWriteVirtualMemory |
WriteProcessMemory |
Writes a range of virtual memory from a specied process. |
|
|
NtFlushVirtualMemory |
FlushViewOfFile |
Flushes a memory mapped range of memory to the file on disk. |
|
|
NtCreateSection |
CreateFileMapping |
Creates a range of memory backed by a file. |
|
|
NtOpenSection |
OpenFileMapping |
Opens a named memory mapping section object. |
DDK |
|
NtExtendSection |
|
Extends an existing range of virtual memory backed by a file. |
|
|
NtMapViewOfSection |
MapViewOfFile |
Maps a portion of a file into virtual memory. |
DDK |
|
NtUnmapViewOfSection |
UnmapViewOfFile |
Unmaps a portion of virtual memory backed by a file. |
DDK |
|
NtAllocateVirtualMemory64 |
VirtualAllocVlm |
New to Win2K. Allocates 64-bit virtual memory. |
|
|
NtFreeVirtualMemory64 |
VirtualFreeVlm |
New to Win2K. Frees 64-bit virtual memory. |
|
|
NtMapViewOfVlmSection |
MapViewOfFileVlm |
New to Win2K. Maps a file into 64-bit virtual memory. |
|
|
NtUnmapViewOfVlmSection |
UnmapViewOfFileVlm |
New to Win2K. Unmaps a view of a file mapped into 64-bit virtual memory. |
|
|
NtAreMappedFilesTheSame |
|
New to Win2K. The loader uses this to efficiently see if a given file has already been mapped into memory. |
|
|
NtProtectVirtualMemory64 |
VirtualProtectVlm |
New to Win2K. Sets protection on 64-bit virtual memory. |
|
|
NtQueryVirtualMemory64 |
VirtualQueryVlm |
New to Win2K. Queries the attributes of 64-bit virtual memory. |
|
|
NtReadVirtualMemory64 |
ReadProcessMemoryVlm |
New to Win2K. Reads data from 64-bit memory of the specified process. |
|
|
NtWriteVirtualMemory64 |
WriteProcessMemoryVlm |
New to Win2K. Writes data to 64-bit memory of the specified process. |
|
|
| |||
|
File and General I/O | |||
|
File I/O is the best documented of the native APIs since many device drivers must make use of it. | |||
|
NtCancelIoFile |
CancelIo |
Cancels an I/O request. |
|
|
NtCreateFile |
CreateFile, CreateDirectory, CreateDirectoryEx |
Create or opens a file, directory or device object. |
DDK |
|
NtCreateIoCompletion |
CreateIoCompletionPort |
Tells the I/O manager that a thread wishes to be notified when an I/O completes. |
|
|
NtOpenIoCompletion |
|
Opens a named I/O completion object. |
|
|
NtSetIoCompletion |
|
Sets an I/O completion object's attributes. |
|
|
NtQueryIoCompletion |
|
Retrieves specific information about an I/O completion object. |
|
|
NtRemoveIoCompletion |
|
Removes an I/O completion callback. |
|
|
NtDeleteFile |
DeleteFile |
Deletes a file object. |
|
|
NtDeviceIoControlFile |
DeviceIoControl |
Sends an IOCTL to a device's device driver, which represented by an open file object. |
|
|
NtFlushBuffersFile |
FlushFileBuffers |
Flushes in-memory file data to disk. |
|
|
NtFsControlFile |
DeviceIoControl |
Sends an I/O control (IOCTL) to a driver represented by an open device object. These are typically used for file system-related special commands. |
|
|
NtLockFile |
LockFile, LockFileEx |
Locks a range of a file for synchronized access. |
|
|
NtUnlockFile |
UnlockFile |
Unlocks a range of a file for synchronized access. |
|
|
NtNotifyChangeDirectoryFile |
FindFirstChangeNotification, FindNextChangeNotification |
Registers that a thread wishes to be notified when a directory's contents change. |
|
|
NtOpenFile |
OpenFile |
Opens an existing file. |
|
|
NtQueryAttributesFile |
GetFileAttributesEx |
Gets a file's attributes. |
|
|
NtQueryDirectoryFile |
FindFirstFile, FindFirstFileEx, FindNextFile |
Retrieves a directory's contents. |
|
|
NtQueryEaFile |
|
Retrieves a file's extended attributes. |
|
|
NtSetEaFile |
|
Sets the extended attributes of a file. |
|
|
NtQueryFullAttributesFile |
|
Introduced in NT 4.0. Gets a file's full attributes. |
|
|
NtQueryInformationFile |
GetShortPathName, GetLongPathName, GetFullPathName, GetFileType, GetFileSize, GetFileTime |
Retrieves specific information regarding a file. |
DDK |
|
NtSetInformationFile |
SetEndOfFile, SetFileAttributes, SetNamedPipeHandleState, SetMailslotInfo |
Sets specific information regarding a file. |
DDK |
|
NtQueryVolumeInformationFile |
GetDiskFreeSpace, GetDriveType |
Retrieves specific information regarding a disk volume. |
|
|
NtSetVolumeInformationFile |
SetVolumeLabel |
Sets information about a volume. |
|
|
NtReadFile |
ReadFile, ReadFileEx |
Reads data from a file. |
DDK |
|
NtWriteFile |
WriteFile, WriteFileEx |
Writes data to a file. |
DDK |
|
NtReadFileScatter |
ReadFileScatter |
Introduced in NT 4.0 SP2 for SQL Server. Reads data from a file into virtually discontiguous buffers. |
|
|
NtWriteFileGather |
WriteFileGather |
Introduced in NT 4.0 SP2 for SQL Server. Writes data to a file from virtually discontiguous buffers. |
|
|
NtQueryQuotaInformationFile |
IDiskQuotaControl:: |
New to Win2K. Win2K supports NTFS disk quotas. Queries disk quota information. |
|
|
NtSetQuotaInformationFile |
IDiskQuotaControl:: |
New to Win2K. Win2K supports NTFS disk quotas. Sets disk quota information. |
|
|
NtReadFile64 |
ReadFileVlm |
New to Win2K. Reads data from a file into 64-bit virtual memory. |
|
|
NtWriteFile64 |
WriteFileVlm |
New to Win2K. Writes data to a file from 64-bit virtual memory. |
|
|
| |||
|
Miscellaneous | |||
|
These functions don't fall neatly into other categories. | |||
|
NtAllocateLocallyUniqueId |
AllocateLocallyUniqueId |
Allocates an ID that is unique to the system with respect to other IDs allocate by this function. The security subsystem makes extensive use of this. |
|
|
NtAllocateUuids |
|
Allocates UUIDs. |
|
|
NtDisplayString |
|
Displays a string on the Blue Screen. This is used both during system boot and for writing on the Blue Screen of Death. |
|
|
NtQuerySystemInformation |
|
While this function isn't directly documented, the Performance Counters in the Registry export much of the information obtainable via this call. |
|
|
NtSetSystemInformation |
|
Various administrative applets use this function. For instance, quantum boosting is set with this API. |
|
|
NtShutdownSystem |
ExitWindows |
Shuts down NT with options for rebooting. |
|
|
NtVdmControl |
|
Sends commands to a Virtual DOS Machine. |
|
|
NtCallbackReturn |
|
For returning from Win32 into a caller. |
|
|
NtW32Call |
|
For calling into Win32 user mode. |
|
|
NtQueryOleDirectoryFile |
|
NT 4.0 only. |
|
|
NtLockProductActivationKeys |
|
New to WinXP. Locks the product activation keys for writing. |
|
|
| |||
|
Jobs | |||
|
These functions implement Job objects, which are new to Win2K. They are essentially a group of associated processes that can be controlled as a single unit and that share job-execution time restrictions. | |||
|
NtCreateJobObject |
CreateJobObject |
New to Win2K. Creates a job object. |
|
|
NtOpenJobObject |
OpenJobObject |
New to Win2K. Opens a named Job Object. |
|
|
NtQueryInformationJobObject |
QueryInformationJobObject |
New to Win2K. Retrieves information about a Job Object. |
|
|
NtAssignProcessToJobObject |
AssignProcessToJobObject |
New to Win2K. Assigns a process to a Job Object. |
|
|
NtSetInformationJobObject |
SetInformationJobObject |
New to Win2K. Sets a Job Object's attributes (e.g. priority). |
|
|
NtTerminateJobObject |
TerminateJobObject |
New to Win2K. Terminates a Job Object, which terminates all of its associated processes. |
|
|
NtCreateJobSet |
|
New to WinXP. Creates a job set from multiple job objects. |
|
|
| |||
|
IA64 Boot.ini | |||
|
These functions are for managing the IA64 version of Boot.ini, which is stored in non-volatile RAM. On non-IA64 systems these return STATUS_NOT_IMPLEMENTED. | |||
|
NtAddBootEntry |
|
New to WinXP. Adds an entry to the boot menu. |
|
|
NtDeleteBootEntry |
|
New to WinXP. Deletes an entry from the boot menu. |
|
|
NtEnumerateBootEntries |
|
New to WinXP. Enumerates the boot menu entries. |
|
|
NtModifyBootEntry |
|
New to WinXP. Modifies an existing boot menu entry. |
|
|
NtQueryBootEntryOrder |
|
New to WinXP. Queries the order of boot menu entries. |
|
|
NtQueryBootOptions |
|
New to WinXP. Queries the options associated with a boot menu entry. |
|
|
NtSetBootEntryOrder |
|
New to WinXP. Sets the order of boot menu entries. |
|
|
NtSetBootOptions |
|
New to WinXP. Sets the options associated with a boot menu entry. |
|
|
| |||
|
EFI Drivers | |||
|
These functions are for managing IA64 Extensible Firmware Interface device drivers. On non-IA64 systems these return STATUS_NOT_IMPLEMTNED. | |||
|
NtAddDriverEntry |
|
New to Server 2003. Adds a driver. |
|
|
NtDeleteDriverEntry |
|
New to Server 2003. Deletes a driver entry. |
|
|
NtEnumerateDriverEntries |
|
New to Server 2003. Enumerates driver entries. |
|
|
NtModifyDriverEntry |
|
New to Server 2003. Modifies an existing driver entry. |
|
|
NtQueryDriverEntryOrder |
|
New to Server 2003. Queries the order of driver entries. |
|
|
NtSetDriverEntryOrder | |||
댓글 없음:
댓글 쓰기