|
Special Files |
| |||||||||||
|
These APIs are used to create files that have custom characteristics. |
| |||||||||||
|
NtCreateMailslotFile |
CreateMailSlot |
Creates a mailslot end-point. |
| |||||||||
|
NtCreateNamedPipeFile |
CreateNamedPipe |
Creates a named-pipe end-point. |
| |||||||||
|
NtCreatePagingFile |
|
The System applet uses this API to create paging files. Parameters specify the name, as well as minimum and maximum size. |
| |||||||||
|
|
| |||||||||||
|
Drivers |
| |||||||||||
|
These functions are used by NT to load and unload device driver images from system memory. |
| |||||||||||
|
NtLoadDriver |
CreateFile with Service Control Manager |
Loads a device driver based on information provided under HKLM/System/CurrentControlSet/Services/driver name |
| |||||||||
|
NtUnloadDriver |
Service Control Manager supported |
Unloads the specified driver from memory, presuming the driver supports an unload interface. |
| |||||||||
|
NtRegisterNewDevice |
|
NT 3.51 only. |
| |||||||||
|
|
| |||||||||||
|
Processor and Bus |
| |||||||||||
|
Processor registers and components can be controlled via these functions. |
| |||||||||||
|
NtFlushInstructionCache |
|
The NT kernel debugger uses this API, which flushes the processor instruction cache using the HAL. |
| |||||||||
|
NtFlushWriteBuffer |
|
The processor's memory write buffer is flushed by this function, which uses the HAL. |
| |||||||||
|
NtSetLdtEntries |
|
X86 Local Descriptor Table entries are initialized using this function. |
| |||||||||
|
NtEnumerateBus |
|
NT 3.51 only. |
| |||||||||
|
NtGetCurrentProcessorNumber |
|
New to Server 2K3. Gets the number of the processor on which a thread is executing. |
| |||||||||
|
|
| |||||||||||
|
Debugging and Profiling |
| |||||||||||
|
The profiling APIs provide a mechanism for sample-based profiling of kernel-mode execution. The Kernprof tool in the DDK makes use of them, and a recent Windows Developer's Journal presented a source code to a Kernprof clone. The debug control function is used by WinDbg for obtaining internal kernel information and controlling thread and process execution. |
| |||||||||||
|
NtCreateProfile |
|
Creates a profile object. |
| |||||||||
|
NtQueryIntervalProfile |
|
Returns profiled data. |
| |||||||||
|
NtSetIntervalProfile |
|
Specified sampling interval. |
| |||||||||
|
NtStartProfile |
|
Starts sampling. |
| |||||||||
|
NtStopProfile |
|
Stops sampling. |
| |||||||||
|
NtSystemDebugControl |
|
Implements a range of debugger support commands. |
| |||||||||
|
NtRegisterThreadTerminatePort |
|
A debugger registers for thread termination notification with this API. |
| |||||||||
|
NtCreateDebugObject |
|
New to WinXP. Creates a debug object. |
| |||||||||
|
NtDebugActiveProcess |
DebugActiveProcess |
New to WinXP. Enables a debugger to attach to an active process and debug it. |
| |||||||||
|
NtDebugContinue |
Continue DebugEvent |
New to WinXP. Allows a process to contiue a thread that has generated a debug event. |
| |||||||||
|
NtQueryDebugFilterState |
|
New to WinXP. Queries the debug filter state level for a specific component. |
| |||||||||
|
NtRemoveProcessDebug |
DebugActiveProcessStop |
New to WinXP. Stops debugging the specified process. |
| |||||||||
|
NtSetDebugFilterState |
|
New to WinXP. Sets the debug output filter level for the specified component. |
| |||||||||
|
NtSetInformationDebugObject |
|
New to WinXP. Sets the attributes of a debug object. |
| |||||||||
|
NtWaitForDebugEvent |
WaitForDebugEvent |
New to WinXP. Waits for a debugging event on a process being debugged. |
| |||||||||
|
|
| |||||||||||
|
Channels |
| |||||||||||
|
These functions were introduced in NT 4.0 and are present in Win2K Beta 1. However, they are all stubs that return STATUS_NOT_IMPLEMENTED. Their names imply that they were intended to provide access to a communications mechanism. Why are they in the released versions of NT if they are not implemented? |
| |||||||||||
|
NtCreateChannel |
|
Not implemented. |
| |||||||||
|
NtOpenChannel |
|
Not implemented. |
| |||||||||
|
NtListenChannel |
|
Not implemented. |
| |||||||||
|
NtSetContextChannel |
|
Not implemented. |
| |||||||||
|
NtReplyWaitSendChannel |
|
Not implemented. |
| |||||||||
|
NtSendWaitReplyChannel |
|
Not implemented. |
| |||||||||
|
|
| |||||||||||
|
Power |
| |||||||||||
|
There's only one Native API for power management in NT 4.0. Interestingly, this API was introduced in NT 4.0, but was a stub that returned STATUS_NOT_IMPLEMENTED. Win2K fleshes out the API and adds more commands. |
| |||||||||||
|
NtSetSystemPowerState |
|
Not implemented in NT 4.0. |
| |||||||||
|
NtInitiatePowerAction |
|
New to Win2K. Initiate a power event (e.g. suspend) |
| |||||||||
|
NtPowerInformation |
GetSystemPowerStatus |
New to Win2K. Get the system's power state. |
| |||||||||
|
NtSetThreadExecutionState |
SetThreadExecutionState |
New to Win2K. Sets a thread's system power state requirement. |
| |||||||||
|
NtRequestWakeupLatency |
|
New to Win2K. Sets a process' wakeup latency. |
| |||||||||
|
|
| |||||||||||
|
Plug-and-Play |
| |||||||||||
|
Like the Power API, some of these were introduced in NT 4.0 as unimplemented functions. Win2K fleshes them out and adds more. |
| |||||||||||
|
NtGetPlugPlayEvent |
|
Present, but not implemented in NT 4.0. Sets plug and play events. |
| |||||||||
|
NtPlugPlayControl |
|
Present, but not implemented in NT 4.0. Sends commands to the plug-and-play subsystem. |
| |||||||||
|
|
| |||||||||||
|
Objects |
| |||||||||||
|
Object manager namespace objects are created and manipualted with these routines. A couple of these, like NtClose, are general in that they are used with any object type. |
| |||||||||||
|
NtClose |
CloseHandle |
Closes a handle to any object type. |
| |||||||||
|
NtDuplicateObject |
DuplicateHandle |
Duplicates a handle to an object. |
| |||||||||
|
NtCreateDirectoryObject |
|
Creates a directory in the object manager namespace. |
| |||||||||
|
NtCreateSymbolicLinkObject |
|
Creates a symbolic link in the object manager namespace. The Win32 DefineDosDevice command lets you create links, but only in the /?? subdirectory. |
| |||||||||
|
NtMakeTemporaryObject |
|
Causes a permanent object to be deleted during NT shutdown so that it isn't present at the next boot. |
| |||||||||
|
NtOpenDirectoryObject |
|
Opens an object manager namespace directory. |
| |||||||||
|
NtQueryDirectoryObject |
|
Used to enumerate the objects located in an directory object. |
| |||||||||
|
NtOpenSymbolicLinkObject |
|
Opens a symbolic link object. |
| |||||||||
|
NtQuerySymbolicLinkObject |
|
Returns the name of the object that the symbolic link points at. |
| |||||||||
|
NtQueryObject |
|
Queries an an object's attributes, such as its name. |
| |||||||||
|
NtSetInformationObject |
|
Sets an object's attributes. |
| |||||||||
|
NtMakePermanentObject |
|
New to WinXP. Sets the permanent flag on an object. |
| |||||||||
|
NtTranslateFilePath |
|
New to WinXP. Translates a file path from one format (e.g. NT, ARC, EFI) to another. |
| |||||||||
|
|
| |||||||||||
|
Registry |
| |||||||||||
|
Win32 Registry functions basically map directly to these APIs, and many of them are documented in the DDK. |
| |||||||||||
|
NtCreateKey |
RegCreateKey |
Creates or opens a Registry key. |
| |||||||||
|
NtOpenKey |
RegOpenKey |
Opens an existing Registry key. |
| |||||||||
|
NtDeleteKey |
RegDeleteKey |
Deletes a Registry key. |
| |||||||||
|
NtDeleteValueKey |
RegDeleteValue |
Deletes a value. |
| |||||||||
|
NtEnumerateKey |
RegEnumKey, RegEnumKeyEx |
Enumerates the subkeys of a key. |
| |||||||||
|
NtEnumerateValueKey |
RegEnumValue |
Enumerates the values within a key. |
| |||||||||
|
NtFlushKey |
RegFlushKey |
Flushes changes back to the Registry on disk. |
| |||||||||
|
NtInitializeRegistry |
|
Gets the Registry rolling. The single parameter to this specifies whether its a setup boot or a normal boot. |
| |||||||||
|
NtNotifyChangeKey |
RegNotifyChangeKeyValue |
Allows a program to be notified of changes to a particular key or its subkeys. |
| |||||||||
|
NtQueryKey |
RegQueryKey |
Queries information about a key. |
| |||||||||
|
NtQueryMultiplValueKey |
RegQueryMultipleValues |
Retrieves information about multiple specified values. This API was introduced in NT 4.0. |
| |||||||||
|
NtQueryValueKey |
RegQueryValue, RegQueryValueEx |
Retrieves information about a specified value. |
| |||||||||
|
NtReplaceKey |
RegReplaceKey |
Changes the backing file for a key and its subkeys. Used for backup/restore. |
| |||||||||
|
NtSaveKey |
RegSaveKey |
Saves the contents of a key and subkey to a file. |
| |||||||||
|
NtRestoreKey |
RegRestoreKey |
Loads the contents of a key from a specified file. |
| |||||||||
|
NtSetInformationKey |
|
Sets attributes of a key. |
| |||||||||
|
NtSetValueKey |
RegSetValue, RegSetValueEx |
Sets the data associated with a value. |
| |||||||||
|
NtLoadKey |
RegLoadKey |
Loads a hive file into the Registry. |
| |||||||||
|
NtLoadKey2 |
|
Introduced in NT 4.0. Allows for options on loading a hive. |
| |||||||||
|
NtUnloadKey |
RegUnloadKey |
Unloads a hive from the Registry. |
| |||||||||
|
NtCompactKeys |
|
New to WinXP. Makes key storage adjacent. |
| |||||||||
|
NtCompressKey |
|
New to WinXP. Performs in-place compaction of a hive. |
| |||||||||
|
NtLockRegistryKey |
|
New to WinXP. Locks a registry key for modification. |
| |||||||||
|
NtRenameKey |
|
New to WinXP. Renames a Registry key. |
| |||||||||
|
NtSaveKeyEx |
RegSaveKeyEx |
New to WinXP. Saves the contents of a key and its subkeys to a file. |
| |||||||||
|
NtUnloadKeyEx |
|
New to WinXP. Unloads a hive from the Registry. |
| |||||||||
|
NtLoadKeyEx |
|
New to Server 2K3. Loads a hive into the Registry. |
| |||||||||
|
NtUnloadKey2 |
|
New to Serer 2K3. Unloads a hive from the Registry. |
| |||||||||
|
NtQueryOpenSubKeysEx |
|
New to Server 2003. Returns the keys opened beneath a specified key. |
| |||||||||
|
|
| |||||||||||
|
Local Procedure Call |
| |||||||||||
|
LPC is NT's core interprocess communications mechanism. If you use RPC between processes on the same computer you are using LPC indirectly. |
| |||||||||||
|
NtCreatePort |
|
Creates a port object. |
| |||||||||
|
NtAcceptConnectPort |
|
Accepts a port connection. |
| |||||||||
|
NtCompleteConnectPort |
|
Completes a connection. |
| |||||||||
|
NtConnectPort |
|
Connects a port to another port that is accepting connections. |
| |||||||||
|
NtImpersonateClientOfPort |
|
Thread impersonates the identify of the process on the other end of a port. |
| |||||||||
|
NtListenPort |
|
Listens on a port for connection requests. |
| |||||||||
|
NtQueryInformationPort |
|
Obtains information on a port. |
| |||||||||
|
NtReadRequestData |
|
Reads data associated with a port message. |
| |||||||||
|
NtReplyPort |
|
Sends a reply message. |
| |||||||||
|
NtReplyWaitReceivePort |
|
Sends a reply message and then waits for an incoming request message. |
| |||||||||
|
NtReplyWaitReplyPort |
|
Sends a reply message and then waits for an incoming reply message. |
| |||||||||
|
NtRequestPort |
|
Sends a request message. |
| |||||||||
|
NtRequestWaitReplyPort |
|
Sends a request message and waits for an incoming reply message. |
| |||||||||
|
NtWriteRequestData |
|
Fills in data for a request message |
| |||||||||
|
NtSecureConnectPort |
|
New to Win2K. Creates a secure connection port. |
| |||||||||
|
NtQueryPortInformationProcess |
|
New to WinXP. Used to determine if a process has an associated exception or debug port. |
| |||||||||
|
|
| |||||||||||
|
Security |
| |||||||||||
|
The Native security APIs are mapped almost directly by Win32 security APIs. |
| |||||||||||
|
NtAccessCheck |
AccessCheck |
Checks to see whether current thread has access to an object based on its security descriptor. |
| |||||||||
|
NtAccessCheckAndAuditAlarm |
AccessCheckAuditAlarm |
Generates an audit message related to access checking. |
| |||||||||
|
NtAdjustGroupsToken |
AdjustTokenGroups |
Adds or removes groups associated with a token. |
| |||||||||
|
NtAdjustPrivilegesToken |
AdjustTokenPrivileges |
Enables or disables privileges associated with a token. |
| |||||||||
|
NtCloseObjectAuditAlarm |
ObjectCloseAuditAlarm |
Generates an audit message indicating that an object was closed. |
| |||||||||
|
NtCreateToken |
CreateToken |
Creates a token object. |
| |||||||||
|
NtDeleteObjectAuditAlarm |
ObjectDeleteAuditAlarm |
Generated an audit event indicating that an object was deleted. |
| |||||||||
|
NtDuplicateToken |
DuplicateToken, DuplicateTokenEx |
Duplicates a token object. |
| |||||||||
|
NtOpenObjectAuditAlarm |
ObjectOpenAuditAlarm |
Generated an audit event indicating that an object was opened. |
| |||||||||
|
NtImpersonateThread |
ImpersonateLoggedOnUser |
Allows a thread to impersonate the identity of another user. |
| |||||||||
|
NtOpenProcessToken |
OpenProcessToken |
Obtains a handle to the token of a specified process. |
| |||||||||
|
NtOpenThreadToken |
OpenThreadToken |
Opens a handle to the token of a specified thread. |
| |||||||||
|
NtPrivilegeCheck |
PrivilegeCheck |
Checks to see whether a token has the specified privileges enabled. |
| |||||||||
|
NtPrivilegeObjectAuditAlarm |
ObjectPrivilegeAuditAlarm |
Generates an audit event record associated with a privilege check. |
| |||||||||
|
NtPrivilegedServiceAuditAlarm |
PrivilegedServiceAuditAlarm |
Generates an audit message indicating the attempt to use specified privileges. |
| |||||||||
|
NtQueryInformationToken |
GetTokenInformation |
Obtains information about a token. |
| |||||||||
|
NtQuerySecurityObject |
GetUserObjectSecurity, GetPrivateObjectSecurity |
Retrieves information about an object's security settings. |
| |||||||||
|
NtSetInformationToken |
SetTokenInformation |
Sets a token's attributes. |
| |||||||||
|
NtSetSecurityObject |
SetUserObjectSecurity, SetrivateSecurityObject |
Sets the security information of an object. |
| |||||||||
|
NtAccessCheckByType |
AccessCheckByType |
New object-specific security support in Win2K. |
| |||||||||
|
NtAccessCheckByTypeAndAuditAlarm |
AccessCheckByTypeAndAuditAlarm |
New object-specific security support in Win2K. |
| |||||||||
|
NtAccessCheckByTypeResultList |
AccessCheckByTypeResultList, AccessCheckByTypeResultListAndAuditAlarm |
New object-specific security support in Win2K. |
| |||||||||
|
NtFilterToken |
CreateRestrictedToken |
New object-specific security support in Win2K. |
| |||||||||
|
NtCompareToken |
|
New object-specific security support in Win2K. |
| |||||||||
|
NtOpenProcessTokenEx |
|
New to WinXP. Compares two tokens. |
| |||||||||
|
NtOpenThreadTokenEx |
|
New to WinXP. Opens a process token. |
| |||||||||
|
|
|
New to WinXP. Opens a thread token. | ||||||||||
|
Processes and Threads |
| |||||||||||
|
These functions control processes and threads. Many have direct Win32 equivalents. |
| |||||||||||
|
NtAlertResumeThread |
|
Resumes a thread. |
| |||||||||
|
NtAlertThread |
|
Sends an alert to a thread. |
| |||||||||
|
NtTestAlert |
|
Tests for whether a thread has a pending alert. |
| |||||||||
|
NtCreateProcess |
CreateProcess |
Creates a new process. |
| |||||||||
|
NtCreateThread |
CreateThread |
Creates a new thread. |
| |||||||||
|
NtCurrentTeb |
|
Returns a pointer to a thread's environment block. |
| |||||||||
|
NtDelayExecution |
Sleep, SleepEx |
Pauses a thread for a specified time. |
| |||||||||
|
NtGetContextThread |
GetThreadContext |
Retrieves the hardware context (registers) of a thread. |
| |||||||||
|
NtSetContextThread |
SetThreadContext |
Sets the hardware context (registers) of a thread. |
| |||||||||
|
NtOpenProcess |
OpenProcess |
Opens a handle to a specified process. |
| |||||||||
|
NtOpenThread |
OpenThread |
Opens a handle to a specified thread. |
| |||||||||
|
NtQueryInformationProcess |
GetProcessTimes, GetProcessVersion, GetProcessWorkingSetSize, GetProcessPriorityBoost, GetProcessAffinityMask, GetPriorityClass, GetProcessShutdownParameters |
Obtains information about a process' attributes. |
| |||||||||
|
NtQueryInformationThread |
GetThreadTimes, GetThreadPriority, GetThreadPriorityBoost |
Obtains information about a thread's attributes. |
| |||||||||
|
NtQueueApcThread |
QueueUserApc |
Introduced in NT 4.0. Queues an Asynchornous Procedure Call to a thread. |
| |||||||||
|
NtResumeThread |
ResumeThread |
Wakes up a suspended thread. |
| |||||||||
|
NtSetInformationProcess |
SetProcessAffinityMask, SetPriorityClass, SetProcessPriorityBoost, SetProcessShutdownParameters, SetProcessWorkingSetSize |
Sets a process' attributes. |
| |||||||||
|
NtSetInformationThread |
SetThreadAffinityMask, SetThreadIdealProcessor, SetThreadPriority, SetThreadPriorityBoost |
Sets a thread's attributes. |
| |||||||||
|
NtSetLowWaitHighThread |
|
NT 4.0 only (not in Win2K). |
| |||||||||
|
NtSetHighWaitLowThread |
|
NT 4.0 only (not in Win2K). |
| |||||||||
|
NtSuspendThread |
SuspendThread |
Suspends a thread's execution. |
| |||||||||
|
NtTerminateProcess |
TerminateProcess |
Deletes a process. |
| |||||||||
|
NtTerminateThread |
TerminateThread |
Deletes a thread. |
| |||||||||
|
NtYieldExecution |
SwitchToThread |
Introduced in NT 4.0. Causes thread to give up CPU. |
| |||||||||
|
NtCreateProcessEx |
|
New to WinXP. Creates a new process. |
| |||||||||
|
NtResumeProcess |
|
New to WinXP. Resumes a suspended process. |
| |||||||||
|
NtSuspendProcess |
|
New to WinXP. Suspends a process. |
| |||||||||
|
NtApphelpCacheControl |
|
New to Server 2003. Controls the application-compatibility shim cache. |
| |||||||||
|
|
| |||||||||||
|
Atoms |
| |||||||||||
|
Atoms allow for the efficient storage and referencing of character strings. |
| |||||||||||
|
NtAddAtom |
AddAtom |
Introduced in NT 4.0. Adds a character string to an atom table. |
| |||||||||
|
NtDeleteAtom |
DeleteAtom |
Introduced in NT 4.0. Removes an atom from an atom table. |
| |||||||||
|
NtFindAtom |
FindAtom |
Introduced in NT 4.0. Looks up an atom in an atom table. |
| |||||||||
|
NtQueryInformationAtom |
GetAtomName |
Introduced in NT 4.0. Retrieves information about an atom. |
| |||||||||
|
|
| |||||||||||
|
Error Handling |
| |||||||||||
|
Device drivers and debuggers rely on these error handling routines. |
| |||||||||||
|
NtRaiseException |
RaiseException |
Signals an exception condition to trigger exception handler execution. |
| |||||||||
|
NtContinue |
try/except |
Allows error processing handling to continue to the next handler. |
| |||||||||
|
NtRaiseHardError |
|
Used to raise an error message box. |
| |||||||||
|
NtSetDefaultHardErrorPort |
SetErrorMode |
Used by programs to disable hard error message boxes cause by their actions. |
| |||||||||
|
|
| |||||||||||
|
Execution Environment |
| |||||||||||
|
These functions are related to general execution environment. |
| |||||||||||
|
NtQueryDefaultLocale |
GetLocaleInfo |
Retrieves information about the locale. |
| |||||||||
|
NtSetDefaultLocale |
SetLocaleInfo |
Sets locale information. |
| |||||||||
|
NtQuerySystemEnvironmentValue |
GetEnvironmentVariable |
Gets the value of an environment variable. |
| |||||||||
|
NtSetSystemEnvironmentValue |
SetEnvironmentVariable |
Sets the value of an environment variable. |
| |||||||||
|
NtQueryDefaultUILanguage |
|
New to Win2K. Win2K supports on-the-fly language changes. Queries the current language. |
| |||||||||
|
NtSetDefaultUILanguage |
|
New to Win2K. Win2K supports on-the-fly language changes. Sets the current language. |
| |||||||||
|
NtEnumerateSystemEnvironmentValuesEx |
|
New to WinXP. Enumerates the system environment variables. |
| |||||||||
|
NtQuerySystemEnvironmentValueEx |
|
New to WinXP. Queries the value of an environment variable. |
| |||||||||
|
|
| |||||||||||
|
Timers and System Time |
| |||||||||||
|
Virtually all these routines have functionality accessible via Win32 APIs. |
| |||||||||||
|
NtCancelTimer |
CancelWaitableTimer, timeKillEvent |
Cancels a timer. |
| |||||||||
|
NtCreateTimer |
CreateWaitableTimer |
Creates a timer. |
| |||||||||
|
NtOpenTimer |
OpenWaitableTimer |
Opens a timer object. |
| |||||||||
|
NtQueryTimer |
|
Queries a timer's attributes. |
| |||||||||
|
NtQueryTimerResolution |
timeGetDevCaps |
Queries the system's timer resolution. |
| |||||||||
|
NtSetTimer |
timeSetEvent |
Sets a timer for an expiration event. |
| |||||||||
|
NtSetTimerResolution |
timeBeginPeriod, timeEndPeriod |
Sets the system timer resolution. |
| |||||||||
|
NtQueryPerformanceCounter |
QueryPerformanceCounter, QueryPerformanceFrequency |
Queries the system performance counter. |
| |||||||||
|
NtQuerySystemTime |
GetSystemTime |
Gets the current time. |
| |||||||||
|
NtSetSystemTime |
SetSystemTime |
Sets the system time. |
| |||||||||
|
NtGetTickCount |
GetTickCount |
Get the ticks since system boot. |
| |||||||||
|
|
| |||||||||||
|
Synchronization |
| |||||||||||
|
Most synchronization objects have Win32 APIs, with the notable exception of event pairs. Event pairs are used for high-performance interprocess synchronization by the LPC facility. |
| |||||||||||
|
NtCreateEvent |
CreateEvent |
Creates an event object. |
| |||||||||
|
NtOpenEvent |
OpenEvent |
Opens an event object. |
| |||||||||
|
NtClearEvent |
|
Clears the signalled state of an event. |
| |||||||||
|
NtPulseEvent |
PulseEvent |
Signals an event and then resets it. |
| |||||||||
|
NtQueryEvent |
|
Queries the state of an event. |
| |||||||||
|
NtResetEvent |
ResetEvent |
Resets an event to a non-signalled state. |
| |||||||||
|
NtSetEvent |
SetEvent |
Sets an event to the signalled state. |
| |||||||||
|
NtCreateEventPair |
|
Creates an event pair. |
| |||||||||
|
NtOpenEventPair |
|
Opens an event pair. |
| |||||||||
|
NtSetHighEventPair |
|
Sets the high half of an event pair to signalled state. |
| |||||||||
|
NtSetHighWaitLowEventPair |
|
Sets the high half of an event pair to signalled state and waits for the low half to become signalled. |
| |||||||||
|
NtSetLowEventPair |
|
Sets the low half of an event pair. |
| |||||||||
|
NtSetLowWaitHighEventPair |
|
Sets the low half of an event pair and waits for the high-half to become signalled. |
| |||||||||
|
NtWaitHighEventPair |
|
Waits for the high-half of an event pair to become signalled. |
| |||||||||
|
NtWaitLowEventPair |
|
Waits for the low-half of an event pair to become signalled. |
| |||||||||
|
NtCreateMutant |
CreateMutex |
Creates a mutant object (known as a mutex in user mode). |
| |||||||||
|
NtOpenMutant |
OpenMutex |
Opens a mutant object (known as a mutex in user mode). |
| |||||||||
|
NtQueryMutant |
|
Queries the state of a mutant object. |
| |||||||||
|
NtReleaseMutant |
ReleaseMutex |
Signals a mutant |
| |||||||||
|
NtReleaseProcessMutant |
|
3.51 only. |
| |||||||||
|
NtReleaseThreadMutant |
|
3.51 only. |
| |||||||||
|
NtCreateSemaphore |
CreateSemaphore |
Creates a semaphore object. |
| |||||||||
|
NtOpenSemaphore |
OpenSemaphore |
Opens a semaphore object. |
| |||||||||
|
NtQuerySemaphore |
|
Queries the state of a semaphore. |
| |||||||||
|
NtReleaseSemaphore |
ReleaseSemaphore |
Signals a semaphore. |
| |||||||||
|
NtSignalAndWaitForSingleObject |
|
Introduced in NT 4.0. Signals a synchornization object and then waits for it to be signalled again. |
| |||||||||
|
NtWaitForMultipleObjects |
WaitForMultipleObjects, WaitForMultipleObjectsEx |
Waits for multiple objects to become signalled. |
| |||||||||
|
NtWaitForSingleObject |
WaitForSingleObject, WaitForSingleObjectEx |
Waits for a single object to become signalled. |
| |||||||||
|
NtCreateKeyedEvent |
|
New to WinXP. Creates a keyed event object. |
| |||||||||
|
NtOpenKeyedEvent |
|
New to WinXP. Opens a named keyed event object. |
| |||||||||
|
NtReleaseKeyedEvent |
|
New to WinXP. Signals a keyed event object. |
| |||||||||
|
NtWaitForKeyedEvent |
|
New to WinXP. Waits for a keyed event to become signalled. |
| |||||||||
|
NtSetEventBoostPriority |
|
New to WinXP. Signals an event and sets the priority of woken threads. |
| |||||||||
|
|
| |||||||||||
|
Memory |
| |||||||||||
|
Most of NT's virtual memory APIs are accessible via Win32. |
| |||||||||||
|
NtAllocateVirtualMemory |
VirtualAlloc, VirtualAllocEx |
Allocates virtual memory. |
| |||||||||
|
NtFreeVirtualMemory |
VirtualFree, VirtualFreeEx |
Frees virtual memory. |
| |||||||||
|
NtQueryVirtualMemory |
VirtualQuery, VirtualQueryEx |
Queries a range of virtual memory's attributes. |
| |||||||||
|
NtProtectVirtualMemory |
VirtualProtect, VirtualProtectEx |
Sets the protection for a range of virtual memory. |
| |||||||||
|
NtLockVirtualMemory |
VirtualLock |
Locks a range of virtual memory. |
| |||||||||
|
NtUnlockVirtualMemory |
VirtualUnlock |
Unlocks a range of virtual memory. |
| |||||||||
|
NtReadVirtualMemory |
ReadProcessMemory |
Reads a range of virtual memory from a specied process. |
| |||||||||
|
NtWriteVirtualMemory |
WriteProcessMemory |
Writes a range of virtual memory from a specied process. |
| |||||||||
|
NtFlushVirtualMemory |
FlushViewOfFile |
Flushes a memory mapped range of memory to the file on disk. |
| |||||||||
|
NtCreateSection |
CreateFileMapping |
Creates a range of memory backed by a file. |
| |||||||||
|
NtOpenSection |
OpenFileMapping |
Opens a named memory mapping section object. |
| |||||||||
|
NtExtendSection |
|
Extends an existing range of virtual memory backed by a file. |
| |||||||||
|
NtMapViewOfSection |
MapViewOfFile |
Maps a portion of a file into virtual memory. |
| |||||||||
|
NtUnmapViewOfSection |
UnmapViewOfFile |
Unmaps a portion of virtual memory backed by a file. |
| |||||||||
|
NtAllocateVirtualMemory64 |
VirtualAllocVlm |
New to Win2K. Allocates 64-bit virtual memory. |
| |||||||||
|
NtFreeVirtualMemory64 |
VirtualFreeVlm |
New to Win2K. Frees 64-bit virtual memory. |
| |||||||||
|
NtMapViewOfVlmSection |
MapViewOfFileVlm |
New to Win2K. Maps a file into 64-bit virtual memory. |
| |||||||||
|
NtUnmapViewOfVlmSection |
UnmapViewOfFileVlm |
New to Win2K. Unmaps a view of a file mapped into 64-bit virtual memory. |
| |||||||||
|
NtAreMappedFilesTheSame |
|
New to Win2K. The loader uses this to efficiently see if a given file has already been mapped into memory. |
| |||||||||
|
NtProtectVirtualMemory64 |
VirtualProtectVlm |
New to Win2K. Sets protection on 64-bit virtual memory. |
| |||||||||
|
NtQueryVirtualMemory64 |
VirtualQueryVlm |
New to Win2K. Queries the attributes of 64-bit virtual memory. |
| |||||||||
|
NtReadVirtualMemory64 |
ReadProcessMemoryVlm |
New to Win2K. Reads data from 64-bit memory of the specified process. |
| |||||||||
|
NtWriteVirtualMemory64 |
WriteProcessMemoryVlm |
New to Win2K. Writes data to 64-bit memory of the specified process. |
| |||||||||
|
|
| |||||||||||
|
File and General I/O |
| |||||||||||
|
File I/O is the best documented of the native APIs since many device drivers must make use of it. |
| |||||||||||
|
NtCancelIoFile |
CancelIo |
Cancels an I/O request. |
| |||||||||
|
NtCreateFile |
CreateFile, CreateDirectory, CreateDirectoryEx |
Create or opens a file, directory or device object. |
| |||||||||
|
NtCreateIoCompletion |
CreateIoCompletionPort |
Tells the I/O manager that a thread wishes to be notified when an I/O completes. |
| |||||||||
|
NtOpenIoCompletion |
|
Opens a named I/O completion object. |
| |||||||||
|
NtSetIoCompletion |
|
Sets an I/O completion object's attributes. |
| |||||||||
|
NtQueryIoCompletion |
|
Retrieves specific information about an I/O completion object. |
| |||||||||
|
NtRemoveIoCompletion |
|
Removes an I/O completion callback. |
| |||||||||
|
NtDeleteFile |
DeleteFile |
Deletes a file object. |
| |||||||||
|
NtDeviceIoControlFile |
DeviceIoControl |
Sends an IOCTL to a device's device driver, which represented by an open file object. |
| |||||||||
|
NtFlushBuffersFile |
FlushFileBuffers |
Flushes in-memory file data to disk. |
| |||||||||
|
NtFsControlFile |
DeviceIoControl |
Sends an I/O control (IOCTL) to a driver represented by an open device object. These are typically used for file system-related special commands. |
| |||||||||
|
NtLockFile |
LockFile, LockFileEx |
Locks a range of a file for synchronized access. |
| |||||||||
|
NtUnlockFile |
UnlockFile |
Unlocks a range of a file for synchronized access. |
| |||||||||
|
NtNotifyChangeDirectoryFile |
FindFirstChangeNotification, FindNextChangeNotification |
Registers that a thread wishes to be notified when a directory's contents change. |
| |||||||||
|
NtOpenFile |
OpenFile |
Opens an existing file. |
| |||||||||
|
NtQueryAttributesFile |
GetFileAttributesEx |
Gets a file's attributes. |
| |||||||||
|
NtQueryDirectoryFile |
FindFirstFile, FindFirstFileEx, FindNextFile |
Retrieves a directory's contents. |
| |||||||||
|
NtQueryEaFile |
|
Retrieves a file's extended attributes. |
| |||||||||
|
NtSetEaFile |
|
Sets the extended attributes of a file. |
| |||||||||
|
NtQueryFullAttributesFile |
|
Introduced in NT 4.0. Gets a file's full attributes. |
| |||||||||
|
NtQueryInformationFile |
GetShortPathName, GetLongPathName, GetFullPathName, GetFileType, GetFileSize, GetFileTime |
Retrieves specific information regarding a file. |
| |||||||||
|
NtSetInformationFile |
SetEndOfFile, SetFileAttributes, SetNamedPipeHandleState, SetMailslotInfo |
Sets specific information regarding a file. |
| |||||||||
|
NtQueryVolumeInformationFile |
GetDiskFreeSpace, GetDriveType |
Retrieves specific information regarding a disk volume. |
| |||||||||
|
NtSetVolumeInformationFile |
SetVolumeLabel |
Sets information about a volume. |
| |||||||||
|
NtReadFile |
ReadFile, ReadFileEx |
Reads data from a file. |
| |||||||||
|
NtWriteFile |
WriteFile, WriteFileEx |
Writes data to a file. |
| |||||||||
|
NtReadFileScatter |
ReadFileScatter |
Introduced in NT 4.0 SP2 for SQL Server. Reads data from a file into virtually discontiguous buffers. |
| |||||||||
|
NtWriteFileGather |
WriteFileGather |
Introduced in NT 4.0 SP2 for SQL Server. Writes data to a file from virtually discontiguous buffers. |
| |||||||||
|
NtQueryQuotaInformationFile |
IDiskQuotaControl:: |
New to Win2K. Win2K supports NTFS disk quotas. Queries disk quota information. |
| |||||||||
|
NtSetQuotaInformationFile |
IDiskQuotaControl:: |
New to Win2K. Win2K supports NTFS disk quotas. Sets disk quota information. |
| |||||||||
|
NtReadFile64 |
ReadFileVlm |
New to Win2K. Reads data from a file into 64-bit virtual memory. |
| |||||||||
|
NtWriteFile64 |
WriteFileVlm |
New to Win2K. Writes data to a file from 64-bit virtual memory. |
| |||||||||
|
|
| |||||||||||
|
Miscellaneous |
| |||||||||||
|
These functions don't fall neatly into other categories. |
| |||||||||||
|
NtAllocateLocallyUniqueId |
AllocateLocallyUniqueId |
Allocates an ID that is unique to the system with respect to other IDs allocate by this function. The security subsystem makes extensive use of this. |
| |||||||||
|
NtAllocateUuids |
|
Allocates UUIDs. |
| |||||||||
|
NtDisplayString |
|
Displays a string on the Blue Screen. This is used both during system boot and for writing on the Blue Screen of Death. |
| |||||||||
|
NtQuerySystemInformation |
|
While this function isn't directly documented, the Performance Counters in the Registry export much of the information obtainable via this call. |
| |||||||||
|
NtSetSystemInformation |
|
Various administrative applets use this function. For instance, quantum boosting is set with this API. |
| |||||||||
|
NtShutdownSystem |
ExitWindows |
Shuts down NT with options for rebooting. |
| |||||||||
|
NtVdmControl |
|
Sends commands to a Virtual DOS Machine. |
| |||||||||
|
NtCallbackReturn |
|
For returning from Win32 into a caller. |
| |||||||||
|
NtW32Call |
|
For calling into Win32 user mode. |
| |||||||||
|
NtQueryOleDirectoryFile |
|
NT 4.0 only. |
| |||||||||
|
NtLockProductActivationKeys |
|
New to WinXP. Locks the product activation keys for writing. |
| |||||||||
|
|
| |||||||||||
|
Jobs |
| |||||||||||
|
These functions implement Job objects, which are new to Win2K. They are essentially a group of associated processes that can be controlled as a single unit and that share job-execution time restrictions. |
| |||||||||||
|
NtCreateJobObject |
CreateJobObject |
New to Win2K. Creates a job object. |
| |||||||||
|
NtOpenJobObject |
OpenJobObject |
New to Win2K. Opens a named Job Object. |
| |||||||||
|
NtQueryInformationJobObject |
QueryInformationJobObject |
New to Win2K. Retrieves information about a Job Object. |
| |||||||||
|
NtAssignProcessToJobObject |
AssignProcessToJobObject |
New to Win2K. Assigns a process to a Job Object. |
| |||||||||
|
NtSetInformationJobObject |
SetInformationJobObject |
New to Win2K. Sets a Job Object's attributes (e.g. priority). |
| |||||||||
|
NtTerminateJobObject |
TerminateJobObject |
New to Win2K. Terminates a Job Object, which terminates all of its associated processes. |
| |||||||||
|
NtCreateJobSet |
|
New to WinXP. Creates a job set from multiple job objects. |
| |||||||||
|
|
| |||||||||||
|
IA64 Boot.ini |
| |||||||||||
|
These functions are for managing the IA64 version of Boot.ini, which is stored in non-volatile RAM. On non-IA64 systems these return STATUS_NOT_IMPLEMENTED. |
| |||||||||||
|
NtAddBootEntry |
|
New to WinXP. Adds an entry to the boot menu. |
| |||||||||
|
NtDeleteBootEntry |
|
New to WinXP. Deletes an entry from the boot menu. |
| |||||||||
|
NtEnumerateBootEntries |
|
New to WinXP. Enumerates the boot menu entries. |
| |||||||||
|
NtModifyBootEntry |
|
New to WinXP. Modifies an existing boot menu entry. |
| |||||||||
|
NtQueryBootEntryOrder |
|
New to WinXP. Queries the order of boot menu entries. |
| |||||||||
|
NtQueryBootOptions |
|
New to WinXP. Queries the options associated with a boot menu entry. |
| |||||||||
|
NtSetBootEntryOrder |
|
New to WinXP. Sets the order of boot menu entries. |
| |||||||||
|
NtSetBootOptions |
|
New to WinXP. Sets the options associated with a boot menu entry. |
| |||||||||
|
|
| |||||||||||
|
EFI Drivers |
| |||||||||||
|
These functions are for managing IA64 Extensible Firmware Interface device drivers. On non-IA64 systems these return STATUS_NOT_IMPLEMTNED. |
| |||||||||||
|
NtAddDriverEntry |
|
New to Server 2003. Adds a driver. |
| |||||||||
|
NtDeleteDriverEntry |
|
New to Server 2003. Deletes a driver entry. |
| |||||||||
|
NtEnumerateDriverEntries |
|
New to Server 2003. Enumerates driver entries. |
| |||||||||
|
NtModifyDriverEntry |
|
New to Server 2003. Modifies an existing driver entry. |
| |||||||||
|
NtQueryDriverEntryOrder |
|
New to Server 2003. Queries the order of driver entries. |
| |||||||||
|
NtSetDriverEntryOrder |
|
New to Server 2003. Sets the order of driver entries. |
| |||||||||
|
|
| |||||||||||
扫一扫
667
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
