Windows Native API分类列表

Special Files

These APIs are used to create files that have custom characteristics.

NtCreateMailslotFile

CreateMailSlot

Creates a mailslot end-point.

NtCreateNamedPipeFile

CreateNamedPipe

Creates a named-pipe end-point.

NtCreatePagingFile

The System applet uses this API to create paging files. Parameters specify the name, as well as minimum and maximum size.

Drivers

These functions are used by NT to load and unload device driver images from system memory.

NtLoadDriver

CreateFile with Service Control Manager

Loads a device driver based on information provided under HKLM/System/CurrentControlSet/Services/driver name

NtUnloadDriver

Service Control Manager supported

Unloads the specified driver from memory, presuming the driver supports an unload interface.

NtRegisterNewDevice

NT 3.51 only.

Processor and Bus

Processor registers and components can be controlled via these functions.

NtFlushInstructionCache

The NT kernel debugger uses this API, which flushes the processor instruction cache using the HAL.

NtFlushWriteBuffer

The processor's memory write buffer is flushed by this function, which uses the HAL.

NtSetLdtEntries

X86 Local Descriptor Table entries are initialized using this function.

NtEnumerateBus

NT 3.51 only.

NtGetCurrentProcessorNumber

New to Server 2K3. Gets the number of the processor on which a thread is executing.

Debugging and Profiling

The profiling APIs provide a mechanism for sample-based profiling of kernel-mode execution. The Kernprof tool in the DDK makes use of them, and a recent Windows Developer's Journal presented a source code to a Kernprof clone. The debug control function is used by WinDbg for obtaining internal kernel information and controlling thread and process execution.

NtCreateProfile

Creates a profile object.

NtQueryIntervalProfile

Returns profiled data.

NtSetIntervalProfile

Specified sampling interval.

NtStartProfile

Starts sampling.

NtStopProfile

Stops sampling.

NtSystemDebugControl

Implements a range of debugger support commands.

NtRegisterThreadTerminatePort

A debugger registers for thread termination notification with this API.

NtCreateDebugObject

New to WinXP. Creates a debug object.

NtDebugActiveProcess

DebugActiveProcess

New to WinXP. Enables a debugger to attach to an active process and debug it.

NtDebugContinue

Continue DebugEvent

New to WinXP. Allows a process to contiue a thread that has generated a debug event.

NtQueryDebugFilterState

New to WinXP. Queries the debug filter state level for a specific component.

NtRemoveProcessDebug

DebugActiveProcessStop

New to WinXP. Stops debugging the specified process.

NtSetDebugFilterState

New to WinXP. Sets the debug output filter level for the specified component.

NtSetInformationDebugObject

New to WinXP. Sets the attributes of a debug object.

NtWaitForDebugEvent

WaitForDebugEvent

New to WinXP. Waits for a debugging event on a process being debugged.

Channels

These functions were introduced in NT 4.0 and are present in Win2K Beta 1. However, they are all stubs that return STATUS_NOT_IMPLEMENTED. Their names imply that they were intended to provide access to a communications mechanism. Why are they in the released versions of NT if they are not implemented?

NtCreateChannel

Not implemented.

NtOpenChannel

Not implemented.

NtListenChannel

Not implemented.

NtSetContextChannel

Not implemented.

NtReplyWaitSendChannel

Not implemented.

NtSendWaitReplyChannel

Not implemented.

Power

There's only one Native API for power management in NT 4.0. Interestingly, this API was introduced in NT 4.0, but was a stub that returned STATUS_NOT_IMPLEMENTED. Win2K fleshes out the API and adds more commands.

NtSetSystemPowerState

Not implemented in NT 4.0.

NtInitiatePowerAction

New to Win2K. Initiate a power event (e.g. suspend)

NtPowerInformation

GetSystemPowerStatus

New to Win2K. Get the system's power state.

NtSetThreadExecutionState

SetThreadExecutionState

New to Win2K. Sets a thread's system power state requirement.

NtRequestWakeupLatency

New to Win2K. Sets a process' wakeup latency.

Plug-and-Play

Like the Power API, some of these were introduced in NT 4.0 as unimplemented functions. Win2K fleshes them out and adds more.

NtGetPlugPlayEvent

Present, but not implemented in NT 4.0. Sets plug and play events.

NtPlugPlayControl

Present, but not implemented in NT 4.0. Sends commands to the plug-and-play subsystem.

Objects

Object manager namespace objects are created and manipualted with these routines. A couple of these, like NtClose, are general in that they are used with any object type.

NtClose

CloseHandle

Closes a handle to any object type.

NtDuplicateObject

DuplicateHandle

Duplicates a handle to an object.

NtCreateDirectoryObject

Creates a directory in the object manager namespace.

NtCreateSymbolicLinkObject

Creates a symbolic link in the object manager namespace. The Win32 DefineDosDevice command lets you create links, but only in the /?? subdirectory.

NtMakeTemporaryObject

Causes a permanent object to be deleted during NT shutdown so that it isn't present at the next boot.

NtOpenDirectoryObject

Opens an object manager namespace directory.

NtQueryDirectoryObject

Used to enumerate the objects located in an directory object.

NtOpenSymbolicLinkObject

Opens a symbolic link object.

NtQuerySymbolicLinkObject

Returns the name of the object that the symbolic link points at.

NtQueryObject

Queries an an object's attributes, such as its name.

NtSetInformationObject

Sets an object's attributes.

NtMakePermanentObject

New to WinXP. Sets the permanent flag on an object.

NtTranslateFilePath

New to WinXP. Translates a file path from one format (e.g. NT, ARC, EFI) to another.

Registry

Win32 Registry functions basically map directly to these APIs, and many of them are documented in the DDK.

NtCreateKey

RegCreateKey

Creates or opens a Registry key.

NtOpenKey

RegOpenKey

Opens an existing Registry key.

NtDeleteKey

RegDeleteKey

Deletes a Registry key.

NtDeleteValueKey

RegDeleteValue

Deletes a value.

NtEnumerateKey

RegEnumKey, RegEnumKeyEx

Enumerates the subkeys of a key.

NtEnumerateValueKey

RegEnumValue

Enumerates the values within a key.

NtFlushKey

RegFlushKey

Flushes changes back to the Registry on disk.

NtInitializeRegistry

Gets the Registry rolling. The single parameter to this specifies whether its a setup boot or a normal boot.

NtNotifyChangeKey

RegNotifyChangeKeyValue

Allows a program to be notified of changes to a particular key or its subkeys.

NtQueryKey

RegQueryKey

Queries information about a key.

NtQueryMultiplValueKey

RegQueryMultipleValues

Retrieves information about multiple specified values. This API was introduced in NT 4.0.

NtQueryValueKey

RegQueryValue, RegQueryValueEx

Retrieves information about a specified value.

NtReplaceKey

RegReplaceKey

Changes the backing file for a key and its subkeys. Used for backup/restore.

NtSaveKey

RegSaveKey

Saves the contents of a key and subkey to a file.

NtRestoreKey

RegRestoreKey

Loads the contents of a key from a specified file.

NtSetInformationKey

Sets attributes of a key.

NtSetValueKey

RegSetValue, RegSetValueEx

Sets the data associated with a value.

NtLoadKey

RegLoadKey

Loads a hive file into the Registry.

NtLoadKey2

Introduced in NT 4.0. Allows for options on loading a hive.

NtUnloadKey

RegUnloadKey

Unloads a hive from the Registry.

NtCompactKeys

New to WinXP. Makes key storage adjacent.

NtCompressKey

New to WinXP. Performs in-place compaction of a hive.

NtLockRegistryKey

New to WinXP. Locks a registry key for modification.

NtRenameKey

New to WinXP. Renames a Registry key.

NtSaveKeyEx

RegSaveKeyEx

New to WinXP. Saves the contents of a key and its subkeys to a file.

NtUnloadKeyEx

New to WinXP. Unloads a hive from the Registry.

NtLoadKeyEx

New to Server 2K3. Loads a hive into the Registry.

NtUnloadKey2

New to Serer 2K3. Unloads a hive from the Registry.

NtQueryOpenSubKeysEx

New to Server 2003. Returns the keys opened beneath a specified key.

Local Procedure Call

LPC is NT's core interprocess communications mechanism. If you use RPC between processes on the same computer you are using LPC indirectly.

NtCreatePort

Creates a port object.

NtAcceptConnectPort

Accepts a port connection.

NtCompleteConnectPort

Completes a connection.

NtConnectPort

Connects a port to another port that is accepting connections.

NtImpersonateClientOfPort

Thread impersonates the identify of the process on the other end of a port.

NtListenPort

Listens on a port for connection requests.

NtQueryInformationPort

Obtains information on a port.

NtReadRequestData

Reads data associated with a port message.

NtReplyPort

Sends a reply message.

NtReplyWaitReceivePort

Sends a reply message and then waits for an incoming request message.

NtReplyWaitReplyPort

Sends a reply message and then waits for an incoming reply message.

NtRequestPort

Sends a request message.

NtRequestWaitReplyPort

Sends a request message and waits for an incoming reply message.

NtWriteRequestData

Fills in data for a request message

NtSecureConnectPort

New to Win2K. Creates a secure connection port.

NtQueryPortInformationProcess

New to WinXP. Used to determine if a process has an associated exception or debug port.

Security

The Native security APIs are mapped almost directly by Win32 security APIs.

NtAccessCheck

AccessCheck

Checks to see whether current thread has access to an object based on its security descriptor.

NtAccessCheckAndAuditAlarm

AccessCheckAuditAlarm

Generates an audit message related to access checking.

NtAdjustGroupsToken

AdjustTokenGroups

Adds or removes groups associated with a token.

NtAdjustPrivilegesToken

AdjustTokenPrivileges

Enables or disables privileges associated with a token.

NtCloseObjectAuditAlarm

ObjectCloseAuditAlarm

Generates an audit message indicating that an object was closed.

NtCreateToken

CreateToken

Creates a token object.

NtDeleteObjectAuditAlarm

ObjectDeleteAuditAlarm

Generated an audit event indicating that an object was deleted.

NtDuplicateToken

DuplicateToken, DuplicateTokenEx

Duplicates a token object.

NtOpenObjectAuditAlarm

ObjectOpenAuditAlarm

Generated an audit event indicating that an object was opened.

NtImpersonateThread

ImpersonateLoggedOnUser

Allows a thread to impersonate the identity of another user.

NtOpenProcessToken

OpenProcessToken

Obtains a handle to the token of a specified process.

NtOpenThreadToken

OpenThreadToken

Opens a handle to the token of a specified thread.

NtPrivilegeCheck

PrivilegeCheck

Checks to see whether a token has the specified privileges enabled.

NtPrivilegeObjectAuditAlarm

ObjectPrivilegeAuditAlarm

Generates an audit event record associated with a privilege check.

NtPrivilegedServiceAuditAlarm

PrivilegedServiceAuditAlarm

Generates an audit message indicating the attempt to use specified privileges.

NtQueryInformationToken

GetTokenInformation

Obtains information about a token.

NtQuerySecurityObject

GetUserObjectSecurity, GetPrivateObjectSecurity

Retrieves information about an object's security settings.

NtSetInformationToken

SetTokenInformation

Sets a token's attributes.

NtSetSecurityObject

SetUserObjectSecurity, SetrivateSecurityObject

Sets the security information of an object.

NtAccessCheckByType

AccessCheckByType

New object-specific security support in Win2K.

NtAccessCheckByTypeAndAuditAlarm

AccessCheckByTypeAndAuditAlarm

New object-specific security support in Win2K.

NtAccessCheckByTypeResultList

AccessCheckByTypeResultList, AccessCheckByTypeResultListAndAuditAlarm

New object-specific security support in Win2K.

NtFilterToken

CreateRestrictedToken

New object-specific security support in Win2K.

NtCompareToken

New object-specific security support in Win2K.

NtOpenProcessTokenEx

New to WinXP. Compares two tokens.

NtOpenThreadTokenEx

New to WinXP. Opens a process token.

New to WinXP. Opens a thread token.

Processes and Threads

These functions control processes and threads. Many have direct Win32 equivalents.

NtAlertResumeThread

Resumes a thread.

NtAlertThread

Sends an alert to a thread.

NtTestAlert

Tests for whether a thread has a pending alert.

NtCreateProcess

CreateProcess

Creates a new process.

NtCreateThread

CreateThread

Creates a new thread.

NtCurrentTeb

Returns a pointer to a thread's environment block.

NtDelayExecution

Sleep, SleepEx

Pauses a thread for a specified time.

NtGetContextThread

GetThreadContext

Retrieves the hardware context (registers) of a thread.

NtSetContextThread

SetThreadContext

Sets the hardware context (registers) of a thread.

NtOpenProcess

OpenProcess

Opens a handle to a specified process.

NtOpenThread

OpenThread

Opens a handle to a specified thread.

NtQueryInformationProcess

GetProcessTimes, GetProcessVersion, GetProcessWorkingSetSize, GetProcessPriorityBoost, GetProcessAffinityMask, GetPriorityClass, GetProcessShutdownParameters

Obtains information about a process' attributes.

NtQueryInformationThread

GetThreadTimes, GetThreadPriority, GetThreadPriorityBoost

Obtains information about a thread's attributes.

NtQueueApcThread

QueueUserApc

Introduced in NT 4.0. Queues an Asynchornous Procedure Call to a thread.

NtResumeThread

ResumeThread

Wakes up a suspended thread.

NtSetInformationProcess

SetProcessAffinityMask, SetPriorityClass, SetProcessPriorityBoost, SetProcessShutdownParameters, SetProcessWorkingSetSize

Sets a process' attributes.

NtSetInformationThread

SetThreadAffinityMask, SetThreadIdealProcessor, SetThreadPriority, SetThreadPriorityBoost

Sets a thread's attributes.

NtSetLowWaitHighThread

NT 4.0 only (not in Win2K).

NtSetHighWaitLowThread

NT 4.0 only (not in Win2K).

NtSuspendThread

SuspendThread

Suspends a thread's execution.

NtTerminateProcess

TerminateProcess

Deletes a process.

NtTerminateThread

TerminateThread

Deletes a thread.

NtYieldExecution

SwitchToThread

Introduced in NT 4.0. Causes thread to give up CPU.

NtCreateProcessEx

New to WinXP. Creates a new process.

NtResumeProcess

New to WinXP. Resumes a suspended process.

NtSuspendProcess

New to WinXP. Suspends a process.

NtApphelpCacheControl

New to Server 2003. Controls the application-compatibility shim cache.

Atoms

Atoms allow for the efficient storage and referencing of character strings.

NtAddAtom

AddAtom

Introduced in NT 4.0. Adds a character string to an atom table.

NtDeleteAtom

DeleteAtom

Introduced in NT 4.0. Removes an atom from an atom table.

NtFindAtom

FindAtom

Introduced in NT 4.0. Looks up an atom in an atom table.

NtQueryInformationAtom

GetAtomName

Introduced in NT 4.0. Retrieves information about an atom.

Error Handling

Device drivers and debuggers rely on these error handling routines.

NtRaiseException

RaiseException

Signals an exception condition to trigger exception handler execution.

NtContinue

try/except

Allows error processing handling to continue to the next handler.

NtRaiseHardError

Used to raise an error message box.

NtSetDefaultHardErrorPort

SetErrorMode

Used by programs to disable hard error message boxes cause by their actions.

Execution Environment

These functions are related to general execution environment.

NtQueryDefaultLocale

GetLocaleInfo

Retrieves information about the locale.

NtSetDefaultLocale

SetLocaleInfo

Sets locale information.

NtQuerySystemEnvironmentValue

GetEnvironmentVariable

Gets the value of an environment variable.

NtSetSystemEnvironmentValue

SetEnvironmentVariable

Sets the value of an environment variable.

NtQueryDefaultUILanguage

New to Win2K. Win2K supports on-the-fly language changes. Queries the current language.

NtSetDefaultUILanguage

New to Win2K. Win2K supports on-the-fly language changes. Sets the current language.

NtEnumerateSystemEnvironmentValuesEx

New to WinXP. Enumerates the system environment variables.

NtQuerySystemEnvironmentValueEx

New to WinXP. Queries the value of an environment variable.

Timers and System Time

Virtually all these routines have functionality accessible via Win32 APIs.

NtCancelTimer

CancelWaitableTimer, timeKillEvent

Cancels a timer.

NtCreateTimer

CreateWaitableTimer

Creates a timer.

NtOpenTimer

OpenWaitableTimer

Opens a timer object.

NtQueryTimer

Queries a timer's attributes.

NtQueryTimerResolution

timeGetDevCaps

Queries the system's timer resolution.

NtSetTimer

timeSetEvent

Sets a timer for an expiration event.

NtSetTimerResolution

timeBeginPeriod, timeEndPeriod

Sets the system timer resolution.

NtQueryPerformanceCounter

QueryPerformanceCounter, QueryPerformanceFrequency

Queries the system performance counter.

NtQuerySystemTime

GetSystemTime

Gets the current time.

NtSetSystemTime

SetSystemTime

Sets the system time.

NtGetTickCount

GetTickCount

Get the ticks since system boot.

Synchronization

Most synchronization objects have Win32 APIs, with the notable exception of event pairs. Event pairs are used for high-performance interprocess synchronization by the LPC facility.

NtCreateEvent

CreateEvent

Creates an event object.

NtOpenEvent

OpenEvent

Opens an event object.

NtClearEvent

Clears the signalled state of an event.

NtPulseEvent

PulseEvent

Signals an event and then resets it.

NtQueryEvent

Queries the state of an event.

NtResetEvent

ResetEvent

Resets an event to a non-signalled state.

NtSetEvent

SetEvent

Sets an event to the signalled state.

NtCreateEventPair

Creates an event pair.

NtOpenEventPair

Opens an event pair.

NtSetHighEventPair

Sets the high half of an event pair to signalled state.

NtSetHighWaitLowEventPair

Sets the high half of an event pair to signalled state and waits for the low half to become signalled.

NtSetLowEventPair

Sets the low half of an event pair.

NtSetLowWaitHighEventPair

Sets the low half of an event pair and waits for the high-half to become signalled.

NtWaitHighEventPair

Waits for the high-half of an event pair to become signalled.

NtWaitLowEventPair

Waits for the low-half of an event pair to become signalled.

NtCreateMutant

CreateMutex

Creates a mutant object (known as a mutex in user mode).

NtOpenMutant

OpenMutex

Opens a mutant object (known as a mutex in user mode).

NtQueryMutant

Queries the state of a mutant object.

NtReleaseMutant

ReleaseMutex

Signals a mutant

NtReleaseProcessMutant

3.51 only.

NtReleaseThreadMutant

3.51 only.

NtCreateSemaphore

CreateSemaphore

Creates a semaphore object.

NtOpenSemaphore

OpenSemaphore

Opens a semaphore object.

NtQuerySemaphore

Queries the state of a semaphore.

NtReleaseSemaphore

ReleaseSemaphore

Signals a semaphore.

NtSignalAndWaitForSingleObject

Introduced in NT 4.0. Signals a synchornization object and then waits for it to be signalled again.

NtWaitForMultipleObjects

WaitForMultipleObjects, WaitForMultipleObjectsEx

Waits for multiple objects to become signalled.

NtWaitForSingleObject

WaitForSingleObject, WaitForSingleObjectEx

Waits for a single object to become signalled.

NtCreateKeyedEvent

New to WinXP. Creates a keyed event object.

NtOpenKeyedEvent

New to WinXP. Opens a named keyed event object.

NtReleaseKeyedEvent

New to WinXP. Signals a keyed event object.

NtWaitForKeyedEvent

New to WinXP. Waits for a keyed event to become signalled.

NtSetEventBoostPriority

New to WinXP. Signals an event and sets the priority of woken threads.

Memory

Most of NT's virtual memory APIs are accessible via Win32.

NtAllocateVirtualMemory

VirtualAlloc, VirtualAllocEx

Allocates virtual memory.

NtFreeVirtualMemory

VirtualFree, VirtualFreeEx

Frees virtual memory.

NtQueryVirtualMemory

VirtualQuery, VirtualQueryEx

Queries a range of virtual memory's attributes.

NtProtectVirtualMemory

VirtualProtect, VirtualProtectEx

Sets the protection for a range of virtual memory.

NtLockVirtualMemory

VirtualLock

Locks a range of virtual memory.

NtUnlockVirtualMemory

VirtualUnlock

Unlocks a range of virtual memory.

NtReadVirtualMemory

ReadProcessMemory

Reads a range of virtual memory from a specied process.

NtWriteVirtualMemory

WriteProcessMemory

Writes a range of virtual memory from a specied process.

NtFlushVirtualMemory

FlushViewOfFile

Flushes a memory mapped range of memory to the file on disk.

NtCreateSection

CreateFileMapping

Creates a range of memory backed by a file.

NtOpenSection

OpenFileMapping

Opens a named memory mapping section object.

NtExtendSection

Extends an existing range of virtual memory backed by a file.

NtMapViewOfSection

MapViewOfFile

Maps a portion of a file into virtual memory.

NtUnmapViewOfSection

UnmapViewOfFile

Unmaps a portion of virtual memory backed by a file.

NtAllocateVirtualMemory64

VirtualAllocVlm

New to Win2K. Allocates 64-bit virtual memory.

NtFreeVirtualMemory64

VirtualFreeVlm

New to Win2K. Frees 64-bit virtual memory.

NtMapViewOfVlmSection

MapViewOfFileVlm

New to Win2K. Maps a file into 64-bit virtual memory.

NtUnmapViewOfVlmSection

UnmapViewOfFileVlm

New to Win2K. Unmaps a view of a file mapped into 64-bit virtual memory.

NtAreMappedFilesTheSame

New to Win2K. The loader uses this to efficiently see if a given file has already been mapped into memory.

NtProtectVirtualMemory64

VirtualProtectVlm

New to Win2K. Sets protection on 64-bit virtual memory.

NtQueryVirtualMemory64

VirtualQueryVlm

New to Win2K. Queries the attributes of 64-bit virtual memory.

NtReadVirtualMemory64

ReadProcessMemoryVlm

New to Win2K. Reads data from 64-bit memory of the specified process.

NtWriteVirtualMemory64

WriteProcessMemoryVlm

New to Win2K. Writes data to 64-bit memory of the specified process.

File and General I/O

File I/O is the best documented of the native APIs since many device drivers must make use of it.

NtCancelIoFile

CancelIo

Cancels an I/O request.

NtCreateFile

CreateFile, CreateDirectory, CreateDirectoryEx

Create or opens a file, directory or device object.

NtCreateIoCompletion

CreateIoCompletionPort

Tells the I/O manager that a thread wishes to be notified when an I/O completes.

NtOpenIoCompletion

Opens a named I/O completion object.

NtSetIoCompletion

Sets an I/O completion object's attributes.

NtQueryIoCompletion

Retrieves specific information about an I/O completion object.

NtRemoveIoCompletion

Removes an I/O completion callback.

NtDeleteFile

DeleteFile

Deletes a file object.

NtDeviceIoControlFile

DeviceIoControl

Sends an IOCTL to a device's device driver, which represented by an open file object.

NtFlushBuffersFile

FlushFileBuffers

Flushes in-memory file data to disk.

NtFsControlFile

DeviceIoControl

Sends an I/O control (IOCTL) to a driver represented by an open device object. These are typically used for file system-related special commands.

NtLockFile

LockFile, LockFileEx

Locks a range of a file for synchronized access.

NtUnlockFile

UnlockFile

Unlocks a range of a file for synchronized access.

NtNotifyChangeDirectoryFile

FindFirstChangeNotification, FindNextChangeNotification

Registers that a thread wishes to be notified when a directory's contents change.

NtOpenFile

OpenFile

Opens an existing file.

NtQueryAttributesFile

GetFileAttributesEx

Gets a file's attributes.

NtQueryDirectoryFile

FindFirstFile, FindFirstFileEx, FindNextFile

Retrieves a directory's contents.

NtQueryEaFile

Retrieves a file's extended attributes.

NtSetEaFile

Sets the extended attributes of a file.

NtQueryFullAttributesFile

Introduced in NT 4.0. Gets a file's full attributes.

NtQueryInformationFile

GetShortPathName, GetLongPathName, GetFullPathName, GetFileType, GetFileSize, GetFileTime

Retrieves specific information regarding a file.

NtSetInformationFile

SetEndOfFile, SetFileAttributes, SetNamedPipeHandleState, SetMailslotInfo

Sets specific information regarding a file.

NtQueryVolumeInformationFile

GetDiskFreeSpace, GetDriveType

Retrieves specific information regarding a disk volume.

NtSetVolumeInformationFile

SetVolumeLabel

Sets information about a volume.

NtReadFile

ReadFile, ReadFileEx

Reads data from a file.

NtWriteFile

WriteFile, WriteFileEx

Writes data to a file.

NtReadFileScatter

ReadFileScatter

Introduced in NT 4.0 SP2 for SQL Server. Reads data from a file into virtually discontiguous buffers.

NtWriteFileGather

WriteFileGather

Introduced in NT 4.0 SP2 for SQL Server. Writes data to a file from virtually discontiguous buffers.

NtQueryQuotaInformationFile

IDiskQuotaControl::

New to Win2K. Win2K supports NTFS disk quotas. Queries disk quota information.

NtSetQuotaInformationFile

IDiskQuotaControl::

New to Win2K. Win2K supports NTFS disk quotas. Sets disk quota information.

NtReadFile64

ReadFileVlm

New to Win2K. Reads data from a file into 64-bit virtual memory.

NtWriteFile64

WriteFileVlm

New to Win2K. Writes data to a file from 64-bit virtual memory.

Miscellaneous

These functions don't fall neatly into other categories.

NtAllocateLocallyUniqueId

AllocateLocallyUniqueId

Allocates an ID that is unique to the system with respect to other IDs allocate by this function. The security subsystem makes extensive use of this.

NtAllocateUuids

Allocates UUIDs.

NtDisplayString

Displays a string on the Blue Screen. This is used both during system boot and for writing on the Blue Screen of Death.

NtQuerySystemInformation

While this function isn't directly documented, the Performance Counters in the Registry export much of the information obtainable via this call.

NtSetSystemInformation

Various administrative applets use this function. For instance, quantum boosting is set with this API.

NtShutdownSystem

ExitWindows

Shuts down NT with options for rebooting.

NtVdmControl

Sends commands to a Virtual DOS Machine.

NtCallbackReturn

For returning from Win32 into a caller.

NtW32Call

For calling into Win32 user mode.

NtQueryOleDirectoryFile

NT 4.0 only.

NtLockProductActivationKeys

New to WinXP. Locks the product activation keys for writing.

Jobs

These functions implement Job objects, which are new to Win2K. They are essentially a group of associated processes that can be controlled as a single unit and that share job-execution time restrictions.

NtCreateJobObject

CreateJobObject

New to Win2K. Creates a job object.

NtOpenJobObject

OpenJobObject

New to Win2K. Opens a named Job Object.

NtQueryInformationJobObject

QueryInformationJobObject

New to Win2K. Retrieves information about a Job Object.

NtAssignProcessToJobObject

AssignProcessToJobObject

New to Win2K. Assigns a process to a Job Object.

NtSetInformationJobObject

SetInformationJobObject

New to Win2K. Sets a Job Object's attributes (e.g. priority).

NtTerminateJobObject

TerminateJobObject

New to Win2K. Terminates a Job Object, which terminates all of its associated processes.

NtCreateJobSet

New to WinXP. Creates a job set from multiple job objects.

IA64 Boot.ini

These functions are for managing the IA64 version of Boot.ini, which is stored in non-volatile RAM. On non-IA64 systems these return STATUS_NOT_IMPLEMENTED.

NtAddBootEntry

New to WinXP. Adds an entry to the boot menu.

NtDeleteBootEntry

New to WinXP. Deletes an entry from the boot menu.

NtEnumerateBootEntries

New to WinXP. Enumerates the boot menu entries.

NtModifyBootEntry

New to WinXP. Modifies an existing boot menu entry.

NtQueryBootEntryOrder

New to WinXP. Queries the order of boot menu entries.

NtQueryBootOptions

New to WinXP. Queries the options associated with a boot menu entry.

NtSetBootEntryOrder

New to WinXP. Sets the order of boot menu entries.

NtSetBootOptions

New to WinXP. Sets the options associated with a boot menu entry.

EFI Drivers

These functions are for managing IA64 Extensible Firmware Interface device drivers. On non-IA64 systems these return STATUS_NOT_IMPLEMTNED.

NtAddDriverEntry

New to Server 2003. Adds a driver.

NtDeleteDriverEntry

New to Server 2003. Deletes a driver entry.

NtEnumerateDriverEntries

New to Server 2003. Enumerates driver entries.

NtModifyDriverEntry

New to Server 2003. Modifies an existing driver entry.

NtQueryDriverEntryOrder

New to Server 2003. Queries the order of driver entries.

NtSetDriverEntryOrder

New to Server 2003. Sets the order of driver entries.