附录 B
内核API函数(Kernel API Functions)
附录B包含在第二章讨论的系统模块:win32k.sys、ntdll.dll和ntoskrnl.exe导出的函数列表。N/A表示不支持(Not Available)。
表B-1. Windows 2000 Native API
函数名称
INT 2eh
Ntdll.Nt*
Ntdll.Zw*
Ntoskrnl.Nt*
Ntoskrnl.Zw*
1
NtAcceptConnectPort
0x0000
N/A
N/A
2
NtAccessCheck
0x0001
N/A
N/A
3
NtAccessCheckAndAuditAlarm
0x0002
N/A
4
NtAccessCheckByType
0x0003
N/A
N/A
5
NtAccessCheckByTypeAndAuditAlarm
0x0004
N/A
N/A
6
NtAccessCheckByTypeResultList
0x0005
N/A
N/A
7
NtAccessCheckByTypeResultListAndAuditAlarm
0x0006
N/A
N/A
8
NtAccessCheckByTypeResultListAndAuditAlarmByHandle
0x0007
N/A
N/A
9
NtAddAtom
0x0008
N/A
10
NtAdjustGroupsToken
0x0009
N/A
N/A
11
NtAdjustPrivilegesToken
0x000A
12
NtAlertResumeThread
0x000B
N/A
N/A
13
NtAlertThread
0x000C
N/A
14
NtAllocateLocallyUniqueld
0x000D
N/A
15
NtAllocateUserPhysicalPages
0x000E
N/A
N/A
16
NtAllocateUuids
0x000F
N/A
17
NtAllocateVirtualMemory
0x0010
18
NtAreMappedFilesTheSame
0x0011
N/A
N/A
19
NtAssignProcessToJobObject
0x0012
N/A
N/A
20
NtBuildNumber
N/A
N/A
N/A
N/A
21
NtCallbackReturn
0x0013
N/A
N/A
22
NtCancelDeviceWakeupRequest
0x0016
N/A
N/A
23
NtCancelloFile
0x0014
N/A
24
NtCancelTimer
0x0015
N/A
25
NtClearEvent
0x0017
N/A
26
NtClose
0x0018
27
NtCloseObjectAuditAlarm
0x0019
N/A
28
NtCompleteConnectPort
0x001A
N/A
N/A
29
NtConnectPort
0x001B
30
NtContinue
0x001C
N/A
N/A
31
NtCreateChannel
0x00F1
N/A
N/A
32
NtCreateDirectoryObject
0x001D
N/A
33
NtCreateEvent
0x001E
34
NtCreateEventPair
0x001F
N/A
N/A
35
NtCreateFile
0x0020
36
NtCreateloCompletion
0x0021
N/A
N/A
37
NtCreateJobObject
0x0022
N/A
N/A
38
NtCreateKey
0x0023
N/A
39
NtCreateMailslotFile
0x0024
N/A
N/A
40
NtCreateMutant
0x0025
N/A
N/A
41
NtCreateNamedPipeFile
0x0026
N/A
N/A
42
NtCreatePagingFile
0x0027
N/A
N/A
43
NtCreatePort
0x0028
N/A
N/A
44
NtCreateProcess
0x0029
N/A
N/A
45
NtCreateProfile
0x002A
N/A
N/A
46
NtCreateSection
0x002B
47
NtCreateSemaphore
0x002C
N/A
N/A
48
NtCreateSymbolicLinkObject
0x002D
N/A
49
NtCreateThread
0x002E
N/A
N/A
50
NtCreateTimer
0x002F
N/A
51
NtCreateToken
0x0030
N/A
N/A
52
NtCreateWaitablePort
0x0031
N/A
N/A
53
NtCurrentTeb
N/A
N/A
N/A
N/A
54
NtDelayExecution
0x0032
N/A
N/A
55
NtDeleteAtom
0x0033
N/A
56
NtDeleteFile
0x0034
57
NtDeleteKey
0x0035
N/A
58
NtDeleteObjectAuditAlarm
0x0036
N/A
N/A
59
NtDeleteValueKey
0x0037
N/A
60
NtDeviceloControlFile
0x0038
61
NtDisplayString
0x0039
N/A
62
NtDuplicateObject
0x003A
63
NtDuplicateToken
0x003B
64
NtEnumerateKey
0x003C
N/A
65
NtEnumerateValueKey
0x003D
N/A
66
NtExtendSection
0x003E
N/A
N/A
67
NtFilterToken
0x003F
N/A
N/A
68
NtFindAtom
0x0040
N/A
69
NtFlushBuffersFile
0x0041
N/A
N/A
70
NtFlushlnstructionCache
0x0042
N/A
71
NtFlushKey
0x0043
N/A
72
NtFlushVirtualMemory
0x0044
N/A
73
NtFlushWriteBuffer
0x0045
N/A
N/A
74
NtFreeUserPhysicalPages
0x0046
N/A
N/A
75
NtFreeVirtualMemory
0x0047
76
NtFsControlFile
0x0048
77
NtGetContextThread
0x0049
N/A
N/A
78
NtGetDevicePowerState
0x004A
N/A
N/A
79
NtGetPlugPlayEvent
0x004B
N/A
N/A
80
NtGetTickCount
0x004C
N/A
N/A
81
NtGetWriteWatch
0x004D
N/A
N/A
82
NtGlobalFlag
N/A
N/A
N/A
N/A
83
NtlmpersonateAnonymousToken
0x004E
N/A
N/A
84
NtlmpersonateClientOfPort
0x004F
N/A
N/A
85
NtlmpersonateThread
0x0050
N/A
N/A
86
NtlnitializeRegistry
0x0051
N/A
N/A
87
NtlnitiatePowerAction
0x0052
N/A
88
NtlsSystemResumeAutomatic
0x0053
N/A
N/A
89
NtListenChannel
0x00F2
N/A
N/A
90
NtListenPort
0x0054
N/A
N/A
91
NtLoadDriver
0x0055
N/A
92
NtLoadKey
0x0056
N/A
93
NtLoadKey2
0x0057
N/A
N/A
94
NtLockFile
0x0058
N/A
95
NtLockVirtualMemory
0x0059
N/A
N/A
96
NtMakeTemporaryObject
0x005A
N/A
97
NtMapUserPhysicalPages
0x005B
N/A
N/A
98
NtMapUserPhysicalPagesScatter
0x005C
N/A
N/A
99
NtMapViewOf Section
0x005D
100
NtNotifyChangeDirectoryFile
0x005E
N/A
101
NtNotifyChangeKey
0x005F
N/A
102
NtNotifyChangeMultipleKeys
0x0060
N/A
N/A
103
NtOpenChannel
0x00F3
N/A
N/A
104
NtOpenDirectoryObject
0x0061
N/A
105
NtOpenEvent
0x0062
N/A
106
NtOpenEventPair
0x0063
N/A
N/A
107
NtOpenFile
0x0064
108
NtOpenloCompletion
0x0065
N/A
N/A
109
NtOpenJobObject
0x0066
N/A
N/A
110
NtOpenKey
0x0067
N/A
111
NtOpenMutant
0x0068
N/A
N/A
112
NtOpenObjectAuditAlarm
0x0069
N/A
N/A
113
NtOpenProcess
0x006A
114
NtOpenProcessToken
0x006B
115
NtOpenSection
0x006C
N/A
116
NtOpenSemaphore
0x006D
N/A
N/A
117
NtOpenSymbolicLinkObject
0x006E
N/A
118
NtOpenThread
0x006F
N/A
119
NtOpenThreadToken
0x0070
N/A
120
NtOpenTimer
0x0071
N/A
121
NtPlugPlayControl
0x0072
N/A
N/A
122
NtPowerlnformation
0x0073
N/A
123
NtPrivilegeCheck
0x0074
N/A
N/A
124
NtPrivilegedServiceAuditAlarm
0x0075
N/A
N/A
125
NtPrivilegeObjectAuditAlarm
0x0076
N/A
N/A
126
NtProtectVirtualMemory
0x0077
N/A
N/A
127
NtPulseEvent
0x0078
N/A
128
NtQueryAttributesFile
0x007A
N/A
N/A
129
NtQueryDefaultLocale
0x007B
N/A
130
NtQueryDefaultUILanguage
0x007C
N/A
131
NtQueryDirectoryFile
0x007D
132
NtQueryDirectoryObject
0x007E
N/A
133
NtQueryEaFile
0x007F
134
NtQueryEvent
0x0080
N/A
N/A
135
NtQueryFullAttributesFile
0x0081
N/A
N/A
136
NtQuerylnformationAtom
0x0079
N/A
137
NtQuerylnformationFile
0x0082
138
NtQuerylnformationJobObject
0x0083
N/A
N/A
139
NtQuerylnformationPort
0x0085
N/A
N/A
140
NtQuerylnformationProcess
0x0086
141
NtQuerylnformationThread
0x0087
N/A
N/A
142
NtQuerylnformationToken
0x0088
143
NtQuerylnstallUILanguage
0x0089
N/A
144
NtQuerylntervalProfile
0x008A
N/A
N/A
145
NtQueryIoCompletion
0x0084
N/A
N/A
146
NtQueryKey
0x008B
N/A
147
NtQueryMultipleValueKey
0x008C
N/A
N/A
148
NtQueryMutant
0x008D
N/A
N/A
149
NtQueryObject
0x008E
N/A
150
NtQueryOpenSubKeys
0x008F
N/A
N/A
151
NtQueryPerformanceCounter
0x0090
N/A
N/A
152
NtQueryQuotalnformationFile
0x0091
N/A
153
NtQuerySection
0x0092
N/A
154
NtQuerySecurityObject
0x0093
156
NtQuerySemaphore
0x0094
N/A
N/A
157
NtQuerySymbolicLinkObject
0x0095
N/A
158
NtQuerySystemEnvironment Value
0x0096
N/A
N/A
159
NtQuerySystemlnformation
0x0097
160
NtQuerySystemTime
0x0098
N/A
N/A
161
NtQuery Timer
0x0099
N/A
N/A
162
NtQueryTimerResolution
0x009A
N/A
N/A
163
NtQueryValueKey
0x009B
N/A
164
NtQuery VirtualMemory
0x009C
N/A
N/A
165
NtQuery VolumelnformationFile
0x009D
166
NtQueueApcThread
0x009E
N/A
N/A
167
NtRaiseException
0x009F
N/A
N/A
168
NtRaiseHardError
0x00A0
N/A
N/A
169
NtReadFile
0x00Al
170
NtReadFileScatter
0x00A2
N/A
N/A
171
NtReadRequestData
0x00A3
N/A
N/A
172
NtReadVirtualMemory
0x00A4
N/A
N/A
173
NtRegisterThreadTerminatePort
0x00A5
N/A
N/A
174
NtReleaseMutant
0x00A6
N/A
N/A
175
NtReleaseSemaphore
0x00A7
N/A
N/A
176
NtRemoveloCompletion
0x00A8
N/A
N/A
177
NtReplaceKey
0x00A9
N/A
178
NtReplyPort
0x00AA
N/A
N/A
179
NtReplyWaitReceivePort
0x00AB
N/A
N/A
180
NtReplyWaitReceivePortEx
0x00AC
N/A
N/A
181
NtReplyWaitReplyPort
0x00AD
N/A
N/A
182
NtReplyWaitSendChannel
0x00F4
N/A
N/A
183
NtRequestDeviceWakeup
0x00AE
N/A
N/A
184
NtRequestPort
0x00AF
N/A
185
NtRequestWaitReplyPort
0x00B0
186
NtRequestWakeupLatency
0x00Bl
N/A
N/A
187
NtResetEvent
0x00B2
N/A
188
NtResetWriteWatch
0x00B3
N/A
N/A
189
NtRestoreKey
0x00B4
N/A
190
NtResumeThread
0x00B5
N/A
N/A
191
NtSaveKey
0x00B6
N/A
192
NtSaveMergedKeys
0x00B7
N/A
N/A
193
NtSecureConnectPort
0x00B8
N/A
N/A
194
NtSendWaitReplyChannel
0x00F5
N/A
N/A
195
NtSetContextChannel
0x00F6
N/A
N/A
196
NtSetContextThread
0x00BA
N/A
N/A
197
NtSetDefaultHardErrorPort
0x00BB
N/A
N/A
198
NtSetDefaultLocale
0x00BC
N/A
199
NtSetDefaultUILanguage
0x00BD
N/A
200
NtSetEaFile
0x00BE
201
NtSetEvent
0x00BF
202
NtSetHighEventPair
0x00C0
N/A
N/A
203
NtSetHighWaitLowEventPair
0x00Cl
N/A
N/A
204
NtSetlnformationFile
0x00C2
205
NtSetlnformationJobObject
0x00C3
N/A
N/A
206
NtSetlnformationKey
0x00C4
N/A
N/A
207
NtSetlnformationObject
0x00C5
N/A
208
NtSetlnformationProcess
0x00C6
209
NtSetlnformationThread
0x00c7
210
NtSetlnformationToken
0x00C8
N/A
N/A
211
NtSetlntervalProfile
0x00C9
N/A
N/A
212
NtSetloCompletion
0x00B9
N/A
N/A
213
NtSetLdtEntries
0x00CA
N/A
N/A
214
NtSetLowEventPair
0x00CB
N/A
N/A
215
NtSetLowWaitHighEventPair
0x00CC
N/A
N/A
216
NtSetQuotalnformationFile
0x00CD
N/A
217
NtSetSecurityObject
0x00CE
218
NtSetSystemEnvironment Value
0x00CF
N/A
N/A
219
NtSetSystemlnformation
0x00D0
N/A
220
NtSetSystemPowerState
0x00Dl
N/A
N/A
221
NtSetSystemTime
0x00D2
N/A
222
NtSetThreadExecutionState
0x00D3
N/A
N/A
223
NtSetTimer
0x00D4
N/A
224
NtSetTimerResolution
0x00D5
N/A
N/A
225
NtSetUuidSeed
0x00D6
N/A
N/A
226
NtSetValueKey
0x00D7
N/A
227
NtSetVolumelnformationFile
0x00D8
228
NtShutdownSystem
0x00D9
N/A
N/A
229
NtSignalAndWaitForSingleObject
0x00DA
N/A
N/A
230
NtStartProfile
0x00DB
N/A
N/A
231
NtStopProfile
0x00DC
N/A
N/A
232
NtSuspendThread
0x00DD
N/A
N/A
233
NtSystemDebugControl
0x00DE
N/A
N/A
234
NtTerminateJobObject
0x00DF
N/A
N/A
235
NtTerminateProcess
0x00E0
N/A
236
NtTerminateThread
0x00El
N/A
N/A
237
NtTestAlert
0x00E2
N/A
N/A
238
NtUnloadDriver
0x00E3
N/A
239
NtUnloadKey
0x00E4
N/A
240
NtUnlockFile
0x00E5
N/A
241
NtUnlockVirtualMemory
0x00E6
N/A
N/A
242
NtUnmapViewOfSection
0x00E7
N/A
243
NtVdmControl
0x00E8
N/A
244
NtWaitForMultipleObjects
0x00E9
N/A
245
NtWaitForSingleObject
0x00EA
246
NtWaitHighEventPair
0x00EB
N/A
N/A
247
NtWaitLowEventPair
0x00EC
N/A
N/A
248
NtWriteFile
0x00ED
249
NtWriteFileGather
0x00EE
N/A
N/A
250
NtWriteRequestData
0x00EF
N/A
N/A
251
NtWriteVirtualMemory
0x00F0
N/A
N/A
252
NtYieldExecution
0x00F7
N/A
本文地址:http://com.8s8s.com/it/it23342.htm