附录 B
内核API函数(Kernel API Functions)
附录B包含在第二章讨论的系统模块:win32k.sys、ntdll.dll和ntoskrnl.exe导出的函数列表。N/A表示不支持(Not Available)。
表B-1. Windows 2000 Native API
|
函数名称 |
INT 2eh |
Ntdll.Nt* |
Ntdll.Zw* |
Ntoskrnl.Nt* |
Ntoskrnl.Zw* |
1 |
NtAcceptConnectPort |
0x0000 |
|
|
N/A |
N/A |
2 |
NtAccessCheck |
0x0001 |
|
|
N/A |
N/A |
3 |
NtAccessCheckAndAuditAlarm |
0x0002 |
|
|
N/A |
|
4 |
NtAccessCheckByType |
0x0003 |
|
|
N/A |
N/A |
5 |
NtAccessCheckByTypeAndAuditAlarm |
0x0004 |
|
|
N/A |
N/A |
6 |
NtAccessCheckByTypeResultList |
0x0005 |
|
|
N/A |
N/A |
7 |
NtAccessCheckByTypeResultListAndAuditAlarm |
0x0006 |
|
|
N/A |
N/A |
8 |
NtAccessCheckByTypeResultListAndAuditAlarmByHandle |
0x0007 |
|
|
N/A |
N/A |
9 |
NtAddAtom |
0x0008 |
|
|
|
N/A |
10 |
NtAdjustGroupsToken |
0x0009 |
|
|
N/A |
N/A |
11 |
NtAdjustPrivilegesToken |
0x000A |
|
|
|
|
12 |
NtAlertResumeThread |
0x000B |
|
|
N/A |
N/A |
13 |
NtAlertThread |
0x000C |
|
|
N/A |
|
14 |
NtAllocateLocallyUniqueld |
0x000D |
|
|
|
N/A |
15 |
NtAllocateUserPhysicalPages |
0x000E |
|
|
N/A |
N/A |
16 |
NtAllocateUuids |
0x000F |
|
|
|
N/A |
17 |
NtAllocateVirtualMemory |
0x0010 |
|
|
|
|
18 |
NtAreMappedFilesTheSame |
0x0011 |
|
|
N/A |
N/A |
19 |
NtAssignProcessToJobObject |
0x0012 |
|
|
N/A |
N/A |
20 |
NtBuildNumber |
N/A |
N/A |
N/A |
|
N/A |
21 |
NtCallbackReturn |
0x0013 |
|
|
N/A |
N/A |
22 |
NtCancelDeviceWakeupRequest |
0x0016 |
|
|
N/A |
N/A |
23 |
NtCancelloFile |
0x0014 |
|
|
N/A |
|
24 |
NtCancelTimer |
0x0015 |
|
|
N/A |
|
25 |
NtClearEvent |
0x0017 |
|
|
N/A |
|
26 |
NtClose |
0x0018 |
|
|
|
|
27 |
NtCloseObjectAuditAlarm |
0x0019 |
|
|
N/A |
|
28 |
NtCompleteConnectPort |
0x001A |
|
|
N/A |
N/A |
29 |
NtConnectPort |
0x001B |
|
|
|
|
30 |
NtContinue |
0x001C |
|
|
N/A |
N/A |
31 |
NtCreateChannel |
0x00F1 |
|
|
N/A |
N/A |
32 |
NtCreateDirectoryObject |
0x001D |
|
|
N/A |
|
33 |
NtCreateEvent |
0x001E |
|
|
|
|
34 |
NtCreateEventPair |
0x001F |
|
|
N/A |
N/A |
35 |
NtCreateFile |
0x0020 |
|
|
|
|
36 |
NtCreateloCompletion |
0x0021 |
|
|
N/A |
N/A |
37 |
NtCreateJobObject |
0x0022 |
|
|
N/A |
N/A |
38 |
NtCreateKey |
0x0023 |
|
|
N/A |
|
39 |
NtCreateMailslotFile |
0x0024 |
|
|
N/A |
N/A |
40 |
NtCreateMutant |
0x0025 |
|
|
N/A |
N/A |
41 |
NtCreateNamedPipeFile |
0x0026 |
|
|
N/A |
N/A |
42 |
NtCreatePagingFile |
0x0027 |
|
|
N/A |
N/A |
43 |
NtCreatePort |
0x0028 |
|
|
N/A |
N/A |
44 |
NtCreateProcess |
0x0029 |
|
|
N/A |
N/A |
45 |
NtCreateProfile |
0x002A |
|
|
N/A |
N/A |
46 |
NtCreateSection |
0x002B |
|
|
|
|
47 |
NtCreateSemaphore |
0x002C |
|
|
N/A |
N/A |
48 |
NtCreateSymbolicLinkObject |
0x002D |
|
|
N/A |
|
49 |
NtCreateThread |
0x002E |
|
|
N/A |
N/A |
50 |
NtCreateTimer |
0x002F |
|
|
N/A |
|
51 |
NtCreateToken |
0x0030 |
|
|
N/A |
N/A |
52 |
NtCreateWaitablePort |
0x0031 |
|
|
N/A |
N/A |
53 |
NtCurrentTeb |
N/A |
|
N/A |
N/A |
N/A |
54 |
NtDelayExecution |
0x0032 |
|
|
N/A |
N/A |
55 |
NtDeleteAtom |
0x0033 |
|
|
|
N/A |
56 |
NtDeleteFile |
0x0034 |
|
|
|
|
57 |
NtDeleteKey |
0x0035 |
|
|
N/A |
|
58 |
NtDeleteObjectAuditAlarm |
0x0036 |
|
|
N/A |
N/A |
59 |
NtDeleteValueKey |
0x0037 |
|
|
N/A |
|
60 |
NtDeviceloControlFile |
0x0038 |
|
|
|
|
61 |
NtDisplayString |
0x0039 |
|
|
N/A |
|
62 |
NtDuplicateObject |
0x003A |
|
|
|
|
63 |
NtDuplicateToken |
0x003B |
|
|
|
|
64 |
NtEnumerateKey |
0x003C |
|
|
N/A |
|
65 |
NtEnumerateValueKey |
0x003D |
|
|
N/A |
|
66 |
NtExtendSection |
0x003E |
|
|
N/A |
N/A |
67 |
NtFilterToken |
0x003F |
|
|
N/A |
N/A |
68 |
NtFindAtom |
0x0040 |
|
|
|
N/A |
69 |
NtFlushBuffersFile |
0x0041 |
|
|
N/A |
N/A |
70 |
NtFlushlnstructionCache |
0x0042 |
|
|
N/A |
|
71 |
NtFlushKey |
0x0043 |
|
|
N/A |
|
72 |
NtFlushVirtualMemory |
0x0044 |
|
|
N/A |
|
73 |
NtFlushWriteBuffer |
0x0045 |
|
|
N/A |
N/A |
74 |
NtFreeUserPhysicalPages |
0x0046 |
|
|
N/A |
N/A |
75 |
NtFreeVirtualMemory |
0x0047 |
|
|
|
|
76 |
NtFsControlFile |
0x0048 |
|
|
|
|
77 |
NtGetContextThread |
0x0049 |
|
|
N/A |
N/A |
78 |
NtGetDevicePowerState |
0x004A |
|
|
N/A |
N/A |
79 |
NtGetPlugPlayEvent |
0x004B |
|
|
N/A |
N/A |
80 |
NtGetTickCount |
0x004C |
|
|
N/A |
N/A |
81 |
NtGetWriteWatch |
0x004D |
|
|
N/A |
N/A |
82 |
NtGlobalFlag |
N/A |
N/A |
N/A |
|
N/A |
83 |
NtlmpersonateAnonymousToken |
0x004E |
|
|
N/A |
N/A |
84 |
NtlmpersonateClientOfPort |
0x004F |
|
|
N/A |
N/A |
85 |
NtlmpersonateThread |
0x0050 |
|
|
N/A |
N/A |
86 |
NtlnitializeRegistry |
0x0051 |
|
|
N/A |
N/A |
87 |
NtlnitiatePowerAction |
0x0052 |
|
|
N/A |
|
88 |
NtlsSystemResumeAutomatic |
0x0053 |
|
|
N/A |
N/A |
89 |
NtListenChannel |
0x00F2 |
|
|
N/A |
N/A |
90 |
NtListenPort |
0x0054 |
|
|
N/A |
N/A |
91 |
NtLoadDriver |
0x0055 |
|
|
N/A |
|
92 |
NtLoadKey |
0x0056 |
|
|
N/A |
|
93 |
NtLoadKey2 |
0x0057 |
|
|
N/A |
N/A |
94 |
NtLockFile |
0x0058 |
|
|
|
N/A |
95 |
NtLockVirtualMemory |
0x0059 |
|
|
N/A |
N/A |
96 |
NtMakeTemporaryObject |
0x005A |
|
|
N/A |
|
97 |
NtMapUserPhysicalPages |
0x005B |
|
|
N/A |
N/A |
98 |
NtMapUserPhysicalPagesScatter |
0x005C |
|
|
N/A |
N/A |
99 |
NtMapViewOf Section |
0x005D |
|
|
|
|
100 |
NtNotifyChangeDirectoryFile |
0x005E |
|
|
|
N/A |
101 |
NtNotifyChangeKey |
0x005F |
|
|
N/A |
|
102 |
NtNotifyChangeMultipleKeys |
0x0060 |
|
|
N/A |
N/A |
103 |
NtOpenChannel |
0x00F3 |
|
|
N/A |
N/A |
104 |
NtOpenDirectoryObject |
0x0061 |
|
|
N/A |
|
105 |
NtOpenEvent |
0x0062 |
|
|
N/A |
|
106 |
NtOpenEventPair |
0x0063 |
|
|
N/A |
N/A |
107 |
NtOpenFile |
0x0064 |
|
|
|
|
108 |
NtOpenloCompletion |
0x0065 |
|
|
N/A |
N/A |
109 |
NtOpenJobObject |
0x0066 |
|
|
N/A |
N/A |
110 |
NtOpenKey |
0x0067 |
|
|
N/A |
|
111 |
NtOpenMutant |
0x0068 |
|
|
N/A |
N/A |
112 |
NtOpenObjectAuditAlarm |
0x0069 |
|
|
N/A |
N/A |
113 |
NtOpenProcess |
0x006A |
|
|
|
|
114 |
NtOpenProcessToken |
0x006B |
|
|
|
|
115 |
NtOpenSection |
0x006C |
|
|
N/A |
|
116 |
NtOpenSemaphore |
0x006D |
|
|
N/A |
N/A |
117 |
NtOpenSymbolicLinkObject |
0x006E |
|
|
N/A |
|
118 |
NtOpenThread |
0x006F |
|
|
N/A |
|
119 |
NtOpenThreadToken |
0x0070 |
|
|
N/A |
|
120 |
NtOpenTimer |
0x0071 |
|
|
N/A |
|
121 |
NtPlugPlayControl |
0x0072 |
|
|
N/A |
N/A |
122 |
NtPowerlnformation |
0x0073 |
|
|
N/A |
|
123 |
NtPrivilegeCheck |
0x0074 |
|
|
N/A |
N/A |
124 |
NtPrivilegedServiceAuditAlarm |
0x0075 |
|
|
N/A |
N/A |
125 |
NtPrivilegeObjectAuditAlarm |
0x0076 |
|
|
N/A |
N/A |
126 |
NtProtectVirtualMemory |
0x0077 |
|
|
N/A |
N/A |
127 |
NtPulseEvent |
0x0078 |
|
|
N/A |
|
128 |
NtQueryAttributesFile |
0x007A |
|
|
N/A |
N/A |
129 |
NtQueryDefaultLocale |
0x007B |
|
|
N/A |
|
130 |
NtQueryDefaultUILanguage |
0x007C |
|
|
N/A |
|
131 |
NtQueryDirectoryFile |
0x007D |
|
|
|
|
132 |
NtQueryDirectoryObject |
0x007E |
|
|
N/A |
|
133 |
NtQueryEaFile |
0x007F |
|
|
|
|
134 |
NtQueryEvent |
0x0080 |
|
|
N/A |
N/A |
135 |
NtQueryFullAttributesFile |
0x0081 |
|
|
N/A |
N/A |
136 |
NtQuerylnformationAtom |
0x0079 |
|
|
|
N/A |
137 |
NtQuerylnformationFile |
0x0082 |
|
|
|
|
138 |
NtQuerylnformationJobObject |
0x0083 |
|
|
N/A |
N/A |
139 |
NtQuerylnformationPort |
0x0085 |
|
|
N/A |
N/A |
140 |
NtQuerylnformationProcess |
0x0086 |
|
|
|
|
141 |
NtQuerylnformationThread |
0x0087 |
|
|
N/A |
N/A |
142 |
NtQuerylnformationToken |
0x0088 |
|
|
|
|
143 |
NtQuerylnstallUILanguage |
0x0089 |
|
|
N/A |
|
144 |
NtQuerylntervalProfile |
0x008A |
|
|
N/A |
N/A |
145 |
NtQueryIoCompletion |
0x0084 |
|
|
N/A |
N/A |
146 |
NtQueryKey |
0x008B |
|
|
N/A |
|
147 |
NtQueryMultipleValueKey |
0x008C |
|
|
N/A |
N/A |
148 |
NtQueryMutant |
0x008D |
|
|
N/A |
N/A |
149 |
NtQueryObject |
0x008E |
|
|
N/A |
|
150 |
NtQueryOpenSubKeys |
0x008F |
|
|
N/A |
N/A |
151 |
NtQueryPerformanceCounter |
0x0090 |
|
|
N/A |
N/A |
152 |
NtQueryQuotalnformationFile |
0x0091 |
|
|
|
N/A |
153 |
NtQuerySection |
0x0092 |
|
|
N/A |
|
154 |
NtQuerySecurityObject |
0x0093 |
|
|
|
|
156 |
NtQuerySemaphore |
0x0094 |
|
|
N/A |
N/A |
157 |
NtQuerySymbolicLinkObject |
0x0095 |
|
|
N/A |
|
158 |
NtQuerySystemEnvironment Value |
0x0096 |
|
|
N/A |
N/A |
159 |
NtQuerySystemlnformation |
0x0097 |
|
|
|
|
160 |
NtQuerySystemTime |
0x0098 |
|
|
N/A |
N/A |
161 |
NtQuery Timer |
0x0099 |
|
|
N/A |
N/A |
162 |
NtQueryTimerResolution |
0x009A |
|
|
N/A |
N/A |
163 |
NtQueryValueKey |
0x009B |
|
|
N/A |
|
164 |
NtQuery VirtualMemory |
0x009C |
|
|
N/A |
N/A |
165 |
NtQuery VolumelnformationFile |
0x009D |
|
|
|
|
166 |
NtQueueApcThread |
0x009E |
|
|
N/A |
N/A |
167 |
NtRaiseException |
0x009F |
|
|
N/A |
N/A |
168 |
NtRaiseHardError |
0x00A0 |
|
|
N/A |
N/A |
169 |
NtReadFile |
0x00Al |
|
|
|
|
170 |
NtReadFileScatter |
0x00A2 |
|
|
N/A |
N/A |
171 |
NtReadRequestData |
0x00A3 |
|
|
N/A |
N/A |
172 |
NtReadVirtualMemory |
0x00A4 |
|
|
N/A |
N/A |
173 |
NtRegisterThreadTerminatePort |
0x00A5 |
|
|
N/A |
N/A |
174 |
NtReleaseMutant |
0x00A6 |
|
|
N/A |
N/A |
175 |
NtReleaseSemaphore |
0x00A7 |
|
|
N/A |
N/A |
176 |
NtRemoveloCompletion |
0x00A8 |
|
|
N/A |
N/A |
177 |
NtReplaceKey |
0x00A9 |
|
|
N/A |
|
178 |
NtReplyPort |
0x00AA |
|
|
N/A |
N/A |
179 |
NtReplyWaitReceivePort |
0x00AB |
|
|
N/A |
N/A |
180 |
NtReplyWaitReceivePortEx |
0x00AC |
|
|
N/A |
N/A |
181 |
NtReplyWaitReplyPort |
0x00AD |
|
|
N/A |
N/A |
182 |
NtReplyWaitSendChannel |
0x00F4 |
|
|
N/A |
N/A |
183 |
NtRequestDeviceWakeup |
0x00AE |
|
|
N/A |
N/A |
184 |
NtRequestPort |
0x00AF |
|
|
|
N/A |
185 |
NtRequestWaitReplyPort |
0x00B0 |
|
|
|
|
186 |
NtRequestWakeupLatency |
0x00Bl |
|
|
N/A |
N/A |
187 |
NtResetEvent |
0x00B2 |
|
|
N/A |
|
188 |
NtResetWriteWatch |
0x00B3 |
|
|
N/A |
N/A |
189 |
NtRestoreKey |
0x00B4 |
|
|
N/A |
|
190 |
NtResumeThread |
0x00B5 |
|
|
N/A |
N/A |
191 |
NtSaveKey |
0x00B6 |
|
|
N/A |
|
192 |
NtSaveMergedKeys |
0x00B7 |
|
|
N/A |
N/A |
193 |
NtSecureConnectPort |
0x00B8 |
|
|
N/A |
N/A |
194 |
NtSendWaitReplyChannel |
0x00F5 |
|
|
N/A |
N/A |
195 |
NtSetContextChannel |
0x00F6 |
|
|
N/A |
N/A |
196 |
NtSetContextThread |
0x00BA |
|
|
N/A |
N/A |
197 |
NtSetDefaultHardErrorPort |
0x00BB |
|
|
N/A |
N/A |
198 |
NtSetDefaultLocale |
0x00BC |
|
|
N/A |
|
199 |
NtSetDefaultUILanguage |
0x00BD |
|
|
N/A |
|
200 |
NtSetEaFile |
0x00BE |
|
|
|
|
201 |
NtSetEvent |
0x00BF |
|
|
|
|
202 |
NtSetHighEventPair |
0x00C0 |
|
|
N/A |
N/A |
203 |
NtSetHighWaitLowEventPair |
0x00Cl |
|
|
N/A |
N/A |
204 |
NtSetlnformationFile |
0x00C2 |
|
|
|
|
205 |
NtSetlnformationJobObject |
0x00C3 |
|
|
N/A |
N/A |
206 |
NtSetlnformationKey |
0x00C4 |
|
|
N/A |
N/A |
207 |
NtSetlnformationObject |
0x00C5 |
|
|
N/A |
|
208 |
NtSetlnformationProcess |
0x00C6 |
|
|
|
|
209 |
NtSetlnformationThread |
0x00c7 |
|
|
|
|
210 |
NtSetlnformationToken |
0x00C8 |
|
|
N/A |
N/A |
211 |
NtSetlntervalProfile |
0x00C9 |
|
|
N/A |
N/A |
212 |
NtSetloCompletion |
0x00B9 |
|
|
N/A |
N/A |
213 |
NtSetLdtEntries |
0x00CA |
|
|
N/A |
N/A |
214 |
NtSetLowEventPair |
0x00CB |
|
|
N/A |
N/A |
215 |
NtSetLowWaitHighEventPair |
0x00CC |
|
|
N/A |
N/A |
216 |
NtSetQuotalnformationFile |
0x00CD |
|
|
|
N/A |
217 |
NtSetSecurityObject |
0x00CE |
|
|
|
|
218 |
NtSetSystemEnvironment Value |
0x00CF |
|
|
N/A |
N/A |
219 |
NtSetSystemlnformation |
0x00D0 |
|
|
N/A |
|
220 |
NtSetSystemPowerState |
0x00Dl |
|
|
N/A |
N/A |
221 |
NtSetSystemTime |
0x00D2 |
|
|
N/A |
|
222 |
NtSetThreadExecutionState |
0x00D3 |
|
|
N/A |
N/A |
223 |
NtSetTimer |
0x00D4 |
|
|
N/A |
|
224 |
NtSetTimerResolution |
0x00D5 |
|
|
N/A |
N/A |
225 |
NtSetUuidSeed |
0x00D6 |
|
|
N/A |
N/A |
226 |
NtSetValueKey |
0x00D7 |
|
|
N/A |
|
227 |
NtSetVolumelnformationFile |
0x00D8 |
|
|
|
|
228 |
NtShutdownSystem |
0x00D9 |
|
|
N/A |
N/A |
229 |
NtSignalAndWaitForSingleObject |
0x00DA |
|
|
N/A |
N/A |
230 |
NtStartProfile |
0x00DB |
|
|
N/A |
N/A |
231 |
NtStopProfile |
0x00DC |
|
|
N/A |
N/A |
232 |
NtSuspendThread |
0x00DD |
|
|
N/A |
N/A |
233 |
NtSystemDebugControl |
0x00DE |
|
|
N/A |
N/A |
234 |
NtTerminateJobObject |
0x00DF |
|
|
N/A |
N/A |
235 |
NtTerminateProcess |
0x00E0 |
|
|
N/A |
|
236 |
NtTerminateThread |
0x00El |
|
|
N/A |
N/A |
237 |
NtTestAlert |
0x00E2 |
|
|
N/A |
N/A |
238 |
NtUnloadDriver |
0x00E3 |
|
|
N/A |
|
239 |
NtUnloadKey |
0x00E4 |
|
|
N/A |
|
240 |
NtUnlockFile |
0x00E5 |
|
|
|
N/A |
241 |
NtUnlockVirtualMemory |
0x00E6 |
|
|
N/A |
N/A |
242 |
NtUnmapViewOfSection |
0x00E7 |
|
|
N/A |
|
243 |
NtVdmControl |
0x00E8 |
|
|
|
N/A |
244 |
NtWaitForMultipleObjects |
0x00E9 |
|
|
N/A |
|
245 |
NtWaitForSingleObject |
0x00EA |
|
|
|
|
246 |
NtWaitHighEventPair |
0x00EB |
|
|
N/A |
N/A |
247 |
NtWaitLowEventPair |
0x00EC |
|
|
N/A |
N/A |
248 |
NtWriteFile |
0x00ED |
|
|
|
|
249 |
NtWriteFileGather |
0x00EE |
|
|
N/A |
N/A |
250 |
NtWriteRequestData |
0x00EF |
|
|
N/A |
N/A |
251 |
NtWriteVirtualMemory |
0x00F0 |
|
|
N/A |
N/A |
252 |
NtYieldExecution |
0x00F7 |
|
|
N/A |
|