内核API函数（Kernel API Functions）

函数名称INT 2ehNtdll.Nt*Ntdll.Zw*Ntoskrnl.Nt*Ntoskrnl.Zw*1NtAcceptConnectPort 0x0000 N/AN/A2NtAccessCheck 0x0001 N/AN/A3NtAccessCheckAndAuditAlarm 0x0002 N/A 4NtAccessCheckByType 0x0003 N/AN/A5NtAccessCheckByTypeAndAuditAlarm0x0004 N/AN/A6NtAccessCheckByTypeResultList 0x0005 N/AN/A7NtAccessCheckByTypeResultListAndAuditAlarm 0x0006 N/AN/A8NtAccessCheckByTypeResultListAndAuditAlarmByHandle 0x0007 N/AN/A9NtAddAtom 0x0008 N/A10NtAdjustGroupsToken 0x0009 N/AN/A11NtAdjustPrivilegesToken 0x000A 12NtAlertResumeThread 0x000B N/AN/A13NtAlertThread 0x000C N/A 14NtAllocateLocallyUniqueld 0x000D N/A15NtAllocateUserPhysicalPages0x000E N/AN/A16NtAllocateUuids0x000F N/A17NtAllocateVirtualMemory0x0010 18NtAreMappedFilesTheSame0x0011 N/AN/A19NtAssignProcessToJobObject0x0012 N/AN/A20NtBuildNumberN/AN/AN/A N/A21NtCallbackReturn0x0013 N/AN/A22NtCancelDeviceWakeupRequest0x0016 N/AN/A23NtCancelloFile0x0014 N/A 24NtCancelTimer0x0015 N/A 25NtClearEvent0x0017 N/A 26NtClose0x0018 27NtCloseObjectAuditAlarm0x0019 N/A 28NtCompleteConnectPort0x001A N/AN/A29NtConnectPort0x001B 30NtContinue0x001C N/AN/A31NtCreateChannel0x00F1 N/AN/A32NtCreateDirectoryObject0x001D N/A 33NtCreateEvent0x001E 34NtCreateEventPair0x001F N/AN/A35NtCreateFile0x0020 36NtCreateloCompletion0x0021 N/AN/A37NtCreateJobObject0x0022 N/AN/A38NtCreateKey0x0023 N/A 39NtCreateMailslotFile0x0024 N/AN/A40NtCreateMutant0x0025 N/AN/A41NtCreateNamedPipeFile0x0026 N/AN/A42NtCreatePagingFile0x0027 N/AN/A43NtCreatePort0x0028 N/AN/A44NtCreateProcess0x0029 N/AN/A45NtCreateProfile0x002A N/AN/A46NtCreateSection0x002B 47NtCreateSemaphore0x002C N/AN/A48NtCreateSymbolicLinkObject0x002D N/A 49NtCreateThread0x002E N/AN/A50NtCreateTimer0x002F N/A 51NtCreateToken0x0030 N/AN/A52NtCreateWaitablePort0x0031 N/AN/A53NtCurrentTebN/A N/AN/AN/A54NtDelayExecution0x0032 N/AN/A55NtDeleteAtom0x0033 N/A56NtDeleteFile0x0034 57NtDeleteKey0x0035 N/A 58NtDeleteObjectAuditAlarm0x0036 N/AN/A59NtDeleteValueKey0x0037 N/A 60NtDeviceloControlFile0x0038 61NtDisplayString0x0039 N/A 62NtDuplicateObject0x003A 63NtDuplicateToken0x003B 64NtEnumerateKey0x003C N/A 65NtEnumerateValueKey0x003D N/A 66NtExtendSection0x003E N/AN/A67NtFilterToken0x003F N/AN/A68NtFindAtom0x0040 N/A69NtFlushBuffersFile0x0041 N/AN/A70NtFlushlnstructionCache0x0042 N/A 71NtFlushKey0x0043 N/A 72NtFlushVirtualMemory0x0044 N/A 73NtFlushWriteBuffer0x0045 N/AN/A74NtFreeUserPhysicalPages0x0046 N/AN/A75NtFreeVirtualMemory0x0047 76NtFsControlFile0x0048 77NtGetContextThread0x0049 N/AN/A78NtGetDevicePowerState0x004A N/AN/A79NtGetPlugPlayEvent0x004B N/AN/A80NtGetTickCount0x004C N/AN/A81NtGetWriteWatch0x004D N/AN/A82NtGlobalFlagN/AN/AN/A N/A83NtlmpersonateAnonymousToken0x004E N/AN/A84NtlmpersonateClientOfPort0x004F N/AN/A85NtlmpersonateThread0x0050 N/AN/A86NtlnitializeRegistry0x0051 N/AN/A87NtlnitiatePowerAction0x0052 N/A 88NtlsSystemResumeAutomatic0x0053 N/AN/A89NtListenChannel0x00F2 N/AN/A90NtListenPort0x0054 N/AN/A91NtLoadDriver0x0055 N/A 92NtLoadKey0x0056 N/A 93NtLoadKey20x0057 N/AN/A94NtLockFile0x0058 N/A95NtLockVirtualMemory0x0059 N/AN/A96NtMakeTemporaryObject0x005A N/A 97NtMapUserPhysicalPages0x005B N/AN/A98NtMapUserPhysicalPagesScatter0x005C N/AN/A99NtMapViewOf Section0x005D 100NtNotifyChangeDirectoryFile0x005E N/A101NtNotifyChangeKey0x005F N/A 102NtNotifyChangeMultipleKeys0x0060 N/AN/A103NtOpenChannel0x00F3 N/AN/A104NtOpenDirectoryObject0x0061 N/A 105NtOpenEvent0x0062 N/A 106NtOpenEventPair0x0063 N/AN/A107NtOpenFile0x0064 108NtOpenloCompletion0x0065 N/AN/A109NtOpenJobObject0x0066 N/AN/A110NtOpenKey0x0067 N/A 111NtOpenMutant0x0068 N/AN/A112NtOpenObjectAuditAlarm0x0069 N/AN/A113NtOpenProcess0x006A 114NtOpenProcessToken0x006B 115NtOpenSection0x006C N/A 116NtOpenSemaphore0x006D N/AN/A117NtOpenSymbolicLinkObject0x006E N/A 118NtOpenThread0x006F N/A 119NtOpenThreadToken0x0070 N/A 120NtOpenTimer0x0071 N/A 121NtPlugPlayControl0x0072 N/AN/A122NtPowerlnformation0x0073 N/A 123NtPrivilegeCheck0x0074 N/AN/A124NtPrivilegedServiceAuditAlarm0x0075 N/AN/A125NtPrivilegeObjectAuditAlarm0x0076 N/AN/A126NtProtectVirtualMemory0x0077 N/AN/A127NtPulseEvent0x0078 N/A 128NtQueryAttributesFile0x007A N/AN/A129NtQueryDefaultLocale0x007B N/A 130NtQueryDefaultUILanguage0x007C N/A 131NtQueryDirectoryFile0x007D 132NtQueryDirectoryObject0x007E N/A 133NtQueryEaFile0x007F 134NtQueryEvent0x0080 N/AN/A135NtQueryFullAttributesFile0x0081 N/AN/A136NtQuerylnformationAtom0x0079 N/A137NtQuerylnformationFile0x0082 138NtQuerylnformationJobObject0x0083 N/AN/A139NtQuerylnformationPort0x0085 N/AN/A140NtQuerylnformationProcess0x0086 141NtQuerylnformationThread0x0087 N/AN/A142NtQuerylnformationToken0x0088 143NtQuerylnstallUILanguage0x0089 N/A 144NtQuerylntervalProfile0x008A N/AN/A145NtQueryIoCompletion0x0084 N/AN/A146NtQueryKey0x008B N/A 147NtQueryMultipleValueKey0x008C N/AN/A148NtQueryMutant0x008D N/AN/A149NtQueryObject0x008E N/A 150NtQueryOpenSubKeys0x008F N/AN/A151NtQueryPerformanceCounter0x0090 N/AN/A152NtQueryQuotalnformationFile0x0091 N/A153NtQuerySection0x0092 N/A 154NtQuerySecurityObject0x0093 156NtQuerySemaphore0x0094 N/AN/A157NtQuerySymbolicLinkObject0x0095 N/A 158NtQuerySystemEnvironment Value0x0096 N/AN/A159NtQuerySystemlnformation0x0097 160NtQuerySystemTime0x0098 N/AN/A161NtQuery Timer0x0099 N/AN/A162NtQueryTimerResolution0x009A N/AN/A163NtQueryValueKey0x009B N/A 164NtQuery VirtualMemory0x009C N/AN/A165NtQuery VolumelnformationFile0x009D 166NtQueueApcThread0x009E N/AN/A167NtRaiseException0x009F N/AN/A168NtRaiseHardError0x00A0 N/AN/A169NtReadFile0x00Al 170NtReadFileScatter0x00A2 N/AN/A171NtReadRequestData0x00A3 N/AN/A172NtReadVirtualMemory0x00A4 N/AN/A173NtRegisterThreadTerminatePort0x00A5 N/AN/A174NtReleaseMutant0x00A6 N/AN/A175NtReleaseSemaphore0x00A7 N/AN/A176NtRemoveloCompletion0x00A8 N/AN/A177NtReplaceKey0x00A9 N/A 178NtReplyPort0x00AA N/AN/A179NtReplyWaitReceivePort0x00AB N/AN/A180NtReplyWaitReceivePortEx0x00AC N/AN/A181NtReplyWaitReplyPort0x00AD N/AN/A182NtReplyWaitSendChannel0x00F4 N/AN/A183NtRequestDeviceWakeup0x00AE N/AN/A184NtRequestPort0x00AF N/A185NtRequestWaitReplyPort0x00B0 186NtRequestWakeupLatency0x00Bl N/AN/A187NtResetEvent0x00B2 N/A 188NtResetWriteWatch0x00B3 N/AN/A189NtRestoreKey0x00B4 N/A 190NtResumeThread0x00B5 N/AN/A191NtSaveKey0x00B6 N/A 192NtSaveMergedKeys0x00B7 N/AN/A193NtSecureConnectPort0x00B8 N/AN/A194NtSendWaitReplyChannel0x00F5 N/AN/A195NtSetContextChannel0x00F6 N/AN/A196NtSetContextThread0x00BA N/AN/A197NtSetDefaultHardErrorPort0x00BB N/AN/A198NtSetDefaultLocale0x00BC N/A 199NtSetDefaultUILanguage0x00BD N/A 200NtSetEaFile0x00BE 201NtSetEvent0x00BF 202NtSetHighEventPair0x00C0 N/AN/A203NtSetHighWaitLowEventPair0x00Cl N/AN/A204NtSetlnformationFile0x00C2 205NtSetlnformationJobObject0x00C3 N/AN/A206NtSetlnformationKey0x00C4 N/AN/A207NtSetlnformationObject0x00C5 N/A 208NtSetlnformationProcess0x00C6 209NtSetlnformationThread0x00c7 210NtSetlnformationToken0x00C8 N/AN/A211NtSetlntervalProfile0x00C9 N/AN/A212NtSetloComplet

[1] [2] 下一页

• ·Windows 2000对调试技术的支持
• ·《Undocumented Windows 2
• ·《Undocumented Windows 2
• ·《Undocumented Windows 2
• ·《Undocumented Windows 2
• ·《Undocumented Windows 2
• ·《Undocumented Windows 2
• ·《Undocumented Windows 2
• ·《Undocumented Windows 2
• ·《Undocumented Windows 2