Appendix B
Kernel API Function (kernel API functions)
Appendix B is included in the system module discussed in Chapter 2: Win32k.sys, NTDLL.DLL and NTOSKRNL.EXE exported function list. N / a means that not available is not supported.
Table B-1. Windows 2000 Native API
Function name
Int 2eh
NTDLL.NT *
NTDLL.ZW *
Ntoskrnl.nt *
Ntoskrnl.zw *
1 NTACCEPTCONNECTPORT
0x0000
N / a n / a 2 NTACCESSCHECK
0x0001
N / a n / a 3 ntaccesscheckandauditararm
0x0002
N / a
4 NTACCESSCHECKBYTYPE
0x0003
N / a n / a 5 ntaccesscheckbytypeandauditararm
0x0004
N / a n / a 6 ntaccesscheckbytyperesultlist
0x0005
N / a n / a 7 NTACcessCheckbyTypeResultListandauditaRM
0x0006
N / a N / A 8 NTAccessCheckbyTypeResultListandauditaarmbyHandle
0x0007
N / a n / a 9 ntaddatom
0x0008
N / a 10 NTADJUSTGROUPSTOKEN
0x0009
N / a N / a 11 NTADJUSTPRIVILEGESTOKEN
0x000A
12 ntalertResumethread
0x000b
N / a N / a 13 NTALERTTHREAD
0x000c
N / a
14 ntallocatelocallyuniqueld
0x000D
N / A 15 ntallocateUserphysicalpages 0x000E
N / a n / a 16 ntallocateuuids
0x000f
N / A 17 NTALLOCATEVIRTUALMEMORY
0x0010
18 ntaremappedfilesthesame
0x0011
N / a n / a 19 ntassignprocesstojobiBject
0x0012
N / a N / A 20 NTBUILDNUMBER
N / a n / a n / a
N / A 21 NTCALLBACKRETURN
0x0013
N / a N / a 22 NTCanceLdeviceWakeupRequest
0x0016
N / a n / a 23 ntcancellofile
0x0014
N / a
24 NTCANCELTIMER
0x0015
N / a
25 NTCLEAREVENT
0x0017
N / a
26 NtClose
0x0018
27 NtCloseObjectAuditararm
0x0019
N / a
28 NTcompleteConnectport
0x001A
N / a n / a 29 NTConnectport
0x001B
30 ntcontinue
0x001c
N / a N / a 31 NTCREATECHANNEL
0x00f1
N / a N / a 32 NTCreatedIRectoryObject
0x001D
N / a
33 NTCREATEEVENT
0x001e
34 NtcreateEventPair
0x001F
N / a N / a 35 NTCREATEFILE
0x0020
36 NTCREATELOCOMPLETION
0x0021
N / a N / a 37 NTCREATEJOBOBJECT
0x0022
N / a N / a 38 NTCREATEKEY
0x0023
N / a
39 ntcreatemailslotfile
0x0024
N / a n / a 40 ntcreatemutant0x0025
N / a n / a 41 ntcreatenamedpipefile
0x0026
N / a n / a 42 ntcreatepagingfile
0x0027
N / a N / a 43 NTCREATEPORT
0x0028
N / a n / a 44 ntcreateprocess
0x0029
N / a N / a 45 NTCREATEPROFILE
0x002A
N / a n / a 46 ntcreateesection
0x002B
47 NTCReateSemaphore
0x002C
N / a n / a 48 ntcreatesymboliclinkObject 0x002d
N / a
49 NTCREATTHREAD
0x002e
N / a n / a 50 ntcreatetimer
0x002F
N / a
51 NTCREATETOKEN
0x0030
N / a N / A 52 NTCReateWaitablePort
0x0031
N / a n / a 53 ntcurrentteb
N / a
N / a N / a N / A 54 NTDELAYEXECUTION
0x0032
N / a n / a 55 ntdeleteatom
0x0033
N / A 56 NTDELETEFILEFILE
0x0034
57 NTDeleteKey
0x0035
N / a
58 NTDeleteObjectauditararm
0x0036
N / a N / a 59 NTDeleteValueKey
0x0037
N / a
60 NTDeviceLocontrolfile
0x0038
61 NTDISPLAYSTRING
0x0039
N / a
62 NTDUPLICATEOBJECT
0x003A
63 NTDUPLICATETOKEN
0x003b
64 nTenumerateKey
0x003c
N / a
65 nTenumeratevalueKey
0x003D
N / a
66 ntextendsection
0x003e
N / a N / a 67 NTFILTERTOKEN
0x003F
N / a n / a 68 ntfindatom
0x0040
N / A 69 NTFLUSHBUFFERSFILE
0x0041
N / a N / a 70 NTFLUSHLNSTRUCACHE
0x0042
N / a
71 NTFLUSHKEY
0x0043
N / a
72 NTFLUSHVIRTUALMEMORY
0x0044
N / a
73 NTFLUSHWRITEBUFFER
0x0045
N / a n / a 74 ntfreeuserphysicalpages
0x0046
N / a N / a 75 NTFreeVirtualMemory
0x0047
76 NTFSControlfile
0x0048
77 NtgetContextThread
0x0049
N / a n / a 78 NtgetDevicePowerstate
0x004A
N / a N / a 79 NTGETPLUGPLAYEVENT
0x004B
N / a n / a 80 NtgettickCount
0x004C
N / a n / a 81 ntgetWritewatch 0x004D
N / a N / a 82 NTGLOBALFLAG
N / a
N / a n / a
N / a 83 NTLMPERSONATEANONYMOUSKEN
0x004e
N / a N / A 84 NTLMPERSONATECLIENTOFPORT
0x004F
N / a N / a 85 NTLMPERSONATTHREAD
0x0050
N / a n / a 86 ntlnitializeRegistry
0x0051
N / a n / a 87 ntlnitiatepower
0x0052
N / a
88 ntlssystemresumeautomatic0x0053
N / a n / a 89 ntlistenchannel
0x00f2
N / a n / a 90 ntlistenport
0x0054
N / a N / a 91 NTLOADDRIVER
0x0055
N / a
92 NTLOADKEY
0x0056
N / a
93 NTLOADKEY2
0x0057
N / a N / a 94 NTLOCKFILE
0x0058
N / A 95 NTLOCKVIRTUALMEMORY
0x0059
N / a n / a 96 ntmaketemporaryObject
0x005A
N / a
97 NTMapUserphysicalPages
0x005B
N / a n / a 98 ntmapUserphysicalpagesscatter
0x005c
N / a n / a 99 ntmapviewof section
0x005D
100 NTNotifyChangeDirectoryFile
0x005e
N / a 101 NTNotifyChangeKey
0x005F
N / a
102 NTNotifyChangeMultipleKeys
0x0060
N / a N / a 103 NTOPENCHANNEL
0x00f3
N / a N / a 104 NTOPENDIRECTORYOBJECT
0x0061
N / a
105 NTOPENEVENT
0x0062
N / a
106 NTOPENEVENTPAIR
0x0063
N / a N / a 107 NTOPENFILE
0x0064
108 NTOPENLOCOMPLETION
0x0065
N / a N / a 109 NTOPENJOBOBJECT
0x0066
N / a N / a 110 NTOPENKEY
0x0067
N / a
111 NTOPENMUTANT
0x0068
N / a N / a 112 NTOpenObjectauditarmm
0x0069
N / a N / a 113 NTOPENPROCESS
0x006A
114 NTOPENPROCESSTOKEN 0x006B
115 NTOPENSECTION
0x006C
N / a
116 NTOPENSEMAPHORE
0x006D
N / a N / a 117 NTOPENSYMBOLICLINKOBJECT
0x006e
N / a
118 NTOPENTHREAD
0x006F
N / a
119 NTOPENTHREADTOKEN
0x0070
N / a
120 NTOPENTIMER
0x0071
N / a
121 NTPLUGPLAYCONTROL
0x0072
N / a n / a 122 ntpowerlnformation
0x0073
N / a
123 NTPrivilegeCheck
0x0074
N / a N / a 124 NTPrivilegedServiceAuditararm
0x0075
N / a N / A 125 NTPrivileGeObjectAuditararm
0x0076
N / a N / A 126 NtProtectVirtualMemory
0x0077
N / a N / a 127 NTPULSeevent
0x0078
N / a
128 NTQueryattributesfile
0x007A
N / a N / a 129 NTQueryDefaultlocale
0x007B
N / a
130 NTQueryDefaultuilanguage
0x007c
N / a
131 NTQueryDirectoryFile
0x007D
132 NTQueryDirectoryObject
0x007E
N / a
133 NTQueryeafile
0x007F
134 NTQueryEvent
0x0080
N / a n / a 135 ntqueryfullattributesfile0x0081
N / a N / a 136 NTQueryLnFormationAtom
0x0079
N / a 137 ntquerylnformationfile
0x0082
138 NTQuerylnformationJobiBoad
0x0083
N / a N / a 139 NTQuerylnformationPort
0x0085
N / a N / a 140 NTQuerylnformationProcess
0x0086
141 NTQuerylnformationthreadthread
0x0087
N / a N / a 142 NTQuerylnFormationToken
0x0088
143 NTQuerylnstalluilanguage
0x0089
N / a
144 NTQuerylntervalprofile
0x008A
N / a N / a 145 NTQueryiocompletion
0x0084
N / a N / a 146 NTQueryKey
0x008B
N / a
147 NTQuerymultiPLEKEYKEY
0x008c
N / a N / a 148 NTQuerymutant
0x008D
N / a N / a 149 NTQueryObject
0x008E
N / a
150 NTQueryopensubkeys
0x008F
N / a N / A 151 NTQueryperFormanceCounter
0x0090
N / a n / a 152 ntqueryquotalnformationfile
0x0091
N / A 153 NTQUERYSECTION
0x0092
N / a
154 NTQuerySecurityObject
0x0093
156 NTQuerysemaphore
0x0094
N / a n / a 157 NTQuerySymbolicLinkObject
0x0095
N / a
158 NTQuerySystemNVironment Value
0x0096
N / a N / A 159 NTQUERYSYSTEMLNFORMATION
0x0097
160 NTQuerySystemTime
0x0098
N / a N / A 161 NTQuery Timer
0x0099
N / a N / a 162 NTQueryTimerResolution
0x009A
N / a N / a 163 NTQueryValueKey
0x009b
N / a
164 NTQuery VirtualMemory
0x009c
N / a N / a 165 NTQuery VolumeLnformationFile
0x009D
166 NTQueueapcthread
0x009E
N / a N / a 167 NTRAISEEXCEPTION
0x009F
N / a N / a 168 NTRAISEHARDERROR
0x00A0
N / a N / a 169 NTREADFILE
0x00al
170 NTREADFILESCATTER
0x00A2
N / a N / a 171 NTREADREQUESTDATA
0x00A3
N / a n / a 172 NTREADVIRTUALMEMORY
0x00A4
N / a n / a 173 ntregisterthreadterminateport
0x00A5
N / a N / a 174 NTRELESEMUTANT
0x00A6
N / a N / a 175 NTRELEASEMAPHORE
0x00A7
N / a n / a 176 NTREMOVELOCOMPLETION
0x00A8
N / a N / a 177 NtreplaceKey
0x00A9
N / a
178 ntreplyport
0x00AA
N / a n / a 179 ntreplywaitreceiveport
0x00ab
N / a N / A 180 NTREPLYWAITRECEIVEPORTEX
0x00ac
N / a N / A 181 NTREPLYWAITREPLYPORT
0x00ad
N / a n / a 182 ntreplywaitsendchannel
0x00f4
N / a n / a 183 ntrequestDeviceWakeup
0x00AE
N / a n / a 184 NTREQUESTPORT
0x00AF
N / A 185 NTREQUESTWAITREPLYPORT
0x00b0
186 ntrequestwakeuplatency
0x00bl
N / a N / a 187 NTRESETEVENT
0x00b2
N / a
188 NtResetWritewatch
0x00b3
N / a N / A 189 NTRESTOREKEY
0x00b4
N / a
190 NtResuMethread
0x00b5
N / a N / A 191 NTSAVEKEY
0x00b6
N / a
192 ntsavemergedKeys
0x00b7
N / a n / a 193 NTSecureConnectport
0x00b8
N / a N / A 194 NtsendWaitreplyChannel
0x00f5
N / a n / a 195 ntsetContextChannel
0x00f6
N / a N / A 196 NtSetContextThread
0x00ba
N / a n / a 197 ntsetdefaultharderrport
0x00bb
N / a n / a 198 ntsetdefaultlocale
0x00bc
N / a
199 NtSetDefaultuilanguage
0x00bd
N / a
200 NTSETEAFILE
0x00BE
201 Ntsetevent
0x00BF
202 ntsethigheventpair
0x00c0
N / a N / A 203 NtSethighWaitLowEventpair
0x00cl
N / a n / a 204 ntsetlnformationfile
0x00c2
205 ntsetlnformationJobiBObject
0x00c3
N / a n / a 206 ntsetlnformationKey
0x00c4
N / a n / a 207 ntsetlnformationObject
0x00c5
N / a
208 ntsetlnformationProcess
0x00c6
209 NtsetlnFormationthread
0x00c7
210 NtsetlnFormationToken
0x00c8
N / a n / a 211 ntsetlntervalprofile
0x00c9
N / a n / a 212 ntsetlocompletion
0x00b9
N / a n / a 213 ntsetldtence
0x00ca
N / a n / a 214 ntsetloweventpair
0x00cb
N / a n / a 215 ntsetlowwaithigheventpair
0x00cc
N / a n / a 216 ntsetquotalnformationfile
0x00cd
N / A 217 NTSETSECURITYOBJECT
0x00CE
218 Ntsetystemenvironment Value
0x00cf
N / a n / a 219 ntsetsystemlnformation
0x00D0
N / a
220 ntsetsystempowerstate
0x00dl
N / a n / a 221 ntsetsystemTIME
0x00d2
N / a
222 NtSetthReadexecutionState
0x00d3
N / a n / a 223 ntsettimer
0x00d4
N / a
224 ntsettimerresolution0x00d5
N / a n / a 225 ntsetuiDseed
0x00D6
N / a N / a 226 NtSetValueKey
0x00d7
N / a
227 NtSetvoluMelnformationFile
0x00D8
228 NTSHUTDOWNSYSTEM
0x00d9
N / a N / a 229 NTSIGNAlandWaitForsingleObject
0x00da
N / a N / a 230 NTStartProfile
0x00db
N / a N / a 231 NTSTOPPROFILE
0x00dc
N / a n / a 232 ntspendthread
0x00dd
N / a N / a 233 NTSYSTEMDEBUGCONTROL
0x00de
N / a N / a 234 NTTERMINATEJOBOBJECT
0x00DF
N / a N / a 235 NTTERMINATEPROCESS
0x00e0
N / a
236 NTTERMINATTHREAD
0x00l
N / a N / a 237 NTTestalert
0x00e2
N / a N / a 238 NTUNLOADDRIVER
0x00e3
N / a
239 NTUNLOADKEY
0x00e4
N / a
240 NTUNLOCKFILE
0x00e5
N / a 241 NTUNLOCKVIRTUALMEMORY
0x00e6
N / a N / a 242 NTUNMAPVIEWOFSECTION
0x00e7
N / a
243 NTVDMControl
0x00e8
N / A 244 NTWAITFORMULTIPLEOBJECTS
0x00e9
N / a
245 NTWAITFORSINGLEOBJECT
0x00ea
246 ntwaithigheventpair
0x00eb
N / a N / a 247 NTWAITLOWEVENTPAIR
0x00ec
N / a N / a 248 NTWRITEFILE
0x00ed
249 NTWRITEFILEGATHER
0x00ee
N / a N / a 250 NTWriteRequestData
0x00ef
N / a N / a 251 NTWRITEVIRTUALMEMORY
0x00F0
N / a N / a 252 NTYIELDEXECUTION
0x00f7
N / a
