The Undocumented Microsoft Functions

About

ATOM_BASIC_INFORMATION

ATOM_INFORMATION_CLASS

ATOM_TABLE_INFORMATION

DbgPrint

DBG_STATE

EVENT_BASIC_INFORMATION

EVENT_INFORMATION_CLASS

EVENT_TYPE

FILE_BASIC_INFORMATION

FILE_BOTH_DIR_INFORMATION

FILE_DIRECTORY_INFORMATION

FILE_FS_ATTRIBUTE_INFORMATION

FILE_FS_CONTROL_INFORMATION

FILE_FS_DEVICE_INFORMATION

FILE_FS_LABEL_INFORMATION

FILE_FS_SIZE_INFORMATION

FILE_FS_VOLUME_INFORMATION

FILE_FULL_DIR_INFORMATION

FILE_FULL_EA_INFORMATION

FILE_GET_EA_INFORMATION

FILE_INFORMATION_CLASS

FILE_INTERNAL_INFORMATION

FILE_LINK_INFORMATION

FILE_NAMES_INFORMATION

FILE_NAME_INFORMATION

FILE_NETWORK_OPEN_INFORMATION

FILE_NOTIFY_INFORMATION

FILE_RENAME_INFORMATION

FS_INFORMATION_CLASS

HARDERROR_MSG

HARDERROR_RESPONSE

HARDERROR_RESPONSE_OPTION

Index

INITIAL_TEB

IO_COMPLETION_BASIC_INFORMATION

IO_COMPLETION_INFORMATION_CLASS

KEY_MULTIPLE_VALUE_INFORMATION

KiUserApcDispatcher

KPROFILE_SOURCE

LdrGetDllHandle

LdrGetProcedureAddress

LdrLoadDll

LdrQueryProcessModuleInformation

LdrShutdownProcess

LdrShutdownThread

LdrUnloadDll

LDR_MODULE

LPC_MESSAGE

LPC_SECTION_MEMORY

LPC_SECTION_OWNER_MEMORY

LPC_TERMINATION_MESSAGE

MEMORY_BASIC_INFORMATION

MEMORY_INFORMATION_CLASS

MUTANT_BASIC_INFORMATION

NtAcceptConnectPort

NtAccessCheck

NtAccessCheckAndAuditAlarm

NtAddAtom

NtAdjustGroupsToken

NtAdjustPrivilegesToken

NtAlertResumeThread

NtAlertThread

NtAllocateLocallyUniqueId

NtAllocateUuids

NtAllocateVirtualMemory

NtCallbackReturn

NtCancelIoFile

NtCancelTimer

NtClearEvent

NtClose

NtCloseObjectAuditAlarm

NtCompactKeys

NtCompleteConnectPort

NtCompressKey

NtConnectPort

NtContinue

NtCreateDirectoryObject

NtCreateEvent

NtCreateEventPair

NtCreateFile

NtCreateIoCompletion

NtCreateKey

NtCreateKeyedEvent

NtCreateMailslotFile

NtCreateMutant

NtCreateNamedPipeFile

NtCreatePagingFile

NtCreatePort

NtCreateProcess

NtCreateProfile

NtCreateSection

NtCreateSemaphore

NtCreateSymbolicLinkObject

NtCreateThread

NtCreateTimer

NtCreateToken

NtCurrentTeb

NtDelayExecution

NtDeleteAtom

NtDeleteFile

NtDeleteKey

NtDeleteObjectAuditAlarm

NtDeleteValueKey

NtDeviceIoControlFile

NtDisplayString

NtDuplicateObject

NtDuplicateToken

NtEnumerateKey

NtEnumerateValueKey

NtExtendSection

NtFindAtom

NtFlushBuffersFile

NtFlushInstructionCache

NtFlushKey

NtFlushVirtualMemory

NtFlushWriteBuffer

NtFreeVirtualMemory

NtFsControlFile

NtGetContextThread

NtGetTickCount

NtImpersonateClientOfPort

NtImpersonateThread

NtListenPort

NtLoadDriver

NtLoadKey

NtLoadKey2

NtLockFile

NtLockVirtualMemory

NtMakeTemporaryObject

NtMapViewOfSection

NtNotifyChangeDirectoryFile

NtNotifyChangeKey

NtOpenDirectoryObject

NtOpenEvent

NtOpenEventPair

NtOpenFile

NtOpenIoCompletion

NtOpenKey

NtOpenKeyedEvent

NtOpenMutant

NtOpenObjectAuditAlarm

NtOpenProcess

NtOpenProcessToken

NtOpenSection

NtOpenSemaphore

NtOpenSymbolicLinkObject

NtOpenThread

NtOpenThreadToken

NtOpenTimer

NtPrivilegeCheck

NtPrivilegedServiceAuditAlarm

NtPrivilegeObjectAuditAlarm

NtProtectVirtualMemory

NtPulseEvent

NtQueryAttributesFile

NtQueryDefaultLocale

NtQueryDirectoryFile

NtQueryDirectoryObject

NtQueryEaFile

NtQueryEvent

NtQueryFullAttributesFile

NtQueryInformationAtom

NtQueryInformationFile

NtQueryInformationPort

NtQueryInformationProcess

NtQueryInformationThread

NtQueryInformationToken

NtQueryIntervalProfile

NtQueryIoCompletion

NtQueryKey

NtQueryMultipleValueKey

NtQueryMutant

NtQueryObject

NtQueryOleDirectoryFile

NtQueryPerformanceCounter

NtQuerySection

NtQuerySecurityObject

NtQuerySemaphore

NtQuerySymbolicLinkObject

NtQuerySystemEnvironmentValue

NtQuerySystemInformation

NtQuerySystemTime

NtQueryTimer

NtQueryTimerResolution

NtQueryValueKey

NtQueryVirtualMemory

NtQueryVolumeInformationFile

NtQueueApcThread

NtRaiseException

NtRaiseHardError

NtReadFile

NtReadFileScatter

NtReadRequestData

NtReadVirtualMemory

NtRegisterThreadTerminatePort

NtReleaseKeyedEvent

NtReleaseMutant

NtReleaseSemaphore

NtRemoveIoCompletion

NtReplaceKey

NtReplyPort

NtReplyWaitReceivePort

NtReplyWaitReplyPort

NtRequestPort

NtRequestWaitReplyPort

NtResetEvent

NtRestoreKey

NtResumeThread

NtSaveKey

NtSetContextThread

NtSetDefaultHardErrorPort

NtSetDefaultLocale

NtSetEaFile

NtSetEvent

NtSetEventBoostPriority

NtSetHighEventPair

NtSetHighWaitLowEventPair

NtSetHighWaitLowThread

NtSetInformationFile

NtSetInformationKey

NtSetInformationObject

NtSetInformationProcess

NtSetInformationThread

NtSetInformationToken

NtSetIntervalProfile

NtSetIoCompletion

NtSetLowEventPair

NtSetLowWaitHighEventPair

NtSetLowWaitHighThread

NtSetSecurityObject

NtSetSystemEnvironmentValue

NtSetSystemInformation

NtSetSystemTime

NtSetTimer

NtSetTimerResolution

NtSetValueKey

NtSetVolumeInformationFile

NtShutdownSystem

NtSignalAndWaitForSingleObject

NtStartProfile

NtStopProfile

NtSuspendThread

NtSystemDebugControl

NtTerminateProcess

NtTerminateThread

NtTestAlert

NtUnloadDriver

NtUnloadKey

NtUnlockFile

NtUnlockVirtualMemory

NtUnmapViewOfSection

NtWaitForKeyedEvent

NtWaitForMultipleObjects

NtWaitForSingleObject

NtWaitHighEventPair

NtWaitLowEventPair

NtWriteFile

NtWriteFileGather

NtWriteRequestData

NtWriteVirtualMemory

NtYieldExecution

OBJDIR_INFORMATION

OBJECT_BASIC_INFORMATION

OBJECT_INFORMATION_CLASS

OBJECT_NAME_INFORMATION

OBJECT_WAIT_TYPE

Other object functions

PEB

PEB_FREE_BLOCK

PEB_LDR_DATA

POOLED_USAGE_AND_LIMITS

PORT_INFORMATION_CLASS

PROCESS_ACCESS_TOKEN

PROCESS_INFORMATION_CLASS

PROCESS_WS_WATCH_INFORMATION

RtlAllocateHeap

RtlCaptureStackBackTrace

RtlCompactHeap

RtlCompressBuffer

RtlCreateEnvironment

RtlCreateHeap

RtlCreateUserProcess

RtlCreateUserThread

RtlDecompressBuffer

RtlDestroyEnvironment

RtlDestroyHeap

RtlEnumProcessHeaps

RtlExpandEnvironmentStrings_U

RtlFormatCurrentUserKeyPath

RtlFreeHeap

RtlGetCallersAddress

RtlGetCompressionWorkSpaceSize

RtlGetProcessHeaps

RtlImageNtHeader

RtlImageRvaToVa

RtlInitializeContext

RtlLockHeap

RtlProtectHeap

RtlQueryEnvironmentVariable_U

RtlReAllocateHeap

RtlSetCurrentEnvironment

RtlSetEnvironmentVariable

RtlSizeHeap

RtlTimeFieldsToTime

RtlTimeToTimeFields

RtlUnlockHeap

RtlValidateHeap

RtlValidateProcessHeaps

RtlWalkHeap

RTL_DRIVE_LETTER_CURDIR

RTL_HEAP_DEFINITION

RTL_USER_PROCESS_INFORMATION

RTL_USER_PROCESS_PARAMETERS

SECTION_BASIC_INFORMATION

SECTION_IMAGE_INFORMATION

SECTION_INFORMATION_CLASS

SECTION_INHERIT

SEMAPHORE_BASIC_INFORMATION

SEMAPHORE_INFORMATION_CLASS

SHUTDOWN_ACTION

SYSDBG_COMMAND

SYSTEM_INFORMATION_CLASS

SYSTEM_MODULE

SYSTEM_MODULE_INFORMATION

SYSTEM_PAGEFILE_INFORMATION

SYSTEM_PROCESS_INFORMATION

SYSTEM_REGISTRY_QUOTA_INFORMATION

SYSTEM_THREAD

TEB

THREAD_BASIC_INFORMATION

THREAD_INFORMATION_CLASS

THREAD_TIMES_INFORMATION

TIMER_BASIC_INFORMATION

TIMER_INFORMATION_CLASS

TIME_FIELDS

url

Very nice, thanks for the post.

There is tons of great information contained here.

Here is ntdll header for C. Has a lot of the functions listed.

Edited October 19, 201014 yr by What

Here is ntdll header for C. Has a lot of the functions listed.

thanx for sharing what.

can you tell me from which source this comes?

can you tell me from which source this comes?

Honestly, I can't remember. I was just searching the web sometime ago, and I came across it and found it useful.

A fair amount of these aren't functions, but definitions for constant values as well as structures. Most of these are defined in the Windows driver development kit (WDK) which you can download from the Microsoft Connect site for free. A lot of these are also documented on MSDN here:
/>http://msdn.microsoft.com/en-us/library/ff557573%28VS.85%29.aspx

You can obtain the WDK here:
/>http://www.microsoft.com/whdc/DevTools/WDK/WDKpkg.mspx