Sdílet prostřednictvím


Apps calling unsupported ZwXxx routines

The ZwXxx routines provide a set of system entry points that parallel some of the executive's system services.

 I have seen some apps calling unsupported  ZwXxx routines. They run the risk of breaking between new versions of Windows when those change or are deprecated.

Calling a ZwXxx routine from user mode is not supported; instead, native applications (applications that bypass the Microsoft Win32 subsystem) should use the NtXxx equivalent of the ZwXxx routine.

 Below is a list of supported ZwXxx routines got from here:

ZwAllocateLocallyUniqueId
ZwClose
ZwCreateDirectoryObject
ZwCreateFile
ZwCreateKey
ZwCreateSection
ZwDeleteKey
ZwDeleteValueKey
ZwEnumerateKey
ZwEnumerateValueKey
ZwFlushKey
ZwMakeTemporaryObject
ZwMapViewOfSection
ZwOpenEvent
ZwOpenFile
ZwOpenKey
ZwOpenProcess
ZwOpenSymbolicLinkObject
ZwQueryInformationFile
ZwQueryKey
ZwQuerySymbolicLinkObject
ZwQueryValueKey
ZwReadFile
ZwSetInformationFile
ZwSetInformationThread
ZwSetValueKey
ZwTerminateProcess
ZwUnmapViewOfSection
ZwWriteFile

Comments

  • Anonymous
    October 30, 2007
    Is there a list available for the Zwxx routines that are not supported or will break in Vista?