Apps calling unsupported ZwXxx routines

Artikel
05/07/2007

The ZwXxx routines provide a set of system entry points that parallel some of the executive's system services.

I have seen some apps calling unsupported ZwXxx routines. They run the risk of breaking between new versions of Windows when those change or are deprecated.

Calling a ZwXxx routine from user mode is not supported; instead, native applications (applications that bypass the Microsoft Win32 subsystem) should use the NtXxx equivalent of the ZwXxx routine.

Below is a list of supported ZwXxx routines got from here:

ZwAllocateLocallyUniqueId
ZwClose
ZwCreateDirectoryObject
ZwCreateFile
ZwCreateKey
ZwCreateSection
ZwDeleteKey
ZwDeleteValueKey
ZwEnumerateKey
ZwEnumerateValueKey
ZwFlushKey
ZwMakeTemporaryObject
ZwMapViewOfSection
ZwOpenEvent
ZwOpenFile
ZwOpenKey
ZwOpenProcess
ZwOpenSymbolicLinkObject
ZwQueryInformationFile
ZwQueryKey
ZwQuerySymbolicLinkObject
ZwQueryValueKey
ZwReadFile
ZwSetInformationFile
ZwSetInformationThread
ZwSetValueKey
ZwTerminateProcess
ZwUnmapViewOfSection
ZwWriteFile

Comments

Anonymous
October 30, 2007
Is there a list available for the Zwxx routines that are not supported or will break in Vista?

Freigeben über

Apps calling unsupported ZwXxx routines

Comments

Zusätzliche Ressourcen