I'd love to know where some of the hidden functions that aren't officially in the open kernel are documented.
The current WinAPI and NTAPI documentation lacks these functions.
#include <ntapi.h>
Nothing is even documented in the files.
Asked
Active
Viewed 892 times
0
Paul R
- 208,748
- 37
- 389
- 560
man of asdf
- 111
- 7
-
1Am I understanding your question correctly? You are asking where to get official documentation for the functions that aren't officially acknowledged to exist? – Ben Voigt May 21 '19 at 02:18
-
*Please tell me where to find the documentation for the undocumented, unofficial, hidden functions.* Does that sound logical to you? You do understand that **undocumented** means **without documentation**, right? – Ken White May 21 '19 at 02:21
1 Answers
1
There are plenty of functions in the NTAPI that are not documented. Primarily because they could be subject to change at any point during Microsoft's implementation. An example like NtCreateProcess I believe is undocumented. NtQueryProcessInformation. NtdelayExecution. Many many more. One area you can look for undocumented functions is here. NtInternals Also reversing kernel modules or even ntdll can help you discover some undocumented functions.
Irelia
- 3,407
- 2
- 10
- 31