gpt4 book ai didi

Windows native API : When and why use Zw vs Nt prefixed api calls?

转载 作者:可可西里 更新时间:2023-11-01 12:40:38 37 4
gpt4 key购买 nike

在 native API 中,Microsoft 为每个 API 调用导出两个版本,一个以 Zw 为前缀,一个以 Nt 为前缀,例如。 ZwCreateThread 和 NtCreateThread。

我的问题是这两个版本的调用之间有什么区别,什么时候以及为什么应该专门使用 Zw 或 Nt?据我了解,Zw 版本确保调用者驻留在内核模式下,而 Nt 则不然。

我也想知道 Zw 和 Nt 前缀/缩写的具体含义?可以猜测 Nt 可能是指 NT(新技术)Windows 系列或 Native(可能不是)?至于Zw,它代表什么吗?

最佳答案

更新:

除了 Larry Osterman 的回答(你应该绝对阅读)之外,还有一件事我应该提到:

由于 NtXxx 变体会像调用来自用户模式一样执行检查,这意味着传递给 NtXxs 函数的任何缓冲区必须驻留在用户模式地址空间中,而不是内核模式 .因此,如果您在驱动程序中调用类似 NtCreateFile 的函数并将指针传递给内核模式缓冲区,您将因此返回 STATUS_ACCESS_VIOLATION


参见 Using Nt and Zw Versions of the Native System Services Routines .

A kernel-mode driver calls the Zw version of a native system services routine to inform the routine that the parameters come from a trusted, kernel-mode source. In this case, the routine assumes that it can safely use the parameters without first validating them. However, if the parameters might be from either a user-mode source or a kernel-mode source, the driver instead calls the Nt version of the routine, which determines, based on the history of the calling thread, whether the parameters originated in user mode or kernel mode.

Native system services routines make additional assumptions about the parameters that they receive. If a routine receives a pointer to a buffer that was allocated by a kernel-mode driver, the routine assumes that the buffer was allocated in system memory, not in user-mode memory. If the routine receives a handle that was opened by a user-mode application, the routine looks for the handle in the user-mode handle table, not in the kernel-mode handle table.

另外,Zw 不代表任何东西。参见 What Does the Zw Prefix Mean? :

The Windows native system services routines have names that begin with the prefixes Nt and Zw. The Nt prefix is an abbreviation of Windows NT, but the Zw prefix has no meaning. Zw was selected partly to avoid potential naming conflicts with other APIs, and partly to avoid using any potentially useful two-letter prefixes that might be needed in the future.

关于Windows native API : When and why use Zw vs Nt prefixed api calls?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/4770553/

37 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com