Home > Reverse Engineering, Windows > API Changes in Windows 7

API Changes in Windows 7

February 1st, 2009

I recently installed the Windows 7 x64 public beta and was having a look for API changes. I have gone through ntdll.dll, kernel32.dll, and user32.dll from the syswow64 folder (I know IA-32 ASM better than AMD64) and compared all the exports to those from Windows Server 2008 in order to pull out any changes. I figured this would be of use to curious people (like me) who are also lazy (like me). The results are posted below.

The lists include both new and new apis, and ones that  have been modified slightly (ie the kernel32.dll calls that are forwarded). 

Kernel32:

AddIntegrityLabelToBoundaryDescriptor

BaseCheckAppcompatCacheEx

BaseDllReadWriteIniFile

BaseFormatObjectAttributes

BaseFormatTimeOut

BaseGetNamedObjectDirectory

BaseSetLastNTError

BaseVerifyUnicodeString

Basep8BitStringToDynamicUnicodeString

BasepAllocateActivationContextActivationBlock

BasepAnsiStringToDynamicUnicodeString

BasepFreeActivationContextActivationBlock

BasepIsRealtimeAllowed

BasepMapModuleHandle

CallbackMayRunLong

CallbackMayRunLong (forwarded to NTDLL.TpCallbackMayRunLong)

CopyExtendedContext

CreateRemoteThreadEx (forwarded to Microsoft-Windows-System-Process-ProcessThreads-L1-1-0.CreateRemoteThreadEx)

DeleteProcThreadAttributeList

DeleteProcThreadAttributeList (forwarded to Microsoft-Windows-System-Process-ProcessThreads-L1-1-0.DeleteProcThreadAttributeList)

FindStringOrdinal

GetActiveProcessorCount

GetActiveProcessorGroupCount

GetCPFileNameFromRegistry

GetCurrentProcessorNumber (forwarded to NTDLL.NtGetCurrentProcessorNumber)

GetCurrentProcessorNumber (forwarded to NTDLL.RtlGetCurrentProcessorNumber)

GetCurrentProcessorNumberEx (forwarded to NTDLL.RtlGetCurrentProcessorNumberEx)

GetEnabledExtendedFeatures (forwarded to MICROSOFT-WINDOWS-SYSTEM-XSTATE-L1-1-0.RtlGetEnabledExtendedFeatures)

GetEraNameCountedString

GetExtendedContextLength (forwarded to MICROSOFT-WINDOWS-SYSTEM-XSTATE-L1-1-0.RtlGetExtendedContextLength)

GetExtendedFeaturesMask (forwarded to MICROSOFT-WINDOWS-SYSTEM-XSTATE-L1-1-0.RtlGetExtendedFeaturesMask)

GetLogicalProcessorInformationEx (forwarded to Microsoft-Windows-System-SysInfo-L1-1-0.GetLogicalProcessorInformationEx)

GetMaximumProcessorCount

GetMaximumProcessorGroupCount

GetNumaAvailableMemoryNodeEx

GetNumaNodeNumberFromHandle

GetNumaNodeProcessorMaskEx

GetNumaProcessorNodeEx

GetNumaProximityNodeEx

GetProcessGroupAffinity

GetProcessPreferredUILanguages

GetProcessorSystemCycleTime

GetSystemInfoInternal

GetThreadErrorMode

GetThreadGroupAffinity

GetThreadIdealProcessorEx

InitializeExtendedContext

InitializeProcThreadAttributeList

InitializeProcThreadAttributeList (forwarded to Microsoft-Windows-System-Process-ProcessThreads-L1-1-0.InitializeProcThreadAttributeList)

K32EmptyWorkingSet

K32EnumDeviceDrivers

K32EnumPageFilesA

K32EnumPageFilesW

K32EnumProcessModules

K32EnumProcessModulesEx

K32EnumProcesses

K32GetDeviceDriverBaseNameA

K32GetDeviceDriverBaseNameW

K32GetDeviceDriverFileNameA

K32GetDeviceDriverFileNameW

K32GetMappedFileNameA

K32GetMappedFileNameW

K32GetModuleBaseNameA

K32GetModuleBaseNameW

K32GetModuleFileNameExA

K32GetModuleFileNameExW

K32GetModuleInformation

K32GetPerformanceInfo

K32GetProcessImageFileNameA

K32GetProcessImageFileNameW

K32GetProcessMemoryInfo

K32GetWsChanges

K32GetWsChangesEx

K32InitializeProcessForWsWatch

K32QueryWorkingSet

K32QueryWorkingSetEx

LoadAppInitDlls

LocateExtendedFeature (forwarded to MICROSOFT-WINDOWS-SYSTEM-XSTATE-L1-1-0.RtlLocateExtendedFeature)

LocateLegacyContext (forwarded to MICROSOFT-WINDOWS-SYSTEM-XSTATE-L1-1-0.RtlLocateLegacyContext)

NlsConvertIntegerToString

NotifyMountMgr

PowerClearRequest

PowerCreateRequest

PowerSetRequest

QueryIdleProcessorCycleTimeEx

QueryThreadpoolStackInformation

QueryUnbiasedInterruptTime

RaiseFailFastException

ResolveLocaleName

RtlCaptureContext

RtlCaptureContext (forwarded to NTDLL.RtlCaptureContext)

RtlCaptureStackBackTrace

RtlCaptureStackBackTrace (forwarded to NTDLL.RtlCaptureStackBackTrace)

RtlFillMemory

RtlFillMemory (forwarded to NTDLL.RtlFillMemory)

RtlUnwind

RtlUnwind (forwarded to NTDLL.RtlUnwind)

SetExtendedFeaturesMask (forwarded to MICROSOFT-WINDOWS-SYSTEM-XSTATE-L1-1-0.RtlSetExtendedFeaturesMask)

SetProcessPreferredUILanguages

SetSearchPathMode

SetThreadErrorMode

SetThreadGroupAffinity

SetThreadIdealProcessorEx

SetThreadpoolStackInformation

SetWaitableTimerEx (forwarded to Microsoft-Windows-System-ThreadPool-L1-1-0.SetWaitableTimerEx)

SortCloseHandle

SortGetHandle

TryAcquireSRWLockExclusive (forwarded to NTDLL.RtlTryAcquireSRWLockExclusive)

TryAcquireSRWLockShared (forwarded to NTDLL.RtlTryAcquireSRWLockShared)

UpdateProcThreadAttribute

UpdateProcThreadAttribute (forwarded to Microsoft-Windows-System-Process-ProcessThreads-L1-1-0.UpdateProcThreadAttribute)

WerRegisterRuntimeExceptionModule

WerUnregisterRuntimeExceptionModule

 

User32:

CalculatePopupWindowPosition

ChangeWindowMessageFilterEx

CheckImeHotKey

CloseGestureInfoHandle

CloseTouchInputHandle

ConsoleControl

ControlMagnification

DisplayConfigGetDeviceInfo

DisplayConfigSetDeviceInfo

DwmGetDxRgn

DwmGetDxSharedSurface

DwmHintDxUpdate

GestureCommand

GetDisplayConfigBufferSizes

GetGestureCommandInfo

GetGestureConfig

GetGestureExtraArgs

GetGestureInfo

GetImeHotKey

GetInputLocaleInfo

GetMagnificationDesktopColorEffect

GetMagnificationDesktopMagnification

GetMagnificationLensCtxInformation

GetServicesProcess

GetTopLevelWindow

GetTouchInputInfo

GetWindowCompositionAttribute

GetWindowCompositionInfo

GetWindowDisplayAffinity

IsTopLevelWindow

IsTouchWindow

NotifyOverlayWindow

QueryDisplayConfig

RegisterGestureHandlerWindow

RegisterTouchWindow

SetConsoleReserveKeys

SetDisplayConfig

SetGestureConfig

SetMagnificationDesktopColorEffect

SetMagnificationDesktopMagnification

SetMagnificationLensCtxInformation

SetWindowCompositionAttribute

SetWindowDisplayAffinity

SfmDxBindSwapChain

SfmDxGetSwapChainStats

SfmDxOpenSwapChain

SfmDxQuerySwapChainBindingStatus

SfmDxReleaseSwapChain

SfmDxSetSwapChainStats

UnregisterGestureHandlerWindow

UnregisterTouchWindow

VRipOutput

VTagOutput

Win32PoolAllocationStats

gSharedInfo

gapfnScSendMessage

 

Ntdll:

AlpcRundownCompletionList

EtwEventWriteEx

EtwEventWriteNoRegistration

EvtIntReportAuthzEventAndSourceAsync

EvtIntReportEventAndSourceAsync

LdrGetDllHandleByMapping

LdrGetDllHandleByName

LdrResGetRCConfig

LdrRscIsTypeExist

LdrpResGetRCConfig

NtAllocateReserveObject

NtCancelDeviceWakeupRequest

NtCreateProfileEx

NtDisableLastKnownGood

NtDrawText

NtEnableLastKnownGood

NtNotifyChangeSession

NtOpenKeyEx

NtOpenKeyTransactedEx

NtQuerySecurityAttributesToken

NtQuerySystemInformationEx

NtQueueApcThreadEx

NtRequestDeviceWakeup

NtRequestWakeupLatency

NtSerializeBoot

NtSetIoCompletionEx

NtSetTimerEx

NtUmsThreadYield

NtWow64GetCurrentProcessorNumberEx

NtWow64InterlockedPopEntrySList

RtlAcquireReleaseSRWLockExclusive

RtlAddIntegrityLabelToBoundaryDescriptor

RtlContractHashTable

RtlCopyExtendedContext

RtlCreateHashTable

RtlCreateProcessReflection

RtlCreateVirtualAccountSid

RtlDeleteHashTable

RtlDetectHeapLeaks

RtlDisableThreadProfiling

RtlEnableThreadProfiling

RtlEndEnumerationHashTable

RtlEndWeakEnumerationHashTable

RtlEnumerateEntryHashTable

RtlEthernetAddressToStringA

RtlEthernetAddressToStringW

RtlEthernetStringToAddressA

RtlEthernetStringToAddressW

RtlExpandHashTable

RtlFillMemoryUlonglong

RtlGetCurrentProcessorNumberEx

RtlGetEnabledExtendedFeatures

RtlGetExtendedContextLength

RtlGetExtendedFeaturesMask

RtlGetFullPathName_UEx

RtlGetLocaleFileMappingAddress

RtlGetNextEntryHashTable

RtlGetProcessPreferredUILanguages

RtlInitEnumerationHashTable

RtlInitWeakEnumerationHashTable

RtlInitializeExtendedContext

RtlInsertEntryHashTable

RtlInterlockedClearBitRun

RtlInterlockedSetBitRun

RtlIsNameInExpression

RtlKnownExceptionFilter

RtlLoadString

RtlLocateExtendedFeature

RtlLocateLegacyContext

RtlLookupEntryHashTable

RtlQueryPerformanceCounter

RtlQueryPerformanceFrequency

RtlQueryThreadProfiling

RtlReadThreadProfilingData

RtlRemoveEntryHashTable

RtlReplaceSidInSd

RtlReportSilentProcessExit

RtlReportSqmEscalation

RtlSetExtendedFeaturesMask

RtlSetProcessPreferredUILanguages

RtlTryAcquireSRWLockExclusive

RtlTryAcquireSRWLockShared

RtlUTF8ToUnicodeN

RtlUnicodeToUTF8N

RtlWeaklyEnumerateEntryHashTable

SbExecuteProcedure

SbSelectProcedure

TpAllocAlpcCompletionEx

TpAlpcRegisterCompletionList

TpAlpcUnregisterCompletionList

TpCallbackIndependent

TpDbgGetFreeInfo

TpDisablePoolCallbackChecks

TpPoolFreeUnusedNodes

TpQueryPoolStackInformation

TpSetDefaultPoolMaxThreads

TpSetDefaultPoolStackInformation

TpSetPoolStackInformation

WerCheckEventEscalation

WerReportWatsonEvent

WinSqmAddToAverageDWORD

WinSqmAddToStreamEx

WinSqmCheckEscalationAddToStreamEx

WinSqmCheckEscalationSetDWORD

WinSqmCheckEscalationSetDWORD64

WinSqmCheckEscalationSetString

WinSqmCommonDatapointDelete

WinSqmCommonDatapointSetDWORD

WinSqmCommonDatapointSetDWORD64

WinSqmCommonDatapointSetStreamEx

WinSqmCommonDatapointSetString

WinSqmGetEscalationRuleStatus

WinSqmGetInstrumentationProperty

WinSqmIncrementDWORD

WinSqmIsOptedInEx

WinSqmSetDWORD

WinSqmSetDWORD64

WinSqmSetEscalationInfo

WinSqmSetIfMaxDWORD

WinSqmSetIfMinDWORD

ZwAllocateReserveObject

ZwCancelDeviceWakeupRequest

ZwCreateProfileEx

ZwDisableLastKnownGood

ZwDrawText

ZwEnableLastKnownGood

ZwNotifyChangeSession

ZwOpenKeyEx

ZwOpenKeyTransactedEx

ZwQuerySecurityAttributesToken

ZwQuerySystemInformationEx

ZwQueueApcThreadEx

ZwRequestDeviceWakeup

ZwRequestWakeupLatency

ZwSerializeBoot

ZwSetIoCompletionEx

ZwSetTimerEx

ZwUmsThreadYield

ZwWow64GetCurrentProcessorNumberEx

ZwWow64InterlockedPopEntrySList

Cypher Reverse Engineering, Windows ,

  1. No comments yet.
  1. No trackbacks yet.