Windows X86 System Call Table (NT/2000/XP/2003/Vista/7/8/10)

Author: Mateusz "j00ru" Jurczyk (j00ru.vx tech blog)

See also: Windows System Call Tables in CSV/JSON formats on GitHub

Special thanks to: MeMek, Wandering Glitch

Layout by Metasploit Team

NtAcceptConnectPort

NtAccessCheck

NtAccessCheckAndAuditAlarm

NtAccessCheckByType

NtAccessCheckByTypeAndAuditAlarm

NtAccessCheckByTypeResultList

NtAccessCheckByTypeResultListAndAuditAlarm

NtAccessCheckByTypeResultListAndAuditAlarmByHandle

NtAcquireCMFViewOwnership

NtAcquireCrossVmMutant

NtAcquireProcessActivityReference

NtAddAtom

NtAddAtomEx

NtAddBootEntry

NtAddDriverEntry

NtAdjustGroupsToken

NtAdjustPrivilegesToken

NtAdjustTokenClaimsAndDeviceGroups

NtAlertResumeThread

NtAlertThread

NtAlertThreadByThreadId

NtAllocateLocallyUniqueId

NtAllocateReserveObject

NtAllocateUserPhysicalPages

NtAllocateUserPhysicalPagesEx

NtAllocateUuids

NtAllocateVirtualMemory

NtAllocateVirtualMemoryEx

NtAlpcAcceptConnectPort

NtAlpcCancelMessage

NtAlpcConnectPort

NtAlpcConnectPortEx

NtAlpcCreatePort

NtAlpcCreatePortSection

NtAlpcCreateResourceReserve

NtAlpcCreateSectionView

NtAlpcCreateSecurityContext

NtAlpcDeletePortSection

NtAlpcDeleteResourceReserve

NtAlpcDeleteSectionView

NtAlpcDeleteSecurityContext

NtAlpcDisconnectPort

NtAlpcImpersonateClientContainerOfPort

NtAlpcImpersonateClientOfPort

NtAlpcOpenSenderProcess

NtAlpcOpenSenderThread

NtAlpcQueryInformation

NtAlpcQueryInformationMessage

NtAlpcRevokeSecurityContext

NtAlpcSendWaitReceivePort

NtAlpcSetInformation

NtApphelpCacheControl

NtAreMappedFilesTheSame

NtAssignProcessToJobObject

NtAssociateWaitCompletionPacket

NtCallEnclave

NtCallbackReturn

NtCancelDeviceWakeupRequest

NtCancelIoFile

NtCancelIoFileEx

NtCancelSynchronousIoFile

NtCancelTimer

NtCancelTimer2

NtCancelWaitCompletionPacket

NtClearAllSavepointsTransaction

NtClearEvent

NtClearSavepointTransaction

NtClose

NtCloseObjectAuditAlarm

NtCommitComplete

NtCommitEnlistment

NtCommitRegistryTransaction

NtCommitTransaction

NtCompactKeys

NtCompareObjects

NtCompareSigningLevels

NtCompareTokens

NtCompleteConnectPort

NtCompressKey

NtConnectPort

NtContinue

NtContinueEx

NtConvertBetweenAuxiliaryCounterAndPerformanceCounter

NtCopyFileChunk

NtCreateChannel

NtCreateCrossVmEvent

NtCreateCrossVmMutant

NtCreateDebugObject

NtCreateDirectoryObject

NtCreateDirectoryObjectEx

NtCreateEnclave

NtCreateEnlistment

NtCreateEvent

NtCreateEventPair

NtCreateFile

NtCreateIRTimer

NtCreateIoCompletion

NtCreateJobObject

NtCreateJobSet

NtCreateKey

NtCreateKeyTransacted

NtCreateKeyedEvent

NtCreateLowBoxToken

NtCreateMailslotFile

NtCreateMutant

NtCreateNamedPipeFile

NtCreatePagingFile

NtCreatePartition

NtCreatePort

NtCreatePrivateNamespace

NtCreateProcess

NtCreateProcessEx

NtCreateProfile

NtCreateProfileEx

NtCreateRegistryTransaction

NtCreateResourceManager

NtCreateSection

NtCreateSectionEx

NtCreateSemaphore

NtCreateSymbolicLinkObject

NtCreateThread

NtCreateThreadEx

NtCreateTimer

NtCreateTimer2

NtCreateToken

NtCreateTokenEx

NtCreateTransaction

NtCreateTransactionManager

NtCreateUserProcess

NtCreateWaitCompletionPacket

NtCreateWaitablePort

NtCreateWinStation

NtCreateWnfStateName

NtCreateWorkerFactory

NtDebugActiveProcess

NtDebugContinue

NtDelayExecution

NtDeleteAtom

NtDeleteBootEntry

NtDeleteDriverEntry

NtDeleteFile

NtDeleteKey

NtDeleteObjectAuditAlarm

NtDeletePrivateNamespace

NtDeleteValueKey

NtDeleteWnfStateData

NtDeleteWnfStateName

NtDeviceIoControlFile

NtDirectGraphicsCall

NtDisableLastKnownGood

NtDisplayString

NtDrawText

NtDuplicateObject

NtDuplicateToken

NtEnableLastKnownGood

NtEnumerateBootEntries

NtEnumerateBus

NtEnumerateDriverEntries

NtEnumerateKey

NtEnumerateSystemEnvironmentValuesEx

NtEnumerateTransactionObject

NtEnumerateValueKey

NtExtendSection

NtFilterBootOption

NtFilterToken

NtFilterTokenEx

NtFindAtom

NtFlushBuffersFile

NtFlushBuffersFileEx

NtFlushInstallUILanguage

NtFlushInstructionCache

NtFlushKey

NtFlushProcessWriteBuffers

NtFlushVirtualMemory

NtFlushWriteBuffer

NtFreeUserPhysicalPages

NtFreeVirtualMemory

NtFreezeRegistry

NtFreezeTransactions

NtFsControlFile

NtGetCachedSigningLevel

NtGetCompleteWnfStateSubscription

NtGetContextThread

NtGetCurrentProcessorNumber

NtGetCurrentProcessorNumberEx

NtGetDevicePowerState

NtGetMUIRegistryInfo

NtGetNextProcess

NtGetNextThread

NtGetNlsSectionPtr

NtGetNotificationResourceManager

NtGetPlugPlayEvent

NtGetTickCount

NtGetWriteWatch

NtImpersonateAnonymousToken

NtImpersonateClientOfPort

NtImpersonateThread

NtInitializeEnclave

NtInitializeNlsFiles

NtInitializeRegistry

NtInitializeVDM

NtInitiatePowerAction

NtIsProcessInJob

NtIsSystemResumeAutomatic

NtIsUILanguageComitted

NtListTransactions

NtListenChannel

NtListenPort

NtLoadDriver

NtLoadEnclaveData

NtLoadHotPatch

NtLoadKey

NtLoadKey2

NtLoadKey3

NtLoadKeyEx

NtLockFile

NtLockProductActivationKeys

NtLockRegistryKey

NtLockVirtualMemory

NtMakePermanentObject

NtMakeTemporaryObject

NtManageHotPatch

NtManagePartition

NtMapCMFModule

NtMapUserPhysicalPages

NtMapUserPhysicalPagesScatter

NtMapViewOfSection

NtMapViewOfSectionEx

NtMarshallTransaction

NtModifyBootEntry

NtModifyDriverEntry

NtNotifyChangeDirectoryFile

NtNotifyChangeDirectoryFileEx

NtNotifyChangeKey

NtNotifyChangeMultipleKeys

NtNotifyChangeSession

NtOpenChannel

NtOpenDirectoryObject

NtOpenEnlistment

NtOpenEvent

NtOpenEventPair

NtOpenFile

NtOpenIoCompletion

NtOpenJobObject

NtOpenKey

NtOpenKeyEx

NtOpenKeyTransacted

NtOpenKeyTransactedEx

NtOpenKeyedEvent

NtOpenMutant

NtOpenObjectAuditAlarm

NtOpenPartition

NtOpenPrivateNamespace

NtOpenProcess

NtOpenProcessToken

NtOpenProcessTokenEx

NtOpenRegistryTransaction

NtOpenResourceManager

NtOpenSection

NtOpenSemaphore

NtOpenSession

NtOpenSymbolicLinkObject

NtOpenThread

NtOpenThreadToken

NtOpenThreadTokenEx

NtOpenTimer

NtOpenTransaction

NtOpenTransactionManager

NtOpenWinStation

NtPlugPlayControl

NtPowerInformation

NtPrePrepareComplete

NtPrePrepareEnlistment

NtPrepareComplete

NtPrepareEnlistment

NtPrivilegeCheck

NtPrivilegeObjectAuditAlarm

NtPrivilegedServiceAuditAlarm

NtPropagationComplete

NtPropagationFailed

NtProtectVirtualMemory

NtPssCaptureVaSpaceBulk

NtPullTransaction

NtPulseEvent

NtQueryAttributesFile

NtQueryAuxiliaryCounterFrequency

NtQueryBootEntryOrder

NtQueryBootOptions

NtQueryDebugFilterState

NtQueryDefaultLocale

NtQueryDefaultUILanguage

NtQueryDirectoryFile

NtQueryDirectoryFileEx

NtQueryDirectoryObject

NtQueryDriverEntryOrder

NtQueryEaFile

NtQueryEvent

NtQueryFullAttributesFile

NtQueryInformationAtom

NtQueryInformationByName

NtQueryInformationEnlistment

NtQueryInformationFile

NtQueryInformationJobObject

NtQueryInformationPort

NtQueryInformationProcess

NtQueryInformationResourceManager

NtQueryInformationThread

NtQueryInformationToken

NtQueryInformationTransaction

NtQueryInformationTransactionManager

NtQueryInformationWorkerFactory

NtQueryInstallUILanguage

NtQueryIntervalProfile

NtQueryIoCompletion

NtQueryKey

NtQueryLicenseValue

NtQueryMultipleValueKey

NtQueryMutant

NtQueryObject

NtQueryOleDirectoryFile

NtQueryOpenSubKeys

NtQueryOpenSubKeysEx

NtQueryPerformanceCounter

NtQueryPortInformationProcess

NtQueryQuotaInformationFile

NtQuerySection

NtQuerySecurityAttributesToken

NtQuerySecurityObject

NtQuerySecurityPolicy

NtQuerySemaphore

NtQuerySymbolicLinkObject

NtQuerySystemEnvironmentValue

NtQuerySystemEnvironmentValueEx

NtQuerySystemInformation

NtQuerySystemInformationEx

NtQuerySystemTime

NtQueryTimer

NtQueryTimerResolution

NtQueryValueKey

NtQueryVirtualMemory

NtQueryVolumeInformationFile

NtQueryWinStationInformation

NtQueryWnfStateData

NtQueryWnfStateNameInformation

NtQueueApcThread

NtQueueApcThreadEx

NtQueueApcThreadEx2

NtRaiseException

NtRaiseHardError

NtReadFile

NtReadFileScatter

NtReadOnlyEnlistment

NtReadRequestData

NtReadVirtualMemory

NtRecoverEnlistment

NtRecoverResourceManager

NtRecoverTransactionManager

NtRegisterNewDevice

NtRegisterProtocolAddressInformation

NtRegisterThreadTerminatePort

NtReleaseCMFViewOwnership

NtReleaseKeyedEvent

NtReleaseMutant

NtReleaseProcessMutant

NtReleaseSemaphore

NtReleaseWorkerFactoryWorker

NtRemoveIoCompletion

NtRemoveIoCompletionEx

NtRemoveProcessDebug

NtRenameKey

NtRenameTransactionManager

NtRenameValueKey

NtReplaceKey

NtReplacePartitionUnit

NtReplyPort

NtReplyWaitReceivePort

NtReplyWaitReceivePortEx

NtReplyWaitReplyPort

NtReplyWaitSendChannel

NtRequestDeviceWakeup

NtRequestPort

NtRequestWaitReplyPort

NtRequestWakeupLatency

NtResetEvent

NtResetWriteWatch

NtRestoreKey

NtResumeProcess

NtResumeThread

NtRevertContainerImpersonation

NtRollbackComplete

NtRollbackEnlistment

NtRollbackRegistryTransaction

NtRollbackSavepointTransaction

NtRollbackTransaction

NtRollforwardTransactionManager

NtSaveKey

NtSaveKeyEx

NtSaveMergedKeys

NtSavepointComplete

NtSavepointTransaction

NtSecureConnectPort

NtSendWaitReplyChannel

NtSerializeBoot

NtSetBootEntryOrder

NtSetBootOptions

NtSetCachedSigningLevel

NtSetCachedSigningLevel2

NtSetContextChannel

NtSetContextThread

NtSetDebugFilterState

NtSetDefaultHardErrorPort

NtSetDefaultLocale

NtSetDefaultUILanguage

NtSetDriverEntryOrder

NtSetEaFile

NtSetEvent

NtSetEventBoostPriority

NtSetHighEventPair

NtSetHighWaitLowEventPair

NtSetHighWaitLowThread

NtSetIRTimer

NtSetInformationDebugObject

NtSetInformationEnlistment

NtSetInformationFile

NtSetInformationJobObject

NtSetInformationKey

NtSetInformationObject

NtSetInformationProcess

NtSetInformationResourceManager

NtSetInformationSymbolicLink

NtSetInformationThread

NtSetInformationToken

NtSetInformationTransaction

NtSetInformationTransactionManager

NtSetInformationVirtualMemory

NtSetInformationWorkerFactory

NtSetIntervalProfile

NtSetIoCompletion

NtSetIoCompletionEx

NtSetLdtEntries

NtSetLowEventPair

NtSetLowWaitHighEventPair

NtSetLowWaitHighThread

NtSetQuotaInformationFile

NtSetSecurityObject

NtSetSystemEnvironmentValue

NtSetSystemEnvironmentValueEx

NtSetSystemInformation

NtSetSystemPowerState

NtSetSystemTime

NtSetThreadExecutionState

NtSetTimer

NtSetTimer2

NtSetTimerEx

NtSetTimerResolution

NtSetUuidSeed

NtSetValueKey

NtSetVolumeInformationFile

NtSetWinStationInformation

NtSetWnfProcessNotificationEvent

NtShutdownSystem

NtShutdownWorkerFactory

NtSignalAndWaitForSingleObject

NtSinglePhaseReject

NtStartProfile

NtStartTm

NtStopProfile

NtSubscribeWnfStateChange

NtSuspendProcess

NtSuspendThread

NtSystemDebugControl

NtTerminateEnclave

NtTerminateJobObject

NtTerminateProcess

NtTerminateThread

NtTestAlert

NtThawRegistry

NtThawTransactions

NtTraceControl

NtTraceEvent

NtTranslateFilePath

NtUmsThreadYield

NtUnloadDriver

NtUnloadKey

NtUnloadKey2

NtUnloadKeyEx

NtUnlockFile

NtUnlockVirtualMemory

NtUnmapViewOfSection

NtUnmapViewOfSectionEx

NtUnsubscribeWnfStateChange

NtUpdateWnfStateData

NtVdmControl

NtVdmStartExecution

NtW32Call

NtWaitForAlertByThreadId

NtWaitForDebugEvent

NtWaitForKeyedEvent

NtWaitForMultipleObjects

NtWaitForMultipleObjects32

NtWaitForProcessMutant

NtWaitForSingleObject

NtWaitForWnfNotifications

NtWaitForWorkViaWorkerFactory

NtWaitHighEventPair

NtWaitLowEventPair

NtWorkerFactoryWorkerReady

NtWriteErrorLogEntry

NtWriteFile

NtWriteFileGather

NtWriteRequestData

NtWriteVirtualMemory

NtYieldExecution