Windows X86 System Call Table (NT/2000/XP/2003/Vista/2008/7/8/10)

Author: Mateusz "j00ru" Jurczyk (j00ru.vx tech blog)

See also: Windows System Call Tables in CSV/JSON formats on GitHub

Special thanks to: MeMek, Wandering Glitch

Windows NT, 2000 syscalls and layout by Metasploit Team

NtAcceptConnectPort

NtAccessCheck

NtAccessCheckAndAuditAlarm

NtAccessCheckByType

NtAccessCheckByTypeAndAuditAlarm

NtAccessCheckByTypeResultList

NtAccessCheckByTypeResultListAndAuditAlarm

NtAccessCheckByTypeResultListAndAuditAlarmByHandle

NtAcquireCMFViewOwnership

NtAcquireProcessActivityReference

NtAddAtom

NtAddAtomEx

NtAddBootEntry

NtAddDriverEntry

NtAdjustGroupsToken

NtAdjustPrivilegesToken

NtAdjustTokenClaimsAndDeviceGroups

NtAlertResumeThread

NtAlertThread

NtAlertThreadByThreadId

NtAllocateLocallyUniqueId

NtAllocateReserveObject

NtAllocateUserPhysicalPages

NtAllocateUuids

NtAllocateVirtualMemory

NtAllocateVirtualMemoryEx

NtAlpcAcceptConnectPort

NtAlpcCancelMessage

NtAlpcConnectPort

NtAlpcConnectPortEx

NtAlpcCreatePort

NtAlpcCreatePortSection

NtAlpcCreateResourceReserve

NtAlpcCreateSectionView

NtAlpcCreateSecurityContext

NtAlpcDeletePortSection

NtAlpcDeleteResourceReserve

NtAlpcDeleteSectionView

NtAlpcDeleteSecurityContext

NtAlpcDisconnectPort

NtAlpcImpersonateClientContainerOfPort

NtAlpcImpersonateClientOfPort

NtAlpcOpenSenderProcess

NtAlpcOpenSenderThread

NtAlpcQueryInformation

NtAlpcQueryInformationMessage

NtAlpcRevokeSecurityContext

NtAlpcSendWaitReceivePort

NtAlpcSetInformation

NtApphelpCacheControl

NtAreMappedFilesTheSame

NtAssignProcessToJobObject

NtAssociateWaitCompletionPacket

NtCallEnclave

NtCallbackReturn

NtCancelDeviceWakeupRequest

NtCancelIoFile

NtCancelIoFileEx

NtCancelSynchronousIoFile

NtCancelTimer

NtCancelTimer2

NtCancelWaitCompletionPacket

NtClearAllSavepointsTransaction

NtClearEvent

NtClearSavepointTransaction

NtClose

NtCloseObjectAuditAlarm

NtCommitComplete

NtCommitEnlistment

NtCommitRegistryTransaction

NtCommitTransaction

NtCompactKeys

NtCompareObjects

NtCompareSigningLevels

NtCompareTokens

NtCompleteConnectPort

NtCompressKey

NtConnectPort

NtContinue

NtConvertBetweenAuxiliaryCounterAndPerformanceCounter

NtCreateChannel

NtCreateCrossVmEvent

NtCreateDebugObject

NtCreateDirectoryObject

NtCreateDirectoryObjectEx

NtCreateEnclave

NtCreateEnlistment

NtCreateEvent

NtCreateEventPair

NtCreateFile

NtCreateIRTimer

NtCreateIoCompletion

NtCreateJobObject

NtCreateJobSet

NtCreateKey

NtCreateKeyTransacted

NtCreateKeyedEvent

NtCreateLowBoxToken

NtCreateMailslotFile

NtCreateMutant

NtCreateNamedPipeFile

NtCreatePagingFile

NtCreatePartition

NtCreatePort

NtCreatePrivateNamespace

NtCreateProcess

NtCreateProcessEx

NtCreateProfile

NtCreateProfileEx

NtCreateRegistryTransaction

NtCreateResourceManager

NtCreateSection

NtCreateSectionEx

NtCreateSemaphore

NtCreateSymbolicLinkObject

NtCreateThread

NtCreateThreadEx

NtCreateTimer

NtCreateTimer2

NtCreateToken

NtCreateTokenEx

NtCreateTransaction

NtCreateTransactionManager

NtCreateUserProcess

NtCreateWaitCompletionPacket

NtCreateWaitablePort

NtCreateWinStation

NtCreateWnfStateName

NtCreateWorkerFactory

NtDebugActiveProcess

NtDebugContinue

NtDelayExecution

NtDeleteAtom

NtDeleteBootEntry

NtDeleteDriverEntry

NtDeleteFile

NtDeleteKey

NtDeleteObjectAuditAlarm

NtDeletePrivateNamespace

NtDeleteValueKey

NtDeleteWnfStateData

NtDeleteWnfStateName

NtDeviceIoControlFile

NtDisableLastKnownGood

NtDisplayString

NtDrawText

NtDuplicateObject

NtDuplicateToken

NtEnableLastKnownGood

NtEnumerateBootEntries

NtEnumerateDriverEntries

NtEnumerateKey

NtEnumerateSystemEnvironmentValuesEx

NtEnumerateTransactionObject

NtEnumerateValueKey

NtExtendSection

NtFilterBootOption

NtFilterToken

NtFilterTokenEx

NtFindAtom

NtFlushBuffersFile

NtFlushBuffersFileEx

NtFlushInstallUILanguage

NtFlushInstructionCache

NtFlushKey

NtFlushProcessWriteBuffers

NtFlushVirtualMemory

NtFlushWriteBuffer

NtFreeUserPhysicalPages

NtFreeVirtualMemory

NtFreezeRegistry

NtFreezeTransactions

NtFsControlFile

NtGetCachedSigningLevel

NtGetCompleteWnfStateSubscription

NtGetContextThread

NtGetCurrentProcessorNumber

NtGetCurrentProcessorNumberEx

NtGetDevicePowerState

NtGetMUIRegistryInfo

NtGetNextProcess

NtGetNextThread

NtGetNlsSectionPtr

NtGetNotificationResourceManager

NtGetPlugPlayEvent

NtGetTickCount

NtGetWriteWatch

NtImpersonateAnonymousToken

NtImpersonateClientOfPort

NtImpersonateThread

NtInitializeEnclave

NtInitializeNlsFiles

NtInitializeRegistry

NtInitiatePowerAction

NtIsProcessInJob

NtIsSystemResumeAutomatic

NtIsUILanguageComitted

NtListTransactions

NtListenChannel

NtListenPort

NtLoadDriver

NtLoadEnclaveData

NtLoadHotPatch

NtLoadKey

NtLoadKey2

NtLoadKeyEx

NtLockFile

NtLockProductActivationKeys

NtLockRegistryKey

NtLockVirtualMemory

NtMakePermanentObject

NtMakeTemporaryObject

NtManageHotPatch

NtManagePartition

NtMapCMFModule

NtMapUserPhysicalPages

NtMapUserPhysicalPagesScatter

NtMapViewOfSection

NtMapViewOfSectionEx

NtMarshallTransaction

NtModifyBootEntry

NtModifyDriverEntry

NtNotifyChangeDirectoryFile

NtNotifyChangeDirectoryFileEx

NtNotifyChangeKey

NtNotifyChangeMultipleKeys

NtNotifyChangeSession

NtOpenChannel

NtOpenDirectoryObject

NtOpenEnlistment

NtOpenEvent

NtOpenEventPair

NtOpenFile

NtOpenIoCompletion

NtOpenJobObject

NtOpenKey

NtOpenKeyEx

NtOpenKeyTransacted

NtOpenKeyTransactedEx

NtOpenKeyedEvent

NtOpenMutant

NtOpenObjectAuditAlarm

NtOpenPartition

NtOpenPrivateNamespace

NtOpenProcess

NtOpenProcessToken

NtOpenProcessTokenEx

NtOpenRegistryTransaction

NtOpenResourceManager

NtOpenSection

NtOpenSemaphore

NtOpenSession

NtOpenSymbolicLinkObject

NtOpenThread

NtOpenThreadToken

NtOpenThreadTokenEx

NtOpenTimer

NtOpenTransaction

NtOpenTransactionManager

NtOpenWinStation

NtPlugPlayControl

NtPowerInformation

NtPrePrepareComplete

NtPrePrepareEnlistment

NtPrepareComplete

NtPrepareEnlistment

NtPrivilegeCheck

NtPrivilegeObjectAuditAlarm

NtPrivilegedServiceAuditAlarm

NtPropagationComplete

NtPropagationFailed

NtProtectVirtualMemory

NtPullTransaction

NtPulseEvent

NtQueryAttributesFile

NtQueryAuxiliaryCounterFrequency

NtQueryBootEntryOrder

NtQueryBootOptions

NtQueryDebugFilterState

NtQueryDefaultLocale

NtQueryDefaultUILanguage

NtQueryDirectoryFile

NtQueryDirectoryFileEx

NtQueryDirectoryObject

NtQueryDriverEntryOrder

NtQueryEaFile

NtQueryEvent

NtQueryFullAttributesFile

NtQueryInformationAtom

NtQueryInformationByName

NtQueryInformationEnlistment

NtQueryInformationFile

NtQueryInformationJobObject

NtQueryInformationPort

NtQueryInformationProcess

NtQueryInformationResourceManager

NtQueryInformationThread

NtQueryInformationToken

NtQueryInformationTransaction

NtQueryInformationTransactionManager

NtQueryInformationWorkerFactory

NtQueryInstallUILanguage

NtQueryIntervalProfile

NtQueryIoCompletion

NtQueryKey

NtQueryLicenseValue

NtQueryMultipleValueKey

NtQueryMutant

NtQueryObject

NtQueryOleDirectoryFile

NtQueryOpenSubKeys

NtQueryOpenSubKeysEx

NtQueryPerformanceCounter

NtQueryPortInformationProcess