Kernel Version 6.2 Ordinal-Only Exports

Windows 8 brought something new to the NT kernel: two new functions are exported only by ordinal. Microsoft’s typical practice is that such functions are not documented. Microsoft has, however, published C-language declarations for both, just the once, plausibly by mistake, in the 1511 edition of the Enterprise WDK for Windows 10.

Ordinal Function
1 PsCaptureUserProcessParameters
2 ZwCreateUserProcess

This page was created on 24th September 2013 and was last modified on 18th October 2018.

Copyright © 2013-2018. Geoff Chappell. All rights reserved. Conditions apply.