Process Hacker Discussion Forum

 
440bx
Member
Posts: 65
Joined: 02 Jul 2021 23:33

kernel mode only functions

28 Aug 2021 08:45

The following functions and their related data structures defined in ntrtl.h are kernel mode only functions

RtlInitializeUnicodePrefix
RtlInsertUnicodePrefix
RtlRemoveUnicodePrefix
RtlFindUnicodePrefix
RtlNextUnicodePrefix

RtlDecompressBufferEx2
RtlDecompressFragmentEx

RtlDescribeChunk
RtlReserveChunk
RtlDecompressChunks
RtlCompressChunks

ETA:

RtlFindFirstRunClear

but they are not "marked" as being kernel-mode only.
 
User avatar
dmex
Admin
Posts: 1695
Joined: 17 Jan 2011 05:43

Re: kernel mode only functions

29 Aug 2021 16:07

440bx wrote: 28 Aug 2021 08:45
but they are not "marked" as being kernel-mode only.
* The version defines were never really designed for 'marking' functions, they were only for PH so we didn't use something on earlier platforms. If they're the wrong version then I'll fix them but if they're missing then they won't be added because it completely breaks usage of decltype for dynamic imports.
* You should use a single thread for all these comments. I can't keep track of 30 different thread conversations.
 
440bx
Member
Posts: 65
Joined: 02 Jul 2021 23:33

Re: kernel mode only functions

29 Aug 2021 20:34

dmex wrote: 29 Aug 2021 16:07
* You should use a single thread for all these comments. I can't keep track of 30 different thread conversations.
I apologize. I was trying not to create a large number of posts for the same issue for a number of definitions.

I will create separate posts for those from now on.