Page 1 of 1

kernel mode only functions

Posted: 28 Aug 2021 08:45
by 440bx
The following functions and their related data structures defined in ntrtl.h are kernel mode only functions

RtlInitializeUnicodePrefix
RtlInsertUnicodePrefix
RtlRemoveUnicodePrefix
RtlFindUnicodePrefix
RtlNextUnicodePrefix

RtlDecompressBufferEx2
RtlDecompressFragmentEx

RtlDescribeChunk
RtlReserveChunk
RtlDecompressChunks
RtlCompressChunks

ETA:

RtlFindFirstRunClear

but they are not "marked" as being kernel-mode only.

Re: kernel mode only functions

Posted: 29 Aug 2021 16:07
by dmex
440bx wrote: 28 Aug 2021 08:45
but they are not "marked" as being kernel-mode only.
* The version defines were never really designed for 'marking' functions, they were only for PH so we didn't use something on earlier platforms. If they're the wrong version then I'll fix them but if they're missing then they won't be added because it completely breaks usage of decltype for dynamic imports.
* You should use a single thread for all these comments. I can't keep track of 30 different thread conversations.

Re: kernel mode only functions

Posted: 29 Aug 2021 20:34
by 440bx
dmex wrote: 29 Aug 2021 16:07
* You should use a single thread for all these comments. I can't keep track of 30 different thread conversations.
I apologize. I was trying not to create a large number of posts for the same issue for a number of definitions.

I will create separate posts for those from now on.