Geoff Chappell, Software Analyst
The table below lists the four functions that are first exported by the Windows kernel in the version 5.1 from Windows XP SP3. For the two of these functions that are yet documented, their listing here is an artefact of ordering by version numbers: they first appear chronologically as exports from Windows Server 2003 SP1. One other function is not exported by any known build of version 5.2, but is taken up in version 6.0 and higher. It used to be highlighted yellow as this site’s usual indication of undocumented status, but a C-language declaration has since been published by Microsoft, though only in one edition of the Enterprise WDK for Windows 10. The remaining function is not exported by any other known build of any version.
|FsRtlCreateSectionForDataScan||not in 5.2 before Windows Server 2003 SP1;
documentation until 2007 requires Windows Server 2003 SP1, and higher;
declaration requires Windows 2000 and higher, with additional constraints as comment (see below)
|IoEnumerateRegisteredFiltersList||not in 5.2 before Windows Server 2003 SP1;
documentation requires Update Rollup for Windows 2000 SP4, else Windows Server 2003 SP1, and higher;
declaration requires Windows Server 2003 SP1, and higher
|IoInitializeCrashDump||discontinued in 5.2|
|ObIsDosDeviceLocallyMapped||not in 5.2|
The NTIFS.H declaration of FsRtlCreateSectionForDataScan has a comment on the function’s availability:
// * Windows 2000 SP4 plus URP // * Windows XP SP2 plus QFE ? // * Windows Server 2003 SP1
A Knowledge Base article The filter manager rollup package for Windows XP SP2 suggests the function is back-fitted into the later builds of earlier Windows versions to assist anti-virus vendors, who might otherwise use the undocumented MmCreateSection function. Rather than touch on how Microsoft had left programmers to resort to depending on a function that had by then been undocumented for roughly a decade, the Knowledge Base article contents itself with the humour of a tautology: “Microsoft does not support this API because it is undocumented and unsupported”.
Note anyway that Microsoft took its time to get the new function’s availability in Windows 2000 and Windows XP adopted into the formal documentation. It got missed for the WDK version 6000 in time for Windows Vista, which does otherwise know of the Update Rollup. It instead had to wait until some time during 2007. Perhaps Microsoft was still gathering the detail: “Microsoft Windows Server 2003 SP1 and later, the Update Rollup for Windows 2000 Service Pack 4 (SP4), and the Filter Manager Rollup for Windows XP Service Pack 2 (SP2).”
Neither the Update Rollup for Windows 2000 SP4 nor the Filter Manager Rollup for Windows XP SP2 has been found for this study.