Geoff Chappell, Software Analyst
The table below lists the 36 exports that are new to NTDLL for version 6.3, i.e., for Windows 8.1. In terms just of number, this is by far the smallest addition for any new version, major or minor. Two of the functions are not exported until Windows 8.1 With Update.
Documentation status is conveyed by colour coding. If you browse with scripting enabled, hovering over any text that has a background colour should produce a tooltip that explains the formatting. NTDLL exports that have all along had their own non-trivial documentation as exports from NTDLL are shown with no background colour. So too are the NTDLL implementations of documented functions and variables from the C Run-Time Library. If the whole of the documentation is just that the function is reserved or obsolete, without even giving a prototype, then the function is highlighted red or highlighted pink, respectively. Functions that look to be completely undocumented are highlighted yellow. If a function is documented now but is known not to have been documented immediately, especially in the contemporaneous Software Development Kit (SDK), then it is shaded yellow to retain some of its previous status as undocumented. If the delayed documentation came specifically from the function’s listing among the Settlement Program Interfaces in late 2002, then the shading is less yellow since Microsoft at least acknowledged that the documentation was late. An undocumented function is highlighted orange, as semi-documented, if it is at least declared in one or another header file from an SDK or, exceptionally, a Windows Driver Kit (WDK). NTDLL is low-level enough that some functions are documented in the Windows Driver Kit (WDK), typically as exports from the NT kernel for use by ring 0 software such as device drivers, but sometimes with non-specific talk of being callable from user mode. Such functions are shaded blue if they seem always to have had such documentation, but a brighter blue if the WDK documentation was not immediate. A function is shaded grey if it seems not to be documented but is known to be the entire low-level implementation of some function in a higher-level DLL such as KERNEL32 or ADVAPI32. Identifying these is a work in progress.
|RtlAllocateAndInitializeSidEx||declared in Windows 10 WDK|
|RtlQueryPackageIdentityEx||declared in Windows 10 WDK|
|RtlQueryResourcePolicy||begins in Windows 8.1 With Update|
|RtlStringFromGUIDEx||declared in Windows 10 WDK|
|TpTrimPools||begins in Windows 8.1 With Update|
|ZwCancelTimer2||declared in Windows 10 WDK|
|ZwCreateTimer2||declared in Windows 10 WDK|
|ZwGetCompleteWnfStateSubscription||declared in Windows 10 WDK|
|ZwSetTimer2||declared in Windows 10 WDK|
|ZwSetWnfProcessNotificationEvent||declared in Windows 10 WDK|
Version 6.3 discontinues some exports: