What is the difference between Ntxxx and ZWxxx? [closed]

Question

Closed. This question needs to be more focused. It is not currently accepting answers.

---

Want to improve this question? Update the question so it focuses on one problem only by editing this post.

Closed 9 years ago.

Improve this question

I tried to find the usage of NtqueryDirectoryFile() function.

http://msdn.microsoft.com/en-us/library/windows/hardware/ff556633%28v=vs.85%29.aspx

I refered the above link for this. But, They mentioned about Zwxxx (). I couldn't understand Ntxx and ZWxxx. Can anyone explain about this.

Answer 1

Basically Zw functions are equivalent of Nt functions except they don't do security checks, so are used inside kernel mode only, to avoid the performance penalty.

You can only call Nt functions from user mode, through ntdll.dll. As Michael pointed out Zw functions are just mnemonics to Nt counterparts in user mode.

@Adriano provided a nice link: http://msdn.microsoft.com/en-us/library/windows/hardware/ff565438(v=vs.85).aspx