[ACCEPTED]-What is the difference between NtCreateProcess and ZwCreateProcess?-native
In user-mode the groups of Nt and Zw APIs 9 are identical. In kernel mode they are different. The 8 Nt API contains the actual implementation. The 7 Zw API uses a system-call mechanism and 6 ensures that it is calling in kernel-mode 5 and that there is no need to check the parameters 4 if they contain user-mode addresses. Otherwise 3 you could use the API from user-mode with 2 kernel parameters which would not be good. So 1 it is just a safety mechanism.
The in my opinion best answer can be found 6 on OSR Online: here.
Alternatively you can read 5 books on the Native API, such as the one 4 from Gary Nebbett called "Windows NT/2000 3 Native API Reference", he devotes some 2 space to this very question, or you can 1 use WinDbg (pronounced as "wind-bag") yourself.
More Related questions
We use cookies to improve the performance of the site. By staying on our site, you agree to the terms of use of cookies.