Undocumented functions of NTDLL

2OO1, 10 December


Gridstore - NonStop Storage

KiUserApcDispatcher
KiUserApcDispatcher

NTSYSAPI 
VOID
NTAPI

KiUserApcDispatcher(


  IN PVOID                Unused1,
  IN PVOID                Unused2,
  IN PVOID                Unused3,
  IN PVOID                ContextStart,
  IN PVOID                ContextBody );



  • Unused1
    •     Unused parameters. Sometimes one of them have ntdll.dll module address.
  • Unused2
    •     See Unused1.
  • Unused3
    •     See Unused1.
  • ContextStart
    •     Begining of ContextStart CONTEXT structure is stored.
  • ContextBody
    •     Four bytes from CONTEXT structure at offset 0x04.


    KiUserApcDispatcher isn't standard ntdll function. It's used by kernel to process APC queue for calling thread. Five paraters I defined only for compatibility with ntdll.lib export (_KiUserApcDispatcher@20). Function first execute code placed after call, and next calls NtContinue with CONTEXT specified at 4 parameter position (Warning: Not pointer to CONTEXT, but CONTEXT body must be stored on stack).


    Documented by:
    Tomasz Nowak



    Requirements:
    Library: ntdll.lib


    See also:
    NtAlertThread
    NtContinue
    NtQueueApcThread
    NtTestAlert