Content changes - NtDoc
Native API online documentation, based on the System Informer
(formerly Process Hacker) phnt
headers
ntfill.h from System Informer is now included in NtDoc, adding documentation for additional kernel functions, types, and constants, such as ExEnumHandleTable, KeInsertQueueApc, MmCopyVirtualMemory, MmMapViewOfSection, ObDuplicateObject, PsSuspendProcess, SeCaptureSecurityDescriptor.
Added integration with the Benowin Blanc project to inspect struct layouts, field offsets, enum values, constants, #define macros, and function declarations with full ABI breakdowns.
Documented most fields in RTL_USER_PROCESS_PARAMETERS (#31).
Documented all fields in KUSER_SHARED_DATA (#25).
Official Windows documentation: NtDoc now includes documentation from the official Windows Driver Kit DDI reference and parts of the Win32 API reference.
Process operations (#16): NtGetNextProcess, NtTerminateProcess, NtSuspendProcess, NtChangeProcessState.
Process information (#11): NtQueryInformationProcess, NtSetInformationProcess, and 100+ PROCESSINFOCLASS values.
Token operations (#8): Various operations on tokens, capabilities, and AppContainer SIDs. 47 pages, including: NtCreateTokenEx, NtOpenThreadTokenEx, NtQueryInformationToken, NtSetInformationToken, NtDuplicateToken.
Handle/object operations (#4): Object attributes and common handle operations. 33 pages, including: NtQueryObject, NtSetInformationObject, NtDuplicateObject, NtWaitForMultipleObjects, NtClose.
Thread operations (#3): Thread-related functions and types. 55 pages, including: NtCreateThreadEx, NtOpenThread, NtSuspendThread, NtResumeThread, NtQueryInformationThread.