ZwXxx / NtXxx Routines
The ZwXxx routines provide a set of system entry points that parallel some of the executive's system services. Calling a ZwXxx routine from kernel-mode code results in a call to the corresponding system service. Calling a ZwXxx routine from user mode is not supported; instead, native applications (applications that bypass the Microsoft Win32 subsystem) should call the NtXxx equivalent of the ZwXxx routine.
For a list of NtXxx routines, see NtXxx Routines.
For a call to a ZwXxx routine from a kernel-mode driver, the system does not check the caller's access rights, nor does it set the previous processor mode to UserMode. Before calling a ZwXxx routine, a kernel-mode driver must check all user-supplied parameters for validity.
For more information about the relationship between NtXxx and ZwXxx routines, see Using Nt and Zw Versions of the Native System Services Routines. For a list of the ZwXxx routines in each major functional category, see Summary of Kernel-Mode Support Routines.
The following routines are reserved for system use. Do not use them in your driver.
ZwCancelTimer. Use KeCancelTimer instead.
ZwCreateTimer. Use KeInitializeTimer or KeInitializeTimerEx instead.
ZwOpenTimer.
ZwSetTimer. Use KeSetTimer instead.
NtRenameTransactionManager is obsolete.
Note NtRenameTransactionManager and TmRenameTransactionManager are two versions of the same routine. Kernel-mode drivers should not call NtRenameTransactionManager. They should instead call TmRenameTransactionManager.