Due to my forthcoming move to Switzerland, I haven’t had much time to post anything new here for quite some time. Hopefully, this will change soon after I am set up in my new location. In the meanwhile, I would like to share several tables presenting the differences in the export table symbols and native + graphical System Call Interface, found between a fully patched Windows 7 64-bit platform and the recently released Windows 8 Developer Preview. Since only x64 binaries are currently available to me, the tables are only based on this one architecture; I will soon supplement the set with 32-bit comparisons (as long as there are any changes between those two).

An example table (Windows 7 vs Windows 8 executive services) is presented below:

Added in new ntoskrnl.exe Removed from new ntoskrnl.exe NtAddAtomEx NtAlertThreadByThreadId NtAlpcConnectPortEx NtAssociateWaitCompletionPacket NtCancelWaitCompletionPacket NtCreateDirectoryObjectEx NtCreateLowBoxToken NtCreateTokenEx NtCreateWaitCompletionPacket NtCreateWnfStateName NtDeleteWnfStateData NtDeleteWnfStateName NtFlushBuffersFileEx NtPrefetchVirtualMemory NtQueryWnfStateData NtQueryWnfStateNameInformation NtSetSystemCodeIntegrityRoots NtSubscribeWnfStateChange NtUnmapViewOfSectionEx NtUnsubscribeWnfStateChange NtUpdateWnfStateData NtWaitForAlertByThreadId NtWaitForWnfNotifications NtCreateJobSet NtFlushInstructionCache NtGetPlugPlayEvent

The list of files which have already been processed and uploaded is as follows:

Plus the two system service providers:

Aaaand… that’s about it, have fun! :)