NTForge is an authorized Windows 10/11 vulnerability-research and exploit- reproduction template for coordinated MSRC reporting. These notes describe its declarations and utilities without promising that internal contracts remain stable.
q: accepted by a query operation.s: accepted by a set operation.qs: accepted by both query and set operations.p: process-specific operation or input.EX: normally used with anNt*Exvariant and an explicit input selector.- User mode: the pointer in this project resolves from a user-mode DLL.
- Kernel-mode only: the information class is rejected from user mode even if its
enclosing
Nt*API has a user-mode export. - Native/internal: not a stable public Win32 contract; layouts and availability can change by Windows build.
- MSRC research and reproduction workflow
- Windows 10/11 versioning and build matrix
- Undocumented/internal contract policy
- Native and Win32 function pointers
- System and file information classes
- Custom structure guide
- Windows internals model
- Build and usage guide
- Linked-library reference
- Completeness, guarantees, and limits
- Safe memory utility reference
- Resource, status, string, arithmetic, and resolver utilities
- Cross-platform script reference
Always check NTSTATUS, probe required buffer sizes, and gate version-sensitive
classes by the running Windows build. A declaration being present does not imply the
current caller has the required access token, privilege, or processor mode.