SERVER:
1:NtCreatePort(...)/NtCreateWaitAblePort(...)创建PORT对象.
NTSYSAPI
NTSTATUS
NTAPI
NtCreatePort(
 PHANDLE PortHandle,
 POBJECT_ATTRIBUTES ObjectAttributes,
 ULONG MaxConnectInfoLength,
 ULONG MaxDataLength,
 ULONG Unknown
);

2.NtListenPort(...)等待联接请求.
NTSYSAPI
NTSTATUS
NTAPI
NtListenPort(
 HANDLE PortHandle,
 PLPCMESSAGE pLpcMessage
);

3.NtAcceptConnectPort(...)接收CLEINT联接请求.得到新的PORT HANDLE.
NTSYSAPI
NTSTATUS
NTAPI
NtAcceptConnectPort(
 PHANDLE PortHandle,
 ULONG Unknown, // Pass 0
 PLPCMESSAGE pLpcMessage,
 ULONG Unknown1, // 1
 ULONG Unknown3, // 0
 PLPCSECTIONMAPINFO pSectionMapInfo
);

4.NtCompleteConnectPort(...)完成联接.
NTSYSAPI
NTSTATUS
NTAPI
NtCompleteConnectPort(
 HANDLE PortHandle
);

5.NtReplyPort(...)回复消息.
NTSYSAPI
NTSTATUS
NTAPI
NtReplyPort(
 HANDLE PortHandle,
 PLPCMESSAGE pLpcMessage
);

6.NtReplyWaitReceivePort(...)可以用于等待消息,回复消息并且等待下一个消息.
NTSYSAPI
NTSTATUS
NTAPI
NtReplyWaitReceivePort(
 PHANDLE PortHandle,
 PULONG Unknown ,
 PLPCMESSAGE pLpcMessageOut,
 PLPCMESSAGE pLpcMessageIn
);

8.NtClose(...)结束对话.
NTSYSAPI
NTSTATUS
NTAPI
NtClose(
    IN HANDLE Handle
    );
 

CLIENT:
1.NtConnectPort(...)请求联接PORT.得到PORT句柄.
NTSYSAPI
NTSTATUS
NTAPI
NtConnectPort(
 PHANDLE PortHandle,
 PUNICODE_STRING PortName,
 PULONG Unknown, /* Can not be NULL */
 PLPCSECTIONINFO Unknown1, /* Used in Big LPC */
 PLPCSECTIONMAPINFO Unknown2, /* Used in Big LPC */
 PVOID Unknown3, /* Can be NULL */
 PVOID ConnectInfo,
 PULONG pConnectInfoLength
);

2.NtRequestPort(...)发消息.此CALL调用者得不到SERVER端的确认.
NTSYSAPI
NTSTATUS
NTAPI
NtRequestPort(
 HANDLE PortHandle,
 PLPCMESSAGE pLpcMessage
);

3.NtRequestWaitReplyPort(...)如果需要SERVER返回确认消息或回复.调用此函数.
NTSYSAPI
NTSTATUS
NTAPI
NtRequestWaitReplyPort(
 HANDLE PortHandle,
 PLPCMESSAGE pLpcMessageIn,
 PLPCMESSAGE pLpcMessageOut
);

4.NtClose(...)结束对话.
NTSYSAPI
NTSTATUS
NTAPI
NtClose(
    IN HANDLE Handle
    );
 

尽管我们了解了NT的LPC机制.但是对于各环境子系统和集成子系统的实际通信所发的数据报仍然需要大量的工作去了解其含义.革命尚未成功,同志还需努力...