Legacy XP/2003-era user-mode rootkits (historical)

Attributions are based on open-source threat reports. A family appearing here means at least one syscall record cites it; absence does not imply non-use.

7 syscalls cited

NtCreatePort
Creates a named server-side LPC port object — the legacy pre-ALPC IPC listener primitive.
NtConnectPort
Client-side connect to a legacy LPC server port, the pre-ALPC equivalent of NtAlpcConnectPort.
NtAcceptConnectPort
Server-side acceptance of a legacy LPC connection request, optionally mapping a shared view.
NtRequestPort
Sends a fire-and-forget LPC message on a connected port — no reply expected.
NtRequestWaitReplyPort
Sends a synchronous LPC request and blocks until the server replies — the legacy RPC primitive.
NtReplyPort
Sends a reply on a server-side LPC port to a previously received request, without waiting.
NtReplyWaitReceivePort
Server-side LPC primitive: atomically reply to the previous request and block for the next one.