dgrif · August 29, 2015 14:08
diff --git a/syscall_map.py b/syscall_map.py
 win7_sp1_x64_ntdll_syscalls = {
    0x0: 'NtMapUserPhysicalPagesScatter',
    0x1: 'NtWaitForSingleObject',
    0x2: 'NtCallbackReturn',
    0x3: 'NtReadFile',
    0x4: 'NtDeviceIoControlFile',
    0x5: 'NtWriteFile',
    0x6: 'NtRemoveIoCompletion',
    0x7: 'NtReleaseSemaphore',
    0x8: 'NtReplyWaitReceivePort',
    0x9: 'NtReplyPort',
    0xa: 'NtSetInformationThread',
    0xb: 'NtSetEvent',
    0xc: 'NtClose',
    0xd: 'NtQueryObject',
    0xe: 'NtQueryInformationFile',
    0xf: 'NtOpenKey',
    0x10: 'NtEnumerateValueKey',
    0x11: 'NtFindAtom',
    0x12: 'NtQueryDefaultLocale',
    0x13: 'NtQueryKey',
    0x14: 'NtQueryValueKey',
    0x15: 'NtAllocateVirtualMemory',
    0x16: 'NtQueryInformationProcess',
    0x17: 'NtWaitForMultipleObjects32',
    0x18: 'NtWriteFileGather',
    0x19: 'NtSetInformationProcess',
    0x1a: 'NtCreateKey',
    0x1b: 'NtFreeVirtualMemory',
    0x1c: 'NtImpersonateClientOfPort',
    0x1d: 'NtReleaseMutant',
    0x1e: 'NtQueryInformationToken',
    0x1f: 'NtRequestWaitReplyPort',
    0x20: 'NtQueryVirtualMemory',
    0x21: 'NtOpenThreadToken',
    0x22: 'NtQueryInformationThread',
    0x23: 'NtOpenProcess',
    0x24: 'NtSetInformationFile',
    0x25: 'NtMapViewOfSection',
    0x26: 'NtAccessCheckAndAuditAlarm',
    0x27: 'NtUnmapViewOfSection',
    0x28: 'NtReplyWaitReceivePortEx',
    0x29: 'NtTerminateProcess',
    0x2a: 'NtSetEventBoostPriority',
    0x2b: 'NtReadFileScatter',
    0x2c: 'NtOpenThreadTokenEx',
    0x2d: 'NtOpenProcessTokenEx',
    0x2e: 'NtQueryPerformanceCounter',
    0x2f: 'NtEnumerateKey',
    0x30: 'NtOpenFile',
    0x31: 'NtDelayExecution',
    0x32: 'NtQueryDirectoryFile',
    0x33: 'NtQuerySystemInformation',
    0x34: 'NtOpenSection',
    0x35: 'NtQueryTimer',
    0x36: 'NtFsControlFile',
    0x37: 'NtWriteVirtualMemory',
    0x38: 'NtCloseObjectAuditAlarm',
    0x39: 'NtDuplicateObject',
    0x3a: 'NtQueryAttributesFile',
    0x3b: 'NtClearEvent',
    0x3c: 'NtReadVirtualMemory',
    0x3d: 'NtOpenEvent',
    0x3e: 'NtAdjustPrivilegesToken',
    0x3f: 'NtDuplicateToken',
    0x40: 'NtContinue',
    0x41: 'NtQueryDefaultUILanguage',
    0x42: 'NtQueueApcThread',
    0x43: 'NtYieldExecution',
    0x44: 'NtAddAtom',
    0x45: 'NtCreateEvent',
    0x46: 'NtQueryVolumeInformationFile',
    0x47: 'NtCreateSection',
    0x48: 'NtFlushBuffersFile',
    0x49: 'NtApphelpCacheControl',
    0x4a: 'NtCreateProcessEx',
    0x4b: 'NtCreateThread',
    0x4c: 'NtIsProcessInJob',
    0x4d: 'NtProtectVirtualMemory',
    0x4e: 'NtQuerySection',
    0x4f: 'NtResumeThread',
    0x50: 'NtTerminateThread',
    0x51: 'NtReadRequestData',
    0x52: 'NtCreateFile',
    0x53: 'NtQueryEvent',
    0x54: 'NtWriteRequestData',
    0x55: 'NtOpenDirectoryObject',
    0x56: 'NtAccessCheckByTypeAndAuditAlarm',
    0x57: 'NtQuerySystemTime',
    0x58: 'NtWaitForMultipleObjects',
    0x59: 'NtSetInformationObject',
    0x5a: 'NtCancelIoFile',
    0x5b: 'NtTraceEvent',
    0x5c: 'NtPowerInformation',
    0x5d: 'NtSetValueKey',
    0x5e: 'NtCancelTimer',
    0x5f: 'NtSetTimer',
    0x60: 'NtAcceptConnectPort',
    0x61: 'NtAccessCheck',
    0x62: 'NtAccessCheckByType',
    0x63: 'NtAccessCheckByTypeResultList',
    0x64: 'NtAccessCheckByTypeResultListAndAuditAlarm',
    0x65: 'NtAccessCheckByTypeResultListAndAuditAlarmByHandle',
    0x66: 'NtAddBootEntry',
    0x67: 'NtAddDriverEntry',
    0x68: 'NtAdjustGroupsToken',
    0x69: 'NtAlertResumeThread',
    0x6a: 'NtAlertThread',
    0x6b: 'NtAllocateLocallyUniqueId',
    0x6c: 'NtAllocateReserveObject',
    0x6d: 'NtAllocateUserPhysicalPages',
    0x6e: 'NtAllocateUuids',
    0x6f: 'NtAlpcAcceptConnectPort',
    0x70: 'NtAlpcCancelMessage',
    0x71: 'NtAlpcConnectPort',
    0x72: 'NtAlpcCreatePort',
    0x73: 'NtAlpcCreatePortSection',
    0x74: 'NtAlpcCreateResourceReserve',
    0x75: 'NtAlpcCreateSectionView',
    0x76: 'NtAlpcCreateSecurityContext',
    0x77: 'NtAlpcDeletePortSection',
    0x78: 'NtAlpcDeleteResourceReserve',
    0x79: 'NtAlpcDeleteSectionView',
    0x7a: 'NtAlpcDeleteSecurityContext',
    0x7b: 'NtAlpcDisconnectPort',
    0x7c: 'NtAlpcImpersonateClientOfPort',
    0x7d: 'NtAlpcOpenSenderProcess',
    0x7e: 'NtAlpcOpenSenderThread',
    0x7f: 'NtAlpcQueryInformation',
    0x80: 'NtAlpcQueryInformationMessage',
    0x81: 'NtAlpcRevokeSecurityContext',
    0x82: 'NtAlpcSendWaitReceivePort',
    0x83: 'NtAlpcSetInformation',
    0x84: 'NtAreMappedFilesTheSame',
    0x85: 'NtAssignProcessToJobObject',
    0x86: 'NtCancelIoFileEx',
    0x87: 'NtCancelSynchronousIoFile',
    0x88: 'NtCommitComplete',
    0x89: 'NtCommitEnlistment',
    0x8a: 'NtCommitTransaction',
    0x8b: 'NtCompactKeys',
    0x8c: 'NtCompareTokens',
    0x8d: 'NtCompleteConnectPort',
    0x8e: 'NtCompressKey',
    0x8f: 'NtConnectPort',
    0x90: 'NtCreateDebugObject',
    0x91: 'NtCreateDirectoryObject',
    0x92: 'NtCreateEnlistment',
    0x93: 'NtCreateEventPair',
    0x94: 'NtCreateIoCompletion',
    0x95: 'NtCreateJobObject',
    0x96: 'NtCreateJobSet',
    0x97: 'NtCreateKeyTransacted',
    0x98: 'NtCreateKeyedEvent',
    0x99: 'NtCreateMailslotFile',
    0x9a: 'NtCreateMutant',
    0x9b: 'NtCreateNamedPipeFile',
    0x9c: 'NtCreatePagingFile',
    0x9d: 'NtCreatePort',
    0x9e: 'NtCreatePrivateNamespace',
    0x9f: 'NtCreateProcess',
    0xa0: 'NtCreateProfile',
    0xa1: 'NtCreateProfileEx',
    0xa2: 'NtCreateResourceManager',
    0xa3: 'NtCreateSemaphore',
    0xa4: 'NtCreateSymbolicLinkObject',
    0xa5: 'NtCreateThreadEx',
    0xa6: 'NtCreateTimer',
    0xa7: 'NtCreateToken',
    0xa8: 'NtCreateTransaction',
    0xa9: 'NtCreateTransactionManager',
    0xaa: 'NtCreateUserProcess',
    0xab: 'NtCreateWaitablePort',
    0xac: 'NtCreateWorkerFactory',
    0xad: 'NtDebugActiveProcess',
    0xae: 'NtDebugContinue',
    0xaf: 'NtDeleteAtom',
    0xb0: 'NtDeleteBootEntry',
    0xb1: 'NtDeleteDriverEntry',
    0xb2: 'NtDeleteFile',
    0xb3: 'NtDeleteKey',
    0xb4: 'NtDeleteObjectAuditAlarm',
    0xb5: 'NtDeletePrivateNamespace',
    0xb6: 'NtDeleteValueKey',
    0xb7: 'NtDisableLastKnownGood',
    0xb8: 'NtDisplayString',
    0xb9: 'NtDrawText',
    0xba: 'NtEnableLastKnownGood',
    0xbb: 'NtEnumerateBootEntries',
    0xbc: 'NtEnumerateDriverEntries',
    0xbd: 'NtEnumerateSystemEnvironmentValuesEx',
    0xbe: 'NtEnumerateTransactionObject',
    0xbf: 'NtExtendSection',
    0xc0: 'NtFilterToken',
    0xc1: 'NtFlushInstallUILanguage',
    0xc2: 'NtFlushInstructionCache',
    0xc3: 'NtFlushKey',
    0xc4: 'NtFlushProcessWriteBuffers',
    0xc5: 'NtFlushVirtualMemory',
    0xc6: 'NtFlushWriteBuffer',
    0xc7: 'NtFreeUserPhysicalPages',
    0xc8: 'NtFreezeRegistry',
    0xc9: 'NtFreezeTransactions',
    0xca: 'NtGetContextThread',
    0xcb: 'NtGetCurrentProcessorNumber',
    0xcc: 'NtGetDevicePowerState',
    0xcd: 'NtGetMUIRegistryInfo',
    0xce: 'NtGetNextProcess',
    0xcf: 'NtGetNextThread',
    0xd0: 'NtGetNlsSectionPtr',
    0xd1: 'NtGetNotificationResourceManager',
    0xd2: 'NtGetPlugPlayEvent',
    0xd3: 'NtGetWriteWatch',
    0xd4: 'NtImpersonateAnonymousToken',
    0xd5: 'NtImpersonateThread',
    0xd6: 'NtInitializeNlsFiles',
    0xd7: 'NtInitializeRegistry',
    0xd8: 'NtInitiatePowerAction',
    0xd9: 'NtIsSystemResumeAutomatic',
    0xda: 'NtIsUILanguageComitted',
    0xdb: 'NtListenPort',
    0xdc: 'NtLoadDriver',
    0xdd: 'NtLoadKey',
    0xde: 'NtLoadKey2',
    0xdf: 'NtLoadKeyEx',
    0xe0: 'NtLockFile',
    0xe1: 'NtLockProductActivationKeys',
    0xe2: 'NtLockRegistryKey',
    0xe3: 'NtLockVirtualMemory',
    0xe4: 'NtMakePermanentObject',
    0xe5: 'NtMakeTemporaryObject',
    0xe6: 'NtMapCMFModule',
    0xe7: 'NtMapUserPhysicalPages',
    0xe8: 'NtModifyBootEntry',
    0xe9: 'NtModifyDriverEntry',
    0xea: 'NtNotifyChangeDirectoryFile',
    0xeb: 'NtNotifyChangeKey',
    0xec: 'NtNotifyChangeMultipleKeys',
    0xed: 'NtNotifyChangeSession',
    0xee: 'NtOpenEnlistment',
    0xef: 'NtOpenEventPair',
    0xf0: 'NtOpenIoCompletion',
    0xf1: 'NtOpenJobObject',
    0xf2: 'NtOpenKeyEx',
    0xf3: 'NtOpenKeyTransacted',
    0xf4: 'NtOpenKeyTransactedEx',
    0xf5: 'NtOpenKeyedEvent',
    0xf6: 'NtOpenMutant',
    0xf7: 'NtOpenObjectAuditAlarm',
    0xf8: 'NtOpenPrivateNamespace',
    0xf9: 'NtOpenProcessToken',
    0xfa: 'NtOpenResourceManager',
    0xfb: 'NtOpenSemaphore',
    0xfc: 'NtOpenSession',
    0xfd: 'NtOpenSymbolicLinkObject',
    0xfe: 'NtOpenThread',
    0xff: 'NtOpenTimer',
    0x100: 'NtOpenTransaction',
    0x101: 'NtOpenTransactionManager',
    0x102: 'NtPlugPlayControl',
    0x103: 'NtPrePrepareComplete',
    0x104: 'NtPrePrepareEnlistment',
    0x105: 'NtPrepareComplete',
    0x106: 'NtPrepareEnlistment',
    0x107: 'NtPrivilegeCheck',
    0x108: 'NtPrivilegeObjectAuditAlarm',
    0x109: 'NtPrivilegedServiceAuditAlarm',
    0x10a: 'NtPropagationComplete',
    0x10b: 'NtPropagationFailed',
    0x10c: 'NtPulseEvent',
    0x10d: 'NtQueryBootEntryOrder',
    0x10e: 'NtQueryBootOptions',
    0x10f: 'NtQueryDebugFilterState',
    0x110: 'NtQueryDirectoryObject',
    0x111: 'NtQueryDriverEntryOrder',
    0x112: 'NtQueryEaFile',
    0x113: 'NtQueryFullAttributesFile',
    0x114: 'NtQueryInformationAtom',
    0x115: 'NtQueryInformationEnlistment',
    0x116: 'NtQueryInformationJobObject',
    0x117: 'NtQueryInformationPort',
    0x118: 'NtQueryInformationResourceManager',
    0x119: 'NtQueryInformationTransaction',
    0x11a: 'NtQueryInformationTransactionManager',
    0x11b: 'NtQueryInformationWorkerFactory',
    0x11c: 'NtQueryInstallUILanguage',
    0x11d: 'NtQueryIntervalProfile',
    0x11e: 'NtQueryIoCompletion',
    0x11f: 'NtQueryLicenseValue',
    0x120: 'NtQueryMultipleValueKey',
    0x121: 'NtQueryMutant',
    0x122: 'NtQueryOpenSubKeys',
    0x123: 'NtQueryOpenSubKeysEx',
    0x124: 'NtQueryPortInformationProcess',
    0x125: 'NtQueryQuotaInformationFile',
    0x126: 'NtQuerySecurityAttributesToken',
    0x127: 'NtQuerySecurityObject',
    0x128: 'NtQuerySemaphore',
    0x129: 'NtQuerySymbolicLinkObject',
    0x12a: 'NtQuerySystemEnvironmentValue',
    0x12b: 'NtQuerySystemEnvironmentValueEx',
    0x12c: 'NtQuerySystemInformationEx',
    0x12d: 'NtQueryTimerResolution',
    0x12e: 'NtQueueApcThreadEx',
    0x12f: 'NtRaiseException',
    0x130: 'NtRaiseHardError',
    0x131: 'NtReadOnlyEnlistment',
    0x132: 'NtRecoverEnlistment',
    0x133: 'NtRecoverResourceManager',
    0x134: 'NtRecoverTransactionManager',
    0x135: 'NtRegisterProtocolAddressInformation',
    0x136: 'NtRegisterThreadTerminatePort',
    0x137: 'NtReleaseKeyedEvent',
    0x138: 'NtReleaseWorkerFactoryWorker',
    0x139: 'NtRemoveIoCompletionEx',
    0x13a: 'NtRemoveProcessDebug',
    0x13b: 'NtRenameKey',
    0x13c: 'NtRenameTransactionManager',
    0x13d: 'NtReplaceKey',
    0x13e: 'NtReplacePartitionUnit',
    0x13f: 'NtReplyWaitReplyPort',
    0x140: 'NtRequestPort',
    0x141: 'NtResetEvent',
    0x142: 'NtResetWriteWatch',
    0x143: 'NtRestoreKey',
    0x144: 'NtResumeProcess',
    0x145: 'NtRollbackComplete',
    0x146: 'NtRollbackEnlistment',
    0x147: 'NtRollbackTransaction',
    0x148: 'NtRollforwardTransactionManager',
    0x149: 'NtSaveKey',
    0x14a: 'NtSaveKeyEx',
    0x14b: 'NtSaveMergedKeys',
    0x14c: 'NtSecureConnectPort',
    0x14d: 'NtSerializeBoot',
    0x14e: 'NtSetBootEntryOrder',
    0x14f: 'NtSetBootOptions',
    0x150: 'NtSetContextThread',
    0x151: 'NtSetDebugFilterState',
    0x152: 'NtSetDefaultHardErrorPort',
    0x153: 'NtSetDefaultLocale',
    0x154: 'NtSetDefaultUILanguage',
    0x155: 'NtSetDriverEntryOrder',
    0x156: 'NtSetEaFile',
    0x157: 'NtSetHighEventPair',
    0x158: 'NtSetHighWaitLowEventPair',
    0x159: 'NtSetInformationDebugObject',
    0x15a: 'NtSetInformationEnlistment',
    0x15b: 'NtSetInformationJobObject',
    0x15c: 'NtSetInformationKey',
    0x15d: 'NtSetInformationResourceManager',
    0x15e: 'NtSetInformationToken',
    0x15f: 'NtSetInformationTransaction',
    0x160: 'NtSetInformationTransactionManager',
    0x161: 'NtSetInformationWorkerFactory',
    0x162: 'NtSetIntervalProfile',
    0x163: 'NtSetIoCompletion',
    0x164: 'NtSetIoCompletionEx',
    0x165: 'NtSetLdtEntries',
    0x166: 'NtSetLowEventPair',
    0x167: 'NtSetLowWaitHighEventPair',
    0x168: 'NtSetQuotaInformationFile',
    0x169: 'NtSetSecurityObject',
    0x16a: 'NtSetSystemEnvironmentValue',
    0x16b: 'NtSetSystemEnvironmentValueEx',
    0x16c: 'NtSetSystemInformation',
    0x16d: 'NtSetSystemPowerState',
    0x16e: 'NtSetSystemTime',
    0x16f: 'NtSetThreadExecutionState',
    0x170: 'NtSetTimerEx',
    0x171: 'NtSetTimerResolution',
    0x172: 'NtSetUuidSeed',
    0x173: 'NtSetVolumeInformationFile',
    0x174: 'NtShutdownSystem',
    0x175: 'NtShutdownWorkerFactory',
    0x176: 'NtSignalAndWaitForSingleObject',
    0x177: 'NtSinglePhaseReject',
    0x178: 'NtStartProfile',
    0x179: 'NtStopProfile',
    0x17a: 'NtSuspendProcess',
    0x17b: 'NtSuspendThread',
    0x17c: 'NtSystemDebugControl',
    0x17d: 'NtTerminateJobObject',
    0x17e: 'NtTestAlert',
    0x17f: 'NtThawRegistry',
    0x180: 'NtThawTransactions',
    0x181: 'NtTraceControl',
    0x182: 'NtTranslateFilePath',
    0x183: 'NtUmsThreadYield',
    0x184: 'NtUnloadDriver',
    0x185: 'NtUnloadKey',
    0x186: 'NtUnloadKey2',
    0x187: 'NtUnloadKeyEx',
    0x188: 'NtUnlockFile',
    0x189: 'NtUnlockVirtualMemory',
    0x18a: 'NtVdmControl',
    0x18b: 'NtWaitForDebugEvent',
    0x18c: 'NtWaitForKeyedEvent',
    0x18d: 'NtWaitForWorkViaWorkerFactory',
    0x18e: 'NtWaitHighEventPair',
    0x18f: 'NtWaitLowEventPair',
    0x190: 'NtWorkerFactoryWorkerReady'
 }
	win7_sp1_x64_ntdll_syscalls = {
	0x0: 'NtMapUserPhysicalPagesScatter',
	0x1: 'NtWaitForSingleObject',
	0x2: 'NtCallbackReturn',
	0x3: 'NtReadFile',
	0x4: 'NtDeviceIoControlFile',
	0x5: 'NtWriteFile',
	0x6: 'NtRemoveIoCompletion',
	0x7: 'NtReleaseSemaphore',
	0x8: 'NtReplyWaitReceivePort',
	0x9: 'NtReplyPort',
	0xa: 'NtSetInformationThread',
	0xb: 'NtSetEvent',
	0xc: 'NtClose',
	0xd: 'NtQueryObject',
	0xe: 'NtQueryInformationFile',
	0xf: 'NtOpenKey',
	0x10: 'NtEnumerateValueKey',
	0x11: 'NtFindAtom',
	0x12: 'NtQueryDefaultLocale',
	0x13: 'NtQueryKey',
	0x14: 'NtQueryValueKey',
	0x15: 'NtAllocateVirtualMemory',
	0x16: 'NtQueryInformationProcess',
	0x17: 'NtWaitForMultipleObjects32',
	0x18: 'NtWriteFileGather',
	0x19: 'NtSetInformationProcess',
	0x1a: 'NtCreateKey',
	0x1b: 'NtFreeVirtualMemory',
	0x1c: 'NtImpersonateClientOfPort',
	0x1d: 'NtReleaseMutant',
	0x1e: 'NtQueryInformationToken',
	0x1f: 'NtRequestWaitReplyPort',
	0x20: 'NtQueryVirtualMemory',
	0x21: 'NtOpenThreadToken',
	0x22: 'NtQueryInformationThread',
	0x23: 'NtOpenProcess',
	0x24: 'NtSetInformationFile',
	0x25: 'NtMapViewOfSection',
	0x26: 'NtAccessCheckAndAuditAlarm',
	0x27: 'NtUnmapViewOfSection',
	0x28: 'NtReplyWaitReceivePortEx',
	0x29: 'NtTerminateProcess',
	0x2a: 'NtSetEventBoostPriority',
	0x2b: 'NtReadFileScatter',
	0x2c: 'NtOpenThreadTokenEx',
	0x2d: 'NtOpenProcessTokenEx',
	0x2e: 'NtQueryPerformanceCounter',
	0x2f: 'NtEnumerateKey',
	0x30: 'NtOpenFile',
	0x31: 'NtDelayExecution',
	0x32: 'NtQueryDirectoryFile',
	0x33: 'NtQuerySystemInformation',
	0x34: 'NtOpenSection',
	0x35: 'NtQueryTimer',
	0x36: 'NtFsControlFile',
	0x37: 'NtWriteVirtualMemory',
	0x38: 'NtCloseObjectAuditAlarm',
	0x39: 'NtDuplicateObject',
	0x3a: 'NtQueryAttributesFile',
	0x3b: 'NtClearEvent',
	0x3c: 'NtReadVirtualMemory',
	0x3d: 'NtOpenEvent',
	0x3e: 'NtAdjustPrivilegesToken',
	0x3f: 'NtDuplicateToken',
	0x40: 'NtContinue',
	0x41: 'NtQueryDefaultUILanguage',
	0x42: 'NtQueueApcThread',
	0x43: 'NtYieldExecution',
	0x44: 'NtAddAtom',
	0x45: 'NtCreateEvent',
	0x46: 'NtQueryVolumeInformationFile',
	0x47: 'NtCreateSection',
	0x48: 'NtFlushBuffersFile',
	0x49: 'NtApphelpCacheControl',
	0x4a: 'NtCreateProcessEx',
	0x4b: 'NtCreateThread',
	0x4c: 'NtIsProcessInJob',
	0x4d: 'NtProtectVirtualMemory',
	0x4e: 'NtQuerySection',
	0x4f: 'NtResumeThread',
	0x50: 'NtTerminateThread',
	0x51: 'NtReadRequestData',
	0x52: 'NtCreateFile',
	0x53: 'NtQueryEvent',
	0x54: 'NtWriteRequestData',
	0x55: 'NtOpenDirectoryObject',
	0x56: 'NtAccessCheckByTypeAndAuditAlarm',
	0x57: 'NtQuerySystemTime',
	0x58: 'NtWaitForMultipleObjects',
	0x59: 'NtSetInformationObject',
	0x5a: 'NtCancelIoFile',
	0x5b: 'NtTraceEvent',
	0x5c: 'NtPowerInformation',
	0x5d: 'NtSetValueKey',
	0x5e: 'NtCancelTimer',
	0x5f: 'NtSetTimer',
	0x60: 'NtAcceptConnectPort',
	0x61: 'NtAccessCheck',
	0x62: 'NtAccessCheckByType',
	0x63: 'NtAccessCheckByTypeResultList',
	0x64: 'NtAccessCheckByTypeResultListAndAuditAlarm',
	0x65: 'NtAccessCheckByTypeResultListAndAuditAlarmByHandle',
	0x66: 'NtAddBootEntry',
	0x67: 'NtAddDriverEntry',
	0x68: 'NtAdjustGroupsToken',
	0x69: 'NtAlertResumeThread',
	0x6a: 'NtAlertThread',
	0x6b: 'NtAllocateLocallyUniqueId',
	0x6c: 'NtAllocateReserveObject',
	0x6d: 'NtAllocateUserPhysicalPages',
	0x6e: 'NtAllocateUuids',
	0x6f: 'NtAlpcAcceptConnectPort',
	0x70: 'NtAlpcCancelMessage',
	0x71: 'NtAlpcConnectPort',
	0x72: 'NtAlpcCreatePort',
	0x73: 'NtAlpcCreatePortSection',
	0x74: 'NtAlpcCreateResourceReserve',
	0x75: 'NtAlpcCreateSectionView',
	0x76: 'NtAlpcCreateSecurityContext',
	0x77: 'NtAlpcDeletePortSection',
	0x78: 'NtAlpcDeleteResourceReserve',
	0x79: 'NtAlpcDeleteSectionView',
	0x7a: 'NtAlpcDeleteSecurityContext',
	0x7b: 'NtAlpcDisconnectPort',
	0x7c: 'NtAlpcImpersonateClientOfPort',
	0x7d: 'NtAlpcOpenSenderProcess',
	0x7e: 'NtAlpcOpenSenderThread',
	0x7f: 'NtAlpcQueryInformation',
	0x80: 'NtAlpcQueryInformationMessage',
	0x81: 'NtAlpcRevokeSecurityContext',
	0x82: 'NtAlpcSendWaitReceivePort',
	0x83: 'NtAlpcSetInformation',
	0x84: 'NtAreMappedFilesTheSame',
	0x85: 'NtAssignProcessToJobObject',
	0x86: 'NtCancelIoFileEx',
	0x87: 'NtCancelSynchronousIoFile',
	0x88: 'NtCommitComplete',
	0x89: 'NtCommitEnlistment',
	0x8a: 'NtCommitTransaction',
	0x8b: 'NtCompactKeys',
	0x8c: 'NtCompareTokens',
	0x8d: 'NtCompleteConnectPort',
	0x8e: 'NtCompressKey',
	0x8f: 'NtConnectPort',
	0x90: 'NtCreateDebugObject',
	0x91: 'NtCreateDirectoryObject',
	0x92: 'NtCreateEnlistment',
	0x93: 'NtCreateEventPair',
	0x94: 'NtCreateIoCompletion',
	0x95: 'NtCreateJobObject',
	0x96: 'NtCreateJobSet',
	0x97: 'NtCreateKeyTransacted',
	0x98: 'NtCreateKeyedEvent',
	0x99: 'NtCreateMailslotFile',
	0x9a: 'NtCreateMutant',
	0x9b: 'NtCreateNamedPipeFile',
	0x9c: 'NtCreatePagingFile',
	0x9d: 'NtCreatePort',
	0x9e: 'NtCreatePrivateNamespace',
	0x9f: 'NtCreateProcess',
	0xa0: 'NtCreateProfile',
	0xa1: 'NtCreateProfileEx',
	0xa2: 'NtCreateResourceManager',
	0xa3: 'NtCreateSemaphore',
	0xa4: 'NtCreateSymbolicLinkObject',
	0xa5: 'NtCreateThreadEx',
	0xa6: 'NtCreateTimer',
	0xa7: 'NtCreateToken',
	0xa8: 'NtCreateTransaction',
	0xa9: 'NtCreateTransactionManager',
	0xaa: 'NtCreateUserProcess',
	0xab: 'NtCreateWaitablePort',
	0xac: 'NtCreateWorkerFactory',
	0xad: 'NtDebugActiveProcess',
	0xae: 'NtDebugContinue',
	0xaf: 'NtDeleteAtom',
	0xb0: 'NtDeleteBootEntry',
	0xb1: 'NtDeleteDriverEntry',
	0xb2: 'NtDeleteFile',
	0xb3: 'NtDeleteKey',
	0xb4: 'NtDeleteObjectAuditAlarm',
	0xb5: 'NtDeletePrivateNamespace',
	0xb6: 'NtDeleteValueKey',
	0xb7: 'NtDisableLastKnownGood',
	0xb8: 'NtDisplayString',
	0xb9: 'NtDrawText',
	0xba: 'NtEnableLastKnownGood',
	0xbb: 'NtEnumerateBootEntries',
	0xbc: 'NtEnumerateDriverEntries',
	0xbd: 'NtEnumerateSystemEnvironmentValuesEx',
	0xbe: 'NtEnumerateTransactionObject',
	0xbf: 'NtExtendSection',
	0xc0: 'NtFilterToken',
	0xc1: 'NtFlushInstallUILanguage',
	0xc2: 'NtFlushInstructionCache',
	0xc3: 'NtFlushKey',
	0xc4: 'NtFlushProcessWriteBuffers',
	0xc5: 'NtFlushVirtualMemory',
	0xc6: 'NtFlushWriteBuffer',
	0xc7: 'NtFreeUserPhysicalPages',
	0xc8: 'NtFreezeRegistry',
	0xc9: 'NtFreezeTransactions',
	0xca: 'NtGetContextThread',
	0xcb: 'NtGetCurrentProcessorNumber',
	0xcc: 'NtGetDevicePowerState',
	0xcd: 'NtGetMUIRegistryInfo',
	0xce: 'NtGetNextProcess',
	0xcf: 'NtGetNextThread',
	0xd0: 'NtGetNlsSectionPtr',
	0xd1: 'NtGetNotificationResourceManager',
	0xd2: 'NtGetPlugPlayEvent',
	0xd3: 'NtGetWriteWatch',
	0xd4: 'NtImpersonateAnonymousToken',
	0xd5: 'NtImpersonateThread',
	0xd6: 'NtInitializeNlsFiles',
	0xd7: 'NtInitializeRegistry',
	0xd8: 'NtInitiatePowerAction',
	0xd9: 'NtIsSystemResumeAutomatic',
	0xda: 'NtIsUILanguageComitted',
	0xdb: 'NtListenPort',
	0xdc: 'NtLoadDriver',
	0xdd: 'NtLoadKey',
	0xde: 'NtLoadKey2',
	0xdf: 'NtLoadKeyEx',
	0xe0: 'NtLockFile',
	0xe1: 'NtLockProductActivationKeys',
	0xe2: 'NtLockRegistryKey',
	0xe3: 'NtLockVirtualMemory',
	0xe4: 'NtMakePermanentObject',
	0xe5: 'NtMakeTemporaryObject',
	0xe6: 'NtMapCMFModule',
	0xe7: 'NtMapUserPhysicalPages',
	0xe8: 'NtModifyBootEntry',
	0xe9: 'NtModifyDriverEntry',
	0xea: 'NtNotifyChangeDirectoryFile',
	0xeb: 'NtNotifyChangeKey',
	0xec: 'NtNotifyChangeMultipleKeys',
	0xed: 'NtNotifyChangeSession',
	0xee: 'NtOpenEnlistment',
	0xef: 'NtOpenEventPair',
	0xf0: 'NtOpenIoCompletion',
	0xf1: 'NtOpenJobObject',
	0xf2: 'NtOpenKeyEx',
	0xf3: 'NtOpenKeyTransacted',
	0xf4: 'NtOpenKeyTransactedEx',
	0xf5: 'NtOpenKeyedEvent',
	0xf6: 'NtOpenMutant',
	0xf7: 'NtOpenObjectAuditAlarm',
	0xf8: 'NtOpenPrivateNamespace',
	0xf9: 'NtOpenProcessToken',
	0xfa: 'NtOpenResourceManager',
	0xfb: 'NtOpenSemaphore',
	0xfc: 'NtOpenSession',
	0xfd: 'NtOpenSymbolicLinkObject',
	0xfe: 'NtOpenThread',
	0xff: 'NtOpenTimer',
	0x100: 'NtOpenTransaction',
	0x101: 'NtOpenTransactionManager',
	0x102: 'NtPlugPlayControl',
	0x103: 'NtPrePrepareComplete',
	0x104: 'NtPrePrepareEnlistment',
	0x105: 'NtPrepareComplete',
	0x106: 'NtPrepareEnlistment',
	0x107: 'NtPrivilegeCheck',
	0x108: 'NtPrivilegeObjectAuditAlarm',
	0x109: 'NtPrivilegedServiceAuditAlarm',
	0x10a: 'NtPropagationComplete',
	0x10b: 'NtPropagationFailed',
	0x10c: 'NtPulseEvent',
	0x10d: 'NtQueryBootEntryOrder',
	0x10e: 'NtQueryBootOptions',
	0x10f: 'NtQueryDebugFilterState',
	0x110: 'NtQueryDirectoryObject',
	0x111: 'NtQueryDriverEntryOrder',
	0x112: 'NtQueryEaFile',
	0x113: 'NtQueryFullAttributesFile',
	0x114: 'NtQueryInformationAtom',
	0x115: 'NtQueryInformationEnlistment',
	0x116: 'NtQueryInformationJobObject',
	0x117: 'NtQueryInformationPort',
	0x118: 'NtQueryInformationResourceManager',
	0x119: 'NtQueryInformationTransaction',
	0x11a: 'NtQueryInformationTransactionManager',
	0x11b: 'NtQueryInformationWorkerFactory',
	0x11c: 'NtQueryInstallUILanguage',
	0x11d: 'NtQueryIntervalProfile',
	0x11e: 'NtQueryIoCompletion',
	0x11f: 'NtQueryLicenseValue',
	0x120: 'NtQueryMultipleValueKey',
	0x121: 'NtQueryMutant',
	0x122: 'NtQueryOpenSubKeys',
	0x123: 'NtQueryOpenSubKeysEx',
	0x124: 'NtQueryPortInformationProcess',
	0x125: 'NtQueryQuotaInformationFile',
	0x126: 'NtQuerySecurityAttributesToken',
	0x127: 'NtQuerySecurityObject',
	0x128: 'NtQuerySemaphore',
	0x129: 'NtQuerySymbolicLinkObject',
	0x12a: 'NtQuerySystemEnvironmentValue',
	0x12b: 'NtQuerySystemEnvironmentValueEx',
	0x12c: 'NtQuerySystemInformationEx',
	0x12d: 'NtQueryTimerResolution',
	0x12e: 'NtQueueApcThreadEx',
	0x12f: 'NtRaiseException',
	0x130: 'NtRaiseHardError',
	0x131: 'NtReadOnlyEnlistment',
	0x132: 'NtRecoverEnlistment',
	0x133: 'NtRecoverResourceManager',
	0x134: 'NtRecoverTransactionManager',
	0x135: 'NtRegisterProtocolAddressInformation',
	0x136: 'NtRegisterThreadTerminatePort',
	0x137: 'NtReleaseKeyedEvent',
	0x138: 'NtReleaseWorkerFactoryWorker',
	0x139: 'NtRemoveIoCompletionEx',
	0x13a: 'NtRemoveProcessDebug',
	0x13b: 'NtRenameKey',
	0x13c: 'NtRenameTransactionManager',
	0x13d: 'NtReplaceKey',
	0x13e: 'NtReplacePartitionUnit',
	0x13f: 'NtReplyWaitReplyPort',
	0x140: 'NtRequestPort',
	0x141: 'NtResetEvent',
	0x142: 'NtResetWriteWatch',
	0x143: 'NtRestoreKey',
	0x144: 'NtResumeProcess',
	0x145: 'NtRollbackComplete',
	0x146: 'NtRollbackEnlistment',
	0x147: 'NtRollbackTransaction',
	0x148: 'NtRollforwardTransactionManager',
	0x149: 'NtSaveKey',
	0x14a: 'NtSaveKeyEx',
	0x14b: 'NtSaveMergedKeys',
	0x14c: 'NtSecureConnectPort',
	0x14d: 'NtSerializeBoot',
	0x14e: 'NtSetBootEntryOrder',
	0x14f: 'NtSetBootOptions',
	0x150: 'NtSetContextThread',
	0x151: 'NtSetDebugFilterState',
	0x152: 'NtSetDefaultHardErrorPort',
	0x153: 'NtSetDefaultLocale',
	0x154: 'NtSetDefaultUILanguage',
	0x155: 'NtSetDriverEntryOrder',
	0x156: 'NtSetEaFile',
	0x157: 'NtSetHighEventPair',
	0x158: 'NtSetHighWaitLowEventPair',
	0x159: 'NtSetInformationDebugObject',
	0x15a: 'NtSetInformationEnlistment',
	0x15b: 'NtSetInformationJobObject',
	0x15c: 'NtSetInformationKey',
	0x15d: 'NtSetInformationResourceManager',
	0x15e: 'NtSetInformationToken',
	0x15f: 'NtSetInformationTransaction',
	0x160: 'NtSetInformationTransactionManager',
	0x161: 'NtSetInformationWorkerFactory',
	0x162: 'NtSetIntervalProfile',
	0x163: 'NtSetIoCompletion',
	0x164: 'NtSetIoCompletionEx',
	0x165: 'NtSetLdtEntries',
	0x166: 'NtSetLowEventPair',
	0x167: 'NtSetLowWaitHighEventPair',
	0x168: 'NtSetQuotaInformationFile',
	0x169: 'NtSetSecurityObject',
	0x16a: 'NtSetSystemEnvironmentValue',
	0x16b: 'NtSetSystemEnvironmentValueEx',
	0x16c: 'NtSetSystemInformation',
	0x16d: 'NtSetSystemPowerState',
	0x16e: 'NtSetSystemTime',
	0x16f: 'NtSetThreadExecutionState',
	0x170: 'NtSetTimerEx',
	0x171: 'NtSetTimerResolution',
	0x172: 'NtSetUuidSeed',
	0x173: 'NtSetVolumeInformationFile',
	0x174: 'NtShutdownSystem',
	0x175: 'NtShutdownWorkerFactory',
	0x176: 'NtSignalAndWaitForSingleObject',
	0x177: 'NtSinglePhaseReject',
	0x178: 'NtStartProfile',
	0x179: 'NtStopProfile',
	0x17a: 'NtSuspendProcess',
	0x17b: 'NtSuspendThread',
	0x17c: 'NtSystemDebugControl',
	0x17d: 'NtTerminateJobObject',
	0x17e: 'NtTestAlert',
	0x17f: 'NtThawRegistry',
	0x180: 'NtThawTransactions',
	0x181: 'NtTraceControl',
	0x182: 'NtTranslateFilePath',
	0x183: 'NtUmsThreadYield',
	0x184: 'NtUnloadDriver',
	0x185: 'NtUnloadKey',
	0x186: 'NtUnloadKey2',
	0x187: 'NtUnloadKeyEx',
	0x188: 'NtUnlockFile',
	0x189: 'NtUnlockVirtualMemory',
	0x18a: 'NtVdmControl',
	0x18b: 'NtWaitForDebugEvent',
	0x18c: 'NtWaitForKeyedEvent',
	0x18d: 'NtWaitForWorkViaWorkerFactory',
	0x18e: 'NtWaitHighEventPair',
	0x18f: 'NtWaitLowEventPair',
	0x190: 'NtWorkerFactoryWorkerReady'
	}