k4nfr3 · October 28, 2022 15:15
diff --git a/IORI_Loader 0x99 hash of functions b/IORI_Loader 0x99 hash of functions
 'ntdll.dll' '4097367' '0x3e8557'
 'RegNtCallbackObjectContextCleanup' '1094975913383384674' '0xf3222cab2d35662'
 'RegNtPostCreateKey' '76320549262' '0x11c50f298e'
 'RegNtPostCreateKeyEx' '686884943685' '0x9fed887745'
 'RegNtPostDeleteKey' '76320533467' '0x11c50eebdb'
 'RegNtPostDeleteValueKey' '18545889663766' '0x10de0d2a5b16'
 'RegNtPostEnumerateKey' '2060655325624' '0x1dfc8a0f1b8'
 'RegNtPostEnumerateValueKey' '500739244157917' '0x1c76b70c5ebdd'
 'RegNtPostFlushKey' '25440190120' '0x5ec5a7ea8'
 'RegNtPostKeyHandleClose' '18545901133010' '0x10de0dd95cd2'
 'RegNtPostLoadKey' '8480066248' '0x1f9738ac8'
 'RegNtPostOpenKey' '8480069272' '0x1f9739698'
 'RegNtPostOpenKeyEx' '76320623775' '0x11c5104c9f'
 'RegNtPostQueryKey' '25440217228' '0x5ec5ae88c'
 'RegNtPostQueryKeyName' '2060657598875' '0x1dfc8c3a19b'
 'RegNtPostQueryKeySecurity' '166913265526084' '0x97ce85e66544'
 'RegNtPostQueryMultipleValueKey' '40559923626043609' '0x9019091fd8e8d9'
 'RegNtPostQueryValueKey' '6181972817689' '0x59f5a4b3719'
 'RegNtPostRenameKey' '76320625240' '0x11c5105258'
 'RegNtPostReplaceKey' '228961885564' '0x354f311d7c'
 'RegNtPostRestoreKey' '228961902574' '0x354f315fee'
 'RegNtPostSaveKey' '8480069677' '0x1f973982d'
 'RegNtPostSetInformationKey' '500739659027200' '0x1c76b89805300'
 'RegNtPostSetKeySecurity' '18545913291322' '0x10de0e92e23a'
 'RegNtPostSetValueKey' '686885697883' '0x9fed93f95b'
 'RegNtPostUnLoadKey' '76320642223' '0x11c51094af'
 'RegNtPreCreateKey' '25439856481' '0x5ec556761'
 'RegNtPreCreateKeyEx' '228958708656' '0x354f00a3b0'
 'RegNtPreDeleteKey' '25439840686' '0x5ec5529ae'
 'RegNtPreDeleteValueKey' '6181881317983' '0x59f54d70a5f'
 'RegNtPreEnumerateKey' '686876620537' '0x9fed0976f9'
 'RegNtPreEnumerateValueKey' '166911018821776' '0x97cdfffc6890'
 'RegNtPreFlushKey' '8479959193' '0x1f971e899'
 'RegNtPreKeyHandleClose' '6181892787227' '0x59f55860c1b'
 'RegNtPreLoadKey' '2826655939' '0xa87b58c3'
 'RegNtPreOpenKey' '2826658963' '0xa87b6493'
 'RegNtPreOpenKeyEx' '25439930994' '0x5ec568a72'
 'RegNtPreQueryKey' '8479986301' '0x1f972527d'
 'RegNtPreQueryKeyName' '686878893788' '0x9fed2c26dc'
 'RegNtPreQueryKeySecurity' '55637190414037' '0x329a0af88ed5'
 'RegNtPreQueryMultipleValueKey' '13519837373816188' '0x30083870165d7c'
 'RegNtPreQueryValueKey' '2060636702428' '0x1dfc784c6dc'
 'RegNtPreRenameKey' '25439932459' '0x5ec56902b'
 'RegNtPreReplaceKey' '76319807221' '0x11c503d6f5'
 'RegNtPreRestoreKey' '76319824231' '0x11c5041967'
 'RegNtPreSaveKey' '2826659368' '0xa87b6628'
 'RegNtPreSetInformationKey' '166911433691059' '0x97ce18b6cfb3'
 'RegNtPreSetKeySecurity' '6181904945539' '0x59f563f9183'
 'RegNtPreSetValueKey' '228959462854' '0x354f0c25c6'
 'RegNtPreUnLoadKey' '25439949442' '0x5ec56d282'
 'NtAddBootEntry' '937981318' '0x37e87586'
 'NtAdjustPrivilegesToken' '18471338352953' '0x10ccb18fa139'
 'NtAllocateVirtualMemory' '18479814906352' '0x10ceaacd91f0'
 'NtAllocateVirtualMemoryEx' '166318334157495' '0x9744013a22b7'
 'NtCreateMutant' '939383402' '0x37fdda6a'
 'NtDelayExecution' '8450345072' '0x1f7ae0870'
 'NtDeleteBootEntry' '25351751002' '0x5e715055a'
 'NtGdiBitBlt' '34782326' '0x212bc76'
 'NtLoadDriver' '104516913' '0x63acd31'
 'NtMapViewOfSection' '76162514744' '0x11bba3bf38'
 'NtMapViewOfSectionEx' '685462633023' '0x9f98c1ba3f'
 'NtModifyBootEntry' '25406764987' '0x5ea5c77bb'
 'NtOpenCreateFile' '8472445553' '0x1f8ff4271'
 'NtOpenProcessToken' '76254510023' '0x11c11f7bc7'
 'NtOpenProcessTokenEx' '686290590534' '0x9fca1b5b46'
 'NtOpenThreadToken' '25418225006' '0x5eb0b556e'
 'NtOpenThreadTokenEx' '228764025381' '0x3543660225'
 'NtProtectVirtualMemory' '6180333595348' '0x59ef896aad4'
 'NtQueryInformationTokenTokenUser' '365008029056155218' '0x510c4de580ebe52'
 'NtQuerySystemInformation' '55633637205452' '0x3299372ee5cc'
 'NtQueueApcThread' '8479071580' '0x1f9645d5c'
 'NtQueueApcThreadEx' '76311644547' '0x11c4874983'
 'NtQueueApcThreadEx2' '228934933691' '0x354d95dcbb'
 'NtReadVirtualMemory' '228701921503' '0x353fb260df'
 'NtSetContextThread' '76265759146' '0x11c1cb21aa'
 'NtSetInformationProcess' '18533185988482' '0x10db17f7a782'
 'NtSetInformationProcessCriticalProcess' '265930962163018971706' '0xe6a88911fe8973a3a'
 'NtSetInformationThreadCriticalThread' '29547884685846349660' '0x19a0f2c920413875c'
 'NtSetInformationThreadHideFromDebugger' '265930962172624830072' '0xe6a8891222524fe78'
 'NtSetInformationThreadImpersonationToken' '2393378659554168406220' '0x81becd1a336ec800cc'
 'NtSetInformationThreadWow64Context' '3283098298430471909' '0x2d8fe88200a33ee5'
 'NtSetInformationVirtualMemory' '13510692587801263' '0x2fffe7405d8aaf'
 'NtSystemDebugControl' '687447394776' '0xa00f0ec9d8'
 'NtUnmapViewOfSection' '687067230269' '0x9ff865f03d'
 'NtUnmapViewOfSectionEx' '6183605072748' '0x59fbb95736c'
 'NtUserGetAsyncKeyState' '6184724671250' '0x59ffe512b12'
 'NtUserGetClipboardData' '6184723656316' '0x59ffe41ae7c'
 'NtUserSetWindowsHookEx' '6184906107357' '0x5a00921a9dd'
 'NtWriteVirtualMemory' '687514600120' '0xa0131042b8'
	'ntdll.dll' '4097367' '0x3e8557'
	'RegNtCallbackObjectContextCleanup' '1094975913383384674' '0xf3222cab2d35662'
	'RegNtPostCreateKey' '76320549262' '0x11c50f298e'
	'RegNtPostCreateKeyEx' '686884943685' '0x9fed887745'
	'RegNtPostDeleteKey' '76320533467' '0x11c50eebdb'
	'RegNtPostDeleteValueKey' '18545889663766' '0x10de0d2a5b16'
	'RegNtPostEnumerateKey' '2060655325624' '0x1dfc8a0f1b8'
	'RegNtPostEnumerateValueKey' '500739244157917' '0x1c76b70c5ebdd'
	'RegNtPostFlushKey' '25440190120' '0x5ec5a7ea8'
	'RegNtPostKeyHandleClose' '18545901133010' '0x10de0dd95cd2'
	'RegNtPostLoadKey' '8480066248' '0x1f9738ac8'
	'RegNtPostOpenKey' '8480069272' '0x1f9739698'
	'RegNtPostOpenKeyEx' '76320623775' '0x11c5104c9f'
	'RegNtPostQueryKey' '25440217228' '0x5ec5ae88c'
	'RegNtPostQueryKeyName' '2060657598875' '0x1dfc8c3a19b'
	'RegNtPostQueryKeySecurity' '166913265526084' '0x97ce85e66544'
	'RegNtPostQueryMultipleValueKey' '40559923626043609' '0x9019091fd8e8d9'
	'RegNtPostQueryValueKey' '6181972817689' '0x59f5a4b3719'
	'RegNtPostRenameKey' '76320625240' '0x11c5105258'
	'RegNtPostReplaceKey' '228961885564' '0x354f311d7c'
	'RegNtPostRestoreKey' '228961902574' '0x354f315fee'
	'RegNtPostSaveKey' '8480069677' '0x1f973982d'
	'RegNtPostSetInformationKey' '500739659027200' '0x1c76b89805300'
	'RegNtPostSetKeySecurity' '18545913291322' '0x10de0e92e23a'
	'RegNtPostSetValueKey' '686885697883' '0x9fed93f95b'
	'RegNtPostUnLoadKey' '76320642223' '0x11c51094af'
	'RegNtPreCreateKey' '25439856481' '0x5ec556761'
	'RegNtPreCreateKeyEx' '228958708656' '0x354f00a3b0'
	'RegNtPreDeleteKey' '25439840686' '0x5ec5529ae'
	'RegNtPreDeleteValueKey' '6181881317983' '0x59f54d70a5f'
	'RegNtPreEnumerateKey' '686876620537' '0x9fed0976f9'
	'RegNtPreEnumerateValueKey' '166911018821776' '0x97cdfffc6890'
	'RegNtPreFlushKey' '8479959193' '0x1f971e899'
	'RegNtPreKeyHandleClose' '6181892787227' '0x59f55860c1b'
	'RegNtPreLoadKey' '2826655939' '0xa87b58c3'
	'RegNtPreOpenKey' '2826658963' '0xa87b6493'
	'RegNtPreOpenKeyEx' '25439930994' '0x5ec568a72'
	'RegNtPreQueryKey' '8479986301' '0x1f972527d'
	'RegNtPreQueryKeyName' '686878893788' '0x9fed2c26dc'
	'RegNtPreQueryKeySecurity' '55637190414037' '0x329a0af88ed5'
	'RegNtPreQueryMultipleValueKey' '13519837373816188' '0x30083870165d7c'
	'RegNtPreQueryValueKey' '2060636702428' '0x1dfc784c6dc'
	'RegNtPreRenameKey' '25439932459' '0x5ec56902b'
	'RegNtPreReplaceKey' '76319807221' '0x11c503d6f5'
	'RegNtPreRestoreKey' '76319824231' '0x11c5041967'
	'RegNtPreSaveKey' '2826659368' '0xa87b6628'
	'RegNtPreSetInformationKey' '166911433691059' '0x97ce18b6cfb3'
	'RegNtPreSetKeySecurity' '6181904945539' '0x59f563f9183'
	'RegNtPreSetValueKey' '228959462854' '0x354f0c25c6'
	'RegNtPreUnLoadKey' '25439949442' '0x5ec56d282'
	'NtAddBootEntry' '937981318' '0x37e87586'
	'NtAdjustPrivilegesToken' '18471338352953' '0x10ccb18fa139'
	'NtAllocateVirtualMemory' '18479814906352' '0x10ceaacd91f0'
	'NtAllocateVirtualMemoryEx' '166318334157495' '0x9744013a22b7'
	'NtCreateMutant' '939383402' '0x37fdda6a'
	'NtDelayExecution' '8450345072' '0x1f7ae0870'
	'NtDeleteBootEntry' '25351751002' '0x5e715055a'
	'NtGdiBitBlt' '34782326' '0x212bc76'
	'NtLoadDriver' '104516913' '0x63acd31'
	'NtMapViewOfSection' '76162514744' '0x11bba3bf38'
	'NtMapViewOfSectionEx' '685462633023' '0x9f98c1ba3f'
	'NtModifyBootEntry' '25406764987' '0x5ea5c77bb'
	'NtOpenCreateFile' '8472445553' '0x1f8ff4271'
	'NtOpenProcessToken' '76254510023' '0x11c11f7bc7'
	'NtOpenProcessTokenEx' '686290590534' '0x9fca1b5b46'
	'NtOpenThreadToken' '25418225006' '0x5eb0b556e'
	'NtOpenThreadTokenEx' '228764025381' '0x3543660225'
	'NtProtectVirtualMemory' '6180333595348' '0x59ef896aad4'
	'NtQueryInformationTokenTokenUser' '365008029056155218' '0x510c4de580ebe52'
	'NtQuerySystemInformation' '55633637205452' '0x3299372ee5cc'
	'NtQueueApcThread' '8479071580' '0x1f9645d5c'
	'NtQueueApcThreadEx' '76311644547' '0x11c4874983'
	'NtQueueApcThreadEx2' '228934933691' '0x354d95dcbb'
	'NtReadVirtualMemory' '228701921503' '0x353fb260df'
	'NtSetContextThread' '76265759146' '0x11c1cb21aa'
	'NtSetInformationProcess' '18533185988482' '0x10db17f7a782'
	'NtSetInformationProcessCriticalProcess' '265930962163018971706' '0xe6a88911fe8973a3a'
	'NtSetInformationThreadCriticalThread' '29547884685846349660' '0x19a0f2c920413875c'
	'NtSetInformationThreadHideFromDebugger' '265930962172624830072' '0xe6a8891222524fe78'
	'NtSetInformationThreadImpersonationToken' '2393378659554168406220' '0x81becd1a336ec800cc'
	'NtSetInformationThreadWow64Context' '3283098298430471909' '0x2d8fe88200a33ee5'
	'NtSetInformationVirtualMemory' '13510692587801263' '0x2fffe7405d8aaf'
	'NtSystemDebugControl' '687447394776' '0xa00f0ec9d8'
	'NtUnmapViewOfSection' '687067230269' '0x9ff865f03d'
	'NtUnmapViewOfSectionEx' '6183605072748' '0x59fbb95736c'
	'NtUserGetAsyncKeyState' '6184724671250' '0x59ffe512b12'
	'NtUserGetClipboardData' '6184723656316' '0x59ffe41ae7c'
	'NtUserSetWindowsHookEx' '6184906107357' '0x5a00921a9dd'
	'NtWriteVirtualMemory' '687514600120' '0xa0131042b8'