Created
September 5, 2016 06:48
-
-
Save lomomike/fcdcc58916b480bdd8171b55f0f7dcbe to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0: kd> .for(r $t0=0; @$t0<dwo(nt!KiServiceLimit); r $t0=@$t0+1){.printf "%y\n", nt!KiServiceTable+(dwo(nt!KiServiceTable+@$t0*4)>>4)} | |
| fffff803`16d7afe0 | |
| nt!NtAcceptConnectPort (fffff803`070de438) | |
| nt!NtMapUserPhysicalPagesScatter (fffff803`07278f8c) | |
| nt!NtWaitForSingleObject (fffff803`0704a740) | |
| fffff803`16dd6c40 | |
| nt!NtReadFile (fffff803`0703b930) | |
| nt!NtDeviceIoControlFile (fffff803`070f351c) | |
| nt!NtWriteFile (fffff803`07050b54) | |
| nt!NtRemoveIoCompletion (fffff803`07083aa0) | |
| nt!NtReleaseSemaphore (fffff803`070f9080) | |
| nt!NtReplyWaitReceivePort (fffff803`0708c2ec) | |
| nt!NtReplyPort (fffff803`07107db8) | |
| nt!NtSetInformationThread (fffff803`0703f1d0) | |
| nt!NtSetEvent (fffff803`07084430) | |
| nt!NtClose (fffff803`0703a890) | |
| nt!NtQueryObject (fffff803`070324b4) | |
| nt!NtQueryInformationFile (fffff803`0703c240) | |
| nt!NtOpenKey (fffff803`070fb7f0) | |
| nt!NtEnumerateValueKey (fffff803`07031de8) | |
| nt!NtFindAtom (fffff803`07078a20) | |
| nt!NtQueryDefaultLocale (fffff803`07058804) | |
| nt!NtQueryKey (fffff803`07045b50) | |
| nt!NtQueryValueKey (fffff803`070465d0) | |
| nt!NtAllocateVirtualMemory (fffff803`07273b90) | |
| nt!NtQueryInformationProcess (fffff803`0728bae0) | |
| nt!NtWaitForMultipleObjects32 (fffff803`070f3bd8) | |
| nt!NtWriteFileGather (fffff803`07105d58) | |
| nt!NtSetInformationProcess (fffff803`0728e1d0) | |
| nt!NtCreateKey (fffff803`070f9ccc) | |
| fffff803`16d04c00 | |
| nt!NtImpersonateClientOfPort (fffff803`0726fad0) | |
| nt!NtReleaseMutant (fffff803`07076af4) | |
| nt!NtQueryInformationToken (fffff803`070940e0) | |
| nt!NtRequestWaitReplyPort (fffff803`070fbb24) | |
| nt!NtQueryVirtualMemory (fffff803`0707ade8) | |
| nt!NtOpenThreadToken (fffff803`07034ef4) | |
| nt!NtQueryInformationThread (fffff803`070b1630) | |
| nt!NtOpenProcess (fffff803`07035e58) | |
| nt!NtSetInformationFile (fffff803`06e5887c) | |
| nt!NtMapViewOfSection (fffff803`070f3578) | |
| nt!NtAccessCheckAndAuditAlarm (fffff803`0710af84) | |
| nt!NtUnmapViewOfSection (fffff803`0707bac0) | |
| nt!NtReplyWaitReceivePortEx (fffff803`0708c114) | |
| nt!NtTerminateProcess (fffff803`070ae00c) | |
| nt!NtSetEventBoostPriority (fffff803`072c3c08) | |
| nt!NtReadFileScatter (fffff803`0710f05c) | |
| nt!NtOpenThreadTokenEx (fffff803`07034f10) | |
| nt!NtOpenProcessTokenEx (fffff803`070349a8) | |
| nt!NtQueryPerformanceCounter (fffff803`070f9620) | |
| nt!NtEnumerateKey (fffff803`07035f78) | |
| nt!NtOpenFile (fffff803`070aa9ac) | |
| nt!NtDelayExecution (fffff803`0702c500) | |
| nt!NtQueryDirectoryFile (fffff803`070f51ac) | |
| nt!NtQuerySystemInformation (fffff803`07038724) | |
| nt!NtOpenSection (fffff803`070fb808) | |
| nt!NtQueryTimer (fffff803`072c3aac) | |
| nt!NtFsControlFile (fffff803`070ad950) | |
| nt!NtWriteVirtualMemory (fffff803`07074b28) | |
| nt!NtCloseObjectAuditAlarm (fffff803`070fe7d4) | |
| nt!NtDuplicateObject (fffff803`07072f30) | |
| nt!NtQueryAttributesFile (fffff803`070f85b4) | |
| nt!NtClearEvent (fffff803`070f39c4) | |
| nt!NtReadVirtualMemory (fffff803`07074bdc) | |
| nt!NtOpenEvent (fffff803`070fa9f4) | |
| nt!NtAdjustPrivilegesToken (fffff803`070e05f0) | |
| nt!NtDuplicateToken (fffff803`0729f99c) | |
| fffff803`16dd3920 | |
| nt!NtQueryDefaultUILanguage (fffff803`0715a01c) | |
| nt!NtQueueApcThread (fffff803`07106f80) | |
| fffff803`16cc1ea0 | |
| nt!NtAddAtom (fffff803`072cb6cc) | |
| nt!NtCreateEvent (fffff803`0707ecf0) | |
| nt!NtQueryVolumeInformationFile (fffff803`070b24fc) | |
| nt!NtCreateSection (fffff803`0707cf4c) | |
| nt!NtFlushBuffersFile (fffff803`070b5900) | |
| nt!NtApphelpCacheControl (fffff803`0709a7c0) | |
| nt!NtCreateProcessEx (fffff803`0728b4c0) | |
| nt!NtCreateThread (fffff803`0728b53c) | |
| nt!NtIsProcessInJob (fffff803`07149ff8) | |
| nt!NtProtectVirtualMemory (fffff803`0704d5b4) | |
| nt!NtQuerySection (fffff803`070e3c30) | |
| nt!NtResumeThread (fffff803`070f3ae4) | |
| nt!NtTerminateThread (fffff803`070aecc0) | |
| nt!NtReadRequestData (fffff803`0726fbac) | |
| nt!NtCreateFile (fffff803`070aaa0c) | |
| nt!NtQueryEvent (fffff803`070fab20) | |
| nt!NtWriteRequestData (fffff803`0726fcd0) | |
| nt!NtOpenDirectoryObject (fffff803`070fdc80) | |
| nt!NtAccessCheckByTypeAndAuditAlarm (fffff803`0708fa54) | |
| nt!NtQuerySystemTime (fffff803`072c0c40) | |
| nt!NtWaitForMultipleObjects (fffff803`070f0db0) | |
| nt!NtSetInformationObject (fffff803`070fe440) | |
| nt!NtCancelIoFile (fffff803`070a7b78) | |
| nt!NtTraceEvent (fffff803`06ebb84c) | |
| nt!NtPowerInformation (fffff803`070c5d30) | |
| nt!NtSetValueKey (fffff803`07063680) | |
| fffff803`16d56d2c | |
| fffff803`16d12108 | |
| fffff803`16d355e8 | |
| fffff803`16d7b098 | |
| nt!NtAccessCheckByTypeResultList (fffff803`06e9ee7c) | |
| nt!NtAccessCheckByTypeResultListAndAuditAlarm (fffff803`07163bf0) | |
| nt!NtAccessCheckByTypeResultListAndAuditAlarmByHandle (fffff803`072a4050) | |
| nt!NtAddAtomEx (fffff803`0710302c) | |
| nt!NtAddBootEntry (fffff803`072c74d4) | |
| nt!NtAddDriverEntry (fffff803`072c74f4) | |
| nt!NtAdjustGroupsToken (fffff803`07108dbc) | |
| nt!NtAdjustTokenClaimsAndDeviceGroups (fffff803`07197e4c) | |
| nt!NtAlertResumeThread (fffff803`07292b84) | |
| nt!NtAlertThread (fffff803`0712adf4) | |
| nt!NtAlertThreadByThreadId (fffff803`070fe2cc) | |
| nt!NtAllocateLocallyUniqueId (fffff803`070f9508) | |
| nt!NtAllocateReserveObject (fffff803`0728b990) | |
| nt!NtAllocateUserPhysicalPages (fffff803`07277d44) | |
| nt!NtAllocateUuids (fffff803`07013540) | |
| nt!NtAlpcAcceptConnectPort (fffff803`070e1c40) | |
| nt!NtAlpcCancelMessage (fffff803`07146534) | |
| nt!NtAlpcConnectPort (fffff803`0710a154) | |
| nt!NtAlpcConnectPortEx (fffff803`0710e8c4) | |
| nt!NtAlpcCreatePort (fffff803`070e4c50) | |
| nt!NtAlpcCreatePortSection (fffff803`070e353c) | |
| nt!NtAlpcCreateResourceReserve (fffff803`070e5d54) | |
| nt!NtAlpcCreateSectionView (fffff803`0707175c) | |
| nt!NtAlpcCreateSecurityContext (fffff803`070fd504) | |
| nt!NtAlpcDeletePortSection (fffff803`0706ff14) | |
| nt!NtAlpcDeleteResourceReserve (fffff803`07270b48) | |
| nt!NtAlpcDeleteSectionView (fffff803`071040b4) | |
| nt!NtAlpcDeleteSecurityContext (fffff803`07071604) | |
| nt!NtAlpcDisconnectPort (fffff803`0710bb54) | |
| nt!NtAlpcImpersonateClientOfPort (fffff803`0708b2e8) | |
| nt!NtAlpcOpenSenderProcess (fffff803`0710c560) | |
| nt!NtAlpcOpenSenderThread (fffff803`0710bc18) | |
| nt!NtAlpcQueryInformation (fffff803`07021904) | |
| nt!NtAlpcQueryInformationMessage (fffff803`07023aa4) | |
| nt!NtAlpcRevokeSecurityContext (fffff803`07270d6c) | |
| nt!NtAlpcSendWaitReceivePort (fffff803`070482c0) | |
| nt!NtAlpcSetInformation (fffff803`070b84f0) | |
| nt!NtAreMappedFilesTheSame (fffff803`07145928) | |
| nt!NtAssignProcessToJobObject (fffff803`070692b4) | |
| fffff803`16d2a09c | |
| nt!NtCancelIoFileEx (fffff803`070a7d48) | |
| nt!NtCancelSynchronousIoFile (fffff803`072508e8) | |
| fffff803`16cb8da0 | |
| fffff803`16d29c34 | |
| fffff803`16ca8a24 | |
| fffff803`16ca8a2c | |
| fffff803`16ca8a34 | |
| nt!NtCompactKeys (fffff803`0722dc00) | |
| nt!NtCompareTokens (fffff803`0712bea4) | |
| nt!ArbPreprocessEntry (fffff803`07117b1c) | |
| nt!NtCompressKey (fffff803`0722de18) | |
| nt!NtConnectPort (fffff803`070df048) | |
| nt!NtCreateDebugObject (fffff803`072444d4) | |
| nt!NtCreateDirectoryObject (fffff803`07113014) | |
| nt!NtCreateDirectoryObjectEx (fffff803`0712fb14) | |
| fffff803`16ca8a3c | |
| nt!NtAdjustTokenClaimsAndDeviceGroups (fffff803`07197e4c) | |
| nt!NtCreateIRTimer (fffff803`071944b0) | |
| nt!NtCreateIoCompletion (fffff803`0710880c) | |
| nt!NtCreateJobObject (fffff803`07117890) | |
| nt!ArbAddReserved (fffff803`07197e40) | |
| nt!NtCreateKeyTransacted (fffff803`070f9b70) | |
| nt!NtCreateKeyedEvent (fffff803`0718c308) | |
| nt!NtCreateLowBoxToken (fffff803`07128c78) | |
| nt!NtCreateMailslotFile (fffff803`0711cbb4) | |
| nt!NtCreateMutant (fffff803`070ea3b8) | |
| nt!NtCreateNamedPipeFile (fffff803`070aa6ac) | |
| nt!NtCreatePagingFile (fffff803`07171030) | |
| nt!NtCreatePort (fffff803`071600f4) | |
| nt!NtCreatePrivateNamespace (fffff803`07107fb4) | |
| nt!NtCreateProcess (fffff803`0728b450) | |
| nt!NtCreateProfile (fffff803`072cce3c) | |
| nt!NtCreateProfileEx (fffff803`072ccf10) | |
| fffff803`16ca8a44 | |
| nt!NtCreateSemaphore (fffff803`0707c16c) | |
| nt!NtCreateSymbolicLinkObject (fffff803`07123354) | |
| nt!NtCreateThreadEx (fffff803`07070f3c) | |
| nt!NtCreateTimer (fffff803`0707531c) | |
| nt!NtCreateTimer2 (fffff803`07104a0c) | |
| nt!NtCreateToken (fffff803`072a4b48) | |
| nt!NtCreateTokenEx (fffff803`070e0d74) | |
| fffff803`16ca8a4c | |
| fffff803`16ca8a54 | |
| nt!NtCreateUserProcess (fffff803`07059d10) | |
| nt!NtCreateWaitCompletionPacket (fffff803`070fe848) | |
| nt!NtCreateWaitablePort (fffff803`07160b98) | |
| nt!NtCreateWnfStateName (fffff803`07025490) | |
| nt!NtCreateWorkerFactory (fffff803`070b8b40) | |
| nt!NtDebugActiveProcess (fffff803`0724469c) | |
| nt!NtDebugContinue (fffff803`07244848) | |
| nt!NtDeleteAtom (fffff803`0710e424) | |
| nt!NtDeleteBootEntry (fffff803`072c7514) | |
| nt!NtDeleteDriverEntry (fffff803`072c7734) | |
| nt!NtDeleteFile (fffff803`0716807c) | |
| nt!NtDeleteKey (fffff803`07063e08) | |
| nt!NtDeleteObjectAuditAlarm (fffff803`072a4100) | |
| nt!NtDeletePrivateNamespace (fffff803`0712f8c0) | |
| nt!NtDeleteValueKey (fffff803`07019ad0) | |
| nt!NtDeleteWnfStateData (fffff803`07190d3c) | |
| nt!NtDeleteWnfStateName (fffff803`070240c4) | |
| nt!NtDisableLastKnownGood (fffff803`0716895c) | |
| nt!NtDisplayString (fffff803`072c152c) | |
| nt!NtDrawText (fffff803`06ec21d0) | |
| nt!NtEnableLastKnownGood (fffff803`07167720) | |
| nt!NtEnumerateBootEntries (fffff803`072c7954) | |
| nt!NtEnumerateDriverEntries (fffff803`072c7f78) | |
| nt!NtEnumerateSystemEnvironmentValuesEx (fffff803`072c84c8) | |
| fffff803`16ca8a5c | |
| nt!NtExtendSection (fffff803`07275e78) | |
| nt!NtFilterBootOption (fffff803`072a5e70) | |
| nt!NtFilterToken (fffff803`071188b0) | |
| nt!NtAdjustTokenClaimsAndDeviceGroups (fffff803`07197e4c) | |
| nt!NtFlushBuffersFileEx (fffff803`070b591c) | |
| nt!NtFlushInstallUILanguage (fffff803`07192aa8) | |
| nt!ArbPreprocessEntry (fffff803`07117b1c) | |
| nt!NtFlushKey (fffff803`070197f8) | |
| fffff803`16d53a30 | |
| nt!NtFlushVirtualMemory (fffff803`070f7904) | |
| nt!NtFlushWriteBuffer (fffff803`07279858) | |
| nt!NtFreeUserPhysicalPages (fffff803`072784cc) | |
| nt!NtFreezeRegistry (fffff803`06e46144) | |
| fffff803`16ca8a64 | |
| nt!NtGetCachedSigningLevel (fffff803`0729f2b4) | |
| nt!NtGetCompleteWnfStateSubscription (fffff803`070261f8) | |
| nt!NtGetContextThread (fffff803`071353c8) | |
| nt!NtGetCurrentProcessorNumber (fffff803`071024b0) | |
| nt!NtGetDevicePowerState (fffff803`07285410) | |
| nt!NtGetMUIRegistryInfo (fffff803`07104f7c) | |
| nt!NtGetNextProcess (fffff803`0714e3e0) | |
| nt!NtGetNextThread (fffff803`07295bec) | |
| nt!NtGetNlsSectionPtr (fffff803`07114740) | |
| fffff803`16ca8a6c | |
| fffff803`16d8bb40 | |
| nt!NtImpersonateAnonymousToken (fffff803`070bd5e0) | |
| nt!NtImpersonateThread (fffff803`071048a8) | |
| nt!NtInitializeNlsFiles (fffff803`0705cb40) | |
| nt!NtInitializeRegistry (fffff803`071601a8) | |
| nt!NtInitiatePowerAction (fffff803`0714bb50) | |
| nt!NtIsSystemResumeAutomatic (fffff803`0714fe5c) | |
| nt!NtIsUILanguageComitted (fffff803`0711c0b4) | |
| nt!NtListenPort (fffff803`071934e4) | |
| nt!NtLoadDriver (fffff803`0712fc28) | |
| nt!NtLoadKey (fffff803`070145e8) | |
| nt!NtLoadKey2 (fffff803`07160e3c) | |
| nt!NtLoadKeyEx (fffff803`07016b98) | |
| nt!NtLockFile (fffff803`070aa178) | |
| nt!NtLockProductActivationKeys (fffff803`071821d4) | |
| nt!NtLockRegistryKey (fffff803`07189c18) | |
| fffff803`16d8fe70 | |
| nt!NtMakePermanentObject (fffff803`07164e98) | |
| nt!NtMakeTemporaryObject (fffff803`0715dc48) | |
| nt!NtMapCMFModule (fffff803`07105348) | |
| nt!NtMapUserPhysicalPages (fffff803`07278990) | |
| nt!NtModifyBootEntry (fffff803`072c88b0) | |
| nt!NtModifyDriverEntry (fffff803`072c88cc) | |
| nt!NtNotifyChangeDirectoryFile (fffff803`07109420) | |
| nt!NtNotifyChangeKey (fffff803`070ba4f8) | |
| nt!NtNotifyChangeMultipleKeys (fffff803`070ba560) | |
| nt!NtNotifyChangeSession (fffff803`0715dcdc) | |
| fffff803`16ca8a74 | |
| nt!NtAdjustTokenClaimsAndDeviceGroups (fffff803`07197e4c) | |
| nt!NtOpenIoCompletion (fffff803`072506a8) | |
| nt!NtOpenJobObject (fffff803`07293028) | |
| nt!NtOpenKeyEx (fffff803`07041324) | |
| nt!NtOpenKeyTransacted (fffff803`0722df98) | |
| nt!NtOpenKeyTransactedEx (fffff803`071100cc) | |
| nt!NtOpenKeyedEvent (fffff803`072cd2b8) | |
| nt!NtOpenMutant (fffff803`070f957c) | |
| nt!NtOpenObjectAuditAlarm (fffff803`07118f58) | |
| nt!NtOpenPrivateNamespace (fffff803`07093468) | |
| nt!NtOpenProcessToken (fffff803`070343f4) | |
| fffff803`16ca8a7c | |
| nt!NtOpenSemaphore (fffff803`07118c7c) | |
| nt!NtOpenSession (fffff803`0711c684) | |
| nt!NtOpenSymbolicLinkObject (fffff803`070fb03c) | |
| nt!NtOpenThread (fffff803`07107160) | |
| nt!NtOpenTimer (fffff803`072c3a08) | |
| fffff803`16ca8a84 | |
| fffff803`16ca8a8c | |
| nt!NtPlugPlayControl (fffff803`07098f9c) | |
| fffff803`16ca8a94 | |
| fffff803`16ca8a9c | |
| fffff803`16ca8aa4 | |
| fffff803`16ca8aac | |
| nt!NtPrivilegeCheck (fffff803`070e3eac) | |
| nt!NtPrivilegeObjectAuditAlarm (fffff803`0715bfbc) | |
| nt!NtPrivilegedServiceAuditAlarm (fffff803`07115968) | |
| fffff803`16ca8ab4 | |
| fffff803`16ca8abc | |
| nt!NtPulseEvent (fffff803`070fdb80) | |
| nt!NtQueryBootEntryOrder (fffff803`072c88e8) | |
| nt!NtQueryBootOptions (fffff803`072c8be8) | |
| fffff803`16d59900 | |
| nt!NtQueryDirectoryObject (fffff803`070f5b20) | |
| nt!NtQueryDriverEntryOrder (fffff803`072c8f78) | |
| nt!NtQueryEaFile (fffff803`071042b4) | |
| nt!NtQueryFullAttributesFile (fffff803`070fa7bc) | |
| nt!NtQueryInformationAtom (fffff803`07076268) | |
| fffff803`16ca8ac4 | |
| nt!NtQueryInformationJobObject (fffff803`0711c1bc) | |
| nt!NtQueryInformationPort (fffff803`0726faf0) | |
| fffff803`16ca8acc | |
| fffff803`16ca8ad4 | |
| fffff803`16ca8adc | |
| nt!NtQueryInformationWorkerFactory (fffff803`06ec45a0) | |
| nt!NtQueryInstallUILanguage (fffff803`07118234) | |
| nt!NtQueryIntervalProfile (fffff803`0712f564) | |
| nt!NtQueryIoCompletion (fffff803`07161d5c) | |
| nt!NtQueryLicenseValue (fffff803`070ede98) | |
| nt!NtQueryMultipleValueKey (fffff803`07108918) | |
| nt!NtQueryMutant (fffff803`072cc74c) | |
| nt!NtQueryOpenSubKeys (fffff803`0722e190) | |
| nt!NtQueryOpenSubKeysEx (fffff803`0722e3d8) | |
| nt!NtQueryPortInformationProcess (fffff803`0728e1c8) | |
| nt!NtQueryQuotaInformationFile (fffff803`07251dc4) | |
| nt!NtQuerySecurityAttributesToken (fffff803`070973d8) | |
| nt!NtQuerySecurityObject (fffff803`0705ede4) | |
| nt!NtQuerySemaphore (fffff803`0711ea58) | |
| nt!NtQuerySymbolicLinkObject (fffff803`070f98b8) | |
| nt!NtQuerySystemEnvironmentValue (fffff803`072c93d4) | |
| nt!NtQuerySystemEnvironmentValueEx (fffff803`07160920) | |
| nt!NtQuerySystemInformationEx (fffff803`0710aaac) | |
| nt!NtQueryTimerResolution (fffff803`0711b6e0) | |
| nt!NtQueryWnfStateData (fffff803`070258a4) | |
| nt!NtQueryWnfStateNameInformation (fffff803`07022f64) | |
| nt!NtQueueApcThreadEx (fffff803`07106fa8) | |
| fffff803`16dd3b60 | |
| nt!NtRaiseHardError (fffff803`072cb35c) | |
| fffff803`16ca8ae4 | |
| fffff803`16ca8aec | |
| fffff803`16ca8af4 | |
| fffff803`16ca8afc | |
| fffff803`16ca8c44 | |
| nt!NtRegisterThreadTerminatePort (fffff803`0711de28) | |
| nt!NtReleaseKeyedEvent (fffff803`0711d518) | |
| fffff803`16d28ce0 | |
| nt!NtRemoveIoCompletionEx (fffff803`071113d8) | |
| nt!NtRemoveProcessDebug (fffff803`07244a98) | |
| nt!NtRenameKey (fffff803`0722e874) | |
| fffff803`16ca8c4c | |
| nt!NtReplaceKey (fffff803`0722ee88) | |
| nt!NtReplacePartitionUnit (fffff803`06ec86a0) | |
| nt!NtReplyWaitReplyPort (fffff803`0726fc30) | |
| nt!NtRequestPort (fffff803`07105bb4) | |
| nt!NtResetEvent (fffff803`071086ec) | |
| fffff803`16d8ae80 | |
| nt!NtRestoreKey (fffff803`0722f358) | |
| nt!NtResumeProcess (fffff803`07292c5c) | |
| fffff803`16ca8b04 | |
| fffff803`16ca8b0c | |
| fffff803`16ca8b14 | |
| fffff803`16ca8c54 | |
| nt!NtSaveKey (fffff803`0722f7cc) | |
| nt!NtSaveKeyEx (fffff803`0722fba0) | |
| nt!NtSaveMergedKeys (fffff803`0722ffdc) | |
| nt!NtSecureConnectPort (fffff803`070df090) | |
| nt!NtSerializeBoot (fffff803`07192fd8) | |
| nt!NtSetBootEntryOrder (fffff803`072c97ac) | |
| nt!NtSetBootOptions (fffff803`072c9a3c) | |
| nt!NtSetCachedSigningLevel (fffff803`07167600) | |
| nt!NtSetContextThread (fffff803`07167ca8) | |
| nt!NtSetDebugFilterState (fffff803`07172798) | |
| nt!NtSetDefaultHardErrorPort (fffff803`071933b4) | |
| nt!NtSetDefaultLocale (fffff803`07159df8) | |
| nt!NtSetDefaultUILanguage (fffff803`07159864) | |
| nt!NtSetDriverEntryOrder (fffff803`072c9cd4) | |
| nt!NtSetEaFile (fffff803`07251634) | |
| nt!NtAdjustTokenClaimsAndDeviceGroups (fffff803`07197e4c) | |
| nt!NtAdjustTokenClaimsAndDeviceGroups (fffff803`07197e4c) | |
| fffff803`16d83824 | |
| nt!NtSetInformationDebugObject (fffff803`07244b84) | |
| fffff803`16ca8b1c | |
| nt!NtSetInformationJobObject (fffff803`070b6b8c) | |
| nt!NtSetInformationKey (fffff803`070f8bbc) | |
| fffff803`16ca8b24 | |
| nt!NtSetInformationToken (fffff803`0708ebd4) | |
| fffff803`16ca8b2c | |
| fffff803`16ca8c5c | |
| nt!NtSetInformationVirtualMemory (fffff803`070fbcb4) | |
| fffff803`16d285c0 | |
| nt!NtSetIntervalProfile (fffff803`0712f46c) | |
| nt!NtSetIoCompletion (fffff803`070b8f4c) | |
| nt!NtSetIoCompletionEx (fffff803`072507b8) | |
| nt!CcTestControl (fffff803`06de0550) | |
| nt!NtAdjustTokenClaimsAndDeviceGroups (fffff803`07197e4c) | |
| nt!NtAdjustTokenClaimsAndDeviceGroups (fffff803`07197e4c) | |
| nt!NtSetQuotaInformationFile (fffff803`07252688) | |
| nt!NtSetSecurityObject (fffff803`0705e9dc) | |
| nt!NtSetSystemEnvironmentValue (fffff803`072c9f64) | |
| nt!NtSetSystemEnvironmentValueEx (fffff803`072ca334) | |
| nt!NtSetSystemInformation (fffff803`070b2fd4) | |
| nt!NtSetSystemPowerState (fffff803`06ff9768) | |
| nt!NtSetSystemTime (fffff803`072c0cac) | |
| nt!NtSetThreadExecutionState (fffff803`070c0294) | |
| fffff803`16cb8e54 | |
| fffff803`16d130e8 | |
| nt!NtSetTimerResolution (fffff803`0713c6c0) | |
| nt!NtSetUuidSeed (fffff803`0718d270) | |
| nt!NtSetVolumeInformationFile (fffff803`0712c458) | |
| nt!NtSetWnfProcessNotificationEvent (fffff803`0702181c) | |
| nt!NtShutdownSystem (fffff803`072c16d0) | |
| fffff803`16d8171c | |
| nt!NtSignalAndWaitForSingleObject (fffff803`06e87ad0) | |
| fffff803`16ca8c64 | |
| nt!NtStartProfile (fffff803`072ccf6c) | |
| nt!NtStopProfile (fffff803`072cd1d0) | |
| nt!NtSubscribeWnfStateChange (fffff803`07025d2c) | |
| nt!NtSuspendProcess (fffff803`07292cc4) | |
| nt!NtSuspendThread (fffff803`07135214) | |
| nt!NtSystemDebugControl (fffff803`072ce924) | |
| nt!NtTerminateJobObject (fffff803`070b69dc) | |
| nt!NtTestAlert (fffff803`070756e4) | |
| nt!NtThawRegistry (fffff803`06e46198) | |
| fffff803`16ca8b34 | |
| nt!NtTraceControl (fffff803`07127434) | |
| nt!NtTranslateFilePath (fffff803`072ca5a0) | |
| nt!NtUmsThreadYield (fffff803`0726b888) | |
| nt!NtUnloadDriver (fffff803`0725447c) | |
| nt!NtUnloadKey (fffff803`07168f64) | |
| nt!NtUnloadKey2 (fffff803`0715cf54) | |
| nt!NtUnloadKeyEx (fffff803`07013974) | |
| nt!NtUnlockFile (fffff803`0710ded0) | |
| fffff803`16d30570 | |
| nt!NtUnmapViewOfSectionEx (fffff803`0707ba28) | |
| nt!NtUnsubscribeWnfStateChange (fffff803`07024d14) | |
| nt!NtUpdateWnfStateData (fffff803`070269a4) | |
| nt!NtAdjustTokenClaimsAndDeviceGroups (fffff803`07197e4c) | |
| nt!NtWaitForAlertByThreadId (fffff803`070f94b0) | |
| nt!NtWaitForDebugEvent (fffff803`07244d84) | |
| nt!NtWaitForKeyedEvent (fffff803`0711d6e0) | |
| fffff803`16d3a8c0 | |
| nt!NtAdjustTokenClaimsAndDeviceGroups (fffff803`07197e4c) | |
| nt!NtAdjustTokenClaimsAndDeviceGroups (fffff803`07197e4c) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment