AUTH: whg(无花果)
MAIL: whg0001@163.com
SITE: http://www.cnasm.com
VISTA 内核服务函数列表,数量=0x18E(比NT多150个系统服务函数)
WIN2K3/sp1 内核服务函数列表,数量=0x127(比NT多47个系统服务函数)
winxp/sp2 内核服务函数列表,数量=0x11C(比NT多36个系统服务函数)
winnt/sp4 内核服务函数列表,数量=0x0F8
VISTA 内核服务函数列表,数量=18E
(此表由创建于CNASM内部系统分析工具3.0)
编号 地址 名字(参数个数)
000=806F916A:ZwAcceptConnectPort(06)
001=8050BF4F:ZwAccessCheck(08)
002=806C22BD:ZwAccessCheckAndAuditAlarm(0B)
003=804FC7EF:ZwAccessCheckByType(0B)
004=806FC1EE:ZwAccessCheckByTypeAndAuditAlarm(10)
005=805A755A:ZwAccessCheckByTypeResultList(0B)
006=80754AE5:ZwAccessCheckByTypeResultListAndAuditAlarm(10)
007=80754B2E:ZwAccessCheckByTypeResultListAndAuditAlarmByHandle(11)
008=806EC1EE:ZwAddAtom(03)
009=8076A8AE:ZwAddBootEntry(02)
00A=8076BB52:ZwAddDriverEntry(02)
00B=8065A1D6:ZwAdjustGroupsToken(06)
00C=806CEAE0:ZwAdjustPrivilegesToken(06)
00D=80745CBB:ZwAlertResumeThread(02)
00E=80745C63:ZwAlertThread(01)
00F=80675E5F:ZwAllocateLocallyUniqueId(01)
010=807374F3:ZwAllocateUserPhysicalPages(03)
011=80683D62:ZwAllocateUuids(04)
012=806A1748:ZwAllocateVirtualMemory(06)
013=806BE30D:ZwAlpcAcceptConnectPort(09)
014=80649F47:ZwAlpcCancelMessage(03)
015=806BD3FA:ZwAlpcConnectPort(0B)
016=8067E7B7:ZwAlpcCreatePort(03)
017=80681EB3:ZwAlpcCreatePortSection(06)
018=8066CF5C:ZwAlpcCreateResourceReserve(04)
019=80681C83:ZwAlpcCreateSectionView(03)
01A=806F13E6:ZwAlpcCreateSecurityContext(03)
01B=8068204D:ZwAlpcDeletePortSection(03)
01C=807303B0:ZwAlpcDeleteResourceReserve(03)
01D=80669528:ZwAlpcDeleteSectionView(03)
01E=806FC50C:ZwAlpcDeleteSecurityContext(03)
01F=8066A340:ZwAlpcDisconnectPort(02)
020=806C2115:ZwAlpcImpersonateClientOfPort(03)
021=807319F4:ZwAlpcOpenSenderProcess(06)
022=80731FA5:ZwAlpcOpenSenderThread(06)
023=80680670:ZwAlpcQueryInformation(05)
024=806C1D9E:ZwAlpcQueryInformationMessage(06)
025=807304D0:ZwAlpcRevokeSecurityContext(03)
026=806BD62B:ZwAlpcSendWaitReceivePort(08)
027=80676164:ZwAlpcSetInformation(04)
028=806EB6F1:ZwApphelpCacheControl(02)
029=80639B60:ZwAreMappedFilesTheSame(02)
02A=806864B8:ZwAssignProcessToJobObject(02)
02B=8052EC4C:ZwCallbackReturn(03)
02C=80740445:ZwCancelDeviceWakeupRequest(01)
02D=8065C0D7:ZwCancelIoFile(02)
02E=804FC825:ZwCancelTimer(02)
02F=806FA8C4:ZwClearEvent(01)
030=806B49C8:ZwClose(01)
031=806FC113:ZwCloseObjectAuditAlarm(03)
032=807013EF:ZwCompactKeys(02)
033=806818A6:ZwCompareTokens(03)
034=806F91E7:ZwCompleteConnectPort(01)
035=80701679:ZwCompressKey(01)
036=806F913D:ZwConnectPort(08)
037=80521E28:ZwContinue(02)
038=80713026:ZwCreateDebugObject(04)
039=8063BD44:ZwCreateDirectoryObject(03)
03A=806DFD23:ZwCreateEvent(05)
03B=8076F22D:ZwCreateEventPair(03)
03C=806F07D5:ZwCreateFile(0B)
03D=806EAB47:ZwCreateIoCompletion(04)
03E=80688AE4:ZwCreateJobObject(03)
03F=807479DB:ZwCreateJobSet(03)
040=8067174A:ZwCreateKey(07)
041=806FF0EE:ZwCreateKeyTransacted(08)
042=8066D58B:ZwCreateMailslotFile(08)
043=806EE6C7:ZwCreateMutant(04)
044=806E4562:ZwCreateNamedPipeFile(0E)
045=8062E5B5:ZwCreatePrivateNamespace(04)
046=8061A905:ZwCreatePagingFile(04)
047=8063F197:ZwCreatePort(05)
048=80743BA4:ZwCreateProcess(08)
049=80743BEF:ZwCreateProcessEx(09)
04A=8076F8B7:ZwCreateProfile(09)
04B=806DB493:ZwCreateSection(07)
04C=806EAC4E:ZwCreateSemaphore(05)
04D=80643DFB:ZwCreateSymbolicLinkObject(04)
04E=807439E3:ZwCreateThread(08)
04F=806735C1:ZwCreateTimer(04)
050=8066C6C7:ZwCreateToken(0D)
051=80650684:ZwCreateTransaction(0A)
052=80619645:ZwOpenTransaction(05)
053=807576FA:ZwQueryInformationTransaction(05)
054=80619DFE:ZwQueryInformationTransactionManager(05)
055=8075827C:ZwPrePrepareEnlistment(02)
056=807581BB:ZwPrepareEnlistment(02)
057=8075833D:ZwCommitEnlistment(02)
058=807587D4:ZwReadOnlyEnlistment(02)
059=80758893:ZwRollbackComplete(02)
05A=807583FE:ZwRollbackEnlistment(02)
05B=80654BFE:ZwCommitTransaction(02)
05C=80757C10:ZwRollbackTransaction(02)
05D=80758580:ZwPrePrepareComplete(02)
05E=807584BF:ZwPrepareComplete(02)
05F=80758641:ZwCommitComplete(02)
060=80758715:ZwSinglePhaseReject(02)
061=80757C79:ZwSetInformationTransaction(04)
062=80759183:ZwSetInformationTransactionManager(04)
063=80758CA8:ZwSetInformationResourceManager(04)
064=80618C17:ZwCreateTransactionManager(06)
065=80758E49:ZwOpenTransactionManager(06)
066=807590B8:ZwRollforwardTransactionManager(02)
067=80757DDB:ZwRecoverEnlistment(02)
068=80619C40:ZwRecoverResourceManager(01)
069=806194A6:ZwRecoverTransactionManager(01)
06A=8064CE7F:ZwCreateResourceManager(07)
06B=8061C2C7:ZwOpenResourceManager(05)
06C=80758964:ZwGetNotificationResourceManager(07)
06D=80758A79:ZwQueryInformationResourceManager(05)
06E=80650B7D:ZwCreateEnlistment(08)
06F=8061C46C:ZwOpenEnlistment(05)
070=8075801E:ZwSetInformationEnlistment(04)
071=80757E37:ZwQueryInformationEnlistment(05)
072=807576E2:ZwStartTm(00)
073=8062EC94:ZwCreateWaitablePort(05)
074=80713DEC:ZwDebugActiveProcess(02)
075=80714444:ZwDebugContinue(03)
076=806FBB9F:ZwDelayExecution(02)
077=80682E51:ZwDeleteAtom(01)
078=8076A8DF:ZwDeleteBootEntry(01)
079=8076BB83:ZwDeleteDriverEntry(01)
07A=8063B3D5:ZwDeleteFile(01)
07B=8066FF07:ZwDeleteKey(01)
07C=8073C33B:ZwDeletePrivateNamespace(01)
07D=80754B85:ZwDeleteObjectAuditAlarm(03)
07E=806727F4:ZwDeleteValueKey(02)
07F=806F8B00:ZwDeviceIoControlFile(0A)
080=8061A244:ZwDisplayString(01)
081=806EAA00:ZwDuplicateObject(07)
082=806929B0:ZwDuplicateToken(06)
083=8076AAE0:ZwEnumerateBootEntries(02)
084=8076BD82:ZwEnumerateDriverEntries(02)
085=806C8DEC:ZwEnumerateKey(06)
086=8076A6AF:ZwEnumerateSystemEnvironmentValuesEx(03)
087=805A7AAB:ZwEnumerateTransactionObject(05)
088=806E4F6A:ZwEnumerateValueKey(06)
089=80734D53:ZwExtendSection(02)
08A=806741C5:ZwFilterToken(06)
08B=8067467C:ZwFindAtom(03)
08C=806E1B7F:ZwFlushBuffersFile(02)
08D=806810EC:ZwFlushInstructionCache(03)
08E=80643BE3:ZwFlushKey(01)
08F=804FA390:ZwFlushProcessWriteBuffers(00)
090=806DD24E:ZwFlushVirtualMemory(04)
091=807384F8:ZwFlushWriteBuffer(00)
092=80737C22:ZwFreeUserPhysicalPages(03)
093=8054F833:ZwFreeVirtualMemory(04)
094=8057BFC4:ZwFreezeRegistry(01)
095=805A7CB3:ZwFreezeTransactions(02)
096=80690B5D:ZwFsControlFile(0A)
097=806FD78A:ZwGetContextThread(02)
098=80740477:ZwGetDevicePowerState(02)
099=806600F1:ZwGetNlsSectionPtr(05)
09A=806790CC:ZwGetPlugPlayEvent(04)
09B=80595BA0:ZwGetWriteWatch(07)
09C=8068052D:ZwImpersonateAnonymousToken(01)
09D=806FAC56:ZwImpersonateClientOfPort(02)
09E=8068786C:ZwImpersonateThread(03)
09F=806F19D4:ZwInitializeNlsFiles(03)
0A0=8063B2D1:ZwInitializeRegistry(01)
0A1=80740250:ZwInitiatePowerAction(04)
0A2=806EBA10:ZwIsProcessInJob(02)
0A3=8074045B:ZwIsSystemResumeAutomatic(00)
0A4=8062E024:ZwListenPort(02)
0A5=8062DB81:ZwLoadDriver(01)
0A6=8064FEE1:ZwLoadKey(02)
0A7=806FFCB3:ZwLoadKey2(03)
0A8=8064F4E0:ZwLoadKeyEx(08)
0A9=806DE1AD:ZwLockFile(0A)
0AA=806621E3:ZwLockProductActivationKeys(02)
0AB=8060823D:ZwLockRegistryKey(01)
0AC=804EFE25:ZwLockVirtualMemory(04)
0AD=80644800:ZwMakePermanentObject(01)
0AE=80643B7E:ZwMakeTemporaryObject(01)
0AF=80736A1D:ZwMapUserPhysicalPages(03)
0B0=80736EDF:ZwMapUserPhysicalPagesScatter(03)
0B1=806E284C:ZwMapViewOfSection(0A)
0B2=8076AAAF:ZwModifyBootEntry(01)
0B3=8076BD53:ZwModifyDriverEntry(01)
0B4=80667AF9:ZwNotifyChangeDirectoryFile(09)
0B5=8069280F:ZwNotifyChangeKey(0A)
0B6=80691C84:ZwNotifyChangeMultipleKeys(0C)
0B7=806C231E:ZwOpenDirectoryObject(03)
0B8=806E51E4:ZwOpenEvent(03)
0B9=8076F363:ZwOpenEventPair(03)
0BA=806EFADB:ZwOpenFile(06)
0BB=8071CDC3:ZwOpenIoCompletion(03)
0BC=80747687:ZwOpenJobObject(03)
0BD=806FD826:ZwOpenKey(03)
0BE=806FF4EF:ZwOpenKeyTransacted(04)
0BF=8067F7D4:ZwOpenMutant(03)
0C0=8066118D:ZwOpenPrivateNamespace(04)
0C1=8066D9AB:ZwOpenObjectAuditAlarm(0C)
0C2=806C25EC:ZwOpenProcess(04)
0C3=806F8B33:ZwOpenProcessToken(03)
0C4=806F3C7A:ZwOpenProcessTokenEx(04)
0C5=806F2C6C:ZwOpenSection(03)
0C6=806896D5:ZwOpenSemaphore(03)
0C7=80624549:ZwOpenSession(03)
0C8=806E4648:ZwOpenSymbolicLinkObject(03)
0C9=806E268C:ZwOpenThread(04)
0CA=806C0A2D:ZwOpenThreadToken(04)
0CB=806AF2F0:ZwOpenThreadTokenEx(05)
0CC=8076EFDC:ZwOpenTimer(03)
0CD=8067FFC1:ZwPlugPlayControl(03)
0CE=806DFE47:ZwPowerInformation(05)
0CF=8066F689:ZwPrivilegeCheck(03)
0D0=8062EA76:ZwPrivilegeObjectAuditAlarm(06)
0D1=8066A406:ZwPrivilegedServiceAuditAlarm(05)
0D2=806E2035:ZwProtectVirtualMemory(05)
0D3=8062F68E:ZwPulseEvent(02)
0D4=806F77B5:ZwQueryAttributesFile(02)
0D5=8076AF91:ZwQueryBootEntryOrder(02)
0D6=8076B3ED:ZwQueryBootOptions(02)
0D7=80546C18:ZwQueryDebugFilterState(02)
0D8=806EA3C3:ZwQueryDefaultLocale(02)
0D9=8063C3D0:ZwQueryDefaultUILanguage(01)
0DA=806F1DB9:ZwQueryDirectoryFile(0B)
0DB=80687439:ZwQueryDirectoryObject(07)
0DC=8076B903:ZwQueryDriverEntryOrder(02)
0DD=806154CA:ZwQueryEaFile(09)
0DE=80670195:ZwQueryEvent(05)
0DF=806FBC44:ZwQueryFullAttributesFile(02)
0E0=8065F224:ZwQueryInformationAtom(05)
0E1=806CA188:ZwQueryInformationFile(05)
0E2=80642CFA:ZwQueryInformationJobObject(05)
0E3=8072D839:ZwQueryInformationPort(05)
0E4=806AFB39:ZwQueryInformationProcess(05)
0E5=806CC3FD:ZwQueryInformationThread(05)
0E6=806F4F20:ZwQueryInformationToken(05)
0E7=806EE2ED:ZwQueryInstallUILanguage(01)
0E8=8076FDAB:ZwQueryIntervalProfile(02)
0E9=8071CE9A:ZwQueryIoCompletion(05)
0EA=806CE69C:ZwQueryKey(05)
0EB=8070094D:ZwQueryMultipleValueKey(06)
0EC=8076F6B2:ZwQueryMutant(05)
0ED=806DEF4E:ZwQueryObject(05)
0EE=80700BA9:ZwQueryOpenSubKeys(02)
0EF=80700E2F:ZwQueryOpenSubKeysEx(04)
0F0=806BAD12:ZwQueryPerformanceCounter(02)
0F1=8071E57F:ZwQueryQuotaInformationFile(09)
0F2=8065F631:ZwQuerySection(05)
0F3=806EC0CD:ZwQuerySecurityObject(05)
0F4=80768E0C:ZwQuerySemaphore(05)
0F5=806E75B7:ZwQuerySymbolicLinkObject(03)
0F6=80769AD7:ZwQuerySystemEnvironmentValue(04)
0F7=8076A0E5:ZwQuerySystemEnvironmentValueEx(05)
0F8=806A5A70:ZwQuerySystemInformation(04)
0F9=806BE61E:ZwQuerySystemTime(01)
0FA=8076F0AF:ZwQueryTimer(05)
0FB=8068AE96:ZwQueryTimerResolution(03)
0FC=806EF018:ZwQueryValueKey(06)
0FD=806D1122:ZwQueryVirtualMemory(06)
0FE=806D1E9D:ZwQueryVolumeInformationFile(05)
0FF=80680479:ZwQueueApcThread(05)
100=80521E70:ZwRaiseException(03)
101=8065EB2B:ZwRaiseHardError(06)
102=806B8330:ZwReadFile(09)
103=80666B3B:ZwReadFileScatter(09)
104=806FB0F9:ZwReadRequestData(06)
105=806EAE97:ZwReadVirtualMemory(05)
106=8074537F:ZwRegisterThreadTerminatePort(01)
107=806E26D1:ZwReleaseMutant(02)
108=806FAA76:ZwReleaseSemaphore(03)
109=806C0A4E:ZwRemoveIoCompletion(05)
10A=80713F37:ZwRemoveProcessDebug(02)
10B=8070116F:ZwRenameKey(02)
10C=80700822:ZwReplaceKey(03)
10D=806C0EFA:ZwReplyPort(02)
10E=806B962E:ZwReplyWaitReceivePort(04)
10F=806B94DD:ZwReplyWaitReceivePortEx(05)
110=8072D9FF:ZwReplyWaitReplyPort(02)
111=80740445:ZwRequestDeviceWakeup(01)
112=80664BBB:ZwRequestPort(02)
113=806BFCC1:ZwRequestWaitReplyPort(03)
114=807401F3:ZwRequestWakeupLatency(01)
115=806EE88F:ZwResetEvent(02)
116=8059641F:ZwResetWriteWatch(03)
117=806FF7C7:ZwRestoreKey(03)
118=80745C05:ZwResumeProcess(01)
119=806E21CA:ZwResumeThread(02)
11A=806FF8E7:ZwSaveKey(02)
11B=806FF9EE:ZwSaveKeyEx(03)
11C=806FFB3B:ZwSaveMergedKeys(03)
11D=80758702:ZwClearSavepointTransaction(02)
11E=80740445:ZwClearAllSavepointsTransaction(01)
11F=80758702:ZwRollbackSavepointTransaction(02)
120=80757BF7:ZwSavepointTransaction(03)
121=80758702:ZwSavepointComplete(02)
122=806F8B53:ZwSecureConnectPort(09)
123=8076B1E0:ZwSetBootEntryOrder(02)
124=8076B6E2:ZwSetBootOptions(02)
125=80744D5F:ZwSetContextThread(02)
126=806052B0:ZwSetDebugFilterState(03)
127=80622B53:ZwSetDefaultHardErrorPort(01)
128=8063BF7E:ZwSetDefaultLocale(02)
129=8063CB25:ZwSetDefaultUILanguage(01)
12A=8076C193:ZwSetDriverEntryOrder(02)
12B=8071DFCA:ZwSetEaFile(04)
12C=806BC7D1:ZwSetEvent(02)
12D=80768AD3:ZwSetEventBoostPriority(01)
12E=8076F643:ZwSetHighEventPair(01)
12F=8076F575:ZwSetHighWaitLowEventPair(01)
130=807145A7:ZwSetInformationDebugObject(05)
131=806D7925:ZwSetInformationFile(05)
132=80687E53:ZwSetInformationJobObject(04)
133=807003BF:ZwSetInformationKey(04)
134=806D2379:ZwSetInformationObject(04)
135=806A981A:ZwSetInformationProcess(04)
136=806B774C:ZwSetInformationThread(04)
137=806F95E6:ZwSetInformationToken(04)
138=8076FD86:ZwSetIntervalProfile(02)
139=806D1960:ZwSetIoCompletion(05)
13A=8074733D:ZwSetLdtEntries(06)
13B=8076F5E0:ZwSetLowEventPair(01)
13C=8076F50A:ZwSetLowWaitHighEventPair(01)
13D=8071EBD1:ZwSetQuotaInformationFile(04)
13E=806870F9:ZwSetSecurityObject(03)
13F=80769DE3:ZwSetSystemEnvironmentValue(02)
140=8076A40B:ZwSetSystemEnvironmentValueEx(05)
141=806CF91F:ZwSetSystemInformation(03)
142=80795848:ZwSetSystemPowerState(03)
143=807656F9:ZwSetSystemTime(02)
144=806642FE:ZwSetThreadExecutionState(02)
145=8054C8BB:ZwSetTimer(07)
146=8065D538:ZwSetTimerResolution(03)
147=80625529:ZwSetUuidSeed(01)
148=8068B066:ZwSetValueKey(06)
149=8071EBEB:ZwSetVolumeInformationFile(05)
14A=80765661:ZwShutdownSystem(01)
14B=804F1872:ZwSignalAndWaitForSingleObject(04)
14C=8076FAF6:ZwStartProfile(01)
14D=8076FCC5:ZwStopProfile(01)
14E=80745BA7:ZwSuspendProcess(01)
14F=806FD6A6:ZwSuspendThread(02)
150=8076FE70:ZwSystemDebugControl(06)
151=8065FBA9:ZwTerminateJobObject(02)
152=80690B90:ZwTerminateProcess(02)
153=8068F89A:ZwTerminateThread(02)
154=806E1D94:ZwTestAlert(00)
155=8057C027:ZwThawRegistry(00)
156=805A7D9A:ZwThawTransactions(00)
157=80558C15:ZwTraceEvent(04)
158=806E9AF7:ZwTraceControl(06)
159=8076C39F:ZwTranslateFilePath(04)
15A=8071F695:ZwUnloadDriver(01)
15B=80658B3D:ZwUnloadKey(01)
15C=80658515:ZwUnloadKey2(02)
15D=806FFCF4:ZwUnloadKeyEx(02)
15E=806E4118:ZwUnlockFile(05)
15F=80501C6A:ZwUnlockVirtualMemory(04)
160=806E4702:ZwUnmapViewOfSection(02)
161=8075B92A:ZwVdmControl(02)
162=80714183:ZwWaitForDebugEvent(04)
163=806BA75B:ZwWaitForMultipleObjects(05)
164=806B6BD4:ZwWaitForSingleObject(03)
165=8076F4A1:ZwWaitHighEventPair(01)
166=8076F438:ZwWaitLowEventPair(01)
167=806D349A:ZwWriteFile(09)
168=806664F6:ZwWriteFileGather(09)
169=806EE969:ZwWriteRequestData(06)
16A=806CEFC2:ZwWriteVirtualMemory(05)
16B=804FFB10:ZwYieldExecution(00)
16C=80675BCB:ZwCreateKeyedEvent(04)
16D=80770269:ZwOpenKeyedEvent(03)
16E=806C859E:ZwReleaseKeyedEvent(04)
16F=806C8880:ZwWaitForKeyedEvent(04)
170=80744986:ZwQueryPortInformationProcess(00)
171=806FD817:ZwGetCurrentProcessorNumber(00)
172=8073B9BF:ZwWaitForMultipleObjects32(05)
173=80745EF0:ZwGetNextProcess(05) //想必是个好函数
174=8074615D:ZwGetNextThread(06) //想必是个好函数
175=8071D021:ZwCancelIoFileEx(03)
176=8071D15E:ZwCancelSynchronousIoFile(03)
177=806EB38C:ZwRemoveIoCompletionEx(06)
178=805A8077:ZwRegisterProtocolAddressInformation(05)
179=805A8086:ZwPullTransaction(07)
17A=805A80AF:ZwMarshallTransaction(06)
17B=8057EB07:ZwPropagationComplete(04)
17C=805A809B:ZwPropagationFailed(03)
17D=80675EEB:ZwCreateWorkerFactory(0A)
17E=8054C43C:ZwReleaseWorkerFactoryWorker(01)
17F=8054C0D0:ZwWaitForWorkViaWorkerFactory(02)
180=804F6D60:ZwSetInformationWorkerFactory(04)
181=805AF4ED:ZwQueryInformationWorkerFactory(05)
182=80578126:ZwWorkerFactoryWorkerReady(01)
183=80644918:ZwShutdownWorkerFactory(02)
184=806DC1B9:ZwCreateThreadEx(0B)
185=806E8F2A:ZwCreateUserProcess(0B)
186=806ED0CB:ZwQueryLicenseValue(05)
187=806D8B2C:ZwMapCMFModule(06)
188=80757BF7:ZwListTransactions(03)
189=807712D3:ZwIsUILanguageComitted(00)
18A=807712F3:ZwFlushInstallUILanguage(02)
18B=80770EFF:ZwGetMUIRegistryInfo(03)
18C=8077039E:ZwAcquireCMFViewOwnership(03)
18D=80770567:ZwReleaseCMFViewOwnership
WIN2003 SP1 内核服务函数列表,数量=127(此表由创建于CNASM内部系统分析工具3.0)
000=8058FDCE:ZwAcceptConnectPort
001=80598B7E:ZwAccessCheck
002=805996CE:ZwAccessCheckAndAuditAlarm
003=805AABB7:ZwAccessCheckByType
004=8059B68A:ZwAccessCheckByTypeAndAuditAlarm
005=8065A705:ZwAccessCheckByTypeResultList
006=8065C9B2:ZwAccessCheckByTypeResultListAndAuditAlarm
007=8065C9F5:ZwAccessCheckByTypeResultListAndAuditAlarmByHandle
008=8059FC4F:ZwAddAtom
009=80669A5C:ZwAddBootEntry
00A=80669A5C:ZwAddDriverEntry
00B=8065A1E2:ZwAdjustGroupsToken
00C=80599836:ZwAdjustPrivilegesToken
00D=8065304B:ZwAlertResumeThread
00E=805991EA:ZwAlertThread
00F=8059B6CC:ZwAllocateLocallyUniqueId
010=80649EB9:ZwAllocateUserPhysicalPages
011=805A90DC:ZwAllocateUuids
012=80585188:ZwAllocateVirtualMemory
013=80591AFF:ZwApphelpCacheControl
014=805EB2FB:ZwAreMappedFilesTheSame
015=805ACE6F:ZwAssignProcessToJobObject
016=804EDBCC:ZwCallbackReturn
017=80669A4F:ZwCancelDeviceWakeupRequest
018=805ED49D:ZwCancelIoFile
019=804F9445:ZwCancelTimer
01A=8058E43A:ZwClearEvent
01B=805788AC:ZwClose
01C=80598EEA:ZwCloseObjectAuditAlarm
01D=80628F6F:ZwCompactKeys
01E=8065D8FF:ZwCompareTokens
01F=8058FC82:ZwCompleteConnectPort
020=806291D6:ZwCompressKey
021=8058E55A:ZwConnectPort
022=804ED14B:ZwContinue
023=805B2B1E:ZwCreateDebugObject
024=805ACBAF:ZwCreateDirectoryObject
025=8057A522:ZwCreateEvent
026=8066A009:ZwCreateEventPair
027=8057B0CB:ZwCreateFile
028=805A15AB:ZwCreateIoCompletion
029=805E29EB:ZwCreateJobObject
02A=80653805:ZwCreateJobSet
02B=80594A39:ZwCreateKey
02C=805F425D:ZwCreateMailslotFile
02D=805883A1:ZwCreateMutant
02E=80591416:ZwCreateNamedPipeFile
02F=805CAE1E:ZwCreatePagingFile
030=805A52A4:ZwCreatePort
031=805BF684:ZwCreateProcess
032=80590FE3:ZwCreateProcessEx
033=8066A5B7:ZwCreateProfile
034=80575ECA:ZwCreateSection
035=8059CFA9:ZwCreateSemaphore
036=805AD548:ZwCreateSymbolicLinkObject
037=8058A254:ZwCreateThread
038=805A4688:ZwCreateTimer
039=805A82A4:ZwCreateToken
03A=805BE212:ZwCreateWaitablePort
03B=805B32C1:ZwDebugActiveProcess
03C=805B37DC:ZwDebugContinue
03D=80576C08:ZwDelayExecution
03E=8059CB90:ZwDeleteAtom
03F=80669A4F:ZwDeleteBootEntry
040=80669A4F:ZwDeleteDriverEntry
041=805B9979:ZwDeleteFile
042=805EEA87:ZwDeleteKey
043=8065CA3A:ZwDeleteObjectAuditAlarm
044=805A40D4:ZwDeleteValueKey
045=80588F5E:ZwDeviceIoControlFile
046=805CBF0B:ZwDisplayString
047=8058251E:ZwDuplicateObject
048=8059EC7C:ZwDuplicateToken
049=80669A5C:ZwEnumerateBootEntries
04A=80669A5C:ZwEnumerateDriverEntries
04B=8059C085:ZwEnumerateKey
04C=80669A42:ZwEnumerateSystemEnvironmentValuesEx
04D=8059F849:ZwEnumerateValueKey
04E=805AE037:ZwExtendSection
04F=805E61D5:ZwFilterToken
050=805A001A:ZwFindAtom
051=805940A7:ZwFlushBuffersFile
052=8058C8B5:ZwFlushInstructionCache
053=805E915B:ZwFlushKey
054=805A330D:ZwFlushVirtualMemory
055=8064AB20:ZwFlushWriteBuffer
056=8064A52A:ZwFreeUserPhysicalPages
057=8057D2BF:ZwFreeVirtualMemory
058=80581504:ZwFsControlFile
059=805EA674:ZwGetContextThread
05A=8064FE05:ZwGetDevicePowerState
05B=805EACCB:ZwGetPlugPlayEvent
05C=80546EC4:ZwGetWriteWatch
05D=805F32E2:ZwImpersonateAnonymousToken
05E=80599FDF:ZwImpersonateClientOfPort
05F=8059D9C8:ZwImpersonateThread
060=805B97C8:ZwInitializeRegistry
061=8064FC59:ZwInitiatePowerAction
062=80590C31:ZwIsProcessInJob
063=8064FDF2:ZwIsSystemResumeAutomatic
064=805BE19C:ZwListenPort
065=805BBDFE:ZwLoadDriver
066=805B4D8F:ZwLoadKey
067=8062958C:ZwLoadKey2
068=805B6A6C:ZwLoadKeyEx
069=805A4342:ZwLockFile
06A=805E6EAA:ZwLockProductActivationKeys
06B=805E0064:ZwLockRegistryKey
06C=805E6A65:ZwLockVirtualMemory
06D=805AD8BA:ZwMakePermanentObject
06E=805ADB05:ZwMakeTemporaryObject
06F=80649392:ZwMapUserPhysicalPages
070=80649859:ZwMapUserPhysicalPagesScatter
071=8058B905:ZwMapViewOfSection
072=80669A4F:ZwModifyBootEntry
073=80669A4F:ZwModifyDriverEntry
074=805F159D:ZwNotifyChangeDirectoryFile
075=8059BF1C:ZwNotifyChangeKey
076=8059BD2D:ZwNotifyChangeMultipleKeys
077=80590F66:ZwOpenDirectoryObject
078=8059B615:ZwOpenEvent
079=8066A0F4:ZwOpenEventPair
07A=8057B09D:ZwOpenFile
07B=80636E03:ZwOpenIoCompletion
07C=805B18B0:ZwOpenJobObject
07D=8057AD88:ZwOpenKey
07E=80588508:ZwOpenMutant
07F=805EF885:ZwOpenObjectAuditAlarm
080=80595613:ZwOpenProcess
081=80580110:ZwOpenProcessToken
082=80580816:ZwOpenProcessTokenEx
083=8058C94B:ZwOpenSection
084=805B5152:ZwOpenSemaphore
085=80590A10:ZwOpenSymbolicLinkObject
086=805A4A8C:ZwOpenThread
087=80581976:ZwOpenThreadToken
088=805818E5:ZwOpenThreadTokenEx
089=805ED40F:ZwOpenTimer
08A=805A44A2:ZwPlugPlayControl
08B=805B0364:ZwPowerInformation
08C=805A4C28:ZwPrivilegeCheck
08D=805E68CE:ZwPrivilegeObjectAuditAlarm
08E=805A9BF0:ZwPrivilegedServiceAuditAlarm
08F=80586A67:ZwProtectVirtualMemory
090=805A1752:ZwPulseEvent
091=80587755:ZwQueryAttributesFile
092=80669A5C:ZwQueryBootEntryOrder
093=80669A5C:ZwQueryBootOptions
094=8050AC75:ZwQueryDebugFilterState
095=80581FD5:ZwQueryDefaultLocale
096=80589C53:ZwQueryDefaultUILanguage
097=8058931C:ZwQueryDirectoryFile
098=80597D65:ZwQueryDirectoryObject
099=80669A5C:ZwQueryDriverEntryOrder
09A=80637410:ZwQueryEaFile
09B=805A4D89:ZwQueryEvent
09C=8059D735:ZwQueryFullAttributesFile
09D=805EFFFE:ZwQueryInformationAtom
09E=805872CF:ZwQueryInformationFile
09F=805B15AB:ZwQueryInformationJobObject
0A0=80646A66:ZwQueryInformationPort
0A1=80581DEA:ZwQueryInformationProcess
0A2=80578DC6:ZwQueryInformationThread
0A3=80580718:ZwQueryInformationToken
0A4=8059F58C:ZwQueryInstallUILanguage
0A5=8066AA4E:ZwQueryIntervalProfile
0A6=80636EBC:ZwQueryIoCompletion
0A7=80582C31:ZwQueryKey
0A8=80628765:ZwQueryMultipleValueKey
0A9=8066A412:ZwQueryMutant
0AA=805F3CAD:ZwQueryObject
0AB=80628953:ZwQueryOpenSubKeys
0AC=80628B89:ZwQueryOpenSubKeysEx
0AD=8058159E:ZwQueryPerformanceCounter
0AE=80637C9D:ZwQueryQuotaInformationFile
0AF=8058879A:ZwQuerySection
0B0=8059B7E7:ZwQuerySecurityObject
0B1=80669325:ZwQuerySemaphore
0B2=80590816:ZwQuerySymbolicLinkObject
0B3=80669A76:ZwQuerySystemEnvironmentValue
0B4=80669A35:ZwQuerySystemEnvironmentValueEx
0B5=8057EBE2:ZwQuerySystemInformation
0B6=80599E57:ZwQuerySystemTime
0B7=8058E677:ZwQueryTimer
0B8=805A0436:ZwQueryTimerResolution
0B9=80579D61:ZwQueryValueKey
0BA=80584264:ZwQueryVirtualMemory
0BB=8057B60D:ZwQueryVolumeInformationFile
0BC=8058E78E:ZwQueueApcThread
0BD=804ED198:ZwRaiseException
0BE=80669075:ZwRaiseHardError
0BF=8057F886:ZwReadFile
0C0=805B0B82:ZwReadFileScatter
0C1=8059A59D:ZwReadRequestData
0C2=805881E0:ZwReadVirtualMemory
0C3=8058A402:ZwRegisterThreadTerminatePort
0C4=80576B77:ZwReleaseMutant
0C5=8059AEB5:ZwReleaseSemaphore
0C6=80579945:ZwRemoveIoCompletion
0C7=80670462:ZwRemoveProcessDebug
0C8=80628DEC:ZwRenameKey
0C9=8062948F:ZwReplaceKey
0CA=80582E50:ZwReplyPort
0CB=8057D2A0:ZwReplyWaitReceivePort
0CC=8057CDB0:ZwReplyWaitReceivePortEx
0CD=80646B39:ZwReplyWaitReplyPort
0CE=80669A4F:ZwRequestDeviceWakeup
0CF=8059A5F2:ZwRequestPort
0D0=8058EBC3:ZwRequestWaitReplyPort
0D1=8064FC04:ZwRequestWakeupLatency
0D2=805A6751:ZwResetEvent
0D3=8054743E:ZwResetWriteWatch
0D4=80629286:ZwRestoreKey
0D5=80652FF5:ZwResumeProcess
0D6=805826FA:ZwResumeThread
0D7=80629325:ZwSaveKey
0D8=806293B2:ZwSaveKeyEx
0D9=80627F0D:ZwSaveMergedKeys
0DA=8058F4B2:ZwSecureConnectPort
0DB=80669A5C:ZwSetBootEntryOrder
0DC=80669A5C:ZwSetBootOptions
0DD=805B36F1:ZwSetContextThread
0DE=806704F1:ZwSetDebugFilterState
0DF=805CC1AC:ZwSetDefaultHardErrorPort
0E0=805B948B:ZwSetDefaultLocale
0E1=805B9433:ZwSetDefaultUILanguage
0E2=80669A5C:ZwSetDriverEntryOrder
0E3=8063794E:ZwSetEaFile
0E4=8057CBD7:ZwSetEvent
0E5=80577690:ZwSetEventBoostPriority
0E6=8066A3B0:ZwSetHighEventPair
0E7=8066A2E6:ZwSetHighWaitLowEventPair
0E8=80670255:ZwSetInformationDebugObject
0E9=8057A747:ZwSetInformationFile
0EA=805E2B5F:ZwSetInformationJobObject
0EB=80628400:ZwSetInformationKey
0EC=8059423E:ZwSetInformationObject
0ED=80582221:ZwSetInformationProcess
0EE=80579629:ZwSetInformationThread
0EF=805A8844:ZwSetInformationToken
0F0=8066A5A0:ZwSetIntervalProfile
0F1=8057E39A:ZwSetIoCompletion
0F2=806528DB:ZwSetLdtEntries
0F3=8066A34F:ZwSetLowEventPair
0F4=8066A27D:ZwSetLowWaitHighEventPair
0F5=80637C7E:ZwSetQuotaInformationFile
0F6=805A7626:ZwSetSecurityObject
0F7=80669D39:ZwSetSystemEnvironmentValue
0F8=80669A35:ZwSetSystemEnvironmentValueEx
0F9=80599238:ZwSetSystemInformation
0FA=8067D325:ZwSetSystemPowerState
0FB=8066897B:ZwSetSystemTime
0FC=805ADC19:ZwSetThreadExecutionState
0FD=804F09BF:ZwSetTimer
0FE=805AEB3B:ZwSetTimerResolution
0FF=805BE73C:ZwSetUuidSeed
100=80594859:ZwSetValueKey
101=806381ED:ZwSetVolumeInformationFile
102=8066814B:ZwShutdownSystem
103=80548D9E:ZwSignalAndWaitForSingleObject
104=8066A7EC:ZwStartProfile
105=8066A999:ZwStopProfile
106=80652FA0:ZwSuspendProcess
107=805B2163:ZwSuspendThread
108=8066AAF2:ZwSystemDebugControl
109=80653A9B:ZwTerminateJobObject
10A=80592CBA:ZwTerminateProcess
10B=80578714:ZwTerminateThread
10C=805804F8:ZwTestAlert
10D=80520D5E:ZwTraceEvent
10E=80669A69:ZwTranslateFilePath
10F=8063A3C5:ZwUnloadDriver
110=8062947C:ZwUnloadKey
111=80627FC6:ZwUnloadKey2
112=806281CB:ZwUnloadKeyEx
113=805A420B:ZwUnlockFile
114=805B0977:ZwUnlockVirtualMemory
115=8058BE79:ZwUnmapViewOfSection
116=805C7AA2:ZwVdmControl
117=805B27C8:ZwWaitForDebugEvent
118=80576D38:ZwWaitForMultipleObjects
119=8057628D:ZwWaitForSingleObject
11A=8066A21C:ZwWaitHighEventPair
11B=8066A1BB:ZwWaitLowEventPair
11C=8057A248:ZwWriteFile
11D=805B0FE1:ZwWriteFileGather
11E=8059B0A6:ZwWriteRequestData
11F=805882D7:ZwWriteVirtualMemory
120=8050B1C1:ZwYieldExecution
121=805D9D7F:ZwCreateKeyedEvent
122=805915CF:ZwOpenKeyedEvent
123=8066B22F:ZwReleaseKeyedEvent
124=8066B4AA:ZwWaitForKeyedEvent
125=80651170:ZwQueryPortInformationProcess
winxp/sp2内核服务函数列表,数量=11C(此表由创建于CNASM内部系统分析工具3.0)
000=8058FF12:ZwAcceptConnectPort
001=8057B3B1:ZwAccessCheck
002=80598012:ZwAccessCheckAndAuditAlarm
003=805E01E6:ZwAccessCheckByType
004=80598099:ZwAccessCheckByTypeAndAuditAlarm
005=8063F008:ZwAccessCheckByTypeResultList
006=80641199:ZwAccessCheckByTypeResultListAndAuditAlarm
007=806411E2:ZwAccessCheckByTypeResultListAndAuditAlarmByHandle
008=80581221:ZwAddAtom
009=8064EEB3:ZwAddBootEntry
00A=8063E7CB:ZwAdjustGroupsToken
00B=80597849:ZwAdjustPrivilegesToken
00C=80636AE2:ZwAlertResumeThread
00D=805832D5:ZwAlertThread
00E=80596B44:ZwAllocateLocallyUniqueId
00F=8062D916:ZwAllocateUserPhysicalPages
010=805DC3E9:ZwAllocateUuids
011=80570E06:ZwAllocateVirtualMemory
012=805E5D79:ZwAreMappedFilesTheSame
013=805E8049:ZwAssignProcessToJobObject
014=804E5EC4:ZwCallbackReturn
015=8064EE9F:ZwCancelDeviceWakeupRequest
016=805ACCB3:ZwCancelIoFile
017=804EF208:ZwCancelTimer
018=80570718:ZwClearEvent
019=8056F9E9:ZwClose
01A=8059173A:ZwCloseObjectAuditAlarm
01B=806551C7:ZwCompactKeys
01C=8059200C:ZwCompareTokens
01D=805908F2:ZwCompleteConnectPort
01E=80655435:ZwCompressKey
01F=80591820:ZwConnectPort
020=804E222D:ZwContinue
021=806600F7:ZwCreateDebugObject
022=805AE932:ZwCreateDirectoryObject
023=805764A8:ZwCreateEvent
024=8064F504:ZwCreateEventPair
025=8057E3B5:ZwCreateFile
026=805DFD56:ZwCreateIoCompletion
027=805D979A:ZwCreateJobObject
028=80636F89:ZwCreateJobSet
029=80578284:ZwCreateKey
02A=805AD920:ZwCreateMailslotFile
02B=8057CD19:ZwCreateMutant
02C=80588378:ZwCreateNamedPipeFile
02D=805B9421:ZwCreatePagingFile
02E=805E29E8:ZwCreatePort
02F=805B50C0:ZwCreateProcess
030=8058BCC0:ZwCreateProcessEx
031=8064FB25:ZwCreateProfile
032=8056DE25:ZwCreateSection
033=8057A316:ZwCreateSemaphore
034=805E590C:ZwCreateSymbolicLinkObject
035=80585B62:ZwCreateThread
036=805E3350:ZwCreateTimer
037=805AA80B:ZwCreateToken
038=805AF220:ZwCreateWaitablePort
039=80661271:ZwDebugActiveProcess
03A=806613CB:ZwDebugContinue
03B=8056EB59:ZwDelayExecution
03C=805922B8:ZwDeleteAtom
03D=8064EE9F:ZwDeleteBootEntry
03E=805D8FA2:ZwDeleteFile
03F=8059B493:ZwDeleteKey
040=80641239:ZwDeleteObjectAuditAlarm
041=8059A085:ZwDeleteValueKey
042=80588074:ZwDeviceIoControlFile
043=805BA8C0:ZwDisplayString
044=80579C46:ZwDuplicateObject
045=8057D14D:ZwDuplicateToken
046=8064EEB3:ZwEnumerateBootEntries
047=805793FA:ZwEnumerateKey
048=8064EE8B:ZwEnumerateSystemEnvironmentValuesEx
049=8059060D:ZwEnumerateValueKey
04A=8062C8D5:ZwExtendSection
04B=805D3EF9:ZwFilterToken
04C=805E06C5:ZwFindAtom
04D=8058340B:ZwFlushBuffersFile
04E=805870CA:ZwFlushInstructionCache
04F=805E4A3F:ZwFlushKey
050=805E6D0A:ZwFlushVirtualMemory
051=8062E173:ZwFlushWriteBuffer
052=8062DCC9:ZwFreeUserPhysicalPages
053=805714A0:ZwFreeVirtualMemory
054=80581FCC:ZwFsControlFile
055=80634A5D:ZwGetContextThread
056=80632F37:ZwGetDevicePowerState
057=805A0FAF:ZwGetPlugPlayEvent
058=8053F879:ZwGetWriteWatch
059=805E259D:ZwImpersonateAnonymousToken
05A=80591445:ZwImpersonateClientOfPort
05B=80587C2C:ZwImpersonateThread
05C=805AF425:ZwInitializeRegistry
05D=80632D03:ZwInitiatePowerAction
05E=80636E3F:ZwIsProcessInJob
05F=80632F1E:ZwIsSystemResumeAutomatic
060=805D1564:ZwListenPort
061=805ADA28:ZwLoadDriver
062=805D43C2:ZwLoadKey
063=805D4210:ZwLoadKey2
064=80592D85:ZwLockFile
065=805D1630:ZwLockProductActivationKeys
066=805CF453:ZwLockRegistryKey
067=805B2D23:ZwLockVirtualMemory
068=805E5C24:ZwMakePermanentObject
069=805E5B6D:ZwMakeTemporaryObject
06A=8062CF72:ZwMapUserPhysicalPages
06B=8062D3CB:ZwMapUserPhysicalPagesScatter
06C=8057F70B:ZwMapViewOfSection
06D=8064EE9F:ZwModifyBootEntry
06E=80595ABF:ZwNotifyChangeDirectoryFile
06F=8059748D:ZwNotifyChangeKey
070=8059729F:ZwNotifyChangeMultipleKeys
071=80589255:ZwOpenDirectoryObject
072=80590733:ZwOpenEvent
073=8064F5F5:ZwOpenEventPair
074=8057E529:ZwOpenFile
075=80620665:ZwOpenIoCompletion
076=806371E1:ZwOpenJobObject
077=80572CBC:ZwOpenKey
078=8057CDC7:ZwOpenMutant
079=80598D03:ZwOpenObjectAuditAlarm
07A=8057A0DA:ZwOpenProcess
07B=80577C67:ZwOpenProcessToken
07C=80577BBE:ZwOpenProcessTokenEx
07D=8057FB3A:ZwOpenSection
07E=805E5CEB:ZwOpenSemaphore
07F=805891D8:ZwOpenSymbolicLinkObject
080=80596EF6:ZwOpenThread
081=80575F57:ZwOpenThreadToken
082=80575E51:ZwOpenThreadTokenEx
083=8064F42B:ZwOpenTimer
084=8059FE11:ZwPlugPlayControl
085=805E5F26:ZwPowerInformation
086=805A010C:ZwPrivilegeCheck
087=805DC52F:ZwPrivilegeObjectAuditAlarm
088=805D12E8:ZwPrivilegedServiceAuditAlarm
089=8057A3EF:ZwProtectVirtualMemory
08A=805AF178:ZwPulseEvent
08B=80582D30:ZwQueryAttributesFile
08C=8064EEB3:ZwQueryBootEntryOrder
08D=8064EEB3:ZwQueryBootOptions
08E=804FD6A9:ZwQueryDebugFilterState
08F=8056F139:ZwQueryDefaultLocale
090=80588B53:ZwQueryDefaultUILanguage
091=80580AD8:ZwQueryDirectoryFile
092=8058E401:ZwQueryDirectoryObject
093=80620AE4:ZwQueryEaFile
094=80590B5A:ZwQueryEvent
095=8058536F:ZwQueryFullAttributesFile
096=805AEC39:ZwQueryInformationAtom
097=8057FCAB:ZwQueryInformationFile
098=8058B546:ZwQueryInformationJobObject
099=8062A57B:ZwQueryInformationPort
09A=8057603B:ZwQueryInformationProcess
09B=8057564A:ZwQueryInformationThread
09C=80576A55:ZwQueryInformationToken
09D=80589384:ZwQueryInstallUILanguage
09E=8064FFD7:ZwQueryIntervalProfile
09F=80620726:ZwQueryIoCompletion
0A0=80578FFA:ZwQueryKey
0A1=80654BE8:ZwQueryMultipleValueKey
0A2=8064F95E:ZwQueryMutant
0A3=80589607:ZwQueryObject
0A4=80654DEE:ZwQueryOpenSubKeys
0A5=805708FB:ZwQueryPerformanceCounter
0A6=80621395:ZwQueryQuotaInformationFile
0A7=80587517:ZwQuerySection
0A8=805E84B4:ZwQuerySecurityObject
0A9=8064E763:ZwQuerySemaphore
0AA=80589049:ZwQuerySymbolicLinkObject
0AB=8064EEDB:ZwQuerySystemEnvironmentValue
0AC=8064EE75:ZwQuerySystemEnvironmentValueEx
0AD=805864CF:ZwQuerySystemInformation
0AE=805919F9:ZwQuerySystemTime
0AF=8059608C:ZwQueryTimer
0B0=8058ACE1:ZwQueryTimerResolution
0B1=80573100:ZwQueryValueKey
0B2=80582647:ZwQueryVirtualMemory
0B3=8057E667:ZwQueryVolumeInformationFile
0B4=80595FE7:ZwQueueApcThread
0B5=804E2275:ZwRaiseException
0B6=8064E49F:ZwRaiseHardError
0B7=8058295B:ZwReadFile
0B8=80621C6B:ZwReadFileScatter
0B9=80591E97:ZwReadRequestData
0BA=80587A43:ZwReadVirtualMemory
0BB=805862B3:ZwRegisterThreadTerminatePort
0BC=8056EBC4:ZwReleaseMutant
0BD=805835DF:ZwReleaseSemaphore
0BE=8056F65F:ZwRemoveIoCompletion
0BF=80661346:ZwRemoveProcessDebug
0C0=8065502F:ZwRenameKey
0C1=80655522:ZwReplaceKey
0C2=8057CE46:ZwReplyPort
0C3=80575629:ZwReplyWaitReceivePort
0C4=80575141:ZwReplyWaitReceivePortEx
0C5=8062A65A:ZwReplyWaitReplyPort
0C6=80632EAB:ZwRequestDeviceWakeup
0C7=805E9324:ZwRequestPort
0C8=805796C4:ZwRequestWaitReplyPort
0C9=80632CA4:ZwRequestWakeupLatency
0CA=805E36C3:ZwResetEvent
0CB=8053FCF2:ZwResetWriteWatch
0CC=80654040:ZwRestoreKey
0CD=80636A82:ZwResumeProcess
0CE=805861D9:ZwResumeThread
0CF=806540E7:ZwSaveKey
0D0=8065417F:ZwSaveKeyEx
0D1=80654253:ZwSaveMergedKeys
0D2=8058F748:ZwSecureConnectPort
0D3=8064EEB3:ZwSetBootEntryOrder
0D4=8064EEB3:ZwSetBootOptions
0D5=80634C83:ZwSetContextThread
0D6=80662D26:ZwSetDebugFilterState
0D7=805B49B1:ZwSetDefaultHardErrorPort
0D8=805D9E07:ZwSetDefaultLocale
0D9=805D9DAE:ZwSetDefaultUILanguage
0DA=80621029:ZwSetEaFile
0DB=80570689:ZwSetEvent
0DC=8057676E:ZwSetEventBoostPriority
0DD=8064F8E9:ZwSetHighEventPair
0DE=8064F80D:ZwSetHighWaitLowEventPair
0DF=80660CE7:ZwSetInformationDebugObject
0E0=805839EE:ZwSetInformationFile
0E1=805D98EE:ZwSetInformationJobObject
0E2=8065474B:ZwSetInformationKey
0E3=805907A9:ZwSetInformationObject
0E4=80582B1D:ZwSetInformationProcess
0E5=80576581:ZwSetInformationThread
0E6=805A9EA5:ZwSetInformationToken
0E7=8064FB03:ZwSetIntervalProfile
0E8=8057590F:ZwSetIoCompletion
0E9=8063599B:ZwSetLdtEntries
0EA=8064F87F:ZwSetLowEventPair
0EB=8064F79B:ZwSetLowWaitHighEventPair
0EC=8062136D:ZwSetQuotaInformationFile
0ED=805DFAD1:ZwSetSecurityObject
0EE=8064F178:ZwSetSystemEnvironmentValue
0EF=8064EE75:ZwSetSystemEnvironmentValueEx
0F0=805DA74F:ZwSetSystemInformation
0F1=8066E0F9:ZwSetSystemPowerState
0F2=8064E153:ZwSetSystemTime
0F3=805EB24F:ZwSetThreadExecutionState
0F4=804E89FD:ZwSetTimer
0F5=805EB516:ZwSetTimerResolution
0F6=805D4521:ZwSetUuidSeed
0F7=80580F03:ZwSetValueKey
0F8=806218A9:ZwSetVolumeInformationFile
0F9=8064D89F:ZwShutdownSystem
0FA=8051C9EB:ZwSignalAndWaitForSingleObject
0FB=8064FD6C:ZwStartProfile
0FC=8064FF25:ZwStopProfile
0FD=80636A27:ZwSuspendProcess
0FE=80636943:ZwSuspendThread
0FF=80650085:ZwSystemDebugControl
100=8063735F:ZwTerminateJobObject
101=8058D549:ZwTerminateProcess
102=805857A8:ZwTerminateThread
103=80585CC1:ZwTestAlert
104=80549A08:ZwTraceEvent
105=8064EEC7:ZwTranslateFilePath
106=80623ED4:ZwUnloadDriver
107=80654319:ZwUnloadKey
108=80654516:ZwUnloadKeyEx
109=80592EE5:ZwUnlockFile
10A=8062E1E7:ZwUnlockVirtualMemory
10B=8057F293:ZwUnmapViewOfSection
10C=805B2353:ZwVdmControl
10D=80660A30:ZwWaitForDebugEvent
10E=8056ECA1:ZwWaitForMultipleObjects
10F=8056E265:ZwWaitForSingleObject
110=8064F731:ZwWaitHighEventPair
111=8064F6C7:ZwWaitLowEventPair
112=80583C75:ZwWriteFile
113=805ACFA0:ZwWriteFileGather
114=80591F1B:ZwWriteRequestData
115=80587B3B:ZwWriteVirtualMemory
116=804F5102:ZwYieldExecution
117=805C7562:ZwCreateKeyedEvent
118=8058BECC:ZwOpenKeyedEvent
119=806504F9:ZwReleaseKeyedEvent
11A=80650764:ZwWaitForKeyedEvent
winnt/sp4内核服务函数列表,数量=F8(此表由创建于CNASM内部系统分析工具3.0)
000=8058B3BF:ZwAcceptConnectPort
001=8058E86B:ZwAccessCheck
002=8059DEF3:ZwAccessCheckAndAuditAlarm
003=805EB034:ZwAccessCheckByType
004=805A11F4:ZwAccessCheckByTypeAndAuditAlarm
005=80539214:ZwAccessCheckByTypeResultList
006=805EC2FF:ZwAccessCheckByTypeResultListAndAuditAlarm
007=805EC33F:ZwAccessCheckByTypeResultListAndAuditAlarmByHandle
008=8059581C:ZwAddAtom
009=805E8874:ZwAdjustGroupsToken
00A=8057860A:ZwAdjustPrivilegesToken
00B=805DC7E2:ZwAlertResumeThread
00C=805755F7:ZwAlertThread
00D=8057C8A6:ZwAllocateLocallyUniqueId
00E=80528472:ZwAllocateUserPhysicalPages
00F=80588D50:ZwAllocateUuids
010=80596BFB:ZwAllocateVirtualMemory
011=805D0CEF:ZwAreMappedFilesTheSame
012=805DCB95:ZwAssignProcessToJobObject
013=804E189A:ZwCallbackReturn
014=805B06CB:ZwCancelIoFile
015=804F8F66:ZwCancelTimer
016=805D69D4:ZwCancelDeviceWakeupRequest
017=8057E0CC:ZwClearEvent
018=8052C422:ZwClose
019=80576F58:ZwCloseObjectAuditAlarm
01A=8058B849:ZwCompleteConnectPort
01B=8058A9DA:ZwConnectPort
01C=80545250:ZwContinue
01D=805D4BD5:ZwCreateDirectoryObject
01E=8057BC80:ZwCreateEvent
01F=805AA7A5:ZwCreateEventPair
020=80580C2D:ZwCreateFile
021=805A18F5:ZwCreateIoCompletion
022=805DC8B8:ZwCreateJobObject
023=805883BE:ZwCreateKey
024=8056D3DA:ZwCreateMailslotFile
025=8057FCA5:ZwCreateMutant
026=8057628A:ZwCreateNamedPipeFile
027=805CE260:ZwCreatePagingFile
028=8058098F:ZwCreatePort
029=8058D948:ZwCreateProcess
02A=805A9D6F:ZwCreateProfile
02B=8058EFF6:ZwCreateSection
02C=805770F9:ZwCreateSemaphore
02D=8057C6C4:ZwCreateSymbolicLinkObject
02E=805769C1:ZwCreateThread
02F=805A1C6E:ZwCreateTimer
030=805EE543:ZwCreateToken
031=805CC375:ZwCreateWaitablePort
032=805A0467:ZwDelayExecution
033=805A0528:ZwDeleteAtom
034=805B0833:ZwDeleteFile
035=8059D3C5:ZwDeleteKey
036=80571D0C:ZwDeleteObjectAuditAlarm
037=80581309:ZwDeleteValueKey
038=80588EF6:ZwDeviceIoControlFile
039=805A61B4:ZwDisplayString
03A=8057FE25:ZwDuplicateObject
03B=8057CF2E:ZwDuplicateToken
03C=8057736D:ZwEnumerateKey
03D=805A0A3C:ZwEnumerateValueKey
03E=8057051D:ZwExtendSection
03F=805E9361:ZwFilterToken
040=805995ED:ZwFindAtom
041=8059A31A:ZwFlushBuffersFile
042=80576667:ZwFlushInstructionCache
043=8058E2C6:ZwFlushKey
044=80590F9C:ZwFlushVirtualMemory
045=805D19A4:ZwFlushWriteBuffer
046=80528A9D:ZwFreeUserPhysicalPages
047=80589828:ZwFreeVirtualMemory
048=80588B14:ZwFsControlFile
049=805A4F1B:ZwGetContextThread
04A=805D69EA:ZwGetDevicePowerState
04B=8059C159:ZwGetPlugPlayEvent
04C=80540086:ZwGetTickCount
04D=805290E4:ZwGetWriteWatch
04E=805EEFE4:ZwImpersonateAnonymousToken
04F=80575FCD:ZwImpersonateClientOfPort
050=80532C84:ZwImpersonateThread
051=805FE159:ZwInitializeRegistry
052=805D67D0:ZwInitiatePowerAction
053=805D69DC:ZwIsSystemResumeAutomatic
054=805CC598:ZwListenPort
055=8060A603:ZwLoadDriver
056=805FEDF3:ZwLoadKey
057=8053FA4E:ZwLoadKey2
058=8058A339:ZwLockFile
059=805D19FB:ZwLockVirtualMemory
05A=80594D99:ZwMakeTemporaryObject
05B=80527B61:ZwMapUserPhysicalPages
05C=80527F74:ZwMapUserPhysicalPagesScatter
05D=80588767:ZwMapViewOfSection
05E=8057844D:ZwNotifyChangeDirectoryFile
05F=805800E4:ZwNotifyChangeKey
060=80580112:ZwNotifyChangeMultipleKeys
061=80599BCA:ZwOpenDirectoryObject
062=8059570A:ZwOpenEvent
063=805AA891:ZwOpenEventPair
064=805835F9:ZwOpenFile
065=805B4F31:ZwOpenIoCompletion
066=805DCACD:ZwOpenJobObject
067=8058A4F2:ZwOpenKey
068=805986D0:ZwOpenMutant
069=805879E0:ZwOpenObjectAuditAlarm
06A=8057E77A:ZwOpenProcess
06B=80595234:ZwOpenProcessToken
06C=8058C198:ZwOpenSection
06D=8059C50F:ZwOpenSemaphore
06E=805A0953:ZwOpenSymbolicLinkObject
06F=805967E5:ZwOpenThread
070=80580E36:ZwOpenThreadToken
071=805AA46B:ZwOpenTimer
072=8058FC32:ZwPlugPlayControl
073=805A3755:ZwPowerInformation
074=80575E38:ZwPrivilegeCheck
075=805EBA39:ZwPrivilegedServiceAuditAlarm
076=805EB815:ZwPrivilegeObjectAuditAlarm
077=8059038B:ZwProtectVirtualMemory
078=805A1A4E:ZwPulseEvent
079=8058A8CE:ZwQueryInformationAtom
07A=80579EE5:ZwQueryAttributesFile
07B=8057EB50:ZwQueryDefaultLocale
07C=8059E87B:ZwQueryDefaultUILanguage
07D=80582459:ZwQueryDirectoryFile
07E=805A33FE:ZwQueryDirectoryObject
07F=805B5963:ZwQueryEaFile
080=8058AF98:ZwQueryEvent
081=8059CAB3:ZwQueryFullAttributesFile
082=8058E525:ZwQueryInformationFile
083=8058DF19:ZwQueryInformationJobObject
084=8059E337:ZwQueryIoCompletion
085=805CC616:ZwQueryInformationPort
086=80594426:ZwQueryInformationProcess
087=80589AB9:ZwQueryInformationThread
088=805790BD:ZwQueryInformationToken
089=8059BCE1:ZwQueryInstallUILanguage
08A=805AA33D:ZwQueryIntervalProfile
08B=8057923A:ZwQueryKey
08C=805FF4A8:ZwQueryMultipleValueKey
08D=805AA604:ZwQueryMutant
08E=8059AE69:ZwQueryObject
08F=805FFB4C:ZwQueryOpenSubKeys
090=80599B2D:ZwQueryPerformanceCounter
091=805B6865:ZwQueryQuotaInformationFile
092=805789AC:ZwQuerySection
093=8052C94A:ZwQuerySecurityObject
094=805A9009:ZwQuerySemaphore
095=8059984F:ZwQuerySymbolicLinkObject
096=805A97BE:ZwQuerySystemEnvironmentValue
097=8059F933:ZwQuerySystemInformation
098=8059B77C:ZwQuerySystemTime
099=8059AD4C:ZwQueryTimer
09A=8058CF1A:ZwQueryTimerResolution
09B=8057A077:ZwQueryValueKey
09C=8057C3CD:ZwQueryVirtualMemory
09D=8057EC21:ZwQueryVolumeInformationFile
09E=805913FF:ZwQueueApcThread
09F=80545298:ZwRaiseException
0A0=805A8C74:ZwRaiseHardError
0A1=8059B7FD:ZwReadFile
0A2=805B7508:ZwReadFileScatter
0A3=80589014:ZwReadRequestData
0A4=8059E05F:ZwReadVirtualMemory
0A5=805759A2:ZwRegisterThreadTerminatePort
0A6=8059BC18:ZwReleaseMutant
0A7=805871EB:ZwReleaseSemaphore
0A8=8059219F:ZwRemoveIoCompletion
0A9=805FF2D7:ZwReplaceKey
0AA=8057E519:ZwReplyPort
0AB=80593E83:ZwReplyWaitReceivePort
0AC=8051374A:ZwReplyWaitReceivePortEx
0AD=805CC819:ZwReplyWaitReplyPort
0AE=805D6972:ZwRequestDeviceWakeup
0AF=80595A2E:ZwRequestPort
0B0=80593AC6:ZwRequestWaitReplyPort
0B1=805D677C:ZwRequestWakeupLatency
0B2=8056C413:ZwResetEvent
0B3=805295CA:ZwResetWriteWatch
0B4=805FEA0C:ZwRestoreKey
0B5=80594998:ZwResumeThread
0B6=80572F99:ZwSaveKey
0B7=805FEB70:ZwSaveMergedKeys
0B8=80512E23:ZwSecureConnectPort
0B9=80580FA6:ZwSetIoCompletion
0BA=805714C5:ZwSetContextThread
0BB=805A8F0B:ZwSetDefaultHardErrorPort
0BC=805A6470:ZwSetDefaultLocale
0BD=805A6A3E:ZwSetDefaultUILanguage
0BE=805B5ED0:ZwSetEaFile
0BF=8058745D:ZwSetEvent
0C0=805AAB33:ZwSetHighEventPair
0C1=805AAA79:ZwSetHighWaitLowEventPair
0C2=805A1308:ZwSetInformationFile
0C3=805DD998:ZwSetInformationJobObject
0C4=805FEFDD:ZwSetInformationKey
0C5=80597435:ZwSetInformationObject
0C6=8057BFC8:ZwSetInformationProcess
0C7=805A0067:ZwSetInformationThread
0C8=805EF572:ZwSetInformationToken
0C9=805AA32B:ZwSetIntervalProfile
0CA=805710AD:ZwSetLdtEntries
0CB=805AAADD:ZwSetLowEventPair
0CC=805AAA15:ZwSetLowWaitHighEventPair
0CD=805B6DD0:ZwSetQuotaInformationFile
0CE=8052C855:ZwSetSecurityObject
0CF=805A9A48:ZwSetSystemEnvironmentValue
0D0=8056C5C0:ZwSetSystemInformation
0D1=80568947:ZwSetSystemPowerState
0D2=8056CBE7:ZwSetSystemTime
0D3=80592CA2:ZwSetThreadExecutionState
0D4=804F90FF:ZwSetTimer
0D5=805A1B95:ZwSetTimerResolution
0D6=805A93B5:ZwSetUuidSeed
0D7=80598D90:ZwSetValueKey
0D8=805B6EEC:ZwSetVolumeInformationFile
0D9=805A6182:ZwShutdownSystem
0DA=8052D2B1:ZwSignalAndWaitForSingleObject
0DB=805A9FE0:ZwStartProfile
0DC=805AA287:ZwStopProfile
0DD=805A522B:ZwSuspendThread
0DE=8060A462:ZwSystemDebugControl
0DF=805DE766:ZwTerminateJobObject
0E0=80582FAC:ZwTerminateProcess
0E1=8059DF29:ZwTerminateThread
0E2=80595218:ZwTestAlert
0E3=8060A7D0:ZwUnloadDriver
0E4=805FEE05:ZwUnloadKey
0E5=805881B4:ZwUnlockFile
0E6=805A0554:ZwUnlockVirtualMemory
0E7=8059A027:ZwUnmapViewOfSection
0E8=805A3B5D:ZwVdmControl
0E9=8052D4A2:ZwWaitForMultipleObjects
0EA=8057ADC3:ZwWaitForSingleObject
0EB=805AA9B7:ZwWaitHighEventPair
0EC=805AA959:ZwWaitLowEventPair
0ED=80577920:ZwWriteFile
0EE=805B7D76:ZwWriteFileGather
0EF=8059848C:ZwWriteRequestData
0F0=8058C248:ZwWriteVirtualMemory
0F1=805CB56F:ZwCreateChannel
0F2=805CB56F:ZwListenChannel
0F3=805CB56F:ZwOpenChannel
0F4=80512D65:ZwReplyWaitSendChannel
0F5=80525DB5:ZwSendWaitReplyChannel
0F6=805D69D4:ZwSetContextChannel
posted on 2006-12-12 16:46
CPP&&设计模式小屋 阅读(2282)
评论(0) 编辑 收藏 引用 所属分类:
Windows Programming