Log in

View Full Version : Windows 7 RC syscalls

OpenRCE_omega_red
June 10th, 2009, 09:17
Code:
Windows version: 6.1.7100, platform 2, 

NtQuerySystemInformation ok, kernel base: 000000008284c000



Loading symbols for C:\Windows\system32\ntkrnlpa.exe, please wait...

Real SSDTS address: 00000000829b4a00



Service tables:



Table #0: 828ac8fc, 0191 entries, params=828acf44, \SystemRoot\system32\ntkrnlpa.exe

0000: 82a9c686 NtAcceptConnectPort [6] (ntkrnlpa.exe)

0001: 828fcf04 NtAccessCheck [8] (ntkrnlpa.exe)

0002: 82a56139 NtAccessCheckAndAuditAlarm [11] (ntkrnlpa.exe)

0003: 8287097b NtAccessCheckByType [11] (ntkrnlpa.exe)

0004: 82acf7c6 NtAccessCheckByTypeAndAuditAlarm [16] (ntkrnlpa.exe)

0005: 829488fe NtAccessCheckByTypeResultList [11] (ntkrnlpa.exe)

0006: 82b3705d NtAccessCheckByTypeResultListAndAuditAlarm [16] (ntkrnlpa.exe)

0007: 82b370a6 NtAccessCheckByTypeResultListAndAuditAlarmByHandle [17] (ntkrnlpa.exe)

0008: 82a4020f NtAddAtom [3] (ntkrnlpa.exe)

0009: 82b4fa48 NtAddBootEntry [2] (ntkrnlpa.exe)

000a: 82b50ca1 NtAddDriverEntry [2] (ntkrnlpa.exe)

000b: 82a4e8d7 NtAdjustGroupsToken [6] (ntkrnlpa.exe)

000c: 82ab8818 NtAdjustPrivilegesToken [6] (ntkrnlpa.exe)

000d: 82b29e19 NtAlertResumeThread [2] (ntkrnlpa.exe)

000e: 82a580e2 NtAlertThread [1] (ntkrnlpa.exe)

000f: 82a50636 NtAllocateLocallyUniqueId [1] (ntkrnlpa.exe)

0010: 829e355b NtAllocateReserveObject [3] (ntkrnlpa.exe)

0011: 82b1c14c NtAllocateUserPhysicalPages [3] (ntkrnlpa.exe)

0012: 82a4aee6 NtAllocateUuids [4] (ntkrnlpa.exe)

0013: 82a7952f NtAllocateVirtualMemory [6] (ntkrnlpa.exe)

0014: 82acb6ee NtAlpcAcceptConnectPort [9] (ntkrnlpa.exe)

0015: 82a2d497 NtAlpcCancelMessage [3] (ntkrnlpa.exe)

0016: 82a8a21d NtAlpcConnectPort [11] (ntkrnlpa.exe)

0017: 82a3e396 NtAlpcCreatePort [3] (ntkrnlpa.exe)

0018: 82a55ca7 NtAlpcCreatePortSection [6] (ntkrnlpa.exe)

0019: 82a3f07c NtAlpcCreateResourceReserve [4] (ntkrnlpa.exe)

001a: 82a5aaef NtAlpcCreateSectionView [3] (ntkrnlpa.exe)

001b: 82a9c703 NtAlpcCreateSecurityContext [3] (ntkrnlpa.exe)

001c: 82a9c8db NtAlpcDeletePortSection [3] (ntkrnlpa.exe)

001d: 82b17101 NtAlpcDeleteResourceReserve [3] (ntkrnlpa.exe)

001e: 82ad0681 NtAlpcDeleteSectionView [3] (ntkrnlpa.exe)

001f: 82aa18af NtAlpcDeleteSecurityContext [3] (ntkrnlpa.exe)

0020: 82ace57a NtAlpcDisconnectPort [2] (ntkrnlpa.exe)

0021: 82acf45c NtAlpcImpersonateClientOfPort [3] (ntkrnlpa.exe)

0022: 82a46410 NtAlpcOpenSenderProcess [6] (ntkrnlpa.exe)

0023: 82a3b7c2 NtAlpcOpenSenderThread [6] (ntkrnlpa.exe)

0024: 82a50765 NtAlpcQueryInformation [5] (ntkrnlpa.exe)

0025: 82ab80d2 NtAlpcQueryInformationMessage [6] (ntkrnlpa.exe)

0026: 82b17225 NtAlpcRevokeSecurityContext [3] (ntkrnlpa.exe)

0027: 82ab6265 NtAlpcSendWaitReceivePort [8] (ntkrnlpa.exe)

0028: 82a3cfed NtAlpcSetInformation [4] (ntkrnlpa.exe)

0029: 82aaea68 NtApphelpCacheControl [2] (ntkrnlpa.exe)

002a: 82a1c351 NtAreMappedFilesTheSame [2] (ntkrnlpa.exe)

002b: 82a428e3 NtAssignProcessToJobObject [2] (ntkrnlpa.exe)

002c: 828ad420 NtCallbackReturn [3] (ntkrnlpa.exe)

002d: 82a1695c NtCancelIoFile [2] (ntkrnlpa.exe)

002e: 82a4271e NtCancelIoFileEx [3] (ntkrnlpa.exe)

002f: 82b074c0 NtCancelSynchronousIoFile [3] (ntkrnlpa.exe)

0030: 828f34b3 NtCancelTimer [2] (ntkrnlpa.exe)

0031: 82a6e4cc NtClearEvent [1] (ntkrnlpa.exe)

0032: 82aabfcd NtClose [1] (ntkrnlpa.exe)

0033: 82acf6f5 NtCloseObjectAuditAlarm [3] (ntkrnlpa.exe)

0034: 82b3dfec NtCommitComplete [2] (ntkrnlpa.exe)

0035: 82b3dd10 NtCommitEnlistment [2] (ntkrnlpa.exe)

0036: 82a26fb5 NtCommitTransaction [2] (ntkrnlpa.exe)

0037: 82aec5cb NtCompactKeys [2] (ntkrnlpa.exe)

0038: 82a3d858 NtCompareTokens [3] (ntkrnlpa.exe)

0039: 82a3b67d NtCompleteConnectPort [1] (ntkrnlpa.exe)

003a: 82aec837 NtCompressKey [1] (ntkrnlpa.exe)

003b: 82a9c659 NtConnectPort [8] (ntkrnlpa.exe)

003c: 82887efc NtContinue [2] (ntkrnlpa.exe)

003d: 82afd469 NtCreateDebugObject [4] (ntkrnlpa.exe)

003e: 82a47f18 NtCreateDirectoryObject [3] (ntkrnlpa.exe)

003f: 82a13e87 NtCreateEnlistment [8] (ntkrnlpa.exe)

0040: 82a9d6af NtCreateEvent [5] (ntkrnlpa.exe)

0041: 82b55748 NtCreateEventPair [3] (ntkrnlpa.exe)

0042: 82ab5704 NtCreateFile [11] (ntkrnlpa.exe)

0043: 82a8519f NtCreateIoCompletion [4] (ntkrnlpa.exe)

0044: 82a3ab8f NtCreateJobObject [3] (ntkrnlpa.exe)

0045: 82b2bba0 NtCreateJobSet [3] (ntkrnlpa.exe)

0046: 82ad4b85 NtCreateKey [7] (ntkrnlpa.exe)

0047: 82ac6246 NtCreateKeyedEvent [4] (ntkrnlpa.exe)

0048: 82a20bd0 NtCreateKeyTransacted [8] (ntkrnlpa.exe)

0049: 82a488d2 NtCreateMailslotFile [8] (ntkrnlpa.exe)

004a: 82ab72d6 NtCreateMutant [4] (ntkrnlpa.exe)

004b: 82a95993 NtCreateNamedPipeFile [14] (ntkrnlpa.exe)

004c: 829dac60 NtCreatePagingFile [4] (ntkrnlpa.exe)

004d: 82a394af NtCreatePort [5] (ntkrnlpa.exe)

004e: 82a21ae4 NtCreatePrivateNamespace [4] (ntkrnlpa.exe)

004f: 82b2824b NtCreateProcess [8] (ntkrnlpa.exe)

0050: 82b28296 NtCreateProcessEx [9] (ntkrnlpa.exe)

0051: 82b55cbb NtCreateProfile [9] (ntkrnlpa.exe)

0052: 82960990 NtCreateProfileEx [10] (ntkrnlpa.exe)

0053: 829eb4f7 NtCreateResourceManager [7] (ntkrnlpa.exe)

0054: 82a6b106 NtCreateSection [7] (ntkrnlpa.exe)

0055: 82a9f7bc NtCreateSemaphore [5] (ntkrnlpa.exe)

0056: 82a47993 NtCreateSymbolicLinkObject [4] (ntkrnlpa.exe)

0057: 82b28052 NtCreateThread [8] (ntkrnlpa.exe)

0058: 82ab9756 NtCreateThreadEx [11] (ntkrnlpa.exe)

0059: 82a46034 NtCreateTimer [4] (ntkrnlpa.exe)

005a: 82a48494 NtCreateToken [13] (ntkrnlpa.exe)

005b: 82a21124 NtCreateTransaction [10] (ntkrnlpa.exe)

005c: 829e7d9e NtCreateTransactionManager [6] (ntkrnlpa.exe)

005d: 82aa6b0c NtCreateUserProcess [11] (ntkrnlpa.exe)

005e: 829f0c96 NtCreateWaitablePort [5] (ntkrnlpa.exe)

005f: 82a9ef8b NtCreateWorkerFactory [10] (ntkrnlpa.exe)

0060: 82afe322 NtDebugActiveProcess [2] (ntkrnlpa.exe)

0061: 82afe9df NtDebugContinue [3] (ntkrnlpa.exe)

0062: 82a6e018 NtDelayExecution [2] (ntkrnlpa.exe)

0063: 82a40f85 NtDeleteAtom [1] (ntkrnlpa.exe)

0064: 82b4fa7b NtDeleteBootEntry [1] (ntkrnlpa.exe)

0065: 82b50cd3 NtDeleteDriverEntry [1] (ntkrnlpa.exe)

0066: 829e1742 NtDeleteFile [1] (ntkrnlpa.exe)

0067: 82a30dc0 NtDeleteKey [1] (ntkrnlpa.exe)

0068: 82ae0fa9 NtDeleteObjectAuditAlarm [3] (ntkrnlpa.exe)

0069: 82ae6edb NtDeletePrivateNamespace [1] (ntkrnlpa.exe)

006a: 82ad4cc2 NtDeleteValueKey [2] (ntkrnlpa.exe)

006b: 82ab645d NtDeviceIoControlFile [10] (ntkrnlpa.exe)

006c: 82b13f40 NtDisableLastKnownGood [0] (ntkrnlpa.exe)

006d: 82b4dd43 NtDisplayString [1] (ntkrnlpa.exe)

006e: 8295f720 NtDrawText [1] (ntkrnlpa.exe)

006f: 82abc80e NtDuplicateObject [7] (ntkrnlpa.exe)

0070: 82a872dd NtDuplicateToken [6] (ntkrnlpa.exe)

0071: 82b14021 NtEnableLastKnownGood [0] (ntkrnlpa.exe)

0072: 82b4fc7d NtEnumerateBootEntries [2] (ntkrnlpa.exe)

0073: 82b50ed3 NtEnumerateDriverEntries [2] (ntkrnlpa.exe)

0074: 82ac4877 NtEnumerateKey [6] (ntkrnlpa.exe)

0075: 82b4f85b NtEnumerateSystemEnvironmentValuesEx [3] (ntkrnlpa.exe)

0076: 82b3eb26 NtEnumerateTransactionObject [5] (ntkrnlpa.exe)

0077: 82a7c369 NtEnumerateValueKey [6] (ntkrnlpa.exe)

0078: 82b1a335 NtExtendSection [2] (ntkrnlpa.exe)

0079: 82a354cd NtFilterToken [6] (ntkrnlpa.exe)

007a: 82a40717 NtFindAtom [3] (ntkrnlpa.exe)

007b: 82a80e3c NtFlushBuffersFile [2] (ntkrnlpa.exe)

007c: 829ea64d NtFlushInstallUILanguage [2] (ntkrnlpa.exe)

007d: 82a41b14 NtFlushInstructionCache [3] (ntkrnlpa.exe)

007e: 82a287f1 NtFlushKey [1] (ntkrnlpa.exe)

007f: 82872224 NtFlushProcessWriteBuffers [0] (ntkrnlpa.exe)

0080: 82a2e754 NtFlushVirtualMemory [4] (ntkrnlpa.exe)

0081: 82b1d1f7 NtFlushWriteBuffer [0] (ntkrnlpa.exe)

0082: 82b1c867 NtFreeUserPhysicalPages [3] (ntkrnlpa.exe)

0083: 828e734d NtFreeVirtualMemory [4] (ntkrnlpa.exe)

0084: 8291d1e5 NtFreezeRegistry [1] (ntkrnlpa.exe)

0085: 82b3ef7a NtFreezeTransactions [2] (ntkrnlpa.exe)

0086: 82ab63c9 NtFsControlFile [10] (ntkrnlpa.exe)

0087: 82ae3557 NtGetContextThread [2] (ntkrnlpa.exe)

0088: 82a2ddbd NtGetCurrentProcessorNumber [0] (ntkrnlpa.exe)

0089: 82ae7f76 NtGetDevicePowerState [2] (ntkrnlpa.exe)

008a: 82ab2f83 NtGetMUIRegistryInfo [3] (ntkrnlpa.exe)

008b: 82b2a010 NtGetNextProcess [5] (ntkrnlpa.exe)

008c: 82ae323b NtGetNextThread [6] (ntkrnlpa.exe)

008d: 82a4135f NtGetNlsSectionPtr [5] (ntkrnlpa.exe)

008e: 82b3f0d4 NtGetNotificationResourceManager [7] (ntkrnlpa.exe)

008f: 82a1318a NtGetPlugPlayEvent [4] (ntkrnlpa.exe)

0090: 82935f1f NtGetWriteWatch [7] (ntkrnlpa.exe)

0091: 82a3c02d NtImpersonateAnonymousToken [1] (ntkrnlpa.exe)

0092: 82b1623f NtImpersonateClientOfPort [2] (ntkrnlpa.exe)

0093: 82a9ae5c NtImpersonateThread [3] (ntkrnlpa.exe)

0094: 82a7db6d NtInitializeNlsFiles [3] (ntkrnlpa.exe)

0095: 829e1595 NtInitializeRegistry [1] (ntkrnlpa.exe)

0096: 82adc5fb NtInitiatePowerAction [4] (ntkrnlpa.exe)

0097: 82ae4d2c NtIsProcessInJob [2] (ntkrnlpa.exe)

0098: 82b253b4 NtIsSystemResumeAutomatic [0] (ntkrnlpa.exe)

0099: 829e9879 NtIsUILanguageComitted [0] (ntkrnlpa.exe)

009a: 829db8ff NtListenPort [2] (ntkrnlpa.exe)

009b: 829dff4c NtLoadDriver [1] (ntkrnlpa.exe)

009c: 829de194 NtLoadKey [2] (ntkrnlpa.exe)

009d: 829c9500 NtLoadKey2 [3] (ntkrnlpa.exe)

009e: 829ef301 NtLoadKeyEx [8] (ntkrnlpa.exe)

009f: 82a48026 NtLockFile [10] (ntkrnlpa.exe)

00a0: 829c3f5f NtLockProductActivationKeys [2] (ntkrnlpa.exe)

00a1: 829bf60e NtLockRegistryKey [1] (ntkrnlpa.exe)

00a2: 828722f8 NtLockVirtualMemory [4] (ntkrnlpa.exe)

00a3: 82a1bad1 NtMakePermanentObject [1] (ntkrnlpa.exe)

00a4: 82a4749c NtMakeTemporaryObject [1] (ntkrnlpa.exe)

00a5: 82a8222e NtMapCMFModule [6] (ntkrnlpa.exe)

00a6: 82b1b40d NtMapUserPhysicalPages [3] (ntkrnlpa.exe)

00a7: 82b1b9e3 NtMapUserPhysicalPagesScatter [3] (ntkrnlpa.exe)

00a8: 82ac21e3 NtMapViewOfSection [10] (ntkrnlpa.exe)

00a9: 82b4fc4c NtModifyBootEntry [1] (ntkrnlpa.exe)

00aa: 82b50ea4 NtModifyDriverEntry [1] (ntkrnlpa.exe)

00ab: 82a3f320 NtNotifyChangeDirectoryFile [9] (ntkrnlpa.exe)

00ac: 82ad1c42 NtNotifyChangeKey [10] (ntkrnlpa.exe)

00ad: 82a99505 NtNotifyChangeMultipleKeys [12] (ntkrnlpa.exe)

00ae: 829ff9a9 NtNotifyChangeSession [8] (ntkrnlpa.exe)

00af: 82ac8341 NtOpenDirectoryObject [3] (ntkrnlpa.exe)

00b0: 829d007c NtOpenEnlistment [5] (ntkrnlpa.exe)

00b1: 82a9e966 NtOpenEvent [3] (ntkrnlpa.exe)

00b2: 82b55849 NtOpenEventPair [3] (ntkrnlpa.exe)

00b3: 82a884d9 NtOpenFile [6] (ntkrnlpa.exe)

00b4: 82b071bb NtOpenIoCompletion [3] (ntkrnlpa.exe)

00b5: 82b2b517 NtOpenJobObject [3] (ntkrnlpa.exe)

00b6: 82aaff64 NtOpenKey [3] (ntkrnlpa.exe)

00b7: 82acbe36 NtOpenKeyEx [4] (ntkrnlpa.exe)

00b8: 82b55b7f NtOpenKeyedEvent [3] (ntkrnlpa.exe)

00b9: 82a1f0c1 NtOpenKeyTransacted [4] (ntkrnlpa.exe)

00ba: 82a1f051 NtOpenKeyTransactedEx [5] (ntkrnlpa.exe)

00bb: 82a583e2 NtOpenMutant [3] (ntkrnlpa.exe)

00bc: 82a2c1da NtOpenObjectAuditAlarm [12] (ntkrnlpa.exe)

00bd: 82a2e15d NtOpenPrivateNamespace [4] (ntkrnlpa.exe)

00be: 82acec0d NtOpenProcess [4] (ntkrnlpa.exe)

00bf: 82a99254 NtOpenProcessToken [3] (ntkrnlpa.exe)

00c0: 82a871c6 NtOpenProcessTokenEx [4] (ntkrnlpa.exe)

00c1: 829cddf4 NtOpenResourceManager [5] (ntkrnlpa.exe)

00c2: 82ac5a93 NtOpenSection [3] (ntkrnlpa.exe)

00c3: 82a387ab NtOpenSemaphore [3] (ntkrnlpa.exe)

00c4: 82a54f84 NtOpenSession [3] (ntkrnlpa.exe)

00c5: 82ac34c9 NtOpenSymbolicLinkObject [3] (ntkrnlpa.exe)

00c6: 82abe78d NtOpenThread [4] (ntkrnlpa.exe)

00c7: 82ace64b NtOpenThreadToken [4] (ntkrnlpa.exe)

00c8: 82ac6019 NtOpenThreadTokenEx [5] (ntkrnlpa.exe)

00c9: 82b554ef NtOpenTimer [3] (ntkrnlpa.exe)

00ca: 82b3e2ca NtOpenTransaction [5] (ntkrnlpa.exe)

00cb: 82b3f56e NtOpenTransactionManager [6] (ntkrnlpa.exe)

00cc: 82a34592 NtPlugPlayControl [3] (ntkrnlpa.exe)

00cd: 82a58a4c NtPowerInformation [5] (ntkrnlpa.exe)

00ce: 82b3de7e NtPrepareComplete [2] (ntkrnlpa.exe)

00cf: 82b3dba2 NtPrepareEnlistment [2] (ntkrnlpa.exe)

00d0: 82b3df35 NtPrePrepareComplete [2] (ntkrnlpa.exe)

00d1: 82b3dc59 NtPrePrepareEnlistment [2] (ntkrnlpa.exe)

00d2: 82a4b2d5 NtPrivilegeCheck [3] (ntkrnlpa.exe)

00d3: 82a16591 NtPrivilegedServiceAuditAlarm [5] (ntkrnlpa.exe)

00d4: 82a1d40b NtPrivilegeObjectAuditAlarm [6] (ntkrnlpa.exe)

00d5: 82b3fcc4 NtPropagationComplete [4] (ntkrnlpa.exe)

00d6: 82b3fd89 NtPropagationFailed [3] (ntkrnlpa.exe)

00d7: 82abdaa3 NtProtectVirtualMemory [5] (ntkrnlpa.exe)

00d8: 82ae6b4b NtPulseEvent [2] (ntkrnlpa.exe)

00d9: 82a8800e NtQueryAttributesFile [2] (ntkrnlpa.exe)

00da: 82b5011e NtQueryBootEntryOrder [2] (ntkrnlpa.exe)

00db: 82b50563 NtQueryBootOptions [2] (ntkrnlpa.exe)

00dc: 82900ac8 NtQueryDebugFilterState [2] (ntkrnlpa.exe)

00dd: 82aa17b4 NtQueryDefaultLocale [2] (ntkrnlpa.exe)

00de: 829ea335 NtQueryDefaultUILanguage [1] (ntkrnlpa.exe)

00df: 82a87faa NtQueryDirectoryFile [11] (ntkrnlpa.exe)

00e0: 82a57255 NtQueryDirectoryObject [7] (ntkrnlpa.exe)

00e1: 82b50a61 NtQueryDriverEntryOrder [2] (ntkrnlpa.exe)

00e2: 829de8c9 NtQueryEaFile [9] (ntkrnlpa.exe)

00e3: 82a40d12 NtQueryEvent [5] (ntkrnlpa.exe)

00e4: 82a882af NtQueryFullAttributesFile [2] (ntkrnlpa.exe)

00e5: 82a39366 NtQueryInformationAtom [5] (ntkrnlpa.exe)

00e6: 82b3d787 NtQueryInformationEnlistment [5] (ntkrnlpa.exe)

00e7: 82a852a7 NtQueryInformationFile [5] (ntkrnlpa.exe)

00e8: 82ae24ac NtQueryInformationJobObject [5] (ntkrnlpa.exe)

00e9: 82b16274 NtQueryInformationPort [5] (ntkrnlpa.exe)

00ea: 82aa3277 NtQueryInformationProcess [5] (ntkrnlpa.exe)

00eb: 82b3f1de NtQueryInformationResourceManager [5] (ntkrnlpa.exe)

00ec: 82aacd02 NtQueryInformationThread [5] (ntkrnlpa.exe)

00ed: 82a8eb25 NtQueryInformationToken [5] (ntkrnlpa.exe)

00ee: 82b3e4be NtQueryInformationTransaction [5] (ntkrnlpa.exe)

00ef: 829c8e60 NtQueryInformationTransactionManager [5] (ntkrnlpa.exe)

00f0: 8296035d NtQueryInformationWorkerFactory [5] (ntkrnlpa.exe)

00f1: 82a1db21 NtQueryInstallUILanguage [1] (ntkrnlpa.exe)

00f2: 82b5601b NtQueryIntervalProfile [2] (ntkrnlpa.exe)

00f3: 82b0727e NtQueryIoCompletion [5] (ntkrnlpa.exe)

00f4: 82a7ef2f NtQueryKey [5] (ntkrnlpa.exe)

00f5: 82a51b23 NtQueryLicenseValue [5] (ntkrnlpa.exe)

00f6: 82a43d35 NtQueryMultipleValueKey [6] (ntkrnlpa.exe)

00f7: 82ae30b5 NtQueryMutant [5] (ntkrnlpa.exe)

00f8: 82a524ef NtQueryObject [5] (ntkrnlpa.exe)

00f9: 82aec0bd NtQueryOpenSubKeys [2] (ntkrnlpa.exe)

00fa: 82ad5cae NtQueryOpenSubKeysEx [4] (ntkrnlpa.exe)

00fb: 82ab71f2 NtQueryPerformanceCounter [2] (ntkrnlpa.exe)

00fc: 82b2871a NtQueryPortInformationProcess [0] (ntkrnlpa.exe)

00fd: 82b08861 NtQueryQuotaInformationFile [9] (ntkrnlpa.exe)

00fe: 82acba99 NtQuerySection [5] (ntkrnlpa.exe)

00ff: 82a3c587 NtQuerySecurityAttributesToken [6] (ntkrnlpa.exe)

0100: 82ac78b5 NtQuerySecurityObject [5] (ntkrnlpa.exe)

0101: 82b4eadc NtQuerySemaphore [5] (ntkrnlpa.exe)

0102: 82ac356f NtQuerySymbolicLinkObject [3] (ntkrnlpa.exe)

0103: 82b4ecb3 NtQuerySystemEnvironmentValue [4] (ntkrnlpa.exe)

0104: 82b4f2a7 NtQuerySystemEnvironmentValueEx [5] (ntkrnlpa.exe)

0105: 82a8ae66 NtQuerySystemInformation [4] (ntkrnlpa.exe)

0106: 82a9bdad NtQuerySystemInformationEx [6] (ntkrnlpa.exe)

0107: 82aa9a4b NtQuerySystemTime [1] (ntkrnlpa.exe)

0108: 82b555ae NtQueryTimer [5] (ntkrnlpa.exe)

0109: 82a408a9 NtQueryTimerResolution [3] (ntkrnlpa.exe)

010a: 82a7b766 NtQueryValueKey [6] (ntkrnlpa.exe)

010b: 82aa033e NtQueryVirtualMemory [6] (ntkrnlpa.exe)

010c: 82a8dc95 NtQueryVolumeInformationFile [5] (ntkrnlpa.exe)

010d: 82a3f2e4 NtQueueApcThread [5] (ntkrnlpa.exe)

010e: 82a3f1d2 NtQueueApcThreadEx [6] (ntkrnlpa.exe)

010f: 82887f44 NtRaiseException [3] (ntkrnlpa.exe)

0110: 82a29d23 NtRaiseHardError [6] (ntkrnlpa.exe)

0111: 82a807e1 NtReadFile [9] (ntkrnlpa.exe)

0112: 829e05ae NtReadFileScatter [9] (ntkrnlpa.exe)

0113: 82b3e158 NtReadOnlyEnlistment [2] (ntkrnlpa.exe)

0114: 82b16359 NtReadRequestData [6] (ntkrnlpa.exe)

0115: 82acf14d NtReadVirtualMemory [5] (ntkrnlpa.exe)

0116: 829d0254 NtRecoverEnlistment [2] (ntkrnlpa.exe)

0117: 829e853f NtRecoverResourceManager [1] (ntkrnlpa.exe)

0118: 829e85f4 NtRecoverTransactionManager [1] (ntkrnlpa.exe)

0119: 82b3fb18 NtRegisterProtocolAddressInformation [5] (ntkrnlpa.exe)

011a: 82b2954e NtRegisterThreadTerminatePort [1] (ntkrnlpa.exe)

011b: 82a57e08 NtReleaseKeyedEvent [4] (ntkrnlpa.exe)

011c: 82a6df1c NtReleaseMutant [2] (ntkrnlpa.exe)

011d: 82acfb13 NtReleaseSemaphore [3] (ntkrnlpa.exe)

011e: 828c573b NtReleaseWorkerFactoryWorker [1] (ntkrnlpa.exe)

011f: 82a4ec9a NtRemoveIoCompletion [5] (ntkrnlpa.exe)

0120: 82a50b2d NtRemoveIoCompletionEx [6] (ntkrnlpa.exe)

0121: 82afe46d NtRemoveProcessDebug [2] (ntkrnlpa.exe)

0122: 82aec303 NtRenameKey [2] (ntkrnlpa.exe)

0123: 82b3f7b8 NtRenameTransactionManager [2] (ntkrnlpa.exe)

0124: 82aebe50 NtReplaceKey [3] (ntkrnlpa.exe)

0125: 829263af NtReplacePartitionUnit [3] (ntkrnlpa.exe)

0126: 82a432df NtReplyPort [2] (ntkrnlpa.exe)

0127: 82ac9c2a NtReplyWaitReceivePort [4] (ntkrnlpa.exe)

0128: 82ac9ae1 NtReplyWaitReceivePortEx [5] (ntkrnlpa.exe)

0129: 82b16527 NtReplyWaitReplyPort [2] (ntkrnlpa.exe)

012a: 82a55e84 NtRequestPort [2] (ntkrnlpa.exe)

012b: 82acc52f NtRequestWaitReplyPort [3] (ntkrnlpa.exe)

012c: 82a2e98a NtResetEvent [2] (ntkrnlpa.exe)

012d: 82936570 NtResetWriteWatch [3] (ntkrnlpa.exe)

012e: 82ae4340 NtRestoreKey [3] (ntkrnlpa.exe)

012f: 82b29db3 NtResumeProcess [1] (ntkrnlpa.exe)

0130: 82aa8625 NtResumeThread [2] (ntkrnlpa.exe)

0131: 82b3e20d NtRollbackComplete [2] (ntkrnlpa.exe)

0132: 82b3ddc7 NtRollbackEnlistment [2] (ntkrnlpa.exe)

0133: 829f24ba NtRollbackTransaction [2] (ntkrnlpa.exe)

0134: 82b3f919 NtRollforwardTransactionManager [2] (ntkrnlpa.exe)

0135: 82ae4160 NtSaveKey [2] (ntkrnlpa.exe)

0136: 82ae3a69 NtSaveKeyEx [3] (ntkrnlpa.exe)

0137: 82aeb173 NtSaveMergedKeys [3] (ntkrnlpa.exe)

0138: 82a85b9c NtSecureConnectPort [9] (ntkrnlpa.exe)

0139: 829d8746 NtSerializeBoot [0] (ntkrnlpa.exe)

013a: 82b5035f NtSetBootEntryOrder [2] (ntkrnlpa.exe)

013b: 82b5084b NtSetBootOptions [2] (ntkrnlpa.exe)

013c: 82b2915b NtSetContextThread [2] (ntkrnlpa.exe)

013d: 829bc8f6 NtSetDebugFilterState [3] (ntkrnlpa.exe)

013e: 829da6e0 NtSetDefaultHardErrorPort [1] (ntkrnlpa.exe)

013f: 829f06e3 NtSetDefaultLocale [2] (ntkrnlpa.exe)

0140: 829ea308 NtSetDefaultUILanguage [1] (ntkrnlpa.exe)

0141: 82b512d5 NtSetDriverEntryOrder [2] (ntkrnlpa.exe)

0142: 82b082f4 NtSetEaFile [4] (ntkrnlpa.exe)

0143: 82a6e403 NtSetEvent [2] (ntkrnlpa.exe)

0144: 82b4e78b NtSetEventBoostPriority [1] (ntkrnlpa.exe)

0145: 82b55b15 NtSetHighEventPair [1] (ntkrnlpa.exe)

0146: 82b55a47 NtSetHighWaitLowEventPair [1] (ntkrnlpa.exe)

0147: 82afeba5 NtSetInformationDebugObject [5] (ntkrnlpa.exe)

0148: 82b3d9cc NtSetInformationEnlistment [4] (ntkrnlpa.exe)

0149: 82a7c649 NtSetInformationFile [5] (ntkrnlpa.exe)

014a: 82a39c8a NtSetInformationJobObject [4] (ntkrnlpa.exe)

014b: 82aeb965 NtSetInformationKey [4] (ntkrnlpa.exe)

014c: 82a9a3bf NtSetInformationObject [4] (ntkrnlpa.exe)

014d: 82a72f89 NtSetInformationProcess [4] (ntkrnlpa.exe)

014e: 82b3f3ec NtSetInformationResourceManager [4] (ntkrnlpa.exe)

014f: 82aa1e3c NtSetInformationThread [4] (ntkrnlpa.exe)

0150: 82a495d5 NtSetInformationToken [4] (ntkrnlpa.exe)

0151: 82b3ed26 NtSetInformationTransaction [4] (ntkrnlpa.exe)

0152: 82b3f9da NtSetInformationTransactionManager [4] (ntkrnlpa.exe)

0153: 828cc9bc NtSetInformationWorkerFactory [4] (ntkrnlpa.exe)

0154: 82b55ff8 NtSetIntervalProfile [2] (ntkrnlpa.exe)

0155: 82a38865 NtSetIoCompletion [5] (ntkrnlpa.exe)

0156: 82b073a4 NtSetIoCompletionEx [6] (ntkrnlpa.exe)

0157: 82b2b1d7 NtSetLdtEntries [6] (ntkrnlpa.exe)

0158: 82b55ab2 NtSetLowEventPair [1] (ntkrnlpa.exe)

0159: 82b559dc NtSetLowWaitHighEventPair [1] (ntkrnlpa.exe)

015a: 82b08e75 NtSetQuotaInformationFile [4] (ntkrnlpa.exe)

015b: 82ac2d52 NtSetSecurityObject [3] (ntkrnlpa.exe)

015c: 82b4efad NtSetSystemEnvironmentValue [2] (ntkrnlpa.exe)

015d: 82b4f5bf NtSetSystemEnvironmentValueEx [5] (ntkrnlpa.exe)

015e: 82aa5a87 NtSetSystemInformation [3] (ntkrnlpa.exe)

015f: 82b6c365 NtSetSystemPowerState [3] (ntkrnlpa.exe)

0160: 82ada1e6 NtSetSystemTime [2] (ntkrnlpa.exe)

0161: 82ae90ee NtSetThreadExecutionState [2] (ntkrnlpa.exe)

0162: 828c6140 NtSetTimer [7] (ntkrnlpa.exe)

0163: 828d0620 NtSetTimerEx [4] (ntkrnlpa.exe)

0164: 82a40057 NtSetTimerResolution [3] (ntkrnlpa.exe)

0165: 829de68f NtSetUuidSeed [1] (ntkrnlpa.exe)

0166: 82ab11c5 NtSetValueKey [6] (ntkrnlpa.exe)

0167: 82b08e8f NtSetVolumeInformationFile [5] (ntkrnlpa.exe)

0168: 82b4dd01 NtShutdownSystem [1] (ntkrnlpa.exe)

0169: 82abcb89 NtShutdownWorkerFactory [2] (ntkrnlpa.exe)

016a: 8291748c NtSignalAndWaitForSingleObject [4] (ntkrnlpa.exe)

016b: 82b3e0a3 NtSinglePhaseReject [2] (ntkrnlpa.exe)

016c: 82b55d33 NtStartProfile [1] (ntkrnlpa.exe)

016d: 82b55f2b NtStopProfile [1] (ntkrnlpa.exe)

016e: 82b29d53 NtSuspendProcess [1] (ntkrnlpa.exe)

016f: 82ae365c NtSuspendThread [2] (ntkrnlpa.exe)

0170: 82ad2233 NtSystemDebugControl [6] (ntkrnlpa.exe)

0171: 82a40000 NtTerminateJobObject [2] (ntkrnlpa.exe)

0172: 82aa88f3 NtTerminateProcess [2] (ntkrnlpa.exe)

0173: 82aa91e9 NtTerminateThread [2] (ntkrnlpa.exe)

0174: 82abdc24 NtTestAlert [0] (ntkrnlpa.exe)

0175: 8291d249 NtThawRegistry [0] (ntkrnlpa.exe)

0176: 82b3f057 NtThawTransactions [0] (ntkrnlpa.exe)

0177: 82a8444a NtTraceControl [6] (ntkrnlpa.exe)

0178: 828f79f9 NtTraceEvent [4] (ntkrnlpa.exe)

0179: 82b514d9 NtTranslateFilePath [4] (ntkrnlpa.exe)

017a: 82b161ef NtUmsThreadYield [1] (ntkrnlpa.exe)

017b: 82b09663 NtUnloadDriver [1] (ntkrnlpa.exe)

017c: 82ad711d NtUnloadKey [1] (ntkrnlpa.exe)

017d: 82ad7137 NtUnloadKey2 [2] (ntkrnlpa.exe)

017e: 82aeb30b NtUnloadKeyEx [2] (ntkrnlpa.exe)

017f: 82a46d77 NtUnlockFile [5] (ntkrnlpa.exe)

0180: 828f1465 NtUnlockVirtualMemory [4] (ntkrnlpa.exe)

0181: 82ac2708 NtUnmapViewOfSection [2] (ntkrnlpa.exe)

0182: 82b42fef NtVdmControl [2] (ntkrnlpa.exe)

0183: 82afe6c3 NtWaitForDebugEvent [4] (ntkrnlpa.exe)

0184: 82a576b6 NtWaitForKeyedEvent [4] (ntkrnlpa.exe)

0185: 82a6dade NtWaitForMultipleObjects [5] (ntkrnlpa.exe)

0186: 82b1ff8c NtWaitForMultipleObjects32 [5] (ntkrnlpa.exe)

0187: 82a6d403 NtWaitForSingleObject [3] (ntkrnlpa.exe)

0188: 828c532d NtWaitForWorkViaWorkerFactory [2] (ntkrnlpa.exe)

0189: 82b55973 NtWaitHighEventPair [1] (ntkrnlpa.exe)

018a: 82b5590a NtWaitLowEventPair [1] (ntkrnlpa.exe)

018b: 8287a6b4 NtWorkerFactoryWorkerReady [1] (ntkrnlpa.exe)

018c: 82a7d1cc NtWriteFile [9] (ntkrnlpa.exe)

018d: 82ad6738 NtWriteFileGather [9] (ntkrnlpa.exe)

018e: 82b163c6 NtWriteRequestData [6] (ntkrnlpa.exe)

018f: 82acf03d NtWriteVirtualMemory [5] (ntkrnlpa.exe)

0190: 828e8286 NtYieldExecution [0] (ntkrnlpa.exe)



Table #1: 90485000, 0339 entries, params=9048602c, \SystemRoot\System32\win32k.sys

1000: 9040efc7 NtGdiAbortDoc [1] (win32k.sys)

1001: 90426f98 NtGdiAbortPath [1] (win32k.sys)

1002: 902f5c04 NtGdiAddFontResourceW [6] (win32k.sys)

1003: 9041cf35 NtGdiAddRemoteFontToDC [4] (win32k.sys)

1004: 904286de NtGdiAddFontMemResourceEx [5] (win32k.sys)

1005: 9040f7e4 NtGdiRemoveMergeFont [2] (win32k.sys)

1006: 9040f878 NtGdiAddRemoteMMInstanceToDC [3] (win32k.sys)

1007: 90336c47 NtGdiAlphaBlend [12] (win32k.sys)

1008: 90427f09 NtGdiAngleArc [6] (win32k.sys)

1009: 90310d0b NtGdiAnyLinkedFonts [0] (win32k.sys)

100a: 90305328 NtGdiFontIsLinked [1] (win32k.sys)

100b: 9042a222 NtGdiArcInternal [10] (win32k.sys)

100c: 904283fa NtGdiBeginGdiRendering [2] (win32k.sys)

100d: 9042700c NtGdiBeginPath [1] (win32k.sys)

100e: 90341da1 NtGdiBitBlt [11] (win32k.sys)

100f: 9042834d NtGdiCancelDC [1] (win32k.sys)

1010: 9042afc6 NtGdiCheckBitmapBits [8] (win32k.sys)

1011: 90426f13 NtGdiCloseFigure [1] (win32k.sys)

1012: 90361675 NtGdiClearBitmapAttributes [2] (win32k.sys)

1013: 90428484 NtGdiClearBrushAttributes [2] (win32k.sys)

1014: 9042a9ba NtGdiColorCorrectPalette [6] (win32k.sys)

1015: 9031c21b NtGdiCombineRgn [4] (win32k.sys)

1016: 903ae103 NtGdiCombineTransform [3] (win32k.sys)

1017: 903af2a2 NtGdiComputeXformCoefficients [1] (win32k.sys)

1018: 9042b9b2 NtGdiConfigureOPMProtectedOutput [4] (win32k.sys)

1019: 904209c8 NtGdiConvertMetafileRect [2] (win32k.sys)

101a: 9035389f NtGdiCreateBitmap [5] (win32k.sys)

101b: 904283ea NtGdiCreateBitmapFromDxSurface [5] (win32k.sys)

101c: 903ac1df NtGdiCreateClientObj [1] (win32k.sys)

101d: 9042a87d NtGdiCreateColorSpace [1] (win32k.sys)

101e: 9042ac47 NtGdiCreateColorTransform [8] (win32k.sys)

101f: 9032a0cf NtGdiCreateCompatibleBitmap [3] (win32k.sys)

1020: 9035350e NtGdiCreateCompatibleDC [1] (win32k.sys)

1021: 9039e0c2 NtGdiCreateDIBBrush [6] (win32k.sys)

1022: 90325cf8 NtGdiCreateDIBitmapInternal [11] (win32k.sys)

1023: 903361ab NtGdiCreateDIBSection [9] (win32k.sys)

1024: 90415892 NtGdiCreateEllipticRgn [4] (win32k.sys)

1025: 902b4dbd NtGdiCreateHalftonePalette [1] (win32k.sys)

1026: 9042bd95 NtGdiCreateHatchBrushInternal [3] (win32k.sys)

1027: 903ac18c NtGdiCreateMetafileDC [1] (win32k.sys)

1028: 90377bc3 NtGdiCreateOPMProtectedOutputs [5] (win32k.sys)

1029: 902e78a1 NtGdiCreatePaletteInternal [2] (win32k.sys)

102a: 9031cd39 NtGdiCreatePatternBrushInternal [3] (win32k.sys)

102b: 903b2413 NtGdiCreatePen [4] (win32k.sys)

102c: 902e64dd NtGdiCreateRectRgn [4] (win32k.sys)

102d: 90307e43 NtGdiCreateRoundRectRgn [6] (win32k.sys)

102e: 9042c83b NtGdiCreateServerMetaFile [6] (win32k.sys)

102f: 9035381c NtGdiCreateSolidBrush [2] (win32k.sys)

1030: 90409058 NtGdiD3dContextCreate [4] (win32k.sys)

1031: 9040906b NtGdiD3dContextDestroy [1] (win32k.sys)

1032: 9040907e NtGdiD3dContextDestroyAll [1] (win32k.sys)

1033: 90409091 NtGdiD3dValidateTextureStageState [1] (win32k.sys)

1034: 904090a4 NtGdiD3dDrawPrimitives2 [7] (win32k.sys)

1035: 904090b7 NtGdiDdGetDriverState [1] (win32k.sys)

1036: 90408d3c NtGdiDdAddAttachedSurface [3] (win32k.sys)

1037: 904091b9 NtGdiDdAlphaBlt [3] (win32k.sys)

1038: 90408d4f NtGdiDdAttachSurface [2] (win32k.sys)

1039: 90409164 NtGdiDdBeginMoCompFrame [2] (win32k.sys)

103a: 90408d62 NtGdiDdBlt [3] (win32k.sys)

103b: 90408d75 NtGdiDdCanCreateSurface [2] (win32k.sys)

103c: 9040902f NtGdiDdCanCreateD3DBuffer [2] (win32k.sys)

103d: 90408d88 NtGdiDdColorControl [2] (win32k.sys)

103e: 90399757 NtGdiDdCreateDirectDrawObject [1] (win32k.sys)

103f: 90408d9b NtGdiDdCreateSurface [8] (win32k.sys)

1040: 90409019 NtGdiDdCreateD3DBuffer [8] (win32k.sys)

1041: 90409138 NtGdiDdCreateMoComp [2] (win32k.sys)

1042: 90408db1 NtGdiDdCreateSurfaceObject [6] (win32k.sys)

1043: 90408ddd NtGdiDdDeleteDirectDrawObject [1] (win32k.sys)

1044: 90408dc7 NtGdiDdDeleteSurfaceObject [1] (win32k.sys)

1045: 9040914e NtGdiDdDestroyMoComp [2] (win32k.sys)

1046: 90408df3 NtGdiDdDestroySurface [2] (win32k.sys)

1047: 90409042 NtGdiDdDestroyD3DBuffer [1] (win32k.sys)

1048: 90409177 NtGdiDdEndMoCompFrame [2] (win32k.sys)

1049: 90408e09 NtGdiDdFlip [5] (win32k.sys)

104a: 90408eb9 NtGdiDdFlipToGDISurface [2] (win32k.sys)

104b: 90408e1f NtGdiDdGetAvailDriverMemory [2] (win32k.sys)

104c: 90408e35 NtGdiDdGetBltStatus [2] (win32k.sys)

104d: 90408e4b NtGdiDdGetDC [2] (win32k.sys)

104e: 90408e61 NtGdiDdGetDriverInfo [2] (win32k.sys)

104f: 90408fc1 NtGdiDdGetDxHandle [3] (win32k.sys)

1050: 90408e77 NtGdiDdGetFlipStatus [2] (win32k.sys)

1051: 90409122 NtGdiDdGetInternalMoCompInfo [2] (win32k.sys)

1052: 9040910c NtGdiDdGetMoCompBuffInfo [2] (win32k.sys)

1053: 904090e0 NtGdiDdGetMoCompGuids [2] (win32k.sys)

1054: 904090f6 NtGdiDdGetMoCompFormats [2] (win32k.sys)

1055: 90408e8d NtGdiDdGetScanLine [2] (win32k.sys)

1056: 90408ecf NtGdiDdLock [3] (win32k.sys)

1057: 90408fed NtGdiDdLockD3D [2] (win32k.sys)

1058: 90408ee5 NtGdiDdQueryDirectDrawObject [11] (win32k.sys)

1059: 904091a3 NtGdiDdQueryMoCompStatus [2] (win32k.sys)

105a: 90408efb NtGdiDdReenableDirectDrawObject [2] (win32k.sys)

105b: 90408f11 NtGdiDdReleaseDC [1] (win32k.sys)

105c: 9040918d NtGdiDdRenderMoComp [2] (win32k.sys)

105d: 90408f27 NtGdiDdResetVisrgn [2] (win32k.sys)

105e: 90408f3d NtGdiDdSetColorKey [2] (win32k.sys)

105f: 90408ea3 NtGdiDdSetExclusiveMode [2] (win32k.sys)

1060: 90408fd7 NtGdiDdSetGammaRamp [3] (win32k.sys)

1061: 904090ca NtGdiDdCreateSurfaceEx [3] (win32k.sys)

1062: 90408f53 NtGdiDdSetOverlayPosition [3] (win32k.sys)

1063: 90408f69 NtGdiDdUnattachSurface [2] (win32k.sys)

1064: 90408f7f NtGdiDdUnlock [2] (win32k.sys)

1065: 90409003 NtGdiDdUnlockD3D [2] (win32k.sys)

1066: 90408f95 NtGdiDdUpdateOverlay [3] (win32k.sys)

1067: 90408fab NtGdiDdWaitForVerticalBlank [2] (win32k.sys)

1068: 904091cc NtGdiDvpCanCreateVideoPort [2] (win32k.sys)

1069: 904091e2 NtGdiDvpColorControl [2] (win32k.sys)

106a: 904091f8 NtGdiDvpCreateVideoPort [2] (win32k.sys)

106b: 9040920e NtGdiDvpDestroyVideoPort [2] (win32k.sys)

106c: 90409224 NtGdiDvpFlipVideoPort [4] (win32k.sys)

106d: 9040923a NtGdiDvpGetVideoPortBandwidth [2] (win32k.sys)

106e: 90409250 NtGdiDvpGetVideoPortField [2] (win32k.sys)

106f: 90409266 NtGdiDvpGetVideoPortFlipStatus [2] (win32k.sys)

1070: 9040927c NtGdiDvpGetVideoPortInputFormats [2] (win32k.sys)

1071: 90409292 NtGdiDvpGetVideoPortLine [2] (win32k.sys)

1072: 904092a8 NtGdiDvpGetVideoPortOutputFormats [2] (win32k.sys)

1073: 904092be NtGdiDvpGetVideoPortConnectInfo [2] (win32k.sys)

1074: 904092d4 NtGdiDvpGetVideoSignalStatus [2] (win32k.sys)

1075: 904092ea NtGdiDvpUpdateVideoPort [4] (win32k.sys)

1076: 90409300 NtGdiDvpWaitForVideoPortSync [2] (win32k.sys)

1077: 90409316 NtGdiDvpAcquireNotification [3] (win32k.sys)

1078: 9040932c NtGdiDvpReleaseNotification [2] (win32k.sys)

1079: 90408d29 NtGdiDxgGenericThunk [6] (win32k.sys)

107a: 903ac264 NtGdiDeleteClientObj [1] (win32k.sys)

107b: 9042a84d NtGdiDeleteColorSpace [1] (win32k.sys)

107c: 9042aee3 NtGdiDeleteColorTransform [2] (win32k.sys)

107d: 90334b7d NtGdiDeleteObjectApp [1] (win32k.sys)

107e: 90429288 NtGdiDescribePixelFormat [4] (win32k.sys)

107f: 90378ebd NtGdiDestroyOPMProtectedOutput [1] (win32k.sys)

1080: 9040f4b0 NtGdiGetPerBandInfo [2] (win32k.sys)

1081: 9040f38b NtGdiDoBanding [4] (win32k.sys)

1082: 9032531f NtGdiDoPalette [6] (win32k.sys)

1083: 90427f53 NtGdiDrawEscape [4] (win32k.sys)

1084: 9042d2c2 NtGdiEllipse [5] (win32k.sys)

1085: 90281f6b NtGdiEnableEudc [1] (win32k.sys)

1086: 9040efaf NtGdiEndDoc [1] (win32k.sys)

1087: 9042840a NtGdiEndGdiRendering [3] (win32k.sys)

1088: 9040f0d0 NtGdiEndPage [1] (win32k.sys)

1089: 904270be NtGdiEndPath [1] (win32k.sys)

108a: 902f7e7e NtGdiEnumFonts [8] (win32k.sys)

108b: 9042f28f NtGdiEnumObjects [4] (win32k.sys)

108c: 9038102b NtGdiEqualRgn [2] (win32k.sys)

108d: 9042f044 NtGdiEudcLoadUnloadLink [7] (win32k.sys)

108e: 902ea11a NtGdiExcludeClipRect [5] (win32k.sys)

108f: 9039172c NtGdiExtCreatePen [11] (win32k.sys)

1090: 902bb04d NtGdiExtCreateRegion [3] (win32k.sys)

1091: 903ae615 NtGdiExtEscape [8] (win32k.sys)

1092: 903bd4f5 NtGdiExtFloodFill [5] (win32k.sys)

1093: 9033509d NtGdiExtGetObjectW [3] (win32k.sys)

1094: 90336b84 NtGdiExtSelectClipRgn [3] (win32k.sys)

1095: 90344c05 NtGdiExtTextOutW [9] (win32k.sys)

1096: 904273a9 NtGdiFillPath [1] (win32k.sys)

1097: 902c0126 NtGdiFillRgn [3] (win32k.sys)

1098: 9042711b NtGdiFlattenPath [1] (win32k.sys)

1099: 9034bcf5 NtGdiFlush [0] (win32k.sys)

109a: 90429227 NtGdiForceUFIMapping [2] (win32k.sys)

109b: 9029c6c3 NtGdiFrameRgn [5] (win32k.sys)

109c: 90419d7b NtGdiFullscreenControl [5] (win32k.sys)

109d: 903bf3bc NtGdiGetAndSetDCDword [4] (win32k.sys)

109e: 90338e47 NtGdiGetAppClipBox [2] (win32k.sys)

109f: 902befd9 NtGdiGetBitmapBits [3] (win32k.sys)

10a0: 90429163 NtGdiGetBitmapDimension [2] (win32k.sys)

10a1: 902e3428 NtGdiGetBoundsRect [3] (win32k.sys)

10a2: 9037847c NtGdiGetCertificate [4] (win32k.sys)

10a3: 9037837b NtGdiGetCertificateSize [3] (win32k.sys)

10a4: 902e6870 NtGdiGetCharABCWidthsW [6] (win32k.sys)

10a5: 904278d1 NtGdiGetCharacterPlacementW [6] (win32k.sys)

10a6: 90344bf5 NtGdiGetCharSet [1] (win32k.sys)

10a7: 903b2685 NtGdiGetCharWidthW [6] (win32k.sys)

10a8: 902bbf52 NtGdiGetCharWidthInfo [2] (win32k.sys)

10a9: 904281d9 NtGdiGetColorAdjustment [2] (win32k.sys)

10aa: 9042f7c2 NtGdiGetColorSpaceforBitmap [1] (win32k.sys)

10ab: 9042b94c NtGdiGetCOPPCompatibleOPMInformation [3] (win32k.sys)

10ac: 9033656a NtGdiGetDCDword [3] (win32k.sys)

10ad: 902f7147 NtGdiGetDCforBitmap [1] (win32k.sys)

10ae: 903411b5 NtGdiGetDCObject [2] (win32k.sys)

10af: 903bad7c NtGdiGetDCPoint [3] (win32k.sys)

10b0: 903291bf NtGdiGetDeviceCaps [2] (win32k.sys)

10b1: 9042b131 NtGdiGetDeviceGammaRamp [2] (win32k.sys)

10b2: 903a907e NtGdiGetDeviceCapsAll [2] (win32k.sys)

10b3: 9032183c NtGdiGetDIBitsInternal [9] (win32k.sys)

10b4: 90430595 NtGdiGetETM [2] (win32k.sys)

10b5: 9042e4c3 NtGdiGetEudcTimeStampEx [3] (win32k.sys)

10b6: 902e6ab6 NtGdiGetFontData [5] (win32k.sys)

10b7: 90430f04 NtGdiGetFontFileData [5] (win32k.sys)

10b8: 9036be9b NtGdiGetFontFileInfo [5] (win32k.sys)

10b9: 90428989 NtGdiGetFontResourceInfoInternalW [7] (win32k.sys)

10ba: 902efc26 NtGdiGetGlyphIndicesW [5] (win32k.sys)

10bb: 902ecd7c NtGdiGetGlyphIndicesWInternal [6] (win32k.sys)

10bc: 90428040 NtGdiGetGlyphOutline [8] (win32k.sys)

10bd: 9037885a NtGdiGetOPMInformation [3] (win32k.sys)

10be: 903b721b NtGdiGetKerningPairs [3] (win32k.sys)

10bf: 9040f567 NtGdiGetLinkedUFIs [3] (win32k.sys)

10c0: 9038fb57 NtGdiGetMiterLimit [2] (win32k.sys)

10c1: 9039fe3e NtGdiGetMonitorID [3] (win32k.sys)

10c2: 90307b8c NtGdiGetNearestColor [2] (win32k.sys)

10c3: 903b6f22 NtGdiGetNearestPaletteIndex [2] (win32k.sys)

10c4: 9039fb06 NtGdiGetObjectBitmapHandle [2] (win32k.sys)

10c5: 90378413 NtGdiGetOPMRandomNumber [2] (win32k.sys)

10c6: 902f4a5e NtGdiGetOutlineTextMetricsInternalW [4] (win32k.sys)

10c7: 90427727 NtGdiGetPath [4] (win32k.sys)

10c8: 902fc110 NtGdiGetPixel [3] (win32k.sys)

10c9: 90336529 NtGdiGetRandomRgn [3] (win32k.sys)

10ca: 90428155 NtGdiGetRasterizerCaps [2] (win32k.sys)

10cb: 9030d8fa NtGdiGetRealizationInfo [2] (win32k.sys)

10cc: 90311307 NtGdiGetRegionData [3] (win32k.sys)

10cd: 902da404 NtGdiGetRgnBox [2] (win32k.sys)

10ce: 9042c93b NtGdiGetServerMetaFileBits [7] (win32k.sys)

10cf: 90409a00 DxgStubDvpUpdateVideoPort [4] (win32k.sys)

10d0: 904310e7 NtGdiGetStats [5] (win32k.sys)

10d1: 90350917 NtGdiGetStockObject [1] (win32k.sys)

10d2: 9042f19b NtGdiGetStringBitmapW [5] (win32k.sys)

10d3: 90379139 NtGdiGetSuggestedOPMProtectedOutputArraySize [2] (win32k.sys)

10d4: 9039e4a3 NtGdiGetSystemPaletteUse [1] (win32k.sys)

10d5: 902e2d0f NtGdiGetTextCharsetInfo [3] (win32k.sys)

10d6: 904284c4 NtGdiGetTextExtent [5] (win32k.sys)

10d7: 902dc18d NtGdiGetTextExtentExW [8] (win32k.sys)

10d8: 903100c1 NtGdiGetTextFaceW [4] (win32k.sys)

10d9: 902ec399 NtGdiGetTextMetricsW [3] (win32k.sys)

10da: 902c7c4f NtGdiGetTransform [3] (win32k.sys)

10db: 90428bc5 NtGdiGetUFI [6] (win32k.sys)

10dc: 90428ca3 NtGdiGetEmbUFI [7] (win32k.sys)

10dd: 90428d9d NtGdiGetUFIPathname [10] (win32k.sys)

10de: 90428b50 NtGdiGetEmbedFonts [0] (win32k.sys)

10df: 90428b5a NtGdiChangeGhostFont [2] (win32k.sys)

10e0: 9040e045 NtGdiAddEmbFontToDC [2] (win32k.sys)

10e1: 90380c82 NtGdiGetFontUnicodeRanges [2] (win32k.sys)

10e2: 9031175a NtGdiGetWidthTable [7] (win32k.sys)

10e3: 90394c26 NtGdiGradientFill [6] (win32k.sys)

10e4: 90322662 NtGdiHfontCreate [5] (win32k.sys)

10e5: 9042b42e NtGdiIcmBrushInfo [8] (win32k.sys)

10e6: 9035099a bInitRedirDev [0] (win32k.sys)

10e7: 90417929 NtGdiInitSpool [0] (win32k.sys)

10e8: 903367ea NtGdiIntersectClipRect [5] (win32k.sys)

10e9: 9039d932 NtGdiInvertRgn [2] (win32k.sys)

10ea: 903ba7e8 NtGdiLineTo [3] (win32k.sys)

10eb: 90429313 NtGdiMakeFontDir [5] (win32k.sys)

10ec: 9042f8ee NtGdiMakeInfoDC [2] (win32k.sys)

10ed: 902e3826 NtGdiMaskBlt [13] (win32k.sys)

10ee: 902c9a35 NtGdiModifyWorldTransform [3] (win32k.sys)

10ef: 903a2e0a NtGdiMonoBitmap [1] (win32k.sys)

10f0: 9042837d NtGdiMoveTo [4] (win32k.sys)

10f1: 904159c2 NtGdiOffsetClipRgn [3] (win32k.sys)

10f2: 902da7da NtGdiOffsetRgn [3] (win32k.sys)

10f3: 902efa9b NtGdiOpenDCW [8] (win32k.sys)

10f4: 902e22c5 NtGdiPatBlt [6] (win32k.sys)

10f5: 9033b129 NtGdiPolyPatBlt [5] (win32k.sys)

10f6: 9042746c NtGdiPathToRegion [1] (win32k.sys)

10f7: 9037b25b NtGdiPlgBlt [11] (win32k.sys)

10f8: 90427e13 NtGdiPolyDraw [4] (win32k.sys)

10f9: 902c0694 NtGdiPolyPolyDraw [5] (win32k.sys)

10fa: 90360436 NtGdiPolyTextOutW [4] (win32k.sys)

10fb: 90375369 NtGdiPtInRegion [3] (win32k.sys)

10fc: 90415b1c NtGdiPtVisible [3] (win32k.sys)

10fd: 904285f3 NtGdiQueryFonts [3] (win32k.sys)

10fe: 9035100f NtGdiQueryFontAssocInfo [1] (win32k.sys)

10ff: 903c3042 NtGdiRectangle [5] (win32k.sys)

1100: 9036437c NtGdiRectInRegion [2] (win32k.sys)

1101: 902e8ac0 NtGdiRectVisible [2] (win32k.sys)

1102: 904287dc NtGdiRemoveFontResourceW [6] (win32k.sys)

1103: 9042896d NtGdiRemoveFontMemResourceEx [1] (win32k.sys)

1104: 903b73e7 NtGdiResetDC [5] (win32k.sys)

1105: 9042c41f NtGdiResizePalette [2] (win32k.sys)

1106: 902f1111 NtGdiRestoreDC [2] (win32k.sys)

1107: 903a57d8 NtGdiRoundRect [7] (win32k.sys)

1108: 902efc16 NtGdiSaveDC [1] (win32k.sys)

1109: 90420773 NtGdiScaleViewportExtEx [6] (win32k.sys)

110a: 90429100 NtGdiScaleWindowExtEx [6] (win32k.sys)

110b: 90352f2c NtGdiSelectBitmap [2] (win32k.sys)

110c: 9042835d NtGdiSelectBrush [2] (win32k.sys)

110d: 904272b9 NtGdiSelectClipPath [2] (win32k.sys)

110e: 90344edd NtGdiSelectFont [2] (win32k.sys)

110f: 9042836d NtGdiSelectPen [2] (win32k.sys)

1110: 90292be8 NtGdiSetBitmapAttributes [2] (win32k.sys)

1111: 902c5185 NtGdiSetBitmapBits [3] (win32k.sys)

1112: 904291c0 NtGdiSetBitmapDimension [4] (win32k.sys)

1113: 902e376d NtGdiSetBoundsRect [3] (win32k.sys)

1114: 90428464 NtGdiSetBrushAttributes [2] (win32k.sys)

1115: 903ac12f NtGdiSetBrushOrg [4] (win32k.sys)

1116: 9042822f NtGdiSetColorAdjustment [2] (win32k.sys)

1117: 9042ab10 NtGdiSetColorSpace [2] (win32k.sys)

1118: 9042b1b8 NtGdiSetDeviceGammaRamp [2] (win32k.sys)

1119: 902f5d9d NtGdiSetDIBitsToDeviceInternal [16] (win32k.sys)

111a: 902f85cf NtGdiSetFontEnumeration [1] (win32k.sys)

111b: 903ac989 NtGdiSetFontXform [3] (win32k.sys)

111c: 903ac452 NtGdiSetIcmMode [3] (win32k.sys)

111d: 9040e9d1 NtGdiSetLinkedUFIs [3] (win32k.sys)

111e: 90362929 NtGdiSetMagicColors [3] (win32k.sys)

111f: 903a80fa NtGdiSetMetaRgn [1] (win32k.sys)

1120: 903a810a NtGdiSetMiterLimit [3] (win32k.sys)

1121: 904290f0 NtGdiGetDeviceWidth [1] (win32k.sys)

1122: 904290e0 NtGdiMirrorWindowOrg [1] (win32k.sys)

1123: 902de63e NtGdiSetLayout [3] (win32k.sys)

1124: 90378632 NtGdiSetOPMSigningKeyAndSequenceNumbers [2] (win32k.sys)

1125: 903d0d64 NtGdiSetPixel [4] (win32k.sys)

1126: 90431e21 NtGdiSetPixelFormat [2] (win32k.sys)

1127: 904284b4 NtGdiSetRectRgn [5] (win32k.sys)

1128: 904283da NtGdiSetSystemPaletteUse [2] (win32k.sys)

1129: 904315a0 NtGdiSetTextJustification [3] (win32k.sys)

112a: 903a800e NtGdiSetVirtualResolution [5] (win32k.sys)

112b: 903a7fb8 NtGdiSetSizeDevice [3] (win32k.sys)

112c: 9040eae0 NtGdiStartDoc [4] (win32k.sys)

112d: 9040efdf NtGdiStartPage [1] (win32k.sys)

112e: 903c3b9d NtGdiStretchBlt [12] (win32k.sys)

112f: 9031bda5 NtGdiStretchDIBitsInternal [16] (win32k.sys)

1130: 90427551 NtGdiStrokeAndFillPath [1] (win32k.sys)

1131: 9042764e NtGdiStrokePath [1] (win32k.sys)

1132: 90431ff6 NtGdiSwapBuffers [1] (win32k.sys)

1133: 902ddae7 NtGdiTransformPoints [5] (win32k.sys)

1134: 903b4a68 NtGdiTransparentBlt [11] (win32k.sys)

1135: 9037ed72 DxgStubEndMoCompFrame [2] (win32k.sys)

1136: 904286d3 NtGdiUMPDEngFreeUserMem [1] (win32k.sys)

1137: 904284a4 NtGdiUnrealizeObject [1] (win32k.sys)

1138: 9042c682 NtGdiUpdateColors [1] (win32k.sys)

1139: 904271a6 NtGdiWidenPath [1] (win32k.sys)

113a: 902bf8bb NtUserActivateKeyboardLayout [2] (win32k.sys)

113b: 903d9b8f NtUserAddClipboardFormatListener [1] (win32k.sys)

113c: 903d6786 NtUserAlterWindowStyle [3] (win32k.sys)

113d: 903057cb NtUserAssociateInputContext [3] (win32k.sys)

113e: 903170ee NtUserAttachThreadInput [3] (win32k.sys)

113f: 90344664 NtUserBeginPaint [2] (win32k.sys)

1140: 903b86ae NtUserBitBltSysBmp [8] (win32k.sys)

1141: 903d44db NtUserBlockInput [1] (win32k.sys)

1142: 902ea12a NtUserBuildHimcList [4] (win32k.sys)

1143: 902e515f NtUserBuildHwndList [7] (win32k.sys)

1144: 902ebaa5 NtUserBuildNameList [4] (win32k.sys)

1145: 903d6a8d NtUserBuildPropList [4] (win32k.sys)

1146: 9029dea8 NtUserCallHwnd [2] (win32k.sys)

1147: 90304851 NtUserCallHwndLock [2] (win32k.sys)

1148: 9028b4b8 NtUserCallHwndOpt [2] (win32k.sys)

1149: 90308797 NtUserCallHwndParam [3] (win32k.sys)

114a: 902dd010 NtUserCallHwndParamLock [3] (win32k.sys)

114b: 903bc151 NtUserCallMsgFilter [2] (win32k.sys)

114c: 903a4744 NtUserCallNextHookEx [4] (win32k.sys)

114d: 903529c9 NtUserCallNoParam [1] (win32k.sys)

114e: 90351682 NtUserCallOneParam [2] (win32k.sys)

114f: 90324527 NtUserCallTwoParam [3] (win32k.sys)

1150: 903b855a NtUserChangeClipboardChain [2] (win32k.sys)

1151: 9038e7a1 NtUserChangeDisplaySettings [4] (win32k.sys)

1152: 902a4309 NtUserGetDisplayConfigBufferSizes [3] (win32k.sys)

1153: 903d6fa4 NtUserSetDisplayConfig [5] (win32k.sys)

1154: 9029fa08 NtUserQueryDisplayConfig [6] (win32k.sys)

1155: 9036c049 NtUserDisplayConfigGetDeviceInfo [1] (win32k.sys)

1156: 903d72b2 NtUserDisplayConfigSetDeviceInfo [1] (win32k.sys)

1157: 903d9eaf NtUserCheckAccessForIntegrityLevel [3] (win32k.sys)

1158: 9029e670 NtUserCheckDesktopByThreadId [1] (win32k.sys)

1159: 903d682b NtUserCheckWindowThreadDesktop [2] (win32k.sys)

115a: 9037ecbe NtUserCheckMenuItem [3] (win32k.sys)

115b: 9039de34 NtUserChildWindowFromPointEx [4] (win32k.sys)

115c: 90371b76 NtUserClipCursor [1] (win32k.sys)

115d: 903a3f0c NtUserCloseClipboard [0] (win32k.sys)

115e: 902e550b NtUserCloseDesktop [1] (win32k.sys)

115f: 902f5941 NtUserCloseWindowStation [1] (win32k.sys)

1160: 90359a90 NtUserConsoleControl [3] (win32k.sys)

1161: 90376ebb NtUserConvertMemHandle [2] (win32k.sys)

1162: 9039aba0 NtUserCopyAcceleratorTable [3] (win32k.sys)

1163: 9037b39c NtUserCountClipboardFormats [0] (win32k.sys)

1164: 902bf49a NtUserCreateAcceleratorTable [2] (win32k.sys)

1165: 903b8cbf NtUserCreateCaret [4] (win32k.sys)

1166: 9029bf18 NtUserCreateDesktopEx [6] (win32k.sys)

1167: 9039dbcb NtUserCreateInputContext [1] (win32k.sys)

1168: 903a435d NtUserCreateLocalMemHandle [4] (win32k.sys)

1169: 9030a6cf NtUserCreateWindowEx [15] (win32k.sys)

116a: 9028af2a NtUserCreateWindowStation [8] (win32k.sys)

116b: 902b49d8 NtUserDdeInitialize [5] (win32k.sys)

116c: 902e2de6 NtUserDeferWindowPos [8] (win32k.sys)

116d: 903a3e49 NtUserDefSetText [2] (win32k.sys)

116e: 902eee50 NtUserDeleteMenu [3] (win32k.sys)

116f: 903af2ec NtUserDestroyAcceleratorTable [1] (win32k.sys)

1170: 902f1509 NtUserDestroyCursor [2] (win32k.sys)

1171: 9039dd38 NtUserDestroyInputContext [1] (win32k.sys)

1172: 902bf5eb NtUserDestroyMenu [1] (win32k.sys)

1173: 90327bd4 NtUserDestroyWindow [1] (win32k.sys)

1174: 902c8658 NtUserDisableThreadIme [1] (win32k.sys)

1175: 90344aa0 NtUserDispatchMessage [1] (win32k.sys)

1176: 90281ccc NtUserDoSoundConnect [0] (win32k.sys)

1177: 9036451d NtUserDoSoundDisconnect [0] (win32k.sys)

1178: 903d6b87 NtUserDragDetect [3] (win32k.sys)

1179: 903d52a2 NtUserDragObject [5] (win32k.sys)

117a: 903d5d5c NtUserDrawAnimatedRects [4] (win32k.sys)

117b: 903d5e1f NtUserDrawCaption [4] (win32k.sys)

117c: 903d74c8 NtUserDrawCaptionTemp [7] (win32k.sys)

117d: 9031585d NtUserDrawIconEx [11] (win32k.sys)

117e: 903d73f7 NtUserDrawMenuBarTemp [5] (win32k.sys)

117f: 90375d7e NtUserEmptyClipboard [0] (win32k.sys)

1180: 903bb3ff NtUserEnableMenuItem [3] (win32k.sys)

1181: 903bed67 NtUserEnableScrollBar [3] (win32k.sys)

1182: 902e2d89 NtUserEndDeferWindowPosEx [2] (win32k.sys)

1183: 902be60b NtUserEndMenu [0] (win32k.sys)

1184: 90344f81 NtUserEndPaint [2] (win32k.sys)

1185: 902f048e NtUserEnumDisplayDevices [4] (win32k.sys)

1186: 902e5947 NtUserEnumDisplayMonitors [4] (win32k.sys)

1187: 903230fc NtUserEnumDisplaySettings [4] (win32k.sys)

1188: 903d5404 NtUserEvent [1] (win32k.sys)

1189: 9039d8f8 NtUserExcludeUpdateRgn [2] (win32k.sys)

118a: 903ad356 NtUserFillWindow [4] (win32k.sys)

118b: 9030a32b NtUserFindExistingCursorIcon [3] (win32k.sys)

118c: 9030dc42 NtUserFindWindowEx [5] (win32k.sys)

118d: 903b875e NtUserFlashWindowEx [1] (win32k.sys)

118e: 903d9e5a NtUserFrostCrashedWindow [2] (win32k.sys)

118f: 903d58ae NtUserGetAltTabInfo [6] (win32k.sys)

1190: 90322f30 NtUserGetAncestor [2] (win32k.sys)

1191: 903d88d1 NtUserGetAppImeLevel [1] (win32k.sys)

1192: 902cbd0c NtUserGetAsyncKeyState [1] (win32k.sys)

1193: 9030ec80 NtUserGetAtomName [2] (win32k.sys)

1194: 90307184 NtUserGetCaretBlinkTime [0] (win32k.sys)

1195: 903b98d9 NtUserGetCaretPos [1] (win32k.sys)

1196: 90321c11 NtUserGetClassInfoEx [5] (win32k.sys)

1197: 90321f78 NtUserGetClassName [3] (win32k.sys)

1198: 903a4244 NtUserGetClipboardData [2] (win32k.sys)

1199: 903a013a NtUserGetClipboardFormatName [3] (win32k.sys)

119a: 903b450e NtUserGetClipboardOwner [0] (win32k.sys)

119b: 903bde95 NtUserGetClipboardSequenceNumber [0] (win32k.sys)

119c: 903d5f6c NtUserGetClipboardViewer [0] (win32k.sys)

119d: 903d5c01 NtUserGetClipCursor [1] (win32k.sys)

119e: 903b7c55 NtUserGetComboBoxInfo [2] (win32k.sys)

119f: 9039acd4 NtUserGetControlBrush [3] (win32k.sys)

11a0: 903d5ec8 NtUserGetControlColor [4] (win32k.sys)

11a1: 902be5bc NtUserGetCPD [3] (win32k.sys)

11a2: 903b8c13 NtUserGetCursorFrameInfo [4] (win32k.sys)

11a3: 903d5775 NtUserGetCursorInfo [1] (win32k.sys)

11a4: 90335fda NtUserGetDC [1] (win32k.sys)

11a5: 902e71b6 NtUserGetDCEx [3] (win32k.sys)

11a6: 903159b8 NtUserGetDoubleClickTime [0] (win32k.sys)

11a7: 902e54cc NtUserGetForegroundWindow [0] (win32k.sys)

11a8: 903dac57 NtUserGetGuiResources [2] (win32k.sys)

11a9: 9031c164 NtUserGetGUIThreadInfo [2] (win32k.sys)

11aa: 9030f43c NtUserGetIconInfo [6] (win32k.sys)

11ab: 9030f6a6 NtUserGetIconSize [4] (win32k.sys)

11ac: 903d87a1 NtUserGetImeHotKey [4] (win32k.sys)

11ad: 902fafd6 NtUserGetImeInfoEx [2] (win32k.sys)

11ae: 903d6eaa NtUserGetInputLocaleInfo [2] (win32k.sys)

11af: 903d5512 NtUserGetInternalWindowPos [3] (win32k.sys)

11b0: 902c6003 NtUserGetKeyboardLayoutList [2] (win32k.sys)

11b1: 903d6dbd NtUserGetKeyboardLayoutName [1] (win32k.sys)

11b2: 903c386c NtUserGetKeyboardState [1] (win32k.sys)

11b3: 903d6d44 NtUserGetKeyNameText [3] (win32k.sys)

11b4: 902f985d NtUserGetKeyState [1] (win32k.sys)

11b5: 903d571d NtUserGetListBoxInfo [1] (win32k.sys)

11b6: 903c7fa5 NtUserGetMenuBarInfo [4] (win32k.sys)

11b7: 903d5c8b NtUserGetMenuIndex [2] (win32k.sys)

11b8: 90375379 NtUserGetMenuItemRect [4] (win32k.sys)

11b9: 9033a93a NtUserGetMessage [4] (win32k.sys)

11ba: 903d63ed NtUserGetMouseMovePointsEx [5] (win32k.sys)

11bb: 90319c7b NtUserGetObjectInformation [5] (win32k.sys)

11bc: 903d5f98 NtUserGetOpenClipboardWindow [0] (win32k.sys)

11bd: 903d5fc4 NtUserGetPriorityClipboardFormat [2] (win32k.sys)

11be: 9031fa29 NtUserGetProcessWindowStation [0] (win32k.sys)

11bf: 903d970e NtUserGetRawInputBuffer [3] (win32k.sys)

11c0: 903d9144 NtUserGetRawInputData [5] (win32k.sys)

11c1: 903d92ce NtUserGetRawInputDeviceInfo [4] (win32k.sys)

11c2: 903d95ae NtUserGetRawInputDeviceList [3] (win32k.sys)

11c3: 903d96d3 NtUserGetRegisteredRawInputDevices [3] (win32k.sys)

11c4: 9032b95e NtUserGetScrollBarInfo [3] (win32k.sys)

11c5: 902f8565 NtUserGetSystemMenu [2] (win32k.sys)

11c6: 90353702 NtUserGetThreadDesktop [1] (win32k.sys)

11c7: 9032cc09 NtUserGetThreadState [1] (win32k.sys)

11c8: 9032c600 NtUserGetTitleBarInfo [2] (win32k.sys)

11c9: 903d5ab7 NtUserGetTopLevelWindow [1] (win32k.sys)

11ca: 903d9cda NtUserGetUpdatedClipboardFormats [3] (win32k.sys)

11cb: 902daebb NtUserGetUpdateRect [3] (win32k.sys)

11cc: 903b614d NtUserGetUpdateRgn [3] (win32k.sys)

11cd: 90312644 NtUserGetWindowCompositionInfo [2] (win32k.sys)

11ce: 90312401 NtUserGetWindowCompositionAttribute [2] (win32k.sys)

11cf: 9032a351 NtUserGetWindowDC [1] (win32k.sys)

11d0: 903d5af7 NtUserGetWindowDisplayAffinity [2] (win32k.sys)

11d1: 903c54ae NtUserGetWindowPlacement [2] (win32k.sys)

11d2: 903d5489 NtUserGetWOWClass [2] (win32k.sys)

11d3: 902dae83 NtUserGhostWindowFromHungWindow [1] (win32k.sys)

11d4: 903da9a8 NtUserHardErrorControl [3] (win32k.sys)

11d5: 902c35b6 NtUserHideCaret [1] (win32k.sys)

11d6: 903d6047 NtUserHiliteMenuItem [4] (win32k.sys)

11d7: 9038b024 NtUserHungWindowFromGhostWindow [1] (win32k.sys)

11d8: 903d6cd7 NtUserImpersonateDdeClientWindow [2] (win32k.sys)

11d9: 90297f3c NtUserInitialize [2] (win32k.sys)

11da: 90285e56 NtUserInitializeClientPfnArrays [4] (win32k.sys)

11db: 903d55e4 NtUserInitTask [12] (win32k.sys)

11dc: 9032bd05 NtUserInternalGetWindowText [3] (win32k.sys)

11dd: 9038b05c NtUserInternalGetWindowIcon [2] (win32k.sys)

11de: 9034455e NtUserInvalidateRect [3] (win32k.sys)

11df: 902c6274 NtUserInvalidateRgn [3] (win32k.sys)

11e0: 903bb3c3 NtUserIsClipboardFormatAvailable [1] (win32k.sys)

11e1: 902da7a6 NtUserIsTopLevelWindow [1] (win32k.sys)

11e2: 90344298 NtUserKillTimer [2] (win32k.sys)

11e3: 9028f70a NtUserLoadKeyboardLayoutEx [8] (win32k.sys)

11e4: 9029a015 NtUserLockWindowStation [1] (win32k.sys)

11e5: 903c5844 NtUserLockWindowUpdate [1] (win32k.sys)

11e6: 903698cd NtUserLockWorkStation [0] (win32k.sys)

11e7: 903cf963 NtUserLogicalToPhysicalPoint [2] (win32k.sys)

11e8: 903ce69e NtUserMapVirtualKeyEx [4] (win32k.sys)

11e9: 903d6643 NtUserMenuItemFromPoint [4] (win32k.sys)

11ea: 9034314e NtUserMessageCall [7] (win32k.sys)

11eb: 903d60f2 NtUserMinMaximize [3] (win32k.sys)

11ec: 903d6218 NtUserMNDragLeave [0] (win32k.sys)

11ed: 903d6180 NtUserMNDragOver [2] (win32k.sys)

11ee: 903d6744 NtUserModifyUserStartupInfoFlags [2] (win32k.sys)

11ef: 902c53a8 NtUserMoveWindow [6] (win32k.sys)

11f0: 90304cff NtUserNotifyIMEStatus [3] (win32k.sys)

11f1: 90357732 NtUserNotifyProcessCreate [4] (win32k.sys)

11f2: 90317a3f NtUserNotifyWinEvent [4] (win32k.sys)

11f3: 903a3f2b NtUserOpenClipboard [2] (win32k.sys)

11f4: 902ed158 NtUserOpenDesktop [3] (win32k.sys)

11f5: 902b519b NtUserOpenInputDesktop [3] (win32k.sys)

11f6: 903d67d6 NtUserOpenThreadDesktop [4] (win32k.sys)

11f7: 902edfbf NtUserOpenWindowStation [2] (win32k.sys)

11f8: 902dee85 NtUserPaintDesktop [1] (win32k.sys)

11f9: 902de016 NtUserPaintMonitor [3] (win32k.sys)

11fa: 903436be NtUserPeekMessage [5] (win32k.sys)

11fb: 903c7a73 NtUserPhysicalToLogicalPoint [2] (win32k.sys)

11fc: 9032a928 NtUserPostMessage [4] (win32k.sys)

11fd: 9032cfdc NtUserPostThreadMessage [4] (win32k.sys)

11fe: 903d90b6 NtUserPrintWindow [3] (win32k.sys)

11ff: 90353cce NtUserProcessConnect [2] (win32k.sys)

1200: 90363237 NtUserQueryInformationThread [4] (win32k.sys)

1201: 90305126 NtUserQueryInputContext [2] (win32k.sys)

1202: 903d6c33 NtUserQuerySendMessage [1] (win32k.sys)

1203: 903442d5 NtUserQueryWindow [2] (win32k.sys)

1204: 903d5870 NtUserRealChildWindowFromPoint [3] (win32k.sys)

1205: 90344413 NtUserRealInternalGetMessage [6] (win32k.sys)

1206: 903d6583 NtUserRealWaitMessageEx [2] (win32k.sys)

1207: 90322c95 NtUserRedrawWindow [4] (win32k.sys)

1208: 90324d11 NtUserRegisterClassExWOW [7] (win32k.sys)

1209: 903d9e23 NtUserRegisterErrorReportingDialog [2] (win32k.sys)

120a: 90292c6b NtUserRegisterUserApiHook [4] (win32k.sys)

120b: 902e8051 NtUserRegisterHotKey [4] (win32k.sys)

120c: 902b4e4a NtUserRegisterRawInputDevices [3] (win32k.sys)

120d: 90281943 NtUserRegisterServicesProcess [1] (win32k.sys)

120e: 903d56e9 NtUserRegisterTasklist [1] (win32k.sys)

120f: 902f9ca5 NtUserRegisterWindowMessage [1] (win32k.sys)

1210: 903d9c70 NtUserRemoveClipboardFormatListener [1] (win32k.sys)

1211: 902c2409 NtUserRemoveMenu [3] (win32k.sys)

1212: 90338806 NtUserRemoveProp [2] (win32k.sys)

1213: 903dab2e NtUserResolveDesktopForWOW [1] (win32k.sys)

1214: 9032caac NtUserSBGetParms [4] (win32k.sys)

1215: 90360c18 NtUserScrollDC [7] (win32k.sys)

1216: 903b2934 NtUserScrollWindowEx [8] (win32k.sys)

1217: 902f6f5b NtUserSelectPalette [3] (win32k.sys)

1218: 903c9791 NtUserSendInput [3] (win32k.sys)

1219: 90317b0f NtUserSetActiveWindow [1] (win32k.sys)

121a: 903d886b NtUserSetAppImeLevel [2] (win32k.sys)

121b: 903c39c1 NtUserSetCapture [1] (win32k.sys)

121c: 9028b91c NtUserSetChildWindowNoActivate [1] (win32k.sys)

121d: 902c5aae NtUserSetClassLong [4] (win32k.sys)

121e: 903d6235 NtUserSetClassWord [3] (win32k.sys)

121f: 90376c84 NtUserSetClipboardData [3] (win32k.sys)

1220: 903a0be9 NtUserSetClipboardViewer [1] (win32k.sys)

1221: 90308713 NtUserSetCursor [1] (win32k.sys)

1222: 903d65fc NtUserSetCursorContents [2] (win32k.sys)

1223: 90319465 NtUserSetCursorIconData [4] (win32k.sys)

1224: 9030f596 NtUserSetFocus [1] (win32k.sys)

1225: 9028f523 NtUserSetImeHotKey [5] (win32k.sys)

1226: 902849b6 NtUserSetImeInfoEx [1] (win32k.sys)

1227: 9030fb60 NtUserSetImeOwnerWindow [2] (win32k.sys)

1228: 902e8b1b NtUserSetInformationThread [4] (win32k.sys)

1229: 903d59c7 NtUserSetInternalWindowPos [4] (win32k.sys)

122a: 903c3ae0 NtUserSetKeyboardState [1] (win32k.sys)

122b: 903d2e63 NtUserSetMenu [3] (win32k.sys)

122c: 903d5ceb NtUserSetMenuContextHelpId [2] (win32k.sys)

122d: 9029e440 NtUserSetMenuDefaultItem [3] (win32k.sys)

122e: 903d5d28 NtUserSetMenuFlagRtoL [1] (win32k.sys)

122f: 903daa6d NtUserSetObjectInformation [4] (win32k.sys)

1230: 902ddc01 NtUserSetParent [2] (win32k.sys)

1231: 902eeb4b NtUserSetProcessWindowStation [1] (win32k.sys)

1232: 90337b90 NtUserGetProp [2] (win32k.sys)

1233: 90337c1e NtUserSetProp [3] (win32k.sys)

1234: 9032ad01 NtUserSetScrollInfo [4] (win32k.sys)

1235: 9028b53b NtUserSetShellWindowEx [2] (win32k.sys)

1236: 903625ae NtUserSetSysColors [4] (win32k.sys)

1237: 903d65c3 NtUserSetSystemCursor [2] (win32k.sys)

1238: 903a10f5 NtUserSetSystemMenu [2] (win32k.sys)

1239: 903d6be5 NtUserSetSystemTimer [3] (win32k.sys)

123a: 902ee0b6 NtUserSetThreadDesktop [1] (win32k.sys)

123b: 903d8939 NtUserSetThreadLayoutHandles [2] (win32k.sys)

123c: 903b9c96 NtUserSetThreadState [2] (win32k.sys)

123d: 903441fd NtUserSetTimer [4] (win32k.sys)

123e: 903597ee NtUserSetProcessDPIAware [0] (win32k.sys)

123f: 903071ce NtUserSetWindowCompositionAttribute [2] (win32k.sys)

1240: 903d5b88 NtUserSetWindowDisplayAffinity [2] (win32k.sys)

1241: 9030ef15 NtUserSetWindowFNID [2] (win32k.sys)

1242: 9032c1be NtUserSetWindowLong [4] (win32k.sys)

1243: 902bf080 NtUserSetWindowPlacement [2] (win32k.sys)

1244: 90305338 NtUserSetWindowPos [7] (win32k.sys)

1245: 902c6cda NtUserSetWindowRgn [3] (win32k.sys)

1246: 902fa9ae NtUserGetWindowRgnEx [3] (win32k.sys)

1247: 903ab1d6 NtUserSetWindowRgnEx [3] (win32k.sys)

1248: 903d6271 NtUserSetWindowsHookAW [3] (win32k.sys)

1249: 902eb066 NtUserSetWindowsHookEx [6] (win32k.sys)

124a: 9028f555 NtUserSetWindowStationUser [4] (win32k.sys)

124b: 903ac2bc NtUserSetWindowWord [3] (win32k.sys)

124c: 90311576 NtUserSetWinEventHook [8] (win32k.sys)

124d: 902c5c2d NtUserShowCaret [1] (win32k.sys)

124e: 903b28ab NtUserShowScrollBar [3] (win32k.sys)

124f: 90304749 NtUserShowWindow [2] (win32k.sys)

1250: 903d629d NtUserShowWindowAsync [2] (win32k.sys)

1251: 9038045c NtUserSoundSentry [0] (win32k.sys)

1252: 9029b445 NtUserSwitchDesktop [2] (win32k.sys)

1253: 903300a9 NtUserSystemParametersInfo [4] (win32k.sys)

1254: 903d66e1 NtUserTestForInteractiveUser [1] (win32k.sys)

1255: 9039e169 NtUserThunkedMenuInfo [2] (win32k.sys)

1256: 902e6c6e NtUserThunkedMenuItemInfo [6] (win32k.sys)

1257: 90375159 NtUserToUnicodeEx [7] (win32k.sys)

1258: 903175fb NtUserTrackMouseEvent [1] (win32k.sys)

1259: 903763c2 NtUserTrackPopupMenuEx [6] (win32k.sys)

125a: 90369cd4 NtUserCalculatePopupWindowPosition [5] (win32k.sys)

125b: 9032c6d3 NtUserCalcMenuBar [5] (win32k.sys)

125c: 903c86cf NtUserPaintMenuBar [6] (win32k.sys)

125d: 903c4cc8 NtUserTranslateAccelerator [3] (win32k.sys)

125e: 903cae40 NtUserTranslateMessage [2] (win32k.sys)

125f: 903169ff NtUserUnhookWindowsHookEx [1] (win32k.sys)

1260: 902edb3b NtUserUnhookWinEvent [1] (win32k.sys)

1261: 903d6b59 NtUserUnloadKeyboardLayout [1] (win32k.sys)

1262: 9029b911 NtUserUnlockWindowStation [1] (win32k.sys)

1263: 90328e08 NtUserUnregisterClass [3] (win32k.sys)

1264: 90292c4e NtUserUnregisterUserApiHook [0] (win32k.sys)

1265: 903d0a2b NtUserUnregisterHotKey [2] (win32k.sys)

1266: 9030eec8 NtUserUpdateInputContext [3] (win32k.sys)

1267: 903d537d NtUserUpdateInstance [3] (win32k.sys)

1268: 902cc915 NtUserUpdateLayeredWindow [10] (win32k.sys)

1269: 903d8fe0 NtUserGetLayeredWindowAttributes [4] (win32k.sys)

126a: 902ddf9e NtUserSetLayeredWindowAttributes [4] (win32k.sys)

126b: 9028fc46 NtUserUpdatePerUserSystemParameters [1] (win32k.sys)

126c: 903d689b NtUserUserHandleGrantAccess [3] (win32k.sys)

126d: 903bfbbb NtUserValidateHandleSecure [1] (win32k.sys)

126e: 9039aac3 NtUserValidateRect [2] (win32k.sys)

126f: 9034587b NtUserValidateTimerCallback [1] (win32k.sys)

1270: 90392dc5 NtUserVkKeyScanEx [3] (win32k.sys)

1271: 903ab7e0 NtUserWaitForInputIdle [3] (win32k.sys)

1272: 903d527a NtUserWaitForMsgAndEvent [1] (win32k.sys)

1273: 90339265 NtUserWaitMessage [0] (win32k.sys)

1274: 903ccada NtUserWindowFromPhysicalPoint [2] (win32k.sys)

1275: 903c9ca9 NtUserWindowFromPoint [2] (win32k.sys)

1276: 903d64b9 NtUserYieldTask [0] (win32k.sys)

1277: 9028b36f NtUserRemoteConnect [3] (win32k.sys)

1278: 903d5191 NtUserRemoteRedrawRectangle [4] (win32k.sys)

1279: 903d51e8 NtUserRemoteRedrawScreen [0] (win32k.sys)

127a: 903d5238 NtUserRemoteStopScreenUpdates [0] (win32k.sys)

127b: 903da8d4 NtUserCtxDisplayIOCtl [3] (win32k.sys)

127c: 90281dd2 NtUserRegisterSessionPort [2] (win32k.sys)

127d: 903d9983 NtUserUnregisterSessionPort [0] (win32k.sys)

127e: 903d8eed NtUserUpdateWindowTransform [3] (win32k.sys)

127f: 902a824a NtUserDwmStartRedirection [1] (win32k.sys)

1280: 90388e8e NtUserDwmStopRedirection [0] (win32k.sys)

1281: 902e2f8f NtUserGetWindowMinimizeRect [2] (win32k.sys)

1282: 90379cfb NtUserSfmDxBindSwapChain [3] (win32k.sys)

1283: 9037942c NtUserSfmDxOpenSwapChain [4] (win32k.sys)

1284: 9038a35c NtUserSfmDxReleaseSwapChain [2] (win32k.sys)

1285: 9038a163 NtUserSfmDxSetSwapChainBindingStatus [2] (win32k.sys)

1286: 903798e7 NtUserSfmDxQuerySwapChainBindingStatus [3] (win32k.sys)

1287: 902a4486 NtUserSfmDxReportPendingBindingsToDwm [0] (win32k.sys)

1288: 90379a95 NtUserSfmDxGetSwapChainStats [2] (win32k.sys)

1289: 9034d611 NtUserSfmDxSetSwapChainStats [2] (win32k.sys)

128a: 903d99be NtUserSfmGetLogicalSurfaceBinding [4] (win32k.sys)

128b: 903d9b07 NtUserSfmDestroyLogicalSurfaceBinding [1] (win32k.sys)

128c: 903d9fab NtUserModifyWindowTouchCapability [3] (win32k.sys)

128d: 903da012 NtUserIsTouchWindow [2] (win32k.sys)

128e: 903da09e NtUserSendTouchInput [4] (win32k.sys)

128f: 903da1e2 NtUserEndTouchOperation [1] (win32k.sys)

1290: 903da273 NtUserGetTouchInputInfo [4] (win32k.sys)

1291: 90310a0f NtUserChangeWindowMessageFilterEx [4] (win32k.sys)

1292: 903da354 NtUserInjectGesture [5] (win32k.sys)

1293: 903da520 NtUserGetGestureInfo [2] (win32k.sys)

1294: 903da5e5 NtUserGetGestureExtArgs [3] (win32k.sys)

1295: 903da6bf NtUserManageGestureHandlerWindow [2] (win32k.sys)

1296: 9029d041 NtUserSetGestureConfig [5] (win32k.sys)

1297: 903da741 NtUserGetGestureConfig [6] (win32k.sys)

1298: 90433138 NtGdiEngAssociateSurface [3] (win32k.sys)

1299: 90433249 NtGdiEngCreateBitmap [6] (win32k.sys)

129a: 904328c3 NtGdiEngCreateDeviceSurface [4] (win32k.sys)

129b: 90432933 NtGdiEngCreateDeviceBitmap [4] (win32k.sys)

129c: 903ae418 NtGdiEngCreatePalette [6] (win32k.sys)

129d: 90436b70 NtGdiEngComputeGlyphSet [3] (win32k.sys)

129e: 90433c0a NtGdiEngCopyBits [6] (win32k.sys)

129f: 903bf689 NtGdiEngDeletePalette [1] (win32k.sys)

12a0: 904331cd NtGdiEngDeleteSurface [1] (win32k.sys)

12a1: 904333d6 NtGdiEngEraseSurface [3] (win32k.sys)

12a2: 904333a3 NtGdiEngUnlockSurface [1] (win32k.sys)

12a3: 9043336c NtGdiEngLockSurface [1] (win32k.sys)

12a4: 904344d1 NtGdiEngBitBlt [11] (win32k.sys)

12a5: 90433d9f NtGdiEngStretchBlt [11] (win32k.sys)

12a6: 904342f1 NtGdiEngPlgBlt [11] (win32k.sys)

12a7: 904331fa NtGdiEngMarkBandingSurface [1] (win32k.sys)

12a8: 90434790 NtGdiEngStrokePath [8] (win32k.sys)

12a9: 90434975 NtGdiEngFillPath [7] (win32k.sys)

12aa: 90434ad2 NtGdiEngStrokeAndFillPath [10] (win32k.sys)

12ab: 90434cba NtGdiEngPaint [5] (win32k.sys)

12ac: 90434dce NtGdiEngLineTo [9] (win32k.sys)

12ad: 90434ef1 NtGdiEngAlphaBlend [7] (win32k.sys)

12ae: 9043505c NtGdiEngGradientFill [10] (win32k.sys)

12af: 90435292 NtGdiEngTransparentBlt [8] (win32k.sys)

12b0: 904353ea NtGdiEngTextOut [10] (win32k.sys)

12b1: 90434004 NtGdiEngStretchBltROP [13] (win32k.sys)

12b2: 90436a71 NtGdiXLATEOBJ_cGetPalette [4] (win32k.sys)

12b3: 90436b25 NtGdiXLATEOBJ_iXlate [2] (win32k.sys)

12b4: 90436a2a NtGdiXLATEOBJ_hGetColorTransform [1] (win32k.sys)

12b5: 90435648 NtGdiCLIPOBJ_bEnum [3] (win32k.sys)

12b6: 904355c1 NtGdiCLIPOBJ_cEnumStart [5] (win32k.sys)

12b7: 904334d8 NtGdiCLIPOBJ_ppoGetPath [1] (win32k.sys)

12b8: 9043350f NtGdiEngDeletePath [1] (win32k.sys)

12b9: 90433542 NtGdiEngCreateClip [0] (win32k.sys)

12ba: 9043356d NtGdiEngDeleteClip [1] (win32k.sys)

12bb: 904357c0 NtGdiBRUSHOBJ_ulGetBrushColor [1] (win32k.sys)

12bc: 9043572f NtGdiBRUSHOBJ_pvAllocRbrush [2] (win32k.sys)

12bd: 90435779 NtGdiBRUSHOBJ_pvGetRbrush [1] (win32k.sys)

12be: 904358a0 NtGdiBRUSHOBJ_hGetColorTransform [1] (win32k.sys)

12bf: 904358e7 NtGdiXFORMOBJ_bApplyXform [5] (win32k.sys)

12c0: 90435a3d NtGdiXFORMOBJ_iGetXform [2] (win32k.sys)

12c1: 90435ae6 NtGdiFONTOBJ_vGetInfo [3] (win32k.sys)

12c2: 904335a0 NtGdiFONTOBJ_pxoGetXform [1] (win32k.sys)

12c3: 90435bd4 NtGdiFONTOBJ_cGetGlyphs [5] (win32k.sys)

12c4: 90436039 NtGdiFONTOBJ_pifi [1] (win32k.sys)

12c5: 90435e4e NtGdiFONTOBJ_pfdg [1] (win32k.sys)

12c6: 90435f3b NtGdiFONTOBJ_pQueryGlyphAttrs [2] (win32k.sys)

12c7: 9043695d NtGdiFONTOBJ_pvTrueTypeFontFile [2] (win32k.sys)

12c8: 90435d82 NtGdiFONTOBJ_cGetAllGlyphHandles [2] (win32k.sys)

12c9: 90436259 NtGdiSTROBJ_bEnum [3] (win32k.sys)

12ca: 90436277 NtGdiSTROBJ_bEnumPositionsOnly [3] (win32k.sys)

12cb: 90436295 NtGdiSTROBJ_bGetAdvanceWidths [4] (win32k.sys)

12cc: 9043636f NtGdiSTROBJ_vEnumStart [1] (win32k.sys)

12cd: 904363ac NtGdiSTROBJ_dwGetCodePage [1] (win32k.sys)

12ce: 9043648f NtGdiPATHOBJ_vGetBounds [2] (win32k.sys)

12cf: 90436511 NtGdiPATHOBJ_bEnum [2] (win32k.sys)

12d0: 90436665 NtGdiPATHOBJ_vEnumStart [1] (win32k.sys)

12d1: 904366d2 NtGdiPATHOBJ_vEnumStartClipLines [4] (win32k.sys)

12d2: 904367e5 NtGdiPATHOBJ_bEnumClipLines [3] (win32k.sys)

12d3: 904335d7 NtGdiGetDhpdev [1] (win32k.sys)

12d4: 9043360d NtGdiEngCheckAbort [1] (win32k.sys)

12d5: 9043366f NtGdiHT_Get8BPPFormatPalette [4] (win32k.sys)

12d6: 904336fa NtGdiHT_Get8BPPMaskPalette [6] (win32k.sys)

12d7: 9042098d NtGdiUpdateTransform [1] (win32k.sys)

12d8: 903a63c8 NtGdiSetPUMPDOBJ [4] (win32k.sys)

12d9: 904363f3 NtGdiBRUSHOBJ_DeleteRbrush [2] (win32k.sys)

12da: 904286d3 NtGdiUMPDEngFreeUserMem [1] (win32k.sys)

12db: 90338ae8 NtGdiDrawStream [3] (win32k.sys)

12dc: 9034c5c4 NtGdiSfmGetNotificationTokens [3] (win32k.sys)

12dd: 90313154 NtGdiHLSurfGetInformation [4] (win32k.sys)

12de: 90312f49 NtGdiHLSurfSetInformation [4] (win32k.sys)

12df: 9031236e NtGdiDdDDICreateAllocation [1] (win32k.sys)

12e0: 90315b1c NtGdiDdDDIQueryResourceInfo [1] (win32k.sys)

12e1: 90315d26 NtGdiDdDDIOpenResource [1] (win32k.sys)

12e2: 903140eb NtGdiDdDDIDestroyAllocation [1] (win32k.sys)

12e3: 9038f566 NtGdiDdDDISetAllocationPriority [1] (win32k.sys)

12e4: 903d4b6e NtGdiDdDDIQueryAllocationResidency [1] (win32k.sys)

12e5: 902b287f NtGdiDdDDICreateDevice [1] (win32k.sys)

12e6: 903901cf NtGdiDdDDIDestroyDevice [1] (win32k.sys)

12e7: 902b2860 NtGdiDdDDICreateContext [1] (win32k.sys)

12e8: 903901b0 NtGdiDdDDIDestroyContext [1] (win32k.sys)

12e9: 903799c8 NtGdiDdDDICreateSynchronizationObject [1] (win32k.sys)

12ea: 9040950d NtGdiDdDDIOpenSynchronizationObject [1] (win32k.sys)

12eb: 90378f5a NtGdiDdDDIDestroySynchronizationObject [1] (win32k.sys)

12ec: 90379c19 NtGdiDdDDIWaitForSynchronizationObject [1] (win32k.sys)

12ed: 903799a9 NtGdiDdDDISignalSynchronizationObject [1] (win32k.sys)

12ee: 9040952c NtGdiDdDDIGetRuntimeData [1] (win32k.sys)

12ef: 902b2841 NtGdiDdDDIQueryAdapterInfo [1] (win32k.sys)

12f0: 902f06a0 NtGdiDdDDILock [1] (win32k.sys)

12f1: 902f06bf NtGdiDdDDIUnlock [1] (win32k.sys)

12f2: 9038fbb8 NtGdiDdDDIGetDisplayModeList [1] (win32k.sys)

12f3: 902b2010 NtGdiDdDDISetDisplayMode [1] (win32k.sys)

12f4: 9040954b NtGdiDdDDIGetMultisampleMethodList [1] (win32k.sys)

12f5: 9034d5e8 NtGdiDdDDIPresent [1] (win32k.sys)

12f6: 9034d413 NtGdiDdDDIRender [1] (win32k.sys)

12f7: 902a8e7f NtGdiDdDDIOpenAdapterFromDeviceName [1] (win32k.sys)

12f8: 902b266d NtGdiDdDDIOpenAdapterFromHdc [1] (win32k.sys)

12f9: 902b2147 NtGdiDdDDICloseAdapter [1] (win32k.sys)

12fa: 90382ee3 NtGdiDdDDIGetSharedPrimaryHandle [1] (win32k.sys)

12fb: 902b20db NtGdiDdDDIEscape [1] (win32k.sys)

12fc: 9040956a NtGdiDdDDIQueryStatistics [1] (win32k.sys)

12fd: 902af72a NtGdiDdDDISetVidPnSourceOwner [1] (win32k.sys)

12fe: 9034c71c NtGdiDdDDIGetPresentHistory [1] (win32k.sys)

12ff: 902a7a8d NtGdiDdDDIGetPresentQueueEvent [2] (win32k.sys)

1300: 90409589 NtGdiDdDDICreateOverlay [1] (win32k.sys)

1301: 904095a8 NtGdiDdDDIUpdateOverlay [1] (win32k.sys)

1302: 904095c7 NtGdiDdDDIFlipOverlay [1] (win32k.sys)

1303: 904095e6 NtGdiDdDDIDestroyOverlay [1] (win32k.sys)

1304: 90347808 NtGdiDdDDIWaitForVerticalBlankEvent [1] (win32k.sys)

1305: 90409605 NtGdiDdDDISetGammaRamp [1] (win32k.sys)

1306: 9034d32b NtGdiDdDDIGetDeviceState [1] (win32k.sys)

1307: 90370513 NtGdiDdDDICreateDCFromMemory [1] (win32k.sys)

1308: 90371a50 NtGdiDdDDIDestroyDCFromMemory [1] (win32k.sys)

1309: 90390403 NtGdiDdDDISetContextSchedulingPriority [1] (win32k.sys)

130a: 90409624 NtGdiDdDDIGetContextSchedulingPriority [1] (win32k.sys)

130b: 902a739c NtGdiDdDDISetProcessSchedulingPriorityClass [2] (win32k.sys)

130c: 90409643 NtGdiDdDDIGetProcessSchedulingPriorityClass [2] (win32k.sys)

130d: 90409662 NtGdiDdDDIReleaseProcessVidPnSourceOwners [1] (win32k.sys)

130e: 903799fa NtGdiDdDDIGetScanLine [1] (win32k.sys)

130f: 90378fd3 NtGdiDdDDISetQueuedLimit [1] (win32k.sys)

1310: 9040969a NtGdiDdDDIPollDisplayChildren [1] (win32k.sys)

1311: 904096b9 NtGdiDdDDIInvalidateActiveVidPn [1] (win32k.sys)

1312: 904096d8 NtGdiDdDDICheckOcclusion [1] (win32k.sys)

1313: 904096f7 NtGdiDdDDIWaitForIdle [1] (win32k.sys)

1314: 9034d5b9 NtGdiDdDDICheckMonitorPowerState [1] (win32k.sys)

1315: 903799e7 NtGdiDdDDICheckExclusiveOwnership [0] (win32k.sys)

1316: 90409716 NtGdiDdDDISetDisplayPrivateDriverFormat [1] (win32k.sys)

1317: 9040a8ba NtGdiDdDDISharedPrimaryLockNotification [1] (win32k.sys)

1318: 9040a929 NtGdiDdDDISharedPrimaryUnLockNotification [1] (win32k.sys)

1319: 90409735 NtGdiDdDDICreateKeyedMutex [1] (win32k.sys)

131a: 90409754 NtGdiDdDDIOpenKeyedMutex [1] (win32k.sys)

131b: 90409773 NtGdiDdDDIDestroyKeyedMutex [1] (win32k.sys)

131c: 90409792 NtGdiDdDDIAcquireKeyedMutex [1] (win32k.sys)

131d: 904097b1 NtGdiDdDDIReleaseKeyedMutex [1] (win32k.sys)

131e: 903795a3 NtGdiDdDDIConfigureSharedResource [1] (win32k.sys)

131f: 904097d0 NtGdiDdDDIGetOverlayState [1] (win32k.sys)

1320: 9034d3f4 NtGdiDdDDICheckVidPnExclusiveOwnership [1] (win32k.sys)

1321: 903796b4 NtGdiDdDDICheckSharedResourceAccess [1] (win32k.sys)

1322: 9037ed72 DxgStubEndMoCompFrame [2] (win32k.sys)

1323: 9039fab3 DxgStubContextDestroyAll [1] (win32k.sys)

1324: 90436f0d NtGdiGetNumberOfPhysicalMonitors [2] (win32k.sys)

1325: 90436f3c NtGdiGetPhysicalMonitors [4] (win32k.sys)

1326: 904378e5 NtGdiGetPhysicalMonitorDescription [3] (win32k.sys)

1327: 90437bf9 NtGdiDestroyPhysicalMonitor [1] (win32k.sys)

1328: 9043798a NtGdiDDCCIGetVCPFeature [5] (win32k.sys)

1329: 90437a1c NtGdiDDCCISetVCPFeature [3] (win32k.sys)

132a: 90437a32 NtGdiDDCCISaveCurrentSettings [1] (win32k.sys)

132b: 90437d9c NtGdiDDCCIGetCapabilitiesStringLength [2] (win32k.sys)

132c: 90437dfb NtGdiDDCCIGetCapabilitiesString [3] (win32k.sys)

132d: 90437a48 NtGdiDDCCIGetTimingReport [2] (win32k.sys)

132e: 90409a17 NtGdiDdCreateFullscreenSprite [4] (win32k.sys)

132f: 90409a27 NtGdiDdNotifyFullscreenSpriteUpdate [2] (win32k.sys)

1330: 90409a37 NtGdiDdDestroyFullscreenSprite [2] (win32k.sys)

1331: 90409a47 DxEngVisRgnUniq [0] (win32k.sys)

1332: 903d6320 NtUserSetMirrorRendering [2] (win32k.sys)

1333: 903d63a5 NtUserShowSystemCursor [1] (win32k.sys)

1334: 90391b40 NtUserMagControl [2] (win32k.sys)

1335: 903a1f9f NtUserMagSetContextInformation [4] (win32k.sys)

1336: 903a2ff0 NtUserMagGetContextInformation [4] (win32k.sys)

1337: 9038f79a NtUserHwndQueryRedirectionInfo [4] (win32k.sys)

1338: 90380814 NtUserHwndSetRedirectionInfo [4] (win32k.sys)


https://www.openrce.org/blog/view/1470/Windows_7_RC_syscalls
GamingMasteR
June 10th, 2009, 20:31
thanks

EPROCESS :
Code:
          typedef struct _EPROCESS                                               // 133 elements, 0x2C0 bytes (sizeof) 

          {                                                                                                            

/*0x000*/     struct _KPROCESS Pcb;                                              // 34 elements, 0x98 bytes (sizeof)   

/*0x098*/     struct _EX_PUSH_LOCK ProcessLock;                                  // 7 elements, 0x4 bytes (sizeof)     

/*0x09C*/     UINT8        _PADDING0_[0x4];                                                                            

/*0x0A0*/     union _LARGE_INTEGER CreateTime;                                   // 4 elements, 0x8 bytes (sizeof)     

/*0x0A8*/     union _LARGE_INTEGER ExitTime;                                     // 4 elements, 0x8 bytes (sizeof)     

/*0x0B0*/     struct _EX_RUNDOWN_REF RundownProtect;                             // 2 elements, 0x4 bytes (sizeof)     

/*0x0B4*/     VOID*        UniqueProcessId;                                                                            

/*0x0B8*/     struct _LIST_ENTRY ActiveProcessLinks;                             // 2 elements, 0x8 bytes (sizeof)     

/*0x0C0*/     ULONG32      ProcessQuotaUsage[2];                                                                       

/*0x0C8*/     ULONG32      ProcessQuotaPeak[2];                                                                        

/*0x0D0*/     ULONG32      CommitCharge;                                                                               

/*0x0D4*/     struct _EPROCESS_QUOTA_BLOCK* QuotaBlock;                                                                

/*0x0D8*/     struct _PS_CPU_QUOTA_BLOCK* CpuQuotaBlock;                                                               

/*0x0DC*/     ULONG32      PeakVirtualSize;                                                                            

/*0x0E0*/     ULONG32      VirtualSize;                                                                                

/*0x0E4*/     struct _LIST_ENTRY SessionProcessLinks;                            // 2 elements, 0x8 bytes (sizeof)     

/*0x0EC*/     VOID*        DebugPort;                                                                                  

              union                                                              // 3 elements, 0x4 bytes (sizeof)     

              {                                                                                                        

/*0x0F0*/         VOID*        ExceptionPortData;                                                                      

/*0x0F0*/         ULONG32      ExceptionPortValue;                                                                     

/*0x0F0*/         ULONG32      ExceptionPortState : 3;                           // 0 BitPosition                      

              };                                                                                                       

/*0x0F4*/     struct _HANDLE_TABLE* ObjectTable;                                                                       

/*0x0F8*/     struct _EX_FAST_REF Token;                                         // 3 elements, 0x4 bytes (sizeof)     

/*0x0FC*/     ULONG32      WorkingSetPage;                                                                             

/*0x100*/     struct _EX_PUSH_LOCK AddressCreationLock;                          // 7 elements, 0x4 bytes (sizeof)     

/*0x104*/     struct _ETHREAD* RotateInProgress;                                                                       

/*0x108*/     struct _ETHREAD* ForkInProgress;                                                                         

/*0x10C*/     ULONG32      HardwareTrigger;                                                                            

/*0x110*/     struct _MM_AVL_TABLE* PhysicalVadRoot;                                                                   

/*0x114*/     VOID*        CloneRoot;                                                                                  

/*0x118*/     ULONG32      NumberOfPrivatePages;                                                                       

/*0x11C*/     ULONG32      NumberOfLockedPages;                                                                        

/*0x120*/     VOID*        Win32Process;                                                                               

/*0x124*/     struct _EJOB* Job;                                                                                       

/*0x128*/     VOID*        SectionObject;                                                                              

/*0x12C*/     VOID*        SectionBaseAddress;                                                                         

/*0x130*/     ULONG32      Cookie;                                                                                     

/*0x134*/     ULONG32      Spare8;                                                                                     

/*0x138*/     struct _PAGEFAULT_HISTORY* WorkingSetWatch;                                                              

/*0x13C*/     VOID*        Win32WindowStation;                                                                         

/*0x140*/     VOID*        InheritedFromUniqueProcessId;                                                               

/*0x144*/     VOID*        LdtInformation;                                                                             

/*0x148*/     VOID*        VdmObjects;                                                                                 

/*0x14C*/     ULONG32      ConsoleHostProcess;                                                                         

/*0x150*/     VOID*        DeviceMap;                                                                                  

/*0x154*/     VOID*        EtwDataSource;                                                                              

/*0x158*/     VOID*        FreeTebHint;                                                                                

/*0x15C*/     UINT8        _PADDING1_[0x4];                                                                            

              union                                                              // 2 elements, 0x8 bytes (sizeof)     

              {                                                                                                        

/*0x160*/         struct _HARDWARE_PTE PageDirectoryPte;                         // 16 elements, 0x8 bytes (sizeof)    

/*0x160*/         UINT64       Filler;                                                                                 

              };                                                                                                       

/*0x168*/     VOID*        Session;                                                                                    

/*0x16C*/     UINT8        ImageFileName[15];                                                                          

/*0x17B*/     UINT8        PriorityClass;                                                                              

/*0x17C*/     struct _LIST_ENTRY JobLinks;                                       // 2 elements, 0x8 bytes (sizeof)     

/*0x184*/     VOID*        LockedPagesList;                                                                            

/*0x188*/     struct _LIST_ENTRY ThreadListHead;                                 // 2 elements, 0x8 bytes (sizeof)     

/*0x190*/     VOID*        SecurityPort;                                                                               

/*0x194*/     VOID*        PaeTop;                                                                                     

/*0x198*/     ULONG32      ActiveThreads;                                                                              

/*0x19C*/     ULONG32      ImagePathHash;                                                                              

/*0x1A0*/     ULONG32      DefaultHardErrorProcessing;                                                                 

/*0x1A4*/     LONG32       LastThreadExitStatus;                                                                       

/*0x1A8*/     struct _PEB* Peb;                                                                                        

/*0x1AC*/     struct _EX_FAST_REF PrefetchTrace;                                 // 3 elements, 0x4 bytes (sizeof)     

/*0x1B0*/     union _LARGE_INTEGER ReadOperationCount;                           // 4 elements, 0x8 bytes (sizeof)     

/*0x1B8*/     union _LARGE_INTEGER WriteOperationCount;                          // 4 elements, 0x8 bytes (sizeof)     

/*0x1C0*/     union _LARGE_INTEGER OtherOperationCount;                          // 4 elements, 0x8 bytes (sizeof)     

/*0x1C8*/     union _LARGE_INTEGER ReadTransferCount;                            // 4 elements, 0x8 bytes (sizeof)     

/*0x1D0*/     union _LARGE_INTEGER WriteTransferCount;                           // 4 elements, 0x8 bytes (sizeof)     

/*0x1D8*/     union _LARGE_INTEGER OtherTransferCount;                           // 4 elements, 0x8 bytes (sizeof)     

/*0x1E0*/     ULONG32      CommitChargeLimit;                                                                          

/*0x1E4*/     ULONG32      CommitChargePeak;                                                                           

/*0x1E8*/     VOID*        AweInfo;                                                                                    

/*0x1EC*/     struct _SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo; // 1 elements, 0x4 bytes (sizeof)     

/*0x1F0*/     struct _MMSUPPORT Vm;                                              // 21 elements, 0x6C bytes (sizeof)   

/*0x25C*/     struct _LIST_ENTRY MmProcessLinks;                                 // 2 elements, 0x8 bytes (sizeof)     

/*0x264*/     ULONG32      ModifiedPageCount;                                                                          

              union                                                              // 2 elements, 0x4 bytes (sizeof)     

              {                                                                                                        

/*0x268*/         ULONG32      Flags2;                                                                                 

                  struct                                                         // 20 elements, 0x4 bytes (sizeof)    

                  {                                                                                                    

/*0x268*/             ULONG32      JobNotReallyActive : 1;                       // 0 BitPosition                      

/*0x268*/             ULONG32      AccountingFolded : 1;                         // 1 BitPosition                      

/*0x268*/             ULONG32      NewProcessReported : 1;                       // 2 BitPosition                      

/*0x268*/             ULONG32      ExitProcessReported : 1;                      // 3 BitPosition                      

/*0x268*/             ULONG32      ReportCommitChanges : 1;                      // 4 BitPosition                      

/*0x268*/             ULONG32      LastReportMemory : 1;                         // 5 BitPosition                      

/*0x268*/             ULONG32      ReportPhysicalPageChanges : 1;                // 6 BitPosition                      

/*0x268*/             ULONG32      HandleTableRundown : 1;                       // 7 BitPosition                      

/*0x268*/             ULONG32      NeedsHandleRundown : 1;                       // 8 BitPosition                      

/*0x268*/             ULONG32      RefTraceEnabled : 1;                          // 9 BitPosition                      

/*0x268*/             ULONG32      NumaAware : 1;                                // 10 BitPosition                     

/*0x268*/             ULONG32      ProtectedProcess : 1;                         // 11 BitPosition                     

/*0x268*/             ULONG32      DefaultPagePriority : 3;                      // 12 BitPosition                     

/*0x268*/             ULONG32      PrimaryTokenFrozen : 1;                       // 15 BitPosition                     

/*0x268*/             ULONG32      ProcessVerifierTarget : 1;                    // 16 BitPosition                     

/*0x268*/             ULONG32      StackRandomizationDisabled : 1;               // 17 BitPosition                     

/*0x268*/             ULONG32      AffinityPermanent : 1;                        // 18 BitPosition                     

/*0x268*/             ULONG32      AffinityUpdateEnable : 1;                     // 19 BitPosition                     

/*0x268*/             ULONG32      PropagateNode : 1;                            // 20 BitPosition                     

/*0x268*/             ULONG32      ExplicitAffinity : 1;                         // 21 BitPosition                     

                  };                                                                                                   

              };                                                                                                       

              union                                                              // 2 elements, 0x4 bytes (sizeof)     

              {                                                                                                        

/*0x26C*/         ULONG32      Flags;                                                                                  

                  struct                                                         // 29 elements, 0x4 bytes (sizeof)    

                  {                                                                                                    

/*0x26C*/             ULONG32      CreateReported : 1;                           // 0 BitPosition                      

/*0x26C*/             ULONG32      NoDebugInherit : 1;                           // 1 BitPosition                      

/*0x26C*/             ULONG32      ProcessExiting : 1;                           // 2 BitPosition                      

/*0x26C*/             ULONG32      ProcessDelete : 1;                            // 3 BitPosition                      

/*0x26C*/             ULONG32      Wow64SplitPages : 1;                          // 4 BitPosition                      

/*0x26C*/             ULONG32      VmDeleted : 1;                                // 5 BitPosition                      

/*0x26C*/             ULONG32      OutswapEnabled : 1;                           // 6 BitPosition                      

/*0x26C*/             ULONG32      Outswapped : 1;                               // 7 BitPosition                      

/*0x26C*/             ULONG32      ForkFailed : 1;                               // 8 BitPosition                      

/*0x26C*/             ULONG32      Wow64VaSpace4Gb : 1;                          // 9 BitPosition                      

/*0x26C*/             ULONG32      AddressSpaceInitialized : 2;                  // 10 BitPosition                     

/*0x26C*/             ULONG32      SetTimerResolution : 1;                       // 12 BitPosition                     

/*0x26C*/             ULONG32      BreakOnTermination : 1;                       // 13 BitPosition                     

/*0x26C*/             ULONG32      DeprioritizeViews : 1;                        // 14 BitPosition                     

/*0x26C*/             ULONG32      WriteWatch : 1;                               // 15 BitPosition                     

/*0x26C*/             ULONG32      ProcessInSession : 1;                         // 16 BitPosition                     

/*0x26C*/             ULONG32      OverrideAddressSpace : 1;                     // 17 BitPosition                     

/*0x26C*/             ULONG32      HasAddressSpace : 1;                          // 18 BitPosition                     

/*0x26C*/             ULONG32      LaunchPrefetched : 1;                         // 19 BitPosition                     

/*0x26C*/             ULONG32      InjectInpageErrors : 1;                       // 20 BitPosition                     

/*0x26C*/             ULONG32      VmTopDown : 1;                                // 21 BitPosition                     

/*0x26C*/             ULONG32      ImageNotifyDone : 1;                          // 22 BitPosition                     

/*0x26C*/             ULONG32      PdeUpdateNeeded : 1;                          // 23 BitPosition                     

/*0x26C*/             ULONG32      VdmAllowed : 1;                               // 24 BitPosition                     

/*0x26C*/             ULONG32      CrossSessionCreate : 1;                       // 25 BitPosition                     

/*0x26C*/             ULONG32      ProcessInserted : 1;                          // 26 BitPosition                     

/*0x26C*/             ULONG32      DefaultIoPriority : 3;                        // 27 BitPosition                     

/*0x26C*/             ULONG32      ProcessSelfDelete : 1;                        // 30 BitPosition                     

/*0x26C*/             ULONG32      SetTimerResolutionLink : 1;                   // 31 BitPosition                     

                  };                                                                                                   

              };                                                                                                       

/*0x270*/     LONG32       ExitStatus;                                                                                 

/*0x274*/     struct _MM_AVL_TABLE VadRoot;                                      // 6 elements, 0x20 bytes (sizeof)    

/*0x294*/     struct _ALPC_PROCESS_CONTEXT AlpcContext;                          // 3 elements, 0x10 bytes (sizeof)    

/*0x2A4*/     struct _LIST_ENTRY TimerResolutionLink;                            // 2 elements, 0x8 bytes (sizeof)     

/*0x2AC*/     ULONG32      RequestedTimerResolution;                                                                   

/*0x2B0*/     ULONG32      ActiveThreadsHighWatermark;                                                                 

/*0x2B4*/     ULONG32      SmallestTimerResolution;                                                                    

/*0x2B8*/     struct _PO_DIAG_STACK_RECORD* TimerResolutionStackRecord;                                                

/*0x2BC*/     UINT8        _PADDING2_[0x4];                                                                            

          }EPROCESS, *PEPROCESS;



Code:
ETHREAD :

          typedef struct _ETHREAD                                              // 88 elements, 0x2B8 bytes (sizeof)  

          {                                                                                                          

/*0x000*/     struct _KTHREAD Tcb;                                             // 114 elements, 0x200 bytes (sizeof) 

/*0x200*/     union _LARGE_INTEGER CreateTime;                                 // 4 elements, 0x8 bytes (sizeof)     

              union                                                            // 2 elements, 0x8 bytes (sizeof)     

              {                                                                                                      

/*0x208*/         union _LARGE_INTEGER ExitTime;                               // 4 elements, 0x8 bytes (sizeof)     

/*0x208*/         struct _LIST_ENTRY KeyedWaitChain;                           // 2 elements, 0x8 bytes (sizeof)     

              };                                                                                                     

/*0x210*/     LONG32       ExitStatus;                                                                               

              union                                                            // 2 elements, 0x8 bytes (sizeof)     

              {                                                                                                      

/*0x214*/         struct _LIST_ENTRY PostBlockList;                            // 2 elements, 0x8 bytes (sizeof)     

                  struct                                                       // 2 elements, 0x8 bytes (sizeof)     

                  {                                                                                                  

/*0x214*/             VOID*        ForwardLinkShadow;                                                                

/*0x218*/             VOID*        StartAddress;                                                                     

                  };                                                                                                 

              };                                                                                                     

              union                                                            // 3 elements, 0x4 bytes (sizeof)     

              {                                                                                                      

/*0x21C*/         struct _TERMINATION_PORT* TerminationPort;                                                         

/*0x21C*/         struct _ETHREAD* ReaperLink;                                                                       

/*0x21C*/         VOID*        KeyedWaitValue;                                                                       

              };                                                                                                     

/*0x220*/     ULONG32      ActiveTimerListLock;                                                                      

/*0x224*/     struct _LIST_ENTRY ActiveTimerListHead;                          // 2 elements, 0x8 bytes (sizeof)     

/*0x22C*/     struct _CLIENT_ID Cid;                                           // 2 elements, 0x8 bytes (sizeof)     

              union                                                            // 2 elements, 0x14 bytes (sizeof)    

              {                                                                                                      

/*0x234*/         struct _KSEMAPHORE KeyedWaitSemaphore;                       // 2 elements, 0x14 bytes (sizeof)    

/*0x234*/         struct _KSEMAPHORE AlpcWaitSemaphore;                        // 2 elements, 0x14 bytes (sizeof)    

              };                                                                                                     

/*0x248*/     union _PS_CLIENT_SECURITY_CONTEXT ClientSecurity;                // 4 elements, 0x4 bytes (sizeof)     

/*0x24C*/     struct _LIST_ENTRY IrpList;                                      // 2 elements, 0x8 bytes (sizeof)     

/*0x254*/     ULONG32      TopLevelIrp;                                                                              

/*0x258*/     struct _DEVICE_OBJECT* DeviceToVerify;                                                                 

/*0x25C*/     union _PSP_CPU_QUOTA_APC* CpuQuotaApc;                                                                 

/*0x260*/     VOID*        Win32StartAddress;                                                                        

/*0x264*/     VOID*        LegacyPowerObject;                                                                        

/*0x268*/     struct _LIST_ENTRY ThreadListEntry;                              // 2 elements, 0x8 bytes (sizeof)     

/*0x270*/     struct _EX_RUNDOWN_REF RundownProtect;                           // 2 elements, 0x4 bytes (sizeof)     

/*0x274*/     struct _EX_PUSH_LOCK ThreadLock;                                 // 7 elements, 0x4 bytes (sizeof)     

/*0x278*/     ULONG32      ReadClusterSize;                                                                          

/*0x27C*/     LONG32       MmLockOrdering;                                                                           

              union                                                            // 2 elements, 0x4 bytes (sizeof)     

              {                                                                                                      

/*0x280*/         ULONG32      CrossThreadFlags;                                                                     

                  struct                                                       // 14 elements, 0x4 bytes (sizeof)    

                  {                                                                                                  

/*0x280*/             ULONG32      Terminated : 1;                             // 0 BitPosition                      

/*0x280*/             ULONG32      ThreadInserted : 1;                         // 1 BitPosition                      

/*0x280*/             ULONG32      HideFromDebugger : 1;                       // 2 BitPosition                      

/*0x280*/             ULONG32      ActiveImpersonationInfo : 1;                // 3 BitPosition                      

/*0x280*/             ULONG32      SystemThread : 1;                           // 4 BitPosition                      

/*0x280*/             ULONG32      HardErrorsAreDisabled : 1;                  // 5 BitPosition                      

/*0x280*/             ULONG32      BreakOnTermination : 1;                     // 6 BitPosition                      

/*0x280*/             ULONG32      SkipCreationMsg : 1;                        // 7 BitPosition                      

/*0x280*/             ULONG32      SkipTerminationMsg : 1;                     // 8 BitPosition                      

/*0x280*/             ULONG32      CopyTokenOnOpen : 1;                        // 9 BitPosition                      

/*0x280*/             ULONG32      ThreadIoPriority : 3;                       // 10 BitPosition                     

/*0x280*/             ULONG32      ThreadPagePriority : 3;                     // 13 BitPosition                     

/*0x280*/             ULONG32      RundownFail : 1;                            // 16 BitPosition                     

/*0x280*/             ULONG32      NeedsWorkingSetAging : 1;                   // 17 BitPosition                     

                  };                                                                                                 

              };                                                                                                     

              union                                                            // 2 elements, 0x4 bytes (sizeof)     

              {                                                                                                      

/*0x284*/         ULONG32      SameThreadPassiveFlags;                                                               

                  struct                                                       // 7 elements, 0x4 bytes (sizeof)     

                  {                                                                                                  

/*0x284*/             ULONG32      ActiveExWorker : 1;                         // 0 BitPosition                      

/*0x284*/             ULONG32      ExWorkerCanWaitUser : 1;                    // 1 BitPosition                      

/*0x284*/             ULONG32      MemoryMaker : 1;                            // 2 BitPosition                      

/*0x284*/             ULONG32      ClonedThread : 1;                           // 3 BitPosition                      

/*0x284*/             ULONG32      KeyedEventInUse : 1;                        // 4 BitPosition                      

/*0x284*/             ULONG32      RateApcState : 2;                           // 5 BitPosition                      

/*0x284*/             ULONG32      SelfTerminate : 1;                          // 7 BitPosition                      

                  };                                                                                                 

              };                                                                                                     

              union                                                            // 2 elements, 0x4 bytes (sizeof)     

              {                                                                                                      

/*0x288*/         ULONG32      SameThreadApcFlags;                                                                   

                  struct                                                       // 4 elements, 0x4 bytes (sizeof)     

                  {                                                                                                  

                      struct                                                   // 8 elements, 0x1 bytes (sizeof)     

                      {                                                                                              

/*0x288*/                 UINT8        Spare : 1;                              // 0 BitPosition                      

/*0x288*/                 UINT8        StartAddressInvalid : 1;                // 1 BitPosition                      

/*0x288*/                 UINT8        EtwPageFaultCalloutActive : 1;          // 2 BitPosition                      

/*0x288*/                 UINT8        OwnsProcessWorkingSetExclusive : 1;     // 3 BitPosition                      

/*0x288*/                 UINT8        OwnsProcessWorkingSetShared : 1;        // 4 BitPosition                      

/*0x288*/                 UINT8        OwnsSystemCacheWorkingSetExclusive : 1; // 5 BitPosition                      

/*0x288*/                 UINT8        OwnsSystemCacheWorkingSetShared : 1;    // 6 BitPosition                      

/*0x288*/                 UINT8        OwnsSessionWorkingSetExclusive : 1;     // 7 BitPosition                      

                      };                                                                                             

                      struct                                                   // 8 elements, 0x1 bytes (sizeof)     

                      {                                                                                              

/*0x289*/                 UINT8        OwnsSessionWorkingSetShared : 1;        // 0 BitPosition                      

/*0x289*/                 UINT8        OwnsProcessAddressSpaceExclusive : 1;   // 1 BitPosition                      

/*0x289*/                 UINT8        OwnsProcessAddressSpaceShared : 1;      // 2 BitPosition                      

/*0x289*/                 UINT8        SuppressSymbolLoad : 1;                 // 3 BitPosition                      

/*0x289*/                 UINT8        Prefetching : 1;                        // 4 BitPosition                      

/*0x289*/                 UINT8        OwnsDynamicMemoryShared : 1;            // 5 BitPosition                      

/*0x289*/                 UINT8        OwnsChangeControlAreaExclusive : 1;     // 6 BitPosition                      

/*0x289*/                 UINT8        OwnsChangeControlAreaShared : 1;        // 7 BitPosition                      

                      };                                                                                             

                      struct                                                   // 6 elements, 0x1 bytes (sizeof)     

                      {                                                                                              

/*0x28A*/                 UINT8        OwnsPagedPoolWorkingSetExclusive : 1;   // 0 BitPosition                      

/*0x28A*/                 UINT8        OwnsPagedPoolWorkingSetShared : 1;      // 1 BitPosition                      

/*0x28A*/                 UINT8        OwnsSystemPtesWorkingSetExclusive : 1;  // 2 BitPosition                      

/*0x28A*/                 UINT8        OwnsSystemPtesWorkingSetShared : 1;     // 3 BitPosition                      

/*0x28A*/                 UINT8        TrimTrigger : 2;                        // 4 BitPosition                      

/*0x28A*/                 UINT8        Spare1 : 2;                             // 6 BitPosition                      

                      };                                                                                             

/*0x28B*/             UINT8        PriorityRegionActive;                                                             

                  };                                                                                                 

              };                                                                                                     

/*0x28C*/     UINT8        CacheManagerActive;                                                                       

/*0x28D*/     UINT8        DisablePageFaultClustering;                                                               

/*0x28E*/     UINT8        ActiveFaultCount;                                                                         

/*0x28F*/     UINT8        LockOrderState;                                                                           

/*0x290*/     ULONG32      AlpcMessageId;                                                                            

              union                                                            // 2 elements, 0x4 bytes (sizeof)     

              {                                                                                                      

/*0x294*/         VOID*        AlpcMessage;                                                                          

/*0x294*/         ULONG32      AlpcReceiveAttributeSet;                                                              

              };                                                                                                     

/*0x298*/     struct _LIST_ENTRY AlpcWaitListEntry;                            // 2 elements, 0x8 bytes (sizeof)     

/*0x2A0*/     ULONG32      CacheManagerCount;                                                                        

/*0x2A4*/     ULONG32      IoBoostCount;                                                                             

/*0x2A8*/     ULONG32      IrpListLock;                                                                              

/*0x2AC*/     VOID*        ReservedForSynchTracking;                                                                 

/*0x2B0*/     struct _SINGLE_LIST_ENTRY CmCallbackListHead;                    // 1 elements, 0x4 bytes (sizeof)     

/*0x2B4*/     UINT8        _PADDING0_[0x4];                                                                          

          }ETHREAD, *PETHREAD;


KPROCESS :
Code:
          typedef struct _KPROCESS                       // 34 elements, 0x98 bytes (sizeof) 

          {                                                                                  

/*0x000*/     struct _DISPATCHER_HEADER Header;          // 30 elements, 0x10 bytes (sizeof) 

/*0x010*/     struct _LIST_ENTRY ProfileListHead;        // 2 elements, 0x8 bytes (sizeof)   

/*0x018*/     ULONG32      DirectoryTableBase;                                               

/*0x01C*/     struct _KGDTENTRY LdtDescriptor;           // 3 elements, 0x8 bytes (sizeof)   

/*0x024*/     struct _KIDTENTRY Int21Descriptor;         // 4 elements, 0x8 bytes (sizeof)   

/*0x02C*/     struct _LIST_ENTRY ThreadListHead;         // 2 elements, 0x8 bytes (sizeof)   

/*0x034*/     ULONG32      ProcessLock;                                                      

/*0x038*/     struct _KAFFINITY_EX Affinity;             // 4 elements, 0xC bytes (sizeof)   

/*0x044*/     struct _LIST_ENTRY ReadyListHead;          // 2 elements, 0x8 bytes (sizeof)   

/*0x04C*/     struct _SINGLE_LIST_ENTRY SwapListEntry;   // 1 elements, 0x4 bytes (sizeof)   

/*0x050*/     struct _KAFFINITY_EX ActiveProcessors;     // 4 elements, 0xC bytes (sizeof)   

              union                                      // 2 elements, 0x4 bytes (sizeof)   

              {                                                                              

                  struct                                 // 5 elements, 0x4 bytes (sizeof)   

                  {                                                                          

/*0x05C*/             LONG32       AutoAlignment : 1;    // 0 BitPosition                    

/*0x05C*/             LONG32       DisableBoost : 1;     // 1 BitPosition                    

/*0x05C*/             LONG32       DisableQuantum : 1;   // 2 BitPosition                    

/*0x05C*/             ULONG32      ActiveGroupsMask : 1; // 3 BitPosition                    

/*0x05C*/             LONG32       ReservedFlags : 28;   // 4 BitPosition                    

                  };                                                                         

/*0x05C*/         LONG32       ProcessFlags;                                                 

              };                                                                             

/*0x060*/     CHAR         BasePriority;                                                     

/*0x061*/     CHAR         QuantumReset;                                                     

/*0x062*/     UINT8        Visited;                                                          

/*0x063*/     UINT8        Unused3;                                                          

/*0x064*/     ULONG32      ThreadSeed[1];                                                    

/*0x068*/     UINT16       IdealNode[1];                                                     

/*0x06A*/     UINT16       IdealGlobalNode;                                                  

/*0x06C*/     union _KEXECUTE_OPTIONS Flags;             // 9 elements, 0x1 bytes (sizeof)   

/*0x06D*/     UINT8        Unused1;                                                          

/*0x06E*/     UINT16       IopmOffset;                                                       

/*0x070*/     ULONG32      Unused4;                                                          

/*0x074*/     union _KSTACK_COUNT StackCount;            // 3 elements, 0x4 bytes (sizeof)   

/*0x078*/     struct _LIST_ENTRY ProcessListEntry;       // 2 elements, 0x8 bytes (sizeof)   

/*0x080*/     UINT64       CycleTime;                                                        

/*0x088*/     ULONG32      KernelTime;                                                       

/*0x08C*/     ULONG32      UserTime;                                                         

/*0x090*/     VOID*        VdmTrapcHandler;                                                  

/*0x094*/     UINT8        _PADDING0_[0x4];                                                  

          }KPROCESS, *PKPROCESS;
GamingMasteR
June 10th, 2009, 20:32
KTHREAD :
Code:
          typedef struct _KTHREAD                                 // 114 elements, 0x200 bytes (sizeof) 

          {                                                                                             

/*0x000*/     struct _DISPATCHER_HEADER Header;                   // 30 elements, 0x10 bytes (sizeof)   

/*0x010*/     UINT64       CycleTime;                                                                   

/*0x018*/     ULONG32      HighCycleTime;                                                               

/*0x01C*/     UINT8        _PADDING0_[0x4];                                                             

/*0x020*/     UINT64       QuantumTarget;                                                               

/*0x028*/     VOID*        InitialStack;                                                                

/*0x02C*/     VOID*        StackLimit;                                                                  

/*0x030*/     VOID*        KernelStack;                                                                 

/*0x034*/     ULONG32      ThreadLock;                                                                  

/*0x038*/     union _KWAIT_STATUS_REGISTER WaitRegister;          // 8 elements, 0x1 bytes (sizeof)     

/*0x039*/     UINT8        Running;                                                                     

/*0x03A*/     UINT8        Alerted[2];                                                                  

              union                                               // 2 elements, 0x4 bytes (sizeof)     

              {                                                                                         

                  struct                                          // 14 elements, 0x4 bytes (sizeof)    

                  {                                                                                     

/*0x03C*/             ULONG32      KernelStackResident : 1;       // 0 BitPosition                      

/*0x03C*/             ULONG32      ReadyTransition : 1;           // 1 BitPosition                      

/*0x03C*/             ULONG32      ProcessReadyQueue : 1;         // 2 BitPosition                      

/*0x03C*/             ULONG32      WaitNext : 1;                  // 3 BitPosition                      

/*0x03C*/             ULONG32      SystemAffinityActive : 1;      // 4 BitPosition                      

/*0x03C*/             ULONG32      Alertable : 1;                 // 5 BitPosition                      

/*0x03C*/             ULONG32      GdiFlushActive : 1;            // 6 BitPosition                      

/*0x03C*/             ULONG32      UserStackWalkActive : 1;       // 7 BitPosition                      

/*0x03C*/             ULONG32      ApcInterruptRequest : 1;       // 8 BitPosition                      

/*0x03C*/             ULONG32      ForceDeferSchedule : 1;        // 9 BitPosition                      

/*0x03C*/             ULONG32      QuantumEndMigrate : 1;         // 10 BitPosition                     

/*0x03C*/             ULONG32      UmsDirectedSwitchEnable : 1;   // 11 BitPosition                     

/*0x03C*/             ULONG32      TimerActive : 1;               // 12 BitPosition                     

/*0x03C*/             ULONG32      Reserved : 19;                 // 13 BitPosition                     

                  };                                                                                    

/*0x03C*/         LONG32       MiscFlags;                                                               

              };                                                                                        

              union                                               // 2 elements, 0x18 bytes (sizeof)    

              {                                                                                         

/*0x040*/         struct _KAPC_STATE ApcState;                    // 5 elements, 0x18 bytes (sizeof)    

                  struct                                          // 2 elements, 0x18 bytes (sizeof)    

                  {                                                                                     

/*0x040*/             UINT8        ApcStateFill[23];                                                    

/*0x057*/             CHAR         Priority;                                                            

                  };                                                                                    

              };                                                                                        

/*0x058*/     ULONG32      NextProcessor;                                                               

/*0x05C*/     ULONG32      DeferredProcessor;                                                           

/*0x060*/     ULONG32      ApcQueueLock;                                                                

/*0x064*/     ULONG32      ContextSwitches;                                                             

/*0x068*/     UINT8        State;                                                                       

/*0x069*/     CHAR         NpxState;                                                                    

/*0x06A*/     UINT8        WaitIrql;                                                                    

/*0x06B*/     CHAR         WaitMode;                                                                    

/*0x06C*/     LONG32       WaitStatus;                                                                  

/*0x070*/     struct _KWAIT_BLOCK* WaitBlockList;                                                       

              union                                               // 2 elements, 0x8 bytes (sizeof)     

              {                                                                                         

/*0x074*/         struct _LIST_ENTRY WaitListEntry;               // 2 elements, 0x8 bytes (sizeof)     

/*0x074*/         struct _SINGLE_LIST_ENTRY SwapListEntry;        // 1 elements, 0x4 bytes (sizeof)     

              };                                                                                        

/*0x07C*/     struct _KQUEUE* Queue;                                                                    

/*0x080*/     ULONG32      WaitTime;                                                                    

              union                                               // 2 elements, 0x4 bytes (sizeof)     

              {                                                                                         

                  struct                                          // 2 elements, 0x4 bytes (sizeof)     

                  {                                                                                     

/*0x084*/             INT16        KernelApcDisable;                                                    

/*0x086*/             INT16        SpecialApcDisable;                                                   

                  };                                                                                    

/*0x084*/         ULONG32      CombinedApcDisable;                                                      

              };                                                                                        

/*0x088*/     VOID*        Teb;                                                                         

/*0x08C*/     UINT8        _PADDING1_[0x4];                                                             

/*0x090*/     struct _KTIMER Timer;                               // 5 elements, 0x28 bytes (sizeof)    

              union                                               // 2 elements, 0x4 bytes (sizeof)     

              {                                                                                         

                  struct                                          // 10 elements, 0x4 bytes (sizeof)    

                  {                                                                                     

/*0x0B8*/             ULONG32      AutoAlignment : 1;             // 0 BitPosition                      

/*0x0B8*/             ULONG32      DisableBoost : 1;              // 1 BitPosition                      

/*0x0B8*/             ULONG32      EtwStackTraceApc1Inserted : 1; // 2 BitPosition                      

/*0x0B8*/             ULONG32      EtwStackTraceApc2Inserted : 1; // 3 BitPosition                      

/*0x0B8*/             ULONG32      CalloutActive : 1;             // 4 BitPosition                      

/*0x0B8*/             ULONG32      ApcQueueable : 1;              // 5 BitPosition                      

/*0x0B8*/             ULONG32      EnableStackSwap : 1;           // 6 BitPosition                      

/*0x0B8*/             ULONG32      GuiThread : 1;                 // 7 BitPosition                      

/*0x0B8*/             ULONG32      UmsPerformingSyscall : 1;      // 8 BitPosition                      

/*0x0B8*/             ULONG32      ReservedFlags : 23;            // 9 BitPosition                      

                  };                                                                                    

/*0x0B8*/         LONG32       ThreadFlags;                                                             

              };                                                                                        

/*0x0BC*/     VOID*        ServiceTable;                                                                

/*0x0C0*/     struct _KWAIT_BLOCK WaitBlock[4];                                                         

/*0x120*/     struct _LIST_ENTRY QueueListEntry;                  // 2 elements, 0x8 bytes (sizeof)     

/*0x128*/     struct _KTRAP_FRAME* TrapFrame;                                                           

/*0x12C*/     VOID*        FirstArgument;                                                               

              union                                               // 2 elements, 0x4 bytes (sizeof)     

              {                                                                                         

/*0x130*/         VOID*        CallbackStack;                                                           

/*0x130*/         ULONG32      CallbackDepth;                                                           

              };                                                                                        

/*0x134*/     UINT8        ApcStateIndex;                                                               

/*0x135*/     CHAR         BasePriority;                                                                

              union                                               // 2 elements, 0x1 bytes (sizeof)     

              {                                                                                         

/*0x136*/         CHAR         PriorityDecrement;                                                       

                  struct                                          // 2 elements, 0x1 bytes (sizeof)     

                  {                                                                                     

/*0x136*/             UINT8        ForegroundBoost : 4;           // 0 BitPosition                      

/*0x136*/             UINT8        UnusualBoost : 4;              // 4 BitPosition                      

                  };                                                                                    

              };                                                                                        

/*0x137*/     UINT8        Preempted;                                                                   

/*0x138*/     UINT8        AdjustReason;                                                                

/*0x139*/     CHAR         AdjustIncrement;                                                             

/*0x13A*/     CHAR         PreviousMode;                                                                

/*0x13B*/     CHAR         Saturation;                                                                  

/*0x13C*/     ULONG32      SystemCallNumber;                                                            

/*0x140*/     ULONG32      FreezeCount;                                                                 

/*0x144*/     struct _GROUP_AFFINITY UserAffinity;                // 3 elements, 0xC bytes (sizeof)     

/*0x150*/     struct _KPROCESS* Process;                                                                

/*0x154*/     struct _GROUP_AFFINITY Affinity;                    // 3 elements, 0xC bytes (sizeof)     

/*0x160*/     ULONG32      IdealProcessor;                                                              

/*0x164*/     ULONG32      UserIdealProcessor;                                                          

/*0x168*/     struct _KAPC_STATE* ApcStatePointer[2];                                                   

              union                                               // 2 elements, 0x18 bytes (sizeof)    

              {                                                                                         

/*0x170*/         struct _KAPC_STATE SavedApcState;               // 5 elements, 0x18 bytes (sizeof)    

                  struct                                          // 2 elements, 0x18 bytes (sizeof)    

                  {                                                                                     

/*0x170*/             UINT8        SavedApcStateFill[23];                                               

/*0x187*/             UINT8        WaitReason;                                                          

                  };                                                                                    

              };                                                                                        

/*0x188*/     CHAR         SuspendCount;                                                                

/*0x189*/     CHAR         Spare1;                                                                      

/*0x18A*/     UINT8        OtherPlatformFill;                                                           

/*0x18B*/     UINT8        _PADDING2_[0x1];                                                             

/*0x18C*/     VOID*        Win32Thread;                                                                 

/*0x190*/     VOID*        StackBase;                                                                   

              union                                               // 7 elements, 0x30 bytes (sizeof)    

              {                                                                                         

/*0x194*/         struct _KAPC SuspendApc;                        // 16 elements, 0x30 bytes (sizeof)   

                  struct                                          // 2 elements, 0x30 bytes (sizeof)    

                  {                                                                                     

/*0x194*/             UINT8        SuspendApcFill0[1];                                                  

/*0x195*/             UINT8        ResourceIndex;                                                       

/*0x196*/             UINT8        _PADDING3_[0x2E];                                                    

                  };                                                                                    

                  struct                                          // 2 elements, 0x30 bytes (sizeof)    

                  {                                                                                     

/*0x194*/             UINT8        SuspendApcFill1[3];                                                  

/*0x197*/             UINT8        QuantumReset;                                                        

/*0x198*/             UINT8        _PADDING4_[0x2C];                                                    

                  };                                                                                    

                  struct                                          // 2 elements, 0x30 bytes (sizeof)    

                  {                                                                                     

/*0x194*/             UINT8        SuspendApcFill2[4];                                                  

/*0x198*/             ULONG32      KernelTime;                                                          

/*0x19C*/             UINT8        _PADDING5_[0x28];                                                    

                  };                                                                                    

                  struct                                          // 2 elements, 0x30 bytes (sizeof)    

                  {                                                                                     

/*0x194*/             UINT8        SuspendApcFill3[36];                                                 

/*0x1B8*/             struct _KPRCB* WaitPrcb;                                                          

/*0x1BC*/             UINT8        _PADDING6_[0x8];                                                     

                  };                                                                                    

                  struct                                          // 2 elements, 0x30 bytes (sizeof)    

                  {                                                                                     

/*0x194*/             UINT8        SuspendApcFill4[40];                                                 

/*0x1BC*/             VOID*        LegoData;                                                            

/*0x1C0*/             UINT8        _PADDING7_[0x4];                                                     

                  };                                                                                    

                  struct                                          // 2 elements, 0x30 bytes (sizeof)    

                  {                                                                                     

/*0x194*/             UINT8        SuspendApcFill5[47];                                                 

/*0x1C3*/             UINT8        LargeStack;                                                          

                  };                                                                                    

              };                                                                                        

/*0x1C4*/     ULONG32      UserTime;                                                                    

              union                                               // 2 elements, 0x14 bytes (sizeof)    

              {                                                                                         

/*0x1C8*/         struct _KSEMAPHORE SuspendSemaphore;            // 2 elements, 0x14 bytes (sizeof)    

/*0x1C8*/         UINT8        SuspendSemaphorefill[20];                                                

              };                                                                                        

/*0x1DC*/     ULONG32      SListFaultCount;                                                             

/*0x1E0*/     struct _LIST_ENTRY ThreadListEntry;                 // 2 elements, 0x8 bytes (sizeof)     

/*0x1E8*/     struct _LIST_ENTRY MutantListHead;                  // 2 elements, 0x8 bytes (sizeof)     

/*0x1F0*/     VOID*        SListFaultAddress;                                                           

/*0x1F4*/     struct _KTHREAD_COUNTERS* ThreadCounters;                                                 

/*0x1F8*/     struct _XSTATE_SAVE* XStateSave;                                                          

/*0x1FC*/     UINT8        _PADDING8_[0x4];                                                             

          }KTHREAD, *PKTHREAD;
GamingMasteR
June 10th, 2009, 20:32
KPRCB :
Code:
           typedef struct _KPRCB                                                   // 245 elements, 0x3628 bytes (sizeof) 

           {                                                                                                              

/*0x000*/      UINT16       MinorVersion;                                                                                 

/*0x002*/      UINT16       MajorVersion;                                                                                 

/*0x004*/      struct _KTHREAD* CurrentThread;                                                                            

/*0x008*/      struct _KTHREAD* NextThread;                                                                               

/*0x00C*/      struct _KTHREAD* IdleThread;                                                                               

/*0x010*/      UINT8        LegacyNumber;                                                                                 

/*0x011*/      UINT8        NestingLevel;                                                                                 

/*0x012*/      UINT16       BuildType;                                                                                    

/*0x014*/      CHAR         CpuType;                                                                                      

/*0x015*/      CHAR         CpuID;                                                                                        

               union                                                               // 2 elements, 0x2 bytes (sizeof)      

               {                                                                                                          

/*0x016*/          UINT16       CpuStep;                                                                                  

                   struct                                                          // 2 elements, 0x2 bytes (sizeof)      

                   {                                                                                                      

/*0x016*/              UINT8        CpuStepping;                                                                          

/*0x017*/              UINT8        CpuModel;                                                                             

                   };                                                                                                     

               };                                                                                                         

/*0x018*/      struct _KPROCESSOR_STATE ProcessorState;                            // 2 elements, 0x320 bytes (sizeof)    

/*0x338*/      ULONG32      KernelReserved[16];                                                                           

/*0x378*/      ULONG32      HalReserved[16];                                                                              

/*0x3B8*/      ULONG32      CFlushSize;                                                                                   

/*0x3BC*/      UINT8        CoresPerPhysicalProcessor;                                                                    

/*0x3BD*/      UINT8        LogicalProcessorsPerCore;                                                                     

/*0x3BE*/      UINT8        PrcbPad0[2];                                                                                  

/*0x3C0*/      ULONG32      MHz;                                                                                          

/*0x3C4*/      UINT8        CpuVendor;                                                                                    

/*0x3C5*/      UINT8        GroupIndex;                                                                                   

/*0x3C6*/      UINT16       Group;                                                                                        

/*0x3C8*/      ULONG32      GroupSetMember;                                                                               

/*0x3CC*/      ULONG32      Number;                                                                                       

/*0x3D0*/      UINT8        PrcbPad1[72];                                                                                 

/*0x418*/      struct _KSPIN_LOCK_QUEUE LockQueue[17];                                                                    

/*0x4A0*/      struct _KTHREAD* NpxThread;                                                                                

/*0x4A4*/      ULONG32      InterruptCount;                                                                               

/*0x4A8*/      ULONG32      KernelTime;                                                                                   

/*0x4AC*/      ULONG32      UserTime;                                                                                     

/*0x4B0*/      ULONG32      DpcTime;                                                                                      

/*0x4B4*/      ULONG32      DpcTimeCount;                                                                                 

/*0x4B8*/      ULONG32      InterruptTime;                                                                                

/*0x4BC*/      ULONG32      AdjustDpcThreshold;                                                                           

/*0x4C0*/      ULONG32      PageColor;                                                                                    

/*0x4C4*/      UINT8        DebuggerSavedIRQL;                                                                            

/*0x4C5*/      UINT8        NodeColor;                                                                                    

/*0x4C6*/      UINT8        PrcbPad20[2];                                                                                 

/*0x4C8*/      ULONG32      NodeShiftedColor;                                                                             

/*0x4CC*/      struct _KNODE* ParentNode;                                                                                 

/*0x4D0*/      ULONG32      SecondaryColorMask;                                                                           

/*0x4D4*/      ULONG32      DpcTimeLimit;                                                                                 

/*0x4D8*/      ULONG32      PrcbPad21[2];                                                                                 

/*0x4E0*/      ULONG32      CcFastReadNoWait;                                                                             

/*0x4E4*/      ULONG32      CcFastReadWait;                                                                               

/*0x4E8*/      ULONG32      CcFastReadNotPossible;                                                                        

/*0x4EC*/      ULONG32      CcCopyReadNoWait;                                                                             

/*0x4F0*/      ULONG32      CcCopyReadWait;                                                                               

/*0x4F4*/      ULONG32      CcCopyReadNoWaitMiss;                                                                         

/*0x4F8*/      LONG32       MmSpinLockOrdering;                                                                           

/*0x4FC*/      LONG32       IoReadOperationCount;                                                                         

/*0x500*/      LONG32       IoWriteOperationCount;                                                                        

/*0x504*/      LONG32       IoOtherOperationCount;                                                                        

/*0x508*/      union _LARGE_INTEGER IoReadTransferCount;                           // 4 elements, 0x8 bytes (sizeof)      

/*0x510*/      union _LARGE_INTEGER IoWriteTransferCount;                          // 4 elements, 0x8 bytes (sizeof)      

/*0x518*/      union _LARGE_INTEGER IoOtherTransferCount;                          // 4 elements, 0x8 bytes (sizeof)      

/*0x520*/      ULONG32      CcFastMdlReadNoWait;                                                                          

/*0x524*/      ULONG32      CcFastMdlReadWait;                                                                            

/*0x528*/      ULONG32      CcFastMdlReadNotPossible;                                                                     

/*0x52C*/      ULONG32      CcMapDataNoWait;                                                                              

/*0x530*/      ULONG32      CcMapDataWait;                                                                                

/*0x534*/      ULONG32      CcPinMappedDataCount;                                                                         

/*0x538*/      ULONG32      CcPinReadNoWait;                                                                              

/*0x53C*/      ULONG32      CcPinReadWait;                                                                                

/*0x540*/      ULONG32      CcMdlReadNoWait;                                                                              

/*0x544*/      ULONG32      CcMdlReadWait;                                                                                

/*0x548*/      ULONG32      CcLazyWriteHotSpots;                                                                          

/*0x54C*/      ULONG32      CcLazyWriteIos;                                                                               

/*0x550*/      ULONG32      CcLazyWritePages;                                                                             

/*0x554*/      ULONG32      CcDataFlushes;                                                                                

/*0x558*/      ULONG32      CcDataPages;                                                                                  

/*0x55C*/      ULONG32      CcLostDelayedWrites;                                                                          

/*0x560*/      ULONG32      CcFastReadResourceMiss;                                                                       

/*0x564*/      ULONG32      CcCopyReadWaitMiss;                                                                           

/*0x568*/      ULONG32      CcFastMdlReadResourceMiss;                                                                    

/*0x56C*/      ULONG32      CcMapDataNoWaitMiss;                                                                          

/*0x570*/      ULONG32      CcMapDataWaitMiss;                                                                            

/*0x574*/      ULONG32      CcPinReadNoWaitMiss;                                                                          

/*0x578*/      ULONG32      CcPinReadWaitMiss;                                                                            

/*0x57C*/      ULONG32      CcMdlReadNoWaitMiss;                                                                          

/*0x580*/      ULONG32      CcMdlReadWaitMiss;                                                                            

/*0x584*/      ULONG32      CcReadAheadIos;                                                                               

/*0x588*/      ULONG32      KeAlignmentFixupCount;                                                                        

/*0x58C*/      ULONG32      KeExceptionDispatchCount;                                                                     

/*0x590*/      ULONG32      KeSystemCalls;                                                                                

/*0x594*/      ULONG32      AvailableTime;                                                                                

/*0x598*/      ULONG32      PrcbPad22[2];                                                                                 

/*0x5A0*/      struct _PP_LOOKASIDE_LIST PPLookasideList[16];                                                             

/*0x620*/      struct _GENERAL_LOOKASIDE_POOL PPNPagedLookasideList[32];                                                  

/*0xF20*/      struct _GENERAL_LOOKASIDE_POOL PPPagedLookasideList[32];                                                   

/*0x1820*/     ULONG32      PacketBarrier;                                                                                

/*0x1824*/     LONG32       ReverseStall;                                                                                 

/*0x1828*/     VOID*        IpiFrame;                                                                                     

/*0x182C*/     UINT8        PrcbPad3[52];                                                                                 

/*0x1860*/     VOID*        CurrentPacket[3];                                                                             

/*0x186C*/     ULONG32      TargetSet;                                                                                    

/*0x1870*/     FUNCT_00A4_0668_WorkerRoutine* WorkerRoutine;                                                              

/*0x1874*/     ULONG32      IpiFrozen;                                                                                    

/*0x1878*/     UINT8        PrcbPad4[40];                                                                                 

/*0x18A0*/     ULONG32      RequestSummary;                                                                               

/*0x18A4*/     struct _KPRCB* SignalDone;                                                                                 

/*0x18A8*/     UINT8        PrcbPad50[56];                                                                                

/*0x18E0*/     struct _KDPC_DATA DpcData[2];                                                                              

/*0x1908*/     VOID*        DpcStack;                                                                                     

/*0x190C*/     LONG32       MaximumDpcQueueDepth;                                                                         

/*0x1910*/     ULONG32      DpcRequestRate;                                                                               

/*0x1914*/     ULONG32      MinimumDpcRate;                                                                               

/*0x1918*/     ULONG32      DpcLastCount;                                                                                 

/*0x191C*/     ULONG32      PrcbLock;                                                                                     

/*0x1920*/     struct _KGATE DpcGate;                                              // 1 elements, 0x10 bytes (sizeof)     

/*0x1930*/     UINT8        ThreadDpcEnable;                                                                              

/*0x1931*/     UINT8        QuantumEnd;                                                                                   

/*0x1932*/     UINT8        DpcRoutineActive;                                                                             

/*0x1933*/     UINT8        IdleSchedule;                                                                                 

               union                                                               // 3 elements, 0x4 bytes (sizeof)      

               {                                                                                                          

/*0x1934*/         LONG32       DpcRequestSummary;                                                                        

/*0x1934*/         INT16        DpcRequestSlot[2];                                                                        

                   struct                                                          // 2 elements, 0x4 bytes (sizeof)      

                   {                                                                                                      

/*0x1934*/             INT16        NormalDpcState;                                                                       

                       union                                                       // 2 elements, 0x2 bytes (sizeof)      

                       {                                                                                                  

/*0x1936*/                 UINT16       DpcThreadActive : 1;                       // 0 BitPosition                       

/*0x1936*/                 INT16        ThreadDpcState;                                                                   

                       };                                                                                                 

                   };                                                                                                     

               };                                                                                                         

/*0x1938*/     ULONG32      TimerHand;                                                                                    

/*0x193C*/     ULONG32      LastTick;                                                                                     

/*0x1940*/     LONG32       MasterOffset;                                                                                 

/*0x1944*/     ULONG32      PrcbPad41[2];                                                                                 

/*0x194C*/     ULONG32      PeriodicCount;                                                                                

/*0x1950*/     ULONG32      PeriodicBias;                                                                                 

/*0x1954*/     UINT8        _PADDING0_[0x4];                                                                              

/*0x1958*/     UINT64       TickOffset;                                                                                   

/*0x1960*/     struct _KTIMER_TABLE TimerTable;                                    // 2 elements, 0x1840 bytes (sizeof)   

/*0x31A0*/     struct _KDPC CallDpc;                                               // 9 elements, 0x20 bytes (sizeof)     

/*0x31C0*/     LONG32       ClockKeepAlive;                                                                               

/*0x31C4*/     UINT8        ClockCheckSlot;                                                                               

/*0x31C5*/     UINT8        ClockPollCycle;                                                                               

/*0x31C6*/     UINT8        PrcbPad6[2];                                                                                  

/*0x31C8*/     LONG32       DpcWatchdogPeriod;                                                                            

/*0x31CC*/     LONG32       DpcWatchdogCount;                                                                             

/*0x31D0*/     LONG32       ThreadWatchdogPeriod;                                                                         

/*0x31D4*/     LONG32       ThreadWatchdogCount;                                                                          

/*0x31D8*/     LONG32       KeSpinLockOrdering;                                                                           

/*0x31DC*/     ULONG32      PrcbPad70[1];                                                                                 

/*0x31E0*/     struct _LIST_ENTRY WaitListHead;                                    // 2 elements, 0x8 bytes (sizeof)      

/*0x31E8*/     ULONG32      WaitLock;                                                                                     

/*0x31EC*/     ULONG32      ReadySummary;                                                                                 

/*0x31F0*/     ULONG32      QueueIndex;                                                                                   

/*0x31F4*/     struct _SINGLE_LIST_ENTRY DeferredReadyListHead;                    // 1 elements, 0x4 bytes (sizeof)      

/*0x31F8*/     UINT64       StartCycles;                                                                                  

/*0x3200*/     UINT64       CycleTime;                                                                                    

/*0x3208*/     ULONG32      HighCycleTime;                                                                                

/*0x320C*/     ULONG32      PrcbPad71;                                                                                    

/*0x3210*/     UINT64       PrcbPad72[2];                                                                                 

/*0x3220*/     struct _LIST_ENTRY DispatcherReadyListHead[32];                                                            

/*0x3320*/     VOID*        ChainedInterruptList;                                                                         

/*0x3324*/     LONG32       LookasideIrpFloat;                                                                            

/*0x3328*/     LONG32       MmPageFaultCount;                                                                             

/*0x332C*/     LONG32       MmCopyOnWriteCount;                                                                           

/*0x3330*/     LONG32       MmTransitionCount;                                                                            

/*0x3334*/     LONG32       MmCacheTransitionCount;                                                                       

/*0x3338*/     LONG32       MmDemandZeroCount;                                                                            

/*0x333C*/     LONG32       MmPageReadCount;                                                                              

/*0x3340*/     LONG32       MmPageReadIoCount;                                                                            

/*0x3344*/     LONG32       MmCacheReadCount;                                                                             

/*0x3348*/     LONG32       MmCacheIoCount;                                                                               

/*0x334C*/     LONG32       MmDirtyPagesWriteCount;                                                                       

/*0x3350*/     LONG32       MmDirtyWriteIoCount;                                                                          

/*0x3354*/     LONG32       MmMappedPagesWriteCount;                                                                      

/*0x3358*/     LONG32       MmMappedWriteIoCount;                                                                         

/*0x335C*/     ULONG32      CachedCommit;                                                                                 

/*0x3360*/     ULONG32      CachedResidentAvailable;                                                                      

/*0x3364*/     VOID*        HyperPte;                                                                                     

/*0x3368*/     UINT8        PrcbPad8[4];                                                                                  

/*0x336C*/     UINT8        VendorString[13];                                                                             

/*0x3379*/     UINT8        InitialApicId;                                                                                

/*0x337A*/     UINT8        LogicalProcessorsPerPhysicalProcessor;                                                        

/*0x337B*/     UINT8        PrcbPad9[5];                                                                                  

/*0x3380*/     ULONG32      FeatureBits;                                                                                  

/*0x3384*/     UINT8        _PADDING1_[0x4];                                                                              

/*0x3388*/     union _LARGE_INTEGER UpdateSignature;                               // 4 elements, 0x8 bytes (sizeof)      

/*0x3390*/     UINT64       IsrTime;                                                                                      

/*0x3398*/     UINT64       RuntimeAccumulation;                                                                          

/*0x33A0*/     struct _PROCESSOR_POWER_STATE PowerState;                           // 27 elements, 0xC8 bytes (sizeof)    

/*0x3468*/     struct _KDPC DpcWatchdogDpc;                                        // 9 elements, 0x20 bytes (sizeof)     

/*0x3488*/     struct _KTIMER DpcWatchdogTimer;                                    // 5 elements, 0x28 bytes (sizeof)     

/*0x34B0*/     VOID*        WheaInfo;                                                                                     

/*0x34B4*/     VOID*        EtwSupport;                                                                                   

/*0x34B8*/     union _SLIST_HEADER InterruptObjectPool;                            // 4 elements, 0x8 bytes (sizeof)      

/*0x34C0*/     union _SLIST_HEADER HypercallPageList;                              // 4 elements, 0x8 bytes (sizeof)      

/*0x34C8*/     VOID*        HypercallPageVirtual;                                                                         

/*0x34CC*/     VOID*        VirtualApicAssist;                                                                            

/*0x34D0*/     UINT64*      StatisticsPage;                                                                               

/*0x34D4*/     VOID*        RateControl;                                                                                  

/*0x34D8*/     struct _CACHE_DESCRIPTOR Cache[5];                                                                         

/*0x3514*/     ULONG32      CacheCount;                                                                                   

/*0x3518*/     ULONG32      CacheProcessorMask[5];                                                                        

/*0x352C*/     struct _KAFFINITY_EX PackageProcessorSet;                           // 4 elements, 0xC bytes (sizeof)      

/*0x3538*/     ULONG32      PrcbPad91[1];                                                                                 

/*0x353C*/     ULONG32      CoreProcessorSet;                                                                             

/*0x3540*/     struct _KDPC TimerExpirationDpc;                                    // 9 elements, 0x20 bytes (sizeof)     

/*0x3560*/     ULONG32      SpinLockAcquireCount;                                                                         

/*0x3564*/     ULONG32      SpinLockContentionCount;                                                                      

/*0x3568*/     ULONG32      SpinLockSpinCount;                                                                            

/*0x356C*/     ULONG32      IpiSendRequestBroadcastCount;                                                                 

/*0x3570*/     ULONG32      IpiSendRequestRoutineCount;                                                                   

/*0x3574*/     ULONG32      IpiSendSoftwareInterruptCount;                                                                

/*0x3578*/     ULONG32      ExInitializeResourceCount;                                                                    

/*0x357C*/     ULONG32      ExReInitializeResourceCount;                                                                  

/*0x3580*/     ULONG32      ExDeleteResourceCount;                                                                        

/*0x3584*/     ULONG32      ExecutiveResourceAcquiresCount;                                                               

/*0x3588*/     ULONG32      ExecutiveResourceContentionsCount;                                                            

/*0x358C*/     ULONG32      ExecutiveResourceReleaseExclusiveCount;                                                       

/*0x3590*/     ULONG32      ExecutiveResourceReleaseSharedCount;                                                          

/*0x3594*/     ULONG32      ExecutiveResourceConvertsCount;                                                               

/*0x3598*/     ULONG32      ExAcqResExclusiveAttempts;                                                                    

/*0x359C*/     ULONG32      ExAcqResExclusiveAcquiresExclusive;                                                           

/*0x35A0*/     ULONG32      ExAcqResExclusiveAcquiresExclusiveRecursive;                                                  

/*0x35A4*/     ULONG32      ExAcqResExclusiveWaits;                                                                       

/*0x35A8*/     ULONG32      ExAcqResExclusiveNotAcquires;                                                                 

/*0x35AC*/     ULONG32      ExAcqResSharedAttempts;                                                                       

/*0x35B0*/     ULONG32      ExAcqResSharedAcquiresExclusive;                                                              

/*0x35B4*/     ULONG32      ExAcqResSharedAcquiresShared;                                                                 

/*0x35B8*/     ULONG32      ExAcqResSharedAcquiresSharedRecursive;                                                        

/*0x35BC*/     ULONG32      ExAcqResSharedWaits;                                                                          

/*0x35C0*/     ULONG32      ExAcqResSharedNotAcquires;                                                                    

/*0x35C4*/     ULONG32      ExAcqResSharedStarveExclusiveAttempts;                                                        

/*0x35C8*/     ULONG32      ExAcqResSharedStarveExclusiveAcquiresExclusive;                                               

/*0x35CC*/     ULONG32      ExAcqResSharedStarveExclusiveAcquiresShared;                                                  

/*0x35D0*/     ULONG32      ExAcqResSharedStarveExclusiveAcquiresSharedRecursive;                                         

/*0x35D4*/     ULONG32      ExAcqResSharedStarveExclusiveWaits;                                                           

/*0x35D8*/     ULONG32      ExAcqResSharedStarveExclusiveNotAcquires;                                                     

/*0x35DC*/     ULONG32      ExAcqResSharedWaitForExclusiveAttempts;                                                       

/*0x35E0*/     ULONG32      ExAcqResSharedWaitForExclusiveAcquiresExclusive;                                              

/*0x35E4*/     ULONG32      ExAcqResSharedWaitForExclusiveAcquiresShared;                                                 

/*0x35E8*/     ULONG32      ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive;                                        

/*0x35EC*/     ULONG32      ExAcqResSharedWaitForExclusiveWaits;                                                          

/*0x35F0*/     ULONG32      ExAcqResSharedWaitForExclusiveNotAcquires;                                                    

/*0x35F4*/     ULONG32      ExSetResOwnerPointerExclusive;                                                                

/*0x35F8*/     ULONG32      ExSetResOwnerPointerSharedNew;                                                                

/*0x35FC*/     ULONG32      ExSetResOwnerPointerSharedOld;                                                                

/*0x3600*/     ULONG32      ExTryToAcqExclusiveAttempts;                                                                  

/*0x3604*/     ULONG32      ExTryToAcqExclusiveAcquires;                                                                  

/*0x3608*/     ULONG32      ExBoostExclusiveOwner;                                                                        

/*0x360C*/     ULONG32      ExBoostSharedOwners;                                                                          

/*0x3610*/     ULONG32      ExEtwSynchTrackingNotificationsCount;                                                         

/*0x3614*/     ULONG32      ExEtwSynchTrackingNotificationsAccountedCount;                                                

/*0x3618*/     struct _CONTEXT* Context;                                                                                  

/*0x361C*/     ULONG32      ContextFlags;                                                                                 

/*0x3620*/     struct _XSAVE_AREA* ExtendedState;                                                                         

/*0x3624*/     UINT8        _PADDING2_[0x4];                                                                              

           }KPRCB, *PKPRCB;