Created
August 26, 2013 21:16
-
-
Save greenboxal/6346759 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Address Ordinal Name Library | |
| ------- ------- ---- ------- | |
| 4A781000 AllocateAndInitializeSid ADVAPI32 | |
| 4A781004 InitializeAcl ADVAPI32 | |
| 4A781008 RegCloseKey ADVAPI32 | |
| 4A78100C RegOpenKeyExW ADVAPI32 | |
| 4A781010 GetTokenInformation ADVAPI32 | |
| 4A781014 GetLengthSid ADVAPI32 | |
| 4A781018 LsaLookupNames ADVAPI32 | |
| 4A78101C AddAccessAllowedAce ADVAPI32 | |
| 4A781020 FreeSid ADVAPI32 | |
| 4A781024 CryptGenRandom ADVAPI32 | |
| 4A781028 LsaCreateSecret ADVAPI32 | |
| 4A78102C LsaSetSecret ADVAPI32 | |
| 4A781030 LsaOpenSecret ADVAPI32 | |
| 4A781034 LsaQuerySecret ADVAPI32 | |
| 4A781038 CryptAcquireContextW ADVAPI32 | |
| 4A78103C RegQueryValueExW ADVAPI32 | |
| 4A781040 RegNotifyChangeKeyValue ADVAPI32 | |
| 4A781044 ImpersonateLoggedOnUser ADVAPI32 | |
| 4A781048 CreateProcessAsUserW ADVAPI32 | |
| 4A78104C RevertToSelf ADVAPI32 | |
| 4A781050 LsaOpenAccount ADVAPI32 | |
| 4A781054 LsaEnumeratePrivilegesOfAccount ADVAPI32 | |
| 4A781058 LsaClose ADVAPI32 | |
| 4A78105C LsaOpenPolicy ADVAPI32 | |
| 4A781060 LsaQueryInformationPolicy ADVAPI32 | |
| 4A781064 LsaFreeMemory ADVAPI32 | |
| 4A781068 LsaLookupSids ADVAPI32 | |
| 4A78106C LsaQueryTrustedDomainInfo ADVAPI32 | |
| 4A781070 LsaEnumerateTrustedDomains ADVAPI32 | |
| 4A781074 RegisterEventSourceA ADVAPI32 | |
| 4A781078 ReportEventA ADVAPI32 | |
| 4A78107C LsaLookupPrivilegeValue ADVAPI32 | |
| 4A781080 LogonUserW ADVAPI32 | |
| 4A781084 SetKernelObjectSecurity ADVAPI32 | |
| 4A781088 SetSecurityDescriptorDacl ADVAPI32 | |
| 4A78108C InitializeSecurityDescriptor ADVAPI32 | |
| 4A781094 ResumeThread KERNEL32 | |
| 4A781098 GlobalAlloc KERNEL32 | |
| 4A78109C SetThreadPriority KERNEL32 | |
| 4A7810A0 DeleteCriticalSection KERNEL32 | |
| 4A7810A4 FreeLibrary KERNEL32 | |
| 4A7810A8 GetModuleHandleA KERNEL32 | |
| 4A7810AC Sleep KERNEL32 | |
| 4A7810B0 GetLastError KERNEL32 | |
| 4A7810B4 SetPriorityClass KERNEL32 | |
| 4A7810B8 CloseHandle KERNEL32 | |
| 4A7810BC CreateProcessW KERNEL32 | |
| 4A7810C0 CreateThread KERNEL32 | |
| 4A7810C4 ExitThread KERNEL32 | |
| 4A7810C8 GetProcAddress KERNEL32 | |
| 4A7810CC LoadLibraryExW KERNEL32 | |
| 4A7810D0 GetSystemDirectoryW KERNEL32 | |
| 4A7810D4 GetComputerNameW KERNEL32 | |
| 4A7810D8 FindClose KERNEL32 | |
| 4A7810DC FindFirstFileW KERNEL32 | |
| 4A7810E0 FindFirstFileExW KERNEL32 | |
| 4A7810E4 SetFilePointer KERNEL32 | |
| 4A7810E8 CreatePipe KERNEL32 | |
| 4A7810EC GetExitCodeProcess KERNEL32 | |
| 4A7810F0 WaitForSingleObject KERNEL32 | |
| 4A7810F4 ReadFile KERNEL32 | |
| 4A7810F8 CreateFileA KERNEL32 | |
| 4A7810FC EnterCriticalSection KERNEL32 | |
| 4A781100 GlobalFree KERNEL32 | |
| 4A781104 LocalFree KERNEL32 | |
| 4A781108 LeaveCriticalSection KERNEL32 | |
| 4A78110C InitializeCriticalSection KERNEL32 | |
| 4A781114 WNetEnumResourceW MPR | |
| 4A781118 WNetGetLastErrorA MPR | |
| 4A78111C WNetCloseEnum MPR | |
| 4A781120 WNetOpenEnumW MPR | |
| 4A781128 wcspbrk MSVCRT | |
| 4A78112C _except_handler3 MSVCRT | |
| 4A781130 free MSVCRT | |
| 4A781134 _vsnprintf MSVCRT | |
| 4A781138 wcscspn MSVCRT | |
| 4A78113C malloc MSVCRT | |
| 4A781140 exit MSVCRT | |
| 4A781144 __p___initenv MSVCRT | |
| 4A781148 __getmainargs MSVCRT | |
| 4A78114C _initterm MSVCRT | |
| 4A781150 __setusermatherr MSVCRT | |
| 4A781154 _XcptFilter MSVCRT | |
| 4A781158 __p__fmode MSVCRT | |
| 4A78115C _adjust_fdiv MSVCRT | |
| 4A781160 __p__commode MSVCRT | |
| 4A781164 __set_app_type MSVCRT | |
| 4A781168 _controlfp MSVCRT | |
| 4A78116C _wcsnicmp MSVCRT | |
| 4A781170 towupper MSVCRT | |
| 4A781174 swprintf MSVCRT | |
| 4A781178 iswctype MSVCRT | |
| 4A78117C swscanf MSVCRT | |
| 4A781180 wcsrchr MSVCRT | |
| 4A781184 strchr MSVCRT | |
| 4A781188 strncat MSVCRT | |
| 4A78118C _exit MSVCRT | |
| 4A781190 isprint MSVCRT | |
| 4A781194 wcsncpy MSVCRT | |
| 4A781198 strncmp MSVCRT | |
| 4A78119C strncpy MSVCRT | |
| 4A7811A0 strrchr MSVCRT | |
| 4A7811A4 wcsncmp MSVCRT | |
| 4A7811A8 memmove MSVCRT | |
| 4A7811AC wcscat MSVCRT | |
| 4A7811B0 wcschr MSVCRT | |
| 4A7811B4 _wcsicmp MSVCRT | |
| 4A7811B8 _wcsdup MSVCRT | |
| 4A7811BC towlower MSVCRT | |
| 4A7811C0 wcscmp MSVCRT | |
| 4A7811C4 wcslen MSVCRT | |
| 4A7811C8 _snwprintf MSVCRT | |
| 4A7811CC wcscpy MSVCRT | |
| 4A7811D0 sprintf MSVCRT | |
| 4A7811D4 _snprintf MSVCRT | |
| 4A7811D8 fprintf MSVCRT | |
| 4A7811DC _lseek MSVCRT | |
| 4A7811E0 _iob MSVCRT | |
| 4A7811E4 perror MSVCRT | |
| 4A7811E8 time MSVCRT | |
| 4A7811EC _getpid MSVCRT | |
| 4A7811F4 NetUserChangePassword NETAPI32 | |
| 4A7811F8 NetApiBufferFree NETAPI32 | |
| 4A7811FC NetWkstaGetInfo NETAPI32 | |
| 4A781200 DsGetDcNameW NETAPI32 | |
| 4A781208 EnumProcesses PSAPI | |
| 4A781210 SamEnumerateGroupsInDomain SAMLIB | |
| 4A781214 SamQueryInformationGroup SAMLIB | |
| 4A781218 SamOpenAlias SAMLIB | |
| 4A78121C SamOpenGroup SAMLIB | |
| 4A781220 SamGetGroupsForUser SAMLIB | |
| 4A781224 SamGetAliasMembership SAMLIB | |
| 4A781228 SamGetMembersInAlias SAMLIB | |
| 4A78122C SamQueryInformationAlias SAMLIB | |
| 4A781230 SamEnumerateAliasesInDomain SAMLIB | |
| 4A781234 SamEnumerateUsersInDomain SAMLIB | |
| 4A781238 SamOpenUser SAMLIB | |
| 4A78123C SamQueryInformationUser SAMLIB | |
| 4A781240 SamFreeMemory SAMLIB | |
| 4A781244 SamOpenDomain SAMLIB | |
| 4A781248 SamConnect SAMLIB | |
| 4A78124C SamCloseHandle SAMLIB | |
| 4A781250 SamGetMembersInGroup SAMLIB | |
| 4A781258 CloseWindowStation USER32 | |
| 4A78125C GetMessageA USER32 | |
| 4A781260 CreateWindowExA USER32 | |
| 4A781264 RegisterClassA USER32 | |
| 4A781268 DefWindowProcA USER32 | |
| 4A78126C CreateDesktopW USER32 | |
| 4A781270 SetProcessWindowStation USER32 | |
| 4A781274 CreateWindowStationW USER32 | |
| 4A781278 OpenWindowStationW USER32 | |
| 4A78127C GetProcessWindowStation USER32 | |
| 4A781280 LoadStringA USER32 | |
| 4A781284 CloseDesktop USER32 | |
| 4A78128C LoadUserProfileW USERENV | |
| 4A781294 8 __imp_htonl WSOCK32 | |
| 4A781298 19 __imp_send WSOCK32 | |
| 4A78129C 14 __imp_ntohl WSOCK32 | |
| 4A7812A0 9 __imp_htons WSOCK32 | |
| 4A7812A4 10 __imp_inet_addr WSOCK32 | |
| 4A7812A8 11 __imp_inet_ntoa WSOCK32 | |
| 4A7812AC 22 __imp_shutdown WSOCK32 | |
| 4A7812B0 13 __imp_listen WSOCK32 | |
| 4A7812B4 6 __imp_getsockname WSOCK32 | |
| 4A7812B8 5 __imp_getpeername WSOCK32 | |
| 4A7812BC 23 __imp_socket WSOCK32 | |
| 4A7812C0 2 __imp_bind WSOCK32 | |
| 4A7812C4 115 __imp_WSAStartup WSOCK32 | |
| 4A7812C8 18 __imp_select WSOCK32 | |
| 4A7812CC 151 __imp___WSAFDIsSet WSOCK32 | |
| 4A7812D0 101 __imp_WSAAsyncSelect WSOCK32 | |
| 4A7812D4 12 __imp_ioctlsocket WSOCK32 | |
| 4A7812D8 20 __imp_sendto WSOCK32 | |
| 4A7812DC 16 __imp_recv WSOCK32 | |
| 4A7812E0 17 __imp_recvfrom WSOCK32 | |
| 4A7812E4 4 __imp_connect WSOCK32 | |
| 4A7812E8 21 __imp_setsockopt WSOCK32 | |
| 4A7812EC 7 __imp_getsockopt WSOCK32 | |
| 4A7812F0 1 __imp_accept WSOCK32 | |
| 4A7812F4 3 __imp_closesocket WSOCK32 | |
| 4A7812F8 56 __imp_getservbyport WSOCK32 | |
| 4A7812FC 55 __imp_getservbyname WSOCK32 | |
| 4A781300 54 __imp_getprotobynumber WSOCK32 | |
| 4A781304 53 __imp_getprotobyname WSOCK32 | |
| 4A781308 51 __imp_gethostbyaddr WSOCK32 | |
| 4A78130C 52 __imp_gethostbyname WSOCK32 | |
| 4A781310 111 __imp_WSAGetLastError WSOCK32 | |
| 4A781318 RtlEqualPrefixSid ntdll | |
| 4A78131C RtlxAnsiStringToUnicodeSize ntdll | |
| 4A781320 RtlDeNormalizeProcessParams ntdll | |
| 4A781324 RtlGetDaclSecurityDescriptor ntdll | |
| 4A781328 RtlGetGroupSecurityDescriptor ntdll | |
| 4A78132C RtlSubAuthorityCountSid ntdll | |
| 4A781330 RtlGetOwnerSecurityDescriptor ntdll | |
| 4A781334 NtQuerySecurityObject ntdll | |
| 4A781338 NtAdjustPrivilegesToken ntdll | |
| 4A78133C NtAllocateVirtualMemory ntdll | |
| 4A781340 NtCreateProcess ntdll | |
| 4A781344 NtQuerySection ntdll | |
| 4A781348 NtQueryEaFile ntdll | |
| 4A78134C NtSetSystemTime ntdll | |
| 4A781350 RtlSecondsSince1970ToTime ntdll | |
| 4A781354 NtOpenSymbolicLinkObject ntdll | |
| 4A781358 RtlInitializeCriticalSectionAndSpinCount ntdll | |
| 4A78135C NtQuerySymbolicLinkObject ntdll | |
| 4A781360 RtlIntegerToUnicodeString ntdll | |
| 4A781364 NtFlushBuffersFile ntdll | |
| 4A781368 NtFsControlFile ntdll | |
| 4A78136C NtSetSecurityObject ntdll | |
| 4A781370 RtlSelfRelativeToAbsoluteSD ntdll | |
| 4A781374 RtlGetControlSecurityDescriptor ntdll | |
| 4A781378 RtlSetOwnerSecurityDescriptor ntdll | |
| 4A78137C RtlSetGroupSecurityDescriptor ntdll | |
| 4A781380 RtlAdjustPrivilege ntdll | |
| 4A781384 RtlPrefixUnicodeString ntdll | |
| 4A781388 RtlAppendUnicodeToString ntdll | |
| 4A78138C RtlCharToInteger ntdll | |
| 4A781390 RtlLengthRequiredSid ntdll | |
| 4A781394 RtlSubAuthoritySid ntdll | |
| 4A781398 NtDelayExecution ntdll | |
| 4A78139C NtOpenThreadToken ntdll | |
| 4A7813A0 NtDeviceIoControlFile ntdll | |
| 4A7813A4 NtCancelTimer ntdll | |
| 4A7813A8 NtQueryTimer ntdll | |
| 4A7813AC RtlCopySid ntdll | |
| 4A7813B0 NtSetTimer ntdll | |
| 4A7813B4 NtAllocateLocallyUniqueId ntdll | |
| 4A7813B8 NtCreateToken ntdll | |
| 4A7813BC NtCreateNamedPipeFile ntdll | |
| 4A7813C0 RtlCreateUnicodeStringFromAsciiz ntdll | |
| 4A7813C4 NtYieldExecution ntdll | |
| 4A7813C8 NtSetInformationObject ntdll | |
| 4A7813CC NtEnumerateKey ntdll | |
| 4A7813D0 NtQueryValueKey ntdll | |
| 4A7813D4 RtlQueryTimeZoneInformation ntdll | |
| 4A7813D8 NtWaitForMultipleObjects ntdll | |
| 4A7813DC NtConnectPort ntdll | |
| 4A7813E0 RtlFreeAnsiString ntdll | |
| 4A7813E4 NtFlushVirtualMemory ntdll | |
| 4A7813E8 NtQueueApcThread ntdll | |
| 4A7813EC NtTerminateThread ntdll | |
| 4A7813F0 RtlFreeUserThreadStack ntdll | |
| 4A7813F4 NtLoadDriver ntdll | |
| 4A7813F8 RtlInitializeContext ntdll | |
| 4A7813FC RtlFreeHeap ntdll | |
| 4A781400 RtlAnsiStringToUnicodeString ntdll | |
| 4A781404 RtlInitializeSid ntdll | |
| 4A781408 RtlIdentifierAuthoritySid ntdll | |
| 4A78140C NtSetInformationThread ntdll | |
| 4A781410 NlsMbCodePageTag ntdll | |
| 4A781414 RtlxUnicodeStringToAnsiSize ntdll | |
| 4A781418 RtlUnicodeStringToAnsiString ntdll | |
| 4A78141C NtProtectVirtualMemory ntdll | |
| 4A781420 NtSetContextThread ntdll | |
| 4A781424 NtQueryVirtualMemory ntdll | |
| 4A781428 NtOpenThread ntdll | |
| 4A78142C NtSetInformationProcess ntdll | |
| 4A781430 NtTerminateProcess ntdll | |
| 4A781434 NtOpenProcessToken ntdll | |
| 4A781438 NtQueryInformationToken ntdll | |
| 4A78143C NtSuspendThread ntdll | |
| 4A781440 NtQuerySystemInformation ntdll | |
| 4A781444 NtQueryVolumeInformationFile ntdll | |
| 4A781448 NtSetInformationFile ntdll | |
| 4A78144C NtQueryDirectoryFile ntdll | |
| 4A781450 NtCreateFile ntdll | |
| 4A781454 NtReadFile ntdll | |
| 4A781458 NtQueryInformationFile ntdll | |
| 4A78145C NtImpersonateClientOfPort ntdll | |
| 4A781460 NtSetEaFile ntdll | |
| 4A781464 RtlImpersonateSelf ntdll | |
| 4A781468 NtOpenFile ntdll | |
| 4A78146C RtlConvertSidToUnicodeString ntdll | |
| 4A781470 RtlReAllocateHeap ntdll | |
| 4A781474 NtOpenKey ntdll | |
| 4A781478 NtNotifyChangeKey ntdll | |
| 4A78147C RtlEqualDomainName ntdll | |
| 4A781480 NtWriteFile ntdll | |
| 4A781484 NtCreateThread ntdll | |
| 4A781488 NtCreateTimer ntdll | |
| 4A78148C NtOpenSection ntdll | |
| 4A781490 RtlFreeUnicodeString ntdll | |
| 4A781494 NtClose ntdll | |
| 4A781498 NtOpenProcess ntdll | |
| 4A78149C NtResetEvent ntdll | |
| 4A7814A0 NtRequestPort ntdll | |
| 4A7814A4 RtlCreateHeap ntdll | |
| 4A7814A8 RtlDestroyHeap ntdll | |
| 4A7814AC NtUnmapViewOfSection ntdll | |
| 4A7814B0 RtlInitAnsiString ntdll | |
| 4A7814B4 NtResumeThread ntdll | |
| 4A7814B8 RtlLengthSid ntdll | |
| 4A7814BC RtlCreateAcl ntdll | |
| 4A7814C0 RtlAddAccessAllowedAce ntdll | |
| 4A7814C4 RtlAddAccessDeniedAce ntdll | |
| 4A7814C8 NtAlertThread ntdll | |
| 4A7814CC NtWaitForSingleObject ntdll | |
| 4A7814D0 NtCreateEvent ntdll | |
| 4A7814D4 DbgPrint ntdll | |
| 4A7814D8 DbgBreakPoint ntdll | |
| 4A7814DC RtlAllocateHeap ntdll | |
| 4A7814E0 NtReplyWaitReceivePort ntdll | |
| 4A7814E4 NtQueryInformationProcess ntdll | |
| 4A7814E8 RtlExtendedLargeIntegerDivide ntdll | |
| 4A7814EC NtQuerySystemTime ntdll | |
| 4A7814F0 NtFreeVirtualMemory ntdll | |
| 4A7814F4 NtQueryInformationThread ntdll | |
| 4A7814F8 NtGetContextThread ntdll | |
| 4A7814FC NtReplyPort ntdll | |
| 4A781500 NtDuplicateObject ntdll | |
| 4A781504 NtMapViewOfSection ntdll | |
| 4A781508 RtlEnterCriticalSection ntdll | |
| 4A78150C RtlLeaveCriticalSection ntdll | |
| 4A781510 NtAcceptConnectPort ntdll | |
| 4A781514 NtCompleteConnectPort ntdll | |
| 4A781518 RtlInitUnicodeString ntdll | |
| 4A78151C RtlCreateSecurityDescriptor ntdll | |
| 4A781520 RtlSetDaclSecurityDescriptor ntdll | |
| 4A781524 NtCreatePort ntdll | |
| 4A781528 RtlAllocateAndInitializeSid ntdll | |
| 4A78152C RtlEqualSid ntdll | |
| 4A781530 RtlDeleteCriticalSection ntdll | |
| 4A781534 NtSetEvent ntdll | |
| 4A781538 NtRequestWaitReplyPort ntdll | |
| 4A78153C RtlTimeToSecondsSince1970 ntdll | |
| 4A781540 NtReadVirtualMemory ntdll | |
| 4A781544 NtWriteVirtualMemory ntdll | |
| 4A781548 NtCreateDirectoryObject ntdll | |
| 4A78154C RtlValidSid ntdll | |
| 4A781550 RtlAppendUnicodeStringToString ntdll | |
| 4A781554 RtlNtStatusToDosError ntdll | |
| 4A781558 NtSetInformationToken ntdll | |
| 4A78155C RtlGetAce ntdll | |
| 4A781560 NtDuplicateToken ntdll | |
| 4A781564 NtCreateSection ntdll |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment