Created
October 2, 2014 12:55
-
-
Save ntddk/b38c93c1a89642358277 to your computer and use it in GitHub Desktop.
KiServiceTable
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| kd> .for(r $t0=0; @$t0<dwo(nt!KiServiceLimit); r $t0=@$t0+1){.printf "%y\n", nt!KiServiceTable+(dwo(nt!KiServiceTable+@$t0*4)>>4)} | |
| fffff801`85aa38c4 | |
| fffff801`85b3cc10 | |
| nt!NtAcceptConnectPort (fffff801`75f238ac) | |
| nt!NtMapUserPhysicalPagesScatter (fffff801`760afb54) | |
| nt!NtWaitForSingleObject (fffff801`75e52d20) | |
| fffff801`85ba51a0 | |
| nt!NtReadFile (fffff801`75eb42f0) | |
| nt!NtDeviceIoControlFile (fffff801`75e56740) | |
| nt!NtWriteFile (fffff801`75e9e770) | |
| nt!NtRemoveIoCompletion (fffff801`75e4de20) | |
| nt!NtReleaseSemaphore (fffff801`75f0ac50) | |
| nt!NtReplyWaitReceivePort (fffff801`75e47530) | |
| nt!NtReplyPort (fffff801`75eaf158) | |
| nt!NtSetInformationThread (fffff801`75eb24d0) | |
| nt!NtSetEvent (fffff801`75ea5960) | |
| nt!NtClose (fffff801`75e65540) | |
| nt!NtQueryObject (fffff801`75f0b690) | |
| nt!NtQueryInformationFile (fffff801`75e9dc50) | |
| nt!NtOpenKey (fffff801`75e7a1c0) | |
| nt!NtEnumerateValueKey (fffff801`75e7d6f0) | |
| nt!NtFindAtom (fffff801`75e77490) | |
| nt!NtQueryDefaultLocale (fffff801`75f1a394) | |
| nt!NtQueryKey (fffff801`75e7aab0) | |
| nt!NtQueryValueKey (fffff801`75e7b530) | |
| nt!NtAllocateVirtualMemory (fffff801`75e58ed0) | |
| nt!NtQueryInformationProcess (fffff801`75ee6c10) | |
| nt!NtWaitForMultipleObjects32 (fffff801`75f085a0) | |
| nt!NtWriteFileGather (fffff801`75f165b4) | |
| nt!NtSetInformationProcess (fffff801`75e8b3f0) | |
| nt!NtCreateKey (fffff801`75e7e354) | |
| nt!NtFreeVirtualMemory (fffff801`75e57d90) | |
| nt!NtImpersonateClientOfPort (fffff801`760a6eac) | |
| nt!NtReleaseMutant (fffff801`75ebfb40) | |
| nt!NtQueryInformationToken (fffff801`75e737e0) | |
| nt!NtRequestWaitReplyPort (fffff801`75f108f8) | |
| nt!NtQueryVirtualMemory (fffff801`75e58354) | |
| nt!NtOpenThreadToken (fffff801`75e68b60) | |
| nt!NtQueryInformationThread (fffff801`75e7cb20) | |
| nt!NtOpenProcess (fffff801`75e67a70) | |
| fffff801`85ac89f0 | |
| nt!NtMapViewOfSection (fffff801`75ea4570) | |
| nt!NtAccessCheckAndAuditAlarm (fffff801`75f1a6f8) | |
| nt!NtUnmapViewOfSection (fffff801`75ea0f84) | |
| nt!NtReplyWaitReceivePortEx (fffff801`75e47550) | |
| nt!NtTerminateProcess (fffff801`75f0eee4) | |
| nt!NtSetEventBoostPriority (fffff801`760f347c) | |
| nt!NtReadFileScatter (fffff801`75fb1134) | |
| nt!NtOpenThreadTokenEx (fffff801`75e68b80) | |
| nt!NtOpenProcessTokenEx (fffff801`75f0a640) | |
| nt!NtQueryPerformanceCounter (fffff801`75f119ec) | |
| nt!NtEnumerateKey (fffff801`75e79c70) | |
| nt!NtOpenFile (fffff801`75e9948c) | |
| nt!NtDelayExecution (fffff801`75eb4030) | |
| nt!NtQueryDirectoryFile (fffff801`75f09404) | |
| nt!NtQuerySystemInformation (fffff801`75e6a180) | |
| nt!NtOpenSection (fffff801`75f10a88) | |
| nt!NtQueryTimer (fffff801`760f3320) | |
| nt!NtFsControlFile (fffff801`75e98064) | |
| nt!NtWriteVirtualMemory (fffff801`75f0a434) | |
| nt!NtCloseObjectAuditAlarm (fffff801`75f1340c) | |
| nt!NtDuplicateObject (fffff801`75ebd3e0) | |
| nt!NtQueryAttributesFile (fffff801`75e991c0) | |
| nt!NtClearEvent (fffff801`75f08530) | |
| nt!NtReadVirtualMemory (fffff801`75f0a454) | |
| nt!NtOpenEvent (fffff801`75f0c650) | |
| nt!NtAdjustPrivilegesToken (fffff801`75e43a8c) | |
| nt!NtDuplicateToken (fffff801`75ea2310) | |
| fffff801`85ba1df0 | |
| nt!NtQueryDefaultUILanguage (fffff801`75f813f0) | |
| nt!NtQueueApcThread (fffff801`75f172c4) | |
| fffff801`85afaf20 | |
| nt!NtAddAtom (fffff801`760faef8) | |
| nt!NtCreateEvent (fffff801`75e663b0) | |
| nt!NtQueryVolumeInformationFile (fffff801`75e9f430) | |
| nt!NtCreateSection (fffff801`75ea2b00) | |
| nt!NtFlushBuffersFile (fffff801`75f11d74) | |
| nt!NtApphelpCacheControl (fffff801`75eb50a4) | |
| nt!NtCreateProcessEx (fffff801`760c30bc) | |
| nt!NtCreateThread (fffff801`760c3138) | |
| nt!NtIsProcessInJob (fffff801`75f65c4c) | |
| nt!NtProtectVirtualMemory (fffff801`75e5aa70) | |
| nt!NtQuerySection (fffff801`75ee5ed4) | |
| nt!NtResumeThread (fffff801`75eeced0) | |
| nt!NtTerminateThread (fffff801`75f0f26c) | |
| nt!NtReadRequestData (fffff801`760a6f88) | |
| nt!NtCreateFile (fffff801`75e994f0) | |
| nt!NtQueryEvent (fffff801`75f0ed40) | |
| nt!NtWriteRequestData (fffff801`760a70ac) | |
| nt!NtOpenDirectoryObject (fffff801`75f1330c) | |
| nt!NtAccessCheckByTypeAndAuditAlarm (fffff801`75e708d8) | |
| nt!NtQuerySystemTime (fffff801`760f04c4) | |
| nt!NtWaitForMultipleObjects (fffff801`75f02b60) | |
| nt!NtSetInformationObject (fffff801`75f13d90) | |
| nt!NtCancelIoFile (fffff801`75f5e100) | |
| fffff801`85b1c960 | |
| nt!NtPowerInformation (fffff801`75ef8844) | |
| nt!NtSetValueKey (fffff801`75e7ec10) | |
| fffff801`85b404a4 | |
| fffff801`85b25a18 | |
| fffff801`85b3e770 | |
| fffff801`85c6e474 | |
| nt!NtAccessCheckByTypeResultListAndAuditAlarm (fffff801`75f8a194) | |
| nt!NtAccessCheckByTypeResultListAndAuditAlarmByHandle (fffff801`760d6d50) | |
| nt!NtAddAtomEx (fffff801`75ec04a8) | |
| nt!NtAddBootEntry (fffff801`760f6d38) | |
| nt!NtAddDriverEntry (fffff801`760f6d58) | |
| nt!NtAdjustGroupsToken (fffff801`75f18678) | |
| nt!NtAdjustTokenClaimsAndDeviceGroups (fffff801`75fc3e4c) | |
| nt!NtAlertResumeThread (fffff801`760c81cc) | |
| nt!NtAlertThread (fffff801`760c82d8) | |
| nt!NtAlertThreadByThreadId (fffff801`75eb40a0) | |
| nt!NtAllocateLocallyUniqueId (fffff801`75f0bcf0) | |
| nt!NtAllocateReserveObject (fffff801`760c3564) | |
| nt!NtAllocateUserPhysicalPages (fffff801`760ae954) | |
| nt!NtAllocateUuids (fffff801`75f24874) | |
| nt!NtAlpcAcceptConnectPort (fffff801`75f19040) | |
| nt!NtAlpcCancelMessage (fffff801`75f62310) | |
| nt!NtAlpcConnectPort (fffff801`75e40e48) | |
| nt!NtAlpcConnectPortEx (fffff801`75e3da9c) | |
| nt!NtAlpcCreatePort (fffff801`75e3bf70) | |
| nt!NtAlpcCreatePortSection (fffff801`75eaf63c) | |
| nt!NtAlpcCreateResourceReserve (fffff801`75effd68) | |
| nt!NtAlpcCreateSectionView (fffff801`75e45bd4) | |
| nt!NtAlpcCreateSecurityContext (fffff801`75eb02cc) | |
| nt!NtAlpcDeletePortSection (fffff801`75e44ce4) | |
| nt!NtAlpcDeleteResourceReserve (fffff801`760a7ec8) | |
| nt!NtAlpcDeleteSectionView (fffff801`75f1517c) | |
| nt!NtAlpcDeleteSecurityContext (fffff801`75e451fc) | |
| nt!NtAlpcDisconnectPort (fffff801`75efc5a8) | |
| nt!NtAlpcImpersonateClientOfPort (fffff801`75eb1d60) | |
| nt!NtAlpcOpenSenderProcess (fffff801`75f1ba88) | |
| nt!NtAlpcOpenSenderThread (fffff801`75f1be88) | |
| nt!NtAlpcQueryInformation (fffff801`75e3af60) | |
| nt!NtAlpcQueryInformationMessage (fffff801`75e3c964) | |
| nt!NtAlpcRevokeSecurityContext (fffff801`760a80ec) | |
| nt!NtAlpcSendWaitReceivePort (fffff801`75e4f290) | |
| nt!NtAlpcSetInformation (fffff801`75eac838) | |
| nt!NtAreMappedFilesTheSame (fffff801`75f8a23c) | |
| nt!NtAssignProcessToJobObject (fffff801`75eff528) | |
| fffff801`85aefa90 | |
| nt!NtCancelIoFileEx (fffff801`75ead570) | |
| nt!NtCancelSynchronousIoFile (fffff801`76080314) | |
| fffff801`85af0308 | |
| fffff801`85aef71c | |
| fffff801`85a80018 | |
| fffff801`85a80020 | |
| fffff801`85a80028 | |
| nt!NtCompactKeys (fffff801`760605fc) | |
| nt!NtCompareTokens (fffff801`75f2ad68) | |
| nt!ArbPreprocessEntry (fffff801`75f23620) | |
| nt!NtCompressKey (fffff801`76060814) | |
| nt!NtConnectPort (fffff801`75e3cf94) | |
| nt!NtCreateDebugObject (fffff801`76073f0c) | |
| nt!NtCreateDirectoryObject (fffff801`75f803e4) | |
| nt!NtCreateDirectoryObjectEx (fffff801`75f2d5bc) | |
| fffff801`85a80030 | |
| nt!NtAdjustTokenClaimsAndDeviceGroups (fffff801`75fc3e4c) | |
| nt!NtCreateIRTimer (fffff801`75fc1520) | |
| nt!NtCreateIoCompletion (fffff801`75f171b8) | |
| nt!NtCreateJobObject (fffff801`75e86b9c) | |
| nt!ArbAddReserved (fffff801`75fc3e3c) | |
| nt!NtCreateKeyTransacted (fffff801`75f5c770) | |
| nt!NtCreateKeyedEvent (fffff801`75fb8b2c) | |
| nt!NtCreateLowBoxToken (fffff801`75f2949c) | |
| nt!NtCreateMailslotFile (fffff801`75f258c0) | |
| nt!NtCreateMutant (fffff801`75ea2560) | |
| nt!NtCreateNamedPipeFile (fffff801`75f217cc) | |
| nt!NtCreatePagingFile (fffff801`75f969a0) | |
| nt!NtCreatePort (fffff801`75f8638c) | |
| nt!NtCreatePrivateNamespace (fffff801`75f1b48c) | |
| nt!NtCreateProcess (fffff801`760c304c) | |
| nt!NtCreateProfile (fffff801`760fc8e0) | |
| nt!NtCreateProfileEx (fffff801`760fc9b4) | |
| fffff801`85a80038 | |
| nt!NtCreateSemaphore (fffff801`75ebd28c) | |
| nt!NtCreateSymbolicLinkObject (fffff801`75f5abe4) | |
| nt!NtCreateThreadEx (fffff801`75e9b768) | |
| nt!NtCreateTimer (fffff801`75ebeb88) | |
| nt!NtCreateTimer2 (fffff801`75e43958) | |
| nt!NtCreateToken (fffff801`760d7860) | |
| nt!NtCreateTokenEx (fffff801`75e42170) | |
| fffff801`85a80040 | |
| fffff801`85a80048 | |
| nt!NtCreateUserProcess (fffff801`75eb9764) | |
| nt!NtCreateWaitCompletionPacket (fffff801`75f13210) | |
| nt!NtCreateWaitablePort (fffff801`75f86f84) | |
| nt!NtCreateWnfStateName (fffff801`75e90fb8) | |
| nt!NtCreateWorkerFactory (fffff801`75eaab70) | |
| nt!NtDebugActiveProcess (fffff801`760740d4) | |
| nt!NtDebugContinue (fffff801`760742b0) | |
| nt!NtDeleteAtom (fffff801`75f1dd5c) | |
| nt!NtDeleteBootEntry (fffff801`760f6d78) | |
| nt!NtDeleteDriverEntry (fffff801`760f6f94) | |
| nt!NtDeleteFile (fffff801`75f8f440) | |
| nt!NtDeleteKey (fffff801`75ec5b18) | |
| nt!NtDeleteObjectAuditAlarm (fffff801`760d6e00) | |
| nt!NtDeletePrivateNamespace (fffff801`75f90608) | |
| nt!NtDeleteValueKey (fffff801`75f14568) | |
| nt!NtDeleteWnfStateData (fffff801`75fbd26c) | |
| nt!NtDeleteWnfStateName (fffff801`75e90538) | |
| nt!NtDisableLastKnownGood (fffff801`75f90774) | |
| nt!NtDisplayString (fffff801`760f25f4) | |
| fffff801`85c91404 | |
| nt!NtEnableLastKnownGood (fffff801`75f8e098) | |
| nt!NtEnumerateBootEntries (fffff801`760f71b0) | |
| nt!NtEnumerateDriverEntries (fffff801`760f780c) | |
| nt!NtEnumerateSystemEnvironmentValuesEx (fffff801`760f7d5c) | |
| fffff801`85a80050 | |
| nt!NtExtendSection (fffff801`760aba74) | |
| nt!NtFilterBootOption (fffff801`760d87c8) | |
| nt!NtFilterToken (fffff801`75e37588) | |
| nt!NtAdjustTokenClaimsAndDeviceGroups (fffff801`75fc3e4c) | |
| nt!NtFlushBuffersFileEx (fffff801`75f11d90) | |
| nt!NtFlushInstallUILanguage (fffff801`75fbf9fc) | |
| nt!ArbPreprocessEntry (fffff801`75f23620) | |
| nt!NtFlushKey (fffff801`75e87d14) | |
| fffff801`85ab2080 | |
| nt!NtFlushVirtualMemory (fffff801`75ef7360) | |
| nt!NtFlushWriteBuffer (fffff801`760b0348) | |
| nt!NtFreeUserPhysicalPages (fffff801`760af0e0) | |
| fffff801`85c0d720 | |
| fffff801`85a80058 | |
| nt!NtGetCachedSigningLevel (fffff801`760d280c) | |
| nt!NtGetCompleteWnfStateSubscription (fffff801`75e91324) | |
| nt!NtGetContextThread (fffff801`75f51fac) | |
| nt!NtGetCurrentProcessorNumber (fffff801`75f141c8) | |
| nt!NtGetDevicePowerState (fffff801`760bc998) | |
| nt!NtGetMUIRegistryInfo (fffff801`75efb7e0) | |
| nt!NtGetNextProcess (fffff801`75f6a5cc) | |
| nt!NtGetNextThread (fffff801`760c86ac) | |
| nt!NtGetNlsSectionPtr (fffff801`75f5f9b8) | |
| fffff801`85a80060 | |
| fffff801`85b54ba0 | |
| nt!NtImpersonateAnonymousToken (fffff801`75f06c1c) | |
| nt!NtImpersonateThread (fffff801`75f15b54) | |
| nt!NtInitializeNlsFiles (fffff801`75f1822c) | |
| nt!NtInitializeRegistry (fffff801`75f86460) | |
| nt!NtInitiatePowerAction (fffff801`75f678ec) | |
| nt!NtIsSystemResumeAutomatic (fffff801`75f6bee0) | |
| nt!NtIsUILanguageComitted (fffff801`75f26cf0) | |
| nt!NtListenPort (fffff801`75fc04a0) | |
| nt!NtLoadDriver (fffff801`75f7aaa8) | |
| nt!NtLoadKey (fffff801`75f072bc) | |
| nt!NtLoadKey2 (fffff801`75f8729c) | |
| nt!NtLoadKeyEx (fffff801`75f072e8) | |
| nt!NtLockFile (fffff801`75f1a77c) | |
| nt!NtLockProductActivationKeys (fffff801`75faed38) | |
| nt!NtLockRegistryKey (fffff801`75fb78d0) | |
| fffff801`85b58310 | |
| nt!NtMakePermanentObject (fffff801`75f2cc70) | |
| nt!NtMakeTemporaryObject (fffff801`75f60948) | |
| nt!NtMapCMFModule (fffff801`75efbba8) | |
| nt!NtMapUserPhysicalPages (fffff801`760af5d8) | |
| nt!NtModifyBootEntry (fffff801`760f8140) | |
| nt!NtModifyDriverEntry (fffff801`760f815c) | |
| nt!NtNotifyChangeDirectoryFile (fffff801`75f17bb4) | |
| nt!NtNotifyChangeKey (fffff801`75f05274) | |
| nt!NtNotifyChangeMultipleKeys (fffff801`75f052dc) | |
| nt!NtNotifyChangeSession (fffff801`75f7fbe4) | |
| fffff801`85a80068 | |
| nt!NtAdjustTokenClaimsAndDeviceGroups (fffff801`75fc3e4c) | |
| nt!NtOpenIoCompletion (fffff801`760800d4) | |
| nt!NtOpenJobObject (fffff801`760c5190) | |
| nt!NtOpenKeyEx (fffff801`75e7a1d8) | |
| nt!NtOpenKeyTransacted (fffff801`76060994) | |
| nt!NtOpenKeyTransactedEx (fffff801`75f5c6b0) | |
| nt!NtOpenKeyedEvent (fffff801`760fcd5c) | |
| nt!NtOpenMutant (fffff801`75f0d050) | |
| nt!NtOpenObjectAuditAlarm (fffff801`75f211c0) | |
| nt!NtOpenPrivateNamespace (fffff801`75e3f550) | |
| nt!NtOpenProcessToken (fffff801`75f0a62c) | |
| fffff801`85a80070 | |
| nt!NtOpenSemaphore (fffff801`75f2357c) | |
| nt!NtOpenSession (fffff801`75f62cb4) | |
| nt!NtOpenSymbolicLinkObject (fffff801`75f0aee0) | |
| nt!NtOpenThread (fffff801`75e70980) | |
| nt!NtOpenTimer (fffff801`760f327c) | |
| fffff801`85a80078 | |
| fffff801`85a80080 | |
| nt!NtPlugPlayControl (fffff801`75ed9784) | |
| fffff801`85a80088 | |
| fffff801`85a80090 | |
| fffff801`85a80098 | |
| fffff801`85a800a0 | |
| nt!NtPrivilegeCheck (fffff801`75f1b1a4) | |
| nt!NtPrivilegeObjectAuditAlarm (fffff801`75f816cc) | |
| nt!NtPrivilegedServiceAuditAlarm (fffff801`75f22b70) | |
| fffff801`85a800a8 | |
| fffff801`85a800b0 | |
| nt!NtPulseEvent (fffff801`75f0b158) | |
| nt!NtQueryBootEntryOrder (fffff801`760f8178) | |
| nt!NtQueryBootOptions (fffff801`760f8474) | |
| fffff801`85b259cc | |
| nt!NtQueryDirectoryObject (fffff801`75f09b20) | |
| nt!NtQueryDriverEntryOrder (fffff801`760f8800) | |
| nt!NtQueryEaFile (fffff801`75f12058) | |
| nt!NtQueryFullAttributesFile (fffff801`75e981d0) | |
| nt!NtQueryInformationAtom (fffff801`75ebf734) | |
| fffff801`85a800b8 | |
| nt!NtQueryInformationJobObject (fffff801`75f628a4) | |
| nt!NtQueryInformationPort (fffff801`760a6ecc) | |
| fffff801`85a800c0 | |
| fffff801`85a800c8 | |
| fffff801`85a800d0 | |
| fffff801`85c94064 | |
| nt!NtQueryInstallUILanguage (fffff801`75f256e4) | |
| nt!NtQueryIntervalProfile (fffff801`75f2d3a4) | |
| nt!NtQueryIoCompletion (fffff801`75f87650) | |
| nt!NtQueryLicenseValue (fffff801`75ef3e30) | |
| nt!NtQueryMultipleValueKey (fffff801`75f1d694) | |
| nt!NtQueryMutant (fffff801`760fc1f4) | |
| nt!NtQueryOpenSubKeys (fffff801`76060a4c) | |
| nt!NtQueryOpenSubKeysEx (fffff801`76060bc0) | |
| nt!NtQueryPortInformationProcess (fffff801`760c36b4) | |
| nt!NtQueryQuotaInformationFile (fffff801`76081828) | |
| nt!NtQuerySecurityAttributesToken (fffff801`75e73410) | |
| nt!NtQuerySecurityObject (fffff801`75ec4370) | |
| nt!NtQuerySemaphore (fffff801`760fadc0) | |
| nt!NtQuerySymbolicLinkObject (fffff801`75f0a970) | |
| nt!NtQuerySystemEnvironmentValue (fffff801`760f8c54) | |
| nt!NtQuerySystemEnvironmentValueEx (fffff801`75f86d0c) | |
| nt!NtQuerySystemInformationEx (fffff801`75f195dc) | |
| nt!NtQueryTimerResolution (fffff801`75f2423c) | |
| nt!NtQueryWnfStateData (fffff801`75e91ae0) | |
| nt!NtQueryWnfStateNameInformation (fffff801`75e8fe4c) | |
| nt!NtQueueApcThreadEx (fffff801`75f172ec) | |
| fffff801`85ba2030 | |
| nt!NtRaiseHardError (fffff801`760faa58) | |
| fffff801`85a800d8 | |
| fffff801`85a800e0 | |
| fffff801`85a800e8 | |
| fffff801`85a800f0 | |
| fffff801`85a80238 | |
| nt!NtRegisterThreadTerminatePort (fffff801`75f65184) | |
| nt!NtReleaseKeyedEvent (fffff801`75f84b18) | |
| fffff801`85af0b70 | |
| nt!NtRemoveIoCompletionEx (fffff801`75f1f8b8) | |
| nt!NtRemoveProcessDebug (fffff801`760744f8) | |
| nt!NtRenameKey (fffff801`76060e4c) | |
| fffff801`85a80240 | |
| nt!NtReplaceKey (fffff801`76061244) | |
| fffff801`85ca0860 | |
| nt!NtReplyWaitReplyPort (fffff801`760a700c) | |
| nt!NtRequestPort (fffff801`75f5474c) | |
| nt!NtResetEvent (fffff801`75f176dc) | |
| fffff801`85b54708 | |
| nt!NtRestoreKey (fffff801`76061530) | |
| nt!NtResumeProcess (fffff801`760c8340) | |
| fffff801`85a800f8 | |
| fffff801`85a80100 | |
| fffff801`85a80108 | |
| fffff801`85a80248 | |
| nt!NtSaveKey (fffff801`760617a4) | |
| nt!NtSaveKeyEx (fffff801`760619e4) | |
| nt!NtSaveMergedKeys (fffff801`76061c68) | |
| nt!NtSecureConnectPort (fffff801`75e3cfdc) | |
| nt!NtSerializeBoot (fffff801`75fbfd4c) | |
| nt!NtSetBootEntryOrder (fffff801`760f9024) | |
| nt!NtSetBootOptions (fffff801`760f92b0) | |
| nt!NtSetCachedSigningLevel (fffff801`760d2a50) | |
| nt!NtSetContextThread (fffff801`760c50b4) | |
| nt!NtSetDebugFilterState (fffff801`75f984ac) | |
| nt!NtSetDefaultHardErrorPort (fffff801`75fbff7c) | |
| nt!NtSetDefaultLocale (fffff801`75f80c28) | |
| nt!NtSetDefaultUILanguage (fffff801`75f80e4c) | |
| nt!NtSetDriverEntryOrder (fffff801`760f9544) | |
| nt!NtSetEaFile (fffff801`76081098) | |
| nt!NtAdjustTokenClaimsAndDeviceGroups (fffff801`75fc3e4c) | |
| nt!NtAdjustTokenClaimsAndDeviceGroups (fffff801`75fc3e4c) | |
| fffff801`85b4a130 | |
| nt!NtSetInformationDebugObject (fffff801`760745fc) | |
| fffff801`85a80110 | |
| nt!NtSetInformationJobObject (fffff801`75efe3f8) | |
| nt!NtSetInformationKey (fffff801`75e7db30) | |
| fffff801`85a80118 | |
| nt!NtSetInformationToken (fffff801`75e3f8f0) | |
| fffff801`85a80120 | |
| fffff801`85a80250 | |
| nt!NtSetInformationVirtualMemory (fffff801`75eccad8) | |
| fffff801`85af03a0 | |
| nt!NtSetIntervalProfile (fffff801`75f2d444) | |
| nt!NtSetIoCompletion (fffff801`75eaa190) | |
| nt!NtSetIoCompletionEx (fffff801`760801e4) | |
| fffff801`85badbc8 | |
| nt!NtAdjustTokenClaimsAndDeviceGroups (fffff801`75fc3e4c) | |
| nt!NtAdjustTokenClaimsAndDeviceGroups (fffff801`75fc3e4c) | |
| nt!NtSetQuotaInformationFile (fffff801`760820f4) | |
| nt!NtSetSecurityObject (fffff801`75e9fc8c) | |
| nt!NtSetSystemEnvironmentValue (fffff801`760f97d0) | |
| nt!NtSetSystemEnvironmentValueEx (fffff801`760f9b9c) | |
| nt!NtSetSystemInformation (fffff801`75eca2d8) | |
| nt!NtSetSystemPowerState (fffff801`75e23784) | |
| nt!NtSetSystemTime (fffff801`760f0530) | |
| nt!NtSetThreadExecutionState (fffff801`75f5b80c) | |
| fffff801`85af01a4 | |
| fffff801`85ab8580 | |
| nt!NtSetTimerResolution (fffff801`75f5a19c) | |
| nt!NtSetUuidSeed (fffff801`75fb9a0c) | |
| nt!NtSetVolumeInformationFile (fffff801`75f2b33c) | |
| nt!NtSetWnfProcessNotificationEvent (fffff801`75e8fd64) | |
| nt!NtShutdownSystem (fffff801`760f2798) | |
| fffff801`85b5f0b8 | |
| fffff801`85c53a48 | |
| fffff801`85a80258 | |
| nt!NtStartProfile (fffff801`760fca10) | |
| nt!NtStopProfile (fffff801`760fcc74) | |
| nt!NtSubscribeWnfStateChange (fffff801`75e91f74) | |
| nt!NtSuspendProcess (fffff801`760c83a8) | |
| nt!NtSuspendThread (fffff801`75f4de24) | |
| nt!NtSystemDebugControl (fffff801`760fe3c0) | |
| nt!NtTerminateJobObject (fffff801`75efe2dc) | |
| nt!NtTestAlert (fffff801`75ebed08) | |
| fffff801`85c0d774 | |
| fffff801`85a80128 | |
| nt!NtTraceControl (fffff801`75eeae40) | |
| nt!NtTranslateFilePath (fffff801`760f9e08) | |
| nt!NtUmsThreadYield (fffff801`760a2bc0) | |
| nt!NtUnloadDriver (fffff801`760842d8) | |
| nt!NtUnloadKey (fffff801`75fc1518) | |
| nt!NtUnloadKey2 (fffff801`75f83960) | |
| nt!NtUnloadKeyEx (fffff801`75f03520) | |
| nt!NtUnlockFile (fffff801`75f1ce24) | |
| fffff801`85ae9370 | |
| nt!NtUnmapViewOfSectionEx (fffff801`75ea0f8c) | |
| nt!NtUnsubscribeWnfStateChange (fffff801`75e90864) | |
| nt!NtUpdateWnfStateData (fffff801`75e92acc) | |
| nt!NtAdjustTokenClaimsAndDeviceGroups (fffff801`75fc3e4c) | |
| nt!NtWaitForAlertByThreadId (fffff801`75e4ddc0) | |
| nt!NtWaitForDebugEvent (fffff801`760747f4) | |
| nt!NtWaitForKeyedEvent (fffff801`75f84924) | |
| fffff801`85a85b80 | |
| nt!NtAdjustTokenClaimsAndDeviceGroups (fffff801`75fc3e4c) | |
| nt!NtAdjustTokenClaimsAndDeviceGroups (fffff801`75fc3e4c) | |
| kd> | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Can you please explain the
nt!KiServiceTable+(dwo(nt!KiServiceTable+@$t0*4)>>4)calculation ? I am a bit loss here.