| System Call Symbol |
Windows NT |
Windows 2000 |
Windows XP |
Windows 2003 Server |
Vista |
| SP3 |
SP4 |
SP5 |
SP6 |
SP0 |
SP1 |
SP2 |
SP3 |
SP4 |
SP0 |
SP1 |
SP2 |
SP0 |
SP1 |
SP0 |
NtAcceptConnectPort
NTSYSAPI
NTSTATUS
NTAPI
NtAcceptConnectPort(
OUT PHANDLE PortHandle,
IN PVOID PortIdentifier,
IN PPORT_MESSAGE Message,
IN BOOLEAN Accept,
IN OUT PPORT_VIEW ServerView OPTIONAL,
OUT PREMOTE_PORT_VIEW ClientView OPTIONAL
);
|
0x0000 |
0x0000 |
0x0000 |
0x0000 |
0x0000 |
0x0000 |
0x0000 |
0x0000 |
0x0000 |
0x0000 |
0x0000 |
0x0000 |
0x0000 |
0x0000 |
0x0000 |
NtAccessCheck
NTSYSAPI
NTSTATUS
NTAPI
NtAccessCheck(
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN HANDLE TokenHandle,
IN ACCESS_MASK DesiredAccess,
IN PGENERIC_MAPPING GenericMapping,
OUT PPRIVILEGE_SET PrivilegeSet,
IN PULONG PrivilegeSetLength,
OUT PACCESS_MASK GrantedAccess,
OUT PBOOLEAN AccessStatus
);
|
0x0001 |
0x0001 |
0x0001 |
0x0001 |
0x0001 |
0x0001 |
0x0001 |
0x0001 |
0x0001 |
0x0001 |
0x0001 |
0x0001 |
0x0001 |
0x0001 |
0x0001 |
NtAccessCheckAndAuditAlarm
NTSYSAPI
NTSTATUS
NTAPI
NtAccessCheckAndAuditAlarm(
IN PUNICODE_STRING SubsystemName,
IN PVOID HandleId,
IN PUNICODE_STRING ObjectTypeName,
IN PUNICODE_STRING ObjectName,
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN ACCESS_MASK DesiredAccess,
IN PGENERIC_MAPPING GenericMapping,
IN BOOLEAN ObjectCreation,
OUT PACCESS_MASK GrantedAccess,
OUT PBOOLEAN AccessStatus,
OUT PBOOLEAN GenerateOnClose
);
|
0x0002 |
0x0002 |
0x0002 |
0x0002 |
0x0002 |
0x0002 |
0x0002 |
0x0002 |
0x0002 |
0x0002 |
0x0002 |
0x0002 |
0x0002 |
0x0002 |
0x0002 |
NtAccessCheckByType
NTSYSAPI
NTSTATUS
NTAPI
NtAccessCheckByType(
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSID PrincipalSelfSid,
IN HANDLE TokenHandle,
IN ULONG DesiredAccess,
IN POBJECT_TYPE_LIST ObjectTypeList,
IN ULONG ObjectTypeListLength,
IN PGENERIC_MAPPING GenericMapping,
IN PPRIVILEGE_SET PrivilegeSet,
IN PULONG PrivilegeSetLength,
OUT PACCESS_MASK GrantedAccess,
OUT PULONG AccessStatus
);
|
|
|
|
|
0x0003 |
0x0003 |
0x0003 |
0x0003 |
0x0003 |
0x0003 |
0x0003 |
0x0003 |
0x0003 |
0x0003 |
0x0003 |
NtAccessCheckByTypeAndAuditAlarm
NTSYSAPI
NTSTATUS
NTAPI
NtAccessCheckByTypeAndAuditAlarm(
IN PUNICODE_STRING SubsystemName,
IN PVOID HandleId,
IN PUNICODE_STRING ObjectTypeName,
IN PUNICODE_STRING ObjectName,
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSID PrincipalSelfSid,
IN ACCESS_MASK DesiredAccess,
IN AUDIT_EVENT_TYPE AuditType,
IN ULONG Flags,
IN POBJECT_TYPE_LIST ObjectTypeList,
IN ULONG ObjectTypeListLength,
IN PGENERIC_MAPPING GenericMapping,
IN BOOLEAN ObjectCreation,
OUT PACCESS_MASK GrantedAccess,
OUT PULONG AccessStatus,
OUT PBOOLEAN GenerateOnClose
);
|
|
|
|
|
0x0004 |
0x0004 |
0x0004 |
0x0004 |
0x0004 |
0x0004 |
0x0004 |
0x0004 |
0x0004 |
0x0004 |
0x0004 |
NtAccessCheckByTypeResultList
NTSYSAPI
NTSTATUS
NTAPI
NtAccessCheckByTypeResultList(
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSID PrincipalSelfSid,
IN HANDLE TokenHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_TYPE_LIST ObjectTypeList,
IN ULONG ObjectTypeListLength,
IN PGENERIC_MAPPING GenericMapping,
IN PPRIVILEGE_SET PrivilegeSet,
IN PULONG PrivilegeSetLength,
OUT PACCESS_MASK GrantedAccessList,
OUT PULONG AccessStatusList
);
|
|
|
|
|
0x0005 |
0x0005 |
0x0005 |
0x0005 |
0x0005 |
0x0005 |
0x0005 |
0x0005 |
0x0005 |
0x0005 |
0x0005 |
NtAccessCheckByTypeResultListAndAuditAlarm
NTSYSAPI
NTSTATUS
NTAPI
NtAccessCheckByTypeResultListAndAuditAlarm(
IN PUNICODE_STRING SubsystemName,
IN PVOID HandleId,
IN PUNICODE_STRING ObjectTypeName,
IN PUNICODE_STRING ObjectName,
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSID PrincipalSelfSid,
IN ACCESS_MASK DesiredAccess,
IN AUDIT_EVENT_TYPE AuditType,
IN ULONG Flags,
IN POBJECT_TYPE_LIST ObjectTypeList,
IN ULONG ObjectTypeListLength,
IN PGENERIC_MAPPING GenericMapping,
IN BOOLEAN ObjectCreation,
OUT PACCESS_MASK GrantedAccessList,
OUT PULONG AccessStatusList,
OUT PULONG GenerateOnClose
);
|
|
|
|
|
0x0006 |
0x0006 |
0x0006 |
0x0006 |
0x0006 |
0x0006 |
0x0006 |
0x0006 |
0x0006 |
0x0006 |
0x0006 |
NtAccessCheckByTypeResultListAndAuditAlarmByHandle
NTSYSAPI
NTSTATUS
NTAPI
NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
IN PUNICODE_STRING SubsystemName,
IN PVOID HandleId,
IN HANDLE TokenHandle,
IN PUNICODE_STRING ObjectTypeName,
IN PUNICODE_STRING ObjectName,
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSID PrincipalSelfSid,
IN ACCESS_MASK DesiredAccess,
IN AUDIT_EVENT_TYPE AuditType,
IN ULONG Flags,
IN POBJECT_TYPE_LIST ObjectTypeList,
IN ULONG ObjectTypeListLength,
IN PGENERIC_MAPPING GenericMapping,
IN BOOLEAN ObjectCreation,
OUT PACCESS_MASK GrantedAccessList,
OUT PULONG AccessStatusList,
OUT PULONG GenerateOnClose
);
|
|
|
|
|
0x0007 |
0x0007 |
0x0007 |
0x0007 |
0x0007 |
0x0007 |
0x0007 |
0x0007 |
0x0007 |
0x0007 |
0x0007 |
NtAddAtom
NTSYSAPI
NTSTATUS
NTAPI
NtAddAtom(
IN PWSTR String,
IN ULONG StringLength,
OUT PUSHORT Atom
);
|
0x0003 |
0x0003 |
0x0003 |
0x0003 |
0x0008 |
0x0008 |
0x0008 |
0x0008 |
0x0008 |
0x0008 |
0x0008 |
0x0008 |
0x0008 |
0x0008 |
0x0008 |
NtAddBootEntry
NTSYSAPI
NTSTATUS
NTAPI
NtAddBootEntry(
IN PUNICODE_STRING EntryName,
IN PUNICODE_STRING EntryValue
);
|
|
|
|
|
|
|
|
|
|
0x0009 |
0x0009 |
0x0009 |
0x0009 |
0x0009 |
0x0009 |
NtAddDriverEntry
NTSYSAPI
NTSTATUS
NTAPI
NtAddDriverEntry(
IN PUNICODE_STRING DriverName,
IN PUNICODE_STRING DriverPath
);
|
|
|
|
|
|
|
|
|
|
|
|
|
0x000a |
0x000a |
0x000a |
NtAdjustGroupsToken
NTSYSAPI
NTSTATUS
NTAPI
NtAdjustGroupsToken(
IN HANDLE TokenHandle,
IN BOOLEAN ResetToDefault,
IN PTOKEN_GROUPS NewState,
IN ULONG BufferLength,
OUT PTOKEN_GROUPS PreviousState OPTIONAL,
OUT PULONG ReturnLength
);
|
0x0004 |
0x0004 |
0x0004 |
0x0004 |
0x0009 |
0x0009 |
0x0009 |
0x0009 |
0x0009 |
0x000a |
0x000a |
0x000a |
0x000b |
0x000b |
0x000b |
NtAdjustPrivilegesToken
NTSYSAPI
NTSTATUS
NTAPI
NtAdjustPrivilegesToken(
IN HANDLE TokenHandle,
IN BOOLEAN DisableAllPrivileges,
IN PTOKEN_PRIVILEGES NewState,
IN ULONG BufferLength,
OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL,
OUT PULONG ReturnLength OPTIONAL
);
|
0x0005 |
0x0005 |
0x0005 |
0x0005 |
0x000a |
0x000a |
0x000a |
0x000a |
0x000a |
0x000b |
0x000b |
0x000b |
0x000c |
0x000c |
0x000c |
NtAlertResumeThread
NTSYSAPI
NTSTATUS
NTAPI
NtAlertResumeThread(
IN HANDLE ThreadHandle,
OUT PULONG PreviousSuspendCount OPTIONAL
);
|
0x0006 |
0x0006 |
0x0006 |
0x0006 |
0x000b |
0x000b |
0x000b |
0x000b |
0x000b |
0x000c |
0x000c |
0x000c |
0x000d |
0x000d |
0x000d |
NtAlertThread
NTSYSAPI
NTSTATUS
NTAPI
NtAlertThread(
IN HANDLE ThreadHandle
);
|
0x0007 |
0x0007 |
0x0007 |
0x0007 |
0x000c |
0x000c |
0x000c |
0x000c |
0x000c |
0x000d |
0x000d |
0x000d |
0x000e |
0x000e |
0x000e |
NtAllocateLocallyUniqueId
NTSYSAPI
NTSTATUS
NTAPI
NtAllocateLocallyUniqueId(
OUT PLUID Luid
);
|
0x0008 |
0x0008 |
0x0008 |
0x0008 |
0x000d |
0x000d |
0x000d |
0x000d |
0x000d |
0x000e |
0x000e |
0x000e |
0x000f |
0x000f |
0x000f |
NtAllocateUserPhysicalPages
NTSYSAPI
NTSTATUS
NTAPI
NtAllocateUserPhysicalPages(
IN HANDLE ProcessHandle,
IN PULONG NumberOfPages,
OUT PULONG PageFrameNumbers
);
|
|
|
|
|
0x000e |
0x000e |
0x000e |
0x000e |
0x000e |
0x000f |
0x000f |
0x000f |
0x0010 |
0x0010 |
0x0010 |
NtAllocateUuids
NTSYSAPI
NTSTATUS
NTAPI
NtAllocateUuids(
OUT PLARGE_INTEGER UuidLastTimeAllocated,
OUT PULONG UuidDeltaTime,
OUT PULONG UuidSequenceNumber,
OUT PUCHAR UuidSeed
);
NTSYSAPI
NTSTATUS
NTAPI
NtAllocateUuids(
OUT PLARGE_INTEGER UuidLastTimeAllocated,
OUT PULONG UuidDeltaTime,
OUT PULONG UuidSequenceNumber
);
|
0x0009 |
0x0009 |
0x0009 |
0x0009 |
0x000f |
0x000f |
0x000f |
0x000f |
0x000f |
0x0010 |
0x0010 |
0x0010 |
0x0011 |
0x0011 |
0x0011 |
NtAllocateVirtualMemory
NTSYSAPI
NTSTATUS
NTAPI
NtAllocateVirtualMemory(
IN HANDLE ProcessHandle,
IN OUT PVOID *BaseAddress,
IN ULONG ZeroBits,
IN OUT PULONG AllocationSize,
IN ULONG AllocationType,
IN ULONG Protect
);
|
0x000a |
0x000a |
0x000a |
0x000a |
0x0010 |
0x0010 |
0x0010 |
0x0010 |
0x0010 |
0x0011 |
0x0011 |
0x0011 |
0x0012 |
0x0012 |
0x0012 |
|
NtAlpcAcceptConnectPort
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0013 |
|
NtAlpcCancelMessage
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0014 |
|
NtAlpcConnectPort
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0015 |
|
NtAlpcCreatePort
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0016 |
|
NtAlpcCreatePortSection
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0017 |
|
NtAlpcCreateResourceReserve
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0018 |
|
NtAlpcCreateSectionView
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0019 |
|
NtAlpcCreateSecurityContext
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x001a |
|
NtAlpcDeletePortSection
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x001b |
|
NtAlpcDeleteResourceReserve
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x001c |
|
NtAlpcDeleteSectionView
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x001d |
|
NtAlpcDeleteSecurityContext
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x001e |
|
NtAlpcDisconnectPort
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x001f |
|
NtAlpcImpersonateClientOfPort
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0020 |
|
NtAlpcOpenSenderProcess
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0021 |
|
NtAlpcOpenSenderThread
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0022 |
|
NtAlpcQueryInformation
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0023 |
|
NtAlpcQueryInformationMessage
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0024 |
|
NtAlpcSendWaitReceivePort
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0025 |
|
NtAlpcSetInformation
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0026 |
NtApphelpCacheControl
NTSYSAPI
NTSTATUS
NTAPI
NtApphelpCacheControl(
IN APPHELPCACHECONTROL ApphelpCacheControl,
IN PUNICODE_STRING ApphelpCacheObject
);
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0013 |
0x0013 |
0x0027 |
NtAreMappedFilesTheSame
NTSYSAPI
NTSTATUS
NTAPI
NtAreMappedFilesTheSame(
IN PVOID Address1,
IN PVOID Address2
);
|
|
|
|
|
0x0011 |
0x0011 |
0x0011 |
0x0011 |
0x0011 |
0x0012 |
0x0012 |
0x0012 |
0x0014 |
0x0014 |
0x0028 |
NtAssignProcessToJobObject
NTSYSAPI
NTSTATUS
NTAPI
NtAssignProcessToJobObject(
IN HANDLE JobHandle,
IN HANDLE ProcessHandle
);
|
|
|
|
|
0x0012 |
0x0012 |
0x0012 |
0x0012 |
0x0012 |
0x0013 |
0x0013 |
0x0013 |
0x0015 |
0x0015 |
0x0029 |
NtCallbackReturn
NTSYSAPI
NTSTATUS
NTAPI
NtCallbackReturn(
IN PVOID Result OPTIONAL,
IN ULONG ResultLength,
IN NTSTATUS Status
);
|
0x000b |
0x000b |
0x000b |
0x000b |
0x0013 |
0x0013 |
0x0013 |
0x0013 |
0x0013 |
0x0014 |
0x0014 |
0x0014 |
0x0016 |
0x0016 |
0x002a |
NtCancelDeviceWakeupRequest
NTSYSAPI
NTSTATUS
NTAPI
NtCancelDeviceWakeupRequest(
IN HANDLE DeviceHandle
);
|
|
|
|
|
0x0016 |
0x0016 |
0x0016 |
0x0016 |
0x0016 |
0x0015 |
0x0015 |
0x0015 |
0x0017 |
0x0017 |
0x002b |
NtCancelIoFile
NTSYSAPI
NTSTATUS
NTAPI
NtCancelIoFile(
IN HANDLE FileHandle,
OUT PIO_STATUS_BLOCK IoStatusBlock
);
|
0x000c |
0x000c |
0x000c |
0x000c |
0x0014 |
0x0014 |
0x0014 |
0x0014 |
0x0014 |
0x0016 |
0x0016 |
0x0016 |
0x0018 |
0x0018 |
0x002c |
|
NtCancelIoFileEx
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0172 |
|
NtCancelSynchronousIoFile
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0173 |
NtCancelTimer
NTSYSAPI
NTSTATUS
NTAPI
NtCancelTimer(
IN HANDLE TimerHandle,
OUT PBOOLEAN PreviousState OPTIONAL
);
|
0x000d |
0x000d |
0x000d |
0x000d |
0x0015 |
0x0015 |
0x0015 |
0x0015 |
0x0015 |
0x0017 |
0x0017 |
0x0017 |
0x0019 |
0x0019 |
0x002d |
|
NtClearAllSavepointsTransaction
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x011b |
NtClearEvent
NTSYSAPI
NTSTATUS
NTAPI
NtClearEvent(
IN HANDLE EventHandle
);
|
0x000e |
0x000e |
0x000e |
0x000e |
0x0017 |
0x0017 |
0x0017 |
0x0017 |
0x0017 |
0x0018 |
0x0018 |
0x0018 |
0x001a |
0x001a |
0x002e |
|
NtClearMUILicenseInfo
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0187 |
|
NtClearSavepointTransaction
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x011a |
NtClose
NTSYSAPI
NTSTATUS
NTAPI
NtClose(
IN HANDLE Handle
);
|
0x000f |
0x000f |
0x000f |
0x000f |
0x0018 |
0x0018 |
0x0018 |
0x0018 |
0x0018 |
0x0019 |
0x0019 |
0x0019 |
0x001b |
0x001b |
0x002f |
NtCloseObjectAuditAlarm
NTSYSAPI
NTSTATUS
NTAPI
NtCloseObjectAuditAlarm(
IN PUNICODE_STRING SubsystemName,
IN PVOID HandleId,
IN BOOLEAN GenerateOnClose
);
|
0x0010 |
0x0010 |
0x0010 |
0x0010 |
0x0019 |
0x0019 |
0x0019 |
0x0019 |
0x0019 |
0x001a |
0x001a |
0x001a |
0x001c |
0x001c |
0x0030 |
|
NtCommitComplete
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x005d |
|
NtCommitEnlistment
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0055 |
|
NtCommitTransaction
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0059 |
NtCompactKeys
NTSYSAPI
NTSTATUS
NTAPI
NtCompactKeys(
IN ULONG Length,
IN HANDLE Key
);
|
|
|
|
|
|
|
|
|
|
0x001b |
0x001b |
0x001b |
0x001d |
0x001d |
0x0031 |
NtCompareTokens
NTSYSAPI
NTSTATUS
NTAPI
NtCompareTokens(
IN HANDLE FirstTokenHandle,
IN HANDLE SecondTokenHandle,
OUT PBOOLEAN IdenticalTokens
);
|
|
|
|
|
|
|
|
|
|
0x001c |
0x001c |
0x001c |
0x001e |
0x001e |
0x0032 |
NtCompleteConnectPort
NTSYSAPI
NTSTATUS
NTAPI
NtCompleteConnectPort(
IN HANDLE PortHandle
);
|
0x0011 |
0x0011 |
0x0011 |
0x0011 |
0x001a |
0x001a |
0x001a |
0x001a |
0x001a |
0x001d |
0x001d |
0x001d |
0x001f |
0x001f |
0x0033 |
NtCompressKey
NTSYSAPI
NTSTATUS
NTAPI
NtCompressKey(
IN HANDLE Key
);
|
|
|
|
|
|
|
|
|
|
0x001e |
0x001e |
0x001e |
0x0020 |
0x0020 |
0x0034 |
NtConnectPort
NTSYSAPI
NTSTATUS
NTAPI
NtConnectPort(
OUT PHANDLE PortHandle,
IN PUNICODE_STRING PortName,
IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,
IN OUT PPORT_VIEW ClientView OPTIONAL,
OUT PREMOTE_PORT_VIEW ServerView OPTIONAL,
OUT PULONG MaxMessageLength OPTIONAL,
IN OUT PVOID ConnectInformation OPTIONAL,
IN OUT PULONG ConnectInformationLength OPTIONAL
);
|
0x0012 |
0x0012 |
0x0012 |
0x0012 |
0x001b |
0x001b |
0x001b |
0x001b |
0x001b |
0x001f |
0x001f |
0x001f |
0x0021 |
0x0021 |
0x0035 |
NtContinue
NTSYSAPI
NTSTATUS
NTAPI
NtContinue(
IN PCONTEXT Context,
IN BOOLEAN TestAlert
);
|
0x0013 |
0x0013 |
0x0013 |
0x0013 |
0x001c |
0x001c |
0x001c |
0x001c |
0x001c |
0x0020 |
0x0020 |
0x0020 |
0x0022 |
0x0022 |
0x0036 |
NtCreateChannel
NTSYSAPI
NTSTATUS
NTAPI
NtCreateChannel(
OUT PHANDLE ChannelHandle,
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
);
|
0x00cd |
0x00cc |
0x00cc |
0x00cc |
0x00f1 |
0x00f1 |
0x00f1 |
0x00f1 |
0x00f1 |
|
|
|
|
|
|
NtCreateDebugObject
NTSYSAPI
NTSTATUS
NTAPI
NtCreateDebugObject(
OUT PHANDLE DebugObject,
IN ULONG AccessRequired,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN BOOLEAN KillProcessOnExit
);
|
|
|
|
|
|
|
|
|
|
0x0021 |
0x0021 |
0x0021 |
0x0023 |
0x0023 |
0x0037 |
NtCreateDirectoryObject
NTSYSAPI
NTSTATUS
NTAPI
NtCreateDirectoryObject(
OUT PHANDLE DirectoryHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
|
0x0014 |
0x0014 |
0x0014 |
0x0014 |
0x001d |
0x001d |
0x001d |
0x001d |
0x001d |
0x0022 |
0x0022 |
0x0022 |
0x0024 |
0x0024 |
0x0038 |
|
NtCreateEnlistment
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x006d |
NtCreateEvent
NTSYSAPI
NTSTATUS
NTAPI
NtCreateEvent(
OUT PHANDLE EventHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN EVENT_TYPE EventType,
IN BOOLEAN InitialState
);
|
0x0015 |
0x0015 |
0x0015 |
0x0015 |
0x001e |
0x001e |
0x001e |
0x001e |
0x001e |
0x0023 |
0x0023 |
0x0023 |
0x0025 |
0x0025 |
0x0039 |
NtCreateEventPair
NTSYSAPI
NTSTATUS
NTAPI
NtCreateEventPair(
OUT PHANDLE EventPairHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
|
0x0016 |
0x0016 |
0x0016 |
0x0016 |
0x001f |
0x001f |
0x001f |
0x001f |
0x001f |
0x0024 |
0x0024 |
0x0024 |
0x0026 |
0x0026 |
0x003a |
NtCreateFile
NTSYSAPI
NTSTATUS
NTAPI
NtCreateFile(
OUT PHANDLE FileHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PLARGE_INTEGER AllocationSize OPTIONAL,
IN ULONG FileAttributes,
IN ULONG ShareAccess,
IN ULONG CreateDisposition,
IN ULONG CreateOptions,
IN PVOID EaBuffer OPTIONAL,
IN ULONG EaLength
);
|
0x0017 |
0x0017 |
0x0017 |
0x0017 |
0x0020 |
0x0020 |
0x0020 |
0x0020 |
0x0020 |
0x0025 |
0x0025 |
0x0025 |
0x0027 |
0x0027 |
0x003b |
NtCreateIoCompletion
NTSYSAPI
NTSTATUS
NTAPI
NtCreateIoCompletion(
OUT PHANDLE IoCompletionHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN ULONG NumberOfConcurrentThreads
);
|
0x0018 |
0x0018 |
0x0018 |
0x0018 |
0x0021 |
0x0021 |
0x0021 |
0x0021 |
0x0021 |
0x0026 |
0x0026 |
0x0026 |
0x0028 |
0x0028 |
0x003c |
NtCreateJobObject
NTSYSAPI
NTSTATUS
NTAPI
NtCreateJobObject(
OUT PHANDLE JobHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
|
|
|
|
|
0x0022 |
0x0022 |
0x0022 |
0x0022 |
0x0022 |
0x0027 |
0x0027 |
0x0027 |
0x0029 |
0x0029 |
0x003d |
NtCreateJobSet
NTSYSAPI
NTSTATUS
NTAPI
NtCreateJobSet(
IN ULONG Jobs,
IN PJOB_SET_ARRAY JobSet,
IN ULONG Reserved
);
|
|
|
|
|
|
|
|
|
|
0x0028 |
0x0028 |
0x0028 |
0x002a |
0x002a |
0x003e |
NtCreateKey
NTSYSAPI
NTSTATUS
NTAPI
NtCreateKey(
OUT PHANDLE KeyHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN ULONG TitleIndex,
IN PUNICODE_STRING Class OPTIONAL,
IN ULONG CreateOptions,
OUT PULONG Disposition OPTIONAL
);
|
0x0019 |
0x0019 |
0x0019 |
0x0019 |
0x0023 |
0x0023 |
0x0023 |
0x0023 |
0x0023 |
0x0029 |
0x0029 |
0x0029 |
0x002b |
0x002b |
0x003f |
NtCreateKeyedEvent
NTSYSAPI
NTSTATUS
NTAPI
NtCreateKeyedEvent(
OUT PHANDLE KeyedEventHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN ULONG Reserved
);
|
|
|
|
|
|
|
|
|
|
0x0117 |
0x0117 |
0x0117 |
0x0121 |
0x0121 |
0x0169 |
NtCreateMailslotFile
NTSYSAPI
NTSTATUS
NTAPI
NtCreateMailslotFile(
OUT PHANDLE FileHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG CreateOptions,
IN ULONG InBufferSize,
IN ULONG MaxMessageSize,
IN PLARGE_INTEGER ReadTimeout OPTIONAL
);
|
0x001a |
0x001a |
0x001a |
0x001a |
0x0024 |
0x0024 |
0x0024 |
0x0024 |
0x0024 |
0x002a |
0x002a |
0x002a |
0x002c |
0x002c |
0x0040 |
NtCreateMutant
NTSYSAPI
NTSTATUS
NTAPI
NtCreateMutant(
OUT PHANDLE MutantHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN BOOLEAN InitialOwner
);
|
0x001b |
0x001b |
0x001b |
0x001b |
0x0025 |
0x0025 |
0x0025 |
0x0025 |
0x0025 |
0x002b |
0x002b |
0x002b |
0x002d |
0x002d |
0x0041 |
NtCreateNamedPipeFile
NTSYSAPI
NTSTATUS
NTAPI
NtCreateNamedPipeFile(
OUT PHANDLE FileHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG ShareAccess,
IN ULONG CreateDisposition,
IN ULONG CreateOptions,
IN BOOLEAN TypeMessage,
IN BOOLEAN ReadmodeMessage,
IN BOOLEAN Nonblocking,
IN ULONG MaxInstances,
IN ULONG InBufferSize,
IN ULONG OutBufferSize,
IN PLARGE_INTEGER DefaultTimeout OPTIONAL
);
|
0x001c |
0x001c |
0x001c |
0x001c |
0x0026 |
0x0026 |
0x0026 |
0x0026 |
0x0026 |
0x002c |
0x002c |
0x002c |
0x002e |
0x002e |
0x0042 |
NtCreatePagingFile
NTSYSAPI
NTSTATUS
NTAPI
NtCreatePagingFile(
IN PUNICODE_STRING FileName,
IN PULARGE_INTEGER InitialSize,
IN PULARGE_INTEGER MaximumSize,
IN ULONG Priority OPTIONAL
);
|
0x001d |
0x001d |
0x001d |
0x001d |
0x0027 |
0x0027 |
0x0027 |
0x0027 |
0x0027 |
0x002d |
0x002d |
0x002d |
0x002f |
0x002f |
0x0044 |
NtCreatePort
NTSYSAPI
NTSTATUS
NTAPI
NtCreatePort(
OUT PHANDLE PortHandle,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN ULONG MaxConnectionInfoLength,
IN ULONG MaxMessageLength,
IN ULONG MaxPoolUsage
);
|
0x001e |
0x001c |
0x001e |
0x001e |
0x0028 |
0x0028 |
0x0028 |
0x0028 |
0x0028 |
0x002e |
0x002e |
0x002e |
0x0030 |
0x0030 |
0x0045 |
|
NtCreatePrivateNamespace
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0043 |
NtCreateProcess
NTSYSAPI
NTSTATUS
NTAPI
NtCreateProcess(
OUT PHANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN HANDLE InheritFromProcessHandle,
IN BOOLEAN InheritHandles,
IN HANDLE SectionHandle OPTIONAL,
IN HANDLE DebugPort OPTIONAL,
IN HANDLE ExceptionPort OPTIONAL
);
|
0x001f |
0x001f |
0x001f |
0x001f |
0x0029 |
0x0029 |
0x0029 |
0x0029 |
0x0029 |
0x002f |
0x002f |
0x002f |
0x0031 |
0x0031 |
0x0046 |
NtCreateProcessEx
NTSYSAPI
NTSTATUS
NTAPI
NtCreateProcessEx(
OUT PHANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN HANDLE InheritFromProcessHandle,
IN ULONG CreateFlags,
IN HANDLE SectionHandle OPTIONAL,
IN HANDLE DebugObject OPTIONAL,
IN HANDLE ExceptionPort OPTIONAL,
IN ULONG JobMemberLevel
);
|
|
|
|
|
|
|
|
|
|
0x0030 |
0x0030 |
0x0030 |
0x0032 |
0x0032 |
0x0047 |
NtCreateProfile
NTSYSAPI
NTSTATUS
NTAPI
NtCreateProfile(
OUT PHANDLE ProfileHandle,
IN HANDLE ProcessHandle,
IN PVOID Base,
IN ULONG Size,
IN ULONG BucketShift,
IN PULONG Buffer,
IN ULONG BufferLength,
IN KPROFILE_SOURCE Source,
IN ULONG ProcessorMask
);
|
0x0020 |
0x0020 |
0x0020 |
0x0020 |
0x002a |
0x002a |
0x002a |
0x002a |
0x002a |
0x0031 |
0x0031 |
0x0031 |
0x0033 |
0x0033 |
0x0048 |
|
NtCreateResourceManager
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0069 |
NtCreateSection
NTSYSAPI
NTSTATUS
NTAPI
NtCreateSection(
OUT PHANDLE SectionHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN PLARGE_INTEGER SectionSize OPTIONAL,
IN ULONG Protect,
IN ULONG Attributes,
IN HANDLE FileHandle
);
|
0x0021 |
0x0021 |
0x0021 |
0x0021 |
0x002b |
0x002b |
0x002b |
0x002b |
0x002b |
0x0032 |
0x0032 |
0x0032 |
0x0034 |
0x0034 |
0x0049 |
NtCreateSemaphore
NTSYSAPI
NTSTATUS
NTAPI
NtCreateSemaphore(
OUT PHANDLE SemaphoreHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN LONG InitialCount,
IN LONG MaximumCount
);
|
0x0022 |
0x0022 |
0x0022 |
0x0022 |
0x002c |
0x002c |
0x002c |
0x002c |
0x002c |
0x0033 |
0x0033 |
0x0033 |
0x0035 |
0x0035 |
0x004a |
NtCreateSymbolicLinkObject
NTSYSAPI
NTSTATUS
NTAPI
NtCreateSymbolicLinkObject(
OUT PHANDLE SymbolicLinkHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN PUNICODE_STRING TargetName
);
|
0x0023 |
0x0023 |
0x0023 |
0x0023 |
0x002d |
0x002d |
0x002d |
0x002d |
0x002d |
0x0034 |
0x0034 |
0x0034 |
0x0036 |
0x0036 |
0x004b |
NtCreateThread
NTSYSAPI
NTSTATUS
NTAPI
NtCreateThread(
OUT PHANDLE ThreadHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN HANDLE ProcessHandle,
OUT PCLIENT_ID ClientId,
IN PCONTEXT ThreadContext,
IN PUSER_STACK UserStack,
IN BOOLEAN CreateSuspended
);
|
0x0024 |
0x0024 |
0x0024 |
0x0024 |
0x002e |
0x002e |
0x002e |
0x002e |
0x002e |
0x0035 |
0x0035 |
0x0035 |
0x0037 |
0x0037 |
0x004c |
|
NtCreateThreadEx
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0181 |
NtCreateTimer
NTSYSAPI
NTSTATUS
NTAPI
NtCreateTimer(
OUT PHANDLE TimerHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN TIMER_TYPE TimerType
);
|
0x0025 |
0x0025 |
0x0025 |
0x0025 |
0x002f |
0x002f |
0x002f |
0x002f |
0x002f |
0x0036 |
0x0036 |
0x0036 |
0x0038 |
0x0038 |
0x004d |
NtCreateToken
NTSYSAPI
NTSTATUS
NTAPI
NtCreateToken(
OUT PHANDLE TokenHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN TOKEN_TYPE Type,
IN PLUID AuthenticationId,
IN PLARGE_INTEGER ExpirationTime,
IN PTOKEN_USER User,
IN PTOKEN_GROUPS Groups,
IN PTOKEN_PRIVILEGES Privileges,
IN PTOKEN_OWNER Owner,
IN PTOKEN_PRIMARY_GROUP PrimaryGroup,
IN PTOKEN_DEFAULT_DACL DefaultDacl,
IN PTOKEN_SOURCE Source
);
|
0x0026 |
0x0026 |
0x0026 |
0x0026 |
0x0030 |
0x0030 |
0x0030 |
0x0030 |
0x0030 |
0x0037 |
0x0037 |
0x0037 |
0x0039 |
0x0039 |
0x004e |
|
NtCreateTransaction
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x004f |
|
NtCreateTransactionManager
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0062 |
NtCreateWaitablePort
NTSYSAPI
NTSTATUS
NTAPI
NtCreateWaitablePort(
OUT PHANDLE PortHandle,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN ULONG MaxConnectionInfoLength,
IN ULONG MaxMessageLength,
IN ULONG MaxPoolUsage
);
|
|
|
|
|
0x0031 |
0x0031 |
0x0031 |
0x0031 |
0x0031 |
0x0038 |
0x0038 |
0x0038 |
0x003a |
0x003a |
0x0072 |
|
NtCreateWinStation
|
|
0x00d3 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
NtCreateWorkerFactory
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x017a |
NtDebugActiveProcess
NTSYSAPI
NTSTATUS
NTAPI
NtDebugActiveProcess(
IN HANDLE Process,
IN HANDLE DebugObject
);
|
|
|
|
|
|
|
|
|
|
0x0039 |
0x0039 |
0x0039 |
0x003b |
0x003b |
0x0073 |
NtDebugContinue
NTSYSAPI
NTSTATUS
NTAPI
NtDebugContinue(
IN HANDLE DebugObject,
IN PCLIENT_ID AppClientId,
IN NTSTATUS ContinueStatus
);
|
|
|
|
|
|
|
|
|
|
0x003a |
0x003a |
0x003a |
0x003c |
0x003c |
0x0074 |
NtDelayExecution
NTSYSAPI
NTSTATUS
NTAPI
NtDelayExecution(
IN BOOLEAN Alertable,
IN PLARGE_INTEGER Interval
);
|
0x0027 |
0x0027 |
0x0027 |
0x0027 |
0x0032 |
0x0032 |
0x0032 |
0x0032 |
0x0032 |
0x003b |
0x003b |
0x003b |
0x003d |
0x003d |
0x0075 |
NtDeleteAtom
NTSYSAPI
NTSTATUS
NTAPI
NtDeleteAtom(
IN USHORT Atom
);
|
0x0028 |
0x0028 |
0x0028 |
0x0028 |
0x0033 |
0x0033 |
0x0033 |
0x0033 |
0x0033 |
0x003c |
0x003c |
0x003c |
0x003e |
0x003e |
0x0076 |
NtDeleteBootEntry
NTSYSAPI
NTSTATUS
NTAPI
NtDeleteBootEntry(
IN PUNICODE_STRING EntryName,
IN PUNICODE_STRING EntryValue
);
|
|
|
|
|
|
|
|
|
|
0x003d |
0x003d |
0x003d |
0x003f |
0x003f |
0x0077 |
NtDeleteDriverEntry
NTSYSAPI
NTSTATUS
NTAPI
NtDeleteDriverEntry(
IN PUNICODE_STRING DriverName,
IN PUNICODE_STRING DriverPath
);
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0040 |
0x0040 |
0x0078 |
NtDeleteFile
NTSYSAPI
NTSTATUS
NTAPI
NtDeleteFile(
IN POBJECT_ATTRIBUTES ObjectAttributes
);
|
0x0029 |
0x0029 |
0x0029 |
0x0029 |
0x0034 |
0x0034 |
0x0034 |
0x0034 |
0x0034 |
0x003e |
0x003e |
0x003e |
0x0041 |
0x0041 |
0x0079 |
NtDeleteKey
NTSYSAPI
NTSTATUS
NTAPI
NtDeleteKey(
IN HANDLE KeyHandle
);
|
0x002a |
0x002a |
0x002a |
0x002a |
0x0035 |
0x0035 |
0x0035 |
0x0035 |
0x0035 |
0x003f |
0x003f |
0x003f |
0x0042 |
0x0042 |
0x007a |
NtDeleteObjectAuditAlarm
NTSYSAPI
NTSTATUS
NTAPI
NtDeleteObjectAuditAlarm(
IN PUNICODE_STRING SubsystemName,
IN PVOID HandleId,
IN BOOLEAN GenerateOnClose
);
|
0x002b |
0x002b |
0x002b |
0x002b |
0x0036 |
0x0036 |
0x0036 |
0x0036 |
0x0036 |
0x0040 |
0x0040 |
0x0040 |
0x0043 |
0x0043 |
0x007c |
|
NtDeletePrivateNamespace
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x007b |
NtDeleteValueKey
NTSYSAPI
NTSTATUS
NTAPI
NtDeleteValueKey(
IN HANDLE KeyHandle,
IN PUNICODE_STRING ValueName
);
|
0x002c |
0x002c |
0x002c |
0x002c |
0x0037 |
0x0037 |
0x0037 |
0x0037 |
0x0037 |
0x0041 |
0x0041 |
0x0041 |
0x0044 |
0x0044 |
0x007d |
NtDeviceIoControlFile
NTSYSAPI
NTSTATUS
NTAPI
NtDeviceIoControlFile(
IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG IoControlCode,
IN PVOID InputBuffer OPTIONAL,
IN ULONG InputBufferLength,
OUT PVOID OutputBuffer OPTIONAL,
IN ULONG OutputBufferLength
);
|
0x002d |
0x002d |
0x002d |
0x002d |
0x0038 |
0x0038 |
0x0038 |
0x0038 |
0x0038 |
0x0042 |
0x0042 |
0x0042 |
0x0045 |
0x0045 |
0x007e |
NtDisplayString
NTSYSAPI
NTSTATUS
NTAPI
NtDisplayString(
IN PUNICODE_STRING String
);
|
0x002e |
0x002e |
0x002e |
0x002e |
0x0039 |
0x0039 |
0x0039 |
0x0039 |
0x0039 |
0x0043 |
0x0043 |
0x0043 |
0x0046 |
0x0046 |
0x007f |
NtDuplicateObject
NTSYSAPI
NTSTATUS
NTAPI
NtDuplicateObject(
IN HANDLE SourceProcessHandle,
IN HANDLE SourceHandle,
IN HANDLE TargetProcessHandle,
OUT PHANDLE TargetHandle OPTIONAL,
IN ACCESS_MASK DesiredAccess,
IN ULONG Attributes,
IN ULONG Options
);
|
0x002f |
0x002f |
0x002f |
0x002f |
0x003a |
0x003a |
0x003a |
0x003a |
0x003a |
0x0044 |
0x0044 |
0x0044 |
0x0047 |
0x0047 |
0x0080 |
NtDuplicateToken
NTSYSAPI
NTSTATUS
NTAPI
NtDuplicateToken(
IN HANDLE ExistingTokenHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN BOOLEAN EffectiveOnly,
IN TOKEN_TYPE TokenType,
OUT PHANDLE NewTokenHandle
);
|
0x0030 |
0x0030 |
0x0030 |
0x0030 |
0x003b |
0x003b |
0x003b |
0x003b |
0x003b |
0x0045 |
0x0045 |
0x0045 |
0x0048 |
0x0048 |
0x0081 |
NtEnumerateBootEntries
NTSYSAPI
NTSTATUS
NTAPI
NtEnumerateBootEntries(
IN ULONG Unknown1,
IN ULONG Unknown2
);
|
|
|
|
|
|
|
|
|
|
0x0046 |
0x0046 |
0x0046 |
0x0049 |
0x0049 |
0x0082 |
NtEnumerateDriverEntries
NTSYSAPI
NTSTATUS
NTAPI
NtEnumerateDriverEntries(
IN ULONG Unknown1,
IN ULONG Unknown2
);
|
|
|
|
|
|
|
|
|
|
|
|
|
0x004a |
0x004a |
0x0083 |
NtEnumerateKey
NTSYSAPI
NTSTATUS
NTAPI
NtEnumerateKey(
IN HANDLE KeyHandle,
IN ULONG Index,
IN KEY_INFORMATION_CLASS KeyInformationClass,
OUT PVOID KeyInformation,
IN ULONG KeyInformationLength,
OUT PULONG ResultLength
);
|
0x0031 |
0x0031 |
0x0031 |
0x0031 |
0x003c |
0x003c |
0x003c |
0x003c |
0x003c |
0x0047 |
0x0047 |
0x0047 |
0x004b |
0x004b |
0x0084 |
NtEnumerateSystemEnvironmentValuesEx
NTSYSAPI
NTSTATUS
NTAPI
NtEnumerateSystemEnvironmentValuesEx(
IN ULONG Unknown1,
IN ULONG Unknown2,
IN ULONG Unknown3
);
|
|
|
|
|
|
|
|
|
|
0x0048 |
0x0048 |
0x0048 |
0x004c |
0x004c |
0x0085 |
NtEnumerateValueKey
NTSYSAPI
NTSTATUS
NTAPI
NtEnumerateValueKey(
IN HANDLE KeyHandle,
IN ULONG Index,
IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
OUT PVOID KeyValueInformation,
IN ULONG KeyValueInformationLength,
OUT PULONG ResultLength
);
|
0x0032 |
0x0032 |
0x0032 |
0x0032 |
0x003d |
0x003d |
0x003d |
0x003d |
0x003d |
0x0049 |
0x0049 |
0x0049 |
0x004d |
0x004d |
0x0086 |
NtExtendSection
NTSYSAPI
NTSTATUS
NTAPI
NtExtendSection(
IN HANDLE SectionHandle,
IN PLARGE_INTEGER SectionSize
);
|
0x0033 |
0x0033 |
0x0033 |
0x0033 |
0x003e |
0x003e |
0x003e |
0x003e |
0x003e |
0x004a |
0x004a |
0x004a |
0x004e |
0x004e |
0x0087 |
NtFilterToken
NTSYSAPI
NTSTATUS
NTAPI
NtFilterToken(
IN HANDLE ExistingTokenHandle,
IN ULONG Flags,
IN PTOKEN_GROUPS SidsToDisable,
IN PTOKEN_PRIVILEGES PrivilegesToDelete,
IN PTOKEN_GROUPS SidsToRestricted,
OUT PHANDLE NewTokenHandle
);
|
|
|
|
|
0x003f |
0x003f |
0x003f |
0x003f |
0x003f |
0x004b |
0x004b |
0x004b |
0x004f |
0x004f |
0x0088 |
NtFindAtom
NTSYSAPI
NTSTATUS
NTAPI
NtFindAtom(
IN PWSTR String,
IN ULONG StringLength,
OUT PUSHORT Atom
);
|
0x0034 |
0x0034 |
0x0034 |
0x0034 |
0x0040 |
0x0040 |
0x0040 |
0x0040 |
0x0040 |
0x004c |
0x004c |
0x004c |
0x0050 |
0x0050 |
0x0089 |
NtFlushBuffersFile
NTSYSAPI
NTSTATUS
NTAPI
NtFlushBuffersFile(
IN HANDLE FileHandle,
OUT PIO_STATUS_BLOCK IoStatusBlock
);
|
0x0035 |
0x0035 |
0x0035 |
0x0035 |
0x0041 |
0x0041 |
0x0041 |
0x0041 |
0x0041 |
0x004d |
0x004d |
0x004d |
0x0051 |
0x0051 |
0x008a |
|
NtFlushInstallUILanguage
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0189 |
NtFlushInstructionCache
NTSYSAPI
NTSTATUS
NTAPI
NtFlushInstructionCache(
IN HANDLE ProcessHandle,
IN PVOID BaseAddress OPTIONAL,
IN ULONG FlushSize
);
|
0x0036 |
0x0036 |
0x0036 |
0x0036 |
0x0042 |
0x0042 |
0x0042 |
0x0042 |
0x0042 |
0x004e |
0x004e |
0x004e |
0x0052 |
0x0052 |
0x008b |
NtFlushKey
NTSYSAPI
NTSTATUS
NTAPI
NtFlushKey(
IN HANDLE KeyHandle
);
|
0x0037 |
0x0037 |
0x0037 |
0x0037 |
0x0043 |
0x0043 |
0x0043 |
0x0043 |
0x0043 |
0x004f |
0x004f |
0x004f |
0x0053 |
0x0053 |
0x008c |
|
NtFlushProcessWriteBuffers
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x008d |
NtFlushVirtualMemory
NTSYSAPI
NTSTATUS
NTAPI
NtFlushVirtualMemory(
IN HANDLE ProcessHandle,
IN OUT PVOID *BaseAddress,
IN OUT PULONG FlushSize,
OUT PIO_STATUS_BLOCK IoStatusBlock
);
|
0x0038 |
0x0038 |
0x0038 |
0x0038 |
0x0044 |
0x0044 |
0x0044 |
0x0044 |
0x0044 |
0x0050 |
0x0050 |
0x0050 |
0x0054 |
0x0054 |
0x008e |
NtFlushWriteBuffer
NTSYSAPI
NTSTATUS
NTAPI
NtFlushWriteBuffer(
VOID
);
|
0x0039 |
0x0039 |
0x0039 |
0x0039 |
0x0045 |
0x0045 |
0x0045 |
0x0045 |
0x0045 |
0x0051 |
0x0051 |
0x0051 |
0x0055 |
0x0055 |
0x008f |
NtFreeUserPhysicalPages
NTSYSAPI
NTSTATUS
NTAPI
NtFreeUserPhysicalPages(
IN HANDLE ProcessHandle,
IN OUT PULONG NumberOfPages,
IN PULONG PageFrameNumbers
);
|
|
|
|
|
0x0046 |
0x0046 |
0x0046 |
0x0046 |
0x0046 |
0x0052 |
0x0052 |
0x0052 |
0x0056 |
0x0056 |
0x0090 |
NtFreeVirtualMemory
NTSYSAPI
NTSTATUS
NTAPI
NtFreeVirtualMemory(
IN HANDLE ProcessHandle,
IN OUT PVOID *BaseAddress,
IN OUT PULONG FreeSize,
IN ULONG FreeType
);
|
0x003a |
0x003a |
0x003a |
0x003a |
0x0047 |
0x0047 |
0x0047 |
0x0047 |
0x0047 |
0x0053 |
0x0053 |
0x0053 |
0x0057 |
0x0057 |
0x0091 |
|
NtFreezeRegistry
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0092 |
|
NtFreezeTransactions
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0093 |
NtFsControlFile
NTSYSAPI
NTSTATUS
NTAPI
NtFsControlFile(
IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG FsControlCode,
IN PVOID InputBuffer OPTIONAL,
IN ULONG InputBufferLength,
OUT PVOID OutputBuffer OPTIONAL,
IN ULONG OutputBufferLength
);
|
0x003b |
0x003b |
0x003b |
0x003b |
0x0048 |
0x0048 |
0x0048 |
0x0048 |
0x0048 |
0x0054 |
0x0054 |
0x0054 |
0x0058 |
0x0058 |
0x0094 |
NtGetContextThread
NTSYSAPI
NTSTATUS
NTAPI
NtGetContextThread(
IN HANDLE ThreadHandle,
OUT PCONTEXT Context
);
|
0x003c |
0x003c |
0x003c |
0x003c |
0x0049 |
0x0049 |
0x0049 |
0x0049 |
0x0049 |
0x0055 |
0x0055 |
0x0055 |
0x0059 |
0x0059 |
0x0095 |
NtGetCurrentProcessorNumber
NTSYSAPI
ULONG
NTAPI
NtGetCurrentProcessorNumber(
VOID
);
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0126 |
0x0126 |
0x016e |
NtGetDevicePowerState
NTSYSAPI
NTSTATUS
NTAPI
NtGetDevicePowerState(
IN HANDLE DeviceHandle,
OUT PDEVICE_POWER_STATE DevicePowerState
);
|
|
|
|
|
0x004a |
0x004a |
0x004a |
0x004a |
0x004a |
0x0056 |
0x0056 |
0x0056 |
0x005a |
0x005a |
0x0096 |
|
NtGetMUILicenseInfo
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0186 |
|
NtGetMUIRegistryInfo
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x018a |
|
NtGetNextProcess
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0170 |
|
NtGetNextThread
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0171 |
|
NtGetNlsSectionPtr
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0097 |
|
NtGetNotificationResourceManager
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x006b |
NtGetPlugPlayEvent
NTSYSAPI
NTSTATUS
NTAPI
NtGetPlugPlayEvent(
IN ULONG Reserved1,
IN ULONG Reserved2,
OUT PVOID Buffer,
IN ULONG BufferLength
);
|
0x003d |
0x003d |
0x003d |
0x003d |
0x004b |
0x004b |
0x004b |
0x004b |
0x004b |
0x0057 |
0x0057 |
0x0057 |
0x005b |
0x005b |
0x0098 |
NtGetTickCount
NTSYSAPI
ULONG
NTAPI
NtGetTickCount(
VOID
);
|
0x003e |
0x003e |
0x003e |
0x003e |
0x004c |
0x004c |
0x004c |
0x004c |
0x004c |
|
|
|
|
|
|
NtGetWriteWatch
NTSYSAPI
NTSTATUS
NTAPI
NtGetWriteWatch(
IN HANDLE ProcessHandle,
IN ULONG Flags,
IN PVOID BaseAddress,
IN ULONG RegionSize,
OUT PULONG Buffer,
IN OUT PULONG BufferEntries,
OUT PULONG Granularity
);
|
|
|
|
|
0x004d |
0x004d |
0x004d |
0x004d |
0x004d |
0x0058 |
0x0058 |
0x0058 |
0x005c |
0x005c |
0x0099 |
NtImpersonateAnonymousToken
NTSYSAPI
NTSTATUS
NTAPI
NtImpersonateAnonymousToken(
IN HANDLE ThreadHandle
);
|
|
|
|
|
0x004e |
0x004e |
0x004e |
0x004e |
0x004e |
0x0059 |
0x0059 |
0x0059 |
0x005d |
0x005d |
0x009a |
NtImpersonateClientOfPort
NTSYSAPI
NTSTATUS
NTAPI
NtImpersonateClientOfPort(
IN HANDLE PortHandle,
IN PPORT_MESSAGE Message
);
|
0x003f |
0x003f |
0x003f |
0x003f |
0x004f |
0x004f |
0x004f |
0x004f |
0x004f |
0x005a |
0x005a |
0x005a |
0x005e |
0x005e |
0x009b |
NtImpersonateThread
NTSYSAPI
NTSTATUS
NTAPI
NtImpersonateThread(
IN HANDLE ThreadHandle,
IN HANDLE TargetThreadHandle,
IN PSECURITY_QUALITY_OF_SERVICE SecurityQos
);
|
0x0040 |
0x0040 |
0x0040 |
0x0040 |
0x0050 |
0x0050 |
0x0050 |
0x0050 |
0x0050 |
0x005b |
0x005b |
0x005b |
0x005f |
0x005f |
0x009c |
|
NtInitializeNlsFiles
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x009d |
NtInitializeRegistry
NTSYSAPI
NTSTATUS
NTAPI
NtInitializeRegistry(
IN BOOLEAN Setup
);
|
0x0041 |
0x0041 |
0x0041 |
0x0041 |
0x0051 |
0x0051 |
0x0051 |
0x0051 |
0x0051 |
0x005c |
0x005c |
0x005c |
0x0060 |
0x0060 |
0x009e |
NtInitiatePowerAction
NTSYSAPI
NTSTATUS
NTAPI
NtInitiatePowerAction(
IN POWER_ACTION SystemAction,
IN SYSTEM_POWER_STATE MinSystemState,
IN ULONG Flags,
IN BOOLEAN Asynchronous
);
|
|
|
|
|
0x0052 |
0x0052 |
0x0052 |
0x0052 |
0x0052 |
0x005d |
0x005d |
0x005d |
0x0061 |
0x0061 |
0x009f |
NtIsProcessInJob
NTSYSAPI
NTSTATUS
NTAPI
NtIsProcessInJob(
IN HANDLE ProcessHandle,
IN HANDLE JobHandle OPTIONAL
);
|
|
|
|
|
|
|
|
|
|
0x005e |
0x005e |
0x005e |
0x0062 |
0x0062 |
0x00a0 |
NtIsSystemResumeAutomatic
NTSYSAPI
BOOLEAN
NTAPI
NtIsSystemResumeAutomatic(
VOID
);
|
|
|
|
|
0x0053 |
0x0053 |
0x0053 |
0x0053 |
0x0053 |
0x005f |
0x005f |
0x005f |
0x0063 |
0x0063 |
0x00a1 |
|
NtIsUILanguageComitted
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0188 |
|
NtListTransactions
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0185 |
NtListenChannel
NTSYSAPI
NTSTATUS
NTAPI
NtListenChannel(
IN HANDLE ChannelHandle,
OUT PCHANNEL_MESSAGE *Message
);
|
0x00ce |
0x00cd |
0x00cd |
0x00cd |
0x00f2 |
0x00f2 |
0x00f2 |
0x00f2 |
0x00f2 |
|
|
|
|
|
|
NtListenPort
NTSYSAPI
NTSTATUS
NTAPI
NtListenPort(
IN HANDLE PortHandle,
OUT PPORT_MESSAGE Message
);
|
0x0042 |
0x0042 |
0x0042 |
0x0042 |
0x0054 |
0x0054 |
0x0054 |
0x0054 |
0x0054 |
0x0060 |
0x0060 |
0x0060 |
0x0064 |
0x0064 |
0x00a2 |
NtLoadDriver
NTSYSAPI
NTSTATUS
NTAPI
NtLoadDriver(
IN PUNICODE_STRING DriverServiceName
);
|
0x0043 |
0x0043 |
0x0043 |
0x0043 |
0x0055 |
0x0055 |
0x0055 |
0x0055 |
0x0055 |
0x0061 |
0x0061 |
0x0061 |
0x0065 |
0x0065 |
0x00a3 |
NtLoadKey
NTSYSAPI
NTSTATUS
NTAPI
NtLoadKey(
IN POBJECT_ATTRIBUTES KeyObjectAttributes,
IN POBJECT_ATTRIBUTES FileObjectAttributes
);
|
0x0044 |
0x0044 |
0x0044 |
0x0044 |
0x0056 |
0x0056 |
0x0056 |
0x0056 |
0x0056 |
0x0062 |
0x0062 |
0x0062 |
0x0066 |
0x0066 |
0x00a4 |
NtLoadKey2
NTSYSAPI
NTSTATUS
NTAPI
NtLoadKey2(
IN POBJECT_ATTRIBUTES KeyObjectAttributes,
IN POBJECT_ATTRIBUTES FileObjectAttributes,
IN ULONG Flags
);
|
0x0045 |
0x0045 |
0x0045 |
0x0045 |
0x0057 |
0x0057 |
0x0057 |
0x0057 |
0x0057 |
0x0063 |
0x0063 |
0x0063 |
0x0067 |
0x0067 |
0x00a5 |
NtLoadKeyEx
NTSYSAPI
NTSTATUS
NTAPI
NtLoadKeyEx(
IN POBJECT_ATTRIBUTES KeyObjectAttributes,
IN POBJECT_ATTRIBUTES FileObjectAttributes,
IN ULONG Flags,
IN HANDLE Key OPTIONAL
);
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0068 |
0x0068 |
0x00a6 |
NtLockFile
NTSYSAPI
NTSTATUS
NTAPI
NtLockFile(
IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PULARGE_INTEGER LockOffset,
IN PULARGE_INTEGER LockLength,
IN ULONG Key,
IN BOOLEAN FailImmediately,
IN BOOLEAN ExclusiveLock
);
|
0x0046 |
0x0046 |
0x0046 |
0x0046 |
0x0058 |
0x0058 |
0x0058 |
0x0058 |
0x0058 |
0x0064 |
0x0064 |
0x0064 |
0x0069 |
0x0069 |
0x00a7 |
NtLockProductActivationKeys
NTSYSAPI
NTSTATUS
NTAPI
NtLockProductActivationKeys(
IN OUT PULONG ProductBuild OPTIONAL,
OUT PSAFEBOOT_MODE InitSafeBootMode OPTIONAL
);
|
|
|
|
|
|
|
|
|
|
0x0065 |
0x0065 |
0x0065 |
0x006a |
0x006a |
0x00a8 |
NtLockRegistryKey
NTSYSAPI
NTSTATUS
NTAPI
NtLockRegistryKey(
IN HANDLE Key
);
|
|
|
|
|
|
|
|
|
|
0x0066 |
0x0066 |
0x0066 |
0x006b |
0x006b |
0x00a9 |
NtLockVirtualMemory
NTSYSAPI
NTSTATUS
NTAPI
NtLockVirtualMemory(
IN HANDLE ProcessHandle,
IN OUT PVOID *BaseAddress,
IN OUT PULONG LockSize,
IN ULONG LockType
);
|
0x0047 |
0x0047 |
0x0047 |
0x0047 |
0x0059 |
0x0059 |
0x0059 |
0x0059 |
0x0059 |
0x0067 |
0x0067 |
0x0067 |
0x006c |
0x006c |
0x00aa |
NtMakePermanentObject
NTSYSAPI
NTSTATUS
NTAPI
NtMakePermanentObject(
IN HANDLE Object
);
|
|
|
|
|
|
|
|
|
|
0x0068 |
0x0068 |
0x0068 |
0x006d |
0x006d |
0x00ab |
NtMakeTemporaryObject
NTSYSAPI
NTSTATUS
NTAPI
NtMakeTemporaryObject(
IN HANDLE Handle
);
|
0x0048 |
0x0048 |
0x0048 |
0x0048 |
0x005a |
0x005a |
0x005a |
0x005a |
0x005a |
0x0069 |
0x0069 |
0x0069 |
0x006e |
0x006e |
0x00ac |
|
NtMapCMFModule
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0184 |
NtMapUserPhysicalPages
NTSYSAPI
NTSTATUS
NTAPI
NtMapUserPhysicalPages(
IN PVOID BaseAddress,
IN PULONG NumberOfPages,
IN PULONG PageFrameNumbers
);
|
|
|
|
|
0x005b |
0x005b |
0x005b |
0x005b |
0x005b |
0x006a |
0x006a |
0x006a |
0x006f |
0x006f |
0x00ad |
NtMapUserPhysicalPagesScatter
NTSYSAPI
NTSTATUS
NTAPI
NtMapUserPhysicalPagesScatter(
IN PVOID *BaseAddresses,
IN PULONG NumberOfPages,
IN PULONG PageFrameNumbers
);
|
|
|
|
|
0x005c |
0x005c |
0x005c |
0x005c |
0x005c |
0x006b |
0x006b |
0x006b |
0x0070 |
0x0070 |
0x00ae |
NtMapViewOfSection
NTSYSAPI
NTSTATUS
NTAPI
NtMapViewOfSection(
IN HANDLE SectionHandle,
IN HANDLE ProcessHandle,
IN OUT PVOID *BaseAddress,
IN ULONG ZeroBits,
IN ULONG CommitSize,
IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
IN OUT PULONG ViewSize,
IN SECTION_INHERIT InheritDisposition,
IN ULONG AllocationType,
IN ULONG Protect
);
|
0x0049 |
0x0049 |
0x0049 |
0x0049 |
0x005d |
0x005d |
0x005d |
0x005d |
0x005d |
0x006c |
0x006c |
0x006c |
0x0071 |
0x0071 |
0x00af |
|
NtMarshallTransaction
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0177 |
NtModifyBootEntry
NTSYSAPI
NTSTATUS
NTAPI
NtModifyBootEntry(
IN PUNICODE_STRING EntryName,
IN PUNICODE_STRING EntryValue
);
|
|
|
|
|
|
|
|
|
|
0x006d |
0x006d |
0x006d |
0x0072 |
0x0072 |
0x00b0 |
NtModifyDriverEntry
NTSYSAPI
NTSTATUS
NTAPI
NtModifyDriverEntry(
IN PUNICODE_STRING DriverName,
IN PUNICODE_STRING DriverPath
);
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0073 |
0x0073 |
0x00b1 |
NtNotifyChangeDirectoryFile
NTSYSAPI
NTSTATUS
NTAPI
NtNotifyChangeDirectoryFile(
IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PFILE_NOTIFY_INFORMATION Buffer,
IN ULONG BufferLength,
IN ULONG NotifyFilter,
IN BOOLEAN WatchSubtree
);
|
0x004a |
0x004a |
0x004a |
0x004a |
0x005e |
0x005e |
0x005e |
0x005e |
0x005e |
0x006e |
0x006e |
0x006e |
0x0074 |
0x0074 |
0x00b2 |
NtNotifyChangeKey
NTSYSAPI
NTSTATUS
NTAPI
NtNotifyChangeKey(
IN HANDLE KeyHandle,
IN HANDLE EventHandle OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG NotifyFilter,
IN BOOLEAN WatchSubtree,
IN PVOID Buffer,
IN ULONG BufferLength,
IN BOOLEAN Asynchronous
);
|
0x004b |
0x004b |
0x004b |
0x004b |
0x005f |
0x005f |
0x005f |
0x005f |
0x005f |
0x006f |
0x006f |
0x006f |
0x0075 |
0x0075 |
0x00b3 |
NtNotifyChangeMultipleKeys
NTSYSAPI
NTSTATUS
NTAPI
NtNotifyChangeMultipleKeys(
IN HANDLE KeyHandle,
IN ULONG Flags,
IN POBJECT_ATTRIBUTES KeyObjectAttributes,
IN HANDLE EventHandle OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG NotifyFilter,
IN BOOLEAN WatchSubtree,
IN PVOID Buffer,
IN ULONG BufferLength,
IN BOOLEAN Asynchronous
);
|
|
|
|
|
0x0060 |
0x0060 |
0x0060 |
0x0060 |
0x0060 |
0x0070 |
0x0070 |
0x0070 |
0x0076 |
0x0076 |
0x00b4 |
NtOpenChannel
NTSYSAPI
NTSTATUS
NTAPI
NtOpenChannel(
OUT PHANDLE ChannelHandle,
IN PUNICODE_STRING ChannelName
);
NTSYSAPI
NTSTATUS
NTAPI
NtOpenChannel(
OUT PHANDLE ChannelHandle,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
|
0x00cf |
0x00ce |
0x00ce |
0x00ce |
0x00f3 |
0x00f3 |
0x00f3 |
0x00f3 |
0x00f3 |
|
|
|
|
|
|
NtOpenDirectoryObject
NTSYSAPI
NTSTATUS
NTAPI
NtOpenDirectoryObject(
OUT PHANDLE DirectoryHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
|
0x004c |
0x004c |
0x004c |
0x004c |
0x0061 |
0x0061 |
0x0061 |
0x0061 |
0x0061 |
0x0071 |
0x0071 |
0x0071 |
0x0077 |
0x0077 |
0x00b5 |
|
NtOpenEnlistment
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x006e |
NtOpenEvent
NTSYSAPI
NTSTATUS
NTAPI
NtOpenEvent(
OUT PHANDLE EventHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
|
0x004d |
0x004d |
0x004d |
0x004d |
0x0062 |
0x0062 |
0x0062 |
0x0062 |
0x0062 |
0x0072 |
0x0072 |
0x0072 |
0x0078 |
0x0078 |
0x00b6 |
NtOpenEventPair
NTSYSAPI
NTSTATUS
NTAPI
NtOpenEventPair(
OUT PHANDLE EventPairHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
|
0x004e |
0x004e |
0x004e |
0x004e |
0x0063 |
0x0063 |
0x0063 |
0x0063 |
0x0063 |
0x0073 |
0x0073 |
0x0073 |
0x0079 |
0x0079 |
0x00b7 |
NtOpenFile
NTSYSAPI
NTSTATUS
NTAPI
NtOpenFile(
OUT PHANDLE FileHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG ShareAccess,
IN ULONG OpenOptions
);
|
0x004f |
0x004f |
0x004f |
0x004f |
0x0064 |
0x0064 |
0x0064 |
0x0064 |
0x0064 |
0x0074 |
0x0074 |
0x0074 |
0x007a |
0x007a |
0x00b8 |
NtOpenIoCompletion
NTSYSAPI
NTSTATUS
NTAPI
NtOpenIoCompletion(
OUT PHANDLE IoCompletionHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
|
0x0050 |
0x0050 |
0x0050 |
0x0050 |
0x0065 |
0x0065 |
0x0065 |
0x0065 |
0x0065 |
0x0075 |
0x0075 |
0x0075 |
0x007b |
0x007b |
0x00b9 |
NtOpenJobObject
NTSYSAPI
NTSTATUS
NTAPI
NtOpenJobObject(
OUT PHANDLE JobHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
|
|
|
|
|
0x0066 |
0x0066 |
0x0066 |
0x0066 |
0x0066 |
0x0076 |
0x0076 |
0x0076 |
0x007c |
0x007c |
0x00ba |
NtOpenKey
NTSYSAPI
NTSTATUS
NTAPI
NtOpenKey(
OUT PHANDLE KeyHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
|
0x0051 |
0x0051 |
0x0051 |
0x0051 |
0x0067 |
0x0067 |
0x0067 |
0x0067 |
0x0067 |
0x0077 |
0x0077 |
0x0077 |
0x007d |
0x007d |
0x00bb |
NtOpenKeyedEvent
NTSYSAPI
NTSTATUS
NTAPI
NtOpenKeyedEvent(
OUT PHANDLE KeyedEventHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
|
|
|
|
|
|
|
|
|
|
0x0118 |
0x0118 |
0x0118 |
0x0122 |
0x0122 |
0x016a |
NtOpenMutant
NTSYSAPI
NTSTATUS
NTAPI
NtOpenMutant(
OUT PHANDLE MutantHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
|
0x0052 |
0x0052 |
0x0052 |
0x0052 |
0x0068 |
0x0068 |
0x0068 |
0x0068 |
0x0068 |
0x0078 |
0x0078 |
0x0078 |
0x007e |
0x007e |
0x00bc |
NtOpenObjectAuditAlarm
NTSYSAPI
NTSTATUS
NTAPI
NtOpenObjectAuditAlarm(
IN PUNICODE_STRING SubsystemName,
IN PVOID *HandleId,
IN PUNICODE_STRING ObjectTypeName,
IN PUNICODE_STRING ObjectName,
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN HANDLE TokenHandle,
IN ACCESS_MASK DesiredAccess,
IN ACCESS_MASK GrantedAccess,
IN PPRIVILEGE_SET Privileges OPTIONAL,
IN BOOLEAN ObjectCreation,
IN BOOLEAN AccessGranted,
OUT PBOOLEAN GenerateOnClose
);
|
0x0053 |
0x0053 |
0x0053 |
0x0053 |
0x0069 |
0x0069 |
0x0069 |
0x0069 |
0x0069 |
0x0079 |
0x0079 |
0x0079 |
0x007f |
0x007f |
0x00be |
|
NtOpenPrivateNamespace
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x00bd |
NtOpenProcess
NTSYSAPI
NTSTATUS
NTAPI
NtOpenProcess(
OUT PHANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN PCLIENT_ID ClientId OPTIONAL
);
|
0x0054 |
0x0054 |
0x0054 |
0x0054 |
0x006a |
0x006a |
0x006a |
0x006a |
0x006a |
0x007a |
0x007a |
0x007a |
0x0080 |
0x0080 |
0x00bf |
NtOpenProcessToken
NTSYSAPI
NTSTATUS
NTAPI
NtOpenProcessToken(
IN HANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
OUT PHANDLE TokenHandle
);
|
0x0055 |
0x0055 |
0x0055 |
0x0055 |
0x006b |
0x006b |
0x006b |
0x006b |
0x006b |
0x007b |
0x007b |
0x007b |
0x0081 |
0x0081 |
0x00c0 |
NtOpenProcessTokenEx
NTSYSAPI
NTSTATUS
NTAPI
NtOpenProcessTokenEx(
IN HANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
IN ULONG HandleAttributes,
OUT PHANDLE TokenHandle
);
|
|
|
|
|
|
|
|
|
|
0x007c |
0x007c |
0x007c |
0x0082 |
0x0082 |
0x00c1 |
|
NtOpenResourceManager
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x006a |
NtOpenSection
NTSYSAPI
NTSTATUS
NTAPI
NtOpenSection(
OUT PHANDLE SectionHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
|
0x0056 |
0x0056 |
0x0056 |
0x0056 |
0x006c |
0x006c |
0x006c |
0x006c |
0x006c |
0x007d |
0x007d |
0x007d |
0x0083 |
0x0083 |
0x00c2 |
NtOpenSemaphore
NTSYSAPI
NTSTATUS
NTAPI
NtOpenSemaphore(
OUT PHANDLE SemaphoreHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
|
0x0057 |
0x0057 |
0x0057 |
0x0057 |
0x006d |
0x006d |
0x006d |
0x006d |
0x006d |
0x007e |
0x007e |
0x007e |
0x0084 |
0x0084 |
0x00c3 |
|
NtOpenSession
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x00c4 |
NtOpenSymbolicLinkObject
NTSYSAPI
NTSTATUS
NTAPI
NtOpenSymbolicLinkObject(
OUT PHANDLE SymbolicLinkHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
|
0x0058 |
0x0058 |
0x0058 |
0x0058 |
0x006e |
0x006e |
0x006e |
0x006e |
0x006e |
0x007f |
0x007f |
0x007f |
0x0085 |
0x0085 |
0x00c5 |
NtOpenThread
NTSYSAPI
NTSTATUS
NTAPI
NtOpenThread(
OUT PHANDLE ThreadHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN PCLIENT_ID ClientId
);
|
0x0059 |
0x0059 |
0x0059 |
0x0059 |
0x006f |
0x006f |
0x006f |
0x006f |
0x006f |
0x0080 |
0x0080 |
0x0080 |
0x0086 |
0x0086 |
0x00c6 |
NtOpenThreadToken
NTSYSAPI
NTSTATUS
NTAPI
NtOpenThreadToken(
IN HANDLE ThreadHandle,
IN ACCESS_MASK DesiredAccess,
IN BOOLEAN OpenAsSelf,
OUT PHANDLE TokenHandle
);
|
0x005a |
0x005a |
0x005a |
0x005a |
0x0070 |
0x0070 |
0x0070 |
0x0070 |
0x0070 |
0x0081 |
0x0081 |
0x0081 |
0x0087 |
0x0087 |
0x00c7 |
NtOpenThreadTokenEx
NTSYSAPI
NTSTATUS
NTAPI
NtOpenThreadTokenEx(
IN HANDLE ThreadHandle,
IN ACCESS_MASK DesiredAccess,
IN BOOLEAN OpenAsSelf,
IN ULONG HandleAttributes,
OUT PHANDLE TokenHandle
);
|
|
|
|
|
|
|
|
|
|
0x0082 |
0x0082 |
0x0082 |
0x0088 |
0x0088 |
0x00c8 |
NtOpenTimer
NTSYSAPI
NTSTATUS
NTAPI
NtOpenTimer(
OUT PHANDLE TimerHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
|
0x005b |
0x005b |
0x005b |
0x005b |
0x0071 |
0x0071 |
0x0071 |
0x0071 |
0x0071 |
0x0083 |
0x0083 |
0x0083 |
0x0089 |
0x0089 |
0x00c9 |
|
NtOpenTransaction
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0050 |
|
NtOpenTransactionManager
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0063 |
|
NtOpenWinStation
|
|
0x00d4 |
|
|
|
|
|
|
|
|
|
|
|
|
|
NtPlugPlayControl
NTSYSAPI
NTSTATUS
NTAPI
NtPlugPlayControl(
IN ULONG ControlCode,
IN OUT PVOID Buffer,
IN ULONG BufferLength
);
NTSYSAPI
NTSTATUS
NTAPI
NtPlugPlayControl(
IN ULONG ControlCode,
IN OUT PVOID Buffer,
IN ULONG BufferLength,
IN PVOID Unknown OPTIONAL
);
|
0x005c |
0x005c |
0x005c |
0x005c |
0x0072 |
0x0072 |
0x0072 |
0x0072 |
0x0072 |
0x0084 |
0x0084 |
0x0084 |
0x008a |
0x008a |
0x00ca |
|
NtPowerInformation
|
|
|
|
|
0x0073 |
0x0073 |
0x0073 |
0x0073 |
0x0073 |
0x0085 |
0x0085 |
0x0085 |
0x008b |
0x008b |
0x00cb |
|
NtPrePrepareComplete
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x005b |
|
NtPrePrepareEnlistment
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0053 |
|
NtPrepareComplete
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x005c |
|
NtPrepareEnlistment
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0054 |
NtPrivilegeCheck
NTSYSAPI
NTSTATUS
NTAPI
NtPrivilegeCheck(
IN HANDLE TokenHandle,
IN PPRIVILEGE_SET RequiredPrivileges,
OUT PBOOLEAN Result
);
|
0x005d |
0x005d |
0x005d |
0x005d |
0x0074 |
0x0074 |
0x0074 |
0x0074 |
0x0074 |
0x0086 |
0x0086 |
0x0086 |
0x008c |
0x008c |
0x00cc |
NtPrivilegeObjectAuditAlarm
NTSYSAPI
NTSTATUS
NTAPI
NtPrivilegeObjectAuditAlarm(
IN PUNICODE_STRING SubsystemName,
IN PVOID HandleId,
IN HANDLE TokenHandle,
IN ACCESS_MASK DesiredAccess,
IN PPRIVILEGE_SET Privileges,
IN BOOLEAN AccessGranted
);
|
0x005f |
0x005f |
0x005f |
0x005f |
0x0076 |
0x0076 |
0x0076 |
0x0076 |
0x0076 |
0x0087 |
0x0087 |
0x0087 |
0x008d |
0x008d |
0x00cd |
NtPrivilegedServiceAuditAlarm
NTSYSAPI
NTSTATUS
NTAPI
NtPrivilegedServiceAuditAlarm(
IN PUNICODE_STRING SubsystemName,
IN PUNICODE_STRING ServiceName,
IN HANDLE TokenHandle,
IN PPRIVILEGE_SET Privileges,
IN BOOLEAN AccessGranted
);
|
0x005e |
0x005e |
0x005e |
0x005e |
0x0075 |
0x0075 |
0x0075 |
0x0075 |
0x0075 |
0x0088 |
0x0088 |
0x0088 |
0x008e |
0x008e |
0x00ce |
|
NtPropagationComplete
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0178 |
|
NtPropagationFailed
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0179 |
NtProtectVirtualMemory
NTSYSAPI
NTSTATUS
NTAPI
NtProtectVirtualMemory(
IN HANDLE ProcessHandle,
IN OUT PVOID *BaseAddress,
IN OUT PULONG ProtectSize,
IN ULONG NewProtect,
OUT PULONG OldProtect
);
|
0x0060 |
0x0060 |
0x0060 |
0x0060 |
0x0077 |
0x0077 |
0x0077 |
0x0077 |
0x0077 |
0x0089 |
0x0089 |
0x0089 |
0x008f |
0x008f |
0x00cf |
|
NtPullTransaction
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0176 |
NtPulseEvent
NTSYSAPI
NTSTATUS
NTAPI
NtPulseEvent(
IN HANDLE EventHandle,
OUT PULONG PreviousState OPTIONAL
);
|
0x0061 |
0x0061 |
0x0061 |
0x0061 |
0x0078 |
0x0078 |
0x0078 |
0x0078 |
0x0078 |
0x008a |
0x008a |
0x008a |
0x0090 |
0x0090 |
0x00d0 |
NtQueryAttributesFile
NTSYSAPI
NTSTATUS
NTAPI
NtQueryAttributesFile(
IN POBJECT_ATTRIBUTES ObjectAttributes,
OUT PFILE_BASIC_INFORMATION FileInformation
);
|
0x0063 |
0x0063 |
0x0063 |
0x0063 |
0x007a |
0x007a |
0x007a |
0x007a |
0x007a |
0x008b |
0x008b |
0x008b |
0x0091 |
0x0091 |
0x00d1 |
NtQueryBootEntryOrder
NTSYSAPI
NTSTATUS
NTAPI
NtQueryBootEntryOrder(
IN ULONG Unknown1,
IN ULONG Unknown2
);
|
|
|
|
|
|
|
|
|
|
0x008c |
0x008c |
0x008c |
0x0092 |
0x0092 |
0x00d2 |
NtQueryBootOptions
NTSYSAPI
NTSTATUS
NTAPI
NtQueryBootOptions(
IN ULONG Unknown1,
IN ULONG Unknown2
);
|
|
|
|
|
|
|
|
|
|
0x008d |
0x008d |
0x008d |
0x0093 |
0x0093 |
0x00d3 |
NtQueryDebugFilterState
NTSYSAPI
NTSTATUS
NTAPI
NtQueryDebugFilterState(
IN ULONG ComponentId,
IN ULONG Level
);
|
|
|
|
|
|
|
|
|
|
0x008e |
0x008e |
0x008e |
0x0094 |
0x0094 |
0x00d4 |
NtQueryDefaultLocale
NTSYSAPI
NTSTATUS
NTAPI
NtQueryDefaultLocale(
IN BOOLEAN ThreadOrSystem,
OUT PLCID Locale
);
|
0x0064 |
0x0064 |
0x0064 |
0x0064 |
0x007b |
0x007b |
0x007b |
0x007b |
0x007b |
0x008f |
0x008f |
0x008f |
0x0095 |
0x0095 |
0x00d5 |
NtQueryDefaultUILanguage
NTSYSAPI
NTSTATUS
NTAPI
NtQueryDefaultUILanguage(
OUT PLANGID LanguageId
);
|
|
|
|
|
0x007c |
0x007c |
0x007c |
0x007c |
0x007c |
0x0090 |
0x0090 |
0x0090 |
0x0096 |
0x0096 |
0x00d6 |
NtQueryDirectoryFile
NTSYSAPI
NTSTATUS
NTAPI
NtQueryDirectoryFile(
IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID FileInformation,
IN ULONG FileInformationLength,
IN FILE_INFORMATION_CLASS FileInformationClass,
IN BOOLEAN ReturnSingleEntry,
IN PUNICODE_STRING FileName OPTIONAL,
IN BOOLEAN RestartScan
);
|
0x0065 |
0x0065 |
0x0065 |
0x0065 |
0x007d |
0x007d |
0x007d |
0x007d |
0x007d |
0x0091 |
0x0091 |
0x0091 |
0x0097 |
0x0097 |
0x00d7 |
NtQueryDirectoryObject
NTSYSAPI
NTSTATUS
NTAPI
NtQueryDirectoryObject(
IN HANDLE DirectoryHandle,
OUT PVOID Buffer,
IN ULONG BufferLength,
IN BOOLEAN ReturnSingleEntry,
IN BOOLEAN RestartScan,
IN OUT PULONG Context,
OUT PULONG ReturnLength OPTIONAL
);
|
0x0066 |
0x0066 |
0x0066 |
0x0066 |
0x007e |
0x007e |
0x007e |
0x007e |
0x007e |
0x0092 |
0x0092 |
0x0092 |
0x0098 |
0x0098 |
0x00d8 |
NtQueryDriverEntryOrder
NTSYSAPI
NTSTATUS
NTAPI
NtQueryDriverEntryOrder(
IN ULONG Unknown1,
IN ULONG Unknown2
);
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0099 |
0x0099 |
0x00d9 |
NtQueryEaFile
NTSYSAPI
NTSTATUS
NTAPI
NtQueryEaFile(
IN HANDLE FileHandle,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PFILE_FULL_EA_INFORMATION Buffer,
IN ULONG BufferLength,
IN BOOLEAN ReturnSingleEntry,
IN PFILE_GET_EA_INFORMATION EaList OPTIONAL,
IN ULONG EaListLength,
IN PULONG EaIndex OPTIONAL,
IN BOOLEAN RestartScan
);
|
0x0067 |
0x0067 |
0x0067 |
0x0067 |
0x007f |
0x007f |
0x007f |
0x007f |
0x007f |
0x0093 |
0x0093 |
0x0093 |
0x009a |
0x009a |
0x00da |
NtQueryEvent
NTSYSAPI
NTSTATUS
NTAPI
NtQueryEvent(
IN HANDLE EventHandle,
IN EVENT_INFORMATION_CLASS EventInformationClass,
OUT PVOID EventInformation,
IN ULONG EventInformationLength,
OUT PULONG ResultLength OPTIONAL
);
|
0x0068 |
0x0068 |
0x0068 |
0x0068 |
0x0080 |
0x0080 |
0x0080 |
0x0080 |
0x0080 |
0x0094 |
0x0094 |
0x0094 |
0x009b |
0x009b |
0x00db |
NtQueryFullAttributesFile
NTSYSAPI
NTSTATUS
NTAPI
NtQueryFullAttributesFile(
IN POBJECT_ATTRIBUTES ObjectAttributes,
OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation
);
|
0x0069 |
0x0069 |
0x0069 |
0x0069 |
0x0081 |
0x0081 |
0x0081 |
0x0081 |
0x0081 |
0x0095 |
0x0095 |
0x0095 |
0x009c |
0x009c |
0x00dc |
|
NtQueryInformationAtom
|
0x0062 |
0x0062 |
0x0062 |
0x0062 |
0x0079 |
0x0079 |
0x0079 |
0x0079 |
0x0079 |
0x0096 |
0x0096 |
0x0096 |
0x009d |
0x009d |
0x00dd |
|
NtQueryInformationEnlistment
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0070 |
|
NtQueryInformationFile
|
0x006a |
0x006a |
0x006a |
0x006a |
0x0082 |
0x0082 |
0x0082 |
0x0082 |
0x0082 |
0x0097 |
0x0097 |
0x0097 |
0x009e |
0x009e |
0x00de |
|
NtQueryInformationJobObject
|
|
|
|
|
0x0083 |
0x0083 |
0x0083 |
0x0083 |
0x0083 |
0x0098 |
0x0098 |
0x0098 |
0x009f |
0x009f |
0x00df |
|
NtQueryInformationPort
|
0x006c |
0x006c |
0x006c |
0x006c |
0x0085 |
0x0085 |
0x0085 |
0x0085 |
0x0085 |
0x0099 |
0x0099 |
0x0099 |
0x00a0 |
0x00a0 |
0x00e0 |
|
NtQueryInformationProcess
|
0x006d |
0x006d |
0x006d |
0x006d |
0x0086 |
0x0086 |
0x0086 |
0x0086 |
0x0086 |
0x009a |
0x009a |
0x009a |
0x00a1 |
0x00a1 |
0x00e1 |
|
NtQueryInformationResourceManager
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x006c |
|
NtQueryInformationThread
|
0x006e |
0x006e |
0x006e |
0x006e |
0x0087 |
0x0087 |
0x0087 |
0x0087 |
0x0087 |
0x009b |
0x009b |
0x009b |
0x00a2 |
0x00a2 |
0x00e2 |
|
NtQueryInformationToken
|
0x006f |
0x006f |
0x006f |
0x006f |
0x0088 |
0x0088 |
0x0088 |
0x0088 |
0x0088 |
0x009c |
0x009c |
0x009c |
0x00a3 |
0x00a3 |
0x00e3 |
|
NtQueryInformationTransaction
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0051 |
|
NtQueryInformationTransactionManager
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0052 |
|
NtQueryInformationWorkerFactory
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x017e |
NtQueryInstallUILanguage
NTSYSAPI
NTSTATUS
NTAPI
NtQueryInstallUILanguage(
OUT PLANGID LanguageId
);
|
|
|
|
|
0x0089 |
0x0089 |
0x0089 |
0x0089 |
0x0089 |
0x009d |
0x009d |
0x009d |
0x00a4 |
0x00a4 |
0x00e4 |
NtQueryIntervalProfile
NTSYSAPI
NTSTATUS
NTAPI
NtQueryIntervalProfile(
IN KPROFILE_SOURCE Source,
OUT PULONG Interval
);
|
0x0070 |
0x0070 |
0x0070 |
0x0070 |
0x008a |
0x008a |
0x008a |
0x008a |
0x008a |
0x009e |
0x009e |
0x009e |
0x00a5 |
0x00a5 |
0x00e5 |
NtQueryIoCompletion
NTSYSAPI
NTSTATUS
NTAPI
NtQueryIoCompletion(
IN HANDLE IoCompletionHandle,
IN IO_COMPLETION_INFORMATION_CLASS IoCompletionInformationClass,
OUT PVOID IoCompletionInformation,
IN ULONG IoCompletionInformationLength,
OUT PULONG ResultLength OPTIONAL
);
|
0x006b |
0x006b |
0x006b |
0x006b |
0x0084 |
0x0084 |
0x0084 |
0x0084 |
0x0084 |
0x009f |
0x009f |
0x009f |
0x00a6 |
0x00a6 |
0x00e6 |
NtQueryKey
NTSYSAPI
NTSTATUS
NTAPI
NtQueryKey(
IN HANDLE KeyHandle,
IN KEY_INFORMATION_CLASS KeyInformationClass,
OUT PVOID KeyInformation,
IN ULONG KeyInformationLength,
OUT PULONG ResultLength
);
|
0x0071 |
0x0071 |
0x0071 |
0x0071 |
0x008b |
0x008b |
0x008b |
0x008b |
0x008b |
0x00a0 |
0x00a0 |
0x00a0 |
0x00a7 |
0x00a7 |
0x00e7 |
|
NtQueryLicenseValue
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0183 |
NtQueryMultipleValueKey
NTSYSAPI
NTSTATUS
NTAPI
NtQueryMultipleValueKey(
IN HANDLE KeyHandle,
IN OUT PKEY_VALUE_ENTRY ValueList,
IN ULONG NumberOfValues,
OUT PVOID Buffer,
IN OUT PULONG Length,
OUT PULONG ReturnLength
);
|
0x0072 |
0x0072 |
0x0072 |
0x0072 |
0x008c |
0x008c |
0x008c |
0x008c |
0x008c |
0x00a1 |
0x00a1 |
0x00a1 |
0x00a8 |
0x00a8 |
0x00e8 |
NtQueryMutant
NTSYSAPI
NTSTATUS
NTAPI
NtQueryMutant(
IN HANDLE MutantHandle,
IN MUTANT_INFORMATION_CLASS MutantInformationClass,
OUT PVOID MutantInformation,
IN ULONG MutantInformationLength,
OUT PULONG ResultLength OPTIONAL
);
|
0x0073 |
0x0073 |
0x0073 |
0x0073 |
0x008d |
0x008d |
0x008d |
0x008d |
0x008d |
0x00a2 |
0x00a2 |
0x00a2 |
0x00a9 |
0x00a9 |
0x00e9 |
NtQueryObject
NTSYSAPI
NTSTATUS
NTAPI
NtQueryObject(
IN HANDLE ObjectHandle,
IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
OUT PVOID ObjectInformation,
IN ULONG ObjectInformationLength,
OUT PULONG ReturnLength OPTIONAL
);
|
0x0074 |
0x0074 |
0x0074 |
0x0074 |
0x008e |
0x008e |
0x008e |
0x008e |
0x008e |
0x00a3 |
0x00a3 |
0x00a3 |
0x00aa |
0x00aa |
0x00ea |
NtQueryOleDirectoryFile
NTSYSAPI
NTSTATUS
NTAPI
NtQueryOleDirectoryFile(
IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL ,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID Buffer,
IN ULONG BufferLength,
IN FILE_INFORMATION_CLASS FileInformationClass,
IN BOOLEAN ReturnSingleEntry,
IN PUNICODE_STRING FileName,
IN BOOLEAN RestartScan
);
|
0x0075 |
0x0075 |
0x0075 |
0x0075 |
|
|
|
|
|
|
|
|
|
|
|
NtQueryOpenSubKeys
NTSYSAPI
NTSTATUS
NTAPI
NtQueryOpenSubKeys(
IN POBJECT_ATTRIBUTES KeyObjectAttributes,
OUT PULONG NumberOfKeys
);
|
|
|
|
|
0x008f |
0x008f |
0x008f |
0x008f |
0x008f |
0x00a4 |
0x00a4 |
0x00a4 |
0x00ab |
0x00ab |
0x00eb |
NtQueryOpenSubKeysEx
NTSYSAPI
NTSTATUS
NTAPI
NtQueryOpenSubKeysEx(
IN POBJECT_ATTRIBUTES KeyObjectAttributes,
IN ULONG SubKeyInformationLength,
OUT POPEN_SUB_KEY_INFORMATION SubkeyInformation,
OUT PULONG ReturnLength
);
|
|
|
|
|
|
|
|
|
|
|
|
|
0x00ac |
0x00ac |
0x00ec |
|
NtQueryPerformanceCounter
|
0x0076 |
0x0076 |
0x0076 |
0x0076 |
0x0090 |
0x0090 |
0x0090 |
0x0090 |
0x0090 |
0x00a5 |
0x00a5 |
0x00a5 |
0x00ad |
0x00ad |
0x00ed |
|
NtQueryPortInformationProcess
|
|
|
|
|
|
|
|
|
|
0x011b |
0x011b |
0x011b |
0x0125 |
0x0125 |
0x016d |
|
NtQueryQuotaInformationFile
|
|
|
|
|
0x0091 |
0x0091 |
0x0091 |
0x0091 |
0x0091 |
0x00a6 |
0x00a6 |
0x00a6 |
0x00ae |
0x00ae |
0x00ee |
NtQuerySection
NTSYSAPI
NTSTATUS
NTAPI
NtQuerySection(
IN HANDLE SectionHandle,
IN SECTION_INFORMATION_CLASS SectionInformationClass,
OUT PVOID SectionInformation,
IN ULONG SectionInformationLength,
OUT PULONG ResultLength OPTIONAL
);
|
0x0077 |
0x0077 |
0x0077 |
0x0077 |
0x0092 |
0x0092 |
0x0092 |
0x0092 |
0x0092 |
0x00a7 |
0x00a7 |
0x00a7 |
0x00af |
0x00af |
0x00ef |
NtQuerySecurityObject
NTSYSAPI
NTSTATUS
NTAPI
NtQuerySecurityObject(
IN HANDLE Handle,
IN SECURITY_INFORMATION SecurityInformation,
OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
IN ULONG SecurityDescriptorLength,
OUT PULONG ReturnLength
);
|
0x0078 |
0x0078 |
0x0078 |
0x0078 |
0x0093 |
0x0093 |
0x0093 |
0x0093 |
0x0093 |
0x00a8 |
0x00a8 |
0x00a8 |
0x00b0 |
0x00b0 |
0x00f0 |
NtQuerySemaphore
NTSYSAPI
NTSTATUS
NTAPI
NtQuerySemaphore(
IN HANDLE SemaphoreHandle,
IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass,
OUT PVOID SemaphoreInformation,
IN ULONG SemaphoreInformationLength,
OUT PULONG ResultLength OPTIONAL
);
|
0x0079 |
0x0079 |
0x0079 |
0x0079 |
0x0094 |
0x0094 |
0x0094 |
0x0094 |
0x0094 |
0x00a9 |
0x00a9 |
0x00a9 |
0x00b1 |
0x00b1 |
0x00f1 |
NtQuerySymbolicLinkObject
NTSYSAPI
NTSTATUS
NTAPI
NtQuerySymbolicLinkObject(
IN HANDLE SymbolicLinkHandle,
IN OUT PUNICODE_STRING TargetName,
OUT PULONG ReturnLength OPTIONAL
);
|
0x007a |
0x007a |
0x007a |
0x007a |
0x0095 |
0x0095 |
0x0095 |
0x0095 |
0x0095 |
0x00aa |
0x00aa |
0x00aa |
0x00b2 |
0x00b2 |
0x00f2 |
NtQuerySystemEnvironmentValue
NTSYSAPI
NTSTATUS
NTAPI
NtQuerySystemEnvironmentValue(
IN PUNICODE_STRING Name,
OUT PVOID Value,
IN ULONG ValueLength,
OUT PULONG ReturnLength OPTIONAL
);
|
0x007b |
0x007b |
0x007b |
0x007b |
0x0096 |
0x0096 |
0x0096 |
0x0096 |
0x0096 |
0x00ab |
0x00ab |
0x00ab |
0x00b3 |
0x00b3 |
0x00f3 |
NtQuerySystemEnvironmentValueEx
NTSYSAPI
NTSTATUS
NTAPI
NtQuerySystemEnvironmentValueEx(
IN ULONG Unknown1,
IN ULONG Unknown2,
IN ULONG Unknown3,
IN ULONG Unknown4,
IN ULONG Unknown5
);
|
|
|
|
|
|
|
|
|
|
0x00ac |
0x00ac |
0x00ac |
0x00b4 |
0x00b4 |
0x00f4 |
|
NtQuerySystemInformation
|
0x007c |
0x007c |
0x007c |
0x007c |
0x0097 |
0x0097 |
0x0097 |
0x0097 |
0x0097 |
0x00ad |
0x00ad |
0x00ad |
0x00b5 |
0x00b5 |
0x00f5 |
NtQuerySystemTime
NTSYSAPI
NTSTATUS
NTAPI
NtQuerySystemTime(
OUT PLARGE_INTEGER CurrentTime
);
|
0x007d |
0x007d |
0x007d |
0x007d |
0x0098 |
0x0098 |
0x0098 |
0x0098 |
0x0098 |
0x00ae |
0x00ae |
0x00ae |
0x00b6 |
0x00b6 |
0x00f6 |
NtQueryTimer
NTSYSAPI
NTSTATUS
NTAPI
NtQueryTimer(
IN HANDLE TimerHandle,
IN TIMER_INFORMATION_CLASS TimerInformationClass,
OUT PVOID TimerInformation,
IN ULONG TimerInformationLength,
OUT PULONG ResultLength OPTIONAL
);
|
0x007e |
0x007e |
0x007e |
0x007e |
0x0099 |
0x0099 |
0x0099 |
0x0099 |
0x0099 |
0x00af |
0x00af |
0x00af |
0x00b7 |
0x00b7 |
0x00f7 |
NtQueryTimerResolution
NTSYSAPI
NTSTATUS
NTAPI
NtQueryTimerResolution(
OUT PULONG CoarsestResolution,
OUT PULONG FinestResolution,
OUT PULONG ActualResolution
);
|
0x007f |
0x007f |
0x007f |
0x007f |
0x009a |
0x009a |
0x009a |
0x009a |
0x009a |
0x00b0 |
0x00b0 |
0x00b0 |
0x00b8 |
0x00b8 |
0x00f8 |
NtQueryValueKey
NTSYSAPI
NTSTATUS
NTAPI
NtQueryValueKey(
IN HANDLE KeyHandle,
IN PUNICODE_STRING ValueName,
IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
OUT PVOID KeyValueInformation,
IN ULONG KeyValueInformationLength,
OUT PULONG ResultLength
);
|
0x0080 |
0x0080 |
0x0080 |
0x0080 |
0x009b |
0x009b |
0x009b |
0x009b |
0x009b |
0x00b1 |
0x00b1 |
0x00b1 |
0x00b9 |
0x00b9 |
0x00f9 |
NtQueryVirtualMemory
NTSYSAPI
NTSTATUS
NTAPI
NtQueryVirtualMemory(
IN HANDLE ProcessHandle,
IN PVOID BaseAddress,
IN MEMORY_INFORMATION_CLASS MemoryInformationClass,
OUT PVOID MemoryInformation,
IN ULONG MemoryInformationLength,
OUT PULONG ReturnLength OPTIONAL
);
|
0x0081 |
0x0081 |
0x0081 |
0x0081 |
0x009c |
0x009c |
0x009c |
0x009c |
0x009c |
0x00b2 |
0x00b2 |
0x00b2 |
0x00ba |
0x00ba |
0x00fa |
|
NtQueryVolumeInformationFile
|
0x0082 |
0x0082 |
0x0082 |
0x0082 |
0x009d |
0x009d |
0x009d |
0x009d |
0x009d |
0x00b3 |
0x00b3 |
0x00b3 |
0x00bb |
0x00bb |
0x00fb |
|
NtQueryWinStationInformation
|
|
0x00d5 |
|
|
|
|
|
|
|
|
|
|
|
|
|
NtQueueApcThread
NTSYSAPI
NTSTATUS
NTAPI
NtQueueApcThread(
IN HANDLE ThreadHandle,
IN PKNORMAL_ROUTINE ApcRoutine,
IN PVOID ApcContext OPTIONAL,
IN PVOID Argument1 OPTIONAL,
IN PVOID Argument2 OPTIONAL
);
|
0x0083 |
0x0083 |
0x0083 |
0x0083 |
0x009e |
0x009e |
0x009e |
0x009e |
0x009e |
0x00b4 |
0x00b4 |
0x00b4 |
0x00bc |
0x00bc |
0x00fc |
NtRaiseException
NTSYSAPI
NTSTATUS
NTAPI
NtRaiseException(
IN PEXCEPTION_RECORD ExceptionRecord,
IN PCONTEXT Context,
IN BOOLEAN SearchFrames
);
|
0x0084 |
0x0084 |
0x0084 |
0x0084 |
0x009f |
0x009f |
0x009f |
0x009f |
0x009f |
0x00b5 |
0x00b5 |
0x00b5 |
0x00bd |
0x00bd |
0x00fd |
NtRaiseHardError
NTSYSAPI
NTSTATUS
NTAPI
NtRaiseHardError(
IN NTSTATUS Status,
IN ULONG NumberOfArguments,
IN ULONG StringArgumentsMask,
IN PULONG_PTR Arguments,
IN HARDERROR_RESPONSE_OPTION ResponseOption,
OUT PHARDERROR_RESPONSE Response
);
|
0x0085 |
0x0085 |
0x0085 |
0x0085 |
0x00a0 |
0x00a0 |
0x00a0 |
0x00a0 |
0x00a0 |
0x00b6 |
0x00b6 |
0x00b6 |
0x00be |
0x00be |
0x00fe |
NtReadFile
NTSYSAPI
NTSTATUS
NTAPI
NtReadFile(
IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID Buffer,
IN ULONG Length,
IN PLARGE_INTEGER ByteOffset OPTIONAL,
IN PULONG Key OPTIONAL
);
|
0x0086 |
0x0086 |
0x0086 |
0x0086 |
0x00a1 |
0x00a1 |
0x00a1 |
0x00a1 |
0x00a1 |
0x00b7 |
0x00b7 |
0x00b7 |
0x00bf |
0x00bf |
0x00ff |
NtReadFileScatter
NTSYSAPI
NTSTATUS
NTAPI
NtReadFileScatter(
IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PFILE_SEGMENT_ELEMENT Buffer,
IN ULONG Length,
IN PLARGE_INTEGER ByteOffset OPTIONAL,
IN PULONG Key OPTIONAL
);
|
0x0087 |
0x0087 |
0x0087 |
0x0087 |
0x00a2 |
0x00a2 |
0x00a2 |
0x00a2 |
0x00a2 |
0x00b8 |
0x00b8 |
0x00b8 |
0x00c0 |
0x00c0 |
0x0100 |
|
NtReadOnlyEnlistment
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0056 |
NtReadRequestData
NTSYSAPI
NTSTATUS
NTAPI
NtReadRequestData(
IN HANDLE PortHandle,
IN PPORT_MESSAGE Message,
IN ULONG Index,
OUT PVOID Buffer,
IN ULONG BufferLength,
OUT PULONG ReturnLength OPTIONAL
);
|
0x0088 |
0x0088 |
0x0088 |
0x0088 |
0x00a3 |
0x00a3 |
0x00a3 |
0x00a3 |
0x00a3 |
0x00b9 |
0x00b9 |
0x00b9 |
0x00c1 |
0x00c1 |
0x0101 |
NtReadVirtualMemory
NTSYSAPI
NTSTATUS
NTAPI
NtReadVirtualMemory(
IN HANDLE ProcessHandle,
IN PVOID BaseAddress,
OUT PVOID Buffer,
IN ULONG BufferLength,
OUT PULONG ReturnLength OPTIONAL
);
|
0x0089 |
0x0089 |
0x0089 |
0x0089 |
0x00a4 |
0x00a4 |
0x00a4 |
0x00a4 |
0x00a4 |
0x00ba |
0x00ba |
0x00ba |
0x00c2 |
0x00c2 |
0x0102 |
|
NtRecoverEnlistment
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0066 |
|
NtRecoverResourceManager
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0067 |
|
NtRecoverTransactionManager
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0068 |
|
NtRegisterProtocolAddressInformation
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0175 |
NtRegisterThreadTerminatePort
NTSYSAPI
NTSTATUS
NTAPI
NtRegisterThreadTerminatePort(
IN HANDLE PortHandle
);
|
0x008a |
0x008a |
0x008a |
0x008a |
0x00a5 |
0x00a5 |
0x00a5 |
0x00a5 |
0x00a5 |
0x00bb |
0x00bb |
0x00bb |
0x00c3 |
0x00c3 |
0x0103 |
NtReleaseKeyedEvent
NTSYSAPI
NTSTATUS
NTAPI
NtReleaseKeyedEvent(
IN HANDLE KeyedEventHandle,
IN PVOID Key,
IN BOOLEAN Alertable,
IN PLARGE_INTEGER Timeout OPTIONAL
);
|
|
|
|
|
|
|
|
|
|
0x0119 |
0x0119 |
0x0119 |
0x0123 |
0x0123 |
0x016b |
NtReleaseMutant
NTSYSAPI
NTSTATUS
NTAPI
NtReleaseMutant(
IN HANDLE MutantHandle,
OUT PULONG PreviousState
);
|
0x008b |
0x008b |
0x008b |
0x008b |
0x00a6 |
0x00a6 |
0x00a6 |
0x00a6 |
0x00a6 |
0x00bc |
0x00bc |
0x00bc |
0x00c4 |
0x00c4 |
0x0104 |
NtReleaseSemaphore
NTSYSAPI
NTSTATUS
NTAPI
NtReleaseSemaphore(
IN HANDLE SemaphoreHandle,
IN LONG ReleaseCount,
OUT PLONG PreviousCount OPTIONAL
);
|
0x008c |
0x008c |
0x008c |
0x008c |
0x00a7 |
0x00a7 |
0x00a7 |
0x00a7 |
0x00a7 |
0x00bd |
0x00bd |
0x00bd |
0x00c5 |
0x00c5 |
0x0105 |
|
NtReleaseWorkerFactoryWorker
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x017b |
NtRemoveIoCompletion
NTSYSAPI
NTSTATUS
NTAPI
NtRemoveIoCompletion(
IN HANDLE IoCompletionHandle,
OUT PULONG CompletionKey,
OUT PULONG CompletionValue,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PLARGE_INTEGER Timeout OPTIONAL
);
|
0x008d |
0x008d |
0x008d |
0x008d |
0x00a8 |
0x00a8 |
0x00a8 |
0x00a8 |
0x00a8 |
0x00be |
0x00be |
0x00be |
0x00c6 |
0x00c6 |
0x0106 |
|
NtRemoveIoCompletionEx
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0174 |
NtRemoveProcessDebug
NTSYSAPI
NTSTATUS
NTAPI
NtRemoveProcessDebug(
IN HANDLE Process,
IN HANDLE DebugObject
);
|
|
|
|
|
|
|
|
|
|
0x00bf |
0x00bf |
0x00bf |
0x00c7 |
0x00c7 |
0x0107 |
NtRenameKey
NTSYSAPI
NTSTATUS
NTAPI
NtRenameKey(
IN HANDLE KeyHandle,
IN PUNICODE_STRING ReplacementName
);
|
|
|
|
|
|
|
|
|
|
0x00c0 |
0x00c0 |
0x00c0 |
0x00c8 |
0x00c8 |
0x0108 |
|
NtRenameTransactionManager
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0064 |
NtReplaceKey
NTSYSAPI
NTSTATUS
NTAPI
NtReplaceKey(
IN POBJECT_ATTRIBUTES NewFileObjectAttributes,
IN HANDLE KeyHandle,
IN POBJECT_ATTRIBUTES OldFileObjectAttributes
);
|
0x008e |
0x008e |
0x008e |
0x008e |
0x00a9 |
0x00a9 |
0x00a9 |
0x00a9 |
0x00a9 |
0x00c1 |
0x00c1 |
0x00c1 |
0x00c9 |
0x00c9 |
0x0109 |
NtReplyPort
NTSYSAPI
NTSTATUS
NTAPI
NtReplyPort(
IN HANDLE PortHandle,
IN PPORT_MESSAGE ReplyMessage
);
|
0x008f |
0x008f |
0x008f |
0x008f |
0x00aa |
0x00aa |
0x00aa |
0x00aa |
0x00aa |
0x00c2 |
0x00c2 |
0x00c2 |
0x00ca |
0x00ca |
0x010a |
NtReplyWaitReceivePort
NTSYSAPI
NTSTATUS
NTAPI
NtReplyWaitReceivePort(
IN HANDLE PortHandle,
OUT PULONG PortIdentifier OPTIONAL,
IN PPORT_MESSAGE ReplyMessage OPTIONAL,
OUT PPORT_MESSAGE Message
);
|
0x0090 |
0x0090 |
0x0090 |
0x0090 |
0x00ab |
0x00ab |
0x00ab |
0x00ab |
0x00ab |
0x00c3 |
0x00c3 |
0x00c3 |
0x00cb |
0x00cb |
0x010b |
NtReplyWaitReceivePortEx
NTSYSAPI
NTSTATUS
NTAPI
NtReplyWaitReceivePortEx(
IN HANDLE PortHandle,
OUT PVOID* PortIdentifier OPTIONAL,
IN PPORT_MESSAGE ReplyMessage OPTIONAL,
OUT PPORT_MESSAGE Message,
IN PLARGE_INTEGER Timeout
);
|
|
|
|
|
0x00ac |
0x00ac |
0x00ac |
0x00ac |
0x00ac |
0x00c4 |
0x00c4 |
0x00c4 |
0x00cc |
0x00cc |
0x010c |
NtReplyWaitReplyPort
NTSYSAPI
NTSTATUS
NTAPI
NtReplyWaitReplyPort(
IN HANDLE PortHandle,
IN OUT PPORT_MESSAGE ReplyMessage
);
|
0x0091 |
0x0091 |
0x0091 |
0x0091 |
0x00ad |
0x00ad |
0x00ad |
0x00ad |
0x00ad |
0x00c5 |
0x00c5 |
0x00c5 |
0x00cd |
0x00cd |
0x010d |
NtReplyWaitSendChannel
NTSYSAPI
NTSTATUS
NTAPI
NtReplyWaitSendChannel(
IN HANDLE ChannelHandle,
IN struct _CHANNEL_MESSAGE* ReplyMessage OPTIONAL,
OUT struct _CHANNEL_MESSAGE* Message
);
NTSYSAPI
NTSTATUS
NTAPI
NtReplyWaitSendChannel(
IN PVOID Text,
IN ULONG Length,
OUT PCHANNEL_MESSAGE *Message
);
|
0x00d0 |
0x00cf |
0x00cf |
0x00cf |
0x00f4 |
0x00f4 |
0x00f4 |
0x00f4 |
0x00f4 |
|
|
|
|
|
|
NtRequestDeviceWakeup
NTSYSAPI
NTSTATUS
NTAPI
NtRequestDeviceWakeup(
IN HANDLE DeviceHandle
);
|
|
|
|
|
0x00ae |
0x00ae |
0x00ae |
0x00ae |
0x00ae |
0x00c6 |
0x00c6 |
0x00c6 |
0x00ce |
0x00ce |
0x010e |
NtRequestPort
NTSYSAPI
NTSTATUS
NTAPI
NtRequestPort(
IN HANDLE PortHandle,
IN PPORT_MESSAGE RequestMessage
);
|
0x0092 |
0x0092 |
0x0092 |
0x0092 |
0x00af |
0x00af |
0x00af |
0x00af |
0x00af |
0x00c7 |
0x00c7 |
0x00c7 |
0x00cf |
0x00cf |
0x010f |
NtRequestWaitReplyPort
NTSYSAPI
NTSTATUS
NTAPI
NtRequestWaitReplyPort(
IN HANDLE PortHandle,
IN PPORT_MESSAGE RequestMessage,
OUT PPORT_MESSAGE ReplyMessage
);
|
0x0093 |
0x0093 |
0x0093 |
0x0093 |
0x00b0 |
0x00b0 |
0x00b0 |
0x00b0 |
0x00b0 |
0x00c8 |
0x00c8 |
0x00c8 |
0x00d0 |
0x00d0 |
0x0110 |
NtRequestWakeupLatency
NTSYSAPI
NTSTATUS
NTAPI
NtRequestWakeupLatency(
IN LATENCY_TIME Latency
);
|
|
|
|
|
0x00b1 |
0x00b1 |
0x00b1 |
0x00b1 |
0x00b1 |
0x00c9 |
0x00c9 |
0x00c9 |
0x00d1 |
0x00d1 |
0x0111 |
NtResetEvent
NTSYSAPI
NTSTATUS
NTAPI
NtResetEvent(
IN HANDLE EventHandle,
OUT PULONG PreviousState OPTIONAL
);
|
0x0094 |
0x0094 |
0x0094 |
0x0094 |
0x00b2 |
0x00b2 |
0x00b2 |
0x00b2 |
0x00b2 |
0x00ca |
0x00ca |
0x00ca |
0x00d2 |
0x00d2 |
0x0112 |
NtResetWriteWatch
NTSYSAPI
NTSTATUS
NTAPI
NtResetWriteWatch(
IN HANDLE ProcessHandle,
IN PVOID BaseAddress,
IN ULONG RegionSize
);
|
|
|
|
|
0x00b3 |
0x00b3 |
0x00b3 |
0x00b3 |
0x00b3 |
0x00cb |
0x00cb |
0x00cb |
0x00d3 |
0x00d3 |
0x0113 |
NtRestoreKey
NTSYSAPI
NTSTATUS
NTAPI
NtRestoreKey(
IN HANDLE KeyHandle,
IN HANDLE FileHandle,
IN ULONG Flags
);
|
0x0095 |
0x0095 |
0x0095 |
0x0095 |
0x00b4 |
0x00b4 |
0x00b4 |
0x00b4 |
0x00b4 |
0x00cc |
0x00cc |
0x00cc |
0x00d4 |
0x00d4 |
0x0114 |
NtResumeProcess
NTSYSAPI
NTSTATUS
NTAPI
NtResumeProcess(
IN HANDLE Process
);
|
|
|
|
|
|
|
|
|
|
0x00cd |
0x00cd |
0x00cd |
0x00d5 |
0x00d5 |
0x0115 |
NtResumeThread
NTSYSAPI
NTSTATUS
NTAPI
NtResumeThread(
IN HANDLE ThreadHandle,
OUT PULONG PreviousSuspendCount OPTIONAL
);
|
0x0096 |
0x0096 |
0x0096 |
0x0096 |
0x00b5 |
0x00b5 |
0x00b5 |
0x00b5 |
0x00b5 |
0x00ce |
0x00ce |
0x00ce |
0x00d6 |
0x00d6 |
0x0116 |
|
NtRollbackComplete
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0057 |
|
NtRollbackEnlistment
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0058 |
|
NtRollbackSavepointTransaction
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x011c |
|
NtRollbackTransaction
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x005a |
|
NtRollforwardTransactionManager
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0065 |
NtSaveKey
NTSYSAPI
NTSTATUS
NTAPI
NtSaveKey(
IN HANDLE KeyHandle,
IN HANDLE FileHandle
);
|
0x0097 |
0x0097 |
0x0097 |
0x0097 |
0x00b6 |
0x00b6 |
0x00b6 |
0x00b6 |
0x00b6 |
0x00cf |
0x00cf |
0x00cf |
0x00d7 |
0x00d7 |
0x0117 |
NtSaveKeyEx
NTSYSAPI
NTSTATUS
NTAPI
NtSaveKeyEx(
IN HANDLE KeyHandle,
IN HANDLE FileHandle,
IN ULONG Flags
);
|
|
|
|
|
|
|
|
|
|
0x00d0 |
0x00d0 |
0x00d0 |
0x00d8 |
0x00d8 |
0x0118 |
NtSaveMergedKeys
NTSYSAPI
NTSTATUS
NTAPI
NtSaveMergedKeys(
IN HANDLE KeyHandle1,
IN HANDLE KeyHandle2,
IN HANDLE FileHandle
);
|
|
|
|
|
0x00b7 |
0x00b7 |
0x00b7 |
0x00b7 |
0x00b7 |
0x00d1 |
0x00d1 |
0x00d1 |
0x00d9 |
0x00d9 |
0x0119 |
|
NtSavepointComplete
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x011e |
|
NtSavepointTransaction
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x011d |
NtSecureConnectPort
NTSYSAPI
NTSTATUS
NTAPI
NtSecureConnectPort(
OUT PHANDLE PortHandle,
IN PUNICODE_STRING PortName,
IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,
IN OUT PPORT_VIEW ClientView OPTIONAL,
IN PSID ServerSid OPTIONAL,
OUT PREMOTE_PORT_VIEW ServerView OPTIONAL,
OUT PULONG MaxMessageLength OPTIONAL,
IN OUT PVOID ConnectInformation OPTIONAL,
IN OUT PULONG ConnectInformationLength OPTIONAL
);
|
|
|
|
|
0x00b8 |
0x00b8 |
0x00b8 |
0x00b8 |
0x00b8 |
0x00d2 |
0x00d2 |
0x00d2 |
0x00da |
0x00da |
0x011f |
NtSendWaitReplyChannel
NTSYSAPI
NTSTATUS
NTAPI
NtSendWaitReplyChannel(
IN HANDLE ChannelHandle,
IN struct _CHANNEL_MESSAGE* RequestMessage,
OUT struct _CHANNEL_MESSAGE* ReplyMessage,
IN PLARGE_INTEGER Timeout
);
NTSYSAPI
NTSTATUS
NTAPI
NtSendWaitReplyChannel(
IN HANDLE ChannelHandle,
IN PVOID Text,
IN ULONG Length,
OUT PCHANNEL_MESSAGE *Message
);
|
0x00d1 |
0x00d0 |
0x00d0 |
0x00d0 |
0x00f5 |
0x00f5 |
0x00f5 |
0x00f5 |
0x00f5 |
|
|
|
|
|
|
NtSetBootEntryOrder
NTSYSAPI
NTSTATUS
NTAPI
NtSetBootEntryOrder(
IN ULONG Unknown1,
IN ULONG Unknown2
);
|
|
|
|
|
|
|
|
|
|
0x00d3 |
0x00d3 |
0x00d3 |
0x00db |
0x00db |
0x0120 |
NtSetBootOptions
NTSYSAPI
NTSTATUS
NTAPI
NtSetBootOptions(
IN PBOOT_OPTIONS BootOptions,
IN ULONG FieldsToChange
);
|
|
|
|
|
|
|
|
|
|
0x00d4 |
0x00d4 |
0x00d4 |
0x00dc |
0x00dc |
0x0121 |
NtSetContextChannel
NTSYSAPI
NTSTATUS
NTAPI
NtSetContextChannel(
IN HANDLE CHannelHandle
);
NTSYSAPI
NTSTATUS
NTAPI
NtSetContextChannel(
IN PVOID Context
);
|
0x00d2 |
0x00d1 |
0x00d1 |
0x00d1 |
0x00f6 |
0x00f6 |
0x00f6 |
0x00f6 |
0x00f6 |
|
|
|
|
|
|
NtSetContextThread
NTSYSAPI
NTSTATUS
NTAPI
NtSetContextThread(
IN HANDLE ThreadHandle,
IN PCONTEXT Context
);
|
0x0099 |
0x0099 |
0x0099 |
0x0099 |
0x00ba |
0x00ba |
0x00ba |
0x00ba |
0x00ba |
0x00d5 |
0x00d5 |
0x00d5 |
0x00dd |
0x00dd |
0x0122 |
NtSetDebugFilterState
NTSYSAPI
NTSTATUS
NTAPI
NtSetDebugFilterState(
IN ULONG ComponentId,
IN ULONG Level,
IN BOOLEAN Enable
);
|
|
|
|
|
|
|
|
|
|
0x00d6 |
0x00d6 |
0x00d6 |
0x00de |
0x00de |
0x0123 |
NtSetDefaultHardErrorPort
NTSYSAPI
NTSTATUS
NTAPI
NtSetDefaultHardErrorPort(
IN HANDLE PortHandle
);
|
0x009a |
0x009a |
0x009a |
0x009a |
0x00bb |
0x00bb |
0x00bb |
0x00bb |
0x00bb |
0x00d7 |
0x00d7 |
0x00d7 |
0x00df |
0x00df |
0x0124 |
NtSetDefaultLocale
NTSYSAPI
NTSTATUS
NTAPI
NtSetDefaultLocale(
IN BOOLEAN ThreadOrSystem,
IN LCID Locale
);
|
0x009b |
0x009b |
0x009b |
0x009b |
0x00bc |
0x00bc |
0x00bc |
0x00bc |
0x00bc |
0x00d8 |
0x00d8 |
0x00d8 |
0x00e0 |
0x00e0 |
0x0125 |
NtSetDefaultUILanguage
NTSYSAPI
NTSTATUS
NTAPI
NtSetDefaultUILanguage(
IN LANGID LanguageId
);
|
|
|
|
|
0x00bd |
0x00bd |
0x00bd |
0x00bd |
0x00bd |
0x00d9 |
0x00d9 |
0x00d9 |
0x00e1 |
0x00e1 |
0x0126 |
|
NtSetDriverEntryOrder
|
|
|
|
|
|
|
|
|
|
|
|
|
0x00e2 |
0x00e2 |
0x0127 |
NtSetEaFile
NTSYSAPI
NTSTATUS
NTAPI
NtSetEaFile(
IN HANDLE FileHandle,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PFILE_FULL_EA_INFORMATION Buffer,
IN ULONG BufferLength
);
|
0x009c |
0x009c |
0x009c |
0x009c |
0x00be |
0x00be |
0x00be |
0x00be |
0x00be |
0x00da |
0x00da |
0x00da |
0x00e3 |
0x00e3 |
0x0128 |
NtSetEvent
NTSYSAPI
NTSTATUS
NTAPI
NtSetEvent(
IN HANDLE EventHandle,
OUT PULONG PreviousState OPTIONAL
);
|
0x009d |
0x009d |
0x009d |
0x009d |
0x00bf |
0x00bf |
0x00bf |
0x00bf |
0x00bf |
0x00db |
0x00db |
0x00db |
0x00e4 |
0x00e4 |
0x0129 |
NtSetEventBoostPriority
NTSYSAPI
NTSTATUS
NTAPI
NtSetEventBoostPriority(
IN HANDLE EventHandle
);
|
|
|
|
|
|
|
|
|
|
0x00dc |
0x00dc |
0x00dc |
0x00e5 |
0x00e5 |
0x012a |
NtSetHighEventPair
NTSYSAPI
NTSTATUS
NTAPI
NtSetHighEventPair(
IN HANDLE EventPairHandle
);
|
0x009e |
0x009e |
0x009e |
0x009e |
0x00c0 |
0x00c0 |
0x00c0 |
0x00c0 |
0x00c0 |
0x00dd |
0x00dd |
0x00dd |
0x00e6 |
0x00e6 |
0x012b |
NtSetHighWaitLowEventPair
NTSYSAPI
NTSTATUS
NTAPI
NtSetHighWaitLowEventPair(
IN HANDLE EventPairHandle
);
|
0x009f |
0x009f |
0x009f |
0x009f |
0x00c1 |
0x00c1 |
0x00c1 |
0x00c1 |
0x00c1 |
0x00de |
0x00de |
0x00de |
0x00e7 |
0x00e7 |
0x012c |
NtSetHighWaitLowThread
NTSYSAPI
NTSTATUS
NTAPI
NtSetHighWaitLowThread(
VOID
);
|
0x00a0 |
0x00a0 |
0x00a0 |
0x00a0 |
|
|
|
|
|
|
|
|
|
|
|
|
NtSetInformationDebugObject
|
|
|
|
|
|
|
|
|
|
0x00df |
0x00df |
0x00df |
0x00e8 |
0x00e8 |
0x012d |
|
NtSetInformationEnlistment
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x006f |
|
NtSetInformationFile
|
0x00a1 |
0x00a1 |
0x00a1 |
0x00a1 |
0x00c2 |
0x00c2 |
0x00c2 |
0x00c2 |
0x00c2 |
0x00e0 |
0x00e0 |
0x00e0 |
0x00e9 |
0x00e9 |
0x012e |
|
NtSetInformationJobObject
|
|
|
|
|
0x00c3 |
0x00c3 |
0x00c3 |
0x00c3 |
0x00c3 |
0x00e1 |
0x00e1 |
0x00e1 |
0x00ea |
0x00ea |
0x012f |
|
NtSetInformationKey
|
0x00a2 |
0x00a2 |
0x00a2 |
0x00a2 |
0x00c4 |
0x00c4 |
0x00c4 |
0x00c4 |
0x00c4 |
0x00e2 |
0x00e2 |
0x00e2 |
0x00eb |
0x00eb |
0x0130 |
|
NtSetInformationObject
|
0x00a3 |
0x00a3 |
0x00a3 |
0x00a3 |
0x00c5 |
0x00c5 |
0x00c5 |
0x00c5 |
0x00c5 |
0x00e3 |
0x00e3 |
0x00e3 |
0x00ec |
0x00ec |
0x0131 |
|
NtSetInformationProcess
|
0x00a4 |
0x00a4 |
0x00a4 |
0x00a4 |
0x00c6 |
0x00c6 |
0x00c6 |
0x00c6 |
0x00c6 |
0x00e4 |
0x00e4 |
0x00e4 |
0x00ed |
0x00ed |
0x0132 |
|
NtSetInformationResourceManager
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0061 |
|
NtSetInformationThread
|
0x00a5 |
0x00a5 |
0x00a5 |
0x00a5 |
0x00c7 |
0x00c7 |
0x00c7 |
0x00c7 |
0x00c7 |
0x00e5 |
0x00e5 |
0x00e5 |
0x00ee |
0x00ee |
0x0133 |
|
NtSetInformationToken
|
0x00a6 |
0x00a6 |
0x00a6 |
0x00a6 |
0x00c8 |
0x00c8 |
0x00c8 |
0x00c8 |
0x00c8 |
0x00e6 |
0x00e6 |
0x00e6 |
0x00ef |
0x00ef |
0x0134 |
|
NtSetInformationTransaction
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x005f |
|
NtSetInformationTransactionManager
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0060 |
|
NtSetInformationWorkerFactory
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x017d |
NtSetIntervalProfile
NTSYSAPI
NTSTATUS
NTAPI
NtSetIntervalProfile(
IN ULONG Interval,
IN KPROFILE_SOURCE Source
);
|
0x00a7 |
0x00a7 |
0x00a7 |
0x00a7 |
0x00c9 |
0x00c9 |
0x00c9 |
0x00c9 |
0x00c9 |
0x00e7 |
0x00e7 |
0x00e7 |
0x00f0 |
0x00f0 |
0x0135 |
NtSetIoCompletion
NTSYSAPI
NTSTATUS
NTAPI
NtSetIoCompletion(
IN HANDLE IoCompletionHandle,
IN ULONG CompletionKey,
IN ULONG CompletionValue,
IN NTSTATUS Status,
IN ULONG Information
);
|
0x0098 |
0x0098 |
0x0098 |
0x0098 |
0x00b9 |
0x00b9 |
0x00b9 |
0x00b9 |
0x00b9 |
0x00e8 |
0x00e8 |
0x00e8 |
0x00f1 |
0x00f1 |
0x0136 |
NtSetLdtEntries
NTSYSAPI
NTSTATUS
NTAPI
NtSetLdtEntries(
IN ULONG Selector1,
IN LDT_ENTRY LdtEntry1,
IN ULONG Selector2,
IN LDT_ENTRY LdtEntry2
);
|
0x00a8 |
0x00a8 |
0x00a8 |
0x00a8 |
0x00ca |
0x00ca |
0x00ca |
0x00ca |
0x00ca |
0x00e9 |
0x00e9 |
0x00e9 |
0x00f2 |
0x00f2 |
0x0137 |
NtSetLowEventPair
NTSYSAPI
NTSTATUS
NTAPI
NtSetLowEventPair(
IN HANDLE EventPairHandle
);
|
0x00a9 |
0x00a9 |
0x00a9 |
0x00a9 |
0x00cb |
0x00cb |
0x00cb |
0x00cb |
0x00cb |
0x00ea |
0x00ea |
0x00ea |
0x00f3 |
0x00f3 |
0x0138 |
NtSetLowWaitHighEventPair
NTSYSAPI
NTSTATUS
NTAPI
NtSetLowWaitHighEventPair(
IN HANDLE EventPairHandle
);
|
0x00aa |
0x00aa |
0x00aa |
0x00aa |
0x00cc |
0x00cc |
0x00cc |
0x00cc |
0x00cc |
0x00eb |
0x00eb |
0x00eb |
0x00f4 |
0x00f4 |
0x0139 |
NtSetLowWaitHighThread
NTSYSAPI
NTSTATUS
NTAPI
NtSetLowWaitHighThread(
VOID
);
|
0x00ab |
0x00ab |
0x00ab |
0x00ab |
|
|
|
|
|
|
|
|
|
|
|
|
NtSetQuotaInformationFile
|
|
|
|
|
0x00cd |
0x00cd |
0x00cd |
0x00cd |
0x00cd |
0x00ec |
0x00ec |
0x00ec |
0x00f5 |
0x00f5 |
0x013a |
NtSetSecurityObject
NTSYSAPI
NTSTATUS
NTAPI
NtSetSecurityObject(
IN HANDLE Handle,
IN SECURITY_INFORMATION SecurityInformation,
IN PSECURITY_DESCRIPTOR SecurityDescriptor
);
|
0x00ac |
0x00ac |
0x00ac |
0x00ac |
0x00ce |
0x00ce |
0x00ce |
0x00ce |
0x00ce |
0x00ed |
0x00ed |
0x00ed |
0x00f6 |
0x00f6 |
0x013b |
NtSetSystemEnvironmentValue
NTSYSAPI
NTSTATUS
NTAPI
NtSetSystemEnvironmentValue(
IN PUNICODE_STRING Name,
IN PUNICODE_STRING Value
);
|
0x00ad |
0x00ad |
0x00ad |
0x00ad |
0x00cf |
0x00cf |
0x00cf |
0x00cf |
0x00cf |
0x00ee |
0x00ee |
0x00ee |
0x00f7 |
0x00f7 |
0x013c |
|
NtSetSystemEnvironmentValueEx
|
|
|
|
|
|
|
|
|
|
0x00ef |
0x00ef |
0x00ef |
0x00f8 |
0x00f8 |
0x013d |
|
NtSetSystemInformation
|
0x00ae |
0x00ae |
0x00ae |
0x00ae |
0x00d0 |
0x00d0 |
0x00d0 |
0x00d0 |
0x00d0 |
0x00f0 |
0x00f0 |
0x00f0 |
0x00f9 |
0x00f9 |
0x013e |
NtSetSystemPowerState
NTSYSAPI
NTSTATUS
NTAPI
NtSetSystemPowerState(
IN POWER_ACTION SystemAction,
IN SYSTEM_POWER_STATE MinSystemState,
IN ULONG Flags
);
|
0x00af |
0x00af |
0x00af |
0x00af |
0x00d1 |
0x00d1 |
0x00d1 |
0x00d1 |
0x00d1 |
0x00f1 |
0x00f1 |
0x00f1 |
0x00fa |
0x00fa |
0x013f |
NtSetSystemTime
NTSYSAPI
NTSTATUS
NTAPI
NtSetSystemTime(
IN PLARGE_INTEGER NewTime,
OUT PLARGE_INTEGER OldTime OPTIONAL
);
|
0x00b0 |
0x00b0 |
0x00b0 |
0x00b0 |
0x00d2 |
0x00d2 |
0x00d2 |
0x00d2 |
0x00d2 |
0x00f2 |
0x00f2 |
0x00f2 |
0x00fb |
0x00fb |
0x0140 |
NtSetThreadExecutionState
NTSYSAPI
NTSTATUS
NTAPI
NtSetThreadExecutionState(
IN EXECUTION_STATE ExecutionState,
OUT PEXECUTION_STATE PreviousExecutionState
);
|
|
|
|
|
0x00d3 |
0x00d3 |
0x00d3 |
0x00d3 |
0x00d3 |
0x00f3 |
0x00f3 |
0x00f3 |
0x00fc |
0x00fc |
0x0141 |
NtSetTimer
NTSYSAPI
NTSTATUS
NTAPI
NtSetTimer(
IN HANDLE TimerHandle,
IN PLARGE_INTEGER DueTime,
IN PTIMER_APC_ROUTINE TimerApcRoutine OPTIONAL,
IN PVOID TimerContext,
IN BOOLEAN Resume,
IN LONG Period,
OUT PBOOLEAN PreviousState OPTIONAL
);
|
0x00b1 |
0x00b1 |
0x00b1 |
0x00b1 |
0x00d4 |
0x00d4 |
0x00d4 |
0x00d4 |
0x00d4 |
0x00f4 |
0x00f4 |
0x00f4 |
0x00fd |
0x00fd |
0x0142 |
NtSetTimerResolution
NTSYSAPI
NTSTATUS
NTAPI
NtSetTimerResolution(
IN ULONG RequestedResolution,
IN BOOLEAN Set,
OUT PULONG ActualResolution
);
|
0x00b2 |
0x00b2 |
0x00b2 |
0x00b2 |
0x00d5 |
0x00d5 |
0x00d5 |
0x00d5 |
0x00d5 |
0x00f5 |
0x00f5 |
0x00f5 |
0x00fe |
0x00fe |
0x0143 |
NtSetUuidSeed
NTSYSAPI
NTSTATUS
NTAPI
NtSetUuidSeed(
IN PUCHAR UuidSeed
);
|
|
|
|
|
0x00d6 |
0x00d6 |
0x00d6 |
0x00d6 |
0x00d6 |
0x00f6 |
0x00f6 |
0x00f6 |
0x00ff |
0x00ff |
0x0144 |
NtSetValueKey
NTSYSAPI
NTSTATUS
NTAPI
NtSetValueKey(
IN HANDLE KeyHandle,
IN PUNICODE_STRING ValueName,
IN ULONG TitleIndex,
IN ULONG Type,
IN PVOID Data,
IN ULONG DataSize
);
|
0x00b3 |
0x00b3 |
0x00b3 |
0x00b3 |
0x00d7 |
0x00d7 |
0x00d7 |
0x00d7 |
0x00d7 |
0x00f7 |
0x00f7 |
0x00f7 |
0x0100 |
0x0100 |
0x0145 |
|
NtSetVolumeInformationFile
|
0x00b4 |
0x00b4 |
0x00b4 |
0x00b4 |
0x00d8 |
0x00d8 |
0x00d8 |
0x00d8 |
0x00d8 |
0x00f8 |
0x00f8 |
0x00f8 |
0x0101 |
0x0101 |
0x0146 |
|
NtSetWinStationInformation
|
|
0x00d6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
NtShutdownSystem
NTSYSAPI
NTSTATUS
NTAPI
NtShutdownSystem(
IN SHUTDOWN_ACTION Action
);
|
0x00b5 |
0x00b5 |
0x00b5 |
0x00b5 |
0x00d9 |
0x00d9 |
0x00d9 |
0x00d9 |
0x00d9 |
0x00f9 |
0x00f9 |
0x00f9 |
0x0102 |
0x0102 |
0x0147 |
|
NtShutdownWorkerFactory
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0180 |
NtSignalAndWaitForSingleObject
NTSYSAPI
NTSTATUS
NTAPI
NtSignalAndWaitForSingleObject(
IN HANDLE HandleToSignal,
IN HANDLE HandleToWait,
IN BOOLEAN Alertable,
IN PLARGE_INTEGER Timeout OPTIONAL
);
|
0x00b6 |
0x00b6 |
0x00b6 |
0x00b6 |
0x00da |
0x00da |
0x00da |
0x00da |
0x00da |
0x00fa |
0x00fa |
0x00fa |
0x0103 |
0x0103 |
0x0148 |
|
NtSinglePhaseReject
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x005e |
NtStartProfile
NTSYSAPI
NTSTATUS
NTAPI
NtStartProfile(
IN HANDLE ProfileHandle
);
|
0x00b7 |
0x00b7 |
0x00b7 |
0x00b7 |
0x00db |
0x00db |
0x00db |
0x00db |
0x00db |
0x00fb |
0x00fb |
0x00fb |
0x0104 |
0x0104 |
0x0149 |
|
NtStartTm
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0071 |
NtStopProfile
NTSYSAPI
NTSTATUS
NTAPI
NtStopProfile(
IN HANDLE ProfileHandle
);
|
0x00b8 |
0x00b8 |
0x00b8 |
0x00b8 |
0x00dc |
0x00dc |
0x00dc |
0x00dc |
0x00dc |
0x00fc |
0x00fc |
0x00fc |
0x0105 |
0x0105 |
0x014a |
NtSuspendProcess
NTSYSAPI
NTSTATUS
NTAPI
NtSuspendProcess(
IN HANDLE Process
);
|
|
|
|
|
|
|
|
|
|
0x00fd |
0x00fd |
0x00fd |
0x0106 |
0x0106 |
0x014b |
NtSuspendThread
NTSYSAPI
NTSTATUS
NTAPI
NtSuspendThread(
IN HANDLE ThreadHandle,
OUT PULONG PreviousSuspendCount OPTIONAL
);
|
0x00b9 |
0x00b9 |
0x00b9 |
0x00b9 |
0x00dd |
0x00dd |
0x00dd |
0x00dd |
0x00dd |
0x00fe |
0x00fe |
0x00fe |
0x0107 |
0x0107 |
0x014c |
NtSystemDebugControl
NTSYSAPI
NTSTATUS
NTAPI
NtSystemDebugControl(
IN DEBUG_CONTROL_CODE ControlCode,
IN PVOID InputBuffer OPTIONAL,
IN ULONG InputBufferLength,
OUT PVOID OutputBuffer OPTIONAL,
IN ULONG OutputBufferLength,
OUT PULONG ReturnLength OPTIONAL
);
|
0x00ba |
0x00ba |
0x00ba |
0x00ba |
0x00de |
0x00de |
0x00de |
0x00de |
0x00de |
0x00ff |
0x00ff |
0x00ff |
0x0108 |
0x0108 |
0x014d |
NtTerminateJobObject
NTSYSAPI
NTSTATUS
NTAPI
NtTerminateJobObject(
IN HANDLE JobHandle,
IN NTSTATUS ExitStatus
);
|
|
|
|
|
0x00df |
0x00df |
0x00df |
0x00df |
0x00df |
0x0100 |
0x0100 |
0x0100 |
0x0109 |
0x0109 |
0x014e |
NtTerminateProcess
NTSYSAPI
NTSTATUS
NTAPI
NtTerminateProcess(
IN HANDLE ProcessHandle OPTIONAL,
IN NTSTATUS ExitStatus
);
|
0x00bb |
0x00bb |
0x00bb |
0x00bb |
0x00e0 |
0x00e0 |
0x00e0 |
0x00e0 |
0x00e0 |
0x0101 |
0x0101 |
0x0101 |
0x010a |
0x010a |
0x014f |
NtTerminateThread
NTSYSAPI
NTSTATUS
NTAPI
NtTerminateThread(
IN HANDLE ThreadHandle OPTIONAL,
IN NTSTATUS ExitStatus
);
|
0x00bc |
0x00bc |
0x00bc |
0x00bc |
0x00e1 |
0x00e1 |
0x00e1 |
0x00e1 |
0x00e1 |
0x0102 |
0x0102 |
0x0102 |
0x010b |
0x010b |
0x0150 |
NtTestAlert
NTSYSAPI
NTSTATUS
NTAPI
NtTestAlert(
VOID
);
|
0x00bd |
0x00bd |
0x00bd |
0x00bd |
0x00e2 |
0x00e2 |
0x00e2 |
0x00e2 |
0x00e2 |
0x0103 |
0x0103 |
0x0103 |
0x010c |
0x010c |
0x0151 |
|
NtThawRegistry
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0152 |
|
NtThawTransactions
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0153 |
|
NtTraceControl
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0155 |
NtTraceEvent
NTSYSAPI
NTSTATUS
NTAPI
NtTraceEvent(
IN ULONG TraceHandle,
IN ULONG Flags,
IN ULONG TraceHeaderLength,
IN PEVENT_TRACE_HEADER TraceHeader
);
|
|
|
|
|
|
|
|
|
|
0x0104 |
0x0104 |
0x0104 |
0x010d |
0x010d |
0x0154 |
NtTranslateFilePath
NTSYSAPI
NTSTATUS
NTAPI
NtTranslateFilePath(
PFILE_PATH InputFilePath,
ULONG OutputType,
PFILE_PATH OutputFilePath,
ULONG OutputFilePathLength
);
|
|
|
|
|
|
|
|
|
|
0x0105 |
0x0105 |
0x0105 |
0x010e |
0x010e |
0x0156 |
NtUnloadDriver
NTSYSAPI
NTSTATUS
NTAPI
NtUnloadDriver(
IN PUNICODE_STRING DriverServiceName
);
|
0x00be |
0x00be |
0x00be |
0x00be |
0x00e3 |
0x00e3 |
0x00e3 |
0x00e3 |
0x00e3 |
0x0106 |
0x0106 |
0x0106 |
0x010f |
0x010f |
0x0157 |
NtUnloadKey
NTSYSAPI
NTSTATUS
NTAPI
NtUnloadKey(
IN POBJECT_ATTRIBUTES KeyObjectAttributes
);
|
0x00bf |
0x00bf |
0x00bf |
0x00bf |
0x00e4 |
0x00e4 |
0x00e4 |
0x00e4 |
0x00e4 |
0x0107 |
0x0107 |
0x0107 |
0x0110 |
0x0110 |
0x0158 |
NtUnloadKey2
NTSYSAPI
NTSTATUS
NTAPI
NtUnloadKey2(
IN POBJECT_ATTRIBUTES KeyObjectAttributes,
IN BOOLEAN ForceUnload
);
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0111 |
0x0111 |
0x0159 |
NtUnloadKeyEx
NTSYSAPI
NTSTATUS
NTAPI
NtUnloadKeyEx(
IN POBJECT_ATTRIBUTES KeyObjectAttributes,
IN HANDLE EventHandle OPTIONAL
);
|
|
|
|
|
|
|
|
|
|
0x0108 |
0x0108 |
0x0108 |
0x0112 |
0x0112 |
0x015a |
NtUnlockFile
NTSYSAPI
NTSTATUS
NTAPI
NtUnlockFile(
IN HANDLE FileHandle,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PULARGE_INTEGER LockOffset,
IN PULARGE_INTEGER LockLength,
IN ULONG Key
);
|
0x00c0 |
0x00c0 |
0x00c0 |
0x00c0 |
0x00e5 |
0x00e5 |
0x00e5 |
0x00e5 |
0x00e5 |
0x0109 |
0x0109 |
0x0109 |
0x0113 |
0x0113 |
0x015b |
NtUnlockVirtualMemory
NTSYSAPI
NTSTATUS
NTAPI
NtUnlockVirtualMemory(
IN HANDLE ProcessHandle,
IN OUT PVOID *BaseAddress,
IN OUT PULONG LockSize,
IN ULONG LockType
);
|
0x00c1 |
0x00c1 |
0x00c1 |
0x00c1 |
0x00e6 |
0x00e6 |
0x00e6 |
0x00e6 |
0x00e6 |
0x010a |
0x010a |
0x010a |
0x0114 |
0x0114 |
0x015c |
NtUnmapViewOfSection
NTSYSAPI
NTSTATUS
NTAPI
NtUnmapViewOfSection(
IN HANDLE ProcessHandle,
IN PVOID BaseAddress
);
|
0x00c2 |
0x00c2 |
0x00c2 |
0x00c2 |
0x00e7 |
0x00e7 |
0x00e7 |
0x00e7 |
0x00e7 |
0x010b |
0x010b |
0x010b |
0x0115 |
0x0115 |
0x015d |
NtVdmControl
NTSYSAPI
NTSTATUS
NTAPI
NtVdmControl(
IN VDMSERVICECLASS Service,
IN OUT PVOID ServiceData
);
|
0x00c3 |
0x00c3 |
0x00c3 |
0x00c3 |
0x00e8 |
0x00e8 |
0x00e8 |
0x00e8 |
0x00e8 |
0x010c |
0x010c |
0x010c |
0x0116 |
0x0116 |
0x015e |
NtW32Call
NTSYSAPI
NTSTATUS
NTAPI
NtW32Call(
IN ULONG RoutineIndex,
IN PVOID Argument,
IN ULONG ArgumentLength,
OUT PVOID *Result OPTIONAL,
OUT PULONG ResultLength OPTIONAL
);
|
0x00cc |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
NtWaitForDebugEvent
NTSYSAPI
NTSTATUS
NTAPI
NtWaitForDebugEvent(
IN HANDLE DebugObject,
IN BOOLEAN Alertable,
IN PLARGE_INTEGER Timeout OPTIONAL,
OUT PDBGUI_WAIT_STATE_CHANGE StateChange
);
|
|
|
|
|
|
|
|
|
|
0x010d |
0x010d |
0x010d |
0x0117 |
0x0117 |
0x015f |
NtWaitForKeyedEvent
NTSYSAPI
NTSTATUS
NTAPI
NtWaitForKeyedEvent(
IN HANDLE KeyedEventHandle,
IN PVOID Key,
IN BOOLEAN Alertable,
IN PLARGE_INTEGER Timeout OPTIONAL
);
|
|
|
|
|
|
|
|
|
|
0x011a |
0x011a |
0x011a |
0x0124 |
0x0124 |
0x016c |
|
NtWaitForMultipleObjects
|
0x00c4 |
0x00c4 |
0x00c4 |
0x00c4 |
0x00e9 |
0x00e9 |
0x00e9 |
0x00e9 |
0x00e9 |
0x010e |
0x010e |
0x010e |
0x0118 |
0x0118 |
0x0160 |
|
NtWaitForMultipleObjects32
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x0127 |
0x016f |
NtWaitForSingleObject
NTSYSAPI
NTSTATUS
NTAPI
NtWaitForSingleObject(
IN HANDLE Handle,
IN BOOLEAN Alertable,
IN PLARGE_INTEGER Timeout OPTIONAL
);
|
0x00c5 |
0x00c5 |
0x00c5 |
0x00c5 |
0x00ea |
0x00ea |
0x00ea |
0x00ea |
0x00ea |
0x010f |
0x010f |
0x010f |
0x0119 |
0x0119 |
0x0161 |
|
NtWaitForWorkViaWorkerFactory
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x017c |
NtWaitHighEventPair
NTSYSAPI
NTSTATUS
NTAPI
NtWaitHighEventPair(
IN HANDLE EventPairHandle
);
|
0x00c6 |
0x00c6 |
0x00c6 |
0x00c6 |
0x00eb |
0x00eb |
0x00eb |
0x00eb |
0x00eb |
0x0110 |
0x0110 |
0x0110 |
0x011a |
0x011a |
0x0162 |
NtWaitLowEventPair
NTSYSAPI
NTSTATUS
NTAPI
NtWaitLowEventPair(
IN HANDLE EventPairHandle
);
|
0x00c7 |
0x00c7 |
0x00c7 |
0x00c7 |
0x00ec |
0x00ec |
0x00ec |
0x00ec |
0x00ec |
0x0111 |
0x0111 |
0x0111 |
0x011b |
0x011b |
0x0163 |
|
NtWorkerFactoryWorkerReady
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x017f |
|
NtWriteErrorLogEntry
|
|
0x00d7 |
|
|
|
|
|
|
|
|
|
|
|
|
|
NtWriteFile
NTSYSAPI
NTSTATUS
NTAPI
NtWriteFile(
IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PVOID Buffer,
IN ULONG Length,
IN PLARGE_INTEGER ByteOffset OPTIONAL,
IN PULONG Key OPTIONAL
);
|
0x00c8 |
0x00c8 |
0x00c8 |
0x00c8 |
0x00ed |
0x00ed |
0x00ed |
0x00ed |
0x00ed |
0x0112 |
0x0112 |
0x0112 |
0x011c |
0x011c |
0x0164 |
NtWriteFileGather
NTSYSAPI
NTSTATUS
NTAPI
NtWriteFileGather(
IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PFILE_SEGMENT_ELEMENT Buffer,
IN ULONG Length,
IN PLARGE_INTEGER ByteOffset OPTIONAL,
IN PULONG Key OPTIONAL
);
|
0x00c9 |
0x00c9 |
0x00c9 |
0x00c9 |
0x00ee |
0x00ee |
0x00ee |
0x00ee |
0x00ee |
0x0113 |
0x0113 |
0x0113 |
0x011d |
0x011d |
0x0165 |
NtWriteRequestData
NTSYSAPI
NTSTATUS
NTAPI
NtWriteRequestData(
IN HANDLE PortHandle,
IN PPORT_MESSAGE Message,
IN ULONG Index,
IN PVOID Buffer,
IN ULONG BufferLength,
OUT PULONG ReturnLength OPTIONAL
);
|
0x00ca |
0x00ca |
0x00ca |
0x00ca |
0x00ef |
0x00ef |
0x00ef |
0x00ef |
0x00ef |
0x0114 |
0x0114 |
0x0114 |
0x011e |
0x011e |
0x0166 |
NtWriteVirtualMemory
NTSYSAPI
NTSTATUS
NTAPI
NtWriteVirtualMemory(
IN HANDLE ProcessHandle,
IN PVOID BaseAddress,
IN PVOID Buffer,
IN ULONG BufferLength,
OUT PULONG ReturnLength OPTIONAL
);
|
0x00cb |
0x00cb |
0x00cb |
0x00cb |
0x00f0 |
0x00f0 |
0x00f0 |
0x00f0 |
0x00f0 |
0x0115 |
0x0115 |
0x0115 |
0x011f |
0x011f |
0x0167 |
NtYieldExecution
NTSYSAPI
NTSTATUS
NTAPI
NtYieldExecution(
VOID
);
|
0x00d3 |
0x00d2 |
0x00d2 |
0x00d2 |
0x00f7 |
0x00f7 |
0x00f7 |
0x00f7 |
0x00f7 |
0x0116 |
0x0116 |
0x0116 |
0x0120 |
0x0120 |
0x0168 |