skip to main |
skip to sidebar
<![CDATA[<br />http://msdn.microsoft.com/msdnmag/issues/01/12/XPKernel/default.aspx<br />---------------------------------------------------<br />2K 서비스 번호별 API<br /><br />SDT viewer by DeokYoung ,based SDT recover<br /><br />KeServiceDescriptorTable 8047F7E0<br />KeServiceDecriptorTable.ServiceTable 80471128<br />KeServiceDescriptorTable.ServiceLimit 248<br /><br />000, ZwAcceptConnectPort <br />001, ZwAccessCheck <br />002, ZwAccessCheckAndAuditAlarm <br />003, ZwAccessCheckByType <br />004, ZwAccessCheckByTypeAndAuditAlarm <br />005, ZwAccessCheckByTypeResultList <br />006, ZwAccessCheckByTypeResultListAndAuditAlarm <br />007, ZwAccessCheckByTypeResultListAndAuditAlarmByHandle <br />008, ZwAddAtom <br />009, ZwAdjustGroupsToken <br />00A, ZwAdjustPrivilegesToken <br />00B, ZwAlertResumeThread <br />00C, ZwAlertThread <br />00D, ZwAllocateLocallyUniqueId <br />00E, ZwAllocateUserPhysicalPages <br />00F, ZwAllocateUuids <br />010, ZwAllocateVirtualMemory <br />011, ZwAreMappedFilesTheSame <br />012, ZwAssignProcessToJobObject <br />013, ZwCallbackReturn <br />014, ZwCancelIoFile <br />015, ZwCancelTimer <br />016, ZwCancelDeviceWakeupRequest <br />017, ZwClearEvent <br />018, ZwClose <br />019, ZwCloseObjectAuditAlarm <br />01A, ZwCompleteConnectPort <br />01B, ZwConnectPort <br />01C, ZwContinue <br />01D, ZwCreateDirectoryObject <br />01E, ZwCreateEvent <br />01F, ZwCreateEventPair <br />020, ZwCreateFile <br />021, ZwCreateIoCompletion <br />022, ZwCreateJobObject <br />023, ZwCreateKey <br />024, ZwCreateMailslotFile <br />025, ZwCreateMutant <br />026, ZwCreateNamedPipeFile <br />027, ZwCreatePagingFile <br />028, ZwCreatePort <br />029, ZwCreateProcess <br />02A, ZwCreateProfile <br />02B, ZwCreateSection <br />02C, ZwCreateSemaphore <br />02D, ZwCreateSymbolicLinkObject <br />02E, ZwCreateThread <br />02F, ZwCreateTimer <br />030, ZwCreateToken <br />031, ZwCreateWaitablePort <br />032, ZwDelayExecution <br />033, ZwDeleteAtom <br />034, ZwDeleteFile <br />035, ZwDeleteKey <br />036, ZwDeleteObjectAuditAlarm <br />037, ZwDeleteValueKey <br />038, ZwDeviceIoControlFile <br />039, ZwDisplayString <br />03A, ZwDuplicateObject <br />03B, ZwDuplicateToken <br />03C, ZwEnumerateKey <br />03D, ZwEnumerateValueKey <br />03E, ZwExtendSection <br />03F, ZwFilterToken <br />040, ZwFindAtom <br />041, ZwFlushBuffersFile <br />042, ZwFlushInstructionCache <br />043, ZwFlushKey <br />044, ZwFlushVirtualMemory <br />045, ZwFlushWriteBuffer <br />046, ZwFreeUserPhysicalPages <br />047, ZwFreeVirtualMemory <br />048, ZwFsControlFile <br />049, ZwGetContextThread <br />04A, ZwGetDevicePowerState <br />04B, ZwGetPlugPlayEvent <br />04C, ZwGetTickCount <br />04D, ZwGetWriteWatch <br />04E, ZwImpersonateAnonymousToken <br />04F, ZwImpersonateClientOfPort <br />050, ZwImpersonateThread <br />051, ZwInitializeRegistry <br />052, ZwInitiatePowerAction <br />053, ZwIsSystemResumeAutomatic <br />054, ZwListenPort <br />055, ZwLoadDriver <br />056, ZwLoadKey <br />057, ZwLoadKey2 <br />058, ZwLockFile <br />059, ZwLockVirtualMemory <br />05A, ZwMakeTemporaryObject <br />05B, ZwMapUserPhysicalPages <br />05C, ZwMapUserPhysicalPagesScatter <br />05D, ZwMapViewOfSection <br />05E, ZwNotifyChangeDirectoryFile <br />05F, ZwNotifyChangeKey <br />060, ZwNotifyChangeMultipleKeys <br />061, ZwOpenDirectoryObject <br />062, ZwOpenEvent <br />063, ZwOpenEventPair <br />064, ZwOpenFile <br />065, ZwOpenIoCompletion <br />066, ZwOpenJobObject <br />067, ZwOpenKey <br />068, ZwOpenMutant <br />069, ZwOpenObjectAuditAlarm <br />06A, ZwOpenProcess <br />06B, ZwOpenProcessToken <br />06C, ZwOpenSection <br />06D, ZwOpenSemaphore <br />06E, ZwOpenSymbolicLinkObject <br />06F, ZwOpenThread <br />070, ZwOpenThreadToken <br />071, ZwOpenTimer <br />072, ZwPlugPlayControl <br />073, ZwPowerInformation <br />074, ZwPrivilegeCheck <br />075, ZwPrivilegedServiceAuditAlarm <br />076, ZwPrivilegeObjectAuditAlarm <br />077, ZwProtectVirtualMemory <br />078, ZwPulseEvent <br />079, ZwQueryInformationAtom <br />07A, ZwQueryAttributesFile <br />07B, ZwQueryDefaultLocale <br />07C, ZwQueryDefaultUILanguage <br />07D, ZwQueryDirectoryFile <br />07E, ZwQueryDirectoryObject <br />07F, ZwQueryEaFile <br />080, ZwQueryEvent <br />081, ZwQueryFullAttributesFile <br />082, ZwQueryInformationFile <br />083, ZwQueryInformationJobObject <br />084, ZwQueryIoCompletion <br />085, ZwQueryInformationPort <br />086, ZwQueryInformationProcess <br />087, ZwQueryInformationThread <br />088, ZwQueryInformationToken <br />089, ZwQueryInstallUILanguage <br />08A, ZwQueryIntervalProfile <br />08B, ZwQueryKey <br />08C, ZwQueryMultipleValueKey <br />08D, ZwQueryMutant <br />08E, ZwQueryObject <br />08F, ZwQueryOpenSubKeys <br />090, ZwQueryPerformanceCounter <br />091, ZwQueryQuotaInformationFile <br />092, ZwQuerySection <br />093, ZwQuerySecurityObject <br />094, ZwQuerySemaphore <br />095, ZwQuerySymbolicLinkObject <br />096, ZwQuerySystemEnvironmentValue <br />097, ZwQuerySystemInformation <br />098, ZwQuerySystemTime <br />099, ZwQueryTimer <br />09A, ZwQueryTimerResolution <br />09B, ZwQueryValueKey <br />09C, ZwQueryVirtualMemory <br />09D, ZwQueryVolumeInformationFile <br />09E, ZwQueueApcThread <br />09F, ZwRaiseException <br />0A0, ZwRaiseHardError <br />0A1, ZwReadFile <br />0A2, ZwReadFileScatter <br />0A3, ZwReadRequestData <br />0A4, ZwReadVirtualMemory <br />0A5, ZwRegisterThreadTerminatePort <br />0A6, ZwReleaseMutant <br />0A7, ZwReleaseSemaphore <br />0A8, ZwRemoveIoCompletion <br />0A9, ZwReplaceKey <br />0AA, ZwReplyPort <br />0AB, ZwReplyWaitReceivePort <br />0AC, ZwReplyWaitReceivePortEx <br />0AD, ZwReplyWaitReplyPort <br />0AE, ZwRequestDeviceWakeup <br />0AF, ZwRequestPort <br />0B0, ZwRequestWaitReplyPort <br />0B1, ZwRequestWakeupLatency <br />0B2, ZwResetEvent <br />0B3, ZwResetWriteWatch <br />0B4, ZwRestoreKey <br />0B5, ZwResumeThread <br />0B6, ZwSaveKey <br />0B7, ZwSaveMergedKeys <br />0B8, ZwSecureConnectPort <br />0B9, ZwSetIoCompletion <br />0BA, ZwSetContextThread <br />0BB, ZwSetDefaultHardErrorPort <br />0BC, ZwSetDefaultLocale <br />0BD, ZwSetDefaultUILanguage <br />0BE, ZwSetEaFile <br />0BF, ZwSetEvent <br />0C0, ZwSetHighEventPair <br />0C1, ZwSetHighWaitLowEventPair <br />0C2, ZwSetInformationFile <br />0C3, ZwSetInformationJobObject <br />0C4, ZwSetInformationKey <br />0C5, ZwSetInformationObject <br />0C6, ZwSetInformationProcess <br />0C7, ZwSetInformationThread <br />0C8, ZwSetInformationToken <br />0C9, ZwSetIntervalProfile <br />0CA, ZwSetLdtEntries <br />0CB, ZwSetLowEventPair <br />0CC, ZwSetLowWaitHighEventPair <br />0CD, ZwSetQuotaInformationFile <br />0CE, ZwSetSecurityObject <br />0CF, ZwSetSystemEnvironmentValue <br />0D0, ZwSetSystemInformation <br />0D1, ZwSetSystemPowerState <br />0D2, ZwSetSystemTime <br />0D3, ZwSetThreadExecutionState <br />0D4, ZwSetTimer <br />0D5, ZwSetTimerResolution <br />0D6, ZwSetUuidSeed <br />0D7, ZwSetValueKey <br />0D8, ZwSetVolumeInformationFile <br />0D9, ZwShutdownSystem <br />0DA, ZwSignalAndWaitForSingleObject <br />0DB, ZwStartProfile <br />0DC, ZwStopProfile <br />0DD, ZwSuspendThread <br />0DE, ZwSystemDebugControl <br />0DF, ZwTerminateJobObject <br />0E0, ZwTerminateProcess <br />0E1, ZwTerminateThread <br />0E2, ZwTestAlert <br />0E3, ZwUnloadDriver <br />0E4, ZwUnloadKey <br />0E5, ZwUnlockFile <br />0E6, ZwUnlockVirtualMemory <br />0E7, ZwUnmapViewOfSection <br />0E8, ZwVdmControl <br />0E9, ZwWaitForMultipleObjects <br />0EA, ZwWaitForSingleObject <br />0EB, ZwWaitHighEventPair <br />0EC, ZwWaitLowEventPair <br />0ED, ZwWriteFile <br />0EE, ZwWriteFileGather <br />0EF, ZwWriteRequestData <br />0F0, ZwWriteVirtualMemory <br />0F1, ZwCreateChannel <br />0F2, ZwListenChannel <br />0F3, ZwOpenChannel <br />0F4, ZwReplyWaitSendChannel <br />0F5, ZwSendWaitReplyChannel <br />0F6, ZwSetContextChannel <br />0F7, ZwYieldExecution <br />----------------------------------------------------------<br />XP 서비스 번호별 API<br /><br />SDT viewer by DeokYoung ,based SDT recover<br /><br />KeServiceDescriptorTable 8054D8C0<br />KeServiceDecriptorTable.ServiceTable 804E05F8<br />KeServiceDescriptorTable.ServiceLimit 284<br /><br />000, ZwAcceptConnectPort <br />001, ZwAccessCheck <br />002, ZwAccessCheckAndAuditAlarm <br />003, ZwAccessCheckByType <br />004, ZwAccessCheckByTypeAndAuditAlarm <br />005, ZwAccessCheckByTypeResultList <br />006, ZwAccessCheckByTypeResultListAndAuditAlarm <br />007, ZwAccessCheckByTypeResultListAndAuditAlarmByHandle <br />008, ZwAddAtom <br />009, ZwAddBootEntry <br />00A, ZwAdjustGroupsToken <br />00B, ZwAdjustPrivilegesToken <br />00C, ZwAlertResumeThread <br />00D, ZwAlertThread <br />00E, ZwAllocateLocallyUniqueId <br />00F, ZwAllocateUserPhysicalPages <br />010, ZwAllocateUuids <br />011, ZwAllocateVirtualMemory <br />012, ZwAreMappedFilesTheSame <br />013, ZwAssignProcessToJobObject <br />014, ZwCallbackReturn <br />015, ZwCancelDeviceWakeupRequest <br />016, ZwCancelIoFile <br />017, ZwCancelTimer <br />018, ZwClearEvent <br />019, ZwClose <br />01A, ZwCloseObjectAuditAlarm <br />01B, ZwCompactKeys <br />01C, ZwCompareTokens <br />01D, ZwCompleteConnectPort <br />01E, ZwCompressKey <br />01F, ZwConnectPort <br />020, ZwContinue <br />021, ZwCreateDebugObject <br />022, ZwCreateDirectoryObject <br />023, ZwCreateEvent <br />024, ZwCreateEventPair <br />025, ZwCreateFile <br />026, ZwCreateIoCompletion <br />027, ZwCreateJobObject <br />028, ZwCreateJobSet <br />029, ZwCreateKey <br />02A, ZwCreateMailslotFile <br />02B, ZwCreateMutant <br />02C, ZwCreateNamedPipeFile <br />02D, ZwCreatePagingFile <br />02E, ZwCreatePort <br />02F, ZwCreateProcess <br />030, ZwCreateProcessEx <br />031, ZwCreateProfile <br />032, ZwCreateSection <br />033, ZwCreateSemaphore <br />034, ZwCreateSymbolicLinkObject <br />035, ZwCreateThread <br />036, ZwCreateTimer <br />037, ZwCreateToken <br />038, ZwCreateWaitablePort <br />039, ZwDebugActiveProcess <br />03A, ZwDebugContinue <br />03B, ZwDelayExecution <br />03C, ZwDeleteAtom <br />03D, ZwDeleteBootEntry <br />03E, ZwDeleteFile <br />03F, ZwDeleteKey <br />040, ZwDeleteObjectAuditAlarm <br />041, ZwDeleteValueKey <br />042, ZwDeviceIoControlFile <br />043, ZwDisplayString <br />044, ZwDuplicateObject <br />045, ZwDuplicateToken <br />046, ZwEnumerateBootEntries <br />047, ZwEnumerateKey <br />048, ZwEnumerateSystemEnvironmentValuesEx <br />049, ZwEnumerateValueKey <br />04A, ZwExtendSection <br />04B, ZwFilterToken <br />04C, ZwFindAtom <br />04D, ZwFlushBuffersFile <br />04E, ZwFlushInstructionCache <br />04F, ZwFlushKey <br />050, ZwFlushVirtualMemory <br />051, ZwFlushWriteBuffer <br />052, ZwFreeUserPhysicalPages <br />053, ZwFreeVirtualMemory <br />054, ZwFsControlFile <br />055, ZwGetContextThread <br />056, ZwGetDevicePowerState <br />057, ZwGetPlugPlayEvent <br />058, ZwGetWriteWatch <br />059, ZwImpersonateAnonymousToken <br />05A, ZwImpersonateClientOfPort <br />05B, ZwImpersonateThread <br />05C, ZwInitializeRegistry <br />05D, ZwInitiatePowerAction <br />05E, ZwIsProcessInJob <br />05F, ZwIsSystemResumeAutomatic <br />060, ZwListenPort <br />061, ZwLoadDriver <br />062, ZwLoadKey <br />063, ZwLoadKey2 <br />064, ZwLockFile <br />065, ZwLockProductActivationKeys <br />066, ZwLockRegistryKey <br />067, ZwLockVirtualMemory <br />068, ZwMakePermanentObject <br />069, ZwMakeTemporaryObject <br />06A, ZwMapUserPhysicalPages <br />06B, ZwMapUserPhysicalPagesScatter <br />06C, ZwMapViewOfSection <br />06D, ZwModifyBootEntry <br />06E, ZwNotifyChangeDirectoryFile <br />06F, ZwNotifyChangeKey <br />070, ZwNotifyChangeMultipleKeys <br />071, ZwOpenDirectoryObject <br />072, ZwOpenEvent <br />073, ZwOpenEventPair <br />074, ZwOpenFile <br />075, ZwOpenIoCompletion <br />076, ZwOpenJobObject <br />077, ZwOpenKey <br />078, ZwOpenMutant <br />079, ZwOpenObjectAuditAlarm <br />07A, ZwOpenProcess <br />07B, ZwOpenProcessToken <br />07C, ZwOpenProcessTokenEx <br />07D, ZwOpenSection <br />07E, ZwOpenSemaphore <br />07F, ZwOpenSymbolicLinkObject <br />080, ZwOpenThread <br />081, ZwOpenThreadToken <br />082, ZwOpenThreadTokenEx <br />083, ZwOpenTimer <br />084, ZwPlugPlayControl <br />085, ZwPowerInformation <br />086, ZwPrivilegeCheck <br />087, ZwPrivilegeObjectAuditAlarm <br />088, ZwPrivilegedServiceAuditAlarm <br />089, ZwProtectVirtualMemory <br />08A, ZwPulseEvent <br />08B, ZwQueryAttributesFile <br />08C, ZwQueryBootEntryOrder <br />08D, ZwQueryBootOptions <br />08E, ZwQueryDebugFilterState <br />08F, ZwQueryDefaultLocale <br />090, ZwQueryDefaultUILanguage <br />091, ZwQueryDirectoryFile <br />092, ZwQueryDirectoryObject <br />093, ZwQueryEaFile <br />094, ZwQueryEvent <br />095, ZwQueryFullAttributesFile <br />096, ZwQueryInformationAtom <br />097, ZwQueryInformationFile <br />098, ZwQueryInformationJobObject <br />099, ZwQueryInformationPort <br />09A, ZwQueryInformationProcess <br />09B, ZwQueryInformationThread <br />09C, ZwQueryInformationToken <br />09D, ZwQueryInstallUILanguage <br />09E, ZwQueryIntervalProfile <br />09F, ZwQueryIoCompletion <br />0A0, ZwQueryKey <br />0A1, ZwQueryMultipleValueKey <br />0A2, ZwQueryMutant <br />0A3, ZwQueryObject <br />0A4, ZwQueryOpenSubKeys <br />0A5, ZwQueryPerformanceCounter <br />0A6, ZwQueryQuotaInformationFile <br />0A7, ZwQuerySection <br />0A8, ZwQuerySecurityObject <br />0A9, ZwQuerySemaphore <br />0AA, ZwQuerySymbolicLinkObject <br />0AB, ZwQuerySystemEnvironmentValue <br />0AC, ZwQuerySystemEnvironmentValueEx <br />0AD, ZwQuerySystemInformation <br />0AE, ZwQuerySystemTime <br />0AF, ZwQueryTimer <br />0B0, ZwQueryTimerResolution <br />0B1, ZwQueryValueKey <br />0B2, ZwQueryVirtualMemory <br />0B3, ZwQueryVolumeInformationFile <br />0B4, ZwQueueApcThread <br />0B5, ZwRaiseException <br />0B6, ZwRaiseHardError <br />0B7, ZwReadFile <br />0B8, ZwReadFileScatter <br />0B9, ZwReadRequestData <br />0BA, ZwReadVirtualMemory <br />0BB, ZwRegisterThreadTerminatePort <br />0BC, ZwReleaseMutant <br />0BD, ZwReleaseSemaphore <br />0BE, ZwRemoveIoCompletion <br />0BF, ZwRemoveProcessDebug <br />0C0, ZwRenameKey <br />0C1, ZwReplaceKey <br />0C2, ZwReplyPort <br />0C3, ZwReplyWaitReceivePort <br />0C4, ZwReplyWaitReceivePortEx <br />0C5, ZwReplyWaitReplyPort <br />0C6, ZwRequestDeviceWakeup <br />0C7, ZwRequestPort <br />0C8, ZwRequestWaitReplyPort <br />0C9, ZwRequestWakeupLatency <br />0CA, ZwResetEvent <br />0CB, ZwResetWriteWatch <br />0CC, ZwRestoreKey <br />0CD, ZwResumeProcess <br />0CE, ZwResumeThread <br />0CF, ZwSaveKey <br />0D0, ZwSaveKeyEx <br />0D1, ZwSaveMergedKeys <br />0D2, ZwSecureConnectPort <br />0D3, ZwSetBootEntryOrder <br />0D4, ZwSetBootOptions <br />0D5, ZwSetContextThread <br />0D6, ZwSetDebugFilterState <br />0D7, ZwSetDefaultHardErrorPort <br />0D8, ZwSetDefaultLocale <br />0D9, ZwSetDefaultUILanguage <br />0DA, ZwSetEaFile <br />0DB, ZwSetEvent <br />0DC, ZwSetEventBoostPriority <br />0DD, ZwSetHighEventPair <br />0DE, ZwSetHighWaitLowEventPair <br />0DF, ZwSetInformationDebugObject <br />0E0, ZwSetInformationFile <br />0E1, ZwSetInformationJobObject <br />0E2, ZwSetInformationKey <br />0E3, ZwSetInformationObject <br />0E4, ZwSetInformationProcess <br />0E5, ZwSetInformationThread <br />0E6, ZwSetInformationToken <br />0E7, ZwSetIntervalProfile <br />0E8, ZwSetIoCompletion <br />0E9, ZwSetLdtEntries <br />0EA, ZwSetLowEventPair <br />0EB, ZwSetLowWaitHighEventPair <br />0EC, ZwSetQuotaInformationFile <br />0ED, ZwSetSecurityObject <br />0EE, ZwSetSystemEnvironmentValue <br />0EF, ZwSetSystemEnvironmentValueEx <br />0F0, ZwSetSystemInformation <br />0F1, ZwSetSystemPowerState <br />0F2, ZwSetSystemTime <br />0F3, ZwSetThreadExecutionState <br />0F4, ZwSetTimer <br />0F5, ZwSetTimerResolution <br />0F6, ZwSetUuidSeed <br />0F7, ZwSetValueKey <br />0F8, ZwSetVolumeInformationFile <br />0F9, ZwShutdownSystem <br />0FA, ZwSignalAndWaitForSingleObject <br />0FB, ZwStartProfile <br />0FC, ZwStopProfile <br />0FD, ZwSuspendProcess <br />0FE, ZwSuspendThread <br />0FF, ZwSystemDebugControl <br />100, ZwTerminateJobObject <br />101, ZwTerminateProcess <br />102, ZwTerminateThread <br />103, ZwTestAlert <br />104, ZwTraceEvent <br />105, ZwTranslateFilePath <br />106, ZwUnloadDriver <br />107, ZwUnloadKey <br />108, ZwUnloadKeyEx <br />109, ZwUnlockFile <br />10A, ZwUnlockVirtualMemory <br />10B, ZwUnmapViewOfSection <br />10C, ZwVdmControl <br />10D, ZwWaitForDebugEvent <br />10E, ZwWaitForMultipleObjects <br />10F, ZwWaitForSingleObject <br />110, ZwWaitHighEventPair <br />111, ZwWaitLowEventPair <br />112, ZwWriteFile <br />113, ZwWriteFileGather <br />114, ZwWriteRequestData <br />115, ZwWriteVirtualMemory <br />116, ZwYieldExecution <br />117, ZwCreateKeyedEvent <br />118, ZwOpenKeyedEvent <br />119, ZwReleaseKeyedEvent <br />11A, ZwWaitForKeyedEvent <br />11B, ZwQueryPortInformationProcess <br />----------------------------------------------------------<br />2003 서비스 번호별 API<br /><br />SDT viewer by DeokYoung ,based SDT recover<br /><br />Could not open physical memory device!<br />Make sure you are running as Administrator.<br />KeServiceDescriptorTable 808A83A0<br />Failed to map physical memory view of length 2000 at 8A83A0!<br /><br />000, ZwAcceptConnectPort <br />001, ZwAccessCheck <br />002, ZwAccessCheckAndAuditAlarm <br />003, ZwAccessCheckByType <br />004, ZwAccessCheckByTypeAndAuditAlarm <br />005, ZwAccessCheckByTypeResultList <br />006, ZwAccessCheckByTypeResultListAndAuditAlarm <br />007, ZwAccessCheckByTypeResultListAndAuditAlarmByHandle <br />008, ZwAddAtom <br />009, ZwAddBootEntry <br />00A, ZwAddDriverEntry <br />00B, ZwAdjustGroupsToken <br />00C, ZwAdjustPrivilegesToken <br />00D, ZwAlertResumeThread <br />00E, ZwAlertThread <br />00F, ZwAllocateLocallyUniqueId <br />010, ZwAllocateUserPhysicalPages <br />011, ZwAllocateUuids <br />012, ZwAllocateVirtualMemory <br />013, ZwApphelpCacheControl <br />014, ZwAreMappedFilesTheSame <br />015, ZwAssignProcessToJobObject <br />016, ZwCallbackReturn <br />017, ZwCancelDeviceWakeupRequest <br />018, ZwCancelIoFile <br />019, ZwCancelTimer <br />01A, ZwClearEvent <br />01B, ZwClose <br />01C, ZwCloseObjectAuditAlarm <br />01D, ZwCompactKeys <br />01E, ZwCompareTokens <br />01F, ZwCompleteConnectPort <br />020, ZwCompressKey <br />021, ZwConnectPort <br />022, ZwContinue <br />023, ZwCreateDebugObject <br />024, ZwCreateDirectoryObject <br />025, ZwCreateEvent <br />026, ZwCreateEventPair <br />027, ZwCreateFile <br />028, ZwCreateIoCompletion <br />029, ZwCreateJobObject <br />02A, ZwCreateJobSet <br />02B, ZwCreateKey <br />02C, ZwCreateMailslotFile <br />02D, ZwCreateMutant <br />02E, ZwCreateNamedPipeFile <br />02F, ZwCreatePagingFile <br />030, ZwCreatePort <br />031, ZwCreateProcess <br />032, ZwCreateProcessEx <br />033, ZwCreateProfile <br />034, ZwCreateSection <br />035, ZwCreateSemaphore <br />036, ZwCreateSymbolicLinkObject <br />037, ZwCreateThread <br />038, ZwCreateTimer <br />039, ZwCreateToken <br />03A, ZwCreateWaitablePort <br />03B, ZwDebugActiveProcess <br />03C, ZwDebugContinue <br />03D, ZwDelayExecution <br />03E, ZwDeleteAtom <br />03F, ZwDeleteBootEntry <br />040, ZwDeleteDriverEntry <br />041, ZwDeleteFile <br />042, ZwDeleteKey <br />043, ZwDeleteObjectAuditAlarm <br />044, ZwDeleteValueKey <br />045, ZwDeviceIoControlFile <br />046, ZwDisplayString <br />047, ZwDuplicateObject <br />048, ZwDuplicateToken <br />049, ZwEnumerateBootEntries <br />04A, ZwEnumerateDriverEntries <br />04B, ZwEnumerateKey <br />04C, ZwEnumerateSystemEnvironmentValuesEx <br />04D, ZwEnumerateValueKey <br /><br />04E, ZwExtendSection <br />04F, ZwFilterToken <br />050, ZwFindAtom <br />051, ZwFlushBuffersFile <br />052, ZwFlushInstructionCache <br />053, ZwFlushKey <br />054, ZwFlushVirtualMemory <br />055, ZwFlushWriteBuffer <br />056, ZwFreeUserPhysicalPages <br />057, ZwFreeVirtualMemory <br />058, ZwFsControlFile <br />059, ZwGetContextThread <br />05A, ZwGetDevicePowerState <br />05B, ZwGetPlugPlayEvent <br />05C, ZwGetWriteWatch <br />05D, ZwImpersonateAnonymousToken <br />05E, ZwImpersonateClientOfPort <br />05F, ZwImpersonateThread <br />060, ZwInitializeRegistry <br />061, ZwInitiatePowerAction <br />062, ZwIsProcessInJob <br />063, ZwIsSystemResumeAutomatic <br />064, ZwListenPort <br />065, ZwLoadDriver <br />066, ZwLoadKey <br />067, ZwLoadKey2 <br />068, ZwLoadKeyEx <br />069, ZwLockFile <br />06A, ZwLockProductActivationKeys <br />06B, ZwLockRegistryKey <br />06C, ZwLockVirtualMemory <br />06D, ZwMakePermanentObject <br />06E, ZwMakeTemporaryObject <br />06F, ZwMapUserPhysicalPages <br />070, ZwMapUserPhysicalPagesScatter <br />071, ZwMapViewOfSection <br />072, ZwModifyBootEntry <br />073, ZwModifyDriverEntry <br />074, ZwNotifyChangeDirectoryFile <br />075, ZwNotifyChangeKey <br />076, ZwNotifyChangeMultipleKeys <br />077, ZwOpenDirectoryObject <br />078, ZwOpenEvent <br />079, ZwOpenEventPair <br />07A, ZwOpenFile <br />07B, ZwOpenIoCompletion <br />07C, ZwOpenJobObject <br />07D, ZwOpenKey <br />07E, ZwOpenMutant <br />07F, ZwOpenObjectAuditAlarm <br />080, ZwOpenProcess <br />081, ZwOpenProcessToken <br />082, ZwOpenProcessTokenEx <br />083, ZwOpenSection <br />084, ZwOpenSemaphore <br />085, ZwOpenSymbolicLinkObject <br />086, ZwOpenThread <br />087, ZwOpenThreadToken <br />088, ZwOpenThreadTokenEx <br />089, ZwOpenTimer <br />08A, ZwPlugPlayControl <br />08B, ZwPowerInformation <br />08C, ZwPrivilegeCheck <br />08D, ZwPrivilegeObjectAuditAlarm <br />08E, ZwPrivilegedServiceAuditAlarm <br />08F, ZwProtectVirtualMemory <br />090, ZwPulseEvent <br />091, ZwQueryAttributesFile <br />092, ZwQueryBootEntryOrder <br />093, ZwQueryBootOptions <br />094, ZwQueryDebugFilterState <br />095, ZwQueryDefaultLocale <br />096, ZwQueryDefaultUILanguage <br />097, ZwQueryDirectoryFile <br />098, ZwQueryDirectoryObject <br />099, ZwQueryDriverEntryOrder <br />09A, ZwQueryEaFile <br />09B, ZwQueryEvent <br />09C, ZwQueryFullAttributesFile <br />09D, ZwQueryInformationAtom <br />09E, ZwQueryInformationFile <br />09F, ZwQueryInformationJobObject <br />0A0, ZwQueryInformationPort <br />0A1, ZwQueryInformationProcess <br />0A2, ZwQueryInformationThread <br />0A3, ZwQueryInformationToken <br />0A4, ZwQueryInstallUILanguage <br />0A5, ZwQueryIntervalProfile <br />0A6, ZwQueryIoCompletion <br />0A7, ZwQueryKey <br />0A8, ZwQueryMultipleValueKey <br />0A9, ZwQueryMutant <br />0AA, ZwQueryObject <br />0AB, ZwQueryOpenSubKeys <br />0AC, ZwQueryOpenSubKeysEx <br />0AD, ZwQueryPerformanceCounter <br />0AE, ZwQueryQuotaInformationFile <br />0AF, ZwQuerySection <br />0B0, ZwQuerySecurityObject <br />0B1, ZwQuerySemaphore <br />0B2, ZwQuerySymbolicLinkObject <br />0B3, ZwQuerySystemEnvironmentValue <br />0B4, ZwQuerySystemEnvironmentValueEx <br />0B5, ZwQuerySystemInformation <br />0B6, ZwQuerySystemTime <br />0B7, ZwQueryTimer <br />0B8, ZwQueryTimerResolution <br />0B9, ZwQueryValueKey <br />0BA, ZwQueryVirtualMemory <br />0BB, ZwQueryVolumeInformationFile <br />0BC, ZwQueueApcThread <br />0BD, ZwRaiseException <br />0BE, ZwRaiseHardError <br />0BF, ZwReadFile <br />0C0, ZwReadFileScatter <br />0C1, ZwReadRequestData <br />0C2, ZwReadVirtualMemory <br />0C3, ZwRegisterThreadTerminatePort <br />0C4, ZwReleaseMutant <br />0C5, ZwReleaseSemaphore <br />0C6, ZwRemoveIoCompletion <br />0C7, ZwRemoveProcessDebug <br />0C8, ZwRenameKey <br />0C9, ZwReplaceKey <br />0CA, ZwReplyPort <br />0CB, ZwReplyWaitReceivePort <br />0CC, ZwReplyWaitReceivePortEx <br />0CD, ZwReplyWaitReplyPort <br />0CE, ZwRequestDeviceWakeup <br />0CF, ZwRequestPort <br />0D0, ZwRequestWaitReplyPort <br />0D1, ZwRequestWakeupLatency <br />0D2, ZwResetEvent <br />0D3, ZwResetWriteWatch <br />0D4, ZwRestoreKey <br />0D5, ZwResumeProcess <br />0D6, ZwResumeThread <br />0D7, ZwSaveKey <br />0D8, ZwSaveKeyEx <br />0D9, ZwSaveMergedKeys <br />0DA, ZwSecureConnectPort <br />0DB, ZwSetBootEntryOrder <br />0DC, ZwSetBootOptions <br />0DD, ZwSetContextThread <br />0DE, ZwSetDebugFilterState <br />0DF, ZwSetDefaultHardErrorPort <br />0E0, ZwSetDefaultLocale <br />0E1, ZwSetDefaultUILanguage <br />0E2, ZwSetDriverEntryOrder <br />0E3, ZwSetEaFile <br />0E4, ZwSetEvent <br />0E5, ZwSetEventBoostPriority <br />0E6, ZwSetHighEventPair <br />0E7, ZwSetHighWaitLowEventPair <br />0E8, ZwSetInformationDebugObject <br />0E9, ZwSetInformationFile <br />0EA, ZwSetInformationJobObject <br />0EB, ZwSetInformationKey <br />0EC, ZwSetInformationObject <br />0ED, ZwSetInformationProcess <br />0EE, ZwSetInformationThread <br />0EF, ZwSetInformationToken <br />0F0, ZwSetIntervalProfile <br />0F1, ZwSetIoCompletion <br />0F2, ZwSetLdtEntries <br />0F3, ZwSetLowEventPair <br />0F4, ZwSetLowWaitHighEventPair <br />0F5, ZwSetQuotaInformationFile <br />0F6, ZwSetSecurityObject <br />0F7, ZwSetSystemEnvironmentValue <br />0F8, ZwSetSystemEnvironmentValueEx <br />0F9, ZwSetSystemInformation <br />0FA, ZwSetSystemPowerState <br />0FB, ZwSetSystemTime <br />0FC, ZwSetThreadExecutionState <br />0FD, ZwSetTimer <br />0FE, ZwSetTimerResolution <br />0FF, ZwSetUuidSeed <br />100, ZwSetValueKey <br />101, ZwSetVolumeInformationFile <br />102, ZwShutdownSystem <br />103, ZwSignalAndWaitForSingleObject <br />104, ZwStartProfile <br />105, ZwStopProfile <br />106, ZwSuspendProcess <br />107, ZwSuspendThread <br />108, ZwSystemDebugControl <br />109, ZwTerminateJobObject <br />10A, ZwTerminateProcess <br />10B, ZwTerminateThread <br />10C, ZwTestAlert <br />10D, ZwTraceEvent <br />10E, ZwTranslateFilePath <br />10F, ZwUnloadDriver <br />110, ZwUnloadKey <br />111, ZwUnloadKey2 <br />112, ZwUnloadKeyEx <br />113, ZwUnlockFile <br />114, ZwUnlockVirtualMemory <br />115, ZwUnmapViewOfSection <br />116, ZwVdmControl <br />117, ZwWaitForDebugEvent <br />118, ZwWaitForMultipleObjects <br />119, ZwWaitForSingleObject <br />11A, ZwWaitHighEventPair <br />11B, ZwWaitLowEventPair <br />11C, ZwWriteFile <br />11D, ZwWriteFileGather <br />11E, ZwWriteRequestData <br />11F, ZwWriteVirtualMemory <br />120, ZwYieldExecution <br />121, ZwCreateKeyedEvent <br />122, ZwOpenKeyedEvent <br />123, ZwReleaseKeyedEvent <br />124, ZwWaitForKeyedEvent <br />125, ZwQueryPortInformationProcess <br />126, ZwGetCurrentProcessorNumber <br />127, ZwWaitForMultipleObjects32 <br /><br />---------------------------------------------------------<br />함수의 갯수가 약 40개 씩 증가 하고 있네요 :-) <br />]]>
No hay comentarios:
Publicar un comentario