Windows 7和Windows 2008的System Call Table

原文:http://www.win7on.com/thread-761-1-1.html

以前整過一份NT到2003的，後來一般要用的時候就看metasploit的這個：http://www.metasploit.com/users/opcode/syscalls.html。

今天正好要用Windows 7和Windows Server 2008的，發現還沒人整過。整了一下，貼出來方便大家：

Windows 7:

0x0000 NtAcceptConnectPort
0x0001 NtAccessCheck
0x0002 NtAccessCheckAndAuditAlarm
0x0003 NtAccessCheckByType
0x0004 NtAccessCheckByTypeAndAuditAlarm
0x0005 NtAccessCheckByTypeResultList
0x0006 NtAccessCheckByTypeResultListAndAuditAlarm
0x0007 NtAccessCheckByTypeResultListAndAuditAlarmByHandle
0x0008 NtAddAtom
0x0009 NtAddBootEntry
0x000A NtAddDriverEntry
0x000B NtAdjustGroupsToken
0x000C NtAdjustPrivilegesToken
0x000D NtAlertResumeThread
0x000E NtAlertThread
0x000F NtAllocateLocallyUniqueId
0x0010 NtAllocateReserveObject
0x0011 NtAllocateUserPhysicalPages
0x0012 NtAllocateUuids
0x0013 NtAllocateVirtualMemory
0x0014 NtAlpcAcceptConnectPort
0x0015 NtAlpcCancelMessage
0x0016 NtAlpcConnectPort
0x0017 NtAlpcCreatePort
0x0018 NtAlpcCreatePortSection
0x0019 NtAlpcCreateResourceReserve
0x001A NtAlpcCreateSectionView
0x001B NtAlpcCreateSecurityContext
0x001C NtAlpcDeletePortSection
0x001D NtAlpcDeleteResourceReserve
0x001E NtAlpcDeleteSectionView
0x001F NtAlpcDeleteSecurityContext
0x0020 NtAlpcDisconnectPort
0x0021 NtAlpcImpersonateClientOfPort
0x0022 NtAlpcOpenSenderProcess
0x0023 NtAlpcOpenSenderThread
0x0024 NtAlpcQueryInformation
0x0025 NtAlpcQueryInformationMessage
0x0026 NtAlpcRevokeSecurityContext
0x0027 NtAlpcSendWaitReceivePort
0x0028 NtAlpcSetInformation
0x0029 NtApphelpCacheControl
0x002A NtAreMappedFilesTheSame
0x002B NtAssignProcessToJobObject
0x002C NtCallbackReturn
0x002D NtCancelIoFile
0x002E NtCancelIoFileEx
0x002F NtCancelSynchronousIoFile
0x0030 NtCancelTimer
0x0031 NtClearEvent
0x0032 NtClose
0x0033 NtCloseObjectAuditAlarm
0x0034 NtCommitComplete
0x0035 NtCommitEnlistment
0x0036 NtCommitTransaction
0x0037 NtCompactKeys
0x0038 NtCompareTokens
0x0039 NtCompleteConnectPort
0x003A NtCompressKey
0x003B NtConnectPort
0x003C NtContinue
0x003D NtCreateDebugObject
0x003E NtCreateDirectoryObject
0x003F NtCreateEnlistment
0x0040 NtCreateEvent
0x0041 NtCreateEventPair
0x0042 NtCreateFile
0x0043 NtCreateIoCompletion
0x0044 NtCreateJobObject
0x0045 NtCreateJobSet
0x0046 NtCreateKey
0x0047 NtCreateKeyedEvent
0x0048 NtCreateKeyTransacted
0x0049 NtCreateMailslotFile
0x004A NtCreateMutant
0x004B NtCreateNamedPipeFile
0x004C NtCreatePagingFile
0x004D NtCreatePort
0x004E NtCreatePrivateNamespace
0x004F NtCreateProcess
0x0050 NtCreateProcessEx
0x0051 NtCreateProfile
0x0052 NtCreateProfileEx
0x0053 NtCreateResourceManager
0x0054 NtCreateSection
0x0055 NtCreateSemaphore
0x0056 NtCreateSymbolicLinkObject
0x0057 NtCreateThread
0x0058 NtCreateThreadEx
0x0059 NtCreateTimer
0x005A NtCreateToken
0x005B NtCreateTransaction
0x005C NtCreateTransactionManager
0x005D NtCreateUserProcess
0x005E NtCreateWaitablePort
0x005F NtCreateWorkerFactory
0x0060 NtDebugActiveProcess
0x0061 NtDebugContinue
0x0062 NtDelayExecution
0x0063 NtDeleteAtom
0x0064 NtDeleteBootEntry
0x0065 NtDeleteDriverEntry
0x0066 NtDeleteFile
0x0067 NtDeleteKey
0x0068 NtDeleteObjectAuditAlarm
0x0069 NtDeletePrivateNamespace
0x006A NtDeleteValueKey
0x006B NtDeviceIoControlFile
0x006C NtDisableLastKnownGood
0x006D NtDisplayString
0x006E NtDrawText
0x006F NtDuplicateObject
0x0070 NtDuplicateToken
0x0071 NtEnableLastKnownGood
0x0072 NtEnumerateBootEntries
0x0073 NtEnumerateDriverEntries
0x0074 NtEnumerateKey
0x0075 NtEnumerateSystemEnvironmentValuesEx
0x0076 NtEnumerateTransactionObject
0x0077 NtEnumerateValueKey
0x0078 NtExtendSection
0x0079 NtFilterToken
0x007A NtFindAtom
0x007B NtFlushBuffersFile
0x007C NtFlushInstallUILanguage
0x007D NtFlushInstructionCache
0x007E NtFlushKey
0x007F NtFlushProcessWriteBuffers
0x0080 NtFlushVirtualMemory
0x0081 NtFlushWriteBuffer
0x0082 NtFreeUserPhysicalPages
0x0083 NtFreeVirtualMemory
0x0084 NtFreezeRegistry
0x0085 NtFreezeTransactions
0x0086 NtFsControlFile
0x0087 NtGetContextThread
0x0088 NtGetCurrentProcessorNumber
0x0089 NtGetDevicePowerState
0x008A NtGetMUIRegistryInfo
0x008B NtGetNextProcess
0x008C NtGetNextThread
0x008D NtGetNlsSectionPtr
0x008E NtGetNotificationResourceManager
0x008F NtGetPlugPlayEvent
0x0090 NtGetWriteWatch
0x0091 NtImpersonateAnonymousToken
0x0092 NtImpersonateClientOfPort
0x0093 NtImpersonateThread
0x0094 NtInitializeNlsFiles
0x0095 NtInitializeRegistry
0x0096 NtInitiatePowerAction
0x0097 NtIsProcessInJob
0x0098 NtIsSystemResumeAutomatic
0x0099 NtIsUILanguageComitted
0x009A NtListenPort
0x009B NtLoadDriver
0x009C NtLoadKey
0x009D NtLoadKey2
0x009E NtLoadKeyEx
0x009F NtLockFile
0x00A0 NtLockProductActivationKeys
0x00A1 NtLockRegistryKey
0x00A2 NtLockVirtualMemory
0x00A3 NtMakePermanentObject
0x00A4 NtMakeTemporaryObject
0x00A5 NtMapCMFModule
0x00A6 NtMapUserPhysicalPages
0x00A7 NtMapUserPhysicalPagesScatter
0x00A8 NtMapViewOfSection
0x00A9 NtModifyBootEntry
0x00AA NtModifyDriverEntry
0x00AB NtNotifyChangeDirectoryFile
0x00AC NtNotifyChangeKey
0x00AD NtNotifyChangeMultipleKeys
0x00AE NtNotifyChangeSession
0x00AF NtOpenDirectoryObject
0x00B0 NtOpenEnlistment
0x00B1 NtOpenEvent
0x00B2 NtOpenEventPair
0x00B3 NtOpenFile
0x00B4 NtOpenIoCompletion
0x00B5 NtOpenJobObject
0x00B6 NtOpenKey
0x00B7 NtOpenKeyEx
0x00B8 NtOpenKeyedEvent
0x00B9 NtOpenKeyTransacted
0x00BA NtOpenKeyTransactedEx
0x00BB NtOpenMutant
0x00BC NtOpenObjectAuditAlarm
0x00BD NtOpenPrivateNamespace
0x00BE NtOpenProcess
0x00BF NtOpenProcessToken
0x00C0 NtOpenProcessTokenEx
0x00C1 NtOpenResourceManager
0x00C2 NtOpenSection
0x00C3 NtOpenSemaphore
0x00C4 NtOpenSession
0x00C5 NtOpenSymbolicLinkObject
0x00C6 NtOpenThread
0x00C7 NtOpenThreadToken
0x00C8 NtOpenThreadTokenEx
0x00C9 NtOpenTimer
0x00CA NtOpenTransaction
0x00CB NtOpenTransactionManager
0x00CC NtPlugPlayControl
0x00CD NtPowerInformation
0x00CE NtPrepareComplete
0x00CF NtPrepareEnlistment
0x00D0 NtPrePrepareComplete
0x00D1 NtPrePrepareEnlistment
0x00D2 NtPrivilegeCheck
0x00D3 NtPrivilegedServiceAuditAlarm
0x00D4 NtPrivilegeObjectAuditAlarm
0x00D5 NtPropagationComplete
0x00D6 NtPropagationFailed
0x00D7 NtProtectVirtualMemory
0x00D8 NtPulseEvent
0x00D9 NtQueryAttributesFile
0x00DA NtQueryBootEntryOrder
0x00DB NtQueryBootOptions
0x00DC NtQueryDebugFilterState
0x00DD NtQueryDefaultLocale
0x00DE NtQueryDefaultUILanguage
0x00DF NtQueryDirectoryFile
0x00E0 NtQueryDirectoryObject
0x00E1 NtQueryDriverEntryOrder
0x00E2 NtQueryEaFile
0x00E3 NtQueryEvent
0x00E4 NtQueryFullAttributesFile
0x00E5 NtQueryInformationAtom
0x00E6 NtQueryInformationEnlistment
0x00E7 NtQueryInformationFile
0x00E8 NtQueryInformationJobObject
0x00E9 NtQueryInformationPort
0x00EA NtQueryInformationProcess
0x00EB NtQueryInformationResourceManager
0x00EC NtQueryInformationThread
0x00ED NtQueryInformationToken
0x00EE NtQueryInformationTransaction
0x00EF NtQueryInformationTransactionManager
0x00F0 NtQueryInformationWorkerFactory
0x00F1 NtQueryInstallUILanguage
0x00F2 NtQueryIntervalProfile
0x00F3 NtQueryIoCompletion
0x00F4 NtQueryKey
0x00F5 NtQueryLicenseValue
0x00F6 NtQueryMultipleValueKey
0x00F7 NtQueryMutant
0x00F8 NtQueryObject
0x00F9 NtQueryOpenSubKeys
0x00FA NtQueryOpenSubKeysEx
0x00FB NtQueryPerformanceCounter
0x00FC NtQueryPortInformationProcess
0x00FD NtQueryQuotaInformationFile
0x00FE NtQuerySection
0x00FF NtQuerySecurityAttributesToken
0x0100 NtQuerySecurityObject
0x0101 NtQuerySemaphore
0x0102 NtQuerySymbolicLinkObject
0x0103 NtQuerySystemEnvironmentValue
0x0104 NtQuerySystemEnvironmentValueEx
0x0105 NtQuerySystemInformation
0x0106 NtQuerySystemInformationEx
0x0107 NtQuerySystemTime
0x0108 NtQueryTimer
0x0109 NtQueryTimerResolution
0x010A NtQueryValueKey
0x010B NtQueryVirtualMemory
0x010C NtQueryVolumeInformationFile
0x010D NtQueueApcThread
0x010E NtQueueApcThreadEx
0x010F NtRaiseException
0x0110 NtRaiseHardError
0x0111 NtReadFile
0x0112 NtReadFileScatter
0x0113 NtReadOnlyEnlistment
0x0114 NtReadRequestData
0x0115 NtReadVirtualMemory
0x0116 NtRecoverEnlistment
0x0117 NtRecoverResourceManager
0x0118 NtRecoverTransactionManager
0x0119 NtRegisterProtocolAddressInformation
0x011A NtRegisterThreadTerminatePort
0x011B NtReleaseKeyedEvent
0x011C NtReleaseMutant
0x011D NtReleaseSemaphore
0x011E NtReleaseWorkerFactoryWorker
0x011F NtRemoveIoCompletion
0x0120 NtRemoveIoCompletionEx
0x0121 NtRemoveProcessDebug
0x0122 NtRenameKey
0x0123 NtRenameTransactionManager
0x0124 NtReplaceKey
0x0125 NtReplacePartitionUnit
0x0126 NtReplyPort
0x0127 NtReplyWaitReceivePort
0x0128 NtReplyWaitReceivePortEx
0x0129 NtReplyWaitReplyPort
0x012A NtRequestPort
0x012B NtRequestWaitReplyPort
0x012C NtResetEvent
0x012D NtResetWriteWatch
0x012E NtRestoreKey
0x012F NtResumeProcess
0x0130 NtResumeThread
0x0131 NtRollbackComplete
0x0132 NtRollbackEnlistment
0x0133 NtRollbackTransaction
0x0134 NtRollforwardTransactionManager
0x0135 NtSaveKey
0x0136 NtSaveKeyEx
0x0137 NtSaveMergedKeys
0x0138 NtSecureConnectPort
0x0139 NtSerializeBoot
0x013A NtSetBootEntryOrder
0x013B NtSetBootOptions
0x013C NtSetContextThread
0x013D NtSetDebugFilterState
0x013E NtSetDefaultHardErrorPort
0x013F NtSetDefaultLocale
0x0140 NtSetDefaultUILanguage
0x0141 NtSetDriverEntryOrder
0x0142 NtSetEaFile
0x0143 NtSetEvent
0x0144 NtSetEventBoostPriority
0x0145 NtSetHighEventPair
0x0146 NtSetHighWaitLowEventPair
0x0147 NtSetInformationDebugObject
0x0148 NtSetInformationEnlistment
0x0149 NtSetInformationFile
0x014A NtSetInformationJobObject
0x014B NtSetInformationKey
0x014C NtSetInformationObject
0x014D NtSetInformationProcess
0x014E NtSetInformationResourceManager
0x014F NtSetInformationThread
0x0150 NtSetInformationToken
0x0151 NtSetInformationTransaction
0x0152 NtSetInformationTransactionManager
0x0153 NtSetInformationWorkerFactory
0x0154 NtSetIntervalProfile
0x0155 NtSetIoCompletion
0x0156 NtSetIoCompletionEx
0x0157 NtSetLdtEntries
0x0158 NtSetLowEventPair
0x0159 NtSetLowWaitHighEventPair
0x015A NtSetQuotaInformationFile
0x015B NtSetSecurityObject
0x015C NtSetSystemEnvironmentValue
0x015D NtSetSystemEnvironmentValueEx
0x015E NtSetSystemInformation
0x015F NtSetSystemPowerState
0x0160 NtSetSystemTime
0x0161 NtSetThreadExecutionState
0x0162 NtSetTimer
0x0163 NtSetTimerEx
0x0164 NtSetTimerResolution
0x0165 NtSetUuidSeed
0x0166 NtSetValueKey
0x0167 NtSetVolumeInformationFile
0x0168 NtShutdownSystem
0x0169 NtShutdownWorkerFactory
0x016A NtSignalAndWaitForSingleObject
0x016B NtSinglePhaseReject
0x016C NtStartProfile
0x016D NtStopProfile
0x016E NtSuspendProcess
0x016F NtSuspendThread
0x0170 NtSystemDebugControl
0x0171 NtTerminateJobObject
0x0172 NtTerminateProcess
0x0173 NtTerminateThread
0x0174 NtTestAlert
0x0175 NtThawRegistry
0x0176 NtThawTransactions
0x0177 NtTraceControl
0x0178 NtTraceEvent
0x0179 NtTranslateFilePath
0x017A NtUmsThreadYield
0x017B NtUnloadDriver
0x017C NtUnloadKey
0x017D NtUnloadKey2
0x017E NtUnloadKeyEx
0x017F NtUnlockFile
0x0180 NtUnlockVirtualMemory
0x0181 NtUnmapViewOfSection
0x0182 NtVdmControl
0x0183 NtWaitForDebugEvent
0x0184 NtWaitForKeyedEvent
0x0185 NtWaitForMultipleObjects
0x0186 NtWaitForMultipleObjects32
0x0187 NtWaitForSingleObject
0x0188 NtWaitForWorkViaWorkerFactory
0x0189 NtWaitHighEventPair
0x018A NtWaitLowEventPair
0x018B NtWorkerFactoryWorkerReady
0x018C NtWriteFile
0x018D NtWriteFileGather
0x018E NtWriteRequestData
0x018F NtWriteVirtualMemory
0x0190 NtYieldExecution


Windows Server 2008:

0x0000 NtAcceptConnectPort
0x0001 NtAccessCheck
0x0002 NtAccessCheckAndAuditAlarm
0x0003 NtAccessCheckByType
0x0004 NtAccessCheckByTypeAndAuditAlarm
0x0005 NtAccessCheckByTypeResultList
0x0006 NtAccessCheckByTypeResultListAndAuditAlarm
0x0007 NtAccessCheckByTypeResultListAndAuditAlarmByHandle
0x0008 NtAddAtom
0x0009 NtAddBootEntry
0x000a NtAddDriverEntry
0x000b NtAdjustGroupsToken
0x000c NtAdjustPrivilegesToken
0x000d NtAlertResumeThread
0x000e NtAlertThread
0x000f NtAllocateLocallyUniqueId
0x0010 NtAllocateUserPhysicalPages
0x0011 NtAllocateUuids
0x0012 NtAllocateVirtualMemory
0x0013 NtAlpcAcceptConnectPort
0x0014 NtAlpcCancelMessage
0x0015 NtAlpcConnectPort
0x0016 NtAlpcCreatePort
0x0017 NtAlpcCreatePortSection
0x0018 NtAlpcCreateResourceReserve
0x0019 NtAlpcCreateSectionView
0x001a NtAlpcCreateSecurityContext
0x001b NtAlpcDeletePortSection
0x001c NtAlpcDeleteResourceReserve
0x001d NtAlpcDeleteSectionView
0x001e NtAlpcDeleteSecurityContext
0x001f NtAlpcDisconnectPort
0x0020 NtAlpcImpersonateClientOfPort
0x0021 NtAlpcOpenSenderProcess
0x0022 NtAlpcOpenSenderThread
0x0023 NtAlpcQueryInformation
0x0024 NtAlpcQueryInformationMessage
0x0025 NtAlpcRevokeSecurityContext
0x0026 NtAlpcSendWaitReceivePort
0x0027 NtAlpcSetInformation
0x0028 NtApphelpCacheControl
0x0029 NtAreMappedFilesTheSame
0x002a NtAssignProcessToJobObject
0x002b NtCallbackReturn
0x002c NtCancelDeviceWakeupRequest
0x002d NtCancelIoFile
0x002e NtCancelTimer
0x002f NtClearEvent
0x0030 NtClose
0x0031 NtCloseObjectAuditAlarm
0x0032 NtCompactKeys
0x0033 NtCompareTokens
0x0034 NtCompleteConnectPort
0x0035 NtCompressKey
0x0036 NtConnectPort
0x0037 NtContinue
0x0038 NtCreateDebugObject
0x0039 NtCreateDirectoryObject
0x003a NtCreateEvent
0x003b NtCreateEventPair
0x003c NtCreateFile
0x003d NtCreateIoCompletion
0x003e NtCreateJobObject
0x003f NtCreateJobSet
0x0040 NtCreateKey
0x0041 NtCreateKeyTransacted
0x0042 NtCreateMailslotFile
0x0043 NtCreateMutant
0x0044 NtCreateNamedPipeFile
0x0045 NtCreatePrivateNamespace
0x0046 NtCreatePagingFile
0x0047 NtCreatePort
0x0048 NtCreateProcess
0x0049 NtCreateProcessEx
0x004a NtCreateProfile
0x004b NtCreateSection
0x004c NtCreateSemaphore
0x004d NtCreateSymbolicLinkObject
0x004e NtCreateThread
0x004f NtCreateTimer
0x0050 NtCreateToken
0x0051 NtCreateTransaction
0x0052 NtOpenTransaction
0x0053 NtQueryInformationTransaction
0x0054 NtQueryInformationTransactionManager
0x0055 NtPrePrepareEnlistment
0x0056 NtPrepareEnlistment
0x0057 NtCommitEnlistment
0x0058 NtReadOnlyEnlistment
0x0059 NtRollbackComplete
0x005a NtRollbackEnlistment
0x005b NtCommitTransaction
0x005c NtRollbackTransaction
0x005d NtPrePrepareComplete
0x005e NtPrepareComplete
0x005f NtCommitComplete
0x0060 NtSinglePhaseReject
0x0061 NtSetInformationTransaction
0x0062 NtSetInformationTransactionManager
0x0063 NtSetInformationResourceManager
0x0064 NtCreateTransactionManager
0x0065 NtOpenTransactionManager
0x0066 NtRenameTransactionManager
0x0067 NtRollforwardTransactionManager
0x0068 NtRecoverEnlistment
0x0069 NtRecoverResourceManager
0x006a NtRecoverTransactionManager
0x006b NtCreateResourceManager
0x006c NtOpenResourceManager
0x006d NtGetNotificationResourceManager
0x006e NtQueryInformationResourceManager
0x006f NtCreateEnlistment
0x0070 NtOpenEnlistment
0x0071 NtSetInformationEnlistment
0x0072 NtQueryInformationEnlistment
0x0073 NtCreateWaitablePort
0x0074 NtDebugActiveProcess
0x0075 NtDebugContinue
0x0076 NtDelayExecution
0x0077 NtDeleteAtom
0x0078 NtDeleteBootEntry
0x0079 NtDeleteDriverEntry
0x007a NtDeleteFile
0x007b NtDeleteKey
0x007c NtDeletePrivateNamespace
0x007d NtDeleteObjectAuditAlarm
0x007e NtDeleteValueKey
0x007f NtDeviceIoControlFile
0x0080 NtDisplayString
0x0081 NtDuplicateObject
0x0082 NtDuplicateToken
0x0083 NtEnumerateBootEntries
0x0084 NtEnumerateDriverEntries
0x0085 NtEnumerateKey
0x0086 NtEnumerateSystemEnvironmentValuesEx
0x0087 NtEnumerateTransactionObject
0x0088 NtEnumerateValueKey
0x0089 NtExtendSection
0x008a NtFilterToken
0x008b NtFindAtom
0x008c NtFlushBuffersFile
0x008d NtFlushInstructionCache
0x008e NtFlushKey
0x008f NtFlushProcessWriteBuffers
0x0090 NtFlushVirtualMemory
0x0091 NtFlushWriteBuffer
0x0092 NtFreeUserPhysicalPages
0x0093 NtFreeVirtualMemory
0x0094 NtFreezeRegistry
0x0095 NtFreezeTransactions
0x0096 NtFsControlFile
0x0097 NtGetContextThread
0x0098 NtGetDevicePowerState
0x0099 NtGetNlsSectionPtr
0x009a NtGetPlugPlayEvent
0x009b NtGetWriteWatch
0x009c NtImpersonateAnonymousToken
0x009d NtImpersonateClientOfPort
0x009e NtImpersonateThread
0x009f NtInitializeNlsFiles
0x00a0 NtInitializeRegistry
0x00a1 NtInitiatePowerAction
0x00a2 NtIsProcessInJob
0x00a3 NtIsSystemResumeAutomatic
0x00a4 NtListenPort
0x00a5 NtLoadDriver
0x00a6 NtLoadKey
0x00a7 NtLoadKey2
0x00a8 NtLoadKeyEx
0x00a9 NtLockFile
0x00aa NtLockProductActivationKeys
0x00ab NtLockRegistryKey
0x00ac NtLockVirtualMemory
0x00ad NtMakePermanentObject
0x00ae NtMakeTemporaryObject
0x00af NtMapUserPhysicalPages
0x00b0 NtMapUserPhysicalPagesScatter
0x00b1 NtMapViewOfSection
0x00b2 NtModifyBootEntry
0x00b3 NtModifyDriverEntry
0x00b4 NtNotifyChangeDirectoryFile
0x00b5 NtNotifyChangeKey
0x00b6 NtNotifyChangeMultipleKeys
0x00b7 NtOpenDirectoryObject
0x00b8 NtOpenEvent
0x00b9 NtOpenEventPair
0x00ba NtOpenFile
0x00bb NtOpenIoCompletion
0x00bc NtOpenJobObject
0x00bd NtOpenKey
0x00be NtOpenKeyTransacted
0x00bf NtOpenMutant
0x00c0 NtOpenPrivateNamespace
0x00c1 NtOpenObjectAuditAlarm
0x00c2 NtOpenProcess
0x00c3 NtOpenProcessToken
0x00c4 NtOpenProcessTokenEx
0x00c5 NtOpenSection
0x00c6 NtOpenSemaphore
0x00c7 NtOpenSession
0x00c8 NtOpenSymbolicLinkObject
0x00c9 NtOpenThread
0x00ca NtOpenThreadToken
0x00cb NtOpenThreadTokenEx
0x00cc NtOpenTimer
0x00cd NtPlugPlayControl
0x00ce NtPowerInformation
0x00cf NtPrivilegeCheck
0x00d0 NtPrivilegeObjectAuditAlarm
0x00d1 NtPrivilegedServiceAuditAlarm
0x00d2 NtProtectVirtualMemory
0x00d3 NtPulseEvent
0x00d4 NtQueryAttributesFile
0x00d5 NtQueryBootEntryOrder
0x00d6 NtQueryBootOptions
0x00d7 NtQueryDebugFilterState
0x00d8 NtQueryDefaultLocale
0x00d9 NtQueryDefaultUILanguage
0x00da NtQueryDirectoryFile
0x00db NtQueryDirectoryObject
0x00dc NtQueryDriverEntryOrder
0x00dd NtQueryEaFile
0x00de NtQueryEvent
0x00df NtQueryFullAttributesFile
0x00e0 NtQueryInformationAtom
0x00e1 NtQueryInformationFile
0x00e2 NtQueryInformationJobObject
0x00e3 NtQueryInformationPort
0x00e4 NtQueryInformationProcess
0x00e5 NtQueryInformationThread
0x00e6 NtQueryInformationToken
0x00e7 NtQueryInstallUILanguage
0x00e8 NtQueryIntervalProfile
0x00e9 NtQueryIoCompletion
0x00ea NtQueryKey
0x00eb NtQueryMultipleValueKey
0x00ec NtQueryMutant
0x00ed NtQueryObject
0x00ee NtQueryOpenSubKeys
0x00ef NtQueryOpenSubKeysEx
0x00f0 NtQueryPerformanceCounter
0x00f1 NtQueryQuotaInformationFile
0x00f2 NtQuerySection
0x00f3 NtQuerySecurityObject
0x00f4 NtQuerySemaphore
0x00f5 NtQuerySymbolicLinkObject
0x00f6 NtQuerySystemEnvironmentValue
0x00f7 NtQuerySystemEnvironmentValueEx
0x00f8 NtQuerySystemInformation
0x00f9 NtQuerySystemTime
0x00fa NtQueryTimer
0x00fb NtQueryTimerResolution
0x00fc NtQueryValueKey
0x00fd NtQueryVirtualMemory
0x00fe NtQueryVolumeInformationFile
0x00ff NtQueueApcThread
0x0100 NtRaiseException
0x0101 NtRaiseHardError
0x0102 NtReadFile
0x0103 NtReadFileScatter
0x0104 NtReadRequestData
0x0105 NtReadVirtualMemory
0x0106 NtRegisterThreadTerminatePort
0x0107 NtReleaseMutant
0x0108 NtReleaseSemaphore
0x0109 NtRemoveIoCompletion
0x010a NtRemoveProcessDebug
0x010b NtRenameKey
0x010c NtReplaceKey
0x010d NtReplacePartitionUnit
0x010e NtReplyPort
0x010f NtReplyWaitReceivePort
0x0110 NtReplyWaitReceivePortEx
0x0111 NtReplyWaitReplyPort
0x0112 NtRequestDeviceWakeup
0x0113 NtRequestPort
0x0114 NtRequestWaitReplyPort
0x0115 NtRequestWakeupLatency
0x0116 NtResetEvent
0x0117 NtResetWriteWatch
0x0118 NtRestoreKey
0x0119 NtResumeProcess
0x011a NtResumeThread
0x011b NtSaveKey
0x011c NtSaveKeyEx
0x011d NtSaveMergedKeys
0x011e NtSecureConnectPort
0x011f NtSetBootEntryOrder
0x0120 NtSetBootOptions
0x0121 NtSetContextThread
0x0122 NtSetDebugFilterState
0x0123 NtSetDefaultHardErrorPort
0x0124 NtSetDefaultLocale
0x0125 NtSetDefaultUILanguage
0x0126 NtSetDriverEntryOrder
0x0127 NtSetEaFile
0x0128 NtSetEvent
0x0129 NtSetEventBoostPriority
0x012a NtSetHighEventPair
0x012b NtSetHighWaitLowEventPair
0x012c NtSetInformationDebugObject
0x012d NtSetInformationFile
0x012e NtSetInformationJobObject
0x012f NtSetInformationKey
0x0130 NtSetInformationObject
0x0131 NtSetInformationProcess
0x0132 NtSetInformationThread
0x0133 NtSetInformationToken
0x0134 NtSetIntervalProfile
0x0135 NtSetIoCompletion
0x0136 NtSetLdtEntries
0x0137 NtSetLowEventPair
0x0138 NtSetLowWaitHighEventPair
0x0139 NtSetQuotaInformationFile
0x013a NtSetSecurityObject
0x013b NtSetSystemEnvironmentValue
0x013c NtSetSystemEnvironmentValueEx
0x013d NtSetSystemInformation
0x013e NtSetSystemPowerState
0x013f NtSetSystemTime
0x0140 NtSetThreadExecutionState
0x0141 NtSetTimer
0x0142 NtSetTimerResolution
0x0143 NtSetUuidSeed
0x0144 NtSetValueKey
0x0145 NtSetVolumeInformationFile
0x0146 NtShutdownSystem
0x0147 NtSignalAndWaitForSingleObject
0x0148 NtStartProfile
0x0149 NtStopProfile
0x014a NtSuspendProcess
0x014b NtSuspendThread
0x014c NtSystemDebugControl
0x014d NtTerminateJobObject
0x014e NtTerminateProcess
0x014f NtTerminateThread
0x0150 NtTestAlert
0x0151 NtThawRegistry
0x0152 NtThawTransactions
0x0153 NtTraceEvent
0x0154 NtTraceControl
0x0155 NtTranslateFilePath
0x0156 NtUnloadDriver
0x0157 NtUnloadKey
0x0158 NtUnloadKey2
0x0159 NtUnloadKeyEx
0x015a NtUnlockFile
0x015b NtUnlockVirtualMemory
0x015c NtUnmapViewOfSection
0x015d NtVdmControl
0x015e NtWaitForDebugEvent
0x015f NtWaitForMultipleObjects
0x0160 NtWaitForSingleObject
0x0161 NtWaitHighEventPair
0x0162 NtWaitLowEventPair
0x0163 NtWriteFile
0x0164 NtWriteFileGather
0x0165 NtWriteRequestData
0x0166 NtWriteVirtualMemory
0x0167 NtYieldExecution
0x0168 NtCreateKeyedEvent
0x0169 NtOpenKeyedEvent
0x016a NtReleaseKeyedEvent
0x016b NtWaitForKeyedEvent
0x016c NtQueryPortInformationProcess
0x016d NtGetCurrentProcessorNumber
0x016e NtWaitForMultipleObjects32
0x016f NtGetNextProcess
0x0170 NtGetNextThread
0x0171 NtCancelIoFileEx
0x0172 NtCancelSynchronousIoFile
0x0173 NtRemoveIoCompletionEx
0x0174 NtRegisterProtocolAddressInformation
0x0175 NtPropagationComplete
0x0176 NtPropagationFailed
0x0177 NtCreateWorkerFactory
0x0178 NtReleaseWorkerFactoryWorker
0x0179 NtWaitForWorkViaWorkerFactory
0x017a NtSetInformationWorkerFactory
0x017b NtQueryInformationWorkerFactory
0x017c NtWorkerFactoryWorkerReady
0x017d NtShutdownWorkerFactory
0x017e NtCreateThreadEx
0x017f NtCreateUserProcess
0x0180 NtQueryLicenseValue
0x0181 NtMapCMFModule
0x0182 NtIsUILanguageComitted
0x0183 NtFlushInstallUILanguage
0x0184 NtGetMUIRegistryInfo
0x0185 NtAcquireCMFViewOwnership
0x0186 NtReleaseCMFViewOwnership