четверг, 19 января 2017 г.

KiServiceTable from windows 10 build 15007

KiServiceLimit .eq. 0x1c8

NtAccessCheck
NtWorkerFactoryWorkerReady
NtAcceptConnectPort
NtYieldExecution
NtWriteVirtualMemory
NtWriteRequestData
NtWriteFileGather
NtWriteFile
NtWaitLowEventPair
NtWaitHighEventPair
NtWaitForWorkViaWorkerFactory
NtWaitForSingleObject
NtWaitForMultipleObjects32
NtWaitForMultipleObjects
NtWaitForKeyedEvent
NtWaitForDebugEvent
NtWaitForAlertByThreadId
NtVdmControl
NtUnsubscribeWnfStateChange
NtUpdateWnfStateData
NtUnmapViewOfSection
NtUnmapViewOfSectionEx
NtUnlockVirtualMemory
NtUnlockFile
NtUnloadKeyEx
NtUnloadKey2
NtUnloadKey
NtUnloadDriver
NtUmsThreadYield
NtTranslateFilePath
NtTraceEvent
NtTraceControl
NtThawTransactions
NtThawRegistry
NtTestAlert
NtTerminateThread
NtTerminateProcess
NtTerminateJobObject
NtSystemDebugControl
NtSuspendThread
NtSuspendProcess
NtSubscribeWnfStateChange
NtStopProfile
NtStartProfile
NtSinglePhaseReject
NtSignalAndWaitForSingleObject
NtShutdownWorkerFactory
NtShutdownSystem
NtSetWnfProcessNotificationEvent
NtSetVolumeInformationFile
NtSetValueKey
NtSetUuidSeed
NtSetTimerResolution
NtSetTimerEx
NtSetTimer
NtSetThreadExecutionState
NtSetSystemTime
NtSetSystemPowerState
NtSetSystemInformation
NtSetSystemEnvironmentValueEx
NtSetSystemEnvironmentValue
NtSetSecurityObject
NtSetQuotaInformationFile
NtSetLowWaitHighEventPair
NtSetLowEventPair
NtSetLdtEntries
NtSetIRTimer
NtSetTimer2
NtCancelTimer2
NtSetIoCompletionEx
NtSetIoCompletion
NtSetIntervalProfile
NtSetInformationWorkerFactory
NtSetInformationTransactionManager
NtSetInformationTransaction
NtSetInformationToken
NtSetInformationThread
NtSetInformationResourceManager
NtSetInformationProcess
NtSetInformationObject
NtSetInformationKey
NtSetInformationJobObject
NtSetInformationFile
NtSetInformationEnlistment
NtSetInformationDebugObject
NtSetHighWaitLowEventPair
NtSetHighEventPair
NtSetEventBoostPriority
NtSetEvent
NtSetEaFile
NtSetDriverEntryOrder
NtSetDefaultUILanguage
NtSetDefaultLocale
NtSetDefaultHardErrorPort
NtSetDebugFilterState
NtSetContextThread
NtSetCachedSigningLevel2
NtSetCachedSigningLevel
NtSetBootOptions
NtSetBootEntryOrder
NtSerializeBoot
NtSecureConnectPort
NtSaveMergedKeys
NtSaveKeyEx
NtSaveKey
NtRollforwardTransactionManager
NtRollbackTransaction
NtRollbackEnlistment
NtRollbackComplete
NtRevertContainerImpersonation
NtResumeThread
NtResumeProcess
NtRestoreKey
NtResetWriteWatch
NtResetEvent
NtRequestWaitReplyPort
NtRequestPort
NtReplyWaitReplyPort
NtReplyWaitReceivePortEx
NtReplyWaitReceivePort
NtReplyPort
NtReplacePartitionUnit
NtReplaceKey
NtRenameTransactionManager
NtRenameKey
NtRemoveProcessDebug
NtRemoveIoCompletionEx
NtRemoveIoCompletion
NtReleaseWorkerFactoryWorker
NtReleaseSemaphore
NtReleaseMutant
NtReleaseKeyedEvent
NtRegisterThreadTerminatePort
NtRegisterProtocolAddressInformation
NtRecoverTransactionManager
NtRecoverResourceManager
NtRecoverEnlistment
NtReadVirtualMemory
NtReadRequestData
NtReadOnlyEnlistment
NtReadFileScatter
NtReadFile
NtRaiseHardError
NtRaiseException
NtQueueApcThreadEx
NtQueueApcThread
NtQueryAuxiliaryCounterFrequency
NtQueryWnfStateData
NtQueryWnfStateNameInformation
NtQueryVolumeInformationFile
NtQueryVirtualMemory
NtQueryValueKey
NtQueryTimerResolution
NtQueryTimer
NtQuerySystemTime
NtQuerySystemInformationEx
NtQuerySystemInformation
NtQuerySystemEnvironmentValueEx
NtQuerySystemEnvironmentValue
NtQuerySymbolicLinkObject
NtQuerySemaphore
NtQuerySecurityPolicy
NtQuerySecurityObject
NtQuerySecurityAttributesToken
NtQuerySection
NtQueryQuotaInformationFile
NtQueryPortInformationProcess
NtQueryPerformanceCounter
NtQueryOpenSubKeysEx
NtQueryOpenSubKeys
NtQueryObject
NtQueryMutant
NtQueryMultipleValueKey
NtQueryLicenseValue
NtQueryKey
NtQueryIoCompletion
NtQueryIntervalProfile
NtQueryInstallUILanguage
NtQueryInformationWorkerFactory
NtQueryInformationTransactionManager
NtQueryInformationTransaction
NtQueryInformationToken
NtQueryInformationThread
NtQueryInformationResourceManager
NtQueryInformationProcess
NtQueryInformationPort
NtQueryInformationJobObject
NtQueryInformationFile
NtQueryInformationEnlistment
NtQueryInformationByName
NtQueryInformationAtom
NtQueryFullAttributesFile
NtQueryEvent
NtQueryEaFile
NtQueryDriverEntryOrder
NtQueryDirectoryObject
NtQueryDirectoryFile
NtQueryDefaultUILanguage
NtQueryDefaultLocale
NtQueryDebugFilterState
NtQueryBootOptions
NtQueryBootEntryOrder
NtQueryAttributesFile
NtPulseEvent
NtProtectVirtualMemory
NtPropagationFailed
NtPropagationComplete
NtPrivilegeObjectAuditAlarm
NtPrivilegedServiceAuditAlarm
NtPrivilegeCheck
NtSetInformationVirtualMemory
NtPrePrepareEnlistment
NtPrePrepareComplete
NtPrepareEnlistment
NtPrepareComplete
NtPowerInformation
NtPlugPlayControl
NtOpenTransactionManager
NtOpenTransaction
NtOpenTimer
NtOpenThreadTokenEx
NtOpenThreadToken
NtOpenThread
NtOpenSymbolicLinkObject
NtOpenSession
NtOpenSemaphore
NtOpenSection
NtOpenResourceManager
NtOpenPartition
NtOpenProcessTokenEx
NtOpenProcessToken
NtOpenProcess
NtOpenPrivateNamespace
NtOpenObjectAuditAlarm
NtOpenMutant
NtOpenKeyTransactedEx
NtOpenKeyTransacted
NtOpenKeyEx
NtOpenKeyedEvent
NtOpenKey
NtOpenJobObject
NtOpenIoCompletion
NtOpenFile
NtOpenEventPair
NtOpenEvent
NtOpenEnlistment
NtOpenDirectoryObject
NtNotifyChangeSession
NtNotifyChangeMultipleKeys
NtNotifyChangeKey
NtNotifyChangeDirectoryFile
NtManagePartition
NtModifyDriverEntry
NtModifyBootEntry
NtMapViewOfSection
NtMapUserPhysicalPagesScatter
NtMapUserPhysicalPages
NtMapCMFModule
NtMakeTemporaryObject
NtMakePermanentObject
NtLockVirtualMemory
NtLockRegistryKey
NtLockProductActivationKeys
NtLockFile
NtLoadKeyEx
NtLoadKey2
NtLoadKey
NtLoadHotPatch
NtLoadEnclaveData
NtLoadDriver
NtListenPort
NtIsUILanguageComitted
NtIsSystemResumeAutomatic
NtIsProcessInJob
NtInitiatePowerAction
NtInitializeRegistry
NtInitializeNlsFiles
NtInitializeEnclave
NtImpersonateThread
NtImpersonateClientOfPort
NtImpersonateAnonymousToken
NtGetWriteWatch
NtGetNotificationResourceManager
NtGetNlsSectionPtr
NtGetNextThread
NtGetNextProcess
NtGetMUIRegistryInfo
NtGetDevicePowerState
NtGetCurrentProcessorNumberEx
NtGetCurrentProcessorNumber
NtGetContextThread
NtGetCompleteWnfStateSubscription
NtGetCachedSigningLevel
NtFsControlFile
NtFreezeTransactions
NtFreezeRegistry
NtFreeVirtualMemory
NtFreeUserPhysicalPages
NtFlushWriteBuffer
NtFlushVirtualMemory
NtFlushProcessWriteBuffers
NtFlushKey
NtFlushInstructionCache
NtFlushInstallUILanguage
NtFlushBuffersFile
NtFlushBuffersFileEx
NtFindAtom
NtFilterToken
NtFilterTokenEx
NtFilterBootOption
NtExtendSection
NtEnumerateValueKey
NtEnumerateTransactionObject
NtEnumerateSystemEnvironmentValuesEx
NtEnumerateKey
NtEnumerateDriverEntries
NtEnumerateBootEntries
NtEnableLastKnownGood
NtDuplicateToken
NtDuplicateObject
NtDrawText
NtDisplayString
NtDisableLastKnownGood
NtDeviceIoControlFile
NtDeleteWnfStateName
NtDeleteWnfStateData
NtDeleteValueKey
NtDeletePrivateNamespace
NtDeleteObjectAuditAlarm
NtDeleteKey
NtDeleteFile
NtDeleteDriverEntry
NtDeleteBootEntry
NtDeleteAtom
NtDelayExecution
NtDebugContinue
NtDebugActiveProcess
NtCreatePartition
NtCreateWorkerFactory
NtCreateWnfStateName
NtCreateWaitCompletionPacket
NtCreateWaitablePort
NtCreateUserProcess
NtCreateTransactionManager
NtCreateTransaction
NtCreateToken
NtCreateLowBoxToken
NtCreateTokenEx
NtCreateTimer
NtCreateThreadEx
NtCreateThread
NtCreateSymbolicLinkObject
NtCreateSemaphore
NtCreateSection
NtCreateResourceManager
NtCreateProfileEx
NtCreateProfile
NtCreateProcessEx
NtCreateProcess
NtCreatePrivateNamespace
NtCreatePort
NtCreatePagingFile
NtCreateNamedPipeFile
NtCreateMutant
NtCreateMailslotFile
NtCreateKeyTransacted
NtCreateKeyedEvent
NtCreateKey
NtCreateJobSet
NtCreateJobObject
NtCreateIRTimer
NtCreateTimer2
NtCreateIoCompletion
NtCreateFile
NtCreateEventPair
NtCreateEvent
NtCreateEnlistment
NtCreateEnclave
NtCreateDirectoryObjectEx
NtCreateDirectoryObject
NtCreateDebugObject
NtConvertBetweenAuxiliaryCounterAndPerformanceCounter
NtContinue
NtConnectPort
NtCompressKey
NtCompleteConnectPort
NtCompareTokens
NtCompareSigningLevels
NtCompareObjects
NtCompactKeys
NtCommitTransaction
NtCommitEnlistment
NtCommitComplete
NtCloseObjectAuditAlarm
NtClose
NtClearEvent
NtCancelWaitCompletionPacket
NtCancelTimer
NtCancelSynchronousIoFile
NtCancelIoFileEx
NtCancelIoFile
NtCallbackReturn
NtAssociateWaitCompletionPacket
NtAssignProcessToJobObject
NtAreMappedFilesTheSame
NtApphelpCacheControl
NtAlpcSetInformation
NtAlpcSendWaitReceivePort
NtAlpcRevokeSecurityContext
NtAlpcQueryInformationMessage
NtAlpcQueryInformation
NtAlpcOpenSenderThread
NtAlpcOpenSenderProcess
NtAlpcImpersonateClientOfPort
NtAlpcImpersonateClientContainerOfPort
NtAlpcDisconnectPort
NtAlpcDeleteSecurityContext
NtAlpcDeleteSectionView
NtAlpcDeleteResourceReserve
NtAlpcDeletePortSection
NtAlpcCreateSecurityContext
NtAlpcCreateSectionView
NtAlpcCreateResourceReserve
NtAlpcCreatePortSection
NtAlpcCreatePort
NtAlpcConnectPort
NtAlpcConnectPortEx
NtAlpcCancelMessage
NtAlpcAcceptConnectPort
NtAllocateVirtualMemory
NtAllocateUuids
NtAllocateUserPhysicalPages
NtAllocateReserveObject
NtAllocateLocallyUniqueId
NtAlertThreadByThreadId
NtAlertThread
NtAlertResumeThread
NtAdjustPrivilegesToken
NtAdjustGroupsToken
NtAdjustTokenClaimsAndDeviceGroups
NtAddDriverEntry
NtAddBootEntry
NtAddAtom
NtAddAtomEx
NtAcquireProcessActivityReference
NtAccessCheckByTypeResultListAndAuditAlarmByHandle
NtAccessCheckByTypeResultListAndAuditAlarm
NtAccessCheckByTypeResultList
NtAccessCheckByTypeAndAuditAlarm
NtAccessCheckByType
NtAccessCheckAndAuditAlarm
NtSetInformationSymbolicLink
NtCreateRegistryTransaction
NtOpenRegistryTransaction
NtCommitRegistryTransaction
NtRollbackRegistryTransaction

Комментариев нет:

Отправить комментарий