1003 lines
25 KiB
Plaintext
1003 lines
25 KiB
Plaintext
#undef RtlMoveMemory
|
|
#undef RtlCopyMemory
|
|
#undef RtlFillMemory
|
|
#undef RtlZeroMemory
|
|
NAME ntoskrnl.exe
|
|
|
|
DESCRIPTION 'Windows NT Kernel'
|
|
|
|
EXPORTS
|
|
CcCanIWrite
|
|
CcCopyRead
|
|
CcFastCopyRead
|
|
CcCopyWrite
|
|
CcFastCopyWrite
|
|
CcDeferWrite
|
|
CcFlushCache
|
|
CcGetDirtyPages
|
|
CcGetFileObjectFromBcb
|
|
CcGetFileObjectFromSectionPtrs
|
|
CcGetLsnForFileObject
|
|
CcInitializeCacheMap
|
|
CcIsThereDirtyData
|
|
CcMapData
|
|
CcMdlRead
|
|
CcMdlReadComplete
|
|
CcMdlWriteComplete
|
|
CcPinMappedData
|
|
CcPinRead
|
|
CcPrepareMdlWrite
|
|
CcPreparePinWrite
|
|
CcPurgeCacheSection
|
|
CcRepinBcb
|
|
CcScheduleReadAhead
|
|
CcSetAdditionalCacheAttributes
|
|
CcSetBcbOwnerPointer
|
|
CcSetDirtyPageThreshold
|
|
CcSetDirtyPinnedData
|
|
CcSetFileSizes
|
|
CcSetLogHandleForFile
|
|
CcSetReadAheadGranularity
|
|
CcUninitializeCacheMap
|
|
CcUnpinData
|
|
CcUnpinDataForThread
|
|
CcUnpinRepinnedBcb
|
|
CcZeroData
|
|
CcFastReadNotPossible CONSTANT // Data - use pointer for access
|
|
CcFastReadWait CONSTANT // Data - use pointer for access
|
|
CcFastMdlReadWait CONSTANT // Data - use pointer for access
|
|
DbgBreakPoint
|
|
DbgBreakPointWithStatus
|
|
DbgLoadImageSymbols
|
|
DbgPrint
|
|
DbgPrompt
|
|
ExAcquireFastMutexUnsafe
|
|
ExAcquireResourceExclusive
|
|
ExAcquireResourceExclusiveLite
|
|
ExAcquireResourceSharedLite
|
|
ExAcquireSharedStarveExclusive
|
|
ExAcquireSharedWaitForExclusive
|
|
ExAllocatePool
|
|
ExAllocatePoolWithQuota
|
|
ExAllocatePoolWithQuotaTag
|
|
ExAllocatePoolWithTag
|
|
ExConvertExclusiveToSharedLite
|
|
ExCreateCallback
|
|
ExDeleteResource
|
|
ExDeleteResourceLite
|
|
ExDesktopObjectType CONSTANT // Data - use pointer for access
|
|
ExDisableResourceBoostLite
|
|
ExEnumHandleTable
|
|
ExEventObjectType CONSTANT // Data - use pointer for access
|
|
ExExtendZone
|
|
ExFreePool
|
|
ExGetExclusiveWaiterCount
|
|
ExGetPreviousMode
|
|
ExGetSharedWaiterCount
|
|
ExInitializeNPagedLookasideList
|
|
ExIsProcessorFeaturePresent
|
|
ExDeleteNPagedLookasideList
|
|
ExInitializePagedLookasideList
|
|
ExDeletePagedLookasideList
|
|
ExInitializeResource
|
|
ExInitializeResourceLite
|
|
ExReinitializeResourceLite
|
|
ExInitializeZone
|
|
ExInterlockedAddLargeInteger
|
|
ExInterlockedAddLargeStatistic
|
|
ExInterlockedAddUlong
|
|
ExInterlockedDecrementLong
|
|
ExInterlockedExchangeUlong
|
|
ExInterlockedExtendZone
|
|
ExInterlockedIncrementLong
|
|
ExInterlockedInsertHeadList
|
|
ExInterlockedInsertTailList
|
|
ExInterlockedPopEntryList
|
|
ExInterlockedPushEntryList
|
|
ExInterlockedRemoveHeadList
|
|
ExIsResourceAcquiredExclusiveLite
|
|
ExIsResourceAcquiredSharedLite
|
|
ExLocalTimeToSystemTime
|
|
ExNotifyCallback
|
|
ExPostSystemEvent
|
|
ExQueryPoolBlockSize
|
|
ExQueueWorkItem
|
|
ExRaiseAccessViolation
|
|
ExRaiseDatatypeMisalignment
|
|
ExRaiseException
|
|
ExRaiseStatus
|
|
ExRaiseHardError
|
|
ExRegisterCallback
|
|
ExReleaseFastMutexUnsafe
|
|
ExReleaseResourceLite
|
|
ExReleaseResourceForThread
|
|
ExReleaseResourceForThreadLite
|
|
ExSetResourceOwnerPointer
|
|
ExSystemExceptionFilter
|
|
ExSystemTimeToLocalTime
|
|
// ExTryToAcquireFastMutexUnsafe
|
|
ExUnregisterCallback
|
|
ExWindowStationObjectType CONSTANT // Data - use pointer for access
|
|
FsRtlAddLargeMcbEntry
|
|
FsRtlAddMcbEntry
|
|
FsRtlAllocatePool
|
|
FsRtlAllocatePoolWithTag
|
|
FsRtlAllocatePoolWithQuota
|
|
FsRtlAllocatePoolWithQuotaTag
|
|
FsRtlAllocateResource
|
|
FsRtlAreNamesEqual
|
|
FsRtlBalanceReads
|
|
FsRtlCheckLockForReadAccess
|
|
FsRtlCheckLockForWriteAccess
|
|
FsRtlCheckOplock
|
|
FsRtlCopyRead
|
|
FsRtlCopyWrite
|
|
FsRtlGetFileSize
|
|
FsRtlMdlReadDev
|
|
FsRtlMdlReadComplete
|
|
FsRtlMdlReadCompleteDev
|
|
FsRtlPrepareMdlWriteDev
|
|
FsRtlMdlWriteComplete
|
|
FsRtlMdlWriteCompleteDev
|
|
FsRtlCurrentBatchOplock
|
|
FsRtlDeregisterUncProvider
|
|
FsRtlDissectDbcs
|
|
FsRtlDissectName
|
|
FsRtlDoesDbcsContainWildCards
|
|
FsRtlDoesNameContainWildCards
|
|
FsRtlFastCheckLockForRead
|
|
FsRtlFastCheckLockForWrite
|
|
FsRtlFastUnlockSingle
|
|
FsRtlFastUnlockAll
|
|
FsRtlFastUnlockAllByKey
|
|
FsRtlGetNextFileLock
|
|
FsRtlGetNextLargeMcbEntry
|
|
FsRtlGetNextMcbEntry
|
|
FsRtlInitializeFileLock
|
|
FsRtlInitializeLargeMcb
|
|
FsRtlInitializeMcb
|
|
FsRtlInitializeOplock
|
|
FsRtlIsDbcsInExpression
|
|
FsRtlIsFatDbcsLegal
|
|
FsRtlIsHpfsDbcsLegal
|
|
FsRtlIsNameInExpression
|
|
FsRtlIsNtstatusExpected
|
|
FsRtlIsTotalDeviceFailure
|
|
FsRtlLegalAnsiCharacterArray CONSTANT // Data - use pointer for access
|
|
FsRtlLookupLargeMcbEntry
|
|
FsRtlLookupLastLargeMcbEntry
|
|
FsRtlLookupLastMcbEntry
|
|
FsRtlLookupMcbEntry
|
|
FsRtlMdlRead
|
|
FsRtlNormalizeNtstatus
|
|
FsRtlNotifyInitializeSync
|
|
FsRtlNotifyUninitializeSync
|
|
FsRtlNotifyChangeDirectory
|
|
FsRtlNotifyReportChange
|
|
FsRtlNotifyCleanup
|
|
FsRtlNotifyFullChangeDirectory
|
|
FsRtlNotifyFullReportChange
|
|
FsRtlNumberOfRunsInLargeMcb
|
|
FsRtlNumberOfRunsInMcb
|
|
FsRtlOplockFsctrl
|
|
FsRtlOplockIsFastIoPossible
|
|
FsRtlPostStackOverflow
|
|
FsRtlPostPagingFileStackOverflow
|
|
FsRtlPrepareMdlWrite
|
|
FsRtlPrivateLock
|
|
FsRtlProcessFileLock
|
|
FsRtlRegisterUncProvider
|
|
FsRtlRemoveLargeMcbEntry
|
|
FsRtlRemoveMcbEntry
|
|
FsRtlSplitLargeMcb
|
|
FsRtlSyncVolumes
|
|
FsRtlTruncateMcb
|
|
FsRtlTruncateLargeMcb
|
|
FsRtlUninitializeFileLock
|
|
FsRtlUninitializeLargeMcb
|
|
FsRtlUninitializeMcb
|
|
FsRtlUninitializeOplock
|
|
FsRtlInitializeTunnelCache
|
|
FsRtlAddToTunnelCache
|
|
FsRtlFindInTunnelCache
|
|
FsRtlDeleteKeyFromTunnelCache
|
|
FsRtlDeleteTunnelCache
|
|
HalDispatchTable CONSTANT // Data - use pointer for access
|
|
HalPrivateDispatchTable CONSTANT // Data - use pointer for access
|
|
IoAcquireCancelSpinLock
|
|
IoAcquireVpbSpinLock
|
|
IoAdapterObjectType CONSTANT // Data - use pointer for access
|
|
IoDeviceHandlerObjectType CONSTANT // Data - use pointer for access
|
|
IoDeviceHandlerObjectSize CONSTANT // Data - use pointer for access
|
|
IoAllocateAdapterChannel
|
|
IoAllocateController
|
|
IoAllocateErrorLogEntry
|
|
IoAllocateIrp
|
|
IoAllocateMdl
|
|
IoAssignResources
|
|
IoAttachDevice
|
|
IoAttachDeviceByPointer
|
|
IoAttachDeviceToDeviceStack
|
|
IoBuildAsynchronousFsdRequest
|
|
IoBuildDeviceIoControlRequest
|
|
IoBuildPartialMdl
|
|
IoBuildSynchronousFsdRequest
|
|
IoCallDriver
|
|
IofCallDriver
|
|
IoCancelIrp
|
|
IoCheckDesiredAccess
|
|
IoCheckEaBufferValidity
|
|
IoCheckFunctionAccess
|
|
IoCheckShareAccess
|
|
IoCompleteRequest
|
|
IofCompleteRequest
|
|
IoConnectInterrupt
|
|
IoCreateController
|
|
IoCreateDevice
|
|
IoCreateFile
|
|
IoCreateNotificationEvent
|
|
IoCreateStreamFileObject
|
|
IoCreateSymbolicLink
|
|
IoCreateSynchronizationEvent
|
|
IoCreateUnprotectedSymbolicLink
|
|
IoDeleteController
|
|
IoDeleteDevice
|
|
IoDeleteSymbolicLink
|
|
IoDetachDevice
|
|
IoDeviceObjectType CONSTANT // Data - use pointer for access
|
|
IoDisconnectInterrupt
|
|
IoDriverObjectType CONSTANT // Data - use pointer for access
|
|
IoEnqueueIrp
|
|
IoFastQueryNetworkAttributes
|
|
IoFileObjectType CONSTANT // Data - use pointer for access
|
|
IoFreeController
|
|
IoFreeIrp
|
|
IoFreeMdl
|
|
IoGetAttachedDevice
|
|
IoGetBaseFileSystemDeviceObject
|
|
IoGetConfigurationInformation
|
|
IoGetCurrentProcess
|
|
IoGetDeviceObjectPointer
|
|
#if _PNP_POWER_STUB_ENABLED_
|
|
IoGetDeviceProperty
|
|
#endif
|
|
IoGetDeviceToVerify
|
|
IoGetFileObjectGenericMapping
|
|
IoGetInitialStack
|
|
IoGetRelatedDeviceObject
|
|
IoGetRequestorProcess
|
|
IoGetStackLimits=RtlpGetStackLimits
|
|
IoGetTopLevelIrp
|
|
IoInitializeIrp
|
|
IoInitializeTimer
|
|
IoIsOperationSynchronous
|
|
IoIsSystemThread
|
|
IoMakeAssociatedIrp
|
|
IoOpenDeviceInstanceKey
|
|
IoPageRead
|
|
IoQueryDeviceDescription
|
|
IoQueryDeviceEnumInfo
|
|
IoQueryFileInformation
|
|
#if _PNP_POWER_STUB_ENABLED_
|
|
IoQuerySystemInformation
|
|
#endif
|
|
IoQueryVolumeInformation
|
|
IoQueueThreadIrp
|
|
IoRaiseHardError
|
|
IoRaiseInformationalHardError
|
|
IoReadOperationCount CONSTANT // Data - use pointer for access
|
|
IoReadTransferCount CONSTANT // Data - use pointer for access
|
|
IoRegisterDriverReinitialization
|
|
IoRegisterFileSystem
|
|
IoRegisterFsRegistrationChange
|
|
#if _PNP_POWER_STUB_ENABLED_
|
|
IoRegisterPlugPlayNotification
|
|
#endif
|
|
IoRegisterShutdownNotification
|
|
IoReleaseCancelSpinLock
|
|
IoReleaseVpbSpinLock
|
|
IoRemoveShareAccess
|
|
#if _PNP_POWER_STUB_ENABLED_
|
|
IoReportDeviceStatus
|
|
#endif
|
|
IoReportHalResourceUsage
|
|
IoReportResourceUsage
|
|
#if _PNP_POWER_STUB_ENABLED_
|
|
IoSetDeviceProperty
|
|
#endif
|
|
IoSetDeviceToVerify
|
|
IoSetHardErrorOrVerifyDevice
|
|
IoSetInformation
|
|
IoSetShareAccess
|
|
IoSetThreadHardErrorMode
|
|
IoSetTopLevelIrp
|
|
IoStartNextPacket
|
|
IoStartNextPacketByKey
|
|
IoStartPacket
|
|
IoStartTimer
|
|
IoStatisticsLock CONSTANT // Data - use pointer for access
|
|
IoStopTimer
|
|
IoSynchronousPageWrite
|
|
IoThreadToProcess
|
|
IoUnregisterFileSystem
|
|
IoUnregisterFsRegistrationChange
|
|
#if _PNP_POWER_STUB_ENABLED_
|
|
IoUnregisterPlugPlayNotification
|
|
#endif
|
|
IoUnregisterShutdownNotification
|
|
IoUpdateShareAccess
|
|
IoVerifyVolume
|
|
IoWriteErrorLogEntry
|
|
IoWriteOperationCount CONSTANT // Data - use pointer for access
|
|
IoWriteTransferCount CONSTANT // Data - use pointer for access
|
|
KdDebuggerEnabled CONSTANT // Data - use pointer for access
|
|
KdDebuggerNotPresent CONSTANT // Data - use pointer for access
|
|
KdPollBreakIn
|
|
KeAddSystemServiceTable
|
|
KeAttachProcess
|
|
KeBoostCurrentThread
|
|
KeBugCheck
|
|
KeBugCheckEx
|
|
KeCancelTimer
|
|
KeClearEvent
|
|
KeConnectInterrupt
|
|
KeDcacheFlushCount CONSTANT // Data - use pointer for access
|
|
KeDelayExecutionThread
|
|
KeDetachProcess
|
|
KeDeregisterBugCheckCallback
|
|
KeDisconnectInterrupt
|
|
KeEnterCriticalRegion
|
|
KeEnterKernelDebugger
|
|
KeFindConfigurationEntry
|
|
KeFindConfigurationNextEntry
|
|
KeFlushEntireTb
|
|
KeIcacheFlushCount CONSTANT // Data - use pointer for access
|
|
KeInitializeDeviceQueue
|
|
KeInitializeApc
|
|
KeInitializeDpc
|
|
KeInitializeEvent
|
|
KeInitializeInterrupt
|
|
KeInitializeMutant
|
|
KeInitializeMutex
|
|
KeInitializeQueue
|
|
KeInitializeSemaphore
|
|
KeInitializeTimer
|
|
KeInitializeTimerEx
|
|
KeInsertByKeyDeviceQueue
|
|
KeInsertDeviceQueue
|
|
KeInsertQueue
|
|
KeInsertHeadQueue
|
|
KeInsertQueueApc
|
|
KeInsertQueueDpc
|
|
KeLeaveCriticalRegion
|
|
KeLoaderBlock CONSTANT // Data - use pointer for access
|
|
KeNumberProcessors CONSTANT // Data - use pointer for access
|
|
KeProfileInterrupt
|
|
KeProfileInterruptWithSource
|
|
KePulseEvent
|
|
KeQuerySystemTime
|
|
KeQueryTickCount
|
|
KeQueryTimeIncrement
|
|
KeRaiseUserException
|
|
KeReadStateTimer
|
|
KeReadStateEvent
|
|
KeReadStateMutant
|
|
KeReadStateMutex=KeReadStateMutant
|
|
KeReadStateQueue
|
|
KeReadStateSemaphore
|
|
KeRegisterBugCheckCallback
|
|
KeReleaseMutant
|
|
KeReleaseMutex
|
|
KeReleaseSemaphore
|
|
KeRemoveByKeyDeviceQueue
|
|
KeRemoveDeviceQueue
|
|
KeRemoveEntryDeviceQueue
|
|
KeRemoveQueue
|
|
KeRemoveQueueDpc
|
|
KeResetEvent
|
|
KeRundownQueue
|
|
KeServiceDescriptorTable CONSTANT // Data - use pointer for access
|
|
KeSetAffinityThread
|
|
KeSetDmaIoCoherency
|
|
KeSetEvent
|
|
KeSetEventBoostPriority
|
|
KeSetBasePriorityThread
|
|
KeSetIdealProcessorThread
|
|
KeSetImportanceDpc
|
|
KeSetPriorityThread
|
|
KeSetSwapContextNotifyRoutine;
|
|
KeSetTargetProcessorDpc
|
|
KeSetTimeIncrement
|
|
KeSetTimer
|
|
KeSetTimerEx
|
|
KeSetTimeUpdateNotifyRoutine;
|
|
KeSetThreadSelectNotifyRoutine;
|
|
KeSynchronizeExecution
|
|
KeTerminateThread
|
|
KeTickCount CONSTANT // Data - use pointer for access
|
|
KeUserModeCallback
|
|
KeUpdateRunTime
|
|
KeUpdateSystemTime
|
|
KeWaitForMultipleObjects
|
|
KeWaitForSingleObject
|
|
KeWaitForMutexObject=KeWaitForSingleObject
|
|
KiAcquireSpinLock
|
|
KiBugCheckData // Data - use pointer for access
|
|
KiReleaseSpinLock
|
|
KeInitializeSpinLock
|
|
KeAcquireSpinLockAtDpcLevel
|
|
KeReleaseSpinLockFromDpcLevel
|
|
KeSetKernelStackSwapEnable
|
|
LdrEnumResources
|
|
LdrAccessResource
|
|
LdrFindResource_U
|
|
LdrFindResourceDirectory_U
|
|
LpcRequestPort
|
|
LsaCallAuthenticationPackage
|
|
LsaDeregisterLogonProcess
|
|
LsaFreeReturnBuffer
|
|
LsaLogonUser
|
|
LsaLookupAuthenticationPackage
|
|
LsaRegisterLogonProcess
|
|
MmAdjustWorkingSetSize
|
|
MmAllocateContiguousMemory
|
|
#ifdef MEMPRINT
|
|
MemPrint
|
|
MemPrintInitialize
|
|
#endif
|
|
MmAllocateNonCachedMemory
|
|
MmBuildMdlForNonPagedPool
|
|
MmCanFileBeTruncated
|
|
MmCreateMdl
|
|
MmCreateSection
|
|
MmDbgTranslatePhysicalAddress
|
|
MmDisableModifiedWriteOfSection
|
|
MmFlushImageSection
|
|
MmForceSectionClosed
|
|
MmFreeContiguousMemory
|
|
MmFreeNonCachedMemory
|
|
MmGetPhysicalAddress
|
|
MmGrowKernelStack
|
|
MmIsAddressValid
|
|
MmIsNonPagedSystemAddressValid
|
|
MmIsRecursiveIoFault
|
|
MmIsThisAnNtAsSystem
|
|
MmLockPagableDataSection
|
|
MmLockPagableSectionByHandle
|
|
MmMapIoSpace
|
|
MmMapLockedPages
|
|
MmMapMemoryDumpMdl
|
|
MmMapVideoDisplay
|
|
MmMapViewOfSection
|
|
MmMapViewInSystemSpace
|
|
MmPageEntireDriver
|
|
MmProbeAndLockPages
|
|
MmQuerySystemSize
|
|
MmResetDriverPaging
|
|
MmSectionObjectType CONSTANT
|
|
MmSecureVirtualMemory
|
|
MmSetAddressRangeModified
|
|
MmSetBankedSection
|
|
MmSizeOfMdl
|
|
MmUnlockPagableImageSection
|
|
MmUnlockPages
|
|
MmUnmapIoSpace
|
|
MmUnmapLockedPages
|
|
MmUnmapVideoDisplay
|
|
MmUnmapViewOfSection
|
|
MmUnmapViewInSystemSpace
|
|
MmUnsecureVirtualMemory
|
|
NlsAnsiCodePage CONSTANT // Data - use pointer for access
|
|
NlsLeadByteInfo CONSTANT // Data - use pointer for access
|
|
NlsOemLeadByteInfo CONSTANT // Data - use pointer for access
|
|
NlsMbCodePageTag CONSTANT // Data - use pointer for access
|
|
NlsMbOemCodePageTag CONSTANT // Data - use pointer for access
|
|
NtAddAtom
|
|
NtAdjustPrivilegesToken
|
|
NtAllocateLocallyUniqueId
|
|
NtAllocateUuids
|
|
NtAllocateVirtualMemory
|
|
NtClose
|
|
NtConnectPort
|
|
NtCreateEvent
|
|
NtCreateFile
|
|
NtCreateSection
|
|
NtDeleteAtom
|
|
NtDeleteFile
|
|
NtDeviceIoControlFile
|
|
NtDuplicateObject
|
|
NtDuplicateToken
|
|
NtFindAtom
|
|
NtFreeVirtualMemory
|
|
NtFsControlFile
|
|
NtGlobalFlag CONSTANT // Data - use pointer for access
|
|
NtLockFile
|
|
NtMapViewOfSection
|
|
NtNotifyChangeDirectoryFile
|
|
NtOpenFile
|
|
NtOpenProcess
|
|
NtOpenProcessToken
|
|
NtQueryDirectoryFile
|
|
NtQueryEaFile
|
|
NtQueryInformationAtom
|
|
NtQueryInformationFile
|
|
NtQueryInformationProcess
|
|
NtQueryInformationToken
|
|
NtQueryOleDirectoryFile
|
|
//NtQueryQuotaInformationFile
|
|
NtQuerySecurityObject
|
|
NtQueryVolumeInformationFile
|
|
NtReadFile
|
|
NtRequestPort
|
|
NtRequestWaitReplyPort
|
|
NtSetEvent
|
|
NtSetInformationFile
|
|
NtSetInformationProcess
|
|
NtSetInformationThread
|
|
//NtSetQuotaInformationFile
|
|
NtSetSecurityObject
|
|
NtUnlockFile
|
|
NtVdmControl
|
|
NtWaitForSingleObject
|
|
NtWriteFile
|
|
ObAssignSecurity
|
|
ObCheckCreateObjectAccess
|
|
ObCheckObjectAccess
|
|
ObCreateObject
|
|
ObDereferenceObject
|
|
ObfDereferenceObject
|
|
ObFindHandleForObject
|
|
ObGetObjectPointerCount
|
|
ObGetObjectSecurity
|
|
ObInsertObject
|
|
ObMakeTemporaryObject
|
|
ObOpenObjectByName
|
|
ObOpenObjectByPointer
|
|
ObQueryObjectAuditingByHandle
|
|
ObQueryNameString
|
|
ObReferenceObjectByHandle
|
|
ObReferenceObjectByName
|
|
ObReferenceObjectByPointer
|
|
ObReleaseObjectSecurity
|
|
ObSetSecurityDescriptorInfo
|
|
ObfReferenceObject
|
|
PfxFindPrefix
|
|
PfxInitialize
|
|
PfxInsertPrefix
|
|
PfxRemovePrefix
|
|
PoQueryPowerSequence
|
|
PoSetDeviceIdleDetection
|
|
PoRequestPowerChange
|
|
ProbeForWrite
|
|
PsAssignImpersonationToken
|
|
PsChargePoolQuota
|
|
PsCreateSystemProcess
|
|
PsCreateSystemThread
|
|
PsCreateWin32Process
|
|
PsGetCurrentProcessId
|
|
PsGetCurrentThreadId
|
|
PsGetProcessExitTime
|
|
PsGetVersion
|
|
PsImpersonateClient
|
|
PsInitialSystemProcess
|
|
PsIsThreadTerminating
|
|
PsEstablishWin32Callouts
|
|
PsLookupProcessThreadByCid
|
|
PsLookupProcessByProcessId
|
|
PsLookupThreadByThreadId
|
|
PsProcessType CONSTANT
|
|
PsReferenceImpersonationToken
|
|
PsReferencePrimaryToken
|
|
PsReturnPoolQuota
|
|
PsRevertToSelf
|
|
PsSetCreateProcessNotifyRoutine
|
|
PsSetCreateThreadNotifyRoutine
|
|
PsSetLegoNotifyRoutine
|
|
PsSetProcessPriorityByClass
|
|
PsTerminateSystemThread
|
|
PsThreadType CONSTANT
|
|
RtlAddAce
|
|
RtlAllocateAndInitializeSid
|
|
RtlAllocateHeap
|
|
RtlAddAccessAllowedAce
|
|
RtlAddAtomToAtomTable
|
|
RtlAnsiCharToUnicodeChar
|
|
RtlAnsiStringToUnicodeSize=RtlxAnsiStringToUnicodeSize
|
|
RtlAnsiStringToUnicodeString
|
|
RtlAppendAsciizToString
|
|
RtlAppendStringToString
|
|
RtlAppendUnicodeStringToString
|
|
RtlAppendUnicodeToString
|
|
RtlAreAllAccessesGranted
|
|
RtlAreAnyAccessesGranted
|
|
RtlAreBitsClear
|
|
RtlAreBitsSet
|
|
RtlAssert
|
|
RtlCaptureStackBackTrace
|
|
RtlCharToInteger
|
|
RtlCheckRegistryKey
|
|
RtlClearAllBits
|
|
RtlClearBits
|
|
RtlCompareMemory
|
|
RtlCompareMemoryUlong
|
|
RtlCompareString
|
|
RtlCompareUnicodeString
|
|
RtlCompressBuffer
|
|
RtlCompressChunks
|
|
RtlConvertLongToLargeInteger
|
|
RtlConvertUlongToLargeInteger
|
|
RtlCopyLuid
|
|
RtlCopyString
|
|
RtlCopyUnicodeString
|
|
RtlCreateAtomTable
|
|
RtlCreateAcl
|
|
RtlCreateHeap
|
|
RtlCreateRegistryKey
|
|
RtlCreateSecurityDescriptor
|
|
RtlCreateUnicodeString
|
|
RtlDecompressBuffer
|
|
RtlDecompressChunks
|
|
RtlDecompressFragment
|
|
RtlDelete
|
|
RtlDeleteAtomFromAtomTable
|
|
RtlDeleteNoSplay
|
|
RtlDeleteElementGenericTable
|
|
RtlDeleteRegistryValue
|
|
RtlDescribeChunk
|
|
RtlDestroyAtomTable
|
|
RtlDestroyHeap
|
|
RtlDowncaseUnicodeString
|
|
RtlEmptyAtomTable
|
|
RtlEnlargedIntegerMultiply
|
|
RtlEnlargedUnsignedDivide
|
|
RtlEnlargedUnsignedMultiply
|
|
RtlEnumerateGenericTable
|
|
RtlEnumerateGenericTableWithoutSplaying
|
|
RtlEqualLuid
|
|
RtlEqualString
|
|
RtlEqualUnicodeString
|
|
RtlExtendedIntegerMultiply
|
|
RtlExtendedLargeIntegerDivide
|
|
RtlExtendedMagicDivide
|
|
RtlFillMemory
|
|
RtlFillMemoryUlong
|
|
RtlFindClearBits
|
|
RtlFindClearBitsAndSet
|
|
RtlFindFirstRunClear
|
|
RtlFindFirstRunSet
|
|
RtlFindLongestRunClear
|
|
RtlFindLongestRunSet
|
|
RtlFindMessage
|
|
RtlFindSetBits
|
|
RtlFindSetBitsAndClear
|
|
RtlFindUnicodePrefix
|
|
RtlFormatCurrentUserKeyPath
|
|
RtlFreeAnsiString
|
|
RtlFreeHeap
|
|
RtlFreeOemString
|
|
RtlFreeUnicodeString
|
|
RtlGenerate8dot3Name
|
|
RtlGetCallersAddress
|
|
RtlGetCompressionWorkSpaceSize
|
|
RtlGetDefaultCodePage
|
|
RtlGetElementGenericTable
|
|
RtlImageNtHeader
|
|
RtlInitAnsiString
|
|
RtlInitString
|
|
RtlInitUnicodeString
|
|
RtlInitializeBitMap
|
|
RtlInitializeGenericTable
|
|
RtlInitializeUnicodePrefix
|
|
RtlInsertElementGenericTable
|
|
RtlInsertUnicodePrefix
|
|
RtlIntegerToChar
|
|
RtlIntegerToUnicodeString
|
|
RtlIsNameLegalDOS8Dot3
|
|
RtlLargeIntegerAdd
|
|
RtlLargeIntegerArithmeticShift
|
|
RtlLargeIntegerDivide
|
|
RtlLargeIntegerNegate
|
|
RtlLargeIntegerShiftLeft
|
|
RtlLargeIntegerShiftRight
|
|
RtlLargeIntegerSubtract
|
|
RtlLengthSecurityDescriptor
|
|
RtlLookupAtomInAtomTable
|
|
RtlLookupElementGenericTable
|
|
RtlMapGenericMask
|
|
RtlMoveMemory
|
|
RtlMultiByteToUnicodeN
|
|
RtlMultiByteToUnicodeSize
|
|
RtlNextUnicodePrefix
|
|
RtlNtStatusToDosError
|
|
RtlNtStatusToDosErrorNoTeb
|
|
RtlNumberGenericTableElements
|
|
RtlNumberOfClearBits
|
|
RtlNumberOfSetBits
|
|
RtlOemStringToCountedUnicodeString
|
|
RtlOemStringToUnicodeSize=RtlxOemStringToUnicodeSize
|
|
RtlOemStringToUnicodeString
|
|
RtlOemToUnicodeN
|
|
RtlPinAtomInAtomTable
|
|
RtlPrefixString
|
|
RtlPrefixUnicodeString
|
|
RtlQueryAtomInAtomTable
|
|
RtlQueryRegistryValues
|
|
RtlQueryTimeZoneInformation
|
|
RtlRaiseException
|
|
RtlRemoveUnicodePrefix
|
|
RtlReserveChunk
|
|
RtlRandom
|
|
RtlSecondsSince1970ToTime
|
|
RtlSecondsSince1980ToTime
|
|
RtlSetAllBits
|
|
RtlSetBits
|
|
RtlSetDaclSecurityDescriptor
|
|
RtlSetSaclSecurityDescriptor
|
|
RtlSetTimeZoneInformation
|
|
RtlSplay
|
|
RtlTimeFieldsToTime
|
|
RtlTimeToSecondsSince1970
|
|
RtlTimeToSecondsSince1980
|
|
RtlTimeToTimeFields
|
|
RtlUnicodeStringToAnsiSize=RtlxUnicodeStringToAnsiSize
|
|
RtlUnicodeStringToAnsiString
|
|
RtlUnicodeToMultiByteN
|
|
RtlUnicodeToMultiByteSize
|
|
RtlUnicodeToOemN
|
|
RtlUnicodeStringToOemSize=RtlxUnicodeStringToOemSize
|
|
RtlUnicodeStringToOemString
|
|
RtlUnicodeStringToCountedOemString
|
|
RtlCustomCPToUnicodeN
|
|
RtlUnicodeToCustomCPN
|
|
RtlInitCodePageTable
|
|
RtlUnicodeStringToInteger
|
|
RtlUnwind
|
|
RtlUpcaseUnicodeChar
|
|
RtlUpcaseUnicodeString
|
|
RtlUpcaseUnicodeStringToAnsiString
|
|
RtlUpcaseUnicodeToMultiByteN
|
|
RtlUpcaseUnicodeToOemN
|
|
RtlUpcaseUnicodeStringToOemString
|
|
RtlUpcaseUnicodeStringToCountedOemString
|
|
RtlUpcaseUnicodeToCustomCPN
|
|
RtlUpperChar
|
|
RtlUpperString
|
|
RtlValidSecurityDescriptor
|
|
RtlWriteRegistryValue
|
|
RtlxAnsiStringToUnicodeSize
|
|
RtlxOemStringToUnicodeSize
|
|
RtlxUnicodeStringToAnsiSize
|
|
RtlxUnicodeStringToOemSize
|
|
RtlZeroHeap
|
|
RtlZeroMemory
|
|
SeAccessCheck
|
|
SeAssignSecurity
|
|
SeCaptureSecurityDescriptor
|
|
SeCaptureSubjectContext
|
|
SeCloseObjectAuditAlarm
|
|
SeCreateAccessState
|
|
SeCreateClientSecurity
|
|
SeDeassignSecurity
|
|
SeDeleteAccessState
|
|
SeDeleteObjectAuditAlarm
|
|
SeImpersonateClient
|
|
SeLockSubjectContext
|
|
SeOpenObjectAuditAlarm
|
|
SeOpenObjectForDeleteAuditAlarm
|
|
SePrivilegeCheck
|
|
SePrivilegeObjectAuditAlarm
|
|
SeQuerySecurityDescriptorInfo
|
|
SeReleaseSecurityDescriptor
|
|
SeReleaseSubjectContext
|
|
SeSetSecurityDescriptorInfo
|
|
SeSinglePrivilegeCheck
|
|
SeTokenType
|
|
SeTokenImpersonationLevel
|
|
SeUnlockSubjectContext
|
|
SeAppendPrivileges
|
|
SeFreePrivileges
|
|
SeAuditingFileEvents
|
|
SeAuditingFileOrGlobalEvents
|
|
SeSetAccessStateGenericMapping
|
|
SeQueryAuthenticationIdToken
|
|
SeValidSecurityDescriptor
|
|
SeRegisterLogonSessionTerminatedRoutine
|
|
SeUnregisterLogonSessionTerminatedRoutine
|
|
SeMarkLogonSessionForTerminationNotification
|
|
|
|
//
|
|
// System default DACLs
|
|
//
|
|
// SePublicDefaultDacl - is for protecting things so that
|
|
// normal users can use it.
|
|
//
|
|
// SeSystemDefaultDacl - is for protecting things so that
|
|
// only the system (and administrators) can get to it.
|
|
//
|
|
|
|
SePublicDefaultDacl CONSTANT
|
|
SeSystemDefaultDacl CONSTANT
|
|
|
|
//
|
|
// Pointer to structure containing security
|
|
// exports
|
|
//
|
|
|
|
//
|
|
// Use SeEnableAccessToExports() before
|
|
// using (see se.h)
|
|
//
|
|
|
|
SeExports CONSTANT
|
|
|
|
|
|
ZwAccessCheckAndAuditAlarm
|
|
ZwAlertThread
|
|
ZwAllocateVirtualMemory
|
|
ZwConnectPort
|
|
ZwClearEvent
|
|
ZwClose
|
|
ZwCloseObjectAuditAlarm
|
|
ZwCreateDirectoryObject
|
|
ZwCreateEvent
|
|
ZwCreateFile
|
|
ZwCreateKey
|
|
ZwCreateSection
|
|
ZwCreateSymbolicLinkObject
|
|
ZwDeleteFile
|
|
ZwDeleteKey
|
|
ZwDeleteValueKey
|
|
ZwDeviceIoControlFile
|
|
ZwDisplayString
|
|
ZwDuplicateObject
|
|
ZwDuplicateToken
|
|
ZwEnumerateKey
|
|
ZwEnumerateValueKey
|
|
ZwFlushInstructionCache
|
|
ZwFlushKey
|
|
ZwFreeVirtualMemory
|
|
ZwFsControlFile
|
|
ZwLoadDriver
|
|
ZwLoadKey
|
|
ZwMakeTemporaryObject
|
|
ZwMapViewOfSection
|
|
ZwNotifyChangeKey
|
|
ZwOpenDirectoryObject
|
|
ZwOpenEvent
|
|
ZwOpenFile
|
|
ZwOpenKey
|
|
ZwOpenProcess
|
|
ZwOpenProcessToken
|
|
ZwOpenThread
|
|
ZwOpenThreadToken
|
|
ZwOpenSection
|
|
ZwOpenSymbolicLinkObject
|
|
ZwPulseEvent
|
|
ZwQueryDefaultLocale
|
|
ZwQueryDirectoryFile
|
|
ZwQueryInformationFile
|
|
ZwQueryInformationProcess
|
|
ZwQueryInformationToken
|
|
ZwQueryKey
|
|
ZwQueryObject
|
|
ZwQuerySection
|
|
ZwQuerySecurityObject
|
|
ZwQuerySymbolicLinkObject
|
|
ZwQuerySystemInformation
|
|
ZwQueryInformationToken
|
|
ZwQueryVolumeInformationFile
|
|
ZwQueryValueKey
|
|
ZwReadFile
|
|
ZwReplaceKey
|
|
ZwRequestWaitReplyPort
|
|
ZwResetEvent
|
|
ZwSaveKey
|
|
ZwSetDefaultLocale
|
|
ZwSetEvent
|
|
ZwSetInformationFile
|
|
ZwSetInformationObject
|
|
ZwSetInformationProcess
|
|
ZwSetInformationThread
|
|
ZwSetSystemInformation
|
|
ZwSetSystemTime
|
|
ZwSetValueKey
|
|
ZwTerminateProcess
|
|
ZwUnmapViewOfSection
|
|
ZwUnloadDriver
|
|
ZwUnloadKey
|
|
ZwWaitForMultipleObjects
|
|
ZwWaitForSingleObject
|
|
ZwWriteFile
|
|
ZwYieldExecution
|
|
|
|
RtlAbsoluteToSelfRelativeSD
|
|
RtlConvertSidToUnicodeString
|
|
RtlCopySid
|
|
RtlEqualSid
|
|
RtlGetDaclSecurityDescriptor
|
|
RtlGetGroupSecurityDescriptor
|
|
RtlGetOwnerSecurityDescriptor
|
|
RtlInitializeSid
|
|
RtlLengthRequiredSid
|
|
RtlLengthSid
|
|
RtlSetGroupSecurityDescriptor
|
|
RtlSetOwnerSecurityDescriptor
|
|
RtlSubAuthorityCountSid
|
|
RtlSubAuthoritySid
|
|
RtlValidSid
|
|
|
|
NtBuildNumber CONSTANT
|
|
|
|
//
|
|
// ntcrt.lib
|
|
//
|
|
_itoa
|
|
_purecall
|
|
_snprintf
|
|
_snwprintf
|
|
_stricmp
|
|
_strlwr
|
|
_strnicmp
|
|
_strnset
|
|
_strrev
|
|
_strset
|
|
_strupr
|
|
_vsnprintf
|
|
_wcsicmp
|
|
_wcslwr
|
|
_wcsnicmp
|
|
_wcsnset
|
|
_wcsrev
|
|
_wcsupr
|
|
isdigit
|
|
islower
|
|
isprint
|
|
isspace
|
|
isupper
|
|
isxdigit
|
|
mbstowcs
|
|
mbtowc
|
|
memchr
|
|
qsort
|
|
rand
|
|
sprintf
|
|
srand
|
|
strcat
|
|
strchr
|
|
strcmp
|
|
strcpy
|
|
strlen
|
|
strncat
|
|
strncmp
|
|
strncpy
|
|
strrchr
|
|
strspn
|
|
strstr
|
|
swprintf
|
|
tolower
|
|
towlower
|
|
toupper
|
|
towupper
|
|
vsprintf
|
|
wcscat
|
|
wcschr
|
|
wcscmp
|
|
wcscpy
|
|
wcscspn
|
|
wcslen
|
|
wcsncat
|
|
wcsncmp
|
|
wcsncpy
|
|
wcsrchr
|
|
wcsspn
|
|
wcsstr
|
|
wcstombs
|
|
wctomb
|
|
|
|
//
|
|
// Hack-o-rama to support the stupid ATI miniport driver.
|
|
// Get rid of these if we can someday.
|
|
//
|
|
atol
|
|
atoi
|