x86下windbg查看SSDT表与SHDOWSSDT
2024-05-30 04:24:43
x64下这两个表是未导出的,不能用这种
首先系统符号要加载
SSDT表:
x nt!kes*des*table*
kd> x nt!KeServiceDes*
83f74a00 nt!KeServiceDescriptorTableShadow = <no type information>
83f749c0 nt!KeServiceDescriptorTable = <no type information>
kd> dd 83f749c0
83f749c0 83e88d9c 00000000 00000191 83e893e4
83f749d0 00000000 00000000 00000000 00000000
83f749e0 83ee76af 00000000 025355a9 000000bb
83f749f0 00000011 00000100 5385d2ba d717548f
83f74a00 83e88d9c 00000000 00000191 83e893e4
83f74a10 94af6000 00000000 00000339 94af702c
83f74a20 00000000 00000000 83f74a24 00000340
83f74a30 00000340 85ce38f0 00000007 00000000第一行第一个是·表基地址,第三个是函数个数。使用dds 83e88d9c L191,显示所有函数地址
kd> dds 83e88d9c L191
83e88d9c 84084c28 nt!NtAcceptConnectPort
83e88da0 83ecb40d nt!NtAccessCheck
83e88da4 84014b68 nt!NtAccessCheckAndAuditAlarm
83e88da8 83e2f88a nt!NtAccessCheckByType
83e88dac 840864ff nt!NtAccessCheckByTypeAndAuditAlarm
83e88db0 83f083fa nt!NtAccessCheckByTypeResultList
83e88db4 840f6b05 nt!NtAccessCheckByTypeResultListAndAuditAlarm
83e88db8 840f6b4e nt!NtAccessCheckByTypeResultListAndAuditAlarmByHandle
83e88dbc 840093bd nt!NtAddAtom
83e88dc0 84110368 nt!NtAddBootEntry
83e88dc4 841115c1 nt!NtAddDriverEntry
83e88dc8 83fffb95 nt!NtAdjustGroupsToken
83e88dcc 84090b35 nt!NtAdjustPrivilegesToken
83e88dd0 840e9963 nt!NtAlertResumeThread
83e88dd4 8403ca56 nt!NtAlertThread
83e88dd8 8400c6cc nt!NtAllocateLocallyUniqueId
83e88ddc 83fa2928 nt!NtAllocateReserveObject
83e88de0 840db898 nt!NtAllocateUserPhysicalPages
83e88de4 83ff314e nt!NtAllocateUuids
83e88de8 84035a62 nt!NtAllocateVirtualMemory
83e88dec 84081df1 nt!NtAlpcAcceptConnectPort
83e88df0 83fe3238 nt!NtAlpcCancelMessage
83e88df4 840811fe nt!NtAlpcConnectPort
83e88df8 84000c0c nt!NtAlpcCreatePort
83e88dfc 840925bc nt!NtAlpcCreatePortSection
83e88e00 8400328f nt!NtAlpcCreateResourceReserve
83e88e04 8409239c nt!NtAlpcCreateSectionView
83e88e08 8408aafc nt!NtAlpcCreateSecurityContext
83e88e0c 840150f0 nt!NtAlpcDeletePortSection
83e88e10 840d6657 nt!NtAlpcDeleteResourceReserve
83e88e14 84087ec9 nt!NtAlpcDeleteSectionView
83e88e18 840927ee nt!NtAlpcDeleteSecurityContext
83e88e1c 8406b1fc nt!NtAlpcDisconnectPort
83e88e20 84085f2e nt!NtAlpcImpersonateClientOfPort
83e88e24 84017d15 nt!NtAlpcOpenSenderProcess
83e88e28 8400bcf3 nt!NtAlpcOpenSenderThread
83e88e2c 83ffdb70 nt!NtAlpcQueryInformation
83e88e30 8406ba83 nt!NtAlpcQueryInformationMessage
83e88e34 840d677f nt!NtAlpcRevokeSecurityContext
83e88e38 8405df0a nt!NtAlpcSendWaitReceivePort
83e88e3c 8400b702 nt!NtAlpcSetInformation
83e88e40 8401d21b nt!NtApphelpCacheControl
83e88e44 83fd90e3 nt!NtAreMappedFilesTheSame
83e88e48 8400aed1 nt!NtAssignProcessToJobObject
83e88e4c 83e898bc nt!NtCallbackReturn
83e88e50 83fd45c3 nt!NtCancelIoFile
83e88e54 84008ce7 nt!NtCancelIoFileEx
83e88e58 840c2fb0 nt!NtCancelSynchronousIoFile
83e88e5c 83e35d56 nt!NtCancelTimer
83e88e60 84037b5f nt!NtClearEvent
83e88e64 8405037a nt!NtClose
83e88e68 8408642e nt!NtCloseObjectAuditAlarm
83e88e6c 840fe412 nt!NtCommitComplete
83e88e70 840fe132 nt!NtCommitEnlistment
83e88e74 83fdf9b9 nt!NtCommitTransaction
83e88e78 840a8013 nt!NtCompactKeys
83e88e7c 84006c9d nt!NtCompareTokens
83e88e80 8400bce9 nt!NtCompleteConnectPort
83e88e84 840a827f nt!NtCompressKey
83e88e88 84083d09 nt!NtConnectPort
83e88e8c 83e4bd0c nt!NtContinue
83e88e90 840b8c79 nt!NtCreateDebugObject
83e88e94 8400e505 nt!NtCreateDirectoryObject
83e88e98 83fb0a55 nt!NtCreateEnlistment
83e88e9c 8404c671 nt!NtCreateEvent
83e88ea0 84116068 nt!NtCreateEventPair
83e88ea4 8405b1e4 nt!NtCreateFile
83e88ea8 84066667 nt!NtCreateIoCompletion
83e88eac 83ffd977 nt!NtCreateJobObject
83e88eb0 840eb6de nt!NtCreateJobSet
83e88eb4 8400ce2a nt!NtCreateKey
83e88eb8 8401bd1e nt!NtCreateKeyedEvent
83e88ebc 83fdda36 nt!NtCreateKeyTransacted
83e88ec0 8401132f nt!NtCreateMailslotFile
83e88ec4 8401c196 nt!NtCreateMutant
83e88ec8 8408c4f9 nt!NtCreateNamedPipeFile
83e88ecc 83f98406 nt!NtCreatePagingFile
83e88ed0 83ffd75f nt!NtCreatePort
83e88ed4 83fdf57f nt!NtCreatePrivateNamespace
83e88ed8 840e7df9 nt!NtCreateProcess
83e88edc 840e7e44 nt!NtCreateProcessEx
83e88ee0 84116afb nt!NtCreateProfile
83e88ee4 84116ac1 nt!NtCreateProfileEx
83e88ee8 83fb335f nt!NtCreateResourceManager
83e88eec 8402ef2b nt!NtCreateSection
83e88ef0 8401198d nt!NtCreateSemaphore
83e88ef4 8400d7f5 nt!NtCreateSymbolicLinkObject
83e88ef8 840e7c02 nt!NtCreateThread
83e88efc 8407c124 nt!NtCreateThreadEx
83e88f00 8400a304 nt!NtCreateTimer
83e88f04 84010ac8 nt!NtCreateToken
83e88f08 83fdbe62 nt!NtCreateTransaction
83e88f0c 83fb316b nt!NtCreateTransactionManager
83e88f10 8407a056 nt!NtCreateUserProcess
83e88f14 83fb0134 nt!NtCreateWaitablePort
83e88f18 8401bf39 nt!NtCreateWorkerFactory
83e88f1c 840b9b36 nt!NtDebugActiveProcess
83e88f20 840ba1f3 nt!NtDebugContinue
83e88f24 8403496f nt!NtDelayExecution
83e88f28 83ff807b nt!NtDeleteAtom
83e88f2c 8411039b nt!NtDeleteBootEntry
83e88f30 841115f3 nt!NtDeleteDriverEntry
83e88f34 83fa46ad nt!NtDeleteFile
83e88f38 83ff7911 nt!NtDeleteKey
83e88f3c 840969df nt!NtDeleteObjectAuditAlarm
83e88f40 8409f6f6 nt!NtDeletePrivateNamespace
83e88f44 83fe9328 nt!NtDeleteValueKey
83e88f48 8407f3ca nt!NtDeviceIoControlFile
83e88f4c 840d34da nt!NtDisableLastKnownGood
83e88f50 8410e5ef nt!NtDisplayString
83e88f54 83f1f259 nt!NtDrawText
83e88f58 8403d4f0 nt!NtDuplicateObject
83e88f5c 84077974 nt!NtDuplicateToken
83e88f60 840d35bb nt!NtEnableLastKnownGood
83e88f64 8411059d nt!NtEnumerateBootEntries
83e88f68 841117f3 nt!NtEnumerateDriverEntries
83e88f6c 84072a59 nt!NtEnumerateKey
83e88f70 8411017b nt!NtEnumerateSystemEnvironmentValuesEx
83e88f74 840fef4c nt!NtEnumerateTransactionObject
83e88f78 84074ebf nt!NtEnumerateValueKey
83e88f7c 840d9a0f nt!NtExtendSection
83e88f80 83ff0d81 nt!NtFilterToken
83e88f84 83ffc8ff nt!NtFindAtom
83e88f88 84014117 nt!NtFlushBuffersFile
83e88f8c 83fa090f nt!NtFlushInstallUILanguage
83e88f90 8400b4c2 nt!NtFlushInstructionCache
83e88f94 83fea9cd nt!NtFlushKey
83e88f98 83e301b1 nt!NtFlushProcessWriteBuffers
83e88f9c 83fe6130 nt!NtFlushVirtualMemory
83e88fa0 840dc9b7 nt!NtFlushWriteBuffer
83e88fa4 840dc039 nt!NtFreeUserPhysicalPages
83e88fa8 83ec44db nt!NtFreeVirtualMemory
83e88fac 83ede6fc nt!NtFreezeRegistry
83e88fb0 840ff39a nt!NtFreezeTransactions
83e88fb4 840616a2 nt!NtFsControlFile
83e88fb8 840a0dc1 nt!NtGetContextThread
83e88fbc 840a0d56 nt!NtGetCurrentProcessorNumber
83e88fc0 840e4e37 nt!NtGetDevicePowerState
83e88fc4 8401cdaf nt!NtGetMUIRegistryInfo
83e88fc8 840e9b54 nt!NtGetNextProcess
83e88fcc 84098c0a nt!NtGetNextThread
83e88fd0 83fe55c6 nt!NtGetNlsSectionPtr
83e88fd4 840ff4f4 nt!NtGetNotificationResourceManager
83e88fd8 83fcae67 nt!NtGetPlugPlayEvent
83e88fdc 83ef55c7 nt!NtGetWriteWatch
83e88fe0 840017ca nt!NtImpersonateAnonymousToken
83e88fe4 840d57a1 nt!NtImpersonateClientOfPort
83e88fe8 840855fc nt!NtImpersonateThread
83e88fec 84067f0d nt!NtInitializeNlsFiles
83e88ff0 83fa41ca nt!NtInitializeRegistry
83e88ff4 8409b5c3 nt!NtInitiatePowerAction
83e88ff8 8409ccdd nt!NtIsProcessInJob
83e88ffc 840e4e1e nt!NtIsSystemResumeAutomatic
83e89000 83f9ede9 nt!NtIsUILanguageComitted
83e89004 83f9bc75 nt!NtListenPort
83e89008 83fd1b78 nt!NtLoadDriver
83e8900c 83f9d426 nt!NtLoadKey
83e89010 83f8aa1c nt!NtLoadKey2
83e89014 83fade72 nt!NtLoadKeyEx
83e89018 8400f32b nt!NtLockFile
83e8901c 83f84026 nt!NtLockProductActivationKeys
83e89020 83f7f6d5 nt!NtLockRegistryKey
83e89024 83e2f191 nt!NtLockVirtualMemory
83e89028 83fd21b1 nt!NtMakePermanentObject
83e8902c 84017851 nt!NtMakeTemporaryObject
83e89030 8401c35b nt!NtMapCMFModule
83e89034 840dab57 nt!NtMapUserPhysicalPages
83e89038 840db12d nt!NtMapUserPhysicalPagesScatter
83e8903c 84052394 nt!NtMapViewOfSection
83e89040 8411056c nt!NtModifyBootEntry
83e89044 841117c4 nt!NtModifyDriverEntry
83e89048 84001db6 nt!NtNotifyChangeDirectoryFile
83e8904c 84005e17 nt!NtNotifyChangeKey
83e89050 84004f39 nt!NtNotifyChangeMultipleKeys
83e89054 83fcbd6b nt!NtNotifyChangeSession
83e89058 8404e584 nt!NtOpenDirectoryObject
83e8905c 840fd995 nt!NtOpenEnlistment
83e89060 8401bb92 nt!NtOpenEvent
83e89064 84116169 nt!NtOpenEventPair
83e89068 8403db10 nt!NtOpenFile
83e8906c 840c2ca5 nt!NtOpenIoCompletion
83e89070 840eb057 nt!NtOpenJobObject
83e89074 84057642 nt!NtOpenKey
83e89078 8401badd nt!NtOpenKeyEx
83e8907c 8411649f nt!NtOpenKeyedEvent
83e89080 83fdb169 nt!NtOpenKeyTransacted
83e89084 83fdb0f9 nt!NtOpenKeyTransactedEx
83e89088 8406d0e2 nt!NtOpenMutant
83e8908c 83fe44b2 nt!NtOpenObjectAuditAlarm
83e89090 83fe5f07 nt!NtOpenPrivateNamespace
83e89094 8401d9dc nt!NtOpenProcess
83e89098 8406ffff nt!NtOpenProcessToken
83e8909c 8405db37 nt!NtOpenProcessTokenEx
83e890a0 83f890c7 nt!NtOpenResourceManager
83e890a4 84075674 nt!NtOpenSection
83e890a8 83ff10c6 nt!NtOpenSemaphore
83e890ac 84092977 nt!NtOpenSession
83e890b0 84059b6f nt!NtOpenSymbolicLinkObject
83e890b4 84069d87 nt!NtOpenThread
83e890b8 840842e4 nt!NtOpenThreadToken
83e890bc 8405dc4e nt!NtOpenThreadTokenEx
83e890c0 84115e0f nt!NtOpenTimer
83e890c4 840fe6f1 nt!NtOpenTransaction
83e890c8 840ff989 nt!NtOpenTransactionManager
83e890cc 83fef506 nt!NtPlugPlayControl
83e890d0 8404c970 nt!NtPowerInformation
83e890d4 840fe2a2 nt!NtPrepareComplete
83e890d8 840fdfc2 nt!NtPrepareEnlistment
83e890dc 840fe35a nt!NtPrePrepareComplete
83e890e0 840fe07a nt!NtPrePrepareEnlistment
83e890e4 8400293f nt!NtPrivilegeCheck
83e890e8 83fd1f60 nt!NtPrivilegedServiceAuditAlarm
83e890ec 83feca51 nt!NtPrivilegeObjectAuditAlarm
83e890f0 841000e4 nt!NtPropagationComplete
83e890f4 841001aa nt!NtPropagationFailed
83e890f8 8404e403 nt!NtProtectVirtualMemory
83e890fc 8409f5a7 nt!NtPulseEvent
83e89100 840639a1 nt!NtQueryAttributesFile
83e89104 84110a3e nt!NtQueryBootEntryOrder
83e89108 84110e83 nt!NtQueryBootOptions
83e8910c 83eced34 nt!NtQueryDebugFilterState
83e89110 84082b8c nt!NtQueryDefaultLocale
83e89114 83faef5c nt!NtQueryDefaultUILanguage
83e89118 8403fd11 nt!NtQueryDirectoryFile
83e8911c 840649f0 nt!NtQueryDirectoryObject
83e89120 84111381 nt!NtQueryDriverEntryOrder
83e89124 83f9db4a nt!NtQueryEaFile
83e89128 8400681e nt!NtQueryEvent
83e8912c 8408c5d5 nt!NtQueryFullAttributesFile
83e89130 83ff824c nt!NtQueryInformationAtom
83e89134 840fdba2 nt!NtQueryInformationEnlistment
83e89138 840616d5 nt!NtQueryInformationFile
83e8913c 840980ff nt!NtQueryInformationJobObject
83e89140 840d57d4 nt!NtQueryInformationPort
83e89144 84042644 nt!NtQueryInformationProcess
83e89148 840ff5fe nt!NtQueryInformationResourceManager
83e8914c 84068d6d nt!NtQueryInformationThread
83e89150 8405e06e nt!NtQueryInformationToken
83e89154 840fe8e4 nt!NtQueryInformationTransaction
83e89158 83f88bcf nt!NtQueryInformationTransactionManager
83e8915c 83f1fe81 nt!NtQueryInformationWorkerFactory
83e89160 83feac3f nt!NtQueryInstallUILanguage
83e89164 84116e6b nt!NtQueryIntervalProfile
83e89168 840c2d68 nt!NtQueryIoCompletion
83e8916c 84057cae nt!NtQueryKey
83e89170 8400de8d nt!NtQueryLicenseValue
83e89174 83feccc0 nt!NtQueryMultipleValueKey
83e89178 8411657c nt!NtQueryMutant
83e8917c 8400ced6 nt!NtQueryObject
83e89180 840a7b05 nt!NtQueryOpenSubKeys
83e89184 84095df8 nt!NtQueryOpenSubKeysEx
83e89188 8401c277 nt!NtQueryPerformanceCounter
83e8918c 840e82c4 nt!NtQueryPortInformationProcess
83e89190 840c4349 nt!NtQueryQuotaInformationFile
83e89194 840829e6 nt!NtQuerySection
83e89198 840022d0 nt!NtQuerySecurityAttributesToken
83e8919c 84005e4c nt!NtQuerySecurityObject
83e891a0 8410f3fc nt!NtQuerySemaphore
83e891a4 84059c15 nt!NtQuerySymbolicLinkObject
83e891a8 8410f5d3 nt!NtQuerySystemEnvironmentValue
83e891ac 8410fbc7 nt!NtQuerySystemEnvironmentValueEx
83e891b0 8403bcd4 nt!NtQuerySystemInformation
83e891b4 84074ddd nt!NtQuerySystemInformationEx
83e891b8 84082af7 nt!NtQuerySystemTime
83e891bc 84115ece nt!NtQueryTimer
83e891c0 83ff8729 nt!NtQueryTimerResolution
83e891c4 84056405 nt!NtQueryValueKey
83e891c8 840676a7 nt!NtQueryVirtualMemory
83e891cc 840622c8 nt!NtQueryVolumeInformationFile
83e891d0 84007caa nt!NtQueueApcThread
83e891d4 84003e67 nt!NtQueueApcThreadEx
83e891d8 83e4bd54 nt!NtRaiseException
83e891dc 83fe30a3 nt!NtRaiseHardError
83e891e0 8406dc8c nt!NtReadFile
83e891e4 83fa36a7 nt!NtReadFileScatter
83e891e8 840fe580 nt!NtReadOnlyEnlistment
83e891ec 840d58b9 nt!NtReadRequestData
83e891f0 8406b82c nt!NtReadVirtualMemory
83e891f4 840fdb46 nt!NtRecoverEnlistment
83e891f8 83fb388c nt!NtRecoverResourceManager
83e891fc 83fb5128 nt!NtRecoverTransactionManager
83e89200 840fff38 nt!NtRegisterProtocolAddressInformation
83e89204 840e909c nt!NtRegisterThreadTerminatePort
83e89208 8403c0ed nt!NtReleaseKeyedEvent
83e8920c 84034873 nt!NtReleaseMutant
83e89210 8401eb6a nt!NtReleaseSemaphore
83e89214 83e8ec28 nt!NtReleaseWorkerFactoryWorker
83e89218 84011a8e nt!NtRemoveIoCompletion
83e8921c 8400ca8e nt!NtRemoveIoCompletionEx
83e89220 840b9c81 nt!NtRemoveProcessDebug
83e89224 840a7d4b nt!NtRenameKey
83e89228 840ffbd4 nt!NtRenameTransactionManager
83e8922c 840a7898 nt!NtReplaceKey
83e89230 83ee73d3 nt!NtReplacePartitionUnit
83e89234 83ffca3d nt!NtReplyPort
83e89238 840445e2 nt!NtReplyWaitReceivePort
83e8923c 84044165 nt!NtReplyWaitReceivePortEx
83e89240 840d5a85 nt!NtReplyWaitReplyPort
83e89244 8408c435 nt!NtRequestPort
83e89248 840498d9 nt!NtRequestWaitReplyPort
83e8924c 83fe7ec3 nt!NtResetEvent
83e89250 83ef5c18 nt!NtResetWriteWatch
83e89254 8409d904 nt!NtRestoreKey
83e89258 840e98fd nt!NtResumeProcess
83e8925c 8407c34b nt!NtResumeThread
83e89260 840fe636 nt!NtRollbackComplete
83e89264 840fe1ea nt!NtRollbackEnlistment
83e89268 83fb1c7c nt!NtRollbackTransaction
83e8926c 840ffd36 nt!NtRollforwardTransactionManager
83e89270 8409f176 nt!NtSaveKey
83e89274 8409e91c nt!NtSaveKeyEx
83e89278 840a6bbb nt!NtSaveMergedKeys
83e8927c 84069dbc nt!NtSecureConnectPort
83e89280 83f96f07 nt!NtSerializeBoot
83e89284 84110c7f nt!NtSetBootEntryOrder
83e89288 8411116b nt!NtSetBootOptions
83e8928c 840e8cff nt!NtSetContextThread
83e89290 83f7c9bd nt!NtSetDebugFilterState
83e89294 83f9a895 nt!NtSetDefaultHardErrorPort
83e89298 83faece1 nt!NtSetDefaultLocale
83e8929c 83faf250 nt!NtSetDefaultUILanguage
83e892a0 84111bf5 nt!NtSetDriverEntryOrder
83e892a4 840c3dda nt!NtSetEaFile
83e892a8 840356de nt!NtSetEvent
83e892ac 8410f0b7 nt!NtSetEventBoostPriority
83e892b0 84116435 nt!NtSetHighEventPair
83e892b4 84116367 nt!NtSetHighWaitLowEventPair
83e892b8 840ba3b9 nt!NtSetInformationDebugObject
83e892bc 840fddea nt!NtSetInformationEnlistment
83e892c0 8406275c nt!NtSetInformationFile
83e892c4 84007cce nt!NtSetInformationJobObject
83e892c8 840a73ad nt!NtSetInformationKey
83e892cc 84014314 nt!NtSetInformationObject
83e892d0 84044603 nt!NtSetInformationProcess
83e892d4 840ff80c nt!NtSetInformationResourceManager
83e892d8 84075aaf nt!NtSetInformationThread
83e892dc 8400f780 nt!NtSetInformationToken
83e892e0 840ff146 nt!NtSetInformationTransaction
83e892e4 840ffdfb nt!NtSetInformationTransactionManager
83e892e8 83eb8362 nt!NtSetInformationWorkerFactory
83e892ec 84116e48 nt!NtSetIntervalProfile
83e892f0 83fefb82 nt!NtSetIoCompletion
83e892f4 840c2e8e nt!NtSetIoCompletionEx
83e892f8 840ead17 nt!NtSetLdtEntries
83e892fc 841163d2 nt!NtSetLowEventPair
83e89300 841162fc nt!NtSetLowWaitHighEventPair
83e89304 840c495f nt!NtSetQuotaInformationFile
83e89308 8400d626 nt!NtSetSecurityObject
83e8930c 8410f8cd nt!NtSetSystemEnvironmentValue
83e89310 8410fedf nt!NtSetSystemEnvironmentValueEx
83e89314 8405a0ee nt!NtSetSystemInformation
83e89318 8412cd7a nt!NtSetSystemPowerState
83e8931c 8409be70 nt!NtSetSystemTime
83e89320 840a2b4d nt!NtSetThreadExecutionState
83e89324 83e8ed52 nt!NtSetTimer
83e89328 83ea14b9 nt!NtSetTimerEx
83e8932c 83ffcb3e nt!NtSetTimerResolution
83e89330 83f9e2d7 nt!NtSetUuidSeed
83e89334 84016427 nt!NtSetValueKey
83e89338 840c4979 nt!NtSetVolumeInformationFile
83e8933c 8410e5ad nt!NtShutdownSystem
83e89340 8401e9b7 nt!NtShutdownWorkerFactory
83e89344 83ed8701 nt!NtSignalAndWaitForSingleObject
83e89348 840fe4ca nt!NtSinglePhaseReject
83e8934c 84116b84 nt!NtStartProfile
83e89350 84116d7b nt!NtStopProfile
83e89354 840e989f nt!NtSuspendProcess
83e89358 840a0e2d nt!NtSuspendThread
83e8935c 84091464 nt!NtSystemDebugControl
83e89360 83ffe36f nt!NtTerminateJobObject
83e89364 840669bf nt!NtTerminateProcess
83e89368 84084334 nt!NtTerminateThread
83e8936c 8407bafa nt!NtTestAlert
83e89370 83ede75f nt!NtThawRegistry
83e89374 840ff478 nt!NtThawTransactions
83e89378 8405b9bb nt!NtTraceControl
83e8937c 83ed16a0 nt!NtTraceEvent
83e89380 84111df9 nt!NtTranslateFilePath
83e89384 840d574b nt!NtUmsThreadYield
83e89388 840c51cf nt!NtUnloadDriver
83e8938c 84094503 nt!NtUnloadKey
83e89390 8409451d nt!NtUnloadKey2
83e89394 840a6d53 nt!NtUnloadKeyEx
83e89398 84011eaf nt!NtUnlockFile
83e8939c 83e27b17 nt!NtUnlockVirtualMemory
83e893a0 8407063a nt!NtUnmapViewOfSection
83e893a4 84103769 nt!NtVdmControl
83e893a8 840b9ed7 nt!NtWaitForDebugEvent
83e893ac 8403be16 nt!NtWaitForKeyedEvent
83e893b0 84034435 nt!NtWaitForMultipleObjects
83e893b4 840df904 nt!NtWaitForMultipleObjects32
83e893b8 84033ae7 nt!NtWaitForSingleObject
83e893bc 83e8e7b1 nt!NtWaitForWorkViaWorkerFactory
83e893c0 84116293 nt!NtWaitHighEventPair
83e893c4 8411622a nt!NtWaitLowEventPair
83e893c8 83ec74b4 nt!NtWorkerFactoryWorkerReady
83e893cc 8407af2b nt!NtWriteFile
83e893d0 83fab2f7 nt!NtWriteFileGather
83e893d4 840d5926 nt!NtWriteRequestData
83e893d8 8406b71c nt!NtWriteVirtualMemory
83e893dc 83e365c5 nt!NtYieldExecution
uf 函数地址 查看函数汇编代码
kd> uf 8405b1e4
nt!NtCreateFile:
8405b1e4 8bff mov edi,edi
8405b1e6 55 push ebp
8405b1e7 8bec mov ebp,esp
8405b1e9 51 push ecx
8405b1ea 33c0 xor eax,eax
8405b1ec 50 push eax
8405b1ed 6a20 push 20h
8405b1ef 50 push eax
8405b1f0 50 push eax
8405b1f1 50 push eax
8405b1f2 ff7530 push dword ptr [ebp+30h]
8405b1f5 ff752c push dword ptr [ebp+2Ch]
8405b1f8 ff7528 push dword ptr [ebp+28h]
8405b1fb ff7524 push dword ptr [ebp+24h]
8405b1fe ff7520 push dword ptr [ebp+20h]
8405b201 ff751c push dword ptr [ebp+1Ch]
8405b204 ff7518 push dword ptr [ebp+18h]
8405b207 ff7514 push dword ptr [ebp+14h]
8405b20a ff7510 push dword ptr [ebp+10h]
8405b20d ff750c push dword ptr [ebp+0Ch]
8405b210 ff7508 push dword ptr [ebp+8]
8405b213 e826c1fdff call nt!IopCreateFile (8403733e)
8405b218 59 pop ecx
8405b219 5d pop ebp
8405b21a c22c00 ret 2Ch
还可以uf 函数名查看反汇编
kd> uf nt!IopCreateFile
nt!IopCreateFile:
8403733e 6a38 push 38h
84037340 683803e683 push offset nt! ?? ::FNODOBFM::`string'+0x27b8 (83e60338)
84037345 e85e28e5ff call nt!_SEH_prolog4 (83e89ba8)
8403734a 8365e000 and dword ptr [ebp-20h],0
8403734e 64a124010000 mov eax,dword ptr fs:[00000124h]
84037354 8a803a010000 mov al,byte ptr [eax+13Ah]
8403735a 8845d8 mov byte ptr [ebp-28h],al
8403735d bf00010000 mov edi,100h
84037362 857d3c test dword ptr [ebp+3Ch],edi
84037365 7404 je nt!IopCreateFile+0x2d (8403736b)nt!IopCreateFile+0x29:
84037367 c645d800 mov byte ptr [ebp-28h],0nt!IopCreateFile+0x2d:
8403736b 64a120000000 mov eax,dword ptr fs:[00000020h]
84037371 8945d4 mov dword ptr [ebp-2Ch],eax
84037374 8bb0e0050000 mov esi,dword ptr [eax+5E0h]
8403737a ff460c inc dword ptr [esi+0Ch]
8403737d 8bce mov ecx,esi
8403737f e8644ae1ff call nt!ExInterlockedPopEntrySList (83e4bde8)
84037384 8bd8 mov ebx,eax
84037386 895ddc mov dword ptr [ebp-24h],ebx
84037389 85db test ebx,ebx
8403738b 7541 jne nt!IopCreateFile+0x90 (840373ce)nt!IopCreateFile+0x4f:
8403738d ff4610 inc dword ptr [esi+10h]
84037390 8b45d4 mov eax,dword ptr [ebp-2Ch]
84037393 8bb0e4050000 mov esi,dword ptr [eax+5E4h]
84037399 ff460c inc dword ptr [esi+0Ch]
8403739c 8bce mov ecx,esi
8403739e e8454ae1ff call nt!ExInterlockedPopEntrySList (83e4bde8)
840373a3 8bd8 mov ebx,eax
840373a5 895ddc mov dword ptr [ebp-24h],ebx
840373a8 85db test ebx,ebx
840373aa 7522 jne nt!IopCreateFile+0x90 (840373ce)ShdowSSDT表查看
这个表存放在win32k.sys中,必须切换到某个加载shdowssdt表的进程中,比如有画图界面的。
PROCESS 877d7030 SessionId: 1 Cid: 0ab8 Peb: 7ffde000 ParentCid: 056cDirBase: 7f5cc560 ObjectTable: 98befc78 HandleCount: 120.Image: mspaint.exe
kd> .process /p 877d7030
Implicit process is now 877d7030
.cache forcedecodeuser done
然后x nt!KeServiceDes*,查看表的位置
kd> x nt!KeServiceDes*
83f74a00 nt!KeServiceDescriptorTableShadow = <no type information>
83f749c0 nt!KeServiceDescriptorTable = <no type information>
kd> dd 83f74a00
83f74a00 83e88d9c 00000000 00000191 83e893e4
83f74a10 94af6000 00000000 00000339 94af702c
83f74a20 00000000 00000000 83f74a24 00000340
83f74a30 00000340 85ce38f0 00000007 00000000
83f74a40 85ce59b8 85ce5760 85ce58f0 85ce5828
83f74a50 00000000 85ce5698 00000000 00000000
83f74a60 83e82809 83e8feed 83e9e3a5 00000003
83f74a70 85de1000 85de2000 00000120 ffffffff
第二行是shadowssdt表,同理ssdt
kd> dds 94af6000 L339
94af6000 94a83d37 win32k!NtGdiAbortDoc
94af6004 94a9bc23 win32k!NtGdiAbortPath
94af6008 948f71ac win32k!NtGdiAddFontResourceW
94af600c 94a92c5d win32k!NtGdiAddRemoteFontToDC
94af6010 94a9d369 win32k!NtGdiAddFontMemResourceEx
94af6014 94a84554 win32k!NtGdiRemoveMergeFont
94af6018 94a845e8 win32k!NtGdiAddRemoteMMInstanceToDC
94af601c 949adad1 win32k!NtGdiAlphaBlend
94af6020 94a9cb94 win32k!NtGdiAngleArc
94af6024 94961965 win32k!NtGdiAnyLinkedFonts
94af6028 94961882 win32k!NtGdiFontIsLinked
94af602c 94a9eead win32k!NtGdiArcInternal
94af6030 94a9d085 win32k!NtGdiBeginGdiRendering
94af6034 94a9bc97 win32k!NtGdiBeginPath
94af6038 949a28cb win32k!NtGdiBitBlt
94af603c 94a9cfd8 win32k!NtGdiCancelDC
94af6040 94a9fc51 win32k!NtGdiCheckBitmapBits
94af6044 94a9bb9e win32k!NtGdiCloseFigure
94af6048 949d4a88 win32k!NtGdiClearBitmapAttributes
94af604c 94a9d10f win32k!NtGdiClearBrushAttributes
94af6050 94a9f645 win32k!NtGdiColorCorrectPalette
94af6054 94962069 win32k!NtGdiCombineRgn
94af6058 94a088bf win32k!NtGdiCombineTransform
94af605c 94a2c7bc win32k!NtGdiComputeXformCoefficients
94af6060 94aa063d win32k!NtGdiConfigureOPMProtectedOutput
94af6064 94a95659 win32k!NtGdiConvertMetafileRect
94af6068 949c358b win32k!NtGdiCreateBitmap
94af606c 94a9d075 win32k!NtGdiCreateBitmapFromDxSurface
94af6070 94a176c3 win32k!NtGdiCreateClientObj
94af6074 94a9f508 win32k!NtGdiCreateColorSpace
94af6078 94a9f8d2 win32k!NtGdiCreateColorTransform
94af607c 9499cf2e win32k!NtGdiCreateCompatibleBitmap
94af6080 949c3314 win32k!NtGdiCreateCompatibleDC
94af6084 94a02e81 win32k!NtGdiCreateDIBBrush
94af6088 94988a8b win32k!NtGdiCreateDIBitmapInternal
94af608c 949ac089 win32k!NtGdiCreateDIBSection
94af6090 94a897d0 win32k!NtGdiCreateEllipticRgn
94af6094 9492de6b win32k!NtGdiCreateHalftonePalette
94af6098 94aa0a1d win32k!NtGdiCreateHatchBrushInternal
94af609c 94a17748 win32k!NtGdiCreateMetafileDC
94af60a0 949e90ce win32k!NtGdiCreateOPMProtectedOutputs
94af60a4 94960a7d win32k!NtGdiCreatePaletteInternal
94af60a8 94986100 win32k!NtGdiCreatePatternBrushInternal
94af60ac 94a341aa win32k!NtGdiCreatePen
94af60b0 94990e6f win32k!NtGdiCreateRectRgn
94af60b4 9495e8fb win32k!NtGdiCreateRoundRectRgn
94af60b8 94aa14cd win32k!NtGdiCreateServerMetaFile
94af60bc 949c6302 win32k!NtGdiCreateSolidBrush
94af60c0 94a7ddd6 win32k!NtGdiD3dContextCreate
94af60c4 94a7dde9 win32k!NtGdiD3dContextDestroy
94af60c8 94a7ddfc win32k!NtGdiD3dContextDestroyAll
94af60cc 94a7de0f win32k!NtGdiD3dValidateTextureStageState
94af60d0 94a7de22 win32k!NtGdiD3dDrawPrimitives2
94af60d4 94a7de35 win32k!NtGdiDdGetDriverState
94af60d8 94a7daba win32k!NtGdiDdAddAttachedSurface
94af60dc 94a7df37 win32k!NtGdiDdAlphaBlt
94af60e0 94a7dacd win32k!NtGdiDdAttachSurface
94af60e4 94a7dee2 win32k!NtGdiDdBeginMoCompFrame
94af60e8 94a7dae0 win32k!NtGdiDdBlt
94af60ec 94a7daf3 win32k!NtGdiDdCanCreateSurface
94af60f0 94a7ddad win32k!NtGdiDdCanCreateD3DBuffer
94af60f4 94a7db06 win32k!NtGdiDdColorControl
94af60f8 94a06a97 win32k!NtGdiDdCreateDirectDrawObject
94af60fc 94a7db19 win32k!NtGdiDdCreateSurface
94af6100 94a7dd97 win32k!NtGdiDdCreateD3DBuffer
94af6104 94a7deb6 win32k!NtGdiDdCreateMoComp
94af6108 94a7db2f win32k!NtGdiDdCreateSurfaceObject
94af610c 94a7db5b win32k!NtGdiDdDeleteDirectDrawObject
94af6110 94a7db45 win32k!NtGdiDdDeleteSurfaceObject
94af6114 94a7decc win32k!NtGdiDdDestroyMoComp
94af6118 94a7db71 win32k!NtGdiDdDestroySurface
94af611c 94a7ddc0 win32k!NtGdiDdDestroyD3DBuffer
94af6120 94a7def5 win32k!NtGdiDdEndMoCompFrame
94af6124 94a7db87 win32k!NtGdiDdFlip
94af6128 94a7dc37 win32k!NtGdiDdFlipToGDISurface
94af612c 94a7db9d win32k!NtGdiDdGetAvailDriverMemory
94af6130 94a7dbb3 win32k!NtGdiDdGetBltStatus
94af6134 94a7dbc9 win32k!NtGdiDdGetDC
94af6138 94a7dbdf win32k!NtGdiDdGetDriverInfo
94af613c 94a7dd3f win32k!NtGdiDdGetDxHandle
94af6140 94a7dbf5 win32k!NtGdiDdGetFlipStatus
94af6144 94a7dea0 win32k!NtGdiDdGetInternalMoCompInfo
94af6148 94a7de8a win32k!NtGdiDdGetMoCompBuffInfo
94af614c 94a7de5e win32k!NtGdiDdGetMoCompGuids
94af6150 94a7de74 win32k!NtGdiDdGetMoCompFormats
94af6154 94a7dc0b win32k!NtGdiDdGetScanLine
94af6158 94a7dc4d win32k!NtGdiDdLock
94af615c 94a7dd6b win32k!NtGdiDdLockD3D
94af6160 94a7dc63 win32k!NtGdiDdQueryDirectDrawObject
94af6164 94a7df21 win32k!NtGdiDdQueryMoCompStatus
94af6168 94a7dc79 win32k!NtGdiDdReenableDirectDrawObject
94af616c 94a7dc8f win32k!NtGdiDdReleaseDC
94af6170 94a7df0b win32k!NtGdiDdRenderMoComp
94af6174 94a7dca5 win32k!NtGdiDdResetVisrgn
94af6178 94a7dcbb win32k!NtGdiDdSetColorKey
94af617c 94a7dc21 win32k!NtGdiDdSetExclusiveMode
94af6180 94a7dd55 win32k!NtGdiDdSetGammaRamp
94af6184 94a7de48 win32k!NtGdiDdCreateSurfaceEx
94af6188 94a7dcd1 win32k!NtGdiDdSetOverlayPosition
94af618c 94a7dce7 win32k!NtGdiDdUnattachSurface
94af6190 94a7dcfd win32k!NtGdiDdUnlock
94af6194 94a7dd81 win32k!NtGdiDdUnlockD3D
94af6198 94a7dd13 win32k!NtGdiDdUpdateOverlay
94af619c 94a7dd29 win32k!NtGdiDdWaitForVerticalBlank
94af61a0 94a7df4a win32k!NtGdiDvpCanCreateVideoPort
94af61a4 94a7df60 win32k!NtGdiDvpColorControl
94af61a8 94a7df76 win32k!NtGdiDvpCreateVideoPort
94af61ac 94a7df8c win32k!NtGdiDvpDestroyVideoPort
94af61b0 94a7dfa2 win32k!NtGdiDvpFlipVideoPort
94af61b4 94a7dfb8 win32k!NtGdiDvpGetVideoPortBandwidth
94af61b8 94a7dfce win32k!NtGdiDvpGetVideoPortField
94af61bc 94a7dfe4 win32k!NtGdiDvpGetVideoPortFlipStatus
94af61c0 94a7dffa win32k!NtGdiDvpGetVideoPortInputFormats
94af61c4 94a7e010 win32k!NtGdiDvpGetVideoPortLine
94af61c8 94a7e026 win32k!NtGdiDvpGetVideoPortOutputFormats
94af61cc 94a7e03c win32k!NtGdiDvpGetVideoPortConnectInfo
94af61d0 94a7e052 win32k!NtGdiDvpGetVideoSignalStatus
94af61d4 94a7e068 win32k!NtGdiDvpUpdateVideoPort
94af61d8 94a7e07e win32k!NtGdiDvpWaitForVideoPortSync
94af61dc 94a7e094 win32k!NtGdiDvpAcquireNotification
94af61e0 94a7e0aa win32k!NtGdiDvpReleaseNotification
94af61e4 94a7daa7 win32k!NtGdiDxgGenericThunk
94af61e8 94a2486f win32k!NtGdiDeleteClientObj
94af61ec 94a9f4d8 win32k!NtGdiDeleteColorSpace
94af61f0 94a9fb6e win32k!NtGdiDeleteColorTransform
94af61f4 949a013e win32k!NtGdiDeleteObjectApp
94af61f8 94a9df13 win32k!NtGdiDescribePixelFormat
94af61fc 949e9e01 win32k!NtGdiDestroyOPMProtectedOutput
94af6200 94a84220 win32k!NtGdiGetPerBandInfo
94af6204 94a840fb win32k!NtGdiDoBanding
94af6208 949927dc win32k!NtGdiDoPalette
94af620c 94a9cbde win32k!NtGdiDrawEscape
94af6210 94aa1f54 win32k!NtGdiEllipse
94af6214 948f64eb win32k!NtGdiEnableEudc
94af6218 94a83d1f win32k!NtGdiEndDoc
94af621c 94a9d095 win32k!NtGdiEndGdiRendering
94af6220 94a83e40 win32k!NtGdiEndPage
94af6224 94a9bd49 win32k!NtGdiEndPath
94af6228 9496685f win32k!NtGdiEnumFonts
94af622c 94aa3f21 win32k!NtGdiEnumObjects
94af6230 94a2e330 win32k!NtGdiEqualRgn
94af6234 94aa3cd6 win32k!NtGdiEudcLoadUnloadLink
94af6238 94963152 win32k!NtGdiExcludeClipRect
94af623c 94a01a24 win32k!NtGdiExtCreatePen
94af6240 94931264 win32k!NtGdiExtCreateRegion
94af6244 94a19589 win32k!NtGdiExtEscape
94af6248 94a22d74 win32k!NtGdiExtFloodFill
94af624c 949a6b91 win32k!NtGdiExtGetObjectW
94af6250 949a0c88 win32k!NtGdiExtSelectClipRgn
94af6254 949aeb78 win32k!NtGdiExtTextOutW
94af6258 94a9c034 win32k!NtGdiFillPath
94af625c 94a2b864 win32k!NtGdiFillRgn
94af6260 94a9bda6 win32k!NtGdiFlattenPath
94af6264 949b7991 win32k!NtGdiFlush
94af6268 94a9deb2 win32k!NtGdiForceUFIMapping
94af626c 94a32f55 win32k!NtGdiFrameRgn
94af6270 94a8e713 win32k!NtGdiFullscreenControl
94af6274 94a1fd25 win32k!NtGdiGetAndSetDCDword
94af6278 949b0411 win32k!NtGdiGetAppClipBox
94af627c 94936489 win32k!NtGdiGetBitmapBits
94af6280 94a9ddee win32k!NtGdiGetBitmapDimension
94af6284 9494786d win32k!NtGdiGetBoundsRect
94af6288 949e915f win32k!NtGdiGetCertificate
94af628c 949e9359 win32k!NtGdiGetCertificateSize
94af6290 949744dd win32k!NtGdiGetCharABCWidthsW
94af6294 94a9c55c win32k!NtGdiGetCharacterPlacementW
94af6298 9499f854 win32k!NtGdiGetCharSet
94af629c 94a14c8c win32k!NtGdiGetCharWidthW
94af62a0 9492d2cf win32k!NtGdiGetCharWidthInfo
94af62a4 94a9ce64 win32k!NtGdiGetColorAdjustment
94af62a8 94aa4452 win32k!NtGdiGetColorSpaceforBitmap
94af62ac 94aa05d7 win32k!NtGdiGetCOPPCompatibleOPMInformation
94af62b0 949a03d3 win32k!NtGdiGetDCDword
94af62b4 94966e4e win32k!NtGdiGetDCforBitmap
94af62b8 949a6aa6 win32k!NtGdiGetDCObject
94af62bc 94a2d1ac win32k!NtGdiGetDCPoint
94af62c0 949ac016 win32k!NtGdiGetDeviceCaps
94af62c4 94a9fdbc win32k!NtGdiGetDeviceGammaRamp
94af62c8 94a0fafa win32k!NtGdiGetDeviceCapsAll
94af62cc 94990bb1 win32k!NtGdiGetDIBitsInternal
94af62d0 94aa522a win32k!NtGdiGetETM
94af62d4 94aa3155 win32k!NtGdiGetEudcTimeStampEx
94af62d8 949614d1 win32k!NtGdiGetFontData
94af62dc 94aa5b78 win32k!NtGdiGetFontFileData
94af62e0 949d7b20 win32k!NtGdiGetFontFileInfo
94af62e4 94a9d614 win32k!NtGdiGetFontResourceInfoInternalW
94af62e8 9495d09e win32k!NtGdiGetGlyphIndicesW
94af62ec 9495cf42 win32k!NtGdiGetGlyphIndicesWInternal
94af62f0 94a9cccb win32k!NtGdiGetGlyphOutline
94af62f4 949e8d5c win32k!NtGdiGetOPMInformation
94af62f8 94a1816b win32k!NtGdiGetKerningPairs
94af62fc 94a842d7 win32k!NtGdiGetLinkedUFIs
94af6300 94a02e20 win32k!NtGdiGetMiterLimit
94af6304 94a02363 win32k!NtGdiGetMonitorID
94af6308 9495ea5e win32k!NtGdiGetNearestColor
94af630c 94a18213 win32k!NtGdiGetNearestPaletteIndex
94af6310 94a03165 win32k!NtGdiGetObjectBitmapHandle
94af6314 949ea7b1 win32k!NtGdiGetOPMRandomNumber
94af6318 94961314 win32k!NtGdiGetOutlineTextMetricsInternalW
94af631c 94a9c3b2 win32k!NtGdiGetPath
94af6320 949404a7 win32k!NtGdiGetPixel
94af6324 949ad8dd win32k!NtGdiGetRandomRgn
94af6328 94a9cde0 win32k!NtGdiGetRasterizerCaps
94af632c 9495ce93 win32k!NtGdiGetRealizationInfo
94af6330 94961dbd win32k!NtGdiGetRegionData
94af6334 949566b0 win32k!NtGdiGetRgnBox
94af6338 94aa15cd win32k!NtGdiGetServerMetaFileBits
94af633c 94ad40ef win32k!DxgStubDvpUpdateVideoPort
94af6340 94aa5d5b win32k!NtGdiGetStats
94af6344 949c1487 win32k!NtGdiGetStockObject
94af6348 94aa3e2d win32k!NtGdiGetStringBitmapW
94af634c 949e81bc win32k!NtGdiGetSuggestedOPMProtectedOutputArraySize
94af6350 94a05c36 win32k!NtGdiGetSystemPaletteUse
94af6354 94944e97 win32k!NtGdiGetTextCharsetInfo
94af6358 94a9d14f win32k!NtGdiGetTextExtent
94af635c 949443ab win32k!NtGdiGetTextExtentExW
94af6360 94965f64 win32k!NtGdiGetTextFaceW
94af6364 94965eeb win32k!NtGdiGetTextMetricsW
94af6368 949323e0 win32k!NtGdiGetTransform
94af636c 94a9d850 win32k!NtGdiGetUFI
94af6370 94a9d92e win32k!NtGdiGetEmbUFI
94af6374 94a9da28 win32k!NtGdiGetUFIPathname
94af6378 94a9d7db win32k!NtGdiGetEmbedFonts
94af637c 94a9d7e5 win32k!NtGdiChangeGhostFont
94af6380 94a82db5 win32k!NtGdiAddEmbFontToDC
94af6384 949f1ec5 win32k!NtGdiGetFontUnicodeRanges
94af6388 9495df3f win32k!NtGdiGetWidthTable
94af638c 94a2d202 win32k!NtGdiGradientFill
94af6390 949720db win32k!NtGdiHfontCreate
94af6394 94aa00b9 win32k!NtGdiIcmBrushInfo
94af6398 949bf5ae win32k!bInitRedirDev
94af639c 94a8b867 win32k!NtGdiInitSpool
94af63a0 9499f439 win32k!NtGdiIntersectClipRect
94af63a4 94a1cf7e win32k!NtGdiInvertRgn
94af63a8 94a265db win32k!NtGdiLineTo
94af63ac 94a9df9e win32k!NtGdiMakeFontDir
94af63b0 94aa4583 win32k!NtGdiMakeInfoDC
94af63b4 94946239 win32k!NtGdiMaskBlt
94af63b8 949322cf win32k!NtGdiModifyWorldTransform
94af63bc 94a03125 win32k!NtGdiMonoBitmap
94af63c0 94a9d008 win32k!NtGdiMoveTo
94af63c4 94a89900 win32k!NtGdiOffsetClipRgn
94af63c8 9494be1d win32k!NtGdiOffsetRgn
94af63cc 94988890 win32k!NtGdiOpenDCW
94af63d0 949408a0 win32k!NtGdiPatBlt
94af63d4 949cebda win32k!NtGdiPolyPatBlt
94af63d8 94a9c0f7 win32k!NtGdiPathToRegion
94af63dc 949ea9d2 win32k!NtGdiPlgBlt
94af63e0 94a9ca9e win32k!NtGdiPolyDraw
94af63e4 94a2718b win32k!NtGdiPolyPolyDraw
94af63e8 949cc99d win32k!NtGdiPolyTextOutW
94af63ec 949fafb4 win32k!NtGdiPtInRegion
94af63f0 94a89a5a win32k!NtGdiPtVisible
94af63f4 94a9d27e win32k!NtGdiQueryFonts
94af63f8 949c1497 win32k!NtGdiQueryFontAssocInfo
94af63fc 94a3815a win32k!NtGdiRectangle
94af6400 949faeed win32k!NtGdiRectInRegion
94af6404 94969849 win32k!NtGdiRectVisible
94af6408 94a9d467 win32k!NtGdiRemoveFontResourceW
94af640c 94a9d5f8 win32k!NtGdiRemoveFontMemResourceEx
94af6410 94a1eed1 win32k!NtGdiResetDC
94af6414 94aa10b1 win32k!NtGdiResizePalette
94af6418 9495c6a9 win32k!NtGdiRestoreDC
94af641c 94a24aad win32k!NtGdiRoundRect
94af6420 9495c250 win32k!NtGdiSaveDC
94af6424 94a95404 win32k!NtGdiScaleViewportExtEx
94af6428 94a9dd8b win32k!NtGdiScaleWindowExtEx
94af642c 949c345f win32k!GreSelectBitmap
94af6430 94a9cfe8 win32k!NtGdiSelectBrush
94af6434 94a9bf44 win32k!NtGdiSelectClipPath
94af6438 9499f864 win32k!NtGdiSelectFont
94af643c 94a9cff8 win32k!NtGdiSelectPen
94af6440 94900112 win32k!NtGdiSetBitmapAttributes
94af6444 94933aa4 win32k!NtGdiSetBitmapBits
94af6448 94a9de4b win32k!NtGdiSetBitmapDimension
94af644c 94945719 win32k!NtGdiSetBoundsRect
94af6450 94a9d0ef win32k!NtGdiSetBrushAttributes
94af6454 94a13299 win32k!NtGdiSetBrushOrg
94af6458 94a9ceba win32k!NtGdiSetColorAdjustment
94af645c 94a9f79b win32k!NtGdiSetColorSpace
94af6460 94a9fe43 win32k!NtGdiSetDeviceGammaRamp
94af6464 9498289a win32k!NtGdiSetDIBitsToDeviceInternal
94af6468 94966dec win32k!NtGdiSetFontEnumeration
94af646c 94a0c3f5 win32k!NtGdiSetFontXform
94af6470 94a18018 win32k!NtGdiSetIcmMode
94af6474 94a83741 win32k!NtGdiSetLinkedUFIs
94af6478 949d5b5c win32k!NtGdiSetMagicColors
94af647c 94a06bfa win32k!NtGdiSetMetaRgn
94af6480 94a0c310 win32k!NtGdiSetMiterLimit
94af6484 94a9dd7b win32k!NtGdiGetDeviceWidth
94af6488 94a9dd6b win32k!NtGdiMirrorWindowOrg
94af648c 9492b13d win32k!NtGdiSetLayout
94af6490 949ea8b0 win32k!NtGdiSetOPMSigningKeyAndSequenceNumbers
94af6494 94a3b71a win32k!NtGdiSetPixel
94af6498 94aa6a95 win32k!NtGdiSetPixelFormat
94af649c 94a9d13f win32k!NtGdiSetRectRgn
94af64a0 94a9d065 win32k!NtGdiSetSystemPaletteUse
94af64a4 94aa6214 win32k!NtGdiSetTextJustification
94af64a8 94a08836 win32k!NtGdiSetVirtualResolution
94af64ac 94a0c2ba win32k!NtGdiSetSizeDevice
94af64b0 94a83850 win32k!NtGdiStartDoc
94af64b4 94a83d4f win32k!NtGdiStartPage
94af64b8 94a3ae4d win32k!NtGdiStretchBlt
94af64bc 94992a8c win32k!NtGdiStretchDIBitsInternal
94af64c0 94a9c1dc win32k!NtGdiStrokeAndFillPath
94af64c4 94a9c2d9 win32k!NtGdiStrokePath
94af64c8 94aa6c6a win32k!NtGdiSwapBuffers
94af64cc 94931bd5 win32k!NtGdiTransformPoints
94af64d0 94a221e9 win32k!NtGdiTransparentBlt
94af64d4 949ef89f win32k!DxgStubDvpReleaseNotification
94af64d8 94a9d35e win32k!NtGdiUnmapMemFont
94af64dc 94a9d12f win32k!NtGdiUnrealizeObject
94af64e0 94aa1314 win32k!NtGdiUpdateColors
94af64e4 94a9be31 win32k!NtGdiWidenPath
94af64e8 94939fa7 win32k!NtUserActivateKeyboardLayout
94af64ec 94a4fda8 win32k!NtUserAddClipboardFormatListener
94af64f0 94a4ccda win32k!NtUserAlterWindowStyle
94af64f4 94962005 win32k!NtUserAssociateInputContext
94af64f8 94a3e485 win32k!NtUserAttachThreadInput
94af64fc 9499c8b8 win32k!NtUserBeginPaint
94af6500 94a2190e win32k!NtUserBitBltSysBmp
94af6504 94a3b3de win32k!NtUserBlockInput
94af6508 94999b90 win32k!NtUserBuildHimcList
94af650c 949872af win32k!NtUserBuildHwndList
94af6510 9496caf7 win32k!NtUserBuildNameList
94af6514 94a4cfe1 win32k!NtUserBuildPropList
94af6518 9491112e win32k!NtUserCallHwnd
94af651c 9499699e win32k!NtUserCallHwndLock
94af6520 949007c5 win32k!NtUserCallHwndOpt
94af6524 94967d22 win32k!NtUserCallHwndParam
94af6528 94944dec win32k!NtUserCallHwndParamLock
94af652c 94a33549 win32k!NtUserCallMsgFilter
94af6530 94a18671 win32k!NtUserCallNextHookEx
94af6534 949c2b42 win32k!NtUserCallNoParam
94af6538 949c2aed win32k!NtUserCallOneParam
94af653c 949889d7 win32k!NtUserCallTwoParam
94af6540 94a219d3 win32k!NtUserChangeClipboardChain
94af6544 949ffa8c win32k!NtUserChangeDisplaySettings
94af6548 94920e1b win32k!NtUserGetDisplayConfigBufferSizes
94af654c 94a4d4f8 win32k!NtUserSetDisplayConfig
94af6550 949155d4 win32k!NtUserQueryDisplayConfig
94af6554 949d7c9b win32k!NtUserDisplayConfigGetDeviceInfo
94af6558 94a4d806 win32k!NtUserDisplayConfigSetDeviceInfo
94af655c 94a500c8 win32k!NtUserCheckAccessForIntegrityLevel
94af6560 9493133f win32k!NtUserCheckDesktopByThreadId
94af6564 94a4cd7f win32k!NtUserCheckWindowThreadDesktop
94af6568 949ef8c9 win32k!NtUserCheckMenuItem
94af656c 94a15383 win32k!NtUserChildWindowFromPointEx
94af6570 949de0ec win32k!NtUserClipCursor
94af6574 94a2c682 win32k!NtUserCloseClipboard
94af6578 9497f580 win32k!NtUserCloseDesktop
94af657c 9496cbe6 win32k!NtUserCloseWindowStation
94af6580 949cc604 win32k!NtUserConsoleControl
94af6584 949e1ce1 win32k!NtUserConvertMemHandle
94af6588 94a26f70 win32k!NtUserCopyAcceleratorTable
94af658c 94a3598d win32k!NtUserCountClipboardFormats
94af6590 9493492b win32k!NtUserCreateAcceleratorTable
94af6594 94a33a4a win32k!NtUserCreateCaret
94af6598 9490e26e win32k!NtUserCreateDesktopEx
94af659c 94a08c41 win32k!NtUserCreateInputContext
94af65a0 949e3ae7 win32k!NtUserCreateLocalMemHandle
94af65a4 94990028 win32k!NtUserCreateWindowEx
94af65a8 948f8e2d win32k!NtUserCreateWindowStation
94af65ac 9492505b win32k!NtUserDdeInitialize
94af65b0 9493dc10 win32k!NtUserDeferWindowPos
94af65b4 94a1e8a0 win32k!NtUserDefSetText
94af65b8 94998a90 win32k!NtUserDeleteMenu
94af65bc 94a2ffcd win32k!NtUserDestroyAcceleratorTable
94af65c0 9494234c win32k!NtUserDestroyCursor
94af65c4 94a202d1 win32k!NtUserDestroyInputContext
94af65c8 94932b71 win32k!NtUserDestroyMenu
94af65cc 9497e60b win32k!NtUserDestroyWindow
94af65d0 9492ff8f win32k!NtUserDisableThreadIme
94af65d4 9499f449 win32k!NtUserDispatchMessage
94af65d8 948f6157 win32k!NtUserDoSoundConnect
94af65dc 949d676d win32k!NtUserDoSoundDisconnect
94af65e0 94a4d0db win32k!NtUserDragDetect
94af65e4 94a4b822 win32k!NtUserDragObject
94af65e8 94a4c2dc win32k!NtUserDrawAnimatedRects
94af65ec 94a4c39f win32k!NtUserDrawCaption
94af65f0 94a4da1c win32k!NtUserDrawCaptionTemp
94af65f4 9496d5fd win32k!NtUserDrawIconEx
94af65f8 94a4d94b win32k!NtUserDrawMenuBarTemp
94af65fc 949e1dfb win32k!NtUserEmptyClipboard
94af6600 94a08c90 win32k!NtUserEnableMenuItem
94af6604 94a0c5dd win32k!NtUserEnableScrollBar
94af6608 9493dbb3 win32k!NtUserEndDeferWindowPosEx
94af660c 9493a3e3 win32k!NtUserEndMenu
94af6610 949ae784 win32k!NtUserEndPaint
94af6614 94991656 win32k!NtUserEnumDisplayDevices
94af6618 94981c76 win32k!NtUserEnumDisplayMonitors
94af661c 94974cd4 win32k!NtUserEnumDisplaySettings
94af6620 94a4b984 win32k!NtUserEvent
94af6624 94a1d2cd win32k!NtUserExcludeUpdateRgn
94af6628 94a2d0c3 win32k!NtUserFillWindow
94af662c 9497707a win32k!NtUserFindExistingCursorIcon
94af6630 9496c0db win32k!NtUserFindWindowEx
94af6634 94a1b642 win32k!NtUserFlashWindowEx
94af6638 94a50073 win32k!NtUserFrostCrashedWindow
94af663c 94a4be2e win32k!NtUserGetAltTabInfo
94af6640 9496ac0f win32k!NtUserGetAncestor
94af6644 94a4eaea win32k!NtUserGetAppImeLevel
94af6648 9494bbde win32k!NtUserGetAsyncKeyState
94af664c 94985a95 win32k!NtUserGetAtomName
94af6650 949738dc win32k!NtUserGetCaretBlinkTime
94af6654 94a2852b win32k!NtUserGetCaretPos
94af6658 9497d04c win32k!NtUserGetClassInfoEx
94af665c 94964ec5 win32k!NtUserGetClassName
94af6660 949e378a win32k!NtUserGetClipboardData
94af6664 94a00915 win32k!NtUserGetClipboardFormatName
94af6668 94a2c703 win32k!NtUserGetClipboardOwner
94af666c 94a2c6dd win32k!NtUserGetClipboardSequenceNumber
94af6670 94a4c4ec win32k!NtUserGetClipboardViewer
94af6674 94a4c181 win32k!NtUserGetClipCursor
94af6678 94a270bf win32k!NtUserGetComboBoxInfo
94af667c 94a00c14 win32k!NtUserGetControlBrush
94af6680 94a4c448 win32k!NtUserGetControlColor
94af6684 9493919b win32k!NtUserGetCPD
94af6688 94a1f37b win32k!NtUserGetCursorFrameInfo
94af668c 94a4bcf5 win32k!NtUserGetCursorInfo
94af6690 949abf0c win32k!NtUserGetDC
94af6694 94963189 win32k!NtUserGetDCEx
94af6698 9494030d win32k!NtUserGetDoubleClickTime
94af669c 94981c37 win32k!NtUserGetForegroundWindow
94af66a0 94a50e70 win32k!NtUserGetGuiResources
94af66a4 9498669e win32k!NtUserGetGUIThreadInfo
94af66a8 9496d131 win32k!NtUserGetIconInfo
94af66ac 94993963 win32k!NtUserGetIconSize
94af66b0 94a4e9ba win32k!NtUserGetImeHotKey
94af66b4 9495a52b win32k!NtUserGetImeInfoEx
94af66b8 94a4d3fe win32k!NtUserGetInputLocaleInfo
94af66bc 94a4ba92 win32k!NtUserGetInternalWindowPos
94af66c0 94932db0 win32k!NtUserGetKeyboardLayoutList
94af66c4 94a4d311 win32k!NtUserGetKeyboardLayoutName
94af66c8 94a43e25 win32k!NtUserGetKeyboardState
94af66cc 94a4d298 win32k!NtUserGetKeyNameText
94af66d0 949651c0 win32k!NtUserGetKeyState
94af66d4 94a4bc9d win32k!NtUserGetListBoxInfo
94af66d8 94a497a6 win32k!NtUserGetMenuBarInfo
94af66dc 94a4c20b win32k!NtUserGetMenuIndex
94af66e0 949df9f0 win32k!NtUserGetMenuItemRect
94af66e4 949b9a63 win32k!NtUserGetMessage
94af66e8 94a4c941 win32k!NtUserGetMouseMovePointsEx
94af66ec 9496c3ee win32k!NtUserGetObjectInformation
94af66f0 94a3665a win32k!NtUserGetOpenClipboardWindow
94af66f4 94a4c518 win32k!NtUserGetPriorityClipboardFormat
94af66f8 949765c8 win32k!NtUserGetProcessWindowStation
94af66fc 94a4f927 win32k!NtUserGetRawInputBuffer
94af6700 94a4f35d win32k!NtUserGetRawInputData
94af6704 94a4f4e7 win32k!NtUserGetRawInputDeviceInfo
94af6708 94a4f7c7 win32k!NtUserGetRawInputDeviceList
94af670c 94a4f8ec win32k!NtUserGetRegisteredRawInputDevices
94af6710 949aff9a win32k!NtUserGetScrollBarInfo
94af6714 949988b7 win32k!NtUserGetSystemMenu
94af6718 949c61e8 win32k!NtUserGetThreadDesktop
94af671c 9499a004 win32k!NtUserGetThreadState
94af6720 9499f874 win32k!NtUserGetTitleBarInfo
94af6724 94a4c037 win32k!NtUserGetTopLevelWindow
94af6728 94a4fef3 win32k!NtUserGetUpdatedClipboardFormats
94af672c 94956f53 win32k!NtUserGetUpdateRect
94af6730 94a2039d win32k!NtUserGetUpdateRgn
94af6734 9495f04a win32k!NtUserGetWindowCompositionInfo
94af6738 94998f83 win32k!NtUserGetWindowCompositionAttribute
94af673c 949a216e win32k!NtUserGetWindowDC
94af6740 94a4c077 win32k!NtUserGetWindowDisplayAffinity
94af6744 94a419a2 win32k!NtUserGetWindowPlacement
94af6748 94a4ba09 win32k!NtUserGetWOWClass
94af674c 949473c0 win32k!NtUserGhostWindowFromHungWindow
94af6750 94a50bc1 win32k!NtUserHardErrorControl
94af6754 9493221f win32k!NtUserHideCaret
94af6758 94a4c59b win32k!NtUserHiliteMenuItem
94af675c 949f3da1 win32k!NtUserHungWindowFromGhostWindow
94af6760 94a4d22b win32k!NtUserImpersonateDdeClientWindow
94af6764 94902fbb win32k!NtUserInitialize
94af6768 9490b67d win32k!NtUserInitializeClientPfnArrays
94af676c 94a4bb64 win32k!NtUserInitTask
94af6770 949a159a win32k!NtUserInternalGetWindowText
94af6774 949f57c9 win32k!NtUserInternalGetWindowIcon
94af6778 949ad812 win32k!NtUserInvalidateRect
94af677c 949399cc win32k!NtUserInvalidateRgn
94af6780 94a2c6a1 win32k!NtUserIsClipboardFormatAvailable
94af6784 94956705 win32k!NtUserIsTopLevelWindow
94af6788 949aea09 win32k!NtUserKillTimer
94af678c 948fa15c win32k!NtUserLoadKeyboardLayoutEx
94af6790 9490e9f1 win32k!NtUserLockWindowStation
94af6794 949ef11a win32k!NtUserLockWindowUpdate
94af6798 949d72a0 win32k!NtUserLockWorkStation
94af679c 94a49274 win32k!NtUserLogicalToPhysicalPoint
94af67a0 94a46ccc win32k!NtUserMapVirtualKeyEx
94af67a4 94a4cb97 win32k!NtUserMenuItemFromPoint
94af67a8 949ab404 win32k!NtUserMessageCall
94af67ac 94a4c646 win32k!NtUserMinMaximize
94af67b0 94a4c76c win32k!NtUserMNDragLeave
94af67b4 94a4c6d4 win32k!NtUserMNDragOver
94af67b8 94a4cc98 win32k!NtUserModifyUserStartupInfoFlags
94af67bc 94930d29 win32k!NtUserMoveWindow
94af67c0 94961bf3 win32k!NtUserNotifyIMEStatus
94af67c4 949c6dac win32k!NtUserNotifyProcessCreate
94af67c8 94981baa win32k!NtUserNotifyWinEvent
94af67cc 94a2c5ed win32k!NtUserOpenClipboard
94af67d0 949764ae win32k!NtUserOpenDesktop
94af67d4 9492520c win32k!NtUserOpenInputDesktop
94af67d8 94a4cd2a win32k!NtUserOpenThreadDesktop
94af67dc 9496cc88 win32k!NtUserOpenWindowStation
94af67e0 949219d7 win32k!NtUserPaintDesktop
94af67e4 949221bf win32k!NtUserPaintMonitor
94af67e8 949ab36f win32k!NtUserPeekMessage
94af67ec 94a410b3 win32k!NtUserPhysicalToLogicalPoint
94af67f0 949abc29 win32k!NtUserPostMessage
94af67f4 9497ca09 win32k!NtUserPostThreadMessage
94af67f8 94a4f2cf win32k!NtUserPrintWindow
94af67fc 949c65e9 win32k!NtUserProcessConnect
94af6800 949d632b win32k!NtUserQueryInformationThread
94af6804 949618de win32k!NtUserQueryInputContext
94af6808 94a4d187 win32k!NtUserQuerySendMessage
94af680c 949ac526 win32k!NtUserQueryWindow
94af6810 94a4bdf0 win32k!NtUserRealChildWindowFromPoint
94af6814 949ac38f win32k!NtUserRealInternalGetMessage
94af6818 94a4cad7 win32k!NtUserRealWaitMessageEx
94af681c 949865c2 win32k!NtUserRedrawWindow
94af6820 9497c5b7 win32k!NtUserRegisterClassExWOW
94af6824 94a5003c win32k!NtUserRegisterErrorReportingDialog
94af6828 94900132 win32k!NtUserRegisterUserApiHook
94af682c 9494be2d win32k!NtUserRegisterHotKey
94af6830 949242a7 win32k!NtUserRegisterRawInputDevices
94af6834 948f13e5 win32k!NtUserRegisterServicesProcess
94af6838 94a4bc69 win32k!NtUserRegisterTasklist
94af683c 94969b2a win32k!NtUserRegisterWindowMessage
94af6840 94a4fe89 win32k!NtUserRemoveClipboardFormatListener
94af6844 94936cd5 win32k!NtUserRemoveMenu
94af6848 949af748 win32k!NtUserRemoveProp
94af684c 94a50d47 win32k!NtUserResolveDesktopForWOW
94af6850 949b0069 win32k!NtUserSBGetParms
94af6854 949cdb58 win32k!NtUserScrollDC
94af6858 94a30994 win32k!NtUserScrollWindowEx
94af685c 94966e22 win32k!NtUserSelectPalette
94af6860 94a415cd win32k!NtUserSendInput
94af6864 9496463f win32k!NtUserSetActiveWindow
94af6868 94a4ea84 win32k!NtUserSetAppImeLevel
94af686c 94a416c7 win32k!NtUserSetCapture
94af6870 948f6740 win32k!NtUserSetChildWindowNoActivate
94af6874 9492a25e win32k!NtUserSetClassLong
94af6878 94a4c789 win32k!NtUserSetClassWord
94af687c 949e1d4b win32k!NtUserSetClipboardData
94af6880 94a015cf win32k!NtUserSetClipboardViewer
94af6884 94964580 win32k!NtUserSetCursor
94af6888 94a4cb50 win32k!NtUserSetCursorContents
94af688c 9498943b win32k!NtUserSetCursorIconData
94af6890 9494644c win32k!NtUserSetFocus
94af6894 948f9fb3 win32k!NtUserSetImeHotKey
94af6898 948fffd8 win32k!NtUserSetImeInfoEx
94af689c 94961999 win32k!NtUserSetImeOwnerWindow
94af68a0 9494395e win32k!NtUserSetInformationThread
94af68a4 94a4bf47 win32k!NtUserSetInternalWindowPos
94af68a8 94a44937 win32k!NtUserSetKeyboardState
94af68ac 94a3abcc win32k!NtUserSetMenu
94af68b0 94a4c26b win32k!NtUserSetMenuContextHelpId
94af68b4 94936d56 win32k!NtUserSetMenuDefaultItem
94af68b8 94a4c2a8 win32k!NtUserSetMenuFlagRtoL
94af68bc 94a50c86 win32k!NtUserSetObjectInformation
94af68c0 94934a65 win32k!NtUserSetParent
94af68c4 9496c368 win32k!NtUserSetProcessWindowStation
94af68c8 949a4332 win32k!NtUserGetProp
94af68cc 949ae94d win32k!NtUserSetProp
94af68d0 949afc58 win32k!NtUserSetScrollInfo
94af68d4 94900848 win32k!NtUserSetShellWindowEx
94af68d8 949d5b78 win32k!NtUserSetSysColors
94af68dc 94a4cb17 win32k!NtUserSetSystemCursor
94af68e0 94a21515 win32k!NtUserSetSystemMenu
94af68e4 94a4d139 win32k!NtUserSetSystemTimer
94af68e8 9496bfef win32k!NtUserSetThreadDesktop
94af68ec 94a4eb52 win32k!NtUserSetThreadLayoutHandles
94af68f0 94a2762a win32k!NtUserSetThreadState
94af68f4 9499b140 win32k!NtUserSetTimer
94af68f8 949cc3e2 win32k!NtUserSetProcessDPIAware
94af68fc 94949303 win32k!NtUserSetWindowCompositionAttribute
94af6900 94a4c108 win32k!NtUserSetWindowDisplayAffinity
94af6904 9497d228 win32k!NtUserSetWindowFNID
94af6908 949a42cf win32k!NtUserSetWindowLong
94af690c 94936ac1 win32k!NtUserSetWindowPlacement
94af6910 9497f099 win32k!NtUserSetWindowPos
94af6914 949361c8 win32k!NtUserSetWindowRgn
94af6918 94962a1b win32k!NtUserGetWindowRgnEx
94af691c 94a220b5 win32k!NtUserSetWindowRgnEx
94af6920 94a4c7c5 win32k!NtUserSetWindowsHookAW
94af6924 949683b0 win32k!NtUserSetWindowsHookEx
94af6928 948f924f win32k!NtUserSetWindowStationUser
94af692c 94a08d08 win32k!NtUserSetWindowWord
94af6930 94965102 win32k!NtUserSetWinEventHook
94af6934 949321e5 win32k!NtUserShowCaret
94af6938 94a277dc win32k!NtUserShowScrollBar
94af693c 949925f2 win32k!NtUserShowWindow
94af6940 94a4c7f1 win32k!NtUserShowWindowAsync
94af6944 949f1f74 win32k!NtUserSoundSentry
94af6948 949101f5 win32k!NtUserSwitchDesktop
94af694c 9496846e win32k!NtUserSystemParametersInfo
94af6950 94a4cc35 win32k!NtUserTestForInteractiveUser
94af6954 94a358bd win32k!NtUserThunkedMenuInfo
94af6958 9499810d win32k!NtUserThunkedMenuItemInfo
94af695c 949de2e7 win32k!NtUserToUnicodeEx
94af6960 9497583d win32k!NtUserTrackMouseEvent
94af6964 94a2f919 win32k!NtUserTrackPopupMenuEx
94af6968 949d7311 win32k!NtUserCalculatePopupWindowPosition
94af696c 9499f9a7 win32k!NtUserCalcMenuBar
94af6970 94a4a48c win32k!NtUserPaintMenuBar
94af6974 94a3bef6 win32k!NtUserTranslateAccelerator
94af6978 94a463e1 win32k!NtUserTranslateMessage
94af697c 949419ed win32k!NtUserUnhookWindowsHookEx
94af6980 94999cf5 win32k!NtUserUnhookWinEvent
94af6984 94a4d0ad win32k!NtUserUnloadKeyboardLayout
94af6988 94910bbb win32k!NtUserUnlockWindowStation
94af698c 94985ecb win32k!NtUserUnregisterClass
94af6990 949000f5 win32k!NtUserUnregisterUserApiHook
94af6994 94a44f13 win32k!NtUserUnregisterHotKey
94af6998 94971e0e win32k!NtUserUpdateInputContext
94af699c 94a4b8fd win32k!NtUserUpdateInstance
94af69a0 949568d2 win32k!NtUserUpdateLayeredWindow
94af69a4 94a4f1f9 win32k!NtUserGetLayeredWindowAttributes
94af69a8 9493f5fd win32k!NtUserSetLayeredWindowAttributes
94af69ac 948fa955 win32k!NtUserUpdatePerUserSystemParameters
94af69b0 94a4cdef win32k!NtUserUserHandleGrantAccess
94af69b4 94a265b3 win32k!NtUserValidateHandleSecure
94af69b8 94a18b40 win32k!NtUserValidateRect
94af69bc 949b17cb win32k!NtUserValidateTimerCallback
94af69c0 94a21f3c win32k!NtUserVkKeyScanEx
94af69c4 94a1b730 win32k!NtUserWaitForInputIdle
94af69c8 94a4b7fa win32k!NtUserWaitForMsgAndEvent
94af69cc 949b0999 win32k!NtUserWaitMessage
94af69d0 94a3d57b win32k!NtUserWindowFromPhysicalPoint
94af69d4 94a3b6c0 win32k!NtUserWindowFromPoint
94af69d8 94a4ca0d win32k!NtUserYieldTask
94af69dc 9490d14f win32k!NtUserRemoteConnect
94af69e0 94a4b711 win32k!NtUserRemoteRedrawRectangle
94af69e4 94a4b768 win32k!NtUserRemoteRedrawScreen
94af69e8 94a4b7b8 win32k!NtUserRemoteStopScreenUpdates
94af69ec 94a50aed win32k!NtUserCtxDisplayIOCtl
94af69f0 948f65a7 win32k!NtUserRegisterSessionPort
94af69f4 94a4fb9c win32k!NtUserUnregisterSessionPort
94af69f8 94a4f106 win32k!NtUserUpdateWindowTransform
94af69fc 9491205f win32k!NtUserDwmStartRedirection
94af6a00 949fafc4 win32k!NtUserDwmStopRedirection
94af6a04 949450b2 win32k!NtUserGetWindowMinimizeRect
94af6a08 949e93fe win32k!NtUserSfmDxBindSwapChain
94af6a0c 949ea409 win32k!NtUserSfmDxOpenSwapChain
94af6a10 949e9723 win32k!NtUserSfmDxReleaseSwapChain
94af6a14 949e99ea win32k!NtUserSfmDxSetSwapChainBindingStatus
94af6a18 949ea67d win32k!NtUserSfmDxQuerySwapChainBindingStatus
94af6a1c 94913242 win32k!NtUserSfmDxReportPendingBindingsToDwm
94af6a20 949e8e9b win32k!NtUserSfmDxGetSwapChainStats
94af6a24 949b93f8 win32k!NtUserSfmDxSetSwapChainStats
94af6a28 94a4fbd7 win32k!NtUserSfmGetLogicalSurfaceBinding
94af6a2c 94a4fd20 win32k!NtUserSfmDestroyLogicalSurfaceBinding
94af6a30 94a501c4 win32k!NtUserModifyWindowTouchCapability
94af6a34 94a5022b win32k!NtUserIsTouchWindow
94af6a38 94a502b7 win32k!NtUserSendTouchInput
94af6a3c 94a503fb win32k!NtUserEndTouchOperation
94af6a40 94a5048c win32k!NtUserGetTouchInputInfo
94af6a44 94986395 win32k!NtUserChangeWindowMessageFilterEx
94af6a48 94a5056d win32k!NtUserInjectGesture
94af6a4c 94a50739 win32k!NtUserGetGestureInfo
94af6a50 94a507fe win32k!NtUserGetGestureExtArgs
94af6a54 94a508d8 win32k!NtUserManageGestureHandlerWindow
94af6a58 9490e629 win32k!NtUserSetGestureConfig
94af6a5c 94a5095a win32k!NtUserGetGestureConfig
94af6a60 94aa7cfa win32k!NtGdiEngAssociateSurface
94af6a64 94aa7e0b win32k!NtGdiEngCreateBitmap
94af6a68 94aa7485 win32k!NtGdiEngCreateDeviceSurface
94af6a6c 94aa74f5 win32k!NtGdiEngCreateDeviceBitmap
94af6a70 94a1f95c win32k!NtGdiEngCreatePalette
94af6a74 94aab7bf win32k!NtGdiEngComputeGlyphSet
94af6a78 94aa8846 win32k!NtGdiEngCopyBits
94af6a7c 94a179d0 win32k!NtGdiEngDeletePalette
94af6a80 94aa7d8f win32k!NtGdiEngDeleteSurface
94af6a84 94aa8012 win32k!NtGdiEngEraseSurface
94af6a88 94aa7fdf win32k!NtGdiEngUnlockSurface
94af6a8c 94aa7fa8 win32k!NtGdiEngLockSurface
94af6a90 94aa911d win32k!NtGdiEngBitBlt
94af6a94 94aa89db win32k!NtGdiEngStretchBlt
94af6a98 94aa8f3d win32k!NtGdiEngPlgBlt
94af6a9c 94aa7dbc win32k!NtGdiEngMarkBandingSurface
94af6aa0 94aa93dc win32k!NtGdiEngStrokePath
94af6aa4 94aa95c4 win32k!NtGdiEngFillPath
94af6aa8 94aa9721 win32k!NtGdiEngStrokeAndFillPath
94af6aac 94aa9909 win32k!NtGdiEngPaint
94af6ab0 94aa9a1d win32k!NtGdiEngLineTo
94af6ab4 94aa9b40 win32k!NtGdiEngAlphaBlend
94af6ab8 94aa9cab win32k!NtGdiEngGradientFill
94af6abc 94aa9ee1 win32k!NtGdiEngTransparentBlt
94af6ac0 94aaa039 win32k!NtGdiEngTextOut
94af6ac4 94aa8c48 win32k!NtGdiEngStretchBltROP
94af6ac8 94aab6c0 win32k!NtGdiXLATEOBJ_cGetPalette
94af6acc 94aab774 win32k!NtGdiXLATEOBJ_iXlate
94af6ad0 94aab679 win32k!NtGdiXLATEOBJ_hGetColorTransform
94af6ad4 94aaa297 win32k!NtGdiCLIPOBJ_bEnum
94af6ad8 94aaa210 win32k!NtGdiCLIPOBJ_cEnumStart
94af6adc 94aa8114 win32k!NtGdiCLIPOBJ_ppoGetPath
94af6ae0 94aa814b win32k!NtGdiEngDeletePath
94af6ae4 94aa817e win32k!NtGdiEngCreateClip
94af6ae8 94aa81a9 win32k!NtGdiEngDeleteClip
94af6aec 94aaa40f win32k!NtGdiBRUSHOBJ_ulGetBrushColor
94af6af0 94aaa37e win32k!NtGdiBRUSHOBJ_pvAllocRbrush
94af6af4 94aaa3c8 win32k!NtGdiBRUSHOBJ_pvGetRbrush
94af6af8 94aaa4ef win32k!NtGdiBRUSHOBJ_hGetColorTransform
94af6afc 94aaa536 win32k!NtGdiXFORMOBJ_bApplyXform
94af6b00 94aaa68c win32k!NtGdiXFORMOBJ_iGetXform
94af6b04 94aaa735 win32k!NtGdiFONTOBJ_vGetInfo
94af6b08 94aa81dc win32k!NtGdiFONTOBJ_pxoGetXform
94af6b0c 94aaa823 win32k!NtGdiFONTOBJ_cGetGlyphs
94af6b10 94aaac88 win32k!NtGdiFONTOBJ_pifi
94af6b14 94aaaa9d win32k!NtGdiFONTOBJ_pfdg
94af6b18 94aaab8a win32k!NtGdiFONTOBJ_pQueryGlyphAttrs
94af6b1c 94aab5ac win32k!NtGdiFONTOBJ_pvTrueTypeFontFile
94af6b20 94aaa9d1 win32k!NtGdiFONTOBJ_cGetAllGlyphHandles
94af6b24 94aaaea8 win32k!NtGdiSTROBJ_bEnum
94af6b28 94aaaec6 win32k!NtGdiSTROBJ_bEnumPositionsOnly
94af6b2c 94aaaee4 win32k!NtGdiSTROBJ_bGetAdvanceWidths
94af6b30 94aaafbe win32k!NtGdiSTROBJ_vEnumStart
94af6b34 94aaaffb win32k!NtGdiSTROBJ_dwGetCodePage
94af6b38 94aab0de win32k!NtGdiPATHOBJ_vGetBounds
94af6b3c 94aab160 win32k!NtGdiPATHOBJ_bEnum
94af6b40 94aab2b4 win32k!NtGdiPATHOBJ_vEnumStart
94af6b44 94aab321 win32k!NtGdiPATHOBJ_vEnumStartClipLines
94af6b48 94aab434 win32k!NtGdiPATHOBJ_bEnumClipLines
94af6b4c 94aa8213 win32k!NtGdiGetDhpdev
94af6b50 94aa8249 win32k!NtGdiEngCheckAbort
94af6b54 94aa82ab win32k!NtGdiHT_Get8BPPFormatPalette
94af6b58 94aa8336 win32k!NtGdiHT_Get8BPPMaskPalette
94af6b5c 94a9561e win32k!NtGdiUpdateTransform
94af6b60 94a200ef win32k!NtGdiSetPUMPDOBJ
94af6b64 94aab042 win32k!NtGdiBRUSHOBJ_DeleteRbrush
94af6b68 94a9d35e win32k!NtGdiUnmapMemFont
94af6b6c 949a0d7d win32k!NtGdiDrawStream
94af6b70 949b83ef win32k!NtGdiSfmGetNotificationTokens
94af6b74 94986a75 win32k!NtGdiHLSurfGetInformation
94af6b78 949755ea win32k!NtGdiHLSurfSetInformation
94af6b7c 9497f7b9 win32k!NtGdiDdDDICreateAllocation
94af6b80 949993e2 win32k!NtGdiDdDDIQueryResourceInfo
94af6b84 94999401 win32k!NtGdiDdDDIOpenResource
94af6b88 94999857 win32k!NtGdiDdDDIDestroyAllocation
94af6b8c 94a0031d win32k!NtGdiDdDDISetAllocationPriority
94af6b90 94a26d76 win32k!NtGdiDdDDIQueryAllocationResidency
94af6b94 94923508 win32k!NtGdiDdDDICreateDevice
94af6b98 949ffe1d win32k!NtGdiDdDDIDestroyDevice
94af6b9c 949234e9 win32k!NtGdiDdDDICreateContext
94af6ba0 94a0068e win32k!NtGdiDdDDIDestroyContext
94af6ba4 949ea73f win32k!NtGdiDdDDICreateSynchronizationObject
94af6ba8 94a7e28b win32k!NtGdiDdDDIOpenSynchronizationObject
94af6bac 949e9e55 win32k!NtGdiDdDDIDestroySynchronizationObject
94af6bb0 949e819d win32k!NtGdiDdDDIWaitForSynchronizationObject
94af6bb4 949e817e win32k!NtGdiDdDDISignalSynchronizationObject
94af6bb8 94a7e2aa win32k!NtGdiDdDDIGetRuntimeData
94af6bbc 949234ca win32k!NtGdiDdDDIQueryAdapterInfo
94af6bc0 94998d8d win32k!NtGdiDdDDILock
94af6bc4 94998dac win32k!NtGdiDdDDIUnlock
94af6bc8 94a005a4 win32k!NtGdiDdDDIGetDisplayModeList
94af6bcc 94921bd3 win32k!NtGdiDdDDISetDisplayMode
94af6bd0 94a7e2c9 win32k!NtGdiDdDDIGetMultisampleMethodList
94af6bd4 949b9c83 win32k!NtGdiDdDDIPresent
94af6bd8 949b9204 win32k!NtGdiDdDDIRender
94af6bdc 94911aa6 win32k!NtGdiDdDDIOpenAdapterFromDeviceName
94af6be0 949232f6 win32k!NtGdiDdDDIOpenAdapterFromHdc
94af6be4 9492326f win32k!NtGdiDdDDICloseAdapter
94af6be8 949fb1d2 win32k!NtGdiDdDDIGetSharedPrimaryHandle
94af6bec 94923527 win32k!NtGdiDdDDIEscape
94af6bf0 94a7e2e8 win32k!NtGdiDdDDIQueryStatistics
94af6bf4 949211fe win32k!NtGdiDdDDISetVidPnSourceOwner
94af6bf8 949b8267 win32k!NtGdiDdDDIGetPresentHistory
94af6bfc 94921355 win32k!NtGdiDdDDIGetPresentQueueEvent
94af6c00 94a7e307 win32k!NtGdiDdDDICreateOverlay
94af6c04 94a7e326 win32k!NtGdiDdDDIUpdateOverlay
94af6c08 94a7e345 win32k!NtGdiDdDDIFlipOverlay
94af6c0c 94a7e364 win32k!NtGdiDdDDIDestroyOverlay
94af6c10 949b9223 win32k!NtGdiDdDDIWaitForVerticalBlankEvent
94af6c14 94a7e383 win32k!NtGdiDdDDISetGammaRamp
94af6c18 949b849b win32k!NtGdiDdDDIGetDeviceState
94af6c1c 949db234 win32k!NtGdiDdDDICreateDCFromMemory
94af6c20 949ddfc6 win32k!NtGdiDdDDIDestroyDCFromMemory
94af6c24 94a008bc win32k!NtGdiDdDDISetContextSchedulingPriority
94af6c28 94a7e3a2 win32k!NtGdiDdDDIGetContextSchedulingPriority
94af6c2c 94911591 win32k!NtGdiDdDDISetProcessSchedulingPriorityClass
94af6c30 94a7e3c1 win32k!NtGdiDdDDIGetProcessSchedulingPriorityClass
94af6c34 94a7e3e0 win32k!NtGdiDdDDIReleaseProcessVidPnSourceOwners
94af6c38 949e8dc2 win32k!NtGdiDdDDIGetScanLine
94af6c3c 949e83f1 win32k!NtGdiDdDDISetQueuedLimit
94af6c40 94a7e418 win32k!NtGdiDdDDIPollDisplayChildren
94af6c44 94a7e437 win32k!NtGdiDdDDIInvalidateActiveVidPn
94af6c48 94a7e456 win32k!NtGdiDdDDICheckOcclusion
94af6c4c 94a7e475 win32k!NtGdiDdDDIWaitForIdle
94af6c50 949b9242 win32k!NtGdiDdDDICheckMonitorPowerState
94af6c54 949e83de win32k!NtGdiDdDDICheckExclusiveOwnership
94af6c58 94a7e494 win32k!NtGdiDdDDISetDisplayPrivateDriverFormat
94af6c5c 94a7f619 win32k!NtGdiDdDDISharedPrimaryLockNotification
94af6c60 94a7f688 win32k!NtGdiDdDDISharedPrimaryUnLockNotification
94af6c64 94a7e4b3 win32k!NtGdiDdDDICreateKeyedMutex
94af6c68 94a7e4d2 win32k!NtGdiDdDDIOpenKeyedMutex
94af6c6c 94a7e4f1 win32k!NtGdiDdDDIDestroyKeyedMutex
94af6c70 94a7e510 win32k!NtGdiDdDDIAcquireKeyedMutex
94af6c74 94a7e52f win32k!NtGdiDdDDIReleaseKeyedMutex
94af6c78 949ea93e win32k!NtGdiDdDDIConfigureSharedResource
94af6c7c 94a7e54e win32k!NtGdiDdDDIGetOverlayState
94af6c80 949b22e8 win32k!NtGdiDdDDICheckVidPnExclusiveOwnership
94af6c84 949ea643 win32k!NtGdiDdDDICheckSharedResourceAccess
94af6c88 949ef89f win32k!DxgStubDvpReleaseNotification
94af6c8c 94a06a8d win32k!DxgStubValidateTextureStageState
94af6c90 94aabb5c win32k!NtGdiGetNumberOfPhysicalMonitors
94af6c94 94aabb8b win32k!NtGdiGetPhysicalMonitors
94af6c98 94aac534 win32k!NtGdiGetPhysicalMonitorDescription
94af6c9c 94aac85e win32k!DestroyPhysicalMonitor
94af6ca0 94aac5d9 win32k!NtGdiDDCCIGetVCPFeature
94af6ca4 94aac66b win32k!NtGdiDDCCISetVCPFeature
94af6ca8 94aac681 win32k!NtGdiDDCCISaveCurrentSettings
94af6cac 94aac9eb win32k!NtGdiDDCCIGetCapabilitiesStringLength
94af6cb0 94aaca4a win32k!NtGdiDDCCIGetCapabilitiesString
94af6cb4 94aac697 win32k!NtGdiDDCCIGetTimingReport
94af6cb8 94a7e78b win32k!NtGdiDdCreateFullscreenSprite
94af6cbc 94a7e79b win32k!NtGdiDdNotifyFullscreenSpriteUpdate
94af6cc0 94a7e7ab win32k!NtGdiDdDestroyFullscreenSprite
94af6cc4 94a7d93d win32k!NtGdiDdQueryVisRgnUniqueness
94af6cc8 94a4c874 win32k!NtUserSetMirrorRendering
94af6ccc 94a4c8f9 win32k!NtUserShowSystemCursor
94af6cd0 94a039db win32k!NtUserMagControl
94af6cd4 94a03a4a win32k!NtUserMagSetContextInformation
94af6cd8 94a031d3 win32k!NtUserMagGetContextInformation
94af6cdc 949ffe3c win32k!NtUserHwndQueryRedirectionInfo
94af6ce0 949f2a13 win32k!NtUserHwndSetRedirectionInfo
x86下windbg查看SSDT表与SHDOWSSDT相关推荐
- windbg查看SSDT表
SSDT,System Services Descriptor Table,系统服务描述符表. 见此 https://blog.csdn.net/bcbobo21cn/article/deta ...
- Windbg 查看SSDT表
SSDT HOOK 的原理其实非常简单,我们先实际看看KeServiceDescriptorTable是什么样的. lkd> dd KeServiceDescriptorTa ...
- mysql生产环境加索引_【生产篇】_MySQL环境下如何查看基于表的索引定义
[引言] 今天中午项目组来一需求,欲在MySQL环境的某张表下创建几个BTREE索引.要创建索引,首先需要了解基表的表结构,以及已经包含的索引.Oracle的表结构大家都很熟悉,但MySQL表结构和已 ...
- 下如何查看mysql表单_Navicat 教程:如何进行表单查看
Navicat 表单查看方便表单查看.更新或删除数据,显示当前的记录:栏位名及其值.表单的弹出菜单包括这些功能:设置栏位值为 Null 或空白字符串.使用当前栏位值为筛选.设置表单查看格式及更多,导览 ...
- 使用WinDbg获取SSDT 系统服务描述表的函数服务号(索引)
今天研究了一下午SSDT的东东,最尴尬的是起初我不知道如何获取到SSDT的函数服务号,而这个玩意儿在不同版本的windows是不一样的,后面经过研究还是找到了正确的方法.这里简单的分享一下. · ...
- Oracle 导入数据库 删除用户、删除表空间、删除表空间下所有表,查看当前表空间
导入数据库 在cmd下用 imp导入 格式: imp userName/passWord file=bmp文件路径 ignore = y (忽略创建错误)full=y(导入文件中全部内容); 例: ...
- Win7 64位的SSDTHOOK(1)---SSDT表的寻找
最近在学习64位驱动,涉及到了SSDT的知识,结果发现64位下的SSDT和32位下的SSDT有所不同. 开始发现64位下的KeServiceDescriptorTable是未导出的函数.首先要找到Ke ...
- 通过Windbg查看DataTable的值
使用Windbg查看内存中DataTable的值时,其实方法和查看普通对象是一样的,唯一要注意的时,DataTable对象中值的存储方式有些特别,DataRow中的值是存存放在DataTable的co ...
- windbg查看设备栈设备树学习总结
用windbg寻找设备树根节点 http://blog.csdn.net/lixiangminghate/article/details/51729945 用ReactOS上明确说过,Pnp管理器对每 ...
最新文章
- 程序员:我不学Python了!!
- 判断两个图片的特征向量_响应式布局提高篇 图片正确的打开方式
- 【Python-ML】SKlearn库逻辑斯蒂回归(logisticregression) 使用
- [跟我一起涨姿势]未注册服务的RHEL6.4使用网易的CentOS源
- python collections模块_Python 的collections模块
- jQuery学习笔记(一) 取值、赋值的基本方法
- 最近学到一些linq和面向对象的经验分享
- CSS设置一行文字,超出部分自动隐藏
- [linux] ab压测工具进行post压力测试
- Word批量转PDF/图片
- MVCC和InnoDB行锁
- 深入理解Java内存模型(五)——锁
- SpringBoot项目没有@RunWith注解
- 互联网巨头:必须要裁员吗?
- android studio怎么改软件扫码界面_一文入门Android逆向
- cad修改快捷键_CAD教程:CAD建筑户型图纸还能这么画?
- 杨辉三角 118.杨辉三角 119.杨辉三角Ⅱ(数学解法)
- 国家税务总局增值税发票查验平台不显示验证码的解决方法
- C++ Primer Plus (第六版)编程练习记录(chapter14 C++中的代码重用)
- 【图像分割】FCMKFCM MRI图像分割【含GUI Matlab源码 582期】