本文主要介绍WINNT内核中的KeServiceDescriptorTable和KeServiceDescriptorTableShadow两个系统服务分配器,分析了它们的结构和组成表,还介绍了SYSTEM_SERVICE_TABLE表结构。同时,给出获取KeServiceDescriptorTableShadow地址的方法,最后列出ntoskrnl和win2k导出的函数。
大家都知道在WINNT 的内核中存在着两个变量,KeServiceDescriptorTable,KeServiceDescriptorTableShadow,我们可以使用KD 看到。
kd> dd nt!KeServiceDescriptorTable
8046e0c0 804746e8 00000000 000000f8 80474acc
8046e0d0 00000000 00000000 00000000 00000000
8046e0e0 b956e840 00000000 00000007 b956e860
8046e0f0 00000000 00000000 00000000 00000000
kd> dd nt!KeServiceDescriptorTableShadow
8046e100 804746e8 00000000 000000f8 80474acc
8046e110 a018af20 00000000 00000280 a018bba4
8046e120 b956e840 00000000 00000007 b956e860
8046e130 00000000 00000000 00000000 00000000
它们两个都为系统服务分配器,前一个我们可以在很多地方都可以看到,它是一个他提供系统核心函数的调用,我们在调用NTDLL.DLL 中的函数时,NTDLL.dll将调用转到系统服务描述符表中。我们先来看看系统服务分配器的结构
typedef struct _SERVICE_DESCRIPTOR_TABLE
{
/*000*/ SYSTEM_SERVICE_TABLE ntoskrnl; // ntoskrnl.exe (native api)
/*010*/ SYSTEM_SERVICE_TABLE win32k; // win32k.sys (gdi/user)
/*020*/ SYSTEM_SERVICE_TABLE Table3; // not used
/*030*/ SYSTEM_SERVICE_TABLE Table4; // not used
/*040*/ }
SERVICE_DESCRIPTOR_TABLE,
* PSERVICE_DESCRIPTOR_TABLE,
**PPSERVICE_DESCRIPTOR_TABLE;
从上面可以看出,系统服务分配器其实一共由四张表组成,通过前面的KD 我们知道对于KeServiceDescriptorTable,只有ntoskrnl和table3(也许有的windows2000系统只有ntoskrnl)有效,ntoskrnl服务描述符表我们已经知道了,是系统核心服务程序ntoskrnl.exe 来执行的。对table3我也不知道是用来干什么的,只知道由spud.sys来执行的。
kd> dd nt!KeServiceDescriptorTable
8046e0c0 804746e8 00000000 000000f8 80474acc
8046e0d0 00000000 00000000 00000000 00000000
8046e0e0 b956e840 00000000 00000007 b956e860
8046e0f0 00000000 00000000 00000000 00000000
我们再来看看KeServiceDescriptorTableShadow
kd> dd nt!KeServiceDescriptorTableShadow
8046e100 804746e8 00000000 000000f8 80474acc
8046e110 a018af20 00000000 00000280 a018bba4
8046e120 b956e840 00000000 00000007 b956e860
8046e130 00000000 00000000 00000000 00000000
从上面可以看出KeServiceDescriptorTableShadow不仅有KeServiceDescriptorTable所有的ntoskrnl 和table3并且还多了一个win32k表,从地址a018af20我们就可以知道,其实它指向的是win32k.sys 所以win32k表其实并不在存在于 ntoskrnl.exe 中,而是存在于win32k.sys 中。
接下来我们来看看SYSTEM_SERVICE_TABLE表的结构
typedef NTSTATUS (NTAPI *NTPROC) ();
typedef NTPROC *PNTPROC;
typedef struct _SYSTEM_SERVICE_TABLE
{
/*000*/ PNTPROC ServiceTable; // array of entry points
/*004*/ PDWORD CounterTable; // array of usage counters
/*008*/ DWORD ServiceLimit; // number of table entries
/*00C*/ PBYTE ArgumentTable; // array of byte counts
/*010*/ }
SYSTEM_SERVICE_TABLE,
* PSYSTEM_SERVICE_TABLE,
**PPSYSTEM_SERVICE_TABLE;
一共有4个成员,第一个为函数执行地址,第二个为使用的次数,只有在调试版中才有用,第三个为服务表函数的个数,第四个参数为参数表。分析KeServiceDescriptorTable我们知道,服务表是执行地址从804746e8开始的248 个服务项。
kd> dd 804746e8
804746e8 804ac044 804ac643 804a450a 8050df24
804746f8 804a7a34 8045d2f8 805102ce 8051030e
80474708 804a8ab4 8050b393 804b1252 804fe041
80474718 804a2fe1 804ad11d 8044bdc5 804c7d4f
80474728 80499e48 804b9f6d 804fe3f4 80401912
80474738 804d0419 8041959a 804ebc25 80494606
80474748 8044fdc5 804a2f5f 804ac4ef e14ef9a8
80474758 80469824 804f5ab6 804998c2 804c9152
查看该地址的名称
kd> ln 804ac044
(804ac044) nt!NtAcceptConnectPort | (804ac4ef) nt!NtCompleteConnectPort
Exact matches:
nt!NtAcceptConnectPort = <no type information>
得出NtAcceptConnectPort。这就是ntoskrnl系统描述符表中的第一个函数,同理我们可以得出248个函数的名称。这些函数在好多地方都有介绍,有兴趣的朋友可以在网上找这些函数。
接下来我们重点分析KeServiceDescriptorTableShadow,照上面的道理,我们得出win32k 表中的第一个函数为NtGdiAbortDoc。
kd> dd a018af20
a018af20 a01019df a0119ef9 a00a7102 a010e86b
a018af30 a011be85 a010229e a0102977 a00ff587
a018af40 a011b5cc a005d796 a00b2e45 a00b205e
a018af50 a002cb38 a0008889 a011bb2e a011dc3b
a018af60 a0055e09 a011dd95 a006d536 a005d940
a018af70 a00170f6 a0062a1b a005e933 a0009c86
a018af80 a00337f2 a011d615 a011d8ee a00692c8
a018af90 a0009116 a002c1c7 a008a72a a0077b82
kd> ln a01019df
(a01019df) win32k!NtGdiAbortDoc | (a0101a40) win32k!GreDoBanding
Exact matches:
win32k!NtGdiAbortDoc = <no type information>
描述符表已经讲完了,下面,我来讲一将如何调用。对于ntoskern.exe 的函数,我在这里就不多说了,我想来说一说,win32k系统服务表函数的调用。
首先要获得KeServiceDescriptorTableShadow的值,大家都知道,KeServiceDescriptorTable由于ntoskrnl.exe 已经导出,我们只要在我们的程序中使用extern PSERVICE_DESCRIPTOR_TABLE KeServiceDescriptorTable;就可以获的,然而KeServiceDescriptorTableShadow并没有导出,我们可以使用指定它的地址,当这对于系统的兼容性不是很好,我在这里介绍一中方法,其实,这中方法也不算是新了,大家一看就应该明白的。
DWORD GetAddrssofShadowTable()
{
int i;
unsigned char *p;
unsigned int dwordatbyte;
p=(unsigned char *)KeAddSystemServiceTable;
for (i=0; i<4096; i++, p++) {
__try {
dwordatbyte = *(unsigned int *)p;
}
__except (EXCEPTION_EXECUTE_HANDLER) {
return 0;
}
if (MmIsAddressValid((PVOID)dwordatbyte)) {
if (memcmp((PVOID)dwordatbyte, &KeServiceDescriptorTable, 16) == 0) {
if ((PVOID)dwordatbyte == &KeServiceDescriptorTable) {
continue;
}
DbgPrint("Shadow @%x/n", dwordatbyte);
return dwordatbyte;
}
}
}
return 0;
}
获得地址后,我们就可以调用win2k的系统服务了,具体怎么编写,对这个问题我在这里就不多说了。我将ntoskrnl 和win2k 导出的函数列在这里,希望对大家有点帮助。注意winnt 的各个版本的ntoskrnl 和 win2k 表是不一样的,我这里列的是win2000 的。(注意最后一列为参数的字节数)
ntoskrnl 符号表
00 0x0X804AC044 NtAcceptConnectPort 18
01 0x0X804AC643 NtAccessCheck 20
02 0x0X804A450A NtAccessCheckAndAuditAlarm 2C
03 0x0X8050DF24 NtAccessCheckByType 2C
04 0x0X804A7A34 NtAccessCheckByTypeAndAuditAlarm 40
05 0x0X8045D2F8 NtAccessCheckByTypeResultList 2C
06 0x0X805102CE NtAccessCheckByTypeResultListAndAuditAlarm 40
07 0x0X8051030E NtAccessCheckByTypeResultListAndAuditAlarmByHandle 44
08 0x0X804A8AB4 NtAddAtom C
09 0x0X8050B393 NtAdjustGroupsToken 18
10 0x0X804B1252 NtAdjustPrivilegesToken 18
11 0x0X804FE041 NtAlertResumeThread 8
12 0x0X804A2FE1 NtAlertThread 4
13 0x0X804AD11D NtAllocateLocallyUniqueId 4
14 0x0X8044BDC5 NtAllocateUserPhysicalPages C
15 0x0X804C7D4F NtAllocateUuids 10
16 0x0X80499E48 NtAllocateVirtualMemory 18
17 0x0X804B9F6D NtAreMappedFilesTheSame 8
18 0x0X804FE3F4 NtAssignProcessToJobObject 8
19 0x0X80401912 NtCallbackReturn C
20 0x0X804D0419 NtCancelIoFile 8
21 0x0X8041959A NtCancelTimer 8
22 0x0X804EBC25 NtSetContextChannel 4
23 0x0X80494606 NtClearEvent 4
24 0x0X8044FDC5 NtClose 4
25 0x0X804A2F5F NtCloseObjectAuditAlarm C
26 0x0X804AC4EF NtCompleteConnectPort 4
27 0x0X804ABF67 NtConnectPort 20
28 0x0X80469824 NtContinue 8
29 0x0X804F5AB6 NtCreateDirectoryObject C
30 0x0X804998C2 NtCreateEvent 14
31 0x0X804C9152 NtCreateEventPair C
32 0x0X80497220 NtCreateFile 2C
33 0x0X804BB7C3 NtCreateIoCompletion 10
34 0x0X804FE117 NtCreateJobObject C
35 0x0X8049C7F1 NtCreateKey 1C
36 0x0X804B387C NtCreateMailslotFile 20
37 0x0X804A689D NtCreateMutant 10
38 0x0X804B3100 NtCreateNamedPipeFile 38
39 0x0X804EF1A2 NtCreatePagingFile 10
40 0x0X804BBB69 NtCreatePort 14
41 0x0X804BA844 NtCreateProcess 20
42 0x0X804C871C NtCreateProfile 24
43 0x0X804A49AE NtCreateSection 1C
44 0x0X804A6B47 NtCreateSemaphore 14
45 0x0X804C004E NtCreateSymbolicLinkObject 10
46 0x0X804A26E1 NtCreateThread 20
47 0x0X804B96EA NtCreateTimer 10
48 0x0X805125A9 NtCreateToken 34
49 0x0X804EC741 NtCreateWaitablePort 14
50 0x0X80494419 NtDelayExecution 8
51 0x0X804995D2 NtDeleteAtom 4
52 0x0X804D0581 NtDeleteFile 4
53 0x0X804BF75C NtDeleteKey 4
54 0x0X80492DFF NtDeleteObjectAuditAlarm C
55 0x0X804AF598 NtDeleteValueKey 8
56 0x0X804C0396 NtDeviceIoControlFile 28
57 0x0X804C4336 NtDisplayString 4
58 0x0X8049DED1 NtDuplicateObject 1C
59 0x0X804A8BED NtDuplicateToken 18
60 0x0X804A817D NtEnumerateKey 18
61 0x0X804AAF00 NtEnumerateValueKey 18
62 0x0X8049271C NtExtendSection 8
63 0x0X8050BE5E NtFilterToken 18
64 0x0X804A897B NtFindAtom C
65 0x0X8049F420 NtFlushBuffersFile 8
66 0x0X804A6296 NtFlushInstructionCache C
67 0x0X804BD5A8 NtFlushKey 4
68 0x0X804AEA94 NtFlushVirtualMemory 10
69 0x0X804F2635 NtFlushWriteBuffer 0
70 0x0X8044C3F0 NtFreeUserPhysicalPages C
71 0x0X80498DF5 NtFreeVirtualMemory 10
72 0x0X80496D67 NtFsControlFile 28
73 0x0X804B826B NtGetContextThread 8
74 0x0X804F79C2 NtGetDevicePowerState 8
75 0x0X804B70C1 NtGetPlugPlayEvent 10
76 0x0X804644F2 NtGetTickCount 0
77 0x0X8044CA37 NtGetWriteWatch 1C
78 0x0X80513084 NtImpersonateAnonymousToken 4
79 0x0X804A302B NtImpersonateClientOfPort 8
80 0x0X80456635 NtImpersonateThread C
81 0x0X80522B75 NtInitializeRegistry 4
82 0x0X804F77B0 NtInitiatePowerAction 10
83 0x0X804F79B4 NtIsSystemResumeAutomatic 0
84 0x0X804EC987 NtListenPort 8
85 0x0X8052F0B3 NtLoadDriver 4
86 0x0X8052381B NtLoadKey 8
87 0x0X80463EAE NtLoadKey2 C
88 0x0X804AA14C NtLockFile 28
89 0x0X804F26CC NtLockVirtualMemory 10
90 0x0X804BFFC1 NtMakeTemporaryObject 4
91 0x0X8044B4A8 NtMapUserPhysicalPages C
92 0x0X8044B8BB NtMapUserPhysicalPagesScatter C
93 0x0X804A46E2 NtMapViewOfSection 28
94 0x0X804AA4F6 NtNotifyChangeDirectoryFile 24
95 0x0X804AABF0 NtNotifyChangeKey 28
96 0x0X804AAC1E NtNotifyChangeMultipleKeys 30
97 0x0X804A3D97 NtOpenDirectoryObject C
98 0x0X804A6C2B NtOpenEvent C
99 0x0X804C923E NtOpenEventPair C
100 0x0X8049BE5D NtOpenFile 18
101 0x0X804D4DC5 NtOpenIoCompletion C
102 0x0X804FE32C NtOpenJobObject C
103 0x0X80497B66 NtOpenKey C
104 0x0X804B02D5 NtOpenMutant C
105 0x0X804AC998 NtOpenObjectAuditAlarm 30
106 0x0X804A528B NtOpenProcess 10
107 0x0X8049B696 NtOpenProcessToken C
108 0x0X804A4BE7 NtOpenSection C
109 0x0X804B1C2C NtOpenSemaphore C
110 0x0X804A3B67 NtOpenSymbolicLinkObject C
111 0x0X804B7B8C NtOpenThread 10
112 0x0X8049AD89 NtOpenThreadToken 10
113 0x0X804C8E18 NtOpenTimer C
114 0x0X804B198B NtPlugPlayControl C
115 0x0X804F8498 NtPowerInformation 14
116 0x0X804C3081 NtPrivilegeCheck C
117 0x0X8050F9D9 NtPrivilegedServiceAuditAlarm 14
118 0x0X8050F7B5 NtPrivilegeObjectAuditAlarm 18
119 0x0X804A1650 NtProtectVirtualMemory 14
120 0x0X804C3A60 NtPulseEvent 8
121 0x0X804AB10E NtQueryInformationAtom 14
122 0x0X8049BEAE NtQueryAttributesFile 8
123 0x0X8049909E NtQueryDefaultLocale 8
124 0x0X804B0962 NtQueryDefaultUILanguage 4
125 0x0X804A5E22 NtQueryDirectoryFile 2C
126 0x0X804B8509 NtQueryDirectoryObject 1C
127 0x0X804D5A76 NtQueryEaFile 24
128 0x0X804B05C8 NtQueryEvent 14
129 0x0X804AD1AD NtQueryFullAttributesFile 8
130 0x0X8049C252 NtQueryInformationFile 14
131 0x0X804BA370 NtQueryInformationJobObject 14
132 0x0X80494A78 NtQueryIoCompletion 14
133 0x0X804ECA05 NtQueryInformationPort 14
134 0x0X804A4F09 NtQueryInformationProcess 14
135 0x0X80494B4D NtQueryInformationThread 14
136 0x0X8049B504 NtQueryInformationToken 14
137 0x0X804BB6D2 NtQueryInstallUILanguage 4
138 0x0X804C8CEA NtQueryIntervalProfile 8
139 0x0X8049857B NtQueryKey 14
140 0x0X80523ED0 NtQueryMultipleValueKey 18
141 0x0X804C8FB1 NtQueryMutant 14
142 0x0X804A0DB2 NtQueryObject 14
143 0x0X80524574 NtQueryOpenSubKeys 8
144 0x0X804C0669 NtQueryPerformanceCounter 8
145 0x0X804D6A09 NtQueryQuotaInformationFile 24
146 0x0X804BA146 NtQuerySection 14
147 0x0X804502ED NtQuerySecurityObject 14
148 0x0X804C7ADC NtQuerySemaphore 14
149 0x0X804A3C04 NtQuerySymbolicLinkObject C
150 0x0X804C816B NtQuerySystemEnvironmentValue 10
151 0x0X8049A51B NtQuerySystemInformation 10
152 0x0X804B08E1 NtQuerySystemTime 4
153 0x0X804B9207 NtQueryTimer 14
154 0x0X804AD698 NtQueryTimerResolution C
155 0x0X80498256 NtQueryValueKey 18
156 0x0X804A0C05 NtQueryVirtualMemory 18
157 0x0X804A544E NtQueryVolumeInformationFile 14
158 0x0X804B9164 NtQueueApcThread 14
159 0x0X8046986C NtRaiseException C
160 0x0X804C75F4 NtRaiseHardError 18
161 0x0X8049F636 NtReadFile 24
162 0x0X804D76E5 NtReadFileScatter 24
163 0x0X804A35CF NtReadRequestData 18
164 0x0X804BD2FF NtReadVirtualMemory 14
165 0x0X804A238B NtRegisterThreadTerminatePort 4
166 0x0X804991A0 NtReleaseMutant 8
167 0x0X8049BB0C NtReleaseSemaphore C
168 0x0X8049490A NtRemoveIoCompletion 14
169 0x0X80523CFF NtReplaceKey C
170 0x0X804AB843 NtReplyPort 8
171 0x0X80493EEA NtReplyWaitReceivePort 10
172 0x0X80434985 NtReplyWaitReceivePortEx 14
173 0x0X804ECC10 NtReplyWaitReplyPort 8
174 0x0X804F7952 NtRequestDeviceWakeup 4
175 0x0X804C09F4 NtRequestPort 8
176 0x0X80493ADF NtRequestWaitReplyPort C
177 0x0X804F775C NtRequestWakeupLatency 4
178 0x0X804C3BB0 NtResetEvent 8
179 0x0X8044CF1E NtResetWriteWatch C
180 0x0X80523434 NtRestoreKey C
181 0x0X804A1AD4 NtResumeThread 8
182 0x0X804C1C8E NtSaveKey 8
183 0x0X80523598 NtSaveMergedKeys C
184 0x0X80433FFA NtSecureConnectPort 24
185 0x0X804C055D NtSetIoCompletion 14
186 0x0X80492B7E NtSetContextThread 8
187 0x0X804C79DE NtSetDefaultHardErrorPort 4
188 0x0X804C45F2 NtSetDefaultLocale 8
189 0x0X804C4BC0 NtSetDefaultUILanguage 4
190 0x0X804D6000 NtSetEaFile 10
191 0x0X8049464A NtSetEvent 8
192 0x0X804C94E0 NtSetHighEventPair 4
193 0x0X804C9426 NtSetHighWaitLowEventPair 4
194 0x0X804999B7 NtSetInformationFile 14
195 0x0X804FF2EF NtSetInformationJobObject 10
196 0x0X80523A05 NtSetInformationKey 10
197 0x0X804A0EDA NtSetInformationObject 10
198 0x0X804A509D NtSetInformationProcess 10
199 0x0X80499BB5 NtSetInformationThread 10
200 0x0X80492E80 NtSetInformationToken 10
201 0x0X804C8CD8 NtSetIntervalProfile 8
202 0x0X804FD65B NtSetLdtEntries 18
203 0x0X804C948A NtSetLowEventPair 4
204 0x0X804C93C2 NtSetLowWaitHighEventPair 4
205 0x0X804D6F95 NtSetQuotaInformationFile 10
206 0x0X804501F8 NtSetSecurityObject C
207 0x0X804C83F5 NtSetSystemEnvironmentValue 8
208 0x0X80490219 NtSetSystemInformation C
209 0x0X8048D245 NtSetSystemPowerState C
210 0x0X804C67E6 NtSetSystemTime 8
211 0x0X804BFE64 NtSetThreadExecutionState 8
212 0x0X80419733 NtSetTimer 1C
213 0x0X804903B1 NtSetTimerResolution C
214 0x0X804C7C59 NtSetUuidSeed 4
215 0x0X804A7DF1 NtSetValueKey 18
216 0x0X804D70BB NtSetVolumeInformationFile 14
217 0x0X804C4304 NtShutdownSystem 4
218 0x0X804509DA NtSignalAndWaitForSingleObject 10
219 0x0X804C898D NtStartProfile 4
220 0x0X804C8C34 NtStopProfile 4
221 0x0X804B819B NtSuspendThread 8
222 0x0X8052EF12 NtSystemDebugControl 18
223 0x0X805000C1 NtTerminateJobObject 8
224 0x0X804BCA6F NtTerminateProcess 8
225 0x0X804A1577 NtTerminateThread 8
226 0x0X804A24B3 NtTestAlert 0
227 0x0X8052F280 NtUnloadDriver 4
228 0x0X8052382D NtUnloadKey 4
229 0x0X804A9FD7 NtUnlockFile 14
230 0x0X804BC726 NtUnlockVirtualMemory 10
231 0x0X8049C735 NtUnmapViewOfSection 8
232 0x0X805144C4 NtVdmControl 8
233 0x0X80450BCB NtWaitForMultipleObjects 14
234 0x0X80494531 NtWaitForSingleObject C
235 0x0X804C9364 NtWaitHighEventPair 4
236 0x0X804C9306 NtWaitLowEventPair 4
237 0x0X8049F0C5 NtWriteFile 24
238 0x0X804D7FA8 NtWriteFileGather 24
239 0x0X804A2B94 NtWriteRequestData 18
240 0x0X804B06F7 NtWriteVirtualMemory 14
241 0x0X804EBC1D NtListenChannel 8
242 0x0X804EBC1D NtListenChannel 8
243 0x0X804EBC1D NtListenChannel 8
244 0x0X80433803 NtReplyWaitSendChannel C
245 0x0X8043380B NtSendWaitReplyChannel 10
246 0x0X804EBC25 NtSetContextChannel 4
247 0x0X80433813 NtYieldExecution 0
win2k描述符表
00 0x0XA01019DF NtGdiAbortDoc 4
01 0x0XA0119EF9 NtGdiAbortPath 4
02 0x0XA00A7102 NtGdiAddFontResourceW 18
03 0x0XA010E86B NtGdiAddRemoteFontToDC 10
04 0x0XA011BE85 NtGdiAddFontMemResourceEx 14
05 0x0XA010229E NtGdiRemoveMergeFont 8
06 0x0XA0102977 NtGdiAddRemoteMMInstanceToDC C
07 0x0XA00FF587 NtGdiAlphaBlend 30
08 0x0XA011B5CC NtGdiAngleArc 18
09 0x0XA005D796 NtGdiAnyLinkedFonts 0
10 0x0XA00B2E45 NtGdiFontIsLinked 4
11 0x0XA00B205E NtGdiArcInternal 28
12 0x0XA002CB38 NtGdiBeginPath 4
13 0x0XA0008889 NtGdiBitBlt 2C
14 0x0XA011BB2E NtGdiCancelDC 4
15 0x0XA011DC3B NtGdiCheckBitmapBits 20
16 0x0XA0055E09 NtGdiCloseFigure 4
17 0x0XA011DD95 NtGdiColorCorrectPalette 18
18 0x0XA006D536 NtGdiCombineRgn 10
19 0x0XA005D940 NtGdiCombineTransform C
20 0x0XA00170F6 NtGdiComputeXformCoefficients 4
21 0x0XA0062A1B NtGdiConsoleTextOut 10
22 0x0XA005E933 NtGdiConvertMetafileRect 8
23 0x0XA0009C86 NtGdiCreateBitmap 14
24 0x0XA00337F2 NtGdiCreateClientObj 4
25 0x0XA011D615 NtGdiCreateColorSpace 4
26 0x0XA011D8EE NtGdiCreateColorTransform 20
27 0x0XA00692C8 NtGdiCreateCompatibleBitmap C
28 0x0XA0009116 NtGdiCreateCompatibleDC 4
29 0x0XA002C1C7 NtGdiCreateDIBBrush 18
30 0x0XA008A72A NtGdiCreateDIBitmapInternal 2C
31 0x0XA0077B82 NtGdiCreateDIBSection 24
32 0x0XA00B1EC1 NtGdiCreateEllipticRgn 10
33 0x0XA0031F08 NtGdiCreateHalftonePalette 4
34 0x0XA0060641 NtGdiCreateHatchBrushInternal C
35 0x0XA005D2D9 NtGdiCreateMetafileDC 4
36 0x0XA0033369 NtGdiCreatePaletteInternal 8
37 0x0XA0077940 NtGdiCreatePatternBrushInternal C
38 0x0XA006C8DD NtGdiCreatePen 10
39 0x0XA0018D4C NtGdiCreateRectRgn 10
40 0x0XA01062FD NtGdiCreateRoundRectRgn 18
41 0x0XA0055A66 NtGdiCreateServerMetaFile 18
42 0x0XA000A2FA NtGdiCreateSolidBrush 8
43 0x0XA01208DB NtGdiD3dContextCreate 10
44 0x0XA0120C7A NtGdiD3dContextDestroy 4
45 0x0XA0120D0B NtGdiD3dContextDestroyAll 4
46 0x0XA01210D8 NtGdiD3dValidateTextureStageState 4
47 0x0XA0120D79 NtGdiD3dDrawPrimitives2 1C
48 0x0XA01212AA NtGdiDdGetDriverState 4
49 0x0XA0124D87 NtGdiDdAddAttachedSurface C
50 0x0XA0126F6D NtGdiDdAlphaBlt C
51 0x0XA012315A NtGdiDdAttachSurface 8
52 0x0XA01266ED NtGdiDdBeginMoCompFrame 8
53 0x0XA01235B2 NtGdiDdBlt C
54 0x0XA00523DE NtGdiDdCanCreateSurface 8
55 0x0XA0124581 NtGdiDdCanCreateD3DBuffer 8
56 0x0XA012587D NtGdiDdColorControl 8
57 0x0XA00519A1 NtGdiDdCreateDirectDrawObject 4
58 0x0XA005234C NtGdiDdCreateSurface 20
59 0x0XA005234C NtGdiDdCreateSurface 20
60 0x0XA01260AF NtGdiDdCreateMoComp 8
61 0x0XA01229DD NtGdiDdCreateSurfaceObject 18
62 0x0XA0051197 NtGdiDdDeleteDirectDrawObject 4
63 0x0XA00527BA NtGdiDdDeleteSurfaceObject 4
64 0x0XA012667E NtGdiDdDestroyMoComp 8
65 0x0XA0053839 NtGdiDdDestroySurface 8
66 0x0XA0124BCE NtGdiDdDestroyD3DBuffer 4
67 0x0XA0126957 NtGdiDdEndMoCompFrame 8
68 0x0XA0123B13 NtGdiDdFlip 14
69 0x0XA012571A NtGdiDdFlipToGDISurface 8
70 0x0XA00A1C49 NtGdiDdGetAvailDriverMemory 8
71 0x0XA01242BF NtGdiDdGetBltStatus 8
72 0x0XA0122FBF NtGdiDdGetDC 8
73 0x0XA0051600 NtGdiDdGetDriverInfo 8
74 0x0XA0125B14 NtGdiDdGetDxHandle C
75 0x0XA012415F NtGdiDdGetFlipStatus 8
76 0x0XA0126529 NtGdiDdGetInternalMoCompInfo 8
77 0x0XA0126346 NtGdiDdGetMoCompBuffInfo 8
78 0x0XA0125C58 NtGdiDdGetMoCompGuids 8
79 0x0XA0125E0C NtGdiDdGetMoCompFormats 8
80 0x0XA01254D4 NtGdiDdGetScanLine 8
81 0x0XA0053B28 NtGdiDdLock C
82 0x0XA0123F8E NtGdiDdLockD3D 8
83 0x0XA0051369 NtGdiDdQueryDirectDrawObject 2C
84 0x0XA0126E26 NtGdiDdQueryMoCompStatus 8
85 0x0XA0051239 NtGdiDdReenableDirectDrawObject 8
86 0x0XA0123128 NtGdiDdReleaseDC 4
87 0x0XA0126ADF NtGdiDdRenderMoComp 8
88 0x0XA00534BB NtGdiDdResetVisrgn 8
89 0x0XA0124C40 NtGdiDdSetColorKey 8
90 0x0XA0125602 NtGdiDdSetExclusiveMode 8
91 0x0XA0127415 NtGdiDdSetGammaRamp C
92 0x0XA0127587 NtGdiDdCreateSurfaceEx C
93 0x0XA0125376 NtGdiDdSetOverlayPosition C
94 0x0XA0123299 NtGdiDdUnattachSurface 8
95 0x0XA0053F8A NtGdiDdUnlock 8
96 0x0XA0124091 NtGdiDdUnlockD3D 8
97 0x0XA0124F00 NtGdiDdUpdateOverlay C
98 0x0XA01243F6 NtGdiDdWaitForVerticalBlank 8
99 0x0XA01287EF NtGdiDvpCanCreateVideoPort 8
100 0x0XA0129FE8 NtGdiDvpColorControl 8
101 0x0XA0128937 NtGdiDvpCreateVideoPort 8
102 0x0XA0128B87 NtGdiDvpDestroyVideoPort 8
103 0x0XA0128BF6 NtGdiDvpFlipVideoPort 10
104 0x0XA0128D75 NtGdiDvpGetVideoPortBandwidth 8
105 0x0XA0128F14 NtGdiDvpGetVideoPortField 8
106 0x0XA012904D NtGdiDvpGetVideoPortFlipStatus 8
107 0x0XA0129163 NtGdiDvpGetVideoPortInputFormats 8
108 0x0XA0129514 NtGdiDvpGetVideoPortLine 8
109 0x0XA012932A NtGdiDvpGetVideoPortOutputFormats 8
110 0x0XA01295FA NtGdiDvpGetVideoPortConnectInfo 8
111 0x0XA01297B7 NtGdiDvpGetVideoSignalStatus 8
112 0x0XA012989D NtGdiDvpUpdateVideoPort 10
113 0x0XA0129EB8 NtGdiDvpWaitForVideoPortSync 8
114 0x0XA0033851 NtGdiDeleteClientObj 4
115 0x0XA011D702 NtGdiDeleteColorSpace 4
116 0x0XA011DB64 NtGdiDeleteColorTransform 8
117 0x0XA0069A34 NtGdiDeleteObjectApp 4
118 0x0XA011C8FA NtGdiDescribePixelFormat 10
119 0x0XA0101CA4 NtGdiGetPerBandInfo 8
120 0x0XA0101B85 NtGdiDoBanding 10
121 0x0XA00773BA NtGdiDoPalette 18
122 0x0XA011B6ED NtGdiDrawEscape 10
123 0x0XA004123E NtGdiEllipse 14
124 0x0XA00B7E67 NtGdiEnableEudc 4
125 0x0XA003D470 NtGdiEndDoc 4
126 0x0XA003D2BB NtGdiEndPage 4
127 0x0XA002CB02 NtGdiEndPath 4
128 0x0XA0038C3C NtGdiEnumFontChunk 14
129 0x0XA00187B5 NtGdiEnumFontClose 4
130 0x0XA003A05E NtGdiEnumFontOpen 1C
131 0x0XA004D622 NtGdiEnumObjects 10
132 0x0XA00B9816 NtGdiEqualRgn 8
133 0x0XA012D98E NtGdiEudcEnumFaceNameLinkW 10
134 0x0XA012D7F1 NtGdiEudcLoadUnloadLink 1C
135 0x0XA0032907 NtGdiExcludeClipRect 14
136 0x0XA002EF09 NtGdiExtCreatePen 2C
137 0x0XA005DCE9 NtGdiExtCreateRegion C
138 0x0XA0038322 NtGdiExtEscape 20
139 0x0XA012EA58 NtGdiExtFloodFill 14
140 0x0XA006AFE2 NtGdiExtGetObjectW C
141 0x0XA0069C3D NtGdiExtSelectClipRgn C
142 0x0XA001D420 NtGdiExtTextOutW 24
143 0x0XA0055E77 NtGdiFillPath 4
144 0x0XA004D186 NtGdiFillRgn C
145 0x0XA011A011 NtGdiFlattenPath 4
146 0x0XA00048E5 NtGdiFlushUserBatch 0
147 0x0XA0002FD5 GreFlush 0
148 0x0XA011C7BE NtGdiForceUFIMapping 8
149 0x0XA01063E8 NtGdiFrameRgn 14
150 0x0XA00B1C85 NtGdiFullscreenControl 14
151 0x0XA004C9B4 NtGdiGetAndSetDCDword 10
152 0x0XA000CAD6 NtGdiGetAppClipBox 8
153 0x0XA0031CC8 NtGdiGetBitmapBits C
154 0x0XA00BBAA2 NtGdiGetBitmapDimension 8
155 0x0XA0096556 NtGdiGetBoundsRect C
156 0x0XA0045EEB NtGdiGetCharABCWidthsW 18
157 0x0XA011A78F NtGdiGetCharacterPlacementW 18
158 0x0XA00695DC NtGdiGetCharSet 4
159 0x0XA004C04D NtGdiGetCharWidthW 18
160 0x0XA001C1CC NtGdiGetCharWidthInfo 8
161 0x0XA011B991 NtGdiGetColorAdjustment 8
162 0x0XA012F33E NtGdiGetColorSpaceforBitmap 4
163 0x0XA0069CF0 NtGdiGetDCDword C
164 0x0XA0069B51 NtGdiGetDCforBitmap 4
165 0x0XA006B7C2 NtGdiGetDCObject 8
166 0x0XA005F3DB NtGdiGetDCPoint C
167 0x0XA011BBDE NtGdiGetDeviceCaps 8
168 0x0XA011DFE1 NtGdiGetDeviceGammaRamp 8
169 0x0XA0036C34 NtGdiGetDeviceCapsAll 8
170 0x0XA0097D12 NtGdiGetDIBitsInternal 24
171 0x0XA01302FD NtGdiGetETM 8
172 0x0XA012CAA7 NtGdiGetEudcTimeStampEx C
173 0x0XA004E46A NtGdiGetFontData 14
174 0x0XA011C14F NtGdiGetFontResourceInfoInternalW 1C
175 0x0XA011CBE0 NtGdiGetGlyphIndicesW 14
176 0x0XA011CA87 NtGdiGetGlyphIndicesWInternal 18
177 0x0XA011B80D NtGdiGetGlyphOutline 20
178 0x0XA00BA050 NtGdiGetKerningPairs C
179 0x0XA0101D99 NtGdiGetLinkedUFIs C
180 0x0XA011B645 NtGdiGetMiterLimit 8
181 0x0XA010DD0F NtGdiGetMonitorID C
182 0x0XA006C9AF NtGdiGetNearestColor 8
183 0x0XA0032D38 NtGdiGetNearestPaletteIndex 8
184 0x0XA005CF87 NtGdiGetObjectBitmapHandle 8
185 0x0XA004BEB3 NtGdiGetOutlineTextMetricsInternalW 10
186 0x0XA011A592 NtGdiGetPath 10
187 0x0XA0026207 NtGdiGetPixel C
188 0x0XA0069C51 NtGdiGetRandomRgn C
189 0x0XA00D1B98 NtGdiGetRasterizerCaps 8
190 0x0XA00B2DDD NtGdiGetRealizationInfo 8
191 0x0XA0033166 NtGdiGetRegionData C
192 0x0XA0032B85 NtGdiGetRgnBox 8
193 0x0XA00D6DB2 NtGdiGetServerMetaFileBits 1C
194 0x0XA004F0AC NtGdiGetSpoolMessage 10
195 0x0XA01304DB NtGdiGetStats 14
196 0x0XA000A325 NtGdiGetStockObject 4
197 0x0XA012DAE7 NtGdiGetStringBitmapW 14
198 0x0XA003345D NtGdiGetSystemPaletteUse 4
199 0x0XA001657D NtGdiGetTextCharsetInfo C
200 0x0XA002C939 NtGdiGetTextExtent 14
201 0x0XA002A89E NtGdiGetTextExtentExW 20
202 0x0XA0070739 NtGdiGetTextFaceW 10
203 0x0XA006F17B NtGdiGetTextMetricsW C
204 0x0XA005D0AE NtGdiGetTransform C
205 0x0XA011C2C6 NtGdiGetUFI 18
206 0x0XA011C3A4 NtGdiGetUFIPathname 28
207 0x0XA011CBFD NtGdiGetFontUnicodeRanges 8
208 0x0XA0021575 NtGdiGetWidthTable 1C
209 0x0XA011105A NtGdiGradientFill 18
210 0x0XA006ED61 NtGdiHfontCreate 14
211 0x0XA011E6C0 NtGdiIcmBrushInfo 20
212 0x0XA00919C4 NtGdiInit 0
213 0x0XA00A6634 NtGdiInitSpool 0
214 0x0XA00671CD NtGdiIntersectClipRect 14
215 0x0XA00338CB NtGdiInvertRgn 8
216 0x0XA001ABBA NtGdiLineTo C
217 0x0XA011C98A NtGdiMakeFontDir 14
218 0x0XA005E4C3 NtGdiMakeInfoDC 8
219 0x0XA0061BD1 NtGdiMaskBlt 34
220 0x0XA005D7EF NtGdiModifyWorldTransform C
221 0x0XA011FE96 NtGdiMonoBitmap 4
222 0x0XA011BB5A NtGdiMoveTo 10
223 0x0XA005F311 NtGdiOffsetClipRgn C
224 0x0XA0032BEE NtGdiOffsetRgn C
225 0x0XA0077DDA NtGdiOpenDCW 1C
226 0x0XA00724DE NtGdiPatBlt 18
227 0x0XA0077CD4 NtGdiPolyPatBlt 14
228 0x0XA011A300 NtGdiPathToRegion 4
229 0x0XA01126CC NtGdiPlgBlt 2C
230 0x0XA011B0D4 NtGdiPolyDraw 10
231 0x0XA002F4C6 NtGdiPolyPolyDraw 14
232 0x0XA011B1F3 NtGdiPolyTextOutW 10
233 0x0XA011BD4A NtGdiPtInRegion C
234 0x0XA01068A5 NtGdiPtVisible C
235 0x0XA003E69E NtGdiQueryFonts C
236 0x0XA009199C NtGdiQueryFontAssocInfo 4
237 0x0XA002B709 NtGdiRectangle 14
238 0x0XA011BC62 NtGdiRectInRegion 8
239 0x0XA001955C NtGdiRectVisible 8
240 0x0XA011BFAB NtGdiRemoveFontResourceW 18
241 0x0XA011C138 NtGdiRemoveFontMemResourceEx 4
242 0x0XA00461F7 NtGdiResetDC 14
243 0x0XA0120146 NtGdiResizePalette 8
244 0x0XA0069B41 NtGdiRestoreDC 8
245 0x0XA00D441A NtGdiRoundRect 1C
246 0x0XA0069B35 NtGdiSaveDC 4
247 0x0XA0111E35 NtGdiScaleViewportExtEx 18
248 0x0XA011C666 NtGdiScaleWindowExtEx 18
249 0x0XA0007FCE GreSelectBitmap 8
250 0x0XA011BB3A NtGdiSelectBrush 8
251 0x0XA011A1B0 NtGdiSelectClipPath 8
252 0x0XA006D2FB NtGdiSelectFont 8
253 0x0XA011BB4A NtGdiSelectPen 8
254 0x0XA004D496 NtGdiSetBitmapBits C
255 0x0XA011C730 NtGdiSetBitmapDimension 10
256 0x0XA0024952 NtGdiSetBoundsRect C
257 0x0XA005D11B NtGdiSetBrushOrg 10
258 0x0XA011BA08 NtGdiSetColorAdjustment 8
259 0x0XA011D70E NtGdiSetColorSpace 8
260 0x0XA011E37A NtGdiSetDeviceGammaRamp 8
261 0x0XA00763C5 NtGdiSetDIBitsToDeviceInternal 40
262 0x0XA00B3196 NtGdiSetFontEnumeration 4
263 0x0XA005D856 NtGdiSetFontXform C
264 0x0XA005D57B NtGdiSetIcmMode C
265 0x0XA005DC18 NtGdiSetLinkedUFIs C
266 0x0XA012064C NtGdiSetMagicColors C
267 0x0XA005D56F NtGdiSetMetaRgn 4
268 0x0XA005D6B3 NtGdiSetMiterLimit C
269 0x0XA011C65A NtGdiGetDeviceWidth 4
270 0x0XA011C64E NtGdiMirrorWindowOrg 4
271 0x0XA0016F24 NtGdiSetLayout C
272 0x0XA0025F95 NtGdiSetPixel 10
273 0x0XA0131774 NtGdiSetPixelFormat 8
274 0x0XA011BC47 NtGdiSetRectRgn 14
275 0x0XA011BBEE NtGdiSetSystemPaletteUse 8
276 0x0XA01308E6 NtGdiSetTextJustification C
277 0x0XA005679A NtGdiSetupPublicCFONT C
278 0x0XA005E106 NtGdiSetVirtualResolution 14
279 0x0XA005D8F2 NtGdiSetSizeDevice C
280 0x0XA003F830 NtGdiStartDoc 10
281 0x0XA003D47E NtGdiStartPage 4
282 0x0XA0018655 NtGdiStretchBlt 30
283 0x0XA0097139 NtGdiStretchDIBitsInternal 40
284 0x0XA011A3E6 NtGdiStrokeAndFillPath 4
285 0x0XA009C807 NtGdiStrokePath 4
286 0x0XA0131947 NtGdiSwapBuffers 4
287 0x0XA00336FF NtGdiTransformPoints 14
288 0x0XA00A5258 NtGdiTransparentBlt 2C
289 0x0XA011C845 NtGdiUnloadPrinterDriver 8
290 0x0XA011BE7F NtGdiUnmapMemFont 4
291 0x0XA011BC3B NtGdiUnrealizeObject 4
292 0x0XA0120302 NtGdiUpdateColors 4
293 0x0XA011A0A8 NtGdiWidenPath 4
294 0x0XA008C802 NtUserActivateKeyboardLayout 8
295 0x0XA0017221 NtUserAlterWindowStyle C
296 0x0XA00DFEDF NtUserAssociateInputContext C
297 0x0XA0024580 NtUserAttachThreadInput C
298 0x0XA0067389 NtUserBeginPaint 8
299 0x0XA00197F9 NtUserBitBltSysBmp 20
300 0x0XA00DE6E8 NtUserBlockInput 4
301 0x0XA00DFFFB NtUserBuildHimcList 10
302 0x0XA006C272 NtUserBuildHwndList 1C
303 0x0XA004FA65 NtUserBuildNameList 10
304 0x0XA00DE43B NtUserBuildPropList 10
305 0x0XA008A582 NtUserCallHwnd 8
306 0x0XA0016B86 NtUserCallHwndLock 8
307 0x0XA00B815F NtUserCallHwndOpt 8
308 0x0XA001648D NtUserCallHwndParam C
309 0x0XA0016F38 NtUserCallHwndParamLock C
310 0x0XA001D05E NtUserCallMsgFilter 8
311 0x0XA005E4F5 NtUserCallNextHookEx 10
312 0x0XA0002C95 NtUserCallNoParam 4
313 0x0XA0002CCF NtUserCallOneParam 8
314 0x0XA001DBB7 NtUserCallTwoParam C
315 0x0XA004EB78 NtUserChangeClipboardChain 8
316 0x0XA00DE954 NtUserChangeDisplaySettings 14
317 0x0XA0095187 NtUserCheckImeHotKey 8
318 0x0XA0098835 NtUserCheckMenuItem C
319 0x0XA0024A95 NtUserChildWindowFromPointEx 10
320 0x0XA00DD3DD NtUserClipCursor 4
321 0x0XA001C4C4 NtUserCloseClipboard 0
322 0x0XA004F7A3 NtUserCloseDesktop 4
323 0x0XA004F738 NtUserCloseWindowStation 4
324 0x0XA00930A0 NtUserConsoleControl C
325 0x0XA00470D8 NtUserConvertMemHandle 8
326 0x0XA004DD07 NtUserCopyAcceleratorTable C
327 0x0XA00186A1 NtUserCountClipboardFormats 0
328 0x0XA0031D7E NtUserCreateAcceleratorTable 8
329 0x0XA001DD82 NtUserCreateCaret 10
330 0x0XA00A6378 NtUserCreateDesktop 14
331 0x0XA00DFE5A NtUserCreateInputContext 4
332 0x0XA002F135 NtUserCreateLocalMemHandle 10
333 0x0XA0074056 NtUserCreateWindowEx 34
334 0x0XA00A6414 NtUserCreateWindowStation 18
335 0x0XA00B9E39 NtUserDdeGetQualityOfService C
336 0x0XA005638D NtUserDdeInitialize 14
337 0x0XA00A0B2D NtUserDdeSetQualityOfService C
338 0x0XA001940F NtUserDeferWindowPos 20
339 0x0XA008ECB6 NtUserDefSetText 8
340 0x0XA0087C08 NtUserDeleteMenu C
341 0x0XA009C8BC NtUserDestroyAcceleratorTable 4
342 0x0XA0017EF8 NtUserDestroyCursor 8
343 0x0XA00DFEA1 NtUserDestroyInputContext 4
344 0x0XA006D706 NtUserDestroyMenu 4
345 0x0XA0075632 NtUserDestroyWindow 4
346 0x0XA00E05DB NtUserDisableThreadIme 4
347 0x0XA0066954 NtUserDispatchMessage 4
348 0x0XA00DE580 NtUserDragDetect C
349 0x0XA00DC232 NtUserDragObject 14
350 0x0XA00DD6B8 NtUserDrawAnimatedRects 10
351 0x0XA00DD791 NtUserDrawCaption 10
352 0x0XA0094032 NtUserDrawCaptionTemp 1C
353 0x0XA0017C90 NtUserDrawIconEx 2C
354 0x0XA00DE9AA NtUserDrawMenuBarTemp 14
355 0x0XA0046F55 NtUserEmptyClipboard 0
356 0x0XA0026A55 NtUserEnableMenuItem C
357 0x0XA0032168 NtUserEnableScrollBar C
358 0x0XA001937B NtUserEndDeferWindowPosEx 8
359 0x0XA00DD85E NtUserEndMenu 0
360 0x0XA0068614 NtUserEndPaint 8
361 0x0XA0050672 NtUserEnumDisplayDevices 10
362 0x0XA0055384 NtUserEnumDisplayMonitors 10
363 0x0XA005039A NtUserEnumDisplaySettings 10
364 0x0XA00DC9AA NtUserEvent 4
365 0x0XA0033899 NtUserExcludeUpdateRgn 8
366 0x0XA008EB93 NtUserFillWindow 10
367 0x0XA0009F0E NtUserFindExistingCursorIcon C
368 0x0XA008E405 NtUserFindWindowEx 14
369 0x0XA00E08D5 NtUserFlashWindowEx 4
370 0x0XA00DD0FC NtUserGetAltTabInfo 18
371 0x0XA00DD07F NtUserGetAncestor 8
372 0x0XA00E03D2 NtUserGetAppImeLevel 4
373 0x0XA001732E NtUserGetAsyncKeyState 4
374 0x0XA0071338 NtUserGetCaretBlinkTime 0
375 0x0XA00DE0D3 NtUserGetCaretPos 4
376 0x0XA0089C1C NtUserGetClassInfo 14
377 0x0XA00321E0 NtUserGetClassName C
378 0x0XA001C608 NtUserGetClipboardData 8
379 0x0XA003367D NtUserGetClipboardFormatName C
380 0x0XA001917A NtUserGetClipboardOwner 0
381 0x0XA006D42F NtUserGetClipboardSequenceNumber 0
382 0x0XA00DD8A4 NtUserGetClipboardViewer 0
383 0x0XA00DD46B NtUserGetClipCursor 4
384 0x0XA00DCE1D NtUserGetComboBoxInfo 8
385 0x0XA0016CFD NtUserGetControlBrush C
386 0x0XA0098896 NtUserGetControlColor 10
387 0x0XA0019738 NtUserGetCPD C
388 0x0XA008A4D0 NtUserGetCursorFrameInfo 10
389 0x0XA00DCEF7 NtUserGetCursorInfo 4
390 0x0XA0005F82 NtUserGetDC 4
391 0x0XA0062477 NtUserGetDCEx C
392 0x0XA00171CF NtUserGetDoubleClickTime 0
393 0x0XA0063F67 NtUserGetForegroundWindow 0
394 0x0XA00DC313 NtUserGetGuiResources 8
395 0x0XA00DCC8D NtUserGetGUIThreadInfo 8
396 0x0XA008AB34 NtUserGetIconInfo 18
397 0x0XA0017D5B NtUserGetIconSize 10
398 0x0XA00E028F NtUserGetImeHotKey 10
399 0x0XA00E0110 NtUserGetImeInfoEx 8
400 0x0XA00DCA4F NtUserGetInternalWindowPos C
401 0x0XA004DB5A NtUserGetKeyboardLayoutList 8
402 0x0XA00B98B2 NtUserGetKeyboardLayoutName 4
403 0x0XA001F33B NtUserGetKeyboardState 4
404 0x0XA004D0EC NtUserGetKeyNameText C
405 0x0XA0067CA5 NtUserGetKeyState 4
406 0x0XA00DCECD NtUserGetListBoxInfo 4
407 0x0XA00DD225 NtUserGetMenuBarInfo 10
408 0x0XA00DD5A9 NtUserGetMenuIndex 8
409 0x0XA009D6AB NtUserGetMenuItemRect 10
410 0x0XA00040D7 NtUserGetMessage 10
411 0x0XA00DDD0A NtUserGetMouseMovePointsEx 14
412 0x0XA0091B0C NtUserGetObjectInformation 14
413 0x0XA002CDD9 NtUserGetOpenClipboardWindow 0
414 0x0XA009DC49 NtUserGetPriorityClipboardFormat 8
415 0x0XA0091AF0 NtUserGetProcessWindowStation 0
416 0x0XA00DCFCC NtUserGetScrollBarInfo C
417 0x0XA0018A77 NtUserGetSystemMenu 8
418 0x0XA009154A NtUserGetThreadDesktop 8
419 0x0XA0006127 NtUserGetThreadState 4
420 0x0XA00DCD4E NtUserGetTitleBarInfo 8
421 0x0XA00710CF NtUserGetUpdateRect C
422 0x0XA0032922 NtUserGetUpdateRgn C
423 0x0XA001B90B NtUserGetWindowDC 4
424 0x0XA008A00D NtUserGetWindowPlacement 8
425 0x0XA00D35CF NtUserGetWOWClass 8
426 0x0XA00DBE6D NtUserHardErrorControl C
427 0x0XA001D88F NtUserHideCaret 4
428 0x0XA005C6E9 NtUserHiliteMenuItem 10
429 0x0XA00DE704 NtUserImpersonateDdeClientWindow 8
430 0x0XA00B07FF NtUserInitialize C
431 0x0XA00AB9AE NtUserInitializeClientPfnArrays 10
432 0x0XA00B141A NtUserInitTask 2C
433 0x0XA00A4D12 NtUserInternalGetWindowText C
434 0x0XA0069406 NtUserInvalidateRect C
435 0x0XA0032FCA NtUserInvalidateRgn C
436 0x0XA006D47D NtUserIsClipboardFormatAvailable 4
437 0x0XA006E2D7 NtUserKillTimer 8
438 0x0XA00B424B NtUserLoadKeyboardLayoutEx 18
439 0x0XA005502C NtUserLockWindowStation 4
440 0x0XA0098A5E NtUserLockWindowUpdate 4
441 0x0XA00DC13C NtUserLockWorkStation 0
442 0x0XA001F0A5 NtUserMapVirtualKeyEx 10
443 0x0XA00DE048 NtUserMenuItemFromPoint 10
444 0x0XA0005FD9 NtUserMessageCall 1C
445 0x0XA00497DF NtUserMinMaximize C
446 0x0XA00DD9CA NtUserMNDragLeave 0
447 0x0XA00DD910 NtUserMNDragOver 8
448 0x0XA00624EA NtUserModifyUserStartupInfoFlags 8
449 0x0XA006D752 NtUserMoveWindow 18
450 0x0XA00E057D NtUserNotifyIMEStatus C
451 0x0XA0091665 NtUserNotifyProcessCreate 10
452 0x0XA00DCC36 NtUserNotifyWinEvent 10
453 0x0XA001C4DC NtUserOpenClipboard 8
454 0x0XA004F6A6 NtUserOpenDesktop C
455 0x0XA0054F1D NtUserOpenInputDesktop C
456 0x0XA004F860 NtUserOpenWindowStation 8
457 0x0XA00B803D NtUserPaintDesktop 4
458 0x0XA0005E98 NtUserPeekMessage 14
459 0x0XA000C08B NtUserPostMessage 10
460 0x0XA001C782 NtUserPostThreadMessage 10
461 0x0XA0092610 NtUserProcessConnect C
462 0x0XA00A4DB5 NtUserQueryInformationThread 14
463 0x0XA00DFF80 NtUserQueryInputContext 8
464 0x0XA00DE5D3 NtUserQuerySendMessage 4
465 0x0XA00E06BC NtUserQueryUserCounters 14
466 0x0XA006D20B NtUserQueryWindow 8
467 0x0XA00DD0C6 NtUserRealChildWindowFromPoint C
468 0x0XA0067D1C NtUserRedrawWindow 10
469 0x0XA009065E NtUserRegisterClassExWOW 18
470 0x0XA00B4BD5 NtUserRegisterHotKey 10
471 0x0XA00DCB91 NtUserRegisterTasklist 4
472 0x0XA006B147 NtUserRegisterWindowMessage 4
473 0x0XA0087C87 NtUserRemoveMenu C
474 0x0XA0018043 NtUserRemoveProp 8
475 0x0XA004FD47 NtUserResolveDesktop 10
476 0x0XA00B182B NtUserResolveDesktopForWOW 4
477 0x0XA0098C74 NtUserSBGetParms 10
478 0x0XA0063156 NtUserScrollDC 1C
479 0x0XA004ACF3 NtUserScrollWindowEx 20
480 0x0XA006B9C9 NtUserSelectPalette C
481 0x0XA004D9E8 NtUserSendInput C
482 0x0XA001C94B NtUserSendMessageCallback 18
483 0x0XA008A610 NtUserSendNotifyMessage 10
484 0x0XA008ED5C NtUserSetActiveWindow 4
485 0x0XA00E036C NtUserSetAppImeLevel 8
486 0x0XA001D360 NtUserSetCapture 4
487 0x0XA002C4B8 NtUserSetClassLong 10
488 0x0XA00DDA0F NtUserSetClassWord C
489 0x0XA0047045 NtUserSetClipboardData C
490 0x0XA00564C7 NtUserSetClipboardViewer 4
491 0x0XA0095142 NtUserSetConsoleReserveKeys 8
492 0x0XA0063F2F NtUserSetCursor 4
493 0x0XA00DDF0D NtUserSetCursorContents 8
494 0x0XA008A9A0 NtUserSetCursorIconData 10
495 0x0XA00DD61A NtUserSetDbgTag 8
496 0x0XA00720B3 NtUserSetFocus 4
497 0x0XA00B3DEE NtUserSetImeHotKey 14
498 0x0XA00E01DE NtUserSetImeInfoEx 4
499 0x0XA00E0452 NtUserSetImeOwnerWindow 8
500 0x0XA00930DA NtUserSetInformationProcess 10
501 0x0XA008C9AB NtUserSetInformationThread 10
502 0x0XA00DD2FA NtUserSetInternalWindowPos 10
503 0x0XA001F242 NtUserSetKeyboardState 4
504 0x0XA00A7B51 NtUserSetLogonNotifyWindow 4
505 0x0XA0032DC3 NtUserSetMenu C
506 0x0XA00989D7 NtUserSetMenuContextHelpId 8
507 0x0XA009D565 NtUserSetMenuDefaultItem C
508 0x0XA00DD68E NtUserSetMenuFlagRtoL 4
509 0x0XA00DBEAF NtUserSetObjectInformation 10
510 0x0XA001BF0F NtUserSetParent 8
511 0x0XA004F6D2 NtUserSetProcessWindowStation 4
512 0x0XA006C660 NtUserSetProp C
513 0x0XA00DD600 NtUserSetRipFlags 8
514 0x0XA008D8AA NtUserSetScrollInfo 10
515 0x0XA00B81D1 NtUserSetShellWindowEx 8
516 0x0XA00DDA42 NtUserSetSysColors 10
517 0x0XA00DDEBD NtUserSetSystemCursor 8
518 0x0XA004972D NtUserSetSystemMenu 8
519 0x0XA00B9450 NtUserSetSystemTimer 10
520 0x0XA004F647 NtUserSetThreadDesktop 4
521 0x0XA00E0503 NtUserSetThreadLayoutHandles 8
522 0x0XA008EC82 NtUserSetThreadState 8
523 0x0XA0006C6F NtUserSetTimer 10
524 0x0XA0016507 NtUserSetWindowFNID 8
525 0x0XA006CB4C NtUserSetWindowLong 10
526 0x0XA003FA4D NtUserSetWindowPlacement 8
527 0x0XA001750A NtUserSetWindowPos 1C
528 0x0XA0098B88 NtUserSetWindowRgn C
529 0x0XA00550A0 NtUserSetWindowsHookAW C
530 0x0XA001B8C1 NtUserSetWindowsHookEx 18
531 0x0XA00B5D28 NtUserSetWindowStationUser 10
532 0x0XA00777E8 NtUserSetWindowWord C
533 0x0XA00DCBBB NtUserSetWinEventHook 20
534 0x0XA001D85D NtUserShowCaret 4
535 0x0XA0031FFD NtUserShowScrollBar C
536 0x0XA0017485 NtUserShowWindow 8
537 0x0XA004FCA2 NtUserShowWindowAsync 8
538 0x0XA00DE197 NtUserSoundSentry 0
539 0x0XA0054C5A NtUserSwitchDesktop 4
540 0x0XA0088084 NtUserSystemParametersInfo 10
541 0x0XA00B1BE7 NtUserTestForInteractiveUser 4
542 0x0XA004964B NtUserThunkedMenuInfo 8
543 0x0XA008730E NtUserThunkedMenuItemInfo 18
544 0x0XA00247BF NtUserToUnicodeEx 1C
545 0x0XA005E6B3 NtUserTrackMouseEvent 4
546 0x0XA00A4510 NtUserTrackPopupMenuEx 18
547 0x0XA0046305 NtUserTranslateAccelerator C
548 0x0XA0066FF3 NtUserTranslateMessage 8
549 0x0XA001B6D8 NtUserUnhookWindowsHookEx 4
550 0x0XA00DCC0A NtUserUnhookWinEvent 4
551 0x0XA00DE55C NtUserUnloadKeyboardLayout 4
552 0x0XA0055159 NtUserUnlockWindowStation 4
553 0x0XA0090D40 NtUserUnregisterClass C
554 0x0XA00DDCA4 NtUserUnregisterHotKey 8
555 0x0XA00DFF3A NtUserUpdateInputContext C
556 0x0XA00DC90B NtUserUpdateInstance C
557 0x0XA00B9553 NtUserUpdateLayeredWindow 24
558 0x0XA00E0A12 NtUserSetLayeredWindowAttributes 10
559 0x0XA00B70F1 NtUserUpdatePerUserSystemParameters 8
560 0x0XA00DE1D9 NtUserUserHandleGrantAccess C
561 0x0XA00DE1BD NtUserValidateHandleSecure 4
562 0x0XA00335CB NtUserValidateRect 8
563 0x0XA001ED4D NtUserVkKeyScanEx C
564 0x0XA00560D5 NtUserWaitForInputIdle C
565 0x0XA0098F81 NtUserWaitForMsgAndEvent 4
566 0x0XA0005F29 NtUserWaitMessage 0
567 0x0XA00DBEAA NtUserWin32PoolAllocationStats 18
568 0x0XA001718D NtUserWindowFromPoint 8
569 0x0XA00B1783 NtUserYieldTask 0
570 0x0XA00DBD0F NtUserRemoteConnect C
571 0x0XA00DBD55 NtUserRemoteRedrawRectangle 10
572 0x0XA00DBD9E NtUserRemoteRedrawScreen 0
573 0x0XA00DBDEE NtUserRemoteStopScreenUpdates 0
574 0x0XA00DBE27 NtUserCtxDisplayIOCtl C
575 0x0XA003E43E NtGdiEngAssociateSurface C
576 0x0XA003E14D NtGdiEngCreateBitmap 18
577 0x0XA003DEB8 NtGdiEngCreateDeviceSurface 10
578 0x0XA0134422 NtGdiEngCreateDeviceBitmap 10
579 0x0XA0034F4A NtGdiEngCreatePalette 18
580 0x0XA01348F2 NtGdiEngComputeGlyphSet C
581 0x0XA0131CCB NtGdiEngCopyBits 18
582 0x0XA0033F34 NtGdiEngDeletePalette 4
583 0x0XA003D3F5 NtGdiEngDeleteSurface 4
584 0x0XA0133C5E NtGdiEngEraseSurface C
585 0x0XA003D926 NtGdiEngUnlockSurface 4
586 0x0XA003ED74 NtGdiEngLockSurface 4
587 0x0XA003BDC2 NtGdiEngBitBlt 2C
588 0x0XA00A030A NtGdiEngStretchBlt 2C
589 0x0XA0132470 NtGdiEngPlgBlt 2C
590 0x0XA0131C08 NtGdiEngMarkBandingSurface 4
591 0x0XA0132925 NtGdiEngStrokePath 20
592 0x0XA0132CEA NtGdiEngFillPath 1C
593 0x0XA0132ECA NtGdiEngStrokeAndFillPath 28
594 0x0XA013313F NtGdiEngPaint 14
595 0x0XA01332C6 NtGdiEngLineTo 24
596 0x0XA0133454 NtGdiEngAlphaBlend 1C
597 0x0XA013364B NtGdiEngGradientFill 28
598 0x0XA01338B4 NtGdiEngTransparentBlt 20
599 0x0XA003B619 NtGdiEngTextOut 28
600 0x0XA01320E2 NtGdiEngStretchBltROP 34
601 0x0XA01347C4 NtGdiXLATEOBJ_cGetPalette 10
602 0x0XA013485F NtGdiXLATEOBJ_iXlate 8
603 0x0XA013478D NtGdiXLATEOBJ_hGetColorTransform 4
604 0x0XA0133E02 NtGdiCLIPOBJ_bEnum C
605 0x0XA0133DBE NtGdiCLIPOBJ_cEnumStart 14
606 0x0XA0133D3A NtGdiCLIPOBJ_ppoGetPath 4
607 0x0XA0133D60 NtGdiEngDeletePath 4
608 0x0XA0133D82 NtGdiEngCreateClip 0
609 0x0XA0133D9C NtGdiEngDeleteClip 4
610 0x0XA003D5EF NtGdiBRUSHOBJ_ulGetBrushColor 4
611 0x0XA0133E9A NtGdiBRUSHOBJ_pvAllocRbrush 8
612 0x0XA0133EDE NtGdiBRUSHOBJ_pvGetRbrush 4
613 0x0XA0133F3A NtGdiBRUSHOBJ_hGetColorTransform 4
614 0x0XA003F319 NtGdiXFORMOBJ_bApplyXform 14
615 0x0XA003DFF1 NtGdiXFORMOBJ_iGetXform 8
616 0x0XA003F434 NtGdiFONTOBJ_vGetInfo C
617 0x0XA003DF21 NtGdiFONTOBJ_pxoGetXform 4
618 0x0XA003F10F NtGdiFONTOBJ_cGetGlyphs 14
619 0x0XA003D6E2 NtGdiFONTOBJ_pifi 4
620 0x0XA013414B NtGdiFONTOBJ_pfdg 4
621 0x0XA0134246 NtGdiFONTOBJ_pQueryGlyphAttrs 8
622 0x0XA01346B1 NtGdiFONTOBJ_pvTrueTypeFontFile 8
623 0x0XA013404E NtGdiFONTOBJ_cGetAllGlyphHandles 8
624 0x0XA013438E NtGdiSTROBJ_bEnum C
625 0x0XA003D59F NtGdiSTROBJ_bEnumPositionsOnly C
626 0x0XA003EF4D NtGdiSTROBJ_bGetAdvanceWidths 10
627 0x0XA003EF1A NtGdiSTROBJ_vEnumStart 4
628 0x0XA01343C7 NtGdiSTROBJ_dwGetCodePage 4
629 0x0XA013445B NtGdiPATHOBJ_vGetBounds 8
630 0x0XA005F0BA NtGdiPATHOBJ_bEnum 8
631 0x0XA005F08E NtGdiPATHOBJ_vEnumStart 4
632 0x0XA013451E NtGdiPATHOBJ_vEnumStartClipLines 10
633 0x0XA01345C5 NtGdiPATHOBJ_bEnumClipLines C
634 0x0XA01343FE NtGdiGetDhpdev 4
635 0x0XA013489E NtGdiEngCheckAbort 4
636 0x0XA0134962 NtGdiHT_Get8BPPFormatPalette 10
637 0x0XA01349F1 NtGdiHT_Get8BPPMaskPalette 18
638 0x0XA011218E NtGdiUpdateTransform 4
639 0x0XA000358C NtUserValidateTimerCallback C
扫一扫
2730
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
