├── Windows_Driver_functons.gdt └── README.md /Windows_Driver_functons.gdt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cisco-Talos/Windows-drivers-GDT-file/HEAD/Windows_Driver_functons.gdt -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Windows-drivers-GDT-file 2 | 3 | The following functions are included in this data type archive: 4 | -------------------------------------------------------------- 5 | 6 | CmRegisterCallbackEx
7 | ExfAcquirePushLockExclusive
8 | ExfReleasePushLockExclusive
9 | IoCreateDriver
10 | IoQueryFileDosDeviceName
11 | KeInitializeApc
12 | KeInsertQueueApc
13 | KeReleaseQueuedSpinLock
14 | KeStackAttachProcess
15 | KeUnstackDetachProcess
16 | MmFlushImageSection
17 | NdisAllocateGenericObject
18 | NdisGetDataBuffer
19 | ObCreateObject
20 | ObOpenObjectByName
21 | ObOpenObjectByPointer
22 | ObQueryNameString
23 | ObReferenceObjectByName
24 | PsLookupProcessByProcessId
25 | PsLookupProcessThreadByCid
26 | PsLookupThreadByThreadId
27 | RtlAbsoluteToSelfRelativeSD
28 | RtlAddAccessAllowedAce
29 | RtlCaptureStackBackTrace
30 | RtlGetDaclSecurityDescriptor
31 | RtlGetGroupSecurityDescriptor
32 | RtlGetOwnerSecurityDescriptor
33 | RtlGetSaclSecurityDescriptor
34 | RtlLengthSid
35 | RtlRandomEx
36 | SeCaptureSecurityDescriptor
37 | SeCreateAccessState
38 | SeDeleteAccessState
39 | SeDeleteObjectAuditAlarm
40 | SeTokenIsAdmin
41 | ZwDuplicateObject
42 | ZwFlushBuffersFile
43 | ZwOpenDirectoryObject
44 | ZwOpenProcessTokenEx
45 | ZwOpenThreadTokenEx
46 | ZwQueryDirectoryObject
47 | ZwQueryInformationProcess
48 | ZwQueryInformationToken
49 | ZwQuerySystemInformation
50 | ZwRenameKey
51 | ZwSaveKey
52 | ZwSetInformationObject
53 | ZwSetSecurityObject
54 | ZwWaitForSingleObject
55 | --------------------------------------------------------------------------------