├── .gitignore ├── ALPC.sln ├── ALPC ├── ALPC.c ├── ALPC.h ├── ALPC.vcxproj ├── Debug │ └── vc110.idb ├── ReadMe.txt ├── UserModeDefs.h ├── ntbasic.h ├── ntdefs.h ├── ntlpcapi.c └── ntlpcapi.h ├── Client ├── Client.c ├── Client.vcxproj └── Debug │ └── vc110.idb ├── LICENSE ├── Server ├── Debug │ └── vc110.idb ├── Server.c └── Server.vcxproj ├── idb ├── csrsrv.idb └── ntoskrnl.idb └── lib └── Win32 └── 1.txt /.gitignore: -------------------------------------------------------------------------------- 1 | # Compiled Object files 2 | *.slo 3 | *.lo 4 | *.o 5 | *.obj 6 | 7 | # Compiled Dynamic libraries 8 | *.so 9 | *.dylib 10 | 11 | # Compiled Static libraries 12 | *.lai 13 | *.la 14 | *.a 15 | 16 | *.log 17 | *.pdb 18 | *.lastbuildstate 19 | *.tlog 20 | *.filters 21 | *.user 22 | *.sdf 23 | *.ilk 24 | *.exe 25 | *.lib 26 | *.ipch 27 | *.suo 28 | Debug 29 | 30 | 31 | -------------------------------------------------------------------------------- /ALPC.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 2012 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ALPC", "ALPC\ALPC.vcxproj", "{6543593E-E25B-43AF-AF10-2C477113B37C}" 5 | EndProject 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Server", "Server\Server.vcxproj", "{1B255101-AA4C-42BB-ADB4-11EA366CAF20}" 7 | EndProject 8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Client", "Client\Client.vcxproj", "{47CDA44C-516E-49F1-8C27-D68F619704D2}" 9 | EndProject 10 | Global 11 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 12 | Debug|Win32 = Debug|Win32 13 | Release|Win32 = Release|Win32 14 | EndGlobalSection 15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 16 | {6543593E-E25B-43AF-AF10-2C477113B37C}.Debug|Win32.ActiveCfg = Debug|Win32 17 | {6543593E-E25B-43AF-AF10-2C477113B37C}.Debug|Win32.Build.0 = Debug|Win32 18 | {6543593E-E25B-43AF-AF10-2C477113B37C}.Debug|Win32.Deploy.0 = Debug|Win32 19 | {6543593E-E25B-43AF-AF10-2C477113B37C}.Release|Win32.ActiveCfg = Release|Win32 20 | {6543593E-E25B-43AF-AF10-2C477113B37C}.Release|Win32.Build.0 = Release|Win32 21 | {6543593E-E25B-43AF-AF10-2C477113B37C}.Release|Win32.Deploy.0 = Release|Win32 22 | {1B255101-AA4C-42BB-ADB4-11EA366CAF20}.Debug|Win32.ActiveCfg = Debug|Win32 23 | {1B255101-AA4C-42BB-ADB4-11EA366CAF20}.Debug|Win32.Build.0 = Debug|Win32 24 | {1B255101-AA4C-42BB-ADB4-11EA366CAF20}.Debug|Win32.Deploy.0 = Debug|Win32 25 | {1B255101-AA4C-42BB-ADB4-11EA366CAF20}.Release|Win32.ActiveCfg = Release|Win32 26 | {1B255101-AA4C-42BB-ADB4-11EA366CAF20}.Release|Win32.Build.0 = Release|Win32 27 | {1B255101-AA4C-42BB-ADB4-11EA366CAF20}.Release|Win32.Deploy.0 = Release|Win32 28 | {47CDA44C-516E-49F1-8C27-D68F619704D2}.Debug|Win32.ActiveCfg = Debug|Win32 29 | {47CDA44C-516E-49F1-8C27-D68F619704D2}.Debug|Win32.Build.0 = Debug|Win32 30 | {47CDA44C-516E-49F1-8C27-D68F619704D2}.Debug|Win32.Deploy.0 = Debug|Win32 31 | {47CDA44C-516E-49F1-8C27-D68F619704D2}.Release|Win32.ActiveCfg = Release|Win32 32 | {47CDA44C-516E-49F1-8C27-D68F619704D2}.Release|Win32.Build.0 = Release|Win32 33 | {47CDA44C-516E-49F1-8C27-D68F619704D2}.Release|Win32.Deploy.0 = Release|Win32 34 | EndGlobalSection 35 | GlobalSection(SolutionProperties) = preSolution 36 | HideSolutionNode = FALSE 37 | EndGlobalSection 38 | EndGlobal 39 | -------------------------------------------------------------------------------- /ALPC/ALPC.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avalon1610/ALPC/d89f7a06be6e3e0bfcea25f5ac5f9fe4e8591dde/ALPC/ALPC.c -------------------------------------------------------------------------------- /ALPC/ALPC.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "UserModeDefs.h" 4 | #include "ntlpcapi.h" 5 | #include 6 | #include 7 | 8 | void Connect(TCHAR *ServerName); 9 | void runServer(TCHAR *ServerName); 10 | 11 | #define InitializeAlpcPortAttributes(p,f,s,mml,mb,mpu,mss,mvs,mtss,dot) { \ 12 | (p)->Flags = f; \ 13 | (p)->SecurityQos = s; \ 14 | (p)->MaxMessageLength = mml; \ 15 | (p)->MemoryBandwidth = mb; \ 16 | (p)->MaxPoolUsage = mpu; \ 17 | (p)->MaxSectionSize = mss; \ 18 | (p)->MaxViewSize = mvs; \ 19 | (p)->MaxTotalSectionSize = mtss;\ 20 | (p)->DupObjectTypes = dot; \ 21 | } 22 | typedef struct _CLIENT_ENTRY 23 | { 24 | LIST_ENTRY List; 25 | HANDLE ClientHandle; // data port 26 | REMOTE_PORT_VIEW ClientView; 27 | } CLIENT_ENTRY,*PCLIENT_ENTRY; 28 | 29 | typedef struct _SERVER_INFO 30 | { 31 | HANDLE LPCPortHandle; // connection port 32 | HANDLE SectionHandle; 33 | PORT_VIEW ServerView; 34 | }SERVER_INFO,*PSERVER_INFO; 35 | 36 | typedef struct _CLIENT_INFO 37 | { 38 | HANDLE ServerHandle; //data port 39 | PORT_VIEW ClientView; 40 | REMOTE_PORT_VIEW ServerView; 41 | }CLIENT_INFO,*PCLIENT_INFO; 42 | 43 | HANDLE SectionHandle;; 44 | SERVER_INFO si; 45 | CLIENT_INFO ci; 46 | 47 | typedef struct _TRANSFERRED_MESSAGE 48 | { 49 | PORT_MESSAGE Header; 50 | ULONG Command; 51 | BOOLEAN UseSection; 52 | WCHAR Message[128]; 53 | } TRANSFERRED_MESSAGE,*PTRANSFERRED_MESSAGE; 54 | 55 | CRITICAL_SECTION cs; 56 | 57 | 58 | -------------------------------------------------------------------------------- /ALPC/ALPC.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | 14 | {6543593E-E25B-43AF-AF10-2C477113B37C} 15 | Win32Proj 16 | ALPC 17 | 18 | 19 | 20 | StaticLibrary 21 | true 22 | v110 23 | Unicode 24 | 25 | 26 | StaticLibrary 27 | false 28 | v110 29 | true 30 | Unicode 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | ..\lib\$(Platform)\ 44 | 45 | 46 | 47 | NotUsing 48 | Level3 49 | Disabled 50 | WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions) 51 | Default 52 | Cdecl 53 | MultiThreadedDebug 54 | 55 | 56 | Windows 57 | true 58 | 59 | 60 | MachineX86 61 | 62 | 63 | 64 | 65 | Level3 66 | Use 67 | MaxSpeed 68 | true 69 | true 70 | WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions) 71 | 72 | 73 | Windows 74 | true 75 | true 76 | true 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | -------------------------------------------------------------------------------- /ALPC/Debug/vc110.idb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avalon1610/ALPC/d89f7a06be6e3e0bfcea25f5ac5f9fe4e8591dde/ALPC/Debug/vc110.idb -------------------------------------------------------------------------------- /ALPC/ReadMe.txt: -------------------------------------------------------------------------------- 1 | ======================================================================== 2 | STATIC LIBRARY : ALPC Project Overview 3 | ======================================================================== 4 | 5 | AppWizard has created this ALPC library project for you. 6 | 7 | This file contains a summary of what you will find in each of the files that 8 | make up your ALPC application. 9 | 10 | 11 | ALPC.vcxproj 12 | This is the main project file for VC++ projects generated using an Application Wizard. 13 | It contains information about the version of Visual C++ that generated the file, and 14 | information about the platforms, configurations, and project features selected with the 15 | Application Wizard. 16 | 17 | ALPC.vcxproj.filters 18 | This is the filters file for VC++ projects generated using an Application Wizard. 19 | It contains information about the association between the files in your project 20 | and the filters. This association is used in the IDE to show grouping of files with 21 | similar extensions under a specific node (for e.g. ".cpp" files are associated with the 22 | "Source Files" filter). 23 | 24 | 25 | ///////////////////////////////////////////////////////////////////////////// 26 | 27 | StdAfx.h, StdAfx.cpp 28 | These files are used to build a precompiled header (PCH) file 29 | named ALPC.pch and a precompiled types file named StdAfx.obj. 30 | 31 | ///////////////////////////////////////////////////////////////////////////// 32 | Other notes: 33 | 34 | AppWizard uses "TODO:" comments to indicate parts of the source code you 35 | should add to or customize. 36 | 37 | ///////////////////////////////////////////////////////////////////////////// 38 | -------------------------------------------------------------------------------- /ALPC/UserModeDefs.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "ntlpcapi.h" 3 | 4 | NTSYSAPI 5 | VOID 6 | NTAPI 7 | RtlInitUnicodeString( 8 | _Out_ PUNICODE_STRING DestinationString, 9 | _In_opt_z_ __drv_aliasesMem PCWSTR SourceString 10 | ); 11 | 12 | NTSYSAPI 13 | NTSTATUS 14 | NTAPI 15 | ZwCreateSection ( 16 | _Out_ PHANDLE SectionHandle, 17 | _In_ ACCESS_MASK DesiredAccess, 18 | _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 19 | _In_opt_ PLARGE_INTEGER MaximumSize, 20 | _In_ ULONG SectionPageProtection, 21 | _In_ ULONG AllocationAttributes, 22 | _In_opt_ HANDLE FileHandle 23 | ); -------------------------------------------------------------------------------- /ALPC/ntbasic.h: -------------------------------------------------------------------------------- 1 | #ifndef _NTBASIC_H 2 | #define _NTBASIC_H 3 | #include 4 | 5 | #ifndef _NTDEF_ 6 | 7 | // This header file provides basic NT types not included in Win32. 8 | 9 | #ifndef NOTHING 10 | #define NOTHING 11 | #endif 12 | 13 | // Basic types 14 | 15 | typedef struct _QUAD 16 | { 17 | double DoNotUseThisField; 18 | } QUAD, *PQUAD, UQUAD, *PUQUAD; 19 | 20 | // This isn't in NT, but it's useful. 21 | typedef struct DECLSPEC_ALIGN(MEMORY_ALLOCATION_ALIGNMENT) _QUAD_PTR 22 | { 23 | ULONG_PTR DoNotUseThisField1; 24 | ULONG_PTR DoNotUseThisField2; 25 | } QUAD_PTR, *PQUAD_PTR, UQUAD_PTR, *PUQUAD_PTR; 26 | 27 | typedef PVOID *PPVOID; 28 | 29 | typedef ULONG LOGICAL; 30 | typedef ULONG *PLOGICAL; 31 | 32 | typedef __success(return >= 0) LONG NTSTATUS; 33 | typedef NTSTATUS *PNTSTATUS; 34 | 35 | // Cardinal types 36 | 37 | typedef char CCHAR; 38 | typedef short CSHORT; 39 | typedef ULONG CLONG; 40 | 41 | typedef CCHAR *PCCHAR; 42 | typedef CSHORT *PCSHORT; 43 | typedef CLONG *PCLONG; 44 | 45 | // Specific 46 | 47 | typedef UCHAR KIRQL, *PKIRQL; 48 | typedef LONG KPRIORITY; 49 | typedef USHORT RTL_ATOM, *PRTL_ATOM; 50 | 51 | typedef LARGE_INTEGER PHYSICAL_ADDRESS, *PPHYSICAL_ADDRESS; 52 | 53 | // NT status macros 54 | 55 | #define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0) 56 | #define NT_INFORMATION(Status) ((((ULONG)(Status)) >> 30) == 1) 57 | #define NT_WARNING(Status) ((((ULONG)(Status)) >> 30) == 2) 58 | #define NT_ERROR(Status) ((((ULONG)(Status)) >> 30) == 3) 59 | 60 | #define NT_FACILITY_MASK 0xfff 61 | #define NT_FACILITY_SHIFT 16 62 | #define NT_FACILITY(Status) ((((ULONG)(Status)) >> NT_FACILITY_SHIFT) & NT_FACILITY_MASK) 63 | 64 | #define NT_NTWIN32(Status) (NT_FACILITY(Status) == FACILITY_NTWIN32) 65 | #define WIN32_FROM_NTSTATUS(Status) (((ULONG)(Status)) & 0xffff) 66 | 67 | // Functions 68 | 69 | #ifdef _M_IX86 70 | #define FASTCALL __fastcall 71 | #else 72 | #define FASTCALL 73 | #endif 74 | 75 | // Synchronization enumerations 76 | 77 | typedef enum _EVENT_TYPE 78 | { 79 | NotificationEvent, 80 | SynchronizationEvent 81 | } EVENT_TYPE; 82 | 83 | typedef enum _TIMER_TYPE 84 | { 85 | NotificationTimer, 86 | SynchronizationTimer 87 | } TIMER_TYPE; 88 | 89 | typedef enum _WAIT_TYPE 90 | { 91 | WaitAll, 92 | WaitAny 93 | } WAIT_TYPE; 94 | 95 | // Strings 96 | 97 | typedef struct _STRING 98 | { 99 | USHORT Length; 100 | USHORT MaximumLength; 101 | __field_bcount_part_opt(MaximumLength, Length) PCHAR Buffer; 102 | } STRING, *PSTRING, ANSI_STRING, *PANSI_STRING, OEM_STRING, *POEM_STRING; 103 | 104 | typedef const STRING *PCSTRING; 105 | typedef const ANSI_STRING *PCANSI_STRING; 106 | typedef const OEM_STRING *PCOEM_STRING; 107 | 108 | typedef struct _UNICODE_STRING 109 | { 110 | USHORT Length; 111 | USHORT MaximumLength; 112 | __field_bcount_part(MaximumLength, Length) PWCH Buffer; 113 | } UNICODE_STRING, *PUNICODE_STRING; 114 | 115 | typedef const UNICODE_STRING *PCUNICODE_STRING; 116 | 117 | #define RTL_CONSTANT_STRING(s) { sizeof(s) - sizeof((s)[0]), sizeof(s), s } 118 | 119 | // Balanced tree node 120 | 121 | #define RTL_BALANCED_NODE_RESERVED_PARENT_MASK 3 122 | 123 | typedef struct _RTL_BALANCED_NODE 124 | { 125 | union 126 | { 127 | struct _RTL_BALANCED_NODE *Children[2]; 128 | struct 129 | { 130 | struct _RTL_BALANCED_NODE *Left; 131 | struct _RTL_BALANCED_NODE *Right; 132 | }; 133 | }; 134 | union 135 | { 136 | UCHAR Red : 1; 137 | UCHAR Balance : 2; 138 | ULONG_PTR ParentValue; 139 | }; 140 | } RTL_BALANCED_NODE, *PRTL_BALANCED_NODE; 141 | 142 | #define RTL_BALANCED_NODE_GET_PARENT_POINTER(Node) ((PRTL_BALANCED_NODE)((Node)->ParentValue & ~RTL_BALANCED_NODE_RESERVED_PARENT_MASK)) 143 | 144 | // Portability 145 | 146 | typedef struct _SINGLE_LIST_ENTRY32 147 | { 148 | ULONG Next; 149 | } SINGLE_LIST_ENTRY32, *PSINGLE_LIST_ENTRY32; 150 | 151 | typedef struct _STRING32 152 | { 153 | USHORT Length; 154 | USHORT MaximumLength; 155 | ULONG Buffer; 156 | } STRING32, *PSTRING32; 157 | 158 | typedef STRING32 UNICODE_STRING32, *PUNICODE_STRING32; 159 | typedef STRING32 ANSI_STRING32, *PANSI_STRING32; 160 | 161 | typedef struct _STRING64 162 | { 163 | USHORT Length; 164 | USHORT MaximumLength; 165 | ULONGLONG Buffer; 166 | } STRING64, *PSTRING64; 167 | 168 | typedef STRING64 UNICODE_STRING64, *PUNICODE_STRING64; 169 | typedef STRING64 ANSI_STRING64, *PANSI_STRING64; 170 | 171 | // Object attributes 172 | 173 | #define OBJ_INHERIT 0x00000002 174 | #define OBJ_PERMANENT 0x00000010 175 | #define OBJ_EXCLUSIVE 0x00000020 176 | #define OBJ_CASE_INSENSITIVE 0x00000040 177 | #define OBJ_OPENIF 0x00000080 178 | #define OBJ_OPENLINK 0x00000100 179 | #define OBJ_KERNEL_HANDLE 0x00000200 180 | #define OBJ_FORCE_ACCESS_CHECK 0x00000400 181 | #define OBJ_VALID_ATTRIBUTES 0x000007f2 182 | 183 | typedef struct _OBJECT_ATTRIBUTES 184 | { 185 | ULONG Length; 186 | HANDLE RootDirectory; 187 | PUNICODE_STRING ObjectName; 188 | ULONG Attributes; 189 | PVOID SecurityDescriptor; // PSECURITY_DESCRIPTOR; 190 | PVOID SecurityQualityOfService; // PSECURITY_QUALITY_OF_SERVICE 191 | } OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES; 192 | 193 | typedef const OBJECT_ATTRIBUTES *PCOBJECT_ATTRIBUTES; 194 | 195 | #define InitializeObjectAttributes(p, n, a, r, s) { \ 196 | (p)->Length = sizeof(OBJECT_ATTRIBUTES); \ 197 | (p)->RootDirectory = r; \ 198 | (p)->Attributes = a; \ 199 | (p)->ObjectName = n; \ 200 | (p)->SecurityDescriptor = s; \ 201 | (p)->SecurityQualityOfService = NULL; \ 202 | } 203 | 204 | #define RTL_CONSTANT_OBJECT_ATTRIBUTES(n, a) { sizeof(OBJECT_ATTRIBUTES), NULL, n, a, NULL, NULL } 205 | #define RTL_INIT_OBJECT_ATTRIBUTES(n, a) RTL_CONSTANT_OBJECT_ATTRIBUTES(n, a) 206 | 207 | // Portability 208 | 209 | typedef struct _OBJECT_ATTRIBUTES64 210 | { 211 | ULONG Length; 212 | ULONG64 RootDirectory; 213 | ULONG64 ObjectName; 214 | ULONG Attributes; 215 | ULONG64 SecurityDescriptor; 216 | ULONG64 SecurityQualityOfService; 217 | } OBJECT_ATTRIBUTES64, *POBJECT_ATTRIBUTES64; 218 | 219 | typedef const OBJECT_ATTRIBUTES64 *PCOBJECT_ATTRIBUTES64; 220 | 221 | typedef struct _OBJECT_ATTRIBUTES32 222 | { 223 | ULONG Length; 224 | ULONG RootDirectory; 225 | ULONG ObjectName; 226 | ULONG Attributes; 227 | ULONG SecurityDescriptor; 228 | ULONG SecurityQualityOfService; 229 | } OBJECT_ATTRIBUTES32, *POBJECT_ATTRIBUTES32; 230 | 231 | typedef const OBJECT_ATTRIBUTES32 *PCOBJECT_ATTRIBUTES32; 232 | 233 | // Product types 234 | 235 | typedef enum _NT_PRODUCT_TYPE 236 | { 237 | NtProductWinNt = 1, 238 | NtProductLanManNt, 239 | NtProductServer 240 | } NT_PRODUCT_TYPE, *PNT_PRODUCT_TYPE; 241 | 242 | typedef enum _SUITE_TYPE 243 | { 244 | SmallBusiness, 245 | Enterprise, 246 | BackOffice, 247 | CommunicationServer, 248 | TerminalServer, 249 | SmallBusinessRestricted, 250 | EmbeddedNT, 251 | DataCenter, 252 | SingleUserTS, 253 | Personal, 254 | Blade, 255 | EmbeddedRestricted, 256 | SecurityAppliance, 257 | StorageServer, 258 | ComputeServer, 259 | WHServer, 260 | PhoneNT, 261 | MaxSuiteType 262 | } SUITE_TYPE; 263 | 264 | // Specific 265 | 266 | typedef struct _CLIENT_ID 267 | { 268 | HANDLE UniqueProcess; 269 | HANDLE UniqueThread; 270 | } CLIENT_ID, *PCLIENT_ID; 271 | 272 | typedef struct _CLIENT_ID32 273 | { 274 | ULONG UniqueProcess; 275 | ULONG UniqueThread; 276 | } CLIENT_ID32, *PCLIENT_ID32; 277 | 278 | typedef struct _CLIENT_ID64 279 | { 280 | ULONGLONG UniqueProcess; 281 | ULONGLONG UniqueThread; 282 | } CLIENT_ID64, *PCLIENT_ID64; 283 | 284 | #include 285 | 286 | typedef struct _KSYSTEM_TIME 287 | { 288 | ULONG LowPart; 289 | LONG High1Time; 290 | LONG High2Time; 291 | } KSYSTEM_TIME, *PKSYSTEM_TIME; 292 | 293 | #include 294 | 295 | #endif 296 | 297 | #endif 298 | -------------------------------------------------------------------------------- /ALPC/ntdefs.h: -------------------------------------------------------------------------------- 1 | #ifndef _NTDEFS_H_ 2 | #define _NTDEFS_H_ 3 | #include 4 | 5 | #ifndef DECLSPEC_ALIGN 6 | #if (_MSC_VER >= 1300) && !defined(MIDL_PASS) 7 | #define DECLSPEC_ALIGN(x) __declspec(align(x)) 8 | #else 9 | #define DECLSPEC_ALIGN(x) 10 | #endif 11 | #endif 12 | 13 | typedef struct _QUAD { 14 | union { 15 | __int64 UseThisFieldToCopy; 16 | double DoNotUseThisField; 17 | } DUMMYUNIONNAME; 18 | 19 | } QUAD; 20 | 21 | typedef unsigned char UCHAR; 22 | typedef unsigned short USHORT; 23 | typedef unsigned long ULONG; 24 | typedef QUAD UQUAD; 25 | 26 | // 27 | // Cardinal Data Types [0 - 2**N-2) 28 | // 29 | 30 | typedef char CCHAR; // winnt 31 | typedef short CSHORT; 32 | typedef ULONG CLONG; 33 | 34 | typedef CCHAR *PCCHAR; 35 | typedef CSHORT *PCSHORT; 36 | typedef CLONG *PCLONG; 37 | 38 | // 39 | // UNICODE (Wide Character) types 40 | // 41 | #ifndef _MAC 42 | typedef wchar_t WCHAR; // wc, 16-bit UNICODE character 43 | #else 44 | // some Macintosh compilers don't define wchar_t in a convenient location, or define it as a char 45 | typedef unsigned short WCHAR; // wc, 16-bit UNICODE character 46 | #endif 47 | 48 | typedef WCHAR *PWCHAR, *LPWCH, *PWCH; 49 | 50 | #ifndef CONST 51 | #define CONST const 52 | #endif 53 | #ifdef STRICT 54 | 55 | typedef void *HANDLE; 56 | #if 0 && (_MSC_VER > 1000) 57 | #define DECLARE_HANDLE(name) struct name##__; typedef struct name##__ *name 58 | #else 59 | #define DECLARE_HANDLE(name) struct name##__{int unused;}; typedef struct name##__ *name 60 | #endif 61 | #else 62 | typedef PVOID HANDLE; 63 | #define DECLARE_HANDLE(name) typedef HANDLE name 64 | #endif 65 | typedef HANDLE *PHANDLE; 66 | 67 | typedef struct _UNICODE_STRING { 68 | USHORT Length; 69 | USHORT MaximumLength; 70 | #ifdef MIDL_PASS 71 | [size_is(MaximumLength / 2), length_is((Length) / 2) ] USHORT * Buffer; 72 | #else // MIDL_PASS 73 | _Field_size_bytes_part_(MaximumLength, Length) PWCH Buffer; 74 | #endif // MIDL_PASS 75 | } UNICODE_STRING; 76 | typedef UNICODE_STRING *PUNICODE_STRING; 77 | 78 | typedef struct _OBJECT_ATTRIBUTES { 79 | ULONG Length; 80 | HANDLE RootDirectory; 81 | PUNICODE_STRING ObjectName; 82 | ULONG Attributes; 83 | PVOID SecurityDescriptor; // Points to type SECURITY_DESCRIPTOR 84 | PVOID SecurityQualityOfService; // Points to type SECURITY_QUALITY_OF_SERVICE 85 | } OBJECT_ATTRIBUTES; 86 | typedef OBJECT_ATTRIBUTES *POBJECT_ATTRIBUTES; 87 | typedef CONST OBJECT_ATTRIBUTES *PCOBJECT_ATTRIBUTES; 88 | 89 | 90 | #endif -------------------------------------------------------------------------------- /ALPC/ntlpcapi.c: -------------------------------------------------------------------------------- 1 | #include "ntlpcapi.h" 2 | 3 | -------------------------------------------------------------------------------- /ALPC/ntlpcapi.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avalon1610/ALPC/d89f7a06be6e3e0bfcea25f5ac5f9fe4e8591dde/ALPC/ntlpcapi.h -------------------------------------------------------------------------------- /Client/Client.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "..\ALPC\ALPC.h" 3 | 4 | #pragma comment(lib,"alpc.lib") 5 | 6 | void main() 7 | { 8 | Connect(L"\\myServer"); 9 | } -------------------------------------------------------------------------------- /Client/Client.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | 14 | {47CDA44C-516E-49F1-8C27-D68F619704D2} 15 | Win32Proj 16 | Client 17 | 18 | 19 | 20 | Application 21 | true 22 | v110 23 | Unicode 24 | 25 | 26 | Application 27 | false 28 | v110 29 | true 30 | Unicode 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | true 44 | ..\bin\$(Platform)\ 45 | 46 | 47 | false 48 | 49 | 50 | 51 | 52 | 53 | Level3 54 | Disabled 55 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) 56 | 57 | 58 | Console 59 | true 60 | ..\lib\$(platform)\;%(AdditionalLibraryDirectories) 61 | 62 | 63 | 64 | 65 | Level3 66 | 67 | 68 | MaxSpeed 69 | true 70 | true 71 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 72 | 73 | 74 | Console 75 | true 76 | true 77 | true 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | -------------------------------------------------------------------------------- /Client/Debug/vc110.idb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avalon1610/ALPC/d89f7a06be6e3e0bfcea25f5ac5f9fe4e8591dde/Client/Debug/vc110.idb -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright {yyyy} {name of copyright owner} 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /Server/Debug/vc110.idb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avalon1610/ALPC/d89f7a06be6e3e0bfcea25f5ac5f9fe4e8591dde/Server/Debug/vc110.idb -------------------------------------------------------------------------------- /Server/Server.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "..\ALPC\ALPC.h" 3 | 4 | #pragma comment(lib,"alpc.lib") 5 | 6 | void wait() 7 | { 8 | MSG msg; 9 | while (GetMessage(&msg,NULL,0,0)) 10 | { 11 | TranslateMessage(&msg); 12 | DispatchMessage(&msg); 13 | } 14 | } 15 | 16 | int main() 17 | { 18 | runServer(L"\\myServer"); 19 | wait(); 20 | } -------------------------------------------------------------------------------- /Server/Server.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | 14 | {1B255101-AA4C-42BB-ADB4-11EA366CAF20} 15 | Win32Proj 16 | Server 17 | 18 | 19 | 20 | Application 21 | true 22 | v110 23 | Unicode 24 | 25 | 26 | Application 27 | false 28 | v110 29 | true 30 | Unicode 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | true 44 | ..\bin\$(Platform)\ 45 | 46 | 47 | false 48 | 49 | 50 | 51 | 52 | 53 | Level3 54 | Disabled 55 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) 56 | MultiThreadedDebug 57 | 58 | 59 | Console 60 | true 61 | ..\lib\$(platform)\;%(AdditionalLibraryDirectories) 62 | RequireAdministrator 63 | 64 | 65 | 66 | 67 | Level3 68 | 69 | 70 | MaxSpeed 71 | true 72 | true 73 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 74 | 75 | 76 | Console 77 | true 78 | true 79 | true 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | -------------------------------------------------------------------------------- /idb/csrsrv.idb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avalon1610/ALPC/d89f7a06be6e3e0bfcea25f5ac5f9fe4e8591dde/idb/csrsrv.idb -------------------------------------------------------------------------------- /idb/ntoskrnl.idb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avalon1610/ALPC/d89f7a06be6e3e0bfcea25f5ac5f9fe4e8591dde/idb/ntoskrnl.idb -------------------------------------------------------------------------------- /lib/Win32/1.txt: -------------------------------------------------------------------------------- 1 | 2 | Dump of file ntdll.lib 3 | 4 | File Type: LIBRARY 5 | 6 | Exports 7 | 8 | ordinal name 9 | 10 | _vDbgPrintExWithPrefix@20 11 | _vDbgPrintEx@16 12 | _ZwYieldExecution@0 13 | _ZwWriteVirtualMemory@20 14 | _ZwWriteRequestData@24 15 | _ZwWriteFileGather@36 16 | _ZwWriteFile@36 17 | _ZwWorkerFactoryWorkerReady@4 18 | _ZwWaitLowEventPair@4 19 | _ZwWaitHighEventPair@4 20 | _ZwWaitForWorkViaWorkerFactory@16 21 | _ZwWaitForWnfNotifications@8 22 | _ZwWaitForSingleObject@12 23 | _ZwWaitForMultipleObjects@20 24 | _ZwWaitForMultipleObjects32@20 25 | _ZwWaitForKeyedEvent@16 26 | _ZwWaitForDebugEvent@16 27 | _ZwWaitForAlertByThreadId@8 28 | _ZwVdmControl@8 29 | _ZwUpdateWnfStateData@28 30 | _ZwUnsubscribeWnfStateChange@4 31 | _ZwUnmapViewOfSectionEx@12 32 | _ZwUnmapViewOfSection@8 33 | _ZwUnlockVirtualMemory@16 34 | _ZwUnlockFile@20 35 | _ZwUnloadKeyEx@8 36 | _ZwUnloadKey@4 37 | _ZwUnloadKey2@8 38 | _ZwUnloadDriver@4 39 | _ZwUmsThreadYield@4 40 | _ZwTranslateFilePath@16 41 | _ZwTraceEvent@16 42 | _ZwTraceControl@24 43 | _ZwThawTransactions@0 44 | _ZwThawRegistry@0 45 | _ZwTestAlert@0 46 | _ZwTerminateThread@8 47 | _ZwTerminateProcess@8 48 | _ZwTerminateJobObject@8 49 | _ZwSystemDebugControl@24 50 | _ZwSuspendThread@8 51 | _ZwSuspendProcess@4 52 | _ZwSubscribeWnfStateChange@16 53 | _ZwStopProfile@4 54 | _ZwStartProfile@4 55 | _ZwSinglePhaseReject@8 56 | _ZwSignalAndWaitForSingleObject@16 57 | _ZwShutdownWorkerFactory@8 58 | _ZwShutdownSystem@4 59 | _ZwSetVolumeInformationFile@20 60 | _ZwSetValueKey@24 61 | _ZwSetUuidSeed@4 62 | _ZwSetTimerResolution@12 63 | _ZwSetTimerEx@16 64 | _ZwSetTimer@28 65 | _ZwSetThreadExecutionState@8 66 | _ZwSetSystemTime@8 67 | _ZwSetSystemPowerState@12 68 | _ZwSetSystemInformation@12 69 | _ZwSetSystemEnvironmentValueEx@20 70 | _ZwSetSystemEnvironmentValue@8 71 | _ZwSetSecurityObject@12 72 | _ZwSetQuotaInformationFile@16 73 | _ZwSetLowWaitHighEventPair@4 74 | _ZwSetLowEventPair@4 75 | _ZwSetLdtEntries@24 76 | _ZwSetIoCompletionEx@24 77 | _ZwSetIoCompletion@20 78 | _ZwSetIntervalProfile@8 79 | _ZwSetInformationWorkerFactory@16 80 | _ZwSetInformationVirtualMemory@24 81 | _ZwSetInformationTransactionManager@16 82 | _ZwSetInformationTransaction@16 83 | _ZwSetInformationToken@16 84 | _ZwSetInformationThread@16 85 | _ZwSetInformationResourceManager@16 86 | _ZwSetInformationProcess@16 87 | _ZwSetInformationObject@16 88 | _ZwSetInformationKey@16 89 | _ZwSetInformationJobObject@16 90 | _ZwSetInformationFile@20 91 | _ZwSetInformationEnlistment@16 92 | _ZwSetInformationDebugObject@20 93 | _ZwSetIRTimer@8 94 | _ZwSetHighWaitLowEventPair@4 95 | _ZwSetHighEventPair@4 96 | _ZwSetEventBoostPriority@4 97 | _ZwSetEvent@8 98 | _ZwSetEaFile@16 99 | _ZwSetDriverEntryOrder@8 100 | _ZwSetDefaultUILanguage@4 101 | _ZwSetDefaultLocale@8 102 | _ZwSetDefaultHardErrorPort@4 103 | _ZwSetDebugFilterState@12 104 | _ZwSetContextThread@8 105 | _ZwSetCachedSigningLevel@20 106 | _ZwSetBootOptions@8 107 | _ZwSetBootEntryOrder@8 108 | _ZwSerializeBoot@0 109 | _ZwSecureConnectPort@36 110 | _ZwSaveMergedKeys@12 111 | _ZwSaveKeyEx@12 112 | _ZwSaveKey@8 113 | _ZwRollforwardTransactionManager@8 114 | _ZwRollbackTransaction@8 115 | _ZwRollbackEnlistment@8 116 | _ZwRollbackComplete@8 117 | _ZwResumeThread@8 118 | _ZwResumeProcess@4 119 | _ZwRestoreKey@12 120 | _ZwResetWriteWatch@12 121 | _ZwResetEvent@8 122 | _ZwRequestWaitReplyPort@12 123 | _ZwRequestPort@8 124 | _ZwReplyWaitReplyPort@8 125 | _ZwReplyWaitReceivePortEx@20 126 | _ZwReplyWaitReceivePort@16 127 | _ZwReplyPort@8 128 | _ZwReplacePartitionUnit@12 129 | _ZwReplaceKey@12 130 | _ZwRenameTransactionManager@8 131 | _ZwRenameKey@8 132 | _ZwRemoveProcessDebug@8 133 | _ZwRemoveIoCompletionEx@24 134 | _ZwRemoveIoCompletion@20 135 | _ZwReleaseWorkerFactoryWorker@4 136 | _ZwReleaseSemaphore@12 137 | _ZwReleaseMutant@8 138 | _ZwReleaseKeyedEvent@16 139 | _ZwRegisterThreadTerminatePort@4 140 | _ZwRegisterProtocolAddressInformation@20 141 | _ZwRecoverTransactionManager@4 142 | _ZwRecoverResourceManager@4 143 | _ZwRecoverEnlistment@8 144 | _ZwReadVirtualMemory@20 145 | _ZwReadRequestData@24 146 | _ZwReadOnlyEnlistment@8 147 | _ZwReadFileScatter@36 148 | _ZwReadFile@36 149 | _ZwRaiseHardError@24 150 | _ZwRaiseException@12 151 | _ZwQueueApcThreadEx@24 152 | _ZwQueueApcThread@20 153 | _ZwQueryWnfStateNameInformation@20 154 | _ZwQueryWnfStateData@24 155 | _ZwQueryVolumeInformationFile@20 156 | _ZwQueryVirtualMemory@24 157 | _ZwQueryValueKey@24 158 | _ZwQueryTimerResolution@12 159 | _ZwQueryTimer@20 160 | _ZwQuerySystemTime@4 161 | _ZwQuerySystemInformationEx@24 162 | _ZwQuerySystemInformation@16 163 | _ZwQuerySystemEnvironmentValueEx@20 164 | _ZwQuerySystemEnvironmentValue@16 165 | _ZwQuerySymbolicLinkObject@12 166 | _ZwQuerySemaphore@20 167 | _ZwQuerySecurityObject@20 168 | _ZwQuerySecurityAttributesToken@24 169 | _ZwQuerySection@20 170 | _ZwQueryQuotaInformationFile@36 171 | _ZwQueryPortInformationProcess@0 172 | _ZwQueryPerformanceCounter@8 173 | _ZwQueryOpenSubKeysEx@16 174 | _ZwQueryOpenSubKeys@8 175 | _ZwQueryObject@20 176 | _ZwQueryMutant@20 177 | _ZwQueryMultipleValueKey@24 178 | _ZwQueryLicenseValue@20 179 | _ZwQueryKey@20 180 | _ZwQueryIoCompletion@20 181 | _ZwQueryIntervalProfile@8 182 | _ZwQueryInstallUILanguage@4 183 | _ZwQueryInformationWorkerFactory@20 184 | _ZwQueryInformationTransactionManager@20 185 | _ZwQueryInformationTransaction@20 186 | _ZwQueryInformationToken@20 187 | _ZwQueryInformationThread@20 188 | _ZwQueryInformationResourceManager@20 189 | _ZwQueryInformationProcess@20 190 | _ZwQueryInformationPort@20 191 | _ZwQueryInformationJobObject@20 192 | _ZwQueryInformationFile@20 193 | _ZwQueryInformationEnlistment@20 194 | _ZwQueryInformationAtom@20 195 | _ZwQueryFullAttributesFile@8 196 | _ZwQueryEvent@20 197 | _ZwQueryEaFile@36 198 | _ZwQueryDriverEntryOrder@8 199 | _ZwQueryDirectoryObject@28 200 | _ZwQueryDirectoryFile@44 201 | _ZwQueryDefaultUILanguage@4 202 | _ZwQueryDefaultLocale@8 203 | _ZwQueryDebugFilterState@8 204 | _ZwQueryBootOptions@8 205 | _ZwQueryBootEntryOrder@8 206 | _ZwQueryAttributesFile@8 207 | _ZwPulseEvent@8 208 | _ZwProtectVirtualMemory@20 209 | _ZwPropagationFailed@12 210 | _ZwPropagationComplete@16 211 | _ZwPrivilegedServiceAuditAlarm@20 212 | _ZwPrivilegeObjectAuditAlarm@24 213 | _ZwPrivilegeCheck@12 214 | _ZwPrepareEnlistment@8 215 | _ZwPrepareComplete@8 216 | _ZwPrePrepareEnlistment@8 217 | _ZwPrePrepareComplete@8 218 | _ZwPowerInformation@20 219 | _ZwPlugPlayControl@12 220 | _ZwOpenTransactionManager@24 221 | _ZwOpenTransaction@20 222 | _ZwOpenTimer@12 223 | _ZwOpenThreadTokenEx@20 224 | _ZwOpenThreadToken@16 225 | _ZwOpenThread@16 226 | _ZwOpenSymbolicLinkObject@12 227 | _ZwOpenSession@12 228 | _ZwOpenSemaphore@12 229 | _ZwOpenSection@12 230 | _ZwOpenResourceManager@20 231 | _ZwOpenProcessTokenEx@16 232 | _ZwOpenProcessToken@12 233 | _ZwOpenProcess@16 234 | _ZwOpenPrivateNamespace@16 235 | _ZwOpenObjectAuditAlarm@48 236 | _ZwOpenMutant@12 237 | _ZwOpenKeyedEvent@12 238 | _ZwOpenKeyTransactedEx@20 239 | _ZwOpenKeyTransacted@16 240 | _ZwOpenKeyEx@16 241 | _ZwOpenKey@12 242 | _ZwOpenJobObject@12 243 | _ZwOpenIoCompletion@12 244 | _ZwOpenFile@24 245 | _ZwOpenEventPair@12 246 | _ZwOpenEvent@12 247 | _ZwOpenEnlistment@20 248 | _ZwOpenDirectoryObject@12 249 | _ZwNotifyChangeSession@32 250 | _ZwNotifyChangeMultipleKeys@48 251 | _ZwNotifyChangeKey@40 252 | _ZwNotifyChangeDirectoryFile@36 253 | _ZwModifyDriverEntry@4 254 | _ZwModifyBootEntry@4 255 | _ZwMapViewOfSection@40 256 | _ZwMapUserPhysicalPagesScatter@12 257 | _ZwMapUserPhysicalPages@12 258 | _ZwMapCMFModule@24 259 | _ZwMakeTemporaryObject@4 260 | _ZwMakePermanentObject@4 261 | _ZwLockVirtualMemory@16 262 | _ZwLockRegistryKey@4 263 | _ZwLockProductActivationKeys@8 264 | _ZwLockFile@40 265 | _ZwLoadKeyEx@32 266 | _ZwLoadKey@8 267 | _ZwLoadKey2@12 268 | _ZwLoadDriver@4 269 | _ZwListenPort@8 270 | _ZwIsUILanguageComitted@0 271 | _ZwIsSystemResumeAutomatic@0 272 | _ZwIsProcessInJob@8 273 | _ZwInitiatePowerAction@16 274 | _ZwInitializeRegistry@4 275 | _ZwInitializeNlsFiles@12 276 | _ZwImpersonateThread@12 277 | _ZwImpersonateClientOfPort@8 278 | _ZwImpersonateAnonymousToken@4 279 | _ZwGetWriteWatch@28 280 | _ZwGetNotificationResourceManager@28 281 | _ZwGetNlsSectionPtr@20 282 | _ZwGetNextThread@24 283 | _ZwGetNextProcess@20 284 | _ZwGetMUIRegistryInfo@12 285 | _ZwGetDevicePowerState@8 286 | _ZwGetCurrentProcessorNumber@0 287 | _ZwGetContextThread@8 288 | _ZwGetCachedSigningLevel@24 289 | _ZwFsControlFile@40 290 | _ZwFreezeTransactions@8 291 | _ZwFreezeRegistry@4 292 | _ZwFreeVirtualMemory@16 293 | _ZwFreeUserPhysicalPages@12 294 | _ZwFlushWriteBuffer@0 295 | _ZwFlushVirtualMemory@16 296 | _ZwFlushProcessWriteBuffers@0 297 | _ZwFlushKey@4 298 | _ZwFlushInstructionCache@12 299 | _ZwFlushInstallUILanguage@8 300 | _ZwFlushBuffersFileEx@20 301 | _ZwFlushBuffersFile@8 302 | _ZwFindAtom@12 303 | _ZwFilterTokenEx@56 304 | _ZwFilterToken@24 305 | _ZwFilterBootOption@20 306 | _ZwExtendSection@8 307 | _ZwEnumerateValueKey@24 308 | _ZwEnumerateTransactionObject@20 309 | _ZwEnumerateSystemEnvironmentValuesEx@12 310 | _ZwEnumerateKey@24 311 | _ZwEnumerateDriverEntries@8 312 | _ZwEnumerateBootEntries@8 313 | _ZwEnableLastKnownGood@0 314 | _ZwDuplicateToken@24 315 | _ZwDuplicateObject@28 316 | _ZwDrawText@4 317 | _ZwDisplayString@4 318 | _ZwDisableLastKnownGood@0 319 | _ZwDeviceIoControlFile@40 320 | _ZwDeleteWnfStateName@4 321 | _ZwDeleteWnfStateData@8 322 | _ZwDeleteValueKey@8 323 | _ZwDeletePrivateNamespace@4 324 | _ZwDeleteObjectAuditAlarm@12 325 | _ZwDeleteKey@4 326 | _ZwDeleteFile@4 327 | _ZwDeleteDriverEntry@4 328 | _ZwDeleteBootEntry@4 329 | _ZwDeleteAtom@4 330 | _ZwDelayExecution@8 331 | _ZwDebugContinue@12 332 | _ZwDebugActiveProcess@8 333 | _ZwCreateWorkerFactory@40 334 | _ZwCreateWnfStateName@28 335 | _ZwCreateWaitablePort@20 336 | _ZwCreateWaitCompletionPacket@12 337 | _ZwCreateUserProcess@44 338 | _ZwCreateTransactionManager@24 339 | _ZwCreateTransaction@40 340 | _ZwCreateTokenEx@68 341 | _ZwCreateToken@52 342 | _ZwCreateTimer@16 343 | _ZwCreateThreadEx@44 344 | _ZwCreateThread@32 345 | _ZwCreateSymbolicLinkObject@16 346 | _ZwCreateSemaphore@20 347 | _ZwCreateSection@28 348 | _ZwCreateResourceManager@28 349 | _ZwCreateProfileEx@40 350 | _ZwCreateProfile@36 351 | _ZwCreateProcessEx@36 352 | _ZwCreateProcess@32 353 | _ZwCreatePrivateNamespace@16 354 | _ZwCreatePort@20 355 | _ZwCreatePagingFile@16 356 | _ZwCreateNamedPipeFile@56 357 | _ZwCreateMutant@16 358 | _ZwCreateMailslotFile@32 359 | _ZwCreateLowBoxToken@36 360 | _ZwCreateKeyedEvent@16 361 | _ZwCreateKeyTransacted@32 362 | _ZwCreateKey@28 363 | _ZwCreateJobSet@12 364 | _ZwCreateJobObject@12 365 | _ZwCreateIoCompletion@16 366 | _ZwCreateIRTimer@8 367 | _ZwCreateFile@44 368 | _ZwCreateEventPair@12 369 | _ZwCreateEvent@20 370 | _ZwCreateEnlistment@32 371 | _ZwCreateDirectoryObjectEx@20 372 | _ZwCreateDirectoryObject@12 373 | _ZwCreateDebugObject@16 374 | _ZwContinue@8 375 | _ZwConnectPort@32 376 | _ZwCompressKey@4 377 | _ZwCompleteConnectPort@4 378 | _ZwCompareTokens@12 379 | _ZwCompactKeys@8 380 | _ZwCommitTransaction@8 381 | _ZwCommitEnlistment@8 382 | _ZwCommitComplete@8 383 | _ZwCloseObjectAuditAlarm@12 384 | _ZwClose@4 385 | _ZwClearEvent@4 386 | _ZwCancelWaitCompletionPacket@8 387 | _ZwCancelTimer@8 388 | _ZwCancelSynchronousIoFile@12 389 | _ZwCancelIoFileEx@12 390 | _ZwCancelIoFile@8 391 | _ZwCallbackReturn@12 392 | _ZwAssociateWaitCompletionPacket@32 393 | _ZwAssignProcessToJobObject@8 394 | _ZwAreMappedFilesTheSame@8 395 | _ZwApphelpCacheControl@8 396 | _ZwAlpcSetInformation@16 397 | _ZwAlpcSendWaitReceivePort@32 398 | _ZwAlpcRevokeSecurityContext@12 399 | _ZwAlpcQueryInformationMessage@24 400 | _ZwAlpcQueryInformation@20 401 | _ZwAlpcOpenSenderThread@24 402 | _ZwAlpcOpenSenderProcess@24 403 | _ZwAlpcImpersonateClientOfPort@12 404 | _ZwAlpcDisconnectPort@8 405 | _ZwAlpcDeleteSecurityContext@12 406 | _ZwAlpcDeleteSectionView@12 407 | _ZwAlpcDeleteResourceReserve@12 408 | _ZwAlpcDeletePortSection@12 409 | _ZwAlpcCreateSecurityContext@12 410 | _ZwAlpcCreateSectionView@12 411 | _ZwAlpcCreateResourceReserve@16 412 | _ZwAlpcCreatePortSection@24 413 | _ZwAlpcCreatePort@12 414 | _ZwAlpcConnectPortEx@44 415 | _ZwAlpcConnectPort@44 416 | _ZwAlpcCancelMessage@12 417 | _ZwAlpcAcceptConnectPort@36 418 | _ZwAllocateVirtualMemory@24 419 | _ZwAllocateUuids@16 420 | _ZwAllocateUserPhysicalPages@12 421 | _ZwAllocateReserveObject@12 422 | _ZwAllocateLocallyUniqueId@4 423 | _ZwAlertThreadByThreadId@4 424 | _ZwAlertThread@4 425 | _ZwAlertResumeThread@8 426 | _ZwAdjustTokenClaimsAndDeviceGroups@64 427 | _ZwAdjustPrivilegesToken@24 428 | _ZwAdjustGroupsToken@24 429 | _ZwAddDriverEntry@8 430 | _ZwAddBootEntry@8 431 | _ZwAddAtomEx@16 432 | _ZwAddAtom@12 433 | _ZwAccessCheckByTypeResultListAndAuditAlarmByHandle@68 434 | _ZwAccessCheckByTypeResultListAndAuditAlarm@64 435 | _ZwAccessCheckByTypeResultList@44 436 | _ZwAccessCheckByTypeAndAuditAlarm@64 437 | _ZwAccessCheckByType@44 438 | _ZwAccessCheckAndAuditAlarm@44 439 | _ZwAccessCheck@32 440 | _ZwAcceptConnectPort@24 441 | _WinSqmStartSession@12 442 | _WinSqmSetString@12 443 | _WinSqmSetIfMinDWORD@12 444 | _WinSqmSetIfMaxDWORD@12 445 | _WinSqmSetEscalationInfo@16 446 | _WinSqmSetDWORD@12 447 | _WinSqmSetDWORD64@16 448 | _WinSqmIsSessionDisabled@4 449 | _WinSqmIsOptedInEx@4 450 | _WinSqmIsOptedIn@0 451 | _WinSqmIncrementDWORD@12 452 | _WinSqmGetInstrumentationProperty@16 453 | _WinSqmGetEscalationRuleStatus@8 454 | _WinSqmEventWrite@12 455 | _WinSqmEventEnabled@8 456 | _WinSqmEndSession@4 457 | _WinSqmCommonDatapointSetString@12 458 | _WinSqmCommonDatapointSetStreamEx@20 459 | _WinSqmCommonDatapointSetDWORD@12 460 | _WinSqmCommonDatapointSetDWORD64@16 461 | _WinSqmCommonDatapointDelete@4 462 | _WinSqmCheckEscalationSetString@16 463 | _WinSqmCheckEscalationSetDWORD@16 464 | _WinSqmCheckEscalationSetDWORD64@20 465 | _WinSqmCheckEscalationAddToStreamEx@20 466 | _WinSqmAddToStreamEx@20 467 | _WinSqmAddToStream@16 468 | _WinSqmAddToAverageDWORD@12 469 | _WerReportSQMEvent@16 470 | _VerSetConditionMask@16 471 | _TpWaitForWork@8 472 | _TpWaitForWait@8 473 | _TpWaitForTimer@8 474 | _TpWaitForJobNotification@4 475 | _TpWaitForIoCompletion@8 476 | _TpWaitForAlpcCompletion@4 477 | _TpStartAsyncIoOperation@4 478 | _TpSimpleTryPost@12 479 | _TpSetWaitEx@16 480 | _TpSetWait@12 481 | _TpSetTimerEx@16 482 | _TpSetTimer@16 483 | _TpSetPoolStackInformation@8 484 | _TpSetPoolMinThreads@8 485 | _TpSetPoolMaxThreads@8 486 | _TpReleaseWork@4 487 | _TpReleaseWait@4 488 | _TpReleaseTimer@4 489 | _TpReleasePool@4 490 | _TpReleaseJobNotification@4 491 | _TpReleaseIoCompletion@4 492 | _TpReleaseCleanupGroupMembers@12 493 | _TpReleaseCleanupGroup@4 494 | _TpReleaseAlpcCompletion@4 495 | _TpQueryPoolStackInformation@8 496 | _TpPostWork@4 497 | _TpIsTimerSet@4 498 | _TpDisassociateCallback@4 499 | _TpCheckTerminateWorker@4 500 | _TpCaptureCaller@4 501 | _TpCancelAsyncIoOperation@4 502 | _TpCallbackUnloadDllOnCompletion@8 503 | _TpCallbackSetEventOnCompletion@8 504 | _TpCallbackReleaseSemaphoreOnCompletion@12 505 | _TpCallbackReleaseMutexOnCompletion@8 506 | _TpCallbackMayRunLong@4 507 | _TpCallbackLeaveCriticalSectionOnCompletion@8 508 | _TpCallbackDetectedUnrecoverableError@4 509 | _TpAllocWork@16 510 | _TpAllocWait@16 511 | _TpAllocTimer@16 512 | _TpAllocPool@8 513 | _TpAllocJobNotification@20 514 | _TpAllocIoCompletion@20 515 | _TpAllocCleanupGroup@4 516 | _TpAllocAlpcCompletion@20 517 | _ShipAssertMsgW@12 518 | _ShipAssertMsgA@12 519 | _ShipAssertGetBufferInfo@8 520 | _ShipAssert@8 521 | _RtlxUnicodeStringToOemSize@4 522 | _RtlxUnicodeStringToAnsiSize@4 523 | _RtlxOemStringToUnicodeSize@4 524 | _RtlxAnsiStringToUnicodeSize@4 525 | _RtlpWaitForCriticalSection@4 526 | _RtlpVerifyAndCommitUILanguageSettings@4 527 | _RtlpUnWaitCriticalSection@4 528 | _RtlpSetUserPreferredUILanguages@12 529 | _RtlpSetPreferredUILanguages@12 530 | _RtlpSetInstallLanguage@8 531 | _RtlpRefreshCachedUILanguage@8 532 | _RtlpQueryDefaultUILanguage@8 533 | _RtlpNtSetValueKey@16 534 | _RtlpNtQueryValueKey@20 535 | _RtlpNtOpenKey@16 536 | _RtlpNtMakeTemporaryKey@4 537 | _RtlpNtEnumerateSubKey@16 538 | _RtlpNtCreateKey@24 539 | _RtlpNotOwnerCriticalSection@4 540 | _RtlpMuiRegLoadRegistryInfo@8 541 | _RtlpMuiRegFreeRegistryInfo@8 542 | _RtlpMuiRegCreateRegistryInfo@0 543 | _RtlpMuiFreeLangRegistryInfo@4 544 | _RtlpMergeSecurityAttributeInformation@16 545 | _RtlpLoadUserUIByPolicy@12 546 | _RtlpLoadMachineUIByPolicy@12 547 | _RtlpIsQualifiedLanguage@12 548 | _RtlpInitializeLangRegistryInfo@4 549 | _RtlpGetUserOrMachineUILanguage4NLS@12 550 | _RtlpGetSystemDefaultUILanguage@8 551 | _RtlpGetNameFromLangInfoNode@12 552 | _RtlpGetLCIDFromLangInfoNode@12 553 | _RtlpEnsureBufferSize@12 554 | _RtlpCreateProcessRegistryInfo@4 555 | _RtlpConvertRelativeToAbsoluteSecurityAttribute@16 556 | _RtlpConvertLCIDsToCultureNames@8 557 | _RtlpConvertCultureNamesToLCIDs@8 558 | _RtlpConvertAbsoluteToRelativeSecurityAttribute@12 559 | _RtlpCleanupRegistryKeys@0 560 | _RtlpCheckDynamicTimeZoneInformation@8 561 | _RtlpApplyLengthFunction@16 562 | _RtlZombifyActivationContext@4 563 | _RtlZeroMemory@8 564 | _RtlWriteRegistryValue@24 565 | _RtlWow64EnableFsRedirectionEx@8 566 | _RtlWow64EnableFsRedirection@4 567 | _RtlWow64CallFunction64@28 568 | _RtlWnfDllUnloadCallback@4 569 | _RtlWnfCompareChangeStamp@8 570 | _RtlWerpReportException@16 571 | _RtlWeaklyEnumerateEntryHashTable@8 572 | _RtlWalkHeap@8 573 | _RtlWalkFrameChain@12 574 | _RtlWakeConditionVariable@4 575 | _RtlWakeAllConditionVariable@4 576 | _RtlWakeAddressSingleNoFence@4 577 | _RtlWakeAddressSingle@4 578 | _RtlWakeAddressAllNoFence@4 579 | _RtlWakeAddressAll@4 580 | _RtlWaitOnAddress@16 581 | _RtlWaitForWnfMetaNotification@24 582 | _RtlVerifyVersionInfo@16 583 | _RtlValidateUnicodeString@8 584 | _RtlValidateProcessHeaps@0 585 | _RtlValidateHeap@12 586 | _RtlValidSid@4 587 | _RtlValidSecurityDescriptor@4 588 | _RtlValidRelativeSecurityDescriptor@12 589 | _RtlValidAcl@4 590 | _RtlUpperString@8 591 | _RtlUpperChar@4 592 | _RtlUpdateTimer@16 593 | _RtlUpdateClonedSRWLock@8 594 | _RtlUpdateClonedCriticalSection@4 595 | _RtlUpcaseUnicodeToOemN@20 596 | _RtlUpcaseUnicodeToMultiByteN@20 597 | _RtlUpcaseUnicodeToCustomCPN@24 598 | _RtlUpcaseUnicodeStringToOemString@12 599 | _RtlUpcaseUnicodeStringToCountedOemString@12 600 | _RtlUpcaseUnicodeString@12 601 | _RtlUpcaseUnicodeChar@4 602 | _RtlUnwind@16 603 | _RtlUnsubscribeWnfStateChangeNotification@4 604 | _RtlUnsubscribeWnfNotificationWithCompletionCallback@12 605 | _RtlUnsubscribeWnfNotificationWaitForCompletion@4 606 | _RtlUnlockModuleSection@4 607 | _RtlUnlockMemoryZone@4 608 | _RtlUnlockMemoryBlockLookaside@4 609 | _RtlUnlockHeap@4 610 | _RtlUnlockCurrentThread@0 611 | _RtlUnlockBootStatusData@4 612 | _RtlUniform@4 613 | _RtlUnicodeToUTF8N@20 614 | _RtlUnicodeToOemN@20 615 | _RtlUnicodeToMultiByteSize@12 616 | _RtlUnicodeToMultiByteN@20 617 | _RtlUnicodeToCustomCPN@24 618 | _RtlUnicodeStringToOemString@12 619 | _RtlUnicodeStringToOemSize@4 620 | _RtlUnicodeStringToInteger@12 621 | _RtlUnicodeStringToCountedOemString@12 622 | _RtlUnicodeStringToAnsiString@12 623 | _RtlUnicodeStringToAnsiSize@4 624 | _RtlUnhandledExceptionFilter@4 625 | _RtlUnhandledExceptionFilter2@8 626 | _RtlUTF8ToUnicodeN@20 627 | _RtlTryEnterCriticalSection@4 628 | _RtlTryConvertSRWLockSharedToExclusiveOrRelease@4 629 | _RtlTryAcquireSRWLockShared@4 630 | _RtlTryAcquireSRWLockExclusive@4 631 | _RtlTryAcquirePebLock@0 632 | _RtlTraceDatabaseValidate@4 633 | _RtlTraceDatabaseUnlock@4 634 | _RtlTraceDatabaseLock@4 635 | _RtlTraceDatabaseFind@16 636 | _RtlTraceDatabaseEnumerate@12 637 | _RtlTraceDatabaseDestroy@4 638 | _RtlTraceDatabaseCreate@20 639 | _RtlTraceDatabaseAdd@16 640 | _RtlTimeToTimeFields@8 641 | _RtlTimeToSecondsSince1980@8 642 | _RtlTimeToSecondsSince1970@8 643 | _RtlTimeToElapsedTimeFields@8 644 | _RtlTimeFieldsToTime@8 645 | _RtlTestBit@8 646 | _RtlTestAndPublishWnfStateData@28 647 | _RtlSystemTimeToLocalTime@8 648 | _RtlSubtreeSuccessor@4 649 | _RtlSubtreePredecessor@4 650 | _RtlSubscribeWnfStateChangeNotification@36 651 | _RtlSubAuthoritySid@8 652 | _RtlSubAuthorityCountSid@4 653 | _RtlStringFromGUID@8 654 | _RtlStartRXact@4 655 | _RtlSplay@4 656 | _RtlSleepConditionVariableSRW@16 657 | _RtlSleepConditionVariableCS@12 658 | _RtlSizeHeap@12 659 | _RtlSidIsHigherLevel@12 660 | _RtlSidHashLookup@8 661 | _RtlSidHashInitialize@12 662 | _RtlSidEqualLevel@12 663 | _RtlSidDominates@12 664 | _RtlSetUserValueHeap@16 665 | _RtlSetUserFlagsHeap@20 666 | _RtlSetUnhandledExceptionFilter@4 667 | _RtlSetTimer@28 668 | _RtlSetTimeZoneInformation@4 669 | _RtlSetThreadPreferredUILanguages@12 670 | _RtlSetThreadPoolStartFunc@8 671 | _RtlSetThreadIsCritical 672 | _RtlSetThreadErrorMode@8 673 | _RtlSetSecurityObjectEx@24 674 | _RtlSetSecurityObject@20 675 | _RtlSetSecurityDescriptorRMControl@8 676 | _RtlSetSearchPathMode@4 677 | _RtlSetSaclSecurityDescriptor@16 678 | _RtlSetProcessIsCritical 679 | _RtlSetProcessDebugInformation@12 680 | _RtlSetPortableOperatingSystem@4 681 | _RtlSetOwnerSecurityDescriptor@12 682 | _RtlSetLastWin32ErrorAndNtStatusFromNtStatus@4 683 | _RtlSetLastWin32Error@4 684 | _RtlSetIoCompletionCallback@12 685 | _RtlSetInformationAcl@16 686 | _RtlSetHeapInformation@16 687 | _RtlSetGroupSecurityDescriptor@12 688 | _RtlSetExtendedFeaturesMask@12 689 | _RtlSetEnvironmentVariable@12 690 | _RtlSetEnvironmentVar@20 691 | _RtlSetEnvironmentStrings@8 692 | _RtlSetDynamicTimeZoneInformation@4 693 | _RtlSetDaclSecurityDescriptor@16 694 | _RtlSetCurrentTransaction@4 695 | _RtlSetCurrentEnvironment@8 696 | _RtlSetCurrentDirectory_U@4 697 | _RtlSetCriticalSectionSpinCount@8 698 | _RtlSetControlSecurityDescriptor@12 699 | _RtlSetBits@12 700 | _RtlSetBit@8 701 | _RtlSetAllBits@4 702 | _RtlSendMsgToSm@8 703 | _RtlSelfRelativeToAbsoluteSD@44 704 | _RtlSelfRelativeToAbsoluteSD2@8 705 | _RtlSecondsSince1980ToTime@8 706 | _RtlSecondsSince1970ToTime@8 707 | _RtlRunOnceInitialize@4 708 | _RtlRunOnceExecuteOnce@16 709 | _RtlRunOnceComplete@12 710 | _RtlRunOnceBeginInitialize@12 711 | _RtlRunEncodeUnicodeString@8 712 | _RtlRunDecodeUnicodeString@8 713 | _RtlRestoreLastWin32Error@4 714 | _RtlResetRtlTranslations@4 715 | _RtlResetMemoryBlockLookaside@4 716 | _RtlReportSqmEscalation@24 717 | _RtlReportSilentProcessExit@8 718 | _RtlReportException@12 719 | _RtlReplaceSidInSd@16 720 | _RtlRemoveVectoredExceptionHandler@4 721 | _RtlRemoveVectoredContinueHandler@4 722 | _RtlRemovePrivileges@12 723 | _RtlRemoveEntryHashTable@12 724 | _RtlRemoteCall@28 725 | _RtlReleaseSRWLockShared@4 726 | _RtlReleaseSRWLockExclusive@4 727 | _RtlReleaseResource@4 728 | _RtlReleaseRelativeName@4 729 | _RtlReleasePrivilege@4 730 | _RtlReleasePebLock@0 731 | _RtlReleasePath@4 732 | _RtlReleaseActivationContext@4 733 | _RtlRegisterWait@24 734 | _RtlRegisterThreadWithCsrss@0 735 | _RtlRegisterSecureMemoryCacheCallback@4 736 | _RtlRegisterForWnfMetaNotification@24 737 | _RtlRealSuccessor@4 738 | _RtlRealPredecessor@4 739 | _RtlReadThreadProfilingData@12 740 | _RtlReAllocateHeap@16 741 | _RtlRbRemoveNode@8 742 | _RtlRbInsertNodeEx@16 743 | _RtlRandomEx@4 744 | _RtlRandom@4 745 | _RtlRaiseStatus@4 746 | _RtlRaiseException@4 747 | _RtlQueueWorkItem@12 748 | _RtlQueueApcWow64Thread@20 749 | _RtlQueryWnfStateDataWithExplicitScope@28 750 | _RtlQueryWnfStateData@24 751 | _RtlQueryWnfMetaNotification@20 752 | _RtlQueryValidationRunlevel@4 753 | _RtlQueryUnbiasedInterruptTime@4 754 | _RtlQueryTimeZoneInformation@4 755 | _RtlQueryThreadProfiling@8 756 | _RtlQuerySecurityObject@20 757 | _RtlQueryRegistryValuesEx@20 758 | _RtlQueryRegistryValues@20 759 | _RtlQueryProcessLockInformation@4 760 | _RtlQueryProcessDebugInformation@12 761 | _RtlQueryProcessBackTraceInformation@4 762 | _RtlQueryPerformanceFrequency@4 763 | _RtlQueryPerformanceCounter@4 764 | _RtlQueryPackageIdentity@24 765 | _RtlQueryInformationActiveActivationContext@16 766 | _RtlQueryInformationActivationContext@28 767 | _RtlQueryInformationAcl@16 768 | _RtlQueryHeapInformation@20 769 | _RtlQueryEnvironmentVariable_U@12 770 | _RtlQueryEnvironmentVariable@24 771 | _RtlQueryElevationFlags@4 772 | _RtlQueryDynamicTimeZoneInformation@4 773 | _RtlQueryDepthSList@4 774 | _RtlQueryAtomInAtomTable@24 775 | _RtlQueryActivationContextApplicationSettings@28 776 | _RtlPushFrame@4 777 | _RtlPublishWnfStateData@24 778 | _RtlProcessFlsData@4 779 | _RtlPrefixUnicodeString@12 780 | _RtlPrefixString@12 781 | _RtlPopFrame@4 782 | _RtlPinAtomInAtomTable@8 783 | _RtlPcToFileHeader@8 784 | _RtlOwnerAcesPresent@4 785 | _RtlOpenCurrentUser@8 786 | _RtlOemToUnicodeN@20 787 | _RtlOemStringToUnicodeString@12 788 | _RtlOemStringToUnicodeSize@4 789 | _RtlNumberOfSetBitsUlongPtr@4 790 | _RtlNumberOfSetBitsInRange@12 791 | _RtlNumberOfSetBits@4 792 | _RtlNumberOfClearBitsInRange@12 793 | _RtlNumberOfClearBits@4 794 | _RtlNumberGenericTableElementsAvl@4 795 | _RtlNumberGenericTableElements@4 796 | _RtlNtStatusToDosErrorNoTeb@4 797 | _RtlNtStatusToDosError@4 798 | _RtlNtPathNameToDosPathName@16 799 | _RtlNormalizeString@20 800 | _RtlNormalizeProcessParams@4 801 | _RtlNewSecurityObjectWithMultipleInheritance@36 802 | _RtlNewSecurityObjectEx@32 803 | _RtlNewSecurityObject@24 804 | _RtlNewSecurityGrantedAccess@24 805 | _RtlNewInstanceSecurityObject@40 806 | _RtlMultipleFreeHeap@16 807 | _RtlMultipleAllocateHeap@20 808 | _RtlMultiByteToUnicodeSize@12 809 | _RtlMultiByteToUnicodeN@20 810 | _RtlMultiAppendUnicodeStringBuffer@12 811 | _RtlMoveMemory@12 812 | _RtlMapSecurityErrorToNtStatus@4 813 | _RtlMapGenericMask@8 814 | _RtlMakeSelfRelativeSD@12 815 | _RtlLookupEntryHashTable@12 816 | _RtlLookupElementGenericTableFullAvl@16 817 | _RtlLookupElementGenericTableFull@16 818 | _RtlLookupElementGenericTableAvl@8 819 | _RtlLookupElementGenericTable@8 820 | _RtlLookupAtomInAtomTable@12 821 | _RtlLogStackBackTrace@0 822 | _RtlLockModuleSection@4 823 | _RtlLockMemoryZone@4 824 | _RtlLockMemoryBlockLookaside@4 825 | _RtlLockHeap@4 826 | _RtlLockCurrentThread@0 827 | _RtlLockBootStatusData@4 828 | _RtlLocateLegacyContext@8 829 | _RtlLocateExtendedFeature@12 830 | _RtlLocaleNameToLcid@12 831 | _RtlLocalTimeToSystemTime@8 832 | _RtlLengthSid@4 833 | _RtlLengthSecurityDescriptor@4 834 | _RtlLengthRequiredSid@4 835 | _RtlLeaveCriticalSection@4 836 | _RtlLcidToLocaleName@16 837 | _RtlLargeIntegerToChar@16 838 | _RtlLargeIntegerSubtract@16 839 | _RtlLargeIntegerShiftRight@12 840 | _RtlLargeIntegerShiftLeft@12 841 | _RtlLargeIntegerNegate@8 842 | _RtlLargeIntegerDivide@20 843 | _RtlLargeIntegerArithmeticShift@12 844 | _RtlLargeIntegerAdd@16 845 | _RtlLCIDToCultureName@8 846 | _RtlKnownExceptionFilter@4 847 | _RtlIsValidLocaleName@8 848 | _RtlIsValidIndexHandle@12 849 | _RtlIsValidHandle@8 850 | _RtlIsUntrustedObject@12 851 | _RtlIsThreadWithinLoaderCallout@0 852 | _RtlIsTextUnicode@12 853 | _RtlIsPackageSid@4 854 | _RtlIsNormalizedString@16 855 | _RtlIsNameLegalDOS8Dot3@12 856 | _RtlIsNameInExpression@16 857 | _RtlIsGenericTableEmptyAvl@4 858 | _RtlIsGenericTableEmpty@4 859 | _RtlIsDosDeviceName_U@4 860 | _RtlIsCriticalSectionLockedByThread@4 861 | _RtlIsCriticalSectionLocked@4 862 | _RtlIsCapabilitySid@4 863 | _RtlIsActivationContextActive@4 864 | _RtlIpv6StringToAddressW@12 865 | _RtlIpv6StringToAddressExW@16 866 | _RtlIpv6StringToAddressExA@16 867 | _RtlIpv6StringToAddressA@12 868 | _RtlIpv6AddressToStringW@8 869 | _RtlIpv6AddressToStringExW@20 870 | _RtlIpv6AddressToStringExA@20 871 | _RtlIpv6AddressToStringA@8 872 | _RtlIpv4StringToAddressW@16 873 | _RtlIpv4StringToAddressExW@16 874 | _RtlIpv4StringToAddressExA@16 875 | _RtlIpv4StringToAddressA@16 876 | _RtlIpv4AddressToStringW@8 877 | _RtlIpv4AddressToStringExW@16 878 | _RtlIpv4AddressToStringExA@16 879 | _RtlIpv4AddressToStringA@8 880 | _RtlIoEncodeMemIoResource@40 881 | _RtlIoDecodeMemIoResource@16 882 | _RtlInterlockedSetBitRun@12 883 | _RtlInterlockedPushListSListEx@16 884 | _RtlInterlockedPushEntrySList@8 885 | _RtlInterlockedPopEntrySList@4 886 | _RtlInterlockedFlushSList@4 887 | _RtlInterlockedCompareExchange64@20 888 | _RtlInterlockedClearBitRun@12 889 | _RtlIntegerToUnicodeString@12 890 | _RtlIntegerToChar@16 891 | _RtlInt64ToUnicodeString@16 892 | _RtlInsertEntryHashTable@16 893 | _RtlInsertElementGenericTableFullAvl@24 894 | _RtlInsertElementGenericTableFull@24 895 | _RtlInsertElementGenericTableAvl@16 896 | _RtlInsertElementGenericTable@16 897 | _RtlInitializeSid@12 898 | _RtlInitializeSRWLock@4 899 | _RtlInitializeSListHead@4 900 | _RtlInitializeResource@4 901 | _RtlInitializeRXact@12 902 | _RtlInitializeHandleTable@12 903 | _RtlInitializeGenericTableAvl@20 904 | _RtlInitializeGenericTable@20 905 | _RtlInitializeExtendedContext@12 906 | _RtlInitializeExceptionChain@4 907 | _RtlInitializeCriticalSectionEx@12 908 | _RtlInitializeCriticalSectionAndSpinCount@8 909 | _RtlInitializeCriticalSection@4 910 | _RtlInitializeConditionVariable@4 911 | _RtlInitializeBitMap@12 912 | _RtlInitializeAtomPackage@4 913 | _RtlInitWeakEnumerationHashTable@8 914 | _RtlInitUnicodeStringEx@8 915 | _RtlInitUnicodeString@8 916 | _RtlInitString@8 917 | _RtlInitNlsTables@16 918 | _RtlInitEnumerationHashTable@8 919 | _RtlInitCodePageTable@8 920 | _RtlInitAnsiStringEx@8 921 | _RtlInitAnsiString@8 922 | _RtlImpersonateSelfEx@12 923 | _RtlImpersonateSelf@4 924 | _RtlImageRvaToVa@16 925 | _RtlImageRvaToSection@12 926 | _RtlImageNtHeaderEx@20 927 | _RtlImageNtHeader@4 928 | _RtlImageDirectoryEntryToData@16 929 | _RtlIdnToUnicode@20 930 | _RtlIdnToNameprepUnicode@20 931 | _RtlIdnToAscii@20 932 | _RtlIdentifierAuthoritySid@4 933 | _RtlHeapTrkInitialize@4 934 | _RtlHashUnicodeString@16 935 | _RtlGetVersion@4 936 | _RtlGetUserPreferredUILanguages@20 937 | _RtlGetUserInfoHeap@20 938 | _RtlGetUnloadEventTraceEx@12 939 | _RtlGetUnloadEventTrace@0 940 | _RtlGetUILanguageInfo@20 941 | _RtlGetThreadPreferredUILanguages@16 942 | _RtlGetThreadLangIdByIndex@16 943 | _RtlGetThreadErrorMode@0 944 | _RtlGetSystemTimePrecise@0 945 | _RtlGetSystemPreferredUILanguages@20 946 | _RtlGetSetBootStatusData@24 947 | _RtlGetSecurityDescriptorRMControl@8 948 | _RtlGetSearchPath@4 949 | _RtlGetSaclSecurityDescriptor@16 950 | _RtlGetProductInfo@20 951 | _RtlGetProcessHeaps@8 952 | _RtlGetOwnerSecurityDescriptor@12 953 | _RtlGetNtVersionNumbers@12 954 | _RtlGetNtProductType@4 955 | _RtlGetNtGlobalFlags@0 956 | _RtlGetNextEntryHashTable@8 957 | _RtlGetNativeSystemInformation@16 958 | _RtlGetLongestNtPathLength@0 959 | _RtlGetLocaleFileMappingAddress@12 960 | _RtlGetLengthWithoutTrailingPathSeperators@12 961 | _RtlGetLengthWithoutLastFullDosOrNtPathElement@12 962 | _RtlGetLastWin32Error@0 963 | _RtlGetLastNtStatus@0 964 | _RtlGetIntegerAtom@8 965 | _RtlGetGroupSecurityDescriptor@12 966 | _RtlGetFullPathName_UstrEx@32 967 | _RtlGetFullPathName_UEx@20 968 | _RtlGetFullPathName_U@16 969 | _RtlGetFrame@0 970 | _RtlGetFileMUIPath@28 971 | _RtlGetExtendedFeaturesMask@4 972 | _RtlGetExtendedContextLength@8 973 | _RtlGetExePath@8 974 | _RtlGetEnabledExtendedFeatures@8 975 | _RtlGetElementGenericTableAvl@8 976 | _RtlGetElementGenericTable@8 977 | _RtlGetDaclSecurityDescriptor@16 978 | _RtlGetCurrentTransaction@0 979 | _RtlGetCurrentProcessorNumberEx@4 980 | _RtlGetCurrentProcessorNumber@0 981 | _RtlGetCurrentPeb@0 982 | _RtlGetCurrentDirectory_U@8 983 | _RtlGetCriticalSectionRecursionCount@4 984 | _RtlGetControlSecurityDescriptor@12 985 | _RtlGetCompressionWorkSpaceSize@12 986 | _RtlGetCallersAddress@8 987 | _RtlGetAppContainerNamedObjectPath@16 988 | _RtlGetActiveActivationContext@4 989 | _RtlGetAce@12 990 | _RtlGenerate8dot3Name@16 991 | _RtlGUIDFromString@8 992 | _RtlFreeUserStack@4 993 | _RtlFreeUnicodeString@4 994 | _RtlFreeThreadActivationContextStack@0 995 | _RtlFreeSid@4 996 | _RtlFreeOemString@4 997 | _RtlFreeMemoryBlockLookaside@8 998 | _RtlFreeHeap@12 999 | _RtlFreeHandle@8 1000 | _RtlFreeAnsiString@4 1001 | _RtlFreeActivationContextStack@4 1002 | _RtlFormatMessageEx@40 1003 | _RtlFormatMessage@36 1004 | _RtlFormatCurrentUserKeyPath@4 1005 | _RtlFlushSecureMemoryCache@8 1006 | _RtlFlsFree@4 1007 | _RtlFlsAlloc@8 1008 | _RtlFirstFreeAce@8 1009 | _RtlFirstEntrySList@4 1010 | _RtlFindSetBitsAndClear@12 1011 | _RtlFindSetBits@12 1012 | _RtlFindNextForwardRunClear@12 1013 | _RtlFindMostSignificantBit@8 1014 | _RtlFindMessage@20 1015 | _RtlFindLongestRunClear@8 1016 | _RtlFindLeastSignificantBit@8 1017 | _RtlFindLastBackwardRunClear@12 1018 | _RtlFindClosestEncodableLength@12 1019 | _RtlFindClearRuns@16 1020 | _RtlFindClearBitsAndSet@12 1021 | _RtlFindClearBits@12 1022 | _RtlFindCharInUnicodeString@16 1023 | _RtlFindActivationContextSectionString@20 1024 | _RtlFindActivationContextSectionGuid@20 1025 | _RtlFillMemoryUlonglong@16 1026 | _RtlFillMemoryUlong@12 1027 | _RtlFillMemory@12 1028 | _RtlExtractBitMap@16 1029 | _RtlExtendedMagicDivide@20 1030 | _RtlExtendedLargeIntegerDivide@16 1031 | _RtlExtendedIntegerMultiply@12 1032 | _RtlExtendMemoryZone@8 1033 | _RtlExtendMemoryBlockLookaside@8 1034 | _RtlExpandHashTable@4 1035 | _RtlExpandEnvironmentStrings_U@16 1036 | _RtlExpandEnvironmentStrings@24 1037 | _RtlExitUserThread@4 1038 | _RtlExitUserProcess@4 1039 | _RtlEthernetStringToAddressW@12 1040 | _RtlEthernetStringToAddressA@12 1041 | _RtlEthernetAddressToStringW@8 1042 | _RtlEthernetAddressToStringA@8 1043 | _RtlEraseUnicodeString@4 1044 | _RtlEqualWnfChangeStamps@8 1045 | _RtlEqualUnicodeString@12 1046 | _RtlEqualString@12 1047 | _RtlEqualSid@8 1048 | _RtlEqualPrefixSid@8 1049 | _RtlEqualLuid@8 1050 | _RtlEqualDomainName@8 1051 | _RtlEqualComputerName@8 1052 | _RtlEnumerateGenericTableWithoutSplayingAvl@8 1053 | _RtlEnumerateGenericTableWithoutSplaying@8 1054 | _RtlEnumerateGenericTableLikeADirectory@28 1055 | _RtlEnumerateGenericTableAvl@8 1056 | _RtlEnumerateGenericTable@8 1057 | _RtlEnumerateEntryHashTable@8 1058 | _RtlEnumProcessHeaps@8 1059 | _RtlEnterCriticalSection@4 1060 | _RtlEnlargedUnsignedMultiply@8 1061 | _RtlEnlargedIntegerMultiply@8 1062 | _RtlEndWeakEnumerationHashTable@8 1063 | _RtlEndEnumerationHashTable@8 1064 | _RtlEncodeSystemPointer@4 1065 | _RtlEncodePointer@4 1066 | _RtlEnableThreadProfiling@20 1067 | _RtlEnableEarlyCriticalSectionEventCreation@0 1068 | _RtlEmptyAtomTable@8 1069 | _RtlDuplicateUnicodeString@12 1070 | _RtlDumpResource@4 1071 | _RtlDowncaseUnicodeString@12 1072 | _RtlDowncaseUnicodeChar@4 1073 | _RtlDosSearchPath_Ustr@36 1074 | _RtlDosSearchPath_U@24 1075 | _RtlDosPathNameToRelativeNtPathName_U_WithStatus@16 1076 | _RtlDosPathNameToRelativeNtPathName_U@16 1077 | _RtlDosPathNameToNtPathName_U_WithStatus@16 1078 | _RtlDosPathNameToNtPathName_U@16 1079 | _RtlDosApplyFileIsolationRedirection_Ustr@36 1080 | _RtlDoesFileExists_U@4 1081 | _RtlDnsHostNameToComputerName@12 1082 | _RtlDllShutdownInProgress@0 1083 | _RtlDisableThreadProfiling@4 1084 | _RtlDetermineDosPathNameType_U@4 1085 | _RtlDetectHeapLeaks@0 1086 | _RtlDestroyQueryDebugBuffer@4 1087 | _RtlDestroyProcessParameters@4 1088 | _RtlDestroyMemoryZone@4 1089 | _RtlDestroyMemoryBlockLookaside@4 1090 | _RtlDestroyHeap@4 1091 | _RtlDestroyHandleTable@4 1092 | _RtlDestroyEnvironment@4 1093 | _RtlDestroyAtomTable@4 1094 | _RtlDeregisterWaitEx@8 1095 | _RtlDeregisterWait@4 1096 | _RtlDeregisterSecureMemoryCacheCallback@4 1097 | _RtlDeleteTimerQueueEx@8 1098 | _RtlDeleteTimerQueue@4 1099 | _RtlDeleteTimer@12 1100 | _RtlDeleteSecurityObject@4 1101 | _RtlDeleteResource@4 1102 | _RtlDeleteRegistryValue@12 1103 | _RtlDeleteNoSplay@8 1104 | _RtlDeleteHashTable@4 1105 | _RtlDeleteElementGenericTableAvlEx@8 1106 | _RtlDeleteElementGenericTableAvl@8 1107 | _RtlDeleteElementGenericTable@8 1108 | _RtlDeleteCriticalSection@4 1109 | _RtlDeleteBoundaryDescriptor@4 1110 | _RtlDeleteAtomFromAtomTable@8 1111 | _RtlDeleteAce@8 1112 | _RtlDelete@4 1113 | _RtlDefaultNpAcl@4 1114 | _RtlDecompressFragment@32 1115 | _RtlDecompressBufferEx@28 1116 | _RtlDecompressBuffer@24 1117 | _RtlDecodeSystemPointer@4 1118 | _RtlDecodePointer@4 1119 | _RtlDebugPrintTimes@0 1120 | _RtlDeactivateActivationContext@8 1121 | _RtlDeNormalizeProcessParams@4 1122 | _RtlDeCommitDebugInfo@12 1123 | _RtlCutoverTimeToSystemTime@16 1124 | _RtlCustomCPToUnicodeN@24 1125 | _RtlCultureNameToLCID@8 1126 | _RtlCreateVirtualAccountSid@16 1127 | _RtlCreateUserThread@40 1128 | _RtlCreateUserStack@24 1129 | _RtlCreateUserSecurityObject@28 1130 | _RtlCreateUserProcess@40 1131 | _RtlCreateUnicodeStringFromAsciiz@8 1132 | _RtlCreateUnicodeString@8 1133 | _RtlCreateTimerQueue@4 1134 | _RtlCreateTimer@28 1135 | _RtlCreateTagHeap@16 1136 | _RtlCreateSystemVolumeInformationFolder@4 1137 | _RtlCreateServiceSid@12 1138 | _RtlCreateSecurityDescriptor@8 1139 | _RtlCreateRegistryKey@8 1140 | _RtlCreateQueryDebugBuffer@8 1141 | _RtlCreateProcessReflection@24 1142 | _RtlCreateProcessParametersEx@44 1143 | _RtlCreateProcessParameters@40 1144 | _RtlCreateMemoryZone@12 1145 | _RtlCreateMemoryBlockLookaside@20 1146 | _RtlCreateHeap@24 1147 | _RtlCreateHashTableEx@16 1148 | _RtlCreateHashTable@12 1149 | _RtlCreateEnvironmentEx@12 1150 | _RtlCreateEnvironment@8 1151 | _RtlCreateBoundaryDescriptor@8 1152 | _RtlCreateBootStatusDataFile@4 1153 | _RtlCreateAtomTable@8 1154 | _RtlCreateAndSetSD@20 1155 | _RtlCreateActivationContext@24 1156 | _RtlCreateAcl@12 1157 | _RtlCrc64@16 1158 | _RtlCrc32@12 1159 | _RtlCopyUnicodeString@8 1160 | _RtlCopyString@8 1161 | _RtlCopySidAndAttributesArray@28 1162 | _RtlCopySid@12 1163 | _RtlCopySecurityDescriptor@8 1164 | _RtlCopyMappedMemory@12 1165 | _RtlCopyLuidAndAttributesArray@12 1166 | _RtlCopyLuid@8 1167 | _RtlCopyExtendedContext@12 1168 | _RtlCopyContext@12 1169 | _RtlCopyBitMap@12 1170 | _RtlConvertUlongToLargeInteger@4 1171 | _RtlConvertUiListToApiList@12 1172 | _RtlConvertToAutoInheritSecurityObject@24 1173 | _RtlConvertSidToUnicodeString@12 1174 | _RtlConvertSharedToExclusive@4 1175 | _RtlConvertLongToLargeInteger@4 1176 | _RtlConvertLCIDToString@20 1177 | _RtlConvertExclusiveToShared@4 1178 | _RtlContractHashTable@4 1179 | _RtlConsoleMultiByteToUnicodeN@24 1180 | _RtlConnectToSm@16 1181 | _RtlComputePrivatizedDllName_U@12 1182 | _RtlComputeImportTableHash@12 1183 | _RtlComputeCrc32@12 1184 | _RtlCompressBuffer@32 1185 | _RtlCompareUnicodeStrings@20 1186 | _RtlCompareUnicodeString@12 1187 | _RtlCompareString@12 1188 | _RtlCompareMemoryUlong@12 1189 | _RtlCompareMemory@12 1190 | _RtlCompareAltitudes@8 1191 | _RtlCompactHeap@8 1192 | _RtlCommitDebugInfo@8 1193 | _RtlCmEncodeMemIoResource@24 1194 | _RtlCmDecodeMemIoResource@8 1195 | _RtlCloneUserProcess@20 1196 | _RtlClearBits@12 1197 | _RtlClearBit@8 1198 | _RtlClearAllBits@4 1199 | _RtlCleanUpTEBLangLists@0 1200 | _RtlCheckTokenMembershipEx@16 1201 | _RtlCheckTokenMembership@12 1202 | _RtlCheckTokenCapability@12 1203 | _RtlCheckRegistryKey@8 1204 | _RtlCheckPortableOperatingSystem@4 1205 | _RtlCheckForOrphanedCriticalSections@4 1206 | _RtlCharToInteger@12 1207 | _RtlCaptureStackContext@12 1208 | _RtlCaptureStackBackTrace@16 1209 | _RtlCaptureContext@4 1210 | _RtlCanonicalizeDomainName@12 1211 | _RtlCancelTimer@8 1212 | _RtlAvlRemoveNode@8 1213 | _RtlAvlInsertNodeEx@16 1214 | _RtlAssert@16 1215 | _RtlAreBitsSet@12 1216 | _RtlAreBitsClear@12 1217 | _RtlAreAnyAccessesGranted@8 1218 | _RtlAreAllAccessesGranted@8 1219 | _RtlApplyRXactNoFlush@4 1220 | _RtlApplyRXact@4 1221 | _RtlApplicationVerifierStop@40 1222 | _RtlAppendUnicodeToString@8 1223 | _RtlAppendUnicodeStringToString@8 1224 | _RtlAppendStringToString@8 1225 | _RtlAppendPathElement@12 1226 | _RtlAppendAsciizToString@8 1227 | _RtlAnsiStringToUnicodeString@12 1228 | _RtlAnsiStringToUnicodeSize@4 1229 | _RtlAnsiCharToUnicodeChar@4 1230 | _RtlAllocateWnfSerializationGroup@0 1231 | _RtlAllocateMemoryZone@12 1232 | _RtlAllocateMemoryBlockLookaside@12 1233 | _RtlAllocateHeap@12 1234 | _RtlAllocateHandle@8 1235 | _RtlAllocateAndInitializeSid@44 1236 | _RtlAllocateActivationContextStack@4 1237 | _RtlAdjustPrivilege@16 1238 | _RtlAddressInSectionTable@12 1239 | _RtlAddVectoredExceptionHandler@8 1240 | _RtlAddVectoredContinueHandler@8 1241 | _RtlAddScopedPolicyIDAce@20 1242 | _RtlAddSIDToBoundaryDescriptor@8 1243 | _RtlAddResourceAttributeAce@28 1244 | _RtlAddRefActivationContext@4 1245 | _RtlAddMandatoryAce@24 1246 | _RtlAddIntegrityLabelToBoundaryDescriptor@8 1247 | _RtlAddAuditAccessObjectAce@36 1248 | _RtlAddAuditAccessAceEx@28 1249 | _RtlAddAuditAccessAce@24 1250 | _RtlAddAttributeActionToRXact@32 1251 | _RtlAddAtomToAtomTable@12 1252 | _RtlAddActionToRXact@24 1253 | _RtlAddAce@20 1254 | _RtlAddAccessDeniedObjectAce@28 1255 | _RtlAddAccessDeniedAceEx@20 1256 | _RtlAddAccessDeniedAce@16 1257 | _RtlAddAccessAllowedObjectAce@28 1258 | _RtlAddAccessAllowedAceEx@20 1259 | _RtlAddAccessAllowedAce@16 1260 | _RtlActivateActivationContextEx@16 1261 | _RtlActivateActivationContext@12 1262 | _RtlAcquireSRWLockShared@4 1263 | _RtlAcquireSRWLockExclusive@4 1264 | _RtlAcquireResourceShared@8 1265 | _RtlAcquireResourceExclusive@8 1266 | _RtlAcquireReleaseSRWLockExclusive@4 1267 | _RtlAcquirePrivilege@16 1268 | _RtlAcquirePebLock@0 1269 | _RtlAbsoluteToSelfRelativeSD@12 1270 | _RtlAbortRXact@4 1271 | _PfxRemovePrefix@8 1272 | _PfxInsertPrefix@12 1273 | _PfxInitialize@4 1274 | _PfxFindPrefix@8 1275 | _NtYieldExecution@0 1276 | _NtWriteVirtualMemory@20 1277 | _NtWriteRequestData@24 1278 | _NtWriteFileGather@36 1279 | _NtWriteFile@36 1280 | _NtWorkerFactoryWorkerReady@4 1281 | _NtWaitLowEventPair@4 1282 | _NtWaitHighEventPair@4 1283 | _NtWaitForWorkViaWorkerFactory@16 1284 | _NtWaitForWnfNotifications@8 1285 | _NtWaitForSingleObject@12 1286 | _NtWaitForMultipleObjects@20 1287 | _NtWaitForMultipleObjects32@20 1288 | _NtWaitForKeyedEvent@16 1289 | _NtWaitForDebugEvent@16 1290 | _NtWaitForAlertByThreadId@8 1291 | _NtVdmControl@8 1292 | _NtUpdateWnfStateData@28 1293 | _NtUnsubscribeWnfStateChange@4 1294 | _NtUnmapViewOfSectionEx@12 1295 | _NtUnmapViewOfSection@8 1296 | _NtUnlockVirtualMemory@16 1297 | _NtUnlockFile@20 1298 | _NtUnloadKeyEx@8 1299 | _NtUnloadKey@4 1300 | _NtUnloadKey2@8 1301 | _NtUnloadDriver@4 1302 | _NtUmsThreadYield@4 1303 | _NtTranslateFilePath@16 1304 | _NtTraceEvent@16 1305 | _NtTraceControl@24 1306 | _NtThawTransactions@0 1307 | _NtThawRegistry@0 1308 | _NtTestAlert@0 1309 | _NtTerminateThread@8 1310 | _NtTerminateProcess@8 1311 | _NtTerminateJobObject@8 1312 | _NtSystemDebugControl@24 1313 | _NtSuspendThread@8 1314 | _NtSuspendProcess@4 1315 | _NtSubscribeWnfStateChange@16 1316 | _NtStopProfile@4 1317 | _NtStartProfile@4 1318 | _NtSinglePhaseReject@8 1319 | _NtSignalAndWaitForSingleObject@16 1320 | _NtShutdownWorkerFactory@8 1321 | _NtShutdownSystem@4 1322 | _NtSetVolumeInformationFile@20 1323 | _NtSetValueKey@24 1324 | _NtSetUuidSeed@4 1325 | _NtSetTimerResolution@12 1326 | _NtSetTimerEx@16 1327 | _NtSetTimer@28 1328 | _NtSetThreadExecutionState@8 1329 | _NtSetSystemTime@8 1330 | _NtSetSystemPowerState@12 1331 | _NtSetSystemInformation@12 1332 | _NtSetSystemEnvironmentValueEx@20 1333 | _NtSetSystemEnvironmentValue@8 1334 | _NtSetSecurityObject@12 1335 | _NtSetQuotaInformationFile@16 1336 | _NtSetLowWaitHighEventPair@4 1337 | _NtSetLowEventPair@4 1338 | _NtSetLdtEntries@24 1339 | _NtSetIoCompletionEx@24 1340 | _NtSetIoCompletion@20 1341 | _NtSetIntervalProfile@8 1342 | _NtSetInformationWorkerFactory@16 1343 | _NtSetInformationVirtualMemory@24 1344 | _NtSetInformationTransactionManager@16 1345 | _NtSetInformationTransaction@16 1346 | _NtSetInformationToken@16 1347 | _NtSetInformationThread@16 1348 | _NtSetInformationResourceManager@16 1349 | _NtSetInformationProcess@16 1350 | _NtSetInformationObject@16 1351 | _NtSetInformationKey@16 1352 | _NtSetInformationJobObject@16 1353 | _NtSetInformationFile@20 1354 | _NtSetInformationEnlistment@16 1355 | _NtSetInformationDebugObject@20 1356 | _NtSetIRTimer@8 1357 | _NtSetHighWaitLowEventPair@4 1358 | _NtSetHighEventPair@4 1359 | _NtSetEventBoostPriority@4 1360 | _NtSetEvent@8 1361 | _NtSetEaFile@16 1362 | _NtSetDriverEntryOrder@8 1363 | _NtSetDefaultUILanguage@4 1364 | _NtSetDefaultLocale@8 1365 | _NtSetDefaultHardErrorPort@4 1366 | _NtSetDebugFilterState@12 1367 | _NtSetContextThread@8 1368 | _NtSetCachedSigningLevel@20 1369 | _NtSetBootOptions@8 1370 | _NtSetBootEntryOrder@8 1371 | _NtSerializeBoot@0 1372 | _NtSecureConnectPort@36 1373 | _NtSaveMergedKeys@12 1374 | _NtSaveKeyEx@12 1375 | _NtSaveKey@8 1376 | _NtRollforwardTransactionManager@8 1377 | _NtRollbackTransaction@8 1378 | _NtRollbackEnlistment@8 1379 | _NtRollbackComplete@8 1380 | _NtResumeThread@8 1381 | _NtResumeProcess@4 1382 | _NtRestoreKey@12 1383 | _NtResetWriteWatch@12 1384 | _NtResetEvent@8 1385 | _NtRequestWaitReplyPort@12 1386 | _NtRequestPort@8 1387 | _NtReplyWaitReplyPort@8 1388 | _NtReplyWaitReceivePortEx@20 1389 | _NtReplyWaitReceivePort@16 1390 | _NtReplyPort@8 1391 | _NtReplacePartitionUnit@12 1392 | _NtReplaceKey@12 1393 | _NtRenameTransactionManager@8 1394 | _NtRenameKey@8 1395 | _NtRemoveProcessDebug@8 1396 | _NtRemoveIoCompletionEx@24 1397 | _NtRemoveIoCompletion@20 1398 | _NtReleaseWorkerFactoryWorker@4 1399 | _NtReleaseSemaphore@12 1400 | _NtReleaseMutant@8 1401 | _NtReleaseKeyedEvent@16 1402 | _NtRegisterThreadTerminatePort@4 1403 | _NtRegisterProtocolAddressInformation@20 1404 | _NtRecoverTransactionManager@4 1405 | _NtRecoverResourceManager@4 1406 | _NtRecoverEnlistment@8 1407 | _NtReadVirtualMemory@20 1408 | _NtReadRequestData@24 1409 | _NtReadOnlyEnlistment@8 1410 | _NtReadFileScatter@36 1411 | _NtReadFile@36 1412 | _NtRaiseHardError@24 1413 | _NtRaiseException@12 1414 | _NtQueueApcThreadEx@24 1415 | _NtQueueApcThread@20 1416 | _NtQueryWnfStateNameInformation@20 1417 | _NtQueryWnfStateData@24 1418 | _NtQueryVolumeInformationFile@20 1419 | _NtQueryVirtualMemory@24 1420 | _NtQueryValueKey@24 1421 | _NtQueryTimerResolution@12 1422 | _NtQueryTimer@20 1423 | _NtQuerySystemTime@4 1424 | _NtQuerySystemInformationEx@24 1425 | _NtQuerySystemInformation@16 1426 | _NtQuerySystemEnvironmentValueEx@20 1427 | _NtQuerySystemEnvironmentValue@16 1428 | _NtQuerySymbolicLinkObject@12 1429 | _NtQuerySemaphore@20 1430 | _NtQuerySecurityObject@20 1431 | _NtQuerySecurityAttributesToken@24 1432 | _NtQuerySection@20 1433 | _NtQueryQuotaInformationFile@36 1434 | _NtQueryPortInformationProcess@0 1435 | _NtQueryPerformanceCounter@8 1436 | _NtQueryOpenSubKeysEx@16 1437 | _NtQueryOpenSubKeys@8 1438 | _NtQueryObject@20 1439 | _NtQueryMutant@20 1440 | _NtQueryMultipleValueKey@24 1441 | _NtQueryLicenseValue@20 1442 | _NtQueryKey@20 1443 | _NtQueryIoCompletion@20 1444 | _NtQueryIntervalProfile@8 1445 | _NtQueryInstallUILanguage@4 1446 | _NtQueryInformationWorkerFactory@20 1447 | _NtQueryInformationTransactionManager@20 1448 | _NtQueryInformationTransaction@20 1449 | _NtQueryInformationToken@20 1450 | _NtQueryInformationThread@20 1451 | _NtQueryInformationResourceManager@20 1452 | _NtQueryInformationProcess@20 1453 | _NtQueryInformationPort@20 1454 | _NtQueryInformationJobObject@20 1455 | _NtQueryInformationFile@20 1456 | _NtQueryInformationEnlistment@20 1457 | _NtQueryInformationAtom@20 1458 | _NtQueryFullAttributesFile@8 1459 | _NtQueryEvent@20 1460 | _NtQueryEaFile@36 1461 | _NtQueryDriverEntryOrder@8 1462 | _NtQueryDirectoryObject@28 1463 | _NtQueryDirectoryFile@44 1464 | _NtQueryDefaultUILanguage@4 1465 | _NtQueryDefaultLocale@8 1466 | _NtQueryDebugFilterState@8 1467 | _NtQueryBootOptions@8 1468 | _NtQueryBootEntryOrder@8 1469 | _NtQueryAttributesFile@8 1470 | _NtPulseEvent@8 1471 | _NtProtectVirtualMemory@20 1472 | _NtPropagationFailed@12 1473 | _NtPropagationComplete@16 1474 | _NtPrivilegedServiceAuditAlarm@20 1475 | _NtPrivilegeObjectAuditAlarm@24 1476 | _NtPrivilegeCheck@12 1477 | _NtPrepareEnlistment@8 1478 | _NtPrepareComplete@8 1479 | _NtPrePrepareEnlistment@8 1480 | _NtPrePrepareComplete@8 1481 | _NtPowerInformation@20 1482 | _NtPlugPlayControl@12 1483 | _NtOpenTransactionManager@24 1484 | _NtOpenTransaction@20 1485 | _NtOpenTimer@12 1486 | _NtOpenThreadTokenEx@20 1487 | _NtOpenThreadToken@16 1488 | _NtOpenThread@16 1489 | _NtOpenSymbolicLinkObject@12 1490 | _NtOpenSession@12 1491 | _NtOpenSemaphore@12 1492 | _NtOpenSection@12 1493 | _NtOpenResourceManager@20 1494 | _NtOpenProcessTokenEx@16 1495 | _NtOpenProcessToken@12 1496 | _NtOpenProcess@16 1497 | _NtOpenPrivateNamespace@16 1498 | _NtOpenObjectAuditAlarm@48 1499 | _NtOpenMutant@12 1500 | _NtOpenKeyedEvent@12 1501 | _NtOpenKeyTransactedEx@20 1502 | _NtOpenKeyTransacted@16 1503 | _NtOpenKeyEx@16 1504 | _NtOpenKey@12 1505 | _NtOpenJobObject@12 1506 | _NtOpenIoCompletion@12 1507 | _NtOpenFile@24 1508 | _NtOpenEventPair@12 1509 | _NtOpenEvent@12 1510 | _NtOpenEnlistment@20 1511 | _NtOpenDirectoryObject@12 1512 | _NtNotifyChangeSession@32 1513 | _NtNotifyChangeMultipleKeys@48 1514 | _NtNotifyChangeKey@40 1515 | _NtNotifyChangeDirectoryFile@36 1516 | _NtModifyDriverEntry@4 1517 | _NtModifyBootEntry@4 1518 | _NtMapViewOfSection@40 1519 | _NtMapUserPhysicalPagesScatter@12 1520 | _NtMapUserPhysicalPages@12 1521 | _NtMapCMFModule@24 1522 | _NtMakeTemporaryObject@4 1523 | _NtMakePermanentObject@4 1524 | _NtLockVirtualMemory@16 1525 | _NtLockRegistryKey@4 1526 | _NtLockProductActivationKeys@8 1527 | _NtLockFile@40 1528 | _NtLoadKeyEx@32 1529 | _NtLoadKey@8 1530 | _NtLoadKey2@12 1531 | _NtLoadDriver@4 1532 | _NtListenPort@8 1533 | _NtIsUILanguageComitted@0 1534 | _NtIsSystemResumeAutomatic@0 1535 | _NtIsProcessInJob@8 1536 | _NtInitiatePowerAction@16 1537 | _NtInitializeRegistry@4 1538 | _NtInitializeNlsFiles@12 1539 | _NtImpersonateThread@12 1540 | _NtImpersonateClientOfPort@8 1541 | _NtImpersonateAnonymousToken@4 1542 | _NtGetWriteWatch@28 1543 | _NtGetTickCount@0 1544 | _NtGetNotificationResourceManager@28 1545 | _NtGetNlsSectionPtr@20 1546 | _NtGetNextThread@24 1547 | _NtGetNextProcess@20 1548 | _NtGetMUIRegistryInfo@12 1549 | _NtGetDevicePowerState@8 1550 | _NtGetCurrentProcessorNumber@0 1551 | _NtGetContextThread@8 1552 | _NtGetCachedSigningLevel@24 1553 | _NtFsControlFile@40 1554 | _NtFreezeTransactions@8 1555 | _NtFreezeRegistry@4 1556 | _NtFreeVirtualMemory@16 1557 | _NtFreeUserPhysicalPages@12 1558 | _NtFlushWriteBuffer@0 1559 | _NtFlushVirtualMemory@16 1560 | _NtFlushProcessWriteBuffers@0 1561 | _NtFlushKey@4 1562 | _NtFlushInstructionCache@12 1563 | _NtFlushInstallUILanguage@8 1564 | _NtFlushBuffersFileEx@20 1565 | _NtFlushBuffersFile@8 1566 | _NtFindAtom@12 1567 | _NtFilterTokenEx@56 1568 | _NtFilterToken@24 1569 | _NtFilterBootOption@20 1570 | _NtExtendSection@8 1571 | _NtEnumerateValueKey@24 1572 | _NtEnumerateTransactionObject@20 1573 | _NtEnumerateSystemEnvironmentValuesEx@12 1574 | _NtEnumerateKey@24 1575 | _NtEnumerateDriverEntries@8 1576 | _NtEnumerateBootEntries@8 1577 | _NtEnableLastKnownGood@0 1578 | _NtDuplicateToken@24 1579 | _NtDuplicateObject@28 1580 | _NtDrawText@4 1581 | _NtDisplayString@4 1582 | _NtDisableLastKnownGood@0 1583 | _NtDeviceIoControlFile@40 1584 | _NtDeleteWnfStateName@4 1585 | _NtDeleteWnfStateData@8 1586 | _NtDeleteValueKey@8 1587 | _NtDeletePrivateNamespace@4 1588 | _NtDeleteObjectAuditAlarm@12 1589 | _NtDeleteKey@4 1590 | _NtDeleteFile@4 1591 | _NtDeleteDriverEntry@4 1592 | _NtDeleteBootEntry@4 1593 | _NtDeleteAtom@4 1594 | _NtDelayExecution@8 1595 | _NtDebugContinue@12 1596 | _NtDebugActiveProcess@8 1597 | _NtCurrentTeb@0 1598 | _NtCreateWorkerFactory@40 1599 | _NtCreateWnfStateName@28 1600 | _NtCreateWaitablePort@20 1601 | _NtCreateWaitCompletionPacket@12 1602 | _NtCreateUserProcess@44 1603 | _NtCreateTransactionManager@24 1604 | _NtCreateTransaction@40 1605 | _NtCreateTokenEx@68 1606 | _NtCreateToken@52 1607 | _NtCreateTimer@16 1608 | _NtCreateThreadEx@44 1609 | _NtCreateThread@32 1610 | _NtCreateSymbolicLinkObject@16 1611 | _NtCreateSemaphore@20 1612 | _NtCreateSection@28 1613 | _NtCreateResourceManager@28 1614 | _NtCreateProfileEx@40 1615 | _NtCreateProfile@36 1616 | _NtCreateProcessEx@36 1617 | _NtCreateProcess@32 1618 | _NtCreatePrivateNamespace@16 1619 | _NtCreatePort@20 1620 | _NtCreatePagingFile@16 1621 | _NtCreateNamedPipeFile@56 1622 | _NtCreateMutant@16 1623 | _NtCreateMailslotFile@32 1624 | _NtCreateLowBoxToken@36 1625 | _NtCreateKeyedEvent@16 1626 | _NtCreateKeyTransacted@32 1627 | _NtCreateKey@28 1628 | _NtCreateJobSet@12 1629 | _NtCreateJobObject@12 1630 | _NtCreateIoCompletion@16 1631 | _NtCreateIRTimer@8 1632 | _NtCreateFile@44 1633 | _NtCreateEventPair@12 1634 | _NtCreateEvent@20 1635 | _NtCreateEnlistment@32 1636 | _NtCreateDirectoryObjectEx@20 1637 | _NtCreateDirectoryObject@12 1638 | _NtCreateDebugObject@16 1639 | _NtContinue@8 1640 | _NtConnectPort@32 1641 | _NtCompressKey@4 1642 | _NtCompleteConnectPort@4 1643 | _NtCompareTokens@12 1644 | _NtCompactKeys@8 1645 | _NtCommitTransaction@8 1646 | _NtCommitEnlistment@8 1647 | _NtCommitComplete@8 1648 | _NtCloseObjectAuditAlarm@12 1649 | _NtClose@4 1650 | _NtClearEvent@4 1651 | _NtCancelWaitCompletionPacket@8 1652 | _NtCancelTimer@8 1653 | _NtCancelSynchronousIoFile@12 1654 | _NtCancelIoFileEx@12 1655 | _NtCancelIoFile@8 1656 | _NtCallbackReturn@12 1657 | _NtAssociateWaitCompletionPacket@32 1658 | _NtAssignProcessToJobObject@8 1659 | _NtAreMappedFilesTheSame@8 1660 | _NtApphelpCacheControl@8 1661 | _NtAlpcSetInformation@16 1662 | _NtAlpcSendWaitReceivePort@32 1663 | _NtAlpcRevokeSecurityContext@12 1664 | _NtAlpcQueryInformationMessage@24 1665 | _NtAlpcQueryInformation@20 1666 | _NtAlpcOpenSenderThread@24 1667 | _NtAlpcOpenSenderProcess@24 1668 | _NtAlpcImpersonateClientOfPort@12 1669 | _NtAlpcDisconnectPort@8 1670 | _NtAlpcDeleteSecurityContext@12 1671 | _NtAlpcDeleteSectionView@12 1672 | _NtAlpcDeleteResourceReserve@12 1673 | _NtAlpcDeletePortSection@12 1674 | _NtAlpcCreateSecurityContext@12 1675 | _NtAlpcCreateSectionView@12 1676 | _NtAlpcCreateResourceReserve@16 1677 | _NtAlpcCreatePortSection@24 1678 | _NtAlpcCreatePort@12 1679 | _NtAlpcConnectPortEx@44 1680 | _NtAlpcConnectPort@44 1681 | _NtAlpcCancelMessage@12 1682 | _NtAlpcAcceptConnectPort@36 1683 | _NtAllocateVirtualMemory@24 1684 | _NtAllocateUuids@16 1685 | _NtAllocateUserPhysicalPages@12 1686 | _NtAllocateReserveObject@12 1687 | _NtAllocateLocallyUniqueId@4 1688 | _NtAlertThreadByThreadId@4 1689 | _NtAlertThread@4 1690 | _NtAlertResumeThread@8 1691 | _NtAdjustTokenClaimsAndDeviceGroups@64 1692 | _NtAdjustPrivilegesToken@24 1693 | _NtAdjustGroupsToken@24 1694 | _NtAddDriverEntry@8 1695 | _NtAddBootEntry@8 1696 | _NtAddAtomEx@16 1697 | _NtAddAtom@12 1698 | _NtAccessCheckByTypeResultListAndAuditAlarmByHandle@68 1699 | _NtAccessCheckByTypeResultListAndAuditAlarm@64 1700 | _NtAccessCheckByTypeResultList@44 1701 | _NtAccessCheckByTypeAndAuditAlarm@64 1702 | _NtAccessCheckByType@44 1703 | _NtAccessCheckAndAuditAlarm@44 1704 | _NtAccessCheck@32 1705 | _NtAcceptConnectPort@24 1706 | _NlsMbOemCodePageTag 1707 | _NlsMbCodePageTag 1708 | _NlsAnsiCodePage 1709 | _LdrpResGetResourceDirectory@20 1710 | _LdrpResGetMappingSize@16 1711 | _LdrVerifyImageMatchesChecksumEx@8 1712 | _LdrVerifyImageMatchesChecksum@16 1713 | _LdrUnlockLoaderLock@8 1714 | _LdrUnloadDll@4 1715 | _LdrUnloadAlternateResourceModuleEx@8 1716 | _LdrUnloadAlternateResourceModule@4 1717 | _LdrSystemDllInitBlock 1718 | _LdrShutdownThread@0 1719 | _LdrShutdownProcess@0 1720 | _LdrSetMUICacheType@4 1721 | _LdrSetDllManifestProber@12 1722 | _LdrSetDllDirectory@4 1723 | _LdrSetDefaultDllDirectories@4 1724 | _LdrSetAppCompatDllRedirectionCallback@12 1725 | _LdrResolveDelayLoadsFromDll@12 1726 | _LdrResolveDelayLoadedAPI@24 1727 | _LdrResSearchResource@32 1728 | _LdrResRelease@12 1729 | _LdrResFindResourceDirectory@28 1730 | _LdrResFindResource@36 1731 | _LdrRemoveLoadAsDataTable@16 1732 | _LdrRemoveDllDirectory@4 1733 | _LdrQueryProcessModuleInformation@12 1734 | _LdrQueryOptionalDelayLoadedAPI@16 1735 | _LdrQueryModuleServiceTags@12 1736 | _LdrQueryImageFileKeyOption@24 1737 | _LdrQueryImageFileExecutionOptionsEx@28 1738 | _LdrQueryImageFileExecutionOptions@24 1739 | _LdrProcessRelocationBlockEx@20 1740 | _LdrProcessRelocationBlock@16 1741 | _LdrOpenImageFileOptionsKey@12 1742 | _LdrLockLoaderLock@12 1743 | _LdrLoadDll@16 1744 | _LdrLoadAlternateResourceModuleEx@20 1745 | _LdrLoadAlternateResourceModule@16 1746 | _LdrInitShimEngineDynamic@8 1747 | _LdrGetProcedureAddressForCaller@24 1748 | _LdrGetProcedureAddressEx@20 1749 | _LdrGetProcedureAddress@16 1750 | _LdrGetFileNameFromLoadAsDataTable@8 1751 | _LdrGetDllPath@16 1752 | _LdrGetDllHandleEx@20 1753 | _LdrGetDllHandleByName@12 1754 | _LdrGetDllHandleByMapping@8 1755 | _LdrGetDllHandle@16 1756 | _LdrGetDllFullName@8 1757 | _LdrGetDllDirectory@4 1758 | _LdrFlushAlternateResourceModules@0 1759 | _LdrFindResource_U@16 1760 | _LdrFindResourceEx_U@20 1761 | _LdrFindResourceDirectory_U@16 1762 | _LdrFindEntryForAddress@8 1763 | _LdrEnumerateLoadedModules@12 1764 | _LdrEnumResources@20 1765 | _LdrDisableThreadCalloutsForDll@4 1766 | _LdrAppxHandleIntegrityFailure@4 1767 | _LdrAddRefDll@8 1768 | _LdrAddLoadAsDataTable@20 1769 | _LdrAddDllDirectory@8 1770 | _LdrAccessResource@16 1771 | _EvtIntReportEventAndSourceAsync@44 1772 | _EvtIntReportAuthzEventAndSourceAsync@44 1773 | _EtwpGetCpuSpeed@8 1774 | _EtwpCreateEtwThread@8 1775 | _EtwWriteUMSecurityEvent@16 1776 | _EtwUnregisterTraceGuids@8 1777 | _EtwTraceMessageVa@24 1778 | _EtwTraceMessage 1779 | _EtwTraceEventInstance@20 1780 | _EtwSendNotification@20 1781 | _EtwReplyNotification@4 1782 | _EtwRegisterTraceGuidsW@32 1783 | _EtwRegisterTraceGuidsA@32 1784 | _EtwRegisterSecurityProvider@0 1785 | _EtwProcessPrivateLoggerRequest@4 1786 | _EtwNotificationUnregister@12 1787 | _EtwNotificationRegister@20 1788 | _EtwLogTraceEvent@12 1789 | _EtwGetTraceLoggerHandle@4 1790 | _EtwGetTraceEnableLevel@8 1791 | _EtwGetTraceEnableFlags@8 1792 | _EtwEventWriteTransfer@28 1793 | _EtwEventWriteString@24 1794 | _EtwEventWriteStartScenario@20 1795 | _EtwEventWriteNoRegistration@16 1796 | _EtwEventWriteFull@32 1797 | _EtwEventWriteEx@40 1798 | _EtwEventWriteEndScenario@20 1799 | _EtwEventWrite@20 1800 | _EtwEventUnregister@8 1801 | _EtwEventSetInformation@20 1802 | _EtwEventRegister@16 1803 | _EtwEventProviderEnabled@20 1804 | _EtwEventEnabled@12 1805 | _EtwEventActivityIdControl@8 1806 | _EtwEnumerateProcessRegGuids@12 1807 | _EtwDeliverDataBlock@4 1808 | _EtwCreateTraceInstanceId@8 1809 | _DbgUserBreakPoint@0 1810 | _DbgUiWaitStateChange@8 1811 | _DbgUiStopDebugging@4 1812 | _DbgUiSetThreadDebugObject@4 1813 | _DbgUiRemoteBreakin@4 1814 | _DbgUiIssueRemoteBreakin@4 1815 | _DbgUiGetThreadDebugObject@0 1816 | _DbgUiDebugActiveProcess@4 1817 | _DbgUiConvertStateChangeStructure@8 1818 | _DbgUiContinue@8 1819 | _DbgUiConnectToDbg@0 1820 | _DbgSetDebugFilterState@12 1821 | _DbgQueryDebugFilterState@8 1822 | _DbgPrompt@12 1823 | _DbgPrintReturnControlC 1824 | _DbgPrintEx 1825 | _DbgPrint 1826 | _DbgBreakPoint@0 1827 | _CsrVerifyRegion@8 1828 | _CsrSetPriorityClass@8 1829 | _CsrIdentifyAlertableThread@0 1830 | _CsrGetProcessId@0 1831 | _CsrFreeCaptureBuffer@4 1832 | _CsrClientConnectToServer@20 1833 | _CsrClientCallServer@16 1834 | _CsrCaptureTimeout@8 1835 | _CsrCaptureMessageString@20 1836 | _CsrCaptureMessageMultiUnicodeStringsInPlace@12 1837 | _CsrCaptureMessageBuffer@16 1838 | _CsrAllocateMessagePointer@12 1839 | _CsrAllocateCaptureBuffer@8 1840 | _AlpcUnregisterCompletionListWorkerThread@4 1841 | _AlpcUnregisterCompletionList@4 1842 | _AlpcRundownCompletionList@4 1843 | _AlpcRegisterCompletionListWorkerThread@4 1844 | _AlpcRegisterCompletionList@20 1845 | _AlpcMaxAllowedMessageLength@0 1846 | _AlpcInitializeMessageAttribute@16 1847 | _AlpcGetOutstandingCompletionListMessageCount@4 1848 | _AlpcGetMessageFromCompletionList@8 1849 | _AlpcGetMessageAttribute@8 1850 | _AlpcGetHeaderSize@4 1851 | _AlpcGetCompletionListMessageAttributes@8 1852 | _AlpcGetCompletionListLastMessageInformation@12 1853 | _AlpcFreeCompletionListMessage@8 1854 | _AlpcAdjustCompletionListConcurrencyCount@8 1855 | @RtlUshortByteSwap@4 1856 | @RtlUlonglongByteSwap@8 1857 | @RtlUlongByteSwap@4 1858 | @RtlInterlockedPushListSList@16 1859 | @RtlDeactivateActivationContextUnsafeFast@4 1860 | @RtlActivateActivationContextUnsafeFast@8 1861 | 1862 | Summary 1863 | 1864 | BD .debug$S 1865 | 14 .idata$2 1866 | 14 .idata$3 1867 | 4 .idata$4 1868 | 4 .idata$5 1869 | A .idata$6 1870 | --------------------------------------------------------------------------------