VISTA SSDT dump

最新推荐文章于 2022-06-10 15:30:00 发布
最新推荐文章于 2022-06-10 15:30:00 发布
阅读量1.4k 收藏
点赞数
分类专栏: windows底层核心編程 文章标签: file service c function system table

 

| Verify Syetem Service Table v0.2 |
| by Scott |
| 2007-04-20 |
| xscott_at_126[dot]com |
| http://www.phpfav.com |
+———————————-+

USAGE:
VSST OPERATION

Operation:
check Verify system service function (complete)
fix (uncomplete)

**************************************************************
vsst check

SERVICE NUMBER: 0
ServiceFunciton: NtAcceptConnectPort
File_SDT_Addr: 0×81A210FE
FILE_VALUE:: 8B FF 55 8B EC 64 A1 24 01 00 00 66 FF 88 80 00 00 00 56 57
Memory_SDT_Addr: 0×81A210FE
MEMO_VALUE:: 8B FF 55 8B EC 64 A1 24 01 00

SERVICE NUMBER: 1
ServiceFunciton: NtAccessCheck
File_SDT_Addr: 0×81833B38
FILE_VALUE:: 8B FF 55 8B EC 33 C0 50 FF 75 24 FF 75 20 FF 75 1C FF 75 18
Memory_SDT_Addr: 0×81833B38
MEMO_VALUE:: 8B FF 55 8B EC 33 C0 50 FF 75

SERVICE NUMBER: 2
ServiceFunciton: NtAccessCheckAndAuditAlarm
File_SDT_Addr: 0×819EA12D
FILE_VALUE:: 8B FF 55 8B EC 33 C0 50 FF 75 30 FF 75 2C FF 75 28 FF 75 20
Memory_SDT_Addr: 0×819EA12D
MEMO_VALUE:: 8B FF 55 8B EC 33 C0 50 FF 75

SERVICE NUMBER: 3
ServiceFunciton: NtAccessCheckByType
File_SDT_Addr: 0×81824756
FILE_VALUE:: 8B FF 55 8B EC 6A 00 FF 75 30 FF 75 2C FF 75 28 FF 75 24 FF
Memory_SDT_Addr: 0×81824756
MEMO_VALUE:: 8B FF 55 8B EC 6A 00 FF 75 30

SERVICE NUMBER: 4
ServiceFunciton: NtAccessCheckByTypeAndAuditAlarm
File_SDT_Addr: 0×81A242D2
FILE_VALUE:: 8B FF 55 8B EC 6A 00 FF 75 44 FF 75 40 FF 75 3C FF 75 34 FF
Memory_SDT_Addr: 0×81A242D2
MEMO_VALUE:: 8B FF 55 8B EC 6A 00 FF 75 44

SERVICE NUMBER: 5
ServiceFunciton: NtAccessCheckByTypeResultList
File_SDT_Addr: 0×818CF632
FILE_VALUE:: 8B FF 55 8B EC 6A 01 FF 75 30 FF 75 2C FF 75 28 FF 75 24 FF
Memory_SDT_Addr: 0×818CF632
MEMO_VALUE:: 8B FF 55 8B EC 6A 01 FF 75 30

SERVICE NUMBER: 6
ServiceFunciton: NtAccessCheckByTypeResultListAndAuditAlarm
File_SDT_Addr: 0×81A7CB4F
FILE_VALUE:: 8B FF 55 8B EC 6A 01 FF 75 44 FF 75 40 FF 75 3C FF 75 34 FF
Memory_SDT_Addr: 0×81A7CB4F
MEMO_VALUE:: 8B FF 55 8B EC 6A 01 FF 75 44

SERVICE NUMBER: 7
ServiceFunciton: NtAccessCheckByTypeResultListAndAuditAlarmByHandle
File_SDT_Addr: 0×81A7CB98
FILE_VALUE:: 8B FF 55 8B EC 6A 01 FF 75 48 8D 45 10 FF 75 44 FF 75 40 FF
Memory_SDT_Addr: 0×81A7CB98
MEMO_VALUE:: 8B FF 55 8B EC 6A 01 FF 75 48

SERVICE NUMBER: 8
ServiceFunciton: NtAddAtom
File_SDT_Addr: 0×81A14182
FILE_VALUE:: 68 1C 02 00 00 68 38 1B 44 00 E8 97 2C E4 FF FF 15 90 AB 4E
Memory_SDT_Addr: 0×81A14182
MEMO_VALUE:: 68 1C 02 00 00 68 38 1B 84 81

SERVICE NUMBER: 9
ServiceFunciton: NtAddBootEntry
File_SDT_Addr: 0×81A9291A
FILE_VALUE:: 8B FF 55 8B EC 83 3D 70 57 4F 00 02 74 07 B8 02 00 00 C0 EB
Memory_SDT_Addr: 0×81A9291A
MEMO_VALUE:: 8B FF 55 8B EC 83 3D 70 57 8F

SERVICE NUMBER: 10
ServiceFunciton: NtAddDriverEntry
File_SDT_Addr: 0×81A93BBE
FILE_VALUE:: 8B FF 55 8B EC 83 3D 70 57 4F 00 02 74 07 B8 02 00 00 C0 EB
Memory_SDT_Addr: 0×81A93BBE
MEMO_VALUE:: 8B FF 55 8B EC 83 3D 70 57 8F

SERVICE NUMBER: 11
ServiceFunciton: NtAdjustGroupsToken
File_SDT_Addr: 0×819821EE
FILE_VALUE:: 6A 54 68 28 FD 43 00 E8 2E 4C ED FF 33 D2 89 55 D4 89 55 E4
Memory_SDT_Addr: 0×819821EE
MEMO_VALUE:: 6A 54 68 28 FD 83 81 E8 2E 4C

SERVICE NUMBER: 12
ServiceFunciton: NtAdjustPrivilegesToken
File_SDT_Addr: 0×819F690C
FILE_VALUE:: 6A 50 68 68 FD 43 00 E8 10 05 E6 FF 33 F6 89 75 D8 89 75 E0
Memory_SDT_Addr: 0×819F690C
MEMO_VALUE:: 6A 50 68 68 FD 83 81 E8 10 05

SERVICE NUMBER: 13
ServiceFunciton: NtAlertResumeThread
File_SDT_Addr: 0×81A6DCEB
FILE_VALUE:: 6A 18 68 B0 F1 43 00 E8 31 91 DE FF 64 A1 24 01 00 00 8A 98
Memory_SDT_Addr: 0×81A6DCEB
MEMO_VALUE:: 6A 18 68 B0 F1 83 81 E8 31 91

SERVICE NUMBER: 14
ServiceFunciton: NtAlertThread
File_SDT_Addr: 0×81A6DC93
FILE_VALUE:: 8B FF 55 8B EC 51 51 64 A1 24 01 00 00 8A 80 E7 00 00 00 6A
Memory_SDT_Addr: 0×81A6DC93
MEMO_VALUE:: 8B FF 55 8B EC 51 51 64 A1 24

SERVICE NUMBER: 15
ServiceFunciton: NtAllocateLocallyUniqueId
File_SDT_Addr: 0×8199DE7F
FILE_VALUE:: 6A 10 68 88 BF 43 00 E8 9D 8F EB FF 83 65 FC 00 64 A1 24 01
Memory_SDT_Addr: 0×8199DE7F
MEMO_VALUE:: 6A 10 68 88 BF 83 81 E8 9D 8F

SERVICE NUMBER: 16
ServiceFunciton: NtAllocateUserPhysicalPages
File_SDT_Addr: 0×81A5F573
FILE_VALUE:: 6A 64 68 18 16 44 00 E8 A9 78 DF FF 33 DB 89 5D E0 64 8B 35
Memory_SDT_Addr: 0×81A5F573
MEMO_VALUE:: 6A 64 68 18 16 84 81 E8 A9 78

SERVICE NUMBER: 17
ServiceFunciton: NtAll ocateUuids
File_SDT_Addr: 0×819ABD82
FILE_VALUE:: 6A 28 68 D8 ED 43 00 E8 9A B0 EA FF 83 65 FC 00 64 A1 24 01
Memory_SDT_Addr: 0×819ABD82
MEMO_VALUE:: 6A 28 68 D8 ED 83 81 E8 9A B0

SERVICE NUMBER: 18
ServiceFunciton: NtAllocateVirtualMemory
File_SDT_Addr: 0×819C95B8
FILE_VALUE:: 68 A0 00 00 00 68 C8 04 44 00 E8 61 D8 E8 FF 33 F6 39 75 10
Memory_SDT_Addr: 0×819C95B8
MEMO_VALUE:: 68 A0 00 00 00 68 C8 04 84 81

SERVICE NUMBER: 19
ServiceFunciton: NtAlpcAcceptConnectPort
File_SDT_Addr: 0×819E617D
FILE_VALUE:: 8B FF 55 8B EC 64 A1 24 01 00 00 66 FF 88 80 00 00 00 57 6A
Memory_SDT_Addr: 0×819E617D
MEMO_VALUE:: 8B FF 55 8B EC 64 A1 24 01 00

SERVICE NUMBER: 20
ServiceFunciton: NtAlpcCancelMessage
File_SDT_Addr: 0×81971F5D
FILE_VALUE:: 6A 24 68 98 D0 43 00 E8 BF 4E EE FF 64 A1 24 01 00 00 66 FF
Memory_SDT_Addr: 0×81971F5D
MEMO_VALUE:: 6A 24 68 98 D0 83 81 E8 BF 4E

SERVICE NUMBER: 21
ServiceFunciton: NtAlpcConnectPort
File_SDT_Addr: 0×819E526A
FILE_VALUE:: 6A 50 68 20 17 44 00 E8 B2 1B E7 FF 64 A1 24 01 00 00 66 FF
Memory_SDT_Addr: 0×819E526A
MEMO_VALUE:: 6A 50 68 20 17 84 81 E8 B2 1B

SERVICE NUMBER: 22
ServiceFunciton: NtAlpcCreatePort
File_SDT_Addr: 0×819A67D7
FILE_VALUE:: 8B FF 55 8B EC 64 A1 24 01 00 00 66 FF 88 80 00 00 00 57 6A
Memory_SDT_Addr: 0×819A67D7
MEMO_VALUE:: 8B FF 55 8B EC 64 A1 24 01 00

SERVICE NUMBER: 23
ServiceFunciton: NtAlpcCreatePortSection
File_SDT_Addr: 0×819A9ED3
FILE_VALUE:: 6A 1C 68 E8 D6 43 00 E8 49 CF EA FF 64 A1 24 01 00 00 66 FF
Memory_SDT_Addr: 0×819A9ED3
MEMO_VALUE:: 6A 1C 68 E8 D6 83 81 E8 49 CF

SERVICE NUMBER: 24
ServiceFunciton: NtAlpcCreateResourceReserve
File_SDT_Addr: 0×81994F74
FILE_VALUE:: 6A 18 68 28 CB 43 00 E8 A8 1E EC FF 64 A1 24 01 00 00 66 FF
Memory_SDT_Addr: 0×81994F74
MEMO_VALUE:: 6A 18 68 28 CB 83 81 E8 A8 1E

SERVICE NUMBER: 25
ServiceFunciton: NtAlpcCreateSectionView
File_SDT_Addr: 0×819A9CA3
FILE_VALUE:: 6A 2C 68 B0 DA 43 00 E8 79 D1 EA FF 64 A1 24 01 00 00 66 FF
Memory_SDT_Addr: 0×819A9CA3
MEMO_VALUE:: 6A 2C 68 B0 DA 83 81 E8 79 D1

SERVICE NUMBER: 26
ServiceFunciton: NtAlpcCreateSecurityContext
File_SDT_Addr: 0×81A1937A
FILE_VALUE:: 6A 30 68 38 D2 43 00 E8 A2 DA E3 FF 64 A1 24 01 00 00 66 FF
Memory_SDT_Addr: 0×81A1937A
MEMO_VALUE:: 6A 30 68 38 D2 83 81 E8 A2 DA

SERVICE NUMBER: 27
ServiceFunciton: NtAlpcDeletePortSection
File_SDT_Addr: 0×819AA06D
FILE_VALUE:: 8B FF 55 8B EC 51 64 A1 24 01 00 00 66 FF 88 80 00 00 00 83
Memory_SDT_Addr: 0×819AA06D
MEMO_VALUE:: 8B FF 55 8B EC 51 64 A1 24 01

SERVICE NUMBER: 28
ServiceFunciton: NtAlpcDeleteResourceReserve
File_SDT_Addr: 0×81A583BE
FILE_VALUE:: 8B FF 55 8B EC 51 64 A1 24 01 00 00 66 FF 88 80 00 00 00 83
Memory_SDT_Addr: 0×81A583BE
MEMO_VALUE:: 8B FF 55 8B EC 51 64 A1 24 01

SERVICE NUMBER: 29
ServiceFunciton: NtAlpcDeleteSectionView
File_SDT_Addr: 0×81991540
FILE_VALUE:: 8B FF 55 8B EC 83 E4 F8 64 A1 24 01 00 00 83 EC 14 66 FF 88
Memory_SDT_Addr: 0×81991540
MEMO_VALUE:: 8B FF 55 8B EC 83 E4 F8 64 A1

SERVICE NUMBER: 30
ServiceFunciton: NtAlpcDeleteSecurityContext
File_SDT_Addr: 0×81A245F0
FILE_VALUE:: 8B FF 55 8B EC 51 64 A1 24 01 00 00 66 FF 88 80 00 00 00 83
Memory_SDT_Addr: 0×81A245F0
MEMO_VALUE:: 8B FF 55 8B EC 51 64 A1 24 01

SERVICE NUMBER: 31
ServiceFunciton: NtAlpcDisconnectPort
File_SDT_Addr: 0×81992358
FILE_VALUE:: 8B FF 55 8B EC 51 51 64 A1 24 01 00 00 66 FF 88 80 00 00 00
Memory_SDT_Addr: 0×81992358
MEMO_VALUE:: 8B FF 55 8B EC 51 51 64 A1 24

SERVICE NUMBER: 32
ServiceFunciton: NtAlpcImpersonateClientOfPort
File_SDT_Addr: 0×819E9F85
FILE_VALUE:: 6A 20 68 50 ED 43 00 E8 97 CE E6 FF 64 A1 24 01 00 00 66 FF
Memory_SDT_Addr: 0×819E9F85
MEMO_VALUE:: 6A 20 68 50 ED 83 81 E8 97 CE

SERVICE NUMBER: 33
ServiceFunciton: NtAlpcOpenSenderProcess
File_SDT_Addr: 0×81A59A04
FILE_VALUE:: 6A 54 68 90 EF 43 00 E8 18 D4 DF FF 64 A1 24 01 00 00 66 FF
Memory_SDT_Addr: 0×81A59A04
MEMO_VALUE:: 6A 54 68 90 EF 83 81 E8 18 D4

SERVICE NUMBER: 34
ServiceFunciton: NtAlpcOpenSenderThread
File_SDT_Addr: 0×81A59FB7
FILE_VALUE:: 6A 54 68 68 EF 43 00 E8 65 CE DF FF 64 A1 24 01 00 00 66 FF
Memory_SDT_Addr: 0×81A59FB7
MEMO_VALUE:: 6A 54 68 68 EF 83 81 E8 65 CE

SERVICE NUMBER: 35
ServiceFunciton: NtAlpcQueryInformation
File_SDT_Addr: 0×819A8690
FILE_VALUE:: 6A 54 68 40 16 44 00 E8 8C E7 EA FF 64 A1 24 01 00 00 66 FF
Memory_SDT_Addr: 0×819A8690
MEMO_VALUE:: 6A 54 68 40 16 84 81 E8 8C E7

SERVICE NUMBER: 36
ServiceFunciton: NtAlpcQueryInformationMessage
File_SDT_Addr: 0×819E9C0E
FILE_VALUE:: 6A 28 68 98 16 44 00 E8 0E D2 E6 FF 64 A1 24 01 00 00 66 FF
Memory_SDT_Addr: 0×819E9C0E
MEMO_VALUE:: 6A 28 68 98 16 84 81 E8 0E D2

SERVICE NUMBER: 37
ServiceFunciton: NtAlpcRevokeSecurityContext
File_SDT_Addr: 0×81A584DE
FILE_VALUE:: 8B FF 55 8B EC 51 64 A1 24 01 00 00 66 FF 88 80 00 00 00 53
Memory_SDT_Addr: 0×81A584DE
MEMO_VALUE:: 8B FF 55 8B EC 51 64 A1 24 01

SERVICE NUMBER: 38
ServiceFunciton: NtAlpcSendWaitReceivePort
File_SDT_Addr: 0×819E549B
FILE_VALUE:: 8B FF 55 8B EC 83 E4 F8 83 EC 2C 64 A1 24 01 00 00 66 FF 88
Memory_SDT_Addr: 0×819E549B
MEMO_VALUE:: 8B FF 55 8B EC 83 E4 F8 83 EC

SERVICE NUMBER: 39
ServiceFunciton: NtAlpcSetInformation
File_SDT_Addr: 0×8199E184
FILE_VALUE:: 6A 7C 68 88 2C 44 00 E8 98 8C EB FF 64 A1 24 01 00 00 66 FF
Memory_SDT_Addr: 0×8199E184
MEMO_VALUE:: 6A 7C 68 88 2C 84 81 E8 98 8C

SERVICE NUMBER: 40
ServiceFunciton: NtApphelpCacheControl
File_SDT_Addr: 0×81A13685
FILE_VALUE:: 6A 30 68 80 B0 43 00 E8 97 37 E4 FF 83 4D E4 FF 33 DB 66 89
Memory_SDT_Addr: 0×81A13685
MEMO_VALUE:: 6A 30 68 80 B0 83 81 E8 97 37

SERVICE NUMBER: 41
ServiceFunciton: NtAreMappedFilesTheSame
File_SDT_Addr: 0×81961B6C
FILE_VALUE:: 8B FF 55 8B EC 51 51 56 64 8B 35 24 01 00 00 8B 46 48 66 FF
Memory_SDT_Addr: 0×81961B6C
MEMO_VALUE:: 8B FF 55 8B EC 51 51 56 64 8B

SERVICE NUMBER: 42
ServiceFunciton: NtAssignProcessToJobObject
File_SDT_Addr: 0×819AE4D8
FILE_VALUE:: 8B FF 55 8B EC 83 EC 18 56 64 8B 35 24 01 00 00 8A 86 E7 00
Memory_SDT_Addr: 0×819AE4D8
MEMO_VALUE:: 8B FF 55 8B EC 83 EC 18 56 64

SERVICE NUMBER: 43
ServiceFunciton: NtCallbackReturn
File_SDT_Addr: 0×81856B4C
FILE_VALUE:: 64 A1 24 01 00 00 83 B8 28 01 00 00 00 8B 48 28 0F 84 F0 00
Memory_SDT_Addr: 0×81856B4C
MEMO_VALUE:: 64 A1 24 01 00 00 83 B8 28 01

SERVICE NUMBER: 44
ServiceFunciton: NtCancelDeviceWakeupRequest
File_SDT_Addr: 0×81A68475
FILE_VALUE:: B8 02 00 00 C0 C2 04 00 90 90 90 CC CC CC CC CC CC 90 90 90
Memory_SDT_Addr: 0×81A68475
MEMO_VALUE:: B8 02 00 00 C0 C2 04 00 90 90

SERVICE NUMBER: 45
ServiceFunciton: NtCancelIoFile
File_SDT_Addr: 0×819840EF
FILE_VALUE:: 6A 20 68 E0 DF 43 00 E8 2D 2D ED FF C6 45 E7 00 64 8B 35 24
Memory_SDT_Addr: 0×819840EF
MEMO_VALUE:: 6A 20 68 E0 DF 83 81 E8 2D 2D

SERVICE NUMBER: 46
ServiceFunciton: NtCancelTimer
File_SDT_Addr: 0×8182478C
FILE_VALUE:: 6A 1C 68 10 CA 43 00 E8 90 26 03 00 64 A1 24 01 00 00 8A 80
Memory_SDT_Addr: 0×8182478C
MEMO_VALUE:: 6A 1C 68 10 CA 83 81 E8 90 26

SERVICE NUMBER: 47
ServiceFunciton: NtClearEvent
File_SDT_Addr: 0×81A22858
FILE_VALUE:: 8B FF 55 8B EC 51 51 64 A1 24 01 00 00 8A 80 E7 00 00 00 56
Memory_SDT_Addr: 0×81A22858
MEMO_VALUE:: 8B FF 55 8B EC 51 51 64 A1 24

SERVICE NUMBER: 48
ServiceFunciton: NtClose
File_SDT_Addr: 0×819DC838
FILE_VALUE:: 8B FF 55 8B EC 51 64 A1 24 01 00 00 8A 80 E7 00 00 00 88 45
Memory_SDT_Addr: 0×819DC838
MEMO_VALUE:: 8B FF 55 8B EC 51 64 A1 24 01

SERVICE NUMBER: 49
ServiceFunciton: NtCloseObjectAuditAlarm
File_SDT_Addr: 0×81A241F7
FILE_VALUE:: 6A 28 68 38 11 44 00 E8 25 2C E3 FF 33 DB 89 5D E4 64 A1 24
Memory_SDT_Addr: 0×81A241F7
MEMO_VALUE:: 6A 28 68 38 11 84 81 E8 25 2C

SERVICE NUMBER: 50
ServiceFunciton: NtCompactKeys
File_SDT_Addr: 0×81A293EF
FILE_VALUE:: 6A 24 68 88 29 44 00 E8 2D DA E2 FF E8 6A D6 F4 FF 89 45 E4
Memory_SDT_Addr: 0×81A293EF
MEMO_VALUE:: 6A 24 68 88 29 84 81 E8 2D DA

SERVICE NUMBER: 51
ServiceFunciton: NtCompareTokens
File_SDT_Addr: 0×819A98C6
FILE_VALUE:: 6A 30 68 A8 FB 43 00 E8 56 D5 EA FF 33 FF 89 7D DC 89 7D D8
Memory_SDT_Addr: 0×819A98C6
MEMO_VALUE:: 6A 30 68 A8 FB 83 81 E8 56 D5

SERVI CE NUMBER: 52
ServiceFunciton: NtCompleteConnectPort
File_SDT_Addr: 0×81A2117B
FILE_VALUE:: 33 C0 C2 04 00 90 90 90 90 90 8B FF 55 8B EC 51 53 8B 5D 10
Memory_SDT_Addr: 0×81A2117B
MEMO_VALUE:: 33 C0 C2 04 00 90 90 90 90 90

SERVICE NUMBER: 53
ServiceFunciton: NtCompressKey
File_SDT_Addr: 0×81A29679
FILE_VALUE:: 8B FF 55 8B EC 83 E4 F8 51 51 56 57 E8 E0 D3 F4 FF 85 C0 0F
Memory_SDT_Addr: 0×81A29679
MEMO_VALUE:: 8B FF 55 8B EC 83 E4 F8 51 51

SERVICE NUMBER: 54
ServiceFunciton: NtConnectPort
File_SDT_Addr: 0×81A210D1
FILE_VALUE:: 8B FF 55 8B EC FF 75 24 FF 75 20 FF 75 1C FF 75 18 6A 00 FF
Memory_SDT_Addr: 0×81A210D1
MEMO_VALUE:: 8B FF 55 8B EC FF 75 24 FF 75

SERVICE NUMBER: 55
ServiceFunciton: NtContinue
File_SDT_Addr: 0×81849C48
FILE_VALUE:: 55 64 8B 1D 24 01 00 00 8B 55 3C 89 93 20 01 00 00 8B EC 8B
Memory_SDT_Addr: 0×81849C48
MEMO_VALUE:: 55 64 8B 1D 24 01 00 00 8B 55

SERVICE NUMBER: 56
ServiceFunciton: NtCreateDebugObject
File_SDT_Addr: 0×81A3B026
FILE_VALUE:: 6A 20 68 68 CF 43 00 E8 F6 BD E1 FF 64 A1 24 01 00 00 8A 80
Memory_SDT_Addr: 0×81A3B026
MEMO_VALUE:: 6A 20 68 68 CF 83 81 E8 F6 BD

SERVICE NUMBER: 57
ServiceFunciton: NtCreateDirectoryObject
File_SDT_Addr: 0×81963D50
FILE_VALUE:: 6A 1C 68 B8 CE 43 00 E8 CC 30 EF FF 33 DB 89 5D DC 64 A1 24
Memory_SDT_Addr: 0×81963D50
MEMO_VALUE:: 6A 1C 68 B8 CE 83 81 E8 CC 30

SERVICE NUMBER: 58
ServiceFunciton: NtCreateEvent
File_SDT_Addr: 0×81A07D3D
FILE_VALUE:: 6A 1C 68 30 D0 43 00 E8 DF F0 E4 FF 64 A1 24 01 00 00 8A 80
Memory_SDT_Addr: 0×81A07D3D
MEMO_VALUE:: 6A 1C 68 30 D0 83 81 E8 DF F0

SERVICE NUMBER: 59
ServiceFunciton: NtCreateEventPair
File_SDT_Addr: 0×81A97299
FILE_VALUE:: 6A 1C 68 E0 CF 43 00 E8 83 FB DB FF 64 A1 24 01 00 00 8A 80
Memory_SDT_Addr: 0×81A97299
MEMO_VALUE:: 6A 1C 68 E0 CF 83 81 E8 83 FB

SERVICE NUMBER: 60
ServiceFunciton: NtCreateFile
File_SDT_Addr: 0×81A18769
FILE_VALUE:: 8B FF 55 8B EC 51 33 C0 50 6A 20 50 50 50 FF 75 30 FF 75 2C
Memory_SDT_Addr: 0×81A18769
MEMO_VALUE:: 8B FF 55 8B EC 51 33 C0 50 6A

SERVICE NUMBER: 61
ServiceFunciton: NtCreateIoCompletion
File_SDT_Addr: 0×81A12ADB
FILE_VALUE:: 6A 1C 68 40 CF 43 00 E8 41 43 E4 FF 64 A1 24 01 00 00 8A 80
Memory_SDT_Addr: 0×81A12ADB
MEMO_VALUE:: 6A 1C 68 40 CF 83 81 E8 41 43

SERVICE NUMBER: 62
ServiceFunciton: NtCreateJobObject
File_SDT_Addr: 0×819B0B04
FILE_VALUE:: 6A 20 68 90 F2 43 00 E8 18 63 EA FF 64 8B 3D 24 01 00 00 8A
Memory_SDT_Addr: 0×819B0B04
MEMO_VALUE:: 6A 20 68 90 F2 83 81 E8 18 63

SERVICE NUMBER: 63
ServiceFunciton: NtCreateJobSet
File_SDT_Addr: 0×81A6FA13
FILE_VALUE:: 6A 18 68 40 FE 43 00 E8 09 74 DE FF 33 FF 39 7D 10 0F 85 7C
Memory_SDT_Addr: 0×81A6FA13
MEMO_VALUE:: 6A 18 68 40 FE 83 81 E8 09 74

SERVICE NUMBER: 64
ServiceFunciton: NtCreateKey
File_SDT_Addr: 0×8199976A
FILE_VALUE:: 8B FF 55 8B EC 51 51 64 A1 24 01 00 00 83 65 FC 00 80 B8 E7
Memory_SDT_Addr: 0×8199976A
MEMO_VALUE:: 8B FF 55 8B EC 51 51 64 A1 24

SERVICE NUMBER: 65
ServiceFunciton: NtCreateKeyTransacted
File_SDT_Addr: 0×81A270EE
FILE_VALUE:: 8B FF 55 8B EC 51 51 64 A1 24 01 00 00 8A 80 E7 00 00 00 6A
Memory_SDT_Addr: 0×81A270EE
MEMO_VALUE:: 8B FF 55 8B EC 51 51 64 A1 24

SERVICE NUMBER: 66
ServiceFunciton: NtCreateMailslotFile
File_SDT_Addr: 0×819955A3
FILE_VALUE:: 6A 24 68 E0 CE 43 00 E8 79 18 EC FF 8B 45 24 33 D2 3B C2 74
Memory_SDT_Addr: 0×819955A3
MEMO_VALUE:: 6A 24 68 E0 CE 83 81 E8 79 18

SERVICE NUMBER: 67
ServiceFunciton: NtCreateMutant
File_SDT_Addr: 0×81A1665B
FILE_VALUE:: 6A 1C 68 B8 CF 43 00 E8 C1 07 E4 FF 64 A1 24 01 00 00 8A 80
Memory_SDT_Addr: 0×81A1665B
MEMO_VALUE:: 6A 1C 68 B8 CF 83 81 E8 C1 07

SERVICE NUMBER: 68
ServiceFunciton: NtCreateNamedPipeFile
File_SDT_Addr: 0×81A0C4B1
FILE_VALUE:: 6A 34 68 00 CF 43 00 E8 6B A9 E4 FF 8B 45 3C 33 DB 3B C3 74
Memory_SDT_Addr: 0×81A0C4B1
MEMO_VALUE:: 6A 34 68 00 CF 83 81 E8 6B A9

SERVICE NUMBER: 69
ServiceFunciton: NtCreatePrivateNamespace
File_SDT_Addr: 0×819565C1
FILE_VALUE:: 6A 20 68 E0 1C 44 00 E8 5B 08 F0 FF 64 A1 24 01 00 00 8A 80
Memory_SDT_Addr: 0×8 19565C1
MEMO_VALUE:: 6A 20 68 E0 1C 84 81 E8 5B 08

SERVICE NUMBER: 70
ServiceFunciton: NtCreatePagingFile
File_SDT_Addr: 0×81942905
FILE_VALUE:: 68 CC 00 00 00 68 B8 03 44 00 E8 14 45 F1 FF 33 DB 89 5D E4
Memory_SDT_Addr: 0×81942905
MEMO_VALUE:: 68 CC 00 00 00 68 B8 03 84 81

SERVICE NUMBER: 71
ServiceFunciton: NtCreatePort
File_SDT_Addr: 0×819671A3
FILE_VALUE:: 8B FF 55 8B EC 64 A1 24 01 00 00 66 FF 88 80 00 00 00 57 6A
Memory_SDT_Addr: 0×819671A3
MEMO_VALUE:: 8B FF 55 8B EC 64 A1 24 01 00

SERVICE NUMBER: 72
ServiceFunciton: NtCreateProcess
File_SDT_Addr: 0×81A6BBD4
FILE_VALUE:: 8B FF 55 8B EC 33 C0 F6 45 1C 01 74 01 40 F6 45 20 01 74 03
Memory_SDT_Addr: 0×81A6BBD4
MEMO_VALUE:: 8B FF 55 8B EC 33 C0 F6 45 1C

SERVICE NUMBER: 73
ServiceFunciton: NtCreateProcessEx
File_SDT_Addr: 0×81A6BC1F
FILE_VALUE:: 6A 0C 68 58 21 44 00 E8 FD B1 DE FF 83 7D 14 00 75 07 B8 0D
Memory_SDT_Addr: 0×81A6BC1F
MEMO_VALUE:: 6A 0C 68 58 21 84 81 E8 FD B1

SERVICE NUMBER: 74
ServiceFunciton: NtCreateProfile
File_SDT_Addr: 0×81A97923
FILE_VALUE:: 6A 38 68 18 E1 43 00 E8 F9 F4 DB FF 33 DB 89 5D E0 8B 75 20
Memory_SDT_Addr: 0×81A97923
MEMO_VALUE:: 6A 38 68 18 E1 83 81 E8 F9 F4

SERVICE NUMBER: 75
ServiceFunciton: NtCreateSection
File_SDT_Addr: 0×81A034AD
FILE_VALUE:: 6A 2C 68 30 D6 43 00 E8 6F 39 E5 FF 8B 55 1C 8B CA B8 00 00
Memory_SDT_Addr: 0×81A034AD
MEMO_VALUE:: 6A 2C 68 30 D6 83 81 E8 6F 39

SERVICE NUMBER: 76
ServiceFunciton: NtCreateSemaphore
File_SDT_Addr: 0×81A12BE2
FILE_VALUE:: 6A 1C 68 08 D0 43 00 E8 3A 42 E4 FF 64 A1 24 01 00 00 8A 80
Memory_SDT_Addr: 0×81A12BE2
MEMO_VALUE:: 6A 1C 68 08 D0 83 81 E8 3A 42

SERVICE NUMBER: 77
ServiceFunciton: NtCreateSymbolicLinkObject
File_SDT_Addr: 0×8196BE11
FILE_VALUE:: 6A 30 68 88 EA 43 00 E8 0B B0 EE FF 33 F6 89 75 DC 64 A1 24
Memory_SDT_Addr: 0×8196BE11
MEMO_VALUE:: 6A 30 68 88 EA 83 81 E8 0B B0

SERVICE NUMBER: 78
ServiceFunciton: NtCreateThread
File_SDT_Addr: 0×81A6BA13
FILE_VALUE:: 68 08 03 00 00 68 B0 D9 43 00 E8 AE B3 DE FF 8B 45 08 89 85
Memory_SDT_Addr: 0×81A6BA13
MEMO_VALUE:: 68 08 03 00 00 68 B0 D9 83 81

SERVICE NUMBER: 79
ServiceFunciton: NtCreateTimer
File_SDT_Addr: 0×8199B5E1
FILE_VALUE:: 6A 1C 68 60 EB 43 00 E8 3B B8 EB FF 33 DB 39 5D 14 74 10 83
Memory_SDT_Addr: 0×8199B5E1
MEMO_VALUE:: 6A 1C 68 60 EB 83 81 E8 3B B8

SERVICE NUMBER: 80
ServiceFunciton: NtCreateToken
File_SDT_Addr: 0×819946DF
FILE_VALUE:: 68 AC 00 00 00 68 60 1C 44 00 E8 E2 26 EC FF 8B 55 08 89 95
Memory_SDT_Addr: 0×819946DF
MEMO_VALUE:: 68 AC 00 00 00 68 60 1C 84 81

SERVICE NUMBER: 81
ServiceFunciton: NtCreateTransaction
File_SDT_Addr: 0×8197869A
FILE_VALUE:: 68 80 00 00 00 68 F0 2B 44 00 E8 27 E7 ED FF 8B 4D 08 89 4D
Memory_SDT_Addr: 0×8197869A
MEMO_VALUE:: 68 80 00 00 00 68 F0 2B 84 81

SERVICE NUMBER: 82
ServiceFunciton: NtOpenTransaction
File_SDT_Addr: 0×81941645
FILE_VALUE:: 6A 5C 68 F0 E5 43 00 E8 7F 57 F1 FF 8B 75 08 89 75 A4 8B 45
Memory_SDT_Addr: 0×81941645
MEMO_VALUE:: 6A 5C 68 F0 E5 83 81 E8 7F 57

SERVICE NUMBER: 83
ServiceFunciton: NtQueryInformationTransaction
File_SDT_Addr: 0×81A7F764
FILE_VALUE:: 68 D8 00 00 00 68 80 E5 43 00 E8 5D 76 DD FF 8B 7D 08 8B 55
Memory_SDT_Addr: 0×81A7F764
MEMO_VALUE:: 68 D8 00 00 00 68 80 E5 83 81

SERVICE NUMBER: 84
ServiceFunciton: NtQueryInformationTransactionManager
File_SDT_Addr: 0×81941DFE
FILE_VALUE:: 68 E8 00 00 00 68 E0 E3 43 00 E8 C3 4F F1 FF 8B 45 08 89 85
Memory_SDT_Addr: 0×81941DFE
MEMO_VALUE:: 68 E8 00 00 00 68 E0 E3 83 81

SERVICE NUMBER: 85
ServiceFunciton: NtPrePrepareEnlistment
File_SDT_Addr: 0×81A802EA
FILE_VALUE:: 6A 1C 68 B0 2B 44 00 E8 32 6B DD FF 8B 4D 0C 89 4D E4 64 A1
Memory_SDT_Addr: 0×81A802EA
MEMO_VALUE:: 6A 1C 68 B0 2B 84 81 E8 32 6B

SERVICE NUMBER: 86
ServiceFunciton: NtPrepareEnlistment
File_SDT_Addr: 0×81A80229
FILE_VALUE:: 6A 1C 68 D0 2B 44 00 E8 F3 6B DD FF 8B 4D 0C 89 4D E4 64 A1
Memory_SDT_Addr: 0×81A80229
MEMO_VALUE:: 6A 1C 68 D0 2B 84 81 E8 F3 6B

SERVICE NUMBER: 87
ServiceFunciton: NtCommitEnlistment
File_SDT_Addr: 0×81A803AB
FIL E_VALUE:: 6A 1C 68 90 2B 44 00 E8 71 6A DD FF 8B 4D 0C 89 4D E4 64 A1
Memory_SDT_Addr: 0×81A803AB
MEMO_VALUE:: 6A 1C 68 90 2B 84 81 E8 71 6A

SERVICE NUMBER: 88
ServiceFunciton: NtReadOnlyEnlistment
File_SDT_Addr: 0×81A80842
FILE_VALUE:: 6A 1C 68 F0 2A 44 00 E8 DA 65 DD FF 8B 4D 0C 89 4D E4 64 A1
Memory_SDT_Addr: 0×81A80842
MEMO_VALUE:: 6A 1C 68 F0 2A 84 81 E8 DA 65

SERVICE NUMBER: 89
ServiceFunciton: NtRollbackComplete
File_SDT_Addr: 0×81A80901
FILE_VALUE:: 6A 1C 68 C8 0F 44 00 E8 1B 65 DD FF 8B 4D 0C 89 4D E4 64 A1
Memory_SDT_Addr: 0×81A80901
MEMO_VALUE:: 6A 1C 68 C8 0F 84 81 E8 1B 65

SERVICE NUMBER: 90
ServiceFunciton: NtRollbackEnlistment
File_SDT_Addr: 0×81A8046C
FILE_VALUE:: 6A 1C 68 E8 0F 44 00 E8 B0 69 DD FF 8B 4D 0C 89 4D E4 64 A1
Memory_SDT_Addr: 0×81A8046C
MEMO_VALUE:: 6A 1C 68 E8 0F 84 81 E8 B0 69

SERVICE NUMBER: 91
ServiceFunciton: NtCommitTransaction
File_SDT_Addr: 0×8197CC14
FILE_VALUE:: 8B FF 55 8B EC 51 51 80 7D 0C 00 64 A1 24 01 00 00 8A 80 E7
Memory_SDT_Addr: 0×8197CC14
MEMO_VALUE:: 8B FF 55 8B EC 51 51 80 7D 0C

SERVICE NUMBER: 92
ServiceFunciton: NtRollbackTransaction
File_SDT_Addr: 0×81A7FC7C
FILE_VALUE:: 8B FF 55 8B EC 51 51 80 7D 0C 00 64 A1 24 01 00 00 8A 80 E7
Memory_SDT_Addr: 0×81A7FC7C
MEMO_VALUE:: 8B FF 55 8B EC 51 51 80 7D 0C

SERVICE NUMBER: 93
ServiceFunciton: NtPrePrepareComplete
File_SDT_Addr: 0×81A805EE
FILE_VALUE:: 6A 1C 68 50 2B 44 00 E8 2E 68 DD FF 8B 4D 0C 89 4D E4 64 A1
Memory_SDT_Addr: 0×81A805EE
MEMO_VALUE:: 6A 1C 68 50 2B 84 81 E8 2E 68

SERVICE NUMBER: 94
ServiceFunciton: NtPrepareComplete
File_SDT_Addr: 0×81A8052D
FILE_VALUE:: 6A 1C 68 70 2B 44 00 E8 EF 68 DD FF 8B 4D 0C 89 4D E4 64 A1
Memory_SDT_Addr: 0×81A8052D
MEMO_VALUE:: 6A 1C 68 70 2B 84 81 E8 EF 68

SERVICE NUMBER: 95
ServiceFunciton: NtCommitComplete
File_SDT_Addr: 0×81A806AF
FILE_VALUE:: 6A 1C 68 30 2B 44 00 E8 6D 67 DD FF 8B 4D 0C 89 4D E4 64 A1
Memory_SDT_Addr: 0×81A806AF
MEMO_VALUE:: 6A 1C 68 30 2B 84 81 E8 6D 67

SERVICE NUMBER: 96
ServiceFunciton: NtSinglePhaseReject
File_SDT_Addr: 0×81A80783
FILE_VALUE:: 6A 1C 68 10 2B 44 00 E8 99 66 DD FF 8B 4D 0C 89 4D E4 64 A1
Memory_SDT_Addr: 0×81A80783
MEMO_VALUE:: 6A 1C 68 10 2B 84 81 E8 99 66

SERVICE NUMBER: 97
ServiceFunciton: NtSetInformationTransaction
File_SDT_Addr: 0×81A7FCE5
FILE_VALUE:: 6A 1C 68 58 2D 44 00 E8 37 71 DD FF 33 FF 89 7D E4 8B 5D 0C
Memory_SDT_Addr: 0×81A7FCE5
MEMO_VALUE:: 6A 1C 68 58 2D 84 81 E8 37 71

SERVICE NUMBER: 98
ServiceFunciton: NtSetInformationTransactionManager
File_SDT_Addr: 0×81A811F1
FILE_VALUE:: 6A 0C 68 C0 E3 43 00 E8 2B 5C DD FF 83 7D 0C 03 74 07 B8 03
Memory_SDT_Addr: 0×81A811F1
MEMO_VALUE:: 6A 0C 68 C0 E3 83 81 E8 2B 5C

SERVICE NUMBER: 99
ServiceFunciton: NtSetInformationResourceManager
File_SDT_Addr: 0×81A80D16
FILE_VALUE:: 6A 20 68 38 E4 43 00 E8 06 61 DD FF 33 DB 89 5D E4 8B 55 10
Memory_SDT_Addr: 0×81A80D16
MEMO_VALUE:: 6A 20 68 38 E4 83 81 E8 06 61

SERVICE NUMBER: 100
ServiceFunciton: NtCreateTransactionManager
File_SDT_Addr: 0×81940C17
FILE_VALUE:: 6A 34 68 E0 2D 44 00 E8 05 62 F1 FF 33 DB 89 5D E4 89 5D E0
Memory_SDT_Addr: 0×81940C17
MEMO_VALUE:: 6A 34 68 E0 2D 84 81 E8 05 62

SERVICE NUMBER: 101
ServiceFunciton: NtOpenTransactionManager
File_SDT_Addr: 0×81A80EB7
FILE_VALUE:: 6A 6C 68 70 0F 44 00 E8 0D 5F DD FF 8B 55 08 89 55 A4 8B 7D
Memory_SDT_Addr: 0×81A80EB7
MEMO_VALUE:: 6A 6C 68 70 0F 84 81 E8 0D 5F

SERVICE NUMBER: 102
ServiceFunciton: NtRollforwardTransactionManager
File_SDT_Addr: 0×81A81126
FILE_VALUE:: 6A 1C 68 40 1C 44 00 E8 F6 5C DD FF 8B 4D 0C 89 4D E4 64 A1
Memory_SDT_Addr: 0×81A81126
MEMO_VALUE:: 6A 1C 68 40 1C 84 81 E8 F6 5C

SERVICE NUMBER: 103
ServiceFunciton: NtRecoverEnlistment
File_SDT_Addr: 0×81A7FE49
FILE_VALUE:: 8B FF 55 8B EC 51 51 64 A1 24 01 00 00 8A 80 E7 00 00 00 6A
Memory_SDT_Addr: 0×81A7FE49
MEMO_VALUE:: 8B FF 55 8B EC 51 51 64 A1 24

SERVICE NUMBER: 104
ServiceFunciton: NtRecoverResourceManager
File_SDT_Addr: 0×81941C40
FILE_VALUE:: 8B FF 55 8B EC 51 51 64 A1 24 01 00 00 8A 80 E7 00 00 00 56
M emory_SDT_Addr: 0×81941C40
MEMO_VALUE:: 8B FF 55 8B EC 51 51 64 A1 24

SERVICE NUMBER: 105
ServiceFunciton: NtRecoverTransactionManager
File_SDT_Addr: 0×819414A6
FILE_VALUE:: 8B FF 55 8B EC 51 51 64 A1 24 01 00 00 8A 80 E7 00 00 00 56
Memory_SDT_Addr: 0×819414A6
MEMO_VALUE:: 8B FF 55 8B EC 51 51 64 A1 24

SERVICE NUMBER: 106
ServiceFunciton: NtCreateResourceManager
File_SDT_Addr: 0×81974E95
FILE_VALUE:: 6A 5C 68 D8 FA 43 00 E8 2F 1F EE FF 8B 75 08 89 75 B4 8B 45
Memory_SDT_Addr: 0×81974E95
MEMO_VALUE:: 6A 5C 68 D8 FA 83 81 E8 2F 1F

SERVICE NUMBER: 107
ServiceFunciton: NtOpenResourceManager
File_SDT_Addr: 0×819442C7
FILE_VALUE:: 6A 44 68 B0 E4 43 00 E8 FD 2A F1 FF 8B 75 08 89 75 BC 8B 5D
Memory_SDT_Addr: 0×819442C7
MEMO_VALUE:: 6A 44 68 B0 E4 83 81 E8 FD 2A

SERVICE NUMBER: 108
ServiceFunciton: NtGetNotificationResourceManager
File_SDT_Addr: 0×81A809D0
FILE_VALUE:: 6A 20 68 A8 0F 44 00 E8 4C 64 DD FF 33 DB 89 5D E4 64 A1 24
Memory_SDT_Addr: 0×81A809D0
MEMO_VALUE:: 6A 20 68 A8 0F 84 81 E8 4C 64

SERVICE NUMBER: 109
ServiceFunciton: NtQueryInformationResourceManager
File_SDT_Addr: 0×81A80AE7
FILE_VALUE:: 6A 5C 68 60 E4 43 00 E8 DD 62 DD FF 8B 5D 08 8B 45 10 89 45
Memory_SDT_Addr: 0×81A80AE7
MEMO_VALUE:: 6A 5C 68 60 E4 83 81 E8 DD 62

SERVICE NUMBER: 110
ServiceFunciton: NtCreateEnlistment
File_SDT_Addr: 0×81978B93
FILE_VALUE:: 6A 1C 68 38 2E 44 00 E8 89 E2 ED FF 83 65 D4 00 33 C0 64 8B
Memory_SDT_Addr: 0×81978B93
MEMO_VALUE:: 6A 1C 68 38 2E 84 81 E8 89 E2

SERVICE NUMBER: 111
ServiceFunciton: NtOpenEnlistment
File_SDT_Addr: 0×8194446C
FILE_VALUE:: 6A 54 68 20 E5 43 00 E8 58 29 F1 FF 8B 5D 08 89 5D B8 8B 45
Memory_SDT_Addr: 0×8194446C
MEMO_VALUE:: 6A 54 68 20 E5 83 81 E8 58 29

SERVICE NUMBER: 112
ServiceFunciton: NtSetInformationEnlistment
File_SDT_Addr: 0×81A8008C
FILE_VALUE:: 6A 20 68 10 FB 43 00 E8 90 6D DD FF 33 DB 89 5D E0 89 5D DC
Memory_SDT_Addr: 0×81A8008C
MEMO_VALUE:: 6A 20 68 10 FB 83 81 E8 90 6D

SERVICE NUMBER: 113
ServiceFunciton: NtQueryInformationEnlistment
File_SDT_Addr: 0×81A7FEA5
FILE_VALUE:: 6A 5C 68 E8 E4 43 00 E8 1F 6F DD FF 8B 5D 08 8B 7D 10 89 7D
Memory_SDT_Addr: 0×81A7FEA5
MEMO_VALUE:: 6A 5C 68 E8 E4 83 81 E8 1F 6F

SERVICE NUMBER: 114
ServiceFunciton: NtStartTm
File_SDT_Addr: 0×81A7F74A
FILE_VALUE:: 33 C0 C3 CC CC CC CC CC 90 90 CC CC CC CC CC CC CC CC CC CC
Memory_SDT_Addr: 0×81A7F74A
MEMO_VALUE:: 33 C0 C3 CC CC CC CC CC 90 90

SERVICE NUMBER: 115
ServiceFunciton: NtCreateWaitablePort
File_SDT_Addr: 0×81956CA0
FILE_VALUE:: 8B FF 55 8B EC 64 A1 24 01 00 00 66 FF 88 80 00 00 00 56 6A
Memory_SDT_Addr: 0×81956CA0
MEMO_VALUE:: 8B FF 55 8B EC 64 A1 24 01 00

SERVICE NUMBER: 116
ServiceFunciton: NtDebugActiveProcess
File_SDT_Addr: 0×81A3BDEC
FILE_VALUE:: 8B FF 55 8B EC 83 EC 10 64 A1 24 01 00 00 53 8A 98 E7 00 00
Memory_SDT_Addr: 0×81A3BDEC
MEMO_VALUE:: 8B FF 55 8B EC 83 EC 10 64 A1

SERVICE NUMBER: 117
ServiceFunciton: NtDebugContinue
File_SDT_Addr: 0×81A3C444
FILE_VALUE:: 6A 1C 68 B8 18 44 00 E8 D8 A9 E1 FF 64 A1 24 01 00 00 8A 80
Memory_SDT_Addr: 0×81A3C444
MEMO_VALUE:: 6A 1C 68 B8 18 84 81 E8 D8 A9

SERVICE NUMBER: 118
ServiceFunciton: NtDelayExecution
File_SDT_Addr: 0×81A23C83
FILE_VALUE:: 6A 18 68 30 C2 43 00 E8 99 31 E3 FF 64 A1 24 01 00 00 8A 80
Memory_SDT_Addr: 0×81A23C83
MEMO_VALUE:: 6A 18 68 30 C2 83 81 E8 99 31

SERVICE NUMBER: 119
ServiceFunciton: NtDeleteAtom
File_SDT_Addr: 0×819AAE71
FILE_VALUE:: 8B FF 55 8B EC FF 15 90 AB 4E 00 85 C0 75 07 B8 22 00 00 C0
Memory_SDT_Addr: 0×819AAE71
MEMO_VALUE:: 8B FF 55 8B EC FF 15 90 AB 8E

SERVICE NUMBER: 120
ServiceFunciton: NtDeleteBootEntry
File_SDT_Addr: 0×81A9294B
FILE_VALUE:: 8B FF 55 8B EC 83 E4 F8 83 EC 24 A1 40 C6 4E 00 33 C4 89 44
Memory_SDT_Addr: 0×81A9294B
MEMO_VALUE:: 8B FF 55 8B EC 83 E4 F8 83 EC

SERVICE NUMBER: 121
ServiceFunciton: NtDeleteDriverEntry
File_SDT_Addr: 0×81A93BEF
FILE_VALUE:: 8B FF 55 8B EC 83 E4 F8 83 EC 24 A1 40 C6 4E 00 33 C4 89 44
Memory_SDT_Addr: 0×81A93BEF
MEMO_VALUE:: 8B FF 55 8B EC 83 E4 F8 83 EC

SERVICE NUMBER: 122
ServiceFunci ton: NtDeleteFile
File_SDT_Addr: 0×819633E1
FILE_VALUE:: 8B FF 55 8B EC 83 E4 F8 81 EC 20 01 00 00 A1 40 C6 4E 00 33
Memory_SDT_Addr: 0×819633E1
MEMO_VALUE:: 8B FF 55 8B EC 83 E4 F8 81 EC

SERVICE NUMBER: 123
ServiceFunciton: NtDeleteKey
File_SDT_Addr: 0×81997F27
FILE_VALUE:: 8B FF 55 8B EC 83 E4 F8 83 EC 4C 53 33 C9 33 C0 56 57 89 4C
Memory_SDT_Addr: 0×81997F27
MEMO_VALUE:: 8B FF 55 8B EC 83 E4 F8 83 EC

SERVICE NUMBER: 124
ServiceFunciton: NtDeletePrivateNamespace
File_SDT_Addr: 0×81A6436B
FILE_VALUE:: 8B FF 55 8B EC 83 EC 10 64 A1 24 01 00 00 8A 80 E7 00 00 00
Memory_SDT_Addr: 0×81A6436B
MEMO_VALUE:: 8B FF 55 8B EC 83 EC 10 64 A1

SERVICE NUMBER: 125
ServiceFunciton: NtDeleteObjectAuditAlarm
File_SDT_Addr: 0×81A7CBEF
FILE_VALUE:: 6A 28 68 18 11 44 00 E8 2D A2 DD FF 33 DB 89 5D E4 64 A1 24
Memory_SDT_Addr: 0×81A7CBEF
MEMO_VALUE:: 6A 28 68 18 11 84 81 E8 2D A2

SERVICE NUMBER: 126
ServiceFunciton: NtDeleteValueKey
File_SDT_Addr: 0×8199A814
FILE_VALUE:: 6A 70 68 38 30 44 00 E8 08 C6 EB FF 33 C9 66 89 4D B8 33 C0
Memory_SDT_Addr: 0×8199A814
MEMO_VALUE:: 6A 70 68 38 30 84 81 E8 08 C6

SERVICE NUMBER: 127
ServiceFunciton: NtDeviceIoControlFile
File_SDT_Addr: 0×81A20A94
FILE_VALUE:: 8B FF 55 8B EC 6A 01 FF 75 2C FF 75 28 FF 75 24 FF 75 20 FF
Memory_SDT_Addr: 0×81A20A94
MEMO_VALUE:: 8B FF 55 8B EC 6A 01 FF 75 2C

SERVICE NUMBER: 128
ServiceFunciton: NtDisplayString
File_SDT_Addr: 0×81942244
FILE_VALUE:: 6A 24 68 D0 F7 43 00 E8 D8 4B F1 FF 33 DB 64 A1 24 01 00 00
Memory_SDT_Addr: 0×81942244
MEMO_VALUE:: 6A 24 68 D0 F7 83 81 E8 D8 4B

SERVICE NUMBER: 129
ServiceFunciton: NtDuplicateObject
File_SDT_Addr: 0×81A12994
FILE_VALUE:: 6A 20 68 60 EA 43 00 E8 88 44 E4 FF 33 DB 89 5D DC 64 A1 24
Memory_SDT_Addr: 0×81A12994
MEMO_VALUE:: 6A 20 68 60 EA 83 81 E8 88 44

SERVICE NUMBER: 130
ServiceFunciton: NtDuplicateToken
File_SDT_Addr: 0×819BA810
FILE_VALUE:: 6A 40 68 88 12 44 00 E8 0C C6 E9 FF C6 45 E7 00 83 65 D4 00
Memory_SDT_Addr: 0×819BA810
MEMO_VALUE:: 6A 40 68 88 12 84 81 E8 0C C6

SERVICE NUMBER: 131
ServiceFunciton: NtEnumerateBootEntries
File_SDT_Addr: 0×81A92B4C
FILE_VALUE:: 6A 68 68 A0 1A 44 00 E8 D0 42 DC FF 33 DB 89 5D DC 83 3D 70
Memory_SDT_Addr: 0×81A92B4C
MEMO_VALUE:: 6A 68 68 A0 1A 84 81 E8 D0 42

SERVICE NUMBER: 132
ServiceFunciton: NtEnumerateDriverEntries
File_SDT_Addr: 0×81A93DEE
FILE_VALUE:: 6A 58 68 28 1A 44 00 E8 2E 30 DC FF 33 FF 89 7D D8 83 3D 70
Memory_SDT_Addr: 0×81A93DEE
MEMO_VALUE:: 6A 58 68 28 1A 84 81 E8 2E 30

SERVICE NUMBER: 133
ServiceFunciton: NtEnumerateKey
File_SDT_Addr: 0×819F0F94
FILE_VALUE:: 6A 60 68 18 30 44 00 E8 88 5E E6 FF 33 DB 89 5D 90 6A 08 59
Memory_SDT_Addr: 0×819F0F94
MEMO_VALUE:: 6A 60 68 18 30 84 81 E8 88 5E

SERVICE NUMBER: 134
ServiceFunciton: NtEnumerateSystemEnvironmentValuesEx
File_SDT_Addr: 0×81A9271B
FILE_VALUE:: 6A 20 68 C8 1A 44 00 E8 01 47 DC FF 83 3D 70 57 4F 00 02 74
Memory_SDT_Addr: 0×81A9271B
MEMO_VALUE:: 6A 20 68 C8 1A 84 81 E8 01 47

SERVICE NUMBER: 135
ServiceFunciton: NtEnumerateTransactionObject
File_SDT_Addr: 0×818CFB83
FILE_VALUE:: 6A 54 68 58 E5 43 00 E8 41 72 F8 FF 8B 45 08 89 45 B0 8B 5D
Memory_SDT_Addr: 0×818CFB83
MEMO_VALUE:: 6A 54 68 58 E5 83 81 E8 41 72

SERVICE NUMBER: 136
ServiceFunciton: NtEnumerateValueKey
File_SDT_Addr: 0×81A0CEB9
FILE_VALUE:: 6A 5C 68 78 31 44 00 E8 63 9F E4 FF 33 DB 89 5D 94 6A 08 59
Memory_SDT_Addr: 0×81A0CEB9
MEMO_VALUE:: 6A 5C 68 78 31 84 81 E8 63 9F

SERVICE NUMBER: 137
ServiceFunciton: NtExtendSection
File_SDT_Addr: 0×81A5CD7D
FILE_VALUE:: 6A 1C 68 E8 DE 43 00 E8 9F A0 DF FF 64 A1 24 01 00 00 8A 80
Memory_SDT_Addr: 0×81A5CD7D
MEMO_VALUE:: 6A 1C 68 E8 DE 83 81 E8 9F A0

SERVICE NUMBER: 138
ServiceFunciton: NtFilterToken
File_SDT_Addr: 0×8199C1E5
FILE_VALUE:: 6A 54 68 00 FD 43 00 E8 37 AC EB FF 33 DB 89 5D E0 89 5D D4
Memory_SDT_Addr: 0×8199C1E5
MEMO_VALUE:: 6A 54 68 00 FD 83 81 E8 37 AC

SERVICE NUMBER: 139
ServiceFunciton: NtFindAtom
File_SDT_Addr: 0×8199C69C
FILE_VALUE:: 68 1C 02 00 00 68 50 F5 43 00 E8 7D A7 EB FF FF 15 90 AB 4E
Memory_SDT_Add r: 0×8199C69C
MEMO_VALUE:: 68 1C 02 00 00 68 50 F5 83 81

SERVICE NUMBER: 140
ServiceFunciton: NtFlushBuffersFile
File_SDT_Addr: 0×81A09B13
FILE_VALUE:: 6A 2C 68 B8 07 44 00 E8 09 D3 E4 FF 64 A1 24 01 00 00 89 45
Memory_SDT_Addr: 0×81A09B13
MEMO_VALUE:: 6A 2C 68 B8 07 84 81 E8 09 D3

SERVICE NUMBER: 141
ServiceFunciton: NtFlushInstructionCache
File_SDT_Addr: 0×819A910C
FILE_VALUE:: 6A 50 68 98 DE 43 00 E8 10 DD EA FF 64 A1 24 01 00 00 8A 80
Memory_SDT_Addr: 0×819A910C
MEMO_VALUE:: 6A 50 68 98 DE 83 81 E8 10 DD

SERVICE NUMBER: 142
ServiceFunciton: NtFlushKey
File_SDT_Addr: 0×8196BBF9
FILE_VALUE:: 8B FF 55 8B EC 83 E4 F8 83 EC 34 53 33 C0 33 DB 56 57 89 5C
Memory_SDT_Addr: 0×8196BBF9
MEMO_VALUE:: 8B FF 55 8B EC 83 E4 F8 83 EC

SERVICE NUMBER: 143
ServiceFunciton: NtFlushProcessWriteBuffers
File_SDT_Addr: 0×81822390
FILE_VALUE:: 6A 00 E8 B7 FD FF FF C3 90 90 90 90 90 8B FF 55 8B EC 51 51
Memory_SDT_Addr: 0×81822390
MEMO_VALUE:: 6A 00 E8 B7 FD FF FF C3 90 90

SERVICE NUMBER: 144
ServiceFunciton: NtFlushVirtualMemory
File_SDT_Addr: 0×81A05268
FILE_VALUE:: 6A 24 68 98 F3 43 00 E8 B4 1B E5 FF 64 A1 24 01 00 00 8A 80
Memory_SDT_Addr: 0×81A05268
MEMO_VALUE:: 6A 24 68 98 F3 83 81 E8 B4 1B

SERVICE NUMBER: 145
ServiceFunciton: NtFlushWriteBuffer
File_SDT_Addr: 0×81A60578
FILE_VALUE:: FF 15 3C 10 40 00 33 C0 C3 CC CC CC CC CC 90 90 CC CC CC CC
Memory_SDT_Addr: 0×81A60578
MEMO_VALUE:: FF 15 3C 10 80 81 33 C0 C3 CC

SERVICE NUMBER: 146
ServiceFunciton: NtFreeUserPhysicalPages
File_SDT_Addr: 0×81A5FCA2
FILE_VALUE:: 68 0C 02 00 00 68 90 03 44 00 E8 77 71 DF FF 64 A1 24 01 00
Memory_SDT_Addr: 0×81A5FCA2
MEMO_VALUE:: 68 0C 02 00 00 68 90 03 84 81

SERVICE NUMBER: 147
ServiceFunciton: NtFreeVirtualMemory
File_SDT_Addr: 0×818777C3
FILE_VALUE:: 6A 68 68 F8 03 44 00 E8 59 F6 FD FF 8B 4D 14 F7 C1 FF 3F FF
Memory_SDT_Addr: 0×818777C3
MEMO_VALUE:: 6A 68 68 F8 03 84 81 E8 59 F6

SERVICE NUMBER: 148
ServiceFunciton: NtFreezeRegistry
File_SDT_Addr: 0×818A4084
FILE_VALUE:: 8B FF 55 8B EC 83 E4 F8 51 51 81 7D 08 84 03 00 00 76 07 B8
Memory_SDT_Addr: 0×818A4084
MEMO_VALUE:: 8B FF 55 8B EC 83 E4 F8 51 51

SERVICE NUMBER: 149
ServiceFunciton: NtFreezeTransactions
File_SDT_Addr: 0×818CFD8B
FILE_VALUE:: 6A 28 68 48 FB 43 00 E8 91 70 F8 FF 83 65 E4 00 8B 75 08 89
Memory_SDT_Addr: 0×818CFD8B
MEMO_VALUE:: 6A 28 68 48 FB 83 81 E8 91 70

SERVICE NUMBER: 150
ServiceFunciton: NtFsControlFile
File_SDT_Addr: 0×819B8BAB
FILE_VALUE:: 8B FF 55 8B EC 6A 00 FF 75 2C FF 75 28 FF 75 24 FF 75 20 FF
Memory_SDT_Addr: 0×819B8BAB
MEMO_VALUE:: 8B FF 55 8B EC 6A 00 FF 75 2C

SERVICE NUMBER: 151
ServiceFunciton: NtGetContextThread
File_SDT_Addr: 0×81A25840
FILE_VALUE:: 8B FF 55 8B EC 51 51 64 A1 24 01 00 00 8A 80 E7 00 00 00 56
Memory_SDT_Addr: 0×81A25840
MEMO_VALUE:: 8B FF 55 8B EC 51 51 64 A1 24

SERVICE NUMBER: 152
ServiceFunciton: NtGetDevicePowerState
File_SDT_Addr: 0×81A684A7
FILE_VALUE:: 6A 20 68 B8 1C 44 00 E8 75 E9 DE FF 64 A1 24 01 00 00 8A 80
Memory_SDT_Addr: 0×81A684A7
MEMO_VALUE:: 6A 20 68 B8 1C 84 81 E8 75 E9

SERVICE NUMBER: 153
ServiceFunciton: NtGetNlsSectionPtr
File_SDT_Addr: 0×81988109
FILE_VALUE:: 68 C8 01 00 00 68 B0 ED 43 00 E8 B8 EC EC FF 8B 55 10 8B 7D
Memory_SDT_Addr: 0×81988109
MEMO_VALUE:: 68 C8 01 00 00 68 B0 ED 83 81

SERVICE NUMBER: 154
ServiceFunciton: NtGetPlugPlayEvent
File_SDT_Addr: 0×819A10EC
FILE_VALUE:: 8B FF 55 8B EC 83 E4 F8 64 A1 24 01 00 00 80 B8 E7 00 00 00
Memory_SDT_Addr: 0×819A10EC
MEMO_VALUE:: 8B FF 55 8B EC 83 E4 F8 64 A1

SERVICE NUMBER: 155
ServiceFunciton: NtGetWriteWatch
File_SDT_Addr: 0×818BDFB0
FILE_VALUE:: 68 04 05 00 00 68 68 03 44 00 E8 69 8E F9 FF 83 A5 04 FF FF
Memory_SDT_Addr: 0×818BDFB0
MEMO_VALUE:: 68 04 05 00 00 68 68 03 84 81

SERVICE NUMBER: 156
ServiceFunciton: NtImpersonateAnonymousToken
File_SDT_Addr: 0×819A854D
FILE_VALUE:: 8B FF 55 8B EC 83 EC 0C 64 A1 24 01 00 00 8A 80 E7 00 00 00
Memory_SDT_Addr: 0×819A854D
MEMO_VALUE:: 8B FF 55 8B EC 83 EC 0C 64 A1

SERVICE NUMBER: 157
ServiceFunciton: NtImpersonateClientOfPort
File_SDT_ Addr: 0×81A22C2F
FILE_VALUE:: 8B FF 55 8B EC 6A 00 FF 75 0C FF 75 08 E8 44 73 FC FF 3D 02
Memory_SDT_Addr: 0×81A22C2F
MEMO_VALUE:: 8B FF 55 8B EC 6A 00 FF 75 0C

SERVICE NUMBER: 158
ServiceFunciton: NtImpersonateThread
File_SDT_Addr: 0×819AF88C
FILE_VALUE:: 6A 68 68 78 EC 43 00 E8 38 75 EA FF 8B 45 08 89 45 98 8B 55
Memory_SDT_Addr: 0×819AF88C
MEMO_VALUE:: 6A 68 68 78 EC 83 81 E8 38 75

SERVICE NUMBER: 159
ServiceFunciton: NtInitializeNlsFiles
File_SDT_Addr: 0×81A19968
FILE_VALUE:: 6A 64 68 D8 0D 44 00 E8 B4 D4 E3 FF 33 DB 89 5D D8 66 C7 45
Memory_SDT_Addr: 0×81A19968
MEMO_VALUE:: 6A 64 68 D8 0D 84 81 E8 B4 D4

SERVICE NUMBER: 160
ServiceFunciton: NtInitializeRegistry
File_SDT_Addr: 0×819632DD
FILE_VALUE:: 8B FF 55 8B EC 83 E4 F8 51 51 64 8B 0D 24 01 00 00 33 C0 40
Memory_SDT_Addr: 0×819632DD
MEMO_VALUE:: 8B FF 55 8B EC 83 E4 F8 51 51

SERVICE NUMBER: 161
ServiceFunciton: NtInitiatePowerAction
File_SDT_Addr: 0×81A68280
FILE_VALUE:: 6A 40 68 68 2C 44 00 E8 9C EB DE FF C7 45 CC 00 D1 97 A6 83
Memory_SDT_Addr: 0×81A68280
MEMO_VALUE:: 6A 40 68 68 2C 84 81 E8 9C EB

SERVICE NUMBER: 162
ServiceFunciton: NtIsProcessInJob
File_SDT_Addr: 0×81A139A4
FILE_VALUE:: 8B FF 55 8B EC 83 EC 0C 83 7D 08 FF 64 A1 24 01 00 00 8A 88
Memory_SDT_Addr: 0×81A139A4
MEMO_VALUE:: 8B FF 55 8B EC 83 EC 0C 83 7D

SERVICE NUMBER: 163
ServiceFunciton: NtIsSystemResumeAutomatic
File_SDT_Addr: 0×81A6848B
FILE_VALUE:: A0 04 11 50 00 24 03 F6 D8 1A C0 FE C0 C3 90 90 90 CC CC CC
Memory_SDT_Addr: 0×81A6848B
MEMO_VALUE:: A0 04 11 90 81 24 03 F6 D8 1A

SERVICE NUMBER: 164
ServiceFunciton: NtListenPort
File_SDT_Addr: 0×81956030
FILE_VALUE:: 6A 0C 68 78 17 44 00 E8 EC 0D F0 FF 33 F6 6A FE 5B 8B 7D 0C
Memory_SDT_Addr: 0×81956030
MEMO_VALUE:: 6A 0C 68 78 17 84 81 E8 EC 0D

SERVICE NUMBER: 165
ServiceFunciton: NtLoadDriver
File_SDT_Addr: 0×81955B8D
FILE_VALUE:: 6A 48 68 50 32 44 00 E8 8F 12 F0 FF 33 DB 89 5D E4 64 8B 3D
Memory_SDT_Addr: 0×81955B8D
MEMO_VALUE:: 6A 48 68 50 32 84 81 E8 8F 12

SERVICE NUMBER: 166
ServiceFunciton: NtLoadKey
File_SDT_Addr: 0×81977EF7
FILE_VALUE:: 8B FF 55 8B EC 33 C0 50 50 50 50 50 50 FF 75 0C FF 75 08 E8
Memory_SDT_Addr: 0×81977EF7
MEMO_VALUE:: 8B FF 55 8B EC 33 C0 50 50 50

SERVICE NUMBER: 167
ServiceFunciton: NtLoadKey2
File_SDT_Addr: 0×81A27CB3
FILE_VALUE:: 8B FF 55 8B EC 51 33 C0 50 50 50 50 50 FF 75 10 FF 75 0C FF
Memory_SDT_Addr: 0×81A27CB3
MEMO_VALUE:: 8B FF 55 8B EC 51 33 C0 50 50

SERVICE NUMBER: 168
ServiceFunciton: NtLoadKeyEx
File_SDT_Addr: 0×819774F6
FILE_VALUE:: 68 F0 00 00 00 68 20 31 44 00 E8 23 F9 ED FF 33 DB 89 5D 88
Memory_SDT_Addr: 0×819774F6
MEMO_VALUE:: 68 F0 00 00 00 68 20 31 84 81

SERVICE NUMBER: 169
ServiceFunciton: NtLockFile
File_SDT_Addr: 0×81A061C7
FILE_VALUE:: 6A 50 68 B8 17 44 00 E8 55 0C E5 FF 33 FF 89 7D E0 64 A1 24
Memory_SDT_Addr: 0×81A061C7
MEMO_VALUE:: 6A 50 68 B8 17 84 81 E8 55 0C

SERVICE NUMBER: 170
ServiceFunciton: NtLockProductActivationKeys
File_SDT_Addr: 0×8198A1FB
FILE_VALUE:: 68 A8 08 00 00 68 D0 EB 43 00 E8 C6 CB EC FF 8B 45 08 89 85
Memory_SDT_Addr: 0×8198A1FB
MEMO_VALUE:: 68 A8 08 00 00 68 D0 EB 83 81

SERVICE NUMBER: 171
ServiceFunciton: NtLockRegistryKey
File_SDT_Addr: 0×8193023D
FILE_VALUE:: 8B FF 55 8B EC 51 64 A1 24 01 00 00 8A 80 E7 00 00 00 84 C0
Memory_SDT_Addr: 0×8193023D
MEMO_VALUE:: 8B FF 55 8B EC 51 64 A1 24 01

SERVICE NUMBER: 172
ServiceFunciton: NtLockVirtualMemory
File_SDT_Addr: 0×81817E25
FILE_VALUE:: 68 84 00 00 00 68 40 03 44 00 E8 F4 EF 03 00 83 65 D8 00 8D
Memory_SDT_Addr: 0×81817E25
MEMO_VALUE:: 68 84 00 00 00 68 40 03 84 81

SERVICE NUMBER: 173
ServiceFunciton: NtMakePermanentObject
File_SDT_Addr: 0×8196C816
FILE_VALUE:: 8B FF 55 8B EC 83 E4 F8 83 EC 10 64 A1 24 01 00 00 8A 80 E7
Memory_SDT_Addr: 0×8196C816
MEMO_VALUE:: 8B FF 55 8B EC 83 E4 F8 83 EC

SERVICE NUMBER: 174
ServiceFunciton: NtMakeTemporaryObject
File_SDT_Addr: 0×8196BB94
FILE_VALUE:: 8B FF 55 8B EC 83 EC 18 64 A1 24 01 00 00 8A 80 E7 00 00 00
Memory_SDT_Addr: 0×8196BB94
MEMO_VALUE:: 8B FF 55 8B EC 83 EC 18 64 A1

SE RVICE NUMBER: 175
ServiceFunciton: NtMapUserPhysicalPages
File_SDT_Addr: 0×81A5EA9C
FILE_VALUE:: 8B FF 55 8B EC B8 B4 10 00 00 E8 A5 75 DF FF 56 8B 75 0C 81
Memory_SDT_Addr: 0×81A5EA9C
MEMO_VALUE:: 8B FF 55 8B EC B8 B4 10 00 00

SERVICE NUMBER: 176
ServiceFunciton: NtMapUserPhysicalPagesScatter
File_SDT_Addr: 0×81A5EF5E
FILE_VALUE:: 8B FF 55 8B EC B8 BC 10 00 00 E8 E3 70 DF FF 57 8B 7D 0C 81
Memory_SDT_Addr: 0×81A5EF5E
MEMO_VALUE:: 8B FF 55 8B EC B8 BC 10 00 00

SERVICE NUMBER: 177
ServiceFunciton: NtMapViewOfSection
File_SDT_Addr: 0×81A0A79B
FILE_VALUE:: 6A 2C 68 10 DF 43 00 E8 81 C6 E4 FF 83 7D 14 15 76 0A B8 F2
Memory_SDT_Addr: 0×81A0A79B
MEMO_VALUE:: 6A 2C 68 10 DF 83 81 E8 81 C6

SERVICE NUMBER: 178
ServiceFunciton: NtModifyBootEntry
File_SDT_Addr: 0×81A92B1B
FILE_VALUE:: 8B FF 55 8B EC 51 83 3D 70 57 4F 00 02 74 07 B8 02 00 00 C0
Memory_SDT_Addr: 0×81A92B1B
MEMO_VALUE:: 8B FF 55 8B EC 51 83 3D 70 57

SERVICE NUMBER: 179
ServiceFunciton: NtModifyDriverEntry
File_SDT_Addr: 0×81A93DBF
FILE_VALUE:: 8B FF 55 8B EC 83 3D 70 57 4F 00 02 74 07 B8 02 00 00 C0 EB
Memory_SDT_Addr: 0×81A93DBF
MEMO_VALUE:: 8B FF 55 8B EC 83 3D 70 57 8F

SERVICE NUMBER: 180
ServiceFunciton: NtNotifyChangeDirectoryFile
File_SDT_Addr: 0×8198FB11
FILE_VALUE:: 6A 34 68 80 DF 43 00 E8 0B 73 EC FF 33 F6 89 75 DC 64 A1 24
Memory_SDT_Addr: 0×8198FB11
MEMO_VALUE:: 6A 34 68 80 DF 83 81 E8 0B 73

SERVICE NUMBER: 181
ServiceFunciton: NtNotifyChangeKey
File_SDT_Addr: 0×819BA66F
FILE_VALUE:: 8B FF 55 8B EC FF 75 2C FF 75 28 FF 75 24 FF 75 20 FF 75 1C
Memory_SDT_Addr: 0×819BA66F
MEMO_VALUE:: 8B FF 55 8B EC FF 75 2C FF 75

SERVICE NUMBER: 182
ServiceFunciton: NtNotifyChangeMultipleKeys
File_SDT_Addr: 0×819B9AE4
FILE_VALUE:: 6A 68 68 58 19 44 00 E8 38 D3 E9 FF 33 DB 89 5D C4 89 5D DC
Memory_SDT_Addr: 0×819B9AE4
MEMO_VALUE:: 6A 68 68 58 19 84 81 E8 38 D3

SERVICE NUMBER: 183
ServiceFunciton: NtOpenDirectoryObject
File_SDT_Addr: 0×819EA18E
FILE_VALUE:: 6A 14 68 90 CE 43 00 E8 8E CC E6 FF 64 A1 24 01 00 00 8A 80
Memory_SDT_Addr: 0×819EA18E
MEMO_VALUE:: 6A 14 68 90 CE 83 81 E8 8E CC

SERVICE NUMBER: 184
ServiceFunciton: NtOpenEvent
File_SDT_Addr: 0×81A0D133
FILE_VALUE:: 6A 14 68 F8 CD 43 00 E8 E9 9C E4 FF 64 A1 24 01 00 00 8A 98
Memory_SDT_Addr: 0×81A0D133
MEMO_VALUE:: 6A 14 68 F8 CD 83 81 E8 E9 9C

SERVICE NUMBER: 185
ServiceFunciton: NtOpenEventPair
File_SDT_Addr: 0×81A973CF
FILE_VALUE:: 6A 14 68 80 CD 43 00 E8 4D FA DB FF 64 A1 24 01 00 00 8A 98
Memory_SDT_Addr: 0×81A973CF
MEMO_VALUE:: 6A 14 68 80 CD 83 81 E8 4D FA

SERVICE NUMBER: 186
ServiceFunciton: NtOpenFile
File_SDT_Addr: 0×81A17A6F
FILE_VALUE:: 8B FF 55 8B EC 33 C0 50 6A 20 50 50 50 50 50 FF 75 1C 6A 01
Memory_SDT_Addr: 0×81A17A6F
MEMO_VALUE:: 8B FF 55 8B EC 33 C0 50 6A 20

SERVICE NUMBER: 187
ServiceFunciton: NtOpenIoCompletion
File_SDT_Addr: 0×81A44DC9
FILE_VALUE:: 6A 14 68 90 CC 43 00 E8 53 20 E1 FF 64 A1 24 01 00 00 8A 98
Memory_SDT_Addr: 0×81A44DC9
MEMO_VALUE:: 6A 14 68 90 CC 83 81 E8 53 20

SERVICE NUMBER: 188
ServiceFunciton: NtOpenJobObject
File_SDT_Addr: 0×81A6F6B5
FILE_VALUE:: 6A 18 68 40 CE 43 00 E8 67 77 DE FF 64 A1 24 01 00 00 8A 80
Memory_SDT_Addr: 0×81A6F6B5
MEMO_VALUE:: 6A 18 68 40 CE 83 81 E8 67 77

SERVICE NUMBER: 189
ServiceFunciton: NtOpenKey
File_SDT_Addr: 0×81A258DC
FILE_VALUE:: 8B FF 55 8B EC 51 51 64 A1 24 01 00 00 83 65 FC 00 80 B8 E7
Memory_SDT_Addr: 0×81A258DC
MEMO_VALUE:: 8B FF 55 8B EC 51 51 64 A1 24

SERVICE NUMBER: 190
ServiceFunciton: NtOpenKeyTransacted
File_SDT_Addr: 0×81A274EF
FILE_VALUE:: 8B FF 55 8B EC 51 51 64 A1 24 01 00 00 8A 80 E7 00 00 00 6A
Memory_SDT_Addr: 0×81A274EF
MEMO_VALUE:: 8B FF 55 8B EC 51 51 64 A1 24

SERVICE NUMBER: 191
ServiceFunciton: NtOpenMutant
File_SDT_Addr: 0×819A77F4
FILE_VALUE:: 6A 14 68 58 CD 43 00 E8 28 F6 EA FF 64 A1 24 01 00 00 8A 98
Memory_SDT_Addr: 0×819A77F4
MEMO_VALUE:: 6A 14 68 58 CD 83 81 E8 28 F6

SERVICE NUMBER: 192
ServiceFunciton: NtOpenPrivateNamespace
File_SDT_Addr: 0×819891A5
FILE_VALUE:: 6A 1C 68 98 15 44 00 E8 77 DC EC FF 33 F6 89 75 DC 64 A1 24
Memory_SDT_Addr: 0×819891A5
MEMO_VALUE:: 6A 1C 68 98 15 84 81 E8 77 DC

SERVICE NUMBER: 193
ServiceFunciton: NtOpenObjectAuditAlarm
File_SDT_Addr: 0×819959C3
FILE_VALUE:: 6A 58 68 58 11 44 00 E8 59 14 EC FF 33 FF 89 7D D0 89 7D D8
Memory_SDT_Addr: 0×819959C3
MEMO_VALUE:: 6A 58 68 58 11 84 81 E8 59 14

SERVICE NUMBER: 194
ServiceFunciton: NtOpenProcess
File_SDT_Addr: 0×81A1273D
FILE_VALUE:: 8B FF 55 8B EC 51 51 64 A1 24 01 00 00 8A 80 E7 00 00 00 8B
Memory_SDT_Addr: 0×81A1273D
MEMO_VALUE:: 8B FF 55 8B EC 51 51 64 A1 24

SERVICE NUMBER: 195
ServiceFunciton: NtOpenProcessToken
File_SDT_Addr: 0×81A20AC7
FILE_VALUE:: 8B FF 55 8B EC 51 FF 75 10 6A 00 FF 75 0C FF 75 08 E8 31 B1
Memory_SDT_Addr: 0×81A20AC7
MEMO_VALUE:: 8B FF 55 8B EC 51 FF 75 10 6A

SERVICE NUMBER: 196
ServiceFunciton: NtOpenProcessTokenEx
File_SDT_Addr: 0×81A1BC0E
FILE_VALUE:: 6A 28 68 50 EC 43 00 E8 0E B2 E3 FF 64 A1 24 01 00 00 8A 80
Memory_SDT_Addr: 0×81A1BC0E
MEMO_VALUE:: 6A 28 68 50 EC 83 81 E8 0E B2

SERVICE NUMBER: 197
ServiceFunciton: NtOpenSection
File_SDT_Addr: 0×81A1AC00
FILE_VALUE:: 6A 14 68 20 CC 43 00 E8 1C C2 E3 FF 64 A1 24 01 00 00 8A 80
Memory_SDT_Addr: 0×81A1AC00
MEMO_VALUE:: 6A 14 68 20 CC 83 81 E8 1C C2

SERVICE NUMBER: 198
ServiceFunciton: NtOpenSemaphore
File_SDT_Addr: 0×819B16F5
FILE_VALUE:: 6A 14 68 D0 CD 43 00 E8 27 57 EA FF 64 A1 24 01 00 00 8A 98
Memory_SDT_Addr: 0×819B16F5
MEMO_VALUE:: 6A 14 68 D0 CD 83 81 E8 27 57

SERVICE NUMBER: 199
ServiceFunciton: NtOpenSession
File_SDT_Addr: 0×8194C555
FILE_VALUE:: 6A 14 68 F8 CB 43 00 E8 C7 A8 F0 FF 64 A1 24 01 00 00 8A 80
Memory_SDT_Addr: 0×8194C555
MEMO_VALUE:: 6A 14 68 F8 CB 83 81 E8 C7 A8

SERVICE NUMBER: 200
ServiceFunciton: NtOpenSymbolicLinkObject
File_SDT_Addr: 0×81A0C597
FILE_VALUE:: 6A 14 68 68 CE 43 00 E8 85 A8 E4 FF 64 A1 24 01 00 00 8A 80
Memory_SDT_Addr: 0×81A0C597
MEMO_VALUE:: 6A 14 68 68 CE 83 81 E8 85 A8

SERVICE NUMBER: 201
ServiceFunciton: NtOpenThread
File_SDT_Addr: 0×81A22BEA
FILE_VALUE:: 8B FF 55 8B EC 51 51 64 A1 24 01 00 00 8A 80 E7 00 00 00 8B
Memory_SDT_Addr: 0×81A22BEA
MEMO_VALUE:: 8B FF 55 8B EC 51 51 64 A1 24

SERVICE NUMBER: 202
ServiceFunciton: NtOpenThreadToken
File_SDT_Addr: 0×819E889D
FILE_VALUE:: 8B FF 55 8B EC FF 75 14 6A 00 FF 75 10 FF 75 0C FF 75 08 E8
Memory_SDT_Addr: 0×819E889D
MEMO_VALUE:: 8B FF 55 8B EC FF 75 14 6A 00

SERVICE NUMBER: 203
ServiceFunciton: NtOpenThreadTokenEx
File_SDT_Addr: 0×819D7160
FILE_VALUE:: 6A 6C 68 D8 FC 43 00 E8 BC FC E7 FF 33 DB 89 5D D8 88 5D E7
Memory_SDT_Addr: 0×819D7160
MEMO_VALUE:: 6A 6C 68 D8 FC 83 81 E8 BC FC

SERVICE NUMBER: 204
ServiceFunciton: NtOpenTimer
File_SDT_Addr: 0×81A97048
FILE_VALUE:: 6A 14 68 A8 CD 43 00 E8 D4 FD DB FF 64 A1 24 01 00 00 8A 98
Memory_SDT_Addr: 0×81A97048
MEMO_VALUE:: 6A 14 68 A8 CD 83 81 E8 D4 FD

SERVICE NUMBER: 205
ServiceFunciton: NtPlugPlayControl
File_SDT_Addr: 0×819A7FE1
FILE_VALUE:: 8B FF 55 8B EC 83 E4 F8 83 EC 0C 64 A1 24 01 00 00 8A 80 E7
Memory_SDT_Addr: 0×819A7FE1
MEMO_VALUE:: 8B FF 55 8B EC 83 E4 F8 83 EC

SERVICE NUMBER: 206
ServiceFunciton: NtPowerInformation
File_SDT_Addr: 0×81A07E61
FILE_VALUE:: 68 54 03 00 00 68 A8 32 44 00 E8 60 EF E4 FF 8B 5D 0C 89 9D
Memory_SDT_Addr: 0×81A07E61
MEMO_VALUE:: 68 54 03 00 00 68 A8 32 84 81

SERVICE NUMBER: 207
ServiceFunciton: NtPrivilegeCheck
File_SDT_Addr: 0×819976A9
FILE_VALUE:: 6A 34 68 F0 10 44 00 E8 73 F7 EB FF 33 F6 89 75 E0 89 75 D4
Memory_SDT_Addr: 0×819976A9
MEMO_VALUE:: 6A 34 68 F0 10 84 81 E8 73 F7

SERVICE NUMBER: 208
ServiceFunciton: NtPrivilegeObjectAuditAlarm
File_SDT_Addr: 0×81956A82
FILE_VALUE:: 6A 38 68 D8 11 44 00 E8 9A 03 F0 FF 33 FF 89 7D DC 89 7D E4
Memory_SDT_Addr: 0×81956A82
MEMO_VALUE:: 6A 38 68 D8 11 84 81 E8 9A 03

SERVICE NUMBER: 209
ServiceFunciton: NtPrivilegedServiceAuditAlarm
File_SDT_Addr: 0×8199241E
FILE_VALUE:: 6A 3C 68 B8 11 44 00 E8 FE 49 EC FF 33 FF 89 7D E0 89 7D DC
Memory_SDT_Addr: 0×8199241E
MEMO_VALUE:: 6A 3C 68 B8 11 84 81 E8 FE 49

SERVICE NUMBER: 210
ServiceFunciton: NtProtectVirtualMemory
File_SDT_Add r: 0×81A09FC9
FILE_VALUE:: 6A 38 68 B0 F4 43 00 E8 53 CE E4 FF FF 75 14 E8 24 F7 E6 FF
Memory_SDT_Addr: 0×81A09FC9
MEMO_VALUE:: 6A 38 68 B0 F4 83 81 E8 53 CE

SERVICE NUMBER: 211
ServiceFunciton: NtPulseEvent
File_SDT_Addr: 0×8195769A
FILE_VALUE:: 6A 14 68 B0 E2 43 00 E8 82 F7 EF FF 64 A1 24 01 00 00 8A 80
Memory_SDT_Addr: 0×8195769A
MEMO_VALUE:: 6A 14 68 B0 E2 83 81 E8 82 F7

SERVICE NUMBER: 212
ServiceFunciton: NtQueryAttributesFile
File_SDT_Addr: 0×81A1F749
FILE_VALUE:: 68 68 01 00 00 68 70 CC 43 00 E8 78 76 E3 FF 8B 75 08 8B 5D
Memory_SDT_Addr: 0×81A1F749
MEMO_VALUE:: 68 68 01 00 00 68 70 CC 83 81

SERVICE NUMBER: 213
ServiceFunciton: NtQueryBootEntryOrder
File_SDT_Addr: 0×81A92FFD
FILE_VALUE:: 6A 20 68 78 1A 44 00 E8 1F 3E DC FF 83 3D 70 57 4F 00 02 74
Memory_SDT_Addr: 0×81A92FFD
MEMO_VALUE:: 6A 20 68 78 1A 84 81 E8 1F 3E

SERVICE NUMBER: 214
ServiceFunciton: NtQueryBootOptions
File_SDT_Addr: 0×81A93459
FILE_VALUE:: 6A 30 68 80 C9 43 00 E8 C3 39 DC FF 33 DB 89 5D E4 89 5D D4
Memory_SDT_Addr: 0×81A93459
MEMO_VALUE:: 6A 30 68 80 C9 83 81 E8 C3 39

SERVICE NUMBER: 215
ServiceFunciton: NtQueryDebugFilterState
File_SDT_Addr: 0×8186EBA8
FILE_VALUE:: 8B FF 55 8B EC 8B 55 08 81 FA 89 00 00 00 72 08 6A 65 5A 6A
Memory_SDT_Addr: 0×8186EBA8
MEMO_VALUE:: 8B FF 55 8B EC 8B 55 08 81 FA

SERVICE NUMBER: 216
ServiceFunciton: NtQueryDefaultLocale
File_SDT_Addr: 0×81A12312
FILE_VALUE:: 6A 10 68 00 BD 43 00 E8 0A 4B E4 FF 33 F6 21 75 FC 64 A1 24
Memory_SDT_Addr: 0×81A12312
MEMO_VALUE:: 6A 10 68 00 BD 83 81 E8 0A 4B

SERVICE NUMBER: 217
ServiceFunciton: NtQueryDefaultUILanguage
File_SDT_Addr: 0×819643DC
FILE_VALUE:: 6A 10 68 F0 C0 43 00 E8 40 2A EF FF 33 F6 21 75 FC 64 A1 24
Memory_SDT_Addr: 0×819643DC
MEMO_VALUE:: 6A 10 68 F0 C0 83 81 E8 40 2A

SERVICE NUMBER: 218
ServiceFunciton: NtQueryDirectoryFile
File_SDT_Addr: 0×81A19D4D
FILE_VALUE:: 8B FF 55 8B EC 8D 45 28 50 8D 45 24 50 8D 45 1C 50 8D 45 20
Memory_SDT_Addr: 0×81A19D4D
MEMO_VALUE:: 8B FF 55 8B EC 8D 45 28 50 8D

SERVICE NUMBER: 219
ServiceFunciton: NtQueryDirectoryObject
File_SDT_Addr: 0×819AF459
FILE_VALUE:: 6A 58 68 58 02 44 00 E8 C3 79 EA FF 33 FF C6 45 A6 00 89 7D
Memory_SDT_Addr: 0×819AF459
MEMO_VALUE:: 6A 58 68 58 02 84 81 E8 C3 79

SERVICE NUMBER: 220
ServiceFunciton: NtQueryDriverEntryOrder
File_SDT_Addr: 0×81A9396F
FILE_VALUE:: 6A 20 68 50 1A 44 00 E8 AD 34 DC FF 83 3D 70 57 4F 00 02 74
Memory_SDT_Addr: 0×81A9396F
MEMO_VALUE:: 6A 20 68 50 1A 84 81 E8 AD 34

SERVICE NUMBER: 221
ServiceFunciton: NtQueryEaFile
File_SDT_Addr: 0×8193D4CA
FILE_VALUE:: 6A 4C 68 08 07 44 00 E8 52 99 F1 FF 33 FF 89 7D D4 89 7D E0
Memory_SDT_Addr: 0×8193D4CA
MEMO_VALUE:: 6A 4C 68 08 07 84 81 E8 52 99

SERVICE NUMBER: 222
ServiceFunciton: NtQueryEvent
File_SDT_Addr: 0×819981B5
FILE_VALUE:: 6A 0C 68 88 E2 43 00 E8 67 EC EB FF 33 FF 39 7D 0C 74 0A B8
Memory_SDT_Addr: 0×819981B5
MEMO_VALUE:: 6A 0C 68 88 E2 83 81 E8 67 EC

SERVICE NUMBER: 223
ServiceFunciton: NtQueryFullAttributesFile
File_SDT_Addr: 0×81A23D28
FILE_VALUE:: 68 68 01 00 00 68 48 CC 43 00 E8 99 30 E3 FF 8B 75 08 8B 4D
Memory_SDT_Addr: 0×81A23D28
MEMO_VALUE:: 68 68 01 00 00 68 48 CC 83 81

SERVICE NUMBER: 224
ServiceFunciton: NtQueryInformationAtom
File_SDT_Addr: 0×8198723C
FILE_VALUE:: 6A 28 68 30 F5 43 00 E8 E0 FB EC FF FF 15 90 AB 4E 00 89 45
Memory_SDT_Addr: 0×8198723C
MEMO_VALUE:: 6A 28 68 30 F5 83 81 E8 E0 FB

SERVICE NUMBER: 225
ServiceFunciton: NtQueryInformationFile
File_SDT_Addr: 0×819F2330
FILE_VALUE:: 6A 74 68 40 D1 43 00 E8 EC 4A E6 FF 33 C9 89 4D D4 89 4D 84
Memory_SDT_Addr: 0×819F2330
MEMO_VALUE:: 6A 74 68 40 D1 83 81 E8 EC 4A

SERVICE NUMBER: 226
ServiceFunciton: NtQueryInformationJobObject
File_SDT_Addr: 0×8196AD11
FILE_VALUE:: 68 78 01 00 00 68 D8 EE 43 00 E8 08 C1 EE FF 33 F6 89 75 E4
Memory_SDT_Addr: 0×8196AD11
MEMO_VALUE:: 68 78 01 00 00 68 D8 EE 83 81

SERVICE NUMBER: 227
ServiceFunciton: NtQueryInformationPort
File_SDT_Addr: 0×81A55857
FILE_VALUE:: 6A 14 68 38 DF 43 00 E8 C5 15 E0 FF 64 A1 24 01 00 00 8A 80
Memory_SDT_Addr: 0×81A 55857
MEMO_VALUE:: 6A 14 68 38 DF 83 81 E8 C5 15

SERVICE NUMBER: 228
ServiceFunciton: NtQueryInformationProcess
File_SDT_Addr: 0×819D79A9
FILE_VALUE:: 68 34 02 00 00 68 78 FF 43 00 E8 70 F4 E7 FF 64 A1 24 01 00
Memory_SDT_Addr: 0×819D79A9
MEMO_VALUE:: 68 34 02 00 00 68 78 FF 83 81

SERVICE NUMBER: 229
ServiceFunciton: NtQueryInformationThread
File_SDT_Addr: 0×819F4229
FILE_VALUE:: 68 E0 00 00 00 68 08 14 44 00 E8 F0 2B E6 FF 64 A1 24 01 00
Memory_SDT_Addr: 0×819F4229
MEMO_VALUE:: 68 E0 00 00 00 68 08 14 84 81

SERVICE NUMBER: 230
ServiceFunciton: NtQueryInformationToken
File_SDT_Addr: 0×81A1CEB4
FILE_VALUE:: 68 98 01 00 00 68 28 E6 43 00 E8 65 9F E3 FF 33 C9 89 8D 58
Memory_SDT_Addr: 0×81A1CEB4
MEMO_VALUE:: 68 98 01 00 00 68 28 E6 83 81

SERVICE NUMBER: 231
ServiceFunciton: NtQueryInstallUILanguage
File_SDT_Addr: 0×81A16281
FILE_VALUE:: 6A 10 68 E0 BC 43 00 E8 9B 0B E4 FF 33 C0 89 45 FC 64 8B 0D
Memory_SDT_Addr: 0×81A16281
MEMO_VALUE:: 6A 10 68 E0 BC 83 81 E8 9B 0B

SERVICE NUMBER: 232
ServiceFunciton: NtQueryIntervalProfile
File_SDT_Addr: 0×81A97E17
FILE_VALUE:: 6A 0C 68 98 BC 43 00 E8 05 F0 DB FF 64 A1 24 01 00 00 8A 98
Memory_SDT_Addr: 0×81A97E17
MEMO_VALUE:: 6A 0C 68 98 BC 83 81 E8 05 F0

SERVICE NUMBER: 233
ServiceFunciton: NtQueryIoCompletion
File_SDT_Addr: 0×81A44EA0
FILE_VALUE:: 6A 0C 68 08 E0 43 00 E8 7C 1F E1 FF 33 F6 39 75 0C 74 0A B8
Memory_SDT_Addr: 0×81A44EA0
MEMO_VALUE:: 6A 0C 68 08 E0 83 81 E8 7C 1F

SERVICE NUMBER: 234
ServiceFunciton: NtQueryKey
File_SDT_Addr: 0×819F64C8
FILE_VALUE:: 6A 74 68 58 31 44 00 E8 54 09 E6 FF 33 DB 89 9D 7C FF FF FF
Memory_SDT_Addr: 0×819F64C8
MEMO_VALUE:: 6A 74 68 58 31 84 81 E8 54 09

SERVICE NUMBER: 235
ServiceFunciton: NtQueryMultipleValueKey
File_SDT_Addr: 0×81A2894D
FILE_VALUE:: 6A 68 68 80 2F 44 00 E8 CF E4 E2 FF 33 DB 89 5D D4 89 5D 88
Memory_SDT_Addr: 0×81A2894D
MEMO_VALUE:: 6A 68 68 80 2F 84 81 E8 CF E4

SERVICE NUMBER: 236
ServiceFunciton: NtQueryMutant
File_SDT_Addr: 0×81A9771E
FILE_VALUE:: 6A 1C 68 78 E1 43 00 E8 FE F6 DB FF 33 F6 39 75 0C 75 0D 83
Memory_SDT_Addr: 0×81A9771E
MEMO_VALUE:: 6A 1C 68 78 E1 83 81 E8 FE F6

SERVICE NUMBER: 237
ServiceFunciton: NtQueryObject
File_SDT_Addr: 0×81A06F68
FILE_VALUE:: 68 94 00 00 00 68 80 E9 43 00 E8 B1 FE E4 FF 33 F6 89 75 C0
Memory_SDT_Addr: 0×81A06F68
MEMO_VALUE:: 68 94 00 00 00 68 80 E9 83 81

SERVICE NUMBER: 238
ServiceFunciton: NtQueryOpenSubKeys
File_SDT_Addr: 0×81A28BA9
FILE_VALUE:: 6A 4C 68 C0 1E 44 00 E8 73 E2 E2 FF 33 DB 89 5D E4 89 5D E0
Memory_SDT_Addr: 0×81A28BA9
MEMO_VALUE:: 6A 4C 68 C0 1E 84 81 E8 73 E2

SERVICE NUMBER: 239
ServiceFunciton: NtQueryOpenSubKeysEx
File_SDT_Addr: 0×81A28E2F
FILE_VALUE:: 6A 60 68 98 1E 44 00 E8 ED DF E2 FF 33 F6 89 75 E4 89 75 E0
Memory_SDT_Addr: 0×81A28E2F
MEMO_VALUE:: 6A 60 68 98 1E 84 81 E8 ED DF

SERVICE NUMBER: 240
ServiceFunciton: NtQueryPerformanceCounter
File_SDT_Addr: 0×819E2B82
FILE_VALUE:: 6A 14 68 78 BC 43 00 E8 9A 42 E7 FF 64 A1 24 01 00 00 8A 80
Memory_SDT_Addr: 0×819E2B82
MEMO_VALUE:: 6A 14 68 78 BC 83 81 E8 9A 42

SERVICE NUMBER: 241
ServiceFunciton: NtQueryQuotaInformationFile
File_SDT_Addr: 0×81A46595
FILE_VALUE:: 6A 50 68 90 06 44 00 E8 87 08 E1 FF 33 F6 89 75 DC 89 75 E0
Memory_SDT_Addr: 0×81A46595
MEMO_VALUE:: 6A 50 68 90 06 84 81 E8 87 08

SERVICE NUMBER: 242
ServiceFunciton: NtQuerySection
File_SDT_Addr: 0×81987649
FILE_VALUE:: 6A 18 68 C0 DE 43 00 E8 D3 F7 EC FF 64 A1 24 01 00 00 8A 80
Memory_SDT_Addr: 0×81987649
MEMO_VALUE:: 6A 18 68 C0 DE 83 81 E8 D3 F7

SERVICE NUMBER: 243
ServiceFunciton: NtQuerySecurityObject
File_SDT_Addr: 0×81A14061
FILE_VALUE:: 6A 24 68 38 EA 43 00 E8 BB 2D E4 FF 64 A1 24 01 00 00 8A 80
Memory_SDT_Addr: 0×81A14061
MEMO_VALUE:: 6A 24 68 38 EA 83 81 E8 BB 2D

SERVICE NUMBER: 244
ServiceFunciton: NtQuerySemaphore
File_SDT_Addr: 0×81A90E78
FILE_VALUE:: 6A 14 68 10 E2 43 00 E8 A4 5F DC FF 64 A1 24 01 00 00 8A 80
Memory_SDT_Addr: 0×81A90E78
MEMO_VALUE:: 6A 14 68 10 E2 83 81 E8 A4 5F

SERVICE NUMBER: 245
ServiceFunciton: NtQuerySymbolicLinkObject
File_ SDT_Addr: 0×81A0F506
FILE_VALUE:: 6A 1C 68 E0 F2 43 00 E8 16 79 E4 FF 64 A1 24 01 00 00 8A 80
Memory_SDT_Addr: 0×81A0F506
MEMO_VALUE:: 6A 1C 68 E0 F2 83 81 E8 16 79

SERVICE NUMBER: 246
ServiceFunciton: NtQuerySystemEnvironmentValue
File_SDT_Addr: 0×81A91B43
FILE_VALUE:: 6A 28 68 50 0D 44 00 E8 D9 52 DC FF 33 DB 89 5D CC 89 5D FC
Memory_SDT_Addr: 0×81A91B43
MEMO_VALUE:: 6A 28 68 50 0D 84 81 E8 D9 52

SERVICE NUMBER: 247
ServiceFunciton: NtQuerySystemEnvironmentValueEx
File_SDT_Addr: 0×81A92151
FILE_VALUE:: 6A 54 68 10 1B 44 00 E8 73 4C DC FF 8B 45 08 8B 4D 0C 89 4D
Memory_SDT_Addr: 0×81A92151
MEMO_VALUE:: 6A 54 68 10 1B 84 81 E8 73 4C

SERVICE NUMBER: 248
ServiceFunciton: NtQuerySystemInformation
File_SDT_Addr: 0×819CD8E0
FILE_VALUE:: 68 70 03 00 00 68 08 23 44 00 E8 39 95 E8 FF 33 D2 89 55 E4
Memory_SDT_Addr: 0×819CD8E0
MEMO_VALUE:: 68 70 03 00 00 68 08 23 84 81

SERVICE NUMBER: 249
ServiceFunciton: NtQuerySystemTime
File_SDT_Addr: 0×819E648E
FILE_VALUE:: 6A 14 68 20 BD 43 00 E8 8E 09 E7 FF 64 A1 24 01 00 00 8A 80
Memory_SDT_Addr: 0×819E648E
MEMO_VALUE:: 6A 14 68 20 BD 83 81 E8 8E 09

SERVICE NUMBER: 250
ServiceFunciton: NtQueryTimer
File_SDT_Addr: 0×81A9711B
FILE_VALUE:: 6A 10 68 B0 E1 43 00 E8 01 FD DB FF 33 F6 39 75 0C 74 0A B8
Memory_SDT_Addr: 0×81A9711B
MEMO_VALUE:: 6A 10 68 B0 E1 83 81 E8 01 FD

SERVICE NUMBER: 251
ServiceFunciton: NtQueryTimerResolution
File_SDT_Addr: 0×819B2EB6
FILE_VALUE:: 6A 0C 68 E8 BF 43 00 E8 66 3F EA FF 64 A1 24 01 00 00 8A 80
Memory_SDT_Addr: 0×819B2EB6
MEMO_VALUE:: 6A 0C 68 E8 BF 83 81 E8 66 3F

SERVICE NUMBER: 252
ServiceFunciton: NtQueryValueKey
File_SDT_Addr: 0×81A16FAC
FILE_VALUE:: 6A 70 68 F8 2F 44 00 E8 70 FE E3 FF 33 DB 66 89 5D C0 33 C0
Memory_SDT_Addr: 0×81A16FAC
MEMO_VALUE:: 6A 70 68 F8 2F 84 81 E8 70 FE

SERVICE NUMBER: 253
ServiceFunciton: NtQueryVirtualMemory
File_SDT_Addr: 0×819F8F4E
FILE_VALUE:: 6A 6C 68 D0 02 44 00 E8 CE DE E5 FF 33 F6 89 75 E4 89 75 DC
Memory_SDT_Addr: 0×819F8F4E
MEMO_VALUE:: 6A 6C 68 D0 02 84 81 E8 CE DE

SERVICE NUMBER: 254
ServiceFunciton: NtQueryVolumeInformationFile
File_SDT_Addr: 0×819F9CC9
FILE_VALUE:: 6A 44 68 D8 D1 43 00 E8 53 D1 E5 FF 33 FF 89 7D DC 64 A1 24
Memory_SDT_Addr: 0×819F9CC9
MEMO_VALUE:: 6A 44 68 D8 D1 83 81 E8 53 D1

SERVICE NUMBER: 255
ServiceFunciton: NtQueueApcThread
File_SDT_Addr: 0×819A8499
FILE_VALUE:: 8B FF 55 8B EC 51 51 64 A1 24 01 00 00 8A 80 E7 00 00 00 53
Memory_SDT_Addr: 0×819A8499
MEMO_VALUE:: 8B FF 55 8B EC 51 51 64 A1 24

SERVICE NUMBER: 256
ServiceFunciton: NtRaiseException
File_SDT_Addr: 0×81849C90
FILE_VALUE:: 55 64 8B 1D 24 01 00 00 8B 55 3C 89 93 20 01 00 00 8B EC 8B
Memory_SDT_Addr: 0×81849C90
MEMO_VALUE:: 55 64 8B 1D 24 01 00 00 8B 55

SERVICE NUMBER: 257
ServiceFunciton: NtRaiseHardError
File_SDT_Addr: 0×81986B43
FILE_VALUE:: 6A 30 68 38 DC 43 00 E8 D9 02 ED FF 8B 7D 0C 83 FF 05 76 0A
Memory_SDT_Addr: 0×81986B43
MEMO_VALUE:: 6A 30 68 38 DC 83 81 E8 D9 02

SERVICE NUMBER: 258
ServiceFunciton: NtReadFile
File_SDT_Addr: 0×819E01A0
FILE_VALUE:: 6A 4C 68 60 D2 43 00 E8 7C 6C E7 FF 33 F6 89 75 DC 89 75 D0
Memory_SDT_Addr: 0×819E01A0
MEMO_VALUE:: 6A 4C 68 60 D2 83 81 E8 7C 6C

SERVICE NUMBER: 259
ServiceFunciton: NtReadFileScatter
File_SDT_Addr: 0×8198EB53
FILE_VALUE:: 6A 44 68 68 06 44 00 E8 C9 82 EC FF 33 DB 89 5D E0 89 5D CC
Memory_SDT_Addr: 0×8198EB53
MEMO_VALUE:: 6A 44 68 68 06 84 81 E8 C9 82

SERVICE NUMBER: 260
ServiceFunciton: NtReadRequestData
File_SDT_Addr: 0×81A231DD
FILE_VALUE:: 8B FF 55 8B EC 64 A1 24 01 00 00 66 FF 88 80 00 00 00 56 FF
Memory_SDT_Addr: 0×81A231DD
MEMO_VALUE:: 8B FF 55 8B EC 64 A1 24 01 00

SERVICE NUMBER: 261
ServiceFunciton: NtReadVirtualMemory
File_SDT_Addr: 0×81A12E2B
FILE_VALUE:: 6A 18 68 A0 04 44 00 E8 F1 3F E4 FF 64 8B 3D 24 01 00 00 8A
Memory_SDT_Addr: 0×81A12E2B
MEMO_VALUE:: 6A 18 68 A0 04 84 81 E8 F1 3F

SERVICE NUMBER: 262
ServiceFunciton: NtRegisterThreadTerminatePort
File_SDT_Addr: 0×81A6D3AF
FILE_VALUE:: 8B FF 55 8B EC 51 51 56 64 8B 35 24 01 00 00 8A 86 E7 00 00
Memory_SDT_Addr: 0×81A6D 3AF
MEMO_VALUE:: 8B FF 55 8B EC 51 51 56 64 8B

SERVICE NUMBER: 263
ServiceFunciton: NtReleaseMutant
File_SDT_Addr: 0×81A0A620
FILE_VALUE:: 6A 18 68 40 E1 43 00 E8 FC C7 E4 FF 64 A1 24 01 00 00 8A 80
Memory_SDT_Addr: 0×81A0A620
MEMO_VALUE:: 6A 18 68 40 E1 83 81 E8 FC C7

SERVICE NUMBER: 264
ServiceFunciton: NtReleaseSemaphore
File_SDT_Addr: 0×81A22A0A
FILE_VALUE:: 6A 1C 68 D8 E1 43 00 E8 12 44 E3 FF 64 A1 24 01 00 00 8A 80
Memory_SDT_Addr: 0×81A22A0A
MEMO_VALUE:: 6A 1C 68 D8 E1 83 81 E8 12 44

SERVICE NUMBER: 265
ServiceFunciton: NtRemoveIoCompletion
File_SDT_Addr: 0×819E88BE
FILE_VALUE:: 6A 3C 68 98 1D 44 00 E8 5E E5 E6 FF 33 FF 89 7D E4 64 A1 24
Memory_SDT_Addr: 0×819E88BE
MEMO_VALUE:: 6A 3C 68 98 1D 84 81 E8 5E E5

SERVICE NUMBER: 266
ServiceFunciton: NtRemoveProcessDebug
File_SDT_Addr: 0×81A3BF37
FILE_VALUE:: 8B FF 55 8B EC 83 EC 0C 64 A1 24 01 00 00 53 8A 98 E7 00 00
Memory_SDT_Addr: 0×81A3BF37
MEMO_VALUE:: 8B FF 55 8B EC 83 EC 0C 64 A1

SERVICE NUMBER: 267
ServiceFunciton: NtRenameKey
File_SDT_Addr: 0×81A2916F
FILE_VALUE:: 6A 50 68 60 2F 44 00 E8 AD DC E2 FF 33 F6 66 89 75 BC 33 C0
Memory_SDT_Addr: 0×81A2916F
MEMO_VALUE:: 6A 50 68 60 2F 84 81 E8 AD DC

SERVICE NUMBER: 268
ServiceFunciton: NtReplaceKey
File_SDT_Addr: 0×81A28822
FILE_VALUE:: 8B FF 55 8B EC 83 E4 F8 83 EC 1C 53 56 57 E8 35 E2 F4 FF 33
Memory_SDT_Addr: 0×81A28822
MEMO_VALUE:: 8B FF 55 8B EC 83 E4 F8 83 EC

SERVICE NUMBER: 269
ServiceFunciton: NtReplyPort
File_SDT_Addr: 0×819E8D6A
FILE_VALUE:: 8B FF 55 8B EC 83 E4 F8 83 EC 2C 64 A1 24 01 00 00 66 FF 88
Memory_SDT_Addr: 0×819E8D6A
MEMO_VALUE:: 8B FF 55 8B EC 83 E4 F8 83 EC

SERVICE NUMBER: 270
ServiceFunciton: NtReplyWaitReceivePort
File_SDT_Addr: 0×819E149E
FILE_VALUE:: 8B FF 55 8B EC 6A 00 FF 75 14 FF 75 10 FF 75 0C FF 75 08 E8
Memory_SDT_Addr: 0×819E149E
MEMO_VALUE:: 8B FF 55 8B EC 6A 00 FF 75 14

SERVICE NUMBER: 271
ServiceFunciton: NtReplyWaitReceivePortEx
File_SDT_Addr: 0×819E134D
FILE_VALUE:: 6A 34 68 58 17 44 00 E8 CF 5A E7 FF 64 A1 24 01 00 00 66 FF
Memory_SDT_Addr: 0×819E134D
MEMO_VALUE:: 6A 34 68 58 17 84 81 E8 CF 5A

SERVICE NUMBER: 272
ServiceFunciton: NtReplyWaitReplyPort
File_SDT_Addr: 0×81A55A1D
FILE_VALUE:: 8B FF 55 8B EC 51 51 64 A1 24 01 00 00 8A 80 E7 00 00 00 56
Memory_SDT_Addr: 0×81A55A1D
MEMO_VALUE:: 8B FF 55 8B EC 51 51 64 A1 24

SERVICE NUMBER: 273
ServiceFunciton: NtRequestDeviceWakeup
File_SDT_Addr: 0×81A68475
FILE_VALUE:: B8 02 00 00 C0 C2 04 00 90 90 90 CC CC CC CC CC CC 90 90 90
Memory_SDT_Addr: 0×81A68475
MEMO_VALUE:: B8 02 00 00 C0 C2 04 00 90 90

SERVICE NUMBER: 274
ServiceFunciton: NtRequestPort
File_SDT_Addr: 0×8198CBD3
FILE_VALUE:: 8B FF 55 8B  

iiprogram
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
windows ALPC简单研究
weixin_43787608的博客
11-26 9090
0x00 本文是对ALPC的简单研究,由于时间有限,还有很多细节没有搞清楚,还有很多疏漏。希望能起到抛砖引玉的作用,能找到高手讨论学习。 ALPC(Advanced/Asynchronous Local Procedure Call),是微软发展出来替代LPC,用于本机RPC的一种C/S模型技术。但是对用户来说,能看到只有RPC概念,很少能看到ALPC。 我们看一个典型的ALPC同步调用堆栈: ...
不同语言程序的特征
Winter_Zero的博客
12-28 733
不同opCode,Call的作用是不同的。 E8 Call Offset(调用普通函数)(VS) FF 15 Call Dword ptr [ 地址 ] (调用IAT)(VS) 如何确定目标程序的语言? 1.OEP特征 2.链接器版本 3.区段信息 Borland C++程序 ( BC++ ) 1.OEP特征 OEP是一个短跳转,之后是一个字符串:fb:C++Hook 第一个调用的函数:GetM...
Windows平台Hadoop出现 Exception message: CreateSymbolicLink error (1314): ???????????
赴前尘
11-20 977
1. windows + R 输入gpedit.msc 打开 本地策略组编辑器 2. 依次 点击 计算机配置->windows设置->安全设置->本地策略->用户权限分配->创建符号链接 3. 点击 添加用户或组 ,将当前用户添加进去,重启电脑 ...
Windows ALPC漏洞复现
skyh的博客
06-10 2182
ALPC 漏洞复现
SSDT.rar_ssdt
09-23
1. "Dump.frm"和"Dump.frx"可能是一个用于显示或记录SSDT信息的表单文件,其中".frm"是表单的定义,".frx"存储表单的资源数据。 2. "恢复SSDT"可能是一个执行SSDT恢复功能的程序或脚本。 3. "SSDT.vbp"是Visual ...
ssdt.rar_ssdt
09-21
SSDT(System Service Descriptor Table)是Windows操作系统中的一个重要概念,它是系统服务调用表的缩写,用于在用户模式和内核模式之间提供服务接口。SSDT是Windows内核的一个核心组成部分,它存储了所有系统服务...
SSDT.zip_ssdt
09-23
SSDT,全称为Serial Scan Data Transfer,是一种在电子设备中广泛使用的数据传输技术,尤其在集成电路测试、半导体设备以及通信系统等领域。它的工作原理是将并行数据转换为串行形式进行传输,然后在接收端再恢复为...
SSDTHook_ssdt_SSDTHook_
10-01
SSDT(System Service Descriptor Table)是Windows内核中一个至关重要的数据结构,它是一个表,包含了操作系统提供的系统服务入口点。这些服务涵盖了进程管理、内存管理、设备驱动交互等核心功能。SSDT Hooking是一...
SSDT 安装文件
01-05
SSDT,全称为SQL Server Data Tools,是微软推出的一款强大的数据库开发工具,它为Visual Studio提供了一整套用于设计、开发、测试和部署SQL Server数据库的解决方案。在本主题中,我们将深入探讨SSDT与Visual ...
MapReduce 报错:Exception message: CreateSymbolicLink error (1314): ???????????
m0_44993395的博客
11-22 623
前言 前几天运行 MapReduce 时,报了如上的错误,这是因为权限的问题,解决办法如下。 方法 win+R gpedit.msc 计算机配置->windows设置->安全设置->本地策略->用户权限分配->创建符号链接。 添加 everyone ,重启 结束语 本人大三学生一枚,学识尚浅,不喜勿喷,希望今日能抛砖引玉,请各位大佬一定不吝赐教!!! ...
SQL Server 2000 Service Pack 4 中所修复的 bug 的列表
weixin_33861800的博客
02-27 179
有关在 SQL Server 2000 Service Pack 4 已修复的 bug 的详细信息,请单击下面的文章编号,以查看 Microsoft 知识库中相应的文章: 314128  FIX: 一个 RPC 调用而进行的时,会发生冲突的 Access 包括一个位是无效的参数值 317989  FIX: Sqlakw32.dll 可能会损坏的 SQL 语句 319477  FIX: 非常大...
驱动开发笔记3—SSDT表详解
qq_42814021的博客
10-09 3229
SSDT表 SSDT的全称是"System Services Descriptor Table",即系统服务描述表,在内核中的实际名称是KeServiceDescriptorTable,这个表由ntoskrnl.exe导出(在x64里不导出)。 SSDT用于处理应用层通过Kernel32.dll下发的各个API操作请求。ntdll.dll中的API是一个简单的包装函数,当Kernel32.dll中的API通过Ntdll.dll时,会先完成对参数的检查,再调用一个中断(int 2Eh 或者 SysEnter指
Windows平台Hadoop执行自带wordcount例子报错: Exception message: CreateSymbolicLink error (1314): ???????????
qq_29477175的博客
04-29 836
具体执行步骤可查看链接: https://blog.csdn.net/xiakexiaohu/article/details/54580971 执行单词计数命令后会报如下错误: 百度查了几篇文章,大意都说是普通用户没有 创建符号链接的权限,换成管理员执行即可;可本机用管理员执行依然不行,后来翻到一篇日志,修改了core-site.xml文件,要添加fs.defaultFS 和fs.d...
hadoop踩坑记录(1)
_Tucci
04-11 5643
windows单机安装hadoop 3.1.0。建议将java换成java8。最开始用的java10各种问题 到hadoop官网下载。 windows的需要下载一个这个https://github.com/steveloughran/winutils;然后根据自己的hadoop版本,替换掉bin中的文件。 然后将hadoop解压。之后将解压目录设置环境变量HADOOP_HOME。然后配置配置...
特征码搜索器1.2
guoyi987的专栏
02-18 1155
VC7开发,XP,2003下测试正常运行。   效果截图:搜索三十多个call,偏移,地址数据,瞬间出来。         CSDN下载地址:http://download.csdn.net/detail/guoyi987/4072764     1.0和1.1的版本,最先在广海和VB梦工厂发布了。 相对于1.1,更新了搜索不到的结果显示为0,保存和加载文件路径改为上次使用的
android sd 设备特征码,【转帖】OD常用特征码大全+汇编指令
weixin_32142311的博客
05-28 986
本帖最后由 TC大番瓜 于 2018-3-30 15:40 编辑评分不要钱!!评分不要钱!!评分不要钱!!--------------------------------------------------------------VB:816C24--------------------------------------------------------------Delphi:740E8BD...
CreateSymbolicLink (1314): ???????????
tyh1579152915的博客
10-22 647
Command 'F:\CentOS\hadoop\hadoop-2.7.2\bin\winutils.exe symlink D:\程序\Maven\htrace-core-3.1.0-incubating.jar \tmp\hadoop-dell\mapred\local\1603378324139\htrace-core-3.1.0-incubating.jar' failed 1 with: CreateSymbolicLink (1314): ??????????? 出现此异常,且重复多次出现
delphi ssdt
最新发布
12-14
Delphi SSDT(System Service Dispatch Table)是指Delphi编程语言中的一种技术,用于修改或者通过HOOK方式来拦截Windows操作系统的系统服务。系统服务是操作系统提供给应用程序调用的功能模块,常见的系统服务包括...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值