-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathwinsyscalls.cpp
605 lines (587 loc) · 74.7 KB
/
winsyscalls.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
#include <cassert>
#include <iostream>
#include <memory>
#include <string>
#include <stdint.h>
#ifdef _WIN32
#include <Windows.h>
#endif
using namespace std;
//#include "winsyscalls.h"
struct SCENTRY {
const char* name;
unsigned int x[17];
};
enum os_t {
OS_NT_SP3,
OS_NT_SP4,
OS_NT_SP5,
OS_NT_SP6,
OS_2K_SP0,
OS_2K_SP1,
OS_2K_SP2,
OS_2K_SP3,
OS_2K_SP4,
OS_XP_SP0,
OS_XP_SP1,
OS_XP_SP2,
OS_XP_SP3,
OS_2003_SP0,
OS_2003_SP1,
OS_VISTA_SP0,
OS_SEVEN_SP0,
};
struct SCENTRY syscalls[] = {
{"NtAcceptConnectPort", { 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, } },
{"NtAccessCheck", { 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, } },
{"NtAccessCheckAndAuditAlarm", { 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, } },
{"NtAccessCheckByType", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0003, 0x0003, 0x0003, 0x0003, 0x0003, 0x0003, 0x0003, 0x0003, 0x0003, 0x0003, 0x0003, 0x0003, 0x0003, } },
{"NtAccessCheckByTypeAndAuditAlarm", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, } },
{"NtAccessCheckByTypeResultList", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0005, 0x0005, 0x0005, 0x0005, 0x0005, 0x0005, 0x0005, 0x0005, 0x0005, 0x0005, 0x0005, 0x0005, 0x0005, } },
{"NtAccessCheckByTypeResultListAndAuditAlarm", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0006, 0x0006, 0x0006, 0x0006, 0x0006, 0x0006, 0x0006, 0x0006, 0x0006, 0x0006, 0x0006, 0x0006, 0x0006, } },
{"NtAccessCheckByTypeResultListAndAuditAlarmByHandle", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0007, 0x0007, 0x0007, 0x0007, 0x0007, 0x0007, 0x0007, 0x0007, 0x0007, 0x0007, 0x0007, 0x0007, 0x0007, } },
{"NtAddAtom", { 0x0003, 0x0003, 0x0003, 0x0003, 0x0008, 0x0008, 0x0008, 0x0008, 0x0008, 0x0008, 0x0008, 0x0008, 0x0008, 0x0008, 0x0008, 0x0008, 0x0008, } },
{"NtAddBootEntry", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0009, 0x0009, 0x0009, 0xFFFF, 0x0009, 0x0009, 0x0009, 0x0009, } },
{"NtAddDriverEntry", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x000A, 0x000A, 0x000A, 0x000A, } },
{"NtAdjustGroupsToken", { 0x0004, 0x0004, 0x0004, 0x0004, 0x0009, 0x0009, 0x0009, 0x0009, 0x0009, 0x000A, 0x000A, 0x000A, 0x000A, 0x000B, 0x000B, 0x000B, 0x000B, } },
{"NtAdjustPrivilegesToken", { 0x0005, 0x0005, 0x0005, 0x0005, 0x000A, 0x000A, 0x000A, 0x000A, 0x000A, 0x000B, 0x000B, 0x000B, 0x000B, 0x000C, 0x000C, 0x000C, 0x000C, } },
{"NtAlertResumeThread", { 0x0006, 0x0006, 0x0006, 0x0006, 0x000B, 0x000B, 0x000B, 0x000B, 0x000B, 0x000C, 0x000C, 0x000C, 0x000C, 0x000D, 0x000D, 0x000D, 0x000D, } },
{"NtAlertThread", { 0x0007, 0x0007, 0x0007, 0x0007, 0x000C, 0x000C, 0x000C, 0x000C, 0x000C, 0x000D, 0x000D, 0x000D, 0x000D, 0x000E, 0x000E, 0x000E, 0x000E, } },
{"NtAllocateLocallyUniqueId", { 0x0008, 0x0008, 0x0008, 0x0008, 0x000D, 0x000D, 0x000D, 0x000D, 0x000D, 0x000E, 0x000E, 0x000E, 0x000E, 0x000F, 0x000F, 0x000F, 0x000F, } },
{"NtAllocateReserveObject", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0010, } },
{"NtAllocateUserPhysicalPages", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x000E, 0x000E, 0x000E, 0x000E, 0x000E, 0x000F, 0x000F, 0x000F, 0x000F, 0x0010, 0x0010, 0x0010, 0x0011, } },
{"NtAllocateUuids", { 0x0009, 0x0009, 0x0009, 0x0009, 0x000F, 0x000F, 0x000F, 0x000F, 0x000F, 0x0010, 0x0010, 0x0010, 0x0010, 0x0011, 0x0011, 0x0011, 0x0012, } },
{"NtAllocateVirtualMemory", { 0x000A, 0x000A, 0x000A, 0x000A, 0x0010, 0x0010, 0x0010, 0x0010, 0x0010, 0x0011, 0x0011, 0x0011, 0x0011, 0x0012, 0x0012, 0x0012, 0x0013, } },
{"NtAlpcAcceptConnectPort", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0013, 0x0014, } },
{"NtAlpcCancelMessage", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0014, 0x0015, } },
{"NtAlpcConnectPort", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0015, 0x0016, } },
{"NtAlpcCreatePort", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0016, 0x0017, } },
{"NtAlpcCreatePortSection", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0017, 0x0018, } },
{"NtAlpcCreateResourceReserve", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0018, 0x0019, } },
{"NtAlpcCreateSectionView", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0019, 0x001A, } },
{"NtAlpcCreateSecurityContext", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x001A, 0x001B, } },
{"NtAlpcDeletePortSection", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x001B, 0x001C, } },
{"NtAlpcDeleteResourceReserve", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x001C, 0x001D, } },
{"NtAlpcDeleteSectionView", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x001D, 0x001E, } },
{"NtAlpcDeleteSecurityContext", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x001E, 0x001F, } },
{"NtAlpcDisconnectPort", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x001F, 0x0020, } },
{"NtAlpcImpersonateClientOfPort", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0020, 0x0021, } },
{"NtAlpcOpenSenderProcess", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0021, 0x0022, } },
{"NtAlpcOpenSenderThread", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0022, 0x0023, } },
{"NtAlpcQueryInformation", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0023, 0x0024, } },
{"NtAlpcQueryInformationMessage", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0024, 0x0025, } },
{"NtAlpcRevokeSecurityContext", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0026, } },
{"NtAlpcSendWaitReceivePort", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0025, 0x0027, } },
{"NtAlpcSetInformation", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0026, 0x0028, } },
{"NtApphelpCacheControl", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0013, 0x0013, 0x0027, 0x0029, } },
{"NtAreMappedFilesTheSame", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0011, 0x0011, 0x0011, 0x0011, 0x0011, 0x0012, 0x0012, 0x0012, 0x0012, 0x0014, 0x0014, 0x0028, 0x002A, } },
{"NtAssignProcessToJobObject", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0012, 0x0012, 0x0012, 0x0012, 0x0012, 0x0013, 0x0013, 0x0013, 0x0013, 0x0015, 0x0015, 0x0029, 0x002B, } },
{"NtCallbackReturn", { 0x000B, 0x000B, 0x000B, 0x000B, 0x0013, 0x0013, 0x0013, 0x0013, 0x0013, 0x0014, 0x0014, 0x0014, 0x0014, 0x0016, 0x0016, 0x002A, 0x002C, } },
{"NtCancelDeviceWakeupRequest", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0016, 0x0016, 0x0016, 0x0016, 0x0016, 0x0015, 0x0015, 0x0015, 0xFFFF, 0x0017, 0x0017, 0x002B, 0xFFFF, } },
{"NtCancelIoFile", { 0x000C, 0x000C, 0x000C, 0x000C, 0x0014, 0x0014, 0x0014, 0x0014, 0x0014, 0x0016, 0x0016, 0x0016, 0x0016, 0x0018, 0x0018, 0x002C, 0x002D, } },
{"NtCancelIoFileEx", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0172, 0x002E, } },
{"NtCancelSynchronousIoFile", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0173, 0x002F, } },
{"NtCancelTimer", { 0x000D, 0x000D, 0x000D, 0x000D, 0x0015, 0x0015, 0x0015, 0x0015, 0x0015, 0x0017, 0x0017, 0x0017, 0x0017, 0x0019, 0x0019, 0x002D, 0x0030, } },
{"NtClearAllSavepointsTransaction", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x011B, 0xFFFF, } },
{"NtClearEvent", { 0x000E, 0x000E, 0x000E, 0x000E, 0x0017, 0x0017, 0x0017, 0x0017, 0x0017, 0x0018, 0x0018, 0x0018, 0x0018, 0x001A, 0x001A, 0x002E, 0x0031, } },
{"NtClearMUILicenseInfo", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0187, 0xFFFF, } },
{"NtClearSavepointTransaction", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x011A, 0xFFFF, } },
{"NtClose", { 0x000F, 0x000F, 0x000F, 0x000F, 0x0018, 0x0018, 0x0018, 0x0018, 0x0018, 0x0019, 0x0019, 0x0019, 0x0019, 0x001B, 0x001B, 0x002F, 0x0032, } },
{"NtCloseObjectAuditAlarm", { 0x0010, 0x0010, 0x0010, 0x0010, 0x0019, 0x0019, 0x0019, 0x0019, 0x0019, 0x001A, 0x001A, 0x001A, 0x001A, 0x001C, 0x001C, 0x0030, 0x0033, } },
{"NtCommitComplete", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x005D, 0x0034, } },
{"NtCommitEnlistment", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0055, 0x0035, } },
{"NtCommitTransaction", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0059, 0x0036, } },
{"NtCompactKeys", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x001B, 0x001B, 0x001B, 0x001B, 0x001D, 0x001D, 0x0031, 0x0037, } },
{"NtCompareTokens", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x001C, 0x001C, 0x001C, 0x001C, 0x001E, 0x001E, 0x0032, 0x0038, } },
{"NtCompleteConnectPort", { 0x0011, 0x0011, 0x0011, 0x0011, 0x001A, 0x001A, 0x001A, 0x001A, 0x001A, 0x001D, 0x001D, 0x001D, 0x001D, 0x001F, 0x001F, 0x0033, 0x0039, } },
{"NtCompressKey", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x001E, 0x001E, 0x001E, 0x001E, 0x0020, 0x0020, 0x0034, 0x003A, } },
{"NtConnectPort", { 0x0012, 0x0012, 0x0012, 0x0012, 0x001B, 0x001B, 0x001B, 0x001B, 0x001B, 0x001F, 0x001F, 0x001F, 0x001F, 0x0021, 0x0021, 0x0035, 0x003B, } },
{"NtContinue", { 0x0013, 0x0013, 0x0013, 0x0013, 0x001C, 0x001C, 0x001C, 0x001C, 0x001C, 0x0020, 0x0020, 0x0020, 0x0020, 0x0022, 0x0022, 0x0036, 0x003C, } },
{"NtCreateChannel", { 0x00CD, 0x00CC, 0x00CC, 0x00CC, 0x00F1, 0x00F1, 0x00F1, 0x00F1, 0x00F1, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, } },
{"NtCreateDebugObject", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0021, 0x0021, 0x0021, 0x0021, 0x0023, 0x0023, 0x0037, 0x003D, } },
{"NtCreateDirectoryObject", { 0x0014, 0x0014, 0x0014, 0x0014, 0x001D, 0x001D, 0x001D, 0x001D, 0x001D, 0x0022, 0x0022, 0x0022, 0x0022, 0x0024, 0x0024, 0x0038, 0x003E, } },
{"NtCreateEnlistment", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x006D, 0x003F, } },
{"NtCreateEvent", { 0x0015, 0x0015, 0x0015, 0x0015, 0x001E, 0x001E, 0x001E, 0x001E, 0x001E, 0x0023, 0x0023, 0x0023, 0x0023, 0x0025, 0x0025, 0x0039, 0x0040, } },
{"NtCreateEventPair", { 0x0016, 0x0016, 0x0016, 0x0016, 0x001F, 0x001F, 0x001F, 0x001F, 0x001F, 0x0024, 0x0024, 0x0024, 0x0024, 0x0026, 0x0026, 0x003A, 0x0041, } },
{"NtCreateFile", { 0x0017, 0x0017, 0x0017, 0x0017, 0x0020, 0x0020, 0x0020, 0x0020, 0x0020, 0x0025, 0x0025, 0x0025, 0x0025, 0x0027, 0x0027, 0x003B, 0x0042, } },
{"NtCreateIoCompletion", { 0x0018, 0x0018, 0x0018, 0x0018, 0x0021, 0x0021, 0x0021, 0x0021, 0x0021, 0x0026, 0x0026, 0x0026, 0x0026, 0x0028, 0x0028, 0x003C, 0x0043, } },
{"NtCreateJobObject", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0022, 0x0022, 0x0022, 0x0022, 0x0022, 0x0027, 0x0027, 0x0027, 0x0027, 0x0029, 0x0029, 0x003D, 0x0044, } },
{"NtCreateJobSet", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0028, 0x0028, 0x0028, 0x0028, 0x002A, 0x002A, 0x003E, 0x0045, } },
{"NtCreateKey", { 0x0019, 0x0019, 0x0019, 0x0019, 0x0023, 0x0023, 0x0023, 0x0023, 0x0023, 0x0029, 0x0029, 0x0029, 0x0029, 0x002B, 0x002B, 0x003F, 0x0046, } },
{"NtCreateKeyTransacted", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0048, } },
{"NtCreateKeyedEvent", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0117, 0x0117, 0x0117, 0x0117, 0x0121, 0x0121, 0x0169, 0x0047, } },
{"NtCreateMailslotFile", { 0x001A, 0x001A, 0x001A, 0x001A, 0x0024, 0x0024, 0x0024, 0x0024, 0x0024, 0x002A, 0x002A, 0x002A, 0x002A, 0x002C, 0x002C, 0x0040, 0x0049, } },
{"NtCreateMutant", { 0x001B, 0x001B, 0x001B, 0x001B, 0x0025, 0x0025, 0x0025, 0x0025, 0x0025, 0x002B, 0x002B, 0x002B, 0x002B, 0x002D, 0x002D, 0x0041, 0x004A, } },
{"NtCreateNamedPipeFile", { 0x001C, 0x001C, 0x001C, 0x001C, 0x0026, 0x0026, 0x0026, 0x0026, 0x0026, 0x002C, 0x002C, 0x002C, 0x002C, 0x002E, 0x002E, 0x0042, 0x004B, } },
{"NtCreatePagingFile", { 0x001D, 0x001D, 0x001D, 0x001D, 0x0027, 0x0027, 0x0027, 0x0027, 0x0027, 0x002D, 0x002D, 0x002D, 0x002D, 0x002F, 0x002F, 0x0044, 0x004C, } },
{"NtCreatePort", { 0x001E, 0x001C, 0x001E, 0x001E, 0x0028, 0x0028, 0x0028, 0x0028, 0x0028, 0x002E, 0x002E, 0x002E, 0x002E, 0x0030, 0x0030, 0x0045, 0x004D, } },
{"NtCreatePrivateNamespace", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0043, 0x004E, } },
{"NtCreateProcess", { 0x001F, 0x001F, 0x001F, 0x001F, 0x0029, 0x0029, 0x0029, 0x0029, 0x0029, 0x002F, 0x002F, 0x002F, 0x002F, 0x0031, 0x0031, 0x0046, 0x004F, } },
{"NtCreateProcessEx", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0030, 0x0030, 0x0030, 0x0030, 0x0032, 0x0032, 0x0047, 0x0050, } },
{"NtCreateProfile", { 0x0020, 0x0020, 0x0020, 0x0020, 0x002A, 0x002A, 0x002A, 0x002A, 0x002A, 0x0031, 0x0031, 0x0031, 0x0031, 0x0033, 0x0033, 0x0048, 0x0051, } },
{"NtCreateProfileEx", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0052, } },
{"NtCreateResourceManager", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0069, 0x0053, } },
{"NtCreateSection", { 0x0021, 0x0021, 0x0021, 0x0021, 0x002B, 0x002B, 0x002B, 0x002B, 0x002B, 0x0032, 0x0032, 0x0032, 0x0032, 0x0034, 0x0034, 0x0049, 0x0054, } },
{"NtCreateSemaphore", { 0x0022, 0x0022, 0x0022, 0x0022, 0x002C, 0x002C, 0x002C, 0x002C, 0x002C, 0x0033, 0x0033, 0x0033, 0x0033, 0x0035, 0x0035, 0x004A, 0x0055, } },
{"NtCreateSymbolicLinkObject", { 0x0023, 0x0023, 0x0023, 0x0023, 0x002D, 0x002D, 0x002D, 0x002D, 0x002D, 0x0034, 0x0034, 0x0034, 0x0034, 0x0036, 0x0036, 0x004B, 0x0056, } },
{"NtCreateThread", { 0x0024, 0x0024, 0x0024, 0x0024, 0x002E, 0x002E, 0x002E, 0x002E, 0x002E, 0x0035, 0x0035, 0x0035, 0x0035, 0x0037, 0x0037, 0x004C, 0x0057, } },
{"NtCreateThreadEx", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0181, 0x0058, } },
{"NtCreateTimer", { 0x0025, 0x0025, 0x0025, 0x0025, 0x002F, 0x002F, 0x002F, 0x002F, 0x002F, 0x0036, 0x0036, 0x0036, 0x0036, 0x0038, 0x0038, 0x004D, 0x0059, } },
{"NtCreateToken", { 0x0026, 0x0026, 0x0026, 0x0026, 0x0030, 0x0030, 0x0030, 0x0030, 0x0030, 0x0037, 0x0037, 0x0037, 0x0037, 0x0039, 0x0039, 0x004E, 0x005A, } },
{"NtCreateTransaction", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x004F, 0x005B, } },
{"NtCreateTransactionManager", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0062, 0x005C, } },
{"NtCreateUserProcess", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x005D, } },
{"NtCreateWaitablePort", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0031, 0x0031, 0x0031, 0x0031, 0x0031, 0x0038, 0x0038, 0x0038, 0x0038, 0x003A, 0x003A, 0x0072, 0x005E, } },
{"NtCreateWinStation", { 0xFFFF, 0x00D3, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, } },
{"NtCreateWorkerFactory", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x017A, 0x005F, } },
{"NtDebugActiveProcess", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0039, 0x0039, 0x0039, 0x0039, 0x003B, 0x003B, 0x0073, 0x0060, } },
{"NtDebugContinue", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x003A, 0x003A, 0x003A, 0x003A, 0x003C, 0x003C, 0x0074, 0x0061, } },
{"NtDelayExecution", { 0x0027, 0x0027, 0x0027, 0x0027, 0x0032, 0x0032, 0x0032, 0x0032, 0x0032, 0x003B, 0x003B, 0x003B, 0x003B, 0x003D, 0x003D, 0x0075, 0x0062, } },
{"NtDeleteAtom", { 0x0028, 0x0028, 0x0028, 0x0028, 0x0033, 0x0033, 0x0033, 0x0033, 0x0033, 0x003C, 0x003C, 0x003C, 0x003C, 0x003E, 0x003E, 0x0076, 0x0063, } },
{"NtDeleteBootEntry", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x003D, 0x003D, 0x003D, 0xFFFF, 0x003F, 0x003F, 0x0077, 0x0064, } },
{"NtDeleteDriverEntry", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0040, 0x0040, 0x0078, 0x0065, } },
{"NtDeleteFile", { 0x0029, 0x0029, 0x0029, 0x0029, 0x0034, 0x0034, 0x0034, 0x0034, 0x0034, 0x003E, 0x003E, 0x003E, 0x003E, 0x0041, 0x0041, 0x0079, 0x0066, } },
{"NtDeleteKey", { 0x002A, 0x002A, 0x002A, 0x002A, 0x0035, 0x0035, 0x0035, 0x0035, 0x0035, 0x003F, 0x003F, 0x003F, 0x003F, 0x0042, 0x0042, 0x007A, 0x0067, } },
{"NtDeleteObjectAuditAlarm", { 0x002B, 0x002B, 0x002B, 0x002B, 0x0036, 0x0036, 0x0036, 0x0036, 0x0036, 0x0040, 0x0040, 0x0040, 0x0040, 0x0043, 0x0043, 0x007C, 0x0068, } },
{"NtDeletePrivateNamespace", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x007B, 0x0069, } },
{"NtDeleteValueKey", { 0x002C, 0x002C, 0x002C, 0x002C, 0x0037, 0x0037, 0x0037, 0x0037, 0x0037, 0x0041, 0x0041, 0x0041, 0x0041, 0x0044, 0x0044, 0x007D, 0x006A, } },
{"NtDeviceIoControlFile", { 0x002D, 0x002D, 0x002D, 0x002D, 0x0038, 0x0038, 0x0038, 0x0038, 0x0038, 0x0042, 0x0042, 0x0042, 0x0042, 0x0045, 0x0045, 0x007E, 0x006B, } },
{"NtDisableLastKnownGood", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x006C, } },
{"NtDisplayString", { 0x002E, 0x002E, 0x002E, 0x002E, 0x0039, 0x0039, 0x0039, 0x0039, 0x0039, 0x0043, 0x0043, 0x0043, 0x0043, 0x0046, 0x0046, 0x007F, 0x006D, } },
{"NtDrawText", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x006E, } },
{"NtDuplicateObject", { 0x002F, 0x002F, 0x002F, 0x002F, 0x003A, 0x003A, 0x003A, 0x003A, 0x003A, 0x0044, 0x0044, 0x0044, 0x0044, 0x0047, 0x0047, 0x0080, 0x006F, } },
{"NtDuplicateToken", { 0x0030, 0x0030, 0x0030, 0x0030, 0x003B, 0x003B, 0x003B, 0x003B, 0x003B, 0x0045, 0x0045, 0x0045, 0x0045, 0x0048, 0x0048, 0x0081, 0x0070, } },
{"NtEnableLastKnownGood", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0071, } },
{"NtEnumerateBootEntries", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0046, 0x0046, 0x0046, 0x0009, 0x0049, 0x0049, 0x0082, 0x0072, } },
{"NtEnumerateDriverEntries", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x004A, 0x004A, 0x0083, 0x0073, } },
{"NtEnumerateKey", { 0x0031, 0x0031, 0x0031, 0x0031, 0x003C, 0x003C, 0x003C, 0x003C, 0x003C, 0x0047, 0x0047, 0x0047, 0x0047, 0x004B, 0x004B, 0x0084, 0x0074, } },
{"NtEnumerateSystemEnvironmentValuesEx", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0048, 0x0048, 0x0048, 0x0048, 0x004C, 0x004C, 0x0085, 0x0075, } },
{"NtEnumerateTransactionObject", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0076, } },
{"NtEnumerateValueKey", { 0x0032, 0x0032, 0x0032, 0x0032, 0x003D, 0x003D, 0x003D, 0x003D, 0x003D, 0x0049, 0x0049, 0x0049, 0x0049, 0x004D, 0x004D, 0x0086, 0x0077, } },
{"NtExtendSection", { 0x0033, 0x0033, 0x0033, 0x0033, 0x003E, 0x003E, 0x003E, 0x003E, 0x003E, 0x004A, 0x004A, 0x004A, 0x004A, 0x004E, 0x004E, 0x0087, 0x0078, } },
{"NtFilterToken", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x003F, 0x003F, 0x003F, 0x003F, 0x003F, 0x004B, 0x004B, 0x004B, 0x004B, 0x004F, 0x004F, 0x0088, 0x0079, } },
{"NtFindAtom", { 0x0034, 0x0034, 0x0034, 0x0034, 0x0040, 0x0040, 0x0040, 0x0040, 0x0040, 0x004C, 0x004C, 0x004C, 0x004C, 0x0050, 0x0050, 0x0089, 0x007A, } },
{"NtFlushBuffersFile", { 0x0035, 0x0035, 0x0035, 0x0035, 0x0041, 0x0041, 0x0041, 0x0041, 0x0041, 0x004D, 0x004D, 0x004D, 0x004D, 0x0051, 0x0051, 0x008A, 0x007B, } },
{"NtFlushInstallUILanguage", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0189, 0x007C, } },
{"NtFlushInstructionCache", { 0x0036, 0x0036, 0x0036, 0x0036, 0x0042, 0x0042, 0x0042, 0x0042, 0x0042, 0x004E, 0x004E, 0x004E, 0x004E, 0x0052, 0x0052, 0x008B, 0x007D, } },
{"NtFlushKey", { 0x0037, 0x0037, 0x0037, 0x0037, 0x0043, 0x0043, 0x0043, 0x0043, 0x0043, 0x004F, 0x004F, 0x004F, 0x004F, 0x0053, 0x0053, 0x008C, 0x007E, } },
{"NtFlushProcessWriteBuffers", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x008D, 0x007F, } },
{"NtFlushVirtualMemory", { 0x0038, 0x0038, 0x0038, 0x0038, 0x0044, 0x0044, 0x0044, 0x0044, 0x0044, 0x0050, 0x0050, 0x0050, 0x0050, 0x0054, 0x0054, 0x008E, 0x0080, } },
{"NtFlushWriteBuffer", { 0x0039, 0x0039, 0x0039, 0x0039, 0x0045, 0x0045, 0x0045, 0x0045, 0x0045, 0x0051, 0x0051, 0x0051, 0x0051, 0x0055, 0x0055, 0x008F, 0x0081, } },
{"NtFreeUserPhysicalPages", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0046, 0x0046, 0x0046, 0x0046, 0x0046, 0x0052, 0x0052, 0x0052, 0x0052, 0x0056, 0x0056, 0x0090, 0x0082, } },
{"NtFreeVirtualMemory", { 0x003A, 0x003A, 0x003A, 0x003A, 0x0047, 0x0047, 0x0047, 0x0047, 0x0047, 0x0053, 0x0053, 0x0053, 0x0053, 0x0057, 0x0057, 0x0091, 0x0083, } },
{"NtFreezeRegistry", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0092, 0x0084, } },
{"NtFreezeTransactions", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0093, 0x0085, } },
{"NtFsControlFile", { 0x003B, 0x003B, 0x003B, 0x003B, 0x0048, 0x0048, 0x0048, 0x0048, 0x0048, 0x0054, 0x0054, 0x0054, 0x0054, 0x0058, 0x0058, 0x0094, 0x0086, } },
{"NtGetContextThread", { 0x003C, 0x003C, 0x003C, 0x003C, 0x0049, 0x0049, 0x0049, 0x0049, 0x0049, 0x0055, 0x0055, 0x0055, 0x0055, 0x0059, 0x0059, 0x0095, 0x0087, } },
{"NtGetCurrentProcessorNumber", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0126, 0x0126, 0x016E, 0x0088, } },
{"NtGetDevicePowerState", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x004A, 0x004A, 0x004A, 0x004A, 0x004A, 0x0056, 0x0056, 0x0056, 0x0056, 0x005A, 0x005A, 0x0096, 0x0089, } },
{"NtGetMUILicenseInfo", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0186, 0xFFFF, } },
{"NtGetMUIRegistryInfo", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x018A, 0x008A, } },
{"NtGetNextProcess", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0170, 0x008B, } },
{"NtGetNextThread", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0171, 0x008C, } },
{"NtGetNlsSectionPtr", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0097, 0x008D, } },
{"NtGetNotificationResourceManager", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x006B, 0x008E, } },
{"NtGetPlugPlayEvent", { 0x003D, 0x003D, 0x003D, 0x003D, 0x004B, 0x004B, 0x004B, 0x004B, 0x004B, 0x0057, 0x0057, 0x0057, 0x0057, 0x005B, 0x005B, 0x0098, 0x008F, } },
{"NtGetTickCount", { 0x003E, 0x003E, 0x003E, 0x003E, 0x004C, 0x004C, 0x004C, 0x004C, 0x004C, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, } },
{"NtGetWriteWatch", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x004D, 0x004D, 0x004D, 0x004D, 0x004D, 0x0058, 0x0058, 0x0058, 0x0058, 0x005C, 0x005C, 0x0099, 0x0090, } },
{"NtImpersonateAnonymousToken", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x004E, 0x004E, 0x004E, 0x004E, 0x004E, 0x0059, 0x0059, 0x0059, 0x0059, 0x005D, 0x005D, 0x009A, 0x0091, } },
{"NtImpersonateClientOfPort", { 0x003F, 0x003F, 0x003F, 0x003F, 0x004F, 0x004F, 0x004F, 0x004F, 0x004F, 0x005A, 0x005A, 0x005A, 0x005A, 0x005E, 0x005E, 0x009B, 0x0092, } },
{"NtImpersonateThread", { 0x0040, 0x0040, 0x0040, 0x0040, 0x0050, 0x0050, 0x0050, 0x0050, 0x0050, 0x005B, 0x005B, 0x005B, 0x005B, 0x005F, 0x005F, 0x009C, 0x0093, } },
{"NtInitializeNlsFiles", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x009D, 0x0094, } },
{"NtInitializeRegistry", { 0x0041, 0x0041, 0x0041, 0x0041, 0x0051, 0x0051, 0x0051, 0x0051, 0x0051, 0x005C, 0x005C, 0x005C, 0x005C, 0x0060, 0x0060, 0x009E, 0x0095, } },
{"NtInitiatePowerAction", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0052, 0x0052, 0x0052, 0x0052, 0x0052, 0x005D, 0x005D, 0x005D, 0x005D, 0x0061, 0x0061, 0x009F, 0x0096, } },
{"NtIsProcessInJob", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x005E, 0x005E, 0x005E, 0x005E, 0x0062, 0x0062, 0x00A0, 0x0097, } },
{"NtIsSystemResumeAutomatic", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0053, 0x0053, 0x0053, 0x0053, 0x0053, 0x005F, 0x005F, 0x005F, 0x005F, 0x0063, 0x0063, 0x00A1, 0x0098, } },
{"NtIsUILanguageComitted", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0188, 0x0099, } },
{"NtListTransactions", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0185, 0xFFFF, } },
{"NtListenChannel", { 0x00CE, 0x00CD, 0x00CD, 0x00CD, 0x00F2, 0x00F2, 0x00F2, 0x00F2, 0x00F2, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, } },
{"NtListenPort", { 0x0042, 0x0042, 0x0042, 0x0042, 0x0054, 0x0054, 0x0054, 0x0054, 0x0054, 0x0060, 0x0060, 0x0060, 0x0060, 0x0064, 0x0064, 0x00A2, 0x009A, } },
{"NtLoadDriver", { 0x0043, 0x0043, 0x0043, 0x0043, 0x0055, 0x0055, 0x0055, 0x0055, 0x0055, 0x0061, 0x0061, 0x0061, 0x0061, 0x0065, 0x0065, 0x00A3, 0x009B, } },
{"NtLoadKey", { 0x0044, 0x0044, 0x0044, 0x0044, 0x0056, 0x0056, 0x0056, 0x0056, 0x0056, 0x0062, 0x0062, 0x0062, 0x0062, 0x0066, 0x0066, 0x00A4, 0x009C, } },
{"NtLoadKey2", { 0x0045, 0x0045, 0x0045, 0x0045, 0x0057, 0x0057, 0x0057, 0x0057, 0x0057, 0x0063, 0x0063, 0x0063, 0x0063, 0x0067, 0x0067, 0x00A5, 0x009D, } },
{"NtLoadKeyEx", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0068, 0x0068, 0x00A6, 0x009E, } },
{"NtLockFile", { 0x0046, 0x0046, 0x0046, 0x0046, 0x0058, 0x0058, 0x0058, 0x0058, 0x0058, 0x0064, 0x0064, 0x0064, 0x0064, 0x0069, 0x0069, 0x00A7, 0x009F, } },
{"NtLockProductActivationKeys", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0065, 0x0065, 0x0065, 0x0065, 0x006A, 0x006A, 0x00A8, 0x00A0, } },
{"NtLockRegistryKey", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0066, 0x0066, 0x0066, 0x0066, 0x006B, 0x006B, 0x00A9, 0x00A1, } },
{"NtLockVirtualMemory", { 0x0047, 0x0047, 0x0047, 0x0047, 0x0059, 0x0059, 0x0059, 0x0059, 0x0059, 0x0067, 0x0067, 0x0067, 0x0067, 0x006C, 0x006C, 0x00AA, 0x00A2, } },
{"NtMakePermanentObject", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0068, 0x0068, 0x0068, 0x0068, 0x006D, 0x006D, 0x00AB, 0x00A3, } },
{"NtMakeTemporaryObject", { 0x0048, 0x0048, 0x0048, 0x0048, 0x005A, 0x005A, 0x005A, 0x005A, 0x005A, 0x0069, 0x0069, 0x0069, 0x0069, 0x006E, 0x006E, 0x00AC, 0x00A4, } },
{"NtMapCMFModule", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0184, 0x00A5, } },
{"NtMapUserPhysicalPages", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x005B, 0x005B, 0x005B, 0x005B, 0x005B, 0x006A, 0x006A, 0x006A, 0x006A, 0x006F, 0x006F, 0x00AD, 0x00A6, } },
{"NtMapUserPhysicalPagesScatter", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x005C, 0x005C, 0x005C, 0x005C, 0x005C, 0x006B, 0x006B, 0x006B, 0x006B, 0x0070, 0x0070, 0x00AE, 0x00A7, } },
{"NtMapViewOfSection", { 0x0049, 0x0049, 0x0049, 0x0049, 0x005D, 0x005D, 0x005D, 0x005D, 0x005D, 0x006C, 0x006C, 0x006C, 0x006C, 0x0071, 0x0071, 0x00AF, 0x00A8, } },
{"NtMarshallTransaction", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0177, 0xFFFF, } },
{"NtModifyBootEntry", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x006D, 0x006D, 0x006D, 0x0015, 0x0072, 0x0072, 0x00B0, 0x00A9, } },
{"NtModifyDriverEntry", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0073, 0x0073, 0x00B1, 0x00AA, } },
{"NtNotifyChangeDirectoryFile", { 0x004A, 0x004A, 0x004A, 0x004A, 0x005E, 0x005E, 0x005E, 0x005E, 0x005E, 0x006E, 0x006E, 0x006E, 0x006E, 0x0074, 0x0074, 0x00B2, 0x00AB, } },
{"NtNotifyChangeKey", { 0x004B, 0x004B, 0x004B, 0x004B, 0x005F, 0x005F, 0x005F, 0x005F, 0x005F, 0x006F, 0x006F, 0x006F, 0x006F, 0x0075, 0x0075, 0x00B3, 0x00AC, } },
{"NtNotifyChangeMultipleKeys", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0060, 0x0060, 0x0060, 0x0060, 0x0060, 0x0070, 0x0070, 0x0070, 0x0070, 0x0076, 0x0076, 0x00B4, 0x00AD, } },
{"NtNotifyChangeSession", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x00AE, } },
{"NtOpenChannel", { 0x00CF, 0x00CE, 0x00CE, 0x00CE, 0x00F3, 0x00F3, 0x00F3, 0x00F3, 0x00F3, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, } },
{"NtOpenDirectoryObject", { 0x004C, 0x004C, 0x004C, 0x004C, 0x0061, 0x0061, 0x0061, 0x0061, 0x0061, 0x0071, 0x0071, 0x0071, 0x0071, 0x0077, 0x0077, 0x00B5, 0x00AF, } },
{"NtOpenEnlistment", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x006E, 0x00B0, } },
{"NtOpenEvent", { 0x004D, 0x004D, 0x004D, 0x004D, 0x0062, 0x0062, 0x0062, 0x0062, 0x0062, 0x0072, 0x0072, 0x0072, 0x0072, 0x0078, 0x0078, 0x00B6, 0x00B1, } },
{"NtOpenEventPair", { 0x004E, 0x004E, 0x004E, 0x004E, 0x0063, 0x0063, 0x0063, 0x0063, 0x0063, 0x0073, 0x0073, 0x0073, 0x0073, 0x0079, 0x0079, 0x00B7, 0x00B2, } },
{"NtOpenFile", { 0x004F, 0x004F, 0x004F, 0x004F, 0x0064, 0x0064, 0x0064, 0x0064, 0x0064, 0x0074, 0x0074, 0x0074, 0x0074, 0x007A, 0x007A, 0x00B8, 0x00B3, } },
{"NtOpenIoCompletion", { 0x0050, 0x0050, 0x0050, 0x0050, 0x0065, 0x0065, 0x0065, 0x0065, 0x0065, 0x0075, 0x0075, 0x0075, 0x0075, 0x007B, 0x007B, 0x00B9, 0x00B4, } },
{"NtOpenJobObject", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0066, 0x0066, 0x0066, 0x0066, 0x0066, 0x0076, 0x0076, 0x0076, 0x0076, 0x007C, 0x007C, 0x00BA, 0x00B5, } },
{"NtOpenKey", { 0x0051, 0x0051, 0x0051, 0x0051, 0x0067, 0x0067, 0x0067, 0x0067, 0x0067, 0x0077, 0x0077, 0x0077, 0x0077, 0x007D, 0x007D, 0x00BB, 0x00B6, } },
{"NtOpenKeyEx", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x00B7, } },
{"NtOpenKeyTransacted", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x00B9, } },
{"NtOpenKeyTransactedEx", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x00BA, } },
{"NtOpenKeyedEvent", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0118, 0x0118, 0x0118, 0x0118, 0x0122, 0x0122, 0x016A, 0x00B8, } },
{"NtOpenMutant", { 0x0052, 0x0052, 0x0052, 0x0052, 0x0068, 0x0068, 0x0068, 0x0068, 0x0068, 0x0078, 0x0078, 0x0078, 0x0078, 0x007E, 0x007E, 0x00BC, 0x00BB, } },
{"NtOpenObjectAuditAlarm", { 0x0053, 0x0053, 0x0053, 0x0053, 0x0069, 0x0069, 0x0069, 0x0069, 0x0069, 0x0079, 0x0079, 0x0079, 0x0079, 0x007F, 0x007F, 0x00BE, 0x00BC, } },
{"NtOpenPrivateNamespace", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x00BD, 0x00BD, } },
{"NtOpenProcess", { 0x0054, 0x0054, 0x0054, 0x0054, 0x006A, 0x006A, 0x006A, 0x006A, 0x006A, 0x007A, 0x007A, 0x007A, 0x007A, 0x0080, 0x0080, 0x00BF, 0x00BE, } },
{"NtOpenProcessToken", { 0x0055, 0x0055, 0x0055, 0x0055, 0x006B, 0x006B, 0x006B, 0x006B, 0x006B, 0x007B, 0x007B, 0x007B, 0x007B, 0x0081, 0x0081, 0x00C0, 0x00BF, } },
{"NtOpenProcessTokenEx", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x007C, 0x007C, 0x007C, 0x007C, 0x0082, 0x0082, 0x00C1, 0x00C0, } },
{"NtOpenResourceManager", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x006A, 0x00C1, } },
{"NtOpenSection", { 0x0056, 0x0056, 0x0056, 0x0056, 0x006C, 0x006C, 0x006C, 0x006C, 0x006C, 0x007D, 0x007D, 0x007D, 0x007D, 0x0083, 0x0083, 0x00C2, 0x00C2, } },
{"NtOpenSemaphore", { 0x0057, 0x0057, 0x0057, 0x0057, 0x006D, 0x006D, 0x006D, 0x006D, 0x006D, 0x007E, 0x007E, 0x007E, 0x007E, 0x0084, 0x0084, 0x00C3, 0x00C3, } },
{"NtOpenSession", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x00C4, 0x00C4, } },
{"NtOpenSymbolicLinkObject", { 0x0058, 0x0058, 0x0058, 0x0058, 0x006E, 0x006E, 0x006E, 0x006E, 0x006E, 0x007F, 0x007F, 0x007F, 0x007F, 0x0085, 0x0085, 0x00C5, 0x00C5, } },
{"NtOpenThread", { 0x0059, 0x0059, 0x0059, 0x0059, 0x006F, 0x006F, 0x006F, 0x006F, 0x006F, 0x0080, 0x0080, 0x0080, 0x0080, 0x0086, 0x0086, 0x00C6, 0x00C6, } },
{"NtOpenThreadToken", { 0x005A, 0x005A, 0x005A, 0x005A, 0x0070, 0x0070, 0x0070, 0x0070, 0x0070, 0x0081, 0x0081, 0x0081, 0x0081, 0x0087, 0x0087, 0x00C7, 0x00C7, } },
{"NtOpenThreadTokenEx", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0082, 0x0082, 0x0082, 0x0082, 0x0088, 0x0088, 0x00C8, 0x00C8, } },
{"NtOpenTimer", { 0x005B, 0x005B, 0x005B, 0x005B, 0x0071, 0x0071, 0x0071, 0x0071, 0x0071, 0x0083, 0x0083, 0x0083, 0x0083, 0x0089, 0x0089, 0x00C9, 0x00C9, } },
{"NtOpenTransaction", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0050, 0x00CA, } },
{"NtOpenTransactionManager", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0063, 0x00CB, } },
{"NtOpenWinStation", { 0xFFFF, 0x00D4, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, } },
{"NtPlugPlayControl", { 0x005C, 0x005C, 0x005C, 0x005C, 0x0072, 0x0072, 0x0072, 0x0072, 0x0072, 0x0084, 0x0084, 0x0084, 0x0084, 0x008A, 0x008A, 0x00CA, 0x00CC, } },
{"NtPowerInformation", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0073, 0x0073, 0x0073, 0x0073, 0x0073, 0x0085, 0x0085, 0x0085, 0x0085, 0x008B, 0x008B, 0x00CB, 0x00CD, } },
{"NtPrePrepareComplete", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x005B, 0x00D0, } },
{"NtPrePrepareEnlistment", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0053, 0x00D1, } },
{"NtPrepareComplete", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x005C, 0x00CE, } },
{"NtPrepareEnlistment", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0054, 0x00CF, } },
{"NtPrivilegeCheck", { 0x005D, 0x005D, 0x005D, 0x005D, 0x0074, 0x0074, 0x0074, 0x0074, 0x0074, 0x0086, 0x0086, 0x0086, 0x0086, 0x008C, 0x008C, 0x00CC, 0x00D2, } },
{"NtPrivilegeObjectAuditAlarm", { 0x005F, 0x005F, 0x005F, 0x005F, 0x0076, 0x0076, 0x0076, 0x0076, 0x0076, 0x0087, 0x0087, 0x0087, 0x0087, 0x008D, 0x008D, 0x00CD, 0x00D4, } },
{"NtPrivilegedServiceAuditAlarm", { 0x005E, 0x005E, 0x005E, 0x005E, 0x0075, 0x0075, 0x0075, 0x0075, 0x0075, 0x0088, 0x0088, 0x0088, 0x0088, 0x008E, 0x008E, 0x00CE, 0x00D3, } },
{"NtPropagationComplete", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0178, 0x00D5, } },
{"NtPropagationFailed", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0179, 0x00D6, } },
{"NtProtectVirtualMemory", { 0x0060, 0x0060, 0x0060, 0x0060, 0x0077, 0x0077, 0x0077, 0x0077, 0x0077, 0x0089, 0x0089, 0x0089, 0x0089, 0x008F, 0x008F, 0x00CF, 0x00D7, } },
{"NtPullTransaction", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0176, 0xFFFF, } },
{"NtPulseEvent", { 0x0061, 0x0061, 0x0061, 0x0061, 0x0078, 0x0078, 0x0078, 0x0078, 0x0078, 0x008A, 0x008A, 0x008A, 0x008A, 0x0090, 0x0090, 0x00D0, 0x00D8, } },
{"NtQueryAttributesFile", { 0x0063, 0x0063, 0x0063, 0x0063, 0x007A, 0x007A, 0x007A, 0x007A, 0x007A, 0x008B, 0x008B, 0x008B, 0x008B, 0x0091, 0x0091, 0x00D1, 0x00D9, } },
{"NtQueryBootEntryOrder", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x008C, 0x008C, 0x008C, 0xFFFF, 0x0092, 0x0092, 0x00D2, 0x00DA, } },
{"NtQueryBootOptions", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x008D, 0x008D, 0x008D, 0xFFFF, 0x0093, 0x0093, 0x00D3, 0x00DB, } },
{"NtQueryDebugFilterState", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x008E, 0x008E, 0x008E, 0x008E, 0x0094, 0x0094, 0x00D4, 0x00DC, } },
{"NtQueryDefaultLocale", { 0x0064, 0x0064, 0x0064, 0x0064, 0x007B, 0x007B, 0x007B, 0x007B, 0x007B, 0x008F, 0x008F, 0x008F, 0x008F, 0x0095, 0x0095, 0x00D5, 0x00DD, } },
{"NtQueryDefaultUILanguage", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x007C, 0x007C, 0x007C, 0x007C, 0x007C, 0x0090, 0x0090, 0x0090, 0x0090, 0x0096, 0x0096, 0x00D6, 0x00DE, } },
{"NtQueryDirectoryFile", { 0x0065, 0x0065, 0x0065, 0x0065, 0x007D, 0x007D, 0x007D, 0x007D, 0x007D, 0x0091, 0x0091, 0x0091, 0x0091, 0x0097, 0x0097, 0x00D7, 0x00DF, } },
{"NtQueryDirectoryObject", { 0x0066, 0x0066, 0x0066, 0x0066, 0x007E, 0x007E, 0x007E, 0x007E, 0x007E, 0x0092, 0x0092, 0x0092, 0x0092, 0x0098, 0x0098, 0x00D8, 0x00E0, } },
{"NtQueryDriverEntryOrder", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0099, 0x0099, 0x00D9, 0x00E1, } },
{"NtQueryEaFile", { 0x0067, 0x0067, 0x0067, 0x0067, 0x007F, 0x007F, 0x007F, 0x007F, 0x007F, 0x0093, 0x0093, 0x0093, 0x0093, 0x009A, 0x009A, 0x00DA, 0x00E2, } },
{"NtQueryEvent", { 0x0068, 0x0068, 0x0068, 0x0068, 0x0080, 0x0080, 0x0080, 0x0080, 0x0080, 0x0094, 0x0094, 0x0094, 0x0094, 0x009B, 0x009B, 0x00DB, 0x00E3, } },
{"NtQueryFullAttributesFile", { 0x0069, 0x0069, 0x0069, 0x0069, 0x0081, 0x0081, 0x0081, 0x0081, 0x0081, 0x0095, 0x0095, 0x0095, 0x0095, 0x009C, 0x009C, 0x00DC, 0x00E4, } },
{"NtQueryInformationAtom", { 0x0062, 0x0062, 0x0062, 0x0062, 0x0079, 0x0079, 0x0079, 0x0079, 0x0079, 0x0096, 0x0096, 0x0096, 0x0096, 0x009D, 0x009D, 0x00DD, 0x00E5, } },
{"NtQueryInformationEnlistment", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0070, 0x00E6, } },
{"NtQueryInformationFile", { 0x006A, 0x006A, 0x006A, 0x006A, 0x0082, 0x0082, 0x0082, 0x0082, 0x0082, 0x0097, 0x0097, 0x0097, 0x0097, 0x009E, 0x009E, 0x00DE, 0x00E7, } },
{"NtQueryInformationJobObject", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0083, 0x0083, 0x0083, 0x0083, 0x0083, 0x0098, 0x0098, 0x0098, 0x0098, 0x009F, 0x009F, 0x00DF, 0x00E8, } },
{"NtQueryInformationPort", { 0x006C, 0x006C, 0x006C, 0x006C, 0x0085, 0x0085, 0x0085, 0x0085, 0x0085, 0x0099, 0x0099, 0x0099, 0x0099, 0x00A0, 0x00A0, 0x00E0, 0x00E9, } },
{"NtQueryInformationProcess", { 0x006D, 0x006D, 0x006D, 0x006D, 0x0086, 0x0086, 0x0086, 0x0086, 0x0086, 0x009A, 0x009A, 0x009A, 0x009A, 0x00A1, 0x00A1, 0x00E1, 0x00EA, } },
{"NtQueryInformationResourceManager", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x006C, 0x00EB, } },
{"NtQueryInformationThread", { 0x006E, 0x006E, 0x006E, 0x006E, 0x0087, 0x0087, 0x0087, 0x0087, 0x0087, 0x009B, 0x009B, 0x009B, 0x009B, 0x00A2, 0x00A2, 0x00E2, 0x00EC, } },
{"NtQueryInformationToken", { 0x006F, 0x006F, 0x006F, 0x006F, 0x0088, 0x0088, 0x0088, 0x0088, 0x0088, 0x009C, 0x009C, 0x009C, 0x009C, 0x00A3, 0x00A3, 0x00E3, 0x00ED, } },
{"NtQueryInformationTransaction", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0051, 0x00EE, } },
{"NtQueryInformationTransactionManager", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0052, 0x00EF, } },
{"NtQueryInformationWorkerFactory", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x017E, 0x00F0, } },
{"NtQueryInstallUILanguage", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0089, 0x0089, 0x0089, 0x0089, 0x0089, 0x009D, 0x009D, 0x009D, 0x009D, 0x00A4, 0x00A4, 0x00E4, 0x00F1, } },
{"NtQueryIntervalProfile", { 0x0070, 0x0070, 0x0070, 0x0070, 0x008A, 0x008A, 0x008A, 0x008A, 0x008A, 0x009E, 0x009E, 0x009E, 0x009E, 0x00A5, 0x00A5, 0x00E5, 0x00F2, } },
{"NtQueryIoCompletion", { 0x006B, 0x006B, 0x006B, 0x006B, 0x0084, 0x0084, 0x0084, 0x0084, 0x0084, 0x009F, 0x009F, 0x009F, 0x009F, 0x00A6, 0x00A6, 0x00E6, 0x00F3, } },
{"NtQueryKey", { 0x0071, 0x0071, 0x0071, 0x0071, 0x008B, 0x008B, 0x008B, 0x008B, 0x008B, 0x00A0, 0x00A0, 0x00A0, 0x00A0, 0x00A7, 0x00A7, 0x00E7, 0x00F4, } },
{"NtQueryLicenseValue", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0183, 0x00F5, } },
{"NtQueryMultipleValueKey", { 0x0072, 0x0072, 0x0072, 0x0072, 0x008C, 0x008C, 0x008C, 0x008C, 0x008C, 0x00A1, 0x00A1, 0x00A1, 0x00A1, 0x00A8, 0x00A8, 0x00E8, 0x00F6, } },
{"NtQueryMutant", { 0x0073, 0x0073, 0x0073, 0x0073, 0x008D, 0x008D, 0x008D, 0x008D, 0x008D, 0x00A2, 0x00A2, 0x00A2, 0x00A2, 0x00A9, 0x00A9, 0x00E9, 0x00F7, } },
{"NtQueryObject", { 0x0074, 0x0074, 0x0074, 0x0074, 0x008E, 0x008E, 0x008E, 0x008E, 0x008E, 0x00A3, 0x00A3, 0x00A3, 0x00A3, 0x00AA, 0x00AA, 0x00EA, 0x00F8, } },
{"NtQueryOleDirectoryFile", { 0x0075, 0x0075, 0x0075, 0x0075, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, } },
{"NtQueryOpenSubKeys", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x008F, 0x008F, 0x008F, 0x008F, 0x008F, 0x00A4, 0x00A4, 0x00A4, 0x00A4, 0x00AB, 0x00AB, 0x00EB, 0x00F9, } },
{"NtQueryOpenSubKeysEx", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x00AC, 0x00AC, 0x00EC, 0x00FA, } },
{"NtQueryPerformanceCounter", { 0x0076, 0x0076, 0x0076, 0x0076, 0x0090, 0x0090, 0x0090, 0x0090, 0x0090, 0x00A5, 0x00A5, 0x00A5, 0x00A5, 0x00AD, 0x00AD, 0x00ED, 0x00FB, } },
{"NtQueryPortInformationProcess", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x011B, 0x011B, 0x011B, 0x011B, 0x0125, 0x0125, 0x016D, 0x00FC, } },
{"NtQueryQuotaInformationFile", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0091, 0x0091, 0x0091, 0x0091, 0x0091, 0x00A6, 0x00A6, 0x00A6, 0x00A6, 0x00AE, 0x00AE, 0x00EE, 0x00FD, } },
{"NtQuerySection", { 0x0077, 0x0077, 0x0077, 0x0077, 0x0092, 0x0092, 0x0092, 0x0092, 0x0092, 0x00A7, 0x00A7, 0x00A7, 0x00A7, 0x00AF, 0x00AF, 0x00EF, 0x00FE, } },
{"NtQuerySecurityAttributesToken", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x00FF, } },
{"NtQuerySecurityObject", { 0x0078, 0x0078, 0x0078, 0x0078, 0x0093, 0x0093, 0x0093, 0x0093, 0x0093, 0x00A8, 0x00A8, 0x00A8, 0x00A8, 0x00B0, 0x00B0, 0x00F0, 0x0100, } },
{"NtQuerySemaphore", { 0x0079, 0x0079, 0x0079, 0x0079, 0x0094, 0x0094, 0x0094, 0x0094, 0x0094, 0x00A9, 0x00A9, 0x00A9, 0x00A9, 0x00B1, 0x00B1, 0x00F1, 0x0101, } },
{"NtQuerySymbolicLinkObject", { 0x007A, 0x007A, 0x007A, 0x007A, 0x0095, 0x0095, 0x0095, 0x0095, 0x0095, 0x00AA, 0x00AA, 0x00AA, 0x00AA, 0x00B2, 0x00B2, 0x00F2, 0x0102, } },
{"NtQuerySystemEnvironmentValue", { 0x007B, 0x007B, 0x007B, 0x007B, 0x0096, 0x0096, 0x0096, 0x0096, 0x0096, 0x00AB, 0x00AB, 0x00AB, 0x00AB, 0x00B3, 0x00B3, 0x00F3, 0x0103, } },
{"NtQuerySystemEnvironmentValueEx", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x00AC, 0x00AC, 0x00AC, 0x00AC, 0x00B4, 0x00B4, 0x00F4, 0x0104, } },
{"NtQuerySystemInformation", { 0x007C, 0x007C, 0x007C, 0x007C, 0x0097, 0x0097, 0x0097, 0x0097, 0x0097, 0x00AD, 0x00AD, 0x00AD, 0x00AD, 0x00B5, 0x00B5, 0x00F5, 0x0105, } },
{"NtQuerySystemInformationEx", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0106, } },
{"NtQuerySystemTime", { 0x007D, 0x007D, 0x007D, 0x007D, 0x0098, 0x0098, 0x0098, 0x0098, 0x0098, 0x00AE, 0x00AE, 0x00AE, 0x00AE, 0x00B6, 0x00B6, 0x00F6, 0x0107, } },
{"NtQueryTimer", { 0x007E, 0x007E, 0x007E, 0x007E, 0x0099, 0x0099, 0x0099, 0x0099, 0x0099, 0x00AF, 0x00AF, 0x00AF, 0x00AF, 0x00B7, 0x00B7, 0x00F7, 0x0108, } },
{"NtQueryTimerResolution", { 0x007F, 0x007F, 0x007F, 0x007F, 0x009A, 0x009A, 0x009A, 0x009A, 0x009A, 0x00B0, 0x00B0, 0x00B0, 0x00B0, 0x00B8, 0x00B8, 0x00F8, 0x0109, } },
{"NtQueryValueKey", { 0x0080, 0x0080, 0x0080, 0x0080, 0x009B, 0x009B, 0x009B, 0x009B, 0x009B, 0x00B1, 0x00B1, 0x00B1, 0x00B1, 0x00B9, 0x00B9, 0x00F9, 0x010A, } },
{"NtQueryVirtualMemory", { 0x0081, 0x0081, 0x0081, 0x0081, 0x009C, 0x009C, 0x009C, 0x009C, 0x009C, 0x00B2, 0x00B2, 0x00B2, 0x00B2, 0x00BA, 0x00BA, 0x00FA, 0x010B, } },
{"NtQueryVolumeInformationFile", { 0x0082, 0x0082, 0x0082, 0x0082, 0x009D, 0x009D, 0x009D, 0x009D, 0x009D, 0x00B3, 0x00B3, 0x00B3, 0x00B3, 0x00BB, 0x00BB, 0x00FB, 0x010C, } },
{"NtQueryWinStationInformation", { 0xFFFF, 0x00D5, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, } },
{"NtQueueApcThread", { 0x0083, 0x0083, 0x0083, 0x0083, 0x009E, 0x009E, 0x009E, 0x009E, 0x009E, 0x00B4, 0x00B4, 0x00B4, 0x00B4, 0x00BC, 0x00BC, 0x00FC, 0x010D, } },
{"NtQueueApcThreadEx", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x010E, } },
{"NtRaiseException", { 0x0084, 0x0084, 0x0084, 0x0084, 0x009F, 0x009F, 0x009F, 0x009F, 0x009F, 0x00B5, 0x00B5, 0x00B5, 0x00B5, 0x00BD, 0x00BD, 0x00FD, 0x010F, } },
{"NtRaiseHardError", { 0x0085, 0x0085, 0x0085, 0x0085, 0x00A0, 0x00A0, 0x00A0, 0x00A0, 0x00A0, 0x00B6, 0x00B6, 0x00B6, 0x00B6, 0x00BE, 0x00BE, 0x00FE, 0x0110, } },
{"NtReadFile", { 0x0086, 0x0086, 0x0086, 0x0086, 0x00A1, 0x00A1, 0x00A1, 0x00A1, 0x00A1, 0x00B7, 0x00B7, 0x00B7, 0x00B7, 0x00BF, 0x00BF, 0x00FF, 0x0111, } },
{"NtReadFileScatter", { 0x0087, 0x0087, 0x0087, 0x0087, 0x00A2, 0x00A2, 0x00A2, 0x00A2, 0x00A2, 0x00B8, 0x00B8, 0x00B8, 0x00B8, 0x00C0, 0x00C0, 0x0100, 0x0112, } },
{"NtReadOnlyEnlistment", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0056, 0x0113, } },
{"NtReadRequestData", { 0x0088, 0x0088, 0x0088, 0x0088, 0x00A3, 0x00A3, 0x00A3, 0x00A3, 0x00A3, 0x00B9, 0x00B9, 0x00B9, 0x00B9, 0x00C1, 0x00C1, 0x0101, 0x0114, } },
{"NtReadVirtualMemory", { 0x0089, 0x0089, 0x0089, 0x0089, 0x00A4, 0x00A4, 0x00A4, 0x00A4, 0x00A4, 0x00BA, 0x00BA, 0x00BA, 0x00BA, 0x00C2, 0x00C2, 0x0102, 0x0115, } },
{"NtRecoverEnlistment", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0066, 0x0116, } },
{"NtRecoverResourceManager", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0067, 0x0117, } },
{"NtRecoverTransactionManager", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0068, 0x0118, } },
{"NtRegisterProtocolAddressInformation", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0175, 0x0119, } },
{"NtRegisterThreadTerminatePort", { 0x008A, 0x008A, 0x008A, 0x008A, 0x00A5, 0x00A5, 0x00A5, 0x00A5, 0x00A5, 0x00BB, 0x00BB, 0x00BB, 0x00BB, 0x00C3, 0x00C3, 0x0103, 0x011A, } },
{"NtReleaseKeyedEvent", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0119, 0x0119, 0x0119, 0x0119, 0x0123, 0x0123, 0x016B, 0x011B, } },
{"NtReleaseMutant", { 0x008B, 0x008B, 0x008B, 0x008B, 0x00A6, 0x00A6, 0x00A6, 0x00A6, 0x00A6, 0x00BC, 0x00BC, 0x00BC, 0x00BC, 0x00C4, 0x00C4, 0x0104, 0x011C, } },
{"NtReleaseSemaphore", { 0x008C, 0x008C, 0x008C, 0x008C, 0x00A7, 0x00A7, 0x00A7, 0x00A7, 0x00A7, 0x00BD, 0x00BD, 0x00BD, 0x00BD, 0x00C5, 0x00C5, 0x0105, 0x011D, } },
{"NtReleaseWorkerFactoryWorker", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x017B, 0x011E, } },
{"NtRemoveIoCompletion", { 0x008D, 0x008D, 0x008D, 0x008D, 0x00A8, 0x00A8, 0x00A8, 0x00A8, 0x00A8, 0x00BE, 0x00BE, 0x00BE, 0x00BE, 0x00C6, 0x00C6, 0x0106, 0x011F, } },
{"NtRemoveIoCompletionEx", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0174, 0x0120, } },
{"NtRemoveProcessDebug", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x00BF, 0x00BF, 0x00BF, 0x00BF, 0x00C7, 0x00C7, 0x0107, 0x0121, } },
{"NtRenameKey", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x00C0, 0x00C0, 0x00C0, 0x00C0, 0x00C8, 0x00C8, 0x0108, 0x0122, } },
{"NtRenameTransactionManager", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0064, 0x0123, } },
{"NtReplaceKey", { 0x008E, 0x008E, 0x008E, 0x008E, 0x00A9, 0x00A9, 0x00A9, 0x00A9, 0x00A9, 0x00C1, 0x00C1, 0x00C1, 0x00C1, 0x00C9, 0x00C9, 0x0109, 0x0124, } },
{"NtReplacePartitionUnit", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0125, } },
{"NtReplyPort", { 0x008F, 0x008F, 0x008F, 0x008F, 0x00AA, 0x00AA, 0x00AA, 0x00AA, 0x00AA, 0x00C2, 0x00C2, 0x00C2, 0x00C2, 0x00CA, 0x00CA, 0x010A, 0x0126, } },
{"NtReplyWaitReceivePort", { 0x0090, 0x0090, 0x0090, 0x0090, 0x00AB, 0x00AB, 0x00AB, 0x00AB, 0x00AB, 0x00C3, 0x00C3, 0x00C3, 0x00C3, 0x00CB, 0x00CB, 0x010B, 0x0127, } },
{"NtReplyWaitReceivePortEx", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x00AC, 0x00AC, 0x00AC, 0x00AC, 0x00AC, 0x00C4, 0x00C4, 0x00C4, 0x00C4, 0x00CC, 0x00CC, 0x010C, 0x0128, } },
{"NtReplyWaitReplyPort", { 0x0091, 0x0091, 0x0091, 0x0091, 0x00AD, 0x00AD, 0x00AD, 0x00AD, 0x00AD, 0x00C5, 0x00C5, 0x00C5, 0x00C5, 0x00CD, 0x00CD, 0x010D, 0x0129, } },
{"NtReplyWaitSendChannel", { 0x00D0, 0x00CF, 0x00CF, 0x00CF, 0x00F4, 0x00F4, 0x00F4, 0x00F4, 0x00F4, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, } },
{"NtRequestDeviceWakeup", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x00AE, 0x00AE, 0x00AE, 0x00AE, 0x00AE, 0x00C6, 0x00C6, 0x00C6, 0x00C6, 0x00CE, 0x00CE, 0x010E, 0xFFFF, } },
{"NtRequestPort", { 0x0092, 0x0092, 0x0092, 0x0092, 0x00AF, 0x00AF, 0x00AF, 0x00AF, 0x00AF, 0x00C7, 0x00C7, 0x00C7, 0x00C7, 0x00CF, 0x00CF, 0x010F, 0x012A, } },
{"NtRequestWaitReplyPort", { 0x0093, 0x0093, 0x0093, 0x0093, 0x00B0, 0x00B0, 0x00B0, 0x00B0, 0x00B0, 0x00C8, 0x00C8, 0x00C8, 0x00C8, 0x00D0, 0x00D0, 0x0110, 0x012B, } },
{"NtRequestWakeupLatency", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x00B1, 0x00B1, 0x00B1, 0x00B1, 0x00B1, 0x00C9, 0x00C9, 0x00C9, 0x00C9, 0x00D1, 0x00D1, 0x0111, 0xFFFF, } },
{"NtResetEvent", { 0x0094, 0x0094, 0x0094, 0x0094, 0x00B2, 0x00B2, 0x00B2, 0x00B2, 0x00B2, 0x00CA, 0x00CA, 0x00CA, 0x00CA, 0x00D2, 0x00D2, 0x0112, 0x012C, } },
{"NtResetWriteWatch", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x00B3, 0x00B3, 0x00B3, 0x00B3, 0x00B3, 0x00CB, 0x00CB, 0x00CB, 0x00CB, 0x00D3, 0x00D3, 0x0113, 0x012D, } },
{"NtRestoreKey", { 0x0095, 0x0095, 0x0095, 0x0095, 0x00B4, 0x00B4, 0x00B4, 0x00B4, 0x00B4, 0x00CC, 0x00CC, 0x00CC, 0x00CC, 0x00D4, 0x00D4, 0x0114, 0x012E, } },
{"NtResumeProcess", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x00CD, 0x00CD, 0x00CD, 0x00CD, 0x00D5, 0x00D5, 0x0115, 0x012F, } },
{"NtResumeThread", { 0x0096, 0x0096, 0x0096, 0x0096, 0x00B5, 0x00B5, 0x00B5, 0x00B5, 0x00B5, 0x00CE, 0x00CE, 0x00CE, 0x00CE, 0x00D6, 0x00D6, 0x0116, 0x0130, } },
{"NtRollbackComplete", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0057, 0x0131, } },
{"NtRollbackEnlistment", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0058, 0x0132, } },
{"NtRollbackSavepointTransaction", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x011C, 0xFFFF, } },
{"NtRollbackTransaction", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x005A, 0x0133, } },
{"NtRollforwardTransactionManager", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0065, 0x0134, } },
{"NtSaveKey", { 0x0097, 0x0097, 0x0097, 0x0097, 0x00B6, 0x00B6, 0x00B6, 0x00B6, 0x00B6, 0x00CF, 0x00CF, 0x00CF, 0x00CF, 0x00D7, 0x00D7, 0x0117, 0x0135, } },
{"NtSaveKeyEx", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x00D0, 0x00D0, 0x00D0, 0x00D0, 0x00D8, 0x00D8, 0x0118, 0x0136, } },
{"NtSaveMergedKeys", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x00B7, 0x00B7, 0x00B7, 0x00B7, 0x00B7, 0x00D1, 0x00D1, 0x00D1, 0x00D1, 0x00D9, 0x00D9, 0x0119, 0x0137, } },
{"NtSavepointComplete", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x011E, 0xFFFF, } },
{"NtSavepointTransaction", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x011D, 0xFFFF, } },
{"NtSecureConnectPort", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x00B8, 0x00B8, 0x00B8, 0x00B8, 0x00B8, 0x00D2, 0x00D2, 0x00D2, 0x00D2, 0x00DA, 0x00DA, 0x011F, 0x0138, } },
{"NtSendWaitReplyChannel", { 0x00D1, 0x00D0, 0x00D0, 0x00D0, 0x00F5, 0x00F5, 0x00F5, 0x00F5, 0x00F5, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, } },
{"NtSerializeBoot", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0139, } },
{"NtSetBootEntryOrder", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x00D3, 0x00D3, 0x00D3, 0xFFFF, 0x00DB, 0x00DB, 0x0120, 0x013A, } },
{"NtSetBootOptions", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x00D4, 0x00D4, 0x00D4, 0xFFFF, 0x00DC, 0x00DC, 0x0121, 0x013B, } },
{"NtSetContextChannel", { 0x00D2, 0x00D1, 0x00D1, 0x00D1, 0x00F6, 0x00F6, 0x00F6, 0x00F6, 0x00F6, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, } },
{"NtSetContextThread", { 0x0099, 0x0099, 0x0099, 0x0099, 0x00BA, 0x00BA, 0x00BA, 0x00BA, 0x00BA, 0x00D5, 0x00D5, 0x00D5, 0x00D5, 0x00DD, 0x00DD, 0x0122, 0x013C, } },
{"NtSetDebugFilterState", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x00D6, 0x00D6, 0x00D6, 0x00D6, 0x00DE, 0x00DE, 0x0123, 0x013D, } },
{"NtSetDefaultHardErrorPort", { 0x009A, 0x009A, 0x009A, 0x009A, 0x00BB, 0x00BB, 0x00BB, 0x00BB, 0x00BB, 0x00D7, 0x00D7, 0x00D7, 0x00D7, 0x00DF, 0x00DF, 0x0124, 0x013E, } },
{"NtSetDefaultLocale", { 0x009B, 0x009B, 0x009B, 0x009B, 0x00BC, 0x00BC, 0x00BC, 0x00BC, 0x00BC, 0x00D8, 0x00D8, 0x00D8, 0x00D8, 0x00E0, 0x00E0, 0x0125, 0x013F, } },
{"NtSetDefaultUILanguage", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x00BD, 0x00BD, 0x00BD, 0x00BD, 0x00BD, 0x00D9, 0x00D9, 0x00D9, 0x00D9, 0x00E1, 0x00E1, 0x0126, 0x0140, } },
{"NtSetDriverEntryOrder", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x00E2, 0x00E2, 0x0127, 0x0141, } },
{"NtSetEaFile", { 0x009C, 0x009C, 0x009C, 0x009C, 0x00BE, 0x00BE, 0x00BE, 0x00BE, 0x00BE, 0x00DA, 0x00DA, 0x00DA, 0x00DA, 0x00E3, 0x00E3, 0x0128, 0x0142, } },
{"NtSetEvent", { 0x009D, 0x009D, 0x009D, 0x009D, 0x00BF, 0x00BF, 0x00BF, 0x00BF, 0x00BF, 0x00DB, 0x00DB, 0x00DB, 0x00DB, 0x00E4, 0x00E4, 0x0129, 0x0143, } },
{"NtSetEventBoostPriority", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x00DC, 0x00DC, 0x00DC, 0x00DC, 0x00E5, 0x00E5, 0x012A, 0x0144, } },
{"NtSetHighEventPair", { 0x009E, 0x009E, 0x009E, 0x009E, 0x00C0, 0x00C0, 0x00C0, 0x00C0, 0x00C0, 0x00DD, 0x00DD, 0x00DD, 0x00DD, 0x00E6, 0x00E6, 0x012B, 0x0145, } },
{"NtSetHighWaitLowEventPair", { 0x009F, 0x009F, 0x009F, 0x009F, 0x00C1, 0x00C1, 0x00C1, 0x00C1, 0x00C1, 0x00DE, 0x00DE, 0x00DE, 0x00DE, 0x00E7, 0x00E7, 0x012C, 0x0146, } },
{"NtSetHighWaitLowThread", { 0x00A0, 0x00A0, 0x00A0, 0x00A0, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, } },
{"NtSetInformationDebugObject", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x00DF, 0x00DF, 0x00DF, 0x00DF, 0x00E8, 0x00E8, 0x012D, 0x0147, } },
{"NtSetInformationEnlistment", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x006F, 0x0148, } },
{"NtSetInformationFile", { 0x00A1, 0x00A1, 0x00A1, 0x00A1, 0x00C2, 0x00C2, 0x00C2, 0x00C2, 0x00C2, 0x00E0, 0x00E0, 0x00E0, 0x00E0, 0x00E9, 0x00E9, 0x012E, 0x0149, } },
{"NtSetInformationJobObject", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x00C3, 0x00C3, 0x00C3, 0x00C3, 0x00C3, 0x00E1, 0x00E1, 0x00E1, 0x00E1, 0x00EA, 0x00EA, 0x012F, 0x014A, } },
{"NtSetInformationKey", { 0x00A2, 0x00A2, 0x00A2, 0x00A2, 0x00C4, 0x00C4, 0x00C4, 0x00C4, 0x00C4, 0x00E2, 0x00E2, 0x00E2, 0x00E2, 0x00EB, 0x00EB, 0x0130, 0x014B, } },
{"NtSetInformationObject", { 0x00A3, 0x00A3, 0x00A3, 0x00A3, 0x00C5, 0x00C5, 0x00C5, 0x00C5, 0x00C5, 0x00E3, 0x00E3, 0x00E3, 0x00E3, 0x00EC, 0x00EC, 0x0131, 0x014C, } },
{"NtSetInformationProcess", { 0x00A4, 0x00A4, 0x00A4, 0x00A4, 0x00C6, 0x00C6, 0x00C6, 0x00C6, 0x00C6, 0x00E4, 0x00E4, 0x00E4, 0x00E4, 0x00ED, 0x00ED, 0x0132, 0x014D, } },
{"NtSetInformationResourceManager", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0061, 0x014E, } },
{"NtSetInformationThread", { 0x00A5, 0x00A5, 0x00A5, 0x00A5, 0x00C7, 0x00C7, 0x00C7, 0x00C7, 0x00C7, 0x00E5, 0x00E5, 0x00E5, 0x00E5, 0x00EE, 0x00EE, 0x0133, 0x014F, } },
{"NtSetInformationToken", { 0x00A6, 0x00A6, 0x00A6, 0x00A6, 0x00C8, 0x00C8, 0x00C8, 0x00C8, 0x00C8, 0x00E6, 0x00E6, 0x00E6, 0x00E6, 0x00EF, 0x00EF, 0x0134, 0x0150, } },
{"NtSetInformationTransaction", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x005F, 0x0151, } },
{"NtSetInformationTransactionManager", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0060, 0x0152, } },
{"NtSetInformationWorkerFactory", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x017D, 0x0153, } },
{"NtSetIntervalProfile", { 0x00A7, 0x00A7, 0x00A7, 0x00A7, 0x00C9, 0x00C9, 0x00C9, 0x00C9, 0x00C9, 0x00E7, 0x00E7, 0x00E7, 0x00E7, 0x00F0, 0x00F0, 0x0135, 0x0154, } },
{"NtSetIoCompletion", { 0x0098, 0x0098, 0x0098, 0x0098, 0x00B9, 0x00B9, 0x00B9, 0x00B9, 0x00B9, 0x00E8, 0x00E8, 0x00E8, 0x00E8, 0x00F1, 0x00F1, 0x0136, 0x0155, } },
{"NtSetIoCompletionEx", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0156, } },
{"NtSetLdtEntries", { 0x00A8, 0x00A8, 0x00A8, 0x00A8, 0x00CA, 0x00CA, 0x00CA, 0x00CA, 0x00CA, 0x00E9, 0x00E9, 0x00E9, 0x00E9, 0x00F2, 0x00F2, 0x0137, 0x0157, } },
{"NtSetLowEventPair", { 0x00A9, 0x00A9, 0x00A9, 0x00A9, 0x00CB, 0x00CB, 0x00CB, 0x00CB, 0x00CB, 0x00EA, 0x00EA, 0x00EA, 0x00EA, 0x00F3, 0x00F3, 0x0138, 0x0158, } },
{"NtSetLowWaitHighEventPair", { 0x00AA, 0x00AA, 0x00AA, 0x00AA, 0x00CC, 0x00CC, 0x00CC, 0x00CC, 0x00CC, 0x00EB, 0x00EB, 0x00EB, 0x00EB, 0x00F4, 0x00F4, 0x0139, 0x0159, } },
{"NtSetLowWaitHighThread", { 0x00AB, 0x00AB, 0x00AB, 0x00AB, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, } },
{"NtSetQuotaInformationFile", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x00CD, 0x00CD, 0x00CD, 0x00CD, 0x00CD, 0x00EC, 0x00EC, 0x00EC, 0x00EC, 0x00F5, 0x00F5, 0x013A, 0x015A, } },
{"NtSetSecurityObject", { 0x00AC, 0x00AC, 0x00AC, 0x00AC, 0x00CE, 0x00CE, 0x00CE, 0x00CE, 0x00CE, 0x00ED, 0x00ED, 0x00ED, 0x00ED, 0x00F6, 0x00F6, 0x013B, 0x015B, } },
{"NtSetSystemEnvironmentValue", { 0x00AD, 0x00AD, 0x00AD, 0x00AD, 0x00CF, 0x00CF, 0x00CF, 0x00CF, 0x00CF, 0x00EE, 0x00EE, 0x00EE, 0x00EE, 0x00F7, 0x00F7, 0x013C, 0x015C, } },
{"NtSetSystemEnvironmentValueEx", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x00EF, 0x00EF, 0x00EF, 0xFFFF, 0x00F8, 0x00F8, 0x013D, 0x015D, } },
{"NtSetSystemInformation", { 0x00AE, 0x00AE, 0x00AE, 0x00AE, 0x00D0, 0x00D0, 0x00D0, 0x00D0, 0x00D0, 0x00F0, 0x00F0, 0x00F0, 0x00F0, 0x00F9, 0x00F9, 0x013E, 0x015E, } },
{"NtSetSystemPowerState", { 0x00AF, 0x00AF, 0x00AF, 0x00AF, 0x00D1, 0x00D1, 0x00D1, 0x00D1, 0x00D1, 0x00F1, 0x00F1, 0x00F1, 0x00F1, 0x00FA, 0x00FA, 0x013F, 0x015F, } },
{"NtSetSystemTime", { 0x00B0, 0x00B0, 0x00B0, 0x00B0, 0x00D2, 0x00D2, 0x00D2, 0x00D2, 0x00D2, 0x00F2, 0x00F2, 0x00F2, 0x00F2, 0x00FB, 0x00FB, 0x0140, 0x0160, } },
{"NtSetThreadExecutionState", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x00D3, 0x00D3, 0x00D3, 0x00D3, 0x00D3, 0x00F3, 0x00F3, 0x00F3, 0x00F3, 0x00FC, 0x00FC, 0x0141, 0x0161, } },
{"NtSetTimer", { 0x00B1, 0x00B1, 0x00B1, 0x00B1, 0x00D4, 0x00D4, 0x00D4, 0x00D4, 0x00D4, 0x00F4, 0x00F4, 0x00F4, 0x00F4, 0x00FD, 0x00FD, 0x0142, 0x0162, } },
{"NtSetTimerEx", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0163, } },
{"NtSetTimerResolution", { 0x00B2, 0x00B2, 0x00B2, 0x00B2, 0x00D5, 0x00D5, 0x00D5, 0x00D5, 0x00D5, 0x00F5, 0x00F5, 0x00F5, 0x00F5, 0x00FE, 0x00FE, 0x0143, 0x0164, } },
{"NtSetUuidSeed", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x00D6, 0x00D6, 0x00D6, 0x00D6, 0x00D6, 0x00F6, 0x00F6, 0x00F6, 0x00F6, 0x00FF, 0x00FF, 0x0144, 0x0165, } },
{"NtSetValueKey", { 0x00B3, 0x00B3, 0x00B3, 0x00B3, 0x00D7, 0x00D7, 0x00D7, 0x00D7, 0x00D7, 0x00F7, 0x00F7, 0x00F7, 0x00F7, 0x0100, 0x0100, 0x0145, 0x0166, } },
{"NtSetVolumeInformationFile", { 0x00B4, 0x00B4, 0x00B4, 0x00B4, 0x00D8, 0x00D8, 0x00D8, 0x00D8, 0x00D8, 0x00F8, 0x00F8, 0x00F8, 0x00F8, 0x0101, 0x0101, 0x0146, 0x0167, } },
{"NtSetWinStationInformation", { 0xFFFF, 0x00D6, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, } },
{"NtShutdownSystem", { 0x00B5, 0x00B5, 0x00B5, 0x00B5, 0x00D9, 0x00D9, 0x00D9, 0x00D9, 0x00D9, 0x00F9, 0x00F9, 0x00F9, 0x00F9, 0x0102, 0x0102, 0x0147, 0x0168, } },
{"NtShutdownWorkerFactory", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0180, 0x0169, } },
{"NtSignalAndWaitForSingleObject", { 0x00B6, 0x00B6, 0x00B6, 0x00B6, 0x00DA, 0x00DA, 0x00DA, 0x00DA, 0x00DA, 0x00FA, 0x00FA, 0x00FA, 0x00FA, 0x0103, 0x0103, 0x0148, 0x016A, } },
{"NtSinglePhaseReject", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x005E, 0x016B, } },
{"NtStartProfile", { 0x00B7, 0x00B7, 0x00B7, 0x00B7, 0x00DB, 0x00DB, 0x00DB, 0x00DB, 0x00DB, 0x00FB, 0x00FB, 0x00FB, 0x00FB, 0x0104, 0x0104, 0x0149, 0x016C, } },
{"NtStartTm", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0071, 0xFFFF, } },
{"NtStopProfile", { 0x00B8, 0x00B8, 0x00B8, 0x00B8, 0x00DC, 0x00DC, 0x00DC, 0x00DC, 0x00DC, 0x00FC, 0x00FC, 0x00FC, 0x00FC, 0x0105, 0x0105, 0x014A, 0x016D, } },
{"NtSuspendProcess", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x00FD, 0x00FD, 0x00FD, 0x00FD, 0x0106, 0x0106, 0x014B, 0x016E, } },
{"NtSuspendThread", { 0x00B9, 0x00B9, 0x00B9, 0x00B9, 0x00DD, 0x00DD, 0x00DD, 0x00DD, 0x00DD, 0x00FE, 0x00FE, 0x00FE, 0x00FE, 0x0107, 0x0107, 0x014C, 0x016F, } },
{"NtSystemDebugControl", { 0x00BA, 0x00BA, 0x00BA, 0x00BA, 0x00DE, 0x00DE, 0x00DE, 0x00DE, 0x00DE, 0x00FF, 0x00FF, 0x00FF, 0x00FF, 0x0108, 0x0108, 0x014D, 0x0170, } },
{"NtTerminateJobObject", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x00DF, 0x00DF, 0x00DF, 0x00DF, 0x00DF, 0x0100, 0x0100, 0x0100, 0x0100, 0x0109, 0x0109, 0x014E, 0x0171, } },
{"NtTerminateProcess", { 0x00BB, 0x00BB, 0x00BB, 0x00BB, 0x00E0, 0x00E0, 0x00E0, 0x00E0, 0x00E0, 0x0101, 0x0101, 0x0101, 0x0101, 0x010A, 0x010A, 0x014F, 0x0172, } },
{"NtTerminateThread", { 0x00BC, 0x00BC, 0x00BC, 0x00BC, 0x00E1, 0x00E1, 0x00E1, 0x00E1, 0x00E1, 0x0102, 0x0102, 0x0102, 0x0102, 0x010B, 0x010B, 0x0150, 0x0173, } },
{"NtTestAlert", { 0x00BD, 0x00BD, 0x00BD, 0x00BD, 0x00E2, 0x00E2, 0x00E2, 0x00E2, 0x00E2, 0x0103, 0x0103, 0x0103, 0x0103, 0x010C, 0x010C, 0x0151, 0x0174, } },
{"NtThawRegistry", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0152, 0x0175, } },
{"NtThawTransactions", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0153, 0x0176, } },
{"NtTraceControl", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0155, 0x0177, } },
{"NtTraceEvent", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0104, 0x0104, 0x0104, 0x0104, 0x010D, 0x010D, 0x0154, 0x0178, } },
{"NtTranslateFilePath", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0105, 0x0105, 0x0105, 0x0105, 0x010E, 0x010E, 0x0156, 0x0179, } },
{"NtUmsThreadYield", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x017A, } },
{"NtUnloadDriver", { 0x00BE, 0x00BE, 0x00BE, 0x00BE, 0x00E3, 0x00E3, 0x00E3, 0x00E3, 0x00E3, 0x0106, 0x0106, 0x0106, 0x0106, 0x010F, 0x010F, 0x0157, 0x017B, } },
{"NtUnloadKey", { 0x00BF, 0x00BF, 0x00BF, 0x00BF, 0x00E4, 0x00E4, 0x00E4, 0x00E4, 0x00E4, 0x0107, 0x0107, 0x0107, 0x0107, 0x0110, 0x0110, 0x0158, 0x017C, } },
{"NtUnloadKey2", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0111, 0x0111, 0x0159, 0x017D, } },
{"NtUnloadKeyEx", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0108, 0x0108, 0x0108, 0x0108, 0x0112, 0x0112, 0x015A, 0x017E, } },
{"NtUnlockFile", { 0x00C0, 0x00C0, 0x00C0, 0x00C0, 0x00E5, 0x00E5, 0x00E5, 0x00E5, 0x00E5, 0x0109, 0x0109, 0x0109, 0x0109, 0x0113, 0x0113, 0x015B, 0x017F, } },
{"NtUnlockVirtualMemory", { 0x00C1, 0x00C1, 0x00C1, 0x00C1, 0x00E6, 0x00E6, 0x00E6, 0x00E6, 0x00E6, 0x010A, 0x010A, 0x010A, 0x010A, 0x0114, 0x0114, 0x015C, 0x0180, } },
{"NtUnmapViewOfSection", { 0x00C2, 0x00C2, 0x00C2, 0x00C2, 0x00E7, 0x00E7, 0x00E7, 0x00E7, 0x00E7, 0x010B, 0x010B, 0x010B, 0x010B, 0x0115, 0x0115, 0x015D, 0x0181, } },
{"NtVdmControl", { 0x00C3, 0x00C3, 0x00C3, 0x00C3, 0x00E8, 0x00E8, 0x00E8, 0x00E8, 0x00E8, 0x010C, 0x010C, 0x010C, 0x010C, 0x0116, 0x0116, 0x015E, 0x0182, } },
{"NtW32Call", { 0x00CC, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, } },
{"NtWaitForDebugEvent", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x010D, 0x010D, 0x010D, 0x010D, 0x0117, 0x0117, 0x015F, 0x0183, } },
{"NtWaitForKeyedEvent", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x011A, 0x011A, 0x011A, 0x011A, 0x0124, 0x0124, 0x016C, 0x0184, } },
{"NtWaitForMultipleObjects", { 0x00C4, 0x00C4, 0x00C4, 0x00C4, 0x00E9, 0x00E9, 0x00E9, 0x00E9, 0x00E9, 0x010E, 0x010E, 0x010E, 0x010E, 0x0118, 0x0118, 0x0160, 0x0185, } },
{"NtWaitForMultipleObjects32", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x0127, 0x016F, 0x0186, } },
{"NtWaitForSingleObject", { 0x00C5, 0x00C5, 0x00C5, 0x00C5, 0x00EA, 0x00EA, 0x00EA, 0x00EA, 0x00EA, 0x010F, 0x010F, 0x010F, 0x010F, 0x0119, 0x0119, 0x0161, 0x0187, } },
{"NtWaitForWorkViaWorkerFactory", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x017C, 0x0188, } },
{"NtWaitHighEventPair", { 0x00C6, 0x00C6, 0x00C6, 0x00C6, 0x00EB, 0x00EB, 0x00EB, 0x00EB, 0x00EB, 0x0110, 0x0110, 0x0110, 0x0110, 0x011A, 0x011A, 0x0162, 0x0189, } },
{"NtWaitLowEventPair", { 0x00C7, 0x00C7, 0x00C7, 0x00C7, 0x00EC, 0x00EC, 0x00EC, 0x00EC, 0x00EC, 0x0111, 0x0111, 0x0111, 0x0111, 0x011B, 0x011B, 0x0163, 0x018A, } },
{"NtWorkerFactoryWorkerReady", { 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0x017F, 0x018B, } },
{"NtWriteErrorLogEntry", { 0xFFFF, 0x00D7, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, } },
{"NtWriteFile", { 0x00C8, 0x00C8, 0x00C8, 0x00C8, 0x00ED, 0x00ED, 0x00ED, 0x00ED, 0x00ED, 0x0112, 0x0112, 0x0112, 0x0112, 0x011C, 0x011C, 0x0164, 0x018C, } },
{"NtWriteFileGather", { 0x00C9, 0x00C9, 0x00C9, 0x00C9, 0x00EE, 0x00EE, 0x00EE, 0x00EE, 0x00EE, 0x0113, 0x0113, 0x0113, 0x0113, 0x011D, 0x011D, 0x0165, 0x018D, } },
{"NtWriteRequestData", { 0x00CA, 0x00CA, 0x00CA, 0x00CA, 0x00EF, 0x00EF, 0x00EF, 0x00EF, 0x00EF, 0x0114, 0x0114, 0x0114, 0x0114, 0x011E, 0x011E, 0x0166, 0x018E, } },
{"NtWriteVirtualMemory", { 0x00CB, 0x00CB, 0x00CB, 0x00CB, 0x00F0, 0x00F0, 0x00F0, 0x00F0, 0x00F0, 0x0115, 0x0115, 0x0115, 0x0115, 0x011F, 0x011F, 0x0167, 0x018F, } },
{"NtYieldExecution", { 0x00D3, 0x00D2, 0x00D2, 0x00D2, 0x00F7, 0x00F7, 0x00F7, 0x00F7, 0x00F7, 0x0116, 0x0116, 0x0116, 0x0116, 0x0120, 0x0120, 0x0168, 0x0190, } },
};
int num_syscalls = sizeof(syscalls) / sizeof(SCENTRY);
//using namespace std;
#ifdef _WIN32
/** Get version */
os_t get_win_version() {
OSVERSIONINFOEX osvi;
BOOL bIsWindowsXPorLater;
ZeroMemory(&osvi, sizeof(OSVERSIONINFOEX));
osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX);
assert (GetVersionEx((LPOSVERSIONINFO) &osvi));
os_t WIN_VER;
// See http://msdn.microsoft.com/en-us/library/windows/desktop/ms724833(v=vs.85).aspx
if (osvi.dwMajorVersion == 6 &&
osvi.dwMinorVersion == 1 &&
osvi.wProductType == VER_NT_WORKSTATION &&
// Table hasn't been updated for Windows 7 SP1 yet...
osvi.wServicePackMajor <= 1) {
WIN_VER = OS_SEVEN_SP0;
}
else if (osvi.dwMajorVersion == 6 &&
osvi.dwMinorVersion == 0 &&
osvi.wProductType == VER_NT_WORKSTATION &&
osvi.wServicePackMajor == 0) {
WIN_VER = OS_VISTA_SP0;
}
else if (osvi.dwMajorVersion == 5 &&
osvi.dwMinorVersion == 2 &&
osvi.wProductType == VER_NT_SERVER &&
osvi.wServicePackMajor == 1) {
WIN_VER = OS_2003_SP1;
}
else if (osvi.dwMajorVersion == 5 &&
osvi.dwMinorVersion == 2 &&
osvi.wProductType == VER_NT_SERVER &&
osvi.wServicePackMajor == 0) {
WIN_VER = OS_2003_SP0;
}
else if (osvi.dwMajorVersion == 5 &&
osvi.dwMinorVersion == 1 &&
osvi.wProductType == VER_NT_WORKSTATION &&
osvi.wServicePackMajor == 3) {
WIN_VER = OS_XP_SP3;
}
else if (osvi.dwMajorVersion == 5 &&
osvi.dwMinorVersion == 1 &&
osvi.wProductType == VER_NT_WORKSTATION &&
osvi.wServicePackMajor == 2) {
WIN_VER = OS_XP_SP2;
}
else if (osvi.dwMajorVersion == 5 &&
osvi.dwMinorVersion == 1 &&
osvi.wProductType == VER_NT_WORKSTATION &&
osvi.wServicePackMajor == 1) {
WIN_VER = OS_XP_SP1;
}
else if (osvi.dwMajorVersion == 5 &&
osvi.dwMinorVersion == 1 &&
osvi.wProductType == VER_NT_WORKSTATION &&
osvi.wServicePackMajor == 0) {
WIN_VER = OS_XP_SP0;
}
else if (osvi.dwMajorVersion == 5 &&
osvi.dwMinorVersion == 0 &&
osvi.wProductType == VER_NT_WORKSTATION &&
osvi.wServicePackMajor == 4) {
WIN_VER = OS_2K_SP4;
}
else if (osvi.dwMajorVersion == 5 &&
osvi.dwMinorVersion == 0 &&
osvi.wProductType == VER_NT_WORKSTATION &&
osvi.wServicePackMajor == 3) {
WIN_VER = OS_2K_SP3;
}
else if (osvi.dwMajorVersion == 5 &&
osvi.dwMinorVersion == 0 &&
osvi.wProductType == VER_NT_WORKSTATION &&
osvi.wServicePackMajor == 2) {
WIN_VER = OS_2K_SP2;
}
else if (osvi.dwMajorVersion == 5 &&
osvi.dwMinorVersion == 0 &&
osvi.wProductType == VER_NT_WORKSTATION &&
osvi.wServicePackMajor == 1) {
WIN_VER = OS_2K_SP1;
}
else if (osvi.dwMajorVersion == 5 &&
osvi.dwMinorVersion == 0 &&
osvi.wProductType == VER_NT_WORKSTATION &&
osvi.wServicePackMajor == 0) {
WIN_VER = OS_2K_SP0;
}
else {
cerr << "Unable to determine OS version: Major/minor/service "
<< osvi.dwMajorVersion << "/"
<< osvi.dwMinorVersion << "/"
<< osvi.wServicePackMajor << endl;
assert (0 && "Unable to determine OS version.");
}
return WIN_VER;
}
#endif
/** Find name of system call num on os */
auto_ptr<string> get_name(uint32_t num, os_t os) {
auto_ptr<string> s(new string);
*s = "Unknown";
for (int i = 0; i < num_syscalls; i++) {
if (syscalls[i].x[os] == num) {
*s = syscalls[i].name;
return s;
}
}
return s;
}
uint32_t get_syscall (const char* name, os_t os) {
for(int i = 0; i < num_syscalls; i++) {
if (syscalls[i].name == name) {
return syscalls[i].x[os];
}
}
return -1;
}