455 lines
10 KiB
Plaintext
455 lines
10 KiB
Plaintext
|
|
||
|
NAME NTOSKRNL
|
||
|
|
||
|
EXPORTS
|
||
|
|
||
|
CmRegisterCallback
|
||
|
CmUnRegisterCallback
|
||
|
DbgBreakPoint
|
||
|
DbgPrint
|
||
|
ExAcquireFastMutexUnsafe
|
||
|
ExAcquireResourceExclusiveLite
|
||
|
ExAcquireResourceSharedLite
|
||
|
ExAcquireSharedStarveExclusive
|
||
|
ExAcquireSharedWaitForExclusive
|
||
|
ExAllocatePool
|
||
|
ExAllocatePoolWithQuota
|
||
|
ExAllocatePoolWithQuotaTag
|
||
|
ExAllocatePoolWithTag
|
||
|
ExAllocatePoolWithTagPriority
|
||
|
ExConvertExclusiveToSharedLite
|
||
|
ExCreateCallback
|
||
|
ExDeleteNPagedLookasideList
|
||
|
ExDeletePagedLookasideList
|
||
|
ExDeleteResourceLite
|
||
|
ExEventObjectType CONSTANT // Data - use pointer for access
|
||
|
ExFreePool
|
||
|
ExFreePoolWithTag
|
||
|
ExGetExclusiveWaiterCount
|
||
|
ExGetPreviousMode
|
||
|
ExGetSharedWaiterCount
|
||
|
ExInitializeNPagedLookasideList
|
||
|
ExInitializePagedLookasideList
|
||
|
ExInitializeResourceLite
|
||
|
ExInterlockedAddLargeInteger
|
||
|
ExInterlockedAddLargeStatistic
|
||
|
ExIsProcessorFeaturePresent
|
||
|
ExIsResourceAcquiredExclusiveLite
|
||
|
ExIsResourceAcquiredSharedLite
|
||
|
ExLocalTimeToSystemTime
|
||
|
ExNotifyCallback
|
||
|
ExQueueWorkItem
|
||
|
ExRaiseStatus
|
||
|
ExRegisterCallback
|
||
|
ExReinitializeResourceLite
|
||
|
ExReleaseFastMutexUnsafe
|
||
|
ExReleaseResourceForThreadLite
|
||
|
ExReleaseResourceLite
|
||
|
ExSemaphoreObjectType CONSTANT // Data - use pointer for access
|
||
|
ExSetResourceOwnerPointer
|
||
|
ExSetTimerResolution
|
||
|
ExSystemTimeToLocalTime
|
||
|
ExUnregisterCallback
|
||
|
ExVerifySuite
|
||
|
IoAcquireCancelSpinLock
|
||
|
IoAcquireRemoveLockEx
|
||
|
IoAllocateAdapterChannel
|
||
|
IoAllocateDriverObjectExtension
|
||
|
IoAllocateErrorLogEntry
|
||
|
IoAllocateIrp
|
||
|
IoAllocateMdl
|
||
|
IoAllocateWorkItem
|
||
|
IoAttachDevice
|
||
|
IoAttachDeviceToDeviceStack
|
||
|
IoBuildAsynchronousFsdRequest
|
||
|
IoBuildDeviceIoControlRequest
|
||
|
IoBuildPartialMdl
|
||
|
IoBuildSynchronousFsdRequest
|
||
|
IoCancelIrp
|
||
|
IoCheckShareAccess
|
||
|
IoConnectInterrupt
|
||
|
IoCreateDevice
|
||
|
IoCreateFile
|
||
|
IoCreateNotificationEvent
|
||
|
IoCreateSymbolicLink
|
||
|
IoCreateSynchronizationEvent
|
||
|
IoCreateUnprotectedSymbolicLink
|
||
|
IoCsqInitialize
|
||
|
IoCsqInsertIrp
|
||
|
IoCsqRemoveIrp
|
||
|
IoCsqRemoveNextIrp
|
||
|
IoDeleteDevice
|
||
|
IoDeleteSymbolicLink
|
||
|
IoDetachDevice
|
||
|
IoDisconnectInterrupt
|
||
|
IoFileObjectType CONSTANT // Data - use pointer for access
|
||
|
IoForwardIrpSynchronously
|
||
|
IoFreeErrorLogEntry
|
||
|
IoFreeIrp
|
||
|
IoFreeMdl
|
||
|
IoFreeWorkItem
|
||
|
IoGetAttachedDeviceReference
|
||
|
IoGetCurrentProcess
|
||
|
IoGetDeviceInterfaceAlias
|
||
|
IoGetDeviceInterfaces
|
||
|
IoGetDeviceObjectPointer
|
||
|
IoGetDeviceProperty
|
||
|
IoGetDmaAdapter
|
||
|
IoGetDriverObjectExtension
|
||
|
IoGetInitialStack
|
||
|
IoGetRelatedDeviceObject
|
||
|
IoGetStackLimits
|
||
|
IoInitializeIrp
|
||
|
IoInitializeRemoveLockEx
|
||
|
IoInitializeTimer
|
||
|
IoInvalidateDeviceRelations
|
||
|
IoInvalidateDeviceState
|
||
|
IoIsWdmVersionAvailable
|
||
|
#if defined(_WIN64)
|
||
|
IoIs32bitProcess
|
||
|
#endif
|
||
|
IoOpenDeviceInterfaceRegistryKey
|
||
|
IoOpenDeviceRegistryKey
|
||
|
IoQueueWorkItem
|
||
|
IoRegisterDeviceInterface
|
||
|
IoRegisterPlugPlayNotification
|
||
|
IoRegisterShutdownNotification
|
||
|
IoReleaseCancelSpinLock
|
||
|
IoReleaseRemoveLockAndWaitEx
|
||
|
IoReleaseRemoveLockEx
|
||
|
IoReuseIrp
|
||
|
IoReportTargetDeviceChange
|
||
|
IoReportTargetDeviceChangeAsynchronous
|
||
|
IoRequestDeviceEject
|
||
|
IoSetCompletionRoutineEx
|
||
|
IoSetDeviceInterfaceState
|
||
|
IoSetShareAccess
|
||
|
IoSetStartIoAttributes
|
||
|
IoStartNextPacket
|
||
|
IoStartNextPacketByKey
|
||
|
IoStartPacket
|
||
|
IoStartTimer
|
||
|
IoStopTimer
|
||
|
IoUnregisterPlugPlayNotification
|
||
|
IoUnregisterShutdownNotification
|
||
|
IoWMIAllocateInstanceIds
|
||
|
IoWMIDeviceObjectToInstanceName
|
||
|
#if defined(_WIN64)
|
||
|
IoWMIDeviceObjectToProviderId
|
||
|
#endif
|
||
|
IoWMIExecuteMethod
|
||
|
IoWMIHandleToInstanceName
|
||
|
IoWMIOpenBlock
|
||
|
IoWMIRegistrationControl
|
||
|
IoWMIQueryAllData
|
||
|
IoWMIQueryAllDataMultiple
|
||
|
IoWMIQuerySingleInstance
|
||
|
IoWMIQuerySingleInstanceMultiple
|
||
|
IoWMISetNotificationCallback
|
||
|
IoWMISetSingleInstance
|
||
|
IoWMISetSingleItem
|
||
|
IoWMISuggestInstanceName
|
||
|
IoWMIWriteEvent
|
||
|
IoWriteErrorLogEntry
|
||
|
IofCallDriver
|
||
|
IofCompleteRequest
|
||
|
KeAcquireSpinLockAtDpcLevel
|
||
|
KdDebuggerNotPresent CONSTANT // Data - use pointer for access
|
||
|
KeAcquireInterruptSpinLock
|
||
|
KeAreApcsDisabled
|
||
|
KeDeregisterBugCheckCallback
|
||
|
KeReleaseInterruptSpinLock
|
||
|
KeBugCheckEx
|
||
|
KeCancelTimer
|
||
|
KeClearEvent
|
||
|
KeDelayExecutionThread
|
||
|
KeEnterCriticalRegion
|
||
|
KeGetCurrentThread
|
||
|
KeGetRecommendedSharedDataAlignment
|
||
|
KeInitializeDeviceQueue
|
||
|
KeInitializeDpc
|
||
|
KeInitializeEvent
|
||
|
KeInitializeMutex
|
||
|
KeInitializeSemaphore
|
||
|
KeInitializeSpinLock
|
||
|
KeInitializeTimer
|
||
|
KeInitializeTimerEx
|
||
|
KeInsertByKeyDeviceQueue
|
||
|
KeInsertDeviceQueue
|
||
|
KeInsertQueueDpc
|
||
|
KeLeaveCriticalRegion
|
||
|
KeQueryInterruptTime
|
||
|
KeQueryPriorityThread
|
||
|
KeQueryRuntimeThread
|
||
|
KeQuerySystemTime
|
||
|
KeQueryTimeIncrement
|
||
|
KeReadStateEvent
|
||
|
KeReadStateSemaphore
|
||
|
KeReadStateTimer
|
||
|
KeRegisterBugCheckCallback
|
||
|
KeReleaseMutex
|
||
|
KeReleaseSemaphore
|
||
|
KeReleaseSpinLockFromDpcLevel
|
||
|
KeRemoveByKeyDeviceQueue
|
||
|
KeRemoveByKeyDeviceQueueIfBusy
|
||
|
KeRemoveDeviceQueue
|
||
|
KeRemoveEntryDeviceQueue
|
||
|
KeRemoveQueueDpc
|
||
|
KeResetEvent
|
||
|
KeRestoreFloatingPointState
|
||
|
KeSaveFloatingPointState
|
||
|
KeSetEvent
|
||
|
KeSetPriorityThread
|
||
|
KeSetTimer
|
||
|
KeSetTimerEx
|
||
|
KeSynchronizeExecution
|
||
|
KeTickCount CONSTANT // Data - use pointer for access
|
||
|
KeWaitForSingleObject
|
||
|
KeWaitForMultipleObjects
|
||
|
MmIsVerifierEnabled
|
||
|
MmAddVerifierThunks
|
||
|
MmAdvanceMdl
|
||
|
Mm64BitPhysicalAddress CONSTANT // Data - use pointer for access
|
||
|
MmCreateMdl
|
||
|
MmAllocatePagesForMdl
|
||
|
MmBuildMdlForNonPagedPool
|
||
|
MmFreePagesFromMdl
|
||
|
MmGetSystemRoutineAddress
|
||
|
MmIsDriverVerifying
|
||
|
MmMapIoSpace
|
||
|
MmMapLockedPages
|
||
|
MmMapLockedPagesSpecifyCache
|
||
|
MmAllocateMappingAddress
|
||
|
MmFreeMappingAddress
|
||
|
MmMapLockedPagesWithReservedMapping
|
||
|
MmUnmapReservedMapping
|
||
|
MmPageEntireDriver
|
||
|
MmProbeAndLockPages
|
||
|
MmProbeAndLockProcessPages
|
||
|
MmProtectMdlSystemAddress
|
||
|
MmResetDriverPaging
|
||
|
MmQuerySystemSize
|
||
|
MmSizeOfMdl
|
||
|
MmUnlockPages
|
||
|
MmUnmapIoSpace
|
||
|
MmUnmapLockedPages
|
||
|
NlsMbCodePageTag CONSTANT // Data - use pointer for access
|
||
|
NtClose
|
||
|
ObfDereferenceObject
|
||
|
ObGetObjectSecurity
|
||
|
ObLogSecurityDescriptor
|
||
|
ObReferenceSecurityDescriptor
|
||
|
ObDereferenceSecurityDescriptor
|
||
|
ObfReferenceObject
|
||
|
ObReferenceObjectByHandle
|
||
|
ObReferenceObjectByPointer
|
||
|
ObReleaseObjectSecurity
|
||
|
PoCallDriver
|
||
|
PoSetPowerState
|
||
|
PoRegisterDeviceForIdleDetection
|
||
|
PoRequestPowerIrp
|
||
|
PoRegisterSystemState
|
||
|
PoRequestShutdownEvent
|
||
|
PoSetSystemState
|
||
|
PoStartNextPowerIrp
|
||
|
PoUnregisterSystemState
|
||
|
ProbeForRead
|
||
|
ProbeForWrite
|
||
|
PsCreateSystemThread
|
||
|
PsTerminateSystemThread
|
||
|
RtlAnsiStringToUnicodeString
|
||
|
RtlAppendUnicodeStringToString
|
||
|
RtlAppendUnicodeToString
|
||
|
RtlAreBitsClear
|
||
|
RtlAreBitsSet
|
||
|
RtlAssert
|
||
|
RtlClearAllBits
|
||
|
RtlClearBit
|
||
|
RtlClearBits
|
||
|
RtlCompareMemory
|
||
|
RtlCompareUnicodeString
|
||
|
#if !defined(_WIN64)
|
||
|
RtlConvertLongToLargeInteger
|
||
|
RtlConvertUlongToLargeInteger
|
||
|
#endif
|
||
|
RtlCopyMemory = memcpy
|
||
|
RtlCopyUnicodeString
|
||
|
RtlCreateSecurityDescriptor
|
||
|
RtlDeleteRegistryValue
|
||
|
RtlEqualUnicodeString
|
||
|
#if !defined(_WIN64)
|
||
|
RtlExtendedIntegerMultiply
|
||
|
RtlExtendedLargeIntegerDivide
|
||
|
#endif
|
||
|
#if !defined(_AMD64_)
|
||
|
RtlExtendedMagicDivide
|
||
|
#endif
|
||
|
RtlFillMemory
|
||
|
RtlFindClearBits
|
||
|
RtlFindClearBitsAndSet
|
||
|
RtlFindClearRuns
|
||
|
RtlFindFirstRunClear
|
||
|
RtlFindLastBackwardRunClear
|
||
|
RtlFindLeastSignificantBit
|
||
|
RtlFindLongestRunClear
|
||
|
RtlFindSetBits
|
||
|
RtlFindSetBitsAndClear
|
||
|
RtlFreeAnsiString
|
||
|
RtlFreeUnicodeString
|
||
|
RtlGUIDFromString
|
||
|
RtlHashUnicodeString
|
||
|
RtlInitAnsiString
|
||
|
RtlInitString
|
||
|
RtlInitUnicodeString
|
||
|
RtlInitializeBitMap
|
||
|
RtlInt64ToUnicodeString
|
||
|
RtlIntegerToUnicodeString
|
||
|
RtlLengthSecurityDescriptor
|
||
|
RtlMoveMemory
|
||
|
RtlNumberOfClearBits
|
||
|
RtlNumberOfSetBits
|
||
|
RtlPrefetchMemoryNonTemporal
|
||
|
RtlQueryRegistryValues
|
||
|
RtlRaiseException
|
||
|
RtlSetAllBits
|
||
|
RtlSetBit
|
||
|
RtlSetBits
|
||
|
RtlSetDaclSecurityDescriptor
|
||
|
RtlStringFromGUID
|
||
|
RtlTestBit
|
||
|
RtlTimeFieldsToTime
|
||
|
RtlTimeToTimeFields
|
||
|
|
||
|
#if !defined(_AMD64_)
|
||
|
|
||
|
RtlUlongByteSwap
|
||
|
RtlUlonglongByteSwap
|
||
|
|
||
|
#endif
|
||
|
|
||
|
RtlUnicodeStringToAnsiString
|
||
|
RtlUnicodeStringToInteger
|
||
|
RtlUnwind
|
||
|
|
||
|
#if !defined(_AMD64_)
|
||
|
|
||
|
RtlUshortByteSwap
|
||
|
|
||
|
#endif
|
||
|
|
||
|
RtlValidSecurityDescriptor
|
||
|
RtlValidRelativeSecurityDescriptor
|
||
|
RtlWriteRegistryValue
|
||
|
RtlxAnsiStringToUnicodeSize
|
||
|
RtlxUnicodeStringToAnsiSize
|
||
|
RtlZeroMemory
|
||
|
WmiQueryTraceInformation
|
||
|
WmiTraceMessage
|
||
|
WmiTraceMessageVa
|
||
|
ZwClose
|
||
|
ZwCreateDirectoryObject
|
||
|
ZwCreateFile
|
||
|
ZwCreateKey
|
||
|
ZwDeleteKey
|
||
|
ZwDeleteValueKey
|
||
|
ZwEnumerateKey
|
||
|
ZwEnumerateValueKey
|
||
|
ZwFlushKey
|
||
|
ZwMakeTemporaryObject
|
||
|
ZwMapViewOfSection
|
||
|
ZwOpenKey
|
||
|
ZwOpenSection
|
||
|
ZwOpenSymbolicLinkObject
|
||
|
ZwPowerInformation
|
||
|
ZwQueryInformationFile
|
||
|
ZwQueryKey
|
||
|
ZwQuerySymbolicLinkObject
|
||
|
ZwQueryValueKey
|
||
|
ZwReadFile
|
||
|
ZwSetInformationFile
|
||
|
ZwSetValueKey
|
||
|
ZwUnmapViewOfSection
|
||
|
ZwWriteFile
|
||
|
|
||
|
_itoa
|
||
|
_purecall
|
||
|
_snprintf
|
||
|
_snwprintf
|
||
|
_stricmp
|
||
|
_strlwr
|
||
|
_strnicmp
|
||
|
_strnset
|
||
|
_strrev
|
||
|
#if !defined(_AMD64_)
|
||
|
_strset
|
||
|
#endif
|
||
|
_strupr
|
||
|
_vsnprintf
|
||
|
_wcsicmp
|
||
|
_wcslwr
|
||
|
_wcsnicmp
|
||
|
_wcsnset
|
||
|
_wcsrev
|
||
|
_wcsupr
|
||
|
atoi
|
||
|
atol
|
||
|
isdigit
|
||
|
islower
|
||
|
isprint
|
||
|
isspace
|
||
|
isupper
|
||
|
isxdigit
|
||
|
mbstowcs
|
||
|
mbtowc
|
||
|
memchr
|
||
|
qsort
|
||
|
rand
|
||
|
sprintf
|
||
|
srand
|
||
|
#if !defined(_AMD64_)
|
||
|
strcat
|
||
|
#endif
|
||
|
strchr
|
||
|
#if !defined(_AMD64_)
|
||
|
strcmp
|
||
|
strcpy
|
||
|
strlen
|
||
|
#endif
|
||
|
strncat
|
||
|
strncmp
|
||
|
strncpy
|
||
|
strrchr
|
||
|
strspn
|
||
|
strstr
|
||
|
swprintf
|
||
|
tolower
|
||
|
toupper
|
||
|
towlower
|
||
|
towupper
|
||
|
vsprintf
|
||
|
wcscat
|
||
|
wcschr
|
||
|
wcscmp
|
||
|
wcscpy
|
||
|
wcscspn
|
||
|
wcslen
|
||
|
wcsncat
|
||
|
wcsncmp
|
||
|
wcsncpy
|
||
|
wcsrchr
|
||
|
wcsspn
|
||
|
wcsstr
|
||
|
wcstombs
|
||
|
wctomb
|
||
|
|
||
|
#ifdef _X86_
|
||
|
#include "i386nt.src"
|
||
|
#elif _IA64_
|
||
|
#include "ia64nt.src"
|
||
|
#elif _ALPHA_
|
||
|
#include "alphant.src"
|
||
|
#elif _AMD64_
|
||
|
#include "amd64nt.src"
|
||
|
#endif
|
||
|
|