About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New


Customize Theme

Flag: Tornado! Hurricane!

Blogs >> omeg's Blog

Created: Tuesday, November 16 2010 06:36.28 CST Modified: Tuesday, November 16 2010 06:37.10 CST
Direct Link, View / Make / Edit Comments
(Yet another) Memory dumper
Author: omeg # Views: 10850

I wrote a simple process memory dumper recently. Actually, it started as a in-memory string replacer, but I'm only posting the dumper part for now - the rest is in a terrible mess. ;)

The dumper saves all process memory to a single file. It uses NTFS sparse files though, so any non committed memory range does not use physical disk space (sparse zeros). It also checks process handle for access entries limiting VM operations and can print a nice memory map. Nothing fancy, but just what I needed for some work.

It's officially 32-bit only (DWORDs for addresses etc), but seems to somewhat work with 64-bit processes. I'll do a proper 64-bit version later (maybe ;).

Sample output:
c:\code\MemoryDump\Release>MemoryDump.exe explorer.exe v
Searching for target process...
Failed to open process 0x0: 0x57
Failed to open process 0x4: 0x5
[...]
Checking target process' ACL for problematic entries...
Opened \Device\HarddiskVolume3\Windows\explorer.exe as PID 0xb30
Target process suspended, 31 threads
Proceeding with memory dump

Address   Size     Type    State   Protect
   10000:    10000 MAPPED  COMMIT  READ&WRITE
   20000:     2000 MAPPED  COMMIT  READONLY
   22000:     e000 0       FREE    NOACCESS
   30000:     4000 MAPPED  COMMIT  READONLY
   34000:     c000 0       FREE    NOACCESS
   40000:     2000 MAPPED  COMMIT  READONLY
   42000:     e000 0       FREE    NOACCESS
   50000:     1000 PRIVATE COMMIT  READ&WRITE
   51000:     f000 0       FREE    NOACCESS
   60000:    10000 PRIVATE COMMIT  READ&WRITE
   70000:     7000 MAPPED  COMMIT  READONLY
   77000:     9000 0       FREE    NOACCESS
[...]
77610000:     3000 IMAGE   COMMIT  READONLY
77613000:  79cd000 0       FREE    NOACCESS
7efe0000:     5000 MAPPED  COMMIT  READONLY
7efe5000:    fb000 MAPPED  RESERVE 0
7f0e0000:   f00000 PRIVATE RESERVE 0
7ffe0000:     1000 PRIVATE COMMIT  READONLY
7ffe1000:     f000 PRIVATE RESERVE 0

Process resumed. Memory dumped to 2864.mem


Source & binary: http://omeg.pl/code/MemoryDump.zip

Created: Tuesday, July 13 2010 19:21.10 CDT  
Direct Link, View / Make / Edit Comments
Kernel debugger vs user mode exceptions
Author: omeg # Views: 59734

Kernel debugger is a nice and nifty tool allowing us to do things not otherwise possible. Total control over debugged OS and all processes is the main reason to use it. However, there are some hiccups and obstacles that may disrupt our work. One of the most common is the case of intercepting user-mode exceptions with kernel-mode debugger.

Let's assume we have windbg connected to the debuggee OS as a kernel mode debugger. What can we do to catch user-mode exceptions that interest us? First, there is the 'Debug | Event Filters' menu (or sx* commands) that controls debugger's behavior when it does encounter an exception in debugged code. In short, 'Execution - Enabled' option tells the debugger to break on the specific exception. There is a catch though - it only works for kernel mode code 'out of the box'. That is, if we enable breaks on 'Illegal instruction' and run some user-mode program on the debugged OS that generates it, windbg won't break. Why? Well, we're in the kernel debug mode after all.

How to make it work then? It's pretty simple. All NT-based Windows systems support 'Global Flags' debugging mechanism in the kernel, which is a collection of system-wide debugging flags. From within windbg we can access it using '!gflag' extension command. And one of the flags is 'Break on exceptions' - which means kernel debugger will be notified not only of kernel-mode exceptions, but also user-mode ones. Neat. To activate it, use '!gflag +soe' windbg command.

Now all is well, we can see that windbg breaks on every exception in user-mode code. Or does it? There is still one special case that evades our cleverly laid traps. If the user-mode program A is being debugged (using user-mode Debug API) by user-mode program B, we (windbg running as a kernel-mode debugger) won't get exceptions coming from program A - program B will get them instead. It's a bit counter-intuitive, as one would think that a kernel-mode debugger should receive every exception before user-mode debuggers. That isn't the case though, and it seems to be the design decision by Microsoft. All is not lost though - we can still force windbg to receive every and all exceptions before they get to any user-mode debugger in the debugged OS.

To learn how to do that, we need to dive deep into the Windows' kernel function responsible for kernel-mode exception dispatching - KiDispatchException. This is the 'main' code responsible for deciding what to do with an exception that was encountered. It services both kernel-mode and user-mode exceptions, first- and second-chance ones, and most importantly - decides whether to notify kernel debugger about the event or not. Not all events are forwarded to kd (kernel debugger), as we've learned before. But because we are in control of the target system, we can modify the KiDispatchException routine to do our bidding - or routing ALL exceptions to kernel debugger first.

The exact details of the patch vary between systems, but structure of KiDispatchException function is pretty much the same. Using IDA to reverse engineer the kernel, studying Windows Research Kernel or ReactOS sources certainly helps. Disassembly of original KiDispatchException function along with the patch point from two Windows systems is provided below - 32-bit Windows XP Pro and 64-bit Windows 7 with all updates as of 2010-07-14. Modifying other kernels is left as an exercise to the reader. :)

XP 32-bit
7 64-bit

Created: Wednesday, June 10 2009 09:12.45 CDT  
Direct Link, View / Make / Edit Comments
Windows 7 RC syscalls
Author: omeg # Views: 12953

Windows version: 6.1.7100, platform 2,
NtQuerySystemInformation ok, kernel base: 000000008284c000

Loading symbols for C:\Windows\system32\ntkrnlpa.exe, please wait...
Real SSDTS address: 00000000829b4a00

Service tables:

Table #0: 828ac8fc, 0191 entries, params=828acf44, \SystemRoot\system32\ntkrnlpa.exe
0000: 82a9c686 NtAcceptConnectPort [6] (ntkrnlpa.exe)
0001: 828fcf04 NtAccessCheck [8] (ntkrnlpa.exe)
0002: 82a56139 NtAccessCheckAndAuditAlarm [11] (ntkrnlpa.exe)
0003: 8287097b NtAccessCheckByType [11] (ntkrnlpa.exe)
0004: 82acf7c6 NtAccessCheckByTypeAndAuditAlarm [16] (ntkrnlpa.exe)
0005: 829488fe NtAccessCheckByTypeResultList [11] (ntkrnlpa.exe)
0006: 82b3705d NtAccessCheckByTypeResultListAndAuditAlarm [16] (ntkrnlpa.exe)
0007: 82b370a6 NtAccessCheckByTypeResultListAndAuditAlarmByHandle [17] (ntkrnlpa.exe)
0008: 82a4020f NtAddAtom [3] (ntkrnlpa.exe)
0009: 82b4fa48 NtAddBootEntry [2] (ntkrnlpa.exe)
000a: 82b50ca1 NtAddDriverEntry [2] (ntkrnlpa.exe)
000b: 82a4e8d7 NtAdjustGroupsToken [6] (ntkrnlpa.exe)
000c: 82ab8818 NtAdjustPrivilegesToken [6] (ntkrnlpa.exe)
000d: 82b29e19 NtAlertResumeThread [2] (ntkrnlpa.exe)
000e: 82a580e2 NtAlertThread [1] (ntkrnlpa.exe)
000f: 82a50636 NtAllocateLocallyUniqueId [1] (ntkrnlpa.exe)
0010: 829e355b NtAllocateReserveObject [3] (ntkrnlpa.exe)
0011: 82b1c14c NtAllocateUserPhysicalPages [3] (ntkrnlpa.exe)
0012: 82a4aee6 NtAllocateUuids [4] (ntkrnlpa.exe)
0013: 82a7952f NtAllocateVirtualMemory [6] (ntkrnlpa.exe)
0014: 82acb6ee NtAlpcAcceptConnectPort [9] (ntkrnlpa.exe)
0015: 82a2d497 NtAlpcCancelMessage [3] (ntkrnlpa.exe)
0016: 82a8a21d NtAlpcConnectPort [11] (ntkrnlpa.exe)
0017: 82a3e396 NtAlpcCreatePort [3] (ntkrnlpa.exe)
0018: 82a55ca7 NtAlpcCreatePortSection [6] (ntkrnlpa.exe)
0019: 82a3f07c NtAlpcCreateResourceReserve [4] (ntkrnlpa.exe)
001a: 82a5aaef NtAlpcCreateSectionView [3] (ntkrnlpa.exe)
001b: 82a9c703 NtAlpcCreateSecurityContext [3] (ntkrnlpa.exe)
001c: 82a9c8db NtAlpcDeletePortSection [3] (ntkrnlpa.exe)
001d: 82b17101 NtAlpcDeleteResourceReserve [3] (ntkrnlpa.exe)
001e: 82ad0681 NtAlpcDeleteSectionView [3] (ntkrnlpa.exe)
001f: 82aa18af NtAlpcDeleteSecurityContext [3] (ntkrnlpa.exe)
0020: 82ace57a NtAlpcDisconnectPort [2] (ntkrnlpa.exe)
0021: 82acf45c NtAlpcImpersonateClientOfPort [3] (ntkrnlpa.exe)
0022: 82a46410 NtAlpcOpenSenderProcess [6] (ntkrnlpa.exe)
0023: 82a3b7c2 NtAlpcOpenSenderThread [6] (ntkrnlpa.exe)
0024: 82a50765 NtAlpcQueryInformation [5] (ntkrnlpa.exe)
0025: 82ab80d2 NtAlpcQueryInformationMessage [6] (ntkrnlpa.exe)
0026: 82b17225 NtAlpcRevokeSecurityContext [3] (ntkrnlpa.exe)
0027: 82ab6265 NtAlpcSendWaitReceivePort [8] (ntkrnlpa.exe)
0028: 82a3cfed NtAlpcSetInformation [4] (ntkrnlpa.exe)
0029: 82aaea68 NtApphelpCacheControl [2] (ntkrnlpa.exe)
002a: 82a1c351 NtAreMappedFilesTheSame [2] (ntkrnlpa.exe)
002b: 82a428e3 NtAssignProcessToJobObject [2] (ntkrnlpa.exe)
002c: 828ad420 NtCallbackReturn [3] (ntkrnlpa.exe)
002d: 82a1695c NtCancelIoFile [2] (ntkrnlpa.exe)
002e: 82a4271e NtCancelIoFileEx [3] (ntkrnlpa.exe)
002f: 82b074c0 NtCancelSynchronousIoFile [3] (ntkrnlpa.exe)
0030: 828f34b3 NtCancelTimer [2] (ntkrnlpa.exe)
0031: 82a6e4cc NtClearEvent [1] (ntkrnlpa.exe)
0032: 82aabfcd NtClose [1] (ntkrnlpa.exe)
0033: 82acf6f5 NtCloseObjectAuditAlarm [3] (ntkrnlpa.exe)
0034: 82b3dfec NtCommitComplete [2] (ntkrnlpa.exe)
0035: 82b3dd10 NtCommitEnlistment [2] (ntkrnlpa.exe)
0036: 82a26fb5 NtCommitTransaction [2] (ntkrnlpa.exe)
0037: 82aec5cb NtCompactKeys [2] (ntkrnlpa.exe)
0038: 82a3d858 NtCompareTokens [3] (ntkrnlpa.exe)
0039: 82a3b67d NtCompleteConnectPort [1] (ntkrnlpa.exe)
003a: 82aec837 NtCompressKey [1] (ntkrnlpa.exe)
003b: 82a9c659 NtConnectPort [8] (ntkrnlpa.exe)
003c: 82887efc NtContinue [2] (ntkrnlpa.exe)
003d: 82afd469 NtCreateDebugObject [4] (ntkrnlpa.exe)
003e: 82a47f18 NtCreateDirectoryObject [3] (ntkrnlpa.exe)
003f: 82a13e87 NtCreateEnlistment [8] (ntkrnlpa.exe)
0040: 82a9d6af NtCreateEvent [5] (ntkrnlpa.exe)
0041: 82b55748 NtCreateEventPair [3] (ntkrnlpa.exe)
0042: 82ab5704 NtCreateFile [11] (ntkrnlpa.exe)
0043: 82a8519f NtCreateIoCompletion [4] (ntkrnlpa.exe)
0044: 82a3ab8f NtCreateJobObject [3] (ntkrnlpa.exe)
0045: 82b2bba0 NtCreateJobSet [3] (ntkrnlpa.exe)
0046: 82ad4b85 NtCreateKey [7] (ntkrnlpa.exe)
0047: 82ac6246 NtCreateKeyedEvent [4] (ntkrnlpa.exe)
0048: 82a20bd0 NtCreateKeyTransacted [8] (ntkrnlpa.exe)
0049: 82a488d2 NtCreateMailslotFile [8] (ntkrnlpa.exe)
004a: 82ab72d6 NtCreateMutant [4] (ntkrnlpa.exe)
004b: 82a95993 NtCreateNamedPipeFile [14] (ntkrnlpa.exe)
004c: 829dac60 NtCreatePagingFile [4] (ntkrnlpa.exe)
004d: 82a394af NtCreatePort [5] (ntkrnlpa.exe)
004e: 82a21ae4 NtCreatePrivateNamespace [4] (ntkrnlpa.exe)
004f: 82b2824b NtCreateProcess [8] (ntkrnlpa.exe)
0050: 82b28296 NtCreateProcessEx [9] (ntkrnlpa.exe)
0051: 82b55cbb NtCreateProfile [9] (ntkrnlpa.exe)
0052: 82960990 NtCreateProfileEx [10] (ntkrnlpa.exe)
0053: 829eb4f7 NtCreateResourceManager [7] (ntkrnlpa.exe)
0054: 82a6b106 NtCreateSection [7] (ntkrnlpa.exe)
0055: 82a9f7bc NtCreateSemaphore [5] (ntkrnlpa.exe)
0056: 82a47993 NtCreateSymbolicLinkObject [4] (ntkrnlpa.exe)
0057: 82b28052 NtCreateThread [8] (ntkrnlpa.exe)
0058: 82ab9756 NtCreateThreadEx [11] (ntkrnlpa.exe)
0059: 82a46034 NtCreateTimer [4] (ntkrnlpa.exe)
005a: 82a48494 NtCreateToken [13] (ntkrnlpa.exe)
005b: 82a21124 NtCreateTransaction [10] (ntkrnlpa.exe)
005c: 829e7d9e NtCreateTransactionManager [6] (ntkrnlpa.exe)
005d: 82aa6b0c NtCreateUserProcess [11] (ntkrnlpa.exe)
005e: 829f0c96 NtCreateWaitablePort [5] (ntkrnlpa.exe)
005f: 82a9ef8b NtCreateWorkerFactory [10] (ntkrnlpa.exe)
0060: 82afe322 NtDebugActiveProcess [2] (ntkrnlpa.exe)
0061: 82afe9df NtDebugContinue [3] (ntkrnlpa.exe)
0062: 82a6e018 NtDelayExecution [2] (ntkrnlpa.exe)
0063: 82a40f85 NtDeleteAtom [1] (ntkrnlpa.exe)
0064: 82b4fa7b NtDeleteBootEntry [1] (ntkrnlpa.exe)
0065: 82b50cd3 NtDeleteDriverEntry [1] (ntkrnlpa.exe)
0066: 829e1742 NtDeleteFile [1] (ntkrnlpa.exe)
0067: 82a30dc0 NtDeleteKey [1] (ntkrnlpa.exe)
0068: 82ae0fa9 NtDeleteObjectAuditAlarm [3] (ntkrnlpa.exe)
0069: 82ae6edb NtDeletePrivateNamespace [1] (ntkrnlpa.exe)
006a: 82ad4cc2 NtDeleteValueKey [2] (ntkrnlpa.exe)
006b: 82ab645d NtDeviceIoControlFile [10] (ntkrnlpa.exe)
006c: 82b13f40 NtDisableLastKnownGood [0] (ntkrnlpa.exe)
006d: 82b4dd43 NtDisplayString [1] (ntkrnlpa.exe)
006e: 8295f720 NtDrawText [1] (ntkrnlpa.exe)
006f: 82abc80e NtDuplicateObject [7] (ntkrnlpa.exe)
0070: 82a872dd NtDuplicateToken [6] (ntkrnlpa.exe)
0071: 82b14021 NtEnableLastKnownGood [0] (ntkrnlpa.exe)
0072: 82b4fc7d NtEnumerateBootEntries [2] (ntkrnlpa.exe)
0073: 82b50ed3 NtEnumerateDriverEntries [2] (ntkrnlpa.exe)
0074: 82ac4877 NtEnumerateKey [6] (ntkrnlpa.exe)
0075: 82b4f85b NtEnumerateSystemEnvironmentValuesEx [3] (ntkrnlpa.exe)
0076: 82b3eb26 NtEnumerateTransactionObject [5] (ntkrnlpa.exe)
0077: 82a7c369 NtEnumerateValueKey [6] (ntkrnlpa.exe)
0078: 82b1a335 NtExtendSection [2] (ntkrnlpa.exe)
0079: 82a354cd NtFilterToken [6] (ntkrnlpa.exe)
007a: 82a40717 NtFindAtom [3] (ntkrnlpa.exe)
007b: 82a80e3c NtFlushBuffersFile [2] (ntkrnlpa.exe)
007c: 829ea64d NtFlushInstallUILanguage [2] (ntkrnlpa.exe)
007d: 82a41b14 NtFlushInstructionCache [3] (ntkrnlpa.exe)
007e: 82a287f1 NtFlushKey [1] (ntkrnlpa.exe)
007f: 82872224 NtFlushProcessWriteBuffers [0] (ntkrnlpa.exe)
0080: 82a2e754 NtFlushVirtualMemory [4] (ntkrnlpa.exe)
0081: 82b1d1f7 NtFlushWriteBuffer [0] (ntkrnlpa.exe)
0082: 82b1c867 NtFreeUserPhysicalPages [3] (ntkrnlpa.exe)
0083: 828e734d NtFreeVirtualMemory [4] (ntkrnlpa.exe)
0084: 8291d1e5 NtFreezeRegistry [1] (ntkrnlpa.exe)
0085: 82b3ef7a NtFreezeTransactions [2] (ntkrnlpa.exe)
0086: 82ab63c9 NtFsControlFile [10] (ntkrnlpa.exe)
0087: 82ae3557 NtGetContextThread [2] (ntkrnlpa.exe)
0088: 82a2ddbd NtGetCurrentProcessorNumber [0] (ntkrnlpa.exe)
0089: 82ae7f76 NtGetDevicePowerState [2] (ntkrnlpa.exe)
008a: 82ab2f83 NtGetMUIRegistryInfo [3] (ntkrnlpa.exe)
008b: 82b2a010 NtGetNextProcess [5] (ntkrnlpa.exe)
008c: 82ae323b NtGetNextThread [6] (ntkrnlpa.exe)
008d: 82a4135f NtGetNlsSectionPtr [5] (ntkrnlpa.exe)
008e: 82b3f0d4 NtGetNotificationResourceManager [7] (ntkrnlpa.exe)
008f: 82a1318a NtGetPlugPlayEvent [4] (ntkrnlpa.exe)
0090: 82935f1f NtGetWriteWatch [7] (ntkrnlpa.exe)
0091: 82a3c02d NtImpersonateAnonymousToken [1] (ntkrnlpa.exe)
0092: 82b1623f NtImpersonateClientOfPort [2] (ntkrnlpa.exe)
0093: 82a9ae5c NtImpersonateThread [3] (ntkrnlpa.exe)
0094: 82a7db6d NtInitializeNlsFiles [3] (ntkrnlpa.exe)
0095: 829e1595 NtInitializeRegistry [1] (ntkrnlpa.exe)
0096: 82adc5fb NtInitiatePowerAction [4] (ntkrnlpa.exe)
0097: 82ae4d2c NtIsProcessInJob [2] (ntkrnlpa.exe)
0098: 82b253b4 NtIsSystemResumeAutomatic [0] (ntkrnlpa.exe)
0099: 829e9879 NtIsUILanguageComitted [0] (ntkrnlpa.exe)
009a: 829db8ff NtListenPort [2] (ntkrnlpa.exe)
009b: 829dff4c NtLoadDriver [1] (ntkrnlpa.exe)
009c: 829de194 NtLoadKey [2] (ntkrnlpa.exe)
009d: 829c9500 NtLoadKey2 [3] (ntkrnlpa.exe)
009e: 829ef301 NtLoadKeyEx [8] (ntkrnlpa.exe)
009f: 82a48026 NtLockFile [10] (ntkrnlpa.exe)
00a0: 829c3f5f NtLockProductActivationKeys [2] (ntkrnlpa.exe)
00a1: 829bf60e NtLockRegistryKey [1] (ntkrnlpa.exe)
00a2: 828722f8 NtLockVirtualMemory [4] (ntkrnlpa.exe)
00a3: 82a1bad1 NtMakePermanentObject [1] (ntkrnlpa.exe)
00a4: 82a4749c NtMakeTemporaryObject [1] (ntkrnlpa.exe)
00a5: 82a8222e NtMapCMFModule [6] (ntkrnlpa.exe)
00a6: 82b1b40d NtMapUserPhysicalPages [3] (ntkrnlpa.exe)
00a7: 82b1b9e3 NtMapUserPhysicalPagesScatter [3] (ntkrnlpa.exe)
00a8: 82ac21e3 NtMapViewOfSection [10] (ntkrnlpa.exe)
00a9: 82b4fc4c NtModifyBootEntry [1] (ntkrnlpa.exe)
00aa: 82b50ea4 NtModifyDriverEntry [1] (ntkrnlpa.exe)
00ab: 82a3f320 NtNotifyChangeDirectoryFile [9] (ntkrnlpa.exe)
00ac: 82ad1c42 NtNotifyChangeKey [10] (ntkrnlpa.exe)
00ad: 82a99505 NtNotifyChangeMultipleKeys [12] (ntkrnlpa.exe)
00ae: 829ff9a9 NtNotifyChangeSession [8] (ntkrnlpa.exe)
00af: 82ac8341 NtOpenDirectoryObject [3] (ntkrnlpa.exe)
00b0: 829d007c NtOpenEnlistment [5] (ntkrnlpa.exe)
00b1: 82a9e966 NtOpenEvent [3] (ntkrnlpa.exe)
00b2: 82b55849 NtOpenEventPair [3] (ntkrnlpa.exe)
00b3: 82a884d9 NtOpenFile [6] (ntkrnlpa.exe)
00b4: 82b071bb NtOpenIoCompletion [3] (ntkrnlpa.exe)
00b5: 82b2b517 NtOpenJobObject [3] (ntkrnlpa.exe)
00b6: 82aaff64 NtOpenKey [3] (ntkrnlpa.exe)
00b7: 82acbe36 NtOpenKeyEx [4] (ntkrnlpa.exe)
00b8: 82b55b7f NtOpenKeyedEvent [3] (ntkrnlpa.exe)
00b9: 82a1f0c1 NtOpenKeyTransacted [4] (ntkrnlpa.exe)
00ba: 82a1f051 NtOpenKeyTransactedEx [5] (ntkrnlpa.exe)
00bb: 82a583e2 NtOpenMutant [3] (ntkrnlpa.exe)
00bc: 82a2c1da NtOpenObjectAuditAlarm [12] (ntkrnlpa.exe)
00bd: 82a2e15d NtOpenPrivateNamespace [4] (ntkrnlpa.exe)
00be: 82acec0d NtOpenProcess [4] (ntkrnlpa.exe)
00bf: 82a99254 NtOpenProcessToken [3] (ntkrnlpa.exe)
00c0: 82a871c6 NtOpenProcessTokenEx [4] (ntkrnlpa.exe)
00c1: 829cddf4 NtOpenResourceManager [5] (ntkrnlpa.exe)
00c2: 82ac5a93 NtOpenSection [3] (ntkrnlpa.exe)
00c3: 82a387ab NtOpenSemaphore [3] (ntkrnlpa.exe)
00c4: 82a54f84 NtOpenSession [3] (ntkrnlpa.exe)
00c5: 82ac34c9 NtOpenSymbolicLinkObject [3] (ntkrnlpa.exe)
00c6: 82abe78d NtOpenThread [4] (ntkrnlpa.exe)
00c7: 82ace64b NtOpenThreadToken [4] (ntkrnlpa.exe)
00c8: 82ac6019 NtOpenThreadTokenEx [5] (ntkrnlpa.exe)
00c9: 82b554ef NtOpenTimer [3] (ntkrnlpa.exe)
00ca: 82b3e2ca NtOpenTransaction [5] (ntkrnlpa.exe)
00cb: 82b3f56e NtOpenTransactionManager [6] (ntkrnlpa.exe)
00cc: 82a34592 NtPlugPlayControl [3] (ntkrnlpa.exe)
00cd: 82a58a4c NtPowerInformation [5] (ntkrnlpa.exe)
00ce: 82b3de7e NtPrepareComplete [2] (ntkrnlpa.exe)
00cf: 82b3dba2 NtPrepareEnlistment [2] (ntkrnlpa.exe)
00d0: 82b3df35 NtPrePrepareComplete [2] (ntkrnlpa.exe)
00d1: 82b3dc59 NtPrePrepareEnlistment [2] (ntkrnlpa.exe)
00d2: 82a4b2d5 NtPrivilegeCheck [3] (ntkrnlpa.exe)
00d3: 82a16591 NtPrivilegedServiceAuditAlarm [5] (ntkrnlpa.exe)
00d4: 82a1d40b NtPrivilegeObjectAuditAlarm [6] (ntkrnlpa.exe)
00d5: 82b3fcc4 NtPropagationComplete [4] (ntkrnlpa.exe)
00d6: 82b3fd89 NtPropagationFailed [3] (ntkrnlpa.exe)
00d7: 82abdaa3 NtProtectVirtualMemory [5] (ntkrnlpa.exe)
00d8: 82ae6b4b NtPulseEvent [2] (ntkrnlpa.exe)
00d9: 82a8800e NtQueryAttributesFile [2] (ntkrnlpa.exe)
00da: 82b5011e NtQueryBootEntryOrder [2] (ntkrnlpa.exe)
00db: 82b50563 NtQueryBootOptions [2] (ntkrnlpa.exe)
00dc: 82900ac8 NtQueryDebugFilterState [2] (ntkrnlpa.exe)
00dd: 82aa17b4 NtQueryDefaultLocale [2] (ntkrnlpa.exe)
00de: 829ea335 NtQueryDefaultUILanguage [1] (ntkrnlpa.exe)
00df: 82a87faa NtQueryDirectoryFile [11] (ntkrnlpa.exe)
00e0: 82a57255 NtQueryDirectoryObject [7] (ntkrnlpa.exe)
00e1: 82b50a61 NtQueryDriverEntryOrder [2] (ntkrnlpa.exe)
00e2: 829de8c9 NtQueryEaFile [9] (ntkrnlpa.exe)
00e3: 82a40d12 NtQueryEvent [5] (ntkrnlpa.exe)
00e4: 82a882af NtQueryFullAttributesFile [2] (ntkrnlpa.exe)
00e5: 82a39366 NtQueryInformationAtom [5] (ntkrnlpa.exe)
00e6: 82b3d787 NtQueryInformationEnlistment [5] (ntkrnlpa.exe)
00e7: 82a852a7 NtQueryInformationFile [5] (ntkrnlpa.exe)
00e8: 82ae24ac NtQueryInformationJobObject [5] (ntkrnlpa.exe)
00e9: 82b16274 NtQueryInformationPort [5] (ntkrnlpa.exe)
00ea: 82aa3277 NtQueryInformationProcess [5] (ntkrnlpa.exe)
00eb: 82b3f1de NtQueryInformationResourceManager [5] (ntkrnlpa.exe)
00ec: 82aacd02 NtQueryInformationThread [5] (ntkrnlpa.exe)
00ed: 82a8eb25 NtQueryInformationToken [5] (ntkrnlpa.exe)
00ee: 82b3e4be NtQueryInformationTransaction [5] (ntkrnlpa.exe)
00ef: 829c8e60 NtQueryInformationTransactionManager [5] (ntkrnlpa.exe)
00f0: 8296035d NtQueryInformationWorkerFactory [5] (ntkrnlpa.exe)
00f1: 82a1db21 NtQueryInstallUILanguage [1] (ntkrnlpa.exe)
00f2: 82b5601b NtQueryIntervalProfile [2] (ntkrnlpa.exe)
00f3: 82b0727e NtQueryIoCompletion [5] (ntkrnlpa.exe)
00f4: 82a7ef2f NtQueryKey [5] (ntkrnlpa.exe)
00f5: 82a51b23 NtQueryLicenseValue [5] (ntkrnlpa.exe)
00f6: 82a43d35 NtQueryMultipleValueKey [6] (ntkrnlpa.exe)
00f7: 82ae30b5 NtQueryMutant [5] (ntkrnlpa.exe)
00f8: 82a524ef NtQueryObject [5] (ntkrnlpa.exe)
00f9: 82aec0bd NtQueryOpenSubKeys [2] (ntkrnlpa.exe)
00fa: 82ad5cae NtQueryOpenSubKeysEx [4] (ntkrnlpa.exe)
00fb: 82ab71f2 NtQueryPerformanceCounter [2] (ntkrnlpa.exe)
00fc: 82b2871a NtQueryPortInformationProcess [0] (ntkrnlpa.exe)
00fd: 82b08861 NtQueryQuotaInformationFile [9] (ntkrnlpa.exe)
00fe: 82acba99 NtQuerySection [5] (ntkrnlpa.exe)
00ff: 82a3c587 NtQuerySecurityAttributesToken [6] (ntkrnlpa.exe)
0100: 82ac78b5 NtQuerySecurityObject [5] (ntkrnlpa.exe)
0101: 82b4eadc NtQuerySemaphore [5] (ntkrnlpa.exe)
0102: 82ac356f NtQuerySymbolicLinkObject [3] (ntkrnlpa.exe)
0103: 82b4ecb3 NtQuerySystemEnvironmentValue [4] (ntkrnlpa.exe)
0104: 82b4f2a7 NtQuerySystemEnvironmentValueEx [5] (ntkrnlpa.exe)
0105: 82a8ae66 NtQuerySystemInformation [4] (ntkrnlpa.exe)
0106: 82a9bdad NtQuerySystemInformationEx [6] (ntkrnlpa.exe)
0107: 82aa9a4b NtQuerySystemTime [1] (ntkrnlpa.exe)
0108: 82b555ae NtQueryTimer [5] (ntkrnlpa.exe)
0109: 82a408a9 NtQueryTimerResolution [3] (ntkrnlpa.exe)
010a: 82a7b766 NtQueryValueKey [6] (ntkrnlpa.exe)
010b: 82aa033e NtQueryVirtualMemory [6] (ntkrnlpa.exe)
010c: 82a8dc95 NtQueryVolumeInformationFile [5] (ntkrnlpa.exe)
010d: 82a3f2e4 NtQueueApcThread [5] (ntkrnlpa.exe)
010e: 82a3f1d2 NtQueueApcThreadEx [6] (ntkrnlpa.exe)
010f: 82887f44 NtRaiseException [3] (ntkrnlpa.exe)
0110: 82a29d23 NtRaiseHardError [6] (ntkrnlpa.exe)
0111: 82a807e1 NtReadFile [9] (ntkrnlpa.exe)
0112: 829e05ae NtReadFileScatter [9] (ntkrnlpa.exe)
0113: 82b3e158 NtReadOnlyEnlistment [2] (ntkrnlpa.exe)
0114: 82b16359 NtReadRequestData [6] (ntkrnlpa.exe)
0115: 82acf14d NtReadVirtualMemory [5] (ntkrnlpa.exe)
0116: 829d0254 NtRecoverEnlistment [2] (ntkrnlpa.exe)
0117: 829e853f NtRecoverResourceManager [1] (ntkrnlpa.exe)
0118: 829e85f4 NtRecoverTransactionManager [1] (ntkrnlpa.exe)
0119: 82b3fb18 NtRegisterProtocolAddressInformation [5] (ntkrnlpa.exe)
011a: 82b2954e NtRegisterThreadTerminatePort [1] (ntkrnlpa.exe)
011b: 82a57e08 NtReleaseKeyedEvent [4] (ntkrnlpa.exe)
011c: 82a6df1c NtReleaseMutant [2] (ntkrnlpa.exe)
011d: 82acfb13 NtReleaseSemaphore [3] (ntkrnlpa.exe)
011e: 828c573b NtReleaseWorkerFactoryWorker [1] (ntkrnlpa.exe)
011f: 82a4ec9a NtRemoveIoCompletion [5] (ntkrnlpa.exe)
0120: 82a50b2d NtRemoveIoCompletionEx [6] (ntkrnlpa.exe)
0121: 82afe46d NtRemoveProcessDebug [2] (ntkrnlpa.exe)
0122: 82aec303 NtRenameKey [2] (ntkrnlpa.exe)
0123: 82b3f7b8 NtRenameTransactionManager [2] (ntkrnlpa.exe)
0124: 82aebe50 NtReplaceKey [3] (ntkrnlpa.exe)
0125: 829263af NtReplacePartitionUnit [3] (ntkrnlpa.exe)
0126: 82a432df NtReplyPort [2] (ntkrnlpa.exe)
0127: 82ac9c2a NtReplyWaitReceivePort [4] (ntkrnlpa.exe)
0128: 82ac9ae1 NtReplyWaitReceivePortEx [5] (ntkrnlpa.exe)
0129: 82b16527 NtReplyWaitReplyPort [2] (ntkrnlpa.exe)
012a: 82a55e84 NtRequestPort [2] (ntkrnlpa.exe)
012b: 82acc52f NtRequestWaitReplyPort [3] (ntkrnlpa.exe)
012c: 82a2e98a NtResetEvent [2] (ntkrnlpa.exe)
012d: 82936570 NtResetWriteWatch [3] (ntkrnlpa.exe)
012e: 82ae4340 NtRestoreKey [3] (ntkrnlpa.exe)
012f: 82b29db3 NtResumeProcess [1] (ntkrnlpa.exe)
0130: 82aa8625 NtResumeThread [2] (ntkrnlpa.exe)
0131: 82b3e20d NtRollbackComplete [2] (ntkrnlpa.exe)
0132: 82b3ddc7 NtRollbackEnlistment [2] (ntkrnlpa.exe)
0133: 829f24ba NtRollbackTransaction [2] (ntkrnlpa.exe)
0134: 82b3f919 NtRollforwardTransactionManager [2] (ntkrnlpa.exe)
0135: 82ae4160 NtSaveKey [2] (ntkrnlpa.exe)
0136: 82ae3a69 NtSaveKeyEx [3] (ntkrnlpa.exe)
0137: 82aeb173 NtSaveMergedKeys [3] (ntkrnlpa.exe)
0138: 82a85b9c NtSecureConnectPort [9] (ntkrnlpa.exe)
0139: 829d8746 NtSerializeBoot [0] (ntkrnlpa.exe)
013a: 82b5035f NtSetBootEntryOrder [2] (ntkrnlpa.exe)
013b: 82b5084b NtSetBootOptions [2] (ntkrnlpa.exe)
013c: 82b2915b NtSetContextThread [2] (ntkrnlpa.exe)
013d: 829bc8f6 NtSetDebugFilterState [3] (ntkrnlpa.exe)
013e: 829da6e0 NtSetDefaultHardErrorPort [1] (ntkrnlpa.exe)
013f: 829f06e3 NtSetDefaultLocale [2] (ntkrnlpa.exe)
0140: 829ea308 NtSetDefaultUILanguage [1] (ntkrnlpa.exe)
0141: 82b512d5 NtSetDriverEntryOrder [2] (ntkrnlpa.exe)
0142: 82b082f4 NtSetEaFile [4] (ntkrnlpa.exe)
0143: 82a6e403 NtSetEvent [2] (ntkrnlpa.exe)
0144: 82b4e78b NtSetEventBoostPriority [1] (ntkrnlpa.exe)
0145: 82b55b15 NtSetHighEventPair [1] (ntkrnlpa.exe)
0146: 82b55a47 NtSetHighWaitLowEventPair [1] (ntkrnlpa.exe)
0147: 82afeba5 NtSetInformationDebugObject [5] (ntkrnlpa.exe)
0148: 82b3d9cc NtSetInformationEnlistment [4] (ntkrnlpa.exe)
0149: 82a7c649 NtSetInformationFile [5] (ntkrnlpa.exe)
014a: 82a39c8a NtSetInformationJobObject [4] (ntkrnlpa.exe)
014b: 82aeb965 NtSetInformationKey [4] (ntkrnlpa.exe)
014c: 82a9a3bf NtSetInformationObject [4] (ntkrnlpa.exe)
014d: 82a72f89 NtSetInformationProcess [4] (ntkrnlpa.exe)
014e: 82b3f3ec NtSetInformationResourceManager [4] (ntkrnlpa.exe)
014f: 82aa1e3c NtSetInformationThread [4] (ntkrnlpa.exe)
0150: 82a495d5 NtSetInformationToken [4] (ntkrnlpa.exe)
0151: 82b3ed26 NtSetInformationTransaction [4] (ntkrnlpa.exe)
0152: 82b3f9da NtSetInformationTransactionManager [4] (ntkrnlpa.exe)
0153: 828cc9bc NtSetInformationWorkerFactory [4] (ntkrnlpa.exe)
0154: 82b55ff8 NtSetIntervalProfile [2] (ntkrnlpa.exe)
0155: 82a38865 NtSetIoCompletion [5] (ntkrnlpa.exe)
0156: 82b073a4 NtSetIoCompletionEx [6] (ntkrnlpa.exe)
0157: 82b2b1d7 NtSetLdtEntries [6] (ntkrnlpa.exe)
0158: 82b55ab2 NtSetLowEventPair [1] (ntkrnlpa.exe)
0159: 82b559dc NtSetLowWaitHighEventPair [1] (ntkrnlpa.exe)
015a: 82b08e75 NtSetQuotaInformationFile [4] (ntkrnlpa.exe)
015b: 82ac2d52 NtSetSecurityObject [3] (ntkrnlpa.exe)
015c: 82b4efad NtSetSystemEnvironmentValue [2] (ntkrnlpa.exe)
015d: 82b4f5bf NtSetSystemEnvironmentValueEx [5] (ntkrnlpa.exe)
015e: 82aa5a87 NtSetSystemInformation [3] (ntkrnlpa.exe)
015f: 82b6c365 NtSetSystemPowerState [3] (ntkrnlpa.exe)
0160: 82ada1e6 NtSetSystemTime [2] (ntkrnlpa.exe)
0161: 82ae90ee NtSetThreadExecutionState [2] (ntkrnlpa.exe)
0162: 828c6140 NtSetTimer [7] (ntkrnlpa.exe)
0163: 828d0620 NtSetTimerEx [4] (ntkrnlpa.exe)
0164: 82a40057 NtSetTimerResolution [3] (ntkrnlpa.exe)
0165: 829de68f NtSetUuidSeed [1] (ntkrnlpa.exe)
0166: 82ab11c5 NtSetValueKey [6] (ntkrnlpa.exe)
0167: 82b08e8f NtSetVolumeInformationFile [5] (ntkrnlpa.exe)
0168: 82b4dd01 NtShutdownSystem [1] (ntkrnlpa.exe)
0169: 82abcb89 NtShutdownWorkerFactory [2] (ntkrnlpa.exe)
016a: 8291748c NtSignalAndWaitForSingleObject [4] (ntkrnlpa.exe)
016b: 82b3e0a3 NtSinglePhaseReject [2] (ntkrnlpa.exe)
016c: 82b55d33 NtStartProfile [1] (ntkrnlpa.exe)
016d: 82b55f2b NtStopProfile [1] (ntkrnlpa.exe)
016e: 82b29d53 NtSuspendProcess [1] (ntkrnlpa.exe)
016f: 82ae365c NtSuspendThread [2] (ntkrnlpa.exe)
0170: 82ad2233 NtSystemDebugControl [6] (ntkrnlpa.exe)
0171: 82a40000 NtTerminateJobObject [2] (ntkrnlpa.exe)
0172: 82aa88f3 NtTerminateProcess [2] (ntkrnlpa.exe)
0173: 82aa91e9 NtTerminateThread [2] (ntkrnlpa.exe)
0174: 82abdc24 NtTestAlert [0] (ntkrnlpa.exe)
0175: 8291d249 NtThawRegistry [0] (ntkrnlpa.exe)
0176: 82b3f057 NtThawTransactions [0] (ntkrnlpa.exe)
0177: 82a8444a NtTraceControl [6] (ntkrnlpa.exe)
0178: 828f79f9 NtTraceEvent [4] (ntkrnlpa.exe)
0179: 82b514d9 NtTranslateFilePath [4] (ntkrnlpa.exe)
017a: 82b161ef NtUmsThreadYield [1] (ntkrnlpa.exe)
017b: 82b09663 NtUnloadDriver [1] (ntkrnlpa.exe)
017c: 82ad711d NtUnloadKey [1] (ntkrnlpa.exe)
017d: 82ad7137 NtUnloadKey2 [2] (ntkrnlpa.exe)
017e: 82aeb30b NtUnloadKeyEx [2] (ntkrnlpa.exe)
017f: 82a46d77 NtUnlockFile [5] (ntkrnlpa.exe)
0180: 828f1465 NtUnlockVirtualMemory [4] (ntkrnlpa.exe)
0181: 82ac2708 NtUnmapViewOfSection [2] (ntkrnlpa.exe)
0182: 82b42fef NtVdmControl [2] (ntkrnlpa.exe)
0183: 82afe6c3 NtWaitForDebugEvent [4] (ntkrnlpa.exe)
0184: 82a576b6 NtWaitForKeyedEvent [4] (ntkrnlpa.exe)
0185: 82a6dade NtWaitForMultipleObjects [5] (ntkrnlpa.exe)
0186: 82b1ff8c NtWaitForMultipleObjects32 [5] (ntkrnlpa.exe)
0187: 82a6d403 NtWaitForSingleObject [3] (ntkrnlpa.exe)
0188: 828c532d NtWaitForWorkViaWorkerFactory [2] (ntkrnlpa.exe)
0189: 82b55973 NtWaitHighEventPair [1] (ntkrnlpa.exe)
018a: 82b5590a NtWaitLowEventPair [1] (ntkrnlpa.exe)
018b: 8287a6b4 NtWorkerFactoryWorkerReady [1] (ntkrnlpa.exe)
018c: 82a7d1cc NtWriteFile [9] (ntkrnlpa.exe)
018d: 82ad6738 NtWriteFileGather [9] (ntkrnlpa.exe)
018e: 82b163c6 NtWriteRequestData [6] (ntkrnlpa.exe)
018f: 82acf03d NtWriteVirtualMemory [5] (ntkrnlpa.exe)
0190: 828e8286 NtYieldExecution [0] (ntkrnlpa.exe)

Table #1: 90485000, 0339 entries, params=9048602c, \SystemRoot\System32\win32k.sys
1000: 9040efc7 NtGdiAbortDoc [1] (win32k.sys)
1001: 90426f98 NtGdiAbortPath [1] (win32k.sys)
1002: 902f5c04 NtGdiAddFontResourceW [6] (win32k.sys)
1003: 9041cf35 NtGdiAddRemoteFontToDC [4] (win32k.sys)
1004: 904286de NtGdiAddFontMemResourceEx [5] (win32k.sys)
1005: 9040f7e4 NtGdiRemoveMergeFont [2] (win32k.sys)
1006: 9040f878 NtGdiAddRemoteMMInstanceToDC [3] (win32k.sys)
1007: 90336c47 NtGdiAlphaBlend [12] (win32k.sys)
1008: 90427f09 NtGdiAngleArc [6] (win32k.sys)
1009: 90310d0b NtGdiAnyLinkedFonts [0] (win32k.sys)
100a: 90305328 NtGdiFontIsLinked [1] (win32k.sys)
100b: 9042a222 NtGdiArcInternal [10] (win32k.sys)
100c: 904283fa NtGdiBeginGdiRendering [2] (win32k.sys)
100d: 9042700c NtGdiBeginPath [1] (win32k.sys)
100e: 90341da1 NtGdiBitBlt [11] (win32k.sys)
100f: 9042834d NtGdiCancelDC [1] (win32k.sys)
1010: 9042afc6 NtGdiCheckBitmapBits [8] (win32k.sys)
1011: 90426f13 NtGdiCloseFigure [1] (win32k.sys)
1012: 90361675 NtGdiClearBitmapAttributes [2] (win32k.sys)
1013: 90428484 NtGdiClearBrushAttributes [2] (win32k.sys)
1014: 9042a9ba NtGdiColorCorrectPalette [6] (win32k.sys)
1015: 9031c21b NtGdiCombineRgn [4] (win32k.sys)
1016: 903ae103 NtGdiCombineTransform [3] (win32k.sys)
1017: 903af2a2 NtGdiComputeXformCoefficients [1] (win32k.sys)
1018: 9042b9b2 NtGdiConfigureOPMProtectedOutput [4] (win32k.sys)
1019: 904209c8 NtGdiConvertMetafileRect [2] (win32k.sys)
101a: 9035389f NtGdiCreateBitmap [5] (win32k.sys)
101b: 904283ea NtGdiCreateBitmapFromDxSurface [5] (win32k.sys)
101c: 903ac1df NtGdiCreateClientObj [1] (win32k.sys)
101d: 9042a87d NtGdiCreateColorSpace [1] (win32k.sys)
101e: 9042ac47 NtGdiCreateColorTransform [8] (win32k.sys)
101f: 9032a0cf NtGdiCreateCompatibleBitmap [3] (win32k.sys)
1020: 9035350e NtGdiCreateCompatibleDC [1] (win32k.sys)
1021: 9039e0c2 NtGdiCreateDIBBrush [6] (win32k.sys)
1022: 90325cf8 NtGdiCreateDIBitmapInternal [11] (win32k.sys)
1023: 903361ab NtGdiCreateDIBSection [9] (win32k.sys)
1024: 90415892 NtGdiCreateEllipticRgn [4] (win32k.sys)
1025: 902b4dbd NtGdiCreateHalftonePalette [1] (win32k.sys)
1026: 9042bd95 NtGdiCreateHatchBrushInternal [3] (win32k.sys)
1027: 903ac18c NtGdiCreateMetafileDC [1] (win32k.sys)
1028: 90377bc3 NtGdiCreateOPMProtectedOutputs [5] (win32k.sys)
1029: 902e78a1 NtGdiCreatePaletteInternal [2] (win32k.sys)
102a: 9031cd39 NtGdiCreatePatternBrushInternal [3] (win32k.sys)
102b: 903b2413 NtGdiCreatePen [4] (win32k.sys)
102c: 902e64dd NtGdiCreateRectRgn [4] (win32k.sys)
102d: 90307e43 NtGdiCreateRoundRectRgn [6] (win32k.sys)
102e: 9042c83b NtGdiCreateServerMetaFile [6] (win32k.sys)
102f: 9035381c NtGdiCreateSolidBrush [2] (win32k.sys)
1030: 90409058 NtGdiD3dContextCreate [4] (win32k.sys)
1031: 9040906b NtGdiD3dContextDestroy [1] (win32k.sys)
1032: 9040907e NtGdiD3dContextDestroyAll [1] (win32k.sys)
1033: 90409091 NtGdiD3dValidateTextureStageState [1] (win32k.sys)
1034: 904090a4 NtGdiD3dDrawPrimitives2 [7] (win32k.sys)
1035: 904090b7 NtGdiDdGetDriverState [1] (win32k.sys)
1036: 90408d3c NtGdiDdAddAttachedSurface [3] (win32k.sys)
1037: 904091b9 NtGdiDdAlphaBlt [3] (win32k.sys)
1038: 90408d4f NtGdiDdAttachSurface [2] (win32k.sys)
1039: 90409164 NtGdiDdBeginMoCompFrame [2] (win32k.sys)
103a: 90408d62 NtGdiDdBlt [3] (win32k.sys)
103b: 90408d75 NtGdiDdCanCreateSurface [2] (win32k.sys)
103c: 9040902f NtGdiDdCanCreateD3DBuffer [2] (win32k.sys)
103d: 90408d88 NtGdiDdColorControl [2] (win32k.sys)
103e: 90399757 NtGdiDdCreateDirectDrawObject [1] (win32k.sys)
103f: 90408d9b NtGdiDdCreateSurface [8] (win32k.sys)
1040: 90409019 NtGdiDdCreateD3DBuffer [8] (win32k.sys)
1041: 90409138 NtGdiDdCreateMoComp [2] (win32k.sys)
1042: 90408db1 NtGdiDdCreateSurfaceObject [6] (win32k.sys)
1043: 90408ddd NtGdiDdDeleteDirectDrawObject [1] (win32k.sys)
1044: 90408dc7 NtGdiDdDeleteSurfaceObject [1] (win32k.sys)
1045: 9040914e NtGdiDdDestroyMoComp [2] (win32k.sys)
1046: 90408df3 NtGdiDdDestroySurface [2] (win32k.sys)
1047: 90409042 NtGdiDdDestroyD3DBuffer [1] (win32k.sys)
1048: 90409177 NtGdiDdEndMoCompFrame [2] (win32k.sys)
1049: 90408e09 NtGdiDdFlip [5] (win32k.sys)
104a: 90408eb9 NtGdiDdFlipToGDISurface [2] (win32k.sys)
104b: 90408e1f NtGdiDdGetAvailDriverMemory [2] (win32k.sys)
104c: 90408e35 NtGdiDdGetBltStatus [2] (win32k.sys)
104d: 90408e4b NtGdiDdGetDC [2] (win32k.sys)
104e: 90408e61 NtGdiDdGetDriverInfo [2] (win32k.sys)
104f: 90408fc1 NtGdiDdGetDxHandle [3] (win32k.sys)
1050: 90408e77 NtGdiDdGetFlipStatus [2] (win32k.sys)
1051: 90409122 NtGdiDdGetInternalMoCompInfo [2] (win32k.sys)
1052: 9040910c NtGdiDdGetMoCompBuffInfo [2] (win32k.sys)
1053: 904090e0 NtGdiDdGetMoCompGuids [2] (win32k.sys)
1054: 904090f6 NtGdiDdGetMoCompFormats [2] (win32k.sys)
1055: 90408e8d NtGdiDdGetScanLine [2] (win32k.sys)
1056: 90408ecf NtGdiDdLock [3] (win32k.sys)
1057: 90408fed NtGdiDdLockD3D [2] (win32k.sys)
1058: 90408ee5 NtGdiDdQueryDirectDrawObject [11] (win32k.sys)
1059: 904091a3 NtGdiDdQueryMoCompStatus [2] (win32k.sys)
105a: 90408efb NtGdiDdReenableDirectDrawObject [2] (win32k.sys)
105b: 90408f11 NtGdiDdReleaseDC [1] (win32k.sys)
105c: 9040918d NtGdiDdRenderMoComp [2] (win32k.sys)
105d: 90408f27 NtGdiDdResetVisrgn [2] (win32k.sys)
105e: 90408f3d NtGdiDdSetColorKey [2] (win32k.sys)
105f: 90408ea3 NtGdiDdSetExclusiveMode [2] (win32k.sys)
1060: 90408fd7 NtGdiDdSetGammaRamp [3] (win32k.sys)
1061: 904090ca NtGdiDdCreateSurfaceEx [3] (win32k.sys)
1062: 90408f53 NtGdiDdSetOverlayPosition [3] (win32k.sys)
1063: 90408f69 NtGdiDdUnattachSurface [2] (win32k.sys)
1064: 90408f7f NtGdiDdUnlock [2] (win32k.sys)
1065: 90409003 NtGdiDdUnlockD3D [2] (win32k.sys)
1066: 90408f95 NtGdiDdUpdateOverlay [3] (win32k.sys)
1067: 90408fab NtGdiDdWaitForVerticalBlank [2] (win32k.sys)
1068: 904091cc NtGdiDvpCanCreateVideoPort [2] (win32k.sys)
1069: 904091e2 NtGdiDvpColorControl [2] (win32k.sys)
106a: 904091f8 NtGdiDvpCreateVideoPort [2] (win32k.sys)
106b: 9040920e NtGdiDvpDestroyVideoPort [2] (win32k.sys)
106c: 90409224 NtGdiDvpFlipVideoPort [4] (win32k.sys)
106d: 9040923a NtGdiDvpGetVideoPortBandwidth [2] (win32k.sys)
106e: 90409250 NtGdiDvpGetVideoPortField [2] (win32k.sys)
106f: 90409266 NtGdiDvpGetVideoPortFlipStatus [2] (win32k.sys)
1070: 9040927c NtGdiDvpGetVideoPortInputFormats [2] (win32k.sys)
1071: 90409292 NtGdiDvpGetVideoPortLine [2] (win32k.sys)
1072: 904092a8 NtGdiDvpGetVideoPortOutputFormats [2] (win32k.sys)
1073: 904092be NtGdiDvpGetVideoPortConnectInfo [2] (win32k.sys)
1074: 904092d4 NtGdiDvpGetVideoSignalStatus [2] (win32k.sys)
1075: 904092ea NtGdiDvpUpdateVideoPort [4] (win32k.sys)
1076: 90409300 NtGdiDvpWaitForVideoPortSync [2] (win32k.sys)
1077: 90409316 NtGdiDvpAcquireNotification [3] (win32k.sys)
1078: 9040932c NtGdiDvpReleaseNotification [2] (win32k.sys)
1079: 90408d29 NtGdiDxgGenericThunk [6] (win32k.sys)
107a: 903ac264 NtGdiDeleteClientObj [1] (win32k.sys)
107b: 9042a84d NtGdiDeleteColorSpace [1] (win32k.sys)
107c: 9042aee3 NtGdiDeleteColorTransform [2] (win32k.sys)
107d: 90334b7d NtGdiDeleteObjectApp [1] (win32k.sys)
107e: 90429288 NtGdiDescribePixelFormat [4] (win32k.sys)
107f: 90378ebd NtGdiDestroyOPMProtectedOutput [1] (win32k.sys)
1080: 9040f4b0 NtGdiGetPerBandInfo [2] (win32k.sys)
1081: 9040f38b NtGdiDoBanding [4] (win32k.sys)
1082: 9032531f NtGdiDoPalette [6] (win32k.sys)
1083: 90427f53 NtGdiDrawEscape [4] (win32k.sys)
1084: 9042d2c2 NtGdiEllipse [5] (win32k.sys)
1085: 90281f6b NtGdiEnableEudc [1] (win32k.sys)
1086: 9040efaf NtGdiEndDoc [1] (win32k.sys)
1087: 9042840a NtGdiEndGdiRendering [3] (win32k.sys)
1088: 9040f0d0 NtGdiEndPage [1] (win32k.sys)
1089: 904270be NtGdiEndPath [1] (win32k.sys)
108a: 902f7e7e NtGdiEnumFonts [8] (win32k.sys)
108b: 9042f28f NtGdiEnumObjects [4] (win32k.sys)
108c: 9038102b NtGdiEqualRgn [2] (win32k.sys)
108d: 9042f044 NtGdiEudcLoadUnloadLink [7] (win32k.sys)
108e: 902ea11a NtGdiExcludeClipRect [5] (win32k.sys)
108f: 9039172c NtGdiExtCreatePen [11] (win32k.sys)
1090: 902bb04d NtGdiExtCreateRegion [3] (win32k.sys)
1091: 903ae615 NtGdiExtEscape [8] (win32k.sys)
1092: 903bd4f5 NtGdiExtFloodFill [5] (win32k.sys)
1093: 9033509d NtGdiExtGetObjectW [3] (win32k.sys)
1094: 90336b84 NtGdiExtSelectClipRgn [3] (win32k.sys)
1095: 90344c05 NtGdiExtTextOutW [9] (win32k.sys)
1096: 904273a9 NtGdiFillPath [1] (win32k.sys)
1097: 902c0126 NtGdiFillRgn [3] (win32k.sys)
1098: 9042711b NtGdiFlattenPath [1] (win32k.sys)
1099: 9034bcf5 NtGdiFlush [0] (win32k.sys)
109a: 90429227 NtGdiForceUFIMapping [2] (win32k.sys)
109b: 9029c6c3 NtGdiFrameRgn [5] (win32k.sys)
109c: 90419d7b NtGdiFullscreenControl [5] (win32k.sys)
109d: 903bf3bc NtGdiGetAndSetDCDword [4] (win32k.sys)
109e: 90338e47 NtGdiGetAppClipBox [2] (win32k.sys)
109f: 902befd9 NtGdiGetBitmapBits [3] (win32k.sys)
10a0: 90429163 NtGdiGetBitmapDimension [2] (win32k.sys)
10a1: 902e3428 NtGdiGetBoundsRect [3] (win32k.sys)
10a2: 9037847c NtGdiGetCertificate [4] (win32k.sys)
10a3: 9037837b NtGdiGetCertificateSize [3] (win32k.sys)
10a4: 902e6870 NtGdiGetCharABCWidthsW [6] (win32k.sys)
10a5: 904278d1 NtGdiGetCharacterPlacementW [6] (win32k.sys)
10a6: 90344bf5 NtGdiGetCharSet [1] (win32k.sys)
10a7: 903b2685 NtGdiGetCharWidthW [6] (win32k.sys)
10a8: 902bbf52 NtGdiGetCharWidthInfo [2] (win32k.sys)
10a9: 904281d9 NtGdiGetColorAdjustment [2] (win32k.sys)
10aa: 9042f7c2 NtGdiGetColorSpaceforBitmap [1] (win32k.sys)
10ab: 9042b94c NtGdiGetCOPPCompatibleOPMInformation [3] (win32k.sys)
10ac: 9033656a NtGdiGetDCDword [3] (win32k.sys)
10ad: 902f7147 NtGdiGetDCforBitmap [1] (win32k.sys)
10ae: 903411b5 NtGdiGetDCObject [2] (win32k.sys)
10af: 903bad7c NtGdiGetDCPoint [3] (win32k.sys)
10b0: 903291bf NtGdiGetDeviceCaps [2] (win32k.sys)
10b1: 9042b131 NtGdiGetDeviceGammaRamp [2] (win32k.sys)
10b2: 903a907e NtGdiGetDeviceCapsAll [2] (win32k.sys)
10b3: 9032183c NtGdiGetDIBitsInternal [9] (win32k.sys)
10b4: 90430595 NtGdiGetETM [2] (win32k.sys)
10b5: 9042e4c3 NtGdiGetEudcTimeStampEx [3] (win32k.sys)
10b6: 902e6ab6 NtGdiGetFontData [5] (win32k.sys)
10b7: 90430f04 NtGdiGetFontFileData [5] (win32k.sys)
10b8: 9036be9b NtGdiGetFontFileInfo [5] (win32k.sys)
10b9: 90428989 NtGdiGetFontResourceInfoInternalW [7] (win32k.sys)
10ba: 902efc26 NtGdiGetGlyphIndicesW [5] (win32k.sys)
10bb: 902ecd7c NtGdiGetGlyphIndicesWInternal [6] (win32k.sys)
10bc: 90428040 NtGdiGetGlyphOutline [8] (win32k.sys)
10bd: 9037885a NtGdiGetOPMInformation [3] (win32k.sys)
10be: 903b721b NtGdiGetKerningPairs [3] (win32k.sys)
10bf: 9040f567 NtGdiGetLinkedUFIs [3] (win32k.sys)
10c0: 9038fb57 NtGdiGetMiterLimit [2] (win32k.sys)
10c1: 9039fe3e NtGdiGetMonitorID [3] (win32k.sys)
10c2: 90307b8c NtGdiGetNearestColor [2] (win32k.sys)
10c3: 903b6f22 NtGdiGetNearestPaletteIndex [2] (win32k.sys)
10c4: 9039fb06 NtGdiGetObjectBitmapHandle [2] (win32k.sys)
10c5: 90378413 NtGdiGetOPMRandomNumber [2] (win32k.sys)
10c6: 902f4a5e NtGdiGetOutlineTextMetricsInternalW [4] (win32k.sys)
10c7: 90427727 NtGdiGetPath [4] (win32k.sys)
10c8: 902fc110 NtGdiGetPixel [3] (win32k.sys)
10c9: 90336529 NtGdiGetRandomRgn [3] (win32k.sys)
10ca: 90428155 NtGdiGetRasterizerCaps [2] (win32k.sys)
10cb: 9030d8fa NtGdiGetRealizationInfo [2] (win32k.sys)
10cc: 90311307 NtGdiGetRegionData [3] (win32k.sys)
10cd: 902da404 NtGdiGetRgnBox [2] (win32k.sys)
10ce: 9042c93b NtGdiGetServerMetaFileBits [7] (win32k.sys)
10cf: 90409a00 DxgStubDvpUpdateVideoPort [4] (win32k.sys)
10d0: 904310e7 NtGdiGetStats [5] (win32k.sys)
10d1: 90350917 NtGdiGetStockObject [1] (win32k.sys)
10d2: 9042f19b NtGdiGetStringBitmapW [5] (win32k.sys)
10d3: 90379139 NtGdiGetSuggestedOPMProtectedOutputArraySize [2] (win32k.sys)
10d4: 9039e4a3 NtGdiGetSystemPaletteUse [1] (win32k.sys)
10d5: 902e2d0f NtGdiGetTextCharsetInfo [3] (win32k.sys)
10d6: 904284c4 NtGdiGetTextExtent [5] (win32k.sys)
10d7: 902dc18d NtGdiGetTextExtentExW [8] (win32k.sys)
10d8: 903100c1 NtGdiGetTextFaceW [4] (win32k.sys)
10d9: 902ec399 NtGdiGetTextMetricsW [3] (win32k.sys)
10da: 902c7c4f NtGdiGetTransform [3] (win32k.sys)
10db: 90428bc5 NtGdiGetUFI [6] (win32k.sys)
10dc: 90428ca3 NtGdiGetEmbUFI [7] (win32k.sys)
10dd: 90428d9d NtGdiGetUFIPathname [10] (win32k.sys)
10de: 90428b50 NtGdiGetEmbedFonts [0] (win32k.sys)
10df: 90428b5a NtGdiChangeGhostFont [2] (win32k.sys)
10e0: 9040e045 NtGdiAddEmbFontToDC [2] (win32k.sys)
10e1: 90380c82 NtGdiGetFontUnicodeRanges [2] (win32k.sys)
10e2: 9031175a NtGdiGetWidthTable [7] (win32k.sys)
10e3: 90394c26 NtGdiGradientFill [6] (win32k.sys)
10e4: 90322662 NtGdiHfontCreate [5] (win32k.sys)
10e5: 9042b42e NtGdiIcmBrushInfo [8] (win32k.sys)
10e6: 9035099a bInitRedirDev [0] (win32k.sys)
10e7: 90417929 NtGdiInitSpool [0] (win32k.sys)
10e8: 903367ea NtGdiIntersectClipRect [5] (win32k.sys)
10e9: 9039d932 NtGdiInvertRgn [2] (win32k.sys)
10ea: 903ba7e8 NtGdiLineTo [3] (win32k.sys)
10eb: 90429313 NtGdiMakeFontDir [5] (win32k.sys)
10ec: 9042f8ee NtGdiMakeInfoDC [2] (win32k.sys)
10ed: 902e3826 NtGdiMaskBlt [13] (win32k.sys)
10ee: 902c9a35 NtGdiModifyWorldTransform [3] (win32k.sys)
10ef: 903a2e0a NtGdiMonoBitmap [1] (win32k.sys)
10f0: 9042837d NtGdiMoveTo [4] (win32k.sys)
10f1: 904159c2 NtGdiOffsetClipRgn [3] (win32k.sys)
10f2: 902da7da NtGdiOffsetRgn [3] (win32k.sys)
10f3: 902efa9b NtGdiOpenDCW [8] (win32k.sys)
10f4: 902e22c5 NtGdiPatBlt [6] (win32k.sys)
10f5: 9033b129 NtGdiPolyPatBlt [5] (win32k.sys)
10f6: 9042746c NtGdiPathToRegion [1] (win32k.sys)
10f7: 9037b25b NtGdiPlgBlt [11] (win32k.sys)
10f8: 90427e13 NtGdiPolyDraw [4] (win32k.sys)
10f9: 902c0694 NtGdiPolyPolyDraw [5] (win32k.sys)
10fa: 90360436 NtGdiPolyTextOutW [4] (win32k.sys)
10fb: 90375369 NtGdiPtInRegion [3] (win32k.sys)
10fc: 90415b1c NtGdiPtVisible [3] (win32k.sys)
10fd: 904285f3 NtGdiQueryFonts [3] (win32k.sys)
10fe: 9035100f NtGdiQueryFontAssocInfo [1] (win32k.sys)
10ff: 903c3042 NtGdiRectangle [5] (win32k.sys)
1100: 9036437c NtGdiRectInRegion [2] (win32k.sys)
1101: 902e8ac0 NtGdiRectVisible [2] (win32k.sys)
1102: 904287dc NtGdiRemoveFontResourceW [6] (win32k.sys)
1103: 9042896d NtGdiRemoveFontMemResourceEx [1] (win32k.sys)
1104: 903b73e7 NtGdiResetDC [5] (win32k.sys)
1105: 9042c41f NtGdiResizePalette [2] (win32k.sys)
1106: 902f1111 NtGdiRestoreDC [2] (win32k.sys)
1107: 903a57d8 NtGdiRoundRect [7] (win32k.sys)
1108: 902efc16 NtGdiSaveDC [1] (win32k.sys)
1109: 90420773 NtGdiScaleViewportExtEx [6] (win32k.sys)
110a: 90429100 NtGdiScaleWindowExtEx [6] (win32k.sys)
110b: 90352f2c NtGdiSelectBitmap [2] (win32k.sys)
110c: 9042835d NtGdiSelectBrush [2] (win32k.sys)
110d: 904272b9 NtGdiSelectClipPath [2] (win32k.sys)
110e: 90344edd NtGdiSelectFont [2] (win32k.sys)
110f: 9042836d NtGdiSelectPen [2] (win32k.sys)
1110: 90292be8 NtGdiSetBitmapAttributes [2] (win32k.sys)
1111: 902c5185 NtGdiSetBitmapBits [3] (win32k.sys)
1112: 904291c0 NtGdiSetBitmapDimension [4] (win32k.sys)
1113: 902e376d NtGdiSetBoundsRect [3] (win32k.sys)
1114: 90428464 NtGdiSetBrushAttributes [2] (win32k.sys)
1115: 903ac12f NtGdiSetBrushOrg [4] (win32k.sys)
1116: 9042822f NtGdiSetColorAdjustment [2] (win32k.sys)
1117: 9042ab10 NtGdiSetColorSpace [2] (win32k.sys)
1118: 9042b1b8 NtGdiSetDeviceGammaRamp [2] (win32k.sys)
1119: 902f5d9d NtGdiSetDIBitsToDeviceInternal [16] (win32k.sys)
111a: 902f85cf NtGdiSetFontEnumeration [1] (win32k.sys)
111b: 903ac989 NtGdiSetFontXform [3] (win32k.sys)
111c: 903ac452 NtGdiSetIcmMode [3] (win32k.sys)
111d: 9040e9d1 NtGdiSetLinkedUFIs [3] (win32k.sys)
111e: 90362929 NtGdiSetMagicColors [3] (win32k.sys)
111f: 903a80fa NtGdiSetMetaRgn [1] (win32k.sys)
1120: 903a810a NtGdiSetMiterLimit [3] (win32k.sys)
1121: 904290f0 NtGdiGetDeviceWidth [1] (win32k.sys)
1122: 904290e0 NtGdiMirrorWindowOrg [1] (win32k.sys)
1123: 902de63e NtGdiSetLayout [3] (win32k.sys)
1124: 90378632 NtGdiSetOPMSigningKeyAndSequenceNumbers [2] (win32k.sys)
1125: 903d0d64 NtGdiSetPixel [4] (win32k.sys)
1126: 90431e21 NtGdiSetPixelFormat [2] (win32k.sys)
1127: 904284b4 NtGdiSetRectRgn [5] (win32k.sys)
1128: 904283da NtGdiSetSystemPaletteUse [2] (win32k.sys)
1129: 904315a0 NtGdiSetTextJustification [3] (win32k.sys)
112a: 903a800e NtGdiSetVirtualResolution [5] (win32k.sys)
112b: 903a7fb8 NtGdiSetSizeDevice [3] (win32k.sys)
112c: 9040eae0 NtGdiStartDoc [4] (win32k.sys)
112d: 9040efdf NtGdiStartPage [1] (win32k.sys)
112e: 903c3b9d NtGdiStretchBlt [12] (win32k.sys)
112f: 9031bda5 NtGdiStretchDIBitsInternal [16] (win32k.sys)
1130: 90427551 NtGdiStrokeAndFillPath [1] (win32k.sys)
1131: 9042764e NtGdiStrokePath [1] (win32k.sys)
1132: 90431ff6 NtGdiSwapBuffers [1] (win32k.sys)
1133: 902ddae7 NtGdiTransformPoints [5] (win32k.sys)
1134: 903b4a68 NtGdiTransparentBlt [11] (win32k.sys)
1135: 9037ed72 DxgStubEndMoCompFrame [2] (win32k.sys)
1136: 904286d3 NtGdiUMPDEngFreeUserMem [1] (win32k.sys)
1137: 904284a4 NtGdiUnrealizeObject [1] (win32k.sys)
1138: 9042c682 NtGdiUpdateColors [1] (win32k.sys)
1139: 904271a6 NtGdiWidenPath [1] (win32k.sys)
113a: 902bf8bb NtUserActivateKeyboardLayout [2] (win32k.sys)
113b: 903d9b8f NtUserAddClipboardFormatListener [1] (win32k.sys)
113c: 903d6786 NtUserAlterWindowStyle [3] (win32k.sys)
113d: 903057cb NtUserAssociateInputContext [3] (win32k.sys)
113e: 903170ee NtUserAttachThreadInput [3] (win32k.sys)
113f: 90344664 NtUserBeginPaint [2] (win32k.sys)
1140: 903b86ae NtUserBitBltSysBmp [8] (win32k.sys)
1141: 903d44db NtUserBlockInput [1] (win32k.sys)
1142: 902ea12a NtUserBuildHimcList [4] (win32k.sys)
1143: 902e515f NtUserBuildHwndList [7] (win32k.sys)
1144: 902ebaa5 NtUserBuildNameList [4] (win32k.sys)
1145: 903d6a8d NtUserBuildPropList [4] (win32k.sys)
1146: 9029dea8 NtUserCallHwnd [2] (win32k.sys)
1147: 90304851 NtUserCallHwndLock [2] (win32k.sys)
1148: 9028b4b8 NtUserCallHwndOpt [2] (win32k.sys)
1149: 90308797 NtUserCallHwndParam [3] (win32k.sys)
114a: 902dd010 NtUserCallHwndParamLock [3] (win32k.sys)
114b: 903bc151 NtUserCallMsgFilter [2] (win32k.sys)
114c: 903a4744 NtUserCallNextHookEx [4] (win32k.sys)
114d: 903529c9 NtUserCallNoParam [1] (win32k.sys)
114e: 90351682 NtUserCallOneParam [2] (win32k.sys)
114f: 90324527 NtUserCallTwoParam [3] (win32k.sys)
1150: 903b855a NtUserChangeClipboardChain [2] (win32k.sys)
1151: 9038e7a1 NtUserChangeDisplaySettings [4] (win32k.sys)
1152: 902a4309 NtUserGetDisplayConfigBufferSizes [3] (win32k.sys)
1153: 903d6fa4 NtUserSetDisplayConfig [5] (win32k.sys)
1154: 9029fa08 NtUserQueryDisplayConfig [6] (win32k.sys)
1155: 9036c049 NtUserDisplayConfigGetDeviceInfo [1] (win32k.sys)
1156: 903d72b2 NtUserDisplayConfigSetDeviceInfo [1] (win32k.sys)
1157: 903d9eaf NtUserCheckAccessForIntegrityLevel [3] (win32k.sys)
1158: 9029e670 NtUserCheckDesktopByThreadId [1] (win32k.sys)
1159: 903d682b NtUserCheckWindowThreadDesktop [2] (win32k.sys)
115a: 9037ecbe NtUserCheckMenuItem [3] (win32k.sys)
115b: 9039de34 NtUserChildWindowFromPointEx [4] (win32k.sys)
115c: 90371b76 NtUserClipCursor [1] (win32k.sys)
115d: 903a3f0c NtUserCloseClipboard [0] (win32k.sys)
115e: 902e550b NtUserCloseDesktop [1] (win32k.sys)
115f: 902f5941 NtUserCloseWindowStation [1] (win32k.sys)
1160: 90359a90 NtUserConsoleControl [3] (win32k.sys)
1161: 90376ebb NtUserConvertMemHandle [2] (win32k.sys)
1162: 9039aba0 NtUserCopyAcceleratorTable [3] (win32k.sys)
1163: 9037b39c NtUserCountClipboardFormats [0] (win32k.sys)
1164: 902bf49a NtUserCreateAcceleratorTable [2] (win32k.sys)
1165: 903b8cbf NtUserCreateCaret [4] (win32k.sys)
1166: 9029bf18 NtUserCreateDesktopEx [6] (win32k.sys)
1167: 9039dbcb NtUserCreateInputContext [1] (win32k.sys)
1168: 903a435d NtUserCreateLocalMemHandle [4] (win32k.sys)
1169: 9030a6cf NtUserCreateWindowEx [15] (win32k.sys)
116a: 9028af2a NtUserCreateWindowStation [8] (win32k.sys)
116b: 902b49d8 NtUserDdeInitialize [5] (win32k.sys)
116c: 902e2de6 NtUserDeferWindowPos [8] (win32k.sys)
116d: 903a3e49 NtUserDefSetText [2] (win32k.sys)
116e: 902eee50 NtUserDeleteMenu [3] (win32k.sys)
116f: 903af2ec NtUserDestroyAcceleratorTable [1] (win32k.sys)
1170: 902f1509 NtUserDestroyCursor [2] (win32k.sys)
1171: 9039dd38 NtUserDestroyInputContext [1] (win32k.sys)
1172: 902bf5eb NtUserDestroyMenu [1] (win32k.sys)
1173: 90327bd4 NtUserDestroyWindow [1] (win32k.sys)
1174: 902c8658 NtUserDisableThreadIme [1] (win32k.sys)
1175: 90344aa0 NtUserDispatchMessage [1] (win32k.sys)
1176: 90281ccc NtUserDoSoundConnect [0] (win32k.sys)
1177: 9036451d NtUserDoSoundDisconnect [0] (win32k.sys)
1178: 903d6b87 NtUserDragDetect [3] (win32k.sys)
1179: 903d52a2 NtUserDragObject [5] (win32k.sys)
117a: 903d5d5c NtUserDrawAnimatedRects [4] (win32k.sys)
117b: 903d5e1f NtUserDrawCaption [4] (win32k.sys)
117c: 903d74c8 NtUserDrawCaptionTemp [7] (win32k.sys)
117d: 9031585d NtUserDrawIconEx [11] (win32k.sys)
117e: 903d73f7 NtUserDrawMenuBarTemp [5] (win32k.sys)
117f: 90375d7e NtUserEmptyClipboard [0] (win32k.sys)
1180: 903bb3ff NtUserEnableMenuItem [3] (win32k.sys)
1181: 903bed67 NtUserEnableScrollBar [3] (win32k.sys)
1182: 902e2d89 NtUserEndDeferWindowPosEx [2] (win32k.sys)
1183: 902be60b NtUserEndMenu [0] (win32k.sys)
1184: 90344f81 NtUserEndPaint [2] (win32k.sys)
1185: 902f048e NtUserEnumDisplayDevices [4] (win32k.sys)
1186: 902e5947 NtUserEnumDisplayMonitors [4] (win32k.sys)
1187: 903230fc NtUserEnumDisplaySettings [4] (win32k.sys)
1188: 903d5404 NtUserEvent [1] (win32k.sys)
1189: 9039d8f8 NtUserExcludeUpdateRgn [2] (win32k.sys)
118a: 903ad356 NtUserFillWindow [4] (win32k.sys)
118b: 9030a32b NtUserFindExistingCursorIcon [3] (win32k.sys)
118c: 9030dc42 NtUserFindWindowEx [5] (win32k.sys)
118d: 903b875e NtUserFlashWindowEx [1] (win32k.sys)
118e: 903d9e5a NtUserFrostCrashedWindow [2] (win32k.sys)
118f: 903d58ae NtUserGetAltTabInfo [6] (win32k.sys)
1190: 90322f30 NtUserGetAncestor [2] (win32k.sys)
1191: 903d88d1 NtUserGetAppImeLevel [1] (win32k.sys)
1192: 902cbd0c NtUserGetAsyncKeyState [1] (win32k.sys)
1193: 9030ec80 NtUserGetAtomName [2] (win32k.sys)
1194: 90307184 NtUserGetCaretBlinkTime [0] (win32k.sys)
1195: 903b98d9 NtUserGetCaretPos [1] (win32k.sys)
1196: 90321c11 NtUserGetClassInfoEx [5] (win32k.sys)
1197: 90321f78 NtUserGetClassName [3] (win32k.sys)
1198: 903a4244 NtUserGetClipboardData [2] (win32k.sys)
1199: 903a013a NtUserGetClipboardFormatName [3] (win32k.sys)
119a: 903b450e NtUserGetClipboardOwner [0] (win32k.sys)
119b: 903bde95 NtUserGetClipboardSequenceNumber [0] (win32k.sys)
119c: 903d5f6c NtUserGetClipboardViewer [0] (win32k.sys)
119d: 903d5c01 NtUserGetClipCursor [1] (win32k.sys)
119e: 903b7c55 NtUserGetComboBoxInfo [2] (win32k.sys)
119f: 9039acd4 NtUserGetControlBrush [3] (win32k.sys)
11a0: 903d5ec8 NtUserGetControlColor [4] (win32k.sys)
11a1: 902be5bc NtUserGetCPD [3] (win32k.sys)
11a2: 903b8c13 NtUserGetCursorFrameInfo [4] (win32k.sys)
11a3: 903d5775 NtUserGetCursorInfo [1] (win32k.sys)
11a4: 90335fda NtUserGetDC [1] (win32k.sys)
11a5: 902e71b6 NtUserGetDCEx [3] (win32k.sys)
11a6: 903159b8 NtUserGetDoubleClickTime [0] (win32k.sys)
11a7: 902e54cc NtUserGetForegroundWindow [0] (win32k.sys)
11a8: 903dac57 NtUserGetGuiResources [2] (win32k.sys)
11a9: 9031c164 NtUserGetGUIThreadInfo [2] (win32k.sys)
11aa: 9030f43c NtUserGetIconInfo [6] (win32k.sys)
11ab: 9030f6a6 NtUserGetIconSize [4] (win32k.sys)
11ac: 903d87a1 NtUserGetImeHotKey [4] (win32k.sys)
11ad: 902fafd6 NtUserGetImeInfoEx [2] (win32k.sys)
11ae: 903d6eaa NtUserGetInputLocaleInfo [2] (win32k.sys)
11af: 903d5512 NtUserGetInternalWindowPos [3] (win32k.sys)
11b0: 902c6003 NtUserGetKeyboardLayoutList [2] (win32k.sys)
11b1: 903d6dbd NtUserGetKeyboardLayoutName [1] (win32k.sys)
11b2: 903c386c NtUserGetKeyboardState [1] (win32k.sys)
11b3: 903d6d44 NtUserGetKeyNameText [3] (win32k.sys)
11b4: 902f985d NtUserGetKeyState [1] (win32k.sys)
11b5: 903d571d NtUserGetListBoxInfo [1] (win32k.sys)
11b6: 903c7fa5 NtUserGetMenuBarInfo [4] (win32k.sys)
11b7: 903d5c8b NtUserGetMenuIndex [2] (win32k.sys)
11b8: 90375379 NtUserGetMenuItemRect [4] (win32k.sys)
11b9: 9033a93a NtUserGetMessage [4] (win32k.sys)
11ba: 903d63ed NtUserGetMouseMovePointsEx [5] (win32k.sys)
11bb: 90319c7b NtUserGetObjectInformation [5] (win32k.sys)
11bc: 903d5f98 NtUserGetOpenClipboardWindow [0] (win32k.sys)
11bd: 903d5fc4 NtUserGetPriorityClipboardFormat [2] (win32k.sys)
11be: 9031fa29 NtUserGetProcessWindowStation [0] (win32k.sys)
11bf: 903d970e NtUserGetRawInputBuffer [3] (win32k.sys)
11c0: 903d9144 NtUserGetRawInputData [5] (win32k.sys)
11c1: 903d92ce NtUserGetRawInputDeviceInfo [4] (win32k.sys)
11c2: 903d95ae NtUserGetRawInputDeviceList [3] (win32k.sys)
11c3: 903d96d3 NtUserGetRegisteredRawInputDevices [3] (win32k.sys)
11c4: 9032b95e NtUserGetScrollBarInfo [3] (win32k.sys)
11c5: 902f8565 NtUserGetSystemMenu [2] (win32k.sys)
11c6: 90353702 NtUserGetThreadDesktop [1] (win32k.sys)
11c7: 9032cc09 NtUserGetThreadState [1] (win32k.sys)
11c8: 9032c600 NtUserGetTitleBarInfo [2] (win32k.sys)
11c9: 903d5ab7 NtUserGetTopLevelWindow [1] (win32k.sys)
11ca: 903d9cda NtUserGetUpdatedClipboardFormats [3] (win32k.sys)
11cb: 902daebb NtUserGetUpdateRect [3] (win32k.sys)
11cc: 903b614d NtUserGetUpdateRgn [3] (win32k.sys)
11cd: 90312644 NtUserGetWindowCompositionInfo [2] (win32k.sys)
11ce: 90312401 NtUserGetWindowCompositionAttribute [2] (win32k.sys)
11cf: 9032a351 NtUserGetWindowDC [1] (win32k.sys)
11d0: 903d5af7 NtUserGetWindowDisplayAffinity [2] (win32k.sys)
11d1: 903c54ae NtUserGetWindowPlacement [2] (win32k.sys)
11d2: 903d5489 NtUserGetWOWClass [2] (win32k.sys)
11d3: 902dae83 NtUserGhostWindowFromHungWindow [1] (win32k.sys)
11d4: 903da9a8 NtUserHardErrorControl [3] (win32k.sys)
11d5: 902c35b6 NtUserHideCaret [1] (win32k.sys)
11d6: 903d6047 NtUserHiliteMenuItem [4] (win32k.sys)
11d7: 9038b024 NtUserHungWindowFromGhostWindow [1] (win32k.sys)
11d8: 903d6cd7 NtUserImpersonateDdeClientWindow [2] (win32k.sys)
11d9: 90297f3c NtUserInitialize [2] (win32k.sys)
11da: 90285e56 NtUserInitializeClientPfnArrays [4] (win32k.sys)
11db: 903d55e4 NtUserInitTask [12] (win32k.sys)
11dc: 9032bd05 NtUserInternalGetWindowText [3] (win32k.sys)
11dd: 9038b05c NtUserInternalGetWindowIcon [2] (win32k.sys)
11de: 9034455e NtUserInvalidateRect [3] (win32k.sys)
11df: 902c6274 NtUserInvalidateRgn [3] (win32k.sys)
11e0: 903bb3c3 NtUserIsClipboardFormatAvailable [1] (win32k.sys)
11e1: 902da7a6 NtUserIsTopLevelWindow [1] (win32k.sys)
11e2: 90344298 NtUserKillTimer [2] (win32k.sys)
11e3: 9028f70a NtUserLoadKeyboardLayoutEx [8] (win32k.sys)
11e4: 9029a015 NtUserLockWindowStation [1] (win32k.sys)
11e5: 903c5844 NtUserLockWindowUpdate [1] (win32k.sys)
11e6: 903698cd NtUserLockWorkStation [0] (win32k.sys)
11e7: 903cf963 NtUserLogicalToPhysicalPoint [2] (win32k.sys)
11e8: 903ce69e NtUserMapVirtualKeyEx [4] (win32k.sys)
11e9: 903d6643 NtUserMenuItemFromPoint [4] (win32k.sys)
11ea: 9034314e NtUserMessageCall [7] (win32k.sys)
11eb: 903d60f2 NtUserMinMaximize [3] (win32k.sys)
11ec: 903d6218 NtUserMNDragLeave [0] (win32k.sys)
11ed: 903d6180 NtUserMNDragOver [2] (win32k.sys)
11ee: 903d6744 NtUserModifyUserStartupInfoFlags [2] (win32k.sys)
11ef: 902c53a8 NtUserMoveWindow [6] (win32k.sys)
11f0: 90304cff NtUserNotifyIMEStatus [3] (win32k.sys)
11f1: 90357732 NtUserNotifyProcessCreate [4] (win32k.sys)
11f2: 90317a3f NtUserNotifyWinEvent [4] (win32k.sys)
11f3: 903a3f2b NtUserOpenClipboard [2] (win32k.sys)
11f4: 902ed158 NtUserOpenDesktop [3] (win32k.sys)
11f5: 902b519b NtUserOpenInputDesktop [3] (win32k.sys)
11f6: 903d67d6 NtUserOpenThreadDesktop [4] (win32k.sys)
11f7: 902edfbf NtUserOpenWindowStation [2] (win32k.sys)
11f8: 902dee85 NtUserPaintDesktop [1] (win32k.sys)
11f9: 902de016 NtUserPaintMonitor [3] (win32k.sys)
11fa: 903436be NtUserPeekMessage [5] (win32k.sys)
11fb: 903c7a73 NtUserPhysicalToLogicalPoint [2] (win32k.sys)
11fc: 9032a928 NtUserPostMessage [4] (win32k.sys)
11fd: 9032cfdc NtUserPostThreadMessage [4] (win32k.sys)
11fe: 903d90b6 NtUserPrintWindow [3] (win32k.sys)
11ff: 90353cce NtUserProcessConnect [2] (win32k.sys)
1200: 90363237 NtUserQueryInformationThread [4] (win32k.sys)
1201: 90305126 NtUserQueryInputContext [2] (win32k.sys)
1202: 903d6c33 NtUserQuerySendMessage [1] (win32k.sys)
1203: 903442d5 NtUserQueryWindow [2] (win32k.sys)
1204: 903d5870 NtUserRealChildWindowFromPoint [3] (win32k.sys)
1205: 90344413 NtUserRealInternalGetMessage [6] (win32k.sys)
1206: 903d6583 NtUserRealWaitMessageEx [2] (win32k.sys)
1207: 90322c95 NtUserRedrawWindow [4] (win32k.sys)
1208: 90324d11 NtUserRegisterClassExWOW [7] (win32k.sys)
1209: 903d9e23 NtUserRegisterErrorReportingDialog [2] (win32k.sys)
120a: 90292c6b NtUserRegisterUserApiHook [4] (win32k.sys)
120b: 902e8051 NtUserRegisterHotKey [4] (win32k.sys)
120c: 902b4e4a NtUserRegisterRawInputDevices [3] (win32k.sys)
120d: 90281943 NtUserRegisterServicesProcess [1] (win32k.sys)
120e: 903d56e9 NtUserRegisterTasklist [1] (win32k.sys)
120f: 902f9ca5 NtUserRegisterWindowMessage [1] (win32k.sys)
1210: 903d9c70 NtUserRemoveClipboardFormatListener [1] (win32k.sys)
1211: 902c2409 NtUserRemoveMenu [3] (win32k.sys)
1212: 90338806 NtUserRemoveProp [2] (win32k.sys)
1213: 903dab2e NtUserResolveDesktopForWOW [1] (win32k.sys)
1214: 9032caac NtUserSBGetParms [4] (win32k.sys)
1215: 90360c18 NtUserScrollDC [7] (win32k.sys)
1216: 903b2934 NtUserScrollWindowEx [8] (win32k.sys)
1217: 902f6f5b NtUserSelectPalette [3] (win32k.sys)
1218: 903c9791 NtUserSendInput [3] (win32k.sys)
1219: 90317b0f NtUserSetActiveWindow [1] (win32k.sys)
121a: 903d886b NtUserSetAppImeLevel [2] (win32k.sys)
121b: 903c39c1 NtUserSetCapture [1] (win32k.sys)
121c: 9028b91c NtUserSetChildWindowNoActivate [1] (win32k.sys)
121d: 902c5aae NtUserSetClassLong [4] (win32k.sys)
121e: 903d6235 NtUserSetClassWord [3] (win32k.sys)
121f: 90376c84 NtUserSetClipboardData [3] (win32k.sys)
1220: 903a0be9 NtUserSetClipboardViewer [1] (win32k.sys)
1221: 90308713 NtUserSetCursor [1] (win32k.sys)
1222: 903d65fc NtUserSetCursorContents [2] (win32k.sys)
1223: 90319465 NtUserSetCursorIconData [4] (win32k.sys)
1224: 9030f596 NtUserSetFocus [1] (win32k.sys)
1225: 9028f523 NtUserSetImeHotKey [5] (win32k.sys)
1226: 902849b6 NtUserSetImeInfoEx [1] (win32k.sys)
1227: 9030fb60 NtUserSetImeOwnerWindow [2] (win32k.sys)
1228: 902e8b1b NtUserSetInformationThread [4] (win32k.sys)
1229: 903d59c7 NtUserSetInternalWindowPos [4] (win32k.sys)
122a: 903c3ae0 NtUserSetKeyboardState [1] (win32k.sys)
122b: 903d2e63 NtUserSetMenu [3] (win32k.sys)
122c: 903d5ceb NtUserSetMenuContextHelpId [2] (win32k.sys)
122d: 9029e440 NtUserSetMenuDefaultItem [3] (win32k.sys)
122e: 903d5d28 NtUserSetMenuFlagRtoL [1] (win32k.sys)
122f: 903daa6d NtUserSetObjectInformation [4] (win32k.sys)
1230: 902ddc01 NtUserSetParent [2] (win32k.sys)
1231: 902eeb4b NtUserSetProcessWindowStation [1] (win32k.sys)
1232: 90337b90 NtUserGetProp [2] (win32k.sys)
1233: 90337c1e NtUserSetProp [3] (win32k.sys)
1234: 9032ad01 NtUserSetScrollInfo [4] (win32k.sys)
1235: 9028b53b NtUserSetShellWindowEx [2] (win32k.sys)
1236: 903625ae NtUserSetSysColors [4] (win32k.sys)
1237: 903d65c3 NtUserSetSystemCursor [2] (win32k.sys)
1238: 903a10f5 NtUserSetSystemMenu [2] (win32k.sys)
1239: 903d6be5 NtUserSetSystemTimer [3] (win32k.sys)
123a: 902ee0b6 NtUserSetThreadDesktop [1] (win32k.sys)
123b: 903d8939 NtUserSetThreadLayoutHandles [2] (win32k.sys)
123c: 903b9c96 NtUserSetThreadState [2] (win32k.sys)
123d: 903441fd NtUserSetTimer [4] (win32k.sys)
123e: 903597ee NtUserSetProcessDPIAware [0] (win32k.sys)
123f: 903071ce NtUserSetWindowCompositionAttribute [2] (win32k.sys)
1240: 903d5b88 NtUserSetWindowDisplayAffinity [2] (win32k.sys)
1241: 9030ef15 NtUserSetWindowFNID [2] (win32k.sys)
1242: 9032c1be NtUserSetWindowLong [4] (win32k.sys)
1243: 902bf080 NtUserSetWindowPlacement [2] (win32k.sys)
1244: 90305338 NtUserSetWindowPos [7] (win32k.sys)
1245: 902c6cda NtUserSetWindowRgn [3] (win32k.sys)
1246: 902fa9ae NtUserGetWindowRgnEx [3] (win32k.sys)
1247: 903ab1d6 NtUserSetWindowRgnEx [3] (win32k.sys)
1248: 903d6271 NtUserSetWindowsHookAW [3] (win32k.sys)
1249: 902eb066 NtUserSetWindowsHookEx [6] (win32k.sys)
124a: 9028f555 NtUserSetWindowStationUser [4] (win32k.sys)
124b: 903ac2bc NtUserSetWindowWord [3] (win32k.sys)
124c: 90311576 NtUserSetWinEventHook [8] (win32k.sys)
124d: 902c5c2d NtUserShowCaret [1] (win32k.sys)
124e: 903b28ab NtUserShowScrollBar [3] (win32k.sys)
124f: 90304749 NtUserShowWindow [2] (win32k.sys)
1250: 903d629d NtUserShowWindowAsync [2] (win32k.sys)
1251: 9038045c NtUserSoundSentry [0] (win32k.sys)
1252: 9029b445 NtUserSwitchDesktop [2] (win32k.sys)
1253: 903300a9 NtUserSystemParametersInfo [4] (win32k.sys)
1254: 903d66e1 NtUserTestForInteractiveUser [1] (win32k.sys)
1255: 9039e169 NtUserThunkedMenuInfo [2] (win32k.sys)
1256: 902e6c6e NtUserThunkedMenuItemInfo [6] (win32k.sys)
1257: 90375159 NtUserToUnicodeEx [7] (win32k.sys)
1258: 903175fb NtUserTrackMouseEvent [1] (win32k.sys)
1259: 903763c2 NtUserTrackPopupMenuEx [6] (win32k.sys)
125a: 90369cd4 NtUserCalculatePopupWindowPosition [5] (win32k.sys)
125b: 9032c6d3 NtUserCalcMenuBar [5] (win32k.sys)
125c: 903c86cf NtUserPaintMenuBar [6] (win32k.sys)
125d: 903c4cc8 NtUserTranslateAccelerator [3] (win32k.sys)
125e: 903cae40 NtUserTranslateMessage [2] (win32k.sys)
125f: 903169ff NtUserUnhookWindowsHookEx [1] (win32k.sys)
1260: 902edb3b NtUserUnhookWinEvent [1] (win32k.sys)
1261: 903d6b59 NtUserUnloadKeyboardLayout [1] (win32k.sys)
1262: 9029b911 NtUserUnlockWindowStation [1] (win32k.sys)
1263: 90328e08 NtUserUnregisterClass [3] (win32k.sys)
1264: 90292c4e NtUserUnregisterUserApiHook [0] (win32k.sys)
1265: 903d0a2b NtUserUnregisterHotKey [2] (win32k.sys)
1266: 9030eec8 NtUserUpdateInputContext [3] (win32k.sys)
1267: 903d537d NtUserUpdateInstance [3] (win32k.sys)
1268: 902cc915 NtUserUpdateLayeredWindow [10] (win32k.sys)
1269: 903d8fe0 NtUserGetLayeredWindowAttributes [4] (win32k.sys)
126a: 902ddf9e NtUserSetLayeredWindowAttributes [4] (win32k.sys)
126b: 9028fc46 NtUserUpdatePerUserSystemParameters [1] (win32k.sys)
126c: 903d689b NtUserUserHandleGrantAccess [3] (win32k.sys)
126d: 903bfbbb NtUserValidateHandleSecure [1] (win32k.sys)
126e: 9039aac3 NtUserValidateRect [2] (win32k.sys)
126f: 9034587b NtUserValidateTimerCallback [1] (win32k.sys)
1270: 90392dc5 NtUserVkKeyScanEx [3] (win32k.sys)
1271: 903ab7e0 NtUserWaitForInputIdle [3] (win32k.sys)
1272: 903d527a NtUserWaitForMsgAndEvent [1] (win32k.sys)
1273: 90339265 NtUserWaitMessage [0] (win32k.sys)
1274: 903ccada NtUserWindowFromPhysicalPoint [2] (win32k.sys)
1275: 903c9ca9 NtUserWindowFromPoint [2] (win32k.sys)
1276: 903d64b9 NtUserYieldTask [0] (win32k.sys)
1277: 9028b36f NtUserRemoteConnect [3] (win32k.sys)
1278: 903d5191 NtUserRemoteRedrawRectangle [4] (win32k.sys)
1279: 903d51e8 NtUserRemoteRedrawScreen [0] (win32k.sys)
127a: 903d5238 NtUserRemoteStopScreenUpdates [0] (win32k.sys)
127b: 903da8d4 NtUserCtxDisplayIOCtl [3] (win32k.sys)
127c: 90281dd2 NtUserRegisterSessionPort [2] (win32k.sys)
127d: 903d9983 NtUserUnregisterSessionPort [0] (win32k.sys)
127e: 903d8eed NtUserUpdateWindowTransform [3] (win32k.sys)
127f: 902a824a NtUserDwmStartRedirection [1] (win32k.sys)
1280: 90388e8e NtUserDwmStopRedirection [0] (win32k.sys)
1281: 902e2f8f NtUserGetWindowMinimizeRect [2] (win32k.sys)
1282: 90379cfb NtUserSfmDxBindSwapChain [3] (win32k.sys)
1283: 9037942c NtUserSfmDxOpenSwapChain [4] (win32k.sys)
1284: 9038a35c NtUserSfmDxReleaseSwapChain [2] (win32k.sys)
1285: 9038a163 NtUserSfmDxSetSwapChainBindingStatus [2] (win32k.sys)
1286: 903798e7 NtUserSfmDxQuerySwapChainBindingStatus [3] (win32k.sys)
1287: 902a4486 NtUserSfmDxReportPendingBindingsToDwm [0] (win32k.sys)
1288: 90379a95 NtUserSfmDxGetSwapChainStats [2] (win32k.sys)
1289: 9034d611 NtUserSfmDxSetSwapChainStats [2] (win32k.sys)
128a: 903d99be NtUserSfmGetLogicalSurfaceBinding [4] (win32k.sys)
128b: 903d9b07 NtUserSfmDestroyLogicalSurfaceBinding [1] (win32k.sys)
128c: 903d9fab NtUserModifyWindowTouchCapability [3] (win32k.sys)
128d: 903da012 NtUserIsTouchWindow [2] (win32k.sys)
128e: 903da09e NtUserSendTouchInput [4] (win32k.sys)
128f: 903da1e2 NtUserEndTouchOperation [1] (win32k.sys)
1290: 903da273 NtUserGetTouchInputInfo [4] (win32k.sys)
1291: 90310a0f NtUserChangeWindowMessageFilterEx [4] (win32k.sys)
1292: 903da354 NtUserInjectGesture [5] (win32k.sys)
1293: 903da520 NtUserGetGestureInfo [2] (win32k.sys)
1294: 903da5e5 NtUserGetGestureExtArgs [3] (win32k.sys)
1295: 903da6bf NtUserManageGestureHandlerWindow [2] (win32k.sys)
1296: 9029d041 NtUserSetGestureConfig [5] (win32k.sys)
1297: 903da741 NtUserGetGestureConfig [6] (win32k.sys)
1298: 90433138 NtGdiEngAssociateSurface [3] (win32k.sys)
1299: 90433249 NtGdiEngCreateBitmap [6] (win32k.sys)
129a: 904328c3 NtGdiEngCreateDeviceSurface [4] (win32k.sys)
129b: 90432933 NtGdiEngCreateDeviceBitmap [4] (win32k.sys)
129c: 903ae418 NtGdiEngCreatePalette [6] (win32k.sys)
129d: 90436b70 NtGdiEngComputeGlyphSet [3] (win32k.sys)
129e: 90433c0a NtGdiEngCopyBits [6] (win32k.sys)
129f: 903bf689 NtGdiEngDeletePalette [1] (win32k.sys)
12a0: 904331cd NtGdiEngDeleteSurface [1] (win32k.sys)
12a1: 904333d6 NtGdiEngEraseSurface [3] (win32k.sys)
12a2: 904333a3 NtGdiEngUnlockSurface [1] (win32k.sys)
12a3: 9043336c NtGdiEngLockSurface [1] (win32k.sys)
12a4: 904344d1 NtGdiEngBitBlt [11] (win32k.sys)
12a5: 90433d9f NtGdiEngStretchBlt [11] (win32k.sys)
12a6: 904342f1 NtGdiEngPlgBlt [11] (win32k.sys)
12a7: 904331fa NtGdiEngMarkBandingSurface [1] (win32k.sys)
12a8: 90434790 NtGdiEngStrokePath [8] (win32k.sys)
12a9: 90434975 NtGdiEngFillPath [7] (win32k.sys)
12aa: 90434ad2 NtGdiEngStrokeAndFillPath [10] (win32k.sys)
12ab: 90434cba NtGdiEngPaint [5] (win32k.sys)
12ac: 90434dce NtGdiEngLineTo [9] (win32k.sys)
12ad: 90434ef1 NtGdiEngAlphaBlend [7] (win32k.sys)
12ae: 9043505c NtGdiEngGradientFill [10] (win32k.sys)
12af: 90435292 NtGdiEngTransparentBlt [8] (win32k.sys)
12b0: 904353ea NtGdiEngTextOut [10] (win32k.sys)
12b1: 90434004 NtGdiEngStretchBltROP [13] (win32k.sys)
12b2: 90436a71 NtGdiXLATEOBJ_cGetPalette [4] (win32k.sys)
12b3: 90436b25 NtGdiXLATEOBJ_iXlate [2] (win32k.sys)
12b4: 90436a2a NtGdiXLATEOBJ_hGetColorTransform [1] (win32k.sys)
12b5: 90435648 NtGdiCLIPOBJ_bEnum [3] (win32k.sys)
12b6: 904355c1 NtGdiCLIPOBJ_cEnumStart [5] (win32k.sys)
12b7: 904334d8 NtGdiCLIPOBJ_ppoGetPath [1] (win32k.sys)
12b8: 9043350f NtGdiEngDeletePath [1] (win32k.sys)
12b9: 90433542 NtGdiEngCreateClip [0] (win32k.sys)
12ba: 9043356d NtGdiEngDeleteClip [1] (win32k.sys)
12bb: 904357c0 NtGdiBRUSHOBJ_ulGetBrushColor [1] (win32k.sys)
12bc: 9043572f NtGdiBRUSHOBJ_pvAllocRbrush [2] (win32k.sys)
12bd: 90435779 NtGdiBRUSHOBJ_pvGetRbrush [1] (win32k.sys)
12be: 904358a0 NtGdiBRUSHOBJ_hGetColorTransform [1] (win32k.sys)
12bf: 904358e7 NtGdiXFORMOBJ_bApplyXform [5] (win32k.sys)
12c0: 90435a3d NtGdiXFORMOBJ_iGetXform [2] (win32k.sys)
12c1: 90435ae6 NtGdiFONTOBJ_vGetInfo [3] (win32k.sys)
12c2: 904335a0 NtGdiFONTOBJ_pxoGetXform [1] (win32k.sys)
12c3: 90435bd4 NtGdiFONTOBJ_cGetGlyphs [5] (win32k.sys)
12c4: 90436039 NtGdiFONTOBJ_pifi [1] (win32k.sys)
12c5: 90435e4e NtGdiFONTOBJ_pfdg [1] (win32k.sys)
12c6: 90435f3b NtGdiFONTOBJ_pQueryGlyphAttrs [2] (win32k.sys)
12c7: 9043695d NtGdiFONTOBJ_pvTrueTypeFontFile [2] (win32k.sys)
12c8: 90435d82 NtGdiFONTOBJ_cGetAllGlyphHandles [2] (win32k.sys)
12c9: 90436259 NtGdiSTROBJ_bEnum [3] (win32k.sys)
12ca: 90436277 NtGdiSTROBJ_bEnumPositionsOnly [3] (win32k.sys)
12cb: 90436295 NtGdiSTROBJ_bGetAdvanceWidths [4] (win32k.sys)
12cc: 9043636f NtGdiSTROBJ_vEnumStart [1] (win32k.sys)
12cd: 904363ac NtGdiSTROBJ_dwGetCodePage [1] (win32k.sys)
12ce: 9043648f NtGdiPATHOBJ_vGetBounds [2] (win32k.sys)
12cf: 90436511 NtGdiPATHOBJ_bEnum [2] (win32k.sys)
12d0: 90436665 NtGdiPATHOBJ_vEnumStart [1] (win32k.sys)
12d1: 904366d2 NtGdiPATHOBJ_vEnumStartClipLines [4] (win32k.sys)
12d2: 904367e5 NtGdiPATHOBJ_bEnumClipLines [3] (win32k.sys)
12d3: 904335d7 NtGdiGetDhpdev [1] (win32k.sys)
12d4: 9043360d NtGdiEngCheckAbort [1] (win32k.sys)
12d5: 9043366f NtGdiHT_Get8BPPFormatPalette [4] (win32k.sys)
12d6: 904336fa NtGdiHT_Get8BPPMaskPalette [6] (win32k.sys)
12d7: 9042098d NtGdiUpdateTransform [1] (win32k.sys)
12d8: 903a63c8 NtGdiSetPUMPDOBJ [4] (win32k.sys)
12d9: 904363f3 NtGdiBRUSHOBJ_DeleteRbrush [2] (win32k.sys)
12da: 904286d3 NtGdiUMPDEngFreeUserMem [1] (win32k.sys)
12db: 90338ae8 NtGdiDrawStream [3] (win32k.sys)
12dc: 9034c5c4 NtGdiSfmGetNotificationTokens [3] (win32k.sys)
12dd: 90313154 NtGdiHLSurfGetInformation [4] (win32k.sys)
12de: 90312f49 NtGdiHLSurfSetInformation [4] (win32k.sys)
12df: 9031236e NtGdiDdDDICreateAllocation [1] (win32k.sys)
12e0: 90315b1c NtGdiDdDDIQueryResourceInfo [1] (win32k.sys)
12e1: 90315d26 NtGdiDdDDIOpenResource [1] (win32k.sys)
12e2: 903140eb NtGdiDdDDIDestroyAllocation [1] (win32k.sys)
12e3: 9038f566 NtGdiDdDDISetAllocationPriority [1] (win32k.sys)
12e4: 903d4b6e NtGdiDdDDIQueryAllocationResidency [1] (win32k.sys)
12e5: 902b287f NtGdiDdDDICreateDevice [1] (win32k.sys)
12e6: 903901cf NtGdiDdDDIDestroyDevice [1] (win32k.sys)
12e7: 902b2860 NtGdiDdDDICreateContext [1] (win32k.sys)
12e8: 903901b0 NtGdiDdDDIDestroyContext [1] (win32k.sys)
12e9: 903799c8 NtGdiDdDDICreateSynchronizationObject [1] (win32k.sys)
12ea: 9040950d NtGdiDdDDIOpenSynchronizationObject [1] (win32k.sys)
12eb: 90378f5a NtGdiDdDDIDestroySynchronizationObject [1] (win32k.sys)
12ec: 90379c19 NtGdiDdDDIWaitForSynchronizationObject [1] (win32k.sys)
12ed: 903799a9 NtGdiDdDDISignalSynchronizationObject [1] (win32k.sys)
12ee: 9040952c NtGdiDdDDIGetRuntimeData [1] (win32k.sys)
12ef: 902b2841 NtGdiDdDDIQueryAdapterInfo [1] (win32k.sys)
12f0: 902f06a0 NtGdiDdDDILock [1] (win32k.sys)
12f1: 902f06bf NtGdiDdDDIUnlock [1] (win32k.sys)
12f2: 9038fbb8 NtGdiDdDDIGetDisplayModeList [1] (win32k.sys)
12f3: 902b2010 NtGdiDdDDISetDisplayMode [1] (win32k.sys)
12f4: 9040954b NtGdiDdDDIGetMultisampleMethodList [1] (win32k.sys)
12f5: 9034d5e8 NtGdiDdDDIPresent [1] (win32k.sys)
12f6: 9034d413 NtGdiDdDDIRender [1] (win32k.sys)
12f7: 902a8e7f NtGdiDdDDIOpenAdapterFromDeviceName [1] (win32k.sys)
12f8: 902b266d NtGdiDdDDIOpenAdapterFromHdc [1] (win32k.sys)
12f9: 902b2147 NtGdiDdDDICloseAdapter [1] (win32k.sys)
12fa: 90382ee3 NtGdiDdDDIGetSharedPrimaryHandle [1] (win32k.sys)
12fb: 902b20db NtGdiDdDDIEscape [1] (win32k.sys)
12fc: 9040956a NtGdiDdDDIQueryStatistics [1] (win32k.sys)
12fd: 902af72a NtGdiDdDDISetVidPnSourceOwner [1] (win32k.sys)
12fe: 9034c71c NtGdiDdDDIGetPresentHistory [1] (win32k.sys)
12ff: 902a7a8d NtGdiDdDDIGetPresentQueueEvent [2] (win32k.sys)
1300: 90409589 NtGdiDdDDICreateOverlay [1] (win32k.sys)
1301: 904095a8 NtGdiDdDDIUpdateOverlay [1] (win32k.sys)
1302: 904095c7 NtGdiDdDDIFlipOverlay [1] (win32k.sys)
1303: 904095e6 NtGdiDdDDIDestroyOverlay [1] (win32k.sys)
1304: 90347808 NtGdiDdDDIWaitForVerticalBlankEvent [1] (win32k.sys)
1305: 90409605 NtGdiDdDDISetGammaRamp [1] (win32k.sys)
1306: 9034d32b NtGdiDdDDIGetDeviceState [1] (win32k.sys)
1307: 90370513 NtGdiDdDDICreateDCFromMemory [1] (win32k.sys)
1308: 90371a50 NtGdiDdDDIDestroyDCFromMemory [1] (win32k.sys)
1309: 90390403 NtGdiDdDDISetContextSchedulingPriority [1] (win32k.sys)
130a: 90409624 NtGdiDdDDIGetContextSchedulingPriority [1] (win32k.sys)
130b: 902a739c NtGdiDdDDISetProcessSchedulingPriorityClass [2] (win32k.sys)
130c: 90409643 NtGdiDdDDIGetProcessSchedulingPriorityClass [2] (win32k.sys)
130d: 90409662 NtGdiDdDDIReleaseProcessVidPnSourceOwners [1] (win32k.sys)
130e: 903799fa NtGdiDdDDIGetScanLine [1] (win32k.sys)
130f: 90378fd3 NtGdiDdDDISetQueuedLimit [1] (win32k.sys)
1310: 9040969a NtGdiDdDDIPollDisplayChildren [1] (win32k.sys)
1311: 904096b9 NtGdiDdDDIInvalidateActiveVidPn [1] (win32k.sys)
1312: 904096d8 NtGdiDdDDICheckOcclusion [1] (win32k.sys)
1313: 904096f7 NtGdiDdDDIWaitForIdle [1] (win32k.sys)
1314: 9034d5b9 NtGdiDdDDICheckMonitorPowerState [1] (win32k.sys)
1315: 903799e7 NtGdiDdDDICheckExclusiveOwnership [0] (win32k.sys)
1316: 90409716 NtGdiDdDDISetDisplayPrivateDriverFormat [1] (win32k.sys)
1317: 9040a8ba NtGdiDdDDISharedPrimaryLockNotification [1] (win32k.sys)
1318: 9040a929 NtGdiDdDDISharedPrimaryUnLockNotification [1] (win32k.sys)
1319: 90409735 NtGdiDdDDICreateKeyedMutex [1] (win32k.sys)
131a: 90409754 NtGdiDdDDIOpenKeyedMutex [1] (win32k.sys)
131b: 90409773 NtGdiDdDDIDestroyKeyedMutex [1] (win32k.sys)
131c: 90409792 NtGdiDdDDIAcquireKeyedMutex [1] (win32k.sys)
131d: 904097b1 NtGdiDdDDIReleaseKeyedMutex [1] (win32k.sys)
131e: 903795a3 NtGdiDdDDIConfigureSharedResource [1] (win32k.sys)
131f: 904097d0 NtGdiDdDDIGetOverlayState [1] (win32k.sys)
1320: 9034d3f4 NtGdiDdDDICheckVidPnExclusiveOwnership [1] (win32k.sys)
1321: 903796b4 NtGdiDdDDICheckSharedResourceAccess [1] (win32k.sys)
1322: 9037ed72 DxgStubEndMoCompFrame [2] (win32k.sys)
1323: 9039fab3 DxgStubContextDestroyAll [1] (win32k.sys)
1324: 90436f0d NtGdiGetNumberOfPhysicalMonitors [2] (win32k.sys)
1325: 90436f3c NtGdiGetPhysicalMonitors [4] (win32k.sys)
1326: 904378e5 NtGdiGetPhysicalMonitorDescription [3] (win32k.sys)
1327: 90437bf9 NtGdiDestroyPhysicalMonitor [1] (win32k.sys)
1328: 9043798a NtGdiDDCCIGetVCPFeature [5] (win32k.sys)
1329: 90437a1c NtGdiDDCCISetVCPFeature [3] (win32k.sys)
132a: 90437a32 NtGdiDDCCISaveCurrentSettings [1] (win32k.sys)
132b: 90437d9c NtGdiDDCCIGetCapabilitiesStringLength [2] (win32k.sys)
132c: 90437dfb NtGdiDDCCIGetCapabilitiesString [3] (win32k.sys)
132d: 90437a48 NtGdiDDCCIGetTimingReport [2] (win32k.sys)
132e: 90409a17 NtGdiDdCreateFullscreenSprite [4] (win32k.sys)
132f: 90409a27 NtGdiDdNotifyFullscreenSpriteUpdate [2] (win32k.sys)
1330: 90409a37 NtGdiDdDestroyFullscreenSprite [2] (win32k.sys)
1331: 90409a47 DxEngVisRgnUniq [0] (win32k.sys)
1332: 903d6320 NtUserSetMirrorRendering [2] (win32k.sys)
1333: 903d63a5 NtUserShowSystemCursor [1] (win32k.sys)
1334: 90391b40 NtUserMagControl [2] (win32k.sys)
1335: 903a1f9f NtUserMagSetContextInformation [4] (win32k.sys)
1336: 903a2ff0 NtUserMagGetContextInformation [4] (win32k.sys)
1337: 9038f79a NtUserHwndQueryRedirectionInfo [4] (win32k.sys)
1338: 90380814 NtUserHwndSetRedirectionInfo [4] (win32k.sys)

Created: Tuesday, March 10 2009 08:44.08 CDT Modified: Tuesday, March 10 2009 08:48.09 CDT
Direct Link, View / Make / Edit Comments
VC++ asm intrinsics
Author: omeg # Views: 11342

Microsoft's Visual C++ supports less and less asm inline in later versions, or not at all on x64 platform. However, it provides a hefty number of intrinsics that are basically equivalents of single instructions.

http://msdn.microsoft.com/en-us/library/x8zs5twb.aspx

Handy reference if you like writing low-level but somewhat portable code.

There are also architecture-specific intrinsics:
x86
x64

Created: Tuesday, January 20 2009 04:26.13 CST  
Direct Link, View / Make / Edit Comments
Windows 7 syscall list
Author: omeg # Views: 19037

Windows version: 6.1.7000, platform 2,
NtQuerySystemInformation ok, kernel base: 000000008283c000

Loading symbols for C:\Windows\system32\ntoskrnl.exe, please wait...
Real SSDTS address: 00000000829a9940
Loading driver: C:\syscall\MemMap32.sys
MemMap initialized.

Service tables:

Table #0: 828a8a24, 0193 entries, params=828a9074, \SystemRoot\system32\ntoskrnl.exe
0000: 82a3dab3 NtAcceptConnectPort [6] (ntoskrnl.exe)
0001: 828e61b4 NtAccessCheck [8] (ntoskrnl.exe)
0002: 82aad3e2 NtAccessCheckAndAuditAlarm [11] (ntoskrnl.exe)
0003: 82874001 NtAccessCheckByType [11] (ntoskrnl.exe)
0004: 82ab6e36 NtAccessCheckByTypeAndAuditAlarm [16] (ntoskrnl.exe)
0005: 8293a816 NtAccessCheckByTypeResultList [11] (ntoskrnl.exe)
0006: 82b1d2e1 NtAccessCheckByTypeResultListAndAuditAlarm [16] (ntoskrnl.exe)
0007: 82b1d32a NtAccessCheckByTypeResultListAndAuditAlarmByHandle [17] (ntoskrnl.exe)
0008: 82b423c0 NtAcquireCMFViewOwnership [3] (ntoskrnl.exe)
0009: 82a410a7 NtAddAtom [3] (ntoskrnl.exe)
000a: 82b3bd70 NtAddBootEntry [2] (ntoskrnl.exe)
000b: 82b3cfb2 NtAddDriverEntry [2] (ntoskrnl.exe)
000c: 82a20177 NtAdjustGroupsToken [6] (ntoskrnl.exe)
000d: 82aa5b39 NtAdjustPrivilegesToken [6] (ntoskrnl.exe)
000e: 82b0ea1d NtAlertResumeThread [2] (ntoskrnl.exe)
000f: 82ab62ab NtAlertThread [1] (ntoskrnl.exe)
0010: 82a4a8e5 NtAllocateLocallyUniqueId [1] (ntoskrnl.exe)
0011: 82b0d1b0 NtAllocateReserveObject [3] (ntoskrnl.exe)
0012: 82afd586 NtAllocateUserPhysicalPages [3] (ntoskrnl.exe)
0013: 82a24759 NtAllocateUuids [4] (ntoskrnl.exe)
0014: 82a651d8 NtAllocateVirtualMemory [6] (ntoskrnl.exe)
0015: 82aa74eb NtAlpcAcceptConnectPort [9] (ntoskrnl.exe)
0016: 82a393a0 NtAlpcCancelMessage [3] (ntoskrnl.exe)
0017: 82a496c3 NtAlpcConnectPort [11] (ntoskrnl.exe)
0018: 82a3c8a5 NtAlpcCreatePort [3] (ntoskrnl.exe)
0019: 82a25d5a NtAlpcCreatePortSection [6] (ntoskrnl.exe)
001a: 82a38a60 NtAlpcCreateResourceReserve [4] (ntoskrnl.exe)
001b: 82a25b3a NtAlpcCreateSectionView [3] (ntoskrnl.exe)
001c: 82a45430 NtAlpcCreateSecurityContext [3] (ntoskrnl.exe)
001d: 82a25f59 NtAlpcDeletePortSection [3] (ntoskrnl.exe)
001e: 82af81b9 NtAlpcDeleteResourceReserve [3] (ntoskrnl.exe)
001f: 82a8f8b7 NtAlpcDeleteSectionView [3] (ntoskrnl.exe)
0020: 82a45a03 NtAlpcDeleteSecurityContext [3] (ntoskrnl.exe)
0021: 82a8e8c4 NtAlpcDisconnectPort [2] (ntoskrnl.exe)
0022: 82ab6acc NtAlpcImpersonateClientOfPort [3] (ntoskrnl.exe)
0023: 82a498c8 NtAlpcOpenSenderProcess [6] (ntoskrnl.exe)
0024: 82a4d171 NtAlpcOpenSenderThread [6] (ntoskrnl.exe)
0025: 82a3de61 NtAlpcQueryInformation [5] (ntoskrnl.exe)
0026: 82a805dd NtAlpcQueryInformationMessage [6] (ntoskrnl.exe)
0027: 82af82dd NtAlpcRevokeSecurityContext [3] (ntoskrnl.exe)
0028: 82a7ed17 NtAlpcSendWaitReceivePort [8] (ntoskrnl.exe)
0029: 82a3ccd1 NtAlpcSetInformation [4] (ntoskrnl.exe)
002a: 82aac1d6 NtApphelpCacheControl [2] (ntoskrnl.exe)
002b: 82abd010 NtAreMappedFilesTheSame [2] (ntoskrnl.exe)
002c: 82a4e1a4 NtAssignProcessToJobObject [2] (ntoskrnl.exe)
002d: 828a9534 NtCallbackReturn [3] (ntoskrnl.exe)
002e: 82a324df NtCancelIoFile [2] (ntoskrnl.exe)
002f: 82abd160 NtCancelIoFileEx [3] (ntoskrnl.exe)
0030: 82ae2bc8 NtCancelSynchronousIoFile [3] (ntoskrnl.exe)
0031: 8287416e NtCancelTimer [2] (ntoskrnl.exe)
0032: 82a5f692 NtClearEvent [1] (ntoskrnl.exe)
0033: 82a6a462 NtClose [1] (ntoskrnl.exe)
0034: 82ab6d65 NtCloseObjectAuditAlarm [3] (ntoskrnl.exe)
0035: 82b2553f NtCommitComplete [2] (ntoskrnl.exe)
0036: 82b25263 NtCommitEnlistment [2] (ntoskrnl.exe)
0037: 829f9b53 NtCommitTransaction [2] (ntoskrnl.exe)
0038: 82ac431b NtCompactKeys [2] (ntoskrnl.exe)
0039: 82a33ed4 NtCompareTokens [3] (ntoskrnl.exe)
003a: 82a3db30 NtCompleteConnectPort [1] (ntoskrnl.exe)
003b: 82ac4587 NtCompressKey [1] (ntoskrnl.exe)
003c: 82aaab95 NtConnectPort [8] (ntoskrnl.exe)
003d: 828843a4 NtContinue [2] (ntoskrnl.exe)
003e: 82ad870e NtCreateDebugObject [4] (ntoskrnl.exe)
003f: 82a47837 NtCreateDirectoryObject [3] (ntoskrnl.exe)
0040: 829eac08 NtCreateEnlistment [8] (ntoskrnl.exe)
0041: 82a80af5 NtCreateEvent [5] (ntoskrnl.exe)
0042: 82b42d75 NtCreateEventPair [3] (ntoskrnl.exe)
0043: 82a8a7fb NtCreateFile [11] (ntoskrnl.exe)
0044: 82aa7928 NtCreateIoCompletion [4] (ntoskrnl.exe)
0045: 82a1eee7 NtCreateJobObject [3] (ntoskrnl.exe)
0046: 82b108b4 NtCreateJobSet [3] (ntoskrnl.exe)
0047: 82a90caa NtCreateKey [7] (ntoskrnl.exe)
0048: 82a3c327 NtCreateKeyedEvent [4] (ntoskrnl.exe)
0049: 829f82aa NtCreateKeyTransacted [8] (ntoskrnl.exe)
004a: 82a24579 NtCreateMailslotFile [8] (ntoskrnl.exe)
004b: 82aaa1fe NtCreateMutant [4] (ntoskrnl.exe)
004c: 82aaacb0 NtCreateNamedPipeFile [14] (ntoskrnl.exe)
004d: 829c5226 NtCreatePagingFile [4] (ntoskrnl.exe)
004e: 82a0091e NtCreatePort [5] (ntoskrnl.exe)
004f: 82a0e6e0 NtCreatePrivateNamespace [4] (ntoskrnl.exe)
0050: 82b0cc9f NtCreateProcess [8] (ntoskrnl.exe)
0051: 82b0ccea NtCreateProcessEx [9] (ntoskrnl.exe)
0052: 82b43483 NtCreateProfile [9] (ntoskrnl.exe)
0053: 829533a3 NtCreateProfileEx [10] (ntoskrnl.exe)
0054: 829f01f5 NtCreateResourceManager [7] (ntoskrnl.exe)
0055: 82a86632 NtCreateSection [7] (ntoskrnl.exe)
0056: 82aa9697 NtCreateSemaphore [5] (ntoskrnl.exe)
0057: 82a472c4 NtCreateSymbolicLinkObject [4] (ntoskrnl.exe)
0058: 82b0cad2 NtCreateThread [8] (ntoskrnl.exe)
0059: 82ab5afd NtCreateThreadEx [11] (ntoskrnl.exe)
005a: 82a3d982 NtCreateTimer [4] (ntoskrnl.exe)
005b: 82a4b9b0 NtCreateToken [13] (ntoskrnl.exe)
005c: 82a1f700 NtCreateTransaction [10] (ntoskrnl.exe)
005d: 829f2106 NtCreateTransactionManager [6] (ntoskrnl.exe)
005e: 82aa2a70 NtCreateUserProcess [11] (ntoskrnl.exe)
005f: 829f652e NtCreateWaitablePort [5] (ntoskrnl.exe)
0060: 82a3d533 NtCreateWorkerFactory [10] (ntoskrnl.exe)
0061: 82ad95dc NtDebugActiveProcess [2] (ntoskrnl.exe)
0062: 82ad9dd5 NtDebugContinue [3] (ntoskrnl.exe)
0063: 82a4ead0 NtDelayExecution [2] (ntoskrnl.exe)
0064: 82a32d1f NtDeleteAtom [1] (ntoskrnl.exe)
0065: 82b3bda1 NtDeleteBootEntry [1] (ntoskrnl.exe)
0066: 82b3cfe3 NtDeleteDriverEntry [1] (ntoskrnl.exe)
0067: 82ae2ccf NtDeleteFile [1] (ntoskrnl.exe)
0068: 82a35fcc NtDeleteKey [1] (ntoskrnl.exe)
0069: 82abc688 NtDeleteObjectAuditAlarm [3] (ntoskrnl.exe)
006a: 82b03755 NtDeletePrivateNamespace [1] (ntoskrnl.exe)
006b: 82a2c2e0 NtDeleteValueKey [2] (ntoskrnl.exe)
006c: 82a67882 NtDeviceIoControlFile [10] (ntoskrnl.exe)
006d: 82af4ae8 NtDisableLastKnownGood [0] (ntoskrnl.exe)
006e: 829c505c NtDisplayString [1] (ntoskrnl.exe)
006f: 829513ca NtDrawText [1] (ntoskrnl.exe)
0070: 82aa9203 NtDuplicateObject [7] (ntoskrnl.exe)
0071: 82a87f3e NtDuplicateToken [6] (ntoskrnl.exe)
0072: 82af4bc9 NtEnableLastKnownGood [0] (ntoskrnl.exe)
0073: 82b3bfa4 NtEnumerateBootEntries [2] (ntoskrnl.exe)
0074: 82b3d1e2 NtEnumerateDriverEntries [2] (ntoskrnl.exe)
0075: 82a4ebc2 NtEnumerateKey [6] (ntoskrnl.exe)
0076: 82b3bb85 NtEnumerateSystemEnvironmentValuesEx [3] (ntoskrnl.exe)
0077: 82b25e8a NtEnumerateTransactionObject [5] (ntoskrnl.exe)
0078: 82a94722 NtEnumerateValueKey [6] (ntoskrnl.exe)
0079: 82afb665 NtExtendSection [2] (ntoskrnl.exe)
007a: 82a1dc83 NtFilterToken [6] (ntoskrnl.exe)
007b: 82a32be1 NtFindAtom [3] (ntoskrnl.exe)
007c: 82aa0db7 NtFlushBuffersFile [2] (ntoskrnl.exe)
007d: 82a0585e NtFlushInstallUILanguage [2] (ntoskrnl.exe)
007e: 82a307a1 NtFlushInstructionCache [3] (ntoskrnl.exe)
007f: 82a05cdc NtFlushKey [1] (ntoskrnl.exe)
0080: 8285ef64 NtFlushProcessWriteBuffers [0] (ntoskrnl.exe)
0081: 82a2b1b2 NtFlushVirtualMemory [4] (ntoskrnl.exe)
0082: 82afe5f9 NtFlushWriteBuffer [0] (ntoskrnl.exe)
0083: 82afdcbb NtFreeUserPhysicalPages [3] (ntoskrnl.exe)
0084: 828cce77 NtFreeVirtualMemory [4] (ntoskrnl.exe)
0085: 828f84cf NtFreezeRegistry [1] (ntoskrnl.exe)
0086: 82b262da NtFreezeTransactions [2] (ntoskrnl.exe)
0087: 82a80d52 NtFsControlFile [10] (ntoskrnl.exe)
0088: 82abc1e2 NtGetContextThread [2] (ntoskrnl.exe)
0089: 82abcf89 NtGetCurrentProcessorNumber [0] (ntoskrnl.exe)
008a: 82b08bc5 NtGetDevicePowerState [2] (ntoskrnl.exe)
008b: 82aa51dc NtGetMUIRegistryInfo [3] (ntoskrnl.exe)
008c: 82b0eb5c NtGetNextProcess [5] (ntoskrnl.exe)
008d: 82b0edf7 NtGetNextThread [6] (ntoskrnl.exe)
008e: 82a208d5 NtGetNlsSectionPtr [5] (ntoskrnl.exe)
008f: 829f5fa9 NtGetNotificationResourceManager [7] (ntoskrnl.exe)
0090: 82a1393d NtGetPlugPlayEvent [4] (ntoskrnl.exe)
0091: 829218c2 NtGetWriteWatch [7] (ntoskrnl.exe)
0092: 82a3dc97 NtImpersonateAnonymousToken [1] (ntoskrnl.exe)
0093: 82a4aea8 NtImpersonateClientOfPort [2] (ntoskrnl.exe)
0094: 82aac02d NtImpersonateThread [3] (ntoskrnl.exe)
0095: 82aa4fc3 NtInitializeNlsFiles [3] (ntoskrnl.exe)
0096: 829c7088 NtInitializeRegistry [1] (ntoskrnl.exe)
0097: 82b089bf NtInitiatePowerAction [4] (ntoskrnl.exe)
0098: 82a39635 NtIsProcessInJob [2] (ntoskrnl.exe)
0099: 82b08bab NtIsSystemResumeAutomatic [0] (ntoskrnl.exe)
009a: 82a03d91 NtIsUILanguageComitted [0] (ntoskrnl.exe)
009b: 829d3cdb NtListenPort [2] (ntoskrnl.exe)
009c: 829e466e NtLoadDriver [1] (ntoskrnl.exe)
009d: 829ebc41 NtLoadKey [2] (ntoskrnl.exe)
009e: 829c94e9 NtLoadKey2 [3] (ntoskrnl.exe)
009f: 829f4281 NtLoadKeyEx [8] (ntoskrnl.exe)
00a0: 82a24124 NtLockFile [10] (ntoskrnl.exe)
00a1: 829b950f NtLockProductActivationKeys [2] (ntoskrnl.exe)
00a2: 829b51f7 NtLockRegistryKey [1] (ntoskrnl.exe)
00a3: 82873970 NtLockVirtualMemory [4] (ntoskrnl.exe)
00a4: 82a4e508 NtMakePermanentObject [1] (ntoskrnl.exe)
00a5: 82a490eb NtMakeTemporaryObject [1] (ntoskrnl.exe)
00a6: 82aa198d NtMapCMFModule [6] (ntoskrnl.exe)
00a7: 82afca13 NtMapUserPhysicalPages [3] (ntoskrnl.exe)
00a8: 82afcf0c NtMapUserPhysicalPagesScatter [3] (ntoskrnl.exe)
00a9: 82a86382 NtMapViewOfSection [10] (ntoskrnl.exe)
00aa: 82b3bf73 NtModifyBootEntry [1] (ntoskrnl.exe)
00ab: 82b3d1b3 NtModifyDriverEntry [1] (ntoskrnl.exe)
00ac: 82a2d30e NtNotifyChangeDirectoryFile [9] (ntoskrnl.exe)
00ad: 82a95816 NtNotifyChangeKey [10] (ntoskrnl.exe)
00ae: 82a94d7a NtNotifyChangeMultipleKeys [12] (ntoskrnl.exe)
00af: 82ae2e48 NtNotifyChangeSession [6] (ntoskrnl.exe)
00b0: 82aa235b NtOpenDirectoryObject [3] (ntoskrnl.exe)
00b1: 82b24ace NtOpenEnlistment [5] (ntoskrnl.exe)
00b2: 82a3ba25 NtOpenEvent [3] (ntoskrnl.exe)
00b3: 82b42e8f NtOpenEventPair [3] (ntoskrnl.exe)
00b4: 82a85174 NtOpenFile [6] (ntoskrnl.exe)
00b5: 82ae28c3 NtOpenIoCompletion [3] (ntoskrnl.exe)
00b6: 82b1045f NtOpenJobObject [3] (ntoskrnl.exe)
00b7: 82a6c754 NtOpenKey [3] (ntoskrnl.exe)
00b8: 82ac253c NtOpenKeyEx [4] (ntoskrnl.exe)
00b9: 82b431c7 NtOpenKeyedEvent [3] (ntoskrnl.exe)
00ba: 829f823b NtOpenKeyTransacted [4] (ntoskrnl.exe)
00bb: 82ac2569 NtOpenKeyTransactedEx [5] (ntoskrnl.exe)
00bc: 82a38ccb NtOpenMutant [3] (ntoskrnl.exe)
00bd: 82a0ef70 NtOpenObjectAuditAlarm [12] (ntoskrnl.exe)
00be: 82abdce4 NtOpenPrivateNamespace [4] (ntoskrnl.exe)
00bf: 82aa9551 NtOpenProcess [4] (ntoskrnl.exe)
00c0: 82aa5686 NtOpenProcessToken [3] (ntoskrnl.exe)
00c1: 82a76615 NtOpenProcessTokenEx [4] (ntoskrnl.exe)
00c2: 829ea005 NtOpenResourceManager [5] (ntoskrnl.exe)
00c3: 82a962c3 NtOpenSection [3] (ntoskrnl.exe)
00c4: 82a1f139 NtOpenSemaphore [3] (ntoskrnl.exe)
00c5: 82a2a378 NtOpenSession [3] (ntoskrnl.exe)
00c6: 82a9244d NtOpenSymbolicLinkObject [3] (ntoskrnl.exe)
00c7: 82a81788 NtOpenThread [4] (ntoskrnl.exe)
00c8: 82aa8271 NtOpenThreadToken [4] (ntoskrnl.exe)
00c9: 82a78cfe NtOpenThreadTokenEx [5] (ntoskrnl.exe)
00ca: 82b42b1d NtOpenTimer [3] (ntoskrnl.exe)
00cb: 829c896b NtOpenTransaction [5] (ntoskrnl.exe)
00cc: 829e975c NtOpenTransactionManager [6] (ntoskrnl.exe)
00cd: 82a4d576 NtPlugPlayControl [3] (ntoskrnl.exe)
00ce: 82a3fe55 NtPowerInformation [5] (ntoskrnl.exe)
00cf: 82b253d1 NtPrepareComplete [2] (ntoskrnl.exe)
00d0: 82b250f5 NtPrepareEnlistment [2] (ntoskrnl.exe)
00d1: 82b25488 NtPrePrepareComplete [2] (ntoskrnl.exe)
00d2: 82b251ac NtPrePrepareEnlistment [2] (ntoskrnl.exe)
00d3: 82a33b46 NtPrivilegeCheck [3] (ntoskrnl.exe)
00d4: 82a2cd2c NtPrivilegedServiceAuditAlarm [5] (ntoskrnl.exe)
00d5: 82a0b67d NtPrivilegeObjectAuditAlarm [6] (ntoskrnl.exe)
00d6: 82b28ef6 NtPropagationComplete [4] (ntoskrnl.exe)
00d7: 82b28fbe NtPropagationFailed [3] (ntoskrnl.exe)
00d8: 82a7a700 NtProtectVirtualMemory [5] (ntoskrnl.exe)
00d9: 82abfaf0 NtPulseEvent [2] (ntoskrnl.exe)
00da: 82a8b9e3 NtQueryAttributesFile [2] (ntoskrnl.exe)
00db: 82b3c441 NtQueryBootEntryOrder [2] (ntoskrnl.exe)
00dc: 82b3c87f NtQueryBootOptions [2] (ntoskrnl.exe)
00dd: 828ea67a NtQueryDebugFilterState [2] (ntoskrnl.exe)
00de: 82aa2475 NtQueryDefaultLocale [2] (ntoskrnl.exe)
00df: 82a02d66 NtQueryDefaultUILanguage [1] (ntoskrnl.exe)
00e0: 82a9bc09 NtQueryDirectoryFile [11] (ntoskrnl.exe)
00e1: 82ab1641 NtQueryDirectoryObject [7] (ntoskrnl.exe)
00e2: 82b3cd77 NtQueryDriverEntryOrder [2] (ntoskrnl.exe)
00e3: 829d21f0 NtQueryEaFile [9] (ntoskrnl.exe)
00e4: 82a32acf NtQueryEvent [5] (ntoskrnl.exe)
00e5: 82a3d79a NtQueryFullAttributesFile [2] (ntoskrnl.exe)
00e6: 82a32d47 NtQueryInformationAtom [5] (ntoskrnl.exe)
00e7: 82b24cda NtQueryInformationEnlistment [5] (ntoskrnl.exe)
00e8: 82a89c88 NtQueryInformationFile [5] (ntoskrnl.exe)
00e9: 829f6591 NtQueryInformationJobObject [5] (ntoskrnl.exe)
00ea: 82af71b0 NtQueryInformationPort [5] (ntoskrnl.exe)
00eb: 82a5f6e0 NtQueryInformationProcess [5] (ntoskrnl.exe)
00ec: 82b2643a NtQueryInformationResourceManager [5] (ntoskrnl.exe)
00ed: 82a63441 NtQueryInformationThread [5] (ntoskrnl.exe)
00ee: 82a7672c NtQueryInformationToken [5] (ntoskrnl.exe)
00ef: 82b25820 NtQueryInformationTransaction [5] (ntoskrnl.exe)
00f0: 829e9b0d NtQueryInformationTransactionManager [5] (ntoskrnl.exe)
00f1: 8295274b NtQueryInformationWorkerFactory [5] (ntoskrnl.exe)
00f2: 82a03d20 NtQueryInstallUILanguage [1] (ntoskrnl.exe)
00f3: 82b437e3 NtQueryIntervalProfile [2] (ntoskrnl.exe)
00f4: 82ae2986 NtQueryIoCompletion [5] (ntoskrnl.exe)
00f5: 82a92d2f NtQueryKey [5] (ntoskrnl.exe)
00f6: 82a9718b NtQueryLicenseValue [5] (ntoskrnl.exe)
00f7: 82ac3b05 NtQueryMultipleValueKey [6] (ntoskrnl.exe)
00f8: 82b432a2 NtQueryMutant [5] (ntoskrnl.exe)
00f9: 82a4fd18 NtQueryObject [5] (ntoskrnl.exe)
00fa: 82ac3db7 NtQueryOpenSubKeys [2] (ntoskrnl.exe)
00fb: 82abbbb4 NtQueryOpenSubKeysEx [4] (ntoskrnl.exe)
00fc: 82a678b5 NtQueryPerformanceCounter [2] (ntoskrnl.exe)
00fd: 82b0d164 NtQueryPortInformationProcess [0] (ntoskrnl.exe)
00fe: 82ae420f NtQueryQuotaInformationFile [9] (ntoskrnl.exe)
00ff: 82aa7804 NtQuerySection [5] (ntoskrnl.exe)
0100: 82b1abf9 NtQuerySecurityAttributesToken [6] (ntoskrnl.exe)
0101: 82aa0887 NtQuerySecurityObject [5] (ntoskrnl.exe)
0102: 82b3ae0a NtQuerySemaphore [5] (ntoskrnl.exe)
0103: 82a9b47b NtQuerySymbolicLinkObject [3] (ntoskrnl.exe)
0104: 82b3afe7 NtQuerySystemEnvironmentValue [4] (ntoskrnl.exe)
0105: 82b3b5d7 NtQuerySystemEnvironmentValueEx [5] (ntoskrnl.exe)
0106: 82a5e896 NtQuerySystemInformation [4] (ntoskrnl.exe)
0107: 82b35275 NtQuerySystemInformationEx [6] (ntoskrnl.exe)
0108: 82aa9798 NtQuerySystemTime [1] (ntoskrnl.exe)
0109: 82b42bdc NtQueryTimer [5] (ntoskrnl.exe)
010a: 82a2cf7d NtQueryTimerResolution [3] (ntoskrnl.exe)
010b: 82a6eca8 NtQueryValueKey [6] (ntoskrnl.exe)
010c: 82a8aa63 NtQueryVirtualMemory [6] (ntoskrnl.exe)
010d: 82a9f1c4 NtQueryVolumeInformationFile [5] (ntoskrnl.exe)
010e: 82a38c8f NtQueueApcThread [5] (ntoskrnl.exe)
010f: 82a38b7d NtQueueApcThreadEx [6] (ntoskrnl.exe)
0110: 828843ec NtRaiseException [3] (ntoskrnl.exe)
0111: 82abc95e NtRaiseHardError [6] (ntoskrnl.exe)
0112: 82a9e853 NtReadFile [9] (ntoskrnl.exe)
0113: 829ebe31 NtReadFileScatter [9] (ntoskrnl.exe)
0114: 82b256ab NtReadOnlyEnlistment [2] (ntoskrnl.exe)
0115: 82af7295 NtReadRequestData [6] (ntoskrnl.exe)
0116: 82aa9587 NtReadVirtualMemory [5] (ntoskrnl.exe)
0117: 82b24c80 NtRecoverEnlistment [2] (ntoskrnl.exe)
0118: 829f3577 NtRecoverResourceManager [1] (ntoskrnl.exe)
0119: 829f22fa NtRecoverTransactionManager [1] (ntoskrnl.exe)
011a: 82b28d4a NtRegisterProtocolAddressInformation [5] (ntoskrnl.exe)
011b: 82b0e136 NtRegisterThreadTerminatePort [1] (ntoskrnl.exe)
011c: 82b42573 NtReleaseCMFViewOwnership [0] (ntoskrnl.exe)
011d: 82ab62fc NtReleaseKeyedEvent [4] (ntoskrnl.exe)
011e: 82aaf372 NtReleaseMutant [2] (ntoskrnl.exe)
011f: 82aad983 NtReleaseSemaphore [3] (ntoskrnl.exe)
0120: 828afb01 NtReleaseWorkerFactoryWorker [1] (ntoskrnl.exe)
0121: 82a5f512 NtRemoveIoCompletion [5] (ntoskrnl.exe)
0122: 82a456cb NtRemoveIoCompletionEx [6] (ntoskrnl.exe)
0123: 82ad9727 NtRemoveProcessDebug [2] (ntoskrnl.exe)
0124: 82ac401c NtRenameKey [2] (ntoskrnl.exe)
0125: 82b2665b NtRenameTransactionManager [2] (ntoskrnl.exe)
0126: 82ac38b4 NtReplaceKey [3] (ntoskrnl.exe)
0127: 829046db NtReplacePartitionUnit [3] (ntoskrnl.exe)
0128: 82a4ada8 NtReplyPort [2] (ntoskrnl.exe)
0129: 82a67861 NtReplyWaitReceivePort [4] (ntoskrnl.exe)
012a: 82a673e3 NtReplyWaitReceivePortEx [5] (ntoskrnl.exe)
012b: 82af7463 NtReplyWaitReplyPort [2] (ntoskrnl.exe)
012c: 82a45608 NtRequestPort [2] (ntoskrnl.exe)
012d: 82aa8987 NtRequestWaitReplyPort [3] (ntoskrnl.exe)
012e: 82a2c607 NtResetEvent [2] (ntoskrnl.exe)
012f: 82921f0d NtResetWriteWatch [3] (ntoskrnl.exe)
0130: 82ac25ed NtRestoreKey [3] (ntoskrnl.exe)
0131: 82b0e9b7 NtResumeProcess [1] (ntoskrnl.exe)
0132: 82a7d4d9 NtResumeThread [2] (ntoskrnl.exe)
0133: 82b25760 NtRollbackComplete [2] (ntoskrnl.exe)
0134: 82b2531a NtRollbackEnlistment [2] (ntoskrnl.exe)
0135: 82aba841 NtRollbackTransaction [2] (ntoskrnl.exe)
0136: 82b267bc NtRollforwardTransactionManager [2] (ntoskrnl.exe)
0137: 82ac27f0 NtSaveKey [2] (ntoskrnl.exe)
0138: 82ac29cf NtSaveKeyEx [3] (ntoskrnl.exe)
0139: 82ac2bdd NtSaveMergedKeys [3] (ntoskrnl.exe)
013a: 82aaa59e NtSecureConnectPort [9] (ntoskrnl.exe)
013b: 82af4a99 NtSerializeBoot [0] (ntoskrnl.exe)
013c: 82b3c67c NtSetBootEntryOrder [2] (ntoskrnl.exe)
013d: 82b3cb62 NtSetBootOptions [2] (ntoskrnl.exe)
013e: 82b0dd07 NtSetContextThread [2] (ntoskrnl.exe)
013f: 829b2798 NtSetDebugFilterState [3] (ntoskrnl.exe)
0140: 829d0928 NtSetDefaultHardErrorPort [1] (ntoskrnl.exe)
0141: 82a02a4a NtSetDefaultLocale [2] (ntoskrnl.exe)
0142: 82a0305a NtSetDefaultUILanguage [1] (ntoskrnl.exe)
0143: 82b3d5df NtSetDriverEntryOrder [2] (ntoskrnl.exe)
0144: 82ae3c97 NtSetEaFile [4] (ntoskrnl.exe)
0145: 82a5ee75 NtSetEvent [2] (ntoskrnl.exe)
0146: 82b3a513 NtSetEventBoostPriority [1] (ntoskrnl.exe)
0147: 82b4315b NtSetHighEventPair [1] (ntoskrnl.exe)
0148: 82b4308d NtSetHighWaitLowEventPair [1] (ntoskrnl.exe)
0149: 82ad9f94 NtSetInformationDebugObject [5] (ntoskrnl.exe)
014a: 82b24f1f NtSetInformationEnlistment [4] (ntoskrnl.exe)
014b: 82a9fb9c NtSetInformationFile [5] (ntoskrnl.exe)
014c: 82a1defd NtSetInformationJobObject [4] (ntoskrnl.exe)
014d: 82ac33c9 NtSetInformationKey [4] (ntoskrnl.exe)
014e: 82ab1aa2 NtSetInformationObject [4] (ntoskrnl.exe)
014f: 82a7a881 NtSetInformationProcess [4] (ntoskrnl.exe)
0150: 829ea363 NtSetInformationResourceManager [4] (ntoskrnl.exe)
0151: 82a7558f NtSetInformationThread [4] (ntoskrnl.exe)
0152: 82aae175 NtSetInformationToken [4] (ntoskrnl.exe)
0153: 82b26086 NtSetInformationTransaction [4] (ntoskrnl.exe)
0154: 82b2687e NtSetInformationTransactionManager [4] (ntoskrnl.exe)
0155: 8286accc NtSetInformationWorkerFactory [4] (ntoskrnl.exe)
0156: 82b437c0 NtSetIntervalProfile [2] (ntoskrnl.exe)
0157: 82a4ea47 NtSetIoCompletion [5] (ntoskrnl.exe)
0158: 82ae2aac NtSetIoCompletionEx [6] (ntoskrnl.exe)
0159: 82b1011f NtSetLdtEntries [6] (ntoskrnl.exe)
015a: 82b430f8 NtSetLowEventPair [1] (ntoskrnl.exe)
015b: 82b43022 NtSetLowWaitHighEventPair [1] (ntoskrnl.exe)
015c: 82ae482f NtSetQuotaInformationFile [4] (ntoskrnl.exe)
015d: 82a466e0 NtSetSecurityObject [3] (ntoskrnl.exe)
015e: 82b3b2df NtSetSystemEnvironmentValue [2] (ntoskrnl.exe)
015f: 82b3b8eb NtSetSystemEnvironmentValueEx [5] (ntoskrnl.exe)
0160: 82a2ef62 NtSetSystemInformation [3] (ntoskrnl.exe)
0161: 82b6164b NtSetSystemPowerState [3] (ntoskrnl.exe)
0162: 82b347c6 NtSetSystemTime [2] (ntoskrnl.exe)
0163: 82a2142f NtSetThreadExecutionState [2] (ntoskrnl.exe)
0164: 828abd01 NtSetTimer [7] (ntoskrnl.exe)
0165: 82952ec3 NtSetTimerEx [4] (ntoskrnl.exe)
0166: 82a31e59 NtSetTimerResolution [3] (ntoskrnl.exe)
0167: 829d3094 NtSetUuidSeed [1] (ntoskrnl.exe)
0168: 82a3a450 NtSetValueKey [6] (ntoskrnl.exe)
0169: 82ae4849 NtSetVolumeInformationFile [5] (ntoskrnl.exe)
016a: 82b39a39 NtShutdownSystem [1] (ntoskrnl.exe)
016b: 82a20008 NtShutdownWorkerFactory [2] (ntoskrnl.exe)
016c: 828eed7f NtSignalAndWaitForSingleObject [4] (ntoskrnl.exe)
016d: 82b255f6 NtSinglePhaseReject [2] (ntoskrnl.exe)
016e: 82b434fb NtStartProfile [1] (ntoskrnl.exe)
016f: 82b436f3 NtStopProfile [1] (ntoskrnl.exe)
0170: 82b0e957 NtSuspendProcess [1] (ntoskrnl.exe)
0171: 82abcd8e NtSuspendThread [2] (ntoskrnl.exe)
0172: 82a215ca NtSystemDebugControl [6] (ntoskrnl.exe)
0173: 82a4e7d4 NtTerminateJobObject [2] (ntoskrnl.exe)
0174: 82a8c9b4 NtTerminateProcess [2] (ntoskrnl.exe)
0175: 82a8049b NtTerminateThread [2] (ntoskrnl.exe)
0176: 82a7e218 NtTestAlert [0] (ntoskrnl.exe)
0177: 828f8533 NtThawRegistry [0] (ntoskrnl.exe)
0178: 82b263b7 NtThawTransactions [0] (ntoskrnl.exe)
0179: 82a96acb NtTraceControl [6] (ntoskrnl.exe)
017a: 828cfa9f NtTraceEvent [4] (ntoskrnl.exe)
017b: 82b3d7e3 NtTranslateFilePath [4] (ntoskrnl.exe)
017c: 82af7153 NtUmsThreadYield [1] (ntoskrnl.exe)
017d: 82ae5048 NtUnloadDriver [1] (ntoskrnl.exe)
017e: 829fdcbb NtUnloadKey [1] (ntoskrnl.exe)
017f: 829fdcd5 NtUnloadKey2 [2] (ntoskrnl.exe)
0180: 82ac2d77 NtUnloadKeyEx [2] (ntoskrnl.exe)
0181: 82a24efa NtUnlockFile [5] (ntoskrnl.exe)
0182: 8286847b NtUnlockVirtualMemory [4] (ntoskrnl.exe)
0183: 82a85fc1 NtUnmapViewOfSection [2] (ntoskrnl.exe)
0184: 82b2a0db NtVdmControl [2] (ntoskrnl.exe)
0185: 82ad9abf NtWaitForDebugEvent [4] (ntoskrnl.exe)
0186: 82ab5761 NtWaitForKeyedEvent [4] (ntoskrnl.exe)
0187: 82a5ef3e NtWaitForMultipleObjects [5] (ntoskrnl.exe)
0188: 82b00e15 NtWaitForMultipleObjects32 [5] (ntoskrnl.exe)
0189: 82a5e782 NtWaitForSingleObject [3] (ntoskrnl.exe)
018a: 828af61d NtWaitForWorkViaWorkerFactory [2] (ntoskrnl.exe)
018b: 82b42fb9 NtWaitHighEventPair [1] (ntoskrnl.exe)
018c: 82b42f50 NtWaitLowEventPair [1] (ntoskrnl.exe)
018d: 8286fdc6 NtWorkerFactoryWorkerReady [1] (ntoskrnl.exe)
018e: 82a644f4 NtWriteFile [9] (ntoskrnl.exe)
018f: 82a2349b NtWriteFileGather [9] (ntoskrnl.exe)
0190: 82af7302 NtWriteRequestData [6] (ntoskrnl.exe)
0191: 82aa8161 NtWriteVirtualMemory [5] (ntoskrnl.exe)
0192: 82870989 NtYieldExecution [0] (ntoskrnl.exe)

Table #1: 99ee0000, 033b entries, params=99ee1034, \SystemRoot\System32\win32k.sys
1000: 99e6af8c NtGdiAbortDoc [1] (win32k.sys)
1001: 99e84d88 NtGdiAbortPath [1] (win32k.sys)
1002: 99d6ef41 NtGdiAddFontResourceW [6] (win32k.sys)
1003: 99e79670 NtGdiAddRemoteFontToDC [4] (win32k.sys)
1004: 99e864cf NtGdiAddFontMemResourceEx [5] (win32k.sys)
1005: 99e6b6bb NtGdiRemoveMergeFont [2] (win32k.sys)
1006: 99e6b74f NtGdiAddRemoteMMInstanceToDC [3] (win32k.sys)
1007: 99db20b2 NtGdiAlphaBlend [12] (win32k.sys)
1008: 99e85cea NtGdiAngleArc [6] (win32k.sys)
1009: 99d5fb92 NtGdiAnyLinkedFonts [0] (win32k.sys)
100a: 99d5ef8c NtGdiFontIsLinked [1] (win32k.sys)
100b: 99e88013 NtGdiArcInternal [10] (win32k.sys)
100c: 99e861db NtGdiBeginGdiRendering [2] (win32k.sys)
100d: 99e84dfc NtGdiBeginPath [1] (win32k.sys)
100e: 99dc0ce7 NtGdiBitBlt [11] (win32k.sys)
100f: 99e8612e NtGdiCancelDC [1] (win32k.sys)
1010: 99e88daf NtGdiCheckBitmapBits [8] (win32k.sys)
1011: 99e84d03 NtGdiCloseFigure [1] (win32k.sys)
1012: 99dc767f NtGdiClearBitmapAttributes [2] (win32k.sys)
1013: 99e86265 NtGdiClearBrushAttributes [2] (win32k.sys)
1014: 99e887a6 NtGdiColorCorrectPalette [6] (win32k.sys)
1015: 99d618e8 NtGdiCombineRgn [4] (win32k.sys)
1016: 99dfcf11 NtGdiCombineTransform [3] (win32k.sys)
1017: 99e15eb6 NtGdiComputeXformCoefficients [1] (win32k.sys)
1018: 99e8979b NtGdiConfigureOPMProtectedOutput [4] (win32k.sys)
1019: 99e7cf26 NtGdiConvertMetafileRect [2] (win32k.sys)
101a: 99d87c81 NtGdiCreateBitmap [5] (win32k.sys)
101b: 99e861cb NtGdiCreateBitmapFromDxSurface [5] (win32k.sys)
101c: 99e11208 NtGdiCreateClientObj [1] (win32k.sys)
101d: 99e88668 NtGdiCreateColorSpace [1] (win32k.sys)
101e: 99e88a31 NtGdiCreateColorTransform [8] (win32k.sys)
101f: 99d7644f NtGdiCreateCompatibleBitmap [3] (win32k.sys)
1020: 99da7d46 NtGdiCreateCompatibleDC [1] (win32k.sys)
1021: 99dfcbb6 NtGdiCreateDIBBrush [6] (win32k.sys)
1022: 99d76bc6 NtGdiCreateDIBitmapInternal [11] (win32k.sys)
1023: 99db12f7 NtGdiCreateDIBSection [9] (win32k.sys)
1024: 99e71133 NtGdiCreateEllipticRgn [4] (win32k.sys)
1025: 99d21370 NtGdiCreateHalftonePalette [1] (win32k.sys)
1026: 99e89bd7 NtGdiCreateHatchBrushInternal [3] (win32k.sys)
1027: 99dee42f NtGdiCreateMetafileDC [1] (win32k.sys)
1028: 99dd7cd5 NtGdiCreateOPMProtectedOutputs [5] (win32k.sys)
1029: 99d5281b NtGdiCreatePaletteInternal [2] (win32k.sys)
102a: 99d5d6b8 NtGdiCreatePatternBrushInternal [3] (win32k.sys)
102b: 99d2c7d0 NtGdiCreatePen [4] (win32k.sys)
102c: 99d71fb6 NtGdiCreateRectRgn [4] (win32k.sys)
102d: 99d67898 NtGdiCreateRoundRectRgn [6] (win32k.sys)
102e: 99e8a643 NtGdiCreateServerMetaFile [6] (win32k.sys)
102f: 99d8851d NtGdiCreateSolidBrush [2] (win32k.sys)
1030: 99e651c2 NtGdiD3dContextCreate [4] (win32k.sys)
1031: 99e651d5 NtGdiD3dContextDestroy [1] (win32k.sys)
1032: 99e651e8 NtGdiD3dContextDestroyAll [1] (win32k.sys)
1033: 99e651fb NtGdiD3dValidateTextureStageState [1] (win32k.sys)
1034: 99e6520e NtGdiD3dDrawPrimitives2 [7] (win32k.sys)
1035: 99e65221 NtGdiDdGetDriverState [1] (win32k.sys)
1036: 99e64ea6 NtGdiDdAddAttachedSurface [3] (win32k.sys)
1037: 99e65323 NtGdiDdAlphaBlt [3] (win32k.sys)
1038: 99e64eb9 NtGdiDdAttachSurface [2] (win32k.sys)
1039: 99e652ce NtGdiDdBeginMoCompFrame [2] (win32k.sys)
103a: 99e64ecc NtGdiDdBlt [3] (win32k.sys)
103b: 99e64edf NtGdiDdCanCreateSurface [2] (win32k.sys)
103c: 99e65199 NtGdiDdCanCreateD3DBuffer [2] (win32k.sys)
103d: 99e64ef2 NtGdiDdColorControl [2] (win32k.sys)
103e: 99df46be NtGdiDdCreateDirectDrawObject [1] (win32k.sys)
103f: 99e64f05 NtGdiDdCreateSurface [8] (win32k.sys)
1040: 99e65183 NtGdiDdCreateD3DBuffer [8] (win32k.sys)
1041: 99e652a2 NtGdiDdCreateMoComp [2] (win32k.sys)
1042: 99e64f1b NtGdiDdCreateSurfaceObject [6] (win32k.sys)
1043: 99e64f47 NtGdiDdDeleteDirectDrawObject [1] (win32k.sys)
1044: 99e64f31 NtGdiDdDeleteSurfaceObject [1] (win32k.sys)
1045: 99e652b8 NtGdiDdDestroyMoComp [2] (win32k.sys)
1046: 99e64f5d NtGdiDdDestroySurface [2] (win32k.sys)
1047: 99e651ac NtGdiDdDestroyD3DBuffer [1] (win32k.sys)
1048: 99e652e1 NtGdiDdEndMoCompFrame [2] (win32k.sys)
1049: 99e64f73 NtGdiDdFlip [5] (win32k.sys)
104a: 99e65023 NtGdiDdFlipToGDISurface [2] (win32k.sys)
104b: 99e64f89 NtGdiDdGetAvailDriverMemory [2] (win32k.sys)
104c: 99e64f9f NtGdiDdGetBltStatus [2] (win32k.sys)
104d: 99e64fb5 NtGdiDdGetDC [2] (win32k.sys)
104e: 99e64fcb NtGdiDdGetDriverInfo [2] (win32k.sys)
104f: 99e6512b NtGdiDdGetDxHandle [3] (win32k.sys)
1050: 99e64fe1 NtGdiDdGetFlipStatus [2] (win32k.sys)
1051: 99e6528c NtGdiDdGetInternalMoCompInfo [2] (win32k.sys)
1052: 99e65276 NtGdiDdGetMoCompBuffInfo [2] (win32k.sys)
1053: 99e6524a NtGdiDdGetMoCompGuids [2] (win32k.sys)
1054: 99e65260 NtGdiDdGetMoCompFormats [2] (win32k.sys)
1055: 99e64ff7 NtGdiDdGetScanLine [2] (win32k.sys)
1056: 99e65039 NtGdiDdLock [3] (win32k.sys)
1057: 99e65157 NtGdiDdLockD3D [2] (win32k.sys)
1058: 99e6504f NtGdiDdQueryDirectDrawObject [11] (win32k.sys)
1059: 99e6530d NtGdiDdQueryMoCompStatus [2] (win32k.sys)
105a: 99e65065 NtGdiDdReenableDirectDrawObject [2] (win32k.sys)
105b: 99e6507b NtGdiDdReleaseDC [1] (win32k.sys)
105c: 99e652f7 NtGdiDdRenderMoComp [2] (win32k.sys)
105d: 99e65091 NtGdiDdResetVisrgn [2] (win32k.sys)
105e: 99e650a7 NtGdiDdSetColorKey [2] (win32k.sys)
105f: 99e6500d NtGdiDdSetExclusiveMode [2] (win32k.sys)
1060: 99e65141 NtGdiDdSetGammaRamp [3] (win32k.sys)
1061: 99e65234 NtGdiDdCreateSurfaceEx [3] (win32k.sys)
1062: 99e650bd NtGdiDdSetOverlayPosition [3] (win32k.sys)
1063: 99e650d3 NtGdiDdUnattachSurface [2] (win32k.sys)
1064: 99e650e9 NtGdiDdUnlock [2] (win32k.sys)
1065: 99e6516d NtGdiDdUnlockD3D [2] (win32k.sys)
1066: 99e650ff NtGdiDdUpdateOverlay [3] (win32k.sys)
1067: 99e65115 NtGdiDdWaitForVerticalBlank [2] (win32k.sys)
1068: 99e65336 NtGdiDvpCanCreateVideoPort [2] (win32k.sys)
1069: 99e6534c NtGdiDvpColorControl [2] (win32k.sys)
106a: 99e65362 NtGdiDvpCreateVideoPort [2] (win32k.sys)
106b: 99e65378 NtGdiDvpDestroyVideoPort [2] (win32k.sys)
106c: 99e6538e NtGdiDvpFlipVideoPort [4] (win32k.sys)
106d: 99e653a4 NtGdiDvpGetVideoPortBandwidth [2] (win32k.sys)
106e: 99e653ba NtGdiDvpGetVideoPortField [2] (win32k.sys)
106f: 99e653d0 NtGdiDvpGetVideoPortFlipStatus [2] (win32k.sys)
1070: 99e653e6 NtGdiDvpGetVideoPortInputFormats [2] (win32k.sys)
1071: 99e653fc NtGdiDvpGetVideoPortLine [2] (win32k.sys)
1072: 99e65412 NtGdiDvpGetVideoPortOutputFormats [2] (win32k.sys)
1073: 99e65428 NtGdiDvpGetVideoPortConnectInfo [2] (win32k.sys)
1074: 99e6543e NtGdiDvpGetVideoSignalStatus [2] (win32k.sys)
1075: 99e65454 NtGdiDvpUpdateVideoPort [4] (win32k.sys)
1076: 99e6546a NtGdiDvpWaitForVideoPortSync [2] (win32k.sys)
1077: 99e65480 NtGdiDvpAcquireNotification [3] (win32k.sys)
1078: 99e65496 NtGdiDvpReleaseNotification [2] (win32k.sys)
1079: 99e64e93 NtGdiDxgGenericThunk [6] (win32k.sys)
107a: 99e11968 NtGdiDeleteClientObj [1] (win32k.sys)
107b: 99e88638 NtGdiDeleteColorSpace [1] (win32k.sys)
107c: 99e88ccb NtGdiDeleteColorTransform [2] (win32k.sys)
107d: 99da7d56 NtGdiDeleteObjectApp [1] (win32k.sys)
107e: 99e87079 NtGdiDescribePixelFormat [4] (win32k.sys)
107f: 99dd809e NtGdiDestroyOPMProtectedOutput [1] (win32k.sys)
1080: 99e6b387 NtGdiGetPerBandInfo [2] (win32k.sys)
1081: 99e6b262 NtGdiDoBanding [4] (win32k.sys)
1082: 99d7c618 NtGdiDoPalette [6] (win32k.sys)
1083: 99e85d34 NtGdiDrawEscape [4] (win32k.sys)
1084: 99e8b0c3 NtGdiEllipse [5] (win32k.sys)
1085: 99ce56ed NtGdiEnableEudc [1] (win32k.sys)
1086: 99e6af74 NtGdiEndDoc [1] (win32k.sys)
1087: 99e861eb NtGdiEndGdiRendering [3] (win32k.sys)
1088: 99e6b064 NtGdiEndPage [1] (win32k.sys)
1089: 99e84eae NtGdiEndPath [1] (win32k.sys)
108a: 99d729f9 NtGdiEnumFonts [8] (win32k.sys)
108b: 99e8d01e NtGdiEnumObjects [4] (win32k.sys)
108c: 99e192a2 NtGdiEqualRgn [2] (win32k.sys)
108d: 99e8cdd3 NtGdiEudcLoadUnloadLink [7] (win32k.sys)
108e: 99d65c5d NtGdiExcludeClipRect [5] (win32k.sys)
108f: 99dfdfe2 NtGdiExtCreatePen [11] (win32k.sys)
1090: 99d2e89d NtGdiExtCreateRegion [3] (win32k.sys)
1091: 99deef98 NtGdiExtEscape [8] (win32k.sys)
1092: 99df549e NtGdiExtFloodFill [5] (win32k.sys)
1093: 99da8183 NtGdiExtGetObjectW [3] (win32k.sys)
1094: 99db41ac NtGdiExtSelectClipRgn [3] (win32k.sys)
1095: 99db3759 NtGdiExtTextOutW [9] (win32k.sys)
1096: 99e851a1 NtGdiFillPath [1] (win32k.sys)
1097: 99d296b7 NtGdiFillRgn [3] (win32k.sys)
1098: 99e84f0b NtGdiFlattenPath [1] (win32k.sys)
1099: 99dbcd4e NtGdiFlush [0] (win32k.sys)
109a: 99e87018 NtGdiForceUFIMapping [2] (win32k.sys)
109b: 99d2aefa NtGdiFrameRgn [5] (win32k.sys)
109c: 99e761e0 NtGdiFullscreenControl [5] (win32k.sys)
109d: 99e1128d NtGdiGetAndSetDCDword [4] (win32k.sys)
109e: 99db4faf NtGdiGetAppClipBox [2] (win32k.sys)
109f: 99d2f4e5 NtGdiGetBitmapBits [3] (win32k.sys)
10a0: 99e86f54 NtGdiGetBitmapDimension [2] (win32k.sys)
10a1: 99d6a2be NtGdiGetBoundsRect [3] (win32k.sys)
10a2: 99dd9652 NtGdiGetCertificate [4] (win32k.sys)
10a3: 99dd8d0d NtGdiGetCertificateSize [3] (win32k.sys)
10a4: 99d5f0c3 NtGdiGetCharABCWidthsW [6] (win32k.sys)
10a5: 99e856b2 NtGdiGetCharacterPlacementW [6] (win32k.sys)
10a6: 99db3709 NtGdiGetCharSet [1] (win32k.sys)
10a7: 99e00cff NtGdiGetCharWidthW [6] (win32k.sys)
10a8: 99d22586 NtGdiGetCharWidthInfo [2] (win32k.sys)
10a9: 99e85fba NtGdiGetColorAdjustment [2] (win32k.sys)
10aa: 99e8d570 NtGdiGetColorSpaceforBitmap [1] (win32k.sys)
10ab: 99e89735 NtGdiGetCOPPCompatibleOPMInformation [3] (win32k.sys)
10ac: 99db0f9b NtGdiGetDCDword [3] (win32k.sys)
10ad: 99d70880 NtGdiGetDCforBitmap [1] (win32k.sys)
10ae: 99da5676 NtGdiGetDCObject [2] (win32k.sys)
10af: 99e1afe1 NtGdiGetDCPoint [3] (win32k.sys)
10b0: 99d6cfef NtGdiGetDeviceCaps [2] (win32k.sys)
10b1: 99e88f1a NtGdiGetDeviceGammaRamp [2] (win32k.sys)
10b2: 99e0e63a NtGdiGetDeviceCapsAll [2] (win32k.sys)
10b3: 99d7bfc6 NtGdiGetDIBitsInternal [9] (win32k.sys)
10b4: 99e8e344 NtGdiGetETM [2] (win32k.sys)
10b5: 99e8c29a NtGdiGetEudcTimeStampEx [3] (win32k.sys)
10b6: 99d5edf9 NtGdiGetFontData [5] (win32k.sys)
10b7: 99e8ecb3 NtGdiGetFontFileData [5] (win32k.sys)
10b8: 99dd2636 NtGdiGetFontFileInfo [5] (win32k.sys)
10b9: 99e8677a NtGdiGetFontResourceInfoInternalW [7] (win32k.sys)
10ba: 99d71713 NtGdiGetGlyphIndicesW [5] (win32k.sys)
10bb: 99d71864 NtGdiGetGlyphIndicesWInternal [6] (win32k.sys)
10bc: 99e85e21 NtGdiGetGlyphOutline [8] (win32k.sys)
10bd: 99dd73f2 NtGdiGetOPMInformation [3] (win32k.sys)
10be: 99df353d NtGdiGetKerningPairs [3] (win32k.sys)
10bf: 99e6b43e NtGdiGetLinkedUFIs [3] (win32k.sys)
10c0: 99dec2f0 NtGdiGetMiterLimit [2] (win32k.sys)
10c1: 99decabe NtGdiGetMonitorID [3] (win32k.sys)
10c2: 99d74bb6 NtGdiGetNearestColor [2] (win32k.sys)
10c3: 99def3c1 NtGdiGetNearestPaletteIndex [2] (win32k.sys)
10c4: 99debf5f NtGdiGetObjectBitmapHandle [2] (win32k.sys)
10c5: 99dd7d17 NtGdiGetOPMRandomNumber [2] (win32k.sys)
10c6: 99d5e37a NtGdiGetOutlineTextMetricsInternalW [4] (win32k.sys)
10c7: 99e85508 NtGdiGetPath [4] (win32k.sys)
10c8: 99d4912f NtGdiGetPixel [3] (win32k.sys)
10c9: 99db121b NtGdiGetRandomRgn [3] (win32k.sys)
10ca: 99e85f36 NtGdiGetRasterizerCaps [2] (win32k.sys)
10cb: 99d71548 NtGdiGetRealizationInfo [2] (win32k.sys)
10cc: 99d60d6b NtGdiGetRegionData [3] (win32k.sys)
10cd: 99d2315a NtGdiGetRgnBox [2] (win32k.sys)
10ce: 99e8a743 NtGdiGetServerMetaFileBits [7] (win32k.sys)
10cf: 99e65b7f DxgStubDvpFlipVideoPort [4] (win32k.sys)
10d0: 99e8ee96 NtGdiGetStats [5] (win32k.sys)
10d1: 99d85e38 NtGdiGetStockObject [1] (win32k.sys)
10d2: 99e8cf2a NtGdiGetStringBitmapW [5] (win32k.sys)
10d3: 99dd916e NtGdiGetSuggestedOPMProtectedOutputArraySize [2] (win32k.sys)
10d4: 99dec9bf NtGdiGetSystemPaletteUse [1] (win32k.sys)
10d5: 99d61742 NtGdiGetTextCharsetInfo [3] (win32k.sys)
10d6: 99e862b5 NtGdiGetTextExtent [5] (win32k.sys)
10d7: 99d30e5c NtGdiGetTextExtentExW [8] (win32k.sys)
10d8: 99d724e6 NtGdiGetTextFaceW [4] (win32k.sys)
10d9: 99d7228a NtGdiGetTextMetricsW [3] (win32k.sys)
10da: 99d5d13e NtGdiGetTransform [3] (win32k.sys)
10db: 99e869b6 NtGdiGetUFI [6] (win32k.sys)
10dc: 99e86a94 NtGdiGetEmbUFI [7] (win32k.sys)
10dd: 99e86b8e NtGdiGetUFIPathname [10] (win32k.sys)
10de: 99e86941 NtGdiGetEmbedFonts [0] (win32k.sys)
10df: 99e8694b NtGdiChangeGhostFont [2] (win32k.sys)
10e0: 99e6a09f NtGdiAddEmbFontToDC [2] (win32k.sys)
10e1: 99ddbea2 NtGdiGetFontUnicodeRanges [2] (win32k.sys)
10e2: 99d73a7b NtGdiGetWidthTable [7] (win32k.sys)
10e3: 99e17d14 NtGdiGradientFill [6] (win32k.sys)
10e4: 99d721ea NtGdiHfontCreate [5] (win32k.sys)
10e5: 99e89217 NtGdiIcmBrushInfo [8] (win32k.sys)
10e6: 99d85575 NtGdiInit [0] (win32k.sys)
10e7: 99e732eb NtGdiInitSpool [0] (win32k.sys)
10e8: 99db2053 NtGdiIntersectClipRect [5] (win32k.sys)
10e9: 99dfba8b NtGdiInvertRgn [2] (win32k.sys)
10ea: 99d21ce4 NtGdiLineTo [3] (win32k.sys)
10eb: 99e87104 NtGdiMakeFontDir [5] (win32k.sys)
10ec: 99e8d69d NtGdiMakeInfoDC [2] (win32k.sys)
10ed: 99d47cf0 NtGdiMaskBlt [13] (win32k.sys)
10ee: 99d5cf48 NtGdiModifyWorldTransform [3] (win32k.sys)
10ef: 99dfced0 NtGdiMonoBitmap [1] (win32k.sys)
10f0: 99e8615e NtGdiMoveTo [4] (win32k.sys)
10f1: 99e713ab NtGdiOffsetClipRgn [3] (win32k.sys)
10f2: 99d60d5b NtGdiOffsetRgn [3] (win32k.sys)
10f3: 99d70739 NtGdiOpenDCW [8] (win32k.sys)
10f4: 99dc7324 NtGdiPatBlt [6] (win32k.sys)
10f5: 99d9fe7c NtGdiPolyPatBlt [5] (win32k.sys)
10f6: 99e85264 NtGdiPathToRegion [1] (win32k.sys)
10f7: 99e7ed8e NtGdiPlgBlt [11] (win32k.sys)
10f8: 99e85bf4 NtGdiPolyDraw [4] (win32k.sys)
10f9: 99e10e4f NtGdiPolyPolyDraw [5] (win32k.sys)
10fa: 99dc5357 NtGdiPolyTextOutW [4] (win32k.sys)
10fb: 99e862a5 NtGdiPtInRegion [3] (win32k.sys)
10fc: 99e714dd NtGdiPtVisible [3] (win32k.sys)
10fd: 99e863e4 NtGdiQueryFonts [3] (win32k.sys)
10fe: 99d85cf5 NtGdiQueryFontAssocInfo [1] (win32k.sys)
10ff: 99e1e752 NtGdiRectangle [5] (win32k.sys)
1100: 99e1588c NtGdiRectInRegion [2] (win32k.sys)
1101: 99d6b495 NtGdiRectVisible [2] (win32k.sys)
1102: 99e865cd NtGdiRemoveFontResourceW [6] (win32k.sys)
1103: 99e8675e NtGdiRemoveFontMemResourceEx [1] (win32k.sys)
1104: 99e02dbe NtGdiResetDC [5] (win32k.sys)
1105: 99e8a228 NtGdiResizePalette [2] (win32k.sys)
1106: 99d7140d NtGdiRestoreDC [2] (win32k.sys)
1107: 99dfe2ca NtGdiRoundRect [7] (win32k.sys)
1108: 99d7141d NtGdiSaveDC [1] (win32k.sys)
1109: 99e7ccd1 NtGdiScaleViewportExtEx [6] (win32k.sys)
110a: 99e86ef1 NtGdiScaleWindowExtEx [6] (win32k.sys)
110b: 99da35b8 NtGdiSelectBitmap [2] (win32k.sys)
110c: 99e8613e NtGdiSelectBrush [2] (win32k.sys)
110d: 99e850a9 NtGdiSelectClipPath [2] (win32k.sys)
110e: 99db3c08 NtGdiSelectFont [2] (win32k.sys)
110f: 99e8614e NtGdiSelectPen [2] (win32k.sys)
1110: 99cf2973 NtGdiSetBitmapAttributes [2] (win32k.sys)
1111: 99d1a3f2 NtGdiSetBitmapBits [3] (win32k.sys)
1112: 99e86fb1 NtGdiSetBitmapDimension [4] (win32k.sys)
1113: 99d6a24c NtGdiSetBoundsRect [3] (win32k.sys)
1114: 99e86245 NtGdiSetBrushAttributes [2] (win32k.sys)
1115: 99e02d51 NtGdiSetBrushOrg [4] (win32k.sys)
1116: 99e86010 NtGdiSetColorAdjustment [2] (win32k.sys)
1117: 99e888fa NtGdiSetColorSpace [2] (win32k.sys)
1118: 99e88fa1 NtGdiSetDeviceGammaRamp [2] (win32k.sys)
1119: 99d7131b NtGdiSetDIBitsToDeviceInternal [16] (win32k.sys)
111a: 99d74b7f NtGdiSetFontEnumeration [1] (win32k.sys)
111b: 99dfdfa1 NtGdiSetFontXform [3] (win32k.sys)
111c: 99e02dae NtGdiSetIcmMode [3] (win32k.sys)
111d: 99e6a9df NtGdiSetLinkedUFIs [3] (win32k.sys)
111e: 99dc8769 NtGdiSetMagicColors [3] (win32k.sys)
111f: 99e1140b NtGdiSetMetaRgn [1] (win32k.sys)
1120: 99e115cd NtGdiSetMiterLimit [3] (win32k.sys)
1121: 99e86ee1 NtGdiGetDeviceWidth [1] (win32k.sys)
1122: 99e86ed1 NtGdiMirrorWindowOrg [1] (win32k.sys)
1123: 99d2fc32 NtGdiSetLayout [3] (win32k.sys)
1124: 99dd8db3 NtGdiSetOPMSigningKeyAndSequenceNumbers [2] (win32k.sys)
1125: 99e247e7 NtGdiSetPixel [4] (win32k.sys)
1126: 99e8fc25 NtGdiSetPixelFormat [2] (win32k.sys)
1127: 99e86295 NtGdiSetRectRgn [5] (win32k.sys)
1128: 99e861bb NtGdiSetSystemPaletteUse [2] (win32k.sys)
1129: 99e8f34f NtGdiSetTextJustification [3] (win32k.sys)
112a: 99e11544 NtGdiSetVirtualResolution [5] (win32k.sys)
112b: 99e11645 NtGdiSetSizeDevice [3] (win32k.sys)
112c: 99e6aaee NtGdiStartDoc [4] (win32k.sys)
112d: 99e6afa4 NtGdiStartPage [1] (win32k.sys)
112e: 99d397f8 NtGdiStretchBlt [12] (win32k.sys)
112f: 99d7ebeb NtGdiStretchDIBitsInternal [16] (win32k.sys)
1130: 99e85332 NtGdiStrokeAndFillPath [1] (win32k.sys)
1131: 99e8542f NtGdiStrokePath [1] (win32k.sys)
1132: 99e8fdf3 NtGdiSwapBuffers [1] (win32k.sys)
1133: 99d5d462 NtGdiTransformPoints [5] (win32k.sys)
1134: 99d1958e NtGdiTransparentBlt [11] (win32k.sys)
1135: 99dd160e DxgStubGetDC [2] (win32k.sys)
1136: 99e864c4 NtGdiUnmapMemFont [1] (win32k.sys)
1137: 99e86285 NtGdiUnrealizeObject [1] (win32k.sys)
1138: 99e8a48a NtGdiUpdateColors [1] (win32k.sys)
1139: 99e84f96 NtGdiWidenPath [1] (win32k.sys)
113a: 99d2c705 NtUserActivateKeyboardLayout [2] (win32k.sys)
113b: 99e33a8c NtUserAddClipboardFormatListener [1] (win32k.sys)
113c: 99e30434 NtUserAlterWindowStyle [3] (win32k.sys)
113d: 99d73e10 NtUserAssociateInputContext [3] (win32k.sys)
113e: 99e26115 NtUserAttachThreadInput [3] (win32k.sys)
113f: 99db1e81 NtUserBeginPaint [2] (win32k.sys)
1140: 99e0f8c1 NtUserBitBltSysBmp [8] (win32k.sys)
1141: 99e309b4 NtUserBlockInput [1] (win32k.sys)
1142: 99d54370 NtUserBuildHimcList [4] (win32k.sys)
1143: 99d6c2a1 NtUserBuildHwndList [7] (win32k.sys)
1144: 99d4f818 NtUserBuildNameList [4] (win32k.sys)
1145: 99e3076a NtUserBuildPropList [4] (win32k.sys)
1146: 99d007fe NtUserCallHwnd [2] (win32k.sys)
1147: 99d5c658 NtUserCallHwndLock [2] (win32k.sys)
1148: 99ce5c24 NtUserCallHwndOpt [2] (win32k.sys)
1149: 99d6adfc NtUserCallHwndParam [3] (win32k.sys)
114a: 99d47241 NtUserCallHwndParamLock [3] (win32k.sys)
114b: 99e15ba7 NtUserCallMsgFilter [2] (win32k.sys)
114c: 99e05eda NtUserCallNextHookEx [4] (win32k.sys)
114d: 99db722c NtUserCallNoParam [1] (win32k.sys)
114e: 99db71d7 NtUserCallOneParam [2] (win32k.sys)
114f: 99d55827 NtUserCallTwoParam [3] (win32k.sys)
1150: 99e06875 NtUserChangeClipboardChain [2] (win32k.sys)
1151: 99de9daa NtUserChangeDisplaySettings [4] (win32k.sys)
1152: 99d034a6 NtUserGetDisplayConfigBufferSizes [3] (win32k.sys)
1153: 99e30ca7 NtUserSetDisplayConfig [5] (win32k.sys)
1154: 99d00f07 NtUserQueryDisplayConfig [6] (win32k.sys)
1155: 99e30f8e NtUserDisplayConfigGetDeviceInfo [1] (win32k.sys)
1156: 99e31127 NtUserDisplayConfigSetDeviceInfo [1] (win32k.sys)
1157: 99e33dac NtUserCheckAccessForIntegrityLevel [3] (win32k.sys)
1158: 99d27b58 NtUserCheckDesktopByThreadId [1] (win32k.sys)
1159: 99e304de NtUserCheckWindowThreadDesktop [3] (win32k.sys)
115a: 99e32982 NtUserCheckImeHotKey [2] (win32k.sys)
115b: 99d00975 NtUserCheckMenuItem [3] (win32k.sys)
115c: 99df1f69 NtUserChildWindowFromPointEx [4] (win32k.sys)
115d: 99dd5a31 NtUserClipCursor [1] (win32k.sys)
115e: 99e14cec NtUserCloseClipboard [0] (win32k.sys)
115f: 99d4f761 NtUserCloseDesktop [1] (win32k.sys)
1160: 99d4fc5b NtUserCloseWindowStation [1] (win32k.sys)
1161: 99dc6ad5 NtUserConsoleControl [3] (win32k.sys)
1162: 99debd82 NtUserConvertMemHandle [2] (win32k.sys)
1163: 99e10cc5 NtUserCopyAcceleratorTable [3] (win32k.sys)
1164: 99e14a82 NtUserCountClipboardFormats [0] (win32k.sys)
1165: 99d2266b NtUserCreateAcceleratorTable [2] (win32k.sys)
1166: 99e15297 NtUserCreateCaret [4] (win32k.sys)
1167: 99cf42e7 NtUserCreateDesktopEx [6] (win32k.sys)
1168: 99e06588 NtUserCreateInputContext [1] (win32k.sys)
1169: 99dfb61c NtUserCreateLocalMemHandle [4] (win32k.sys)
116a: 99d7a4f0 NtUserCreateWindowEx [15] (win32k.sys)
116b: 99cf7507 NtUserCreateWindowStation [8] (win32k.sys)
116c: 99d1651a NtUserDdeInitialize [5] (win32k.sys)
116d: 99d2c503 NtUserDeferWindowPos [8] (win32k.sys)
116e: 99e03eca NtUserDefSetText [2] (win32k.sys)
116f: 99d84991 NtUserDeleteMenu [3] (win32k.sys)
1170: 99e10bf5 NtUserDestroyAcceleratorTable [1] (win32k.sys)
1171: 99d95057 NtUserDestroyCursor [2] (win32k.sys)
1172: 99e065d7 NtUserDestroyInputContext [1] (win32k.sys)
1173: 99d23838 NtUserDestroyMenu [1] (win32k.sys)
1174: 99d9972a NtUserDestroyWindow [1] (win32k.sys)
1175: 99d2f71d NtUserDisableThreadIme [1] (win32k.sys)
1176: 99db1fd2 NtUserDispatchMessage [1] (win32k.sys)
1177: 99ce553b NtUserDoSoundConnect [0] (win32k.sys)
1178: 99dc939c NtUserDoSoundDisconnect [0] (win32k.sys)
1179: 99e30864 NtUserDragDetect [3] (win32k.sys)
117a: 99e2ed31 NtUserDragObject [5] (win32k.sys)
117b: 99e2f7eb NtUserDrawAnimatedRects [4] (win32k.sys)
117c: 99e2f8ae NtUserDrawCaption [4] (win32k.sys)
117d: 99e31328 NtUserDrawCaptionTemp [7] (win32k.sys)
117e: 99d65689 NtUserDrawIconEx [11] (win32k.sys)
117f: 99e31257 NtUserDrawMenuBarTemp [5] (win32k.sys)
1180: 99dd11f9 NtUserEmptyClipboard [0] (win32k.sys)
1181: 99d200d5 NtUserEnableMenuItem [3] (win32k.sys)
1182: 99e066f6 NtUserEnableScrollBar [3] (win32k.sys)
1183: 99d2dad1 NtUserEndDeferWindowPosEx [2] (win32k.sys)
1184: 99d2a36e NtUserEndMenu [0] (win32k.sys)
1185: 99db1f32 NtUserEndPaint [2] (win32k.sys)
1186: 99d5183b NtUserEnumDisplayDevices [4] (win32k.sys)
1187: 99d6c18b NtUserEnumDisplayMonitors [4] (win32k.sys)
1188: 99d7455b NtUserEnumDisplaySettings [4] (win32k.sys)
1189: 99e2ee93 NtUserEvent [1] (win32k.sys)
118a: 99dedca7 NtUserExcludeUpdateRgn [2] (win32k.sys)
118b: 99e151f3 NtUserFillWindow [4] (win32k.sys)
118c: 99d774c2 NtUserFindExistingCursorIcon [3] (win32k.sys)
118d: 99d4f38a NtUserFindWindowEx [5] (win32k.sys)
118e: 99e07873 NtUserFlashWindowEx [1] (win32k.sys)
118f: 99e33d57 NtUserFrostCrashedWindow [2] (win32k.sys)
1190: 99e2f33d NtUserGetAltTabInfo [6] (win32k.sys)
1191: 99d61857 NtUserGetAncestor [2] (win32k.sys)
1192: 99e3291a NtUserGetAppImeLevel [1] (win32k.sys)
1193: 99d3864a NtUserGetAsyncKeyState [1] (win32k.sys)
1194: 99d82737 NtUserGetAtomName [2] (win32k.sys)
1195: 99d719c0 NtUserGetCaretBlinkTime [0] (win32k.sys)
1196: 99e10dc8 NtUserGetCaretPos [1] (win32k.sys)
1197: 99d59897 NtUserGetClassInfoEx [5] (win32k.sys)
1198: 99d5c3fb NtUserGetClassName [3] (win32k.sys)
1199: 99df8fee NtUserGetClipboardData [2] (win32k.sys)
119a: 99ded029 NtUserGetClipboardFormatName [3] (win32k.sys)
119b: 99e14a56 NtUserGetClipboardOwner [0] (win32k.sys)
119c: 99e14e25 NtUserGetClipboardSequenceNumber [0] (win32k.sys)
119d: 99e2f9fb NtUserGetClipboardViewer [0] (win32k.sys)
119e: 99e2f690 NtUserGetClipCursor [1] (win32k.sys)
119f: 99e12a00 NtUserGetComboBoxInfo [2] (win32k.sys)
11a0: 99df69b8 NtUserGetControlBrush [3] (win32k.sys)
11a1: 99e2f957 NtUserGetControlColor [4] (win32k.sys)
11a2: 99d2d49d NtUserGetCPD [3] (win32k.sys)
11a3: 99e10926 NtUserGetCursorFrameInfo [4] (win32k.sys)
11a4: 99e2f204 NtUserGetCursorInfo [1] (win32k.sys)
11a5: 99db02db NtUserGetDC [1] (win32k.sys)
11a6: 99d65c6d NtUserGetDCEx [3] (win32k.sys)
11a7: 99d4a5e2 NtUserGetDoubleClickTime [0] (win32k.sys)
11a8: 99d655da NtUserGetForegroundWindow [0] (win32k.sys)
11a9: 99e35086 NtUserGetGuiResources [2] (win32k.sys)
11aa: 99d5d90a NtUserGetGUIThreadInfo [2] (win32k.sys)
11ab: 99d7c966 NtUserGetIconInfo [6] (win32k.sys)
11ac: 99d7fac1 NtUserGetIconSize [4] (win32k.sys)
11ad: 99e327ea NtUserGetImeHotKey [4] (win32k.sys)
11ae: 99d5bd0f NtUserGetImeInfoEx [2] (win32k.sys)
11af: 99e30bad NtUserGetInputLocaleInfo [2] (win32k.sys)
11b0: 99e2efa1 NtUserGetInternalWindowPos [3] (win32k.sys)
11b1: 99d224fb NtUserGetKeyboardLayoutList [2] (win32k.sys)
11b2: 99e30ac0 NtUserGetKeyboardLayoutName [1] (win32k.sys)
11b3: 99e20de2 NtUserGetKeyboardState [1] (win32k.sys)
11b4: 99e30a47 NtUserGetKeyNameText [3] (win32k.sys)
11b5: 99d5354f NtUserGetKeyState [1] (win32k.sys)
11b6: 99e2f1ac NtUserGetListBoxInfo [1] (win32k.sys)
11b7: 99d4da44 NtUserGetMenuBarInfo [4] (win32k.sys)
11b8: 99e2f71a NtUserGetMenuIndex [2] (win32k.sys)
11b9: 99e30219 NtUserGetMenuItemRect [4] (win32k.sys)
11ba: 99dbcf5b NtUserGetMessage [4] (win32k.sys)
11bb: 99e2fe50 NtUserGetMouseMovePointsEx [5] (win32k.sys)
11bc: 99d82367 NtUserGetObjectInformation [5] (win32k.sys)
11bd: 99e14eb8 NtUserGetOpenClipboardWindow [0] (win32k.sys)
11be: 99e2fa27 NtUserGetPriorityClipboardFormat [2] (win32k.sys)
11bf: 99d820e4 NtUserGetProcessWindowStation [0] (win32k.sys)
11c0: 99e33620 NtUserGetRawInputBuffer [3] (win32k.sys)
11c1: 99e22f9a NtUserGetRawInputData [5] (win32k.sys)
11c2: 99e331e0 NtUserGetRawInputDeviceInfo [4] (win32k.sys)
11c3: 99e334c0 NtUserGetRawInputDeviceList [3] (win32k.sys)
11c4: 99e335e5 NtUserGetRegisteredRawInputDevices [3] (win32k.sys)
11c5: 99d6dd4e NtUserGetScrollBarInfo [3] (win32k.sys)
11c6: 99e33fc7 NtUserGetServicesProcess [1] (win32k.sys)
11c7: 99d81346 NtUserGetSystemMenu [2] (win32k.sys)
11c8: 99d8830d NtUserGetThreadDesktop [2] (win32k.sys)
11c9: 99d9a5b6 NtUserGetThreadState [1] (win32k.sys)
11ca: 99d6d83c NtUserGetTitleBarInfo [2] (win32k.sys)
11cb: 99e2f546 NtUserGetTopLevelWindow [1] (win32k.sys)
11cc: 99e33bd7 NtUserGetUpdatedClipboardFormats [3] (win32k.sys)
11cd: 99d46eff NtUserGetUpdateRect [3] (win32k.sys)
11ce: 99dfef62 NtUserGetUpdateRgn [3] (win32k.sys)
11cf: 99d63524 NtUserGetWindowCompositionInfo [2] (win32k.sys)
11d0: 99d631a9 NtUserGetWindowCompositionAttribute [2] (win32k.sys)
11d1: 99d6d589 NtUserGetWindowDC [1] (win32k.sys)
11d2: 99e2f586 NtUserGetWindowDisplayAffinity [2] (win32k.sys)
11d3: 99e12ca7 NtUserGetWindowPlacement [2] (win32k.sys)
11d4: 99e2ef18 NtUserGetWOWClass [2] (win32k.sys)
11d5: 99d470d9 NtUserGhostWindowFromHungWindow [1] (win32k.sys)
11d6: 99e34cfd NtUserHardErrorControl [3] (win32k.sys)
11d7: 99d2c6cb NtUserHideCaret [1] (win32k.sys)
11d8: 99e2faaa NtUserHiliteMenuItem [4] (win32k.sys)
11d9: 99de6ef8 NtUserHungWindowFromGhostWindow [1] (win32k.sys)
11da: 99e309da NtUserImpersonateDdeClientWindow [2] (win32k.sys)
11db: 99cef335 NtUserInitialize [2] (win32k.sys)
11dc: 99cfcf4e NtUserInitializeClientPfnArrays [4] (win32k.sys)
11dd: 99e2f073 NtUserInitTask [12] (win32k.sys)
11de: 99d6d5e0 NtUserInternalGetWindowText [3] (win32k.sys)
11df: 99de1d0a NtUserInternalGetWindowIcon [2] (win32k.sys)
11e0: 99db1670 NtUserInvalidateRect [3] (win32k.sys)
11e1: 99d2dde1 NtUserInvalidateRgn [3] (win32k.sys)
11e2: 99e14d92 NtUserIsClipboardFormatAvailable [1] (win32k.sys)
11e3: 99d62c03 NtUserIsTopLevelWindow [1] (win32k.sys)
11e4: 99d9bce7 NtUserKillTimer [2] (win32k.sys)
11e5: 99cf0e7b NtUserLoadKeyboardLayoutEx [8] (win32k.sys)
11e6: 99cfe9f8 NtUserLockWindowStation [1] (win32k.sys)
11e7: 99dd153a NtUserLockWindowUpdate [1] (win32k.sys)
11e8: 99dcaef8 NtUserLockWorkStation [0] (win32k.sys)
11e9: 99e27009 NtUserLogicalToPhysicalPoint [2] (win32k.sys)
11ea: 99e2166b NtUserMapVirtualKeyEx [4] (win32k.sys)
11eb: 99e302f1 NtUserMenuItemFromPoint [4] (win32k.sys)
11ec: 99dafb35 NtUserMessageCall [7] (win32k.sys)
11ed: 99e2fb55 NtUserMinMaximize [3] (win32k.sys)
11ee: 99e2fc7b NtUserMNDragLeave [0] (win32k.sys)
11ef: 99e2fbe3 NtUserMNDragOver [2] (win32k.sys)
11f0: 99e303f2 NtUserModifyUserStartupInfoFlags [2] (win32k.sys)
11f1: 99d2d69f NtUserMoveWindow [6] (win32k.sys)
11f2: 99d5c95b NtUserNotifyIMEStatus [3] (win32k.sys)
11f3: 99d8ab2b NtUserNotifyProcessCreate [4] (win32k.sys)
11f4: 99d6bb8f NtUserNotifyWinEvent [4] (win32k.sys)
11f5: 99e14b09 NtUserOpenClipboard [2] (win32k.sys)
11f6: 99d4fa82 NtUserOpenDesktop [3] (win32k.sys)
11f7: 99d16ced NtUserOpenInputDesktop [3] (win32k.sys)
11f8: 99e30484 NtUserOpenThreadDesktop [5] (win32k.sys)
11f9: 99d4fb2c NtUserOpenWindowStation [2] (win32k.sys)
11fa: 99d0ed39 NtUserPaintDesktop [1] (win32k.sys)
11fb: 99d0fc19 NtUserPaintMonitor [3] (win32k.sys)
11fc: 99dafda2 NtUserPeekMessage [5] (win32k.sys)
11fd: 99e26c08 NtUserPhysicalToLogicalPoint [2] (win32k.sys)
11fe: 99d979e6 NtUserPostMessage [4] (win32k.sys)
11ff: 99d844e3 NtUserPostThreadMessage [4] (win32k.sys)
1200: 99e33152 NtUserPrintWindow [3] (win32k.sys)
1201: 99d887b5 NtUserProcessConnect [2] (win32k.sys)
1202: 99dcaba6 NtUserQueryInformationThread [4] (win32k.sys)
1203: 99d5cb3e NtUserQueryInputContext [2] (win32k.sys)
1204: 99e30910 NtUserQuerySendMessage [1] (win32k.sys)
1205: 99d595a0 NtUserQueryWindow [2] (win32k.sys)
1206: 99e2f2ff NtUserRealChildWindowFromPoint [3] (win32k.sys)
1207: 99db173b NtUserRealInternalGetMessage [6] (win32k.sys)
1208: 99e30159 NtUserRealWaitMessageEx [2] (win32k.sys)
1209: 99d609ce NtUserRedrawWindow [4] (win32k.sys)
120a: 99d7af5d NtUserRegisterClassExWOW [7] (win32k.sys)
120b: 99e33d20 NtUserRegisterErrorReportingDialog [2] (win32k.sys)
120c: 99cf2aca NtUserRegisterUserApiHook [4] (win32k.sys)
120d: 99d3877b NtUserRegisterHotKey [4] (win32k.sys)
120e: 99d14c86 NtUserRegisterRawInputDevices [3] (win32k.sys)
120f: 99ce1700 NtUserRegisterServicesProcess [1] (win32k.sys)
1210: 99e2f178 NtUserRegisterTasklist [1] (win32k.sys)
1211: 99d89827 NtUserRegisterWindowMessage [1] (win32k.sys)
1212: 99e33b6d NtUserRemoveClipboardFormatListener [1] (win32k.sys)
1213: 99d237b7 NtUserRemoveMenu [3] (win32k.sys)
1214: 99d60e34 NtUserRemoveProp [2] (win32k.sys)
1215: 99e34eeb NtUserResolveDesktop [4] (win32k.sys)
1216: 99e34dc2 NtUserResolveDesktopForWOW [1] (win32k.sys)
1217: 99d6dc6a NtUserSBGetParms [4] (win32k.sys)
1218: 99dc640c NtUserScrollDC [7] (win32k.sys)
1219: 99e17415 NtUserScrollWindowEx [8] (win32k.sys)
121a: 99d705fd NtUserSelectPalette [3] (win32k.sys)
121b: 99e2c80c NtUserSendInput [3] (win32k.sys)
121c: 99d6b77a NtUserSetActiveWindow [1] (win32k.sys)
121d: 99e328b4 NtUserSetAppImeLevel [2] (win32k.sys)
121e: 99e20f37 NtUserSetCapture [1] (win32k.sys)
121f: 99d1fbe7 NtUserSetClassLong [4] (win32k.sys)
1220: 99e2fc98 NtUserSetClassWord [3] (win32k.sys)
1221: 99dec240 NtUserSetClipboardData [3] (win32k.sys)
1222: 99decc88 NtUserSetClipboardViewer [1] (win32k.sys)
1223: 99d6adbc NtUserSetCursor [1] (win32k.sys)
1224: 99e301d2 NtUserSetCursorContents [2] (win32k.sys)
1225: 99d77318 NtUserSetCursorIconData [4] (win32k.sys)
1226: 99d53207 NtUserSetFocus [1] (win32k.sys)
1227: 99ce8dd7 NtUserSetImeHotKey [5] (win32k.sys)
1228: 99cf28e6 NtUserSetImeInfoEx [1] (win32k.sys)
1229: 99d5c87c NtUserSetImeOwnerWindow [2] (win32k.sys)
122a: 99d49538 NtUserSetInformationThread [4] (win32k.sys)
122b: 99e2f456 NtUserSetInternalWindowPos [4] (win32k.sys)
122c: 99e21777 NtUserSetKeyboardState [1] (win32k.sys)
122d: 99d48d0c NtUserSetMenu [3] (win32k.sys)
122e: 99e2f77a NtUserSetMenuContextHelpId [2] (win32k.sys)
122f: 99d2e11c NtUserSetMenuDefaultItem [3] (win32k.sys)
1230: 99e2f7b7 NtUserSetMenuFlagRtoL [1] (win32k.sys)
1231: 99e2ec6a NtUserSetObjectInformation [4] (win32k.sys)
1232: 99d2ab62 NtUserSetParent [2] (win32k.sys)
1233: 99d4f644 NtUserSetProcessWindowStation [1] (win32k.sys)
1234: 99db15fd NtUserGetProp [2] (win32k.sys)
1235: 99d5d57c NtUserSetProp [3] (win32k.sys)
1236: 99d745eb NtUserSetScrollInfo [4] (win32k.sys)
1237: 99ce5cb2 NtUserSetShellWindowEx [2] (win32k.sys)
1238: 99dc85b5 NtUserSetSysColors [4] (win32k.sys)
1239: 99e30199 NtUserSetSystemCursor [2] (win32k.sys)
123a: 99dfb1e1 NtUserSetSystemMenu [2] (win32k.sys)
123b: 99e308c2 NtUserSetSystemTimer [3] (win32k.sys)
123c: 99d4f29e NtUserSetThreadDesktop [1] (win32k.sys)
123d: 99e329d1 NtUserSetThreadLayoutHandles [2] (win32k.sys)
123e: 99e11a8f NtUserSetThreadState [2] (win32k.sys)
123f: 99db125c NtUserSetTimer [4] (win32k.sys)
1240: 99d725a6 NtUserSetProcessDPIAware [0] (win32k.sys)
1241: 99d48876 NtUserSetWindowCompositionAttribute [2] (win32k.sys)
1242: 99e2f617 NtUserSetWindowDisplayAffinity [2] (win32k.sys)
1243: 99d5bf5a NtUserSetWindowFNID [2] (win32k.sys)
1244: 99d7b220 NtUserSetWindowLong [4] (win32k.sys)
1245: 99d2f58c NtUserSetWindowPlacement [2] (win32k.sys)
1246: 99d5daba NtUserSetWindowPos [7] (win32k.sys)
1247: 99d2d964 NtUserSetWindowRgn [3] (win32k.sys)
1248: 99d63c62 NtUserGetWindowRgnEx [3] (win32k.sys)
1249: 99e001a0 NtUserSetWindowRgnEx [3] (win32k.sys)
124a: 99e2fcd4 NtUserSetWindowsHookAW [3] (win32k.sys)
124b: 99d71ef8 NtUserSetWindowsHookEx [6] (win32k.sys)
124c: 99ceb1f1 NtUserSetWindowStationUser [4] (win32k.sys)
124d: 99e0ed6c NtUserSetWindowWord [3] (win32k.sys)
124e: 99d5e079 NtUserSetWinEventHook [8] (win32k.sys)
124f: 99d2de6a NtUserShowCaret [1] (win32k.sys)
1250: 99e110e1 NtUserShowScrollBar [3] (win32k.sys)
1251: 99d7eb26 NtUserShowWindow [2] (win32k.sys)
1252: 99e2fd00 NtUserShowWindowAsync [2] (win32k.sys)
1253: 99dd737a NtUserSoundSentry [0] (win32k.sys)
1254: 99cff1e5 NtUserSwitchDesktop [2] (win32k.sys)
1255: 99d9ec7f NtUserSystemParametersInfo [4] (win32k.sys)
1256: 99e3038f NtUserTestForInteractiveUser [1] (win32k.sys)
1257: 99e1626e NtUserThunkedMenuInfo [2] (win32k.sys)
1258: 99d80ba0 NtUserThunkedMenuItemInfo [6] (win32k.sys)
1259: 99e2ff1c NtUserToUnicodeEx [7] (win32k.sys)
125a: 99d6b3cd NtUserTrackMouseEvent [1] (win32k.sys)
125b: 99e1647e NtUserTrackPopupMenuEx [6] (win32k.sys)
125c: 99dd0aa2 NtUserCalculatePopupWindowPosition [5] (win32k.sys)
125d: 99d6d948 NtUserCalcMenuBar [5] (win32k.sys)
125e: 99d4ee60 NtUserPaintMenuBar [6] (win32k.sys)
125f: 99ddb62c NtUserTranslateAccelerator [3] (win32k.sys)
1260: 99e23a31 NtUserTranslateMessage [2] (win32k.sys)
1261: 99d9539d NtUserUnhookWindowsHookEx [1] (win32k.sys)
1262: 99d5433a NtUserUnhookWinEvent [1] (win32k.sys)
1263: 99e30836 NtUserUnloadKeyboardLayout [1] (win32k.sys)
1264: 99d005bf NtUserUnlockWindowStation [1] (win32k.sys)
1265: 99d99ab8 NtUserUnregisterClass [3] (win32k.sys)
1266: 99cf2993 NtUserUnregisterUserApiHook [0] (win32k.sys)
1267: 99e23e17 NtUserUnregisterHotKey [2] (win32k.sys)
1268: 99d5beee NtUserUpdateInputContext [3] (win32k.sys)
1269: 99e2ee0c NtUserUpdateInstance [3] (win32k.sys)
126a: 99d393b4 NtUserUpdateLayeredWindow [10] (win32k.sys)
126b: 99e3307c NtUserGetLayeredWindowAttributes [4] (win32k.sys)
126c: 99d47bd2 NtUserSetLayeredWindowAttributes [4] (win32k.sys)
126d: 99ceb83a NtUserUpdatePerUserSystemParameters [1] (win32k.sys)
126e: 99e30578 NtUserUserHandleGrantAccess [3] (win32k.sys)
126f: 99e11a67 NtUserValidateHandleSecure [1] (win32k.sys)
1270: 99df6134 NtUserValidateRect [2] (win32k.sys)
1271: 99d9f59b NtUserValidateTimerCallback [1] (win32k.sys)
1272: 99d19043 NtUserVkKeyScanEx [3] (win32k.sys)
1273: 99dfff41 NtUserWaitForInputIdle [3] (win32k.sys)
1274: 99e2ed09 NtUserWaitForMsgAndEvent [1] (win32k.sys)
1275: 99d6c630 NtUserWaitMessage [0] (win32k.sys)
1276: 99e26ab5 NtUserWindowFromPhysicalPoint [2] (win32k.sys)
1277: 99e1b9de NtUserWindowFromPoint [2] (win32k.sys)
1278: 99e3008f NtUserYieldTask [0] (win32k.sys)
1279: 99cfd125 NtUserRemoteConnect [3] (win32k.sys)
127a: 99e2eb81 NtUserRemoteRedrawRectangle [4] (win32k.sys)
127b: 99e2ebd8 NtUserRemoteRedrawScreen [0] (win32k.sys)
127c: 99e2ec28 NtUserRemoteStopScreenUpdates [0] (win32k.sys)
127d: 99e34c29 NtUserCtxDisplayIOCtl [3] (win32k.sys)
127e: 99ce598f NtUserRegisterSessionPort [2] (win32k.sys)
127f: 99e33894 NtUserUnregisterSessionPort [0] (win32k.sys)
1280: 99e32f85 NtUserUpdateWindowTransform [3] (win32k.sys)
1281: 99d07d3b NtUserDwmStartRedirection [1] (win32k.sys)
1282: 99de01b4 NtUserDwmStopRedirection [0] (win32k.sys)
1283: 99d2faf9 NtUserGetWindowMinimizeRect [2] (win32k.sys)
1284: 99dd8683 NtUserSfmDxBindSwapChain [3] (win32k.sys)
1285: 99dd83d8 NtUserSfmDxOpenSwapChain [4] (win32k.sys)
1286: 99de61e3 NtUserSfmDxReleaseSwapChain [2] (win32k.sys)
1287: 99dd74bd NtUserSfmDxQuerySwapChainBindingStatus [2] (win32k.sys)
1288: 99dd9376 NtUserSfmDxGetSwapChainStats [2] (win32k.sys)
1289: 99dbe53d NtUserSfmDxSetSwapChainStats [2] (win32k.sys)
128a: 99e338cf NtUserSfmCreateLogicalSurface [4] (win32k.sys)
128b: 99e33a18 NtUserSfmDestroyLogicalSurface [1] (win32k.sys)
128c: 99e33ea8 NtUserGestureCommand [5] (win32k.sys)
128d: 99e34300 NtUserModifyWindowTouchCapability [3] (win32k.sys)
128e: 99e34367 NtUserIsTouchWindow [2] (win32k.sys)
128f: 99e343f3 NtUserSendTouchInput [4] (win32k.sys)
1290: 99e34537 NtUserEndTouchOperation [1] (win32k.sys)
1291: 99e345c8 NtUserGetTouchInputInfo [4] (win32k.sys)
1292: 99d5e0cf NtUserChangeWindowMessageFilterEx [4] (win32k.sys)
1293: 99e346a9 NtUserInjectGesture [5] (win32k.sys)
1294: 99e34875 NtUserGetGestureInfo [2] (win32k.sys)
1295: 99e3493a NtUserGetGestureExtArgs [3] (win32k.sys)
1296: 99e34a14 NtUserManageGestureHandlerWindow [2] (win32k.sys)
1297: 99ce600d NtUserSetGestureConfig [5] (win32k.sys)
1298: 99e34a96 NtUserGetGestureConfig [6] (win32k.sys)
1299: 99e90e45 NtGdiEngAssociateSurface [3] (win32k.sys)
129a: 99e90f55 NtGdiEngCreateBitmap [6] (win32k.sys)
129b: 99e9060e NtGdiEngCreateDeviceSurface [4] (win32k.sys)
129c: 99e9063f NtGdiEngCreateDeviceBitmap [4] (win32k.sys)
129d: 99e075ae NtGdiEngCreatePalette [6] (win32k.sys)
129e: 99e94174 NtGdiEngComputeGlyphSet [3] (win32k.sys)
129f: 99e91079 NtGdiEngCopyBits [6] (win32k.sys)
12a0: 99e0e62a NtGdiEngDeletePalette [1] (win32k.sys)
12a1: 99e90edb NtGdiEngDeleteSurface [1] (win32k.sys)
12a2: 99e92899 NtGdiEngEraseSurface [3] (win32k.sys)
12a3: 99e91977 NtGdiEngUnlockSurface [1] (win32k.sys)
12a4: 99e91940 NtGdiEngLockSurface [1] (win32k.sys)
12a5: 99e919aa NtGdiEngBitBlt [11] (win32k.sys)
12a6: 99e9120e NtGdiEngStretchBlt [11] (win32k.sys)
12a7: 99e91760 NtGdiEngPlgBlt [11] (win32k.sys)
12a8: 99e90f08 NtGdiEngMarkBandingSurface [1] (win32k.sys)
12a9: 99e91c69 NtGdiEngStrokePath [8] (win32k.sys)
12aa: 99e91e19 NtGdiEngFillPath [7] (win32k.sys)
12ab: 99e91f80 NtGdiEngStrokeAndFillPath [10] (win32k.sys)
12ac: 99e92169 NtGdiEngPaint [5] (win32k.sys)
12ad: 99e9227d NtGdiEngLineTo [9] (win32k.sys)
12ae: 99e923a0 NtGdiEngAlphaBlend [7] (win32k.sys)
12af: 99e9250b NtGdiEngGradientFill [10] (win32k.sys)
12b0: 99e92741 NtGdiEngTransparentBlt [8] (win32k.sys)
12b1: 99e937d1 NtGdiEngTextOut [10] (win32k.sys)
12b2: 99e91473 NtGdiEngStretchBltROP [13] (win32k.sys)
12b3: 99e9353a NtGdiXLATEOBJ_cGetPalette [4] (win32k.sys)
12b4: 99e935fa NtGdiXLATEOBJ_iXlate [2] (win32k.sys)
12b5: 99e934f3 NtGdiXLATEOBJ_hGetColorTransform [1] (win32k.sys)
12b6: 99e92a79 NtGdiCLIPOBJ_bEnum [3] (win32k.sys)
12b7: 99e92a20 NtGdiCLIPOBJ_cEnumStart [5] (win32k.sys)
12b8: 99e92958 NtGdiCLIPOBJ_ppoGetPath [1] (win32k.sys)
12b9: 99e9298f NtGdiEngDeletePath [1] (win32k.sys)
12ba: 99e929c2 NtGdiEngCreateClip [0] (win32k.sys)
12bb: 99e929ed NtGdiEngDeleteClip [1] (win32k.sys)
12bc: 99e92bb8 NtGdiBRUSHOBJ_ulGetBrushColor [1] (win32k.sys)
12bd: 99e92b27 NtGdiBRUSHOBJ_pvAllocRbrush [2] (win32k.sys)
12be: 99e92b71 NtGdiBRUSHOBJ_pvGetRbrush [1] (win32k.sys)
12bf: 99e92c1a NtGdiBRUSHOBJ_hGetColorTransform [1] (win32k.sys)
12c0: 99e92c61 NtGdiXFORMOBJ_bApplyXform [5] (win32k.sys)
12c1: 99e92db7 NtGdiXFORMOBJ_iGetXform [2] (win32k.sys)
12c2: 99e92e60 NtGdiFONTOBJ_vGetInfo [3] (win32k.sys)
12c3: 99e9301a NtGdiFONTOBJ_pxoGetXform [1] (win32k.sys)
12c4: 99e93999 NtGdiFONTOBJ_cGetGlyphs [5] (win32k.sys)
12c5: 99e93d1a NtGdiFONTOBJ_pifi [1] (win32k.sys)
12c6: 99e93b19 NtGdiFONTOBJ_pfdg [1] (win32k.sys)
12c7: 99e93c12 NtGdiFONTOBJ_pQueryGlyphAttrs [2] (win32k.sys)
12c8: 99e93426 NtGdiFONTOBJ_pvTrueTypeFontFile [2] (win32k.sys)
12c9: 99e92f4e NtGdiFONTOBJ_cGetAllGlyphHandles [2] (win32k.sys)
12ca: 99e93f44 NtGdiSTROBJ_bEnum [3] (win32k.sys)
12cb: 99e93f62 NtGdiSTROBJ_bEnumPositionsOnly [3] (win32k.sys)
12cc: 99e93f80 NtGdiSTROBJ_bGetAdvanceWidths [4] (win32k.sys)
12cd: 99e93051 NtGdiSTROBJ_vEnumStart [1] (win32k.sys)
12ce: 99e9308e NtGdiSTROBJ_dwGetCodePage [1] (win32k.sys)
12cf: 99e931a7 NtGdiPATHOBJ_vGetBounds [2] (win32k.sys)
12d0: 99e9405a NtGdiPATHOBJ_bEnum [2] (win32k.sys)
12d1: 99e93229 NtGdiPATHOBJ_vEnumStart [1] (win32k.sys)
12d2: 99e93266 NtGdiPATHOBJ_vEnumStartClipLines [4] (win32k.sys)
12d3: 99e93310 NtGdiPATHOBJ_bEnumClipLines [3] (win32k.sys)
12d4: 99e930d5 NtGdiGetDhpdev [1] (win32k.sys)
12d5: 99e93645 NtGdiEngCheckAbort [1] (win32k.sys)
12d6: 99e936a7 NtGdiHT_Get8BPPFormatPalette [4] (win32k.sys)
12d7: 99e93732 NtGdiHT_Get8BPPMaskPalette [6] (win32k.sys)
12d8: 99e7ceeb NtGdiUpdateTransform [1] (win32k.sys)
12d9: 99e06290 NtGdiSetPUMPDOBJ [4] (win32k.sys)
12da: 99e9310b NtGdiBRUSHOBJ_DeleteRbrush [2] (win32k.sys)
12db: 99e864c4 NtGdiUnmapMemFont [1] (win32k.sys)
12dc: 99db466d NtGdiDrawStream [3] (win32k.sys)
12dd: 99d4b1b1 NtGdiDwmGetDirtyRgn [5] (win32k.sys)
12de: 99dbd5db NtGdiSfmGetNotificationTokens [3] (win32k.sys)
12df: 99d64b50 NtGdiHLSurfGetInformation [4] (win32k.sys)
12e0: 99d6513c NtGdiHLSurfSetInformation [4] (win32k.sys)
12e1: 99d62d1d NtGdiDdDDICreateAllocation [1] (win32k.sys)
12e2: 99d65f80 NtGdiDdDDIQueryResourceInfo [1] (win32k.sys)
12e3: 99d65f9f NtGdiDdDDIOpenResource [1] (win32k.sys)
12e4: 99d6bc28 NtGdiDdDDIDestroyAllocation [1] (win32k.sys)
12e5: 99de9e75 NtGdiDdDDISetAllocationPriority [1] (win32k.sys)
12e6: 99e2e58c NtGdiDdDDIQueryAllocationResidency [1] (win32k.sys)
12e7: 99d14a37 NtGdiDdDDICreateDevice [1] (win32k.sys)
12e8: 99decc0c NtGdiDdDDIDestroyDevice [1] (win32k.sys)
12e9: 99d14a56 NtGdiDdDDICreateContext [1] (win32k.sys)
12ea: 99decc2b NtGdiDdDDIDestroyContext [1] (win32k.sys)
12eb: 99dd92f7 NtGdiDdDDICreateSynchronizationObject [1] (win32k.sys)
12ec: 99e65677 NtGdiDdDDIOpenSynchronizationObject [1] (win32k.sys)
12ed: 99dd9335 NtGdiDdDDIDestroySynchronizationObject [1] (win32k.sys)
12ee: 99e65696 NtGdiDdDDIWaitForSynchronizationObject [1] (win32k.sys)
12ef: 99dd9316 NtGdiDdDDISignalSynchronizationObject [1] (win32k.sys)
12f0: 99e656b5 NtGdiDdDDIGetRuntimeData [1] (win32k.sys)
12f1: 99d14c49 NtGdiDdDDIQueryAdapterInfo [1] (win32k.sys)
12f2: 99d52a63 NtGdiDdDDILock [1] (win32k.sys)
12f3: 99d52a82 NtGdiDdDDIUnlock [1] (win32k.sys)
12f4: 99dea333 NtGdiDdDDIGetDisplayModeList [1] (win32k.sys)
12f5: 99d149e6 NtGdiDdDDISetDisplayMode [1] (win32k.sys)
12f6: 99e656d4 NtGdiDdDDIGetMultisampleMethodList [1] (win32k.sys)
12f7: 99dbe782 NtGdiDdDDIPresent [1] (win32k.sys)
12f8: 99dbd819 NtGdiDdDDIRender [1] (win32k.sys)
12f9: 99d009c9 NtGdiDdDDIOpenAdapterFromDeviceName [1] (win32k.sys)
12fa: 99d14a75 NtGdiDdDDIOpenAdapterFromHdc [1] (win32k.sys)
12fb: 99d16e32 NtGdiDdDDICloseAdapter [1] (win32k.sys)
12fc: 99de1c95 NtGdiDdDDIGetSharedPrimaryHandle [1] (win32k.sys)
12fd: 99d16e57 NtGdiDdDDIEscape [1] (win32k.sys)
12fe: 99e656f3 NtGdiDdDDIQueryStatistics [1] (win32k.sys)
12ff: 99d0ec31 NtGdiDdDDISetVidPnSourceOwner [1] (win32k.sys)
1300: 99dbd7f4 NtGdiDdDDIGetPresentHistory [1] (win32k.sys)
1301: 99d0a1d5 NtGdiDdDDIGetPresentQueueEvent [2] (win32k.sys)
1302: 99e65712 NtGdiDdDDICreateOverlay [1] (win32k.sys)
1303: 99e65731 NtGdiDdDDIUpdateOverlay [1] (win32k.sys)
1304: 99e65750 NtGdiDdDDIFlipOverlay [1] (win32k.sys)
1305: 99e6576f NtGdiDdDDIDestroyOverlay [1] (win32k.sys)
1306: 99dbe4d0 NtGdiDdDDIWaitForVerticalBlankEvent [1] (win32k.sys)
1307: 99e6578e NtGdiDdDDISetGammaRamp [1] (win32k.sys)
1308: 99dbe3f9 NtGdiDdDDIGetDeviceState [1] (win32k.sys)
1309: 99dd4efc NtGdiDdDDICreateDCFromMemory [1] (win32k.sys)
130a: 99dd4ce1 NtGdiDdDDIDestroyDCFromMemory [1] (win32k.sys)
130b: 99dea314 NtGdiDdDDISetContextSchedulingPriority [1] (win32k.sys)
130c: 99e657ad NtGdiDdDDIGetContextSchedulingPriority [1] (win32k.sys)
130d: 99d06e81 NtGdiDdDDISetProcessSchedulingPriorityClass [2] (win32k.sys)
130e: 99e657cc NtGdiDdDDIGetProcessSchedulingPriorityClass [2] (win32k.sys)
130f: 99e657eb NtGdiDdDDIReleaseProcessVidPnSourceOwners [1] (win32k.sys)
1310: 99dd7f23 NtGdiDdDDIGetScanLine [1] (win32k.sys)
1311: 99dd8e6c NtGdiDdDDISetQueuedLimit [1] (win32k.sys)
1312: 99e65823 NtGdiDdDDIPollDisplayChildren [1] (win32k.sys)
1313: 99e65842 NtGdiDdDDIInvalidateActiveVidPn [1] (win32k.sys)
1314: 99e65861 NtGdiDdDDICheckOcclusion [1] (win32k.sys)
1315: 99e65880 NtGdiDdDDIWaitForIdle [1] (win32k.sys)
1316: 99dbe50e NtGdiDdDDICheckMonitorPowerState [1] (win32k.sys)
1317: 99dd8838 NtGdiDdDDICheckExclusiveOwnership [0] (win32k.sys)
1318: 99e6589f NtGdiDdDDISetDisplayPrivateDriverFormat [1] (win32k.sys)
1319: 99e6696a NtGdiDdDDISharedPrimaryLockNotification [1] (win32k.sys)
131a: 99e669d9 NtGdiDdDDISharedPrimaryUnLockNotification [1] (win32k.sys)
131b: 99e658be NtGdiDdDDICreateKeyedMutex [1] (win32k.sys)
131c: 99e658dd NtGdiDdDDIOpenKeyedMutex [1] (win32k.sys)
131d: 99e658fc NtGdiDdDDIDestroyKeyedMutex [1] (win32k.sys)
131e: 99e6591b NtGdiDdDDIAcquireKeyedMutex [1] (win32k.sys)
131f: 99e6593a NtGdiDdDDIReleaseKeyedMutex [1] (win32k.sys)
1320: 99dd8664 NtGdiDdDDIConfigureSharedResource [1] (win32k.sys)
1321: 99e65959 NtGdiDdDDIGetOverlayState [1] (win32k.sys)
1322: 99dbe4ef NtGdiDdDDICheckVidPnExclusiveOwnership [1] (win32k.sys)
1323: 99dd88fa NtGdiDdDDICheckSharedResourceAccess [1] (win32k.sys)
1324: 99dd160e DxgStubGetDC [2] (win32k.sys)
1325: 99dfb612 DxgStubValidateTextureStageState [1] (win32k.sys)
1326: 99e94511 NtGdiGetNumberOfPhysicalMonitors [2] (win32k.sys)
1327: 99e94540 NtGdiGetPhysicalMonitors [4] (win32k.sys)
1328: 99e94ee9 NtGdiGetPhysicalMonitorDescription [3] (win32k.sys)
1329: 99e951fd NtGdiDestroyPhysicalMonitor [1] (win32k.sys)
132a: 99e94f8e NtGdiDDCCIGetVCPFeature [5] (win32k.sys)
132b: 99e95020 NtGdiDDCCISetVCPFeature [3] (win32k.sys)
132c: 99e95036 NtGdiDDCCISaveCurrentSettings [1] (win32k.sys)
132d: 99e953a0 NtGdiDDCCIGetCapabilitiesStringLength [2] (win32k.sys)
132e: 99e953ff NtGdiDDCCIGetCapabilitiesString [3] (win32k.sys)
132f: 99e9504c NtGdiDDCCIGetTimingReport [2] (win32k.sys)
1330: 99e65baa NtGdiDdCreateFullscreenSprite [4] (win32k.sys)
1331: 99e65bba NtGdiDdNotifyFullscreenSpriteUpdate [2] (win32k.sys)
1332: 99e65bca NtGdiDdDestroyFullscreenSprite [2] (win32k.sys)
1333: 99e65bda NtGdiDdQueryVisRgnUniqueness [0] (win32k.sys)
1334: 99e2fd83 NtUserSetMirrorRendering [2] (win32k.sys)
1335: 99e2fe08 NtUserShowSystemCursor [1] (win32k.sys)
1336: 99dead78 NtUserMagControl [2] (win32k.sys)
1337: 99deaede NtUserMagSetContextInformation [4] (win32k.sys)
1338: 99e3402a NtUserMagGetContextInformation [4] (win32k.sys)
1339: 99ded135 NtUserHwndQueryRedirectionInfo [4] (win32k.sys)
133a: 99ddda45 NtUserHwndSetRedirectionInfo [4] (win32k.sys)


Archived Entries for omeg
Subject # Views Created On
Windows 7 kernel structures 7541     Monday, January 19 2009
Self-modifying TLS callbacks 11952     Tuesday, April 8 2008
Non-continuable exception trick 23337     Saturday, March 15 2008
Different versions of Windows kernel structures 3949     Tuesday, March 11 2008
Null pointer dereference in win32k 6442     Saturday, November 24 2007
Dancing with exceptions 3925     Monday, July 30 2007
Mysteries of win32k & GDI - Win32Thread 3233     Saturday, July 14 2007
Syscall lister 7787     Monday, July 9 2007

There are 31,312 total registered users.


Recently Created Topics
[help] Unpacking VMP...
Mar/12
Reverse Engineering ...
Jul/06
hi!
Jul/01
let 'IDAPython' impo...
Sep/24
set 'IDAPython' as t...
Sep/24
GuessType return une...
Sep/20
About retrieving the...
Sep/07
How to find specific...
Aug/15
How to get data depe...
Jul/07
Identify RVA data in...
May/06


Recent Forum Posts
Finding the procedur...
rolEYder
Question about debbu...
rolEYder
Identify RVA data in...
sohlow
let 'IDAPython' impo...
sohlow
How to find specific...
hackgreti
Problem with ollydbg
sh3dow
How can I write olly...
sh3dow
New LoadMAP plugin v...
mefisto...
Intel pin in loaded ...
djnemo
OOP_RE tool available?
Bl4ckm4n


Recent Blog Entries
halsten
Mar/14
Breaking IonCUBE VM
oleavr
Oct/24
Anatomy of a code tracer
hasherezade
Sep/24
IAT Patcher - new tool for ...
oleavr
Aug/27
CryptoShark: code tracer ba...
oleavr
Jun/25
Build a debugger in 5 minutes
More ...


Recent Blog Comments
nieo on:
Mar/22
IAT Patcher - new tool for ...
djnemo on:
Nov/17
Kernel debugger vs user mod...
acel on:
Nov/14
Kernel debugger vs user mod...
pedram on:
Dec/21
frida.github.io: scriptable...
capadleman on:
Jun/19
Using NtCreateThreadEx for ...
More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit