能力值:
( LV2,RANK:10 )
|
-
-
4 楼
给你一个表
char* g_KiServiceTableName[402] = {
"NtMapUserPhysicalPagesScatter"
, "NtWaitForSingleObject"
, "NtCallbackReturn"
, "NtReadFile"
, "NtDeviceIoControlFile"
, "NtWriteFile"
, "NtRemoveIoCompletion"
, "NtReleaseSemaphore"
, "NtReplyWaitReceivePort"
, "NtReplyPort"
, "NtSetInformationThread"
, "NtSetEvent"
, "NtClose"
, "NtQueryObject"
, "NtQueryInformationFile"
, "NtOpenKey"
, "NtEnumerateValueKey"
, "NtFindAtom"
, "NtQueryDefaultLocale"
, "NtQueryKey"
, "NtQueryValueKey"
, "NtAllocateVirtualMemory"
, "NtQueryInformationProcess"
, "NtWaitForMultipleObjects32"
, "NtWriteFileGather"
, "NtSetInformationProcess"
, "NtCreateKey"
, "NtFreeVirtualMemory"
, "NtImpersonateClientOfPort"
, "NtReleaseMutant"
, "NtQueryInformationToken"
, "NtRequestWaitReplyPort"
, "NtQueryVirtualMemory"
, "NtOpenThreadToken"
, "NtQueryInformationThread"
, "NtOpenProcess"
, "NtSetInformationFile"
, "NtMapViewOfSection"
, "NtAccessCheckAndAuditAlarm"
, "NtUnmapViewOfSection"
, "NtReplyWaitReceivePortEx"
, "NtTerminateProcess"
, "NtSetEventBoostPriority"
, "NtReadFileScatter"
, "NtOpenThreadTokenEx"
, "NtOpenProcessTokenEx"
, "NtQueryPerformanceCounter"
, "NtEnumerateKey"
, "NtOpenFile"
, "NtDelayExecution"
, "NtQueryDirectoryFile"
, "NtQuerySystemInformation"
, "NtOpenSection"
, "NtQueryTimer"
, "NtFsControlFile"
, "NtWriteVirtualMemory"
, "NtCloseObjectAuditAlarm"
, "NtDuplicateObject"
, "NtQueryAttributesFile"
, "NtClearEvent"
, "NtReadVirtualMemory"
, "NtOpenEvent"
, "NtAdjustPrivilegesToken"
, "NtDuplicateToken"
, "NtContinue"
, "NtQueryDefaultUILanguage"
, "NtQueueApcThread"
, "NtYieldExecution"
, "NtAddAtom"
, "NtCreateEvent"
, "NtQueryVolumeInformationFile"
, "NtCreateSection"
, "NtFlushBuffersFile"
, "NtApphelpCacheControl"
, "NtCreateProcessEx"
, "NtCreateThread"
, "NtIsProcessInJob"
, "NtProtectVirtualMemory"
, "NtQuerySection"
, "NtResumeThread"
, "NtTerminateThread"
, "NtReadRequestData"
, "NtCreateFile"
, "NtQueryEvent"
, "NtWriteRequestData"
, "NtOpenDirectoryObject"
, "NtAccessCheckByTypeAndAuditAlarm"
, "NtQuerySystemTime"
, "NtWaitForMultipleObjects"
, "NtSetInformationObject"
, "NtCancelIoFile"
, "NtTraceEvent"
, "NtPowerInformation"
, "NtSetValueKey"
, "NtCancelTimer"
, "NtSetTimer"
, "NtAcceptConnectPort"
, "NtAccessCheck"
, "NtAccessCheckByType"
, "NtAccessCheckByTypeResultList"
, "NtAccessCheckByTypeResultListAndAuditAlarm"
, "NtAccessCheckByTypeResultListAndAuditAlarmByHandle"
, "NtAddBootEntry"
, "NtAddDriverEntry"
, "NtAdjustGroupsToken"
, "NtAlertResumeThread"
, "NtAlertThread"
, "NtAllocateLocallyUniqueId"
, "NtAllocateReserveObject"
, "NtAllocateUserPhysicalPages"
, "NtAllocateUuids"
, "NtAlpcAcceptConnectPort"
, "NtAlpcCancelMessage"
, "NtAlpcConnectPort"
, "NtAlpcCreatePort"
, "NtAlpcCreatePortSection"
, "NtAlpcCreateResourceReserve"
, "NtAlpcCreateSectionView"
, "NtAlpcCreateSecurityContext"
, "NtAlpcDeletePortSection"
, "NtAlpcDeleteResourceReserve"
, "NtAlpcDeleteSectionView"
, "NtAlpcDeleteSecurityContext"
, "NtAlpcDisconnectPort"
, "NtAlpcImpersonateClientOfPort"
, "NtAlpcOpenSenderProcess"
, "NtAlpcOpenSenderThread"
, "NtAlpcQueryInformation"
, "NtAlpcQueryInformationMessage"
, "NtAlpcRevokeSecurityContext"
, "NtAlpcSendWaitReceivePort"
, "NtAlpcSetInformation"
, "NtAreMappedFilesTheSame"
, "NtAssignProcessToJobObject"
, "NtCancelIoFileEx"
, "NtCancelSynchronousIoFile"
, "NtCommitComplete"
, "NtCommitEnlistment"
, "NtCommitTransaction"
, "NtCompactKeys"
, "NtCompareTokens"
, "xHalGetInterruptTranslator"
, "NtCompressKey"
, "NtConnectPort"
, "NtCreateDebugObject"
, "NtCreateDirectoryObject"
, "NtCreateEnlistment"
, "NtCreateEventPair"
, "NtCreateIoCompletion"
, "NtCreateJobObject"
, "NtCreateJobSet"
, "NtCreateKeyTransacted"
, "NtCreateKeyedEvent"
, "NtCreateMailslotFile"
, "NtCreateMutant"
, "NtCreateNamedPipeFile"
, "NtCreatePagingFile"
, "NtCreatePort"
, "NtCreatePrivateNamespace"
, "NtCreateProcess"
, "NtCreateProfile"
, "NtCreateProfileEx"
, "NtCreateResourceManager"
, "NtCreateSemaphore"
, "NtCreateSymbolicLinkObject"
, "NtCreateThreadEx"
, "NtCreateTimer"
, "NtCreateToken"
, "NtCreateTransaction"
, "NtCreateTransactionManager"
, "NtCreateUserProcess"
, "NtCreateWaitablePort"
, "NtCreateWorkerFactory"
, "NtDebugActiveProcess"
, "NtDebugContinue"
, "NtDeleteAtom"
, "NtDeleteBootEntry"
, "NtDeleteDriverEntry"
, "NtDeleteFile"
, "NtDeleteKey"
, "NtDeleteObjectAuditAlarm"
, "NtDeletePrivateNamespace"
, "NtDeleteValueKey"
, "NtDisableLastKnownGood"
, "NtDisplayString"
, "NtDrawText"
, "NtEnableLastKnownGood"
, "NtEnumerateBootEntries"
, "NtEnumerateDriverEntries"
, "NtEnumerateSystemEnvironmentValuesEx"
, "NtEnumerateTransactionObject"
, "NtExtendSection"
, "NtFilterToken"
, "NtFlushInstallUILanguage"
, "NtFlushInstructionCache"
, "NtFlushKey"
, "NtFlushProcessWriteBuffers"
, "NtFlushVirtualMemory"
, "NtFlushWriteBuffer"
, "NtFreeUserPhysicalPages"
, "NtFreezeRegistry"
, "NtFreezeTransactions"
, "NtGetContextThread"
, "NtGetCurrentProcessorNumber"
, "NtGetDevicePowerState"
, "NtGetMUIRegistryInfo"
, "NtGetNextProcess"
, "NtGetNextThread"
, "NtGetNlsSectionPtr"
, "NtGetNotificationResourceManager"
, "NtGetPlugPlayEvent"
, "NtGetWriteWatch"
, "NtImpersonateAnonymousToken"
, "NtImpersonateThread"
, "NtInitializeNlsFiles"
, "NtInitializeRegistry"
, "NtInitiatePowerAction"
, "NtIsSystemResumeAutomatic"
, "NtIsUILanguageComitted"
, "NtListenPort"
, "NtLoadDriver"
, "NtLoadKey"
, "NtLoadKey2"
, "NtLoadKeyEx"
, "NtLockFile"
, "NtLockProductActivationKeys"
, "NtLockRegistryKey"
, "NtLockVirtualMemory"
, "NtMakePermanentObject"
, "NtMakeTemporaryObject"
, "NtMapCMFModule"
, "NtMapUserPhysicalPages"
, "NtModifyBootEntry"
, "NtModifyDriverEntry"
, "NtNotifyChangeDirectoryFile"
, "NtNotifyChangeKey"
, "NtNotifyChangeMultipleKeys"
, "NtNotifyChangeSession"
, "NtOpenEnlistment"
, "NtOpenEventPair"
, "NtOpenIoCompletion"
, "NtOpenJobObject"
, "NtOpenKeyEx"
, "NtOpenKeyTransacted"
, "NtOpenKeyTransactedEx"
, "NtOpenKeyedEvent"
, "NtOpenMutant"
, "NtOpenObjectAuditAlarm"
, "NtOpenPrivateNamespace"
, "NtOpenProcessToken"
, "NtOpenResourceManager"
, "NtOpenSemaphore"
, "NtOpenSession"
, "NtOpenSymbolicLinkObject"
, "NtOpenThread"
, "NtOpenTimer"
, "NtOpenTransaction"
, "NtOpenTransactionManager"
, "NtPlugPlayControl"
, "NtPrePrepareComplete"
, "NtPrePrepareEnlistment"
, "NtPrepareComplete"
, "NtPrepareEnlistment"
, "NtPrivilegeCheck"
, "NtPrivilegeObjectAuditAlarm"
, "NtPrivilegedServiceAuditAlarm"
, "NtPropagationComplete"
, "NtPropagationFailed"
, "NtPulseEvent"
, "NtQueryBootEntryOrder"
, "NtQueryBootOptions"
, "NtQueryDebugFilterState"
, "NtQueryDirectoryObject"
, "NtQueryDriverEntryOrder"
, "NtQueryEaFile"
, "NtQueryFullAttributesFile"
, "NtQueryInformationAtom"
, "NtQueryInformationEnlistment"
, "NtQueryInformationJobObject"
, "NtQueryInformationPort"
, "NtQueryInformationResourceManager"
, "NtQueryInformationTransaction"
, "NtQueryInformationTransactionManager"
, "NtQueryInformationWorkerFactory"
, "NtQueryInstallUILanguage"
, "NtQueryIntervalProfile"
, "NtQueryIoCompletion"
, "NtQueryLicenseValue"
, "NtQueryMultipleValueKey"
, "NtQueryMutant"
, "NtQueryOpenSubKeys"
, "NtQueryOpenSubKeysEx"
, "NtQueryPortInformationProcess"
, "NtQueryQuotaInformationFile"
, "NtQuerySecurityAttributesToken"
, "NtQuerySecurityObject"
, "NtQuerySemaphore"
, "NtQuerySymbolicLinkObject"
, "NtQuerySystemEnvironmentValue"
, "NtQuerySystemEnvironmentValueEx"
, "NtQuerySystemInformationEx"
, "NtQueryTimerResolution"
, "NtQueueApcThreadEx"
, "NtRaiseException"
, "NtRaiseHardError"
, "NtReadOnlyEnlistment"
, "NtRecoverEnlistment"
, "NtRecoverResourceManager"
, "NtRecoverTransactionManager"
, "NtRegisterProtocolAddressInformation"
, "NtRegisterThreadTerminatePort"
, "NtReleaseKeyedEvent"
, "NtReleaseWorkerFactoryWorker"
, "NtRemoveIoCompletionEx"
, "NtRemoveProcessDebug"
, "NtRenameKey"
, "NtRenameTransactionManager"
, "NtReplaceKey"
, "NtReplacePartitionUnit"
, "NtReplyWaitReplyPort"
, "NtRequestPort"
, "NtResetEvent"
, "NtResetWriteWatch"
, "NtRestoreKey"
, "NtResumeProcess"
, "NtRollbackComplete"
, "NtRollbackEnlistment"
, "NtRollbackTransaction"
, "NtRollforwardTransactionManager"
, "NtSaveKey"
, "NtSaveKeyEx"
, "NtSaveMergedKeys"
, "NtSecureConnectPort"
, "NtSerializeBoot"
, "NtSetBootEntryOrder"
, "NtSetBootOptions"
, "NtSetContextThread"
, "NtSetDebugFilterState"
, "NtSetDefaultHardErrorPort"
, "NtSetDefaultLocale"
, "NtSetDefaultUILanguage"
, "NtSetDriverEntryOrder"
, "NtSetEaFile"
, "NtSetHighEventPair"
, "NtSetHighWaitLowEventPair"
, "NtSetInformationDebugObject"
, "NtSetInformationEnlistment"
, "NtSetInformationJobObject"
, "NtSetInformationKey"
, "NtSetInformationResourceManager"
, "NtSetInformationToken"
, "NtSetInformationTransaction"
, "NtSetInformationTransactionManager"
, "NtSetInformationWorkerFactory"
, "NtSetIntervalProfile"
, "NtSetIoCompletion"
, "NtSetIoCompletionEx"
, "xKdSetupPciDeviceForDebugging"
, "NtSetLowEventPair"
, "NtSetLowWaitHighEventPair"
, "NtSetQuotaInformationFile"
, "NtSetSecurityObject"
, "NtSetSystemEnvironmentValue"
, "NtSetSystemEnvironmentValueEx"
, "NtSetSystemInformation"
, "NtSetSystemPowerState"
, "NtSetSystemTime"
, "NtSetThreadExecutionState"
, "NtSetTimerEx"
, "NtSetTimerResolution"
, "NtSetUuidSeed"
, "NtSetVolumeInformationFile"
, "NtShutdownSystem"
, "NtShutdownWorkerFactory"
, "NtSignalAndWaitForSingleObject"
, "NtSinglePhaseReject"
, "NtStartProfile"
, "NtStopProfile"
, "NtSuspendProcess"
, "NtSuspendThread"
, "NtSystemDebugControl"
, "NtTerminateJobObject"
, "NtTestAlert"
, "NtThawRegistry"
, "NtThawTransactions"
, "NtTraceControl"
, "NtTranslateFilePath"
, "NtUmsThreadYield"
, "NtUnloadDriver"
, "NtUnloadKey"
, "NtUnloadKey2"
, "NtUnloadKeyEx"
, "NtUnlockFile"
, "NtUnlockVirtualMemory"
, "NtVdmControl"
, "NtWaitForDebugEvent"
, "NtWaitForKeyedEvent"
, "NtWaitForWorkViaWorkerFactory"
, "NtWaitHighEventPair"
, "NtWaitLowEventPair"
, "NtWorkerFactoryWorkerReady"
};
|
