-
Notifications
You must be signed in to change notification settings - Fork 23
Expand file tree
/
Copy pathntdll_dll_syscalls.json
More file actions
1 lines (1 loc) · 13.8 KB
/
ntdll_dll_syscalls.json
File metadata and controls
1 lines (1 loc) · 13.8 KB
1
{"ZwResumeProcess": "168h", "ZwReleaseSemaphore": "0Ah", "ZwAllocateUserPhysicalPages": "71h", "ZwCancelIoFileEx": "8Dh", "ZwResetEvent": "165h", "ZwCreateProfile": "0B0h", "ZwRequestWaitReplyPort": "22h", "NtQueryDriverEntryOrder": "132h", "NtAlpcOpenSenderThread": "84h", "NtRegisterThreadTerminatePort": "15Ah", "NtWorkerFactoryWorkerReady": "1", "NtDebugActiveProcess": "0C2h", "NtSetInformationProcess": "1Ch", "ZwSaveMergedKeys": "171h", "NtPropagationComplete": "12Bh", "NtAlpcDisconnectPort": "80h", "ZwReadVirtualMemory": "3Fh", "ZwRollbackComplete": "16Ah", "NtWriteFile": "8", "ZwEnumerateDriverEntries": "0D3h", "ZwReadOnlyEnlistment": "155h", "ZwCreateTransactionManager": "0BCh", "ZwFlushKey": "0DDh", "ZwResumeThread": "52h", "ZwQueryAttributesFile": "3Dh", "ZwLockRegistryKey": "100h", "ZwQueryLicenseValue": "140h", "NtSetContextThread": "178h", "NtIsUILanguageComitted": "0F7h", "ZwIsSystemResumeAutomatic": "0F6h", "NtRollbackEnlistment": "16Bh", "NtQueryValueKey": "17h", "NtEnableLastKnownGood": "0D1h", "ZwAccessCheckByType": "63h", "NtDrawText": "0D0h", "NtAlpcDeletePortSection": "7Ch", "ZwStartProfile": "1A5h", "NtReplacePartitionUnit": "162h", "NtAlpcCreateSectionView": "7Ah", "ZwQueryMultipleValueKey": "141h", "NtApphelpCacheControl": "4Ch", "NtReadFile": "6", "ZwCreateRegistryTransaction": "0B2h", "ZwAlpcCreateResourceReserve": "79h", "NtQuerySystemInformation": "36h", "ZwReplyWaitReceivePort": "0Bh", "NtFreezeRegistry": "0E2h", "NtUnmapViewOfSectionEx": "1B8h", "NtLoadKey": "0FBh", "ZwStopProfile": "1A6h", "ZwWaitForWorkViaWorkerFactory": "1BFh", "NtCreateTimer2": "0B8h", "NtAlpcSetInformation": "89h", "ZwQuerySecurityAttributesToken": "147h", "NtCreateThread": "4Eh", "NtSetHighEventPair": "17Fh", "NtCreateUserProcess": "0BDh", "NtLockProductActivationKeys": "0FFh", "ZwQueryVirtualMemory": "23h", "NtSetTimerResolution": "19Dh", "NtCreateWorkerFactory": "0C1h", "NtTerminateThread": "53h", "ZwAccessCheckByTypeResultList": "64h", "ZwModifyDriverEntry": "108h", "ZwCreateKeyTransacted": "0A5h", "NtWaitForMultipleObjects": "5Bh", "NtIsProcessInJob": "4Fh", "NtRestoreKey": "167h", "ZwDelayExecution": "34h", "NtCommitComplete": "91h", "ZwMapUserPhysicalPagesScatter": "3", "ZwAccessCheckByTypeResultListAndAuditAlarm": "65h", "NtSetCachedSigningLevel2": "177h", "ZwAllocateVirtualMemory": "18h", "NtCreateResourceManager": "0B3h", "NtOpenEnlistment": "10Dh", "ZwSignalAndWaitForSingleObject": "1A3h", "NtGetNextProcess": "0EBh", "NtGetNotificationResourceManager": "0EEh", "ZwRemoveProcessDebug": "15Eh", "NtQueryQuotaInformationFile": "146h", "NtLoadEnclaveData": "0FAh", "ZwDeleteValueKey": "0CBh", "NtOpenEvent": "40h", "ZwTerminateProcess": "2Ch", "NtQueryFullAttributesFile": "134h", "ZwDeleteDriverEntry": "0C6h", "NtPropagationFailed": "12Ch", "ZwCreateMailslotFile": "0A8h", "NtSetInformationThread": "0Dh", "NtCancelTimer": "61h", "ZwImpersonateClientOfPort": "1Fh", "ZwFilterToken": "0D8h", "NtUnloadKey2": "1B4h", "ZwQueryDebugFilterState": "130h", "NtGetCompleteWnfStateSubscription": "0E5h", "ZwSetLdtEntries": "190h", "NtCreateWnfStateName": "0C0h", "ZwLoadKey2": "0FCh", "NtUnmapViewOfSection": "2Ah", "NtAlpcImpersonateClientContainerOfPort": "81h", "ZwGetNlsSectionPtr": "0EDh", "NtAcceptConnectPort": "2", "NtQuerySystemEnvironmentValue": "14Ch", "ZwShutdownWorkerFactory": "1A2h", "ZwGetContextThread": "0E6h", "ZwRemoveIoCompletion": "9", "NtAllocateReserveObject": "70h", "ZwOpenSymbolicLinkObject": "11Eh", "NtWaitLowEventPair": "1C1h", "NtOpenKey": "12h", "NtAlpcCreatePort": "77h", "ZwAllocateLocallyUniqueId": "6Fh", "NtAdjustPrivilegesToken": "41h", "NtQueryInformationProcess": "19h", "ZwUmsThreadYield": "1B1h", "ZwRecoverEnlistment": "156h", "NtOpenThreadToken": "24h", "NtQueryInformationEnlistment": "136h", "ZwCreateJobObject": "0A3h", "NtCommitRegistryTransaction": "93h", "NtRenameKey": "15Fh", "NtSubscribeWnfStateChange": "1A7h", "NtClearEvent": "3Eh", "NtMapUserPhysicalPages": "106h", "ZwGetCurrentProcessorNumber": "0E7h", "ZwTestAlert": "1ACh", "ZwAlpcAcceptConnectPort": "73h", "NtPowerInformation": "5Fh", "NtQueryDefaultLocale": "15h", "NtNotifyChangeMultipleKeys": "10Bh", "ZwSetInformationKey": "185h", "NtCreateProcess": "0AFh", "ZwFlushBuffersFileEx": "0DAh", "ZwSetEaFile": "17Eh", "NtSetInformationToken": "188h", "ZwAreMappedFilesTheSame": "8Ah", "ZwSetSystemPowerState": "198h", "ZwCommitTransaction": "94h", "ZwQueryInformationWorkerFactory": "13Ch", "ZwImpersonateThread": "0F1h", "ZwAlpcDeleteSectionView": "7Eh", "NtRollforwardTransactionManager": "16Eh", "NtQueryPerformanceCounter": "31h", "ZwImpersonateAnonymousToken": "0F0h", "NtSetInformationSymbolicLink": "187h", "ZwWaitHighEventPair": "1C0h", "ZwUnlockVirtualMemory": "1B7h", "NtSetBootOptions": "175h", "NtAlpcCreateSecurityContext": "7Bh", "ZwCompareTokens": "97h", "ZwReplyWaitReceivePortEx": "2Bh", "NtRenameTransactionManager": "160h", "NtWriteVirtualMemory": "3Ah", "ZwNotifyChangeKey": "10Ah", "ZwAlpcSendWaitReceivePort": "88h", "ZwPulseEvent": "12Dh", "NtAdjustGroupsToken": "6Ah", "NtQueryInformationJobObject": "137h", "NtSetSecurityObject": "194h", "ZwCreateTimer": "0B7h", "ZwAlpcQueryInformation": "85h", "ZwSetBootEntryOrder": "174h", "NtExtendSection": "0D6h", "ZwQueryTimer": "38h", "ZwSetValueKey": "60h", "ZwFlushVirtualMemory": "0DFh", "NtNotifyChangeDirectoryFile": "109h", "NtQueryIntervalProfile": "13Eh", "NtRaiseHardError": "154h", "ZwQueryBootEntryOrder": "12Eh", "NtReplaceKey": "161h", "NtSetInformationWorkerFactory": "18Ch", "ZwOpenTransaction": "121h", "ZwCommitEnlistment": "92h", "NtOpenKeyedEvent": "114h", "ZwCreateDirectoryObjectEx": "9Dh", "ZwOpenRegistryTransaction": "11Ah", "ZwRollbackTransaction": "16Dh", "NtSetInformationTransaction": "189h", "NtCreateWaitCompletionPacket": "0BEh", "ZwAlpcCreatePortSection": "78h", "ZwPrePrepareComplete": "124h", "ZwFreeVirtualMemory": "1Eh", "NtQuerySecurityPolicy": "149h", "ZwSerializeBoot": "173h", "ZwEnumerateValueKey": "13h", "NtQuerySection": "51h", "ZwFlushBuffersFile": "4Bh", "NtUnloadKey": "1B3h", "ZwPrepareEnlistment": "127h", "NtReplyWaitReplyPort": "163h", "NtQueryIoCompletion": "13Fh", "NtCreateSection": "4Ah", "NtOpenPrivateNamespace": "118h", "NtSetInformationDebugObject": "182h", "ZwCancelSynchronousIoFile": "8Eh", "ZwQueryEaFile": "133h", "ZwCreateEvent": "48h", "NtAddDriverEntry": "69h", "ZwCancelIoFile": "5Dh", "ZwSetQuotaInformationFile": "193h", "ZwCreateFile": "55h", "NtOpenJobObject": "110h", "NtClose": "0Fh", "ZwCreateKeyedEvent": "0A6h", "NtQueryInformationToken": "21h", "NtPrivilegeObjectAuditAlarm": "129h", "NtCreateDebugObject": "9Bh", "ZwSetSystemInformation": "197h", "NtCreateLowBoxToken": "0A7h", "NtSetWnfProcessNotificationEvent": "1A0h", "ZwGetNextThread": "0ECh", "ZwAddAtom": "47h", "ZwRevertContainerImpersonation": "169h", "ZwSetLowEventPair": "191h", "ZwSetTimer": "62h", "NtSetInformationResourceManager": "186h", "ZwCallbackReturn": "5", "ZwSetHighWaitLowEventPair": "180h", "ZwSetDefaultUILanguage": "17Ch", "ZwYieldExecution": "46h", "ZwOpenThread": "11Fh", "NtTranslateFilePath": "1B0h", "ZwPrivilegeCheck": "128h", "ZwAlertResumeThread": "6Ch", "ZwSetVolumeInformationFile": "19Fh", "ZwOpenSemaphore": "11Ch", "NtAlpcRevokeSecurityContext": "87h", "ZwDuplicateObject": "3Ch", "NtMapCMFModule": "105h", "NtSetDefaultHardErrorPort": "17Ah", "NtQuerySymbolicLinkObject": "14Bh", "NtAlpcOpenSenderProcess": "83h", "ZwCancelTimer2": "8Fh", "ZwQueryInformationThread": "25h", "ZwSetIoCompletionEx": "18Fh", "NtMakeTemporaryObject": "103h", "NtCreateTokenEx": "0BAh", "ZwManagePartition": "104h", "ZwProtectVirtualMemory": "50h", "ZwOpenEventPair": "10Eh", "NtEnumerateTransactionObject": "0D5h", "NtOpenPartition": "117h", "ZwCreateSymbolicLinkObject": "0B5h", "ZwSetSystemTime": "199h", "ZwCloseObjectAuditAlarm": "3Bh", "NtSetIntervalProfile": "18Dh", "ZwMapViewOfSection": "28h", "ZwRemoveIoCompletionEx": "15Dh", "NtCompressKey": "99h", "ZwSetEventBoostPriority": "2Dh", "NtQuerySystemEnvironmentValueEx": "14Dh", "NtWaitForSingleObject": "4", "NtQueryInformationPort": "138h", "NtAlpcConnectPortEx": "76h", "ZwQuerySemaphore": "14Ah", "NtModifyBootEntry": "107h", "ZwOpenObjectAuditAlarm": "116h", "NtDuplicateToken": "42h", "ZwUnloadKeyEx": "1B5h", "ZwFilterTokenEx": "0D9h", "ZwRaiseException": "153h", "NtSuspendThread": "1A9h", "NtQueryInformationFile": "11h", "ZwAssociateWaitCompletionPacket": "8Ch", "ZwSetInformationTransactionManager": "18Ah", "NtDeleteWnfStateData": "0CCh", "ZwQueryInformationTransaction": "13Ah", "NtQueryOpenSubKeys": "143h", "NtDisableLastKnownGood": "0CEh", "NtCompleteConnectPort": "98h", "ZwAddAtomEx": "67h", "NtWaitForKeyedEvent": "1BEh", "NtDeviceIoControlFile": "7", "ZwDisplayString": "0CFh", "NtCreateDirectoryObject": "9Ch", "ZwQueryDefaultUILanguage": "44h", "ZwAccessCheckAndAuditAlarm": "29h", "NtTraceControl": "1AFh", "NtDeletePrivateNamespace": "0CAh", "ZwQueryObject": "10h", "NtAssignProcessToJobObject": "8Bh", "ZwAccessCheck": "0", "NtWaitForAlertByThreadId": "1BCh", "ZwGetDevicePowerState": "0E9h", "NtSetThreadExecutionState": "19Ah", "ZwGetMUIRegistryInfo": "0EAh", "NtQueryInformationAtom": "135h", "NtLockVirtualMemory": "101h", "NtAlpcImpersonateClientOfPort": "82h", "NtFlushWriteBuffer": "0E0h", "ZwFreeUserPhysicalPages": "0E1h", "NtReplyPort": "0Ch", "ZwWaitForMultipleObjects32": "1Ah", "NtCreateIoCompletion": "0A2h", "NtQueueApcThread": "45h", "NtTerminateJobObject": "1ABh", "ZwPrivilegedServiceAuditAlarm": "12Ah", "NtFlushInstallUILanguage": "0DBh", "ZwAccessCheckByTypeResultListAndAuditAlarmByHandle": "66h", "NtGetCachedSigningLevel": "0E4h", "NtDeleteFile": "0C7h", "NtQueueApcThreadEx": "152h", "NtDeleteBootEntry": "0C5h", "ZwPrepareComplete": "126h", "NtCreateEnlistment": "9Fh", "NtCreateSemaphore": "0B4h", "NtCreateNamedPipeFile": "0AAh", "NtInitializeRegistry": "0F4h", "ZwReadFileScatter": "2Eh", "NtOpenMutant": "115h", "ZwAdjustTokenClaimsAndDeviceGroups": "6Bh", "ZwInitializeEnclave": "0F2h", "ZwReleaseMutant": "20h", "ZwUnloadDriver": "1B2h", "ZwAddBootEntry": "68h", "NtSetInformationEnlistment": "183h", "ZwCreateKey": "1Dh", "NtQueryInstallUILanguage": "13Dh", "ZwConnectPort": "9Ah", "ZwCreateJobSet": "0A4h", "NtOpenProcessTokenEx": "30h", "NtDeleteAtom": "0C4h", "ZwPlugPlayControl": "123h", "ZwCreateIRTimer": "0A1h", "ZwWriteFileGather": "1Bh", "NtSetUuidSeed": "19Eh", "NtMakePermanentObject": "102h", "NtCreateMutant": "0A9h", "NtGetCurrentProcessorNumberEx": "0E8h", "ZwOpenTimer": "120h", "ZwCreateProfileEx": "0B1h", "NtQuerySecurityObject": "148h", "ZwSetIoCompletion": "18Eh", "NtOpenThreadTokenEx": "2Fh", "NtCreatePagingFile": "0ABh", "NtDebugContinue": "0C3h", "NtCreateWaitablePort": "0BFh", "NtOpenSection": "37h", "ZwUpdateWnfStateData": "1BAh", "ZwQueryDirectoryObject": "131h", "ZwSetSystemEnvironmentValueEx": "196h", "NtRequestPort": "164h", "ZwSetInformationJobObject": "184h", "NtInitiatePowerAction": "0F5h", "NtQueryPortInformationProcess": "145h", "ZwAllocateUuids": "72h", "NtQueryInformationResourceManager": "139h", "NtTraceEvent": "5Eh", "ZwOpenKeyTransacted": "112h", "ZwRecoverResourceManager": "157h", "ZwSetInformationVirtualMemory": "18Bh", "ZwCreateEventPair": "0A0h", "NtOpenTransactionManager": "122h", "ZwDeleteObjectAuditAlarm": "0C9h", "ZwQueryMutant": "142h", "NtQueryOpenSubKeysEx": "144h", "ZwVdmControl": "1BBh", "ZwGetWriteWatch": "0EFh", "ZwFilterBootOption": "0D7h", "ZwShutdownSystem": "1A1h", "NtOpenIoCompletion": "10Fh", "NtQueryBootOptions": "12Fh", "NtFlushInstructionCache": "0DCh", "ZwSetCachedSigningLevel": "176h", "NtSetDriverEntryOrder": "17Dh", "NtSetIRTimer": "181h", "ZwSetSystemEnvironmentValue": "195h", "NtEnumerateSystemEnvironmentValuesEx": "0D4h", "NtAlpcCancelMessage": "74h", "NtCompactKeys": "95h", "ZwQueryTimerResolution": "14Fh", "NtReleaseKeyedEvent": "15Bh", "NtCreateToken": "0B9h", "NtLoadKeyEx": "0FDh", "NtQueryInformationTransactionManager": "13Bh", "NtAlpcConnectPort": "75h", "ZwDeleteWnfStateName": "0CDh", "NtNotifyChangeSession": "10Ch", "ZwOpenKeyTransactedEx": "113h", "ZwLockFile": "0FEh", "ZwWaitForDebugEvent": "1BDh", "ZwSuspendProcess": "1A8h", "ZwCreateProcessEx": "4Dh", "ZwCancelWaitCompletionPacket": "90h", "ZwOpenDirectoryObject": "58h", "ZwSetEvent": "0Eh", "NtListenPort": "0F8h", "ZwCreatePrivateNamespace": "0AEh", "NtSaveKeyEx": "170h", "NtEnumerateKey": "32h", "ZwResetWriteWatch": "166h", "NtQueryEvent": "56h", "NtQueryWnfStateNameInformation": "151h", "NtReleaseWorkerFactoryWorker": "15Ch", "ZwThawRegistry": "1ADh", "ZwUnlockFile": "1B6h", "ZwOpenSession": "11Dh", "ZwFlushProcessWriteBuffers": "0DEh", "ZwQueryKey": "16h", "ZwAlpcDeleteSecurityContext": "7Fh", "NtSetInformationObject": "5Ch", "NtSecureConnectPort": "172h", "NtUnsubscribeWnfStateChange": "1B9h", "NtCreateThreadEx": "0B6h", "NtEnumerateBootEntries": "0D2h", "ZwThawTransactions": "1AEh", "ZwSinglePhaseReject": "1A4h", "NtCreateTransaction": "0BBh", "NtAlpcDeleteResourceReserve": "7Dh", "NtRecoverTransactionManager": "158h", "NtRegisterProtocolAddressInformation": "159h", "NtPrePrepareEnlistment": "125h", "ZwSetInformationFile": "27h", "NtQuerySystemInformationEx": "14Eh", "NtInitializeNlsFiles": "0F3h", "ZwCreatePort": "0ADh", "NtOpenResourceManager": "11Bh", "ZwLoadDriver": "0F9h", "NtOpenProcessToken": "119h", "ZwSetTimerEx": "19Ch", "ZwAlertThreadByThreadId": "6Eh", "ZwQueryWnfStateData": "150h", "ZwRollbackRegistryTransaction": "16Ch", "ZwAccessCheckByTypeAndAuditAlarm": "59h", "NtAlertThread": "6Dh", "ZwSetDebugFilterState": "179h", "ZwQueryVolumeInformationFile": "49h", "NtOpenProcess": "26h", "ZwContinue": "43h", "ZwSystemDebugControl": "1AAh", "NtCompareObjects": "96h", "ZwFsControlFile": "39h", "NtSaveKey": "16Fh", "ZwSetLowWaitHighEventPair": "192h", "ZwCreatePartition": "0ACh", "NtOpenFile": "33h", "ZwCreateEnclave": "9Eh", "NtQueryDirectoryFile": "35h", "NtDeleteKey": "0C8h", "ZwFindAtom": "14h", "ZwWriteRequestData": "57h", "NtReadRequestData": "54h", "ZwAlpcQueryInformationMessage": "86h", "NtSetDefaultLocale": "17Bh", "ZwFreezeTransactions": "0E3h", "NtOpenKeyEx": "111h", "ZwSetTimer2": "19Bh"}