概要
volatilityの作法、調べてみた。
winxpsp3のスナップショット、取ってみた。
modules
Offset(V) Name Base Size File
---------- -------------------- ---------- ---------- ----
0x817fc390 ntoskrnl.exe 0x804d9000 0x216700 \WINDOWS\system32\ntoskrnl.exe
0x817fc328 hal.dll 0x806f0000 0x20300 \WINDOWS\system32\hal.dll
0x817fc2c0 kdcom.dll 0xf9f4c000 0x2000 \WINDOWS\system32\KDCOM.DLL
0x817fc250 BOOTVID.dll 0xf9e5c000 0x3000 \WINDOWS\system32\BOOTVID.dll
0x817fc1e8 ACPI.sys 0xf99fd000 0x2e000 ACPI.sys
0x817fc178 WMILIB.SYS 0xf9f4e000 0x2000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0x817fc110 pci.sys 0xf99ec000 0x11000 pci.sys
0x817fc0a0 isapnp.sys 0xf9a4c000 0x9000 isapnp.sys
0x817fc030 intelide.sys 0xf9f50000 0x2000 intelide.sys
0x817f1008 PCIIDEX.SYS 0xf9ccc000 0x7000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0x817f1f98 MountMgr.sys 0xf9a5c000 0xb000 MountMgr.sys
0x817f1f28 ftdisk.sys 0xf99cd000 0x1f000 ftdisk.sys
0x817f1eb8 PartMgr.sys 0xf9cd4000 0x5000 PartMgr.sys
0x817f1e48 VolSnap.sys 0xf9a6c000 0xd000 VolSnap.sys
0x817f1de0 atapi.sys 0xf99b5000 0x18000 atapi.sys
0x817f1d78 disk.sys 0xf9a7c000 0x9000 disk.sys
0x817f1d08 CLASSPNP.SYS 0xf9a8c000 0xd000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0x817f1c98 fltmgr.sys 0xf9995000 0x20000 fltmgr.sys
0x817f1c30 sr.sys 0xf9983000 0x12000 sr.sys
0x817f1bc0 KSecDD.sys 0xf996c000 0x17000 KSecDD.sys
0x817f1b58 Ntfs.sys 0xf98df000 0x8d000 Ntfs.sys
0x817f1af0 NDIS.sys 0xf98b2000 0x2d000 NDIS.sys
0x817f1a88 Mup.sys 0xf9898000 0x1a000 Mup.sys
0x8179e158 i8042prt.sys 0xf9b0c000 0xc000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0x8179e350 kbdclass.sys 0xf9d04000 0x6000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0x8177a850 mouclass.sys 0xf9d0c000 0x6000 \SystemRoot\System32\DRIVERS\mouclass.sys
0x8179ac40 fdc.sys 0xf9d14000 0x7000 \SystemRoot\System32\DRIVERS\fdc.sys
0x816681d8 parport.sys 0xf9864000 0x14000 \SystemRoot\System32\DRIVERS\parport.sys
0x816a2178 serial.sys 0xf9b1c000 0xf000 \SystemRoot\System32\DRIVERS\serial.sys
0x816672a0 serenum.sys 0xf9ed4000 0x4000 \SystemRoot\System32\DRIVERS\serenum.sys
0x8179a428 cdrom.sys 0xf9b2c000 0x10000 \SystemRoot\System32\DRIVERS\cdrom.sys
0x81667230 usbuhci.sys 0xf9d1c000 0x6000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0x81665e30 USBPORT.SYS 0xf9827000 0x24000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0x81665f38 RTL8139.SYS 0xf9d24000 0x6000 \SystemRoot\System32\DRIVERS\RTL8139.SYS
0x81665ec8 processr.sys 0xf9b3c000 0xa000 \SystemRoot\System32\DRIVERS\processr.sys
0x8171a9d0 fsvga.sys 0xf9ed8000 0x3000 \SystemRoot\System32\DRIVERS\fsvga.sys
0x81657eb8 audstub.sys 0xfa033000 0x1000 \SystemRoot\System32\DRIVERS\audstub.sys
0x81657e48 rasl2tp.sys 0xf9b4c000 0xd000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0x817a26f0 ndistapi.sys 0xf9edc000 0x3000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0x81656758 ndiswan.sys 0xf97e8000 0x17000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0x81653970 raspppoe.sys 0xf9b5c000 0xb000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0x81653900 raspptp.sys 0xf9b6c000 0xc000 \SystemRoot\System32\DRIVERS\raspptp.sys
0x81719af8 TDI.SYS 0xf9d2c000 0x5000 \SystemRoot\System32\DRIVERS\TDI.SYS
0x81655898 psched.sys 0xf97d7000 0x11000 \SystemRoot\System32\DRIVERS\psched.sys
0x817196f0 msgpc.sys 0xf9b7c000 0x9000 \SystemRoot\System32\DRIVERS\msgpc.sys
0x81649228 ptilink.sys 0xf9d34000 0x5000 \SystemRoot\System32\DRIVERS\ptilink.sys
0x81651110 raspti.sys 0xf9d3c000 0x5000 \SystemRoot\System32\DRIVERS\raspti.sys
0x815501b0 termdd.sys 0xf9b8c000 0xa000 \SystemRoot\System32\DRIVERS\termdd.sys
0x8167d1e0 swenum.sys 0xf9f54000 0x2000 \SystemRoot\System32\DRIVERS\swenum.sys
0x81718c08 ks.sys 0xf97b4000 0x23000 \SystemRoot\System32\DRIVERS\ks.sys
0x816518c8 update.sys 0xf9756000 0x5e000 \SystemRoot\System32\DRIVERS\update.sys
0x816c3128 mssmbios.sys 0xf9eec000 0x4000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0x815f1418 NDProxy.SYS 0xf9b9c000 0xa000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x815ce1d0 flpydisk.sys 0xf9d44000 0x5000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0x815da0e8 usbhub.sys 0xf9bbc000 0xf000 \SystemRoot\System32\DRIVERS\usbhub.sys
0x81717c38 USBD.SYS 0xf9f56000 0x2000 \SystemRoot\System32\DRIVERS\USBD.SYS
0x816dfbf8 Fs_Rec.SYS 0xf9f58000 0x2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x81717818 Null.SYS 0xfa0c3000 0x1000 \SystemRoot\System32\Drivers\Null.SYS
0x81717220 Beep.SYS 0xf9f5a000 0x2000 \SystemRoot\System32\Drivers\Beep.SYS
0x81716fa0 vga.sys 0xf9d5c000 0x6000 \SystemRoot\System32\drivers\vga.sys
0x8170c230 VIDEOPRT.SYS 0xf971a000 0x14000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x81716d10 mnmdd.SYS 0xf9f5c000 0x2000 \SystemRoot\System32\Drivers\mnmdd.SYS
0x817148c0 RDPCDD.sys 0xf9f5e000 0x2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x81716910 Msfs.SYS 0xf9d64000 0x5000 \SystemRoot\System32\Drivers\Msfs.SYS
0x81716528 Npfs.SYS 0xf9d6c000 0x8000 \SystemRoot\System32\Drivers\Npfs.SYS
0x816c0180 rasacd.sys 0xf9f10000 0x3000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x81716320 ipsec.sys 0xf96e7000 0x13000 \SystemRoot\System32\DRIVERS\ipsec.sys
0x81715c50 tcpip.sys 0xf968e000 0x59000 \SystemRoot\System32\DRIVERS\tcpip.sys
0x81715920 netbt.sys 0xf9666000 0x28000 \SystemRoot\System32\DRIVERS\netbt.sys
0x81715620 afd.sys 0xf9644000 0x22000 \SystemRoot\System32\drivers\afd.sys
0x815d3490 netbios.sys 0xf9bcc000 0x9000 \SystemRoot\System32\DRIVERS\netbios.sys
0x81715218 rdbss.sys 0xf9619000 0x2b000 \SystemRoot\System32\DRIVERS\rdbss.sys
0x816973d0 mrxsmb.sys 0xf95a9000 0x70000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0x81714a98 Fips.SYS 0xf9bfc000 0xb000 \SystemRoot\System32\Drivers\Fips.SYS
0x81715450 ipnat.sys 0xf9583000 0x26000 \SystemRoot\System32\DRIVERS\ipnat.sys
0x8170d858 Cdfs.SYS 0xf9c1c000 0x10000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x816b1ac8 dump_atapi.sys 0xf9543000 0x18000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x816d6ed0 dump_WMILIB.SYS 0xf9f60000 0x2000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0x81630ef0 win32k.sys 0xbf800000 0x1c3000 \SystemRoot\System32\win32k.sys
0x8170f548 Dxapi.sys 0xf9ed0000 0x3000 \SystemRoot\System32\drivers\Dxapi.sys
0x81693868 watchdog.sys 0xf9d7c000 0x5000 \SystemRoot\System32\watchdog.sys
0x8179ff48 dxg.sys 0xbf9c3000 0x12000 \SystemRoot\System32\drivers\dxg.sys
0x81711ab0 dxgthk.sys 0xfa0f1000 0x1000 \SystemRoot\System32\drivers\dxgthk.sys
0x8167c4c8 framebuf.dll 0xbff70000 0x3000 \SystemRoot\System32\framebuf.dll
0x815f2e78 wanarp.sys 0xf9c9c000 0x9000 \SystemRoot\System32\DRIVERS\wanarp.sys
0x815e1538 ndisuio.sys 0xf924b000 0x4000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0x817c85c8 mrxdav.sys 0xf8ede000 0x2d000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0x816ca3c8 ParVdm.SYS 0xf9fb2000 0x2000 \SystemRoot\System32\Drivers\ParVdm.SYS
0x816b29c8 srv.sys 0xf8e64000 0x52000 \SystemRoot\System32\DRIVERS\srv.sys
modscan
Offset(P) Name Base Size File
------------------ -------------------- ---------- ---------- ----
0x00000000019501b0 termdd.sys 0xf9b8c000 0xa000 \SystemRoot\System32\DRIVERS\termdd.sys
0x00000000019ce1d0 flpydisk.sys 0xf9d44000 0x5000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0x00000000019d3490 netbios.sys 0xf9bcc000 0x9000 \SystemRoot\System32\DRIVERS\netbios.sys
0x00000000019da0e8 usbhub.sys 0xf9bbc000 0xf000 \SystemRoot\System32\DRIVERS\usbhub.sys
0x00000000019e1538 ndisuio.sys 0xf924b000 0x4000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0x00000000019ee128 vga64k.dll 0xbff70000 0x5000
0x00000000019f1418 NDProxy.SYS 0xf9b9c000 0xa000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x00000000019f2e78 wanarp.sys 0xf9c9c000 0x9000 \SystemRoot\System32\DRIVERS\wanarp.sys
0x0000000001a30ef0 win32k.sys 0xbf800000 0x1c3000 \SystemRoot\System32\win32k.sys
0x0000000001a49228 ptilink.sys 0xf9d34000 0x5000 \SystemRoot\System32\DRIVERS\ptilink.sys
0x0000000001a51110 raspti.sys 0xf9d3c000 0x5000 \SystemRoot\System32\DRIVERS\raspti.sys
0x0000000001a518c8 update.sys 0xf9756000 0x5e000 \SystemRoot\System32\DRIVERS\update.sys
0x0000000001a53900 raspptp.sys 0xf9b6c000 0xc000 \SystemRoot\System32\DRIVERS\raspptp.sys
0x0000000001a53970 raspppoe.sys 0xf9b5c000 0xb000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0x0000000001a55898 psched.sys 0xf97d7000 0x11000 \SystemRoot\System32\DRIVERS\psched.sys
0x0000000001a56758 ndiswan.sys 0xf97e8000 0x17000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0x0000000001a57e48 rasl2tp.sys 0xf9b4c000 0xd000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0x0000000001a57eb8 audstub.sys 0xfa033000 0x1000 \SystemRoot\System32\DRIVERS\audstub.sys
0x0000000001a65e30 USBPORT.SYS 0xf9827000 0x24000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0x0000000001a65ec8 processr.sys 0xf9b3c000 0xa000 \SystemRoot\System32\DRIVERS\processr.sys
0x0000000001a65f38 RTL8139.SYS 0xf9d24000 0x6000 \SystemRoot\System32\DRIVERS\RTL8139.SYS
0x0000000001a67230 usbuhci.sys 0xf9d1c000 0x6000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0x0000000001a672a0 serenum.sys 0xf9ed4000 0x4000 \SystemRoot\System32\DRIVERS\serenum.sys
0x0000000001a681d8 parport.sys 0xf9864000 0x14000 \SystemRoot\System32\DRIVERS\parport.sys
0x0000000001a7c4c8 framebuf.dll 0xbff70000 0x3000 \SystemRoot\System32\framebuf.dll
0x0000000001a7d1e0 swenum.sys 0xf9f54000 0x2000 \SystemRoot\System32\DRIVERS\swenum.sys
0x0000000001a93868 watchdog.sys 0xf9d7c000 0x5000 \SystemRoot\System32\watchdog.sys
0x0000000001a973d0 mrxsmb.sys 0xf95a9000 0x70000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0x0000000001aa2178 serial.sys 0xf9b1c000 0xf000 \SystemRoot\System32\DRIVERS\serial.sys
0x0000000001ab1ac8 dump_atapi.sys 0xf9543000 0x18000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x0000000001ab29c8 srv.sys 0xf8e64000 0x52000 \SystemRoot\System32\DRIVERS\srv.sys
0x0000000001ac0180 rasacd.sys 0xf9f10000 0x3000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x0000000001ac3128 mssmbios.sys 0xf9eec000 0x4000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0x0000000001aca3c8 ParVdm.SYS 0xf9fb2000 0x2000 \SystemRoot\System32\Drivers\ParVdm.SYS
0x0000000001ad6ed0 dump_WMILIB.SYS 0xf9f60000 0x2000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0x0000000001adfbf8 Fs_Rec.SYS 0xf9f58000 0x2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x0000000001b0c230 VIDEOPRT.SYS 0xf971a000 0x14000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0000000001b0d858 Cdfs.SYS 0xf9c1c000 0x10000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x0000000001b0f548 Dxapi.sys 0xf9ed0000 0x3000 \SystemRoot\System32\drivers\Dxapi.sys
0x0000000001b11ab0 dxgthk.sys 0xfa0f1000 0x1000 \SystemRoot\System32\drivers\dxgthk.sys
0x0000000001b148c0 RDPCDD.sys 0xf9f5e000 0x2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0000000001b14a98 Fips.SYS 0xf9bfc000 0xb000 \SystemRoot\System32\Drivers\Fips.SYS
0x0000000001b15218 rdbss.sys 0xf9619000 0x2b000 \SystemRoot\System32\DRIVERS\rdbss.sys
0x0000000001b15450 ipnat.sys 0xf9583000 0x26000 \SystemRoot\System32\DRIVERS\ipnat.sys
0x0000000001b15620 afd.sys 0xf9644000 0x22000 \SystemRoot\System32\drivers\afd.sys
0x0000000001b15920 netbt.sys 0xf9666000 0x28000 \SystemRoot\System32\DRIVERS\netbt.sys
0x0000000001b15c50 tcpip.sys 0xf968e000 0x59000 \SystemRoot\System32\DRIVERS\tcpip.sys
0x0000000001b16320 ipsec.sys 0xf96e7000 0x13000 \SystemRoot\System32\DRIVERS\ipsec.sys
0x0000000001b16528 Npfs.SYS 0xf9d6c000 0x8000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0000000001b16910 Msfs.SYS 0xf9d64000 0x5000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0000000001b16d10 mnmdd.SYS 0xf9f5c000 0x2000 \SystemRoot\System32\Drivers\mnmdd.SYS
0x0000000001b16fa0 vga.sys 0xf9d5c000 0x6000 \SystemRoot\System32\drivers\vga.sys
0x0000000001b17220 Beep.SYS 0xf9f5a000 0x2000 \SystemRoot\System32\Drivers\Beep.SYS
0x0000000001b17818 Null.SYS 0xfa0c3000 0x1000 \SystemRoot\System32\Drivers\Null.SYS
0x0000000001b17c38 USBD.SYS 0xf9f56000 0x2000 \SystemRoot\System32\DRIVERS\USBD.SYS
0x0000000001b18c08 ks.sys 0xf97b4000 0x23000 \SystemRoot\System32\DRIVERS\ks.sys
0x0000000001b196f0 msgpc.sys 0xf9b7c000 0x9000 \SystemRoot\System32\DRIVERS\msgpc.sys
0x0000000001b19af8 TDI.SYS 0xf9d2c000 0x5000 \SystemRoot\System32\DRIVERS\TDI.SYS
0x0000000001b1a9d0 fsvga.sys 0xf9ed8000 0x3000 \SystemRoot\System32\DRIVERS\fsvga.sys
0x0000000001b7a850 mouclass.sys 0xf9d0c000 0x6000 \SystemRoot\System32\DRIVERS\mouclass.sys
0x0000000001b9a428 cdrom.sys 0xf9b2c000 0x10000 \SystemRoot\System32\DRIVERS\cdrom.sys
0x0000000001b9ac40 fdc.sys 0xf9d14000 0x7000 \SystemRoot\System32\DRIVERS\fdc.sys
0x0000000001b9e158 i8042prt.sys 0xf9b0c000 0xc000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0x0000000001b9e350 kbdclass.sys 0xf9d04000 0x6000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0x0000000001b9ff48 dxg.sys 0xbf9c3000 0x12000 \SystemRoot\System32\drivers\dxg.sys
0x0000000001ba26f0 ndistapi.sys 0xf9edc000 0x3000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0x0000000001bc85c8 mrxdav.sys 0xf8ede000 0x2d000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0x0000000001bf1008 PCIIDEX.SYS 0xf9ccc000 0x7000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0x0000000001bf1a88 Mup.sys 0xf9898000 0x1a000 Mup.sys
0x0000000001bf1af0 NDIS.sys 0xf98b2000 0x2d000 NDIS.sys
0x0000000001bf1b58 Ntfs.sys 0xf98df000 0x8d000 Ntfs.sys
0x0000000001bf1bc0 KSecDD.sys 0xf996c000 0x17000 KSecDD.sys
0x0000000001bf1c30 sr.sys 0xf9983000 0x12000 sr.sys
0x0000000001bf1c98 fltmgr.sys 0xf9995000 0x20000 fltmgr.sys
0x0000000001bf1d08 CLASSPNP.SYS 0xf9a8c000 0xd000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0x0000000001bf1d78 disk.sys 0xf9a7c000 0x9000 disk.sys
0x0000000001bf1de0 atapi.sys 0xf99b5000 0x18000 atapi.sys
0x0000000001bf1e48 VolSnap.sys 0xf9a6c000 0xd000 VolSnap.sys
0x0000000001bf1eb8 PartMgr.sys 0xf9cd4000 0x5000 PartMgr.sys
0x0000000001bf1f28 ftdisk.sys 0xf99cd000 0x1f000 ftdisk.sys
0x0000000001bf1f98 MountMgr.sys 0xf9a5c000 0xb000 MountMgr.sys
0x0000000001bfc030 intelide.sys 0xf9f50000 0x2000 intelide.sys
0x0000000001bfc0a0 isapnp.sys 0xf9a4c000 0x9000 isapnp.sys
0x0000000001bfc110 pci.sys 0xf99ec000 0x11000 pci.sys
0x0000000001bfc178 WMILIB.SYS 0xf9f4e000 0x2000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0x0000000001bfc1e8 ACPI.sys 0xf99fd000 0x2e000 ACPI.sys
0x0000000001bfc250 BOOTVID.dll 0xf9e5c000 0x3000 \WINDOWS\system32\BOOTVID.dll
0x0000000001bfc2c0 kdcom.dll 0xf9f4c000 0x2000 \WINDOWS\system32\KDCOM.DLL
0x0000000001bfc328 hal.dll 0x806f0000 0x20300 \WINDOWS\system32\hal.dll
0x0000000001bfc390 ntoskrnl.exe 0x804d9000 0x216700 \WINDOWS\system32\ntoskrnl.exe
ssdt
[x86] Gathering all referenced SSDTs from KTHREADs...
Finding appropriate address space for tables...
SSDT[0] at 804e46a8 with 284 entries
Entry 0x0000: 0x80591df5 (NtAcceptConnectPort) owned by ntoskrnl.exe
Entry 0x0001: 0x8057b0f1 (NtAccessCheck) owned by ntoskrnl.exe
Entry 0x0002: 0x80589999 (NtAccessCheckAndAuditAlarm) owned by ntoskrnl.exe
Entry 0x0003: 0x80593130 (NtAccessCheckByType) owned by ntoskrnl.exe
Entry 0x0004: 0x8058fa83 (NtAccessCheckByTypeAndAuditAlarm) owned by ntoskrnl.exe
Entry 0x0005: 0x8063a07e (NtAccessCheckByTypeResultList) owned by ntoskrnl.exe
Entry 0x0006: 0x8063c207 (NtAccessCheckByTypeResultListAndAuditAlarm) owned by ntoskrnl.exe
Entry 0x0007: 0x8063c250 (NtAccessCheckByTypeResultListAndAuditAlarmByHandle) owned by ntoskrnl.exe
Entry 0x0008: 0x8057c6e4 (NtAddAtom) owned by ntoskrnl.exe
Entry 0x0009: 0x8064b047 (NtAddBootEntry) owned by ntoskrnl.exe
Entry 0x000a: 0x80639835 (NtAdjustGroupsToken) owned by ntoskrnl.exe
Entry 0x000b: 0x8058f0a1 (NtAdjustPrivilegesToken) owned by ntoskrnl.exe
Entry 0x000c: 0x8063197c (NtAlertResumeThread) owned by ntoskrnl.exe
Entry 0x000d: 0x8057cbcd (NtAlertThread) owned by ntoskrnl.exe
Entry 0x000e: 0x8058a928 (NtAllocateLocallyUniqueId) owned by ntoskrnl.exe
Entry 0x000f: 0x806288ff (NtAllocateUserPhysicalPages) owned by ntoskrnl.exe
Entry 0x0010: 0x805df3c9 (NtAllocateUuids) owned by ntoskrnl.exe
Entry 0x0011: 0x8056afc3 (NtAllocateVirtualMemory) owned by ntoskrnl.exe
Entry 0x0012: 0x805db767 (NtAreMappedFilesTheSame) owned by ntoskrnl.exe
Entry 0x0013: 0x805a44ba (NtAssignProcessToJobObject) owned by ntoskrnl.exe
Entry 0x0014: 0x804e4cb4 (NtCallbackReturn) owned by ntoskrnl.exe
Entry 0x0015: 0x8064b05b (NtCancelDeviceWakeupRequest) owned by ntoskrnl.exe
Entry 0x0016: 0x805cbb06 (NtCancelIoFile) owned by ntoskrnl.exe
Entry 0x0017: 0x804eefac (NtCancelTimer) owned by ntoskrnl.exe
Entry 0x0018: 0x8056b66f (NtClearEvent) owned by ntoskrnl.exe
Entry 0x0019: 0x805698dd (NtClose) owned by ntoskrnl.exe
Entry 0x001a: 0x8058f50f (NtCloseObjectAuditAlarm) owned by ntoskrnl.exe
Entry 0x001b: 0x8065093c (NtCompactKeys) owned by ntoskrnl.exe
Entry 0x001c: 0x8058b718 (NtCompareTokens) owned by ntoskrnl.exe
Entry 0x001d: 0x80592b3d (NtCompleteConnectPort) owned by ntoskrnl.exe
Entry 0x001e: 0x80650ba9 (NtCompressKey) owned by ntoskrnl.exe
Entry 0x001f: 0x805899eb (NtConnectPort) owned by ntoskrnl.exe
Entry 0x0020: 0x804e3ff2 (NtContinue) owned by ntoskrnl.exe
Entry 0x0021: 0x8065c054 (NtCreateDebugObject) owned by ntoskrnl.exe
Entry 0x0022: 0x805a4882 (NtCreateDirectoryObject) owned by ntoskrnl.exe
Entry 0x0023: 0x8056f57a (NtCreateEvent) owned by ntoskrnl.exe
Entry 0x0024: 0x8064b14c (NtCreateEventPair) owned by ntoskrnl.exe
Entry 0x0025: 0x8056edc0 (NtCreateFile) owned by ntoskrnl.exe
Entry 0x0026: 0x80593389 (NtCreateIoCompletion) owned by ntoskrnl.exe
Entry 0x0027: 0x805ad1b0 (NtCreateJobObject) owned by ntoskrnl.exe
Entry 0x0028: 0x80631e27 (NtCreateJobSet) owned by ntoskrnl.exe
Entry 0x0029: 0x8057265d (NtCreateKey) owned by ntoskrnl.exe
Entry 0x002a: 0x805db658 (NtCreateMailslotFile) owned by ntoskrnl.exe
Entry 0x002b: 0x8057a037 (NtCreateMutant) owned by ntoskrnl.exe
Entry 0x002c: 0x80585f3f (NtCreateNamedPipeFile) owned by ntoskrnl.exe
Entry 0x002d: 0x805bddb7 (NtCreatePagingFile) owned by ntoskrnl.exe
Entry 0x002e: 0x805995b1 (NtCreatePort) owned by ntoskrnl.exe
Entry 0x002f: 0x805b335a (NtCreateProcess) owned by ntoskrnl.exe
Entry 0x0030: 0x80581c60 (NtCreateProcessEx) owned by ntoskrnl.exe
Entry 0x0031: 0x8064b783 (NtCreateProfile) owned by ntoskrnl.exe
Entry 0x0032: 0x805672b3 (NtCreateSection) owned by ntoskrnl.exe
Entry 0x0033: 0x8057443b (NtCreateSemaphore) owned by ntoskrnl.exe
Entry 0x0034: 0x805a1509 (NtCreateSymbolicLinkObject) owned by ntoskrnl.exe
Entry 0x0035: 0x8059063f (NtCreateThread) owned by ntoskrnl.exe
Entry 0x0036: 0x805a05e5 (NtCreateTimer) owned by ntoskrnl.exe
Entry 0x0037: 0x805aab58 (NtCreateToken) owned by ntoskrnl.exe
Entry 0x0038: 0x805dd124 (NtCreateWaitablePort) owned by ntoskrnl.exe
Entry 0x0039: 0x8065d1cd (NtDebugActiveProcess) owned by ntoskrnl.exe
Entry 0x003a: 0x8065d327 (NtDebugContinue) owned by ntoskrnl.exe
Entry 0x003b: 0x80568410 (NtDelayExecution) owned by ntoskrnl.exe
Entry 0x003c: 0x80589485 (NtDeleteAtom) owned by ntoskrnl.exe
Entry 0x003d: 0x8064b05b (NtDeleteBootEntry) owned by ntoskrnl.exe
Entry 0x003e: 0x805da00b (NtDeleteFile) owned by ntoskrnl.exe
Entry 0x003f: 0x805972be (NtDeleteKey) owned by ntoskrnl.exe
Entry 0x0040: 0x8063c2ab (NtDeleteObjectAuditAlarm) owned by ntoskrnl.exe
Entry 0x0041: 0x80594d50 (NtDeleteValueKey) owned by ntoskrnl.exe
Entry 0x0042: 0x80590fad (NtDeviceIoControlFile) owned by ntoskrnl.exe
Entry 0x0043: 0x805c0f81 (NtDisplayString) owned by ntoskrnl.exe
Entry 0x0044: 0x805735e0 (NtDuplicateObject) owned by ntoskrnl.exe
Entry 0x0045: 0x8057efe1 (NtDuplicateToken) owned by ntoskrnl.exe
Entry 0x0046: 0x8064b047 (NtEnumerateBootEntries) owned by ntoskrnl.exe
Entry 0x0047: 0x80572d64 (NtEnumerateKey) owned by ntoskrnl.exe
Entry 0x0048: 0x8064aad3 (NtEnumerateSystemEnvironmentValuesEx) owned by ntoskrnl.exe
Entry 0x0049: 0x8059266b (NtEnumerateValueKey) owned by ntoskrnl.exe
Entry 0x004a: 0x80627720 (NtExtendSection) owned by ntoskrnl.exe
Entry 0x004b: 0x805b2b3e (NtFilterToken) owned by ntoskrnl.exe
Entry 0x004c: 0x8058b9a8 (NtFindAtom) owned by ntoskrnl.exe
Entry 0x004d: 0x80589602 (NtFlushBuffersFile) owned by ntoskrnl.exe
Entry 0x004e: 0x80579693 (NtFlushInstructionCache) owned by ntoskrnl.exe
Entry 0x004f: 0x805de590 (NtFlushKey) owned by ntoskrnl.exe
Entry 0x0050: 0x8059cccc (NtFlushVirtualMemory) owned by ntoskrnl.exe
Entry 0x0051: 0x80629163 (NtFlushWriteBuffer) owned by ntoskrnl.exe
Entry 0x0052: 0x80628cb4 (NtFreeUserPhysicalPages) owned by ntoskrnl.exe
Entry 0x0053: 0x8056b8ed (NtFreeVirtualMemory) owned by ntoskrnl.exe
Entry 0x0054: 0x8057cab5 (NtFsControlFile) owned by ntoskrnl.exe
Entry 0x0055: 0x805e23f3 (NtGetContextThread) owned by ntoskrnl.exe
Entry 0x0056: 0x8062e163 (NtGetDevicePowerState) owned by ntoskrnl.exe
Entry 0x0057: 0x805a1db8 (NtGetPlugPlayEvent) owned by ntoskrnl.exe
Entry 0x0058: 0x8053d765 (NtGetWriteWatch) owned by ntoskrnl.exe
Entry 0x0059: 0x805995d5 (NtImpersonateAnonymousToken) owned by ntoskrnl.exe
Entry 0x005a: 0x8058b184 (NtImpersonateClientOfPort) owned by ntoskrnl.exe
Entry 0x005b: 0x80580637 (NtImpersonateThread) owned by ntoskrnl.exe
Entry 0x005c: 0x805aa064 (NtInitializeRegistry) owned by ntoskrnl.exe
Entry 0x005d: 0x8062df2f (NtInitiatePowerAction) owned by ntoskrnl.exe
Entry 0x005e: 0x80631cdb (NtIsProcessInJob) owned by ntoskrnl.exe
Entry 0x005f: 0x8062e14a (NtIsSystemResumeAutomatic) owned by ntoskrnl.exe
Entry 0x0060: 0x805ac6f1 (NtListenPort) owned by ntoskrnl.exe
Entry 0x0061: 0x805a5af1 (NtLoadDriver) owned by ntoskrnl.exe
Entry 0x0062: 0x805b0d5d (NtLoadKey) owned by ntoskrnl.exe
Entry 0x0063: 0x805b0b9a (NtLoadKey2) owned by ntoskrnl.exe
Entry 0x0064: 0x8058a46b (NtLockFile) owned by ntoskrnl.exe
Entry 0x0065: 0x805b2d0e (NtLockProductActivationKeys) owned by ntoskrnl.exe
Entry 0x0066: 0x805d2ed7 (NtLockRegistryKey) owned by ntoskrnl.exe
Entry 0x0067: 0x805b2190 (NtLockVirtualMemory) owned by ntoskrnl.exe
Entry 0x0068: 0x805a1945 (NtMakePermanentObject) owned by ntoskrnl.exe
Entry 0x0069: 0x805a18c2 (NtMakeTemporaryObject) owned by ntoskrnl.exe
Entry 0x006a: 0x80627deb (NtMapUserPhysicalPages) owned by ntoskrnl.exe
Entry 0x006b: 0x806282bf (NtMapUserPhysicalPagesScatter) owned by ntoskrnl.exe
Entry 0x006c: 0x80575b61 (NtMapViewOfSection) owned by ntoskrnl.exe
Entry 0x006d: 0x8064b05b (NtModifyBootEntry) owned by ntoskrnl.exe
Entry 0x006e: 0x8058c944 (NtNotifyChangeDirectoryFile) owned by ntoskrnl.exe
Entry 0x006f: 0x8058c68d (NtNotifyChangeKey) owned by ntoskrnl.exe
Entry 0x0070: 0x8058c756 (NtNotifyChangeMultipleKeys) owned by ntoskrnl.exe
Entry 0x0071: 0x80592a36 (NtOpenDirectoryObject) owned by ntoskrnl.exe
Entry 0x0072: 0x8057fcdd (NtOpenEvent) owned by ntoskrnl.exe
Entry 0x0073: 0x8064b23f (NtOpenEventPair) owned by ntoskrnl.exe
Entry 0x0074: 0x8056ed5b (NtOpenFile) owned by ntoskrnl.exe
Entry 0x0075: 0x80618783 (NtOpenIoCompletion) owned by ntoskrnl.exe
Entry 0x0076: 0x8063207f (NtOpenJobObject) owned by ntoskrnl.exe
Entry 0x0077: 0x8056ad59 (NtOpenKey) owned by ntoskrnl.exe
Entry 0x0078: 0x8057a0e5 (NtOpenMutant) owned by ntoskrnl.exe
Entry 0x0079: 0x805973a9 (NtOpenObjectAuditAlarm) owned by ntoskrnl.exe
Entry 0x007a: 0x805737c7 (NtOpenProcess) owned by ntoskrnl.exe
Entry 0x007b: 0x8056fef5 (NtOpenProcessToken) owned by ntoskrnl.exe
Entry 0x007c: 0x805700ee (NtOpenProcessTokenEx) owned by ntoskrnl.exe
Entry 0x007d: 0x80572fd7 (NtOpenSection) owned by ntoskrnl.exe
Entry 0x007e: 0x805a0fc5 (NtOpenSemaphore) owned by ntoskrnl.exe
Entry 0x007f: 0x80592902 (NtOpenSymbolicLinkObject) owned by ntoskrnl.exe
Entry 0x0080: 0x8058c1bd (NtOpenThread) owned by ntoskrnl.exe
Entry 0x0081: 0x8056f992 (NtOpenThreadToken) owned by ntoskrnl.exe
Entry 0x0082: 0x8056f903 (NtOpenThreadTokenEx) owned by ntoskrnl.exe
Entry 0x0083: 0x8064b075 (NtOpenTimer) owned by ntoskrnl.exe
Entry 0x0084: 0x805dd2e4 (NtPlugPlayControl) owned by ntoskrnl.exe
Entry 0x0085: 0x8059e9c6 (NtPowerInformation) owned by ntoskrnl.exe
Entry 0x0086: 0x805df99e (NtPrivilegeCheck) owned by ntoskrnl.exe
Entry 0x0087: 0x805df238 (NtPrivilegeObjectAuditAlarm) owned by ntoskrnl.exe
Entry 0x0088: 0x805ac834 (NtPrivilegedServiceAuditAlarm) owned by ntoskrnl.exe
Entry 0x0089: 0x80573cb1 (NtProtectVirtualMemory) owned by ntoskrnl.exe
Entry 0x008a: 0x805dd07c (NtPulseEvent) owned by ntoskrnl.exe
Entry 0x008b: 0x805764b2 (NtQueryAttributesFile) owned by ntoskrnl.exe
Entry 0x008c: 0x8064b047 (NtQueryBootEntryOrder) owned by ntoskrnl.exe
Entry 0x008d: 0x8064b047 (NtQueryBootOptions) owned by ntoskrnl.exe
Entry 0x008e: 0x804f9e4d (NtQueryDebugFilterState) owned by ntoskrnl.exe
Entry 0x008f: 0x80568b9e (NtQueryDefaultLocale) owned by ntoskrnl.exe
Entry 0x0090: 0x80580a9d (NtQueryDefaultUILanguage) owned by ntoskrnl.exe
Entry 0x0091: 0x80574111 (NtQueryDirectoryFile) owned by ntoskrnl.exe
Entry 0x0092: 0x805863a1 (NtQueryDirectoryObject) owned by ntoskrnl.exe
Entry 0x0093: 0x806189d0 (NtQueryEaFile) owned by ntoskrnl.exe
Entry 0x0094: 0x80592ab3 (NtQueryEvent) owned by ntoskrnl.exe
Entry 0x0095: 0x8057e810 (NtQueryFullAttributesFile) owned by ntoskrnl.exe
Entry 0x0096: 0x805d96e8 (NtQueryInformationAtom) owned by ntoskrnl.exe
Entry 0x0097: 0x80574c6a (NtQueryInformationFile) owned by ntoskrnl.exe
Entry 0x0098: 0x805828a1 (NtQueryInformationJobObject) owned by ntoskrnl.exe
Entry 0x0099: 0x806251e7 (NtQueryInformationPort) owned by ntoskrnl.exe
Entry 0x009a: 0x8056fb30 (NtQueryInformationProcess) owned by ntoskrnl.exe
Entry 0x009b: 0x8056da87 (NtQueryInformationThread) owned by ntoskrnl.exe
Entry 0x009c: 0x8057065f (NtQueryInformationToken) owned by ntoskrnl.exe
Entry 0x009d: 0x8057fe21 (NtQueryInstallUILanguage) owned by ntoskrnl.exe
Entry 0x009e: 0x8064bc33 (NtQueryIntervalProfile) owned by ntoskrnl.exe
Entry 0x009f: 0x80618844 (NtQueryIoCompletion) owned by ntoskrnl.exe
Entry 0x00a0: 0x80572a6d (NtQueryKey) owned by ntoskrnl.exe
Entry 0x00a1: 0x80650320 (NtQueryMultipleValueKey) owned by ntoskrnl.exe
Entry 0x00a2: 0x8064b5b8 (NtQueryMutant) owned by ntoskrnl.exe
Entry 0x00a3: 0x805814a8 (NtQueryObject) owned by ntoskrnl.exe
Entry 0x00a4: 0x80650529 (NtQueryOpenSubKeys) owned by ntoskrnl.exe
Entry 0x00a5: 0x80569348 (NtQueryPerformanceCounter) owned by ntoskrnl.exe
Entry 0x00a6: 0x80619297 (NtQueryQuotaInformationFile) owned by ntoskrnl.exe
Entry 0x00a7: 0x8057f4cc (NtQuerySection) owned by ntoskrnl.exe
Entry 0x00a8: 0x805df83e (NtQuerySecurityObject) owned by ntoskrnl.exe
Entry 0x00a9: 0x8064a39b (NtQuerySemaphore) owned by ntoskrnl.exe
Entry 0x00aa: 0x80592773 (NtQuerySymbolicLinkObject) owned by ntoskrnl.exe
Entry 0x00ab: 0x8064aafb (NtQuerySystemEnvironmentValue) owned by ntoskrnl.exe
Entry 0x00ac: 0x8064aac0 (NtQuerySystemEnvironmentValueEx) owned by ntoskrnl.exe
Entry 0x00ad: 0x8057dc36 (NtQuerySystemInformation) owned by ntoskrnl.exe
Entry 0x00ae: 0x805931ba (NtQuerySystemTime) owned by ntoskrnl.exe
Entry 0x00af: 0x80589206 (NtQueryTimer) owned by ntoskrnl.exe
Entry 0x00b0: 0x80586007 (NtQueryTimerResolution) owned by ntoskrnl.exe
Entry 0x00b1: 0x8056c1f1 (NtQueryValueKey) owned by ntoskrnl.exe
Entry 0x00b2: 0x805701ec (NtQueryVirtualMemory) owned by ntoskrnl.exe
Entry 0x00b3: 0x8056f003 (NtQueryVolumeInformationFile) owned by ntoskrnl.exe
Entry 0x00b4: 0x8059308b (NtQueueApcThread) owned by ntoskrnl.exe
Entry 0x00b5: 0x804e403a (NtRaiseException) owned by ntoskrnl.exe
Entry 0x00b6: 0x8064a0d7 (NtRaiseHardError) owned by ntoskrnl.exe
Entry 0x00b7: 0x80576117 (NtReadFile) owned by ntoskrnl.exe
Entry 0x00b8: 0x805dc82f (NtReadFileScatter) owned by ntoskrnl.exe
Entry 0x00b9: 0x8058b4c9 (NtReadRequestData) owned by ntoskrnl.exe
Entry 0x00ba: 0x805802ce (NtReadVirtualMemory) owned by ntoskrnl.exe
Entry 0x00bb: 0x80590d8c (NtRegisterThreadTerminatePort) owned by ntoskrnl.exe
Entry 0x00bc: 0x8056847b (NtReleaseMutant) owned by ntoskrnl.exe
Entry 0x00bd: 0x80589efe (NtReleaseSemaphore) owned by ntoskrnl.exe
Entry 0x00be: 0x80568fa9 (NtRemoveIoCompletion) owned by ntoskrnl.exe
Entry 0x00bf: 0x8065d2a2 (NtRemoveProcessDebug) owned by ntoskrnl.exe
Entry 0x00c0: 0x8065079e (NtRenameKey) owned by ntoskrnl.exe
Entry 0x00c1: 0x806510fa (NtReplaceKey) owned by ntoskrnl.exe
Entry 0x00c2: 0x8057ecda (NtReplyPort) owned by ntoskrnl.exe
Entry 0x00c3: 0x8056d82e (NtReplyWaitReceivePort) owned by ntoskrnl.exe
Entry 0x00c4: 0x8056d346 (NtReplyWaitReceivePortEx) owned by ntoskrnl.exe
Entry 0x00c5: 0x806252c6 (NtReplyWaitReplyPort) owned by ntoskrnl.exe
Entry 0x00c6: 0x8062e0d7 (NtRequestDeviceWakeup) owned by ntoskrnl.exe
Entry 0x00c7: 0x805df5f4 (NtRequestPort) owned by ntoskrnl.exe
Entry 0x00c8: 0x80578ce6 (NtRequestWaitReplyPort) owned by ntoskrnl.exe
Entry 0x00c9: 0x8062ded0 (NtRequestWakeupLatency) owned by ntoskrnl.exe
Entry 0x00ca: 0x805a0b88 (NtResetEvent) owned by ntoskrnl.exe
Entry 0x00cb: 0x8053dbfa (NtResetWriteWatch) owned by ntoskrnl.exe
Entry 0x00cc: 0x80650c91 (NtRestoreKey) owned by ntoskrnl.exe
Entry 0x00cd: 0x8063191c (NtResumeProcess) owned by ntoskrnl.exe
Entry 0x00ce: 0x80590cb2 (NtResumeThread) owned by ntoskrnl.exe
Entry 0x00cf: 0x80650d92 (NtSaveKey) owned by ntoskrnl.exe
Entry 0x00d0: 0x80650e7d (NtSaveKeyEx) owned by ntoskrnl.exe
Entry 0x00d1: 0x80650faa (NtSaveMergedKeys) owned by ntoskrnl.exe
Entry 0x00d2: 0x805914de (NtSecureConnectPort) owned by ntoskrnl.exe
Entry 0x00d3: 0x8064b047 (NtSetBootEntryOrder) owned by ntoskrnl.exe
Entry 0x00d4: 0x8064b047 (NtSetBootOptions) owned by ntoskrnl.exe
Entry 0x00d5: 0x8062fcdf (NtSetContextThread) owned by ntoskrnl.exe
Entry 0x00d6: 0x8065edec (NtSetDebugFilterState) owned by ntoskrnl.exe
Entry 0x00d7: 0x805d7657 (NtSetDefaultHardErrorPort) owned by ntoskrnl.exe
Entry 0x00d8: 0x805b0859 (NtSetDefaultLocale) owned by ntoskrnl.exe
Entry 0x00d9: 0x805b0800 (NtSetDefaultUILanguage) owned by ntoskrnl.exe
Entry 0x00da: 0x80618f1f (NtSetEaFile) owned by ntoskrnl.exe
Entry 0x00db: 0x8056b6be (NtSetEvent) owned by ntoskrnl.exe
Entry 0x00dc: 0x8057798e (NtSetEventBoostPriority) owned by ntoskrnl.exe
Entry 0x00dd: 0x8064b53f (NtSetHighEventPair) owned by ntoskrnl.exe
Entry 0x00de: 0x8064b45f (NtSetHighWaitLowEventPair) owned by ntoskrnl.exe
Entry 0x00df: 0x8065cc43 (NtSetInformationDebugObject) owned by ntoskrnl.exe
Entry 0x00e0: 0x8057694a (NtSetInformationFile) owned by ntoskrnl.exe
Entry 0x00e1: 0x805ad304 (NtSetInformationJobObject) owned by ntoskrnl.exe
Entry 0x00e2: 0x8064fe83 (NtSetInformationKey) owned by ntoskrnl.exe
Entry 0x00e3: 0x8057fd53 (NtSetInformationObject) owned by ntoskrnl.exe
Entry 0x00e4: 0x8056fc01 (NtSetInformationProcess) owned by ntoskrnl.exe
Entry 0x00e5: 0x80577576 (NtSetInformationThread) owned by ntoskrnl.exe
Entry 0x00e6: 0x805aa6f0 (NtSetInformationToken) owned by ntoskrnl.exe
Entry 0x00e7: 0x8064b75f (NtSetIntervalProfile) owned by ntoskrnl.exe
Entry 0x00e8: 0x8056dd1b (NtSetIoCompletion) owned by ntoskrnl.exe
Entry 0x00e9: 0x806309ff (NtSetLdtEntries) owned by ntoskrnl.exe
Entry 0x00ea: 0x8064b4d3 (NtSetLowEventPair) owned by ntoskrnl.exe
Entry 0x00eb: 0x8064b3eb (NtSetLowWaitHighEventPair) owned by ntoskrnl.exe
Entry 0x00ec: 0x8061926d (NtSetQuotaInformationFile) owned by ntoskrnl.exe
Entry 0x00ed: 0x8059d19b (NtSetSecurityObject) owned by ntoskrnl.exe
Entry 0x00ee: 0x8064ad98 (NtSetSystemEnvironmentValue) owned by ntoskrnl.exe
Entry 0x00ef: 0x8064aac0 (NtSetSystemEnvironmentValueEx) owned by ntoskrnl.exe
Entry 0x00f0: 0x805a9bdd (NtSetSystemInformation) owned by ntoskrnl.exe
Entry 0x00f1: 0x8066968b (NtSetSystemPowerState) owned by ntoskrnl.exe
Entry 0x00f2: 0x80649a21 (NtSetSystemTime) owned by ntoskrnl.exe
Entry 0x00f3: 0x805e2162 (NtSetThreadExecutionState) owned by ntoskrnl.exe
Entry 0x00f4: 0x804e779b (NtSetTimer) owned by ntoskrnl.exe
Entry 0x00f5: 0x805e27e8 (NtSetTimerResolution) owned by ntoskrnl.exe
Entry 0x00f6: 0x805aca1b (NtSetUuidSeed) owned by ntoskrnl.exe
Entry 0x00f7: 0x80574889 (NtSetValueKey) owned by ntoskrnl.exe
Entry 0x00f8: 0x806197b3 (NtSetVolumeInformationFile) owned by ntoskrnl.exe
Entry 0x00f9: 0x8064916b (NtShutdownSystem) owned by ntoskrnl.exe
Entry 0x00fa: 0x80519361 (NtSignalAndWaitForSingleObject) owned by ntoskrnl.exe
Entry 0x00fb: 0x8064b9ca (NtStartProfile) owned by ntoskrnl.exe
Entry 0x00fc: 0x8064bb83 (NtStopProfile) owned by ntoskrnl.exe
Entry 0x00fd: 0x806318c1 (NtSuspendProcess) owned by ntoskrnl.exe
Entry 0x00fe: 0x805e245e (NtSuspendThread) owned by ntoskrnl.exe
Entry 0x00ff: 0x8064bce3 (NtSystemDebugControl) owned by ntoskrnl.exe
Entry 0x0100: 0x806321f5 (NtTerminateJobObject) owned by ntoskrnl.exe
Entry 0x0101: 0x805842e0 (NtTerminateProcess) owned by ntoskrnl.exe
Entry 0x0102: 0x8057d885 (NtTerminateThread) owned by ntoskrnl.exe
Entry 0x0103: 0x80590799 (NtTestAlert) owned by ntoskrnl.exe
Entry 0x0104: 0x80547b18 (NtTraceEvent) owned by ntoskrnl.exe
Entry 0x0105: 0x8064aae7 (NtTranslateFilePath) owned by ntoskrnl.exe
Entry 0x0106: 0x8061bbd6 (NtUnloadDriver) owned by ntoskrnl.exe
Entry 0x0107: 0x8064f9fa (NtUnloadKey) owned by ntoskrnl.exe
Entry 0x0108: 0x8064fc23 (NtUnloadKeyEx) owned by ntoskrnl.exe
Entry 0x0109: 0x8058a5cb (NtUnlockFile) owned by ntoskrnl.exe
Entry 0x010a: 0x806291d7 (NtUnlockVirtualMemory) owned by ntoskrnl.exe
Entry 0x010b: 0x805756e6 (NtUnmapViewOfSection) owned by ntoskrnl.exe
Entry 0x010c: 0x805b99b7 (NtVdmControl) owned by ntoskrnl.exe
Entry 0x010d: 0x8065c98e (NtWaitForDebugEvent) owned by ntoskrnl.exe
Entry 0x010e: 0x805686e0 (NtWaitForMultipleObjects) owned by ntoskrnl.exe
Entry 0x010f: 0x8056817c (NtWaitForSingleObject) owned by ntoskrnl.exe
Entry 0x0110: 0x8064b37f (NtWaitHighEventPair) owned by ntoskrnl.exe
Entry 0x0111: 0x8064b313 (NtWaitLowEventPair) owned by ntoskrnl.exe
Entry 0x0112: 0x80576bf5 (NtWriteFile) owned by ntoskrnl.exe
Entry 0x0113: 0x805dc465 (NtWriteFileGather) owned by ntoskrnl.exe
Entry 0x0114: 0x8058b6b6 (NtWriteRequestData) owned by ntoskrnl.exe
Entry 0x0115: 0x80580420 (NtWriteVirtualMemory) owned by ntoskrnl.exe
Entry 0x0116: 0x804f2ea6 (NtYieldExecution) owned by ntoskrnl.exe
Entry 0x0117: 0x805cdd8d (NtCreateKeyedEvent) owned by ntoskrnl.exe
Entry 0x0118: 0x8058362c (NtOpenKeyedEvent) owned by ntoskrnl.exe
Entry 0x0119: 0x8064c157 (NtReleaseKeyedEvent) owned by ntoskrnl.exe
Entry 0x011a: 0x8064c3f2 (NtWaitForKeyedEvent) owned by ntoskrnl.exe
Entry 0x011b: 0x8062f4bd (NtQueryPortInformationProcess) owned by ntoskrnl.exe
SSDT[1] at bf999b80 with 667 entries
Entry 0x1000: 0xbf935f7e (NtGdiAbortDoc) owned by win32k.sys
Entry 0x1001: 0xbf947b29 (NtGdiAbortPath) owned by win32k.sys
Entry 0x1002: 0xbf88ca52 (NtGdiAddFontResourceW) owned by win32k.sys
Entry 0x1003: 0xbf93f6f0 (NtGdiAddRemoteFontToDC) owned by win32k.sys
Entry 0x1004: 0xbf949140 (NtGdiAddFontMemResourceEx) owned by win32k.sys
Entry 0x1005: 0xbf936212 (NtGdiRemoveMergeFont) owned by win32k.sys
Entry 0x1006: 0xbf9362b7 (NtGdiAddRemoteMMInstanceToDC) owned by win32k.sys
Entry 0x1007: 0xbf83b4cd (NtGdiAlphaBlend) owned by win32k.sys
Entry 0x1008: 0xbf948a67 (NtGdiAngleArc) owned by win32k.sys
Entry 0x1009: 0xbf934a17 (NtGdiAnyLinkedFonts) owned by win32k.sys
Entry 0x100a: 0xbf94905f (NtGdiFontIsLinked) owned by win32k.sys
Entry 0x100b: 0xbf90f2f4 (NtGdiArcInternal) owned by win32k.sys
Entry 0x100c: 0xbf902318 (NtGdiBeginPath) owned by win32k.sys
Entry 0x100d: 0xbf809fdf (NtGdiBitBlt) owned by win32k.sys
Entry 0x100e: 0xbf948f31 (NtGdiCancelDC) owned by win32k.sys
Entry 0x100f: 0xbf94a72d (NtGdiCheckBitmapBits) owned by win32k.sys
Entry 0x1010: 0xbf900c15 (NtGdiCloseFigure) owned by win32k.sys
Entry 0x1011: 0xbf893b44 (NtGdiClearBitmapAttributes) owned by win32k.sys
Entry 0x1012: 0xbf94900f (NtGdiClearBrushAttributes) owned by win32k.sys
Entry 0x1013: 0xbf94a860 (NtGdiColorCorrectPalette) owned by win32k.sys
Entry 0x1014: 0xbf820f34 (NtGdiCombineRgn) owned by win32k.sys
Entry 0x1015: 0xbf8dcb55 (NtGdiCombineTransform) owned by win32k.sys
Entry 0x1016: 0xbf87a2e4 (NtGdiComputeXformCoefficients) owned by win32k.sys
Entry 0x1017: 0xbf8c29a0 (NtGdiConsoleTextOut) owned by win32k.sys
Entry 0x1018: 0xbf91052f (NtGdiConvertMetafileRect) owned by win32k.sys
Entry 0x1019: 0xbf80e2c5 (NtGdiCreateBitmap) owned by win32k.sys
Entry 0x101a: 0xbf8dc7fd (NtGdiCreateClientObj) owned by win32k.sys
Entry 0x101b: 0xbf94a525 (NtGdiCreateColorSpace) owned by win32k.sys
Entry 0x101c: 0xbf94b430 (NtGdiCreateColorTransform) owned by win32k.sys
Entry 0x101d: 0xbf813a71 (NtGdiCreateCompatibleBitmap) owned by win32k.sys
Entry 0x101e: 0xbf80cf90 (NtGdiCreateCompatibleDC) owned by win32k.sys
Entry 0x101f: 0xbf8d14e4 (NtGdiCreateDIBBrush) owned by win32k.sys
Entry 0x1020: 0xbf83878f (NtGdiCreateDIBitmapInternal) owned by win32k.sys
Entry 0x1021: 0xbf82d92e (NtGdiCreateDIBSection) owned by win32k.sys
Entry 0x1022: 0xbf938e86 (NtGdiCreateEllipticRgn) owned by win32k.sys
Entry 0x1023: 0xbf8b64b4 (NtGdiCreateHalftonePalette) owned by win32k.sys
Entry 0x1024: 0xbf94c4bc (NtGdiCreateHatchBrushInternal) owned by win32k.sys
Entry 0x1025: 0xbf8e634c (NtGdiCreateMetafileDC) owned by win32k.sys
Entry 0x1026: 0xbf878ef7 (NtGdiCreatePaletteInternal) owned by win32k.sys
Entry 0x1027: 0xbf8b05e8 (NtGdiCreatePatternBrushInternal) owned by win32k.sys
Entry 0x1028: 0xbf84c7f6 (NtGdiCreatePen) owned by win32k.sys
Entry 0x1029: 0xbf840675 (NtGdiCreateRectRgn) owned by win32k.sys
Entry 0x102a: 0xbf883697 (NtGdiCreateRoundRectRgn) owned by win32k.sys
Entry 0x102b: 0xbf910434 (NtGdiCreateServerMetaFile) owned by win32k.sys
Entry 0x102c: 0xbf819f0b (NtGdiCreateSolidBrush) owned by win32k.sys
Entry 0x102d: 0xbf934056 (NtGdiD3dContextCreate) owned by win32k.sys
Entry 0x102e: 0xbf934069 (NtGdiD3dContextDestroy) owned by win32k.sys
Entry 0x102f: 0xbf93407c (NtGdiD3dContextDestroyAll) owned by win32k.sys
Entry 0x1030: 0xbf93408f (NtGdiD3dValidateTextureStageState) owned by win32k.sys
Entry 0x1031: 0xbf9340a2 (NtGdiD3dDrawPrimitives2) owned by win32k.sys
Entry 0x1032: 0xbf9340b5 (NtGdiDdGetDriverState) owned by win32k.sys
Entry 0x1033: 0xbf933f2b (NtGdiDdAddAttachedSurface) owned by win32k.sys
Entry 0x1034: 0xbf934175 (NtGdiDdAlphaBlt) owned by win32k.sys
Entry 0x1035: 0xbf907b08 (NtGdiDdAttachSurface) owned by win32k.sys
Entry 0x1036: 0xbf934120 (NtGdiDdBeginMoCompFrame) owned by win32k.sys
Entry 0x1037: 0xbf907b1b (NtGdiDdBlt) owned by win32k.sys
Entry 0x1038: 0xbf9078f5 (NtGdiDdCanCreateSurface) owned by win32k.sys
Entry 0x1039: 0xbf93402d (NtGdiDdCanCreateD3DBuffer) owned by win32k.sys
Entry 0x103a: 0xbf933f3e (NtGdiDdColorControl) owned by win32k.sys
Entry 0x103b: 0xbf8edbc0 (NtGdiDdCreateDirectDrawObject) owned by win32k.sys
Entry 0x103c: 0xbf8edbd3 (NtGdiDdCreateSurface) owned by win32k.sys
Entry 0x103d: 0xbf934017 (NtGdiDdCreateD3DBuffer) owned by win32k.sys
Entry 0x103e: 0xbf907934 (NtGdiDdCreateMoComp) owned by win32k.sys
Entry 0x103f: 0xbf907f73 (NtGdiDdCreateSurfaceObject) owned by win32k.sys
Entry 0x1040: 0xbf8ede1c (NtGdiDdDeleteDirectDrawObject) owned by win32k.sys
Entry 0x1041: 0xbf907adc (NtGdiDdDeleteSurfaceObject) owned by win32k.sys
Entry 0x1042: 0xbf907908 (NtGdiDdDestroyMoComp) owned by win32k.sys
Entry 0x1043: 0xbf8ede06 (NtGdiDdDestroySurface) owned by win32k.sys
Entry 0x1044: 0xbf934040 (NtGdiDdDestroyD3DBuffer) owned by win32k.sys
Entry 0x1045: 0xbf934133 (NtGdiDdEndMoCompFrame) owned by win32k.sys
Entry 0x1046: 0xbf908019 (NtGdiDdFlip) owned by win32k.sys
Entry 0x1047: 0xbf908724 (NtGdiDdFlipToGDISurface) owned by win32k.sys
Entry 0x1048: 0xbf907af2 (NtGdiDdGetAvailDriverMemory) owned by win32k.sys
Entry 0x1049: 0xbf933f51 (NtGdiDdGetBltStatus) owned by win32k.sys
Entry 0x104a: 0xbf907860 (NtGdiDdGetDC) owned by win32k.sys
Entry 0x104b: 0xbf90789f (NtGdiDdGetDriverInfo) owned by win32k.sys
Entry 0x104c: 0xbf933fbf (NtGdiDdGetDxHandle) owned by win32k.sys
Entry 0x104d: 0xbf933f67 (NtGdiDdGetFlipStatus) owned by win32k.sys
Entry 0x104e: 0xbf93410a (NtGdiDdGetInternalMoCompInfo) owned by win32k.sys
Entry 0x104f: 0xbf9340f4 (NtGdiDdGetMoCompBuffInfo) owned by win32k.sys
Entry 0x1050: 0xbf90791e (NtGdiDdGetMoCompGuids) owned by win32k.sys
Entry 0x1051: 0xbf9340de (NtGdiDdGetMoCompFormats) owned by win32k.sys
Entry 0x1052: 0xbf90882a (NtGdiDdGetScanLine) owned by win32k.sys
Entry 0x1053: 0xbf8e40e4 (NtGdiDdLock) owned by win32k.sys
Entry 0x1054: 0xbf933feb (NtGdiDdLockD3D) owned by win32k.sys
Entry 0x1055: 0xbf8edb5f (NtGdiDdQueryDirectDrawObject) owned by win32k.sys
Entry 0x1056: 0xbf93415f (NtGdiDdQueryMoCompStatus) owned by win32k.sys
Entry 0x1057: 0xbf8edb9a (NtGdiDdReenableDirectDrawObject) owned by win32k.sys
Entry 0x1058: 0xbf9079d4 (NtGdiDdReleaseDC) owned by win32k.sys
Entry 0x1059: 0xbf934149 (NtGdiDdRenderMoComp) owned by win32k.sys
Entry 0x105a: 0xbf8e3f2a (NtGdiDdResetVisrgn) owned by win32k.sys
Entry 0x105b: 0xbf90802f (NtGdiDdSetColorKey) owned by win32k.sys
Entry 0x105c: 0xbf933f7d (NtGdiDdSetExclusiveMode) owned by win32k.sys
Entry 0x105d: 0xbf933fd5 (NtGdiDdSetGammaRamp) owned by win32k.sys
Entry 0x105e: 0xbf9340c8 (NtGdiDdCreateSurfaceEx) owned by win32k.sys
Entry 0x105f: 0xbf933f93 (NtGdiDdSetOverlayPosition) owned by win32k.sys
Entry 0x1060: 0xbf907ba8 (NtGdiDdUnattachSurface) owned by win32k.sys
Entry 0x1061: 0xbf8e3eda (NtGdiDdUnlock) owned by win32k.sys
Entry 0x1062: 0xbf934001 (NtGdiDdUnlockD3D) owned by win32k.sys
Entry 0x1063: 0xbf908003 (NtGdiDdUpdateOverlay) owned by win32k.sys
Entry 0x1064: 0xbf933fa9 (NtGdiDdWaitForVerticalBlank) owned by win32k.sys
Entry 0x1065: 0xbf934188 (NtGdiDvpCanCreateVideoPort) owned by win32k.sys
Entry 0x1066: 0xbf93419e (NtGdiDvpColorControl) owned by win32k.sys
Entry 0x1067: 0xbf9341b4 (NtGdiDvpCreateVideoPort) owned by win32k.sys
Entry 0x1068: 0xbf9341ca (NtGdiDvpDestroyVideoPort) owned by win32k.sys
Entry 0x1069: 0xbf9341e0 (NtGdiDvpFlipVideoPort) owned by win32k.sys
Entry 0x106a: 0xbf9341f6 (NtGdiDvpGetVideoPortBandwidth) owned by win32k.sys
Entry 0x106b: 0xbf93420c (NtGdiDvpGetVideoPortField) owned by win32k.sys
Entry 0x106c: 0xbf934222 (NtGdiDvpGetVideoPortFlipStatus) owned by win32k.sys
Entry 0x106d: 0xbf934238 (NtGdiDvpGetVideoPortInputFormats) owned by win32k.sys
Entry 0x106e: 0xbf93424e (NtGdiDvpGetVideoPortLine) owned by win32k.sys
Entry 0x106f: 0xbf934264 (NtGdiDvpGetVideoPortOutputFormats) owned by win32k.sys
Entry 0x1070: 0xbf93427a (NtGdiDvpGetVideoPortConnectInfo) owned by win32k.sys
Entry 0x1071: 0xbf934290 (NtGdiDvpGetVideoSignalStatus) owned by win32k.sys
Entry 0x1072: 0xbf9342a6 (NtGdiDvpUpdateVideoPort) owned by win32k.sys
Entry 0x1073: 0xbf9342bc (NtGdiDvpWaitForVideoPortSync) owned by win32k.sys
Entry 0x1074: 0xbf9342d2 (NtGdiDvpAcquireNotification) owned by win32k.sys
Entry 0x1075: 0xbf9342e8 (NtGdiDvpReleaseNotification) owned by win32k.sys
Entry 0x1076: 0xbf933f18 (NtGdiDxgGenericThunk) owned by win32k.sys
Entry 0x1077: 0xbf8dc91f (NtGdiDeleteClientObj) owned by win32k.sys
Entry 0x1078: 0xbf94a518 (NtGdiDeleteColorSpace) owned by win32k.sys
Entry 0x1079: 0xbf94b6ec (NtGdiDeleteColorTransform) owned by win32k.sys
Entry 0x107a: 0xbf8138fe (NtGdiDeleteObjectApp) owned by win32k.sys
Entry 0x107b: 0xbf949c16 (NtGdiDescribePixelFormat) owned by win32k.sys
Entry 0x107c: 0xbf8fb263 (NtGdiGetPerBandInfo) owned by win32k.sys
Entry 0x107d: 0xbf8fdfe7 (NtGdiDoBanding) owned by win32k.sys
Entry 0x107e: 0xbf84363f (NtGdiDoPalette) owned by win32k.sys
Entry 0x107f: 0xbf948ab1 (NtGdiDrawEscape) owned by win32k.sys
Entry 0x1080: 0xbf8d3ffb (NtGdiEllipse) owned by win32k.sys
Entry 0x1081: 0xbf892010 (NtGdiEnableEudc) owned by win32k.sys
Entry 0x1082: 0xbf8fd930 (NtGdiEndDoc) owned by win32k.sys
Entry 0x1083: 0xbf8faeb7 (NtGdiEndPage) owned by win32k.sys
Entry 0x1084: 0xbf9023b8 (NtGdiEndPath) owned by win32k.sys
Entry 0x1085: 0xbf87e213 (NtGdiEnumFontChunk) owned by win32k.sys
Entry 0x1086: 0xbf87e192 (NtGdiEnumFontClose) owned by win32k.sys
Entry 0x1087: 0xbf87d821 (NtGdiEnumFontOpen) owned by win32k.sys
Entry 0x1088: 0xbf8d17ec (NtGdiEnumObjects) owned by win32k.sys
Entry 0x1089: 0xbf938f81 (NtGdiEqualRgn) owned by win32k.sys
Entry 0x108a: 0xbf94fcc7 (NtGdiEudcLoadUnloadLink) owned by win32k.sys
Entry 0x108b: 0xbf82d12f (NtGdiExcludeClipRect) owned by win32k.sys
Entry 0x108c: 0xbf8c9bc3 (NtGdiExtCreatePen) owned by win32k.sys
Entry 0x108d: 0xbf8409bc (NtGdiExtCreateRegion) owned by win32k.sys
Entry 0x108e: 0xbf881a28 (NtGdiExtEscape) owned by win32k.sys
Entry 0x108f: 0xbf950ae5 (NtGdiExtFloodFill) owned by win32k.sys
Entry 0x1090: 0xbf82c035 (NtGdiExtGetObjectW) owned by win32k.sys
Entry 0x1091: 0xbf80f185 (NtGdiExtSelectClipRgn) owned by win32k.sys
Entry 0x1092: 0xbf8290fa (NtGdiExtTextOutW) owned by win32k.sys
Entry 0x1093: 0xbf947c4e (NtGdiFillPath) owned by win32k.sys
Entry 0x1094: 0xbf851c35 (NtGdiFillRgn) owned by win32k.sys
Entry 0x1095: 0xbf947bb3 (NtGdiFlattenPath) owned by win32k.sys
Entry 0x1096: 0xbf80c0b6 (NtGdiFlushUserBatch) owned by win32k.sys
Entry 0x1097: 0xbf807856 (NtGdiFlush) owned by win32k.sys
Entry 0x1098: 0xbf949af6 (NtGdiForceUFIMapping) owned by win32k.sys
Entry 0x1099: 0xbf883909 (NtGdiFrameRgn) owned by win32k.sys
Entry 0x109a: 0xbf93bc5a (NtGdiFullscreenControl) owned by win32k.sys
Entry 0x109b: 0xbf8c8e94 (NtGdiGetAndSetDCDword) owned by win32k.sys
Entry 0x109c: 0xbf816495 (NtGdiGetAppClipBox) owned by win32k.sys
Entry 0x109d: 0xbf852128 (NtGdiGetBitmapBits) owned by win32k.sys
Entry 0x109e: 0xbf949a18 (NtGdiGetBitmapDimension) owned by win32k.sys
Entry 0x109f: 0xbf8574b2 (NtGdiGetBoundsRect) owned by win32k.sys
Entry 0x10a0: 0xbf8f8fe0 (NtGdiGetCharABCWidthsW) owned by win32k.sys
Entry 0x10a1: 0xbf9481bc (NtGdiGetCharacterPlacementW) owned by win32k.sys
Entry 0x10a2: 0xbf80f7c0 (NtGdiGetCharSet) owned by win32k.sys
Entry 0x10a3: 0xbf8eb2cb (NtGdiGetCharWidthW) owned by win32k.sys
Entry 0x10a4: 0xbf8799b5 (NtGdiGetCharWidthInfo) owned by win32k.sys
Entry 0x10a5: 0xbf948dd3 (NtGdiGetColorAdjustment) owned by win32k.sys
Entry 0x10a6: 0xbf95139a (NtGdiGetColorSpaceforBitmap) owned by win32k.sys
Entry 0x10a7: 0xbf82c302 (NtGdiGetDCDword) owned by win32k.sys
Entry 0x10a8: 0xbf836102 (NtGdiGetDCforBitmap) owned by win32k.sys
Entry 0x10a9: 0xbf82c18f (NtGdiGetDCObject) owned by win32k.sys
Entry 0x10aa: 0xbf8c5245 (NtGdiGetDCPoint) owned by win32k.sys
Entry 0x10ab: 0xbf948fcf (NtGdiGetDeviceCaps) owned by win32k.sys
Entry 0x10ac: 0xbf94aac3 (NtGdiGetDeviceGammaRamp) owned by win32k.sys
Entry 0x10ad: 0xbf8fa04d (NtGdiGetDeviceCapsAll) owned by win32k.sys
Entry 0x10ae: 0xbf845424 (NtGdiGetDIBitsInternal) owned by win32k.sys
Entry 0x10af: 0xbf9522fd (NtGdiGetETM) owned by win32k.sys
Entry 0x10b0: 0xbf94d769 (NtGdiGetEudcTimeStampEx) owned by win32k.sys
Entry 0x10b1: 0xbf8ecab9 (NtGdiGetFontData) owned by win32k.sys
Entry 0x10b2: 0xbf94926e (NtGdiGetFontResourceInfoInternalW) owned by win32k.sys
Entry 0x10b3: 0xbf949ef9 (NtGdiGetGlyphIndicesW) owned by win32k.sys
Entry 0x10b4: 0xbf949d9c (NtGdiGetGlyphIndicesWInternal) owned by win32k.sys
Entry 0x10b5: 0xbf948bc4 (NtGdiGetGlyphOutline) owned by win32k.sys
Entry 0x10b6: 0xbf948cc9 (NtGdiGetKerningPairs) owned by win32k.sys
Entry 0x10b7: 0xbf935f96 (NtGdiGetLinkedUFIs) owned by win32k.sys
Entry 0x10b8: 0xbf8e63b4 (NtGdiGetMiterLimit) owned by win32k.sys
Entry 0x10b9: 0xbf93eb81 (NtGdiGetMonitorID) owned by win32k.sys
Entry 0x10ba: 0xbf82d285 (NtGdiGetNearestColor) owned by win32k.sys
Entry 0x10bb: 0xbf94c542 (NtGdiGetNearestPaletteIndex) owned by win32k.sys
Entry 0x10bc: 0xbf948d5a (NtGdiGetObjectBitmapHandle) owned by win32k.sys
Entry 0x10bd: 0xbf8ea9b4 (NtGdiGetOutlineTextMetricsInternalW) owned by win32k.sys
Entry 0x10be: 0xbf94801b (NtGdiGetPath) owned by win32k.sys
Entry 0x10bf: 0xbf87882d (NtGdiGetPixel) owned by win32k.sys
Entry 0x10c0: 0xbf80f195 (NtGdiGetRandomRgn) owned by win32k.sys
Entry 0x10c1: 0xbf8ed5f7 (NtGdiGetRasterizerCaps) owned by win32k.sys
Entry 0x10c2: 0xbf949fa4 (NtGdiGetRealizationInfo) owned by win32k.sys
Entry 0x10c3: 0xbf8712c5 (NtGdiGetRegionData) owned by win32k.sys
Entry 0x10c4: 0xbf8c518f (NtGdiGetRgnBox) owned by win32k.sys
Entry 0x10c5: 0xbf91068e (NtGdiGetServerMetaFileBits) owned by win32k.sys
Entry 0x10c6: 0xbf887ae9 (NtGdiGetSpoolMessage) owned by win32k.sys
Entry 0x10c7: 0xbf95247a (NtGdiGetStats) owned by win32k.sys
Entry 0x10c8: 0xbf81f8a9 (NtGdiGetStockObject) owned by win32k.sys
Entry 0x10c9: 0xbf94f35b (NtGdiGetStringBitmapW) owned by win32k.sys
Entry 0x10ca: 0xbf8f4a6e (NtGdiGetSystemPaletteUse) owned by win32k.sys
Entry 0x10cb: 0xbf837bb3 (NtGdiGetTextCharsetInfo) owned by win32k.sys
Entry 0x10cc: 0xbf86f8be (NtGdiGetTextExtent) owned by win32k.sys
Entry 0x10cd: 0xbf8d1052 (NtGdiGetTextExtentExW) owned by win32k.sys
Entry 0x10ce: 0xbf839c52 (NtGdiGetTextFaceW) owned by win32k.sys
Entry 0x10cf: 0xbf837a11 (NtGdiGetTextMetricsW) owned by win32k.sys
Entry 0x10d0: 0xbf87f40e (NtGdiGetTransform) owned by win32k.sys
Entry 0x10d1: 0xbf9494b5 (NtGdiGetUFI) owned by win32k.sys
Entry 0x10d2: 0xbf94957e (NtGdiGetEmbUFI) owned by win32k.sys
Entry 0x10d3: 0xbf94965e (NtGdiGetUFIPathname) owned by win32k.sys
Entry 0x10d4: 0xbf949436 (NtGdiGetEmbedFonts) owned by win32k.sys
Entry 0x10d5: 0xbf949440 (NtGdiChangeGhostFont) owned by win32k.sys
Entry 0x10d6: 0xbf9352c2 (NtGdiAddEmbFontToDC) owned by win32k.sys
Entry 0x10d7: 0xbf949f1d (NtGdiGetFontUnicodeRanges) owned by win32k.sys
Entry 0x10d8: 0xbf838e0a (NtGdiGetWidthTable) owned by win32k.sys
Entry 0x10d9: 0xbf855a3f (NtGdiGradientFill) owned by win32k.sys
Entry 0x10da: 0xbf8376ff (NtGdiHfontCreate) owned by win32k.sys
Entry 0x10db: 0xbf94b0a7 (NtGdiIcmBrushInfo) owned by win32k.sys
Entry 0x10dc: 0xbf8c1b4c (NtGdiInit) owned by win32k.sys
Entry 0x10dd: 0xbf89402e (NtGdiInitSpool) owned by win32k.sys
Entry 0x10de: 0xbf815fbe (NtGdiIntersectClipRect) owned by win32k.sys
Entry 0x10df: 0xbf8f852a (NtGdiInvertRgn) owned by win32k.sys
Entry 0x10e0: 0xbf8c6aa1 (NtGdiLineTo) owned by win32k.sys
Entry 0x10e1: 0xbf949c90 (NtGdiMakeFontDir) owned by win32k.sys
Entry 0x10e2: 0xbf9513d3 (NtGdiMakeInfoDC) owned by win32k.sys
Entry 0x10e3: 0xbf838560 (NtGdiMaskBlt) owned by win32k.sys
Entry 0x10e4: 0xbf87f1eb (NtGdiModifyWorldTransform) owned by win32k.sys
Entry 0x10e5: 0xbf8e6587 (NtGdiMonoBitmap) owned by win32k.sys
Entry 0x10e6: 0xbf948f61 (NtGdiMoveTo) owned by win32k.sys
Entry 0x10e7: 0xbf8fde82 (NtGdiOffsetClipRgn) owned by win32k.sys
Entry 0x10e8: 0xbf836616 (NtGdiOffsetRgn) owned by win32k.sys
Entry 0x10e9: 0xbf838a7e (NtGdiOpenDCW) owned by win32k.sys
Entry 0x10ea: 0xbf8c47fd (NtGdiPatBlt) owned by win32k.sys
Entry 0x10eb: 0xbf82f299 (NtGdiPolyPatBlt) owned by win32k.sys
Entry 0x10ec: 0xbf947d28 (NtGdiPathToRegion) owned by win32k.sys
Entry 0x10ed: 0xbf9438f8 (NtGdiPlgBlt) owned by win32k.sys
Entry 0x10ee: 0xbf94864f (NtGdiPolyDraw) owned by win32k.sys
Entry 0x10ef: 0xbf84c078 (NtGdiPolyPolyDraw) owned by win32k.sys
Entry 0x10f0: 0xbf94874c (NtGdiPolyTextOutW) owned by win32k.sys
Entry 0x10f1: 0xbf94904f (NtGdiPtInRegion) owned by win32k.sys
Entry 0x10f2: 0xbf939123 (NtGdiPtVisible) owned by win32k.sys
Entry 0x10f3: 0xbf94906f (NtGdiQueryFonts) owned by win32k.sys
Entry 0x10f4: 0xbf8c205d (NtGdiQueryFontAssocInfo) owned by win32k.sys
Entry 0x10f5: 0xbf8e3436 (NtGdiRectangle) owned by win32k.sys
Entry 0x10f6: 0xbf8ede6f (NtGdiRectInRegion) owned by win32k.sys
Entry 0x10f7: 0xbf835060 (NtGdiRectVisible) owned by win32k.sys
Entry 0x10f8: 0xbf8d092d (NtGdiRemoveFontResourceW) owned by win32k.sys
Entry 0x10f9: 0xbf949252 (NtGdiRemoveFontMemResourceEx) owned by win32k.sys
Entry 0x10fa: 0xbf8e2ea0 (NtGdiResetDC) owned by win32k.sys
Entry 0x10fb: 0xbf94c7b6 (NtGdiResizePalette) owned by win32k.sys
Entry 0x10fc: 0xbf82e67d (NtGdiRestoreDC) owned by win32k.sys
Entry 0x10fd: 0xbf90e4d0 (NtGdiRoundRect) owned by win32k.sys
Entry 0x10fe: 0xbf82e68d (NtGdiSaveDC) owned by win32k.sys
Entry 0x10ff: 0xbf941aea (NtGdiScaleViewportExtEx) owned by win32k.sys
Entry 0x1100: 0xbf9499a4 (NtGdiScaleWindowExtEx) owned by win32k.sys
Entry 0x1101: 0xbf808bed (NtGdiSelectBitmap) owned by win32k.sys
Entry 0x1102: 0xbf948f41 (NtGdiSelectBrush) owned by win32k.sys
Entry 0x1103: 0xbf9024b3 (NtGdiSelectClipPath) owned by win32k.sys
Entry 0x1104: 0xbf820f44 (NtGdiSelectFont) owned by win32k.sys
Entry 0x1105: 0xbf948f51 (NtGdiSelectPen) owned by win32k.sys
Entry 0x1106: 0xbf893a78 (NtGdiSetBitmapAttributes) owned by win32k.sys
Entry 0x1107: 0xbf8c4145 (NtGdiSetBitmapBits) owned by win32k.sys
Entry 0x1108: 0xbf949a82 (NtGdiSetBitmapDimension) owned by win32k.sys
Entry 0x1109: 0xbf8578b9 (NtGdiSetBoundsRect) owned by win32k.sys
Entry 0x110a: 0xbf948fef (NtGdiSetBrushAttributes) owned by win32k.sys
Entry 0x110b: 0xbf8c41e3 (NtGdiSetBrushOrg) owned by win32k.sys
Entry 0x110c: 0xbf948e34 (NtGdiSetColorAdjustment) owned by win32k.sys
Entry 0x110d: 0xbf94a5da (NtGdiSetColorSpace) owned by win32k.sys
Entry 0x110e: 0xbf94adff (NtGdiSetDeviceGammaRamp) owned by win32k.sys
Entry 0x110f: 0xbf82ba59 (NtGdiSetDIBitsToDeviceInternal) owned by win32k.sys
Entry 0x1110: 0xbf8ae71a (NtGdiSetFontEnumeration) owned by win32k.sys
Entry 0x1111: 0xbf8dccd5 (NtGdiSetFontXform) owned by win32k.sys
Entry 0x1112: 0xbf8c63e4 (NtGdiSetIcmMode) owned by win32k.sys
Entry 0x1113: 0xbf8fa9df (NtGdiSetLinkedUFIs) owned by win32k.sys
Entry 0x1114: 0xbf94ca40 (NtGdiSetMagicColors) owned by win32k.sys
Entry 0x1115: 0xbf8dca54 (NtGdiSetMetaRgn) owned by win32k.sys
Entry 0x1116: 0xbf8dca76 (NtGdiSetMiterLimit) owned by win32k.sys
Entry 0x1117: 0xbf949994 (NtGdiGetDeviceWidth) owned by win32k.sys
Entry 0x1118: 0xbf949984 (NtGdiMirrorWindowOrg) owned by win32k.sys
Entry 0x1119: 0xbf82d037 (NtGdiSetLayout) owned by win32k.sys
Entry 0x111a: 0xbf878a6f (NtGdiSetPixel) owned by win32k.sys
Entry 0x111b: 0xbf953144 (NtGdiSetPixelFormat) owned by win32k.sys
Entry 0x111c: 0xbf94903f (NtGdiSetRectRgn) owned by win32k.sys
Entry 0x111d: 0xbf948fdf (NtGdiSetSystemPaletteUse) owned by win32k.sys
Entry 0x111e: 0xbf95270a (NtGdiSetTextJustification) owned by win32k.sys
Entry 0x111f: 0xbf88f6d3 (NtGdiSetupPublicCFONT) owned by win32k.sys
Entry 0x1120: 0xbf8dc878 (NtGdiSetVirtualResolution) owned by win32k.sys
Entry 0x1121: 0xbf8dcd46 (NtGdiSetSizeDevice) owned by win32k.sys
Entry 0x1122: 0xbf905cab (NtGdiStartDoc) owned by win32k.sys
Entry 0x1123: 0xbf8fad08 (NtGdiStartPage) owned by win32k.sys
Entry 0x1124: 0xbf873983 (NtGdiStretchBlt) owned by win32k.sys
Entry 0x1125: 0xbf876f18 (NtGdiStretchDIBitsInternal) owned by win32k.sys
Entry 0x1126: 0xbf90102e (NtGdiStrokeAndFillPath) owned by win32k.sys
Entry 0x1127: 0xbf947f2f (NtGdiStrokePath) owned by win32k.sys
Entry 0x1128: 0xbf9532ec (NtGdiSwapBuffers) owned by win32k.sys
Entry 0x1129: 0xbf8c4990 (NtGdiTransformPoints) owned by win32k.sys
Entry 0x112a: 0xbf857d74 (NtGdiTransparentBlt) owned by win32k.sys
Entry 0x112b: 0xbf949b67 (NtGdiUnloadPrinterDriver) owned by win32k.sys
Entry 0x112c: 0xbf9535aa (NtGdiUnmapMemFont) owned by win32k.sys
Entry 0x112d: 0xbf94902f (NtGdiUnrealizeObject) owned by win32k.sys
Entry 0x112e: 0xbf94ca50 (NtGdiUpdateColors) owned by win32k.sys
Entry 0x112f: 0xbf947e10 (NtGdiWidenPath) owned by win32k.sys
Entry 0x1130: 0xbf87c173 (NtUserActivateKeyboardLayout) owned by win32k.sys
Entry 0x1131: 0xbf8538a8 (NtUserAlterWindowStyle) owned by win32k.sys
Entry 0x1132: 0xbf914893 (NtUserAssociateInputContext) owned by win32k.sys
Entry 0x1133: 0xbf8f4fc9 (NtUserAttachThreadInput) owned by win32k.sys
Entry 0x1134: 0xbf815ba6 (NtUserBeginPaint) owned by win32k.sys
Entry 0x1135: 0xbf8f4a94 (NtUserBitBltSysBmp) owned by win32k.sys
Entry 0x1136: 0xbf9131e6 (NtUserBlockInput) owned by win32k.sys
Entry 0x1137: 0xbf9149ca (NtUserBuildHimcList) owned by win32k.sys
Entry 0x1138: 0xbf835f21 (NtUserBuildHwndList) owned by win32k.sys
Entry 0x1139: 0xbf8b37fb (NtUserBuildNameList) owned by win32k.sys
Entry 0x113a: 0xbf912fa9 (NtUserBuildPropList) owned by win32k.sys
Entry 0x113b: 0xbf85a5cb (NtUserCallHwnd) owned by win32k.sys
Entry 0x113c: 0xbf83655d (NtUserCallHwndLock) owned by win32k.sys
Entry 0x113d: 0xbf891059 (NtUserCallHwndOpt) owned by win32k.sys
Entry 0x113e: 0xbf836750 (NtUserCallHwndParam) owned by win32k.sys
Entry 0x113f: 0xbf82868b (NtUserCallHwndParamLock) owned by win32k.sys
Entry 0x1140: 0xbf8f49a3 (NtUserCallMsgFilter) owned by win32k.sys
Entry 0x1141: 0xbf8f638c (NtUserCallNextHookEx) owned by win32k.sys
Entry 0x1142: 0xbf80112f (NtUserCallNoParam) owned by win32k.sys
Entry 0x1143: 0xbf8010e7 (NtUserCallOneParam) owned by win32k.sys
Entry 0x1144: 0xbf836710 (NtUserCallTwoParam) owned by win32k.sys
Entry 0x1145: 0xbf8f9573 (NtUserChangeClipboardChain) owned by win32k.sys
Entry 0x1146: 0xbf8accfc (NtUserChangeDisplaySettings) owned by win32k.sys
Entry 0x1147: 0xbf8b42fe (NtUserCheckImeHotKey) owned by win32k.sys
Entry 0x1148: 0xbf8cc883 (NtUserCheckMenuItem) owned by win32k.sys
Entry 0x1149: 0xbf88a4e4 (NtUserChildWindowFromPointEx) owned by win32k.sys
Entry 0x114a: 0xbf8fa7ff (NtUserClipCursor) owned by win32k.sys
Entry 0x114b: 0xbf8f842f (NtUserCloseClipboard) owned by win32k.sys
Entry 0x114c: 0xbf8b34d6 (NtUserCloseDesktop) owned by win32k.sys
Entry 0x114d: 0xbf8b3598 (NtUserCloseWindowStation) owned by win32k.sys
Entry 0x114e: 0xbf8c1580 (NtUserConsoleControl) owned by win32k.sys
Entry 0x114f: 0xbf8ea7e1 (NtUserConvertMemHandle) owned by win32k.sys
Entry 0x1150: 0xbf90db09 (NtUserCopyAcceleratorTable) owned by win32k.sys
Entry 0x1151: 0xbf8f4a48 (NtUserCountClipboardFormats) owned by win32k.sys
Entry 0x1152: 0xbf8b63d9 (NtUserCreateAcceleratorTable) owned by win32k.sys
Entry 0x1153: 0xbf84b1d5 (NtUserCreateCaret) owned by win32k.sys
Entry 0x1154: 0xbf89371b (NtUserCreateDesktop) owned by win32k.sys
Entry 0x1155: 0xbf9147f9 (NtUserCreateInputContext) owned by win32k.sys
Entry 0x1156: 0xbf8f98ce (NtUserCreateLocalMemHandle) owned by win32k.sys
Entry 0x1157: 0xbf834964 (NtUserCreateWindowEx) owned by win32k.sys
Entry 0x1158: 0xbf893d6e (NtUserCreateWindowStation) owned by win32k.sys
Entry 0x1159: 0xbf912033 (NtUserDdeGetQualityOfService) owned by win32k.sys
Entry 0x115a: 0xbf891d0a (NtUserDdeInitialize) owned by win32k.sys
Entry 0x115b: 0xbf911f63 (NtUserDdeSetQualityOfService) owned by win32k.sys
Entry 0x115c: 0xbf8b462b (NtUserDeferWindowPos) owned by win32k.sys
Entry 0x115d: 0xbf8b49f1 (NtUserDefSetText) owned by win32k.sys
Entry 0x115e: 0xbf84b601 (NtUserDeleteMenu) owned by win32k.sys
Entry 0x115f: 0xbf8fa79e (NtUserDestroyAcceleratorTable) owned by win32k.sys
Entry 0x1160: 0xbf835ca5 (NtUserDestroyCursor) owned by win32k.sys
Entry 0x1161: 0xbf914849 (NtUserDestroyInputContext) owned by win32k.sys
Entry 0x1162: 0xbf84d1aa (NtUserDestroyMenu) owned by win32k.sys
Entry 0x1163: 0xbf845873 (NtUserDestroyWindow) owned by win32k.sys
Entry 0x1164: 0xbf915001 (NtUserDisableThreadIme) owned by win32k.sys
Entry 0x1165: 0xbf80ec27 (NtUserDispatchMessage) owned by win32k.sys
Entry 0x1166: 0xbf9130a4 (NtUserDragDetect) owned by win32k.sys
Entry 0x1167: 0xbf911527 (NtUserDragObject) owned by win32k.sys
Entry 0x1168: 0xbf912203 (NtUserDrawAnimatedRects) owned by win32k.sys
Entry 0x1169: 0xbf9122c6 (NtUserDrawCaption) owned by win32k.sys
Entry 0x116a: 0xbf90b8b0 (NtUserDrawCaptionTemp) owned by win32k.sys
Entry 0x116b: 0xbf83c08f (NtUserDrawIconEx) owned by win32k.sys
Entry 0x116c: 0xbf913271 (NtUserDrawMenuBarTemp) owned by win32k.sys
Entry 0x116d: 0xbf8ea466 (NtUserEmptyClipboard) owned by win32k.sys
Entry 0x116e: 0xbf8c534a (NtUserEnableMenuItem) owned by win32k.sys
Entry 0x116f: 0xbf911ede (NtUserEnableScrollBar) owned by win32k.sys
Entry 0x1170: 0xbf82cc25 (NtUserEndDeferWindowPosEx) owned by win32k.sys
Entry 0x1171: 0xbf91236f (NtUserEndMenu) owned by win32k.sys
Entry 0x1172: 0xbf81585d (NtUserEndPaint) owned by win32k.sys
Entry 0x1173: 0xbf872c1d (NtUserEnumDisplayDevices) owned by win32k.sys
Entry 0x1174: 0xbf83566f (NtUserEnumDisplayMonitors) owned by win32k.sys
Entry 0x1175: 0xbf859356 (NtUserEnumDisplaySettings) owned by win32k.sys
Entry 0x1176: 0xbf9117b4 (NtUserEvent) owned by win32k.sys
Entry 0x1177: 0xbf8f8730 (NtUserExcludeUpdateRgn) owned by win32k.sys
Entry 0x1178: 0xbf8f48da (NtUserFillWindow) owned by win32k.sys
Entry 0x1179: 0xbf81b5fa (NtUserFindExistingCursorIcon) owned by win32k.sys
Entry 0x117a: 0xbf8b1369 (NtUserFindWindowEx) owned by win32k.sys
Entry 0x117b: 0xbf91540e (NtUserFlashWindowEx) owned by win32k.sys
Entry 0x117c: 0xbf8e8688 (NtUserGetAltTabInfo) owned by win32k.sys
Entry 0x117d: 0xbf82c837 (NtUserGetAncestor) owned by win32k.sys
Entry 0x117e: 0xbf914d9e (NtUserGetAppImeLevel) owned by win32k.sys
Entry 0x117f: 0xbf84928e (NtUserGetAsyncKeyState) owned by win32k.sys
Entry 0x1180: 0xbf834b40 (NtUserGetAtomName) owned by win32k.sys
Entry 0x1181: 0xbf84203e (NtUserGetCaretBlinkTime) owned by win32k.sys
Entry 0x1182: 0xbf8c4eee (NtUserGetCaretPos) owned by win32k.sys
Entry 0x1183: 0xbf843300 (NtUserGetClassInfo) owned by win32k.sys
Entry 0x1184: 0xbf82c568 (NtUserGetClassName) owned by win32k.sys
Entry 0x1185: 0xbf8f9709 (NtUserGetClipboardData) owned by win32k.sys
Entry 0x1186: 0xbf8edf34 (NtUserGetClipboardFormatName) owned by win32k.sys
Entry 0x1187: 0xbf8ea55c (NtUserGetClipboardOwner) owned by win32k.sys
Entry 0x1188: 0xbf8c4ca7 (NtUserGetClipboardSequenceNumber) owned by win32k.sys
Entry 0x1189: 0xbf9123b5 (NtUserGetClipboardViewer) owned by win32k.sys
Entry 0x118a: 0xbf911e46 (NtUserGetClipCursor) owned by win32k.sys
Entry 0x118b: 0xbf911a7c (NtUserGetComboBoxInfo) owned by win32k.sys
Entry 0x118c: 0xbf8798cc (NtUserGetControlBrush) owned by win32k.sys
Entry 0x118d: 0xbf9073e1 (NtUserGetControlColor) owned by win32k.sys
Entry 0x118e: 0xbf8214db (NtUserGetCPD) owned by win32k.sys
Entry 0x118f: 0xbf879b6b (NtUserGetCursorFrameInfo) owned by win32k.sys
Entry 0x1190: 0xbf911b99 (NtUserGetCursorInfo) owned by win32k.sys
Entry 0x1191: 0xbf804501 (NtUserGetDC) owned by win32k.sys
Entry 0x1192: 0xbf83a0a5 (NtUserGetDCEx) owned by win32k.sys
Entry 0x1193: 0xbf83b070 (NtUserGetDoubleClickTime) owned by win32k.sys
Entry 0x1194: 0xbf820bc1 (NtUserGetForegroundWindow) owned by win32k.sys
Entry 0x1195: 0xbf9115f0 (NtUserGetGuiResources) owned by win32k.sys
Entry 0x1196: 0xbf8b1d0d (NtUserGetGUIThreadInfo) owned by win32k.sys
Entry 0x1197: 0xbf842a6c (NtUserGetIconInfo) owned by win32k.sys
Entry 0x1198: 0xbf842bbc (NtUserGetIconSize) owned by win32k.sys
Entry 0x1199: 0xbf914c5c (NtUserGetImeHotKey) owned by win32k.sys
Entry 0x119a: 0xbf914acc (NtUserGetImeInfoEx) owned by win32k.sys
Entry 0x119b: 0xbf911845 (NtUserGetInternalWindowPos) owned by win32k.sys
Entry 0x119c: 0xbf835396 (NtUserGetKeyboardLayoutList) owned by win32k.sys
Entry 0x119d: 0xbf8f5e25 (NtUserGetKeyboardLayoutName) owned by win32k.sys
Entry 0x119e: 0xbf852720 (NtUserGetKeyboardState) owned by win32k.sys
Entry 0x119f: 0xbf90bc01 (NtUserGetKeyNameText) owned by win32k.sys
Entry 0x11a0: 0xbf820e6c (NtUserGetKeyState) owned by win32k.sys
Entry 0x11a1: 0xbf911b45 (NtUserGetListBoxInfo) owned by win32k.sys
Entry 0x11a2: 0xbf911c96 (NtUserGetMenuBarInfo) owned by win32k.sys
Entry 0x11a3: 0xbf9120ec (NtUserGetMenuIndex) owned by win32k.sys
Entry 0x11a4: 0xbf912c20 (NtUserGetMenuItemRect) owned by win32k.sys
Entry 0x11a5: 0xbf819e45 (NtUserGetMessage) owned by win32k.sys
Entry 0x11a6: 0xbf9128fb (NtUserGetMouseMovePointsEx) owned by win32k.sys
Entry 0x11a7: 0xbf81a0bd (NtUserGetObjectInformation) owned by win32k.sys
Entry 0x11a8: 0xbf8f4a1c (NtUserGetOpenClipboardWindow) owned by win32k.sys
Entry 0x11a9: 0xbf9123e1 (NtUserGetPriorityClipboardFormat) owned by win32k.sys
Entry 0x11aa: 0xbf819f28 (NtUserGetProcessWindowStation) owned by win32k.sys
Entry 0x11ab: 0xbf915c8e (NtUserGetRawInputBuffer) owned by win32k.sys
Entry 0x11ac: 0xbf91558e (NtUserGetRawInputData) owned by win32k.sys
Entry 0x11ad: 0xbf915768 (NtUserGetRawInputDeviceInfo) owned by win32k.sys
Entry 0x11ae: 0xbf915a5d (NtUserGetRawInputDeviceList) owned by win32k.sys
Entry 0x11af: 0xbf915c53 (NtUserGetRegisteredRawInputDevices) owned by win32k.sys
Entry 0x11b0: 0xbf87840e (NtUserGetScrollBarInfo) owned by win32k.sys
Entry 0x11b1: 0xbf840875 (NtUserGetSystemMenu) owned by win32k.sys
Entry 0x11b2: 0xbf81a373 (NtUserGetThreadDesktop) owned by win32k.sys
Entry 0x11b3: 0xbf8239ba (NtUserGetThreadState) owned by win32k.sys
Entry 0x11b4: 0xbf83a32f (NtUserGetTitleBarInfo) owned by win32k.sys
Entry 0x11b5: 0xbf83ae9d (NtUserGetUpdateRect) owned by win32k.sys
Entry 0x11b6: 0xbf8c5036 (NtUserGetUpdateRgn) owned by win32k.sys
Entry 0x11b7: 0xbf8037cb (NtUserGetWindowDC) owned by win32k.sys
Entry 0x11b8: 0xbf8f999c (NtUserGetWindowPlacement) owned by win32k.sys
Entry 0x11b9: 0xbf90deb5 (NtUserGetWOWClass) owned by win32k.sys
Entry 0x11ba: 0xbf911431 (NtUserHardErrorControl) owned by win32k.sys
Entry 0x11bb: 0xbf82ccff (NtUserHideCaret) owned by win32k.sys
Entry 0x11bc: 0xbf91246a (NtUserHiliteMenuItem) owned by win32k.sys
Entry 0x11bd: 0xbf91320c (NtUserImpersonateDdeClientWindow) owned by win32k.sys
Entry 0x11be: 0xbf8a81d8 (NtUserInitialize) owned by win32k.sys
Entry 0x11bf: 0xbf8a2778 (NtUserInitializeClientPfnArrays) owned by win32k.sys
Entry 0x11c0: 0xbf911924 (NtUserInitTask) owned by win32k.sys
Entry 0x11c1: 0xbf83a42b (NtUserInternalGetWindowText) owned by win32k.sys
Entry 0x11c2: 0xbf814ef4 (NtUserInvalidateRect) owned by win32k.sys
Entry 0x11c3: 0xbf84d150 (NtUserInvalidateRgn) owned by win32k.sys
Entry 0x11c4: 0xbf8c4c6d (NtUserIsClipboardFormatAvailable) owned by win32k.sys
Entry 0x11c5: 0xbf80e8d5 (NtUserKillTimer) owned by win32k.sys
Entry 0x11c6: 0xbf884b52 (NtUserLoadKeyboardLayoutEx) owned by win32k.sys
Entry 0x11c7: 0xbf89397d (NtUserLockWindowStation) owned by win32k.sys
Entry 0x11c8: 0xbf8cc7ca (NtUserLockWindowUpdate) owned by win32k.sys
Entry 0x11c9: 0xbf91150a (NtUserLockWorkStation) owned by win32k.sys
Entry 0x11ca: 0xbf8c7c71 (NtUserMapVirtualKeyEx) owned by win32k.sys
Entry 0x11cb: 0xbf912cf7 (NtUserMenuItemFromPoint) owned by win32k.sys
Entry 0x11cc: 0xbf80ee6b (NtUserMessageCall) owned by win32k.sys
Entry 0x11cd: 0xbf90fa97 (NtUserMinMaximize) owned by win32k.sys
Entry 0x11ce: 0xbf9125ba (NtUserMNDragLeave) owned by win32k.sys
Entry 0x11cf: 0xbf91250a (NtUserMNDragOver) owned by win32k.sys
Entry 0x11d0: 0xbf8e30a7 (NtUserModifyUserStartupInfoFlags) owned by win32k.sys
Entry 0x11d1: 0xbf838953 (NtUserMoveWindow) owned by win32k.sys
Entry 0x11d2: 0xbf914f9c (NtUserNotifyIMEStatus) owned by win32k.sys
Entry 0x11d3: 0xbf8c1b82 (NtUserNotifyProcessCreate) owned by win32k.sys
Entry 0x11d4: 0xbf8c52f5 (NtUserNotifyWinEvent) owned by win32k.sys
Entry 0x11d5: 0xbf8f83ac (NtUserOpenClipboard) owned by win32k.sys
Entry 0x11d6: 0xbf8b3770 (NtUserOpenDesktop) owned by win32k.sys
Entry 0x11d7: 0xbf88ffb6 (NtUserOpenInputDesktop) owned by win32k.sys
Entry 0x11d8: 0xbf8f9be4 (NtUserOpenWindowStation) owned by win32k.sys
Entry 0x11d9: 0xbf87c63f (NtUserPaintDesktop) owned by win32k.sys
Entry 0x11da: 0xbf8036ba (NtUserPeekMessage) owned by win32k.sys
Entry 0x11db: 0xbf8089b4 (NtUserPostMessage) owned by win32k.sys
Entry 0x11dc: 0xbf8b3d3d (NtUserPostThreadMessage) owned by win32k.sys
Entry 0x11dd: 0xbf8ae81d (NtUserPrintWindow) owned by win32k.sys
Entry 0x11de: 0xbf8bf8cd (NtUserProcessConnect) owned by win32k.sys
Entry 0x11df: 0xbf912d89 (NtUserQueryInformationThread) owned by win32k.sys
Entry 0x11e0: 0xbf914946 (NtUserQueryInputContext) owned by win32k.sys
Entry 0x11e1: 0xbf913137 (NtUserQuerySendMessage) owned by win32k.sys
Entry 0x11e2: 0xbf9150a5 (NtUserQueryUserCounters) owned by win32k.sys
Entry 0x11e3: 0xbf803b56 (NtUserQueryWindow) owned by win32k.sys
Entry 0x11e4: 0xbf911c58 (NtUserRealChildWindowFromPoint) owned by win32k.sys
Entry 0x11e5: 0xbf88fa6e (NtUserRealInternalGetMessage) owned by win32k.sys
Entry 0x11e6: 0xbf912b60 (NtUserRealWaitMessageEx) owned by win32k.sys
Entry 0x11e7: 0xbf823b8f (NtUserRedrawWindow) owned by win32k.sys
Entry 0x11e8: 0xbf81f2ac (NtUserRegisterClassExWOW) owned by win32k.sys
Entry 0x11e9: 0xbf89415a (NtUserRegisterUserApiHook) owned by win32k.sys
Entry 0x11ea: 0xbf8add61 (NtUserRegisterHotKey) owned by win32k.sys
Entry 0x11eb: 0xbf915ba7 (NtUserRegisterRawInputDevices) owned by win32k.sys
Entry 0x11ec: 0xbf911a48 (NtUserRegisterTasklist) owned by win32k.sys
Entry 0x11ed: 0xbf8079e7 (NtUserRegisterWindowMessage) owned by win32k.sys
Entry 0x11ee: 0xbf8ae745 (NtUserRemoveMenu) owned by win32k.sys
Entry 0x11ef: 0xbf832adc (NtUserRemoveProp) owned by win32k.sys
Entry 0x11f0: 0xbf8885b6 (NtUserResolveDesktop) owned by win32k.sys
Entry 0x11f1: 0xbf915e9f (NtUserResolveDesktopForWOW) owned by win32k.sys
Entry 0x11f2: 0xbf8782b5 (NtUserSBGetParms) owned by win32k.sys
Entry 0x11f3: 0xbf8bf1dd (NtUserScrollDC) owned by win32k.sys
Entry 0x11f4: 0xbf8e576f (NtUserScrollWindowEx) owned by win32k.sys
Entry 0x11f5: 0xbf8383da (NtUserSelectPalette) owned by win32k.sys
Entry 0x11f6: 0xbf8c31e7 (NtUserSendInput) owned by win32k.sys
Entry 0x11f7: 0xbf853453 (NtUserSetActiveWindow) owned by win32k.sys
Entry 0x11f8: 0xbf914d33 (NtUserSetAppImeLevel) owned by win32k.sys
Entry 0x11f9: 0xbf84a2fb (NtUserSetCapture) owned by win32k.sys
Entry 0x11fa: 0xbf84d3ed (NtUserSetClassLong) owned by win32k.sys
Entry 0x11fb: 0xbf9125d7 (NtUserSetClassWord) owned by win32k.sys
Entry 0x11fc: 0xbf8ea705 (NtUserSetClipboardData) owned by win32k.sys
Entry 0x11fd: 0xbf8f9489 (NtUserSetClipboardViewer) owned by win32k.sys
Entry 0x11fe: 0xbf87cef4 (NtUserSetConsoleReserveKeys) owned by win32k.sys
Entry 0x11ff: 0xbf8210e7 (NtUserSetCursor) owned by win32k.sys
Entry 0x1200: 0xbf912bd9 (NtUserSetCursorContents) owned by win32k.sys
Entry 0x1201: 0xbf842d4b (NtUserSetCursorIconData) owned by win32k.sys
Entry 0x1202: 0xbf91216f (NtUserSetDbgTag) owned by win32k.sys
Entry 0x1203: 0xbf83a821 (NtUserSetFocus) owned by win32k.sys
Entry 0x1204: 0xbf884a8d (NtUserSetImeHotKey) owned by win32k.sys
Entry 0x1205: 0xbf914bb1 (NtUserSetImeInfoEx) owned by win32k.sys
Entry 0x1206: 0xbf914e08 (NtUserSetImeOwnerWindow) owned by win32k.sys
Entry 0x1207: 0xbf8c17e6 (NtUserSetInformationProcess) owned by win32k.sys
Entry 0x1208: 0xbf87ccbe (NtUserSetInformationThread) owned by win32k.sys
Entry 0x1209: 0xbf911d65 (NtUserSetInternalWindowPos) owned by win32k.sys
Entry 0x120a: 0xbf8f8810 (NtUserSetKeyboardState) owned by win32k.sys
Entry 0x120b: 0xbf89c190 (NtUserSetLogonNotifyWindow) owned by win32k.sys
Entry 0x120c: 0xbf90bac7 (NtUserSetMenu) owned by win32k.sys
Entry 0x120d: 0xbf912192 (NtUserSetMenuContextHelpId) owned by win32k.sys
Entry 0x120e: 0xbf8ae6da (NtUserSetMenuDefaultItem) owned by win32k.sys
Entry 0x120f: 0xbf9121cf (NtUserSetMenuFlagRtoL) owned by win32k.sys
Entry 0x1210: 0xbf91147c (NtUserSetObjectInformation) owned by win32k.sys
Entry 0x1211: 0xbf879695 (NtUserSetParent) owned by win32k.sys
Entry 0x1212: 0xbf8b3b62 (NtUserSetProcessWindowStation) owned by win32k.sys
Entry 0x1213: 0xbf8282f4 (NtUserSetProp) owned by win32k.sys
Entry 0x1214: 0xbf91214c (NtUserSetRipFlags) owned by win32k.sys
Entry 0x1215: 0xbf80e612 (NtUserSetScrollInfo) owned by win32k.sys
Entry 0x1216: 0xbf890844 (NtUserSetShellWindowEx) owned by win32k.sys
Entry 0x1217: 0xbf912612 (NtUserSetSysColors) owned by win32k.sys
Entry 0x1218: 0xbf912ba0 (NtUserSetSystemCursor) owned by win32k.sys
Entry 0x1219: 0xbf8f5fe8 (NtUserSetSystemMenu) owned by win32k.sys
Entry 0x121a: 0xbf9130fe (NtUserSetSystemTimer) owned by win32k.sys
Entry 0x121b: 0xbf8b3bba (NtUserSetThreadDesktop) owned by win32k.sys
Entry 0x121c: 0xbf914f1b (NtUserSetThreadLayoutHandles) owned by win32k.sys
Entry 0x121d: 0xbf879890 (NtUserSetThreadState) owned by win32k.sys
Entry 0x121e: 0xbf803a65 (NtUserSetTimer) owned by win32k.sys
Entry 0x121f: 0xbf879740 (NtUserSetWindowFNID) owned by win32k.sys
Entry 0x1220: 0xbf832bec (NtUserSetWindowLong) owned by win32k.sys
Entry 0x1221: 0xbf88438b (NtUserSetWindowPlacement) owned by win32k.sys
Entry 0x1222: 0xbf82809b (NtUserSetWindowPos) owned by win32k.sys
Entry 0x1223: 0xbf8405ca (NtUserSetWindowRgn) owned by win32k.sys
Entry 0x1224: 0xbf855d0c (NtUserSetWindowsHookAW) owned by win32k.sys
Entry 0x1225: 0xbf8527e0 (NtUserSetWindowsHookEx) owned by win32k.sys
Entry 0x1226: 0xbf89381a (NtUserSetWindowStationUser) owned by win32k.sys
Entry 0x1227: 0xbf8f8dc1 (NtUserSetWindowWord) owned by win32k.sys
Entry 0x1228: 0xbf8ed991 (NtUserSetWinEventHook) owned by win32k.sys
Entry 0x1229: 0xbf82cd61 (NtUserShowCaret) owned by win32k.sys
Entry 0x122a: 0xbf8c556c (NtUserShowScrollBar) owned by win32k.sys
Entry 0x122b: 0xbf834fa9 (NtUserShowWindow) owned by win32k.sys
Entry 0x122c: 0xbf8884a9 (NtUserShowWindowAsync) owned by win32k.sys
Entry 0x122d: 0xbf8e319f (NtUserSoundSentry) owned by win32k.sys
Entry 0x122e: 0xbf890ad9 (NtUserSwitchDesktop) owned by win32k.sys
Entry 0x122f: 0xbf81e743 (NtUserSystemParametersInfo) owned by win32k.sys
Entry 0x1230: 0xbf90e040 (NtUserTestForInteractiveUser) owned by win32k.sys
Entry 0x1231: 0xbf8f5f49 (NtUserThunkedMenuInfo) owned by win32k.sys
Entry 0x1232: 0xbf83f9d3 (NtUserThunkedMenuItemInfo) owned by win32k.sys
Entry 0x1233: 0xbf9129ab (NtUserToUnicodeEx) owned by win32k.sys
Entry 0x1234: 0xbf8b437d (NtUserTrackMouseEvent) owned by win32k.sys
Entry 0x1235: 0xbf9127c8 (NtUserTrackPopupMenuEx) owned by win32k.sys
Entry 0x1236: 0xbf83a596 (NtUserCalcMenuBar) owned by win32k.sys
Entry 0x1237: 0xbf8eed56 (NtUserPaintMenuBar) owned by win32k.sys
Entry 0x1238: 0xbf8f8019 (NtUserTranslateAccelerator) owned by win32k.sys
Entry 0x1239: 0xbf848a01 (NtUserTranslateMessage) owned by win32k.sys
Entry 0x123a: 0xbf852dcf (NtUserUnhookWindowsHookEx) owned by win32k.sys
Entry 0x123b: 0xbf8eda6c (NtUserUnhookWinEvent) owned by win32k.sys
Entry 0x123c: 0xbf913076 (NtUserUnloadKeyboardLayout) owned by win32k.sys
Entry 0x123d: 0xbf88803f (NtUserUnlockWindowStation) owned by win32k.sys
Entry 0x123e: 0xbf81fb79 (NtUserUnregisterClass) owned by win32k.sys
Entry 0x123f: 0xbf8935f7 (NtUserUnregisterUserApiHook) owned by win32k.sys
Entry 0x1240: 0xbf9128be (NtUserUnregisterHotKey) owned by win32k.sys
Entry 0x1241: 0xbf9148f6 (NtUserUpdateInputContext) owned by win32k.sys
Entry 0x1242: 0xbf91171f (NtUserUpdateInstance) owned by win32k.sys
Entry 0x1243: 0xbf8514f1 (NtUserUpdateLayeredWindow) owned by win32k.sys
Entry 0x1244: 0xbf9154d0 (NtUserGetLayeredWindowAttributes) owned by win32k.sys
Entry 0x1245: 0xbf84d286 (NtUserSetLayeredWindowAttributes) owned by win32k.sys
Entry 0x1246: 0xbf899377 (NtUserUpdatePerUserSystemParameters) owned by win32k.sys
Entry 0x1247: 0xbf912dd0 (NtUserUserHandleGrantAccess) owned by win32k.sys
Entry 0x1248: 0xbf801959 (NtUserValidateHandleSecure) owned by win32k.sys
Entry 0x1249: 0xbf8f89ff (NtUserValidateRect) owned by win32k.sys
Entry 0x124a: 0xbf807d0e (NtUserValidateTimerCallback) owned by win32k.sys
Entry 0x124b: 0xbf8c3ba5 (NtUserVkKeyScanEx) owned by win32k.sys
Entry 0x124c: 0xbf90d884 (NtUserWaitForInputIdle) owned by win32k.sys
Entry 0x124d: 0xbf90c7c1 (NtUserWaitForMsgAndEvent) owned by win32k.sys
Entry 0x124e: 0xbf803761 (NtUserWaitMessage) owned by win32k.sys
Entry 0x124f: 0xbf911472 (NtUserWin32PoolAllocationStats) owned by win32k.sys
Entry 0x1250: 0xbf8213a9 (NtUserWindowFromPoint) owned by win32k.sys
Entry 0x1251: 0xbf90dfd8 (NtUserYieldTask) owned by win32k.sys
Entry 0x1252: 0xbf8903cb (NtUserRemoteConnect) owned by win32k.sys
Entry 0x1253: 0xbf9112f9 (NtUserRemoteRedrawRectangle) owned by win32k.sys
Entry 0x1254: 0xbf911346 (NtUserRemoteRedrawScreen) owned by win32k.sys
Entry 0x1255: 0xbf91139a (NtUserRemoteStopScreenUpdates) owned by win32k.sys
Entry 0x1256: 0xbf9113e7 (NtUserCtxDisplayIOCtl) owned by win32k.sys
Entry 0x1257: 0xbf8fd7d7 (NtGdiEngAssociateSurface) owned by win32k.sys
Entry 0x1258: 0xbf8fe187 (NtGdiEngCreateBitmap) owned by win32k.sys
Entry 0x1259: 0xbf8fd7a4 (NtGdiEngCreateDeviceSurface) owned by win32k.sys
Entry 0x125a: 0xbf9535b5 (NtGdiEngCreateDeviceBitmap) owned by win32k.sys
Entry 0x125b: 0xbf8dee29 (NtGdiEngCreatePalette) owned by win32k.sys
Entry 0x125c: 0xbf8fd260 (NtGdiEngComputeGlyphSet) owned by win32k.sys
Entry 0x125d: 0xbf95370b (NtGdiEngCopyBits) owned by win32k.sys
Entry 0x125e: 0xbf8df9b5 (NtGdiEngDeletePalette) owned by win32k.sys
Entry 0x125f: 0xbf8fd72a (NtGdiEngDeleteSurface) owned by win32k.sys
Entry 0x1260: 0xbf95456e (NtGdiEngEraseSurface) owned by win32k.sys
Entry 0x1261: 0xbf9019e0 (NtGdiEngUnlockSurface) owned by win32k.sys
Entry 0x1262: 0xbf8fdbdc (NtGdiEngLockSurface) owned by win32k.sys
Entry 0x1263: 0xbf8fc145 (NtGdiEngBitBlt) owned by win32k.sys
Entry 0x1264: 0xbf901db9 (NtGdiEngStretchBlt) owned by win32k.sys
Entry 0x1265: 0xbf953b03 (NtGdiEngPlgBlt) owned by win32k.sys
Entry 0x1266: 0xbf8fe27d (NtGdiEngMarkBandingSurface) owned by win32k.sys
Entry 0x1267: 0xbf8ff077 (NtGdiEngStrokePath) owned by win32k.sys
Entry 0x1268: 0xbf953cfa (NtGdiEngFillPath) owned by win32k.sys
Entry 0x1269: 0xbf8ffd0c (NtGdiEngStrokeAndFillPath) owned by win32k.sys
Entry 0x126a: 0xbf953e65 (NtGdiEngPaint) owned by win32k.sys
Entry 0x126b: 0xbf953f81 (NtGdiEngLineTo) owned by win32k.sys
Entry 0x126c: 0xbf9540aa (NtGdiEngAlphaBlend) owned by win32k.sys
Entry 0x126d: 0xbf954229 (NtGdiEngGradientFill) owned by win32k.sys
Entry 0x126e: 0xbf954402 (NtGdiEngTransparentBlt) owned by win32k.sys
Entry 0x126f: 0xbf90087d (NtGdiEngTextOut) owned by win32k.sys
Entry 0x1270: 0xbf9538a7 (NtGdiEngStretchBltROP) owned by win32k.sys
Entry 0x1271: 0xbf954d20 (NtGdiXLATEOBJ_cGetPalette) owned by win32k.sys
Entry 0x1272: 0xbf954ddc (NtGdiXLATEOBJ_iXlate) owned by win32k.sys
Entry 0x1273: 0xbf954cd2 (NtGdiXLATEOBJ_hGetColorTransform) owned by win32k.sys
Entry 0x1274: 0xbf8ff574 (NtGdiCLIPOBJ_bEnum) owned by win32k.sys
Entry 0x1275: 0xbf8ff621 (NtGdiCLIPOBJ_cEnumStart) owned by win32k.sys
Entry 0x1276: 0xbf954638 (NtGdiCLIPOBJ_ppoGetPath) owned by win32k.sys
Entry 0x1277: 0xbf954676 (NtGdiEngDeletePath) owned by win32k.sys
Entry 0x1278: 0xbf9546b0 (NtGdiEngCreateClip) owned by win32k.sys
Entry 0x1279: 0xbf9546e2 (NtGdiEngDeleteClip) owned by win32k.sys
Entry 0x127a: 0xbf8febdf (NtGdiBRUSHOBJ_ulGetBrushColor) owned by win32k.sys
Entry 0x127b: 0xbf95471c (NtGdiBRUSHOBJ_pvAllocRbrush) owned by win32k.sys
Entry 0x127c: 0xbf95476d (NtGdiBRUSHOBJ_pvGetRbrush) owned by win32k.sys
Entry 0x127d: 0xbf8fd2e6 (NtGdiBRUSHOBJ_hGetColorTransform) owned by win32k.sys
Entry 0x127e: 0xbf8fcc31 (NtGdiXFORMOBJ_bApplyXform) owned by win32k.sys
Entry 0x127f: 0xbf8fab99 (NtGdiXFORMOBJ_iGetXform) owned by win32k.sys
Entry 0x1280: 0xbf8fcdf2 (NtGdiFONTOBJ_vGetInfo) owned by win32k.sys
Entry 0x1281: 0xbf8faaff (NtGdiFONTOBJ_pxoGetXform) owned by win32k.sys
Entry 0x1282: 0xbf8fc896 (NtGdiFONTOBJ_cGetGlyphs) owned by win32k.sys
Entry 0x1283: 0xbf8fb2e5 (NtGdiFONTOBJ_pifi) owned by win32k.sys
Entry 0x1284: 0xbf954e97 (NtGdiFONTOBJ_pfdg) owned by win32k.sys
Entry 0x1285: 0xbf954f9e (NtGdiFONTOBJ_pQueryGlyphAttrs) owned by win32k.sys
Entry 0x1286: 0xbf954c02 (NtGdiFONTOBJ_pvTrueTypeFontFile) owned by win32k.sys
Entry 0x1287: 0xbf9547bb (NtGdiFONTOBJ_cGetAllGlyphHandles) owned by win32k.sys
Entry 0x1288: 0xbf955076 (NtGdiSTROBJ_bEnum) owned by win32k.sys
Entry 0x1289: 0xbf8fd020 (NtGdiSTROBJ_bEnumPositionsOnly) owned by win32k.sys
Entry 0x128a: 0xbf8fb3d0 (NtGdiSTROBJ_bGetAdvanceWidths) owned by win32k.sys
Entry 0x128b: 0xbf8fd03e (NtGdiSTROBJ_vEnumStart) owned by win32k.sys
Entry 0x128c: 0xbf954886 (NtGdiSTROBJ_dwGetCodePage) owned by win32k.sys
Entry 0x128d: 0xbf954977 (NtGdiPATHOBJ_vGetBounds) owned by win32k.sys
Entry 0x128e: 0xbf955094 (NtGdiPATHOBJ_bEnum) owned by win32k.sys
Entry 0x128f: 0xbf954a08 (NtGdiPATHOBJ_vEnumStart) owned by win32k.sys
Entry 0x1290: 0xbf954a4c (NtGdiPATHOBJ_vEnumStartClipLines) owned by win32k.sys
Entry 0x1291: 0xbf954af9 (NtGdiPATHOBJ_bEnumClipLines) owned by win32k.sys
Entry 0x1292: 0xbf953583 (NtGdiGetDhpdev) owned by win32k.sys
Entry 0x1293: 0xbf954e2e (NtGdiEngCheckAbort) owned by win32k.sys
Entry 0x1294: 0xbf8fc6db (NtGdiHT_Get8BPPFormatPalette) owned by win32k.sys
Entry 0x1295: 0xbf9535f7 (NtGdiHT_Get8BPPMaskPalette) owned by win32k.sys
Entry 0x1296: 0xbf941caf (NtGdiUpdateTransform) owned by win32k.sys
Entry 0x1297: 0xbf8dd541 (NtGdiSetPUMPDOBJ) owned by win32k.sys
Entry 0x1298: 0xbf9548d4 (NtGdiBRUSHOBJ_DeleteRbrush) owned by win32k.sys
Entry 0x1299: 0xbf9535aa (NtGdiUMPDEngFreeUserMem) owned by win32k.sys
Entry 0x129a: 0xbf817629 (NtGdiDrawStream) owned by win32k.sys
driverscan
Offset(P) #Ptr #Hnd Start Size Service Key Name Driver Name
------------------ -------- -------- ---------- ---------- -------------------- ------------ -----------
0x0000000001950248 6 0 0xf9d34000 0x4580 Ptilink Ptilink \Driver\Ptilink
0x0000000001950e40 3 0 0xf9f54000 0x1100 swenum swenum \Driver\swenum
0x0000000001950f38 5 0 0xf9b8c000 0x9f00 TermDD TermDD \Driver\TermDD
0x00000000019d7978 3 0 0xf9d5c000 0x5200 VgaSave VgaSave \Driver\VgaSave
0x00000000019d7da0 3 0 0xf9f5c000 0x1080 mnmdd mnmdd \Driver\mnmdd
0x00000000019e1b10 3 0 0xf9583000 0x25500 IpNat IpNat \Driver\IpNat
0x00000000019e26e8 3 0 0xf9bcc000 0x8780 NetBIOS NetBIOS \FileSystem\NetBIOS
0x00000000019e2b10 3 0 0xf9619000 0x2ae80 Rdbss Rdbss \FileSystem\Rdbss
0x00000000019e2f38 4 0 0xf95a9000 0x6f780 MRxSmb MRxSmb \FileSystem\MRxSmb
0x00000000019e32c0 3 0 0xf9f5a000 0x1080 Beep Beep \Driver\Beep
0x00000000019e8648 3 0 0xf8e64000 0x51c00 Srv Srv \FileSystem\Srv
0x00000000019f1648 3 0 0xf9b9c000 0x9e80 NDProxy NDProxy \Driver\NDProxy
0x0000000001a018d8 3 0 0xfa0c3000 0xb80 Null Null \Driver\Null
0x0000000001a04550 3 0 0xf9bfc000 0xae00 Fips Fips \Driver\Fips
0x0000000001a062c0 3 0 0xf9644000 0x21b80 AFD AFD \Driver\AFD
0x0000000001a06978 3 0 0xf9bbc000 0xe880 usbhub usbhub \Driver\usbhub
0x0000000001a06da0 7 0 0xf9f58000 0x1f00 Fs_Rec Fs_Rec \FileSystem\Fs_Rec
0x0000000001a0b928 3 0 0xf9c9c000 0x8700 Wanarp Wanarp \Driver\Wanarp
0x0000000001a232c0 3 0 0xf8ede000 0x2c180 MRxDAV MRxDAV \FileSystem\MRxDAV
0x0000000001a23550 3 0 0xf924b000 0x3900 Ndisuio Ndisuio \Driver\Ndisuio
0x0000000001a25648 7 0 0xf968e000 0x58380 Tcpip Tcpip \Driver\Tcpip
0x0000000001a25a70 5 0 0xf9666000 0x27c00 NetBT NetBT \Driver\NetBT
0x0000000001a2c550 3 0 0xf9d6c000 0x7880 Npfs Npfs \FileSystem\Npfs
0x0000000001a2c7e0 3 0 0xf9d64000 0x4a80 Msfs Msfs \FileSystem\Msfs
0x0000000001a2ca70 3 0 0xf9f5e000 0x1080 RDPCDD RDPCDD \Driver\RDPCDD
0x0000000001a382c0 11 0 0x00000000 0x0 \Driver\Win32k Win32k \Driver\Win32k
0x0000000001a40550 3 0 0xf9f10000 0x2280 RasAcd RasAcd \Driver\RasAcd
0x0000000001a40978 3 0 0xf96e7000 0x12600 IPSec IPSec \Driver\IPSec
0x0000000001a51030 3 0 0xf9b7c000 0x8900 Gpc Gpc \Driver\Gpc
0x0000000001a51970 3 0 0xf9756000 0x5df00 Update Update \Driver\Update
0x0000000001a547e8 5 0 0xf97d7000 0x10e00 PSched PSched \Driver\PSched
0x0000000001a557c8 3 0 0xf9b6c000 0xbd00 PptpMiniport PptpMiniport \Driver\PptpMiniport
0x0000000001a55ba0 3 0 0xf9b5c000 0xa200 RasPppoe RasPppoe \Driver\RasPppoe
0x0000000001a563b8 4 0 0xf97e8000 0x16580 NdisWan NdisWan \Driver\NdisWan
0x0000000001a56688 6 0 0xf9edc000 0x2780 NdisTapi NdisTapi \Driver\NdisTapi
0x0000000001a569e8 3 0 0xf9b4c000 0xc880 Rasl2tp Rasl2tp \Driver\Rasl2tp
0x0000000001a57738 7 0 0xfa033000 0xc00 audstub audstub \Driver\audstub
0x0000000001a57830 3 0 0xf9ed8000 0x2f80 FsVga FsVga \Driver\FsVga
0x0000000001a57c40 3 0 0xf9b3c000 0x9880 Processor Processor \Driver\Processor
0x0000000001a65908 3 0 0xf9d24000 0x5200 rtl8139 rtl8139 \Driver\rtl8139
0x0000000001a65d60 4 0 0xf9d1c000 0x5080 usbuhci usbuhci \Driver\usbuhci
0x0000000001a66030 3 0 0xf9ed4000 0x3d80 serenum serenum \Driver\serenum
0x0000000001a66528 3 0 0xf9b2c000 0xf600 Cdrom Cdrom \Driver\Cdrom
0x0000000001a67420 3 0 0xf9b1c000 0xee80 Serial Serial \Driver\Serial
0x0000000001a67978 4 0 0xf9864000 0x13680 Parport Parport \Driver\Parport
0x0000000001a7bdc8 3 0 0xf9eec000 0x3c80 mssmbios mssmbios \Driver\mssmbios
0x0000000001a7da10 3 0 0xf9fb2000 0x1a80 ParVdm ParVdm \Driver\ParVdm
0x0000000001a8f978 3 0 0xf9c1c000 0xf900 Cdfs Cdfs \FileSystem\Cdfs
0x0000000001a8ff38 3 0 0xf9d44000 0x5000 Flpydisk Flpydisk \Driver\Flpydisk
0x0000000001aa2940 4 0 0xf9d14000 0x6b00 Fdc Fdc \Driver\Fdc
0x0000000001ab2b78 3 0 0xf9d3c000 0x4080 Raspti Raspti \Driver\Raspti
0x0000000001b02790 5 0 0xf9b0c000 0xbf80 i8042prt i8042prt \Driver\i8042prt
0x0000000001b03030 4 0 0xf9d04000 0x5d00 Kbdclass Kbdclass \Driver\Kbdclass
0x0000000001b03298 4 0 0xf9d0c000 0x5700 Mouclass Mouclass \Driver\Mouclass
0x0000000001b74030 17 0 0xf98b2000 0x2c980 NDIS NDIS \Driver\NDIS
0x0000000001b74a50 5 0 0xf9898000 0x19b80 Mup Mup \FileSystem\Mup
0x0000000001b967d8 6 0 0xf99cd000 0x1e880 Ftdisk Ftdisk \Driver\Ftdisk
0x0000000001b96a78 7 0 0xf9a5c000 0xa580 MountMgr MountMgr \Driver\MountMgr
0x0000000001b972f8 5 0 0xf9f50000 0x1580 IntelIde IntelIde \Driver\IntelIde
0x0000000001ba6968 4 0 0xf9a7c000 0x8e00 Disk Disk \Driver\Disk
0x0000000001ba81f8 9 0 0xf99ec000 0x10600 PCI PCI \Driver\PCI
0x0000000001bada38 23 0 0xf99fd000 0x2d800 ACPI ACPI \Driver\ACPI
0x0000000001badf38 5 0 0x00000000 0x0 RAW \FileSystem\RAW
0x0000000001bae3f8 4 0 0x00000000 0x0 \Driver\ACPI_HAL ACPI_HAL \Driver\ACPI_HAL
0x0000000001bb27b0 53 0 0x00000000 0x0 \Driver\PnpManager PnpManager \Driver\PnpManager
0x0000000001bcc1d0 4 0 0xf9a4c000 0x8f80 isapnp isapnp \Driver\isapnp
0x0000000001bd2030 6 0 0xf9983000 0x11e80 sr sr \FileSystem\sr
0x0000000001bd26f0 4 0 0xf98df000 0x8c600 Ntfs Ntfs \FileSystem\Ntfs
0x0000000001bd2e20 3 0 0xf996c000 0x16880 KSecDD KSecDD \Driver\KSecDD
0x0000000001bd3940 4 0 0xf9995000 0x1fb00 FltMgr FltMgr \FileSystem\FltMgr
0x0000000001bd7b30 10 0 0xf99b5000 0x17900 atapi atapi \Driver\atapi
0x0000000001bd7e40 5 0 0xf9a6c000 0xc400 VolSnap VolSnap \Driver\VolSnap
0x0000000001bd7f38 4 0 0xf9cd4000 0x4d00 PartMgr PartMgr \Driver\PartMgr
0x0000000001bec030 4 0 0x00000000 0x0 \Driver\WMIxWDM WMIxWDM \Driver\WMIxWDM
以上。