OS_Develop/WindowsXP
OS_Develop/WindowsXP
1
0
Fork 0
Code Pull Requests Activity
350cc3dbe1
WindowsXP/Source/XPSP1/NT/base/ntos/init/ntoskrnl.src

1506 lines
38 KiB
Plaintext
Raw Normal View History

Initial commit
2024-08-03 16:30:48 +02:00
#undef RtlMoveMemory
#undef RtlCopyMemory
#undef RtlFillMemory
#undef RtlZeroMemory
NAME ntoskrnl.exe
EXPORTS
CcCanIWrite
CcCopyRead
CcCopyWrite
CcDeferWrite
CcFastCopyRead
CcFastCopyWrite
CcFastMdlReadWait CONSTANT // Data - use pointer for access
CcFastReadNotPossible CONSTANT // Data - use pointer for access
CcFastReadWait CONSTANT // Data - use pointer for access
CcFlushCache
CcGetDirtyPages
CcGetFileObjectFromBcb
CcGetFileObjectFromSectionPtrs
CcGetFlushedValidData
CcGetLsnForFileObject
CcInitializeCacheMap
CcIsThereDirtyData
CcMapData
CcMdlRead
CcMdlReadComplete
CcMdlWriteAbort
CcMdlWriteComplete
CcPinMappedData
CcPinRead
CcPrepareMdlWrite
CcPreparePinWrite
CcPurgeCacheSection
CcRemapBcb
CcRepinBcb
CcScheduleReadAhead
CcSetAdditionalCacheAttributes
CcSetBcbOwnerPointer
CcSetDirtyPageThreshold
CcSetDirtyPinnedData
CcSetFileSizes
CcSetLogHandleForFile
CcSetReadAheadGranularity
CcUninitializeCacheMap
CcUnpinData
CcUnpinDataForThread
CcUnpinRepinnedBcb
CcWaitForCurrentLazyWriterActivity
CcZeroData
CmRegisterCallback
CmUnRegisterCallback
DbgBreakPoint
DbgBreakPointWithStatus
DbgLoadImageSymbols
DbgPrint
DbgPrintEx
vDbgPrintEx
vDbgPrintExWithPrefix
DbgPrintReturnControlC
DbgPrompt
DbgQueryDebugFilterState
DbgSetDebugFilterState
ExAcquireFastMutexUnsafe
ExAcquireResourceExclusiveLite
ExAcquireResourceSharedLite
ExAcquireSharedStarveExclusive
ExAcquireSharedWaitForExclusive
ExAcquireRundownProtection
ExReleaseRundownProtection
ExWaitForRundownProtectionRelease
ExInitializeRundownProtection=ExfInitializeRundownProtection
ExReInitializeRundownProtection
ExRundownCompleted
ExAllocatePool
ExAllocatePoolWithQuota
ExAllocatePoolWithQuotaTag
ExAllocatePoolWithTag
ExAllocatePoolWithTagPriority
ExConvertExclusiveToSharedLite
ExCreateCallback
ExDeleteNPagedLookasideList
ExDeletePagedLookasideList
ExDeleteResourceLite
ExDesktopObjectType CONSTANT // Data - use pointer for access
ExDisableResourceBoostLite
ExEnumHandleTable
ExEventObjectType CONSTANT // Data - use pointer for access
ExExtendZone
ExFreePool
ExFreePoolWithTag
ExGetCurrentProcessorCounts
ExGetCurrentProcessorCpuUsage
ExGetExclusiveWaiterCount
ExGetPreviousMode
ExGetSharedWaiterCount
ExInitializeNPagedLookasideList
ExInitializePagedLookasideList
ExInitializeResourceLite
ExInitializeZone
ExInterlockedAddLargeInteger
ExInterlockedAddLargeStatistic
ExInterlockedAddUlong
#if !defined(_AMD64_)
ExInterlockedDecrementLong
ExInterlockedExchangeUlong
#endif
ExInterlockedExtendZone
#if !defined(_AMD64_)
ExInterlockedIncrementLong
#endif
ExInterlockedInsertHeadList
ExInterlockedInsertTailList
ExInterlockedPopEntryList
ExInterlockedPushEntryList
ExInterlockedRemoveHeadList
ExIsProcessorFeaturePresent
ExIsResourceAcquiredExclusiveLite
ExIsResourceAcquiredSharedLite
ExLocalTimeToSystemTime
ExNotifyCallback
ExQueryPoolBlockSize
ExQueueWorkItem
ExRaiseAccessViolation
ExRaiseDatatypeMisalignment
ExRaiseHardError
#if defined(_AMD64_) || defined(_IA64_)
ExRaiseException = RtlRaiseException
ExRaiseStatus = RtlRaiseStatus
#else
ExRaiseException
ExRaiseStatus
#endif
ExRegisterCallback
ExReinitializeResourceLite
ExReleaseFastMutexUnsafe
ExReleaseResourceForThreadLite
ExReleaseResourceLite
ExSemaphoreObjectType CONSTANT // Data - use pointer for access
ExSetResourceOwnerPointer
ExSetTimerResolution
ExSystemExceptionFilter
ExSystemTimeToLocalTime
// ExTryToAcquireFastMutexUnsafe
ExUnregisterCallback
ExUuidCreate
ExVerifySuite
ExWindowStationObjectType CONSTANT // Data - use pointer for access
FsRtlAcquireFileExclusive
FsRtlAddLargeMcbEntry
FsRtlAddMcbEntry
FsRtlAddToTunnelCache
FsRtlAllocateFileLock
FsRtlAllocatePool
FsRtlAllocatePoolWithQuota
FsRtlAllocatePoolWithQuotaTag
FsRtlAllocatePoolWithTag
FsRtlAllocateResource
FsRtlAreNamesEqual
FsRtlBalanceReads
FsRtlCheckLockForReadAccess
FsRtlCheckLockForWriteAccess
FsRtlCheckOplock
FsRtlCopyRead
FsRtlCopyWrite
FsRtlCurrentBatchOplock
FsRtlDeleteKeyFromTunnelCache
FsRtlDeleteTunnelCache
FsRtlDeregisterUncProvider
FsRtlDissectDbcs
FsRtlDissectName
FsRtlDoesDbcsContainWildCards
FsRtlDoesNameContainWildCards
FsRtlFastCheckLockForRead
FsRtlFastCheckLockForWrite
FsRtlFastUnlockAll
FsRtlFastUnlockAllByKey
FsRtlFastUnlockSingle
FsRtlFindInTunnelCache
FsRtlFreeFileLock
FsRtlGetFileSize
FsRtlGetNextFileLock
FsRtlGetNextLargeMcbEntry
FsRtlGetNextMcbEntry
FsRtlIncrementCcFastReadNotPossible
FsRtlIncrementCcFastReadNoWait
FsRtlIncrementCcFastReadResourceMiss
FsRtlIncrementCcFastReadWait
FsRtlInitializeFileLock
FsRtlInitializeLargeMcb
FsRtlInitializeMcb
FsRtlInitializeOplock
FsRtlInitializeTunnelCache
FsRtlInsertPerStreamContext
FsRtlInsertPerFileObjectContext
FsRtlIsDbcsInExpression
FsRtlIsFatDbcsLegal
FsRtlIsHpfsDbcsLegal
FsRtlIsNameInExpression
FsRtlIsNtstatusExpected
FsRtlIsPagingFile
FsRtlIsTotalDeviceFailure
FsRtlLegalAnsiCharacterArray CONSTANT // Data - use pointer for access
FsRtlLookupPerStreamContextInternal
FsRtlLookupPerFileObjectContext
FsRtlLookupLargeMcbEntry
FsRtlLookupLastLargeMcbEntry
FsRtlLookupLastLargeMcbEntryAndIndex
FsRtlLookupLastMcbEntry
FsRtlLookupMcbEntry
FsRtlMdlRead
FsRtlMdlReadComplete
FsRtlMdlReadCompleteDev
FsRtlMdlReadDev
FsRtlMdlWriteComplete
FsRtlMdlWriteCompleteDev
FsRtlNormalizeNtstatus
FsRtlNotifyChangeDirectory
FsRtlNotifyCleanup
FsRtlNotifyFullChangeDirectory
FsRtlNotifyFullReportChange
FsRtlNotifyFilterChangeDirectory
FsRtlNotifyFilterReportChange
FsRtlNotifyInitializeSync
FsRtlNotifyReportChange
FsRtlNotifyUninitializeSync
FsRtlNotifyVolumeEvent
FsRtlNumberOfRunsInLargeMcb
FsRtlNumberOfRunsInMcb
FsRtlOplockFsctrl
FsRtlOplockIsFastIoPossible
FsRtlPostPagingFileStackOverflow
FsRtlPostStackOverflow
FsRtlPrepareMdlWrite
FsRtlPrepareMdlWriteDev
FsRtlPrivateLock
FsRtlProcessFileLock
FsRtlRegisterUncProvider
FsRtlRegisterFileSystemFilterCallbacks
FsRtlReleaseFile
FsRtlRemovePerStreamContext
FsRtlRemovePerFileObjectContext
FsRtlRemoveLargeMcbEntry
FsRtlRemoveMcbEntry
FsRtlResetLargeMcb
FsRtlSplitLargeMcb
FsRtlSyncVolumes
FsRtlTeardownPerStreamContexts
FsRtlTruncateLargeMcb
FsRtlTruncateMcb
FsRtlUninitializeFileLock
FsRtlUninitializeLargeMcb
FsRtlUninitializeMcb
FsRtlUninitializeOplock
HalDispatchTable CONSTANT // Data - use pointer for access
HalExamineMBR
HalPrivateDispatchTable CONSTANT // Data - use pointer for access
HeadlessDispatch
InbvCheckDisplayOwnership
InbvNotifyDisplayOwnershipLost
InbvAcquireDisplayOwnership
InbvDisplayString
InbvEnableBootDriver
InbvEnableDisplayString
InbvInstallDisplayStringFilter
InbvIsBootDriverInstalled
InbvResetDisplay
InbvSetScrollRegion
InbvSetTextColor
InbvSolidColorFill
InitSafeBootMode CONSTANT // Data - use pointer for access
IoAcquireCancelSpinLock
IoAcquireRemoveLockEx
IoAcquireVpbSpinLock
IoAdapterObjectType CONSTANT // Data - use pointer for access
IoAllocateAdapterChannel
IoAllocateController
IoAllocateDriverObjectExtension
IoAllocateErrorLogEntry
IoAllocateIrp
IoAllocateMdl
IoAllocateWorkItem
IoAssignDriveLetters
IoAssignResources
IoAttachDevice
IoAttachDeviceByPointer
IoAttachDeviceToDeviceStack
IoAttachDeviceToDeviceStackSafe
IoBuildAsynchronousFsdRequest
IoBuildDeviceIoControlRequest
IoBuildPartialMdl
IoBuildSynchronousFsdRequest
IoCallDriver
IoCancelIrp
IoCancelFileOpen
IoCheckDesiredAccess
IoCheckEaBufferValidity
IoCheckFunctionAccess
IoCheckQuerySetFileInformation
IoCheckQuerySetVolumeInformation
IoCheckQuotaBufferValidity
IoCheckShareAccess
IoCompleteRequest
IoConnectInterrupt
IoCreateController
IoCreateDevice
IoCreateDisk
IoCreateDriver
IoCreateFile
IoCreateFileSpecifyDeviceObjectHint
IoCreateNotificationEvent
IoCreateStreamFileObject
IoCreateStreamFileObjectEx
IoCreateStreamFileObjectLite
IoCreateSymbolicLink
IoCreateSynchronizationEvent
IoCreateUnprotectedSymbolicLink
IoCsqInitialize
IoCsqInsertIrp
IoCsqRemoveIrp
IoCsqRemoveNextIrp
IoDeleteController
IoDeleteDevice
IoDeleteDriver
IoDeleteSymbolicLink
IoDetachDevice
IoDeviceHandlerObjectSize CONSTANT // Data - use pointer for access
IoDeviceHandlerObjectType CONSTANT // Data - use pointer for access
IoDeviceObjectType CONSTANT // Data - use pointer for access
IoDisconnectInterrupt
IoDriverObjectType CONSTANT // Data - use pointer for access
IoEnqueueIrp
IoFastQueryNetworkAttributes
IoFileObjectType CONSTANT // Data - use pointer for access
IoForwardIrpSynchronously
IoForwardAndCatchIrp=IoForwardIrpSynchronously
IoFreeController
IoFreeErrorLogEntry
IoFreeIrp
IoFreeMdl
IoFreeWorkItem
IoGetAttachedDevice
IoGetAttachedDeviceReference
IoGetBaseFileSystemDeviceObject
IoGetBootDiskInformation
IoGetConfigurationInformation
IoGetCurrentProcess
IoGetDeviceInterfaceAlias
IoGetDeviceInterfaces
IoGetDeviceObjectPointer
IoGetDeviceProperty
IoGetDeviceToVerify
IoEnumerateDeviceObjectList
IoGetDeviceAttachmentBaseRef
IoGetDiskDeviceObject
IoGetLowerDeviceObject
IoGetDmaAdapter
IoGetDriverObjectExtension
IoGetFileObjectGenericMapping
IoGetInitialStack
IoGetRelatedDeviceObject
IoGetRequestorProcess
IoGetRequestorProcessId
IoGetRequestorSessionId
IoGetStackLimits=RtlpGetStackLimits
IoGetTopLevelIrp
IoInitializeIrp
IoInitializeRemoveLockEx
IoInitializeTimer
IoInvalidateDeviceRelations
IoInvalidateDeviceState
IoIsFileOriginRemote
IoIsOperationSynchronous
IoIsSystemThread
IoIsValidNameGraftingBuffer
IoIsWdmVersionAvailable
#if defined(_WIN64)
IoIs32bitProcess
#endif
IoMakeAssociatedIrp
IoOpenDeviceInterfaceRegistryKey
IoOpenDeviceRegistryKey
IoPageRead
IoQueryDeviceDescription
IoQueryFileDosDeviceName
IoQueryFileInformation
IoQueryVolumeInformation
IoQueueThreadIrp
IoQueueWorkItem
IoRaiseHardError
IoRaiseInformationalHardError
IoReadDiskSignature
IoReadOperationCount CONSTANT // Data - use pointer for access
IoReadPartitionTable
IoReadPartitionTableEx
IoReadTransferCount CONSTANT // Data - use pointer for access
IoRegisterBootDriverReinitialization
IoRegisterDeviceInterface
IoRegisterDriverReinitialization
IoRegisterFileSystem
IoRegisterFsRegistrationChange
IoRegisterLastChanceShutdownNotification
IoRegisterPlugPlayNotification
IoRegisterShutdownNotification
IoReleaseCancelSpinLock
IoReleaseRemoveLockEx
IoReleaseRemoveLockAndWaitEx
IoReleaseVpbSpinLock
IoReuseIrp
IoRemoveShareAccess
IoReportDetectedDevice
IoReportHalResourceUsage
IoReportResourceUsage
IoReportResourceForDetection
IoReportTargetDeviceChange
IoReportTargetDeviceChangeAsynchronous
IoRequestDeviceEject
IoPnPDeliverServicePowerNotification
IoSetCompletionRoutineEx
IoSetDeviceInterfaceState
IoSetDeviceToVerify
IoSetHardErrorOrVerifyDevice
IoSetInformation
IoSetIoCompletion
IoSetPartitionInformation
IoSetPartitionInformationEx
IoSetShareAccess
IoSetStartIoAttributes
IoSetThreadHardErrorMode
IoSetTopLevelIrp
IoSetSystemPartition
IoSetFileOrigin
#if defined(REMOTE_BOOT)
IoStartCscForTextmodeSetup
#endif // defined(REMOTE_BOOT)
IoStartNextPacket
IoStartNextPacketByKey
IoStartPacket
IoStartTimer
IoStatisticsLock CONSTANT // Data - use pointer for access
IoStopTimer
IoSynchronousInvalidateDeviceRelations
IoSynchronousPageWrite
IoThreadToProcess
IoUnregisterFileSystem
IoUnregisterFsRegistrationChange
IoUnregisterPlugPlayNotification
IoUnregisterShutdownNotification
IoUpdateShareAccess
IoValidateDeviceIoControlAccess
IoVerifyVolume
IoVerifyPartitionTable
IoVolumeDeviceToDosName
IoWMIAllocateInstanceIds
IoWMIDeviceObjectToInstanceName
#if defined(_WIN64)
IoWMIDeviceObjectToProviderId
#endif
IoWMIExecuteMethod
IoWMIHandleToInstanceName
IoWMIOpenBlock
IoWMIRegistrationControl
IoWMIQueryAllData
IoWMIQueryAllDataMultiple
IoWMIQuerySingleInstance
IoWMIQuerySingleInstanceMultiple
IoWMISetNotificationCallback
IoWMISetSingleInstance
IoWMISetSingleItem
IoWMISuggestInstanceName
IoWMIWriteEvent
IoWriteErrorLogEntry
IoWriteOperationCount CONSTANT // Data - use pointer for access
IoWritePartitionTable
IoWritePartitionTableEx
IoWriteTransferCount CONSTANT // Data - use pointer for access
IofCallDriver
IofCompleteRequest
KdDebuggerEnabled CONSTANT // Data - use pointer for access
KdDebuggerNotPresent CONSTANT // Data - use pointer for access
KdDisableDebugger
KdEnableDebugger
KdEnteredDebugger CONSTANT // Data - use pointer for access
KdPollBreakIn
KdPowerTransition
//
// Spin lock functions
//
KeInitializeSpinLock
KeAcquireInterruptSpinLock
KeReleaseInterruptSpinLock
#if defined(_WIN64)
KeAcquireQueuedSpinLock
KeReleaseQueuedSpinLock
KeTryToAcquireQueuedSpinLock
KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
#endif
KeAcquireInStackQueuedSpinLockAtDpcLevel
KeReleaseInStackQueuedSpinLockFromDpcLevel
KeAcquireSpinLockAtDpcLevel
KeReleaseSpinLockFromDpcLevel
#if !defined(_AMD64_)
KiAcquireSpinLock
KiReleaseSpinLock
#endif
KeAddSystemServiceTable
KeAreApcsDisabled
KeAttachProcess
KeStackAttachProcess
KeBugCheck
KeBugCheckEx
KeCancelTimer
KeClearEvent
KeConnectInterrupt
KeDcacheFlushCount CONSTANT // Data - use pointer for access
KeDelayExecutionThread
KeDeregisterBugCheckCallback
KeDeregisterBugCheckReasonCallback
KeDetachProcess
KeUnstackDetachProcess
KeDisconnectInterrupt
KeEnterCriticalRegion
KeEnterKernelDebugger
KeFindConfigurationEntry
KeFindConfigurationNextEntry
KeFlushEntireTb
KeGetRecommendedSharedDataAlignment
KeIcacheFlushCount CONSTANT // Data - use pointer for access
KeInitializeApc
KeInitializeDeviceQueue
KeInitializeDpc
KeInitializeEvent
KeInitializeInterrupt
KeInitializeMutant
KeInitializeMutex
KeInitializeQueue
KeInitializeSemaphore
KeInitializeTimer
KeInitializeTimerEx
KeInsertByKeyDeviceQueue
KeInsertDeviceQueue
KeInsertHeadQueue
KeInsertQueue
KeInsertQueueApc
KeInsertQueueDpc
KeIsAttachedProcess
KeLeaveCriticalRegion
KeLoaderBlock CONSTANT // Data - use pointer for access
KeNumberProcessors DATA
#if !defined(_AMD64_)
KeProfileInterrupt
#endif
KeProfileInterruptWithSource
KePulseEvent
KeQueryActiveProcessors
KeQueryInterruptTime
KeQueryPriorityThread
KeQueryRuntimeThread
KeQuerySystemTime
KeQueryTickCount
KeQueryTimeIncrement
KeRaiseUserException
KeReadStateEvent
KeReadStateMutant
KeReadStateMutex=KeReadStateMutant
KeReadStateQueue
KeReadStateSemaphore
KeReadStateTimer
KeRegisterBugCheckCallback
KeRegisterBugCheckReasonCallback
KeReleaseMutant
KeReleaseMutex
KeReleaseSemaphore
KeRemoveByKeyDeviceQueue
KeRemoveByKeyDeviceQueueIfBusy
KeRemoveDeviceQueue
KeRemoveEntryDeviceQueue
KeRemoveQueue
KeRemoveQueueDpc
KeRemoveSystemServiceTable
KeResetEvent
KeRevertToUserAffinityThread
KeRundownQueue
KeSaveStateForHibernate
KeServiceDescriptorTable CONSTANT // Data - use pointer for access
KeSetAffinityThread
KeSetBasePriorityThread
KeSetDmaIoCoherency
KeSetEvent
KeSetEventBoostPriority
KeSetIdealProcessorThread
KeSetImportanceDpc
KeSetKernelStackSwapEnable
KeSetPriorityThread
KeSetSystemAffinityThread
KeSetTargetProcessorDpc
KeSetTimeIncrement
KeSetTimeUpdateNotifyRoutine;
KeSetTimer
KeSetTimerEx
KeSynchronizeExecution
KeTerminateThread
KeTickCount CONSTANT // Data - use pointer for access
KeUpdateRunTime
KeUpdateSystemTime
KeUserModeCallback
KeWaitForMultipleObjects
KeWaitForMutexObject=KeWaitForSingleObject
KeWaitForSingleObject
KiBugCheckData CONSTANT // Data - use pointer for access
KiEnableTimerWatchdog CONSTANT // Data - use pointer for access
LdrAccessResource
LdrEnumResources
LdrFindResourceDirectory_U
LdrFindResource_U
LpcPortObjectType CONSTANT // Data - use pointer for access
LpcRequestPort
LpcRequestWaitReplyPort
LsaCallAuthenticationPackage
LsaDeregisterLogonProcess
LsaFreeReturnBuffer
LsaLogonUser
LsaLookupAuthenticationPackage
LsaRegisterLogonProcess
#ifdef MEMPRINT
MemPrint
MemPrintInitialize
#endif
MmIsVerifierEnabled
MmAddVerifierThunks
MmAdvanceMdl
Mm64BitPhysicalAddress CONSTANT // Data - use pointer for access
MmAddPhysicalMemory
MmAdjustWorkingSetSize
MmAllocateContiguousMemory
MmAllocateContiguousMemorySpecifyCache
MmAllocateNonCachedMemory
MmAllocatePagesForMdl
MmBuildMdlForNonPagedPool
MmCanFileBeTruncated
MmCreateMdl
MmCreateSection
MmDisableModifiedWriteOfSection
MmFlushImageSection
MmForceSectionClosed
MmFreeContiguousMemory
MmFreeContiguousMemorySpecifyCache
MmFreeNonCachedMemory
MmFreePagesFromMdl
MmGetPhysicalAddress
MmGetPhysicalMemoryRanges
MmGetSystemRoutineAddress
MmGetVirtualForPhysical
MmGrowKernelStack
MmIsAddressValid
MmIsDriverVerifying
MmIsNonPagedSystemAddressValid
MmIsRecursiveIoFault
MmIsThisAnNtAsSystem
MmLockPagableDataSection
MmLockPagableSectionByHandle
MmMapIoSpace
MmMapLockedPages
MmMapLockedPagesSpecifyCache
MmAllocateMappingAddress
MmFreeMappingAddress
MmMapLockedPagesWithReservedMapping
MmUnmapReservedMapping
MmMapMemoryDumpMdl
MmMapUserAddressesToPage
MmMapVideoDisplay
MmMapViewOfSection
MmMapViewInSessionSpace
MmMapViewInSystemSpace
MmMarkPhysicalMemoryAsBad
MmMarkPhysicalMemoryAsGood
MmPageEntireDriver
MmPrefetchPages
MmProbeAndLockPages
MmProbeAndLockSelectedPages
MmProbeAndLockProcessPages
MmProtectMdlSystemAddress
MmQuerySystemSize
MmRemovePhysicalMemory
MmResetDriverPaging
MmSectionObjectType CONSTANT
MmSecureVirtualMemory
MmSetAddressRangeModified
MmSetBankedSection
MmSizeOfMdl
MmTrimAllSystemPagableMemory
MmUnlockPagableImageSection
MmUnlockPages
MmUnmapIoSpace
MmUnmapLockedPages
MmUnmapVideoDisplay
MmUnmapViewOfSection
MmUnmapViewInSystemSpace
MmUnmapViewInSessionSpace
MmUnsecureVirtualMemory
NlsAnsiCodePage CONSTANT // Data - use pointer for access
NlsOemCodePage CONSTANT // Data - use pointer for access
NlsLeadByteInfo CONSTANT // Data - use pointer for access
NlsOemLeadByteInfo CONSTANT // Data - use pointer for access
NlsMbCodePageTag CONSTANT // Data - use pointer for access
NlsMbOemCodePageTag CONSTANT // Data - use pointer for access
NtAddAtom
NtAdjustPrivilegesToken
NtAllocateLocallyUniqueId
NtAllocateUuids
NtAllocateVirtualMemory
NtBuildNumber CONSTANT
NtClose
NtConnectPort
NtCreateEvent
NtCreateFile
NtCreateSection
NtDeleteAtom
NtDeleteFile
NtDeviceIoControlFile
NtDuplicateObject
NtDuplicateToken
NtFindAtom
NtFreeVirtualMemory
NtFsControlFile
NtGlobalFlag CONSTANT // Data - use pointer for access
NtLockFile
NtMakePermanentObject
NtMapViewOfSection
NtNotifyChangeDirectoryFile
NtOpenFile
NtOpenProcess
NtOpenProcessToken
NtOpenProcessTokenEx
NtOpenThread
NtOpenThreadToken
NtOpenThreadTokenEx
NtQueryDirectoryFile
NtQueryEaFile
NtQueryInformationAtom
NtQueryInformationFile
NtQueryInformationProcess
NtQueryInformationThread
NtQueryInformationToken
NtQueryQuotaInformationFile
NtQuerySecurityObject
NtQuerySystemInformation
NtQueryVolumeInformationFile
NtReadFile
NtRequestPort
NtRequestWaitReplyPort
NtSetEaFile
NtSetEvent
NtSetInformationFile
NtSetInformationProcess
NtSetInformationThread
NtSetQuotaInformationFile
NtSetVolumeInformationFile
NtSetSecurityObject
NtShutdownSystem
NtTraceEvent
NtUnlockFile
NtVdmControl
NtWaitForSingleObject
NtWriteFile
ObAssignSecurity
ObCheckCreateObjectAccess
ObCheckObjectAccess
ObCreateObject
ObCreateObjectType
ObDereferenceObject
ObfDereferenceObject
ObFindHandleForObject
ObGetObjectSecurity
ObInsertObject
ObLogSecurityDescriptor
ObReferenceSecurityDescriptor
ObDereferenceSecurityDescriptor
ObMakeTemporaryObject
ObOpenObjectByName
ObOpenObjectByPointer
ObQueryObjectAuditingByHandle
ObQueryNameString
ObReferenceObjectByHandle
ObReferenceObjectByName
ObReferenceObjectByPointer
ObReleaseObjectSecurity
ObSetSecurityDescriptorInfo
ObSetSecurityObjectByPointer
ObfReferenceObject
ObSetHandleAttributes
ObCloseHandle
PfxFindPrefix
PfxInitialize
PfxInsertPrefix
PfxRemovePrefix
PoCallDriver
PoCancelDeviceNotify
PoQueueShutdownWorkItem
PoRegisterDeviceForIdleDetection
PoRegisterDeviceNotify
PoRegisterSystemState
PoRequestPowerIrp
PoRequestShutdownEvent
PoSetHiberRange
PoSetPowerState
PoSetSystemState
PoStartNextPowerIrp
PoShutdownBugCheck
PoUnregisterSystemState
ProbeForRead
ProbeForWrite
PsAssignImpersonationToken
PsChargePoolQuota
PsChargeProcessPoolQuota
PsChargeProcessNonPagedPoolQuota
PsChargeProcessPagedPoolQuota
PsCreateSystemProcess
PsCreateSystemThread
PsDisableImpersonation
PsGetCurrentProcess
PsGetContextThread
PsSetContextThread
PsGetCurrentProcessId
PsGetCurrentProcessSessionId
PsGetCurrentThread
PsGetCurrentThreadId
PsGetCurrentThreadStackBase
PsGetCurrentThreadStackLimit
PsGetCurrentThreadPreviousMode
PsGetJobLock
PsGetJobSessionId
PsGetJobUIRestrictionsClass
PsGetProcessCreateTimeQuadPart
PsGetProcessDebugPort
PsGetProcessExitProcessCalled
PsGetProcessExitStatus
PsGetProcessExitTime
PsGetProcessId
PsGetProcessImageFileName
PsGetProcessInheritedFromUniqueProcessId
PsGetProcessJob
PsGetProcessPeb
PsGetProcessPriorityClass
PsGetProcessSectionBaseAddress
PsGetProcessSecurityPort
PsGetProcessSessionId
PsGetProcessWin32WindowStation
PsGetProcessWin32Process
#ifdef _WIN64
PsGetProcessWow64Process
#endif
PsGetThreadId
PsGetThreadFreezeCount
PsGetThreadHardErrorsAreDisabled
PsGetThreadProcess
PsGetThreadProcessId
PsGetThreadSessionId
PsGetThreadTeb
PsGetThreadWin32Thread
PsGetVersion
PsImpersonateClient
PsInitialSystemProcess CONSTANT
PsIsProcessBeingDebugged
PsIsThreadTerminating
PsIsSystemThread
PsIsThreadImpersonating
PsJobType CONSTANT
PsEstablishWin32Callouts
PsLookupProcessThreadByCid
PsLookupProcessByProcessId
PsLookupThreadByThreadId
PsProcessType CONSTANT
PsReferenceImpersonationToken
PsReferencePrimaryToken
PsDereferenceImpersonationToken
PsDereferencePrimaryToken
PsRestoreImpersonation
PsReturnPoolQuota
PsReturnProcessNonPagedPoolQuota
PsReturnProcessPagedPoolQuota
PsRevertToSelf
PsRevertThreadToSelf
PsSetCreateProcessNotifyRoutine
PsSetCreateThreadNotifyRoutine
PsRemoveCreateThreadNotifyRoutine
PsSetJobUIRestrictionsClass
PsSetLegoNotifyRoutine
PsSetLoadImageNotifyRoutine
PsRemoveLoadImageNotifyRoutine
PsSetProcessPriorityClass
PsSetProcessPriorityByClass
PsSetProcessSecurityPort
PsSetProcessWin32Process
PsSetProcessWindowStation
PsSetThreadHardErrorsAreDisabled
PsSetThreadWin32Thread
PsTerminateSystemThread
PsThreadType CONSTANT
RtlAbsoluteToSelfRelativeSD
RtlAddAccessAllowedAce
RtlAddAce
RtlAddAtomToAtomTable
RtlAddRange
RtlAllocateHeap
RtlAnsiCharToUnicodeChar
RtlAnsiStringToUnicodeSize=RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
RtlAppendAsciizToString
RtlAppendStringToString
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlAreAllAccessesGranted
RtlAreAnyAccessesGranted
RtlAreBitsClear
RtlAreBitsSet
RtlAssert
RtlCaptureStackBackTrace
RtlCharToInteger
RtlCheckRegistryKey
RtlClearAllBits
RtlClearBit
RtlClearBits
RtlCompareMemory
RtlCompareMemoryUlong
RtlCompareString
RtlCompareUnicodeString
RtlCompressBuffer
RtlCompressChunks
#if !defined(_WIN64)
RtlConvertLongToLargeInteger = __RtlConvertLongToLargeInteger
RtlConvertUlongToLargeInteger = __RtlConvertUlongToLargeInteger
#elif defined(IA64)
// BUGBUG: Temporary until Whistler Beta1 is released. Needed to
// support upgrading from 2250 to 2251
RtlConvertLongToLargeInteger PRIVATE
RtlConvertUlongToLargeInteger PRIVATE
#endif
RtlConvertSidToUnicodeString
RtlCopyLuid
RtlCopyRangeList
RtlCopySid
RtlCopyString
RtlCopyUnicodeString
RtlCreateAcl
RtlCreateAtomTable
RtlCreateHeap
RtlCreateRegistryKey
RtlCreateSecurityDescriptor
RtlCreateSystemVolumeInformationFolder
RtlCreateUnicodeString
RtlCustomCPToUnicodeN
RtlDecompressBuffer
RtlDecompressChunks
RtlDecompressFragment
RtlDelete
RtlDeleteAce
RtlDeleteAtomFromAtomTable
RtlDeleteElementGenericTable
RtlDeleteElementGenericTableAvl
RtlDeleteNoSplay
RtlDeleteOwnersRanges
RtlDeleteRange
RtlDeleteRegistryValue
RtlDescribeChunk
RtlDestroyAtomTable
RtlDestroyHeap
RtlDowncaseUnicodeString
RtlEmptyAtomTable
#ifndef _WIN64
RtlEnlargedIntegerMultiply = _RtlEnlargedIntegerMultiply
RtlEnlargedUnsignedDivide = _RtlEnlargedUnsignedDivide
RtlEnlargedUnsignedMultiply = _RtlEnlargedUnsignedMultiply
#endif
RtlEnumerateGenericTable
RtlEnumerateGenericTableAvl
RtlEnumerateGenericTableLikeADirectory
RtlEnumerateGenericTableWithoutSplaying
RtlEnumerateGenericTableWithoutSplayingAvl
RtlEqualLuid
RtlEqualSid
RtlEqualString
RtlEqualUnicodeString
#if !defined(_WIN64)
RtlExtendedIntegerMultiply
RtlExtendedLargeIntegerDivide
#endif
#if defined(_X86_) || defined(_IA64_)
RtlExtendedMagicDivide
#endif
RtlFillMemory
RtlFillMemoryUlong
RtlFindClearBits
RtlFindClearBitsAndSet
RtlFindClearRuns
RtlFindFirstRunClear
RtlFindLastBackwardRunClear
RtlFindLeastSignificantBit
RtlFindLongestRunClear
RtlFindMessage
RtlFindMostSignificantBit
RtlFindNextForwardRunClear
RtlFindRange
RtlFindSetBits
RtlFindSetBitsAndClear
RtlFindUnicodePrefix
RtlFormatCurrentUserKeyPath
RtlFreeAnsiString
RtlFreeHeap
RtlFreeOemString
RtlFreeRangeList
RtlFreeUnicodeString
RtlGUIDFromString
RtlGenerate8dot3Name
RtlGetAce
RtlGetCallersAddress
RtlGetCompressionWorkSpaceSize
RtlGetDaclSecurityDescriptor
RtlGetDefaultCodePage
RtlGetElementGenericTable
RtlGetElementGenericTableAvl
RtlGetFirstRange
RtlGetGroupSecurityDescriptor
RtlGetNextRange
RtlGetNtGlobalFlags
RtlGetOwnerSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetVersion
RtlHashUnicodeString
RtlImageNtHeader
RtlImageDirectoryEntryToData
RtlInitAnsiString
RtlInitCodePageTable
RtlInitString
RtlInitUnicodeString
RtlInitializeBitMap
RtlInitializeGenericTable
RtlInitializeGenericTableAvl
RtlInitializeRangeList
RtlInitializeSid
RtlInitializeUnicodePrefix
RtlInsertElementGenericTable
RtlInsertElementGenericTableAvl
RtlInsertElementGenericTableFull
RtlInsertElementGenericTableFullAvl
RtlInsertUnicodePrefix
RtlInt64ToUnicodeString
RtlIntegerToChar
RtlIntegerToUnicode
RtlIntegerToUnicodeString
RtlInvertRangeList
RtlIpv4AddressToStringA
RtlIpv4AddressToStringW
RtlIpv4StringToAddressA
RtlIpv4StringToAddressW
RtlIpv6AddressToStringA
RtlIpv6AddressToStringW
RtlIpv6StringToAddressA
RtlIpv6StringToAddressW
RtlIsGenericTableEmpty
RtlIsGenericTableEmptyAvl
RtlIsNameLegalDOS8Dot3
RtlIsRangeAvailable
RtlIsValidOemCharacter
#if !defined(_WIN64)
RtlLargeIntegerAdd
RtlLargeIntegerArithmeticShift
RtlLargeIntegerDivide
RtlLargeIntegerNegate
RtlLargeIntegerShiftLeft
RtlLargeIntegerShiftRight
RtlLargeIntegerSubtract
#endif
RtlLengthRequiredSid
RtlLengthSecurityDescriptor
RtlLengthSid
RtlLookupAtomInAtomTable
RtlLookupElementGenericTable
RtlLookupElementGenericTableAvl
RtlLookupElementGenericTableFull
RtlLookupElementGenericTableFullAvl
RtlMapGenericMask
RtlMapSecurityErrorToNtStatus
RtlMergeRangeLists
RtlMoveMemory
RtlMultiByteToUnicodeN
RtlMultiByteToUnicodeSize
RtlNextUnicodePrefix
RtlNtStatusToDosError
RtlNtStatusToDosErrorNoTeb
RtlNumberGenericTableElements
RtlNumberGenericTableElementsAvl
RtlNumberOfClearBits
RtlNumberOfSetBits
RtlOemStringToCountedUnicodeString
RtlOemStringToUnicodeSize=RtlxOemStringToUnicodeSize
RtlOemStringToUnicodeString
RtlOemToUnicodeN
RtlPinAtomInAtomTable
RtlPrefetchMemoryNonTemporal
RtlPrefixString
RtlPrefixUnicodeString
RtlQueryAtomInAtomTable
RtlQueryRegistryValues
RtlQueryTimeZoneInformation
RtlRaiseException
RtlRandom
RtlRandomEx
RtlRealPredecessor
RtlRealSuccessor
RtlRemoveUnicodePrefix
RtlReserveChunk
RtlSecondsSince1970ToTime
RtlSecondsSince1980ToTime
RtlSelfRelativeToAbsoluteSD
RtlSelfRelativeToAbsoluteSD2
RtlSetAllBits
RtlSetBit
RtlSetBits
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlSetSaclSecurityDescriptor
RtlSetTimeZoneInformation
RtlSizeHeap
RtlSplay
RtlStringFromGUID
RtlSubAuthorityCountSid
RtlSubAuthoritySid
RtlSubtreePredecessor
RtlSubtreeSuccessor
RtlTestBit
RtlTimeFieldsToTime
RtlTimeToSecondsSince1970
RtlTimeToSecondsSince1980
RtlTimeToTimeFields
RtlTimeToElapsedTimeFields
RtlTraceDatabaseCreate
RtlTraceDatabaseDestroy
RtlTraceDatabaseValidate
RtlTraceDatabaseAdd
RtlTraceDatabaseFind
RtlTraceDatabaseEnumerate
RtlTraceDatabaseLock
RtlTraceDatabaseUnlock
RtlLockBootStatusData
RtlUnlockBootStatusData
RtlGetSetBootStatusData
#if !defined(_AMD64_)
RtlUlongByteSwap
RtlUlonglongByteSwap
#endif
RtlUnicodeStringToAnsiSize=RtlxUnicodeStringToAnsiSize
RtlUnicodeStringToAnsiString
RtlUnicodeStringToCountedOemString
RtlUnicodeStringToInteger
RtlUnicodeStringToOemSize=RtlxUnicodeStringToOemSize
RtlUnicodeStringToOemString
RtlUnicodeToCustomCPN
RtlUnicodeToMultiByteN
RtlUnicodeToMultiByteSize
RtlUnicodeToOemN
RtlUnwind
RtlUpcaseUnicodeChar
RtlUpcaseUnicodeString
RtlUpcaseUnicodeStringToAnsiString
RtlUpcaseUnicodeStringToCountedOemString
RtlUpcaseUnicodeStringToOemString
RtlUpcaseUnicodeToCustomCPN
RtlUpcaseUnicodeToMultiByteN
RtlUpcaseUnicodeToOemN
RtlUpperChar
RtlUpperString
#if !defined(_AMD64_)
RtlUshortByteSwap
#endif
RtlValidSecurityDescriptor
RtlValidRelativeSecurityDescriptor
RtlValidSid
RtlVerifyVersionInfo
RtlVolumeDeviceToDosName=IoVolumeDeviceToDosName
RtlWalkFrameChain
RtlWriteRegistryValue
RtlZeroHeap
RtlZeroMemory
RtlxAnsiStringToUnicodeSize
RtlxOemStringToUnicodeSize
RtlxUnicodeStringToAnsiSize
RtlxUnicodeStringToOemSize
SeAccessCheck
SeAppendPrivileges
SeAssignSecurity
SeAssignSecurityEx
SeAuditingFileEvents
SeAuditingFileOrGlobalEvents
SeAuditingHardLinkEvents
SeAuditHardLinkCreation
SeCaptureSecurityDescriptor
SeCaptureSubjectContext
SeCloseObjectAuditAlarm
SeCreateAccessState
SeCreateClientSecurity
SeCreateClientSecurityFromSubjectContext
SeDeassignSecurity
SeDeleteAccessState
SeDeleteObjectAuditAlarm
//
// Pointer to structure containing security
// exports
//
//
// Use SeEnableAccessToExports() before
// using (see se.h)
SeExports DATA
SeFilterToken
SeFreePrivileges
SeImpersonateClient
SeImpersonateClientEx
SeLockSubjectContext
SeMarkLogonSessionForTerminationNotification
SeOpenObjectAuditAlarm
SeOpenObjectForDeleteAuditAlarm
SePrivilegeCheck
SePrivilegeObjectAuditAlarm
// System default DACLs
//
// SePublicDefaultDacl - is for protecting things so that
// normal users can use it.
SePublicDefaultDacl CONSTANT
SeQueryAuthenticationIdToken
SeQueryInformationToken
SeQuerySecurityDescriptorInfo
SeQuerySessionIdToken
SeRegisterLogonSessionTerminatedRoutine
SeReleaseSecurityDescriptor
SeReleaseSubjectContext
SeSetAccessStateGenericMapping
SeSetSecurityDescriptorInfo
SeSetSecurityDescriptorInfoEx
SeSinglePrivilegeCheck
// SeSystemDefaultDacl - is for protecting things so that
// only the system (and administrators) can get to it.
SeSystemDefaultDacl CONSTANT
SeTokenImpersonationLevel
SeTokenIsAdmin
SeTokenIsRestricted
SeTokenObjectType CONSTANT // Data - use pointer for access
SeTokenType
SeUnlockSubjectContext
SeUnregisterLogonSessionTerminatedRoutine
SeValidSecurityDescriptor
VerSetConditionMask
VfFailDeviceNode
VfFailDriver
VfFailSystemBIOS
VfIsVerificationEnabled
WmiFlushTrace
WmiGetClock
WmiQueryTrace
WmiQueryTraceInformation
WmiStartTrace
WmiStopTrace
WmiTraceMessage
WmiTraceMessageVa
WmiUpdateTrace
ZwAccessCheckAndAuditAlarm
ZwAddBootEntry
ZwAdjustPrivilegesToken
ZwAlertThread
ZwAllocateVirtualMemory
ZwAssignProcessToJobObject
ZwCancelIoFile
ZwCancelTimer
ZwClearEvent
ZwClose
ZwCloseObjectAuditAlarm
ZwConnectPort
ZwCreateDirectoryObject
ZwCreateEvent
ZwCreateFile
ZwCreateJobObject
ZwCreateKey
ZwCreateSection
ZwCreateSymbolicLinkObject
ZwCreateTimer
ZwDeleteBootEntry
ZwDeleteFile
ZwDeleteKey
ZwDeleteValueKey
ZwDeviceIoControlFile
ZwDisplayString
ZwDuplicateObject
ZwDuplicateToken
ZwEnumerateBootEntries
ZwEnumerateKey
ZwEnumerateValueKey
ZwFlushInstructionCache
ZwFlushKey
ZwFlushVirtualMemory
ZwFreeVirtualMemory
ZwFsControlFile
ZwInitiatePowerAction
ZwIsProcessInJob
ZwLoadDriver
ZwLoadKey
ZwMakeTemporaryObject
ZwMapViewOfSection
ZwNotifyChangeKey
ZwOpenDirectoryObject
ZwOpenEvent
ZwOpenFile
ZwOpenJobObject
ZwOpenKey
ZwOpenProcess
ZwOpenProcessToken
ZwOpenProcessTokenEx
ZwOpenSection
ZwOpenSymbolicLinkObject
ZwOpenThread
ZwOpenThreadToken
ZwOpenThreadTokenEx
ZwOpenTimer
ZwPowerInformation
ZwPulseEvent
ZwQueryBootEntryOrder
ZwQueryBootOptions
ZwQueryDefaultLocale
ZwQueryDefaultUILanguage
ZwQueryInstallUILanguage
ZwQueryDirectoryFile
ZwQueryDirectoryObject
ZwQueryEaFile
ZwQueryFullAttributesFile
ZwQueryInformationFile
ZwQueryInformationJobObject
ZwQueryInformationProcess
ZwQueryInformationThread
ZwQueryInformationToken
ZwQueryInformationToken
ZwQueryKey
ZwQueryObject
ZwQuerySection
ZwQuerySecurityObject
ZwQuerySymbolicLinkObject
ZwQuerySystemInformation
ZwQueryValueKey
ZwQueryVolumeInformationFile
ZwReadFile
ZwReplaceKey
ZwRequestWaitReplyPort
ZwResetEvent
ZwRestoreKey
ZwSaveKey
ZwSaveKeyEx
ZwSetBootEntryOrder
ZwSetBootOptions
ZwSetDefaultLocale
ZwSetDefaultUILanguage
ZwSetEaFile
ZwSetEvent
ZwSetInformationFile
ZwSetInformationJobObject
ZwSetInformationObject
ZwSetInformationProcess
ZwSetInformationThread
ZwSetSecurityObject
ZwSetSystemInformation
ZwSetSystemTime
ZwSetTimer
ZwSetValueKey
ZwSetVolumeInformationFile
ZwTerminateJobObject
ZwTerminateProcess
ZwTranslateFilePath
ZwUnloadDriver
ZwUnloadKey
ZwUnmapViewOfSection
ZwWaitForMultipleObjects
ZwWaitForSingleObject
ZwWriteFile
ZwYieldExecution
//
// ntcrt.lib
//
#if defined(_X86_)
_alloca_probe
#elif defined(_IA64_)
__alloca_probe
#endif
_itoa
_itow
_purecall
_snprintf
_snwprintf
_stricmp
_strlwr
_strnicmp
_strnset
_strrev
_strset
_strupr
_vsnprintf
_vsnwprintf
_wcsicmp
_wcslwr
_wcsnicmp
_wcsnset
_wcsrev
_wcsupr
isdigit
islower
isprint
isspace
isupper
isxdigit
mbstowcs
mbtowc
memchr
qsort
rand
sprintf
srand
strcat
strchr
strcmp
strcpy
strlen
strncat
strncmp
strncpy
strrchr
strspn
strstr
swprintf
tolower
towlower
toupper
towupper
vsprintf
wcscat
wcschr
wcscmp
wcscpy
wcscspn
wcslen
wcsncat
wcsncmp
wcsncpy
wcsrchr
wcsspn
wcsstr
wcstombs
wctomb
//
// Hack-o-rama to support the stupid ATI miniport driver.
// Get rid of these if we can someday.
//
atol
atoi
//
// Export Kernel Icecap probe functions so drivers can be traced
//
#ifdef _CAPKERN
__CAP_Start_Profiling@8
__CAP_End_Profiling@4
#endif
//
// Export CreateLiveDump function to use in videoprt.sys EA recovery
//
KeCapturePersistentThreadState
Copy Permalink