티스토리 뷰

보안/분석

Windows syscall lister

NineKY 2008. 4. 4. 09:40
Windows syscall lister
Copyleft (c) by Omega Red 2005,2006
[Windows x64 edition - 10.07.2006]
[Cleanup, single 32/64bit source - 07.2007]

Windows version: 5.1.2600, platform 2, Dodatek Service Pack 2

NtQuerySystemInformation ok, kernel base: 00000000804d7000

Base             Size     Flags    Idx  RefC  Image
-----------------------------------------------------------
7c900000 000b2000 00000000 0063 0001 \WINDOWS\system32\ntdll.dll
804d7000 001f6a80 0c004000 0000 0001 \WINDOWS\system32\ntkrnlpa.exe
806ce000 00020380 0c004000 0001 0001 \WINDOWS\system32\hal.dll
bf800000 001c3000 29104000 0057 0001 \SystemRoot\System32\win32k.sys
bf9c3000 00012000 29104000 005a 0001 \SystemRoot\System32\drivers\dxg.sys
bf9d5000 00015000 29104000 005c 0001 \SystemRoot\System32\vmx_fb.dll
f6938000 00052000 09104000 0062 0001 \SystemRoot\system32\DRIVERS\srv.sys
f6aca000 00014000 09104000 005d 0001 \SystemRoot\System32\DRIVERS\hgfs.sys
f6c1e000 00004000 09104000 005e 0001 \SystemRoot\System32\Drivers\DbgMsg.SYS
f6d36000 00018000 09104000 0055 0001 \SystemRoot\System32\Drivers\dump_atapi.sys
f6d76000 0006f000 09104000 0052 0001 \SystemRoot\system32\DRIVERS\mrxsmb.sys
f6e85000 0002b000 09104000 0050 0002 \SystemRoot\system32\DRIVERS\rdbss.sys
f6eb0000 00022000 09104000 004e 0001 \SystemRoot\System32\drivers\afd.sys
f6ed2000 00028000 09104000 004d 0001 \SystemRoot\system32\DRIVERS\netbt.sys
f6efa000 00058000 09104000 004c 0002 \SystemRoot\system32\DRIVERS\tcpip.sys
f6f52000 00013000 09104000 004b 0001 \SystemRoot\system32\DRIVERS\ipsec.sys
f81ad000 00034000 09104000 003e 0001 \SystemRoot\system32\DRIVERS\update.sys
f81e1000 00031000 09104000 003b 0001 \SystemRoot\system32\DRIVERS\rdpdr.sys
f822e000 00003000 09104000 0058 0001 \SystemRoot\System32\drivers\Dxapi.sys
f823a000 00011000 09104000 0037 0001 \SystemRoot\system32\DRIVERS\psched.sys
f824b000 00017000 09104000 0033 0001 \SystemRoot\system32\DRIVERS\ndiswan.sys
f8262000 00014000 09104000 002d 0006 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
f8276000 00023000 09104000 002b 0002 \SystemRoot\system32\DRIVERS\ks.sys
f8299000 00011000 09104000 0026 0001 \SystemRoot\system32\DRIVERS\serial.sys
f82aa000 00014000 09104000 0025 0001 \SystemRoot\system32\DRIVERS\parport.sys
f82e2000 00003000 09104000 004a 0001 \SystemRoot\system32\DRIVERS\rasacd.sys
f8317000 0001b000 09004000 001e 0001 Mup.sys
f8332000 00027000 09004000 001c 0001 siwvid.sys
f8359000 0002d000 09004000 001b 000e NDIS.sys
f8386000 0008d000 09004000 001a 0001 Ntfs.sys
f8413000 00017000 0d004000 0019 0005 KSecDD.sys
f842a000 00020000 09004000 0018 0001 fltMgr.sys
f844a000 00018000 09004000 0015 0001 atapi.sys
f8462000 00026000 09004000 0012 0001 dmio.sys
f8488000 0001f000 09004000 0010 0001 ftdisk.sys
f84a7000 000b2000 09004000 0008 0001 OsiData.sys
f8559000 00011000 09004000 0007 0001 pci.sys
f856a000 0002f000 09004000 0005 0001 ACPI.sys
f869a000 00009000 09004000 000a 0001 isapnp.sys
f86aa000 0000b000 09004000 000f 0001 MountMgr.sys
f86ba000 0000d000 09004000 0014 0001 VolSnap.sys
f86ca000 00009000 09004000 0016 0001 disk.sys
f86da000 0000d000 0d004000 0017 0002 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
f86ea000 0000b000 09004000 001f 0001 agp440.sys
f874a000 0000a000 09104000 0020 0001 \SystemRoot\system32\DRIVERS\processr.sys
f875a000 0000e000 09104000 0021 0001 \SystemRoot\system32\DRIVERS\i8042prt.sys
f876a000 0000d000 09104000 0029 0001 \SystemRoot\system32\DRIVERS\cdrom.sys
f877a000 0000f000 09104000 002a 0001 \SystemRoot\system32\DRIVERS\redbook.sys
f878a000 0000d000 09104000 0031 0001 \SystemRoot\system32\DRIVERS\rasl2tp.sys
f879a000 0000b000 09104000 0034 0001 \SystemRoot\system32\DRIVERS\raspppoe.sys
f87aa000 0000c000 09104000 0035 0001 \SystemRoot\system32\DRIVERS\raspptp.sys
f87ba000 00009000 09104000 0038 0001 \SystemRoot\system32\DRIVERS\msgpc.sys
f87ca000 0000a000 09104000 003c 0001 \SystemRoot\system32\DRIVERS\termdd.sys
f87da000 0000a000 09104000 0040 0001 \SystemRoot\System32\Drivers\NDProxy.SYS
f87fa000 00009000 09104000 004f 0001 \SystemRoot\system32\DRIVERS\netbios.sys
f882a000 00009000 09104000 0051 0001 \SystemRoot\system32\DRIVERS\wanarp.sys
f884a000 00009000 09104000 0053 0001 \SystemRoot\System32\Drivers\Fips.SYS
f886a000 00010000 09104000 0054 0001 \SystemRoot\System32\Drivers\Cdfs.SYS
f891a000 00005000 09004000 0009 0001 cpthook.sys
f8922000 00007000 0d004000 000e 0001 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
f892a000 00005000 09004000 0013 0001 PartMgr.sys
f8962000 00007000 09104000 0022 0001 \SystemRoot\system32\DRIVERS\kbdclass.sys
f896a000 00006000 09104000 0024 0001 \SystemRoot\system32\DRIVERS\mouclass.sys
f8972000 00007000 09104000 0028 0001 \SystemRoot\system32\DRIVERS\fdc.sys
f897a000 00006000 09104000 002e 0001 \SystemRoot\system32\DRIVERS\vmxnet.sys
f8982000 00005000 09104000 0036 0009 \SystemRoot\system32\DRIVERS\TDI.SYS
f8992000 00005000 09104000 0039 0002 \SystemRoot\system32\DRIVERS\ptilink.sys
f899a000 00005000 09104000 003a 0001 \SystemRoot\system32\DRIVERS\raspti.sys
f89a2000 00005000 09104000 0041 0001 \SystemRoot\system32\DRIVERS\flpydisk.sys
f89b2000 00006000 09104000 0045 0001 \SystemRoot\System32\drivers\vga.sys
f89ba000 00005000 09104000 0048 0001 \SystemRoot\System32\Drivers\Msfs.SYS
f89c2000 00008000 09104000 0049 0001 \SystemRoot\System32\Drivers\Npfs.SYS
f89da000 00005000 09104000 0059 0001 \SystemRoot\System32\watchdog.sys
f8a5a000 00005000 09104000 005f 0001 \??\C:\WINDOWS\system32\Drivers\lgtosync.sys
f8aaa000 00003000 09004000 0003 0002 \WINDOWS\system32\BOOTVID.dll
f8aae000 00003000 09004000 0004 0001 bootcfg.sys
f8ab2000 00003000 09004000 000b 0001 compbatt.sys
f8ab6000 00004000 0d004000 000c 0002 \WINDOWS\system32\DRIVERS\BATTC.SYS
f8b3a000 00004000 09104000 0027 0001 \SystemRoot\system32\DRIVERS\serenum.sys
f8b42000 00004000 09104000 002c 0001 \SystemRoot\system32\DRIVERS\vmx_svga.sys
f8b46000 00004000 09104000 002f 0001 \SystemRoot\system32\DRIVERS\CmBatt.sys
f8b4a000 00003000 09104000 0032 0002 \SystemRoot\system32\DRIVERS\ndistapi.sys
f8b72000 00004000 09104000 003f 0001 \SystemRoot\system32\DRIVERS\mssmbios.sys
f8b9a000 00002000 09004000 0002 0003 \WINDOWS\system32\KDCOM.DLL
f8b9c000 00002000 0d004000 0006 0012 \WINDOWS\system32\DRIVERS\WMILIB.SYS
f8b9e000 00002000 09004000 000d 0001 intelide.sys
f8ba0000 00002000 09004000 0011 0001 dmload.sys
f8ba2000 00002000 09004000 001d 0001 nmfilter.sys
f8ba6000 00002000 09104000 0023 0001 \SystemRoot\system32\DRIVERS\vmmouse.sys
f8bae000 00002000 09104000 003d 0001 \SystemRoot\system32\DRIVERS\swenum.sys
f8bb0000 00002000 09104000 0042 0001 \SystemRoot\System32\Drivers\Fs_Rec.SYS
f8bb2000 00002000 09104000 0044 0001 \SystemRoot\System32\Drivers\Beep.SYS
f8bb4000 00002000 09104000 0046 0001 \SystemRoot\System32\Drivers\mnmdd.SYS
f8bb6000 00002000 09104000 0047 0001 \SystemRoot\System32\DRIVERS\RDPCDD.sys
f8bba000 00002000 09104000 0056 0001 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
f8c14000 00002000 09104000 0060 0001 \SystemRoot\System32\Drivers\ParVdm.SYS
f8c16000 00002000 09104000 0061 0001 \??\C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys
f8ccb000 00001000 09104000 0043 0001 \SystemRoot\System32\Drivers\Null.SYS
f8d23000 00001000 09104000 005b 0001 \SystemRoot\System32\drivers\dxgthk.sys
f8dd2000 00001000 09104000 0030 0001 \SystemRoot\system32\DRIVERS\audstub.sys

Loading symbols for C:\WINDOWS\system32\ntkrnlpa.exe, please wait...
Real SSDTS address: 0000000080552340
Loading driver: c:\\MemMap32.sys
MemMap initialized.

Service tables:

Table #0: 805011fc, 011c entries, params=80501670, \WINDOWS\system32\ntkrnlpa.exe
0000: 80598746 NtAcceptConnectPort [6] (ntkrnlpa.exe)
0001: 805e5914 NtAccessCheck [8] (ntkrnlpa.exe)
0002: 805e915a NtAccessCheckAndAuditAlarm [11] (ntkrnlpa.exe)
0003: 805e5946 NtAccessCheckByType [11] (ntkrnlpa.exe)
0004: 805e9194 NtAccessCheckByTypeAndAuditAlarm [16] (ntkrnlpa.exe)
0005: 805e597c NtAccessCheckByTypeResultList [11] (ntkrnlpa.exe)
0006: 805e91d8 NtAccessCheckByTypeResultListAndAuditAlarm [16] (ntkrnlpa.exe)
0007: 805e921c NtAccessCheckByTypeResultListAndAuditAlarmByHandle [17] (ntkrnlpa.exe)
0008: 8060a880 NtAddAtom [3] (ntkrnlpa.exe)
0009: 8060b5d2 NtAddBootEntry [2] (ntkrnlpa.exe)
000a: 805e0cac NtAdjustGroupsToken [6] (ntkrnlpa.exe)
000b: 805e0904 NtAdjustPrivilegesToken [6] (ntkrnlpa.exe)
000c: 805c9928 NtAlertResumeThread [2] (ntkrnlpa.exe)
000d: 805c98d8 NtAlertThread [1] (ntkrnlpa.exe)
000e: 8060aea6 NtAllocateLocallyUniqueId [1] (ntkrnlpa.exe)
000f: 805aa334 NtAllocateUserPhysicalPages [3] (ntkrnlpa.exe)
0010: 8060a4be NtAllocateUuids [4] (ntkrnlpa.exe)
0011: 8059cbbc NtAllocateVirtualMemory [6] (ntkrnlpa.exe)
0012: 805a4786 NtAreMappedFilesTheSame [2] (ntkrnlpa.exe)
0013: 805cb406 NtAssignProcessToJobObject [2] (ntkrnlpa.exe)
0014: 804feed0 NtCallbackReturn [3] (ntkrnlpa.exe)
0015: 8060b5c4 NtCancelDeviceWakeupRequest [1] (ntkrnlpa.exe)
0016: 8056ae64 NtCancelIoFile [2] (ntkrnlpa.exe)
0017: 805343f2 NtCancelTimer [2] (ntkrnlpa.exe)
0018: 80603b90 NtClearEvent [1] (ntkrnlpa.exe)
0019: 805b09c0 NtClose [1] (ntkrnlpa.exe)
001a: 805e9694 NtCloseObjectAuditAlarm [3] (ntkrnlpa.exe)
001b: 80618a56 NtCompactKeys [2] (ntkrnlpa.exe)
001c: 805edb86 NtCompareTokens [3] (ntkrnlpa.exe)
001d: 80598e34 NtCompleteConnectPort [1] (ntkrnlpa.exe)
001e: 80618caa NtCompressKey [1] (ntkrnlpa.exe)
001f: 805986e6 NtConnectPort [8] (ntkrnlpa.exe)
0020: 805401f0 NtContinue [2] (ntkrnlpa.exe)
0021: 80636c9c NtCreateDebugObject [4] (ntkrnlpa.exe)
0022: 805b28bc NtCreateDirectoryObject [3] (ntkrnlpa.exe)
0023: 80603be0 NtCreateEvent [5] (ntkrnlpa.exe)
0024: 8060be48 NtCreateEventPair [3] (ntkrnlpa.exe)
0025: 8056d3ca NtCreateFile [11] (ntkrnlpa.exe)
0026: 8056bc5c NtCreateIoCompletion [4] (ntkrnlpa.exe)
0027: 805ca3ca NtCreateJobObject [3] (ntkrnlpa.exe)
0028: 805ca102 NtCreateJobSet [3] (ntkrnlpa.exe)
0029: 80618e86 NtCreateKey [7] (ntkrnlpa.exe)
002a: 8056d4d8 NtCreateMailslotFile [8] (ntkrnlpa.exe)
002b: 8060c240 NtCreateMutant [4] (ntkrnlpa.exe)
002c: 8056d404 NtCreateNamedPipeFile [14] (ntkrnlpa.exe)
002d: 8059fba6 NtCreatePagingFile [4] (ntkrnlpa.exe)
002e: 80599202 NtCreatePort [5] (ntkrnlpa.exe)
002f: 805c5f8e NtCreateProcess [8] (ntkrnlpa.exe)
0030: 805c5ed8 NtCreateProcessEx [9] (ntkrnlpa.exe)
0031: 8060c660 NtCreateProfile [9] (ntkrnlpa.exe)
0032: 8059f4ea NtCreateSection [7] (ntkrnlpa.exe)
0033: 80609bdc NtCreateSemaphore [5] (ntkrnlpa.exe)
0034: 805b96c4 NtCreateSymbolicLinkObject [4] (ntkrnlpa.exe)
0035: 805c5d76 NtCreateThread [8] (ntkrnlpa.exe)
0036: 8060bb10 NtCreateTimer [4] (ntkrnlpa.exe)
0037: 805edf2e NtCreateToken [13] (ntkrnlpa.exe)
0038: 80599226 NtCreateWaitablePort [5] (ntkrnlpa.exe)
0039: 80637d78 NtDebugActiveProcess [2] (ntkrnlpa.exe)
003a: 80637ec8 NtDebugContinue [3] (ntkrnlpa.exe)
003b: 8060b514 NtDelayExecution [2] (ntkrnlpa.exe)
003c: 8060ad36 NtDeleteAtom [1] (ntkrnlpa.exe)
003d: 8060b5c4 NtCancelDeviceWakeupRequest [1] (ntkrnlpa.exe)
003e: 8056afaa NtDeleteFile [1] (ntkrnlpa.exe)
003f: 80619316 NtDeleteKey [1] (ntkrnlpa.exe)
0040: 805e97a0 NtDeleteObjectAuditAlarm [3] (ntkrnlpa.exe)
0041: 806194e6 NtDeleteValueKey [2] (ntkrnlpa.exe)
0042: 8056d590 NtDeviceIoControlFile [10] (ntkrnlpa.exe)
0043: 80607b50 NtDisplayString [1] (ntkrnlpa.exe)
0044: 805b249c NtDuplicateObject [7] (ntkrnlpa.exe)
0045: 805e1b4a NtDuplicateToken [6] (ntkrnlpa.exe)
0046: 8060b5d2 NtAddBootEntry [2] (ntkrnlpa.exe)
0047: 806196c6 NtEnumerateKey [6] (ntkrnlpa.exe)
0048: 8060b5b6 NtEnumerateSystemEnvironmentValuesEx [3] (ntkrnlpa.exe)
0049: 80619930 NtEnumerateValueKey [6] (ntkrnlpa.exe)
004a: 805a7eac NtExtendSection [2] (ntkrnlpa.exe)
004b: 805e1cf6 NtFilterToken [6] (ntkrnlpa.exe)
004c: 8060aaea NtFindAtom [3] (ntkrnlpa.exe)
004d: 8056b076 NtFlushBuffersFile [2] (ntkrnlpa.exe)
004e: 805aabbe NtFlushInstructionCache [3] (ntkrnlpa.exe)
004f: 80619b9a NtFlushKey [1] (ntkrnlpa.exe)
0050: 805a08b6 NtFlushVirtualMemory [4] (ntkrnlpa.exe)
0051: 805aab60 NtFlushWriteBuffer [0] (ntkrnlpa.exe)
0052: 805aa6d0 NtFreeUserPhysicalPages [3] (ntkrnlpa.exe)
0053: 805a7186 NtFreeVirtualMemory [4] (ntkrnlpa.exe)
0054: 8056d5c4 NtFsControlFile [10] (ntkrnlpa.exe)
0055: 805c62a0 NtGetContextThread [2] (ntkrnlpa.exe)
0056: 805bd0d6 NtGetDevicePowerState [2] (ntkrnlpa.exe)
0057: 8058d5d8 NtGetPlugPlayEvent [4] (ntkrnlpa.exe)
0058: 8051ce1a NtGetWriteWatch [7] (ntkrnlpa.exe)
0059: 805ed87a NtImpersonateAnonymousToken [1] (ntkrnlpa.exe)
005a: 80599290 NtImpersonateClientOfPort [2] (ntkrnlpa.exe)
005b: 805cc59e NtImpersonateThread [3] (ntkrnlpa.exe)
005c: 80616e5e NtInitializeRegistry [1] (ntkrnlpa.exe)
005d: 805bcebc NtInitiatePowerAction [4] (ntkrnlpa.exe)
005e: 805c9fc6 NtIsProcessInJob [2] (ntkrnlpa.exe)
005f: 805bd0c2 NtIsSystemResumeAutomatic [0] (ntkrnlpa.exe)
0060: 8059949c NtListenPort [2] (ntkrnlpa.exe)
0061: 805785e4 NtLoadDriver [1] (ntkrnlpa.exe)
0062: 8061abb6 NtLoadKey [2] (ntkrnlpa.exe)
0063: 8061a800 NtLoadKey2 [3] (ntkrnlpa.exe)
0064: 8056d5f8 NtLockFile [10] (ntkrnlpa.exe)
0065: 806080b2 NtLockProductActivationKeys [2] (ntkrnlpa.exe)
0066: 80618d56 NtLockRegistryKey [1] (ntkrnlpa.exe)
0067: 805aacc6 NtLockVirtualMemory [4] (ntkrnlpa.exe)
0068: 805b3d3c NtMakePermanentObject [1] (ntkrnlpa.exe)
0069: 805b0a64 NtMakeTemporaryObject [1] (ntkrnlpa.exe)
006a: 805a9628 NtMapUserPhysicalPages [3] (ntkrnlpa.exe)
006b: 805a9c00 NtMapUserPhysicalPagesScatter [3] (ntkrnlpa.exe)
006c: 805a6206 NtMapViewOfSection [10] (ntkrnlpa.exe)
006d: 8060b5c4 NtCancelDeviceWakeupRequest [1] (ntkrnlpa.exe)
006e: 8056e228 NtNotifyChangeDirectoryFile [9] (ntkrnlpa.exe)
006f: 8061ab80 NtNotifyChangeKey [10] (ntkrnlpa.exe)
0070: 80619c9c NtNotifyChangeMultipleKeys [12] (ntkrnlpa.exe)
0071: 805b298e NtOpenDirectoryObject [3] (ntkrnlpa.exe)
0072: 80603ce0 NtOpenEvent [3] (ntkrnlpa.exe)
0073: 8060bf20 NtOpenEventPair [3] (ntkrnlpa.exe)
0074: 8056e4e8 NtOpenFile [6] (ntkrnlpa.exe)
0075: 8056bd34 NtOpenIoCompletion [3] (ntkrnlpa.exe)
0076: 805ca550 NtOpenJobObject [3] (ntkrnlpa.exe)
0077: 8061a21c NtOpenKey [3] (ntkrnlpa.exe)
0078: 8060c318 NtOpenMutant [3] (ntkrnlpa.exe)
0079: 805e9262 NtOpenObjectAuditAlarm [12] (ntkrnlpa.exe)
007a: 805bfe1e NtOpenProcess [4] (ntkrnlpa.exe)
007b: 805e2542 NtOpenProcessToken [3] (ntkrnlpa.exe)
007c: 805e2148 NtOpenProcessTokenEx [4] (ntkrnlpa.exe)
007d: 8059e520 NtOpenSection [3] (ntkrnlpa.exe)
007e: 80609cd6 NtOpenSemaphore [3] (ntkrnlpa.exe)
007f: 805b98aa NtOpenSymbolicLinkObject [3] (ntkrnlpa.exe)
0080: 805c00aa NtOpenThread [4] (ntkrnlpa.exe)
0081: 805e2560 NtOpenThreadToken [4] (ntkrnlpa.exe)
0082: 805e22b8 NtOpenThreadTokenEx [5] (ntkrnlpa.exe)
0083: 8060bc32 NtOpenTimer [3] (ntkrnlpa.exe)
0084: 80639f6a NtPlugPlayControl [3] (ntkrnlpa.exe)
0085: 805bdf0a NtPowerInformation [5] (ntkrnlpa.exe)
0086: 805ec92c NtPrivilegeCheck [3] (ntkrnlpa.exe)
0087: 805e8574 NtPrivilegeObjectAuditAlarm [6] (ntkrnlpa.exe)
0088: 805e8760 NtPrivilegedServiceAuditAlarm [5] (ntkrnlpa.exe)
0089: 805ac78e NtProtectVirtualMemory [5] (ntkrnlpa.exe)
008a: 80603d98 NtPulseEvent [2] (ntkrnlpa.exe)
008b: 8056b25c NtQueryAttributesFile [2] (ntkrnlpa.exe)
008c: 8060b5d2 NtAddBootEntry [2] (ntkrnlpa.exe)
008d: 8060b5d2 NtAddBootEntry [2] (ntkrnlpa.exe)
008e: 8053b426 NtQueryDebugFilterState [2] (ntkrnlpa.exe)
008f: 80605904 NtQueryDefaultLocale [2] (ntkrnlpa.exe)
0090: 80606564 NtQueryDefaultUILanguage [1] (ntkrnlpa.exe)
0091: 8056e1c2 NtQueryDirectoryFile [11] (ntkrnlpa.exe)
0092: 805b2a2e NtQueryDirectoryObject [7] (ntkrnlpa.exe)
0093: 8056e518 NtQueryEaFile [9] (ntkrnlpa.exe)
0094: 80603e60 NtQueryEvent [5] (ntkrnlpa.exe)
0095: 8056b394 NtQueryFullAttributesFile [2] (ntkrnlpa.exe)
0096: 8060ad5e NtQueryInformationAtom [5] (ntkrnlpa.exe)
0097: 8056ed94 NtQueryInformationFile [5] (ntkrnlpa.exe)
0098: 805caa22 NtQueryInformationJobObject [5] (ntkrnlpa.exe)
0099: 805994fa NtQueryInformationPort [5] (ntkrnlpa.exe)
009a: 805c1784 NtQueryInformationProcess [5] (ntkrnlpa.exe)
009b: 805c0350 NtQueryInformationThread [5] (ntkrnlpa.exe)
009c: 805e2640 NtQueryInformationToken [5] (ntkrnlpa.exe)
009d: 80605d02 NtQueryInstallUILanguage [1] (ntkrnlpa.exe)
009e: 8060cae2 NtQueryIntervalProfile [2] (ntkrnlpa.exe)
009f: 8056bddc NtQueryIoCompletion [5] (ntkrnlpa.exe)
00a0: 8061a540 NtQueryKey [5] (ntkrnlpa.exe)
00a1: 80618054 NtQueryMultipleValueKey [6] (ntkrnlpa.exe)
00a2: 8060c3c0 NtQueryMutant [5] (ntkrnlpa.exe)
00a3: 805b8d84 NtQueryObject [5] (ntkrnlpa.exe)
00a4: 806186ba NtQueryOpenSubKeys [2] (ntkrnlpa.exe)
00a5: 8060cb70 NtQueryPerformanceCounter [2] (ntkrnlpa.exe)
00a6: 8056fbde NtQueryQuotaInformationFile [9] (ntkrnlpa.exe)
00a7: 805ac950 NtQuerySection [5] (ntkrnlpa.exe)
00a8: 805b4708 NtQuerySecurityObject [5] (ntkrnlpa.exe)
00a9: 80609d8e NtQuerySemaphore [5] (ntkrnlpa.exe)
00aa: 805b994a NtQuerySymbolicLinkObject [3] (ntkrnlpa.exe)
00ab: 8060b5ee NtQuerySystemEnvironmentValue [4] (ntkrnlpa.exe)
00ac: 8060b5a8 NtQuerySystemEnvironmentValueEx [5] (ntkrnlpa.exe)
00ad: 806065e4 NtQuerySystemInformation [4] (ntkrnlpa.exe)
00ae: 80608466 NtQuerySystemTime [1] (ntkrnlpa.exe)
00af: 8060bcea NtQueryTimer [5] (ntkrnlpa.exe)
00b0: 80607d1e NtQueryTimerResolution [3] (ntkrnlpa.exe)
00b1: 80616f40 NtQueryValueKey [6] (ntkrnlpa.exe)
00b2: 805acfd6 NtQueryVirtualMemory [6] (ntkrnlpa.exe)
00b3: 805700ce NtQueryVolumeInformationFile [5] (ntkrnlpa.exe)
00b4: 805c5fec NtQueueApcThread [5] (ntkrnlpa.exe)
00b5: 80540238 NtRaiseException [3] (ntkrnlpa.exe)
00b6: 80609a00 NtRaiseHardError [6] (ntkrnlpa.exe)
00b7: 80570896 NtReadFile [9] (ntkrnlpa.exe)
00b8: 80570e24 NtReadFileScatter [9] (ntkrnlpa.exe)
00b9: 80599f82 NtReadRequestData [6] (ntkrnlpa.exe)
00ba: 805a8498 NtReadVirtualMemory [5] (ntkrnlpa.exe)
00bb: 805c7522 NtRegisterThreadTerminatePort [1] (ntkrnlpa.exe)
00bc: 8060c4f8 NtReleaseMutant [2] (ntkrnlpa.exe)
00bd: 80609ebe NtReleaseSemaphore [3] (ntkrnlpa.exe)
00be: 8056c0d4 NtRemoveIoCompletion [5] (ntkrnlpa.exe)
00bf: 80637e48 NtRemoveProcessDebug [2] (ntkrnlpa.exe)
00c0: 806188ac NtRenameKey [2] (ntkrnlpa.exe)
00c1: 8061aa66 NtReplaceKey [3] (ntkrnlpa.exe)
00c2: 80599602 NtReplyPort [2] (ntkrnlpa.exe)
00c3: 8059a5ca NtReplyWaitReceivePort [4] (ntkrnlpa.exe)
00c4: 80599fd2 NtReplyWaitReceivePortEx [5] (ntkrnlpa.exe)
00c5: 805998ec NtReplyWaitReplyPort [2] (ntkrnlpa.exe)
00c6: 805bd054 NtRequestDeviceWakeup [1] (ntkrnlpa.exe)
00c7: 80596b60 NtRequestPort [2] (ntkrnlpa.exe)
00c8: 80596e8c NtRequestWaitReplyPort [3] (ntkrnlpa.exe)
00c9: 805bce62 NtRequestWakeupLatency [1] (ntkrnlpa.exe)
00ca: 80603f72 NtResetEvent [2] (ntkrnlpa.exe)
00cb: 8051d2fa NtResetWriteWatch [3] (ntkrnlpa.exe)
00cc: 8061728e NtRestoreKey [3] (ntkrnlpa.exe)
00cd: 805c9882 NtResumeProcess [1] (ntkrnlpa.exe)
00ce: 805c9764 NtResumeThread [2] (ntkrnlpa.exe)
00cf: 80617330 NtSaveKey [2] (ntkrnlpa.exe)
00d0: 806173c0 NtSaveKeyEx [3] (ntkrnlpa.exe)
00d1: 8061748c NtSaveMergedKeys [3] (ntkrnlpa.exe)
00d2: 80597e7a NtSecureConnectPort [9] (ntkrnlpa.exe)
00d3: 8060b5d2 NtAddBootEntry [2] (ntkrnlpa.exe)
00d4: 8060b5d2 NtAddBootEntry [2] (ntkrnlpa.exe)
00d5: 805c64b0 NtSetContextThread [2] (ntkrnlpa.exe)
00d6: 8063ab00 NtSetDebugFilterState [3] (ntkrnlpa.exe)
00d7: 806098aa NtSetDefaultHardErrorPort [1] (ntkrnlpa.exe)
00d8: 80605a54 NtSetDefaultLocale [2] (ntkrnlpa.exe)
00d9: 806062c6 NtSetDefaultUILanguage [1] (ntkrnlpa.exe)
00da: 8056ea34 NtSetEaFile [4] (ntkrnlpa.exe)
00db: 80604032 NtSetEvent [2] (ntkrnlpa.exe)
00dc: 806040fc NtSetEventBoostPriority [1] (ntkrnlpa.exe)
00dd: 8060c1dc NtSetHighEventPair [1] (ntkrnlpa.exe)
00de: 8060c10c NtSetHighWaitLowEventPair [1] (ntkrnlpa.exe)
00df: 80637812 NtSetInformationDebugObject [5] (ntkrnlpa.exe)
00e0: 8056f398 NtSetInformationFile [5] (ntkrnlpa.exe)
00e1: 805cb732 NtSetInformationJobObject [4] (ntkrnlpa.exe)
00e2: 80617c20 NtSetInformationKey [4] (ntkrnlpa.exe)
00e3: 805b81c8 NtSetInformationObject [4] (ntkrnlpa.exe)
00e4: 805c28dc NtSetInformationProcess [4] (ntkrnlpa.exe)
00e5: 805c089c NtSetInformationThread [4] (ntkrnlpa.exe)
00e6: 805eeca8 NtSetInformationToken [4] (ntkrnlpa.exe)
00e7: 8060c644 NtSetIntervalProfile [2] (ntkrnlpa.exe)
00e8: 8056c072 NtSetIoCompletion [5] (ntkrnlpa.exe)
00e9: 805c86ae NtSetLdtEntries [6] (ntkrnlpa.exe)
00ea: 8060c178 NtSetLowEventPair [1] (ntkrnlpa.exe)
00eb: 8060c0a0 NtSetLowWaitHighEventPair [1] (ntkrnlpa.exe)
00ec: 8056fbbc NtSetQuotaInformationFile [4] (ntkrnlpa.exe)
00ed: 805b463c NtSetSecurityObject [3] (ntkrnlpa.exe)
00ee: 8060b872 NtSetSystemEnvironmentValue [2] (ntkrnlpa.exe)
00ef: 8060b5a8 NtQuerySystemEnvironmentValueEx [5] (ntkrnlpa.exe)
00f0: 80604932 NtSetSystemInformation [3] (ntkrnlpa.exe)
00f1: 806470e8 NtSetSystemPowerState [3] (ntkrnlpa.exe)
00f2: 80609026 NtSetSystemTime [2] (ntkrnlpa.exe)
00f3: 805bcd76 NtSetThreadExecutionState [2] (ntkrnlpa.exe)
00f4: 8053452e NtSetTimer [7] (ntkrnlpa.exe)
00f5: 806084f8 NtSetTimerResolution [3] (ntkrnlpa.exe)
00f6: 8060a374 NtSetUuidSeed [1] (ntkrnlpa.exe)
00f7: 80617546 NtSetValueKey [6] (ntkrnlpa.exe)
00f8: 805704f2 NtSetVolumeInformationFile [5] (ntkrnlpa.exe)
00f9: 80607b14 NtShutdownSystem [1] (ntkrnlpa.exe)
00fa: 805220ac NtSignalAndWaitForSingleObject [4] (ntkrnlpa.exe)
00fb: 8060c88e NtStartProfile [1] (ntkrnlpa.exe)
00fc: 8060ca38 NtStopProfile [1] (ntkrnlpa.exe)
00fd: 805c982c NtSuspendProcess [1] (ntkrnlpa.exe)
00fe: 805c969e NtSuspendThread [2] (ntkrnlpa.exe)
00ff: 8060cc5c NtSystemDebugControl [6] (ntkrnlpa.exe)
0100: 805cc29c NtTerminateJobObject [2] (ntkrnlpa.exe)
0101: 805c776c NtTerminateProcess [2] (ntkrnlpa.exe)
0102: 805c7966 NtTerminateThread [2] (ntkrnlpa.exe)
0103: 805c99ec NtTestAlert [0] (ntkrnlpa.exe)
0104: 80530c0c NtTraceEvent [4] (ntkrnlpa.exe)
0105: 8060b5e0 NtTranslateFilePath [4] (ntkrnlpa.exe)
0106: 80578778 NtUnloadDriver [1] (ntkrnlpa.exe)
0107: 8061780e NtUnloadKey [1] (ntkrnlpa.exe)
0108: 806179fc NtUnloadKeyEx [2] (ntkrnlpa.exe)
0109: 8056d9a4 NtUnlockFile [5] (ntkrnlpa.exe)
010a: 805ab254 NtUnlockVirtualMemory [4] (ntkrnlpa.exe)
010b: 805a701c NtUnmapViewOfSection [2] (ntkrnlpa.exe)
010c: 805f0060 NtVdmControl [2] (ntkrnlpa.exe)
010d: 8063757a NtWaitForDebugEvent [4] (ntkrnlpa.exe)
010e: 805b4d74 NtWaitForMultipleObjects [5] (ntkrnlpa.exe)
010f: 805b4c8a NtWaitForSingleObject [3] (ntkrnlpa.exe)
0110: 8060c03c NtWaitHighEventPair [1] (ntkrnlpa.exe)
0111: 8060bfd8 NtWaitLowEventPair [1] (ntkrnlpa.exe)
0112: 80571334 NtWriteFile [9] (ntkrnlpa.exe)
0113: 80571944 NtWriteFileGather [9] (ntkrnlpa.exe)
0114: 80599faa NtWriteRequestData [6] (ntkrnlpa.exe)
0115: 805a85a2 NtWriteVirtualMemory [5] (ntkrnlpa.exe)
0116: 8050189c NtYieldExecution [0] (ntkrnlpa.exe)
0117: 8060d0b4 NtCreateKeyedEvent [4] (ntkrnlpa.exe)
0118: 8060d19e NtOpenKeyedEvent [3] (ntkrnlpa.exe)
0119: 8060d250 NtReleaseKeyedEvent [4] (ntkrnlpa.exe)
011a: 8060d4dc NtWaitForKeyedEvent [4] (ntkrnlpa.exe)
011b: 805c0320 NtQueryPortInformationProcess [0] (ntkrnlpa.exe)

Table #1: bf999280, 029b entries, params=bf999f90, \SystemRoot\System32\win32k.sys
1000: bf935662 NtGdiAbortDoc [1] (win32k.sys)
1001: bf947213 NtGdiAbortPath [1] (win32k.sys)
1002: bf87a92d NtGdiAddFontResourceW [6] (win32k.sys)
1003: bf93eddc NtGdiAddRemoteFontToDC [4] (win32k.sys)
1004: bf94882a NtGdiAddFontMemResourceEx [5] (win32k.sys)
1005: bf9358f6 NtGdiRemoveMergeFont [2] (win32k.sys)
1006: bf93599b NtGdiAddRemoteMMInstanceToDC [3] (win32k.sys)
1007: bf83db66 NtGdiAlphaBlend [12] (win32k.sys)
1008: bf948151 NtGdiAngleArc [6] (win32k.sys)
1009: bf934101 NtGdiAnyLinkedFonts [0] (win32k.sys)
100a: bf948749 NtGdiFontIsLinked [1] (win32k.sys)
100b: bf90ed70 NtGdiArcInternal [10] (win32k.sys)
100c: bf9007d1 NtGdiBeginPath [1] (win32k.sys)
100d: bf80a150 NtGdiBitBlt [11] (win32k.sys)
100e: bf94861b NtGdiCancelDC [1] (win32k.sys)
100f: bf949e17 NtGdiCheckBitmapBits [8] (win32k.sys)
1010: bf8ff0ce NtGdiCloseFigure [1] (win32k.sys)
1011: bf8817f3 NtGdiClearBitmapAttributes [2] (win32k.sys)
1012: bf9486f9 NtGdiClearBrushAttributes [2] (win32k.sys)
1013: bf949f4a NtGdiColorCorrectPalette [6] (win32k.sys)
1014: bf8240b0 NtGdiCombineRgn [4] (win32k.sys)
1015: bf8dcc85 NtGdiCombineTransform [3] (win32k.sys)
1016: bf8680fd NtGdiComputeXformCoefficients [1] (win32k.sys)
1017: bf8c2ae0 NtGdiConsoleTextOut [4] (win32k.sys)
1018: bf90ffab NtGdiConvertMetafileRect [2] (win32k.sys)
1019: bf80e3ff NtGdiCreateBitmap [5] (win32k.sys)
101a: bf8dc92d NtGdiCreateClientObj [1] (win32k.sys)
101b: bf949c0f NtGdiCreateColorSpace [1] (win32k.sys)
101c: bf94ab0e NtGdiCreateColorTransform [8] (win32k.sys)
101d: bf80fc6e NtGdiCreateCompatibleBitmap [3] (win32k.sys)
101e: bf80d0ca NtGdiCreateCompatibleDC [1] (win32k.sys)
101f: bf8d1611 NtGdiCreateDIBBrush [6] (win32k.sys)
1020: bf835fbd NtGdiCreateDIBitmapInternal [11] (win32k.sys)
1021: bf830619 NtGdiCreateDIBSection [9] (win32k.sys)
1022: bf938572 NtGdiCreateEllipticRgn [4] (win32k.sys)
1023: bf8505d2 NtGdiCreateHalftonePalette [1] (win32k.sys)
1024: bf94bb9a NtGdiCreateHatchBrushInternal [3] (win32k.sys)
1025: bf8e6487 NtGdiCreateMetafileDC [1] (win32k.sys)
1026: bf866d10 NtGdiCreatePaletteInternal [2] (win32k.sys)
1027: bf84bb68 NtGdiCreatePatternBrushInternal [3] (win32k.sys)
1028: bf860340 NtGdiCreatePen [4] (win32k.sys)
1029: bf84332c NtGdiCreateRectRgn [4] (win32k.sys)
102a: bf871571 NtGdiCreateRoundRectRgn [6] (win32k.sys)
102b: bf90feb0 NtGdiCreateServerMetaFile [6] (win32k.sys)
102c: bf81a067 NtGdiCreateSolidBrush [2] (win32k.sys)
102d: bf93376d NtGdiD3dContextCreate [4] (win32k.sys)
102e: bf933780 NtGdiD3dContextDestroy [1] (win32k.sys)
102f: bf933793 NtGdiD3dContextDestroyAll [1] (win32k.sys)
1030: bf9337a6 NtGdiD3dValidateTextureStageState [1] (win32k.sys)
1031: bf9337b9 NtGdiD3dDrawPrimitives2 [7] (win32k.sys)
1032: bf9337cc NtGdiDdGetDriverState [1] (win32k.sys)
1033: bf933642 NtGdiDdAddAttachedSurface [3] (win32k.sys)
1034: bf93388c NtGdiDdAlphaBlt [3] (win32k.sys)
1035: bf907c90 NtGdiDdAttachSurface [2] (win32k.sys)
1036: bf933837 NtGdiDdBeginMoCompFrame [2] (win32k.sys)
1037: bf907ca3 NtGdiDdBlt [3] (win32k.sys)
1038: bf907a7d NtGdiDdCanCreateSurface [2] (win32k.sys)
1039: bf933744 NtGdiDdCanCreateD3DBuffer [2] (win32k.sys)
103a: bf933655 NtGdiDdColorControl [2] (win32k.sys)
103b: bf8edd03 NtGdiDdCreateDirectDrawObject [1] (win32k.sys)
103c: bf8edd16 NtGdiDdCreateSurface [8] (win32k.sys)
103d: bf93372e NtGdiDdCreateD3DBuffer [8] (win32k.sys)
103e: bf907abc NtGdiDdCreateMoComp [2] (win32k.sys)
103f: bf9080fb NtGdiDdCreateSurfaceObject [6] (win32k.sys)
1040: bf8edf5f NtGdiDdDeleteDirectDrawObject [1] (win32k.sys)
1041: bf907c64 NtGdiDdDeleteSurfaceObject [1] (win32k.sys)
1042: bf907a90 NtGdiDdDestroyMoComp [2] (win32k.sys)
1043: bf8edf49 NtGdiDdDestroySurface [2] (win32k.sys)
1044: bf933757 NtGdiDdDestroyD3DBuffer [1] (win32k.sys)
1045: bf93384a NtGdiDdEndMoCompFrame [2] (win32k.sys)
1046: bf9081a1 NtGdiDdFlip [5] (win32k.sys)
1047: bf9088ac NtGdiDdFlipToGDISurface [2] (win32k.sys)
1048: bf907c7a NtGdiDdGetAvailDriverMemory [2] (win32k.sys)
1049: bf933668 NtGdiDdGetBltStatus [2] (win32k.sys)
104a: bf9079e8 NtGdiDdGetDC [2] (win32k.sys)
104b: bf907a27 NtGdiDdGetDriverInfo [2] (win32k.sys)
104c: bf9336d6 NtGdiDdGetDxHandle [3] (win32k.sys)
104d: bf93367e NtGdiDdGetFlipStatus [2] (win32k.sys)
104e: bf933821 NtGdiDdGetInternalMoCompInfo [2] (win32k.sys)
104f: bf93380b NtGdiDdGetMoCompBuffInfo [2] (win32k.sys)
1050: bf907aa6 NtGdiDdGetMoCompGuids [2] (win32k.sys)
1051: bf9337f5 NtGdiDdGetMoCompFormats [2] (win32k.sys)
1052: bf9089b2 NtGdiDdGetScanLine [2] (win32k.sys)
1053: bf8e421f NtGdiDdLock [3] (win32k.sys)
1054: bf933702 NtGdiDdLockD3D [2] (win32k.sys)
1055: bf8edca2 NtGdiDdQueryDirectDrawObject [11] (win32k.sys)
1056: bf933876 NtGdiDdQueryMoCompStatus [2] (win32k.sys)
1057: bf8edcdd NtGdiDdReenableDirectDrawObject [2] (win32k.sys)
1058: bf907b5c NtGdiDdReleaseDC [1] (win32k.sys)
1059: bf933860 NtGdiDdRenderMoComp [2] (win32k.sys)
105a: bf8e4065 NtGdiDdResetVisrgn [2] (win32k.sys)
105b: bf9081b7 NtGdiDdSetColorKey [2] (win32k.sys)
105c: bf933694 NtGdiDdSetExclusiveMode [2] (win32k.sys)
105d: bf9336ec NtGdiDdSetGammaRamp [3] (win32k.sys)
105e: bf9337df NtGdiDdCreateSurfaceEx [3] (win32k.sys)
105f: bf9336aa NtGdiDdSetOverlayPosition [3] (win32k.sys)
1060: bf907d30 NtGdiDdUnattachSurface [2] (win32k.sys)
1061: bf8e4015 NtGdiDdUnlock [2] (win32k.sys)
1062: bf933718 NtGdiDdUnlockD3D [2] (win32k.sys)
1063: bf90818b NtGdiDdUpdateOverlay [3] (win32k.sys)
1064: bf9336c0 NtGdiDdWaitForVerticalBlank [2] (win32k.sys)
1065: bf93389f NtGdiDvpCanCreateVideoPort [2] (win32k.sys)
1066: bf9338b5 NtGdiDvpColorControl [2] (win32k.sys)
1067: bf9338cb NtGdiDvpCreateVideoPort [2] (win32k.sys)
1068: bf9338e1 NtGdiDvpDestroyVideoPort [2] (win32k.sys)
1069: bf9338f7 NtGdiDvpFlipVideoPort [4] (win32k.sys)
106a: bf93390d NtGdiDvpGetVideoPortBandwidth [2] (win32k.sys)
106b: bf933923 NtGdiDvpGetVideoPortField [2] (win32k.sys)
106c: bf933939 NtGdiDvpGetVideoPortFlipStatus [2] (win32k.sys)
106d: bf93394f NtGdiDvpGetVideoPortInputFormats [2] (win32k.sys)
106e: bf933965 NtGdiDvpGetVideoPortLine [2] (win32k.sys)
106f: bf93397b NtGdiDvpGetVideoPortOutputFormats [2] (win32k.sys)
1070: bf933991 NtGdiDvpGetVideoPortConnectInfo [2] (win32k.sys)
1071: bf9339a7 NtGdiDvpGetVideoSignalStatus [2] (win32k.sys)
1072: bf9339bd NtGdiDvpUpdateVideoPort [4] (win32k.sys)
1073: bf9339d3 NtGdiDvpWaitForVideoPortSync [2] (win32k.sys)
1074: bf9339e9 NtGdiDvpAcquireNotification [3] (win32k.sys)
1075: bf9339ff NtGdiDvpReleaseNotification [2] (win32k.sys)
1076: bf93362f NtGdiDxgGenericThunk [6] (win32k.sys)
1077: bf8dca4f NtGdiDeleteClientObj [1] (win32k.sys)
1078: bf949c02 NtGdiDeleteColorSpace [1] (win32k.sys)
1079: bf94adca NtGdiDeleteColorTransform [2] (win32k.sys)
107a: bf80fafb NtGdiDeleteObjectApp [1] (win32k.sys)
107b: bf949300 NtGdiDescribePixelFormat [4] (win32k.sys)
107c: bf8fae59 NtGdiGetPerBandInfo [2] (win32k.sys)
107d: bf8fc4a0 NtGdiDoBanding [4] (win32k.sys)
107e: bf8462f6 NtGdiDoPalette [6] (win32k.sys)
107f: bf94819b NtGdiDrawEscape [4] (win32k.sys)
1080: bf8d4128 NtGdiEllipse [5] (win32k.sys)
1081: bf87feeb NtGdiEnableEudc [1] (win32k.sys)
1082: bf8fbde9 NtGdiEndDoc [1] (win32k.sys)
1083: bf90528c NtGdiEndPage [1] (win32k.sys)
1084: bf900871 NtGdiEndPath [1] (win32k.sys)
1085: bf86c03c NtGdiEnumFontChunk [5] (win32k.sys)
1086: bf86bfbb NtGdiEnumFontClose [1] (win32k.sys)
1087: bf86b64a NtGdiEnumFontOpen [7] (win32k.sys)
1088: bf8d1919 NtGdiEnumObjects [4] (win32k.sys)
1089: bf93866d NtGdiEqualRgn [2] (win32k.sys)
108a: bf94f3a5 NtGdiEudcLoadUnloadLink [7] (win32k.sys)
108b: bf83d3ec NtGdiExcludeClipRect [5] (win32k.sys)
108c: bf8c9d03 NtGdiExtCreatePen [11] (win32k.sys)
108d: bf843673 NtGdiExtCreateRegion [3] (win32k.sys)
108e: bf857d41 NtGdiExtEscape [8] (win32k.sys)
108f: bf9501c3 NtGdiExtFloodFill [5] (win32k.sys)
1090: bf82b9c2 NtGdiExtGetObjectW [3] (win32k.sys)
1091: bf80f2bf NtGdiExtSelectClipRgn [3] (win32k.sys)
1092: bf8326e3 NtGdiExtTextOutW [9] (win32k.sys)
1093: bf947338 NtGdiFillPath [1] (win32k.sys)
1094: bf8bccd8 NtGdiFillRgn [3] (win32k.sys)
1095: bf94729d NtGdiFlattenPath [1] (win32k.sys)
1096: bf80c227 NtGdiFlushUserBatch [0] (win32k.sys)
1097: bf8079da NtGdiFlush [0] (win32k.sys)
1098: bf9491e0 NtGdiForceUFIMapping [2] (win32k.sys)
1099: bf8717e3 NtGdiFrameRgn [5] (win32k.sys)
109a: bf93b346 NtGdiFullscreenControl [5] (win32k.sys)
109b: bf8c8fd4 NtGdiGetAndSetDCDword [4] (win32k.sys)
109c: bf816ad6 NtGdiGetAppClipBox [2] (win32k.sys)
109d: bf8bd1cb NtGdiGetBitmapBits [3] (win32k.sys)
109e: bf949102 NtGdiGetBitmapDimension [2] (win32k.sys)
109f: bf8550d0 NtGdiGetBoundsRect [3] (win32k.sys)
10a0: bf8f9158 NtGdiGetCharABCWidthsW [6] (win32k.sys)
10a1: bf9478a6 NtGdiGetCharacterPlacementW [6] (win32k.sys)
10a2: bf80f88b NtGdiGetCharSet [1] (win32k.sys)
10a3: bf8eb40e NtGdiGetCharWidthW [6] (win32k.sys)
10a4: bf8677ce NtGdiGetCharWidthInfo [2] (win32k.sys)
10a5: bf9484bd NtGdiGetColorAdjustment [2] (win32k.sys)
10a6: bf950a78 NtGdiGetColorSpaceforBitmap [1] (win32k.sys)
10a7: bf82bc8f NtGdiGetDCDword [3] (win32k.sys)
10a8: bf836670 NtGdiGetDCforBitmap [1] (win32k.sys)
10a9: bf82bb1c NtGdiGetDCObject [2] (win32k.sys)
10aa: bf8c5385 NtGdiGetDCPoint [3] (win32k.sys)
10ab: bf9486b9 NtGdiGetDeviceCaps [2] (win32k.sys)
10ac: bf94a1a1 NtGdiGetDeviceGammaRamp [2] (win32k.sys)
10ad: bf8fa1c5 NtGdiGetDeviceCapsAll [2] (win32k.sys)
10ae: bf8480db NtGdiGetDIBitsInternal [9] (win32k.sys)
10af: bf9519db NtGdiGetETM [2] (win32k.sys)
10b0: bf94ce47 NtGdiGetEudcTimeStampEx [3] (win32k.sys)
10b1: bf8ecbfc NtGdiGetFontData [5] (win32k.sys)
10b2: bf948958 NtGdiGetFontResourceInfoInternalW [7] (win32k.sys)
10b3: bf9495e3 NtGdiGetGlyphIndicesW [5] (win32k.sys)
10b4: bf949486 NtGdiGetGlyphIndicesWInternal [6] (win32k.sys)
10b5: bf9482ae NtGdiGetGlyphOutline [8] (win32k.sys)
10b6: bf9483b3 NtGdiGetKerningPairs [3] (win32k.sys)
10b7: bf93567a NtGdiGetLinkedUFIs [3] (win32k.sys)
10b8: bf8e64ef NtGdiGetMiterLimit [2] (win32k.sys)
10b9: bf93e26d NtGdiGetMonitorID [3] (win32k.sys)
10ba: bf82c560 NtGdiGetNearestColor [2] (win32k.sys)
10bb: bf94bc20 NtGdiGetNearestPaletteIndex [2] (win32k.sys)
10bc: bf948444 NtGdiGetObjectBitmapHandle [2] (win32k.sys)
10bd: bf8eaaf7 NtGdiGetOutlineTextMetricsInternalW [4] (win32k.sys)
10be: bf947705 NtGdiGetPath [4] (win32k.sys)
10bf: bf8490cb NtGdiGetPixel [3] (win32k.sys)
10c0: bf80f2cf NtGdiGetRandomRgn [3] (win32k.sys)
10c1: bf8ed73a NtGdiGetRasterizerCaps [2] (win32k.sys)
10c2: bf94968e NtGdiGetRealizationInfo [3] (win32k.sys)
10c3: bf8a038f NtGdiGetRegionData [3] (win32k.sys)
10c4: bf8c52cf NtGdiGetRgnBox [2] (win32k.sys)
10c5: bf91010a NtGdiGetServerMetaFileBits [7] (win32k.sys)
10c6: bf8759c4 NtGdiGetSpoolMessage [4] (win32k.sys)
10c7: bf951b58 NtGdiGetStats [5] (win32k.sys)
10c8: bf81fa4a NtGdiGetStockObject [1] (win32k.sys)
10c9: bf94ea39 NtGdiGetStringBitmapW [5] (win32k.sys)
10ca: bf8f4bb1 NtGdiGetSystemPaletteUse [1] (win32k.sys)
10cb: bf83ab9c NtGdiGetTextCharsetInfo [3] (win32k.sys)
10cc: bf84fb9a NtGdiGetTextExtent [5] (win32k.sys)
10cd: bf8d117f NtGdiGetTextExtentExW [8] (win32k.sys)
10ce: bf83bbde NtGdiGetTextFaceW [4] (win32k.sys)
10cf: bf83a9fa NtGdiGetTextMetricsW [3] (win32k.sys)
10d0: bf854142 NtGdiGetTransform [3] (win32k.sys)
10d1: bf948b9f NtGdiGetUFI [6] (win32k.sys)
10d2: bf948c68 NtGdiGetEmbUFI [7] (win32k.sys)
10d3: bf948d48 NtGdiGetUFIPathname [10] (win32k.sys)
10d4: bf948b20 NtGdiGetEmbedFonts [0] (win32k.sys)
10d5: bf948b2a NtGdiChangeGhostFont [2] (win32k.sys)
10d6: bf9349ac NtGdiAddEmbFontToDC [2] (win32k.sys)
10d7: bf949607 NtGdiGetFontUnicodeRanges [2] (win32k.sys)
10d8: bf83adee NtGdiGetWidthTable [7] (win32k.sys)
10d9: bf8558f5 NtGdiGradientFill [6] (win32k.sys)
10da: bf82be35 NtGdiHfontCreate [5] (win32k.sys)
10db: bf94a785 NtGdiIcmBrushInfo [8] (win32k.sys)
10dc: bf8c1c8c NtGdiInit [0] (win32k.sys)
10dd: bf881f11 NtGdiInitSpool [0] (win32k.sys)
10de: bf8165ff NtGdiIntersectClipRect [5] (win32k.sys)
10df: bf8f86a2 NtGdiInvertRgn [2] (win32k.sys)
10e0: bf8c6be1 NtGdiLineTo [3] (win32k.sys)
10e1: bf94937a NtGdiMakeFontDir [5] (win32k.sys)
10e2: bf950ab1 NtGdiMakeInfoDC [2] (win32k.sys)
10e3: bf835d8e NtGdiMaskBlt [13] (win32k.sys)
10e4: bf853f1f NtGdiModifyWorldTransform [3] (win32k.sys)
10e5: bf8e66c2 NtGdiMonoBitmap [1] (win32k.sys)
10e6: bf94864b NtGdiMoveTo [4] (win32k.sys)
10e7: bf8fc33b NtGdiOffsetClipRgn [3] (win32k.sys)
10e8: bf837186 NtGdiOffsetRgn [3] (win32k.sys)
10e9: bf84b6a2 NtGdiOpenDCW [7] (win32k.sys)
10ea: bf8c493d NtGdiPatBlt [6] (win32k.sys)
10eb: bf83573d NtGdiPolyPatBlt [5] (win32k.sys)
10ec: bf947412 NtGdiPathToRegion [1] (win32k.sys)
10ed: bf800813 NtGdiPlgBlt [11] (win32k.sys)
10ee: bf947d39 NtGdiPolyDraw [4] (win32k.sys)
10ef: bf85fbc2 NtGdiPolyPolyDraw [5] (win32k.sys)
10f0: bf947e36 NtGdiPolyTextOutW [4] (win32k.sys)
10f1: bf948739 NtGdiPtInRegion [3] (win32k.sys)
10f2: bf93880f NtGdiPtVisible [3] (win32k.sys)
10f3: bf948759 NtGdiQueryFonts [3] (win32k.sys)
10f4: bf8c219d NtGdiQueryFontAssocInfo [1] (win32k.sys)
10f5: bf8e3571 NtGdiRectangle [5] (win32k.sys)
10f6: bf8edfb2 NtGdiRectInRegion [2] (win32k.sys)
10f7: bf8394bf NtGdiRectVisible [2] (win32k.sys)
10f8: bf8d0a5a NtGdiRemoveFontResourceW [6] (win32k.sys)
10f9: bf94893c NtGdiRemoveFontMemResourceEx [1] (win32k.sys)
10fa: bf8e2fd0 NtGdiResetDC [5] (win32k.sys)
10fb: bf94be94 NtGdiResizePalette [2] (win32k.sys)
10fc: bf831368 NtGdiRestoreDC [2] (win32k.sys)
10fd: bf90df4c NtGdiRoundRect [7] (win32k.sys)
10fe: bf831378 NtGdiSaveDC [1] (win32k.sys)
10ff: bf9411d6 NtGdiScaleViewportExtEx [6] (win32k.sys)
1100: bf94908e NtGdiScaleWindowExtEx [6] (win32k.sys)
1101: bf808d5e GreSelectBitmap [2] (win32k.sys)
1102: bf94862b NtGdiSelectBrush [2] (win32k.sys)
1103: bf90096c NtGdiSelectClipPath [2] (win32k.sys)
1104: bf8240c0 NtGdiSelectFont [2] (win32k.sys)
1105: bf94863b NtGdiSelectPen [2] (win32k.sys)
1106: bf8818fa NtGdiSetBitmapAttributes [2] (win32k.sys)
1107: bf8c4285 NtGdiSetBitmapBits [3] (win32k.sys)
1108: bf94916c NtGdiSetBitmapDimension [4] (win32k.sys)
1109: bf8554d7 NtGdiSetBoundsRect [3] (win32k.sys)
110a: bf9486d9 NtGdiSetBrushAttributes [2] (win32k.sys)
110b: bf8c4323 NtGdiSetBrushOrg [4] (win32k.sys)
110c: bf94851e NtGdiSetColorAdjustment [2] (win32k.sys)
110d: bf949cc4 NtGdiSetColorSpace [2] (win32k.sys)
110e: bf94a4dd NtGdiSetDeviceGammaRamp [2] (win32k.sys)
110f: bf82f410 NtGdiSetDIBitsToDeviceInternal [16] (win32k.sys)
1110: bf89c5c2 NtGdiSetFontEnumeration [1] (win32k.sys)
1111: bf8dce05 NtGdiSetFontXform [3] (win32k.sys)
1112: bf8c6524 NtGdiSetIcmMode [3] (win32k.sys)
1113: bf8fab57 NtGdiSetLinkedUFIs [3] (win32k.sys)
1114: bf94c11e NtGdiSetMagicColors [3] (win32k.sys)
1115: bf8dcb84 NtGdiSetMetaRgn [1] (win32k.sys)
1116: bf8dcba6 NtGdiSetMiterLimit [3] (win32k.sys)
1117: bf94907e NtGdiGetDeviceWidth [1] (win32k.sys)
1118: bf94906e NtGdiMirrorWindowOrg [1] (win32k.sys)
1119: bf83d2f4 NtGdiSetLayout [3] (win32k.sys)
111a: bf84930d NtGdiSetPixel [4] (win32k.sys)
111b: bf952822 NtGdiSetPixelFormat [2] (win32k.sys)
111c: bf948729 NtGdiSetRectRgn [5] (win32k.sys)
111d: bf9486c9 NtGdiSetSystemPaletteUse [2] (win32k.sys)
111e: bf951de8 NtGdiSetTextJustification [3] (win32k.sys)
111f: bf87d5ae NtGdiSetupPublicCFONT [3] (win32k.sys)
1120: bf8dc9a8 NtGdiSetVirtualResolution [5] (win32k.sys)
1121: bf8dce76 NtGdiSetSizeDevice [3] (win32k.sys)
1122: bf904164 NtGdiStartDoc [4] (win32k.sys)
1123: bf9050dd NtGdiStartPage [1] (win32k.sys)
1124: bf8a2a4d NtGdiStretchBlt [12] (win32k.sys)
1125: bf8657b1 NtGdiStretchDIBitsInternal [16] (win32k.sys)
1126: bf8ff4e7 NtGdiStrokeAndFillPath [1] (win32k.sys)
1127: bf947619 NtGdiStrokePath [1] (win32k.sys)
1128: bf9529ca NtGdiSwapBuffers [1] (win32k.sys)
1129: bf8c4ad0 NtGdiTransformPoints [5] (win32k.sys)
112a: bf8538a2 NtGdiTransparentBlt [11] (win32k.sys)
112b: bf949251 NtGdiUnloadPrinterDriver [2] (win32k.sys)
112c: bf952c88 NtGdiUnmapMemFont [1] (win32k.sys)
112d: bf948719 NtGdiUnrealizeObject [1] (win32k.sys)
112e: bf94c12e NtGdiUpdateColors [1] (win32k.sys)
112f: bf9474fa NtGdiWidenPath [1] (win32k.sys)
1130: bf869f82 NtUserActivateKeyboardLayout [2] (win32k.sys)
1131: bf86fa8e NtUserAlterWindowStyle [3] (win32k.sys)
1132: bf9142c6 NtUserAssociateInputContext [3] (win32k.sys)
1133: bf8f510c NtUserAttachThreadInput [3] (win32k.sys)
1134: bf815a45 NtUserBeginPaint [2] (win32k.sys)
1135: bf8f4bd7 NtUserBitBltSysBmp [8] (win32k.sys)
1136: bf912c62 NtUserBlockInput [1] (win32k.sys)
1137: bf9143fd NtUserBuildHimcList [4] (win32k.sys)
1138: bf83648f NtUserBuildHwndList [7] (win32k.sys)
1139: bf84ed75 NtUserBuildNameList [4] (win32k.sys)
113a: bf912a25 NtUserBuildPropList [4] (win32k.sys)
113b: bf85a261 NtUserCallHwnd [2] (win32k.sys)
113c: bf8370cd NtUserCallHwndLock [2] (win32k.sys)
113d: bf87ef34 NtUserCallHwndOpt [2] (win32k.sys)
113e: bf8372c0 NtUserCallHwndParam [3] (win32k.sys)
113f: bf82cc3b NtUserCallHwndParamLock [3] (win32k.sys)
1140: bf8f4ae6 NtUserCallMsgFilter [2] (win32k.sys)
1141: bf8f64fd NtUserCallNextHookEx [4] (win32k.sys)
1142: bf8010bf NtUserCallNoParam [1] (win32k.sys)
1143: bf801077 NtUserCallOneParam [2] (win32k.sys)
1144: bf837280 NtUserCallTwoParam [3] (win32k.sys)
1145: bf8f96eb NtUserChangeClipboardChain [2] (win32k.sys)
1146: bf89aba4 NtUserChangeDisplaySettings [5] (win32k.sys)
1147: bf89f753 NtUserCheckImeHotKey [2] (win32k.sys)
1148: bf8cc9c3 NtUserCheckMenuItem [3] (win32k.sys)
1149: bf8783bf NtUserChildWindowFromPointEx [4] (win32k.sys)
114a: bf8fa977 NtUserClipCursor [1] (win32k.sys)
114b: bf8f85a7 NtUserCloseClipboard [0] (win32k.sys)
114c: bf84ea50 NtUserCloseDesktop [1] (win32k.sys)
114d: bf84eb12 NtUserCloseWindowStation [1] (win32k.sys)
114e: bf8c16c0 NtUserConsoleControl [3] (win32k.sys)
114f: bf8ea924 NtUserConvertMemHandle [2] (win32k.sys)
1150: bf90d585 NtUserCopyAcceleratorTable [3] (win32k.sys)
1151: bf8f4b8b NtUserCountClipboardFormats [0] (win32k.sys)
1152: bf8504f7 NtUserCreateAcceleratorTable [2] (win32k.sys)
1153: bf85ed1f NtUserCreateCaret [4] (win32k.sys)
1154: bf8814e0 NtUserCreateDesktop [5] (win32k.sys)
1155: bf91422c NtUserCreateInputContext [1] (win32k.sys)
1156: bf8f9a46 NtUserCreateLocalMemHandle [4] (win32k.sys)
1157: bf83ed9a NtUserCreateWindowEx [15] (win32k.sys)
1158: bf881c51 NtUserCreateWindowStation [7] (win32k.sys)
1159: bf911aaf NtUserDdeGetQualityOfService [3] (win32k.sys)
115a: bf87fbe5 NtUserDdeInitialize [5] (win32k.sys)
115b: bf9119df NtUserDdeSetQualityOfService [3] (win32k.sys)
115c: bf84b442 NtUserDeferWindowPos [8] (win32k.sys)
115d: bf8a0048 NtUserDefSetText [2] (win32k.sys)
115e: bf85f14b NtUserDeleteMenu [3] (win32k.sys)
115f: bf8fa916 NtUserDestroyAcceleratorTable [1] (win32k.sys)
1160: bf838fd8 NtUserDestroyCursor [2] (win32k.sys)
1161: bf91427c NtUserDestroyInputContext [1] (win32k.sys)
1162: bf84847d NtUserDestroyMenu [1] (win32k.sys)
1163: bf8496bf NtUserDestroyWindow [1] (win32k.sys)
1164: bf914a34 NtUserDisableThreadIme [1] (win32k.sys)
1165: bf80ed61 NtUserDispatchMessage [1] (win32k.sys)
1166: bf912b20 NtUserDragDetect [3] (win32k.sys)
1167: bf910fa3 NtUserDragObject [5] (win32k.sys)
1168: bf911c7f NtUserDrawAnimatedRects [4] (win32k.sys)
1169: bf911d42 NtUserDrawCaption [4] (win32k.sys)
116a: bf90b405 NtUserDrawCaptionTemp [7] (win32k.sys)
116b: bf83d569 NtUserDrawIconEx [11] (win32k.sys)
116c: bf912ced NtUserDrawMenuBarTemp [5] (win32k.sys)
116d: bf8ea5a9 NtUserEmptyClipboard [0] (win32k.sys)
116e: bf8c548a NtUserEnableMenuItem [3] (win32k.sys)
116f: bf91195a NtUserEnableScrollBar [3] (win32k.sys)
1170: bf82c6f3 NtUserEndDeferWindowPosEx [2] (win32k.sys)
1171: bf911deb NtUserEndMenu [0] (win32k.sys)
1172: bf8156fc NtUserEndPaint [2] (win32k.sys)
1173: bf8a1ce7 NtUserEnumDisplayDevices [4] (win32k.sys)
1174: bf8389a2 NtUserEnumDisplayMonitors [4] (win32k.sys)
1175: bf858fec NtUserEnumDisplaySettings [4] (win32k.sys)
1176: bf911230 NtUserEvent [1] (win32k.sys)
1177: bf8f88a8 NtUserExcludeUpdateRgn [2] (win32k.sys)
1178: bf8f4a1d NtUserFillWindow [4] (win32k.sys)
1179: bf81b798 NtUserFindExistingCursorIcon [3] (win32k.sys)
117a: bf84c8e9 NtUserFindWindowEx [5] (win32k.sys)
117b: bf914e23 NtUserFlashWindowEx [1] (win32k.sys)
117c: bf8e87cb NtUserGetAltTabInfo [6] (win32k.sys)
117d: bf82c041 NtUserGetAncestor [2] (win32k.sys)
117e: bf9147d1 NtUserGetAppImeLevel [1] (win32k.sys)
117f: bf85ceed NtUserGetAsyncKeyState [1] (win32k.sys)
1180: bf83ef76 NtUserGetAtomName [2] (win32k.sys)
1181: bf844cf5 NtUserGetCaretBlinkTime [0] (win32k.sys)
1182: bf8c502e NtUserGetCaretPos [1] (win32k.sys)
1183: bf845fb7 NtUserGetClassInfo [5] (win32k.sys)
1184: bf827199 NtUserGetClassName [3] (win32k.sys)
1185: bf8f9881 NtUserGetClipboardData [2] (win32k.sys)
1186: bf8ee077 NtUserGetClipboardFormatName [3] (win32k.sys)
1187: bf8ea69f NtUserGetClipboardOwner [0] (win32k.sys)
1188: bf8c4de7 NtUserGetClipboardSequenceNumber [0] (win32k.sys)
1189: bf911e31 NtUserGetClipboardViewer [0] (win32k.sys)
118a: bf9118c2 NtUserGetClipCursor [1] (win32k.sys)
118b: bf9114f8 NtUserGetComboBoxInfo [2] (win32k.sys)
118c: bf8676e5 NtUserGetControlBrush [3] (win32k.sys)
118d: bf907569 NtUserGetControlColor [4] (win32k.sys)
118e: bf82476f NtUserGetCPD [3] (win32k.sys)
118f: bf867984 NtUserGetCursorFrameInfo [4] (win32k.sys)
1190: bf911615 NtUserGetCursorInfo [1] (win32k.sys)
1191: bf80451f NtUserGetDC [1] (win32k.sys)
1192: bf83c031 NtUserGetDCEx [3] (win32k.sys)
1193: bf83cff6 NtUserGetDoubleClickTime [0] (win32k.sys)
1194: bf823d3d NtUserGetForegroundWindow [0] (win32k.sys)
1195: bf91106c NtUserGetGuiResources [2] (win32k.sys)
1196: bf84d28d NtUserGetGUIThreadInfo [2] (win32k.sys)
1197: bf845723 NtUserGetIconInfo [6] (win32k.sys)
1198: bf845873 NtUserGetIconSize [4] (win32k.sys)
1199: bf91468f NtUserGetImeHotKey [4] (win32k.sys)
119a: bf9144ff NtUserGetImeInfoEx [2] (win32k.sys)
119b: bf9112c1 NtUserGetInternalWindowPos [3] (win32k.sys)
119c: bf8397f5 NtUserGetKeyboardLayoutList [2] (win32k.sys)
119d: bf8f5f96 NtUserGetKeyboardLayoutName [1] (win32k.sys)
119e: bf8bd7c3 NtUserGetKeyboardState [1] (win32k.sys)
119f: bf90b752 NtUserGetKeyNameText [3] (win32k.sys)
11a0: bf823fe8 NtUserGetKeyState [1] (win32k.sys)
11a1: bf9115c1 NtUserGetListBoxInfo [1] (win32k.sys)
11a2: bf911712 NtUserGetMenuBarInfo [4] (win32k.sys)
11a3: bf911b68 NtUserGetMenuIndex [2] (win32k.sys)
11a4: bf91269c NtUserGetMenuItemRect [4] (win32k.sys)
11a5: bf819fa1 NtUserGetMessage [4] (win32k.sys)
11a6: bf912377 NtUserGetMouseMovePointsEx [5] (win32k.sys)
11a7: bf81a219 NtUserGetObjectInformation [5] (win32k.sys)
11a8: bf8f4b5f NtUserGetOpenClipboardWindow [0] (win32k.sys)
11a9: bf911e5d NtUserGetPriorityClipboardFormat [2] (win32k.sys)
11aa: bf81a084 NtUserGetProcessWindowStation [0] (win32k.sys)
11ab: bf9156a3 NtUserGetRawInputBuffer [3] (win32k.sys)
11ac: bf914fa3 NtUserGetRawInputData [5] (win32k.sys)
11ad: bf91517d NtUserGetRawInputDeviceInfo [4] (win32k.sys)
11ae: bf915472 NtUserGetRawInputDeviceList [3] (win32k.sys)
11af: bf915668 NtUserGetRegisteredRawInputDevices [3] (win32k.sys)
11b0: bf848cac NtUserGetScrollBarInfo [3] (win32k.sys)
11b1: bf84352c NtUserGetSystemMenu [2] (win32k.sys)
11b2: bf81a4cf NtUserGetThreadDesktop [2] (win32k.sys)
11b3: bf826b74 NtUserGetThreadState [1] (win32k.sys)
11b4: bf83c2bb NtUserGetTitleBarInfo [2] (win32k.sys)
11b5: bf83ce23 NtUserGetUpdateRect [3] (win32k.sys)
11b6: bf8c5176 NtUserGetUpdateRgn [3] (win32k.sys)
11b7: bf8037e9 NtUserGetWindowDC [1] (win32k.sys)
11b8: bf8f9b14 NtUserGetWindowPlacement [2] (win32k.sys)
11b9: bf90d931 NtUserGetWOWClass [2] (win32k.sys)
11ba: bf910ead NtUserHardErrorControl [3] (win32k.sys)
11bb: bf82c843 NtUserHideCaret [1] (win32k.sys)
11bc: bf911ee6 NtUserHiliteMenuItem [4] (win32k.sys)
11bd: bf912c88 NtUserImpersonateDdeClientWindow [2] (win32k.sys)
11be: bf896086 NtUserInitialize [3] (win32k.sys)
11bf: bf890626 NtUserInitializeClientPfnArrays [4] (win32k.sys)
11c0: bf9113a0 NtUserInitTask [12] (win32k.sys)
11c1: bf83c3b7 NtUserInternalGetWindowText [3] (win32k.sys)
11c2: bf814d93 NtUserInvalidateRect [3] (win32k.sys)
11c3: bf848423 NtUserInvalidateRgn [3] (win32k.sys)
11c4: bf8c4dad NtUserIsClipboardFormatAvailable [1] (win32k.sys)
11c5: bf80ea0f NtUserKillTimer [2] (win32k.sys)
11c6: bf872a3d NtUserLoadKeyboardLayoutEx [7] (win32k.sys)
11c7: bf881742 NtUserLockWindowStation [1] (win32k.sys)
11c8: bf8cc90a NtUserLockWindowUpdate [1] (win32k.sys)
11c9: bf910f86 NtUserLockWorkStation [0] (win32k.sys)
11ca: bf8c7db1 NtUserMapVirtualKeyEx [4] (win32k.sys)
11cb: bf912773 NtUserMenuItemFromPoint [4] (win32k.sys)
11cc: bf80efa5 NtUserMessageCall [7] (win32k.sys)
11cd: bf90f513 NtUserMinMaximize [3] (win32k.sys)
11ce: bf912036 NtUserMNDragLeave [0] (win32k.sys)
11cf: bf911f86 NtUserMNDragOver [2] (win32k.sys)
11d0: bf8e31d7 NtUserModifyUserStartupInfoFlags [2] (win32k.sys)
11d1: bf836181 NtUserMoveWindow [6] (win32k.sys)
11d2: bf9149cf NtUserNotifyIMEStatus [3] (win32k.sys)
11d3: bf8c1cc2 NtUserNotifyProcessCreate [4] (win32k.sys)
11d4: bf8c5435 NtUserNotifyWinEvent [4] (win32k.sys)
11d5: bf8f8524 NtUserOpenClipboard [2] (win32k.sys)
11d6: bf84ecea NtUserOpenDesktop [3] (win32k.sys)
11d7: bf87de91 NtUserOpenInputDesktop [3] (win32k.sys)
11d8: bf8f9d5c NtUserOpenWindowStation [2] (win32k.sys)
11d9: bf86a238 NtUserPaintDesktop [1] (win32k.sys)
11da: bf8036d8 NtUserPeekMessage [5] (win32k.sys)
11db: bf808b25 NtUserPostMessage [4] (win32k.sys)
11dc: bf89fb39 NtUserPostThreadMessage [4] (win32k.sys)
11dd: bf89c6c5 NtUserPrintWindow [3] (win32k.sys)
11de: bf8bfa0e NtUserProcessConnect [3] (win32k.sys)
11df: bf912805 NtUserQueryInformationThread [5] (win32k.sys)
11e0: bf914379 NtUserQueryInputContext [2] (win32k.sys)
11e1: bf912bb3 NtUserQuerySendMessage [1] (win32k.sys)
11e2: bf914ad8 NtUserQueryUserCounters [5] (win32k.sys)
11e3: bf803b74 NtUserQueryWindow [2] (win32k.sys)
11e4: bf9116d4 NtUserRealChildWindowFromPoint [3] (win32k.sys)
11e5: bf87d949 NtUserRealInternalGetMessage [6] (win32k.sys)
11e6: bf9125dc NtUserRealWaitMessageEx [2] (win32k.sys)
11e7: bf826d49 NtUserRedrawWindow [4] (win32k.sys)
11e8: bf81f44d NtUserRegisterClassExWOW [7] (win32k.sys)
11e9: bf88203d NtUserRegisterUserApiHook [2] (win32k.sys)
11ea: bf89bc09 NtUserRegisterHotKey [4] (win32k.sys)
11eb: bf9155bc NtUserRegisterRawInputDevices [3] (win32k.sys)
11ec: bf9114c4 NtUserRegisterTasklist [1] (win32k.sys)
11ed: bf807b6b NtUserRegisterWindowMessage [1] (win32k.sys)
11ee: bf89c5ed NtUserRemoveMenu [3] (win32k.sys)
11ef: bf8374fa NtUserRemoveProp [2] (win32k.sys)
11f0: bf876491 NtUserResolveDesktop [4] (win32k.sys)
11f1: bf9158b3 NtUserResolveDesktopForWOW [1] (win32k.sys)
11f2: bf848b53 NtUserSBGetParms [4] (win32k.sys)
11f3: bf8bf31e NtUserScrollDC [7] (win32k.sys)
11f4: bf8e58aa NtUserScrollWindowEx [8] (win32k.sys)
11f5: bf835c08 NtUserSelectPalette [3] (win32k.sys)
11f6: bf8c3327 NtUserSendInput [3] (win32k.sys)
11f7: bf89efd2 NtUserSetActiveWindow [1] (win32k.sys)
11f8: bf914766 NtUserSetAppImeLevel [2] (win32k.sys)
11f9: bf85de45 NtUserSetCapture [1] (win32k.sys)
11fa: bf8486c0 NtUserSetClassLong [4] (win32k.sys)
11fb: bf912053 NtUserSetClassWord [3] (win32k.sys)
11fc: bf8ea848 NtUserSetClipboardData [3] (win32k.sys)
11fd: bf8f9601 NtUserSetClipboardViewer [1] (win32k.sys)
11fe: bf86ad1d NtUserSetConsoleReserveKeys [2] (win32k.sys)
11ff: bf824263 NtUserSetCursor [1] (win32k.sys)
1200: bf912655 NtUserSetCursorContents [2] (win32k.sys)
1201: bf845a02 NtUserSetCursorIconData [4] (win32k.sys)
1202: bf911beb NtUserSetDbgTag [2] (win32k.sys)
1203: bf83c7ad NtUserSetFocus [1] (win32k.sys)
1204: bf872967 NtUserSetImeHotKey [5] (win32k.sys)
1205: bf9145e4 NtUserSetImeInfoEx [1] (win32k.sys)
1206: bf91483b NtUserSetImeOwnerWindow [2] (win32k.sys)
1207: bf8c1926 NtUserSetInformationProcess [4] (win32k.sys)
1208: bf86aae7 NtUserSetInformationThread [4] (win32k.sys)
1209: bf9117e1 NtUserSetInternalWindowPos [4] (win32k.sys)
120a: bf8f8988 NtUserSetKeyboardState [1] (win32k.sys)
120b: bf88a05b NtUserSetLogonNotifyWindow [1] (win32k.sys)
120c: bf90b618 NtUserSetMenu [3] (win32k.sys)
120d: bf911c0e NtUserSetMenuContextHelpId [2] (win32k.sys)
120e: bf89c582 NtUserSetMenuDefaultItem [3] (win32k.sys)
120f: bf911c4b NtUserSetMenuFlagRtoL [1] (win32k.sys)
1210: bf910ef8 NtUserSetObjectInformation [4] (win32k.sys)
1211: bf8674ae NtUserSetParent [2] (win32k.sys)
1212: bf84f0dc NtUserSetProcessWindowStation [1] (win32k.sys)
1213: bf82b7a5 NtUserSetProp [3] (win32k.sys)
1214: bf911bc8 NtUserSetRipFlags [2] (win32k.sys)
1215: bf80e74c NtUserSetScrollInfo [4] (win32k.sys)
1216: bf87e71f NtUserSetShellWindowEx [2] (win32k.sys)
1217: bf91208e NtUserSetSysColors [4] (win32k.sys)
1218: bf91261c NtUserSetSystemCursor [2] (win32k.sys)
1219: bf8f6159 NtUserSetSystemMenu [2] (win32k.sys)
121a: bf912b7a NtUserSetSystemTimer [4] (win32k.sys)
121b: bf84f134 NtUserSetThreadDesktop [1] (win32k.sys)
121c: bf91494e NtUserSetThreadLayoutHandles [2] (win32k.sys)
121d: bf8676a9 NtUserSetThreadState [2] (win32k.sys)
121e: bf803a83 NtUserSetTimer [4] (win32k.sys)
121f: bf867559 NtUserSetWindowFNID [2] (win32k.sys)
1220: bf83760a NtUserSetWindowLong [4] (win32k.sys)
1221: bf872265 NtUserSetWindowPlacement [2] (win32k.sys)
1222: bf82b54c NtUserSetWindowPos [7] (win32k.sys)
1223: bf843281 NtUserSetWindowRgn [3] (win32k.sys)
1224: bf855bc2 NtUserSetWindowsHookAW [3] (win32k.sys)
1225: bf89e35f NtUserSetWindowsHookEx [6] (win32k.sys)
1226: bf8815df NtUserSetWindowStationUser [4] (win32k.sys)
1227: bf8f8f39 NtUserSetWindowWord [3] (win32k.sys)
1228: bf8edad4 NtUserSetWinEventHook [8] (win32k.sys)
1229: bf82c8a5 NtUserShowCaret [1] (win32k.sys)
122a: bf8c56ac NtUserShowScrollBar [3] (win32k.sys)
122b: bf839408 NtUserShowWindow [2] (win32k.sys)
122c: bf876384 NtUserShowWindowAsync [2] (win32k.sys)
122d: bf8e3245 NtUserSoundSentry [0] (win32k.sys)
122e: bf87e9b4 NtUserSwitchDesktop [1] (win32k.sys)
122f: bf81e8fd NtUserSystemParametersInfo [4] (win32k.sys)
1230: bf90dabc NtUserTestForInteractiveUser [1] (win32k.sys)
1231: bf8f60ba NtUserThunkedMenuInfo [2] (win32k.sys)
1232: bf84266b NtUserThunkedMenuItemInfo [6] (win32k.sys)
1233: bf912427 NtUserToUnicodeEx [7] (win32k.sys)
1234: bf89f7d2 NtUserTrackMouseEvent [1] (win32k.sys)
1235: bf912244 NtUserTrackPopupMenuEx [6] (win32k.sys)
1236: bf83c522 NtUserCalcMenuBar [5] (win32k.sys)
1237: bf8eee99 NtUserPaintMenuBar [6] (win32k.sys)
1238: bf8f8191 NtUserTranslateAccelerator [3] (win32k.sys)
1239: bf85c714 NtUserTranslateMessage [2] (win32k.sys)
123a: bf89e94e NtUserUnhookWindowsHookEx [1] (win32k.sys)
123b: bf8edbaf NtUserUnhookWinEvent [1] (win32k.sys)
123c: bf912af2 NtUserUnloadKeyboardLayout [1] (win32k.sys)
123d: bf875f1a NtUserUnlockWindowStation [1] (win32k.sys)
123e: bf81fd1a NtUserUnregisterClass [3] (win32k.sys)
123f: bf881a50 NtUserUnregisterUserApiHook [0] (win32k.sys)
1240: bf91233a NtUserUnregisterHotKey [2] (win32k.sys)
1241: bf914329 NtUserUpdateInputContext [3] (win32k.sys)
1242: bf91119b NtUserUpdateInstance [3] (win32k.sys)
1243: bf8bc594 NtUserUpdateLayeredWindow [9] (win32k.sys)
1244: bf914ee5 NtUserGetLayeredWindowAttributes [4] (win32k.sys)
1245: bf848559 NtUserSetLayeredWindowAttributes [4] (win32k.sys)
1246: bf88725a NtUserUpdatePerUserSystemParameters [2] (win32k.sys)
1247: bf91284c NtUserUserHandleGrantAccess [3] (win32k.sys)
1248: bf80188c NtUserValidateHandleSecure [2] (win32k.sys)
1249: bf8f8b77 NtUserValidateRect [2] (win32k.sys)
124a: bf807e92 NtUserValidateTimerCallback [3] (win32k.sys)
124b: bf8c3ce5 NtUserVkKeyScanEx [3] (win32k.sys)
124c: bf90d300 NtUserWaitForInputIdle [3] (win32k.sys)
124d: bf90c312 NtUserWaitForMsgAndEvent [1] (win32k.sys)
124e: bf80377f NtUserWaitMessage [0] (win32k.sys)
124f: bf910eee NtUserWin32PoolAllocationStats [6] (win32k.sys)
1250: bf82463d NtUserWindowFromPoint [2] (win32k.sys)
1251: bf90da54 NtUserYieldTask [0] (win32k.sys)
1252: bf87e2a6 NtUserRemoteConnect [3] (win32k.sys)
1253: bf910d75 NtUserRemoteRedrawRectangle [4] (win32k.sys)
1254: bf910dc2 NtUserRemoteRedrawScreen [0] (win32k.sys)
1255: bf910e16 NtUserRemoteStopScreenUpdates [0] (win32k.sys)
1256: bf910e63 NtUserCtxDisplayIOCtl [3] (win32k.sys)
1257: bf8fbc90 NtGdiEngAssociateSurface [3] (win32k.sys)
1258: bf8fc640 NtGdiEngCreateBitmap [6] (win32k.sys)
1259: bf8fbc5d NtGdiEngCreateDeviceSurface [4] (win32k.sys)
125a: bf952c93 NtGdiEngCreateDeviceBitmap [4] (win32k.sys)
125b: bf8def59 NtGdiEngCreatePalette [6] (win32k.sys)
125c: bf9062fd NtGdiEngComputeGlyphSet [3] (win32k.sys)
125d: bf952de9 NtGdiEngCopyBits [6] (win32k.sys)
125e: bf8dfae5 NtGdiEngDeletePalette [1] (win32k.sys)
125f: bf8fbbe3 NtGdiEngDeleteSurface [1] (win32k.sys)
1260: bf953c4c NtGdiEngEraseSurface [3] (win32k.sys)
1261: bf8ffe99 NtGdiEngUnlockSurface [1] (win32k.sys)
1262: bf8fc095 NtGdiEngLockSurface [1] (win32k.sys)
1263: bf904e81 NtGdiEngBitBlt [11] (win32k.sys)
1264: bf900272 NtGdiEngStretchBlt [11] (win32k.sys)
1265: bf9531e1 NtGdiEngPlgBlt [11] (win32k.sys)
1266: bf8fc736 NtGdiEngMarkBandingSurface [1] (win32k.sys)
1267: bf8fd530 NtGdiEngStrokePath [8] (win32k.sys)
1268: bf9533d8 NtGdiEngFillPath [7] (win32k.sys)
1269: bf8fe1c5 NtGdiEngStrokeAndFillPath [10] (win32k.sys)
126a: bf953543 NtGdiEngPaint [5] (win32k.sys)
126b: bf95365f NtGdiEngLineTo [9] (win32k.sys)
126c: bf953788 NtGdiEngAlphaBlend [7] (win32k.sys)
126d: bf953907 NtGdiEngGradientFill [10] (win32k.sys)
126e: bf953ae0 NtGdiEngTransparentBlt [8] (win32k.sys)
126f: bf8fed36 NtGdiEngTextOut [10] (win32k.sys)
1270: bf952f85 NtGdiEngStretchBltROP [13] (win32k.sys)
1271: bf9543fe NtGdiXLATEOBJ_cGetPalette [4] (win32k.sys)
1272: bf9544ba NtGdiXLATEOBJ_iXlate [2] (win32k.sys)
1273: bf9543b0 NtGdiXLATEOBJ_hGetColorTransform [1] (win32k.sys)
1274: bf8fda2d NtGdiCLIPOBJ_bEnum [3] (win32k.sys)
1275: bf8fdada NtGdiCLIPOBJ_cEnumStart [5] (win32k.sys)
1276: bf953d16 NtGdiCLIPOBJ_ppoGetPath [1] (win32k.sys)
1277: bf953d54 NtGdiEngDeletePath [1] (win32k.sys)
1278: bf953d8e NtGdiEngCreateClip [0] (win32k.sys)
1279: bf953dc0 NtGdiEngDeleteClip [1] (win32k.sys)
127a: bf8fd098 NtGdiBRUSHOBJ_ulGetBrushColor [1] (win32k.sys)
127b: bf953dfa NtGdiBRUSHOBJ_pvAllocRbrush [2] (win32k.sys)
127c: bf953e4b NtGdiBRUSHOBJ_pvGetRbrush [1] (win32k.sys)
127d: bf906383 NtGdiBRUSHOBJ_hGetColorTransform [1] (win32k.sys)
127e: bf905ccc NtGdiXFORMOBJ_bApplyXform [5] (win32k.sys)
127f: bf8faf8d NtGdiXFORMOBJ_iGetXform [2] (win32k.sys)
1280: bf905e8d NtGdiFONTOBJ_vGetInfo [3] (win32k.sys)
1281: bf8faef3 NtGdiFONTOBJ_pxoGetXform [1] (win32k.sys)
1282: bf905931 NtGdiFONTOBJ_cGetGlyphs [5] (win32k.sys)
1283: bf8fb0fe NtGdiFONTOBJ_pifi [1] (win32k.sys)
1284: bf954575 NtGdiFONTOBJ_pfdg [1] (win32k.sys)
1285: bf95467c NtGdiFONTOBJ_pQueryGlyphAttrs [2] (win32k.sys)
1286: bf9542e0 NtGdiFONTOBJ_pvTrueTypeFontFile [2] (win32k.sys)
1287: bf953e99 NtGdiFONTOBJ_cGetAllGlyphHandles [2] (win32k.sys)
1288: bf954754 NtGdiSTROBJ_bEnum [3] (win32k.sys)
1289: bf9060bb NtGdiSTROBJ_bEnumPositionsOnly [3] (win32k.sys)
128a: bf8fb211 NtGdiSTROBJ_bGetAdvanceWidths [4] (win32k.sys)
128b: bf9060d9 NtGdiSTROBJ_vEnumStart [1] (win32k.sys)
128c: bf953f64 NtGdiSTROBJ_dwGetCodePage [1] (win32k.sys)
128d: bf954055 NtGdiPATHOBJ_vGetBounds [2] (win32k.sys)
128e: bf954772 NtGdiPATHOBJ_bEnum [2] (win32k.sys)
128f: bf9540e6 NtGdiPATHOBJ_vEnumStart [1] (win32k.sys)
1290: bf95412a NtGdiPATHOBJ_vEnumStartClipLines [4] (win32k.sys)
1291: bf9541d7 NtGdiPATHOBJ_bEnumClipLines [3] (win32k.sys)
1292: bf952c61 NtGdiGetDhpdev [1] (win32k.sys)
1293: bf95450c NtGdiEngCheckAbort [1] (win32k.sys)
1294: bf905776 NtGdiHT_Get8BPPFormatPalette [4] (win32k.sys)
1295: bf952cd5 NtGdiHT_Get8BPPMaskPalette [6] (win32k.sys)
1296: bf94139b NtGdiUpdateTransform [1] (win32k.sys)
1297: bf8dd671 NtGdiSetPUMPDOBJ [4] (win32k.sys)
1298: bf953fb2 NtGdiBRUSHOBJ_DeleteRbrush [2] (win32k.sys)
1299: bf952c88 NtGdiUnmapMemFont [1] (win32k.sys)
129a: bf817785 NtGdiDrawStream [3] (win32k.sys)

Table #2: 00000000, 0000 entries, params=00000000, <none>

Table #3: 00000000, 0000 entries, params=00000000, <none>
Cleanup...

Unloading MemMap driver
공지사항
최근에 올라온 글
최근에 달린 댓글
Total
Today
Yesterday
«   2024/12   »
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31
글 보관함