Windows syscall lister
Copyleft (c) by Omega Red 2005,2006
[Windows x64 edition - 10.07.2006]
[Cleanup, single 32/64bit source - 07.2007]

Windows version: 5.2.3790, platform 2, Service Pack 2

NtQuerySystemInformation ok, kernel base: fffff80001000000

Base             Size     Flags    Idx  RefC  Image
-----------------------------------------------------------
0000000077ec0000 00139000 00000000 007b 0001 \WINDOWS\system32\ntdll.dll
fffff80000800000 0005e000 0c004000 0001 0001 \WINDOWS\system32\hal.dll
fffff80001000000 0047f000 0c004000 0000 0001 \WINDOWS\system32\ntoskrnl.exe
fffff97fff000000 00460000 69104000 0068 0001 \SystemRoot\System32\win32k.sys
fffff97fff460000 00028000 69104000 006a 0001 \SystemRoot\System32\drivers\dxg.sys
fffff97fff488000 00637000 69104000 006b 0001 \SystemRoot\System32\nv4_disp.dll
fffff97fffabf000 00074000 69104000 006d 0001 \SystemRoot\System32\ATMFD.DLL
fffffadfdfd6d000 00038000 49104000 0079 0001 \SystemRoot\system32\drivers\kmixer.sys
fffffadfe035e000 00013000 49104000 0077 0001 \??\E:\Program Files (x86)\MSI\Core Center\RushTop64.sys
fffffadfe09aa000 000c4000 49104000 0073 0001 \SystemRoot\system32\DRIVERS\srv.sys
fffffadfe0b40000 00028000 49104000 0072 0001 \??\E:\WINDOWS\system32\drivers\vmx86.sys
fffffadfe0c6c000 0001f000 49104000 0070 0001 \SystemRoot\System32\Drivers\Udfs.SYS
fffffadfe0e16000 0002b000 49104000 006f 0001 \SystemRoot\system32\drivers\sysaudio.sys
fffffadfe0e41000 00034000 49104000 006e 0001 \SystemRoot\system32\drivers\wdmaud.sys
fffffadfe26ec000 0000a000 49104000 0075 0001 \??\E:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys
fffffadfe272c000 0000a000 49104000 0074 0001 \??\E:\WINDOWS\system32\drivers\vmnetuserif.sys
fffffadfe273c000 00010000 49104000 0076 0001 \??\E:\Program Files (x86)\MSI\Core Center\NTGLM7X64.sys
fffffadfe274c000 0000e000 49104000 006c 0001 \SystemRoot\system32\DRIVERS\vmnetbridge.sys
fffffadfe276c000 00021000 49104000 0067 0001 \SystemRoot\System32\Drivers\Cdfs.SYS
fffffadfe278d000 00015000 49104000 0064 0001 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
fffffadfe27e8000 0003e000 49104000 0061 0001 \SystemRoot\system32\DRIVERS\ipnat.sys
fffffadfe2826000 000cd000 49104000 005f 0001 \SystemRoot\system32\DRIVERS\mrxsmb.sys
fffffadfe28f3000 00051000 49104000 005e 0002 \SystemRoot\system32\DRIVERS\rdbss.sys
fffffadfe2944000 0004d000 49104000 005c 0001 \SystemRoot\System32\drivers\afd.sys
fffffadfe2991000 0005a000 49104000 005b 0001 \SystemRoot\system32\DRIVERS\netbt.sys
fffffadfe29eb000 000f5000 49104000 005a 0003 \SystemRoot\system32\DRIVERS\tcpip.sys
fffffadfe2ae0000 0002b000 49104000 0059 0001 \SystemRoot\system32\DRIVERS\ipsec.sys
fffffadfe2b0b000 00014000 49104000 0057 0001 \SystemRoot\System32\Drivers\Npfs.SYS
fffffadfe2b9f000 0000c000 49104000 0069 0001 \SystemRoot\System32\drivers\Dxapi.sys
fffffadfe2c25000 00020000 49104000 004e 0001 \SystemRoot\system32\DRIVERS\usbhub.sys
fffffadfe2c45000 000ab000 49104000 004d 0001 \SystemRoot\system32\CTSBLFX.DLL
fffffadfe2cf0000 000af000 49104000 004c 0001 \SystemRoot\system32\CTAUDFX.DLL
fffffadfe2d9f000 0002b000 49104000 004b 0001 \SystemRoot\system32\COMMONFX.DLL
fffffadfe2dca000 000ae000 49104000 004a 0001 \SystemRoot\system32\drivers\ctac32k.sys
fffffadfe2e78000 0004a000 49104000 0049 0001 \SystemRoot\system32\drivers\ctsfm2k.sys
fffffadfe2ec2000 00052000 49104000 0048 0001 \SystemRoot\system32\drivers\emupia2k.sys
fffffadfe2f14000 001b9000 49104000 0047 0001 \SystemRoot\system32\drivers\ha10kx2k.sys
fffffadfe30cd000 0004b000 49104000 0046 0001 \SystemRoot\system32\drivers\hap17v2k.sys
fffffadfe3218000 00014000 49104000 0045 0001 \SystemRoot\System32\Drivers\NDProxy.SYS
fffffadfe322c000 0001b000 49104000 0041 0001 \SystemRoot\system32\DRIVERS\update.sys
fffffadfe3247000 00016000 49104000 003e 0001 \SystemRoot\system32\DRIVERS\termdd.sys
fffffadfe32a3000 00057000 49104000 003d 0001 \SystemRoot\system32\DRIVERS\rdpdr.sys
fffffadfe32fa000 00016000 49104000 003b 0001 \SystemRoot\system32\DRIVERS\msgpc.sys
fffffadfe3310000 00020000 49104000 003a 0001 \SystemRoot\system32\DRIVERS\psched.sys
fffffadfe3330000 00023000 49104000 0038 0001 \SystemRoot\system32\DRIVERS\raspptp.sys
fffffadfe3353000 00014000 49104000 0037 0001 \SystemRoot\system32\DRIVERS\raspppoe.sys
fffffadfe3367000 0002c000 49104000 0036 0001 \SystemRoot\system32\DRIVERS\ndiswan.sys
fffffadfe3393000 00026000 49104000 0034 0001 \SystemRoot\system32\DRIVERS\rasl2tp.sys
fffffadfe33b9000 00077000 49104000 0032 0001 \SystemRoot\System32\Drivers\aguhg0q4.SYS
fffffadfe3430000 00056000 49104000 0031 0001 \SystemRoot\System32\Drivers\amffviqq.SYS
fffffadfe3486000 0001d000 49104000 002f 0001 \SystemRoot\system32\DRIVERS\i8042prt.sys
fffffadfe34a3000 0003a000 49104000 002d 0002 \SystemRoot\system32\DRIVERS\USBPORT.SYS
fffffadfe34dd000 00016000 49104000 002b 0001 \SystemRoot\system32\DRIVERS\redbook.sys
fffffadfe34f3000 0001b000 49104000 002a 0001 \SystemRoot\system32\DRIVERS\cdrom.sys
fffffadfe350e000 00017000 49104000 0029 0001 \SystemRoot\system32\DRIVERS\imapi.sys
fffffadfe3525000 00024000 49104000 0028 0001 \SystemRoot\system32\DRIVERS\Rtnic64.sys
fffffadfe3549000 0003b000 49104000 0025 0001 \SystemRoot\system32\drivers\ctoss2k.sys
fffffadfe3584000 00049000 49104000 0024 0007 \SystemRoot\system32\drivers\ks.sys
fffffadfe35cd000 00040000 49104000 0023 0001 \SystemRoot\system32\drivers\portcls.sys
fffffadfe360d000 000d1000 49104000 0022 0001 \SystemRoot\system32\drivers\ctaud2k.sys
fffffadfe370e000 00023000 49104000 0020 0006 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
fffffadfe3731000 0050a000 49104000 001f 0001 \SystemRoot\system32\DRIVERS\nv4_mini.sys
fffffadfe3ebb000 00034000 09004000 001b 0001 Mup.sys
fffffadfe3eef000 00066000 09004000 001a 0011 NDIS.sys
fffffadfe3f55000 00105000 09004000 0019 0001 Ntfs.sys
fffffadfe405a000 00034000 0d004000 0018 0005 KSecDD.sys
fffffadfe408e000 0003e000 09004000 0016 0001 fltmgr.sys
fffffadfe40cc000 0001d000 0d004000 0015 0002 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fffffadfe40e9000 00015000 09004000 0014 0001 disk.sys
fffffadfe40fe000 0001b000 09004000 0013 0001 viamrx64.sys
fffffadfe4119000 0002d000 09004000 0012 0001 atapi.sys
fffffadfe4146000 0004b000 09004000 0010 0001 volsnap.sys
fffffadfe4191000 00047000 09004000 000f 0001 dmio.sys
fffffadfe41d8000 00040000 09004000 000d 0001 ftdisk.sys
fffffadfe4218000 00016000 09004000 000c 0001 MountMgr.sys
fffffadfe422e000 00021000 09004000 0008 0001 pci.sys
fffffadfe424f000 00054000 09004000 0007 0001 ACPI.sys
fffffadfe42a3000 00031000 0d004000 0006 0004 \WINDOWS\System32\Drivers\SCSIPORT.SYS
fffffadfe42d4000 0011e000 09004000 0004 0001 sptd.sys
fffffadfe44f3000 00013000 09004000 001c 0001 gagp30kx.sys
fffffadfe45c4000 00013000 49104000 001e 0001 \SystemRoot\system32\DRIVERS\amdk8.sys
fffffadfe45d7000 00012000 49104000 005d 0001 \SystemRoot\system32\DRIVERS\netbios.sys
fffffadfe45ea000 00012000 49104000 0060 0001 \SystemRoot\System32\Drivers\Fips.SYS
fffffadfe45fd000 00012000 49104000 0062 0001 \SystemRoot\system32\DRIVERS\wanarp.sys
fffffadfe47fb000 0000a000 09004000 0002 0003 \WINDOWS\system32\KDCOM.DLL
fffffadfe480b000 00009000 09004000 0003 0002 \WINDOWS\system32\BOOTVID.dll
fffffadfe481b000 00009000 0d004000 0005 0013 \WINDOWS\System32\Drivers\WMILIB.SYS
fffffadfe482b000 00009000 09004000 0009 0001 isapnp.sys
fffffadfe483b000 00010000 0d004000 000b 0001 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
fffffadfe484b000 00010000 09004000 0011 0001 PartMgr.sys
fffffadfe485b000 0000c000 01004000 0017 0001 PxHlpa64.sys
fffffadfe486b000 0000b000 09004000 001d 0001 crcdisk.sys
fffffadfe48ab000 0000b000 49104000 002e 0001 \SystemRoot\system32\DRIVERS\usbehci.sys
fffffadfe48bb000 0000e000 49104000 0030 0001 \SystemRoot\system32\DRIVERS\kbdclass.sys
fffffadfe48cb000 0000f000 49104000 0039 0009 \SystemRoot\system32\DRIVERS\TDI.SYS
fffffadfe48db000 0000a000 49104000 0066 0001 \SystemRoot\system32\DRIVERS\mouhid.sys
fffffadfe492b000 0000b000 49104000 003c 0001 \SystemRoot\system32\DRIVERS\hamachi.sys
fffffadfe493b000 0000d000 49104000 003f 0001 \SystemRoot\system32\DRIVERS\mouclass.sys
fffffadfe494b000 0000d000 49104000 0042 0001 \SystemRoot\system32\DRIVERS\mssmbios.sys
fffffadfe495b000 0000a000 49104000 0044 0003 \SystemRoot\system32\DRIVERS\VMNET.SYS
fffffadfe497b000 0000a000 49104000 0050 0001 \SystemRoot\System32\Drivers\Fs_Rec.SYS
fffffadfe498b000 0000e000 49104000 0053 0001 \SystemRoot\System32\drivers\vga.sys
fffffadfe49ab000 0000a000 49104000 0054 0001 \SystemRoot\System32\Drivers\mnmdd.SYS
fffffadfe49bb000 0000a000 49104000 0035 0002 \SystemRoot\system32\DRIVERS\ndistapi.sys
fffffadfe49db000 0000a000 49104000 0055 0001 \SystemRoot\System32\DRIVERS\RDPCDD.sys
fffffadfe49eb000 0000d000 49104000 0056 0001 \SystemRoot\System32\Drivers\Msfs.SYS
fffffadfe49fb000 0000a000 49104000 0058 0001 \SystemRoot\system32\DRIVERS\rasacd.sys
fffffadfe4a1b000 0000c000 49104000 0071 0001 \??\E:\WINDOWS\system32\drivers\hcmon.sys
fffffadfe4a2b000 0000a000 49104000 0063 0001 \SystemRoot\system32\DRIVERS\hidusb.sys
fffffadfe4a4b000 00009000 49104000 0021 0002 \SystemRoot\system32\DRIVERS\watchdog.sys
fffffadfe4a5b000 0000b000 49104000 0065 0002 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
fffffadfe4aa3000 00008000 49104000 0026 0001 \SystemRoot\system32\drivers\ctprxy2k.sys
fffffadfe4aab000 00008000 49104000 002c 0001 \SystemRoot\system32\DRIVERS\usbuhci.sys
fffffadfe4b1b000 00008000 49104000 0033 0001 \SystemRoot\system32\DRIVERS\audstub.sys
fffffadfe4b23000 00008000 49104000 0043 0001 \SystemRoot\system32\DRIVERS\vmnetadapter.sys
fffffadfe4b2b000 00008000 49104000 0051 0001 \SystemRoot\System32\Drivers\Null.SYS
fffffadfe4b6b000 00008000 49104000 0078 0001 \??\E:\WINDOWS\system32\kldbgdrv.sys
fffffadfe4bfb000 00007000 09004000 000a 0001 viaide.sys
fffffadfe4c02000 00007000 09004000 000e 0001 dmload.sys
fffffadfe4d67000 00007000 49104000 007a 0001 \??\E:\WINDOWS\system32\Drivers\Dbgv.sys
fffffadfe4dd0000 00007000 49104000 0052 0001 \SystemRoot\System32\Drivers\Beep.SYS
fffffadfe4e6a000 00006000 49104000 0027 0001 \SystemRoot\system32\drivers\ksthunk.sys
fffffadfe502f000 00002000 49104000 0040 0001 \SystemRoot\system32\DRIVERS\swenum.sys
fffffadfe506b000 00002000 49104000 004f 0002 \SystemRoot\system32\DRIVERS\USBD.SYS

Loading symbols for E:\WINDOWS\system32\ntoskrnl.exe, please wait...
Real SSDTS address: fffff8000117bb40
Loading driver: D:\code\MemMap64.sys
MemMap initialized.

Service tables:

Table #0: fffff80001076e00, 0128 entries, \WINDOWS\system32\ntoskrnl.exe
0000: fffff80001377240 NtMapUserPhysicalPagesScatter (ntoskrnl.exe)
0001: fffff800012bb020 NtWaitForSingleObject (ntoskrnl.exe)
0002: fffff80001039cf0 NtCallbackReturn (ntoskrnl.exe)
0003: fffff800012c7965 NtReadFile (ntoskrnl.exe)
0004: fffff800012e0fb6 NtDeviceIoControlFile (ntoskrnl.exe)
0005: fffff800012c82c5 NtWriteFile (ntoskrnl.exe)
0006: fffff800012ae541 NtRemoveIoCompletion (ntoskrnl.exe)
0007: fffff800012bb9e0 NtReleaseSemaphore (ntoskrnl.exe)
0008: fffff800012d4720 NtReplyWaitReceivePort (ntoskrnl.exe)
0009: fffff800012dc950 NtReplyPort (ntoskrnl.exe)
000a: fffff800012d80e0 NtSetInformationThread (ntoskrnl.exe)
000b: fffff800012d8ae0 NtSetEvent (ntoskrnl.exe)
000c: fffff800012b6360 NtClose (ntoskrnl.exe)
000d: fffff800012bfa21 NtQueryObject (ntoskrnl.exe)
000e: fffff800012bd281 NtQueryInformationFile (ntoskrnl.exe)
000f: fffff800012be520 NtOpenKey (ntoskrnl.exe)
0010: fffff8000128e752 NtEnumerateValueKey (ntoskrnl.exe)
0011: fffff800012a29e0 NtFindAtom (ntoskrnl.exe)
0012: fffff800012bbe20 NtQueryDefaultLocale (ntoskrnl.exe)
0013: fffff800012947a1 NtQueryKey (ntoskrnl.exe)
0014: fffff800012c0612 NtQueryValueKey (ntoskrnl.exe)
0015: fffff8000104c622 NtAllocateVirtualMemory (ntoskrnl.exe)
0016: fffff800012c1701 NtQueryInformationProcess (ntoskrnl.exe)
0017: fffff800012e8341 CcZeroData (ntoskrnl.exe)
0018: fffff80001266be5 NtWriteFileGather (ntoskrnl.exe)
0019: fffff800012c3280 NtSetInformationProcess (ntoskrnl.exe)
001a: fffff800012a5103 NtCreateKey (ntoskrnl.exe)
001b: fffff8000104cd00 NtFreeVirtualMemory (ntoskrnl.exe)
001c: fffff800012b1b90 NtImpersonateClientOfPort (ntoskrnl.exe)
001d: fffff800012bb480 NtReleaseMutant (ntoskrnl.exe)
001e: fffff800012c8aa1 NtQueryInformationToken (ntoskrnl.exe)
001f: fffff800012d7a80 NtRequestWaitReplyPort (ntoskrnl.exe)
0020: fffff8000105e002 NtQueryVirtualMemory (ntoskrnl.exe)
0021: fffff800012cb9f0 NtOpenThreadToken (ntoskrnl.exe)
0022: fffff800012ca111 NtQueryInformationThread (ntoskrnl.exe)
0023: fffff800012d6eb0 NtOpenProcess (ntoskrnl.exe)
0024: fffff800012c9b91 NtSetInformationFile (ntoskrnl.exe)
0025: fffff800012c4826 NtMapViewOfSection (ntoskrnl.exe)
0026: fffff800012a1057 NtAccessCheckAndAuditAlarm (ntoskrnl.exe)
0027: fffff800012cdb50 NtQueryInformationFile (ntoskrnl.exe)
0028: fffff800012d4041 NtReplyWaitReceivePortEx (ntoskrnl.exe)
0029: fffff800012d5490 NtTerminateProcess (ntoskrnl.exe)
002a: fffff800012b3f10 NtSetEventBoostPriority (ntoskrnl.exe)
002b: fffff800012665e5 NtReadFileScatter (ntoskrnl.exe)
002c: fffff800012ca571 NtOpenThreadTokenEx (ntoskrnl.exe)
002d: fffff800012c8930 NtOpenProcessTokenEx (ntoskrnl.exe)
002e: fffff800012d7420 NtQueryPerformanceCounter (ntoskrnl.exe)
002f: fffff80001294ed2 NtEnumerateKey (ntoskrnl.exe)
0030: fffff800012c43e2 NtOpenFile (ntoskrnl.exe)
0031: fffff800012bb560 NtDelayExecution (ntoskrnl.exe)
0032: fffff800012cacb7 NtQueryDirectoryFile (ntoskrnl.exe)
0033: fffff800012c21f0 NtQuerySystemInformation (ntoskrnl.exe)
0034: fffff800012ce320 ObInsertObject (ntoskrnl.exe)
0035: fffff8000128c721 NtQueryTimer (ntoskrnl.exe)
0036: fffff800012d1786 NtFsControlFile (ntoskrnl.exe)
0037: fffff800012d29c1 NtWriteVirtualMemory (ntoskrnl.exe)
0038: fffff800012a12b0 NtCloseObjectAuditAlarm (ntoskrnl.exe)
0039: fffff800012d6443 NtDuplicateObject (ntoskrnl.exe)
003a: fffff800012c30f0 NtQueryAttributesFile (ntoskrnl.exe)
003b: fffff800012ad160 SepComparePrivilegeAndAttributeArrays (ntoskrnl.exe)
003c: fffff800012dc161 NtReadVirtualMemory (ntoskrnl.exe)
003d: fffff8000128e070 NtOpenEvent (ntoskrnl.exe)
003e: fffff800012b0472 NtAdjustPrivilegesToken (ntoskrnl.exe)
003f: fffff800012b18c2 NtDuplicateToken (ntoskrnl.exe)
0040: fffff80001043af0 NtContinue (ntoskrnl.exe)
0041: fffff800012d4e10 NtQueryDefaultUILanguage (ntoskrnl.exe)
0042: fffff8000128c5f1 NtQueueApcThread (ntoskrnl.exe)
0043: fffff800010246c0 NtYieldExecution (ntoskrnl.exe)
0044: fffff800012ad8d0 NtAddAtom (ntoskrnl.exe)
0045: fffff800012cde31 NtCreateEvent (ntoskrnl.exe)
0046: fffff800012c6b41 NtQueryVolumeInformationFile (ntoskrnl.exe)
0047: fffff800012b6a43 NtCreateSection (ntoskrnl.exe)
0048: fffff800012adf20 NtFlushBuffersFile (ntoskrnl.exe)
0049: fffff800012dc740 NtApphelpCacheControl (ntoskrnl.exe)
004a: fffff800012d32c5 NtCreateProcessEx (ntoskrnl.exe)
004b: fffff800012d1e64 NtCreateThread (ntoskrnl.exe)
004c: fffff800012dc7c0 NtIsProcessInJob (ntoskrnl.exe)
004d: fffff800012d1a11 NtProtectVirtualMemory (ntoskrnl.exe)
004e: fffff800012d1881 NtQuerySection (ntoskrnl.exe)
004f: fffff800012d2550 NtResumeThread (ntoskrnl.exe)
0050: fffff800012e0670 NtTerminateThread (ntoskrnl.exe)
0051: fffff800012de222 NtReadRequestData (ntoskrnl.exe)
0052: fffff800012c6ab7 NtCreateFile (ntoskrnl.exe)
0053: fffff8000128f9c1 NtQueryEvent (ntoskrnl.exe)
0054: fffff800012e03c2 NtWriteRequestData (ntoskrnl.exe)
0055: fffff800012d17f0 NtLockFile (ntoskrnl.exe)
0056: fffff800012a149c NtAccessCheckByTypeAndAuditAlarm (ntoskrnl.exe)
0057: fffff800013a5010 NtQuerySystemTime (ntoskrnl.exe)
0058: fffff800012bb621 NtWaitForMultipleObjects (ntoskrnl.exe)
0059: fffff800012d5f90 NtSetInformationObject (ntoskrnl.exe)
005a: fffff800012680e0 NtCancelIoFile (ntoskrnl.exe)
005b: fffff80001100450 NtTraceEvent (ntoskrnl.exe)
005c: fffff8000126e6b1 NtPowerInformation (ntoskrnl.exe)
005d: fffff80001297d82 NtSetValueKey (ntoskrnl.exe)
005e: fffff80001029640 ExSetResourceOwnerPointer (ntoskrnl.exe)
005f: fffff80001033c23 NtSetTimer (ntoskrnl.exe)
0060: fffff800012d8f62 NtAcceptConnectPort (ntoskrnl.exe)
0061: fffff800012acba4 NtAccessCheck (ntoskrnl.exe)
0062: fffff8000128a307 NtAccessCheckByType (ntoskrnl.exe)
0063: fffff80001390317 NtAccessCheckByTypeResultList (ntoskrnl.exe)
0064: fffff8000139316c NtAccessCheckByTypeResultListAndAuditAlarm (ntoskrnl.exe)
0065: fffff8000139321d NtAccessCheckByTypeResultListAndAuditAlarmByHandle (ntoskrnl.exe)
0066: fffff800013a8510 NtAddBootEntry (ntoskrnl.exe)
0067: fffff800013a8510 NtAddBootEntry (ntoskrnl.exe)
0068: fffff8000138efe2 NtAdjustGroupsToken (ntoskrnl.exe)
0069: fffff800013847e0 NtAlertResumeThread (ntoskrnl.exe)
006a: fffff800012adc20 RtlpCoalesceFreeBlocks (ntoskrnl.exe)
006b: fffff80001296dd0 NtAllocateLocallyUniqueId (ntoskrnl.exe)
006c: fffff80001377970 NtAllocateUserPhysicalPages (ntoskrnl.exe)
006d: fffff800013a6760 NtAllocateUuids (ntoskrnl.exe)
006e: fffff800012e78b0 NtAreMappedFilesTheSame (ntoskrnl.exe)
006f: fffff80001263f80 NtAssignProcessToJobObject (ntoskrnl.exe)
0070: fffff800013a8510 NtAddBootEntry (ntoskrnl.exe)
0071: fffff8000133f390 NtCompactKeys (ntoskrnl.exe)
0072: fffff800012ace30 NtCompareTokens (ntoskrnl.exe)
0073: fffff800012d9690 NtCompleteConnectPort (ntoskrnl.exe)
0074: fffff8000133f6e0 NtCompressKey (ntoskrnl.exe)
0075: fffff800012d8ba4 NtConnectPort (ntoskrnl.exe)
0076: fffff800013ab950 NtCreateDebugObject (ntoskrnl.exe)
0077: fffff80001254120 NtCreateDirectoryObject (ntoskrnl.exe)
0078: fffff800013a8520 NtCreateEventPair (ntoskrnl.exe)
0079: fffff8000128dc20 NtCreateIoCompletion (ntoskrnl.exe)
007a: fffff8000125bc10 NtCreateJobObject (ntoskrnl.exe)
007b: fffff80001383eb0 NtCreateJobSet (ntoskrnl.exe)
007c: fffff8000122bd60 NtCreateKeyedEvent (ntoskrnl.exe)
007d: fffff8000125fe54 NtCreateMailslotFile (ntoskrnl.exe)
007e: fffff800012d74d0 NtCreateMutant (ntoskrnl.exe)
007f: fffff800012b465a NtCreateNamedPipeFile (ntoskrnl.exe)
0080: fffff80001241f00 NtCreatePagingFile (ntoskrnl.exe)
0081: fffff80001270e31 NtCreatePort (ntoskrnl.exe)
0082: fffff800012476d4 NtCreateProcess (ntoskrnl.exe)
0083: fffff800013a7635 NtCreateProfile (ntoskrnl.exe)
0084: fffff800012cafd1 NtCreateSemaphore (ntoskrnl.exe)
0085: fffff8000125ed20 NtCreateSymbolicLinkObject (ntoskrnl.exe)
0086: fffff8000128dd30 NtCreateTimer (ntoskrnl.exe)
0087: fffff80001262549 NtCreateToken (ntoskrnl.exe)
0088: fffff8000125b651 NtCreateWaitablePort (ntoskrnl.exe)
0089: fffff800013ad140 NtDebugActiveProcess (ntoskrnl.exe)
008a: fffff800013adb30 NtDebugContinue (ntoskrnl.exe)
008b: fffff800012ad5f0 ObpCreateUnnamedHandle (ntoskrnl.exe)
008c: fffff800013a8510 NtAddBootEntry (ntoskrnl.exe)
008d: fffff800013a8510 NtAddBootEntry (ntoskrnl.exe)
008e: fffff8000125bae0 NtDeleteFile (ntoskrnl.exe)
008f: fffff80001290f10 NtDeleteKey (ntoskrnl.exe)
0090: fffff800012e8c10 NtDeleteObjectAuditAlarm (ntoskrnl.exe)
0091: fffff8000129be30 NtDeleteValueKey (ntoskrnl.exe)
0092: fffff800012408c0 NtDisplayString (ntoskrnl.exe)
0093: fffff800013a8510 NtAddBootEntry (ntoskrnl.exe)
0094: fffff800013a8510 NtAddBootEntry (ntoskrnl.exe)
0095: fffff800013a8510 NtAddBootEntry (ntoskrnl.exe)
0096: fffff800013767e0 NtExtendSection (ntoskrnl.exe)
0097: fffff80001252e12 NtFilterToken (ntoskrnl.exe)
0098: fffff800012d1bd0 NtFlushInstructionCache (ntoskrnl.exe)
0099: fffff8000126d980 NtFlushKey (ntoskrnl.exe)
009a: fffff80001296e60 NtFlushVirtualMemory (ntoskrnl.exe)
009b: fffff80001378f50 NtFlushWriteBuffer (ntoskrnl.exe)
009c: fffff800013782f0 NtFreeUserPhysicalPages (ntoskrnl.exe)
009d: fffff800012deb40 NtGetContextThread (ntoskrnl.exe)
009e: fffff800013816f0 NtGetCurrentProcessorNumber (ntoskrnl.exe)
009f: fffff8000137fae0 NtGetDevicePowerState (ntoskrnl.exe)
00a0: fffff8000127dd70 NtGetPlugPlayEvent (ntoskrnl.exe)
00a1: fffff800010eb4b3 NtGetWriteWatch (ntoskrnl.exe)
00a2: fffff800012725b0 NtImpersonateAnonymousToken (ntoskrnl.exe)
00a3: fffff800012db220 NtImpersonateThread (ntoskrnl.exe)
00a4: fffff800012596c0 NtInitializeRegistry (ntoskrnl.exe)
00a5: fffff8000137f7e0 NtInitiatePowerAction (ntoskrnl.exe)
00a6: fffff8000137fac0 NtIsSystemResumeAutomatic (ntoskrnl.exe)
00a7: fffff80001258d10 NtListenPort (ntoskrnl.exe)
00a8: fffff80001259000 NtLoadDriver (ntoskrnl.exe)
00a9: fffff80001250a00 NtLoadKey (ntoskrnl.exe)
00aa: fffff8000133d470 NtLoadKey2 (ntoskrnl.exe)
00ab: fffff80001250320 NtLoadKeyEx (ntoskrnl.exe)
00ac: fffff80001296046 NtLockFile (ntoskrnl.exe)
00ad: fffff80001251fd0 NtLockProductActivationKeys (ntoskrnl.exe)
00ae: fffff8000122ed70 IopAppendLegacyVeto (ntoskrnl.exe)
00af: fffff800010083f0 NtLockVirtualMemory (ntoskrnl.exe)
00b0: fffff8000125f840 NtMakePermanentObject (ntoskrnl.exe)
00b1: fffff80001256b00 NtMakeTemporaryObject (ntoskrnl.exe)
00b2: fffff80001376cd0 NtMapUserPhysicalPages (ntoskrnl.exe)
00b3: fffff800013a8510 NtAddBootEntry (ntoskrnl.exe)
00b4: fffff800013a8510 NtAddBootEntry (ntoskrnl.exe)
00b5: fffff800012a1715 NtNotifyChangeDirectoryFile (ntoskrnl.exe)
00b6: fffff800012d0066 NtNotifyChangeKey (ntoskrnl.exe)
00b7: fffff800012cfb98 NtNotifyChangeMultipleKeys (ntoskrnl.exe)
00b8: fffff800013a8650 NtOpenEventPair (ntoskrnl.exe)
00b9: fffff8000135e570 NtCreateIoCompletion (ntoskrnl.exe)
00ba: fffff80001383490 NtCreateJobObject (ntoskrnl.exe)
00bb: fffff800012d39f0 ObpCloseHandleProcedure (ntoskrnl.exe)
00bc: fffff800012b33b0 SePrivilegedServiceAuditAlarm (ntoskrnl.exe)
00bd: fffff8000128ab58 NtOpenObjectAuditAlarm (ntoskrnl.exe)
00be: fffff800012c8a80 NtOpenProcessToken (ntoskrnl.exe)
00bf: fffff800012643d0 NtOpenSemaphore (ntoskrnl.exe)
00c0: fffff800012cdf70 NtOpenEvent (ntoskrnl.exe)
00c1: fffff800012dd5c0 NtOpenThread (ntoskrnl.exe)
00c2: fffff800013a7d00 NtOpenTimer (ntoskrnl.exe)
00c3: fffff8000128fc40 NtPlugPlayControl (ntoskrnl.exe)
00c4: fffff8000128f620 NtPrivilegeCheck (ntoskrnl.exe)
00c5: fffff8000124adf2 NtPrivilegeObjectAuditAlarm (ntoskrnl.exe)
00c6: fffff80001265fb1 NtPrivilegedServiceAuditAlarm (ntoskrnl.exe)
00c7: fffff8000125cf20 NtPulseEvent (ntoskrnl.exe)
00c8: fffff800013a8510 NtAddBootEntry (ntoskrnl.exe)
00c9: fffff800013a8510 NtAddBootEntry (ntoskrnl.exe)
00ca: fffff8000101f520 NtQueryDebugFilterState (ntoskrnl.exe)
00cb: fffff800012b36c3 NtQueryDirectoryObject (ntoskrnl.exe)
00cc: fffff800013a8510 NtAddBootEntry (ntoskrnl.exe)
00cd: fffff8000135f195 NtQueryEaFile (ntoskrnl.exe)
00ce: fffff8000129f220 NtQueryFullAttributesFile (ntoskrnl.exe)
00cf: fffff8000126d591 NtQueryInformationAtom (ntoskrnl.exe)
00d0: fffff8000124be71 NtQueryInformationJobObject (ntoskrnl.exe)
00d1: fffff80001373ac1 NtQueryInformationPort (ntoskrnl.exe)
00d2: fffff8000128d530 NtQueryInstallUILanguage (ntoskrnl.exe)
00d3: fffff800013a7c50 NtQueryIntervalProfile (ntoskrnl.exe)
00d4: fffff8000135e691 NtQueryIoCompletion (ntoskrnl.exe)
00d5: fffff8000133e262 NtQueryMultipleValueKey (ntoskrnl.exe)
00d6: fffff800013a7341 NtQueryMutant (ntoskrnl.exe)
00d7: fffff8000133e5e0 NtQueryOpenSubKeys (ntoskrnl.exe)
00d8: fffff8000133ea00 NtQueryOpenSubKeysEx (ntoskrnl.exe)
00d9: fffff800013af020 ShimExceptionHandler (ntoskrnl.exe)
00da: fffff8000135ff05 NtQueryQuotaInformationFile (ntoskrnl.exe)
00db: fffff8000128f461 NtQuerySecurityObject (ntoskrnl.exe)
00dc: fffff800013a64b1 NtQuerySemaphore (ntoskrnl.exe)
00dd: fffff800012ce000 NtQuerySymbolicLinkObject (ntoskrnl.exe)
00de: fffff800013a7dc0 NtQuerySystemEnvironmentValue (ntoskrnl.exe)
00df: fffff800013a8511 NtSetBootOptions (ntoskrnl.exe)
00e0: fffff8000126f6f0 NtQueryTimerResolution (ntoskrnl.exe)
00e1: fffff80001043bb0 NtRaiseException (ntoskrnl.exe)
00e2: fffff800013a6162 NtRaiseHardError (ntoskrnl.exe)
00e3: fffff800012d8810 NtSetInformationThread (ntoskrnl.exe)
00e4: fffff800013a8b90 NtReleaseKeyedEvent (ntoskrnl.exe)
00e5: fffff800013ad2d0 NtRemoveProcessDebug (ntoskrnl.exe)
00e6: fffff8000133ee20 NtRenameKey (ntoskrnl.exe)
00e7: fffff8000133e090 NtReplaceKey (ntoskrnl.exe)
00e8: fffff800013732a0 NtReplyWaitReplyPort (ntoskrnl.exe)
00e9: fffff800013a8510 NtAddBootEntry (ntoskrnl.exe)
00ea: fffff80001289790 NtRequestPort (ntoskrnl.exe)
00eb: fffff8000137f730 NtRequestWakeupLatency (ntoskrnl.exe)
00ec: fffff800012de360 NtResetEvent (ntoskrnl.exe)
00ed: fffff800010ec4f0 NtResetWriteWatch (ntoskrnl.exe)
00ee: fffff8000133cc50 NtRestoreKey (ntoskrnl.exe)
00ef: fffff80001384770 NtSuspendProcess (ntoskrnl.exe)
00f0: fffff8000133ce20 NtSaveKey (ntoskrnl.exe)
00f1: fffff8000133cfd0 NtSaveKeyEx (ntoskrnl.exe)
00f2: fffff8000133d1d0 NtSaveMergedKeys (ntoskrnl.exe)
00f3: fffff800012d0e95 NtSecureConnectPort (ntoskrnl.exe)
00f4: fffff800013a8510 NtAddBootEntry (ntoskrnl.exe)
00f5: fffff800013a8510 NtAddBootEntry (ntoskrnl.exe)
00f6: fffff800012df4e0 NtSetContextThread (ntoskrnl.exe)
00f7: fffff800013ae2b0 NtSetDebugFilterState (ntoskrnl.exe)
00f8: fffff80001248640 NtSetSystemInformation (ntoskrnl.exe)
00f9: fffff80001251020 NtSetDefaultLocale (ntoskrnl.exe)
00fa: fffff80001251260 NtSetDefaultUILanguage (ntoskrnl.exe)
00fb: fffff800013a8510 NtAddBootEntry (ntoskrnl.exe)
00fc: fffff8000135f9c0 NtSetEaFile (ntoskrnl.exe)
00fd: fffff800013a8a10 NtSetHighEventPair (ntoskrnl.exe)
00fe: fffff800013a8900 NtSetHighWaitLowEventPair (ntoskrnl.exe)
00ff: fffff800013ade41 NtSetInformationDebugObject (ntoskrnl.exe)
0100: fffff8000125c790 NtSetInformationJobObject (ntoskrnl.exe)
0101: fffff800012a2da0 NtSetInformationKey (ntoskrnl.exe)
0102: fffff80001261ec0 NtSetInformationToken (ntoskrnl.exe)
0103: fffff800013a7c30 NtSetIntervalProfile (ntoskrnl.exe)
0104: fffff800012aa2c1 NtSetIoCompletion (ntoskrnl.exe)
0105: fffff800010f3372 xHalAllocateMapRegisters (ntoskrnl.exe)
0106: fffff800013a8990 NtSetLowEventPair (ntoskrnl.exe)
0107: fffff800013a8870 NtSetLowWaitHighEventPair (ntoskrnl.exe)
0108: fffff80001360820 NtSetQuotaInformationFile (ntoskrnl.exe)
0109: fffff80001275be0 NtSetSecurityObject (ntoskrnl.exe)
010a: fffff800013a8150 NtSetSystemEnvironmentValue (ntoskrnl.exe)
010b: fffff800013a8511 NtSetBootOptions (ntoskrnl.exe)
010c: fffff800012652c0 NtSetSystemInformation (ntoskrnl.exe)
010d: fffff800013c6ad0 NtSetSystemPowerState (ntoskrnl.exe)
010e: fffff800013a5090 NtSetSystemTime (ntoskrnl.exe)
010f: fffff800012e9d40 NtSetThreadExecutionState (ntoskrnl.exe)
0110: fffff800012e9630 NtSetTimerResolution (ntoskrnl.exe)
0111: fffff8000124cb90 NtSetUuidSeed (ntoskrnl.exe)
0112: fffff80001360901 NtSetVolumeInformationFile (ntoskrnl.exe)
0113: fffff800013a4ed0 NtShutdownSystem (ntoskrnl.exe)
0114: fffff800010186b0 NtSignalAndWaitForSingleObject (ntoskrnl.exe)
0115: fffff800013a78d0 NtStartProfile (ntoskrnl.exe)
0116: fffff800013a7b20 NtStopProfile (ntoskrnl.exe)
0117: fffff80001384700 NtSuspendThread (ntoskrnl.exe)
0118: fffff800012e97a0 NtSuspendThread (ntoskrnl.exe)
0119: fffff800013a9322 NtSystemDebugControl (ntoskrnl.exe)
011a: fffff800013836d0 NtTerminateJobObject (ntoskrnl.exe)
011b: fffff800012d19e0 NtTestAlert (ntoskrnl.exe)
011c: fffff800013a8510 NtAddBootEntry (ntoskrnl.exe)
011d: fffff800013643e0 NtUnloadDriver (ntoskrnl.exe)
011e: fffff8000133d520 NtUnloadKey (ntoskrnl.exe)
011f: fffff8000133d530 NtUnloadKey2 (ntoskrnl.exe)
0120: fffff8000133db80 NtUnloadKeyEx (ntoskrnl.exe)
0121: fffff80001296301 NtUnlockFile (ntoskrnl.exe)
0122: fffff8000100de60 NtUnlockVirtualMemory (ntoskrnl.exe)
0123: fffff800013969c0 NtVdmControl (ntoskrnl.exe)
0124: fffff800013ad6b0 NtWaitForDebugEvent (ntoskrnl.exe)
0125: fffff800013a8f50 NtWaitForKeyedEvent (ntoskrnl.exe)
0126: fffff800013a87e0 NtWaitHighEventPair (ntoskrnl.exe)
0127: fffff800013a8750 NtWaitLowEventPair (ntoskrnl.exe)

Table #1: fffff97fff0de740, 029b entries, \SystemRoot\System32\win32k.sys
1000: fffff97fff09e6f0 NtUserGetThreadState (win32k.sys)
1001: fffff97fff0a7c41 NtUserPeekMessage (win32k.sys)
1002: fffff97fff0a37c0 NtUserCallOneParam (win32k.sys)
1003: fffff97fff095030 NtUserGetKeyState (win32k.sys)
1004: fffff97fff0a6850 NtUserInvalidateRect (win32k.sys)
1005: fffff97fff0cc380 NtUserCallNoParam (win32k.sys)
1006: fffff97fff0d9150 NtUserGetMessage (win32k.sys)
1007: fffff97fff0a5943 NtUserMessageCall (win32k.sys)
1008: fffff97fff0d5587 NtGdiBitBlt (win32k.sys)
1009: fffff97fff088660 NtGdiGetCharSet (win32k.sys)
100a: fffff97fff0a5e00 NtUserGetDC (win32k.sys)
100b: fffff97fff0ced30 NtGdiSelectBitmap (win32k.sys)
100c: fffff97fff0a7d50 NtUserPeekMessage (win32k.sys)
100d: fffff97fff1318a0 NtUserTranslateMessage (win32k.sys)
100e: fffff97fff0d95a0 NtUserPostMessage (win32k.sys)
100f: fffff97fff0a02f0 NtUserQueryWindow (win32k.sys)
1010: fffff97fff1274b0 NtUserTranslateAccelerator (win32k.sys)
1011: fffff97fff0d96e0 NtGdiFlush (win32k.sys)
1012: fffff97fff060940 NtUserRedrawWindow (win32k.sys)
1013: fffff97fff1282d0 xxxTranslateAccelerator (win32k.sys)
1014: fffff97fff115210 NtUserCallMsgFilter (win32k.sys)
1015: fffff97fff0a7b70 NtUserValidateTimerCallback (win32k.sys)
1016: fffff97fff0a6c40 NtUserBeginPaint (win32k.sys)
1017: fffff97fff0a6500 NtUserSetTimer (win32k.sys)
1018: fffff97fff0a6dd0 NtUserEndPaint (win32k.sys)
1019: fffff97fff0a3130 NtUserSetCursor (win32k.sys)
101a: fffff97fff0a03e0 NtUserKillTimer (win32k.sys)
101b: fffff97fff081d83 NtUserBuildHwndList (win32k.sys)
101c: fffff97fff095a70 NtUserSelectPalette (win32k.sys)
101d: fffff97fff0e89b0 NtUserCallNextHookEx (win32k.sys)
101e: fffff97fff081a90 EngBitBlt (win32k.sys)
101f: fffff97fff0a5eb1 NtGdiIntersectClipRect (win32k.sys)
1020: fffff97fff06f1b0 NtUserCallHwndLock (win32k.sys)
1021: fffff97fff0c83e0 ulGetMatchingIndexFromColorref (win32k.sys)
1022: fffff97fff0c5f20 NtGdiDeleteObjectApp (win32k.sys)
1023: fffff97fff066d83 NtUserSetWindowPos (win32k.sys)
1024: fffff97fff081af0 NtUserHideCaret (win32k.sys)
1025: fffff97fff08b230 NtUserEndDeferWindowPosEx (win32k.sys)
1026: fffff97fff0803d0 NtUserCallHwndParamLock (win32k.sys)
1027: fffff97fff123ba0 NtUserVkKeyScanEx (win32k.sys)
1028: fffff97fff09653c NtGdiSetDIBitsToDeviceInternal (win32k.sys)
1029: fffff97fff053d10 NtUserCallTwoParam (win32k.sys)
102a: fffff97fff0a6230 NtGdiGetRandomRgn (win32k.sys)
102b: fffff97fff15b460 NtUserCopyAcceleratorTable (win32k.sys)
102c: fffff97fff122030 NtUserNotifyWinEvent (win32k.sys)
102d: fffff97fff0c37b0 NtGdiExtSelectClipRgn (win32k.sys)
102e: fffff97fff129fb0 NtUserIsClipboardFormatAvailable (win32k.sys)
102f: fffff97fff0d9af0 NtUserSetScrollInfo (win32k.sys)
1030: fffff97fff0923c8 NtGdiStretchBlt (win32k.sys)
1031: fffff97fff053f80 NtUserCreateCaret (win32k.sys)
1032: fffff97fff093290 NtGdiRectVisible (win32k.sys)
1033: fffff97fff092cc0 NtGdiCombineRgn (win32k.sys)
1034: fffff97fff095c50 NtGdiGetDCObject (win32k.sys)
1035: fffff97fff0a6980 xxxValidateRect (win32k.sys)
1036: fffff97fff095230 NtUserRegisterWindowMessage (win32k.sys)
1037: fffff97fff092fe5 NtGdiExtTextOutW (win32k.sys)
1038: fffff97fff091e70 NtGdiSelectFont (win32k.sys)
1039: fffff97fff0bb720 NtGdiRestoreDC (win32k.sys)
103a: fffff97fff0bb8a0 NtGdiSaveDC (win32k.sys)
103b: fffff97fff07fa30 GreSetDIBColorTable (win32k.sys)
103c: fffff97fff11b220 NtUserShowScrollBar (win32k.sys)
103d: fffff97fff0971d0 NtUserFindExistingCursorIcon (win32k.sys)
103e: fffff97fff092f50 NtGdiGetDCDword (win32k.sys)
103f: fffff97fff081250 NtGdiGetRegionData (win32k.sys)
1040: fffff97fff12f4e0 NtGdiLineTo (win32k.sys)
1041: fffff97fff062820 NtUserSystemParametersInfo (win32k.sys)
1042: fffff97fff0c4de0 GreGetAppClipBox (win32k.sys)
1043: fffff97fff067510 NtUserGetAsyncKeyState (win32k.sys)
1044: fffff97fff05b5e0 NtUserGetCPD (win32k.sys)
1045: fffff97fff065060 NtUserRemoveProp (win32k.sys)
1046: fffff97fff07f702 NtGdiDoPalette (win32k.sys)
1047: fffff97fff050ea1 NtGdiPolyPolyDraw (win32k.sys)
1048: fffff97fff123340 NtUserSetCapture (win32k.sys)
1049: fffff97fff07f330 NtUserEnumDisplayMonitors (win32k.sys)
104a: fffff97fff0a3d20 NtGdiCreateCompatibleBitmap (win32k.sys)
104b: fffff97fff065400 NtUserSetProp (win32k.sys)
104c: fffff97fff092360 RFONTOBJ::bIsLinkedGlyph (win32k.sys)
104d: fffff97fff11b320 NtUserSBGetParms (win32k.sys)
104e: fffff97fff05dee2 NtUserGetIconInfo (win32k.sys)
104f: fffff97fff0f0400 NtUserExcludeUpdateRgn (win32k.sys)
1050: fffff97fff05d520 NtUserSetFocus (win32k.sys)
1051: fffff97fff095df0 NtGdiExtGetObjectW (win32k.sys)
1052: fffff97fff05f4d4 NtUserDeferWindowPos (win32k.sys)
1053: fffff97fff0770a0 NtUserGetUpdateRect (win32k.sys)
1054: fffff97fff0ced20 NtGdiCreateCompatibleDC (win32k.sys)
1055: fffff97fff12a080 NtGdiFlushUserBatch (win32k.sys)
1056: fffff97fff12f8b0 NtGdiCreatePen (win32k.sys)
1057: fffff97fff07fc70 NtUserShowWindow (win32k.sys)
1058: fffff97fff06c600 NtUserGetKeyboardLayoutList (win32k.sys)
1059: fffff97fff083eb2 NtGdiPatBlt (win32k.sys)
105a: fffff97fff101c40 NtUserMapVirtualKeyEx (win32k.sys)
105b: fffff97fff0673f0 NtUserSetWindowLong (win32k.sys)
105c: fffff97fff0c3401 NtGdiHfontCreate (win32k.sys)
105d: fffff97fff088d72 NtUserMoveWindow (win32k.sys)
105e: fffff97fff09e470 NtUserPostThreadMessage (win32k.sys)
105f: fffff97fff076747 NtUserDrawIconEx (win32k.sys)
1060: fffff97fff050300 NtUserGetSystemMenu (win32k.sys)
1061: fffff97fff092cd0 NtGdiDrawStream (win32k.sys)
1062: fffff97fff074ec0 NtUserInternalGetWindowText (win32k.sys)
1063: fffff97fff070290 xxxDrawCaptionBar (win32k.sys)
1064: fffff97fff209783 NtGdiD3dDrawPrimitives2 (win32k.sys)
1065: fffff97fff0f45a0 NtGdiInvertRgn (win32k.sys)
1066: fffff97fff10e080 xxxDoHotKeyStuff (win32k.sys)
1067: fffff97fff138570 NtGdiGetAndSetDCDword (win32k.sys)
1068: fffff97fff0933e9 NtGdiMaskBlt (win32k.sys)
1069: fffff97fff05d3a3 NtGdiGetWidthTable (win32k.sys)
106a: fffff97fff0dd983 NtUserScrollDC (win32k.sys)
106b: fffff97fff0c8711 NtUserGetObjectInformation (win32k.sys)
106c: fffff97fff0ce2a1 NtGdiCreateBitmap (win32k.sys)
106d: fffff97fff0da1d0 NtGdiConsoleTextOut (win32k.sys)
106e: fffff97fff0c4f01 NtUserFindWindowEx (win32k.sys)
106f: fffff97fff084b01 NtGdiPolyPatBlt (win32k.sys)
1070: fffff97fff1212f0 xxxSleepThread (win32k.sys)
1071: fffff97fff055680 NtGdiGetNearestColor (win32k.sys)
1072: fffff97fff128e31 NtGdiTransformPoints (win32k.sys)
1073: fffff97fff130010 GreGetDCPoint (win32k.sys)
1074: fffff97fff130c00 NtUserCheckImeHotKey (win32k.sys)
1075: fffff97fff0e70d2 NtGdiCreateDIBBrush (win32k.sys)
1076: fffff97fff07f670 NtGdiGetTextMetricsW (win32k.sys)
1077: fffff97fff09da5b NtUserCreateWindowEx (win32k.sys)
1078: fffff97fff05e870 NtUserSetParent (win32k.sys)
1079: fffff97fff03d180 NtUserGetKeyboardState (win32k.sys)
107a: fffff97fff152663 NtUserToUnicodeEx (win32k.sys)
107b: fffff97fff054d60 NtUserGetControlBrush (win32k.sys)
107c: fffff97fff081c90 NtUserGetClassName (win32k.sys)
107d: fffff97fff070de8 NtGdiAlphaBlend (win32k.sys)
107e: fffff97fff14a130 NtGdiDdBlt (win32k.sys)
107f: fffff97fff052ff0 NtGdiOffsetRgn (win32k.sys)
1080: fffff97fff0485f0 NtUserDefSetText (win32k.sys)
1081: fffff97fff081090 NtGdiGetTextFaceW (win32k.sys)
1082: fffff97fff06360c NtGdiStretchDIBitsInternal (win32k.sys)
1083: fffff97fff126fc0 NtUserSendInput (win32k.sys)
1084: fffff97fff0cacf0 NtUserGetThreadDesktop (win32k.sys)
1085: fffff97fff052a00 NtGdiCreateRectRgn (win32k.sys)
1086: fffff97fff092595 NtGdiGetDIBitsInternal (win32k.sys)
1087: fffff97fff102050 NtUserGetUpdateRgn (win32k.sys)
1088: fffff97fff138120 NtGdiDeleteClientObj (win32k.sys)
1089: fffff97fff05f070 NtUserGetIconSize (win32k.sys)
108a: fffff97fff113220 NtUserFillWindow (win32k.sys)
108b: fffff97fff0c4760 NtGdiExtCreateRegion (win32k.sys)
108c: fffff97fff052b20 NtGdiComputeXformCoefficients (win32k.sys)
108d: fffff97fff058452 NtUserSetWindowsHookEx (win32k.sys)
108e: fffff97fff0c8680 NtUserNotifyProcessCreate (win32k.sys)
108f: fffff97fff257dc0 NtGdiUnrealizeObject (win32k.sys)
1090: fffff97fff075340 NtUserGetTitleBarInfo (win32k.sys)
1091: fffff97fff12fa51 NtGdiRectangle (win32k.sys)
1092: fffff97fff0398b0 NtUserSetThreadDesktop (win32k.sys)
1093: fffff97fff075af0 NtUserGetDCEx (win32k.sys)
1094: fffff97fff11af30 NtUserGetScrollBarInfo (win32k.sys)
1095: fffff97fff092a31 NtGdiGetTextExtent (win32k.sys)
1096: fffff97fff054990 NtUserSetWindowFNID (win32k.sys)
1097: fffff97fff0c49c0 GreSetLayout (win32k.sys)
1098: fffff97fff074f81 NtUserCalcMenuBar (win32k.sys)
1099: fffff97fff057212 NtUserThunkedMenuItemInfo (win32k.sys)
109a: fffff97fff075cc1 NtGdiExcludeClipRect (win32k.sys)
109b: fffff97fff091b35 NtGdiCreateDIBSection (win32k.sys)
109c: fffff97fff096720 hbmSelectBitmap (win32k.sys)
109d: fffff97fff073720 NtUserDestroyCursor (win32k.sys)
109e: fffff97fff09d9f0 NtUserCreateWindowEx (win32k.sys)
109f: fffff97fff062bd0 NtUserCallHwndParam (win32k.sys)
10a0: fffff97fff098287 NtGdiCreateDIBitmapInternal (win32k.sys)
10a1: fffff97fff0e0340 NtUserOpenWindowStation (win32k.sys)
10a2: fffff97fff1536e0 NtGdiDdDeleteSurfaceObject (win32k.sys)
10a3: fffff97fff0465a0 NtGdiEnumFontClose (win32k.sys)
10a4: fffff97fff046a33 NtGdiEnumFontOpen (win32k.sys)
10a5: fffff97fff0465d1 NtGdiEnumFontChunk (win32k.sys)
10a6: fffff97fff146750 NtGdiDdCanCreateSurface (win32k.sys)
10a7: fffff97fff0e8944 NtGdiDdCreateSurface (win32k.sys)
10a8: fffff97fff097040 NtUserSetCursorIconData (win32k.sys)
10a9: fffff97fff121a80 NtGdiDdDestroySurface (win32k.sys)
10aa: fffff97fff073510 xxxCloseDesktop (win32k.sys)
10ab: fffff97fff075760 NtUserOpenDesktop (win32k.sys)
10ac: fffff97fff03a3a0 FastGetProfileStringW (win32k.sys)
10ad: fffff97fff09c540 NtUserGetAtomName (win32k.sys)
10ae: fffff97fff12d400 NtGdiDdResetVisrgn (win32k.sys)
10af: fffff97fff12aa27 NtGdiExtCreatePen (win32k.sys)
10b0: fffff97fff04e700 NtGdiCreatePaletteInternal (win32k.sys)
10b1: fffff97fff128320 NtUserWindowFromPoint (win32k.sys)
10b2: fffff97fff0757e0 NtUserBuildNameList (win32k.sys)
10b3: fffff97fff057860 NtGdiSetPixel (win32k.sys)
10b4: fffff97fff09c273 NtUserRegisterClassExWOW (win32k.sys)
10b5: fffff97fff05edb0 NtGdiCreatePatternBrushInternal (win32k.sys)
10b6: fffff97fff081f10 NtUserGetAncestor (win32k.sys)
10b7: fffff97fff0f2640 NtGdiGetOutlineTextMetricsInternalW (win32k.sys)
10b8: fffff97fff12fe90 NtGdiSetBitmapBits (win32k.sys)
10b9: fffff97fff03a4a0 NtUserCloseWindowStation (win32k.sys)
10ba: fffff97fff055110 xxxDrawCaptionBar (win32k.sys)
10bb: fffff97fff1789e0 NtUserEnableScrollBar (win32k.sys)
10bc: fffff97fff0ce580 NtGdiCreateSolidBrush (win32k.sys)
10bd: fffff97fff06f6b1 NtUserGetClassInfoEx (win32k.sys)
10be: fffff97fff137fa0 NtGdiCreateClientObj (win32k.sys)
10bf: fffff97fff09d830 NtUserUnregisterClass (win32k.sys)
10c0: fffff97fff058230 NtUserDeleteMenu (win32k.sys)
10c1: fffff97fff0e82f0 NtGdiRectInRegion (win32k.sys)
10c2: fffff97fff113bc4 NtUserScrollWindowEx (win32k.sys)
10c3: fffff97fff0560c0 NtGdiGetPixel (win32k.sys)
10c4: fffff97fff176640 NtUserSetClassLong (win32k.sys)
10c5: fffff97fff1601a0 NtUserGetMenuBarInfo (win32k.sys)
10c6: fffff97fff152f50 NtGdiDdCreateSurfaceEx (win32k.sys)
10c7: fffff97fff152e72 NtGdiDdCreateSurfaceObject (win32k.sys)
10c8: fffff97fff267b50 NtGdiGetNearestPaletteIndex (win32k.sys)
10c9: fffff97fff209630 NtGdiDdLockD3D (win32k.sys)
10ca: fffff97fff209650 NtGdiDdUnlockD3D (win32k.sys)
10cb: fffff97fff0f1372 NtGdiGetCharWidthW (win32k.sys)
10cc: fffff97fff048f90 NtUserInvalidateRgn (win32k.sys)
10cd: fffff97fff0fcf10 bSpBltFromScreen (win32k.sys)
10ce: fffff97fff052d40 NtUserSetWindowRgn (win32k.sys)
10cf: fffff97fff114964 NtUserBitBltSysBmp (win32k.sys)
10d0: fffff97fff04ee30 GreGetCharWidthInfo (win32k.sys)
10d1: fffff97fff0f30a0 NtUserValidateRect (win32k.sys)
10d2: fffff97fff1256e0 NtUserCloseClipboard (win32k.sys)
10d3: fffff97fff125600 NtUserOpenClipboard (win32k.sys)
10d4: fffff97fff0cb6b0 NtGdiGetStockObject (win32k.sys)
10d5: fffff97fff0fd300 NtUserSetClipboardData (win32k.sys)
10d6: fffff97fff118910 NtUserEnableMenuItem (win32k.sys)
10d7: fffff97fff054e70 NtUserAlterWindowStyle (win32k.sys)
10d8: fffff97fff059be0 NtGdiFillRgn (win32k.sys)
10d9: fffff97fff124920 NtUserGetWindowPlacement (win32k.sys)
10da: fffff97fff0c75a0 NtGdiModifyWorldTransform (win32k.sys)
10db: fffff97fff0ee571 NtGdiGetFontData (win32k.sys)
10dc: fffff97fff126860 xxxDisownClipboard (win32k.sys)
10dd: fffff97fff054a90 NtUserSetThreadState (win32k.sys)
10de: fffff97fff0bba33 NtGdiOpenDCW (win32k.sys)
10df: fffff97fff04c3e0 NtUserTrackMouseEvent (win32k.sys)
10e0: fffff97fff0c4020 DC::iSelect (win32k.sys)
10e1: fffff97fff052120 NtUserDestroyMenu (win32k.sys)
10e2: fffff97fff04d340 NtGdiGetBitmapBits (win32k.sys)
10e3: fffff97fff0d14c0 NtUserConsoleControl (win32k.sys)
10e4: fffff97fff054f50 NtUserSetActiveWindow (win32k.sys)
10e5: fffff97fff069df0 NtUserSetInformationThread (win32k.sys)
10e6: fffff97fff035d90 NtUserSetWindowPlacement (win32k.sys)
10e7: fffff97fff1665d0 NtUserGetControlColor (win32k.sys)
10e8: fffff97fff1388c0 NtGdiGetAndSetDCDword (win32k.sys)
10e9: fffff97fff138840 NtGdiSetMiterLimit (win32k.sys)
10ea: fffff97fff138661 NtGdiSetVirtualResolution (win32k.sys)
10eb: fffff97fff102b70 NtGdiGetRasterizerCaps (win32k.sys)
10ec: fffff97fff0f3b10 NtUserSetWindowWord (win32k.sys)
10ed: fffff97fff125eb0 NtUserGetClipboardFormatName (win32k.sys)
10ee: fffff97fff037132 NtUserRealInternalGetMessage (win32k.sys)
10ef: fffff97fff0e8db0 NtUserCreateLocalMemHandle (win32k.sys)
10f0: fffff97fff10e9c0 NtUserAttachThreadInput (win32k.sys)
10f1: fffff97fff04ffd0 NtGdiCreateHalftonePalette (win32k.sys)
10f2: fffff97fff11dd22 NtUserPaintMenuBar (win32k.sys)
10f3: fffff97fff0efdc0 NtUserSetKeyboardState (win32k.sys)
10f4: fffff97fff132b70 NtGdiCombineTransform (win32k.sys)
10f5: fffff97fff050170 NtUserCreateAcceleratorTable (win32k.sys)
10f6: fffff97fff04c050 NtUserGetCursorFrameInfo (win32k.sys)
10f7: fffff97fff0ed852 NtUserGetAltTabInfo (win32k.sys)
10f8: fffff97fff03c090 fsg_WorkSpaceSetOffsets (win32k.sys)
10f9: fffff97fff0cc0d0 NtGdiQueryFontAssocInfo (win32k.sys)
10fa: fffff97fff0cc100 NtUserProcessConnect (win32k.sys)
10fb: fffff97fff077d80 NtUserEnumDisplayDevices (win32k.sys)
10fc: fffff97fff0fd430 NtUserEmptyClipboard (win32k.sys)
10fd: fffff97fff0eb150 NtUserGetClipboardData (win32k.sys)
10fe: fffff97fff036b20 NtUserRemoveMenu (win32k.sys)
10ff: fffff97fff128490 NtGdiSetBoundsRect (win32k.sys)
1100: fffff97fff0d0580 NtUserSetInformationProcess (win32k.sys)
1101: fffff97fff145170 NtGdiTransparentBlt (win32k.sys)
1102: fffff97fff0faf20 NtUserConvertMemHandle (win32k.sys)
1103: fffff97fff112fa0 xxxSimpleDoSyncPaint (win32k.sys)
1104: fffff97fff04ca00 NtUserGetGUIThreadInfo (win32k.sys)
1105: fffff97fff26b370 NtGdiQueryFontAssocInfo (win32k.sys)
1106: fffff97fff04c920 NtUserSetWindowsHookAW (win32k.sys)
1107: fffff97fff036c40 NtUserSetMenuDefaultItem (win32k.sys)
1108: fffff97fff1108c0 NtUserCheckMenuItem (win32k.sys)
1109: fffff97fff0f83a4 NtUserSetWinEventHook (win32k.sys)
110a: fffff97fff122100 NtUserNotifyWinEvent (win32k.sys)
110b: fffff97fff032940 NtGdiSetupPublicCFONT (win32k.sys)
110c: fffff97fff1116b0 NtUserLockWindowUpdate (win32k.sys)
110d: fffff97fff0f0480 NtUserSetSystemMenu (win32k.sys)
110e: fffff97fff0f02d0 NtUserThunkedMenuInfo (win32k.sys)
110f: fffff97fff26b5b0 NtGdiBeginPath (win32k.sys)
1110: fffff97fff26b750 NtGdiEndPath (win32k.sys)
1111: fffff97fff26c040 NtGdiFillPath (win32k.sys)
1112: fffff97fff03ca90 NtUserCallHwnd (win32k.sys)
1113: fffff97fff0322d1 NtUserDdeInitialize (win32k.sys)
1114: fffff97fff0ea0f0 NtUserModifyUserStartupInfoFlags (win32k.sys)
1115: fffff97fff124560 DC::MirrorWindowOrg (win32k.sys)
1116: fffff97fff258561 NtGdiAddFontMemResourceEx (win32k.sys)
1117: fffff97fff15e240 NtGdiEqualRgn (win32k.sys)
1118: fffff97fff0ff090 NtGdiGetSystemPaletteUse (win32k.sys)
1119: fffff97fff258880 NtGdiRemoveFontMemResourceEx (win32k.sys)
111a: fffff97fff035150 NtUserEnumDisplaySettings (win32k.sys)
111b: fffff97fff0771a0 NtUserGetUpdateRect (win32k.sys)
111c: fffff97fff130774 NtGdiExtEscape (win32k.sys)
111d: fffff97fff2595d0 NtGdiGetBitmapDimension (win32k.sys)
111e: fffff97fff02b050 GreSetFontEnumeration (win32k.sys)
111f: fffff97fff126630 NtUserChangeClipboardChain (win32k.sys)
1120: fffff97fff038900 NtUserResolveDesktop (win32k.sys)
1121: fffff97fff122350 NtUserSetClipboardViewer (win32k.sys)
1122: fffff97fff0383c0 NtUserShowWindowAsync (win32k.sys)
1123: fffff97fff078940 NtUserSetConsoleReserveKeys (win32k.sys)
1124: fffff97fff26d0c0 NtGdiCreateColorSpace (win32k.sys)
1125: fffff97fff26d160 NtGdiDeleteColorSpace (win32k.sys)
1126: fffff97fff079780 NtUserActivateKeyboardLayout (win32k.sys)
1127: fffff97fff210010 NtGdiAbortDoc (win32k.sys)
1128: fffff97fff26b490 NtGdiCloseFigure (win32k.sys)
1129: fffff97fff2104f0 NtGdiAddEmbFontToDC (win32k.sys)
112a: fffff97fff03d342 NtGdiAddFontResourceW (win32k.sys)
112b: fffff97fff235120 NtGdiAddRemoteFontToDC (win32k.sys)
112c: fffff97fff211ab0 NtGdiAddRemoteMMInstanceToDC (win32k.sys)
112d: fffff97fff256c22 NtGdiAngleArc (win32k.sys)
112e: fffff97fff156830 NtGdiAnyLinkedFonts (win32k.sys)
112f: fffff97fff270f06 NtGdiArcInternal (win32k.sys)
1130: fffff97fff151270 NtGdiBRUSHOBJ_DeleteRbrush (win32k.sys)
1131: fffff97fff276400 NtGdiBRUSHOBJ_hGetColorTransform (win32k.sys)
1132: fffff97fff276150 NtGdiBRUSHOBJ_pvAllocRbrush (win32k.sys)
1133: fffff97fff276200 NtGdiBRUSHOBJ_pvGetRbrush (win32k.sys)
1134: fffff97fff141ca0 NtGdiXFORMOBJ_iGetXform (win32k.sys)
1135: fffff97fff276040 NtGdiCLIPOBJ_bEnum (win32k.sys)
1136: fffff97fff275fa1 NtGdiCLIPOBJ_cEnumStart (win32k.sys)
1137: fffff97fff275c60 NtGdiCLIPOBJ_ppoGetPath (win32k.sys)
1138: fffff97fff257a30 NtGdiCancelDC (win32k.sys)
1139: fffff97fff258c10 NtGdiChangeGhostFont (win32k.sys)
113a: fffff97fff26dbc4 NtGdiCheckBitmapBits (win32k.sys)
113b: fffff97fff257c70 NtGdiClearBitmapAttributes (win32k.sys)
113c: fffff97fff257d60 NtGdiClearBrushAttributes (win32k.sys)
113d: fffff97fff26de52 NtGdiColorCorrectPalette (win32k.sys)
113e: fffff97fff23c860 NtGdiConvertMetafileRect (win32k.sys)
113f: fffff97fff26d534 NtGdiCreateColorTransform (win32k.sys)
1140: fffff97fff21cf20 NtGdiCreateEllipticRgn (win32k.sys)
1141: fffff97fff266630 NtGdiCreateSolidBrush (win32k.sys)
1142: fffff97fff12a970 EPATHOBJ::bStrokeAndOrFill (win32k.sys)
1143: fffff97fff02e2c2 NtGdiCreateRoundRectRgn (win32k.sys)
1144: fffff97fff15c2c2 NtGdiCreateServerMetaFile (win32k.sys)
1145: fffff97fff209700 NtGdiD3dContextCreate (win32k.sys)
1146: fffff97fff209720 NtGdiD3dContextDestroy (win32k.sys)
1147: fffff97fff209740 NtGdiD3dContextDestroyAll (win32k.sys)
1148: fffff97fff209760 NtGdiD3dValidateTextureStageState (win32k.sys)
1149: fffff97fff2094d0 NtGdiDdAddAttachedSurface (win32k.sys)
114a: fffff97fff2098c0 NtGdiDdAlphaBlt (win32k.sys)
114b: fffff97fff14a0f0 NtGdiDdAttachSurface (win32k.sys)
114c: fffff97fff209840 NtGdiDdBeginMoCompFrame (win32k.sys)
114d: fffff97fff2096c0 NtGdiDdCanCreateD3DBuffer (win32k.sys)
114e: fffff97fff2094f0 NtGdiDdColorControl (win32k.sys)
114f: fffff97fff209674 NtGdiDdCreateD3DBuffer (win32k.sys)
1150: fffff97fff0e8830 NtGdiDdCreateDirectDrawObject (win32k.sys)
1151: fffff97fff1467b0 NtGdiDdCreateMoComp (win32k.sys)
1152: fffff97fff121a60 NtGdiDdDeleteDirectDrawObject (win32k.sys)
1153: fffff97fff2096e0 NtGdiDdDestroyD3DBuffer (win32k.sys)
1154: fffff97fff14a430 NtGdiDdDestroyMoComp (win32k.sys)
1155: fffff97fff209860 NtGdiDdEndMoCompFrame (win32k.sys)
1156: fffff97fff1497b1 NtGdiDdFlip (win32k.sys)
1157: fffff97fff209590 NtGdiDdFlipToGDISurface (win32k.sys)
1158: fffff97fff146770 NtGdiDdGetAvailDriverMemory (win32k.sys)
1159: fffff97fff209510 NtGdiDdGetBltStatus (win32k.sys)
115a: fffff97fff152ea0 NtGdiDdGetDC (win32k.sys)
115b: fffff97fff152ec0 NtGdiDdGetDriverInfo (win32k.sys)
115c: fffff97fff2097c0 NtGdiDdGetDriverState (win32k.sys)
115d: fffff97fff2095f0 NtGdiDdGetDxHandle (win32k.sys)
115e: fffff97fff209530 NtGdiDdGetFlipStatus (win32k.sys)
115f: fffff97fff209820 NtGdiDdGetInternalMoCompInfo (win32k.sys)
1160: fffff97fff209800 NtGdiDdGetMoCompBuffInfo (win32k.sys)
1161: fffff97fff2097e0 NtGdiDdGetMoCompFormats (win32k.sys)
1162: fffff97fff148920 NtGdiDdGetMoCompGuids (win32k.sys)
1163: fffff97fff209550 NtGdiDdGetScanLine (win32k.sys)
1164: fffff97fff12d3b0 NtGdiDdLock (win32k.sys)
1165: fffff97fff0e8d17 NtGdiDdQueryDirectDrawObject (win32k.sys)
1166: fffff97fff2098a0 NtGdiDdQueryMoCompStatus (win32k.sys)
1167: fffff97fff0e8d90 NtGdiDdReenableDirectDrawObject (win32k.sys)
1168: fffff97fff153700 NtGdiDdReleaseDC (win32k.sys)
1169: fffff97fff209880 NtGdiDdRenderMoComp (win32k.sys)
116a: fffff97fff146790 NtGdiDdSetColorKey (win32k.sys)
116b: fffff97fff209570 NtGdiDdSetExclusiveMode (win32k.sys)
116c: fffff97fff209610 NtGdiDdSetGammaRamp (win32k.sys)
116d: fffff97fff2095b0 NtGdiDdSetOverlayPosition (win32k.sys)
116e: fffff97fff14a110 NtGdiDdUnattachSurface (win32k.sys)
116f: fffff97fff12d3d0 NtGdiDdUnlock (win32k.sys)
1170: fffff97fff14a030 NtGdiDdUpdateOverlay (win32k.sys)
1171: fffff97fff2095d0 NtGdiDdWaitForVerticalBlank (win32k.sys)
1172: fffff97fff26d840 NtGdiDeleteColorTransform (win32k.sys)
1173: fffff97fff2597e0 NtGdiDescribePixelFormat (win32k.sys)
1174: fffff97fff156c40 NtGdiDoBanding (win32k.sys)
1175: fffff97fff256df0 NtGdiDrawEscape (win32k.sys)
1176: fffff97fff209ac0 NtGdiDvpAcquireNotification (win32k.sys)
1177: fffff97fff2098e0 NtGdiDvpCanCreateVideoPort (win32k.sys)
1178: fffff97fff209900 NtGdiDvpColorControl (win32k.sys)
1179: fffff97fff209920 NtGdiDvpCreateVideoPort (win32k.sys)
117a: fffff97fff209940 NtGdiDvpDestroyVideoPort (win32k.sys)
117b: fffff97fff209960 NtGdiDvpFlipVideoPort (win32k.sys)
117c: fffff97fff209980 NtGdiDvpGetVideoPortBandwidth (win32k.sys)
117d: fffff97fff209a40 NtGdiDvpGetVideoPortConnectInfo (win32k.sys)
117e: fffff97fff2099a0 NtGdiDvpGetVideoPortField (win32k.sys)
117f: fffff97fff2099c0 NtGdiDvpGetVideoPortFlipStatus (win32k.sys)
1180: fffff97fff2099e0 NtGdiDvpGetVideoPortInputFormats (win32k.sys)
1181: fffff97fff209a00 NtGdiDvpGetVideoPortLine (win32k.sys)
1182: fffff97fff209a20 NtGdiDvpGetVideoPortOutputFormats (win32k.sys)
1183: fffff97fff209a60 NtGdiDvpGetVideoSignalStatus (win32k.sys)
1184: fffff97fff209ae0 NtGdiDvpReleaseNotification (win32k.sys)
1185: fffff97fff209a80 NtGdiDvpUpdateVideoPort (win32k.sys)
1186: fffff97fff209aa0 NtGdiDvpWaitForVideoPortSync (win32k.sys)
1187: fffff97fff2094a2 NtGdiDxgGenericThunk (win32k.sys)
1188: fffff97fff1000f1 NtGdiEllipse (win32k.sys)
1189: fffff97fff027940 FindDefaultLinkedFontEntry (win32k.sys)
118a: fffff97fff1433b0 NtGdiEndDoc (win32k.sys)
118b: fffff97fff1425c0 NtGdiEndPage (win32k.sys)
118c: fffff97fff274a93 NtGdiEngAlphaBlend (win32k.sys)
118d: fffff97fff13f720 NtGdiEngAssociateSurface (win32k.sys)
118e: fffff97fff159db7 NtGdiEngBitBlt (win32k.sys)
118f: fffff97fff277b90 NtGdiEngCheckAbort (win32k.sys)
1190: fffff97fff277c80 NtGdiEngComputeGlyphSet (win32k.sys)
1191: fffff97fff2726e2 NtGdiEngCopyBits (win32k.sys)
1192: fffff97fff13f842 NtGdiEngCreateBitmap (win32k.sys)
1193: fffff97fff275df0 NtGdiEngCreateClip (win32k.sys)
1194: fffff97fff277190 NtGdiEngCreateDeviceBitmap (win32k.sys)
1195: fffff97fff13fa60 NtGdiEngCreateDeviceSurface (win32k.sys)
1196: fffff97fff1364d2 NtGdiEngCreatePalette (win32k.sys)
1197: fffff97fff275ef0 NtGdiEngDeleteClip (win32k.sys)
1198: fffff97fff138c20 RFONTOBJ::bDeleteRFONT (win32k.sys)
1199: fffff97fff275d60 NtGdiEngDeletePath (win32k.sys)
119a: fffff97fff142dc0 NtGdiEngDeleteSurface (win32k.sys)
119b: fffff97fff275a80 NtGdiEngEraseSurface (win32k.sys)
119c: fffff97fff273f43 NtGdiEngFillPath (win32k.sys)
119d: fffff97fff274f86 NtGdiEngGradientFill (win32k.sys)
119e: fffff97fff14f555 NtGdiEngLineTo (win32k.sys)
119f: fffff97fff13f9f0 NtGdiEngLockSurface (win32k.sys)
11a0: fffff97fff156bb0 NtGdiEngMarkBandingSurface (win32k.sys)
11a1: fffff97fff274711 NtGdiEngPaint (win32k.sys)
11a2: fffff97fff2731e7 NtGdiEngPlgBlt (win32k.sys)
11a3: fffff97fff159637 NtGdiEngStretchBlt (win32k.sys)
11a4: fffff97fff150889 NtGdiEngStretchBltROP (win32k.sys)
11a5: fffff97fff274276 NtGdiEngStrokeAndFillPath (win32k.sys)
11a6: fffff97fff273b94 NtGdiEngStrokePath (win32k.sys)
11a7: fffff97fff1408d6 NtGdiEngTextOut (win32k.sys)
11a8: fffff97fff275494 NtGdiEngTransparentBlt (win32k.sys)
11a9: fffff97fff142e50 NtGdiEngUnlockSurface (win32k.sys)
11aa: fffff97fff27dba0 NtGdiEnumObjects (win32k.sys)
11ab: fffff97fff27d733 NtGdiEudcLoadUnloadLink (win32k.sys)
11ac: fffff97fff27fe81 NtGdiExtFloodFill (win32k.sys)
11ad: fffff97fff276830 NtGdiFONTOBJ_cGetAllGlyphHandles (win32k.sys)
11ae: fffff97fff140251 NtGdiFONTOBJ_cGetGlyphs (win32k.sys)
11af: fffff97fff276b70 NtGdiFONTOBJ_pQueryGlyphAttrs (win32k.sys)
11b0: fffff97fff2769e0 NtGdiFONTOBJ_pfdg (win32k.sys)
11b1: fffff97fff141ea0 NtGdiFONTOBJ_pifi (win32k.sys)
11b2: fffff97fff1504b0 NtGdiFONTOBJ_pvTrueTypeFontFile (win32k.sys)
11b3: fffff97fff141a90 NtGdiFONTOBJ_pxoGetXform (win32k.sys)
11b4: fffff97fff150d50 NtGdiFONTOBJ_vGetInfo (win32k.sys)
11b5: fffff97fff26b830 NtGdiEndPath (win32k.sys)
11b6: fffff97fff258140 NtGdiFontIsLinked (win32k.sys)
11b7: fffff97fff1427b0 NtGdiForceUFIMapping (win32k.sys)
11b8: fffff97fff030091 NtGdiFrameRgn (win32k.sys)
11b9: fffff97fff229e11 NtGdiFullscreenControl (win32k.sys)
11ba: fffff97fff128360 NtGdiUnrealizeObject (win32k.sys)
11bb: fffff97fff101302 NtGdiGetCharABCWidthsW (win32k.sys)
11bc: fffff97fff255222 NtGdiGetCharacterPlacementW (win32k.sys)
11bd: fffff97fff257890 NtGdiSetBoundsRect (win32k.sys)
11be: fffff97fff266f00 NtGdiGetDCforBitmap (win32k.sys)
11bf: fffff97fff257b40 NtGdiGetDeviceCaps (win32k.sys)
11c0: fffff97fff136870 NtGdiGetDeviceCapsAll (win32k.sys)
11c1: fffff97fff26e1f0 NtGdiGetDeviceGammaRamp (win32k.sys)
11c2: fffff97fff2593d0 NtGdiGetDeviceWidth (win32k.sys)
11c3: fffff97fff276f00 NtGdiGetDhpdev (win32k.sys)
11c4: fffff97fff283830 NtGdiGetETM (win32k.sys)
11c5: fffff97fff258dd3 NtGdiGetEmbUFI (win32k.sys)
11c6: fffff97fff258bd0 NtGdiGetEmbedFonts (win32k.sys)
11c7: fffff97fff27b990 NtGdiGetEudcTimeStampEx (win32k.sys)
11c8: fffff97fff258933 NtGdiGetFontResourceInfoInternalW (win32k.sys)
11c9: fffff97fff259cc0 NtGdiGetFontUnicodeRanges (win32k.sys)
11ca: fffff97fff259c91 NtGdiGetGlyphIndicesW (win32k.sys)
11cb: fffff97fff259a42 NtGdiGetGlyphIndicesWInternal (win32k.sys)
11cc: fffff97fff257314 NtGdiGetGlyphOutline (win32k.sys)
11cd: fffff97fff257620 NtGdiGetKerningPairs (win32k.sys)
11ce: fffff97fff210220 NtGdiGetLinkedUFIs (win32k.sys)
11cf: fffff97fff12af30 NtGdiGetDCDword (win32k.sys)
11d0: fffff97fff233780 NtGdiGetMonitorID (win32k.sys)
11d1: fffff97fff257730 NtGdiGetObjectBitmapHandle (win32k.sys)
11d2: fffff97fff26cb70 NtGdiGetPath (win32k.sys)
11d3: fffff97fff159c60 GreDoBanding (win32k.sys)
11d4: fffff97fff259dc0 NtGdiGetRealizationInfo (win32k.sys)
11d5: fffff97fff278043 NtGdiGetServerMetaFileBits (win32k.sys)
11d6: fffff97fff026670 NtGdiGetSpoolMessage (win32k.sys)
11d7: fffff97fff2844e1 NtGdiGetStats (win32k.sys)
11d8: fffff97fff27d981 NtGdiGetStringBitmapW (win32k.sys)
11d9: fffff97fff0e6d94 NtGdiGetTextExtentExW (win32k.sys)
11da: fffff97fff258cb2 NtGdiGetUFI (win32k.sys)
11db: fffff97fff258f16 NtGdiGetUFIPathname (win32k.sys)
11dc: fffff97fff0449d2 NtGdiGradientFill (win32k.sys)
11dd: fffff97fff277dd0 NtGdiHT_Get8BPPFormatPalette (win32k.sys)
11de: fffff97fff277ea2 NtGdiHT_Get8BPPMaskPalette (win32k.sys)
11df: fffff97fff26ed34 NtGdiIcmBrushInfo (win32k.sys)
11e0: fffff97fff0cc0f0 NtGdiInit (win32k.sys)
11e1: fffff97fff0264e0 NtGdiInitSpool (win32k.sys)
11e2: fffff97fff259891 NtGdiMakeFontDir (win32k.sys)
11e3: fffff97fff1568f0 GreStretchDIBitsInternal (win32k.sys)
11e4: fffff97fff125cc0 NtGdiMakeObjectUnXferable (win32k.sys)
11e5: fffff97fff125c00 NtGdiMakeObjectXferable (win32k.sys)
11e6: fffff97fff259300 NtGdiMirrorWindowOrg (win32k.sys)
11e7: fffff97fff102610 bCvtPts (win32k.sys)
11e8: fffff97fff257af0 NtGdiCreatePen (win32k.sys)
11e9: fffff97fff156cf0 NtGdiOffsetClipRgn (win32k.sys)
11ea: fffff97fff2772f0 NtGdiPATHOBJ_bEnum (win32k.sys)
11eb: fffff97fff277720 NtGdiPATHOBJ_bEnumClipLines (win32k.sys)
11ec: fffff97fff277500 NtGdiPATHOBJ_bEnum (win32k.sys)
11ed: fffff97fff277580 NtGdiPATHOBJ_vEnumStartClipLines (win32k.sys)
11ee: fffff97fff2771d0 NtGdiPATHOBJ_vGetBounds (win32k.sys)
11ef: fffff97fff26c250 NtGdiPathToRegion (win32k.sys)
11f0: fffff97fff23f767 NtGdiPlgBlt (win32k.sys)
11f1: fffff97fff256300 NtGdiPolyDraw (win32k.sys)
11f2: fffff97fff2564c0 NtGdiPolyTextOutW (win32k.sys)
11f3: fffff97fff154270 NtGdiPtInRegion (win32k.sys)
11f4: fffff97fff21e860 NtGdiPtVisible (win32k.sys)
11f5: fffff97fff13f090 NtGdiQueryFonts (win32k.sys)
11f6: fffff97fff0ff422 NtGdiRemoveFontResourceW (win32k.sys)
11f7: fffff97fff210d50 NtGdiRemoveMergeFont (win32k.sys)
11f8: fffff97fff132fb1 NtGdiResetDC (win32k.sys)
11f9: fffff97fff268600 NtGdiResizePalette (win32k.sys)
11fa: fffff97fff260a93 NtGdiRoundRect (win32k.sys)
11fb: fffff97fff276e40 NtGdiSTROBJ_bEnum (win32k.sys)
11fc: fffff97fff142020 NtGdiSTROBJ_bEnumPositionsOnly (win32k.sys)
11fd: fffff97fff150e70 NtGdiSTROBJ_bGetAdvanceWidths (win32k.sys)
11fe: fffff97fff276e80 NtGdiSTROBJ_bGetAdvanceWidths (win32k.sys)
11ff: fffff97fff141fd0 NtGdiFONTOBJ_pifi (win32k.sys)
1200: fffff97fff23d112 NtGdiScaleViewportExtEx (win32k.sys)
1201: fffff97fff15aef2 NtGdiScaleWindowExtEx (win32k.sys)
1202: fffff97fff116ad0 xxxDrawMenuBarUnderlines (win32k.sys)
1203: fffff97fff26be20 NtGdiSelectClipPath (win32k.sys)
1204: fffff97fff257a50 GreSelectBrush (win32k.sys)
1205: fffff97fff0183c0 NtGdiSetBitmapAttributes (win32k.sys)
1206: fffff97fff257d40 NtGdiSetBrushAttributes (win32k.sys)
1207: fffff97fff2578f0 NtGdiSetColorAdjustment (win32k.sys)
1208: fffff97fff14f4a0 NtGdiSetColorSpace (win32k.sys)
1209: fffff97fff26e780 NtGdiSetDeviceGammaRamp (win32k.sys)
120a: fffff97fff138760 NtGdiSetFontXform (win32k.sys)
120b: fffff97fff134e80 NtGdiSetIcmMode (win32k.sys)
120c: fffff97fff141820 NtGdiSetLinkedUFIs (win32k.sys)
120d: fffff97fff269760 NtGdiSetMagicColors (win32k.sys)
120e: fffff97fff138e40 NtGdiSetPUMPDOBJ (win32k.sys)
120f: fffff97fff2856f0 NtGdiSetPixelFormat (win32k.sys)
1210: fffff97fff257e51 NtGdiSetRectRgn (win32k.sys)
1211: fffff97fff1385b0 NtGdiSetSizeDevice (win32k.sys)
1212: fffff97fff257b50 NtGdiSetSystemPaletteUse (win32k.sys)
1213: fffff97fff264fd0 NtGdiSetTextJustification (win32k.sys)
1214: fffff97fff13f4c0 NtGdiStartDoc (win32k.sys)
1215: fffff97fff141270 NtGdiStartPage (win32k.sys)
1216: fffff97fff26c420 NtGdiStrokeAndFillPath (win32k.sys)
1217: fffff97fff26c7c0 NtGdiStrokePath (win32k.sys)
1218: fffff97fff285c70 NtGdiSwapBuffers (win32k.sys)
1219: fffff97fff042de7 NtGdiTransparentBlt (win32k.sys)
121a: fffff97fff277100 NtGdiUMPDEngFreeUserMem (win32k.sys)
121b: fffff97fff259730 NtGdiUnloadPrinterDriver (win32k.sys)
121c: fffff97fff0cc0f0 NtGdiInit (win32k.sys)
121d: fffff97fff268930 NtGdiUpdateColors (win32k.sys)
121e: fffff97fff23e020 NtGdiUpdateTransform (win32k.sys)
121f: fffff97fff26b9a0 NtGdiWidenPath (win32k.sys)
1220: fffff97fff2764e1 NtGdiXFORMOBJ_bApplyXform (win32k.sys)
1221: fffff97fff141b90 NtGdiXFORMOBJ_iGetXform (win32k.sys)
1222: fffff97fff2779a0 NtGdiXLATEOBJ_cGetPalette (win32k.sys)
1223: fffff97fff2778d0 NtGdiXLATEOBJ_hGetColorTransform (win32k.sys)
1224: fffff97fff277ae0 NtGdiXLATEOBJ_iXlate (win32k.sys)
1225: fffff97fff180770 NtUserAssociateInputContext (win32k.sys)
1226: fffff97fff17d0f0 NtUserBlockInput (win32k.sys)
1227: fffff97fff1809e0 NtUserBuildHimcList (win32k.sys)
1228: fffff97fff17c940 NtUserBuildPropList (win32k.sys)
1229: fffff97fff028cd0 NtUserCallHwndOpt (win32k.sys)
122a: fffff97fff17da10 NtUserChangeDisplaySettings (win32k.sys)
122b: fffff97fff152270 NtUserChildWindowFromPointEx (win32k.sys)
122c: fffff97fff13c9e0 NtUserClipCursor (win32k.sys)
122d: fffff97fff01bc11 NtUserCreateDesktop (win32k.sys)
122e: fffff97fff180680 NtUserCallNextHookEx (win32k.sys)
122f: fffff97fff01ada3 NtUserCreateWindowStation (win32k.sys)
1230: fffff97fff175050 NtUserCtxDisplayIOCtl (win32k.sys)
1231: fffff97fff15dbb0 NtUserDdeGetQualityOfService (win32k.sys)
1232: fffff97fff178b20 NtUserDdeSetQualityOfService (win32k.sys)
1233: fffff97fff180700 NtUserCreateInputContext (win32k.sys)
1234: fffff97fff1440d0 NtUserDisableThreadIme (win32k.sys)
1235: fffff97fff17cde0 NtUserDragDetect (win32k.sys)
1236: fffff97fff175eb1 NtUserDragObject (win32k.sys)
1237: fffff97fff1791a0 NtUserDrawAnimatedRects (win32k.sys)
1238: fffff97fff179360 NtUserDrawCaption (win32k.sys)
1239: fffff97fff17dda3 NtUserDrawCaptionTemp (win32k.sys)
123a: fffff97fff17db61 NtUserDrawMenuBarTemp (win32k.sys)
123b: fffff97fff179640 NtUserEndMenu (win32k.sys)
123c: fffff97fff177000 NtUserEvent (win32k.sys)
123d: fffff97fff181980 NtUserFlashWindowEx (win32k.sys)
123e: fffff97fff1810d0 NtUserGetAppImeLevel (win32k.sys)
123f: fffff97fff0e7aa0 NtUserCreateLocalMemHandle (win32k.sys)
1240: fffff97fff1788c0 NtUserGetClipCursor (win32k.sys)
1241: fffff97fff1796d0 NtUserGetClipboardSequenceNumber (win32k.sys)
1242: fffff97fff1637d0 NtUserGetComboBoxInfo (win32k.sys)
1243: fffff97fff177d00 NtUserGetCursorInfo (win32k.sys)
1244: fffff97fff176880 NtUserGetGuiResources (win32k.sys)
1245: fffff97fff180e80 NtUserGetImeHotKey (win32k.sys)
1246: fffff97fff180b10 NtUserGetImeInfoEx (win32k.sys)
1247: fffff97fff177300 NtUserGetInternalWindowPos (win32k.sys)
1248: fffff97fff17d520 NtUserGetKeyNameText (win32k.sys)
1249: fffff97fff0e0990 NtUserGetKeyboardLayoutName (win32k.sys)
124a: fffff97fff181c10 NtUserGetLayeredWindowAttributes (win32k.sys)
124b: fffff97fff177c20 NtUserGetComboBoxInfo (win32k.sys)
124c: fffff97fff178d40 NtUserGetMenuIndex (win32k.sys)
124d: fffff97fff17ba70 NtUserGetMenuItemRect (win32k.sys)
124e: fffff97fff17b231 NtUserGetMouseMovePointsEx (win32k.sys)
124f: fffff97fff179740 NtUserGetPriorityClipboardFormat (win32k.sys)
1250: fffff97fff182ab0 NtUserGetRawInputBuffer (win32k.sys)
1251: fffff97fff181f41 NtUserGetRawInputData (win32k.sys)
1252: fffff97fff182210 NtUserGetRawInputDeviceInfo (win32k.sys)
1253: fffff97fff182670 NtUserGetRawInputDeviceList (win32k.sys)
1254: fffff97fff182a30 NtUserGetRegisteredRawInputDevices (win32k.sys)
1255: fffff97fff1771a0 NtUserGetWOWClass (win32k.sys)
1256: fffff97fff175200 NtUserHardErrorControl (win32k.sys)
1257: fffff97fff1799b0 NtUserHiliteMenuItem (win32k.sys)
1258: fffff97fff17d1b0 NtUserImpersonateDdeClientWindow (win32k.sys)
1259: fffff97fff177418 NtUserInitTask (win32k.sys)
125a: fffff97fff00b560 NtUserInitialize (win32k.sys)
125b: fffff97fff00c700 NtUserInitializeClientPfnArrays (win32k.sys)
125c: fffff97fff039473 NtUserLoadKeyboardLayoutEx (win32k.sys)
125d: fffff97fff025fd0 NtUserLockWindowStation (win32k.sys)
125e: fffff97fff175810 NtUserLockWorkStation (win32k.sys)
125f: fffff97fff179e20 NtUserMNDragLeave (win32k.sys)
1260: fffff97fff179d50 NtUserMNDragOver (win32k.sys)
1261: fffff97fff17bd00 NtUserMenuItemFromPoint (win32k.sys)
1262: fffff97fff179c10 NtUserMinMaximize (win32k.sys)
1263: fffff97fff181480 NtUserNotifyIMEStatus (win32k.sys)
1264: fffff97fff031430 NtUserOpenInputDesktop (win32k.sys)
1265: fffff97fff181d60 NtUserPrintWindow (win32k.sys)
1266: fffff97fff17bf80 NtUserQueryInformationThread (win32k.sys)
1267: fffff97fff180910 NtUserQueryInputContext (win32k.sys)
1268: fffff97fff17cf90 NtUserQuerySendMessage (win32k.sys)
1269: fffff97fff177f50 NtUserRealChildWindowFromPoint (win32k.sys)
126a: fffff97fff17b620 NtUserRealWaitMessageEx (win32k.sys)
126b: fffff97fff02aba0 NtUserRegisterHotKey (win32k.sys)
126c: fffff97fff182880 NtUserRegisterRawInputDevices (win32k.sys)
126d: fffff97fff177720 NtUserPostThreadMessage (win32k.sys)
126e: fffff97fff0193d0 NtUserRegisterUserApiHook (win32k.sys)
126f: fffff97fff027ac0 NtUserRemoteConnect (win32k.sys)
1270: fffff97fff174ec0 NtUserRemoteRedrawRectangle (win32k.sys)
1271: fffff97fff174f60 NtUserRemoteRedrawScreen (win32k.sys)
1272: fffff97fff174fe0 NtUserRemoteRedrawScreen (win32k.sys)
1273: fffff97fff175980 NtUserResolveDesktopForWOW (win32k.sys)
1274: fffff97fff180fd0 NtUserSetAppImeLevel (win32k.sys)
1275: fffff97fff17a0e0 NtUserSetClassWord (win32k.sys)
1276: fffff97fff17b860 NtUserSetCursorContents (win32k.sys)
1277: fffff97fff0393e1 NtUserSetImeHotKey (win32k.sys)
1278: fffff97fff180d40 NtUserSetImeInfoEx (win32k.sys)
1279: fffff97fff1811a0 NtUserSetImeOwnerWindow (win32k.sys)
127a: fffff97fff1781b0 NtUserSetInternalWindowPos (win32k.sys)
127b: fffff97fff048870 NtUserSetLayeredWindowAttributes (win32k.sys)
127c: fffff97fff016b80 bComputeGlyphAttrBits (win32k.sys)
127d: fffff97fff14b250 NtUserSetMenu (win32k.sys)
127e: fffff97fff179070 NtUserSetMenuContextHelpId (win32k.sys)
127f: fffff97fff179110 NtUserSetMenuFlagRtoL (win32k.sys)
1280: fffff97fff1753e0 NtUserSetObjectInformation (win32k.sys)
1281: fffff97fff0296d0 NtUserSetShellWindowEx (win32k.sys)
1282: fffff97fff17a410 NtUserSetSysColors (win32k.sys)
1283: fffff97fff17b7a0 NtUserSetSystemCursor (win32k.sys)
1284: fffff97fff17cee0 NtUserSetSystemTimer (win32k.sys)
1285: fffff97fff1812f0 NtUserSetThreadLayoutHandles (win32k.sys)
1286: fffff97fff025dc0 NtUserSetWindowStationUser (win32k.sys)
1287: fffff97fff17c1f0 NtUserNotifyProcessCreate (win32k.sys)
1288: fffff97fff02a1d0 NtUserSwitchDesktop (win32k.sys)
1289: fffff97fff17c240 NtUserSoundSentry (win32k.sys)
128a: fffff97fff1619a2 NtUserTrackPopupMenuEx (win32k.sys)
128b: fffff97fff17cc60 NtUserLoadKeyboardLayoutEx (win32k.sys)
128c: fffff97fff029e40 NtUserUnlockWindowStation (win32k.sys)
128d: fffff97fff17ad20 NtUserUnregisterHotKey (win32k.sys)
128e: fffff97fff0179b0 xxxDrawWindowFrame (win32k.sys)
128f: fffff97fff180830 NtUserUpdateInputContext (win32k.sys)
1290: fffff97fff176f20 NtUserUpdateInstance (win32k.sys)
1291: fffff97fff122a46 NtUserUpdateLayeredWindow (win32k.sys)
1292: fffff97fff021410 DrawBox (win32k.sys)
1293: fffff97fff17c3f0 NtUserUserHandleGrantAccess (win32k.sys)
1294: fffff97fff17c3a0 NtUserGetThreadState (win32k.sys)
1295: fffff97fff15e720 NtUserWaitForInputIdle (win32k.sys)
1296: fffff97fff175e60 NtUserInitializeClientPfnArrays (win32k.sys)
1297: fffff97fff1090a0 NtUserSetClassLongPtr (win32k.sys)
1298: fffff97fff064ed0 NtUserSetWindowLongPtr (win32k.sys)
1299: fffff97fff243c02 UMPDDrvQuerySpoolType (win32k.sys)
129a: fffff97fff17b4c0 NtUserYieldTask (win32k.sys)

Table #2: fffff80001076e00, 0128 entries, \WINDOWS\system32\ntoskrnl.exe
2000: fffff80001377240 NtMapUserPhysicalPagesScatter (ntoskrnl.exe)
2001: fffff800012bb020 NtWaitForSingleObject (ntoskrnl.exe)
2002: fffff80001039cf0 NtCallbackReturn (ntoskrnl.exe)
2003: fffff800012c7965 NtReadFile (ntoskrnl.exe)
2004: fffff800012e0fb6 NtDeviceIoControlFile (ntoskrnl.exe)
2005: fffff800012c82c5 NtWriteFile (ntoskrnl.exe)
2006: fffff800012ae541 NtRemoveIoCompletion (ntoskrnl.exe)
2007: fffff800012bb9e0 NtReleaseSemaphore (ntoskrnl.exe)
2008: fffff800012d4720 NtReplyWaitReceivePort (ntoskrnl.exe)
2009: fffff800012dc950 NtReplyPort (ntoskrnl.exe)
200a: fffff800012d80e0 NtSetInformationThread (ntoskrnl.exe)
200b: fffff800012d8ae0 NtSetEvent (ntoskrnl.exe)
200c: fffff800012b6360 NtClose (ntoskrnl.exe)
200d: fffff800012bfa21 NtQueryObject (ntoskrnl.exe)
200e: fffff800012bd281 NtQueryInformationFile (ntoskrnl.exe)
200f: fffff800012be520 NtOpenKey (ntoskrnl.exe)
2010: fffff8000128e752 NtEnumerateValueKey (ntoskrnl.exe)
2011: fffff800012a29e0 NtFindAtom (ntoskrnl.exe)
2012: fffff800012bbe20 NtQueryDefaultLocale (ntoskrnl.exe)
2013: fffff800012947a1 NtQueryKey (ntoskrnl.exe)
2014: fffff800012c0612 NtQueryValueKey (ntoskrnl.exe)
2015: fffff8000104c622 NtAllocateVirtualMemory (ntoskrnl.exe)
2016: fffff800012c1701 NtQueryInformationProcess (ntoskrnl.exe)
2017: fffff800012e8341 CcZeroData (ntoskrnl.exe)
2018: fffff80001266be5 NtWriteFileGather (ntoskrnl.exe)
2019: fffff800012c3280 NtSetInformationProcess (ntoskrnl.exe)
201a: fffff800012a5103 NtCreateKey (ntoskrnl.exe)
201b: fffff8000104cd00 NtFreeVirtualMemory (ntoskrnl.exe)
201c: fffff800012b1b90 NtImpersonateClientOfPort (ntoskrnl.exe)
201d: fffff800012bb480 NtReleaseMutant (ntoskrnl.exe)
201e: fffff800012c8aa1 NtQueryInformationToken (ntoskrnl.exe)
201f: fffff800012d7a80 NtRequestWaitReplyPort (ntoskrnl.exe)
2020: fffff8000105e002 NtQueryVirtualMemory (ntoskrnl.exe)
2021: fffff800012cb9f0 NtOpenThreadToken (ntoskrnl.exe)
2022: fffff800012ca111 NtQueryInformationThread (ntoskrnl.exe)
2023: fffff800012d6eb0 NtOpenProcess (ntoskrnl.exe)
2024: fffff800012c9b91 NtSetInformationFile (ntoskrnl.exe)
2025: fffff800012c4826 NtMapViewOfSection (ntoskrnl.exe)
2026: fffff800012a1057 NtAccessCheckAndAuditAlarm (ntoskrnl.exe)
2027: fffff800012cdb50 NtQueryInformationFile (ntoskrnl.exe)
2028: fffff800012d4041 NtReplyWaitReceivePortEx (ntoskrnl.exe)
2029: fffff800012d5490 NtTerminateProcess (ntoskrnl.exe)
202a: fffff800012b3f10 NtSetEventBoostPriority (ntoskrnl.exe)
202b: fffff800012665e5 NtReadFileScatter (ntoskrnl.exe)
202c: fffff800012ca571 NtOpenThreadTokenEx (ntoskrnl.exe)
202d: fffff800012c8930 NtOpenProcessTokenEx (ntoskrnl.exe)
202e: fffff800012d7420 NtQueryPerformanceCounter (ntoskrnl.exe)
202f: fffff80001294ed2 NtEnumerateKey (ntoskrnl.exe)
2030: fffff800012c43e2 NtOpenFile (ntoskrnl.exe)
2031: fffff800012bb560 NtDelayExecution (ntoskrnl.exe)
2032: fffff800012cacb7 NtQueryDirectoryFile (ntoskrnl.exe)
2033: fffff800012c21f0 NtQuerySystemInformation (ntoskrnl.exe)
2034: fffff800012ce320 ObInsertObject (ntoskrnl.exe)
2035: fffff8000128c721 NtQueryTimer (ntoskrnl.exe)
2036: fffff800012d1786 NtFsControlFile (ntoskrnl.exe)
2037: fffff800012d29c1 NtWriteVirtualMemory (ntoskrnl.exe)
2038: fffff800012a12b0 NtCloseObjectAuditAlarm (ntoskrnl.exe)
2039: fffff800012d6443 NtDuplicateObject (ntoskrnl.exe)
203a: fffff800012c30f0 NtQueryAttributesFile (ntoskrnl.exe)
203b: fffff800012ad160 SepComparePrivilegeAndAttributeArrays (ntoskrnl.exe)
203c: fffff800012dc161 NtReadVirtualMemory (ntoskrnl.exe)
203d: fffff8000128e070 NtOpenEvent (ntoskrnl.exe)
203e: fffff800012b0472 NtAdjustPrivilegesToken (ntoskrnl.exe)
203f: fffff800012b18c2 NtDuplicateToken (ntoskrnl.exe)
2040: fffff80001043af0 NtContinue (ntoskrnl.exe)
2041: fffff800012d4e10 NtQueryDefaultUILanguage (ntoskrnl.exe)
2042: fffff8000128c5f1 NtQueueApcThread (ntoskrnl.exe)
2043: fffff800010246c0 NtYieldExecution (ntoskrnl.exe)
2044: fffff800012ad8d0 NtAddAtom (ntoskrnl.exe)
2045: fffff800012cde31 NtCreateEvent (ntoskrnl.exe)
2046: fffff800012c6b41 NtQueryVolumeInformationFile (ntoskrnl.exe)
2047: fffff800012b6a43 NtCreateSection (ntoskrnl.exe)
2048: fffff800012adf20 NtFlushBuffersFile (ntoskrnl.exe)
2049: fffff800012dc740 NtApphelpCacheControl (ntoskrnl.exe)
204a: fffff800012d32c5 NtCreateProcessEx (ntoskrnl.exe)
204b: fffff800012d1e64 NtCreateThread (ntoskrnl.exe)
204c: fffff800012dc7c0 NtIsProcessInJob (ntoskrnl.exe)
204d: fffff800012d1a11 NtProtectVirtualMemory (ntoskrnl.exe)
204e: fffff800012d1881 NtQuerySection (ntoskrnl.exe)
204f: fffff800012d2550 NtResumeThread (ntoskrnl.exe)
2050: fffff800012e0670 NtTerminateThread (ntoskrnl.exe)
2051: fffff800012de222 NtReadRequestData (ntoskrnl.exe)
2052: fffff800012c6ab7 NtCreateFile (ntoskrnl.exe)
2053: fffff8000128f9c1 NtQueryEvent (ntoskrnl.exe)
2054: fffff800012e03c2 NtWriteRequestData (ntoskrnl.exe)
2055: fffff800012d17f0 NtLockFile (ntoskrnl.exe)
2056: fffff800012a149c NtAccessCheckByTypeAndAuditAlarm (ntoskrnl.exe)
2057: fffff800013a5010 NtQuerySystemTime (ntoskrnl.exe)
2058: fffff800012bb621 NtWaitForMultipleObjects (ntoskrnl.exe)
2059: fffff800012d5f90 NtSetInformationObject (ntoskrnl.exe)
205a: fffff800012680e0 NtCancelIoFile (ntoskrnl.exe)
205b: fffff80001100450 NtTraceEvent (ntoskrnl.exe)
205c: fffff8000126e6b1 NtPowerInformation (ntoskrnl.exe)
205d: fffff80001297d82 NtSetValueKey (ntoskrnl.exe)
205e: fffff80001029640 ExSetResourceOwnerPointer (ntoskrnl.exe)
205f: fffff80001033c23 NtSetTimer (ntoskrnl.exe)
2060: fffff800012d8f62 NtAcceptConnectPort (ntoskrnl.exe)
2061: fffff800012acba4 NtAccessCheck (ntoskrnl.exe)
2062: fffff8000128a307 NtAccessCheckByType (ntoskrnl.exe)
2063: fffff80001390317 NtAccessCheckByTypeResultList (ntoskrnl.exe)
2064: fffff8000139316c NtAccessCheckByTypeResultListAndAuditAlarm (ntoskrnl.exe)
2065: fffff8000139321d NtAccessCheckByTypeResultListAndAuditAlarmByHandle (ntoskrnl.exe)
2066: fffff800013a8510 NtAddBootEntry (ntoskrnl.exe)
2067: fffff800013a8510 NtAddBootEntry (ntoskrnl.exe)
2068: fffff8000138efe2 NtAdjustGroupsToken (ntoskrnl.exe)
2069: fffff800013847e0 NtAlertResumeThread (ntoskrnl.exe)
206a: fffff800012adc20 RtlpCoalesceFreeBlocks (ntoskrnl.exe)
206b: fffff80001296dd0 NtAllocateLocallyUniqueId (ntoskrnl.exe)
206c: fffff80001377970 NtAllocateUserPhysicalPages (ntoskrnl.exe)
206d: fffff800013a6760 NtAllocateUuids (ntoskrnl.exe)
206e: fffff800012e78b0 NtAreMappedFilesTheSame (ntoskrnl.exe)
206f: fffff80001263f80 NtAssignProcessToJobObject (ntoskrnl.exe)
2070: fffff800013a8510 NtAddBootEntry (ntoskrnl.exe)
2071: fffff8000133f390 NtCompactKeys (ntoskrnl.exe)
2072: fffff800012ace30 NtCompareTokens (ntoskrnl.exe)
2073: fffff800012d9690 NtCompleteConnectPort (ntoskrnl.exe)
2074: fffff8000133f6e0 NtCompressKey (ntoskrnl.exe)
2075: fffff800012d8ba4 NtConnectPort (ntoskrnl.exe)
2076: fffff800013ab950 NtCreateDebugObject (ntoskrnl.exe)
2077: fffff80001254120 NtCreateDirectoryObject (ntoskrnl.exe)
2078: fffff800013a8520 NtCreateEventPair (ntoskrnl.exe)
2079: fffff8000128dc20 NtCreateIoCompletion (ntoskrnl.exe)
207a: fffff8000125bc10 NtCreateJobObject (ntoskrnl.exe)
207b: fffff80001383eb0 NtCreateJobSet (ntoskrnl.exe)
207c: fffff8000122bd60 NtCreateKeyedEvent (ntoskrnl.exe)
207d: fffff8000125fe54 NtCreateMailslotFile (ntoskrnl.exe)
207e: fffff800012d74d0 NtCreateMutant (ntoskrnl.exe)
207f: fffff800012b465a NtCreateNamedPipeFile (ntoskrnl.exe)
2080: fffff80001241f00 NtCreatePagingFile (ntoskrnl.exe)
2081: fffff80001270e31 NtCreatePort (ntoskrnl.exe)
2082: fffff800012476d4 NtCreateProcess (ntoskrnl.exe)
2083: fffff800013a7635 NtCreateProfile (ntoskrnl.exe)
2084: fffff800012cafd1 NtCreateSemaphore (ntoskrnl.exe)
2085: fffff8000125ed20 NtCreateSymbolicLinkObject (ntoskrnl.exe)
2086: fffff8000128dd30 NtCreateTimer (ntoskrnl.exe)
2087: fffff80001262549 NtCreateToken (ntoskrnl.exe)
2088: fffff8000125b651 NtCreateWaitablePort (ntoskrnl.exe)
2089: fffff800013ad140 NtDebugActiveProcess (ntoskrnl.exe)
208a: fffff800013adb30 NtDebugContinue (ntoskrnl.exe)
208b: fffff800012ad5f0 ObpCreateUnnamedHandle (ntoskrnl.exe)
208c: fffff800013a8510 NtAddBootEntry (ntoskrnl.exe)
208d: fffff800013a8510 NtAddBootEntry (ntoskrnl.exe)
208e: fffff8000125bae0 NtDeleteFile (ntoskrnl.exe)
208f: fffff80001290f10 NtDeleteKey (ntoskrnl.exe)
2090: fffff800012e8c10 NtDeleteObjectAuditAlarm (ntoskrnl.exe)
2091: fffff8000129be30 NtDeleteValueKey (ntoskrnl.exe)
2092: fffff800012408c0 NtDisplayString (ntoskrnl.exe)
2093: fffff800013a8510 NtAddBootEntry (ntoskrnl.exe)
2094: fffff800013a8510 NtAddBootEntry (ntoskrnl.exe)
2095: fffff800013a8510 NtAddBootEntry (ntoskrnl.exe)
2096: fffff800013767e0 NtExtendSection (ntoskrnl.exe)
2097: fffff80001252e12 NtFilterToken (ntoskrnl.exe)
2098: fffff800012d1bd0 NtFlushInstructionCache (ntoskrnl.exe)
2099: fffff8000126d980 NtFlushKey (ntoskrnl.exe)
209a: fffff80001296e60 NtFlushVirtualMemory (ntoskrnl.exe)
209b: fffff80001378f50 NtFlushWriteBuffer (ntoskrnl.exe)
209c: fffff800013782f0 NtFreeUserPhysicalPages (ntoskrnl.exe)
209d: fffff800012deb40 NtGetContextThread (ntoskrnl.exe)
209e: fffff800013816f0 NtGetCurrentProcessorNumber (ntoskrnl.exe)
209f: fffff8000137fae0 NtGetDevicePowerState (ntoskrnl.exe)
20a0: fffff8000127dd70 NtGetPlugPlayEvent (ntoskrnl.exe)
20a1: fffff800010eb4b3 NtGetWriteWatch (ntoskrnl.exe)
20a2: fffff800012725b0 NtImpersonateAnonymousToken (ntoskrnl.exe)
20a3: fffff800012db220 NtImpersonateThread (ntoskrnl.exe)
20a4: fffff800012596c0 NtInitializeRegistry (ntoskrnl.exe)
20a5: fffff8000137f7e0 NtInitiatePowerAction (ntoskrnl.exe)
20a6: fffff8000137fac0 NtIsSystemResumeAutomatic (ntoskrnl.exe)
20a7: fffff80001258d10 NtListenPort (ntoskrnl.exe)
20a8: fffff80001259000 NtLoadDriver (ntoskrnl.exe)
20a9: fffff80001250a00 NtLoadKey (ntoskrnl.exe)
20aa: fffff8000133d470 NtLoadKey2 (ntoskrnl.exe)
20ab: fffff80001250320 NtLoadKeyEx (ntoskrnl.exe)
20ac: fffff80001296046 NtLockFile (ntoskrnl.exe)
20ad: fffff80001251fd0 NtLockProductActivationKeys (ntoskrnl.exe)
20ae: fffff8000122ed70 IopAppendLegacyVeto (ntoskrnl.exe)
20af: fffff800010083f0 NtLockVirtualMemory (ntoskrnl.exe)
20b0: fffff8000125f840 NtMakePermanentObject (ntoskrnl.exe)
20b1: fffff80001256b00 NtMakeTemporaryObject (ntoskrnl.exe)
20b2: fffff80001376cd0 NtMapUserPhysicalPages (ntoskrnl.exe)
20b3: fffff800013a8510 NtAddBootEntry (ntoskrnl.exe)
20b4: fffff800013a8510 NtAddBootEntry (ntoskrnl.exe)
20b5: fffff800012a1715 NtNotifyChangeDirectoryFile (ntoskrnl.exe)
20b6: fffff800012d0066 NtNotifyChangeKey (ntoskrnl.exe)
20b7: fffff800012cfb98 NtNotifyChangeMultipleKeys (ntoskrnl.exe)
20b8: fffff800013a8650 NtOpenEventPair (ntoskrnl.exe)
20b9: fffff8000135e570 NtCreateIoCompletion (ntoskrnl.exe)
20ba: fffff80001383490 NtCreateJobObject (ntoskrnl.exe)
20bb: fffff800012d39f0 ObpCloseHandleProcedure (ntoskrnl.exe)
20bc: fffff800012b33b0 SePrivilegedServiceAuditAlarm (ntoskrnl.exe)
20bd: fffff8000128ab58 NtOpenObjectAuditAlarm (ntoskrnl.exe)
20be: fffff800012c8a80 NtOpenProcessToken (ntoskrnl.exe)
20bf: fffff800012643d0 NtOpenSemaphore (ntoskrnl.exe)
20c0: fffff800012cdf70 NtOpenEvent (ntoskrnl.exe)
20c1: fffff800012dd5c0 NtOpenThread (ntoskrnl.exe)
20c2: fffff800013a7d00 NtOpenTimer (ntoskrnl.exe)
20c3: fffff8000128fc40 NtPlugPlayControl (ntoskrnl.exe)
20c4: fffff8000128f620 NtPrivilegeCheck (ntoskrnl.exe)
20c5: fffff8000124adf2 NtPrivilegeObjectAuditAlarm (ntoskrnl.exe)
20c6: fffff80001265fb1 NtPrivilegedServiceAuditAlarm (ntoskrnl.exe)
20c7: fffff8000125cf20 NtPulseEvent (ntoskrnl.exe)
20c8: fffff800013a8510 NtAddBootEntry (ntoskrnl.exe)
20c9: fffff800013a8510 NtAddBootEntry (ntoskrnl.exe)
20ca: fffff8000101f520 NtQueryDebugFilterState (ntoskrnl.exe)
20cb: fffff800012b36c3 NtQueryDirectoryObject (ntoskrnl.exe)
20cc: fffff800013a8510 NtAddBootEntry (ntoskrnl.exe)
20cd: fffff8000135f195 NtQueryEaFile (ntoskrnl.exe)
20ce: fffff8000129f220 NtQueryFullAttributesFile (ntoskrnl.exe)
20cf: fffff8000126d591 NtQueryInformationAtom (ntoskrnl.exe)
20d0: fffff8000124be71 NtQueryInformationJobObject (ntoskrnl.exe)
20d1: fffff80001373ac1 NtQueryInformationPort (ntoskrnl.exe)
20d2: fffff8000128d530 NtQueryInstallUILanguage (ntoskrnl.exe)
20d3: fffff800013a7c50 NtQueryIntervalProfile (ntoskrnl.exe)
20d4: fffff8000135e691 NtQueryIoCompletion (ntoskrnl.exe)
20d5: fffff8000133e262 NtQueryMultipleValueKey (ntoskrnl.exe)
20d6: fffff800013a7341 NtQueryMutant (ntoskrnl.exe)
20d7: fffff8000133e5e0 NtQueryOpenSubKeys (ntoskrnl.exe)
20d8: fffff8000133ea00 NtQueryOpenSubKeysEx (ntoskrnl.exe)
20d9: fffff800013af020 ShimExceptionHandler (ntoskrnl.exe)
20da: fffff8000135ff05 NtQueryQuotaInformationFile (ntoskrnl.exe)
20db: fffff8000128f461 NtQuerySecurityObject (ntoskrnl.exe)
20dc: fffff800013a64b1 NtQuerySemaphore (ntoskrnl.exe)
20dd: fffff800012ce000 NtQuerySymbolicLinkObject (ntoskrnl.exe)
20de: fffff800013a7dc0 NtQuerySystemEnvironmentValue (ntoskrnl.exe)
20df: fffff800013a8511 NtSetBootOptions (ntoskrnl.exe)
20e0: fffff8000126f6f0 NtQueryTimerResolution (ntoskrnl.exe)
20e1: fffff80001043bb0 NtRaiseException (ntoskrnl.exe)
20e2: fffff800013a6162 NtRaiseHardError (ntoskrnl.exe)
20e3: fffff800012d8810 NtSetInformationThread (ntoskrnl.exe)
20e4: fffff800013a8b90 NtReleaseKeyedEvent (ntoskrnl.exe)
20e5: fffff800013ad2d0 NtRemoveProcessDebug (ntoskrnl.exe)
20e6: fffff8000133ee20 NtRenameKey (ntoskrnl.exe)
20e7: fffff8000133e090 NtReplaceKey (ntoskrnl.exe)
20e8: fffff800013732a0 NtReplyWaitReplyPort (ntoskrnl.exe)
20e9: fffff800013a8510 NtAddBootEntry (ntoskrnl.exe)
20ea: fffff80001289790 NtRequestPort (ntoskrnl.exe)
20eb: fffff8000137f730 NtRequestWakeupLatency (ntoskrnl.exe)
20ec: fffff800012de360 NtResetEvent (ntoskrnl.exe)
20ed: fffff800010ec4f0 NtResetWriteWatch (ntoskrnl.exe)
20ee: fffff8000133cc50 NtRestoreKey (ntoskrnl.exe)
20ef: fffff80001384770 NtSuspendProcess (ntoskrnl.exe)
20f0: fffff8000133ce20 NtSaveKey (ntoskrnl.exe)
20f1: fffff8000133cfd0 NtSaveKeyEx (ntoskrnl.exe)
20f2: fffff8000133d1d0 NtSaveMergedKeys (ntoskrnl.exe)
20f3: fffff800012d0e95 NtSecureConnectPort (ntoskrnl.exe)
20f4: fffff800013a8510 NtAddBootEntry (ntoskrnl.exe)
20f5: fffff800013a8510 NtAddBootEntry (ntoskrnl.exe)
20f6: fffff800012df4e0 NtSetContextThread (ntoskrnl.exe)
20f7: fffff800013ae2b0 NtSetDebugFilterState (ntoskrnl.exe)
20f8: fffff80001248640 NtSetSystemInformation (ntoskrnl.exe)
20f9: fffff80001251020 NtSetDefaultLocale (ntoskrnl.exe)
20fa: fffff80001251260 NtSetDefaultUILanguage (ntoskrnl.exe)
20fb: fffff800013a8510 NtAddBootEntry (ntoskrnl.exe)
20fc: fffff8000135f9c0 NtSetEaFile (ntoskrnl.exe)
20fd: fffff800013a8a10 NtSetHighEventPair (ntoskrnl.exe)
20fe: fffff800013a8900 NtSetHighWaitLowEventPair (ntoskrnl.exe)
20ff: fffff800013ade41 NtSetInformationDebugObject (ntoskrnl.exe)
2100: fffff8000125c790 NtSetInformationJobObject (ntoskrnl.exe)
2101: fffff800012a2da0 NtSetInformationKey (ntoskrnl.exe)
2102: fffff80001261ec0 NtSetInformationToken (ntoskrnl.exe)
2103: fffff800013a7c30 NtSetIntervalProfile (ntoskrnl.exe)
2104: fffff800012aa2c1 NtSetIoCompletion (ntoskrnl.exe)
2105: fffff800010f3372 xHalAllocateMapRegisters (ntoskrnl.exe)
2106: fffff800013a8990 NtSetLowEventPair (ntoskrnl.exe)
2107: fffff800013a8870 NtSetLowWaitHighEventPair (ntoskrnl.exe)
2108: fffff80001360820 NtSetQuotaInformationFile (ntoskrnl.exe)
2109: fffff80001275be0 NtSetSecurityObject (ntoskrnl.exe)
210a: fffff800013a8150 NtSetSystemEnvironmentValue (ntoskrnl.exe)
210b: fffff800013a8511 NtSetBootOptions (ntoskrnl.exe)
210c: fffff800012652c0 NtSetSystemInformation (ntoskrnl.exe)
210d: fffff800013c6ad0 NtSetSystemPowerState (ntoskrnl.exe)
210e: fffff800013a5090 NtSetSystemTime (ntoskrnl.exe)
210f: fffff800012e9d40 NtSetThreadExecutionState (ntoskrnl.exe)
2110: fffff800012e9630 NtSetTimerResolution (ntoskrnl.exe)
2111: fffff8000124cb90 NtSetUuidSeed (ntoskrnl.exe)
2112: fffff80001360901 NtSetVolumeInformationFile (ntoskrnl.exe)
2113: fffff800013a4ed0 NtShutdownSystem (ntoskrnl.exe)
2114: fffff800010186b0 NtSignalAndWaitForSingleObject (ntoskrnl.exe)
2115: fffff800013a78d0 NtStartProfile (ntoskrnl.exe)
2116: fffff800013a7b20 NtStopProfile (ntoskrnl.exe)
2117: fffff80001384700 NtSuspendThread (ntoskrnl.exe)
2118: fffff800012e97a0 NtSuspendThread (ntoskrnl.exe)
2119: fffff800013a9322 NtSystemDebugControl (ntoskrnl.exe)
211a: fffff800013836d0 NtTerminateJobObject (ntoskrnl.exe)
211b: fffff800012d19e0 NtTestAlert (ntoskrnl.exe)
211c: fffff800013a8510 NtAddBootEntry (ntoskrnl.exe)
211d: fffff800013643e0 NtUnloadDriver (ntoskrnl.exe)
211e: fffff8000133d520 NtUnloadKey (ntoskrnl.exe)
211f: fffff8000133d530 NtUnloadKey2 (ntoskrnl.exe)
2120: fffff8000133db80 NtUnloadKeyEx (ntoskrnl.exe)
2121: fffff80001296301 NtUnlockFile (ntoskrnl.exe)
2122: fffff8000100de60 NtUnlockVirtualMemory (ntoskrnl.exe)
2123: fffff800013969c0 NtVdmControl (ntoskrnl.exe)
2124: fffff800013ad6b0 NtWaitForDebugEvent (ntoskrnl.exe)
2125: fffff800013a8f50 NtWaitForKeyedEvent (ntoskrnl.exe)
2126: fffff800013a87e0 NtWaitHighEventPair (ntoskrnl.exe)
2127: fffff800013a8750 NtWaitLowEventPair (ntoskrnl.exe)

Table #3: 0000000000000000, 0000 entries, <none>
Cleanup...

Unloading MemMap driver