Windows syscall lister
Copyleft (c) by Omega Red 2005,2006
[Windows x64 edition - 10.07.2006]
[Cleanup, single 32/64bit source - 07.2007]

Windows version: 6.0.6001, platform 2, Service Pack 1

NtQuerySystemInformation ok, kernel base: 0000000081807000

Base             Size     Flags    Idx  RefC  Image
-----------------------------------------------------------
773d0000 00127000 00000000 008b 0001 \Windows\System32\ntdll.dll
80401000 00008000 09104000 0002 0003 \SystemRoot\system32\kdcom.dll
80409000 00060000 09104000 0003 0001 \SystemRoot\system32\mcupdate_GenuineIntel.dll
80469000 00011000 0d104000 0004 0003 \SystemRoot\system32\PSHED.dll
8047a000 00008000 0d104000 0005 0001 \SystemRoot\system32\BOOTVID.dll
80482000 00041000 09104000 0006 0003 \SystemRoot\system32\CLFS.SYS
804c3000 000e0000 0d104000 0007 0003 \SystemRoot\system32\CI.dll
805a3000 00013000 49104000 0066 0001 \SystemRoot\system32\DRIVERS\wanarp.sys
805bb000 0000d000 4d104000 0038 0002 \SystemRoot\system32\DRIVERS\watchdog.sys
805c8000 0000b000 49104000 0039 0001 \SystemRoot\system32\DRIVERS\usbuhci.sys
805d3000 0001c000 49104000 0064 0001 \SystemRoot\System32\DRIVERS\vmhgfs.sys
80600000 0010b000 09104000 0008 0018 \SystemRoot\system32\DRIVERS\NDIS.SYS
8070b000 0002b000 0d104000 0009 0004 \SystemRoot\system32\DRIVERS\msrpc.sys
80736000 0003a000 0d104000 000a 0017 \SystemRoot\system32\DRIVERS\NETIO.SYS
80770000 0007c000 09104000 000b 0001 \SystemRoot\system32\drivers\Wdf01000.sys
807ec000 0000d000 0d104000 000c 0005 \SystemRoot\system32\drivers\WDFLDR.SYS
81010000 00201000 69104000 0073 0005 \SystemRoot\System32\win32k.sys
81220000 00017000 69104000 0075 0002 \SystemRoot\System32\drivers\dxg.sys
81250000 00009000 69104000 0076 0001 \SystemRoot\System32\TSDDD.dll
81310000 00029000 69104000 0089 0001 \SystemRoot\System32\vmx_fb.dll
81807000 003b9000 08004000 0000 0064 \SystemRoot\system32\ntkrnlpa.exe
81bc0000 00033000 08004000 0001 0051 \SystemRoot\system32\hal.dll
81e05000 00046000 09104000 000d 0001 \SystemRoot\system32\drivers\acpi.sys
81e4b000 00009000 0d104000 000e 0014 \SystemRoot\system32\drivers\WMILIB.SYS
81e54000 00008000 09104000 000f 0001 \SystemRoot\system32\drivers\msisadrv.sys
81e5c000 00027000 09104000 0010 0001 \SystemRoot\system32\drivers\pci.sys
81e83000 0000f000 09104000 0011 0001 \SystemRoot\System32\drivers\partmgr.sys
81e92000 00003000 09104000 0012 0001 \SystemRoot\system32\DRIVERS\compbatt.sys
81e95000 0000a000 0d104000 0013 0002 \SystemRoot\system32\DRIVERS\BATTC.SYS
81e9f000 0000f000 09104000 0014 0001 \SystemRoot\system32\drivers\volmgr.sys
81eae000 0004a000 09104000 0015 0001 \SystemRoot\System32\drivers\volmgrx.sys
81ef8000 00007000 09104000 0016 0001 \SystemRoot\system32\drivers\intelide.sys
81eff000 0000e000 0d104000 0017 0001 \SystemRoot\system32\drivers\PCIIDEX.SYS
81f0d000 00010000 09104000 0018 0001 \SystemRoot\System32\drivers\mountmgr.sys
81f1d000 00008000 09104000 0019 0001 \SystemRoot\system32\drivers\atapi.sys
81f25000 0001e000 0d104000 001a 0001 \SystemRoot\system32\drivers\ataport.SYS
81f43000 00018000 09104000 001b 0001 \SystemRoot\system32\drivers\lsi_sas.sys
81f5b000 00041000 0d104000 001c 0002 \SystemRoot\system32\drivers\storport.sys
81f9c000 00032000 09104000 001d 0003 \SystemRoot\system32\drivers\fltmgr.sys
81fce000 0000e000 49104000 0036 0001 \SystemRoot\system32\DRIVERS\vmx_svga.sys
81fdc000 00021000 4d104000 0037 0005 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
82408000 00071000 09104000 001e 000d \SystemRoot\System32\Drivers\ksecdd.sys
82479000 000e7000 09104020 001f 0001 \SystemRoot\System32\drivers\tcpip.sys
82560000 0001b000 0d104000 0020 0004 \SystemRoot\System32\drivers\fwpkclnt.sys
8257b000 00008000 09104000 0021 0001 \SystemRoot\system32\drivers\storflt.sys
82583000 0000b000 49104000 002f 0001 \SystemRoot\system32\DRIVERS\mouclass.sys
8258e000 00018000 49104000 0030 0001 \SystemRoot\system32\DRIVERS\parport.sys
825a6000 0001a000 49104000 0031 0001 \SystemRoot\system32\DRIVERS\serial.sys
825c0000 0000a000 49104000 0032 0001 \SystemRoot\system32\DRIVERS\serenum.sys
825ca000 0000b000 49104000 0033 0001 \SystemRoot\system32\DRIVERS\fdc.sys
825d5000 00018000 49104000 0034 0001 \SystemRoot\system32\DRIVERS\cdrom.sys
825ed000 0000c000 49104000 0035 0001 \SystemRoot\system32\DRIVERS\vmci.sys
82602000 0010f000 09104000 0022 0001 \SystemRoot\System32\Drivers\Ntfs.sys
82711000 00039000 09104000 0023 0001 \SystemRoot\system32\drivers\volsnap.sys
8274a000 00008000 09104000 0024 0001 \SystemRoot\System32\Drivers\spldr.sys
82752000 0000f000 09104000 0025 0003 \SystemRoot\System32\Drivers\mup.sys
82761000 00011000 09104000 0026 0001 \SystemRoot\system32\drivers\disk.sys
82772000 00021000 0d104000 0027 0002 \SystemRoot\system32\drivers\CLASSPNP.SYS
82793000 00010000 09104000 0028 0001 \SystemRoot\system32\DRIVERS\agp440.sys
827a3000 00009000 09104000 0029 0001 \SystemRoot\system32\drivers\crcdisk.sys
827ac000 0001f000 49104000 007d 0003 \SystemRoot\system32\DRIVERS\mrxsmb.sys
827cc000 0000b000 49104000 002a 0001 \SystemRoot\system32\DRIVERS\tunnel.sys
827d7000 00009000 49104000 002b 0001 \SystemRoot\system32\DRIVERS\tunmp.sys
827e0000 00013000 49104000 002c 0001 \SystemRoot\system32\DRIVERS\i8042prt.sys
827f3000 0000b000 49104000 002d 0001 \SystemRoot\system32\DRIVERS\kbdclass.sys
827fe000 00002000 49104000 002e 0001 \SystemRoot\system32\DRIVERS\vmmouse.sys
88e08000 0003e000 4d104000 003a 0002 \SystemRoot\system32\DRIVERS\USBPORT.SYS
88e46000 0001d000 49104000 003b 0001 \SystemRoot\system32\DRIVERS\E1G60I32.sys
88e63000 00005000 49104000 003c 0001 \SystemRoot\system32\drivers\vmaudio.sys
88e68000 0002d000 4d104000 003d 0001 \SystemRoot\system32\drivers\portcls.sys
88e95000 00025000 4d104000 003e 0001 \SystemRoot\system32\drivers\drmk.sys
88eba000 0002a000 4d104000 003f 0003 \SystemRoot\system32\drivers\ks.sys
88ee4000 0000f000 49104000 0040 0001 \SystemRoot\system32\DRIVERS\usbehci.sys
88ef3000 00004000 49104000 0041 0001 \SystemRoot\system32\DRIVERS\CmBatt.sys
88ef7000 0000f000 49104000 0042 0001 \SystemRoot\system32\DRIVERS\intelppm.sys
88f06000 0002e000 49104000 0043 0001 \SystemRoot\system32\DRIVERS\msiscsi.sys
88f34000 0000b000 4d104000 0044 0009 \SystemRoot\system32\DRIVERS\TDI.SYS
88f3f000 00017000 49104000 0045 0001 \SystemRoot\system32\DRIVERS\rasl2tp.sys
88f56000 0000b000 49104000 0046 0002 \SystemRoot\system32\DRIVERS\ndistapi.sys
88f61000 00023000 49104000 0047 0001 \SystemRoot\system32\DRIVERS\ndiswan.sys
88f84000 0000f000 49104000 0048 0001 \SystemRoot\system32\DRIVERS\raspppoe.sys
88f93000 00014000 49104000 0049 0001 \SystemRoot\system32\DRIVERS\raspptp.sys
88fa7000 00015000 49104000 004a 0001 \SystemRoot\system32\DRIVERS\rassstp.sys
88fbc000 00032000 49104000 0060 0001 \SystemRoot\System32\DRIVERS\netbt.sys
88fee000 0000e000 49104000 0063 0001 \SystemRoot\system32\DRIVERS\netbios.sys
89009000 00089000 49104000 004b 0001 \SystemRoot\system32\DRIVERS\rdpdr.sys
89092000 00010000 49104000 004c 0001 \SystemRoot\system32\DRIVERS\termdd.sys
890a2000 00002000 49104000 004d 0001 \SystemRoot\system32\DRIVERS\swenum.sys
890a4000 0000a000 49104000 004e 0001 \SystemRoot\system32\DRIVERS\mssmbios.sys
890ae000 0000d000 49104000 004f 0001 \SystemRoot\system32\DRIVERS\umbus.sys
890bb000 0000a000 49104000 0050 0001 \SystemRoot\system32\DRIVERS\flpydisk.sys
890c5000 00034000 49104000 0051 0001 \SystemRoot\system32\DRIVERS\usbhub.sys
890f9000 00011000 49104000 0052 0001 \SystemRoot\System32\Drivers\NDProxy.SYS
8910a000 00009000 49104000 0053 0001 \SystemRoot\System32\Drivers\Fs_Rec.SYS
89113000 00007000 49104000 0054 0001 \SystemRoot\System32\Drivers\Null.SYS
8911a000 00007000 49104000 0055 0001 \SystemRoot\System32\Drivers\Beep.SYS
89121000 00007000 49104000 0056 0001 \??\C:\Program Files\VMware\VMware Tools\vmrawdsk.sys
89128000 0000c000 49104000 0057 0001 \SystemRoot\System32\drivers\vga.sys
89134000 00008000 49104000 0058 0001 \SystemRoot\System32\DRIVERS\RDPCDD.sys
8913c000 00008000 49104000 0059 0001 \SystemRoot\system32\drivers\rdpencdd.sys
89144000 0000b000 49104000 005a 0001 \SystemRoot\System32\Drivers\Msfs.SYS
8914f000 0000e000 49104000 005b 0001 \SystemRoot\System32\Drivers\Npfs.SYS
8915d000 00009000 49104000 005c 0001 \SystemRoot\System32\DRIVERS\rasacd.sys
89166000 00016000 49104000 005d 0001 \SystemRoot\system32\DRIVERS\tdx.sys
8917c000 00014000 49104000 005e 0001 \SystemRoot\system32\DRIVERS\smb.sys
89190000 00048000 49104000 005f 0001 \SystemRoot\system32\drivers\afd.sys
891d8000 00009000 49104000 0061 0001 \SystemRoot\system32\drivers\ws2ifsl.sys
891e1000 00016000 49104000 0062 0001 \SystemRoot\system32\DRIVERS\pacer.sys
891f7000 00009000 49104000 0065 0001 \??\C:\Windows\system32\Drivers\vmdebug.sys
9140b000 0003c000 49104000 0067 0004 \SystemRoot\system32\DRIVERS\rdbss.sys
91447000 00017000 49104000 0068 0001 \SystemRoot\system32\DRIVERS\usbccgp.sys
9145e000 00002000 4d104000 0069 0002 \SystemRoot\system32\DRIVERS\USBD.SYS
91460000 0000a000 49104000 006a 0001 \SystemRoot\system32\drivers\nsiproxy.sys
9146a000 00017000 49104000 006b 0001 \SystemRoot\System32\Drivers\dfsc.sys
91481000 00009000 49104000 006c 0001 \SystemRoot\system32\DRIVERS\hidusb.sys
9148a000 00010000 4d104000 006d 0001 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
9149a000 00007000 4d104000 006e 0002 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
914a1000 00008000 49104000 006f 0001 \SystemRoot\system32\DRIVERS\mouhid.sys
914a9000 0000d000 49104000 0070 0001 \SystemRoot\System32\Drivers\crashdmp.sys
914b6000 0000b000 49104000 0071 0002 \SystemRoot\System32\Drivers\dump_dumpata.sys
914c1000 00008000 49104000 0072 0001 \SystemRoot\System32\Drivers\dump_atapi.sys
914c9000 0000a000 4d104000 0074 0001 \SystemRoot\System32\drivers\Dxapi.sys
914d3000 0001b000 49104000 0077 0001 \SystemRoot\system32\drivers\luafv.sys
914ee000 00010000 49104000 0078 0001 \SystemRoot\system32\DRIVERS\lltdio.sys
914fe000 00013000 49104000 0079 0001 \SystemRoot\system32\DRIVERS\rspndr.sys
91511000 000af000 49104000 007a 0001 \SystemRoot\system32\drivers\spsys.sys
915c0000 00019000 49104000 007b 0001 \SystemRoot\system32\DRIVERS\bowser.sys
915d9000 00015000 49104000 007c 0001 \SystemRoot\System32\drivers\mpsdrv.sys
95c0c000 00039000 49104000 007e 0001 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
95c45000 00018000 49104000 007f 0001 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
95c5d000 0006b000 49104000 0080 0001 \SystemRoot\system32\drivers\HTTP.sys
95cc8000 00007000 49104000 0081 0001 \SystemRoot\system32\DRIVERS\parvdm.sys
95ccf000 00002000 49104000 0082 0001 \??\C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys
95cd1000 000de000 49104000 0083 0001 \SystemRoot\system32\drivers\peauth.sys
95daf000 0000a000 49104000 0084 0001 \SystemRoot\System32\Drivers\secdrv.SYS
95db9000 0001d000 49104000 0085 0003 \SystemRoot\System32\DRIVERS\srvnet.sys
95dd6000 0000c000 49104000 0086 0001 \SystemRoot\System32\drivers\tcpipreg.sys
96805000 00027000 49104000 0087 0001 \SystemRoot\System32\DRIVERS\srv2.sys
9682c000 0004c000 49104000 0088 0001 \SystemRoot\System32\DRIVERS\srv.sys
96878000 00016000 49104000 008a 0001 \SystemRoot\system32\DRIVERS\cdfs.sys

Loading symbols for C:\Windows\system32\ntkrnlpa.exe, please wait...
Real SSDTS address: 000000008193eb40
Loading driver: c:\syscall\MemMap32.sys
MemMap initialized.

Service tables:

Table #0: 818bf970, 0187 entries, params=818bff90, \SystemRoot\system32\ntkrnlpa.exe
0000: 819c1949 NtAcceptConnectPort [6] (ntkrnlpa.exe)
0001: 8182e01f NtAccessCheck [8] (ntkrnlpa.exe)
0002: 819f59bd NtAccessCheckAndAuditAlarm [11] (ntkrnlpa.exe)
0003: 81833181 NtAccessCheckByType [11] (ntkrnlpa.exe)
0004: 819f58dd NtAccessCheckByTypeAndAuditAlarm [16] (ntkrnlpa.exe)
0005: 818e7ba0 NtAccessCheckByTypeResultList [11] (ntkrnlpa.exe)
0006: 81aa8845 NtAccessCheckByTypeResultListAndAuditAlarm [16] (ntkrnlpa.exe)
0007: 81aa888e NtAccessCheckByTypeResultListAndAuditAlarmByHandle [17] (ntkrnlpa.exe)
0008: 819c3ba9 NtAddAtom [3] (ntkrnlpa.exe)
0009: 81abd836 NtAddBootEntry [2] (ntkrnlpa.exe)
000a: 81abeada NtAddDriverEntry [2] (ntkrnlpa.exe)
000b: 819eb8ea NtAdjustGroupsToken [6] (ntkrnlpa.exe)
000c: 819ec885 NtAdjustPrivilegesToken [6] (ntkrnlpa.exe)
000d: 81a9c757 NtAlertResumeThread [2] (ntkrnlpa.exe)
000e: 81a01e59 NtAlertThread [1] (ntkrnlpa.exe)
000f: 819e1cd1 NtAllocateLocallyUniqueId [1] (ntkrnlpa.exe)
0010: 81a8e555 NtAllocateUserPhysicalPages [3] (ntkrnlpa.exe)
0011: 819adf81 NtAllocateUuids [4] (ntkrnlpa.exe)
0012: 81a399b9 NtAllocateVirtualMemory [6] (ntkrnlpa.exe)
0013: 819f425a NtAlpcAcceptConnectPort [9] (ntkrnlpa.exe)
0014: 819bb30d NtAlpcCancelMessage [3] (ntkrnlpa.exe)
0015: 819f307f NtAlpcConnectPort [11] (ntkrnlpa.exe)
0016: 819c378a NtAlpcCreatePort [3] (ntkrnlpa.exe)
0017: 81a043e0 NtAlpcCreatePortSection [6] (ntkrnlpa.exe)
0018: 819b97fc NtAlpcCreateResourceReserve [4] (ntkrnlpa.exe)
0019: 81a041b0 NtAlpcCreateSectionView [3] (ntkrnlpa.exe)
001a: 819fdb9e NtAlpcCreateSecurityContext [3] (ntkrnlpa.exe)
001b: 819e71c1 NtAlpcDeletePortSection [3] (ntkrnlpa.exe)
001c: 81a8a01d NtAlpcDeleteResourceReserve [3] (ntkrnlpa.exe)
001d: 819ec299 NtAlpcDeleteSectionView [3] (ntkrnlpa.exe)
001e: 819fe170 NtAlpcDeleteSecurityContext [3] (ntkrnlpa.exe)
001f: 819ed0b1 NtAlpcDisconnectPort [2] (ntkrnlpa.exe)
0020: 819f9459 NtAlpcImpersonateClientOfPort [3] (ntkrnlpa.exe)
0021: 819c4a66 NtAlpcOpenSenderProcess [6] (ntkrnlpa.exe)
0022: 819c6b1a NtAlpcOpenSenderThread [6] (ntkrnlpa.exe)
0023: 819ed153 NtAlpcQueryInformation [5] (ntkrnlpa.exe)
0024: 81a01fd4 NtAlpcQueryInformationMessage [6] (ntkrnlpa.exe)
0025: 81a8a140 NtAlpcRevokeSecurityContext [3] (ntkrnlpa.exe)
0026: 81a329ec NtAlpcSendWaitReceivePort [8] (ntkrnlpa.exe)
0027: 819df957 NtAlpcSetInformation [4] (ntkrnlpa.exe)
0028: 819d4a2f NtApphelpCacheControl [2] (ntkrnlpa.exe)
0029: 81a5636c NtAreMappedFilesTheSame [2] (ntkrnlpa.exe)
002a: 819c7198 NtAssignProcessToJobObject [2] (ntkrnlpa.exe)
002b: 818c041c NtCallbackReturn [3] (ntkrnlpa.exe)
002c: 81a72698 NtRequestDeviceWakeup [1] (ntkrnlpa.exe)
002d: 819ba50a NtCancelIoFile [2] (ntkrnlpa.exe)
002e: 8183338a NtCancelTimer [2] (ntkrnlpa.exe)
002f: 81a51864 NtClearEvent [1] (ntkrnlpa.exe)
0030: 81a247f5 NtClose [1] (ntkrnlpa.exe)
0031: 819f5802 NtCloseObjectAuditAlarm [3] (ntkrnlpa.exe)
0032: 81a5dc54 NtCompactKeys [2] (ntkrnlpa.exe)
0033: 819be05b NtCompareTokens [3] (ntkrnlpa.exe)
0034: 819c19c6 NtCompleteConnectPort [1] (ntkrnlpa.exe)
0035: 81a5dedf NtCompressKey [1] (ntkrnlpa.exe)
0036: 819d36f6 NtConnectPort [8] (ntkrnlpa.exe)
0037: 818624f8 NtContinue [2] (ntkrnlpa.exe)
0038: 81a6d560 NtCreateDebugObject [4] (ntkrnlpa.exe)
0039: 819e04ce NtCreateDirectoryObject [3] (ntkrnlpa.exe)
003a: 81a2f5c8 NtCreateEvent [5] (ntkrnlpa.exe)
003b: 81ac2ef0 NtCreateEventPair [3] (ntkrnlpa.exe)
003c: 81a2deaa NtCreateFile [11] (ntkrnlpa.exe)
003d: 819d3007 NtCreateIoCompletion [4] (ntkrnlpa.exe)
003e: 819b2652 NtCreateJobObject [3] (ntkrnlpa.exe)
003f: 81a9e4c9 NtCreateJobSet [3] (ntkrnlpa.exe)
0040: 819eeb34 NtCreateKey [7] (ntkrnlpa.exe)
0041: 819837ff NtCreateKeyTransacted [8] (ntkrnlpa.exe)
0042: 819a69c2 NtCreateMailslotFile [8] (ntkrnlpa.exe)
0043: 81a3dac8 NtCreateMutant [4] (ntkrnlpa.exe)
0044: 819d4fad NtCreateNamedPipeFile [14] (ntkrnlpa.exe)
0045: 819a1098 NtCreatePrivateNamespace [4] (ntkrnlpa.exe)
0046: 8195860b NtCreatePagingFile [4] (ntkrnlpa.exe)
0047: 8199e559 NtCreatePort [5] (ntkrnlpa.exe)
0048: 81a9af9f NtCreateProcess [8] (ntkrnlpa.exe)
0049: 81a9afea NtCreateProcessEx [9] (ntkrnlpa.exe)
004a: 81ac356f NtCreateProfile [9] (ntkrnlpa.exe)
004b: 81a50057 NtCreateSection [7] (ntkrnlpa.exe)
004c: 819e6f92 NtCreateSemaphore [5] (ntkrnlpa.exe)
004d: 819dff8f NtCreateSymbolicLinkObject [4] (ntkrnlpa.exe)
004e: 81a9add4 NtCreateThread [8] (ntkrnlpa.exe)
004f: 819c37ed NtCreateTimer [4] (ntkrnlpa.exe)
0050: 819e3cb5 NtCreateToken [13] (ntkrnlpa.exe)
0051: 819b2f75 NtCreateTransaction [10] (ntkrnlpa.exe)
0052: 81aab07b NtOpenTransaction [5] (ntkrnlpa.exe)
0053: 81aab28a NtQueryInformationTransaction [5] (ntkrnlpa.exe)
0054: 8197c2fc NtQueryInformationTransactionManager [5] (ntkrnlpa.exe)
0055: 81aaa9b0 NtPrePrepareEnlistment [2] (ntkrnlpa.exe)
0056: 81aaa8ef NtPrepareEnlistment [2] (ntkrnlpa.exe)
0057: 81aaaa71 NtCommitEnlistment [2] (ntkrnlpa.exe)
0058: 81aaaef5 NtReadOnlyEnlistment [2] (ntkrnlpa.exe)
0059: 81aaafb4 NtRollbackComplete [2] (ntkrnlpa.exe)
005a: 81aaab32 NtRollbackEnlistment [2] (ntkrnlpa.exe)
005b: 81981b09 NtCommitTransaction [2] (ntkrnlpa.exe)
005c: 8197f3dc NtRollbackTransaction [2] (ntkrnlpa.exe)
005d: 81aaacb4 NtPrePrepareComplete [2] (ntkrnlpa.exe)
005e: 81aaabf3 NtPrepareComplete [2] (ntkrnlpa.exe)
005f: 81aaad75 NtCommitComplete [2] (ntkrnlpa.exe)
0060: 81aaae36 NtSinglePhaseReject [2] (ntkrnlpa.exe)
0061: 81aabb5f NtSetInformationTransaction [4] (ntkrnlpa.exe)
0062: 81aac3c7 NtSetInformationTransactionManager [4] (ntkrnlpa.exe)
0063: 8197ccee NtSetInformationResourceManager [4] (ntkrnlpa.exe)
0064: 8198ab10 NtCreateTransactionManager [6] (ntkrnlpa.exe)
0065: 8197cf72 NtOpenTransactionManager [6] (ntkrnlpa.exe)
0066: 81aac18f NtRenameTransactionManager [2] (ntkrnlpa.exe)
0067: 81aac2fc NtRollforwardTransactionManager [2] (ntkrnlpa.exe)
0068: 81aaa438 NtRecoverEnlistment [2] (ntkrnlpa.exe)
0069: 8198c38e NtRecoverResourceManager [1] (ntkrnlpa.exe)
006a: 81988d2f NtRecoverTransactionManager [1] (ntkrnlpa.exe)
006b: 8198a664 NtCreateResourceManager [7] (ntkrnlpa.exe)
006c: 8197c83c NtOpenResourceManager [5] (ntkrnlpa.exe)
006d: 8198c403 NtGetNotificationResourceManager [7] (ntkrnlpa.exe)
006e: 81aabf43 NtQueryInformationResourceManager [5] (ntkrnlpa.exe)
006f: 81980b9c NtCreateEnlistment [8] (ntkrnlpa.exe)
0070: 81aaa26f NtOpenEnlistment [5] (ntkrnlpa.exe)
0071: 81aaa700 NtSetInformationEnlistment [4] (ntkrnlpa.exe)
0072: 81aaa493 NtQueryInformationEnlistment [5] (ntkrnlpa.exe)
0073: 81994c4f NtCreateWaitablePort [5] (ntkrnlpa.exe)
0074: 81a6e468 NtDebugActiveProcess [2] (ntkrnlpa.exe)
0075: 81a6eb2d NtDebugContinue [3] (ntkrnlpa.exe)
0076: 81a51648 NtDelayExecution [2] (ntkrnlpa.exe)
0077: 819bb6f5 NtDeleteAtom [1] (ntkrnlpa.exe)
0078: 81abd867 NtDeleteBootEntry [1] (ntkrnlpa.exe)
0079: 81abeb0b NtDeleteDriverEntry [1] (ntkrnlpa.exe)
007a: 81978a67 NtDeleteFile [1] (ntkrnlpa.exe)
007b: 819bc7f4 NtDeleteKey [1] (ntkrnlpa.exe)
007c: 81a93633 NtDeletePrivateNamespace [1] (ntkrnlpa.exe)
007d: 81a56853 NtDeleteObjectAuditAlarm [3] (ntkrnlpa.exe)
007e: 819b71d7 NtDeleteValueKey [2] (ntkrnlpa.exe)
007f: 81a3d964 NtDeviceIoControlFile [10] (ntkrnlpa.exe)
0080: 819560b9 NtDisplayString [1] (ntkrnlpa.exe)
0081: 81a00d85 NtDuplicateObject [7] (ntkrnlpa.exe)
0082: 819f2009 NtDuplicateToken [6] (ntkrnlpa.exe)
0083: 81abda68 NtEnumerateBootEntries [2] (ntkrnlpa.exe)
0084: 81abed0a NtEnumerateDriverEntries [2] (ntkrnlpa.exe)
0085: 81a0eab8 NtEnumerateKey [6] (ntkrnlpa.exe)
0086: 81abd637 NtEnumerateSystemEnvironmentValuesEx [3] (ntkrnlpa.exe)
0087: 81aab94d NtEnumerateTransactionObject [5] (ntkrnlpa.exe)
0088: 819d88bf NtEnumerateValueKey [6] (ntkrnlpa.exe)
0089: 81a8c9a7 NtExtendSection [2] (ntkrnlpa.exe)
008a: 819b13c0 NtFilterToken [6] (ntkrnlpa.exe)
008b: 819bb1b9 NtFindAtom [3] (ntkrnlpa.exe)
008c: 819f96cb NtFlushBuffersFile [2] (ntkrnlpa.exe)
008d: 819b92e3 NtFlushInstructionCache [3] (ntkrnlpa.exe)
008e: 8198c512 NtFlushKey [1] (ntkrnlpa.exe)
008f: 8181ea52 NtFlushProcessWriteBuffers [0] (ntkrnlpa.exe)
0090: 819b59e0 NtFlushVirtualMemory [4] (ntkrnlpa.exe)
0091: 81a8f5be NtFlushWriteBuffer [0] (ntkrnlpa.exe)
0092: 81a8ec87 NtFreeUserPhysicalPages [3] (ntkrnlpa.exe)
0093: 81898d17 NtFreeVirtualMemory [4] (ntkrnlpa.exe)
0094: 818c9c89 NtFreezeRegistry [1] (ntkrnlpa.exe)
0095: 81aabdda NtFreezeTransactions [2] (ntkrnlpa.exe)
0096: 81a30861 NtFsControlFile [10] (ntkrnlpa.exe)
0097: 81a5964c NtGetContextThread [2] (ntkrnlpa.exe)
0098: 81a9808f NtGetDevicePowerState [2] (ntkrnlpa.exe)
0099: 819b3693 NtGetNlsSectionPtr [5] (ntkrnlpa.exe)
009a: 8199881a NtGetPlugPlayEvent [4] (ntkrnlpa.exe)
009b: 818d82ec NtGetWriteWatch [7] (ntkrnlpa.exe)
009c: 819c220f NtImpersonateAnonymousToken [1] (ntkrnlpa.exe)
009d: 819e70af NtImpersonateClientOfPort [2] (ntkrnlpa.exe)
009e: 819d4829 NtImpersonateThread [3] (ntkrnlpa.exe)
009f: 819d2a30 NtInitializeNlsFiles [4] (ntkrnlpa.exe)
00a0: 8197845c NtInitializeRegistry [1] (ntkrnlpa.exe)
00a1: 81a97e7c NtInitiatePowerAction [4] (ntkrnlpa.exe)
00a2: 81a5b8b7 NtIsProcessInJob [2] (ntkrnlpa.exe)
00a3: 81a98073 NtIsSystemResumeAutomatic [0] (ntkrnlpa.exe)
00a4: 81966e77 NtListenPort [2] (ntkrnlpa.exe)
00a5: 81976ad2 NtLoadDriver [1] (ntkrnlpa.exe)
00a6: 8198c3e2 NtLoadKey [2] (ntkrnlpa.exe)
00a7: 8195ad1e NtLoadKey2 [3] (ntkrnlpa.exe)
00a8: 8198e4a0 NtLoadKeyEx [8] (ntkrnlpa.exe)
00a9: 819e1f51 NtLockFile [10] (ntkrnlpa.exe)
00aa: 819b74fa NtLockProductActivationKeys [2] (ntkrnlpa.exe)
00ab: 8194825a NtLockRegistryKey [1] (ntkrnlpa.exe)
00ac: 81822fc1 NtLockVirtualMemory [4] (ntkrnlpa.exe)
00ad: 819b4552 NtMakePermanentObject [1] (ntkrnlpa.exe)
00ae: 819e69c9 NtMakeTemporaryObject [1] (ntkrnlpa.exe)
00af: 81a8d8e8 NtMapUserPhysicalPages [3] (ntkrnlpa.exe)
00b0: 81a8de5f NtMapUserPhysicalPagesScatter [3] (ntkrnlpa.exe)
00b1: 81a2b642 NtMapViewOfSection [10] (ntkrnlpa.exe)
00b2: 81abda37 NtModifyBootEntry [1] (ntkrnlpa.exe)
00b3: 81abecdb NtModifyDriverEntry [1] (ntkrnlpa.exe)
00b4: 819b827a NtNotifyChangeDirectoryFile [9] (ntkrnlpa.exe)
00b5: 819c8154 NtNotifyChangeKey [10] (ntkrnlpa.exe)
00b6: 819c7422 NtNotifyChangeMultipleKeys [12] (ntkrnlpa.exe)
00b7: 81a3b4bb NtOpenDirectoryObject [3] (ntkrnlpa.exe)
00b8: 819ecfe3 NtOpenEvent [3] (ntkrnlpa.exe)
00b9: 81ac301f NtOpenEventPair [3] (ntkrnlpa.exe)
00ba: 81a17513 NtOpenFile [6] (ntkrnlpa.exe)
00bb: 81a77143 NtOpenIoCompletion [3] (ntkrnlpa.exe)
00bc: 81a9e1bb NtOpenJobObject [3] (ntkrnlpa.exe)
00bd: 81a1c051 NtOpenKey [3] (ntkrnlpa.exe)
00be: 819837a4 NtOpenKeyTransacted [4] (ntkrnlpa.exe)
00bf: 81a34188 NtOpenMutant [3] (ntkrnlpa.exe)
00c0: 819ae1db NtOpenPrivateNamespace [4] (ntkrnlpa.exe)
00c1: 819a16fb NtOpenObjectAuditAlarm [12] (ntkrnlpa.exe)
00c2: 81a18a1c NtOpenProcess [4] (ntkrnlpa.exe)
00c3: 81a141a5 NtOpenProcessToken [3] (ntkrnlpa.exe)
00c4: 81a0f937 NtOpenProcessTokenEx [4] (ntkrnlpa.exe)
00c5: 81a2f6e6 NtOpenSection [3] (ntkrnlpa.exe)
00c6: 819b2803 NtOpenSemaphore [3] (ntkrnlpa.exe)
00c7: 819a4153 NtOpenSession [3] (ntkrnlpa.exe)
00c8: 819e6838 NtOpenSymbolicLinkObject [3] (ntkrnlpa.exe)
00c9: 81a090e0 NtOpenThread [4] (ntkrnlpa.exe)
00ca: 81a1497b NtOpenThreadToken [4] (ntkrnlpa.exe)
00cb: 81a1233b NtOpenThreadTokenEx [5] (ntkrnlpa.exe)
00cc: 81ac2c7b NtOpenTimer [3] (ntkrnlpa.exe)
00cd: 819b9a56 NtPlugPlayControl [3] (ntkrnlpa.exe)
00ce: 81a370ab NtPowerInformation [5] (ntkrnlpa.exe)
00cf: 819f47e3 NtPrivilegeCheck [3] (ntkrnlpa.exe)
00d0: 8199c6f5 NtPrivilegeObjectAuditAlarm [6] (ntkrnlpa.exe)
00d1: 819b7a84 NtPrivilegedServiceAuditAlarm [5] (ntkrnlpa.exe)
00d2: 81a3d7cf NtProtectVirtualMemory [5] (ntkrnlpa.exe)
00d3: 81a5ba85 NtPulseEvent [2] (ntkrnlpa.exe)
00d4: 81a13504 NtQueryAttributesFile [2] (ntkrnlpa.exe)
00d5: 81abdf19 NtQueryBootEntryOrder [2] (ntkrnlpa.exe)
00d6: 81abe377 NtQueryBootOptions [2] (ntkrnlpa.exe)
00d7: 818c4e59 NtQueryDebugFilterState [2] (ntkrnlpa.exe)
00d8: 819cfbd9 NtQueryDefaultLocale [2] (ntkrnlpa.exe)
00d9: 8198c9dc NtQueryDefaultUILanguage [1] (ntkrnlpa.exe)
00da: 81a17ca6 NtQueryDirectoryFile [11] (ntkrnlpa.exe)
00db: 81a313bc NtQueryDirectoryObject [7] (ntkrnlpa.exe)
00dc: 81abe88b NtQueryDriverEntryOrder [2] (ntkrnlpa.exe)
00dd: 81964b4e NtQueryEaFile [9] (ntkrnlpa.exe)
00de: 819baa42 NtQueryEvent [5] (ntkrnlpa.exe)
00df: 819d8b39 NtQueryFullAttributesFile [2] (ntkrnlpa.exe)
00e0: 819bb5a2 NtQueryInformationAtom [5] (ntkrnlpa.exe)
00e1: 81a1260a NtQueryInformationFile [5] (ntkrnlpa.exe)
00e2: 81978d97 NtQueryInformationJobObject [5] (ntkrnlpa.exe)
00e3: 81a89131 NtQueryInformationPort [5] (ntkrnlpa.exe)
00e4: 81a518b2 NtQueryInformationProcess [5] (ntkrnlpa.exe)
00e5: 81a23256 NtQueryInformationThread [5] (ntkrnlpa.exe)
00e6: 81a0fa62 NtQueryInformationToken [5] (ntkrnlpa.exe)
00e7: 819946d9 NtQueryInstallUILanguage [1] (ntkrnlpa.exe)
00e8: 81ac3a6b NtQueryIntervalProfile [2] (ntkrnlpa.exe)
00e9: 81a7721a NtQueryIoCompletion [5] (ntkrnlpa.exe)
00ea: 81a0eeca NtQueryKey [5] (ntkrnlpa.exe)
00eb: 81a5d4c9 NtQueryMultipleValueKey [6] (ntkrnlpa.exe)
00ec: 81ac336e NtQueryMutant [5] (ntkrnlpa.exe)
00ed: 819dcc70 NtQueryObject [5] (ntkrnlpa.exe)
00ee: 81a5d725 NtQueryOpenSubKeys [2] (ntkrnlpa.exe)
00ef: 81a5524a NtQueryOpenSubKeysEx [4] (ntkrnlpa.exe)
00f0: 81a530fb NtQueryPerformanceCounter [2] (ntkrnlpa.exe)
00f1: 81a784fa NtQueryQuotaInformationFile [9] (ntkrnlpa.exe)
00f2: 81a3d997 NtQuerySection [5] (ntkrnlpa.exe)
00f3: 819daa47 NtQuerySecurityObject [5] (ntkrnlpa.exe)
00f4: 81abc86c NtQuerySemaphore [5] (ntkrnlpa.exe)
00f5: 819cf61d NtQuerySymbolicLinkObject [3] (ntkrnlpa.exe)
00f6: 81abca63 NtQuerySystemEnvironmentValue [4] (ntkrnlpa.exe)
00f7: 81abd06f NtQuerySystemEnvironmentValueEx [5] (ntkrnlpa.exe)
00f8: 81a3dbc0 NtQuerySystemInformation [4] (ntkrnlpa.exe)
00f9: 81a198bf NtQuerySystemTime [1] (ntkrnlpa.exe)
00fa: 81ac2d4e NtQueryTimer [5] (ntkrnlpa.exe)
00fb: 819b7ed3 NtQueryTimerResolution [3] (ntkrnlpa.exe)
00fc: 81a0ca5b NtQueryValueKey [6] (ntkrnlpa.exe)
00fd: 81a136a1 NtQueryVirtualMemory [6] (ntkrnlpa.exe)
00fe: 81a30894 NtQueryVolumeInformationFile [5] (ntkrnlpa.exe)
00ff: 819baf54 NtQueueApcThread [5] (ntkrnlpa.exe)
0100: 81862540 NtRaiseException [3] (ntkrnlpa.exe)
0101: 81986554 NtRaiseHardError [6] (ntkrnlpa.exe)
0102: 81a12e34 NtReadFile [9] (ntkrnlpa.exe)
0103: 81994d06 NtReadFileScatter [9] (ntkrnlpa.exe)
0104: 81a891f1 NtReadRequestData [6] (ntkrnlpa.exe)
0105: 819e1d5d NtReadVirtualMemory [5] (ntkrnlpa.exe)
0106: 81a9be8a NtRegisterThreadTerminatePort [1] (ntkrnlpa.exe)
0107: 81a5152e NtReleaseMutant [2] (ntkrnlpa.exe)
0108: 819fdecc NtReleaseSemaphore [3] (ntkrnlpa.exe)
0109: 81a53cfe NtRemoveIoCompletion [5] (ntkrnlpa.exe)
010a: 81a6e5b3 NtRemoveProcessDebug [2] (ntkrnlpa.exe)
010b: 81a5d9ce NtRenameKey [2] (ntkrnlpa.exe)
010c: 81a5d39e NtReplaceKey [3] (ntkrnlpa.exe)
010d: 818d293f NtReplacePartitionUnit [3] (ntkrnlpa.exe)
010e: 819fddcc NtReplyPort [2] (ntkrnlpa.exe)
010f: 81a231f7 NtReplyWaitReceivePort [4] (ntkrnlpa.exe)
0110: 81a230a6 NtReplyWaitReceivePortEx [5] (ntkrnlpa.exe)
0111: 81a893c7 NtReplyWaitReplyPort [2] (ntkrnlpa.exe)
0112: 81a72698 NtRequestDeviceWakeup [1] (ntkrnlpa.exe)
0113: 81a09115 NtRequestPort [2] (ntkrnlpa.exe)
0114: 81a33f59 NtRequestWaitReplyPort [3] (ntkrnlpa.exe)
0115: 81a97e1f NtRequestWakeupLatency [1] (ntkrnlpa.exe)
0116: 819c186f NtResetEvent [2] (ntkrnlpa.exe)
0117: 818d8a55 NtResetWriteWatch [3] (ntkrnlpa.exe)
0118: 81a5c352 NtRestoreKey [3] (ntkrnlpa.exe)
0119: 81a9c6f1 NtResumeProcess [1] (ntkrnlpa.exe)
011a: 81a0848a NtResumeThread [2] (ntkrnlpa.exe)
011b: 81a5c473 NtSaveKey [2] (ntkrnlpa.exe)
011c: 81a5c57a NtSaveKeyEx [3] (ntkrnlpa.exe)
011d: 81a5c6c7 NtSaveMergedKeys [3] (ntkrnlpa.exe)
011e: 819d3108 NtSecureConnectPort [9] (ntkrnlpa.exe)
011f: 81abe168 NtSetBootEntryOrder [2] (ntkrnlpa.exe)
0120: 81abe66c NtSetBootOptions [2] (ntkrnlpa.exe)
0121: 81a9ba9f NtSetContextThread [2] (ntkrnlpa.exe)
0122: 81945489 NtSetDebugFilterState [3] (ntkrnlpa.exe)
0123: 81961f05 NtSetDefaultHardErrorPort [1] (ntkrnlpa.exe)
0124: 8199bc47 NtSetDefaultLocale [2] (ntkrnlpa.exe)
0125: 8199bff8 NtSetDefaultUILanguage [1] (ntkrnlpa.exe)
0126: 81abf11b NtSetDriverEntryOrder [2] (ntkrnlpa.exe)
0127: 81a77f46 NtSetEaFile [4] (ntkrnlpa.exe)
0128: 81a51451 NtSetEvent [2] (ntkrnlpa.exe)
0129: 81abc4c9 NtSetEventBoostPriority [1] (ntkrnlpa.exe)
012a: 81ac32ff NtSetHighEventPair [1] (ntkrnlpa.exe)
012b: 81ac3231 NtSetHighWaitLowEventPair [1] (ntkrnlpa.exe)
012c: 81a6ecf6 NtSetInformationDebugObject [5] (ntkrnlpa.exe)
012d: 819fb71b NtSetInformationFile [5] (ntkrnlpa.exe)
012e: 819b196d NtSetInformationJobObject [4] (ntkrnlpa.exe)
012f: 81a5cf3d NtSetInformationKey [4] (ntkrnlpa.exe)
0130: 819f690f NtSetInformationObject [4] (ntkrnlpa.exe)
0131: 81a3b575 NtSetInformationProcess [4] (ntkrnlpa.exe)
0132: 81a09a1a NtSetInformationThread [4] (ntkrnlpa.exe)
0133: 819e27f4 NtSetInformationToken [4] (ntkrnlpa.exe)
0134: 81ac3a48 NtSetIntervalProfile [2] (ntkrnlpa.exe)
0135: 81a1569b NtSetIoCompletion [5] (ntkrnlpa.exe)
0136: 81a9de71 NtSetLdtEntries [6] (ntkrnlpa.exe)
0137: 81ac329c NtSetLowEventPair [1] (ntkrnlpa.exe)
0138: 81ac31c6 NtSetLowWaitHighEventPair [1] (ntkrnlpa.exe)
0139: 81a78b4c NtSetQuotaInformationFile [4] (ntkrnlpa.exe)
013a: 819e0307 NtSetSecurityObject [3] (ntkrnlpa.exe)
013b: 81abcd6d NtSetSystemEnvironmentValue [2] (ntkrnlpa.exe)
013c: 81abd395 NtSetSystemEnvironmentValueEx [5] (ntkrnlpa.exe)
013d: 819fe276 NtSetSystemInformation [3] (ntkrnlpa.exe)
013e: 81ae05e3 NtSetSystemPowerState [3] (ntkrnlpa.exe)
013f: 81ab9171 NtSetSystemTime [2] (ntkrnlpa.exe)
0140: 819b3bc2 NtSetThreadExecutionState [2] (ntkrnlpa.exe)
0141: 81840d03 NtSetTimer [7] (ntkrnlpa.exe)
0142: 819ba36e NtSetTimerResolution [3] (ntkrnlpa.exe)
0143: 819653b6 NtSetUuidSeed [1] (ntkrnlpa.exe)
0144: 819ef960 NtSetValueKey [6] (ntkrnlpa.exe)
0145: 81a78b66 NtSetVolumeInformationFile [5] (ntkrnlpa.exe)
0146: 81abadf1 NtShutdownSystem [1] (ntkrnlpa.exe)
0147: 818c58f0 NtSignalAndWaitForSingleObject [4] (ntkrnlpa.exe)
0148: 81ac37a8 NtStartProfile [1] (ntkrnlpa.exe)
0149: 81ac3981 NtStopProfile [1] (ntkrnlpa.exe)
014a: 81a9c693 NtSuspendProcess [1] (ntkrnlpa.exe)
014b: 81a596b8 NtSuspendThread [2] (ntkrnlpa.exe)
014c: 81a049b4 NtSystemDebugControl [6] (ntkrnlpa.exe)
014d: 819dc1a0 NtTerminateJobObject [2] (ntkrnlpa.exe)
014e: 819e9e84 NtTerminateProcess [2] (ntkrnlpa.exe)
014f: 81a1661d NtTerminateThread [2] (ntkrnlpa.exe)
0150: 81a08997 NtTestAlert [0] (ntkrnlpa.exe)
0151: 818c9ced NtThawRegistry [0] (ntkrnlpa.exe)
0152: 81aabec1 NtThawTransactions [0] (ntkrnlpa.exe)
0153: 81833841 NtTraceEvent [4] (ntkrnlpa.exe)
0154: 819f5af2 NtTraceControl [6] (ntkrnlpa.exe)
0155: 81abf327 NtTranslateFilePath [4] (ntkrnlpa.exe)
0156: 81a793ba NtUnloadDriver [1] (ntkrnlpa.exe)
0157: 81a56cdc NtUnloadKey [1] (ntkrnlpa.exe)
0158: 81a56cf6 NtUnloadKey2 [2] (ntkrnlpa.exe)
0159: 81a5c85b NtUnloadKeyEx [2] (ntkrnlpa.exe)
015a: 819e23c1 NtUnlockFile [5] (ntkrnlpa.exe)
015b: 81820e8d NtUnlockVirtualMemory [4] (ntkrnlpa.exe)
015c: 81a2bc99 NtUnmapViewOfSection [2] (ntkrnlpa.exe)
015d: 81aaf5f9 NtVdmControl [2] (ntkrnlpa.exe)
015e: 81a6e803 NtWaitForDebugEvent [4] (ntkrnlpa.exe)
015f: 81a1fb76 NtWaitForMultipleObjects [5] (ntkrnlpa.exe)
0160: 81a50289 NtWaitForSingleObject [3] (ntkrnlpa.exe)
0161: 81ac315d NtWaitHighEventPair [1] (ntkrnlpa.exe)
0162: 81ac30f4 NtWaitLowEventPair [1] (ntkrnlpa.exe)
0163: 81a2e0e7 NtWriteFile [9] (ntkrnlpa.exe)
0164: 819dd274 NtWriteFileGather [9] (ntkrnlpa.exe)
0165: 81a8925e NtWriteRequestData [6] (ntkrnlpa.exe)
0166: 81a14b5d NtWriteVirtualMemory [5] (ntkrnlpa.exe)
0167: 8182e19c NtYieldExecution [0] (ntkrnlpa.exe)
0168: 819c3374 NtCreateKeyedEvent [4] (ntkrnlpa.exe)
0169: 81ac3b3d NtOpenKeyedEvent [3] (ntkrnlpa.exe)
016a: 81a00ecc NtReleaseKeyedEvent [4] (ntkrnlpa.exe)
016b: 81a00058 NtWaitForKeyedEvent [4] (ntkrnlpa.exe)
016c: 81a9b492 NtQueryPortInformationProcess [0] (ntkrnlpa.exe)
016d: 81a5993b NtGetCurrentProcessorNumber [0] (ntkrnlpa.exe)
016e: 81a92317 NtWaitForMultipleObjects32 [5] (ntkrnlpa.exe)
016f: 81a9c8ac NtGetNextProcess [5] (ntkrnlpa.exe)
0170: 81a9cb19 NtGetNextThread [6] (ntkrnlpa.exe)
0171: 81a7739f NtCancelIoFileEx [3] (ntkrnlpa.exe)
0172: 81a774df NtCancelSynchronousIoFile [3] (ntkrnlpa.exe)
0173: 819c5365 NtRemoveIoCompletionEx [6] (ntkrnlpa.exe)
0174: 8197d1f3 NtRegisterProtocolAddressInformation [5] (ntkrnlpa.exe)
0175: 81aae663 NtPropagationComplete [4] (ntkrnlpa.exe)
0176: 81aae732 NtPropagationFailed [3] (ntkrnlpa.exe)
0177: 819c3934 NtCreateWorkerFactory [10] (ntkrnlpa.exe)
0178: 81843e4b NtReleaseWorkerFactoryWorker [1] (ntkrnlpa.exe)
0179: 81843983 NtWaitForWorkViaWorkerFactory [2] (ntkrnlpa.exe)
017a: 818224fe NtSetInformationWorkerFactory [4] (ntkrnlpa.exe)
017b: 818ed301 NtQueryInformationWorkerFactory [5] (ntkrnlpa.exe)
017c: 8183610a NtWorkerFactoryWorkerReady [1] (ntkrnlpa.exe)
017d: 819beef9 NtShutdownWorkerFactory [2] (ntkrnlpa.exe)
017e: 81a08ae8 NtCreateThreadEx [11] (ntkrnlpa.exe)
017f: 819cfccf NtCreateUserProcess [11] (ntkrnlpa.exe)
0180: 819cd3a3 NtQueryLicenseValue [5] (ntkrnlpa.exe)
0181: 819d676d NtMapCMFModule [6] (ntkrnlpa.exe)
0182: 8198cba7 NtIsUILanguageComitted [0] (ntkrnlpa.exe)
0183: 8198ccb8 NtFlushInstallUILanguage [2] (ntkrnlpa.exe)
0184: 819d2c97 NtGetMUIRegistryInfo [3] (ntkrnlpa.exe)
0185: 81ac3c3c NtAcquireCMFViewOwnership [3] (ntkrnlpa.exe)
0186: 81ac3e03 NtReleaseCMFViewOwnership [0] (ntkrnlpa.exe)

Table #1: 811db000, 0304 entries, params=811dbf20, \SystemRoot\System32\win32k.sys
1000: 81170ef3 NtGdiAbortDoc [1] (win32k.sys)
1001: 811876e6 NtGdiAbortPath [1] (win32k.sys)
1002: 81021a4f NtGdiAddFontResourceW [6] (win32k.sys)
1003: 8117e6ea NtGdiAddRemoteFontToDC [4] (win32k.sys)
1004: 811891c1 NtGdiAddFontMemResourceEx [5] (win32k.sys)
1005: 81171697 NtGdiRemoveMergeFont [2] (win32k.sys)
1006: 81171735 NtGdiAddRemoteMMInstanceToDC [3] (win32k.sys)
1007: 810dd3e8 NtGdiAlphaBlend [12] (win32k.sys)
1008: 8118894e NtGdiAngleArc [6] (win32k.sys)
1009: 8106924d NtGdiAnyLinkedFonts [0] (win32k.sys)
100a: 81069075 NtGdiFontIsLinked [1] (win32k.sys)
100b: 8118aeac NtGdiArcInternal [10] (win32k.sys)
100c: 8118775a NtGdiBeginPath [1] (win32k.sys)
100d: 810ef585 NtGdiBitBlt [11] (win32k.sys)
100e: 81188db2 NtGdiCancelDC [1] (win32k.sys)
100f: 8118bc65 NtGdiCheckBitmapBits [8] (win32k.sys)
1010: 81187661 NtGdiCloseFigure [1] (win32k.sys)
1011: 810f55cd NtGdiClearBitmapAttributes [2] (win32k.sys)
1012: 81188e79 NtGdiClearBrushAttributes [2] (win32k.sys)
1013: 8118b647 NtGdiColorCorrectPalette [6] (win32k.sys)
1014: 810a461c NtGdiCombineRgn [4] (win32k.sys)
1015: 8110a0e0 NtGdiCombineTransform [3] (win32k.sys)
1016: 8105bfb6 NtGdiComputeXformCoefficients [1] (win32k.sys)
1017: 8118c7ae NtGdiConfigureOPMProtectedOutput [4] (win32k.sys)
1018: 810f1f25 NtGdiConsoleTextOut [4] (win32k.sys)
1019: 8118112d NtGdiConvertMetafileRect [2] (win32k.sys)
101a: 810ab211 NtGdiCreateBitmap [5] (win32k.sys)
101b: 81109528 NtGdiCreateClientObj [1] (win32k.sys)
101c: 8118b4ff NtGdiCreateColorSpace [1] (win32k.sys)
101d: 8118b8de NtGdiCreateColorTransform [8] (win32k.sys)
101e: 810bb003 NtGdiCreateCompatibleBitmap [3] (win32k.sys)
101f: 810cceb8 NtGdiCreateCompatibleDC [1] (win32k.sys)
1020: 81103dbc NtGdiCreateDIBBrush [6] (win32k.sys)
1021: 8109966d NtGdiCreateDIBitmapInternal [11] (win32k.sys)
1022: 810d9764 NtGdiCreateDIBSection [9] (win32k.sys)
1023: 81176251 NtGdiCreateEllipticRgn [4] (win32k.sys)
1024: 8104de67 NtGdiCreateHalftonePalette [1] (win32k.sys)
1025: 8118cc6f NtGdiCreateHatchBrushInternal [3] (win32k.sys)
1026: 811095bf NtGdiCreateMetafileDC [1] (win32k.sys)
1027: 810f40ce NtGdiCreateOPMProtectedOutputs [5] (win32k.sys)
1028: 8105a70f NtGdiCreatePaletteInternal [2] (win32k.sys)
1029: 8108b9d4 NtGdiCreatePatternBrushInternal [3] (win32k.sys)
102a: 81131499 NtGdiCreatePen [4] (win32k.sys)
102b: 8106cf2f NtGdiCreateRectRgn [4] (win32k.sys)
102c: 810a7c48 NtGdiCreateRoundRectRgn [6] (win32k.sys)
102d: 8118d6b0 NtGdiCreateServerMetaFile [6] (win32k.sys)
102e: 810acc44 NtGdiCreateSolidBrush [2] (win32k.sys)
102f: 8116c9a1 NtGdiD3dContextCreate [4] (win32k.sys)
1030: 8116c9b4 NtGdiD3dContextDestroy [1] (win32k.sys)
1031: 8116c9c7 NtGdiD3dContextDestroyAll [1] (win32k.sys)
1032: 8116c9da NtGdiD3dValidateTextureStageState [1] (win32k.sys)
1033: 8116c9ed NtGdiD3dDrawPrimitives2 [7] (win32k.sys)
1034: 8116ca00 NtGdiDdGetDriverState [1] (win32k.sys)
1035: 8116c685 NtGdiDdAddAttachedSurface [3] (win32k.sys)
1036: 8116cb02 NtGdiDdAlphaBlt [3] (win32k.sys)
1037: 8116c698 NtGdiDdAttachSurface [2] (win32k.sys)
1038: 8116caad NtGdiDdBeginMoCompFrame [2] (win32k.sys)
1039: 8116c6ab NtGdiDdBlt [3] (win32k.sys)
103a: 8116c6be NtGdiDdCanCreateSurface [2] (win32k.sys)
103b: 8116c978 NtGdiDdCanCreateD3DBuffer [2] (win32k.sys)
103c: 8116c6d1 NtGdiDdColorControl [2] (win32k.sys)
103d: 8111aec4 NtGdiDdCreateDirectDrawObject [1] (win32k.sys)
103e: 8116c6e4 NtGdiDdCreateSurface [8] (win32k.sys)
103f: 8116c962 NtGdiDdCreateD3DBuffer [8] (win32k.sys)
1040: 8116ca81 NtGdiDdCreateMoComp [2] (win32k.sys)
1041: 8116c6fa NtGdiDdCreateSurfaceObject [6] (win32k.sys)
1042: 8116c726 NtGdiDdDeleteDirectDrawObject [1] (win32k.sys)
1043: 8116c710 NtGdiDdDeleteSurfaceObject [1] (win32k.sys)
1044: 8116ca97 NtGdiDdDestroyMoComp [2] (win32k.sys)
1045: 8116c73c NtGdiDdDestroySurface [2] (win32k.sys)
1046: 8116c98b NtGdiDdDestroyD3DBuffer [1] (win32k.sys)
1047: 8116cac0 NtGdiDdEndMoCompFrame [2] (win32k.sys)
1048: 8116c752 NtGdiDdFlip [5] (win32k.sys)
1049: 8116c802 NtGdiDdFlipToGDISurface [2] (win32k.sys)
104a: 8116c768 NtGdiDdGetAvailDriverMemory [2] (win32k.sys)
104b: 8116c77e NtGdiDdGetBltStatus [2] (win32k.sys)
104c: 8116c794 NtGdiDdGetDC [2] (win32k.sys)
104d: 8116c7aa NtGdiDdGetDriverInfo [2] (win32k.sys)
104e: 8116c90a NtGdiDdGetDxHandle [3] (win32k.sys)
104f: 8116c7c0 NtGdiDdGetFlipStatus [2] (win32k.sys)
1050: 8116ca6b NtGdiDdGetInternalMoCompInfo [2] (win32k.sys)
1051: 8116ca55 NtGdiDdGetMoCompBuffInfo [2] (win32k.sys)
1052: 8116ca29 NtGdiDdGetMoCompGuids [2] (win32k.sys)
1053: 8116ca3f NtGdiDdGetMoCompFormats [2] (win32k.sys)
1054: 8116c7d6 NtGdiDdGetScanLine [2] (win32k.sys)
1055: 8116c818 NtGdiDdLock [3] (win32k.sys)
1056: 8116c936 NtGdiDdLockD3D [2] (win32k.sys)
1057: 8116c82e NtGdiDdQueryDirectDrawObject [11] (win32k.sys)
1058: 8116caec NtGdiDdQueryMoCompStatus [2] (win32k.sys)
1059: 8116c844 NtGdiDdReenableDirectDrawObject [2] (win32k.sys)
105a: 8116c85a NtGdiDdReleaseDC [1] (win32k.sys)
105b: 8116cad6 NtGdiDdRenderMoComp [2] (win32k.sys)
105c: 8116c870 NtGdiDdResetVisrgn [2] (win32k.sys)
105d: 8116c886 NtGdiDdSetColorKey [2] (win32k.sys)
105e: 8116c7ec NtGdiDdSetExclusiveMode [2] (win32k.sys)
105f: 8116c920 NtGdiDdSetGammaRamp [3] (win32k.sys)
1060: 8116ca13 NtGdiDdCreateSurfaceEx [3] (win32k.sys)
1061: 8116c89c NtGdiDdSetOverlayPosition [3] (win32k.sys)
1062: 8116c8b2 NtGdiDdUnattachSurface [2] (win32k.sys)
1063: 8116c8c8 NtGdiDdUnlock [2] (win32k.sys)
1064: 8116c94c NtGdiDdUnlockD3D [2] (win32k.sys)
1065: 8116c8de NtGdiDdUpdateOverlay [3] (win32k.sys)
1066: 8116c8f4 NtGdiDdWaitForVerticalBlank [2] (win32k.sys)
1067: 8116cb15 NtGdiDvpCanCreateVideoPort [2] (win32k.sys)
1068: 8116cb2b NtGdiDvpColorControl [2] (win32k.sys)
1069: 8116cb41 NtGdiDvpCreateVideoPort [2] (win32k.sys)
106a: 8116cb57 NtGdiDvpDestroyVideoPort [2] (win32k.sys)
106b: 8116cb6d NtGdiDvpFlipVideoPort [4] (win32k.sys)
106c: 8116cb83 NtGdiDvpGetVideoPortBandwidth [2] (win32k.sys)
106d: 8116cb99 NtGdiDvpGetVideoPortField [2] (win32k.sys)
106e: 8116cbaf NtGdiDvpGetVideoPortFlipStatus [2] (win32k.sys)
106f: 8116cbc5 NtGdiDvpGetVideoPortInputFormats [2] (win32k.sys)
1070: 8116cbdb NtGdiDvpGetVideoPortLine [2] (win32k.sys)
1071: 8116cbf1 NtGdiDvpGetVideoPortOutputFormats [2] (win32k.sys)
1072: 8116cc07 NtGdiDvpGetVideoPortConnectInfo [2] (win32k.sys)
1073: 8116cc1d NtGdiDvpGetVideoSignalStatus [2] (win32k.sys)
1074: 8116cc33 NtGdiDvpUpdateVideoPort [4] (win32k.sys)
1075: 8116cc49 NtGdiDvpWaitForVideoPortSync [2] (win32k.sys)
1076: 8116cc5f NtGdiDvpAcquireNotification [3] (win32k.sys)
1077: 8116cc75 NtGdiDvpReleaseNotification [2] (win32k.sys)
1078: 8116c672 NtGdiDxgGenericThunk [6] (win32k.sys)
1079: 81110e35 NtGdiDeleteClientObj [1] (win32k.sys)
107a: 8118b4cf NtGdiDeleteColorSpace [1] (win32k.sys)
107b: 8118bb82 NtGdiDeleteColorTransform [2] (win32k.sys)
107c: 810e5b46 NtGdiDeleteObjectApp [1] (win32k.sys)
107d: 81189ef9 NtGdiDescribePixelFormat [4] (win32k.sys)
107e: 810f44dd NtGdiDestroyOPMProtectedOutput [1] (win32k.sys)
107f: 81171345 NtGdiGetPerBandInfo [2] (win32k.sys)
1080: 81171216 NtGdiDoBanding [4] (win32k.sys)
1081: 810a3196 NtGdiDoPalette [6] (win32k.sys)
1082: 81188998 NtGdiDrawEscape [4] (win32k.sys)
1083: 8118e141 NtGdiEllipse [5] (win32k.sys)
1084: 810152db NtGdiEnableEudc [1] (win32k.sys)
1085: 81170edb NtGdiEndDoc [1] (win32k.sys)
1086: 81171006 NtGdiEndPage [1] (win32k.sys)
1087: 8118780c NtGdiEndPath [1] (win32k.sys)
1088: 8106acd7 NtGdiEnumFontChunk [5] (win32k.sys)
1089: 8106b2ec NtGdiEnumFontClose [1] (win32k.sys)
108a: 81069def NtGdiEnumFontOpen [7] (win32k.sys)
108b: 81104207 NtGdiEnumObjects [4] (win32k.sys)
108c: 8112d24a NtGdiEqualRgn [2] (win32k.sys)
108d: 8118fc50 NtGdiEudcLoadUnloadLink [7] (win32k.sys)
108e: 81077ebf NtGdiExcludeClipRect [5] (win32k.sys)
108f: 811034c4 NtGdiExtCreatePen [11] (win32k.sys)
1090: 810e88f6 NtGdiExtCreateRegion [3] (win32k.sys)
1091: 8110c486 NtGdiExtEscape [8] (win32k.sys)
1092: 8110b4cf NtGdiExtFloodFill [5] (win32k.sys)
1093: 810ce6d3 NtGdiExtGetObjectW [3] (win32k.sys)
1094: 810dcfa7 NtGdiExtSelectClipRgn [3] (win32k.sys)
1095: 810df174 NtGdiExtTextOutW [9] (win32k.sys)
1096: 81187afe NtGdiFillPath [1] (win32k.sys)
1097: 81044c8f NtGdiFillRgn [3] (win32k.sys)
1098: 81187869 NtGdiFlattenPath [1] (win32k.sys)
1099: 810ece2b NtGdiFlush [0] (win32k.sys)
109a: 81189d9a NtGdiForceUFIMapping [2] (win32k.sys)
109b: 8104341e NtGdiFrameRgn [5] (win32k.sys)
109c: 8117a3ad NtGdiFullscreenControl [5] (win32k.sys)
109d: 81108de3 NtGdiGetAndSetDCDword [4] (win32k.sys)
109e: 810c88ee NtGdiGetAppClipBox [2] (win32k.sys)
109f: 8104178b NtGdiGetBitmapBits [3] (win32k.sys)
10a0: 81189cc2 NtGdiGetBitmapDimension [2] (win32k.sys)
10a1: 81060ff6 NtGdiGetBoundsRect [3] (win32k.sys)
10a2: 810f3e9e NtGdiGetCertificate [4] (win32k.sys)
10a3: 810f38e4 NtGdiGetCertificateSize [3] (win32k.sys)
10a4: 8106b5df NtGdiGetCharABCWidthsW [6] (win32k.sys)
10a5: 81188011 NtGdiGetCharacterPlacementW [6] (win32k.sys)
10a6: 810bd836 NtGdiGetCharSet [1] (win32k.sys)
10a7: 811300eb NtGdiGetCharWidthW [6] (win32k.sys)
10a8: 8106ef72 NtGdiGetCharWidthInfo [2] (win32k.sys)
10a9: 81188c4a NtGdiGetColorAdjustment [2] (win32k.sys)
10aa: 8118ff64 NtGdiGetColorSpaceforBitmap [1] (win32k.sys)
10ab: 8118c748 NtGdiGetCOPPCompatibleOPMInformation [3] (win32k.sys)
10ac: 810d7bfc NtGdiGetDCDword [3] (win32k.sys)
10ad: 8109963f NtGdiGetDCforBitmap [1] (win32k.sys)
10ae: 810ce461 NtGdiGetDCObject [2] (win32k.sys)
10af: 81039de9 NtGdiGetDCPoint [3] (win32k.sys)
10b0: 810e8249 NtGdiGetDeviceCaps [2] (win32k.sys)
10b1: 81014cc0 NtGdiGetDeviceGammaRamp [2] (win32k.sys)
10b2: 8110e83e NtGdiGetDeviceCapsAll [2] (win32k.sys)
10b3: 810d9180 NtGdiGetDIBitsInternal [9] (win32k.sys)
10b4: 81190f0d NtGdiGetETM [2] (win32k.sys)
10b5: 8118ee2d NtGdiGetEudcTimeStampEx [3] (win32k.sys)
10b6: 81069185 NtGdiGetFontData [5] (win32k.sys)
10b7: 81189499 NtGdiGetFontResourceInfoInternalW [7] (win32k.sys)
10b8: 8106bebb NtGdiGetGlyphIndicesW [5] (win32k.sys)
10b9: 8106c008 NtGdiGetGlyphIndicesWInternal [6] (win32k.sys)
10ba: 81188a8f NtGdiGetGlyphOutline [8] (win32k.sys)
10bb: 8118c6e2 NtGdiGetOPMInformation [3] (win32k.sys)
10bc: 81109ce2 NtGdiGetKerningPairs [3] (win32k.sys)
10bd: 81171410 NtGdiGetLinkedUFIs [3] (win32k.sys)
10be: 81101217 NtGdiGetMiterLimit [2] (win32k.sys)
10bf: 81101937 NtGdiGetMonitorID [3] (win32k.sys)
10c0: 810a1a0d NtGdiGetNearestColor [2] (win32k.sys)
10c1: 8110c261 NtGdiGetNearestPaletteIndex [2] (win32k.sys)
10c2: 811015c3 NtGdiGetObjectBitmapHandle [2] (win32k.sys)
10c3: 810f387b NtGdiGetOPMRandomNumber [2] (win32k.sys)
10c4: 81069a12 NtGdiGetOutlineTextMetricsInternalW [4] (win32k.sys)
10c5: 81187e5e NtGdiGetPath [4] (win32k.sys)
10c6: 8105adcf NtGdiGetPixel [3] (win32k.sys)
10c7: 810dc7e7 NtGdiGetRandomRgn [3] (win32k.sys)
10c8: 81188bbc NtGdiGetRasterizerCaps [2] (win32k.sys)
10c9: 81077f34 NtGdiGetRealizationInfo [3] (win32k.sys)
10ca: 810ebcc1 NtGdiGetRegionData [3] (win32k.sys)
10cb: 810e8bbc NtGdiGetRgnBox [2] (win32k.sys)
10cc: 8118d7ba NtGdiGetServerMetaFileBits [7] (win32k.sys)
10cd: 81189e05 NtGdiGetSpoolMessage [4] (win32k.sys)
10ce: 811910a6 NtGdiGetStats [5] (win32k.sys)
10cf: 810ac80b NtGdiGetStockObject [1] (win32k.sys)
10d0: 8118fdae NtGdiGetStringBitmapW [5] (win32k.sys)
10d1: 810f39bc NtGdiGetSuggestedOPMProtectedOutputArraySize [2] (win32k.sys)
10d2: 81101c90 NtGdiGetSystemPaletteUse [1] (win32k.sys)
10d3: 81060b65 NtGdiGetTextCharsetInfo [3] (win32k.sys)
10d4: 81188f94 NtGdiGetTextExtent [5] (win32k.sys)
10d5: 8106c88a NtGdiGetTextExtentExW [8] (win32k.sys)
10d6: 81068e6d NtGdiGetTextFaceW [4] (win32k.sys)
10d7: 81077c17 NtGdiGetTextMetricsW [3] (win32k.sys)
10d8: 8106de27 NtGdiGetTransform [3] (win32k.sys)
10d9: 811896f3 NtGdiGetUFI [6] (win32k.sys)
10da: 811897db NtGdiGetEmbUFI [7] (win32k.sys)
10db: 811898df NtGdiGetUFIPathname [10] (win32k.sys)
10dc: 81189674 NtGdiGetEmbedFonts [0] (win32k.sys)
10dd: 8118967e NtGdiChangeGhostFont [2] (win32k.sys)
10de: 8116f7e8 NtGdiAddEmbFontToDC [2] (win32k.sys)
10df: 81051902 NtGdiGetFontUnicodeRanges [2] (win32k.sys)
10e0: 8106cd22 NtGdiGetWidthTable [7] (win32k.sys)
10e1: 8105c03d NtGdiGradientFill [6] (win32k.sys)
10e2: 8108a3e3 NtGdiHfontCreate [5] (win32k.sys)
10e3: 8118bfd4 NtGdiIcmBrushInfo [8] (win32k.sys)
10e4: 810bad5e bInitRedirDev [0] (win32k.sys)
10e5: 8117865d NtGdiInitSpool [0] (win32k.sys)
10e6: 810bd846 NtGdiIntersectClipRect [5] (win32k.sys)
10e7: 81107c33 NtGdiInvertRgn [2] (win32k.sys)
10e8: 81137448 NtGdiLineTo [3] (win32k.sys)
10e9: 81189f8e NtGdiMakeFontDir [5] (win32k.sys)
10ea: 811902a8 NtGdiMakeInfoDC [2] (win32k.sys)
10eb: 810c8e37 NtGdiMaskBlt [13] (win32k.sys)
10ec: 8106dc40 NtGdiModifyWorldTransform [3] (win32k.sys)
10ed: 81103481 NtGdiMonoBitmap [1] (win32k.sys)
10ee: 81188de2 NtGdiMoveTo [4] (win32k.sys)
10ef: 811764b9 NtGdiOffsetClipRgn [3] (win32k.sys)
10f0: 810bb5fa NtGdiOffsetRgn [3] (win32k.sys)
10f1: 810add60 NtGdiOpenDCW [8] (win32k.sys)
10f2: 810dc828 NtGdiPatBlt [6] (win32k.sys)
10f3: 810c02c7 NtGdiPolyPatBlt [5] (win32k.sys)
10f4: 81187bc0 NtGdiPathToRegion [1] (win32k.sys)
10f5: 8111feda NtGdiPlgBlt [11] (win32k.sys)
10f6: 81188579 NtGdiPolyDraw [4] (win32k.sys)
10f7: 8113697d NtGdiPolyPolyDraw [5] (win32k.sys)
10f8: 81188679 NtGdiPolyTextOutW [4] (win32k.sys)
10f9: 810f4b14 NtGdiPtInRegion [3] (win32k.sys)
10fa: 811765bc NtGdiPtVisible [3] (win32k.sys)
10fb: 811890d7 NtGdiQueryFonts [3] (win32k.sys)
10fc: 810ac818 NtGdiQueryFontAssocInfo [1] (win32k.sys)
10fd: 810e0ee0 NtGdiRectangle [5] (win32k.sys)
10fe: 81188eb9 NtGdiRectInRegion [2] (win32k.sys)
10ff: 81098252 NtGdiRectVisible [2] (win32k.sys)
1100: 811892d3 NtGdiRemoveFontResourceW [6] (win32k.sys)
1101: 8118947d NtGdiRemoveFontMemResourceEx [1] (win32k.sys)
1102: 8110f05a NtGdiResetDC [5] (win32k.sys)
1103: 8118d292 NtGdiResizePalette [2] (win32k.sys)
1104: 810d32b0 NtGdiRestoreDC [2] (win32k.sys)
1105: 8110aac4 NtGdiRoundRect [7] (win32k.sys)
1106: 810d32a0 NtGdiSaveDC [1] (win32k.sys)
1107: 81180ece NtGdiScaleViewportExtEx [6] (win32k.sys)
1108: 81189c55 NtGdiScaleWindowExtEx [6] (win32k.sys)
1109: 810ccdfb GreSelectBitmap [2] (win32k.sys)
110a: 81188dc2 NtGdiSelectBrush [2] (win32k.sys)
110b: 81187a06 NtGdiSelectClipPath [2] (win32k.sys)
110c: 810c0080 NtGdiSelectFont [2] (win32k.sys)
110d: 81188dd2 NtGdiSelectPen [2] (win32k.sys)
110e: 8102a5f6 NtGdiSetBitmapAttributes [2] (win32k.sys)
110f: 8104ef4e NtGdiSetBitmapBits [3] (win32k.sys)
1110: 81189d29 NtGdiSetBitmapDimension [4] (win32k.sys)
1111: 81061065 NtGdiSetBoundsRect [3] (win32k.sys)
1112: 81188e59 NtGdiSetBrushAttributes [2] (win32k.sys)
1113: 8111801c NtGdiSetBrushOrg [4] (win32k.sys)
1114: 81188caa NtGdiSetColorAdjustment [2] (win32k.sys)
1115: 8118b7a7 NtGdiSetColorSpace [2] (win32k.sys)
1116: 81014d51 NtGdiSetDeviceGammaRamp [2] (win32k.sys)
1117: 81099543 NtGdiSetDIBitsToDeviceInternal [16] (win32k.sys)
1118: 8102a58f NtGdiSetFontEnumeration [1] (win32k.sys)
1119: 8110a223 NtGdiSetFontXform [3] (win32k.sys)
111a: 81111761 NtGdiSetIcmMode [3] (win32k.sys)
111b: 81170906 NtGdiSetLinkedUFIs [3] (win32k.sys)
111c: 810f6459 NtGdiSetMagicColors [3] (win32k.sys)
111d: 811096f1 NtGdiSetMetaRgn [1] (win32k.sys)
111e: 81109828 NtGdiSetMiterLimit [3] (win32k.sys)
111f: 81189c45 NtGdiGetDeviceWidth [1] (win32k.sys)
1120: 81189c35 NtGdiMirrorWindowOrg [1] (win32k.sys)
1121: 8111305c NtGdiSetLayout [3] (win32k.sys)
1122: 810f4990 NtGdiSetOPMSigningKeyAndSequenceNumbers [2] (win32k.sys)
1123: 811296fd NtGdiSetPixel [4] (win32k.sys)
1124: 81191e00 NtGdiSetPixelFormat [2] (win32k.sys)
1125: 81188ea9 NtGdiSetRectRgn [5] (win32k.sys)
1126: 81188e49 NtGdiSetSystemPaletteUse [2] (win32k.sys)
1127: 811913e3 NtGdiSetTextJustification [3] (win32k.sys)
1128: 8103a36c NtGdiSetupPublicCFONT [3] (win32k.sys)
1129: 81109612 NtGdiSetVirtualResolution [5] (win32k.sys)
112a: 8110969b NtGdiSetSizeDevice [3] (win32k.sys)
112b: 81170a1f NtGdiStartDoc [4] (win32k.sys)
112c: 81170f0b NtGdiStartPage [1] (win32k.sys)
112d: 810c8bdb NtGdiStretchBlt [12] (win32k.sys)
112e: 810dbd90 NtGdiStretchDIBitsInternal [16] (win32k.sys)
112f: 81187c8e NtGdiStrokeAndFillPath [1] (win32k.sys)
1130: 81187d86 NtGdiStrokePath [1] (win32k.sys)
1131: 81191fbe NtGdiSwapBuffers [1] (win32k.sys)
1132: 81060be9 NtGdiTransformPoints [5] (win32k.sys)
1133: 8106e6a0 NtGdiTransparentBlt [11] (win32k.sys)
1134: 8105cd9a DxgStubReenableDirectDrawObject [2] (win32k.sys)
1135: 811927a8 NtGdiUnmapMemFont [1] (win32k.sys)
1136: 81188e99 NtGdiUnrealizeObject [1] (win32k.sys)
1137: 8118d4fc NtGdiUpdateColors [1] (win32k.sys)
1138: 811878f4 NtGdiWidenPath [1] (win32k.sys)
1139: 810a851a NtUserActivateKeyboardLayout [2] (win32k.sys)
113a: 8113e6fd NtUserAddClipboardFormatListener [1] (win32k.sys)
113b: 8113ba11 NtUserAlterWindowStyle [3] (win32k.sys)
113c: 810501a0 NtUserAssociateInputContext [3] (win32k.sys)
113d: 81121dc6 NtUserAttachThreadInput [3] (win32k.sys)
113e: 810dd05d NtUserBeginPaint [2] (win32k.sys)
113f: 811115d8 NtUserBitBltSysBmp [8] (win32k.sys)
1140: 8111c3ab NtUserBlockInput [1] (win32k.sys)
1141: 8108c5bd NtUserBuildHimcList [4] (win32k.sys)
1142: 8108da38 NtUserBuildHwndList [7] (win32k.sys)
1143: 8108bd99 NtUserBuildNameList [4] (win32k.sys)
1144: 8113bd51 NtUserBuildPropList [4] (win32k.sys)
1145: 81016749 NtUserCallHwnd [2] (win32k.sys)
1146: 8109704a NtUserCallHwndLock [2] (win32k.sys)
1147: 81015be4 NtUserCallHwndOpt [2] (win32k.sys)
1148: 810a845d NtUserCallHwndParam [3] (win32k.sys)
1149: 810623a4 NtUserCallHwndParamLock [3] (win32k.sys)
114a: 8111bfd9 NtUserCallMsgFilter [2] (win32k.sys)
114b: 81111b1b NtUserCallNextHookEx [4] (win32k.sys)
114c: 810e1fe7 NtUserCallNoParam [1] (win32k.sys)
114d: 810e1d70 NtUserCallOneParam [2] (win32k.sys)
114e: 810ed260 NtUserCallTwoParam [3] (win32k.sys)
114f: 81114616 NtUserChangeClipboardChain [2] (win32k.sys)
1150: 8112c227 NtUserChangeDisplaySettings [4] (win32k.sys)
1151: 8113ea06 NtUserCheckAccessForIntegrityLevel [3] (win32k.sys)
1152: 81058b8d NtUserCheckDesktopByThreadId [1] (win32k.sys)
1153: 8113bab8 NtUserCheckWindowThreadDesktop [3] (win32k.sys)
1154: 810f4ee6 NtUserCheckImeHotKey [2] (win32k.sys)
1155: 81112fe8 NtUserCheckMenuItem [3] (win32k.sys)
1156: 81108be9 NtUserChildWindowFromPointEx [4] (win32k.sys)
1157: 810f3335 NtUserClipCursor [1] (win32k.sys)
1158: 81113267 NtUserCloseClipboard [0] (win32k.sys)
1159: 8108d1da NtUserCloseDesktop [1] (win32k.sys)
115a: 8108d805 NtUserCloseWindowStation [1] (win32k.sys)
115b: 810ca7e6 NtUserConsoleControl [3] (win32k.sys)
115c: 8113a697 NtUserConvertMemHandle [2] (win32k.sys)
115d: 81039f21 NtUserCopyAcceleratorTable [3] (win32k.sys)
115e: 81123fb8 NtUserCountClipboardFormats [0] (win32k.sys)
115f: 810712c1 NtUserCreateAcceleratorTable [2] (win32k.sys)
1160: 810c9e7d NtUserCreateCaret [4] (win32k.sys)
1161: 810257d5 NtUserCreateDesktopEx [6] (win32k.sys)
1162: 81110013 NtUserCreateInputContext [1] (win32k.sys)
1163: 8113a70b NtUserCreateLocalMemHandle [4] (win32k.sys)
1164: 8109fa31 NtUserCreateWindowEx [15] (win32k.sys)
1165: 8101dbcf NtUserCreateWindowStation [8] (win32k.sys)
1166: 810469fd NtUserDdeInitialize [5] (win32k.sys)
1167: 81097e5b NtUserDeferWindowPos [8] (win32k.sys)
1168: 811304dc NtUserDefSetText [2] (win32k.sys)
1169: 810477cf NtUserDeleteMenu [3] (win32k.sys)
116a: 8103a869 NtUserDestroyAcceleratorTable [1] (win32k.sys)
116b: 8108d388 NtUserDestroyCursor [2] (win32k.sys)
116c: 81110526 NtUserDestroyInputContext [1] (win32k.sys)
116d: 8103b06e NtUserDestroyMenu [1] (win32k.sys)
116e: 810b1bc8 NtUserDestroyWindow [1] (win32k.sys)
116f: 81014fad NtUserDisableThreadIme [1] (win32k.sys)
1170: 810e341a NtUserDispatchMessage [1] (win32k.sys)
1171: 8101505f NtUserDoSoundConnect [0] (win32k.sys)
1172: 810f6621 NtUserDoSoundDisconnect [0] (win32k.sys)
1173: 8113be52 NtUserDragDetect [3] (win32k.sys)
1174: 8113a05b NtUserDragObject [5] (win32k.sys)
1175: 8113ad82 NtUserDrawAnimatedRects [4] (win32k.sys)
1176: 8113ae4b NtUserDrawCaption [4] (win32k.sys)
1177: 8113c247 NtUserDrawCaptionTemp [7] (win32k.sys)
1178: 810a621d NtUserDrawIconEx [11] (win32k.sys)
1179: 8113c178 NtUserDrawMenuBarTemp [5] (win32k.sys)
117a: 8113a5c4 NtUserEmptyClipboard [0] (win32k.sys)
117b: 8111b508 NtUserEnableMenuItem [3] (win32k.sys)
117c: 81110d97 NtUserEnableScrollBar [3] (win32k.sys)
117d: 81097daf NtUserEndDeferWindowPosEx [2] (win32k.sys)
117e: 8103a6c9 NtUserEndMenu [0] (win32k.sys)
117f: 810dcfb7 NtUserEndPaint [2] (win32k.sys)
1180: 810af75b NtUserEnumDisplayDevices [4] (win32k.sys)
1181: 8108e064 NtUserEnumDisplayMonitors [4] (win32k.sys)
1182: 810af13a NtUserEnumDisplaySettings [4] (win32k.sys)
1183: 8113a27a NtUserEvent [1] (win32k.sys)
1184: 8110489f NtUserExcludeUpdateRgn [2] (win32k.sys)
1185: 8105bc44 NtUserFillWindow [4] (win32k.sys)
1186: 81099eca NtUserFindExistingCursorIcon [3] (win32k.sys)
1187: 810de5b6 NtUserFindWindowEx [5] (win32k.sys)
1188: 81130eae NtUserFlashWindowEx [1] (win32k.sys)
1189: 8113e9b8 NtUserFrostCrashedWindow [2] (win32k.sys)
118a: 8113a924 NtUserGetAltTabInfo [6] (win32k.sys)
118b: 810c7a44 NtUserGetAncestor [2] (win32k.sys)
118c: 8113d82f NtUserGetAppImeLevel [1] (win32k.sys)
118d: 81052b27 NtUserGetAsyncKeyState [1] (win32k.sys)
118e: 8108a48d NtUserGetAtomName [2] (win32k.sys)
118f: 81038cc8 NtUserGetCaretBlinkTime [0] (win32k.sys)
1190: 8111b605 NtUserGetCaretPos [1] (win32k.sys)
1191: 810b951c NtUserGetClassInfoEx [5] (win32k.sys)
1192: 8108b494 NtUserGetClassName [3] (win32k.sys)
1193: 8113ab47 NtUserGetClipboardData [2] (win32k.sys)
1194: 810df50a NtUserGetClipboardFormatName [3] (win32k.sys)
1195: 81121703 NtUserGetClipboardOwner [0] (win32k.sys)
1196: 81113ffa NtUserGetClipboardSequenceNumber [0] (win32k.sys)
1197: 8113af92 NtUserGetClipboardViewer [0] (win32k.sys)
1198: 8113ac1d NtUserGetClipCursor [1] (win32k.sys)
1199: 8111bd1b NtUserGetComboBoxInfo [2] (win32k.sys)
119a: 81130473 NtUserGetControlBrush [3] (win32k.sys)
119b: 8113aefa NtUserGetControlColor [4] (win32k.sys)
119c: 8105acfe NtUserGetCPD [3] (win32k.sys)
119d: 811119a3 NtUserGetCursorFrameInfo [4] (win32k.sys)
119e: 8113a814 NtUserGetCursorInfo [1] (win32k.sys)
119f: 810d7b5f NtUserGetDC [1] (win32k.sys)
11a0: 81077dbc NtUserGetDCEx [3] (win32k.sys)
11a1: 810e91bf NtUserGetDoubleClickTime [0] (win32k.sys)
11a2: 81077bdb NtUserGetForegroundWindow [0] (win32k.sys)
11a3: 8113a124 NtUserGetGuiResources [2] (win32k.sys)
11a4: 8108bbf8 NtUserGetGUIThreadInfo [2] (win32k.sys)
11a5: 810a3446 NtUserGetIconInfo [6] (win32k.sys)
11a6: 810a35b4 NtUserGetIconSize [4] (win32k.sys)
11a7: 810f4f35 NtUserGetImeHotKey [4] (win32k.sys)
11a8: 8108a82a NtUserGetImeInfoEx [2] (win32k.sys)
11a9: 8113a39c NtUserGetInternalWindowPos [3] (win32k.sys)
11aa: 8106c364 NtUserGetKeyboardLayoutList [2] (win32k.sys)
11ab: 8113c08f NtUserGetKeyboardLayoutName [1] (win32k.sys)
11ac: 8105c934 NtUserGetKeyboardState [1] (win32k.sys)
11ad: 8113c00c NtUserGetKeyNameText [3] (win32k.sys)
11ae: 810bb4a6 NtUserGetKeyState [1] (win32k.sys)
11af: 8113a7c0 NtUserGetListBoxInfo [1] (win32k.sys)
11b0: 81063d9b NtUserGetMenuBarInfo [4] (win32k.sys)
11b1: 8113acb1 NtUserGetMenuIndex [2] (win32k.sys)
11b2: 8113b7fa NtUserGetMenuItemRect [4] (win32k.sys)
11b3: 810e1cd5 NtUserGetMessage [4] (win32k.sys)
11b4: 8113b412 NtUserGetMouseMovePointsEx [5] (win32k.sys)
11b5: 8109edf1 NtUserGetObjectInformation [5] (win32k.sys)
11b6: 81102a82 NtUserGetOpenClipboardWindow [0] (win32k.sys)
11b7: 8113afbe NtUserGetPriorityClipboardFormat [2] (win32k.sys)
11b8: 8107f6ee NtUserGetProcessWindowStation [0] (win32k.sys)
11b9: 8113e4f0 NtUserGetRawInputBuffer [3] (win32k.sys)
11ba: 8113dea2 NtUserGetRawInputData [5] (win32k.sys)
11bb: 8113e057 NtUserGetRawInputDeviceInfo [4] (win32k.sys)
11bc: 8113e36e NtUserGetRawInputDeviceList [3] (win32k.sys)
11bd: 8113e4b5 NtUserGetRegisteredRawInputDevices [3] (win32k.sys)
11be: 81070f74 NtUserGetScrollBarInfo [3] (win32k.sys)
11bf: 810a1815 NtUserGetSystemMenu [2] (win32k.sys)
11c0: 810acabf NtUserGetThreadDesktop [2] (win32k.sys)
11c1: 810c048b NtUserGetThreadState [1] (win32k.sys)
11c2: 8106298f NtUserGetTitleBarInfo [2] (win32k.sys)
11c3: 8113e842 NtUserGetUpdatedClipboardFormats [3] (win32k.sys)
11c4: 81079a54 NtUserGetUpdateRect [3] (win32k.sys)
11c5: 8112e35a NtUserGetUpdateRgn [3] (win32k.sys)
11c6: 810e85d0 NtUserGetWindowDC [1] (win32k.sys)
11c7: 81135c08 NtUserGetWindowPlacement [2] (win32k.sys)
11c8: 8113a309 NtUserGetWOWClass [2] (win32k.sys)
11c9: 8103b541 NtUserGhostWindowFromHungWindow [1] (win32k.sys)
11ca: 81139d74 NtUserHardErrorControl [3] (win32k.sys)
11cb: 810c991b NtUserHideCaret [1] (win32k.sys)
11cc: 8113b049 NtUserHiliteMenuItem [4] (win32k.sys)
11cd: 810aac56 NtUserHungWindowFromGhostWindow [1] (win32k.sys)
11ce: 8113bfa5 NtUserImpersonateDdeClientWindow [2] (win32k.sys)
11cf: 81018500 NtUserInitialize [2] (win32k.sys)
11d0: 8101afb2 NtUserInitializeClientPfnArrays [4] (win32k.sys)
11d1: 8113a481 NtUserInitTask [12] (win32k.sys)
11d2: 810a457c NtUserInternalGetWindowText [3] (win32k.sys)
11d3: 8113b36c NtUserInternalGetWindowIcon [2] (win32k.sys)
11d4: 810eb089 NtUserInvalidateRect [3] (win32k.sys)
11d5: 8104de74 NtUserInvalidateRgn [3] (win32k.sys)
11d6: 8111306c NtUserIsClipboardFormatAvailable [1] (win32k.sys)
11d7: 810d9ae3 NtUserKillTimer [2] (win32k.sys)
11d8: 810267fd NtUserLoadKeyboardLayoutEx [8] (win32k.sys)
11d9: 8105b2c5 NtUserLockWindowStation [1] (win32k.sys)
11da: 81039309 NtUserLockWindowUpdate [1] (win32k.sys)
11db: 810f4d69 NtUserLockWorkStation [0] (win32k.sys)
11dc: 81124271 NtUserLogicalToPhysicalPoint [2] (win32k.sys)
11dd: 8112cc49 NtUserMapVirtualKeyEx [4] (win32k.sys)
11de: 8113b8d0 NtUserMenuItemFromPoint [4] (win32k.sys)
11df: 810bd45e NtUserMessageCall [7] (win32k.sys)
11e0: 8113b0e8 NtUserMinMaximize [3] (win32k.sys)
11e1: 8113b21e NtUserMNDragLeave [0] (win32k.sys)
11e2: 8113b172 NtUserMNDragOver [2] (win32k.sys)
11e3: 8113b9cf NtUserModifyUserStartupInfoFlags [2] (win32k.sys)
11e4: 81070e10 NtUserMoveWindow [6] (win32k.sys)
11e5: 81061ed3 NtUserNotifyIMEStatus [3] (win32k.sys)
11e6: 810ab513 NtUserNotifyProcessCreate [4] (win32k.sys)
11e7: 810a44ad NtUserNotifyWinEvent [4] (win32k.sys)
11e8: 81113110 NtUserOpenClipboard [2] (win32k.sys)
11e9: 8108bcc6 NtUserOpenDesktop [3] (win32k.sys)
11ea: 81071877 NtUserOpenInputDesktop [3] (win32k.sys)
11eb: 8113ba5e NtUserOpenThreadDesktop [5] (win32k.sys)
11ec: 8108ca37 NtUserOpenWindowStation [2] (win32k.sys)
11ed: 81041b03 NtUserPaintDesktop [1] (win32k.sys)
11ee: 81041396 NtUserPaintMonitor [3] (win32k.sys)
11ef: 810e1f48 NtUserPeekMessage [5] (win32k.sys)
11f0: 8112435c NtUserPhysicalToLogicalPoint [2] (win32k.sys)
11f1: 810dcb5c NtUserPostMessage [4] (win32k.sys)
11f2: 810b5170 NtUserPostThreadMessage [4] (win32k.sys)
11f3: 81120591 NtUserPrintWindow [3] (win32k.sys)
11f4: 810acd9f NtUserProcessConnect [2] (win32k.sys)
11f5: 810f6d18 NtUserQueryInformationThread [4] (win32k.sys)
11f6: 8106db80 NtUserQueryInputContext [2] (win32k.sys)
11f7: 8113befa NtUserQuerySendMessage [1] (win32k.sys)
11f8: 810a24c9 NtUserQueryWindow [2] (win32k.sys)
11f9: 8113a8e6 NtUserRealChildWindowFromPoint [3] (win32k.sys)
11fa: 810dd328 NtUserRealInternalGetMessage [6] (win32k.sys)
11fb: 8113b73a NtUserRealWaitMessageEx [2] (win32k.sys)
11fc: 810de08f NtUserRedrawWindow [4] (win32k.sys)
11fd: 810b9129 NtUserRegisterClassExWOW [7] (win32k.sys)
11fe: 8113e981 NtUserRegisterErrorReportingDialog [2] (win32k.sys)
11ff: 8102a72a NtUserRegisterUserApiHook [4] (win32k.sys)
1200: 810702ed NtUserRegisterHotKey [4] (win32k.sys)
1201: 81033f97 NtUserRegisterRawInputDevices [3] (win32k.sys)
1202: 8113a590 NtUserRegisterTasklist [1] (win32k.sys)
1203: 810d7d29 NtUserRegisterWindowMessage [1] (win32k.sys)
1204: 8113e7db NtUserRemoveClipboardFormatListener [1] (win32k.sys)
1205: 8103af2f NtUserRemoveMenu [3] (win32k.sys)
1206: 8108e18e NtUserRemoveProp [2] (win32k.sys)
1207: 810a1a1d NtUserResolveDesktop [4] (win32k.sys)
1208: 81139ef6 NtUserResolveDesktopForWOW [1] (win32k.sys)
1209: 8108c451 NtUserSBGetParms [4] (win32k.sys)
120a: 810f25c9 NtUserScrollDC [7] (win32k.sys)
120b: 81132e50 NtUserScrollWindowEx [8] (win32k.sys)
120c: 810d1f43 NtUserSelectPalette [3] (win32k.sys)
120d: 8105f6f4 NtUserSendInput [3] (win32k.sys)
120e: 810aace0 NtUserSetActiveWindow [1] (win32k.sys)
120f: 8113d7cc NtUserSetAppImeLevel [2] (win32k.sys)
1210: 810604b7 NtUserSetCapture [1] (win32k.sys)
1211: 8103acaa NtUserSetClassLong [4] (win32k.sys)
1212: 8113b23b NtUserSetClassWord [3] (win32k.sys)
1213: 8113a5e3 NtUserSetClipboardData [3] (win32k.sys)
1214: 811125cc NtUserSetClipboardViewer [1] (win32k.sys)
1215: 810a8669 NtUserSetConsoleReserveKeys [2] (win32k.sys)
1216: 810714c2 NtUserSetCursor [1] (win32k.sys)
1217: 8113b7b3 NtUserSetCursorContents [2] (win32k.sys)
1218: 81099c76 NtUserSetCursorIconData [4] (win32k.sys)
1219: 81061b29 NtUserSetFocus [1] (win32k.sys)
121a: 81026c8f NtUserSetImeHotKey [5] (win32k.sys)
121b: 8102a32f NtUserSetImeInfoEx [1] (win32k.sys)
121c: 81061fff NtUserSetImeOwnerWindow [2] (win32k.sys)
121d: 810ab9ce NtUserSetInformationProcess [4] (win32k.sys)
121e: 8108e545 NtUserSetInformationThread [4] (win32k.sys)
121f: 8113aa51 NtUserSetInternalWindowPos [4] (win32k.sys)
1220: 8112cd3b NtUserSetKeyboardState [1] (win32k.sys)
1221: 811295f8 NtUserSetMenu [3] (win32k.sys)
1222: 8113ad11 NtUserSetMenuContextHelpId [2] (win32k.sys)
1223: 8103afb8 NtUserSetMenuDefaultItem [3] (win32k.sys)
1224: 8113ad4e NtUserSetMenuFlagRtoL [1] (win32k.sys)
1225: 81139e4d NtUserSetObjectInformation [4] (win32k.sys)
1226: 8106f158 NtUserSetParent [2] (win32k.sys)
1227: 810873b4 NtUserSetProcessWindowStation [1] (win32k.sys)
1228: 810e38d5 NtUserGetProp [2] (win32k.sys)
1229: 810970ee NtUserSetProp [3] (win32k.sys)
122a: 810b41bd NtUserSetScrollInfo [4] (win32k.sys)
122b: 81015d2a NtUserSetShellWindowEx [2] (win32k.sys)
122c: 810f6003 NtUserSetSysColors [4] (win32k.sys)
122d: 8113b77a NtUserSetSystemCursor [2] (win32k.sys)
122e: 8110896b NtUserSetSystemMenu [2] (win32k.sys)
122f: 8113beac NtUserSetSystemTimer [3] (win32k.sys)
1230: 81087450 NtUserSetThreadDesktop [1] (win32k.sys)
1231: 8113d891 NtUserSetThreadLayoutHandles [2] (win32k.sys)
1232: 8106012e NtUserSetThreadState [2] (win32k.sys)
1233: 810d99b7 NtUserSetTimer [4] (win32k.sys)
1234: 8106d1d0 NtUserSetProcessDPIAware [0] (win32k.sys)
1235: 8108ab18 NtUserSetWindowFNID [2] (win32k.sys)
1236: 81095f38 NtUserSetWindowLong [4] (win32k.sys)
1237: 81047046 NtUserSetWindowPlacement [2] (win32k.sys)
1238: 81096ec6 NtUserSetWindowPos [7] (win32k.sys)
1239: 8105b067 NtUserSetWindowRgn [3] (win32k.sys)
123a: 810a4d36 NtUserGetWindowRgnEx [3] (win32k.sys)
123b: 81118d6a NtUserSetWindowRgnEx [3] (win32k.sys)
123c: 8113b277 NtUserSetWindowsHookAW [3] (win32k.sys)
123d: 810471b9 NtUserSetWindowsHookEx [6] (win32k.sys)
123e: 810307c6 NtUserSetWindowStationUser [4] (win32k.sys)
123f: 8110f396 NtUserSetWindowWord [3] (win32k.sys)
1240: 8105a9f8 NtUserSetWinEventHook [8] (win32k.sys)
1241: 810c997b NtUserShowCaret [1] (win32k.sys)
1242: 8108c9b2 NtUserShowScrollBar [3] (win32k.sys)
1243: 8106d9cf NtUserShowWindow [2] (win32k.sys)
1244: 810a1958 NtUserShowWindowAsync [2] (win32k.sys)
1245: 8105bd93 NtUserSoundSentry [0] (win32k.sys)
1246: 8106c52d NtUserSwitchDesktop [2] (win32k.sys)
1247: 810c3fa4 NtUserSystemParametersInfo [4] (win32k.sys)
1248: 8113b962 NtUserTestForInteractiveUser [1] (win32k.sys)
1249: 81038d9e NtUserThunkedMenuInfo [2] (win32k.sys)
124a: 810a0caf NtUserThunkedMenuItemInfo [6] (win32k.sys)
124b: 8113b4e5 NtUserToUnicodeEx [7] (win32k.sys)
124c: 8106f78f NtUserTrackMouseEvent [1] (win32k.sys)
124d: 811224ee NtUserTrackPopupMenuEx [6] (win32k.sys)
124e: 810626c4 NtUserCalcMenuBar [5] (win32k.sys)
124f: 81133a4b NtUserPaintMenuBar [6] (win32k.sys)
1250: 81115cb6 NtUserTranslateAccelerator [3] (win32k.sys)
1251: 811321cf NtUserTranslateMessage [2] (win32k.sys)
1252: 8111c21b NtUserUnhookWindowsHookEx [1] (win32k.sys)
1253: 8105ccfd NtUserUnhookWinEvent [1] (win32k.sys)
1254: 8113be24 NtUserUnloadKeyboardLayout [1] (win32k.sys)
1255: 8106f0c8 NtUserUnlockWindowStation [1] (win32k.sys)
1256: 810b98a0 NtUserUnregisterClass [3] (win32k.sys)
1257: 8102a6b3 NtUserUnregisterUserApiHook [0] (win32k.sys)
1258: 8105bd56 NtUserUnregisterHotKey [2] (win32k.sys)
1259: 8108aa1a NtUserUpdateInputContext [3] (win32k.sys)
125a: 8113a1df NtUserUpdateInstance [3] (win32k.sys)
125b: 81070928 NtUserUpdateLayeredWindow [10] (win32k.sys)
125c: 8113ddc5 NtUserGetLayeredWindowAttributes [4] (win32k.sys)
125d: 81070348 NtUserSetLayeredWindowAttributes [4] (win32k.sys)
125e: 810273f5 NtUserUpdatePerUserSystemParameters [1] (win32k.sys)
125f: 8113bb56 NtUserUserHandleGrantAccess [3] (win32k.sys)
1260: 8112ca47 NtUserValidateHandleSecure [1] (win32k.sys)
1261: 81116059 NtUserValidateRect [2] (win32k.sys)
1262: 810bac26 NtUserValidateTimerCallback [1] (win32k.sys)
1263: 8110694b NtUserVkKeyScanEx [3] (win32k.sys)
1264: 8112cdd3 NtUserWaitForInputIdle [3] (win32k.sys)
1265: 8113a033 NtUserWaitForMsgAndEvent [1] (win32k.sys)
1266: 810e925d NtUserWaitMessage [0] (win32k.sys)
1267: 8116d60a DxgStubGenericThunk [6] (win32k.sys)
1268: 811252aa NtUserWindowFromPhysicalPoint [2] (win32k.sys)
1269: 811391f8 NtUserWindowFromPoint [2] (win32k.sys)
126a: 8113b66c NtUserYieldTask [0] (win32k.sys)
126b: 8101e87f NtUserRemoteConnect [3] (win32k.sys)
126c: 81139bc5 NtUserRemoteRedrawRectangle [4] (win32k.sys)
126d: 81139c09 NtUserRemoteRedrawScreen [0] (win32k.sys)
126e: 81139c54 NtUserRemoteStopScreenUpdates [0] (win32k.sys)
126f: 81139c96 NtUserCtxDisplayIOCtl [3] (win32k.sys)
1270: 81015165 NtUserRegisterSessionPort [1] (win32k.sys)
1271: 8113e6c1 NtUserUnregisterSessionPort [0] (win32k.sys)
1272: 8113dcc3 NtUserUpdateWindowTransform [3] (win32k.sys)
1273: 81031d6a NtUserDwmStartRedirection [1] (win32k.sys)
1274: 810f4df0 NtUserDwmStopRedirection [0] (win32k.sys)
1275: 8112c60e NtUserDwmHintDxUpdate [2] (win32k.sys)
1276: 8112c4e5 NtUserDwmGetDxRgn [3] (win32k.sys)
1277: 81058fb5 NtUserGetWindowMinimizeRect [2] (win32k.sys)
1278: 81192f83 NtGdiEngAssociateSurface [3] (win32k.sys)
1279: 81193093 NtGdiEngCreateBitmap [6] (win32k.sys)
127a: 811927b3 NtGdiEngCreateDeviceSurface [4] (win32k.sys)
127b: 811927e4 NtGdiEngCreateDeviceBitmap [4] (win32k.sys)
127c: 8110e8d7 NtGdiEngCreatePalette [6] (win32k.sys)
127d: 811962f6 NtGdiEngComputeGlyphSet [3] (win32k.sys)
127e: 811931c1 NtGdiEngCopyBits [6] (win32k.sys)
127f: 81111345 NtGdiEngDeletePalette [1] (win32k.sys)
1280: 81193019 NtGdiEngDeleteSurface [1] (win32k.sys)
1281: 81194a68 NtGdiEngEraseSurface [3] (win32k.sys)
1282: 81193ae7 NtGdiEngUnlockSurface [1] (win32k.sys)
1283: 81193ab0 NtGdiEngLockSurface [1] (win32k.sys)
1284: 81193b1a NtGdiEngBitBlt [11] (win32k.sys)
1285: 81193360 NtGdiEngStretchBlt [11] (win32k.sys)
1286: 811938c6 NtGdiEngPlgBlt [11] (win32k.sys)
1287: 81193046 NtGdiEngMarkBandingSurface [1] (win32k.sys)
1288: 81193de3 NtGdiEngStrokePath [8] (win32k.sys)
1289: 81193f9d NtGdiEngFillPath [7] (win32k.sys)
128a: 8119410e NtGdiEngStrokeAndFillPath [10] (win32k.sys)
128b: 81194301 NtGdiEngPaint [5] (win32k.sys)
128c: 8119441e NtGdiEngLineTo [9] (win32k.sys)
128d: 81194553 NtGdiEngAlphaBlend [7] (win32k.sys)
128e: 811946c8 NtGdiEngGradientFill [10] (win32k.sys)
128f: 81194906 NtGdiEngTransparentBlt [8] (win32k.sys)
1290: 811958f0 NtGdiEngTextOut [10] (win32k.sys)
1291: 811935cf NtGdiEngStretchBltROP [13] (win32k.sys)
1292: 8119565b NtGdiXLATEOBJ_cGetPalette [4] (win32k.sys)
1293: 81195719 NtGdiXLATEOBJ_iXlate [2] (win32k.sys)
1294: 81195614 NtGdiXLATEOBJ_hGetColorTransform [1] (win32k.sys)
1295: 81194c52 NtGdiCLIPOBJ_bEnum [3] (win32k.sys)
1296: 81194bf9 NtGdiCLIPOBJ_cEnumStart [5] (win32k.sys)
1297: 81194b31 NtGdiCLIPOBJ_ppoGetPath [1] (win32k.sys)
1298: 81194b68 NtGdiEngDeletePath [1] (win32k.sys)
1299: 81194b9b NtGdiEngCreateClip [0] (win32k.sys)
129a: 81194bc6 NtGdiEngDeleteClip [1] (win32k.sys)
129b: 81194d91 NtGdiBRUSHOBJ_ulGetBrushColor [1] (win32k.sys)
129c: 81194d00 NtGdiBRUSHOBJ_pvAllocRbrush [2] (win32k.sys)
129d: 81194d4a NtGdiBRUSHOBJ_pvGetRbrush [1] (win32k.sys)
129e: 81194df3 NtGdiBRUSHOBJ_hGetColorTransform [1] (win32k.sys)
129f: 81194e3a NtGdiXFORMOBJ_bApplyXform [5] (win32k.sys)
12a0: 81103397 NtGdiXFORMOBJ_iGetXform [2] (win32k.sys)
12a1: 81194f8e NtGdiFONTOBJ_vGetInfo [3] (win32k.sys)
12a2: 811032bd NtGdiFONTOBJ_pxoGetXform [1] (win32k.sys)
12a3: 81195ac2 NtGdiFONTOBJ_cGetGlyphs [5] (win32k.sys)
12a4: 81195e62 NtGdiFONTOBJ_pifi [1] (win32k.sys)
12a5: 81195c56 NtGdiFONTOBJ_pfdg [1] (win32k.sys)
12a6: 81195d50 NtGdiFONTOBJ_pQueryGlyphAttrs [2] (win32k.sys)
12a7: 8119553d NtGdiFONTOBJ_pvTrueTypeFontFile [2] (win32k.sys)
12a8: 8119508a NtGdiFONTOBJ_cGetAllGlyphHandles [2] (win32k.sys)
12a9: 811960a4 NtGdiSTROBJ_bEnum [3] (win32k.sys)
12aa: 811960c2 NtGdiSTROBJ_bEnumPositionsOnly [3] (win32k.sys)
12ab: 811960e0 NtGdiSTROBJ_bGetAdvanceWidths [4] (win32k.sys)
12ac: 81195154 NtGdiSTROBJ_vEnumStart [1] (win32k.sys)
12ad: 81195191 NtGdiSTROBJ_dwGetCodePage [1] (win32k.sys)
12ae: 811952aa NtGdiPATHOBJ_vGetBounds [2] (win32k.sys)
12af: 811961c8 NtGdiPATHOBJ_bEnum [2] (win32k.sys)
12b0: 81195336 NtGdiPATHOBJ_vEnumStart [1] (win32k.sys)
12b1: 81195373 NtGdiPATHOBJ_vEnumStartClipLines [4] (win32k.sys)
12b2: 8119541d NtGdiPATHOBJ_bEnumClipLines [3] (win32k.sys)
12b3: 811951d8 NtGdiGetDhpdev [1] (win32k.sys)
12b4: 81195764 NtGdiEngCheckAbort [1] (win32k.sys)
12b5: 811957c6 NtGdiHT_Get8BPPFormatPalette [4] (win32k.sys)
12b6: 81195851 NtGdiHT_Get8BPPMaskPalette [6] (win32k.sys)
12b7: 811810f2 NtGdiUpdateTransform [1] (win32k.sys)
12b8: 81110e71 NtGdiSetPUMPDOBJ [4] (win32k.sys)
12b9: 8119520e NtGdiBRUSHOBJ_DeleteRbrush [2] (win32k.sys)
12ba: 811927a8 NtGdiUnmapMemFont [1] (win32k.sys)
12bb: 810be1c7 NtGdiDrawStream [3] (win32k.sys)
12bc: 810ec98c NtGdiDwmGetDirtyRgn [5] (win32k.sys)
12bd: 810a58ff NtGdiDwmGetSurfaceData [2] (win32k.sys)
12be: 81097516 NtGdiDdDDICreateAllocation [1] (win32k.sys)
12bf: 8112c420 NtGdiDdDDIQueryResourceInfo [1] (win32k.sys)
12c0: 8112c43f NtGdiDdDDIOpenResource [1] (win32k.sys)
12c1: 810a6439 NtGdiDdDDIDestroyAllocation [1] (win32k.sys)
12c2: 810974f7 NtGdiDdDDISetAllocationPriority [1] (win32k.sys)
12c3: 8113686c NtGdiDdDDIQueryAllocationResidency [1] (win32k.sys)
12c4: 8104d840 NtGdiDdDDICreateDevice [1] (win32k.sys)
12c5: 8112c4c6 NtGdiDdDDIDestroyDevice [1] (win32k.sys)
12c6: 8104d821 NtGdiDdDDICreateContext [1] (win32k.sys)
12c7: 8112c4a7 NtGdiDdDDIDestroyContext [1] (win32k.sys)
12c8: 8116d37c NtGdiDdDDICreateSynchronizationObject [1] (win32k.sys)
12c9: 8116d39b NtGdiDdDDIDestroySynchronizationObject [1] (win32k.sys)
12ca: 8116d3ba NtGdiDdDDIWaitForSynchronizationObject [1] (win32k.sys)
12cb: 8116d3d9 NtGdiDdDDISignalSynchronizationObject [1] (win32k.sys)
12cc: 8116d3f8 NtGdiDdDDIGetRuntimeData [1] (win32k.sys)
12cd: 8106ff5a NtGdiDdDDIQueryAdapterInfo [1] (win32k.sys)
12ce: 810de786 NtGdiDdDDILock [1] (win32k.sys)
12cf: 810df0ab NtGdiDdDDIUnlock [1] (win32k.sys)
12d0: 81070143 NtGdiDdDDIGetDisplayModeList [1] (win32k.sys)
12d1: 81071827 NtGdiDdDDISetDisplayMode [1] (win32k.sys)
12d2: 8116d417 NtGdiDdDDIGetMultisampleMethodList [1] (win32k.sys)
12d3: 810ecb0f NtGdiDdDDIPresent [1] (win32k.sys)
12d4: 810ecaf0 NtGdiDdDDIRender [1] (win32k.sys)
12d5: 810f6724 NtGdiDdDDIOpenAdapterFromDeviceName [1] (win32k.sys)
12d6: 8106ff79 NtGdiDdDDIOpenAdapterFromHdc [1] (win32k.sys)
12d7: 810701cb NtGdiDdDDICloseAdapter [1] (win32k.sys)
12d8: 8111b191 NtGdiDdDDIGetSharedPrimaryHandle [1] (win32k.sys)
12d9: 810b451d NtGdiDdDDIEscape [1] (win32k.sys)
12da: 8116d436 NtGdiDdDDIQueryStatistics [1] (win32k.sys)
12db: 81071808 NtGdiDdDDISetVidPnSourceOwner [1] (win32k.sys)
12dc: 810eabc0 NtGdiDdDDIGetPresentHistory [1] (win32k.sys)
12dd: 8116d455 NtGdiDdDDICreateOverlay [1] (win32k.sys)
12de: 8116d474 NtGdiDdDDIUpdateOverlay [1] (win32k.sys)
12df: 8116d493 NtGdiDdDDIFlipOverlay [1] (win32k.sys)
12e0: 8116d4b2 NtGdiDdDDIDestroyOverlay [1] (win32k.sys)
12e1: 810ecb3e NtGdiDdDDIWaitForVerticalBlankEvent [1] (win32k.sys)
12e2: 8116d4d1 NtGdiDdDDISetGammaRamp [1] (win32k.sys)
12e3: 810eac2b NtGdiDdDDIGetDeviceState [1] (win32k.sys)
12e4: 8104f393 NtGdiDdDDICreateDCFromMemory [1] (win32k.sys)
12e5: 8111a5af NtGdiDdDDIDestroyDCFromMemory [1] (win32k.sys)
12e6: 8112c488 NtGdiDdDDISetContextSchedulingPriority [1] (win32k.sys)
12e7: 8116d4f0 NtGdiDdDDIGetContextSchedulingPriority [1] (win32k.sys)
12e8: 810974d8 NtGdiDdDDISetProcessSchedulingPriorityClass [2] (win32k.sys)
12e9: 8116d50f NtGdiDdDDIGetProcessSchedulingPriorityClass [2] (win32k.sys)
12ea: 8116d52e NtGdiDdDDIReleaseProcessVidPnSourceOwners [1] (win32k.sys)
12eb: 8116d550 NtGdiDdDDIGetScanLine [1] (win32k.sys)
12ec: 810f385c NtGdiDdDDISetQueuedLimit [1] (win32k.sys)
12ed: 8116d56f NtGdiDdDDIPollDisplayChildren [1] (win32k.sys)
12ee: 8116d58e NtGdiDdDDIInvalidateActiveVidPn [1] (win32k.sys)
12ef: 8116d5ad NtGdiDdDDICheckOcclusion [1] (win32k.sys)
12f0: 8116d5cc NtGdiDdDDIWaitForIdle [1] (win32k.sys)
12f1: 810eabdf NtGdiDdDDICheckMonitorPowerState [1] (win32k.sys)
12f2: 810eac0e NtGdiDdDDICheckExclusiveOwnership [0] (win32k.sys)
12f3: 8116d5eb NtGdiDdDDISetDisplayPrivateDriverFormat [1] (win32k.sys)
12f4: 8116d290 NtGdiDdDDISharedPrimaryLockNotification [1] (win32k.sys)
12f5: 8116d309 NtGdiDdDDISharedPrimaryUnLockNotification [1] (win32k.sys)
12f6: 8105cd9a DxgStubReenableDirectDrawObject [2] (win32k.sys)
12f7: 8111aed7 DefaultHTCallBack [1] (win32k.sys)
12f8: 811966fe NtGdiGetNumberOfPhysicalMonitors [2] (win32k.sys)
12f9: 8119672d NtGdiGetPhysicalMonitors [4] (win32k.sys)
12fa: 81197117 NtGdiGetPhysicalMonitorDescription [3] (win32k.sys)
12fb: 81197389 DestroyPhysicalMonitor [1] (win32k.sys)
12fc: 811971c6 NtGdiDDCCIGetVCPFeature [5] (win32k.sys)
12fd: 81197262 NtGdiDDCCISetVCPFeature [3] (win32k.sys)
12fe: 81197278 NtGdiDDCCISaveCurrentSettings [1] (win32k.sys)
12ff: 81197520 NtGdiDDCCIGetCapabilitiesStringLength [2] (win32k.sys)
1300: 81197589 NtGdiDDCCIGetCapabilitiesString [3] (win32k.sys)
1301: 8119728e NtGdiDDCCIGetTimingReport [2] (win32k.sys)
1302: 8113b2a3 NtUserSetMirrorRendering [2] (win32k.sys)
1303: 8113b324 NtUserShowSystemCursor [1] (win32k.sys)