Results 1 to 4 of 4

Thread: Windows 7 RC syscalls

  1. #1

    Windows 7 RC syscalls

    Code:
    Windows version: 6.1.7100, platform 2, 
    NtQuerySystemInformation ok, kernel base: 000000008284c000
    
    Loading symbols for C:\Windows\system32\ntkrnlpa.exe, please wait...
    Real SSDTS address: 00000000829b4a00
    
    Service tables:
    
    Table #0: 828ac8fc, 0191 entries, params=828acf44, \SystemRoot\system32\ntkrnlpa.exe
    0000: 82a9c686 NtAcceptConnectPort [6] (ntkrnlpa.exe)
    0001: 828fcf04 NtAccessCheck [8] (ntkrnlpa.exe)
    0002: 82a56139 NtAccessCheckAndAuditAlarm [11] (ntkrnlpa.exe)
    0003: 8287097b NtAccessCheckByType [11] (ntkrnlpa.exe)
    0004: 82acf7c6 NtAccessCheckByTypeAndAuditAlarm [16] (ntkrnlpa.exe)
    0005: 829488fe NtAccessCheckByTypeResultList [11] (ntkrnlpa.exe)
    0006: 82b3705d NtAccessCheckByTypeResultListAndAuditAlarm [16] (ntkrnlpa.exe)
    0007: 82b370a6 NtAccessCheckByTypeResultListAndAuditAlarmByHandle [17] (ntkrnlpa.exe)
    0008: 82a4020f NtAddAtom [3] (ntkrnlpa.exe)
    0009: 82b4fa48 NtAddBootEntry [2] (ntkrnlpa.exe)
    000a: 82b50ca1 NtAddDriverEntry [2] (ntkrnlpa.exe)
    000b: 82a4e8d7 NtAdjustGroupsToken [6] (ntkrnlpa.exe)
    000c: 82ab8818 NtAdjustPrivilegesToken [6] (ntkrnlpa.exe)
    000d: 82b29e19 NtAlertResumeThread [2] (ntkrnlpa.exe)
    000e: 82a580e2 NtAlertThread [1] (ntkrnlpa.exe)
    000f: 82a50636 NtAllocateLocallyUniqueId [1] (ntkrnlpa.exe)
    0010: 829e355b NtAllocateReserveObject [3] (ntkrnlpa.exe)
    0011: 82b1c14c NtAllocateUserPhysicalPages [3] (ntkrnlpa.exe)
    0012: 82a4aee6 NtAllocateUuids [4] (ntkrnlpa.exe)
    0013: 82a7952f NtAllocateVirtualMemory [6] (ntkrnlpa.exe)
    0014: 82acb6ee NtAlpcAcceptConnectPort [9] (ntkrnlpa.exe)
    0015: 82a2d497 NtAlpcCancelMessage [3] (ntkrnlpa.exe)
    0016: 82a8a21d NtAlpcConnectPort [11] (ntkrnlpa.exe)
    0017: 82a3e396 NtAlpcCreatePort [3] (ntkrnlpa.exe)
    0018: 82a55ca7 NtAlpcCreatePortSection [6] (ntkrnlpa.exe)
    0019: 82a3f07c NtAlpcCreateResourceReserve [4] (ntkrnlpa.exe)
    001a: 82a5aaef NtAlpcCreateSectionView [3] (ntkrnlpa.exe)
    001b: 82a9c703 NtAlpcCreateSecurityContext [3] (ntkrnlpa.exe)
    001c: 82a9c8db NtAlpcDeletePortSection [3] (ntkrnlpa.exe)
    001d: 82b17101 NtAlpcDeleteResourceReserve [3] (ntkrnlpa.exe)
    001e: 82ad0681 NtAlpcDeleteSectionView [3] (ntkrnlpa.exe)
    001f: 82aa18af NtAlpcDeleteSecurityContext [3] (ntkrnlpa.exe)
    0020: 82ace57a NtAlpcDisconnectPort [2] (ntkrnlpa.exe)
    0021: 82acf45c NtAlpcImpersonateClientOfPort [3] (ntkrnlpa.exe)
    0022: 82a46410 NtAlpcOpenSenderProcess [6] (ntkrnlpa.exe)
    0023: 82a3b7c2 NtAlpcOpenSenderThread [6] (ntkrnlpa.exe)
    0024: 82a50765 NtAlpcQueryInformation [5] (ntkrnlpa.exe)
    0025: 82ab80d2 NtAlpcQueryInformationMessage [6] (ntkrnlpa.exe)
    0026: 82b17225 NtAlpcRevokeSecurityContext [3] (ntkrnlpa.exe)
    0027: 82ab6265 NtAlpcSendWaitReceivePort [8] (ntkrnlpa.exe)
    0028: 82a3cfed NtAlpcSetInformation [4] (ntkrnlpa.exe)
    0029: 82aaea68 NtApphelpCacheControl [2] (ntkrnlpa.exe)
    002a: 82a1c351 NtAreMappedFilesTheSame [2] (ntkrnlpa.exe)
    002b: 82a428e3 NtAssignProcessToJobObject [2] (ntkrnlpa.exe)
    002c: 828ad420 NtCallbackReturn [3] (ntkrnlpa.exe)
    002d: 82a1695c NtCancelIoFile [2] (ntkrnlpa.exe)
    002e: 82a4271e NtCancelIoFileEx [3] (ntkrnlpa.exe)
    002f: 82b074c0 NtCancelSynchronousIoFile [3] (ntkrnlpa.exe)
    0030: 828f34b3 NtCancelTimer [2] (ntkrnlpa.exe)
    0031: 82a6e4cc NtClearEvent [1] (ntkrnlpa.exe)
    0032: 82aabfcd NtClose [1] (ntkrnlpa.exe)
    0033: 82acf6f5 NtCloseObjectAuditAlarm [3] (ntkrnlpa.exe)
    0034: 82b3dfec NtCommitComplete [2] (ntkrnlpa.exe)
    0035: 82b3dd10 NtCommitEnlistment [2] (ntkrnlpa.exe)
    0036: 82a26fb5 NtCommitTransaction [2] (ntkrnlpa.exe)
    0037: 82aec5cb NtCompactKeys [2] (ntkrnlpa.exe)
    0038: 82a3d858 NtCompareTokens [3] (ntkrnlpa.exe)
    0039: 82a3b67d NtCompleteConnectPort [1] (ntkrnlpa.exe)
    003a: 82aec837 NtCompressKey [1] (ntkrnlpa.exe)
    003b: 82a9c659 NtConnectPort [8] (ntkrnlpa.exe)
    003c: 82887efc NtContinue [2] (ntkrnlpa.exe)
    003d: 82afd469 NtCreateDebugObject [4] (ntkrnlpa.exe)
    003e: 82a47f18 NtCreateDirectoryObject [3] (ntkrnlpa.exe)
    003f: 82a13e87 NtCreateEnlistment [8] (ntkrnlpa.exe)
    0040: 82a9d6af NtCreateEvent [5] (ntkrnlpa.exe)
    0041: 82b55748 NtCreateEventPair [3] (ntkrnlpa.exe)
    0042: 82ab5704 NtCreateFile [11] (ntkrnlpa.exe)
    0043: 82a8519f NtCreateIoCompletion [4] (ntkrnlpa.exe)
    0044: 82a3ab8f NtCreateJobObject [3] (ntkrnlpa.exe)
    0045: 82b2bba0 NtCreateJobSet [3] (ntkrnlpa.exe)
    0046: 82ad4b85 NtCreateKey [7] (ntkrnlpa.exe)
    0047: 82ac6246 NtCreateKeyedEvent [4] (ntkrnlpa.exe)
    0048: 82a20bd0 NtCreateKeyTransacted [8] (ntkrnlpa.exe)
    0049: 82a488d2 NtCreateMailslotFile [8] (ntkrnlpa.exe)
    004a: 82ab72d6 NtCreateMutant [4] (ntkrnlpa.exe)
    004b: 82a95993 NtCreateNamedPipeFile [14] (ntkrnlpa.exe)
    004c: 829dac60 NtCreatePagingFile [4] (ntkrnlpa.exe)
    004d: 82a394af NtCreatePort [5] (ntkrnlpa.exe)
    004e: 82a21ae4 NtCreatePrivateNamespace [4] (ntkrnlpa.exe)
    004f: 82b2824b NtCreateProcess [8] (ntkrnlpa.exe)
    0050: 82b28296 NtCreateProcessEx [9] (ntkrnlpa.exe)
    0051: 82b55cbb NtCreateProfile [9] (ntkrnlpa.exe)
    0052: 82960990 NtCreateProfileEx [10] (ntkrnlpa.exe)
    0053: 829eb4f7 NtCreateResourceManager [7] (ntkrnlpa.exe)
    0054: 82a6b106 NtCreateSection [7] (ntkrnlpa.exe)
    0055: 82a9f7bc NtCreateSemaphore [5] (ntkrnlpa.exe)
    0056: 82a47993 NtCreateSymbolicLinkObject [4] (ntkrnlpa.exe)
    0057: 82b28052 NtCreateThread [8] (ntkrnlpa.exe)
    0058: 82ab9756 NtCreateThreadEx [11] (ntkrnlpa.exe)
    0059: 82a46034 NtCreateTimer [4] (ntkrnlpa.exe)
    005a: 82a48494 NtCreateToken [13] (ntkrnlpa.exe)
    005b: 82a21124 NtCreateTransaction [10] (ntkrnlpa.exe)
    005c: 829e7d9e NtCreateTransactionManager [6] (ntkrnlpa.exe)
    005d: 82aa6b0c NtCreateUserProcess [11] (ntkrnlpa.exe)
    005e: 829f0c96 NtCreateWaitablePort [5] (ntkrnlpa.exe)
    005f: 82a9ef8b NtCreateWorkerFactory [10] (ntkrnlpa.exe)
    0060: 82afe322 NtDebugActiveProcess [2] (ntkrnlpa.exe)
    0061: 82afe9df NtDebugContinue [3] (ntkrnlpa.exe)
    0062: 82a6e018 NtDelayExecution [2] (ntkrnlpa.exe)
    0063: 82a40f85 NtDeleteAtom [1] (ntkrnlpa.exe)
    0064: 82b4fa7b NtDeleteBootEntry [1] (ntkrnlpa.exe)
    0065: 82b50cd3 NtDeleteDriverEntry [1] (ntkrnlpa.exe)
    0066: 829e1742 NtDeleteFile [1] (ntkrnlpa.exe)
    0067: 82a30dc0 NtDeleteKey [1] (ntkrnlpa.exe)
    0068: 82ae0fa9 NtDeleteObjectAuditAlarm [3] (ntkrnlpa.exe)
    0069: 82ae6edb NtDeletePrivateNamespace [1] (ntkrnlpa.exe)
    006a: 82ad4cc2 NtDeleteValueKey [2] (ntkrnlpa.exe)
    006b: 82ab645d NtDeviceIoControlFile [10] (ntkrnlpa.exe)
    006c: 82b13f40 NtDisableLastKnownGood [0] (ntkrnlpa.exe)
    006d: 82b4dd43 NtDisplayString [1] (ntkrnlpa.exe)
    006e: 8295f720 NtDrawText [1] (ntkrnlpa.exe)
    006f: 82abc80e NtDuplicateObject [7] (ntkrnlpa.exe)
    0070: 82a872dd NtDuplicateToken [6] (ntkrnlpa.exe)
    0071: 82b14021 NtEnableLastKnownGood [0] (ntkrnlpa.exe)
    0072: 82b4fc7d NtEnumerateBootEntries [2] (ntkrnlpa.exe)
    0073: 82b50ed3 NtEnumerateDriverEntries [2] (ntkrnlpa.exe)
    0074: 82ac4877 NtEnumerateKey [6] (ntkrnlpa.exe)
    0075: 82b4f85b NtEnumerateSystemEnvironmentValuesEx [3] (ntkrnlpa.exe)
    0076: 82b3eb26 NtEnumerateTransactionObject [5] (ntkrnlpa.exe)
    0077: 82a7c369 NtEnumerateValueKey [6] (ntkrnlpa.exe)
    0078: 82b1a335 NtExtendSection [2] (ntkrnlpa.exe)
    0079: 82a354cd NtFilterToken [6] (ntkrnlpa.exe)
    007a: 82a40717 NtFindAtom [3] (ntkrnlpa.exe)
    007b: 82a80e3c NtFlushBuffersFile [2] (ntkrnlpa.exe)
    007c: 829ea64d NtFlushInstallUILanguage [2] (ntkrnlpa.exe)
    007d: 82a41b14 NtFlushInstructionCache [3] (ntkrnlpa.exe)
    007e: 82a287f1 NtFlushKey [1] (ntkrnlpa.exe)
    007f: 82872224 NtFlushProcessWriteBuffers [0] (ntkrnlpa.exe)
    0080: 82a2e754 NtFlushVirtualMemory [4] (ntkrnlpa.exe)
    0081: 82b1d1f7 NtFlushWriteBuffer [0] (ntkrnlpa.exe)
    0082: 82b1c867 NtFreeUserPhysicalPages [3] (ntkrnlpa.exe)
    0083: 828e734d NtFreeVirtualMemory [4] (ntkrnlpa.exe)
    0084: 8291d1e5 NtFreezeRegistry [1] (ntkrnlpa.exe)
    0085: 82b3ef7a NtFreezeTransactions [2] (ntkrnlpa.exe)
    0086: 82ab63c9 NtFsControlFile [10] (ntkrnlpa.exe)
    0087: 82ae3557 NtGetContextThread [2] (ntkrnlpa.exe)
    0088: 82a2ddbd NtGetCurrentProcessorNumber [0] (ntkrnlpa.exe)
    0089: 82ae7f76 NtGetDevicePowerState [2] (ntkrnlpa.exe)
    008a: 82ab2f83 NtGetMUIRegistryInfo [3] (ntkrnlpa.exe)
    008b: 82b2a010 NtGetNextProcess [5] (ntkrnlpa.exe)
    008c: 82ae323b NtGetNextThread [6] (ntkrnlpa.exe)
    008d: 82a4135f NtGetNlsSectionPtr [5] (ntkrnlpa.exe)
    008e: 82b3f0d4 NtGetNotificationResourceManager [7] (ntkrnlpa.exe)
    008f: 82a1318a NtGetPlugPlayEvent [4] (ntkrnlpa.exe)
    0090: 82935f1f NtGetWriteWatch [7] (ntkrnlpa.exe)
    0091: 82a3c02d NtImpersonateAnonymousToken [1] (ntkrnlpa.exe)
    0092: 82b1623f NtImpersonateClientOfPort [2] (ntkrnlpa.exe)
    0093: 82a9ae5c NtImpersonateThread [3] (ntkrnlpa.exe)
    0094: 82a7db6d NtInitializeNlsFiles [3] (ntkrnlpa.exe)
    0095: 829e1595 NtInitializeRegistry [1] (ntkrnlpa.exe)
    0096: 82adc5fb NtInitiatePowerAction [4] (ntkrnlpa.exe)
    0097: 82ae4d2c NtIsProcessInJob [2] (ntkrnlpa.exe)
    0098: 82b253b4 NtIsSystemResumeAutomatic [0] (ntkrnlpa.exe)
    0099: 829e9879 NtIsUILanguageComitted [0] (ntkrnlpa.exe)
    009a: 829db8ff NtListenPort [2] (ntkrnlpa.exe)
    009b: 829dff4c NtLoadDriver [1] (ntkrnlpa.exe)
    009c: 829de194 NtLoadKey [2] (ntkrnlpa.exe)
    009d: 829c9500 NtLoadKey2 [3] (ntkrnlpa.exe)
    009e: 829ef301 NtLoadKeyEx [8] (ntkrnlpa.exe)
    009f: 82a48026 NtLockFile [10] (ntkrnlpa.exe)
    00a0: 829c3f5f NtLockProductActivationKeys [2] (ntkrnlpa.exe)
    00a1: 829bf60e NtLockRegistryKey [1] (ntkrnlpa.exe)
    00a2: 828722f8 NtLockVirtualMemory [4] (ntkrnlpa.exe)
    00a3: 82a1bad1 NtMakePermanentObject [1] (ntkrnlpa.exe)
    00a4: 82a4749c NtMakeTemporaryObject [1] (ntkrnlpa.exe)
    00a5: 82a8222e NtMapCMFModule [6] (ntkrnlpa.exe)
    00a6: 82b1b40d NtMapUserPhysicalPages [3] (ntkrnlpa.exe)
    00a7: 82b1b9e3 NtMapUserPhysicalPagesScatter [3] (ntkrnlpa.exe)
    00a8: 82ac21e3 NtMapViewOfSection [10] (ntkrnlpa.exe)
    00a9: 82b4fc4c NtModifyBootEntry [1] (ntkrnlpa.exe)
    00aa: 82b50ea4 NtModifyDriverEntry [1] (ntkrnlpa.exe)
    00ab: 82a3f320 NtNotifyChangeDirectoryFile [9] (ntkrnlpa.exe)
    00ac: 82ad1c42 NtNotifyChangeKey [10] (ntkrnlpa.exe)
    00ad: 82a99505 NtNotifyChangeMultipleKeys [12] (ntkrnlpa.exe)
    00ae: 829ff9a9 NtNotifyChangeSession [8] (ntkrnlpa.exe)
    00af: 82ac8341 NtOpenDirectoryObject [3] (ntkrnlpa.exe)
    00b0: 829d007c NtOpenEnlistment [5] (ntkrnlpa.exe)
    00b1: 82a9e966 NtOpenEvent [3] (ntkrnlpa.exe)
    00b2: 82b55849 NtOpenEventPair [3] (ntkrnlpa.exe)
    00b3: 82a884d9 NtOpenFile [6] (ntkrnlpa.exe)
    00b4: 82b071bb NtOpenIoCompletion [3] (ntkrnlpa.exe)
    00b5: 82b2b517 NtOpenJobObject [3] (ntkrnlpa.exe)
    00b6: 82aaff64 NtOpenKey [3] (ntkrnlpa.exe)
    00b7: 82acbe36 NtOpenKeyEx [4] (ntkrnlpa.exe)
    00b8: 82b55b7f NtOpenKeyedEvent [3] (ntkrnlpa.exe)
    00b9: 82a1f0c1 NtOpenKeyTransacted [4] (ntkrnlpa.exe)
    00ba: 82a1f051 NtOpenKeyTransactedEx [5] (ntkrnlpa.exe)
    00bb: 82a583e2 NtOpenMutant [3] (ntkrnlpa.exe)
    00bc: 82a2c1da NtOpenObjectAuditAlarm [12] (ntkrnlpa.exe)
    00bd: 82a2e15d NtOpenPrivateNamespace [4] (ntkrnlpa.exe)
    00be: 82acec0d NtOpenProcess [4] (ntkrnlpa.exe)
    00bf: 82a99254 NtOpenProcessToken [3] (ntkrnlpa.exe)
    00c0: 82a871c6 NtOpenProcessTokenEx [4] (ntkrnlpa.exe)
    00c1: 829cddf4 NtOpenResourceManager [5] (ntkrnlpa.exe)
    00c2: 82ac5a93 NtOpenSection [3] (ntkrnlpa.exe)
    00c3: 82a387ab NtOpenSemaphore [3] (ntkrnlpa.exe)
    00c4: 82a54f84 NtOpenSession [3] (ntkrnlpa.exe)
    00c5: 82ac34c9 NtOpenSymbolicLinkObject [3] (ntkrnlpa.exe)
    00c6: 82abe78d NtOpenThread [4] (ntkrnlpa.exe)
    00c7: 82ace64b NtOpenThreadToken [4] (ntkrnlpa.exe)
    00c8: 82ac6019 NtOpenThreadTokenEx [5] (ntkrnlpa.exe)
    00c9: 82b554ef NtOpenTimer [3] (ntkrnlpa.exe)
    00ca: 82b3e2ca NtOpenTransaction [5] (ntkrnlpa.exe)
    00cb: 82b3f56e NtOpenTransactionManager [6] (ntkrnlpa.exe)
    00cc: 82a34592 NtPlugPlayControl [3] (ntkrnlpa.exe)
    00cd: 82a58a4c NtPowerInformation [5] (ntkrnlpa.exe)
    00ce: 82b3de7e NtPrepareComplete [2] (ntkrnlpa.exe)
    00cf: 82b3dba2 NtPrepareEnlistment [2] (ntkrnlpa.exe)
    00d0: 82b3df35 NtPrePrepareComplete [2] (ntkrnlpa.exe)
    00d1: 82b3dc59 NtPrePrepareEnlistment [2] (ntkrnlpa.exe)
    00d2: 82a4b2d5 NtPrivilegeCheck [3] (ntkrnlpa.exe)
    00d3: 82a16591 NtPrivilegedServiceAuditAlarm [5] (ntkrnlpa.exe)
    00d4: 82a1d40b NtPrivilegeObjectAuditAlarm [6] (ntkrnlpa.exe)
    00d5: 82b3fcc4 NtPropagationComplete [4] (ntkrnlpa.exe)
    00d6: 82b3fd89 NtPropagationFailed [3] (ntkrnlpa.exe)
    00d7: 82abdaa3 NtProtectVirtualMemory [5] (ntkrnlpa.exe)
    00d8: 82ae6b4b NtPulseEvent [2] (ntkrnlpa.exe)
    00d9: 82a8800e NtQueryAttributesFile [2] (ntkrnlpa.exe)
    00da: 82b5011e NtQueryBootEntryOrder [2] (ntkrnlpa.exe)
    00db: 82b50563 NtQueryBootOptions [2] (ntkrnlpa.exe)
    00dc: 82900ac8 NtQueryDebugFilterState [2] (ntkrnlpa.exe)
    00dd: 82aa17b4 NtQueryDefaultLocale [2] (ntkrnlpa.exe)
    00de: 829ea335 NtQueryDefaultUILanguage [1] (ntkrnlpa.exe)
    00df: 82a87faa NtQueryDirectoryFile [11] (ntkrnlpa.exe)
    00e0: 82a57255 NtQueryDirectoryObject [7] (ntkrnlpa.exe)
    00e1: 82b50a61 NtQueryDriverEntryOrder [2] (ntkrnlpa.exe)
    00e2: 829de8c9 NtQueryEaFile [9] (ntkrnlpa.exe)
    00e3: 82a40d12 NtQueryEvent [5] (ntkrnlpa.exe)
    00e4: 82a882af NtQueryFullAttributesFile [2] (ntkrnlpa.exe)
    00e5: 82a39366 NtQueryInformationAtom [5] (ntkrnlpa.exe)
    00e6: 82b3d787 NtQueryInformationEnlistment [5] (ntkrnlpa.exe)
    00e7: 82a852a7 NtQueryInformationFile [5] (ntkrnlpa.exe)
    00e8: 82ae24ac NtQueryInformationJobObject [5] (ntkrnlpa.exe)
    00e9: 82b16274 NtQueryInformationPort [5] (ntkrnlpa.exe)
    00ea: 82aa3277 NtQueryInformationProcess [5] (ntkrnlpa.exe)
    00eb: 82b3f1de NtQueryInformationResourceManager [5] (ntkrnlpa.exe)
    00ec: 82aacd02 NtQueryInformationThread [5] (ntkrnlpa.exe)
    00ed: 82a8eb25 NtQueryInformationToken [5] (ntkrnlpa.exe)
    00ee: 82b3e4be NtQueryInformationTransaction [5] (ntkrnlpa.exe)
    00ef: 829c8e60 NtQueryInformationTransactionManager [5] (ntkrnlpa.exe)
    00f0: 8296035d NtQueryInformationWorkerFactory [5] (ntkrnlpa.exe)
    00f1: 82a1db21 NtQueryInstallUILanguage [1] (ntkrnlpa.exe)
    00f2: 82b5601b NtQueryIntervalProfile [2] (ntkrnlpa.exe)
    00f3: 82b0727e NtQueryIoCompletion [5] (ntkrnlpa.exe)
    00f4: 82a7ef2f NtQueryKey [5] (ntkrnlpa.exe)
    00f5: 82a51b23 NtQueryLicenseValue [5] (ntkrnlpa.exe)
    00f6: 82a43d35 NtQueryMultipleValueKey [6] (ntkrnlpa.exe)
    00f7: 82ae30b5 NtQueryMutant [5] (ntkrnlpa.exe)
    00f8: 82a524ef NtQueryObject [5] (ntkrnlpa.exe)
    00f9: 82aec0bd NtQueryOpenSubKeys [2] (ntkrnlpa.exe)
    00fa: 82ad5cae NtQueryOpenSubKeysEx [4] (ntkrnlpa.exe)
    00fb: 82ab71f2 NtQueryPerformanceCounter [2] (ntkrnlpa.exe)
    00fc: 82b2871a NtQueryPortInformationProcess [0] (ntkrnlpa.exe)
    00fd: 82b08861 NtQueryQuotaInformationFile [9] (ntkrnlpa.exe)
    00fe: 82acba99 NtQuerySection [5] (ntkrnlpa.exe)
    00ff: 82a3c587 NtQuerySecurityAttributesToken [6] (ntkrnlpa.exe)
    0100: 82ac78b5 NtQuerySecurityObject [5] (ntkrnlpa.exe)
    0101: 82b4eadc NtQuerySemaphore [5] (ntkrnlpa.exe)
    0102: 82ac356f NtQuerySymbolicLinkObject [3] (ntkrnlpa.exe)
    0103: 82b4ecb3 NtQuerySystemEnvironmentValue [4] (ntkrnlpa.exe)
    0104: 82b4f2a7 NtQuerySystemEnvironmentValueEx [5] (ntkrnlpa.exe)
    0105: 82a8ae66 NtQuerySystemInformation [4] (ntkrnlpa.exe)
    0106: 82a9bdad NtQuerySystemInformationEx [6] (ntkrnlpa.exe)
    0107: 82aa9a4b NtQuerySystemTime [1] (ntkrnlpa.exe)
    0108: 82b555ae NtQueryTimer [5] (ntkrnlpa.exe)
    0109: 82a408a9 NtQueryTimerResolution [3] (ntkrnlpa.exe)
    010a: 82a7b766 NtQueryValueKey [6] (ntkrnlpa.exe)
    010b: 82aa033e NtQueryVirtualMemory [6] (ntkrnlpa.exe)
    010c: 82a8dc95 NtQueryVolumeInformationFile [5] (ntkrnlpa.exe)
    010d: 82a3f2e4 NtQueueApcThread [5] (ntkrnlpa.exe)
    010e: 82a3f1d2 NtQueueApcThreadEx [6] (ntkrnlpa.exe)
    010f: 82887f44 NtRaiseException [3] (ntkrnlpa.exe)
    0110: 82a29d23 NtRaiseHardError [6] (ntkrnlpa.exe)
    0111: 82a807e1 NtReadFile [9] (ntkrnlpa.exe)
    0112: 829e05ae NtReadFileScatter [9] (ntkrnlpa.exe)
    0113: 82b3e158 NtReadOnlyEnlistment [2] (ntkrnlpa.exe)
    0114: 82b16359 NtReadRequestData [6] (ntkrnlpa.exe)
    0115: 82acf14d NtReadVirtualMemory [5] (ntkrnlpa.exe)
    0116: 829d0254 NtRecoverEnlistment [2] (ntkrnlpa.exe)
    0117: 829e853f NtRecoverResourceManager [1] (ntkrnlpa.exe)
    0118: 829e85f4 NtRecoverTransactionManager [1] (ntkrnlpa.exe)
    0119: 82b3fb18 NtRegisterProtocolAddressInformation [5] (ntkrnlpa.exe)
    011a: 82b2954e NtRegisterThreadTerminatePort [1] (ntkrnlpa.exe)
    011b: 82a57e08 NtReleaseKeyedEvent [4] (ntkrnlpa.exe)
    011c: 82a6df1c NtReleaseMutant [2] (ntkrnlpa.exe)
    011d: 82acfb13 NtReleaseSemaphore [3] (ntkrnlpa.exe)
    011e: 828c573b NtReleaseWorkerFactoryWorker [1] (ntkrnlpa.exe)
    011f: 82a4ec9a NtRemoveIoCompletion [5] (ntkrnlpa.exe)
    0120: 82a50b2d NtRemoveIoCompletionEx [6] (ntkrnlpa.exe)
    0121: 82afe46d NtRemoveProcessDebug [2] (ntkrnlpa.exe)
    0122: 82aec303 NtRenameKey [2] (ntkrnlpa.exe)
    0123: 82b3f7b8 NtRenameTransactionManager [2] (ntkrnlpa.exe)
    0124: 82aebe50 NtReplaceKey [3] (ntkrnlpa.exe)
    0125: 829263af NtReplacePartitionUnit [3] (ntkrnlpa.exe)
    0126: 82a432df NtReplyPort [2] (ntkrnlpa.exe)
    0127: 82ac9c2a NtReplyWaitReceivePort [4] (ntkrnlpa.exe)
    0128: 82ac9ae1 NtReplyWaitReceivePortEx [5] (ntkrnlpa.exe)
    0129: 82b16527 NtReplyWaitReplyPort [2] (ntkrnlpa.exe)
    012a: 82a55e84 NtRequestPort [2] (ntkrnlpa.exe)
    012b: 82acc52f NtRequestWaitReplyPort [3] (ntkrnlpa.exe)
    012c: 82a2e98a NtResetEvent [2] (ntkrnlpa.exe)
    012d: 82936570 NtResetWriteWatch [3] (ntkrnlpa.exe)
    012e: 82ae4340 NtRestoreKey [3] (ntkrnlpa.exe)
    012f: 82b29db3 NtResumeProcess [1] (ntkrnlpa.exe)
    0130: 82aa8625 NtResumeThread [2] (ntkrnlpa.exe)
    0131: 82b3e20d NtRollbackComplete [2] (ntkrnlpa.exe)
    0132: 82b3ddc7 NtRollbackEnlistment [2] (ntkrnlpa.exe)
    0133: 829f24ba NtRollbackTransaction [2] (ntkrnlpa.exe)
    0134: 82b3f919 NtRollforwardTransactionManager [2] (ntkrnlpa.exe)
    0135: 82ae4160 NtSaveKey [2] (ntkrnlpa.exe)
    0136: 82ae3a69 NtSaveKeyEx [3] (ntkrnlpa.exe)
    0137: 82aeb173 NtSaveMergedKeys [3] (ntkrnlpa.exe)
    0138: 82a85b9c NtSecureConnectPort [9] (ntkrnlpa.exe)
    0139: 829d8746 NtSerializeBoot [0] (ntkrnlpa.exe)
    013a: 82b5035f NtSetBootEntryOrder [2] (ntkrnlpa.exe)
    013b: 82b5084b NtSetBootOptions [2] (ntkrnlpa.exe)
    013c: 82b2915b NtSetContextThread [2] (ntkrnlpa.exe)
    013d: 829bc8f6 NtSetDebugFilterState [3] (ntkrnlpa.exe)
    013e: 829da6e0 NtSetDefaultHardErrorPort [1] (ntkrnlpa.exe)
    013f: 829f06e3 NtSetDefaultLocale [2] (ntkrnlpa.exe)
    0140: 829ea308 NtSetDefaultUILanguage [1] (ntkrnlpa.exe)
    0141: 82b512d5 NtSetDriverEntryOrder [2] (ntkrnlpa.exe)
    0142: 82b082f4 NtSetEaFile [4] (ntkrnlpa.exe)
    0143: 82a6e403 NtSetEvent [2] (ntkrnlpa.exe)
    0144: 82b4e78b NtSetEventBoostPriority [1] (ntkrnlpa.exe)
    0145: 82b55b15 NtSetHighEventPair [1] (ntkrnlpa.exe)
    0146: 82b55a47 NtSetHighWaitLowEventPair [1] (ntkrnlpa.exe)
    0147: 82afeba5 NtSetInformationDebugObject [5] (ntkrnlpa.exe)
    0148: 82b3d9cc NtSetInformationEnlistment [4] (ntkrnlpa.exe)
    0149: 82a7c649 NtSetInformationFile [5] (ntkrnlpa.exe)
    014a: 82a39c8a NtSetInformationJobObject [4] (ntkrnlpa.exe)
    014b: 82aeb965 NtSetInformationKey [4] (ntkrnlpa.exe)
    014c: 82a9a3bf NtSetInformationObject [4] (ntkrnlpa.exe)
    014d: 82a72f89 NtSetInformationProcess [4] (ntkrnlpa.exe)
    014e: 82b3f3ec NtSetInformationResourceManager [4] (ntkrnlpa.exe)
    014f: 82aa1e3c NtSetInformationThread [4] (ntkrnlpa.exe)
    0150: 82a495d5 NtSetInformationToken [4] (ntkrnlpa.exe)
    0151: 82b3ed26 NtSetInformationTransaction [4] (ntkrnlpa.exe)
    0152: 82b3f9da NtSetInformationTransactionManager [4] (ntkrnlpa.exe)
    0153: 828cc9bc NtSetInformationWorkerFactory [4] (ntkrnlpa.exe)
    0154: 82b55ff8 NtSetIntervalProfile [2] (ntkrnlpa.exe)
    0155: 82a38865 NtSetIoCompletion [5] (ntkrnlpa.exe)
    0156: 82b073a4 NtSetIoCompletionEx [6] (ntkrnlpa.exe)
    0157: 82b2b1d7 NtSetLdtEntries [6] (ntkrnlpa.exe)
    0158: 82b55ab2 NtSetLowEventPair [1] (ntkrnlpa.exe)
    0159: 82b559dc NtSetLowWaitHighEventPair [1] (ntkrnlpa.exe)
    015a: 82b08e75 NtSetQuotaInformationFile [4] (ntkrnlpa.exe)
    015b: 82ac2d52 NtSetSecurityObject [3] (ntkrnlpa.exe)
    015c: 82b4efad NtSetSystemEnvironmentValue [2] (ntkrnlpa.exe)
    015d: 82b4f5bf NtSetSystemEnvironmentValueEx [5] (ntkrnlpa.exe)
    015e: 82aa5a87 NtSetSystemInformation [3] (ntkrnlpa.exe)
    015f: 82b6c365 NtSetSystemPowerState [3] (ntkrnlpa.exe)
    0160: 82ada1e6 NtSetSystemTime [2] (ntkrnlpa.exe)
    0161: 82ae90ee NtSetThreadExecutionState [2] (ntkrnlpa.exe)
    0162: 828c6140 NtSetTimer [7] (ntkrnlpa.exe)
    0163: 828d0620 NtSetTimerEx [4] (ntkrnlpa.exe)
    0164: 82a40057 NtSetTimerResolution [3] (ntkrnlpa.exe)
    0165: 829de68f NtSetUuidSeed [1] (ntkrnlpa.exe)
    0166: 82ab11c5 NtSetValueKey [6] (ntkrnlpa.exe)
    0167: 82b08e8f NtSetVolumeInformationFile [5] (ntkrnlpa.exe)
    0168: 82b4dd01 NtShutdownSystem [1] (ntkrnlpa.exe)
    0169: 82abcb89 NtShutdownWorkerFactory [2] (ntkrnlpa.exe)
    016a: 8291748c NtSignalAndWaitForSingleObject [4] (ntkrnlpa.exe)
    016b: 82b3e0a3 NtSinglePhaseReject [2] (ntkrnlpa.exe)
    016c: 82b55d33 NtStartProfile [1] (ntkrnlpa.exe)
    016d: 82b55f2b NtStopProfile [1] (ntkrnlpa.exe)
    016e: 82b29d53 NtSuspendProcess [1] (ntkrnlpa.exe)
    016f: 82ae365c NtSuspendThread [2] (ntkrnlpa.exe)
    0170: 82ad2233 NtSystemDebugControl [6] (ntkrnlpa.exe)
    0171: 82a40000 NtTerminateJobObject [2] (ntkrnlpa.exe)
    0172: 82aa88f3 NtTerminateProcess [2] (ntkrnlpa.exe)
    0173: 82aa91e9 NtTerminateThread [2] (ntkrnlpa.exe)
    0174: 82abdc24 NtTestAlert [0] (ntkrnlpa.exe)
    0175: 8291d249 NtThawRegistry [0] (ntkrnlpa.exe)
    0176: 82b3f057 NtThawTransactions [0] (ntkrnlpa.exe)
    0177: 82a8444a NtTraceControl [6] (ntkrnlpa.exe)
    0178: 828f79f9 NtTraceEvent [4] (ntkrnlpa.exe)
    0179: 82b514d9 NtTranslateFilePath [4] (ntkrnlpa.exe)
    017a: 82b161ef NtUmsThreadYield [1] (ntkrnlpa.exe)
    017b: 82b09663 NtUnloadDriver [1] (ntkrnlpa.exe)
    017c: 82ad711d NtUnloadKey [1] (ntkrnlpa.exe)
    017d: 82ad7137 NtUnloadKey2 [2] (ntkrnlpa.exe)
    017e: 82aeb30b NtUnloadKeyEx [2] (ntkrnlpa.exe)
    017f: 82a46d77 NtUnlockFile [5] (ntkrnlpa.exe)
    0180: 828f1465 NtUnlockVirtualMemory [4] (ntkrnlpa.exe)
    0181: 82ac2708 NtUnmapViewOfSection [2] (ntkrnlpa.exe)
    0182: 82b42fef NtVdmControl [2] (ntkrnlpa.exe)
    0183: 82afe6c3 NtWaitForDebugEvent [4] (ntkrnlpa.exe)
    0184: 82a576b6 NtWaitForKeyedEvent [4] (ntkrnlpa.exe)
    0185: 82a6dade NtWaitForMultipleObjects [5] (ntkrnlpa.exe)
    0186: 82b1ff8c NtWaitForMultipleObjects32 [5] (ntkrnlpa.exe)
    0187: 82a6d403 NtWaitForSingleObject [3] (ntkrnlpa.exe)
    0188: 828c532d NtWaitForWorkViaWorkerFactory [2] (ntkrnlpa.exe)
    0189: 82b55973 NtWaitHighEventPair [1] (ntkrnlpa.exe)
    018a: 82b5590a NtWaitLowEventPair [1] (ntkrnlpa.exe)
    018b: 8287a6b4 NtWorkerFactoryWorkerReady [1] (ntkrnlpa.exe)
    018c: 82a7d1cc NtWriteFile [9] (ntkrnlpa.exe)
    018d: 82ad6738 NtWriteFileGather [9] (ntkrnlpa.exe)
    018e: 82b163c6 NtWriteRequestData [6] (ntkrnlpa.exe)
    018f: 82acf03d NtWriteVirtualMemory [5] (ntkrnlpa.exe)
    0190: 828e8286 NtYieldExecution [0] (ntkrnlpa.exe)
    
    Table #1: 90485000, 0339 entries, params=9048602c, \SystemRoot\System32\win32k.sys
    1000: 9040efc7 NtGdiAbortDoc [1] (win32k.sys)
    1001: 90426f98 NtGdiAbortPath [1] (win32k.sys)
    1002: 902f5c04 NtGdiAddFontResourceW [6] (win32k.sys)
    1003: 9041cf35 NtGdiAddRemoteFontToDC [4] (win32k.sys)
    1004: 904286de NtGdiAddFontMemResourceEx [5] (win32k.sys)
    1005: 9040f7e4 NtGdiRemoveMergeFont [2] (win32k.sys)
    1006: 9040f878 NtGdiAddRemoteMMInstanceToDC [3] (win32k.sys)
    1007: 90336c47 NtGdiAlphaBlend [12] (win32k.sys)
    1008: 90427f09 NtGdiAngleArc [6] (win32k.sys)
    1009: 90310d0b NtGdiAnyLinkedFonts [0] (win32k.sys)
    100a: 90305328 NtGdiFontIsLinked [1] (win32k.sys)
    100b: 9042a222 NtGdiArcInternal [10] (win32k.sys)
    100c: 904283fa NtGdiBeginGdiRendering [2] (win32k.sys)
    100d: 9042700c NtGdiBeginPath [1] (win32k.sys)
    100e: 90341da1 NtGdiBitBlt [11] (win32k.sys)
    100f: 9042834d NtGdiCancelDC [1] (win32k.sys)
    1010: 9042afc6 NtGdiCheckBitmapBits [8] (win32k.sys)
    1011: 90426f13 NtGdiCloseFigure [1] (win32k.sys)
    1012: 90361675 NtGdiClearBitmapAttributes [2] (win32k.sys)
    1013: 90428484 NtGdiClearBrushAttributes [2] (win32k.sys)
    1014: 9042a9ba NtGdiColorCorrectPalette [6] (win32k.sys)
    1015: 9031c21b NtGdiCombineRgn [4] (win32k.sys)
    1016: 903ae103 NtGdiCombineTransform [3] (win32k.sys)
    1017: 903af2a2 NtGdiComputeXformCoefficients [1] (win32k.sys)
    1018: 9042b9b2 NtGdiConfigureOPMProtectedOutput [4] (win32k.sys)
    1019: 904209c8 NtGdiConvertMetafileRect [2] (win32k.sys)
    101a: 9035389f NtGdiCreateBitmap [5] (win32k.sys)
    101b: 904283ea NtGdiCreateBitmapFromDxSurface [5] (win32k.sys)
    101c: 903ac1df NtGdiCreateClientObj [1] (win32k.sys)
    101d: 9042a87d NtGdiCreateColorSpace [1] (win32k.sys)
    101e: 9042ac47 NtGdiCreateColorTransform [8] (win32k.sys)
    101f: 9032a0cf NtGdiCreateCompatibleBitmap [3] (win32k.sys)
    1020: 9035350e NtGdiCreateCompatibleDC [1] (win32k.sys)
    1021: 9039e0c2 NtGdiCreateDIBBrush [6] (win32k.sys)
    1022: 90325cf8 NtGdiCreateDIBitmapInternal [11] (win32k.sys)
    1023: 903361ab NtGdiCreateDIBSection [9] (win32k.sys)
    1024: 90415892 NtGdiCreateEllipticRgn [4] (win32k.sys)
    1025: 902b4dbd NtGdiCreateHalftonePalette [1] (win32k.sys)
    1026: 9042bd95 NtGdiCreateHatchBrushInternal [3] (win32k.sys)
    1027: 903ac18c NtGdiCreateMetafileDC [1] (win32k.sys)
    1028: 90377bc3 NtGdiCreateOPMProtectedOutputs [5] (win32k.sys)
    1029: 902e78a1 NtGdiCreatePaletteInternal [2] (win32k.sys)
    102a: 9031cd39 NtGdiCreatePatternBrushInternal [3] (win32k.sys)
    102b: 903b2413 NtGdiCreatePen [4] (win32k.sys)
    102c: 902e64dd NtGdiCreateRectRgn [4] (win32k.sys)
    102d: 90307e43 NtGdiCreateRoundRectRgn [6] (win32k.sys)
    102e: 9042c83b NtGdiCreateServerMetaFile [6] (win32k.sys)
    102f: 9035381c NtGdiCreateSolidBrush [2] (win32k.sys)
    1030: 90409058 NtGdiD3dContextCreate [4] (win32k.sys)
    1031: 9040906b NtGdiD3dContextDestroy [1] (win32k.sys)
    1032: 9040907e NtGdiD3dContextDestroyAll [1] (win32k.sys)
    1033: 90409091 NtGdiD3dValidateTextureStageState [1] (win32k.sys)
    1034: 904090a4 NtGdiD3dDrawPrimitives2 [7] (win32k.sys)
    1035: 904090b7 NtGdiDdGetDriverState [1] (win32k.sys)
    1036: 90408d3c NtGdiDdAddAttachedSurface [3] (win32k.sys)
    1037: 904091b9 NtGdiDdAlphaBlt [3] (win32k.sys)
    1038: 90408d4f NtGdiDdAttachSurface [2] (win32k.sys)
    1039: 90409164 NtGdiDdBeginMoCompFrame [2] (win32k.sys)
    103a: 90408d62 NtGdiDdBlt [3] (win32k.sys)
    103b: 90408d75 NtGdiDdCanCreateSurface [2] (win32k.sys)
    103c: 9040902f NtGdiDdCanCreateD3DBuffer [2] (win32k.sys)
    103d: 90408d88 NtGdiDdColorControl [2] (win32k.sys)
    103e: 90399757 NtGdiDdCreateDirectDrawObject [1] (win32k.sys)
    103f: 90408d9b NtGdiDdCreateSurface [8] (win32k.sys)
    1040: 90409019 NtGdiDdCreateD3DBuffer [8] (win32k.sys)
    1041: 90409138 NtGdiDdCreateMoComp [2] (win32k.sys)
    1042: 90408db1 NtGdiDdCreateSurfaceObject [6] (win32k.sys)
    1043: 90408ddd NtGdiDdDeleteDirectDrawObject [1] (win32k.sys)
    1044: 90408dc7 NtGdiDdDeleteSurfaceObject [1] (win32k.sys)
    1045: 9040914e NtGdiDdDestroyMoComp [2] (win32k.sys)
    1046: 90408df3 NtGdiDdDestroySurface [2] (win32k.sys)
    1047: 90409042 NtGdiDdDestroyD3DBuffer [1] (win32k.sys)
    1048: 90409177 NtGdiDdEndMoCompFrame [2] (win32k.sys)
    1049: 90408e09 NtGdiDdFlip [5] (win32k.sys)
    104a: 90408eb9 NtGdiDdFlipToGDISurface [2] (win32k.sys)
    104b: 90408e1f NtGdiDdGetAvailDriverMemory [2] (win32k.sys)
    104c: 90408e35 NtGdiDdGetBltStatus [2] (win32k.sys)
    104d: 90408e4b NtGdiDdGetDC [2] (win32k.sys)
    104e: 90408e61 NtGdiDdGetDriverInfo [2] (win32k.sys)
    104f: 90408fc1 NtGdiDdGetDxHandle [3] (win32k.sys)
    1050: 90408e77 NtGdiDdGetFlipStatus [2] (win32k.sys)
    1051: 90409122 NtGdiDdGetInternalMoCompInfo [2] (win32k.sys)
    1052: 9040910c NtGdiDdGetMoCompBuffInfo [2] (win32k.sys)
    1053: 904090e0 NtGdiDdGetMoCompGuids [2] (win32k.sys)
    1054: 904090f6 NtGdiDdGetMoCompFormats [2] (win32k.sys)
    1055: 90408e8d NtGdiDdGetScanLine [2] (win32k.sys)
    1056: 90408ecf NtGdiDdLock [3] (win32k.sys)
    1057: 90408fed NtGdiDdLockD3D [2] (win32k.sys)
    1058: 90408ee5 NtGdiDdQueryDirectDrawObject [11] (win32k.sys)
    1059: 904091a3 NtGdiDdQueryMoCompStatus [2] (win32k.sys)
    105a: 90408efb NtGdiDdReenableDirectDrawObject [2] (win32k.sys)
    105b: 90408f11 NtGdiDdReleaseDC [1] (win32k.sys)
    105c: 9040918d NtGdiDdRenderMoComp [2] (win32k.sys)
    105d: 90408f27 NtGdiDdResetVisrgn [2] (win32k.sys)
    105e: 90408f3d NtGdiDdSetColorKey [2] (win32k.sys)
    105f: 90408ea3 NtGdiDdSetExclusiveMode [2] (win32k.sys)
    1060: 90408fd7 NtGdiDdSetGammaRamp [3] (win32k.sys)
    1061: 904090ca NtGdiDdCreateSurfaceEx [3] (win32k.sys)
    1062: 90408f53 NtGdiDdSetOverlayPosition [3] (win32k.sys)
    1063: 90408f69 NtGdiDdUnattachSurface [2] (win32k.sys)
    1064: 90408f7f NtGdiDdUnlock [2] (win32k.sys)
    1065: 90409003 NtGdiDdUnlockD3D [2] (win32k.sys)
    1066: 90408f95 NtGdiDdUpdateOverlay [3] (win32k.sys)
    1067: 90408fab NtGdiDdWaitForVerticalBlank [2] (win32k.sys)
    1068: 904091cc NtGdiDvpCanCreateVideoPort [2] (win32k.sys)
    1069: 904091e2 NtGdiDvpColorControl [2] (win32k.sys)
    106a: 904091f8 NtGdiDvpCreateVideoPort [2] (win32k.sys)
    106b: 9040920e NtGdiDvpDestroyVideoPort [2] (win32k.sys)
    106c: 90409224 NtGdiDvpFlipVideoPort [4] (win32k.sys)
    106d: 9040923a NtGdiDvpGetVideoPortBandwidth [2] (win32k.sys)
    106e: 90409250 NtGdiDvpGetVideoPortField [2] (win32k.sys)
    106f: 90409266 NtGdiDvpGetVideoPortFlipStatus [2] (win32k.sys)
    1070: 9040927c NtGdiDvpGetVideoPortInputFormats [2] (win32k.sys)
    1071: 90409292 NtGdiDvpGetVideoPortLine [2] (win32k.sys)
    1072: 904092a8 NtGdiDvpGetVideoPortOutputFormats [2] (win32k.sys)
    1073: 904092be NtGdiDvpGetVideoPortConnectInfo [2] (win32k.sys)
    1074: 904092d4 NtGdiDvpGetVideoSignalStatus [2] (win32k.sys)
    1075: 904092ea NtGdiDvpUpdateVideoPort [4] (win32k.sys)
    1076: 90409300 NtGdiDvpWaitForVideoPortSync [2] (win32k.sys)
    1077: 90409316 NtGdiDvpAcquireNotification [3] (win32k.sys)
    1078: 9040932c NtGdiDvpReleaseNotification [2] (win32k.sys)
    1079: 90408d29 NtGdiDxgGenericThunk [6] (win32k.sys)
    107a: 903ac264 NtGdiDeleteClientObj [1] (win32k.sys)
    107b: 9042a84d NtGdiDeleteColorSpace [1] (win32k.sys)
    107c: 9042aee3 NtGdiDeleteColorTransform [2] (win32k.sys)
    107d: 90334b7d NtGdiDeleteObjectApp [1] (win32k.sys)
    107e: 90429288 NtGdiDescribePixelFormat [4] (win32k.sys)
    107f: 90378ebd NtGdiDestroyOPMProtectedOutput [1] (win32k.sys)
    1080: 9040f4b0 NtGdiGetPerBandInfo [2] (win32k.sys)
    1081: 9040f38b NtGdiDoBanding [4] (win32k.sys)
    1082: 9032531f NtGdiDoPalette [6] (win32k.sys)
    1083: 90427f53 NtGdiDrawEscape [4] (win32k.sys)
    1084: 9042d2c2 NtGdiEllipse [5] (win32k.sys)
    1085: 90281f6b NtGdiEnableEudc [1] (win32k.sys)
    1086: 9040efaf NtGdiEndDoc [1] (win32k.sys)
    1087: 9042840a NtGdiEndGdiRendering [3] (win32k.sys)
    1088: 9040f0d0 NtGdiEndPage [1] (win32k.sys)
    1089: 904270be NtGdiEndPath [1] (win32k.sys)
    108a: 902f7e7e NtGdiEnumFonts [8] (win32k.sys)
    108b: 9042f28f NtGdiEnumObjects [4] (win32k.sys)
    108c: 9038102b NtGdiEqualRgn [2] (win32k.sys)
    108d: 9042f044 NtGdiEudcLoadUnloadLink [7] (win32k.sys)
    108e: 902ea11a NtGdiExcludeClipRect [5] (win32k.sys)
    108f: 9039172c NtGdiExtCreatePen [11] (win32k.sys)
    1090: 902bb04d NtGdiExtCreateRegion [3] (win32k.sys)
    1091: 903ae615 NtGdiExtEscape [8] (win32k.sys)
    1092: 903bd4f5 NtGdiExtFloodFill [5] (win32k.sys)
    1093: 9033509d NtGdiExtGetObjectW [3] (win32k.sys)
    1094: 90336b84 NtGdiExtSelectClipRgn [3] (win32k.sys)
    1095: 90344c05 NtGdiExtTextOutW [9] (win32k.sys)
    1096: 904273a9 NtGdiFillPath [1] (win32k.sys)
    1097: 902c0126 NtGdiFillRgn [3] (win32k.sys)
    1098: 9042711b NtGdiFlattenPath [1] (win32k.sys)
    1099: 9034bcf5 NtGdiFlush [0] (win32k.sys)
    109a: 90429227 NtGdiForceUFIMapping [2] (win32k.sys)
    109b: 9029c6c3 NtGdiFrameRgn [5] (win32k.sys)
    109c: 90419d7b NtGdiFullscreenControl [5] (win32k.sys)
    109d: 903bf3bc NtGdiGetAndSetDCDword [4] (win32k.sys)
    109e: 90338e47 NtGdiGetAppClipBox [2] (win32k.sys)
    109f: 902befd9 NtGdiGetBitmapBits [3] (win32k.sys)
    10a0: 90429163 NtGdiGetBitmapDimension [2] (win32k.sys)
    10a1: 902e3428 NtGdiGetBoundsRect [3] (win32k.sys)
    10a2: 9037847c NtGdiGetCertificate [4] (win32k.sys)
    10a3: 9037837b NtGdiGetCertificateSize [3] (win32k.sys)
    10a4: 902e6870 NtGdiGetCharABCWidthsW [6] (win32k.sys)
    10a5: 904278d1 NtGdiGetCharacterPlacementW [6] (win32k.sys)
    10a6: 90344bf5 NtGdiGetCharSet [1] (win32k.sys)
    10a7: 903b2685 NtGdiGetCharWidthW [6] (win32k.sys)
    10a8: 902bbf52 NtGdiGetCharWidthInfo [2] (win32k.sys)
    10a9: 904281d9 NtGdiGetColorAdjustment [2] (win32k.sys)
    10aa: 9042f7c2 NtGdiGetColorSpaceforBitmap [1] (win32k.sys)
    10ab: 9042b94c NtGdiGetCOPPCompatibleOPMInformation [3] (win32k.sys)
    10ac: 9033656a NtGdiGetDCDword [3] (win32k.sys)
    10ad: 902f7147 NtGdiGetDCforBitmap [1] (win32k.sys)
    10ae: 903411b5 NtGdiGetDCObject [2] (win32k.sys)
    10af: 903bad7c NtGdiGetDCPoint [3] (win32k.sys)
    10b0: 903291bf NtGdiGetDeviceCaps [2] (win32k.sys)
    10b1: 9042b131 NtGdiGetDeviceGammaRamp [2] (win32k.sys)
    10b2: 903a907e NtGdiGetDeviceCapsAll [2] (win32k.sys)
    10b3: 9032183c NtGdiGetDIBitsInternal [9] (win32k.sys)
    10b4: 90430595 NtGdiGetETM [2] (win32k.sys)
    10b5: 9042e4c3 NtGdiGetEudcTimeStampEx [3] (win32k.sys)
    10b6: 902e6ab6 NtGdiGetFontData [5] (win32k.sys)
    10b7: 90430f04 NtGdiGetFontFileData [5] (win32k.sys)
    10b8: 9036be9b NtGdiGetFontFileInfo [5] (win32k.sys)
    10b9: 90428989 NtGdiGetFontResourceInfoInternalW [7] (win32k.sys)
    10ba: 902efc26 NtGdiGetGlyphIndicesW [5] (win32k.sys)
    10bb: 902ecd7c NtGdiGetGlyphIndicesWInternal [6] (win32k.sys)
    10bc: 90428040 NtGdiGetGlyphOutline [8] (win32k.sys)
    10bd: 9037885a NtGdiGetOPMInformation [3] (win32k.sys)
    10be: 903b721b NtGdiGetKerningPairs [3] (win32k.sys)
    10bf: 9040f567 NtGdiGetLinkedUFIs [3] (win32k.sys)
    10c0: 9038fb57 NtGdiGetMiterLimit [2] (win32k.sys)
    10c1: 9039fe3e NtGdiGetMonitorID [3] (win32k.sys)
    10c2: 90307b8c NtGdiGetNearestColor [2] (win32k.sys)
    10c3: 903b6f22 NtGdiGetNearestPaletteIndex [2] (win32k.sys)
    10c4: 9039fb06 NtGdiGetObjectBitmapHandle [2] (win32k.sys)
    10c5: 90378413 NtGdiGetOPMRandomNumber [2] (win32k.sys)
    10c6: 902f4a5e NtGdiGetOutlineTextMetricsInternalW [4] (win32k.sys)
    10c7: 90427727 NtGdiGetPath [4] (win32k.sys)
    10c8: 902fc110 NtGdiGetPixel [3] (win32k.sys)
    10c9: 90336529 NtGdiGetRandomRgn [3] (win32k.sys)
    10ca: 90428155 NtGdiGetRasterizerCaps [2] (win32k.sys)
    10cb: 9030d8fa NtGdiGetRealizationInfo [2] (win32k.sys)
    10cc: 90311307 NtGdiGetRegionData [3] (win32k.sys)
    10cd: 902da404 NtGdiGetRgnBox [2] (win32k.sys)
    10ce: 9042c93b NtGdiGetServerMetaFileBits [7] (win32k.sys)
    10cf: 90409a00 DxgStubDvpUpdateVideoPort [4] (win32k.sys)
    10d0: 904310e7 NtGdiGetStats [5] (win32k.sys)
    10d1: 90350917 NtGdiGetStockObject [1] (win32k.sys)
    10d2: 9042f19b NtGdiGetStringBitmapW [5] (win32k.sys)
    10d3: 90379139 NtGdiGetSuggestedOPMProtectedOutputArraySize [2] (win32k.sys)
    10d4: 9039e4a3 NtGdiGetSystemPaletteUse [1] (win32k.sys)
    10d5: 902e2d0f NtGdiGetTextCharsetInfo [3] (win32k.sys)
    10d6: 904284c4 NtGdiGetTextExtent [5] (win32k.sys)
    10d7: 902dc18d NtGdiGetTextExtentExW [8] (win32k.sys)
    10d8: 903100c1 NtGdiGetTextFaceW [4] (win32k.sys)
    10d9: 902ec399 NtGdiGetTextMetricsW [3] (win32k.sys)
    10da: 902c7c4f NtGdiGetTransform [3] (win32k.sys)
    10db: 90428bc5 NtGdiGetUFI [6] (win32k.sys)
    10dc: 90428ca3 NtGdiGetEmbUFI [7] (win32k.sys)
    10dd: 90428d9d NtGdiGetUFIPathname [10] (win32k.sys)
    10de: 90428b50 NtGdiGetEmbedFonts [0] (win32k.sys)
    10df: 90428b5a NtGdiChangeGhostFont [2] (win32k.sys)
    10e0: 9040e045 NtGdiAddEmbFontToDC [2] (win32k.sys)
    10e1: 90380c82 NtGdiGetFontUnicodeRanges [2] (win32k.sys)
    10e2: 9031175a NtGdiGetWidthTable [7] (win32k.sys)
    10e3: 90394c26 NtGdiGradientFill [6] (win32k.sys)
    10e4: 90322662 NtGdiHfontCreate [5] (win32k.sys)
    10e5: 9042b42e NtGdiIcmBrushInfo [8] (win32k.sys)
    10e6: 9035099a bInitRedirDev [0] (win32k.sys)
    10e7: 90417929 NtGdiInitSpool [0] (win32k.sys)
    10e8: 903367ea NtGdiIntersectClipRect [5] (win32k.sys)
    10e9: 9039d932 NtGdiInvertRgn [2] (win32k.sys)
    10ea: 903ba7e8 NtGdiLineTo [3] (win32k.sys)
    10eb: 90429313 NtGdiMakeFontDir [5] (win32k.sys)
    10ec: 9042f8ee NtGdiMakeInfoDC [2] (win32k.sys)
    10ed: 902e3826 NtGdiMaskBlt [13] (win32k.sys)
    10ee: 902c9a35 NtGdiModifyWorldTransform [3] (win32k.sys)
    10ef: 903a2e0a NtGdiMonoBitmap [1] (win32k.sys)
    10f0: 9042837d NtGdiMoveTo [4] (win32k.sys)
    10f1: 904159c2 NtGdiOffsetClipRgn [3] (win32k.sys)
    10f2: 902da7da NtGdiOffsetRgn [3] (win32k.sys)
    10f3: 902efa9b NtGdiOpenDCW [8] (win32k.sys)
    10f4: 902e22c5 NtGdiPatBlt [6] (win32k.sys)
    10f5: 9033b129 NtGdiPolyPatBlt [5] (win32k.sys)
    10f6: 9042746c NtGdiPathToRegion [1] (win32k.sys)
    10f7: 9037b25b NtGdiPlgBlt [11] (win32k.sys)
    10f8: 90427e13 NtGdiPolyDraw [4] (win32k.sys)
    10f9: 902c0694 NtGdiPolyPolyDraw [5] (win32k.sys)
    10fa: 90360436 NtGdiPolyTextOutW [4] (win32k.sys)
    10fb: 90375369 NtGdiPtInRegion [3] (win32k.sys)
    10fc: 90415b1c NtGdiPtVisible [3] (win32k.sys)
    10fd: 904285f3 NtGdiQueryFonts [3] (win32k.sys)
    10fe: 9035100f NtGdiQueryFontAssocInfo [1] (win32k.sys)
    10ff: 903c3042 NtGdiRectangle [5] (win32k.sys)
    1100: 9036437c NtGdiRectInRegion [2] (win32k.sys)
    1101: 902e8ac0 NtGdiRectVisible [2] (win32k.sys)
    1102: 904287dc NtGdiRemoveFontResourceW [6] (win32k.sys)
    1103: 9042896d NtGdiRemoveFontMemResourceEx [1] (win32k.sys)
    1104: 903b73e7 NtGdiResetDC [5] (win32k.sys)
    1105: 9042c41f NtGdiResizePalette [2] (win32k.sys)
    1106: 902f1111 NtGdiRestoreDC [2] (win32k.sys)
    1107: 903a57d8 NtGdiRoundRect [7] (win32k.sys)
    1108: 902efc16 NtGdiSaveDC [1] (win32k.sys)
    1109: 90420773 NtGdiScaleViewportExtEx [6] (win32k.sys)
    110a: 90429100 NtGdiScaleWindowExtEx [6] (win32k.sys)
    110b: 90352f2c NtGdiSelectBitmap [2] (win32k.sys)
    110c: 9042835d NtGdiSelectBrush [2] (win32k.sys)
    110d: 904272b9 NtGdiSelectClipPath [2] (win32k.sys)
    110e: 90344edd NtGdiSelectFont [2] (win32k.sys)
    110f: 9042836d NtGdiSelectPen [2] (win32k.sys)
    1110: 90292be8 NtGdiSetBitmapAttributes [2] (win32k.sys)
    1111: 902c5185 NtGdiSetBitmapBits [3] (win32k.sys)
    1112: 904291c0 NtGdiSetBitmapDimension [4] (win32k.sys)
    1113: 902e376d NtGdiSetBoundsRect [3] (win32k.sys)
    1114: 90428464 NtGdiSetBrushAttributes [2] (win32k.sys)
    1115: 903ac12f NtGdiSetBrushOrg [4] (win32k.sys)
    1116: 9042822f NtGdiSetColorAdjustment [2] (win32k.sys)
    1117: 9042ab10 NtGdiSetColorSpace [2] (win32k.sys)
    1118: 9042b1b8 NtGdiSetDeviceGammaRamp [2] (win32k.sys)
    1119: 902f5d9d NtGdiSetDIBitsToDeviceInternal [16] (win32k.sys)
    111a: 902f85cf NtGdiSetFontEnumeration [1] (win32k.sys)
    111b: 903ac989 NtGdiSetFontXform [3] (win32k.sys)
    111c: 903ac452 NtGdiSetIcmMode [3] (win32k.sys)
    111d: 9040e9d1 NtGdiSetLinkedUFIs [3] (win32k.sys)
    111e: 90362929 NtGdiSetMagicColors [3] (win32k.sys)
    111f: 903a80fa NtGdiSetMetaRgn [1] (win32k.sys)
    1120: 903a810a NtGdiSetMiterLimit [3] (win32k.sys)
    1121: 904290f0 NtGdiGetDeviceWidth [1] (win32k.sys)
    1122: 904290e0 NtGdiMirrorWindowOrg [1] (win32k.sys)
    1123: 902de63e NtGdiSetLayout [3] (win32k.sys)
    1124: 90378632 NtGdiSetOPMSigningKeyAndSequenceNumbers [2] (win32k.sys)
    1125: 903d0d64 NtGdiSetPixel [4] (win32k.sys)
    1126: 90431e21 NtGdiSetPixelFormat [2] (win32k.sys)
    1127: 904284b4 NtGdiSetRectRgn [5] (win32k.sys)
    1128: 904283da NtGdiSetSystemPaletteUse [2] (win32k.sys)
    1129: 904315a0 NtGdiSetTextJustification [3] (win32k.sys)
    112a: 903a800e NtGdiSetVirtualResolution [5] (win32k.sys)
    112b: 903a7fb8 NtGdiSetSizeDevice [3] (win32k.sys)
    112c: 9040eae0 NtGdiStartDoc [4] (win32k.sys)
    112d: 9040efdf NtGdiStartPage [1] (win32k.sys)
    112e: 903c3b9d NtGdiStretchBlt [12] (win32k.sys)
    112f: 9031bda5 NtGdiStretchDIBitsInternal [16] (win32k.sys)
    1130: 90427551 NtGdiStrokeAndFillPath [1] (win32k.sys)
    1131: 9042764e NtGdiStrokePath [1] (win32k.sys)
    1132: 90431ff6 NtGdiSwapBuffers [1] (win32k.sys)
    1133: 902ddae7 NtGdiTransformPoints [5] (win32k.sys)
    1134: 903b4a68 NtGdiTransparentBlt [11] (win32k.sys)
    1135: 9037ed72 DxgStubEndMoCompFrame [2] (win32k.sys)
    1136: 904286d3 NtGdiUMPDEngFreeUserMem [1] (win32k.sys)
    1137: 904284a4 NtGdiUnrealizeObject [1] (win32k.sys)
    1138: 9042c682 NtGdiUpdateColors [1] (win32k.sys)
    1139: 904271a6 NtGdiWidenPath [1] (win32k.sys)
    113a: 902bf8bb NtUserActivateKeyboardLayout [2] (win32k.sys)
    113b: 903d9b8f NtUserAddClipboardFormatListener [1] (win32k.sys)
    113c: 903d6786 NtUserAlterWindowStyle [3] (win32k.sys)
    113d: 903057cb NtUserAssociateInputContext [3] (win32k.sys)
    113e: 903170ee NtUserAttachThreadInput [3] (win32k.sys)
    113f: 90344664 NtUserBeginPaint [2] (win32k.sys)
    1140: 903b86ae NtUserBitBltSysBmp [8] (win32k.sys)
    1141: 903d44db NtUserBlockInput [1] (win32k.sys)
    1142: 902ea12a NtUserBuildHimcList [4] (win32k.sys)
    1143: 902e515f NtUserBuildHwndList [7] (win32k.sys)
    1144: 902ebaa5 NtUserBuildNameList [4] (win32k.sys)
    1145: 903d6a8d NtUserBuildPropList [4] (win32k.sys)
    1146: 9029dea8 NtUserCallHwnd [2] (win32k.sys)
    1147: 90304851 NtUserCallHwndLock [2] (win32k.sys)
    1148: 9028b4b8 NtUserCallHwndOpt [2] (win32k.sys)
    1149: 90308797 NtUserCallHwndParam [3] (win32k.sys)
    114a: 902dd010 NtUserCallHwndParamLock [3] (win32k.sys)
    114b: 903bc151 NtUserCallMsgFilter [2] (win32k.sys)
    114c: 903a4744 NtUserCallNextHookEx [4] (win32k.sys)
    114d: 903529c9 NtUserCallNoParam [1] (win32k.sys)
    114e: 90351682 NtUserCallOneParam [2] (win32k.sys)
    114f: 90324527 NtUserCallTwoParam [3] (win32k.sys)
    1150: 903b855a NtUserChangeClipboardChain [2] (win32k.sys)
    1151: 9038e7a1 NtUserChangeDisplaySettings [4] (win32k.sys)
    1152: 902a4309 NtUserGetDisplayConfigBufferSizes [3] (win32k.sys)
    1153: 903d6fa4 NtUserSetDisplayConfig [5] (win32k.sys)
    1154: 9029fa08 NtUserQueryDisplayConfig [6] (win32k.sys)
    1155: 9036c049 NtUserDisplayConfigGetDeviceInfo [1] (win32k.sys)
    1156: 903d72b2 NtUserDisplayConfigSetDeviceInfo [1] (win32k.sys)
    1157: 903d9eaf NtUserCheckAccessForIntegrityLevel [3] (win32k.sys)
    1158: 9029e670 NtUserCheckDesktopByThreadId [1] (win32k.sys)
    1159: 903d682b NtUserCheckWindowThreadDesktop [2] (win32k.sys)
    115a: 9037ecbe NtUserCheckMenuItem [3] (win32k.sys)
    115b: 9039de34 NtUserChildWindowFromPointEx [4] (win32k.sys)
    115c: 90371b76 NtUserClipCursor [1] (win32k.sys)
    115d: 903a3f0c NtUserCloseClipboard [0] (win32k.sys)
    115e: 902e550b NtUserCloseDesktop [1] (win32k.sys)
    115f: 902f5941 NtUserCloseWindowStation [1] (win32k.sys)
    1160: 90359a90 NtUserConsoleControl [3] (win32k.sys)
    1161: 90376ebb NtUserConvertMemHandle [2] (win32k.sys)
    1162: 9039aba0 NtUserCopyAcceleratorTable [3] (win32k.sys)
    1163: 9037b39c NtUserCountClipboardFormats [0] (win32k.sys)
    1164: 902bf49a NtUserCreateAcceleratorTable [2] (win32k.sys)
    1165: 903b8cbf NtUserCreateCaret [4] (win32k.sys)
    1166: 9029bf18 NtUserCreateDesktopEx [6] (win32k.sys)
    1167: 9039dbcb NtUserCreateInputContext [1] (win32k.sys)
    1168: 903a435d NtUserCreateLocalMemHandle [4] (win32k.sys)
    1169: 9030a6cf NtUserCreateWindowEx [15] (win32k.sys)
    116a: 9028af2a NtUserCreateWindowStation [8] (win32k.sys)
    116b: 902b49d8 NtUserDdeInitialize [5] (win32k.sys)
    116c: 902e2de6 NtUserDeferWindowPos [8] (win32k.sys)
    116d: 903a3e49 NtUserDefSetText [2] (win32k.sys)
    116e: 902eee50 NtUserDeleteMenu [3] (win32k.sys)
    116f: 903af2ec NtUserDestroyAcceleratorTable [1] (win32k.sys)
    1170: 902f1509 NtUserDestroyCursor [2] (win32k.sys)
    1171: 9039dd38 NtUserDestroyInputContext [1] (win32k.sys)
    1172: 902bf5eb NtUserDestroyMenu [1] (win32k.sys)
    1173: 90327bd4 NtUserDestroyWindow [1] (win32k.sys)
    1174: 902c8658 NtUserDisableThreadIme [1] (win32k.sys)
    1175: 90344aa0 NtUserDispatchMessage [1] (win32k.sys)
    1176: 90281ccc NtUserDoSoundConnect [0] (win32k.sys)
    1177: 9036451d NtUserDoSoundDisconnect [0] (win32k.sys)
    1178: 903d6b87 NtUserDragDetect [3] (win32k.sys)
    1179: 903d52a2 NtUserDragObject [5] (win32k.sys)
    117a: 903d5d5c NtUserDrawAnimatedRects [4] (win32k.sys)
    117b: 903d5e1f NtUserDrawCaption [4] (win32k.sys)
    117c: 903d74c8 NtUserDrawCaptionTemp [7] (win32k.sys)
    117d: 9031585d NtUserDrawIconEx [11] (win32k.sys)
    117e: 903d73f7 NtUserDrawMenuBarTemp [5] (win32k.sys)
    117f: 90375d7e NtUserEmptyClipboard [0] (win32k.sys)
    1180: 903bb3ff NtUserEnableMenuItem [3] (win32k.sys)
    1181: 903bed67 NtUserEnableScrollBar [3] (win32k.sys)
    1182: 902e2d89 NtUserEndDeferWindowPosEx [2] (win32k.sys)
    1183: 902be60b NtUserEndMenu [0] (win32k.sys)
    1184: 90344f81 NtUserEndPaint [2] (win32k.sys)
    1185: 902f048e NtUserEnumDisplayDevices [4] (win32k.sys)
    1186: 902e5947 NtUserEnumDisplayMonitors [4] (win32k.sys)
    1187: 903230fc NtUserEnumDisplaySettings [4] (win32k.sys)
    1188: 903d5404 NtUserEvent [1] (win32k.sys)
    1189: 9039d8f8 NtUserExcludeUpdateRgn [2] (win32k.sys)
    118a: 903ad356 NtUserFillWindow [4] (win32k.sys)
    118b: 9030a32b NtUserFindExistingCursorIcon [3] (win32k.sys)
    118c: 9030dc42 NtUserFindWindowEx [5] (win32k.sys)
    118d: 903b875e NtUserFlashWindowEx [1] (win32k.sys)
    118e: 903d9e5a NtUserFrostCrashedWindow [2] (win32k.sys)
    118f: 903d58ae NtUserGetAltTabInfo [6] (win32k.sys)
    1190: 90322f30 NtUserGetAncestor [2] (win32k.sys)
    1191: 903d88d1 NtUserGetAppImeLevel [1] (win32k.sys)
    1192: 902cbd0c NtUserGetAsyncKeyState [1] (win32k.sys)
    1193: 9030ec80 NtUserGetAtomName [2] (win32k.sys)
    1194: 90307184 NtUserGetCaretBlinkTime [0] (win32k.sys)
    1195: 903b98d9 NtUserGetCaretPos [1] (win32k.sys)
    1196: 90321c11 NtUserGetClassInfoEx [5] (win32k.sys)
    1197: 90321f78 NtUserGetClassName [3] (win32k.sys)
    1198: 903a4244 NtUserGetClipboardData [2] (win32k.sys)
    1199: 903a013a NtUserGetClipboardFormatName [3] (win32k.sys)
    119a: 903b450e NtUserGetClipboardOwner [0] (win32k.sys)
    119b: 903bde95 NtUserGetClipboardSequenceNumber [0] (win32k.sys)
    119c: 903d5f6c NtUserGetClipboardViewer [0] (win32k.sys)
    119d: 903d5c01 NtUserGetClipCursor [1] (win32k.sys)
    119e: 903b7c55 NtUserGetComboBoxInfo [2] (win32k.sys)
    119f: 9039acd4 NtUserGetControlBrush [3] (win32k.sys)
    11a0: 903d5ec8 NtUserGetControlColor [4] (win32k.sys)
    11a1: 902be5bc NtUserGetCPD [3] (win32k.sys)
    11a2: 903b8c13 NtUserGetCursorFrameInfo [4] (win32k.sys)
    11a3: 903d5775 NtUserGetCursorInfo [1] (win32k.sys)
    11a4: 90335fda NtUserGetDC [1] (win32k.sys)
    11a5: 902e71b6 NtUserGetDCEx [3] (win32k.sys)
    11a6: 903159b8 NtUserGetDoubleClickTime [0] (win32k.sys)
    11a7: 902e54cc NtUserGetForegroundWindow [0] (win32k.sys)
    11a8: 903dac57 NtUserGetGuiResources [2] (win32k.sys)
    11a9: 9031c164 NtUserGetGUIThreadInfo [2] (win32k.sys)
    11aa: 9030f43c NtUserGetIconInfo [6] (win32k.sys)
    11ab: 9030f6a6 NtUserGetIconSize [4] (win32k.sys)
    11ac: 903d87a1 NtUserGetImeHotKey [4] (win32k.sys)
    11ad: 902fafd6 NtUserGetImeInfoEx [2] (win32k.sys)
    11ae: 903d6eaa NtUserGetInputLocaleInfo [2] (win32k.sys)
    11af: 903d5512 NtUserGetInternalWindowPos [3] (win32k.sys)
    11b0: 902c6003 NtUserGetKeyboardLayoutList [2] (win32k.sys)
    11b1: 903d6dbd NtUserGetKeyboardLayoutName [1] (win32k.sys)
    11b2: 903c386c NtUserGetKeyboardState [1] (win32k.sys)
    11b3: 903d6d44 NtUserGetKeyNameText [3] (win32k.sys)
    11b4: 902f985d NtUserGetKeyState [1] (win32k.sys)
    11b5: 903d571d NtUserGetListBoxInfo [1] (win32k.sys)
    11b6: 903c7fa5 NtUserGetMenuBarInfo [4] (win32k.sys)
    11b7: 903d5c8b NtUserGetMenuIndex [2] (win32k.sys)
    11b8: 90375379 NtUserGetMenuItemRect [4] (win32k.sys)
    11b9: 9033a93a NtUserGetMessage [4] (win32k.sys)
    11ba: 903d63ed NtUserGetMouseMovePointsEx [5] (win32k.sys)
    11bb: 90319c7b NtUserGetObjectInformation [5] (win32k.sys)
    11bc: 903d5f98 NtUserGetOpenClipboardWindow [0] (win32k.sys)
    11bd: 903d5fc4 NtUserGetPriorityClipboardFormat [2] (win32k.sys)
    11be: 9031fa29 NtUserGetProcessWindowStation [0] (win32k.sys)
    11bf: 903d970e NtUserGetRawInputBuffer [3] (win32k.sys)
    11c0: 903d9144 NtUserGetRawInputData [5] (win32k.sys)
    11c1: 903d92ce NtUserGetRawInputDeviceInfo [4] (win32k.sys)
    11c2: 903d95ae NtUserGetRawInputDeviceList [3] (win32k.sys)
    11c3: 903d96d3 NtUserGetRegisteredRawInputDevices [3] (win32k.sys)
    11c4: 9032b95e NtUserGetScrollBarInfo [3] (win32k.sys)
    11c5: 902f8565 NtUserGetSystemMenu [2] (win32k.sys)
    11c6: 90353702 NtUserGetThreadDesktop [1] (win32k.sys)
    11c7: 9032cc09 NtUserGetThreadState [1] (win32k.sys)
    11c8: 9032c600 NtUserGetTitleBarInfo [2] (win32k.sys)
    11c9: 903d5ab7 NtUserGetTopLevelWindow [1] (win32k.sys)
    11ca: 903d9cda NtUserGetUpdatedClipboardFormats [3] (win32k.sys)
    11cb: 902daebb NtUserGetUpdateRect [3] (win32k.sys)
    11cc: 903b614d NtUserGetUpdateRgn [3] (win32k.sys)
    11cd: 90312644 NtUserGetWindowCompositionInfo [2] (win32k.sys)
    11ce: 90312401 NtUserGetWindowCompositionAttribute [2] (win32k.sys)
    11cf: 9032a351 NtUserGetWindowDC [1] (win32k.sys)
    11d0: 903d5af7 NtUserGetWindowDisplayAffinity [2] (win32k.sys)
    11d1: 903c54ae NtUserGetWindowPlacement [2] (win32k.sys)
    11d2: 903d5489 NtUserGetWOWClass [2] (win32k.sys)
    11d3: 902dae83 NtUserGhostWindowFromHungWindow [1] (win32k.sys)
    11d4: 903da9a8 NtUserHardErrorControl [3] (win32k.sys)
    11d5: 902c35b6 NtUserHideCaret [1] (win32k.sys)
    11d6: 903d6047 NtUserHiliteMenuItem [4] (win32k.sys)
    11d7: 9038b024 NtUserHungWindowFromGhostWindow [1] (win32k.sys)
    11d8: 903d6cd7 NtUserImpersonateDdeClientWindow [2] (win32k.sys)
    11d9: 90297f3c NtUserInitialize [2] (win32k.sys)
    11da: 90285e56 NtUserInitializeClientPfnArrays [4] (win32k.sys)
    11db: 903d55e4 NtUserInitTask [12] (win32k.sys)
    11dc: 9032bd05 NtUserInternalGetWindowText [3] (win32k.sys)
    11dd: 9038b05c NtUserInternalGetWindowIcon [2] (win32k.sys)
    11de: 9034455e NtUserInvalidateRect [3] (win32k.sys)
    11df: 902c6274 NtUserInvalidateRgn [3] (win32k.sys)
    11e0: 903bb3c3 NtUserIsClipboardFormatAvailable [1] (win32k.sys)
    11e1: 902da7a6 NtUserIsTopLevelWindow [1] (win32k.sys)
    11e2: 90344298 NtUserKillTimer [2] (win32k.sys)
    11e3: 9028f70a NtUserLoadKeyboardLayoutEx [8] (win32k.sys)
    11e4: 9029a015 NtUserLockWindowStation [1] (win32k.sys)
    11e5: 903c5844 NtUserLockWindowUpdate [1] (win32k.sys)
    11e6: 903698cd NtUserLockWorkStation [0] (win32k.sys)
    11e7: 903cf963 NtUserLogicalToPhysicalPoint [2] (win32k.sys)
    11e8: 903ce69e NtUserMapVirtualKeyEx [4] (win32k.sys)
    11e9: 903d6643 NtUserMenuItemFromPoint [4] (win32k.sys)
    11ea: 9034314e NtUserMessageCall [7] (win32k.sys)
    11eb: 903d60f2 NtUserMinMaximize [3] (win32k.sys)
    11ec: 903d6218 NtUserMNDragLeave [0] (win32k.sys)
    11ed: 903d6180 NtUserMNDragOver [2] (win32k.sys)
    11ee: 903d6744 NtUserModifyUserStartupInfoFlags [2] (win32k.sys)
    11ef: 902c53a8 NtUserMoveWindow [6] (win32k.sys)
    11f0: 90304cff NtUserNotifyIMEStatus [3] (win32k.sys)
    11f1: 90357732 NtUserNotifyProcessCreate [4] (win32k.sys)
    11f2: 90317a3f NtUserNotifyWinEvent [4] (win32k.sys)
    11f3: 903a3f2b NtUserOpenClipboard [2] (win32k.sys)
    11f4: 902ed158 NtUserOpenDesktop [3] (win32k.sys)
    11f5: 902b519b NtUserOpenInputDesktop [3] (win32k.sys)
    11f6: 903d67d6 NtUserOpenThreadDesktop [4] (win32k.sys)
    11f7: 902edfbf NtUserOpenWindowStation [2] (win32k.sys)
    11f8: 902dee85 NtUserPaintDesktop [1] (win32k.sys)
    11f9: 902de016 NtUserPaintMonitor [3] (win32k.sys)
    11fa: 903436be NtUserPeekMessage [5] (win32k.sys)
    11fb: 903c7a73 NtUserPhysicalToLogicalPoint [2] (win32k.sys)
    11fc: 9032a928 NtUserPostMessage [4] (win32k.sys)
    11fd: 9032cfdc NtUserPostThreadMessage [4] (win32k.sys)
    11fe: 903d90b6 NtUserPrintWindow [3] (win32k.sys)
    11ff: 90353cce NtUserProcessConnect [2] (win32k.sys)
    1200: 90363237 NtUserQueryInformationThread [4] (win32k.sys)
    1201: 90305126 NtUserQueryInputContext [2] (win32k.sys)
    1202: 903d6c33 NtUserQuerySendMessage [1] (win32k.sys)
    1203: 903442d5 NtUserQueryWindow [2] (win32k.sys)
    1204: 903d5870 NtUserRealChildWindowFromPoint [3] (win32k.sys)
    1205: 90344413 NtUserRealInternalGetMessage [6] (win32k.sys)
    1206: 903d6583 NtUserRealWaitMessageEx [2] (win32k.sys)
    1207: 90322c95 NtUserRedrawWindow [4] (win32k.sys)
    1208: 90324d11 NtUserRegisterClassExWOW [7] (win32k.sys)
    1209: 903d9e23 NtUserRegisterErrorReportingDialog [2] (win32k.sys)
    120a: 90292c6b NtUserRegisterUserApiHook [4] (win32k.sys)
    120b: 902e8051 NtUserRegisterHotKey [4] (win32k.sys)
    120c: 902b4e4a NtUserRegisterRawInputDevices [3] (win32k.sys)
    120d: 90281943 NtUserRegisterServicesProcess [1] (win32k.sys)
    120e: 903d56e9 NtUserRegisterTasklist [1] (win32k.sys)
    120f: 902f9ca5 NtUserRegisterWindowMessage [1] (win32k.sys)
    1210: 903d9c70 NtUserRemoveClipboardFormatListener [1] (win32k.sys)
    1211: 902c2409 NtUserRemoveMenu [3] (win32k.sys)
    1212: 90338806 NtUserRemoveProp [2] (win32k.sys)
    1213: 903dab2e NtUserResolveDesktopForWOW [1] (win32k.sys)
    1214: 9032caac NtUserSBGetParms [4] (win32k.sys)
    1215: 90360c18 NtUserScrollDC [7] (win32k.sys)
    1216: 903b2934 NtUserScrollWindowEx [8] (win32k.sys)
    1217: 902f6f5b NtUserSelectPalette [3] (win32k.sys)
    1218: 903c9791 NtUserSendInput [3] (win32k.sys)
    1219: 90317b0f NtUserSetActiveWindow [1] (win32k.sys)
    121a: 903d886b NtUserSetAppImeLevel [2] (win32k.sys)
    121b: 903c39c1 NtUserSetCapture [1] (win32k.sys)
    121c: 9028b91c NtUserSetChildWindowNoActivate [1] (win32k.sys)
    121d: 902c5aae NtUserSetClassLong [4] (win32k.sys)
    121e: 903d6235 NtUserSetClassWord [3] (win32k.sys)
    121f: 90376c84 NtUserSetClipboardData [3] (win32k.sys)
    1220: 903a0be9 NtUserSetClipboardViewer [1] (win32k.sys)
    1221: 90308713 NtUserSetCursor [1] (win32k.sys)
    1222: 903d65fc NtUserSetCursorContents [2] (win32k.sys)
    1223: 90319465 NtUserSetCursorIconData [4] (win32k.sys)
    1224: 9030f596 NtUserSetFocus [1] (win32k.sys)
    1225: 9028f523 NtUserSetImeHotKey [5] (win32k.sys)
    1226: 902849b6 NtUserSetImeInfoEx [1] (win32k.sys)
    1227: 9030fb60 NtUserSetImeOwnerWindow [2] (win32k.sys)
    1228: 902e8b1b NtUserSetInformationThread [4] (win32k.sys)
    1229: 903d59c7 NtUserSetInternalWindowPos [4] (win32k.sys)
    122a: 903c3ae0 NtUserSetKeyboardState [1] (win32k.sys)
    122b: 903d2e63 NtUserSetMenu [3] (win32k.sys)
    122c: 903d5ceb NtUserSetMenuContextHelpId [2] (win32k.sys)
    122d: 9029e440 NtUserSetMenuDefaultItem [3] (win32k.sys)
    122e: 903d5d28 NtUserSetMenuFlagRtoL [1] (win32k.sys)
    122f: 903daa6d NtUserSetObjectInformation [4] (win32k.sys)
    1230: 902ddc01 NtUserSetParent [2] (win32k.sys)
    1231: 902eeb4b NtUserSetProcessWindowStation [1] (win32k.sys)
    1232: 90337b90 NtUserGetProp [2] (win32k.sys)
    1233: 90337c1e NtUserSetProp [3] (win32k.sys)
    1234: 9032ad01 NtUserSetScrollInfo [4] (win32k.sys)
    1235: 9028b53b NtUserSetShellWindowEx [2] (win32k.sys)
    1236: 903625ae NtUserSetSysColors [4] (win32k.sys)
    1237: 903d65c3 NtUserSetSystemCursor [2] (win32k.sys)
    1238: 903a10f5 NtUserSetSystemMenu [2] (win32k.sys)
    1239: 903d6be5 NtUserSetSystemTimer [3] (win32k.sys)
    123a: 902ee0b6 NtUserSetThreadDesktop [1] (win32k.sys)
    123b: 903d8939 NtUserSetThreadLayoutHandles [2] (win32k.sys)
    123c: 903b9c96 NtUserSetThreadState [2] (win32k.sys)
    123d: 903441fd NtUserSetTimer [4] (win32k.sys)
    123e: 903597ee NtUserSetProcessDPIAware [0] (win32k.sys)
    123f: 903071ce NtUserSetWindowCompositionAttribute [2] (win32k.sys)
    1240: 903d5b88 NtUserSetWindowDisplayAffinity [2] (win32k.sys)
    1241: 9030ef15 NtUserSetWindowFNID [2] (win32k.sys)
    1242: 9032c1be NtUserSetWindowLong [4] (win32k.sys)
    1243: 902bf080 NtUserSetWindowPlacement [2] (win32k.sys)
    1244: 90305338 NtUserSetWindowPos [7] (win32k.sys)
    1245: 902c6cda NtUserSetWindowRgn [3] (win32k.sys)
    1246: 902fa9ae NtUserGetWindowRgnEx [3] (win32k.sys)
    1247: 903ab1d6 NtUserSetWindowRgnEx [3] (win32k.sys)
    1248: 903d6271 NtUserSetWindowsHookAW [3] (win32k.sys)
    1249: 902eb066 NtUserSetWindowsHookEx [6] (win32k.sys)
    124a: 9028f555 NtUserSetWindowStationUser [4] (win32k.sys)
    124b: 903ac2bc NtUserSetWindowWord [3] (win32k.sys)
    124c: 90311576 NtUserSetWinEventHook [8] (win32k.sys)
    124d: 902c5c2d NtUserShowCaret [1] (win32k.sys)
    124e: 903b28ab NtUserShowScrollBar [3] (win32k.sys)
    124f: 90304749 NtUserShowWindow [2] (win32k.sys)
    1250: 903d629d NtUserShowWindowAsync [2] (win32k.sys)
    1251: 9038045c NtUserSoundSentry [0] (win32k.sys)
    1252: 9029b445 NtUserSwitchDesktop [2] (win32k.sys)
    1253: 903300a9 NtUserSystemParametersInfo [4] (win32k.sys)
    1254: 903d66e1 NtUserTestForInteractiveUser [1] (win32k.sys)
    1255: 9039e169 NtUserThunkedMenuInfo [2] (win32k.sys)
    1256: 902e6c6e NtUserThunkedMenuItemInfo [6] (win32k.sys)
    1257: 90375159 NtUserToUnicodeEx [7] (win32k.sys)
    1258: 903175fb NtUserTrackMouseEvent [1] (win32k.sys)
    1259: 903763c2 NtUserTrackPopupMenuEx [6] (win32k.sys)
    125a: 90369cd4 NtUserCalculatePopupWindowPosition [5] (win32k.sys)
    125b: 9032c6d3 NtUserCalcMenuBar [5] (win32k.sys)
    125c: 903c86cf NtUserPaintMenuBar [6] (win32k.sys)
    125d: 903c4cc8 NtUserTranslateAccelerator [3] (win32k.sys)
    125e: 903cae40 NtUserTranslateMessage [2] (win32k.sys)
    125f: 903169ff NtUserUnhookWindowsHookEx [1] (win32k.sys)
    1260: 902edb3b NtUserUnhookWinEvent [1] (win32k.sys)
    1261: 903d6b59 NtUserUnloadKeyboardLayout [1] (win32k.sys)
    1262: 9029b911 NtUserUnlockWindowStation [1] (win32k.sys)
    1263: 90328e08 NtUserUnregisterClass [3] (win32k.sys)
    1264: 90292c4e NtUserUnregisterUserApiHook [0] (win32k.sys)
    1265: 903d0a2b NtUserUnregisterHotKey [2] (win32k.sys)
    1266: 9030eec8 NtUserUpdateInputContext [3] (win32k.sys)
    1267: 903d537d NtUserUpdateInstance [3] (win32k.sys)
    1268: 902cc915 NtUserUpdateLayeredWindow [10] (win32k.sys)
    1269: 903d8fe0 NtUserGetLayeredWindowAttributes [4] (win32k.sys)
    126a: 902ddf9e NtUserSetLayeredWindowAttributes [4] (win32k.sys)
    126b: 9028fc46 NtUserUpdatePerUserSystemParameters [1] (win32k.sys)
    126c: 903d689b NtUserUserHandleGrantAccess [3] (win32k.sys)
    126d: 903bfbbb NtUserValidateHandleSecure [1] (win32k.sys)
    126e: 9039aac3 NtUserValidateRect [2] (win32k.sys)
    126f: 9034587b NtUserValidateTimerCallback [1] (win32k.sys)
    1270: 90392dc5 NtUserVkKeyScanEx [3] (win32k.sys)
    1271: 903ab7e0 NtUserWaitForInputIdle [3] (win32k.sys)
    1272: 903d527a NtUserWaitForMsgAndEvent [1] (win32k.sys)
    1273: 90339265 NtUserWaitMessage [0] (win32k.sys)
    1274: 903ccada NtUserWindowFromPhysicalPoint [2] (win32k.sys)
    1275: 903c9ca9 NtUserWindowFromPoint [2] (win32k.sys)
    1276: 903d64b9 NtUserYieldTask [0] (win32k.sys)
    1277: 9028b36f NtUserRemoteConnect [3] (win32k.sys)
    1278: 903d5191 NtUserRemoteRedrawRectangle [4] (win32k.sys)
    1279: 903d51e8 NtUserRemoteRedrawScreen [0] (win32k.sys)
    127a: 903d5238 NtUserRemoteStopScreenUpdates [0] (win32k.sys)
    127b: 903da8d4 NtUserCtxDisplayIOCtl [3] (win32k.sys)
    127c: 90281dd2 NtUserRegisterSessionPort [2] (win32k.sys)
    127d: 903d9983 NtUserUnregisterSessionPort [0] (win32k.sys)
    127e: 903d8eed NtUserUpdateWindowTransform [3] (win32k.sys)
    127f: 902a824a NtUserDwmStartRedirection [1] (win32k.sys)
    1280: 90388e8e NtUserDwmStopRedirection [0] (win32k.sys)
    1281: 902e2f8f NtUserGetWindowMinimizeRect [2] (win32k.sys)
    1282: 90379cfb NtUserSfmDxBindSwapChain [3] (win32k.sys)
    1283: 9037942c NtUserSfmDxOpenSwapChain [4] (win32k.sys)
    1284: 9038a35c NtUserSfmDxReleaseSwapChain [2] (win32k.sys)
    1285: 9038a163 NtUserSfmDxSetSwapChainBindingStatus [2] (win32k.sys)
    1286: 903798e7 NtUserSfmDxQuerySwapChainBindingStatus [3] (win32k.sys)
    1287: 902a4486 NtUserSfmDxReportPendingBindingsToDwm [0] (win32k.sys)
    1288: 90379a95 NtUserSfmDxGetSwapChainStats [2] (win32k.sys)
    1289: 9034d611 NtUserSfmDxSetSwapChainStats [2] (win32k.sys)
    128a: 903d99be NtUserSfmGetLogicalSurfaceBinding [4] (win32k.sys)
    128b: 903d9b07 NtUserSfmDestroyLogicalSurfaceBinding [1] (win32k.sys)
    128c: 903d9fab NtUserModifyWindowTouchCapability [3] (win32k.sys)
    128d: 903da012 NtUserIsTouchWindow [2] (win32k.sys)
    128e: 903da09e NtUserSendTouchInput [4] (win32k.sys)
    128f: 903da1e2 NtUserEndTouchOperation [1] (win32k.sys)
    1290: 903da273 NtUserGetTouchInputInfo [4] (win32k.sys)
    1291: 90310a0f NtUserChangeWindowMessageFilterEx [4] (win32k.sys)
    1292: 903da354 NtUserInjectGesture [5] (win32k.sys)
    1293: 903da520 NtUserGetGestureInfo [2] (win32k.sys)
    1294: 903da5e5 NtUserGetGestureExtArgs [3] (win32k.sys)
    1295: 903da6bf NtUserManageGestureHandlerWindow [2] (win32k.sys)
    1296: 9029d041 NtUserSetGestureConfig [5] (win32k.sys)
    1297: 903da741 NtUserGetGestureConfig [6] (win32k.sys)
    1298: 90433138 NtGdiEngAssociateSurface [3] (win32k.sys)
    1299: 90433249 NtGdiEngCreateBitmap [6] (win32k.sys)
    129a: 904328c3 NtGdiEngCreateDeviceSurface [4] (win32k.sys)
    129b: 90432933 NtGdiEngCreateDeviceBitmap [4] (win32k.sys)
    129c: 903ae418 NtGdiEngCreatePalette [6] (win32k.sys)
    129d: 90436b70 NtGdiEngComputeGlyphSet [3] (win32k.sys)
    129e: 90433c0a NtGdiEngCopyBits [6] (win32k.sys)
    129f: 903bf689 NtGdiEngDeletePalette [1] (win32k.sys)
    12a0: 904331cd NtGdiEngDeleteSurface [1] (win32k.sys)
    12a1: 904333d6 NtGdiEngEraseSurface [3] (win32k.sys)
    12a2: 904333a3 NtGdiEngUnlockSurface [1] (win32k.sys)
    12a3: 9043336c NtGdiEngLockSurface [1] (win32k.sys)
    12a4: 904344d1 NtGdiEngBitBlt [11] (win32k.sys)
    12a5: 90433d9f NtGdiEngStretchBlt [11] (win32k.sys)
    12a6: 904342f1 NtGdiEngPlgBlt [11] (win32k.sys)
    12a7: 904331fa NtGdiEngMarkBandingSurface [1] (win32k.sys)
    12a8: 90434790 NtGdiEngStrokePath [8] (win32k.sys)
    12a9: 90434975 NtGdiEngFillPath [7] (win32k.sys)
    12aa: 90434ad2 NtGdiEngStrokeAndFillPath [10] (win32k.sys)
    12ab: 90434cba NtGdiEngPaint [5] (win32k.sys)
    12ac: 90434dce NtGdiEngLineTo [9] (win32k.sys)
    12ad: 90434ef1 NtGdiEngAlphaBlend [7] (win32k.sys)
    12ae: 9043505c NtGdiEngGradientFill [10] (win32k.sys)
    12af: 90435292 NtGdiEngTransparentBlt [8] (win32k.sys)
    12b0: 904353ea NtGdiEngTextOut [10] (win32k.sys)
    12b1: 90434004 NtGdiEngStretchBltROP [13] (win32k.sys)
    12b2: 90436a71 NtGdiXLATEOBJ_cGetPalette [4] (win32k.sys)
    12b3: 90436b25 NtGdiXLATEOBJ_iXlate [2] (win32k.sys)
    12b4: 90436a2a NtGdiXLATEOBJ_hGetColorTransform [1] (win32k.sys)
    12b5: 90435648 NtGdiCLIPOBJ_bEnum [3] (win32k.sys)
    12b6: 904355c1 NtGdiCLIPOBJ_cEnumStart [5] (win32k.sys)
    12b7: 904334d8 NtGdiCLIPOBJ_ppoGetPath [1] (win32k.sys)
    12b8: 9043350f NtGdiEngDeletePath [1] (win32k.sys)
    12b9: 90433542 NtGdiEngCreateClip [0] (win32k.sys)
    12ba: 9043356d NtGdiEngDeleteClip [1] (win32k.sys)
    12bb: 904357c0 NtGdiBRUSHOBJ_ulGetBrushColor [1] (win32k.sys)
    12bc: 9043572f NtGdiBRUSHOBJ_pvAllocRbrush [2] (win32k.sys)
    12bd: 90435779 NtGdiBRUSHOBJ_pvGetRbrush [1] (win32k.sys)
    12be: 904358a0 NtGdiBRUSHOBJ_hGetColorTransform [1] (win32k.sys)
    12bf: 904358e7 NtGdiXFORMOBJ_bApplyXform [5] (win32k.sys)
    12c0: 90435a3d NtGdiXFORMOBJ_iGetXform [2] (win32k.sys)
    12c1: 90435ae6 NtGdiFONTOBJ_vGetInfo [3] (win32k.sys)
    12c2: 904335a0 NtGdiFONTOBJ_pxoGetXform [1] (win32k.sys)
    12c3: 90435bd4 NtGdiFONTOBJ_cGetGlyphs [5] (win32k.sys)
    12c4: 90436039 NtGdiFONTOBJ_pifi [1] (win32k.sys)
    12c5: 90435e4e NtGdiFONTOBJ_pfdg [1] (win32k.sys)
    12c6: 90435f3b NtGdiFONTOBJ_pQueryGlyphAttrs [2] (win32k.sys)
    12c7: 9043695d NtGdiFONTOBJ_pvTrueTypeFontFile [2] (win32k.sys)
    12c8: 90435d82 NtGdiFONTOBJ_cGetAllGlyphHandles [2] (win32k.sys)
    12c9: 90436259 NtGdiSTROBJ_bEnum [3] (win32k.sys)
    12ca: 90436277 NtGdiSTROBJ_bEnumPositionsOnly [3] (win32k.sys)
    12cb: 90436295 NtGdiSTROBJ_bGetAdvanceWidths [4] (win32k.sys)
    12cc: 9043636f NtGdiSTROBJ_vEnumStart [1] (win32k.sys)
    12cd: 904363ac NtGdiSTROBJ_dwGetCodePage [1] (win32k.sys)
    12ce: 9043648f NtGdiPATHOBJ_vGetBounds [2] (win32k.sys)
    12cf: 90436511 NtGdiPATHOBJ_bEnum [2] (win32k.sys)
    12d0: 90436665 NtGdiPATHOBJ_vEnumStart [1] (win32k.sys)
    12d1: 904366d2 NtGdiPATHOBJ_vEnumStartClipLines [4] (win32k.sys)
    12d2: 904367e5 NtGdiPATHOBJ_bEnumClipLines [3] (win32k.sys)
    12d3: 904335d7 NtGdiGetDhpdev [1] (win32k.sys)
    12d4: 9043360d NtGdiEngCheckAbort [1] (win32k.sys)
    12d5: 9043366f NtGdiHT_Get8BPPFormatPalette [4] (win32k.sys)
    12d6: 904336fa NtGdiHT_Get8BPPMaskPalette [6] (win32k.sys)
    12d7: 9042098d NtGdiUpdateTransform [1] (win32k.sys)
    12d8: 903a63c8 NtGdiSetPUMPDOBJ [4] (win32k.sys)
    12d9: 904363f3 NtGdiBRUSHOBJ_DeleteRbrush [2] (win32k.sys)
    12da: 904286d3 NtGdiUMPDEngFreeUserMem [1] (win32k.sys)
    12db: 90338ae8 NtGdiDrawStream [3] (win32k.sys)
    12dc: 9034c5c4 NtGdiSfmGetNotificationTokens [3] (win32k.sys)
    12dd: 90313154 NtGdiHLSurfGetInformation [4] (win32k.sys)
    12de: 90312f49 NtGdiHLSurfSetInformation [4] (win32k.sys)
    12df: 9031236e NtGdiDdDDICreateAllocation [1] (win32k.sys)
    12e0: 90315b1c NtGdiDdDDIQueryResourceInfo [1] (win32k.sys)
    12e1: 90315d26 NtGdiDdDDIOpenResource [1] (win32k.sys)
    12e2: 903140eb NtGdiDdDDIDestroyAllocation [1] (win32k.sys)
    12e3: 9038f566 NtGdiDdDDISetAllocationPriority [1] (win32k.sys)
    12e4: 903d4b6e NtGdiDdDDIQueryAllocationResidency [1] (win32k.sys)
    12e5: 902b287f NtGdiDdDDICreateDevice [1] (win32k.sys)
    12e6: 903901cf NtGdiDdDDIDestroyDevice [1] (win32k.sys)
    12e7: 902b2860 NtGdiDdDDICreateContext [1] (win32k.sys)
    12e8: 903901b0 NtGdiDdDDIDestroyContext [1] (win32k.sys)
    12e9: 903799c8 NtGdiDdDDICreateSynchronizationObject [1] (win32k.sys)
    12ea: 9040950d NtGdiDdDDIOpenSynchronizationObject [1] (win32k.sys)
    12eb: 90378f5a NtGdiDdDDIDestroySynchronizationObject [1] (win32k.sys)
    12ec: 90379c19 NtGdiDdDDIWaitForSynchronizationObject [1] (win32k.sys)
    12ed: 903799a9 NtGdiDdDDISignalSynchronizationObject [1] (win32k.sys)
    12ee: 9040952c NtGdiDdDDIGetRuntimeData [1] (win32k.sys)
    12ef: 902b2841 NtGdiDdDDIQueryAdapterInfo [1] (win32k.sys)
    12f0: 902f06a0 NtGdiDdDDILock [1] (win32k.sys)
    12f1: 902f06bf NtGdiDdDDIUnlock [1] (win32k.sys)
    12f2: 9038fbb8 NtGdiDdDDIGetDisplayModeList [1] (win32k.sys)
    12f3: 902b2010 NtGdiDdDDISetDisplayMode [1] (win32k.sys)
    12f4: 9040954b NtGdiDdDDIGetMultisampleMethodList [1] (win32k.sys)
    12f5: 9034d5e8 NtGdiDdDDIPresent [1] (win32k.sys)
    12f6: 9034d413 NtGdiDdDDIRender [1] (win32k.sys)
    12f7: 902a8e7f NtGdiDdDDIOpenAdapterFromDeviceName [1] (win32k.sys)
    12f8: 902b266d NtGdiDdDDIOpenAdapterFromHdc [1] (win32k.sys)
    12f9: 902b2147 NtGdiDdDDICloseAdapter [1] (win32k.sys)
    12fa: 90382ee3 NtGdiDdDDIGetSharedPrimaryHandle [1] (win32k.sys)
    12fb: 902b20db NtGdiDdDDIEscape [1] (win32k.sys)
    12fc: 9040956a NtGdiDdDDIQueryStatistics [1] (win32k.sys)
    12fd: 902af72a NtGdiDdDDISetVidPnSourceOwner [1] (win32k.sys)
    12fe: 9034c71c NtGdiDdDDIGetPresentHistory [1] (win32k.sys)
    12ff: 902a7a8d NtGdiDdDDIGetPresentQueueEvent [2] (win32k.sys)
    1300: 90409589 NtGdiDdDDICreateOverlay [1] (win32k.sys)
    1301: 904095a8 NtGdiDdDDIUpdateOverlay [1] (win32k.sys)
    1302: 904095c7 NtGdiDdDDIFlipOverlay [1] (win32k.sys)
    1303: 904095e6 NtGdiDdDDIDestroyOverlay [1] (win32k.sys)
    1304: 90347808 NtGdiDdDDIWaitForVerticalBlankEvent [1] (win32k.sys)
    1305: 90409605 NtGdiDdDDISetGammaRamp [1] (win32k.sys)
    1306: 9034d32b NtGdiDdDDIGetDeviceState [1] (win32k.sys)
    1307: 90370513 NtGdiDdDDICreateDCFromMemory [1] (win32k.sys)
    1308: 90371a50 NtGdiDdDDIDestroyDCFromMemory [1] (win32k.sys)
    1309: 90390403 NtGdiDdDDISetContextSchedulingPriority [1] (win32k.sys)
    130a: 90409624 NtGdiDdDDIGetContextSchedulingPriority [1] (win32k.sys)
    130b: 902a739c NtGdiDdDDISetProcessSchedulingPriorityClass [2] (win32k.sys)
    130c: 90409643 NtGdiDdDDIGetProcessSchedulingPriorityClass [2] (win32k.sys)
    130d: 90409662 NtGdiDdDDIReleaseProcessVidPnSourceOwners [1] (win32k.sys)
    130e: 903799fa NtGdiDdDDIGetScanLine [1] (win32k.sys)
    130f: 90378fd3 NtGdiDdDDISetQueuedLimit [1] (win32k.sys)
    1310: 9040969a NtGdiDdDDIPollDisplayChildren [1] (win32k.sys)
    1311: 904096b9 NtGdiDdDDIInvalidateActiveVidPn [1] (win32k.sys)
    1312: 904096d8 NtGdiDdDDICheckOcclusion [1] (win32k.sys)
    1313: 904096f7 NtGdiDdDDIWaitForIdle [1] (win32k.sys)
    1314: 9034d5b9 NtGdiDdDDICheckMonitorPowerState [1] (win32k.sys)
    1315: 903799e7 NtGdiDdDDICheckExclusiveOwnership [0] (win32k.sys)
    1316: 90409716 NtGdiDdDDISetDisplayPrivateDriverFormat [1] (win32k.sys)
    1317: 9040a8ba NtGdiDdDDISharedPrimaryLockNotification [1] (win32k.sys)
    1318: 9040a929 NtGdiDdDDISharedPrimaryUnLockNotification [1] (win32k.sys)
    1319: 90409735 NtGdiDdDDICreateKeyedMutex [1] (win32k.sys)
    131a: 90409754 NtGdiDdDDIOpenKeyedMutex [1] (win32k.sys)
    131b: 90409773 NtGdiDdDDIDestroyKeyedMutex [1] (win32k.sys)
    131c: 90409792 NtGdiDdDDIAcquireKeyedMutex [1] (win32k.sys)
    131d: 904097b1 NtGdiDdDDIReleaseKeyedMutex [1] (win32k.sys)
    131e: 903795a3 NtGdiDdDDIConfigureSharedResource [1] (win32k.sys)
    131f: 904097d0 NtGdiDdDDIGetOverlayState [1] (win32k.sys)
    1320: 9034d3f4 NtGdiDdDDICheckVidPnExclusiveOwnership [1] (win32k.sys)
    1321: 903796b4 NtGdiDdDDICheckSharedResourceAccess [1] (win32k.sys)
    1322: 9037ed72 DxgStubEndMoCompFrame [2] (win32k.sys)
    1323: 9039fab3 DxgStubContextDestroyAll [1] (win32k.sys)
    1324: 90436f0d NtGdiGetNumberOfPhysicalMonitors [2] (win32k.sys)
    1325: 90436f3c NtGdiGetPhysicalMonitors [4] (win32k.sys)
    1326: 904378e5 NtGdiGetPhysicalMonitorDescription [3] (win32k.sys)
    1327: 90437bf9 NtGdiDestroyPhysicalMonitor [1] (win32k.sys)
    1328: 9043798a NtGdiDDCCIGetVCPFeature [5] (win32k.sys)
    1329: 90437a1c NtGdiDDCCISetVCPFeature [3] (win32k.sys)
    132a: 90437a32 NtGdiDDCCISaveCurrentSettings [1] (win32k.sys)
    132b: 90437d9c NtGdiDDCCIGetCapabilitiesStringLength [2] (win32k.sys)
    132c: 90437dfb NtGdiDDCCIGetCapabilitiesString [3] (win32k.sys)
    132d: 90437a48 NtGdiDDCCIGetTimingReport [2] (win32k.sys)
    132e: 90409a17 NtGdiDdCreateFullscreenSprite [4] (win32k.sys)
    132f: 90409a27 NtGdiDdNotifyFullscreenSpriteUpdate [2] (win32k.sys)
    1330: 90409a37 NtGdiDdDestroyFullscreenSprite [2] (win32k.sys)
    1331: 90409a47 DxEngVisRgnUniq [0] (win32k.sys)
    1332: 903d6320 NtUserSetMirrorRendering [2] (win32k.sys)
    1333: 903d63a5 NtUserShowSystemCursor [1] (win32k.sys)
    1334: 90391b40 NtUserMagControl [2] (win32k.sys)
    1335: 903a1f9f NtUserMagSetContextInformation [4] (win32k.sys)
    1336: 903a2ff0 NtUserMagGetContextInformation [4] (win32k.sys)
    1337: 9038f79a NtUserHwndQueryRedirectionInfo [4] (win32k.sys)
    1338: 90380814 NtUserHwndSetRedirectionInfo [4] (win32k.sys)
    https://www.openrce.org/blog/view/1470/Windows_7_RC_syscalls

  2. #2
    thanks

    EPROCESS :
    Code:
              typedef struct _EPROCESS                                               // 133 elements, 0x2C0 bytes (sizeof) 
              {                                                                                                            
    /*0x000*/     struct _KPROCESS Pcb;                                              // 34 elements, 0x98 bytes (sizeof)   
    /*0x098*/     struct _EX_PUSH_LOCK ProcessLock;                                  // 7 elements, 0x4 bytes (sizeof)     
    /*0x09C*/     UINT8        _PADDING0_[0x4];                                                                            
    /*0x0A0*/     union _LARGE_INTEGER CreateTime;                                   // 4 elements, 0x8 bytes (sizeof)     
    /*0x0A8*/     union _LARGE_INTEGER ExitTime;                                     // 4 elements, 0x8 bytes (sizeof)     
    /*0x0B0*/     struct _EX_RUNDOWN_REF RundownProtect;                             // 2 elements, 0x4 bytes (sizeof)     
    /*0x0B4*/     VOID*        UniqueProcessId;                                                                            
    /*0x0B8*/     struct _LIST_ENTRY ActiveProcessLinks;                             // 2 elements, 0x8 bytes (sizeof)     
    /*0x0C0*/     ULONG32      ProcessQuotaUsage[2];                                                                       
    /*0x0C8*/     ULONG32      ProcessQuotaPeak[2];                                                                        
    /*0x0D0*/     ULONG32      CommitCharge;                                                                               
    /*0x0D4*/     struct _EPROCESS_QUOTA_BLOCK* QuotaBlock;                                                                
    /*0x0D8*/     struct _PS_CPU_QUOTA_BLOCK* CpuQuotaBlock;                                                               
    /*0x0DC*/     ULONG32      PeakVirtualSize;                                                                            
    /*0x0E0*/     ULONG32      VirtualSize;                                                                                
    /*0x0E4*/     struct _LIST_ENTRY SessionProcessLinks;                            // 2 elements, 0x8 bytes (sizeof)     
    /*0x0EC*/     VOID*        DebugPort;                                                                                  
                  union                                                              // 3 elements, 0x4 bytes (sizeof)     
                  {                                                                                                        
    /*0x0F0*/         VOID*        ExceptionPortData;                                                                      
    /*0x0F0*/         ULONG32      ExceptionPortValue;                                                                     
    /*0x0F0*/         ULONG32      ExceptionPortState : 3;                           // 0 BitPosition                      
                  };                                                                                                       
    /*0x0F4*/     struct _HANDLE_TABLE* ObjectTable;                                                                       
    /*0x0F8*/     struct _EX_FAST_REF Token;                                         // 3 elements, 0x4 bytes (sizeof)     
    /*0x0FC*/     ULONG32      WorkingSetPage;                                                                             
    /*0x100*/     struct _EX_PUSH_LOCK AddressCreationLock;                          // 7 elements, 0x4 bytes (sizeof)     
    /*0x104*/     struct _ETHREAD* RotateInProgress;                                                                       
    /*0x108*/     struct _ETHREAD* ForkInProgress;                                                                         
    /*0x10C*/     ULONG32      HardwareTrigger;                                                                            
    /*0x110*/     struct _MM_AVL_TABLE* PhysicalVadRoot;                                                                   
    /*0x114*/     VOID*        CloneRoot;                                                                                  
    /*0x118*/     ULONG32      NumberOfPrivatePages;                                                                       
    /*0x11C*/     ULONG32      NumberOfLockedPages;                                                                        
    /*0x120*/     VOID*        Win32Process;                                                                               
    /*0x124*/     struct _EJOB* Job;                                                                                       
    /*0x128*/     VOID*        SectionObject;                                                                              
    /*0x12C*/     VOID*        SectionBaseAddress;                                                                         
    /*0x130*/     ULONG32      Cookie;                                                                                     
    /*0x134*/     ULONG32      Spare8;                                                                                     
    /*0x138*/     struct _PAGEFAULT_HISTORY* WorkingSetWatch;                                                              
    /*0x13C*/     VOID*        Win32WindowStation;                                                                         
    /*0x140*/     VOID*        InheritedFromUniqueProcessId;                                                               
    /*0x144*/     VOID*        LdtInformation;                                                                             
    /*0x148*/     VOID*        VdmObjects;                                                                                 
    /*0x14C*/     ULONG32      ConsoleHostProcess;                                                                         
    /*0x150*/     VOID*        DeviceMap;                                                                                  
    /*0x154*/     VOID*        EtwDataSource;                                                                              
    /*0x158*/     VOID*        FreeTebHint;                                                                                
    /*0x15C*/     UINT8        _PADDING1_[0x4];                                                                            
                  union                                                              // 2 elements, 0x8 bytes (sizeof)     
                  {                                                                                                        
    /*0x160*/         struct _HARDWARE_PTE PageDirectoryPte;                         // 16 elements, 0x8 bytes (sizeof)    
    /*0x160*/         UINT64       Filler;                                                                                 
                  };                                                                                                       
    /*0x168*/     VOID*        Session;                                                                                    
    /*0x16C*/     UINT8        ImageFileName[15];                                                                          
    /*0x17B*/     UINT8        PriorityClass;                                                                              
    /*0x17C*/     struct _LIST_ENTRY JobLinks;                                       // 2 elements, 0x8 bytes (sizeof)     
    /*0x184*/     VOID*        LockedPagesList;                                                                            
    /*0x188*/     struct _LIST_ENTRY ThreadListHead;                                 // 2 elements, 0x8 bytes (sizeof)     
    /*0x190*/     VOID*        SecurityPort;                                                                               
    /*0x194*/     VOID*        PaeTop;                                                                                     
    /*0x198*/     ULONG32      ActiveThreads;                                                                              
    /*0x19C*/     ULONG32      ImagePathHash;                                                                              
    /*0x1A0*/     ULONG32      DefaultHardErrorProcessing;                                                                 
    /*0x1A4*/     LONG32       LastThreadExitStatus;                                                                       
    /*0x1A8*/     struct _PEB* Peb;                                                                                        
    /*0x1AC*/     struct _EX_FAST_REF PrefetchTrace;                                 // 3 elements, 0x4 bytes (sizeof)     
    /*0x1B0*/     union _LARGE_INTEGER ReadOperationCount;                           // 4 elements, 0x8 bytes (sizeof)     
    /*0x1B8*/     union _LARGE_INTEGER WriteOperationCount;                          // 4 elements, 0x8 bytes (sizeof)     
    /*0x1C0*/     union _LARGE_INTEGER OtherOperationCount;                          // 4 elements, 0x8 bytes (sizeof)     
    /*0x1C8*/     union _LARGE_INTEGER ReadTransferCount;                            // 4 elements, 0x8 bytes (sizeof)     
    /*0x1D0*/     union _LARGE_INTEGER WriteTransferCount;                           // 4 elements, 0x8 bytes (sizeof)     
    /*0x1D8*/     union _LARGE_INTEGER OtherTransferCount;                           // 4 elements, 0x8 bytes (sizeof)     
    /*0x1E0*/     ULONG32      CommitChargeLimit;                                                                          
    /*0x1E4*/     ULONG32      CommitChargePeak;                                                                           
    /*0x1E8*/     VOID*        AweInfo;                                                                                    
    /*0x1EC*/     struct _SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo; // 1 elements, 0x4 bytes (sizeof)     
    /*0x1F0*/     struct _MMSUPPORT Vm;                                              // 21 elements, 0x6C bytes (sizeof)   
    /*0x25C*/     struct _LIST_ENTRY MmProcessLinks;                                 // 2 elements, 0x8 bytes (sizeof)     
    /*0x264*/     ULONG32      ModifiedPageCount;                                                                          
                  union                                                              // 2 elements, 0x4 bytes (sizeof)     
                  {                                                                                                        
    /*0x268*/         ULONG32      Flags2;                                                                                 
                      struct                                                         // 20 elements, 0x4 bytes (sizeof)    
                      {                                                                                                    
    /*0x268*/             ULONG32      JobNotReallyActive : 1;                       // 0 BitPosition                      
    /*0x268*/             ULONG32      AccountingFolded : 1;                         // 1 BitPosition                      
    /*0x268*/             ULONG32      NewProcessReported : 1;                       // 2 BitPosition                      
    /*0x268*/             ULONG32      ExitProcessReported : 1;                      // 3 BitPosition                      
    /*0x268*/             ULONG32      ReportCommitChanges : 1;                      // 4 BitPosition                      
    /*0x268*/             ULONG32      LastReportMemory : 1;                         // 5 BitPosition                      
    /*0x268*/             ULONG32      ReportPhysicalPageChanges : 1;                // 6 BitPosition                      
    /*0x268*/             ULONG32      HandleTableRundown : 1;                       // 7 BitPosition                      
    /*0x268*/             ULONG32      NeedsHandleRundown : 1;                       // 8 BitPosition                      
    /*0x268*/             ULONG32      RefTraceEnabled : 1;                          // 9 BitPosition                      
    /*0x268*/             ULONG32      NumaAware : 1;                                // 10 BitPosition                     
    /*0x268*/             ULONG32      ProtectedProcess : 1;                         // 11 BitPosition                     
    /*0x268*/             ULONG32      DefaultPagePriority : 3;                      // 12 BitPosition                     
    /*0x268*/             ULONG32      PrimaryTokenFrozen : 1;                       // 15 BitPosition                     
    /*0x268*/             ULONG32      ProcessVerifierTarget : 1;                    // 16 BitPosition                     
    /*0x268*/             ULONG32      StackRandomizationDisabled : 1;               // 17 BitPosition                     
    /*0x268*/             ULONG32      AffinityPermanent : 1;                        // 18 BitPosition                     
    /*0x268*/             ULONG32      AffinityUpdateEnable : 1;                     // 19 BitPosition                     
    /*0x268*/             ULONG32      PropagateNode : 1;                            // 20 BitPosition                     
    /*0x268*/             ULONG32      ExplicitAffinity : 1;                         // 21 BitPosition                     
                      };                                                                                                   
                  };                                                                                                       
                  union                                                              // 2 elements, 0x4 bytes (sizeof)     
                  {                                                                                                        
    /*0x26C*/         ULONG32      Flags;                                                                                  
                      struct                                                         // 29 elements, 0x4 bytes (sizeof)    
                      {                                                                                                    
    /*0x26C*/             ULONG32      CreateReported : 1;                           // 0 BitPosition                      
    /*0x26C*/             ULONG32      NoDebugInherit : 1;                           // 1 BitPosition                      
    /*0x26C*/             ULONG32      ProcessExiting : 1;                           // 2 BitPosition                      
    /*0x26C*/             ULONG32      ProcessDelete : 1;                            // 3 BitPosition                      
    /*0x26C*/             ULONG32      Wow64SplitPages : 1;                          // 4 BitPosition                      
    /*0x26C*/             ULONG32      VmDeleted : 1;                                // 5 BitPosition                      
    /*0x26C*/             ULONG32      OutswapEnabled : 1;                           // 6 BitPosition                      
    /*0x26C*/             ULONG32      Outswapped : 1;                               // 7 BitPosition                      
    /*0x26C*/             ULONG32      ForkFailed : 1;                               // 8 BitPosition                      
    /*0x26C*/             ULONG32      Wow64VaSpace4Gb : 1;                          // 9 BitPosition                      
    /*0x26C*/             ULONG32      AddressSpaceInitialized : 2;                  // 10 BitPosition                     
    /*0x26C*/             ULONG32      SetTimerResolution : 1;                       // 12 BitPosition                     
    /*0x26C*/             ULONG32      BreakOnTermination : 1;                       // 13 BitPosition                     
    /*0x26C*/             ULONG32      DeprioritizeViews : 1;                        // 14 BitPosition                     
    /*0x26C*/             ULONG32      WriteWatch : 1;                               // 15 BitPosition                     
    /*0x26C*/             ULONG32      ProcessInSession : 1;                         // 16 BitPosition                     
    /*0x26C*/             ULONG32      OverrideAddressSpace : 1;                     // 17 BitPosition                     
    /*0x26C*/             ULONG32      HasAddressSpace : 1;                          // 18 BitPosition                     
    /*0x26C*/             ULONG32      LaunchPrefetched : 1;                         // 19 BitPosition                     
    /*0x26C*/             ULONG32      InjectInpageErrors : 1;                       // 20 BitPosition                     
    /*0x26C*/             ULONG32      VmTopDown : 1;                                // 21 BitPosition                     
    /*0x26C*/             ULONG32      ImageNotifyDone : 1;                          // 22 BitPosition                     
    /*0x26C*/             ULONG32      PdeUpdateNeeded : 1;                          // 23 BitPosition                     
    /*0x26C*/             ULONG32      VdmAllowed : 1;                               // 24 BitPosition                     
    /*0x26C*/             ULONG32      CrossSessionCreate : 1;                       // 25 BitPosition                     
    /*0x26C*/             ULONG32      ProcessInserted : 1;                          // 26 BitPosition                     
    /*0x26C*/             ULONG32      DefaultIoPriority : 3;                        // 27 BitPosition                     
    /*0x26C*/             ULONG32      ProcessSelfDelete : 1;                        // 30 BitPosition                     
    /*0x26C*/             ULONG32      SetTimerResolutionLink : 1;                   // 31 BitPosition                     
                      };                                                                                                   
                  };                                                                                                       
    /*0x270*/     LONG32       ExitStatus;                                                                                 
    /*0x274*/     struct _MM_AVL_TABLE VadRoot;                                      // 6 elements, 0x20 bytes (sizeof)    
    /*0x294*/     struct _ALPC_PROCESS_CONTEXT AlpcContext;                          // 3 elements, 0x10 bytes (sizeof)    
    /*0x2A4*/     struct _LIST_ENTRY TimerResolutionLink;                            // 2 elements, 0x8 bytes (sizeof)     
    /*0x2AC*/     ULONG32      RequestedTimerResolution;                                                                   
    /*0x2B0*/     ULONG32      ActiveThreadsHighWatermark;                                                                 
    /*0x2B4*/     ULONG32      SmallestTimerResolution;                                                                    
    /*0x2B8*/     struct _PO_DIAG_STACK_RECORD* TimerResolutionStackRecord;                                                
    /*0x2BC*/     UINT8        _PADDING2_[0x4];                                                                            
              }EPROCESS, *PEPROCESS;

    Code:
    ETHREAD :
              typedef struct _ETHREAD                                              // 88 elements, 0x2B8 bytes (sizeof)  
              {                                                                                                          
    /*0x000*/     struct _KTHREAD Tcb;                                             // 114 elements, 0x200 bytes (sizeof) 
    /*0x200*/     union _LARGE_INTEGER CreateTime;                                 // 4 elements, 0x8 bytes (sizeof)     
                  union                                                            // 2 elements, 0x8 bytes (sizeof)     
                  {                                                                                                      
    /*0x208*/         union _LARGE_INTEGER ExitTime;                               // 4 elements, 0x8 bytes (sizeof)     
    /*0x208*/         struct _LIST_ENTRY KeyedWaitChain;                           // 2 elements, 0x8 bytes (sizeof)     
                  };                                                                                                     
    /*0x210*/     LONG32       ExitStatus;                                                                               
                  union                                                            // 2 elements, 0x8 bytes (sizeof)     
                  {                                                                                                      
    /*0x214*/         struct _LIST_ENTRY PostBlockList;                            // 2 elements, 0x8 bytes (sizeof)     
                      struct                                                       // 2 elements, 0x8 bytes (sizeof)     
                      {                                                                                                  
    /*0x214*/             VOID*        ForwardLinkShadow;                                                                
    /*0x218*/             VOID*        StartAddress;                                                                     
                      };                                                                                                 
                  };                                                                                                     
                  union                                                            // 3 elements, 0x4 bytes (sizeof)     
                  {                                                                                                      
    /*0x21C*/         struct _TERMINATION_PORT* TerminationPort;                                                         
    /*0x21C*/         struct _ETHREAD* ReaperLink;                                                                       
    /*0x21C*/         VOID*        KeyedWaitValue;                                                                       
                  };                                                                                                     
    /*0x220*/     ULONG32      ActiveTimerListLock;                                                                      
    /*0x224*/     struct _LIST_ENTRY ActiveTimerListHead;                          // 2 elements, 0x8 bytes (sizeof)     
    /*0x22C*/     struct _CLIENT_ID Cid;                                           // 2 elements, 0x8 bytes (sizeof)     
                  union                                                            // 2 elements, 0x14 bytes (sizeof)    
                  {                                                                                                      
    /*0x234*/         struct _KSEMAPHORE KeyedWaitSemaphore;                       // 2 elements, 0x14 bytes (sizeof)    
    /*0x234*/         struct _KSEMAPHORE AlpcWaitSemaphore;                        // 2 elements, 0x14 bytes (sizeof)    
                  };                                                                                                     
    /*0x248*/     union _PS_CLIENT_SECURITY_CONTEXT ClientSecurity;                // 4 elements, 0x4 bytes (sizeof)     
    /*0x24C*/     struct _LIST_ENTRY IrpList;                                      // 2 elements, 0x8 bytes (sizeof)     
    /*0x254*/     ULONG32      TopLevelIrp;                                                                              
    /*0x258*/     struct _DEVICE_OBJECT* DeviceToVerify;                                                                 
    /*0x25C*/     union _PSP_CPU_QUOTA_APC* CpuQuotaApc;                                                                 
    /*0x260*/     VOID*        Win32StartAddress;                                                                        
    /*0x264*/     VOID*        LegacyPowerObject;                                                                        
    /*0x268*/     struct _LIST_ENTRY ThreadListEntry;                              // 2 elements, 0x8 bytes (sizeof)     
    /*0x270*/     struct _EX_RUNDOWN_REF RundownProtect;                           // 2 elements, 0x4 bytes (sizeof)     
    /*0x274*/     struct _EX_PUSH_LOCK ThreadLock;                                 // 7 elements, 0x4 bytes (sizeof)     
    /*0x278*/     ULONG32      ReadClusterSize;                                                                          
    /*0x27C*/     LONG32       MmLockOrdering;                                                                           
                  union                                                            // 2 elements, 0x4 bytes (sizeof)     
                  {                                                                                                      
    /*0x280*/         ULONG32      CrossThreadFlags;                                                                     
                      struct                                                       // 14 elements, 0x4 bytes (sizeof)    
                      {                                                                                                  
    /*0x280*/             ULONG32      Terminated : 1;                             // 0 BitPosition                      
    /*0x280*/             ULONG32      ThreadInserted : 1;                         // 1 BitPosition                      
    /*0x280*/             ULONG32      HideFromDebugger : 1;                       // 2 BitPosition                      
    /*0x280*/             ULONG32      ActiveImpersonationInfo : 1;                // 3 BitPosition                      
    /*0x280*/             ULONG32      SystemThread : 1;                           // 4 BitPosition                      
    /*0x280*/             ULONG32      HardErrorsAreDisabled : 1;                  // 5 BitPosition                      
    /*0x280*/             ULONG32      BreakOnTermination : 1;                     // 6 BitPosition                      
    /*0x280*/             ULONG32      SkipCreationMsg : 1;                        // 7 BitPosition                      
    /*0x280*/             ULONG32      SkipTerminationMsg : 1;                     // 8 BitPosition                      
    /*0x280*/             ULONG32      CopyTokenOnOpen : 1;                        // 9 BitPosition                      
    /*0x280*/             ULONG32      ThreadIoPriority : 3;                       // 10 BitPosition                     
    /*0x280*/             ULONG32      ThreadPagePriority : 3;                     // 13 BitPosition                     
    /*0x280*/             ULONG32      RundownFail : 1;                            // 16 BitPosition                     
    /*0x280*/             ULONG32      NeedsWorkingSetAging : 1;                   // 17 BitPosition                     
                      };                                                                                                 
                  };                                                                                                     
                  union                                                            // 2 elements, 0x4 bytes (sizeof)     
                  {                                                                                                      
    /*0x284*/         ULONG32      SameThreadPassiveFlags;                                                               
                      struct                                                       // 7 elements, 0x4 bytes (sizeof)     
                      {                                                                                                  
    /*0x284*/             ULONG32      ActiveExWorker : 1;                         // 0 BitPosition                      
    /*0x284*/             ULONG32      ExWorkerCanWaitUser : 1;                    // 1 BitPosition                      
    /*0x284*/             ULONG32      MemoryMaker : 1;                            // 2 BitPosition                      
    /*0x284*/             ULONG32      ClonedThread : 1;                           // 3 BitPosition                      
    /*0x284*/             ULONG32      KeyedEventInUse : 1;                        // 4 BitPosition                      
    /*0x284*/             ULONG32      RateApcState : 2;                           // 5 BitPosition                      
    /*0x284*/             ULONG32      SelfTerminate : 1;                          // 7 BitPosition                      
                      };                                                                                                 
                  };                                                                                                     
                  union                                                            // 2 elements, 0x4 bytes (sizeof)     
                  {                                                                                                      
    /*0x288*/         ULONG32      SameThreadApcFlags;                                                                   
                      struct                                                       // 4 elements, 0x4 bytes (sizeof)     
                      {                                                                                                  
                          struct                                                   // 8 elements, 0x1 bytes (sizeof)     
                          {                                                                                              
    /*0x288*/                 UINT8        Spare : 1;                              // 0 BitPosition                      
    /*0x288*/                 UINT8        StartAddressInvalid : 1;                // 1 BitPosition                      
    /*0x288*/                 UINT8        EtwPageFaultCalloutActive : 1;          // 2 BitPosition                      
    /*0x288*/                 UINT8        OwnsProcessWorkingSetExclusive : 1;     // 3 BitPosition                      
    /*0x288*/                 UINT8        OwnsProcessWorkingSetShared : 1;        // 4 BitPosition                      
    /*0x288*/                 UINT8        OwnsSystemCacheWorkingSetExclusive : 1; // 5 BitPosition                      
    /*0x288*/                 UINT8        OwnsSystemCacheWorkingSetShared : 1;    // 6 BitPosition                      
    /*0x288*/                 UINT8        OwnsSessionWorkingSetExclusive : 1;     // 7 BitPosition                      
                          };                                                                                             
                          struct                                                   // 8 elements, 0x1 bytes (sizeof)     
                          {                                                                                              
    /*0x289*/                 UINT8        OwnsSessionWorkingSetShared : 1;        // 0 BitPosition                      
    /*0x289*/                 UINT8        OwnsProcessAddressSpaceExclusive : 1;   // 1 BitPosition                      
    /*0x289*/                 UINT8        OwnsProcessAddressSpaceShared : 1;      // 2 BitPosition                      
    /*0x289*/                 UINT8        SuppressSymbolLoad : 1;                 // 3 BitPosition                      
    /*0x289*/                 UINT8        Prefetching : 1;                        // 4 BitPosition                      
    /*0x289*/                 UINT8        OwnsDynamicMemoryShared : 1;            // 5 BitPosition                      
    /*0x289*/                 UINT8        OwnsChangeControlAreaExclusive : 1;     // 6 BitPosition                      
    /*0x289*/                 UINT8        OwnsChangeControlAreaShared : 1;        // 7 BitPosition                      
                          };                                                                                             
                          struct                                                   // 6 elements, 0x1 bytes (sizeof)     
                          {                                                                                              
    /*0x28A*/                 UINT8        OwnsPagedPoolWorkingSetExclusive : 1;   // 0 BitPosition                      
    /*0x28A*/                 UINT8        OwnsPagedPoolWorkingSetShared : 1;      // 1 BitPosition                      
    /*0x28A*/                 UINT8        OwnsSystemPtesWorkingSetExclusive : 1;  // 2 BitPosition                      
    /*0x28A*/                 UINT8        OwnsSystemPtesWorkingSetShared : 1;     // 3 BitPosition                      
    /*0x28A*/                 UINT8        TrimTrigger : 2;                        // 4 BitPosition                      
    /*0x28A*/                 UINT8        Spare1 : 2;                             // 6 BitPosition                      
                          };                                                                                             
    /*0x28B*/             UINT8        PriorityRegionActive;                                                             
                      };                                                                                                 
                  };                                                                                                     
    /*0x28C*/     UINT8        CacheManagerActive;                                                                       
    /*0x28D*/     UINT8        DisablePageFaultClustering;                                                               
    /*0x28E*/     UINT8        ActiveFaultCount;                                                                         
    /*0x28F*/     UINT8        LockOrderState;                                                                           
    /*0x290*/     ULONG32      AlpcMessageId;                                                                            
                  union                                                            // 2 elements, 0x4 bytes (sizeof)     
                  {                                                                                                      
    /*0x294*/         VOID*        AlpcMessage;                                                                          
    /*0x294*/         ULONG32      AlpcReceiveAttributeSet;                                                              
                  };                                                                                                     
    /*0x298*/     struct _LIST_ENTRY AlpcWaitListEntry;                            // 2 elements, 0x8 bytes (sizeof)     
    /*0x2A0*/     ULONG32      CacheManagerCount;                                                                        
    /*0x2A4*/     ULONG32      IoBoostCount;                                                                             
    /*0x2A8*/     ULONG32      IrpListLock;                                                                              
    /*0x2AC*/     VOID*        ReservedForSynchTracking;                                                                 
    /*0x2B0*/     struct _SINGLE_LIST_ENTRY CmCallbackListHead;                    // 1 elements, 0x4 bytes (sizeof)     
    /*0x2B4*/     UINT8        _PADDING0_[0x4];                                                                          
              }ETHREAD, *PETHREAD;
    KPROCESS :
    Code:
              typedef struct _KPROCESS                       // 34 elements, 0x98 bytes (sizeof) 
              {                                                                                  
    /*0x000*/     struct _DISPATCHER_HEADER Header;          // 30 elements, 0x10 bytes (sizeof) 
    /*0x010*/     struct _LIST_ENTRY ProfileListHead;        // 2 elements, 0x8 bytes (sizeof)   
    /*0x018*/     ULONG32      DirectoryTableBase;                                               
    /*0x01C*/     struct _KGDTENTRY LdtDescriptor;           // 3 elements, 0x8 bytes (sizeof)   
    /*0x024*/     struct _KIDTENTRY Int21Descriptor;         // 4 elements, 0x8 bytes (sizeof)   
    /*0x02C*/     struct _LIST_ENTRY ThreadListHead;         // 2 elements, 0x8 bytes (sizeof)   
    /*0x034*/     ULONG32      ProcessLock;                                                      
    /*0x038*/     struct _KAFFINITY_EX Affinity;             // 4 elements, 0xC bytes (sizeof)   
    /*0x044*/     struct _LIST_ENTRY ReadyListHead;          // 2 elements, 0x8 bytes (sizeof)   
    /*0x04C*/     struct _SINGLE_LIST_ENTRY SwapListEntry;   // 1 elements, 0x4 bytes (sizeof)   
    /*0x050*/     struct _KAFFINITY_EX ActiveProcessors;     // 4 elements, 0xC bytes (sizeof)   
                  union                                      // 2 elements, 0x4 bytes (sizeof)   
                  {                                                                              
                      struct                                 // 5 elements, 0x4 bytes (sizeof)   
                      {                                                                          
    /*0x05C*/             LONG32       AutoAlignment : 1;    // 0 BitPosition                    
    /*0x05C*/             LONG32       DisableBoost : 1;     // 1 BitPosition                    
    /*0x05C*/             LONG32       DisableQuantum : 1;   // 2 BitPosition                    
    /*0x05C*/             ULONG32      ActiveGroupsMask : 1; // 3 BitPosition                    
    /*0x05C*/             LONG32       ReservedFlags : 28;   // 4 BitPosition                    
                      };                                                                         
    /*0x05C*/         LONG32       ProcessFlags;                                                 
                  };                                                                             
    /*0x060*/     CHAR         BasePriority;                                                     
    /*0x061*/     CHAR         QuantumReset;                                                     
    /*0x062*/     UINT8        Visited;                                                          
    /*0x063*/     UINT8        Unused3;                                                          
    /*0x064*/     ULONG32      ThreadSeed[1];                                                    
    /*0x068*/     UINT16       IdealNode[1];                                                     
    /*0x06A*/     UINT16       IdealGlobalNode;                                                  
    /*0x06C*/     union _KEXECUTE_OPTIONS Flags;             // 9 elements, 0x1 bytes (sizeof)   
    /*0x06D*/     UINT8        Unused1;                                                          
    /*0x06E*/     UINT16       IopmOffset;                                                       
    /*0x070*/     ULONG32      Unused4;                                                          
    /*0x074*/     union _KSTACK_COUNT StackCount;            // 3 elements, 0x4 bytes (sizeof)   
    /*0x078*/     struct _LIST_ENTRY ProcessListEntry;       // 2 elements, 0x8 bytes (sizeof)   
    /*0x080*/     UINT64       CycleTime;                                                        
    /*0x088*/     ULONG32      KernelTime;                                                       
    /*0x08C*/     ULONG32      UserTime;                                                         
    /*0x090*/     VOID*        VdmTrapcHandler;                                                  
    /*0x094*/     UINT8        _PADDING0_[0x4];                                                  
              }KPROCESS, *PKPROCESS;

  3. #3
    KTHREAD :
    Code:
              typedef struct _KTHREAD                                 // 114 elements, 0x200 bytes (sizeof) 
              {                                                                                             
    /*0x000*/     struct _DISPATCHER_HEADER Header;                   // 30 elements, 0x10 bytes (sizeof)   
    /*0x010*/     UINT64       CycleTime;                                                                   
    /*0x018*/     ULONG32      HighCycleTime;                                                               
    /*0x01C*/     UINT8        _PADDING0_[0x4];                                                             
    /*0x020*/     UINT64       QuantumTarget;                                                               
    /*0x028*/     VOID*        InitialStack;                                                                
    /*0x02C*/     VOID*        StackLimit;                                                                  
    /*0x030*/     VOID*        KernelStack;                                                                 
    /*0x034*/     ULONG32      ThreadLock;                                                                  
    /*0x038*/     union _KWAIT_STATUS_REGISTER WaitRegister;          // 8 elements, 0x1 bytes (sizeof)     
    /*0x039*/     UINT8        Running;                                                                     
    /*0x03A*/     UINT8        Alerted[2];                                                                  
                  union                                               // 2 elements, 0x4 bytes (sizeof)     
                  {                                                                                         
                      struct                                          // 14 elements, 0x4 bytes (sizeof)    
                      {                                                                                     
    /*0x03C*/             ULONG32      KernelStackResident : 1;       // 0 BitPosition                      
    /*0x03C*/             ULONG32      ReadyTransition : 1;           // 1 BitPosition                      
    /*0x03C*/             ULONG32      ProcessReadyQueue : 1;         // 2 BitPosition                      
    /*0x03C*/             ULONG32      WaitNext : 1;                  // 3 BitPosition                      
    /*0x03C*/             ULONG32      SystemAffinityActive : 1;      // 4 BitPosition                      
    /*0x03C*/             ULONG32      Alertable : 1;                 // 5 BitPosition                      
    /*0x03C*/             ULONG32      GdiFlushActive : 1;            // 6 BitPosition                      
    /*0x03C*/             ULONG32      UserStackWalkActive : 1;       // 7 BitPosition                      
    /*0x03C*/             ULONG32      ApcInterruptRequest : 1;       // 8 BitPosition                      
    /*0x03C*/             ULONG32      ForceDeferSchedule : 1;        // 9 BitPosition                      
    /*0x03C*/             ULONG32      QuantumEndMigrate : 1;         // 10 BitPosition                     
    /*0x03C*/             ULONG32      UmsDirectedSwitchEnable : 1;   // 11 BitPosition                     
    /*0x03C*/             ULONG32      TimerActive : 1;               // 12 BitPosition                     
    /*0x03C*/             ULONG32      Reserved : 19;                 // 13 BitPosition                     
                      };                                                                                    
    /*0x03C*/         LONG32       MiscFlags;                                                               
                  };                                                                                        
                  union                                               // 2 elements, 0x18 bytes (sizeof)    
                  {                                                                                         
    /*0x040*/         struct _KAPC_STATE ApcState;                    // 5 elements, 0x18 bytes (sizeof)    
                      struct                                          // 2 elements, 0x18 bytes (sizeof)    
                      {                                                                                     
    /*0x040*/             UINT8        ApcStateFill[23];                                                    
    /*0x057*/             CHAR         Priority;                                                            
                      };                                                                                    
                  };                                                                                        
    /*0x058*/     ULONG32      NextProcessor;                                                               
    /*0x05C*/     ULONG32      DeferredProcessor;                                                           
    /*0x060*/     ULONG32      ApcQueueLock;                                                                
    /*0x064*/     ULONG32      ContextSwitches;                                                             
    /*0x068*/     UINT8        State;                                                                       
    /*0x069*/     CHAR         NpxState;                                                                    
    /*0x06A*/     UINT8        WaitIrql;                                                                    
    /*0x06B*/     CHAR         WaitMode;                                                                    
    /*0x06C*/     LONG32       WaitStatus;                                                                  
    /*0x070*/     struct _KWAIT_BLOCK* WaitBlockList;                                                       
                  union                                               // 2 elements, 0x8 bytes (sizeof)     
                  {                                                                                         
    /*0x074*/         struct _LIST_ENTRY WaitListEntry;               // 2 elements, 0x8 bytes (sizeof)     
    /*0x074*/         struct _SINGLE_LIST_ENTRY SwapListEntry;        // 1 elements, 0x4 bytes (sizeof)     
                  };                                                                                        
    /*0x07C*/     struct _KQUEUE* Queue;                                                                    
    /*0x080*/     ULONG32      WaitTime;                                                                    
                  union                                               // 2 elements, 0x4 bytes (sizeof)     
                  {                                                                                         
                      struct                                          // 2 elements, 0x4 bytes (sizeof)     
                      {                                                                                     
    /*0x084*/             INT16        KernelApcDisable;                                                    
    /*0x086*/             INT16        SpecialApcDisable;                                                   
                      };                                                                                    
    /*0x084*/         ULONG32      CombinedApcDisable;                                                      
                  };                                                                                        
    /*0x088*/     VOID*        Teb;                                                                         
    /*0x08C*/     UINT8        _PADDING1_[0x4];                                                             
    /*0x090*/     struct _KTIMER Timer;                               // 5 elements, 0x28 bytes (sizeof)    
                  union                                               // 2 elements, 0x4 bytes (sizeof)     
                  {                                                                                         
                      struct                                          // 10 elements, 0x4 bytes (sizeof)    
                      {                                                                                     
    /*0x0B8*/             ULONG32      AutoAlignment : 1;             // 0 BitPosition                      
    /*0x0B8*/             ULONG32      DisableBoost : 1;              // 1 BitPosition                      
    /*0x0B8*/             ULONG32      EtwStackTraceApc1Inserted : 1; // 2 BitPosition                      
    /*0x0B8*/             ULONG32      EtwStackTraceApc2Inserted : 1; // 3 BitPosition                      
    /*0x0B8*/             ULONG32      CalloutActive : 1;             // 4 BitPosition                      
    /*0x0B8*/             ULONG32      ApcQueueable : 1;              // 5 BitPosition                      
    /*0x0B8*/             ULONG32      EnableStackSwap : 1;           // 6 BitPosition                      
    /*0x0B8*/             ULONG32      GuiThread : 1;                 // 7 BitPosition                      
    /*0x0B8*/             ULONG32      UmsPerformingSyscall : 1;      // 8 BitPosition                      
    /*0x0B8*/             ULONG32      ReservedFlags : 23;            // 9 BitPosition                      
                      };                                                                                    
    /*0x0B8*/         LONG32       ThreadFlags;                                                             
                  };                                                                                        
    /*0x0BC*/     VOID*        ServiceTable;                                                                
    /*0x0C0*/     struct _KWAIT_BLOCK WaitBlock[4];                                                         
    /*0x120*/     struct _LIST_ENTRY QueueListEntry;                  // 2 elements, 0x8 bytes (sizeof)     
    /*0x128*/     struct _KTRAP_FRAME* TrapFrame;                                                           
    /*0x12C*/     VOID*        FirstArgument;                                                               
                  union                                               // 2 elements, 0x4 bytes (sizeof)     
                  {                                                                                         
    /*0x130*/         VOID*        CallbackStack;                                                           
    /*0x130*/         ULONG32      CallbackDepth;                                                           
                  };                                                                                        
    /*0x134*/     UINT8        ApcStateIndex;                                                               
    /*0x135*/     CHAR         BasePriority;                                                                
                  union                                               // 2 elements, 0x1 bytes (sizeof)     
                  {                                                                                         
    /*0x136*/         CHAR         PriorityDecrement;                                                       
                      struct                                          // 2 elements, 0x1 bytes (sizeof)     
                      {                                                                                     
    /*0x136*/             UINT8        ForegroundBoost : 4;           // 0 BitPosition                      
    /*0x136*/             UINT8        UnusualBoost : 4;              // 4 BitPosition                      
                      };                                                                                    
                  };                                                                                        
    /*0x137*/     UINT8        Preempted;                                                                   
    /*0x138*/     UINT8        AdjustReason;                                                                
    /*0x139*/     CHAR         AdjustIncrement;                                                             
    /*0x13A*/     CHAR         PreviousMode;                                                                
    /*0x13B*/     CHAR         Saturation;                                                                  
    /*0x13C*/     ULONG32      SystemCallNumber;                                                            
    /*0x140*/     ULONG32      FreezeCount;                                                                 
    /*0x144*/     struct _GROUP_AFFINITY UserAffinity;                // 3 elements, 0xC bytes (sizeof)     
    /*0x150*/     struct _KPROCESS* Process;                                                                
    /*0x154*/     struct _GROUP_AFFINITY Affinity;                    // 3 elements, 0xC bytes (sizeof)     
    /*0x160*/     ULONG32      IdealProcessor;                                                              
    /*0x164*/     ULONG32      UserIdealProcessor;                                                          
    /*0x168*/     struct _KAPC_STATE* ApcStatePointer[2];                                                   
                  union                                               // 2 elements, 0x18 bytes (sizeof)    
                  {                                                                                         
    /*0x170*/         struct _KAPC_STATE SavedApcState;               // 5 elements, 0x18 bytes (sizeof)    
                      struct                                          // 2 elements, 0x18 bytes (sizeof)    
                      {                                                                                     
    /*0x170*/             UINT8        SavedApcStateFill[23];                                               
    /*0x187*/             UINT8        WaitReason;                                                          
                      };                                                                                    
                  };                                                                                        
    /*0x188*/     CHAR         SuspendCount;                                                                
    /*0x189*/     CHAR         Spare1;                                                                      
    /*0x18A*/     UINT8        OtherPlatformFill;                                                           
    /*0x18B*/     UINT8        _PADDING2_[0x1];                                                             
    /*0x18C*/     VOID*        Win32Thread;                                                                 
    /*0x190*/     VOID*        StackBase;                                                                   
                  union                                               // 7 elements, 0x30 bytes (sizeof)    
                  {                                                                                         
    /*0x194*/         struct _KAPC SuspendApc;                        // 16 elements, 0x30 bytes (sizeof)   
                      struct                                          // 2 elements, 0x30 bytes (sizeof)    
                      {                                                                                     
    /*0x194*/             UINT8        SuspendApcFill0[1];                                                  
    /*0x195*/             UINT8        ResourceIndex;                                                       
    /*0x196*/             UINT8        _PADDING3_[0x2E];                                                    
                      };                                                                                    
                      struct                                          // 2 elements, 0x30 bytes (sizeof)    
                      {                                                                                     
    /*0x194*/             UINT8        SuspendApcFill1[3];                                                  
    /*0x197*/             UINT8        QuantumReset;                                                        
    /*0x198*/             UINT8        _PADDING4_[0x2C];                                                    
                      };                                                                                    
                      struct                                          // 2 elements, 0x30 bytes (sizeof)    
                      {                                                                                     
    /*0x194*/             UINT8        SuspendApcFill2[4];                                                  
    /*0x198*/             ULONG32      KernelTime;                                                          
    /*0x19C*/             UINT8        _PADDING5_[0x28];                                                    
                      };                                                                                    
                      struct                                          // 2 elements, 0x30 bytes (sizeof)    
                      {                                                                                     
    /*0x194*/             UINT8        SuspendApcFill3[36];                                                 
    /*0x1B8*/             struct _KPRCB* WaitPrcb;                                                          
    /*0x1BC*/             UINT8        _PADDING6_[0x8];                                                     
                      };                                                                                    
                      struct                                          // 2 elements, 0x30 bytes (sizeof)    
                      {                                                                                     
    /*0x194*/             UINT8        SuspendApcFill4[40];                                                 
    /*0x1BC*/             VOID*        LegoData;                                                            
    /*0x1C0*/             UINT8        _PADDING7_[0x4];                                                     
                      };                                                                                    
                      struct                                          // 2 elements, 0x30 bytes (sizeof)    
                      {                                                                                     
    /*0x194*/             UINT8        SuspendApcFill5[47];                                                 
    /*0x1C3*/             UINT8        LargeStack;                                                          
                      };                                                                                    
                  };                                                                                        
    /*0x1C4*/     ULONG32      UserTime;                                                                    
                  union                                               // 2 elements, 0x14 bytes (sizeof)    
                  {                                                                                         
    /*0x1C8*/         struct _KSEMAPHORE SuspendSemaphore;            // 2 elements, 0x14 bytes (sizeof)    
    /*0x1C8*/         UINT8        SuspendSemaphorefill[20];                                                
                  };                                                                                        
    /*0x1DC*/     ULONG32      SListFaultCount;                                                             
    /*0x1E0*/     struct _LIST_ENTRY ThreadListEntry;                 // 2 elements, 0x8 bytes (sizeof)     
    /*0x1E8*/     struct _LIST_ENTRY MutantListHead;                  // 2 elements, 0x8 bytes (sizeof)     
    /*0x1F0*/     VOID*        SListFaultAddress;                                                           
    /*0x1F4*/     struct _KTHREAD_COUNTERS* ThreadCounters;                                                 
    /*0x1F8*/     struct _XSTATE_SAVE* XStateSave;                                                          
    /*0x1FC*/     UINT8        _PADDING8_[0x4];                                                             
              }KTHREAD, *PKTHREAD;

  4. #4
    KPRCB :
    Code:
               typedef struct _KPRCB                                                   // 245 elements, 0x3628 bytes (sizeof) 
               {                                                                                                              
    /*0x000*/      UINT16       MinorVersion;                                                                                 
    /*0x002*/      UINT16       MajorVersion;                                                                                 
    /*0x004*/      struct _KTHREAD* CurrentThread;                                                                            
    /*0x008*/      struct _KTHREAD* NextThread;                                                                               
    /*0x00C*/      struct _KTHREAD* IdleThread;                                                                               
    /*0x010*/      UINT8        LegacyNumber;                                                                                 
    /*0x011*/      UINT8        NestingLevel;                                                                                 
    /*0x012*/      UINT16       BuildType;                                                                                    
    /*0x014*/      CHAR         CpuType;                                                                                      
    /*0x015*/      CHAR         CpuID;                                                                                        
                   union                                                               // 2 elements, 0x2 bytes (sizeof)      
                   {                                                                                                          
    /*0x016*/          UINT16       CpuStep;                                                                                  
                       struct                                                          // 2 elements, 0x2 bytes (sizeof)      
                       {                                                                                                      
    /*0x016*/              UINT8        CpuStepping;                                                                          
    /*0x017*/              UINT8        CpuModel;                                                                             
                       };                                                                                                     
                   };                                                                                                         
    /*0x018*/      struct _KPROCESSOR_STATE ProcessorState;                            // 2 elements, 0x320 bytes (sizeof)    
    /*0x338*/      ULONG32      KernelReserved[16];                                                                           
    /*0x378*/      ULONG32      HalReserved[16];                                                                              
    /*0x3B8*/      ULONG32      CFlushSize;                                                                                   
    /*0x3BC*/      UINT8        CoresPerPhysicalProcessor;                                                                    
    /*0x3BD*/      UINT8        LogicalProcessorsPerCore;                                                                     
    /*0x3BE*/      UINT8        PrcbPad0[2];                                                                                  
    /*0x3C0*/      ULONG32      MHz;                                                                                          
    /*0x3C4*/      UINT8        CpuVendor;                                                                                    
    /*0x3C5*/      UINT8        GroupIndex;                                                                                   
    /*0x3C6*/      UINT16       Group;                                                                                        
    /*0x3C8*/      ULONG32      GroupSetMember;                                                                               
    /*0x3CC*/      ULONG32      Number;                                                                                       
    /*0x3D0*/      UINT8        PrcbPad1[72];                                                                                 
    /*0x418*/      struct _KSPIN_LOCK_QUEUE LockQueue[17];                                                                    
    /*0x4A0*/      struct _KTHREAD* NpxThread;                                                                                
    /*0x4A4*/      ULONG32      InterruptCount;                                                                               
    /*0x4A8*/      ULONG32      KernelTime;                                                                                   
    /*0x4AC*/      ULONG32      UserTime;                                                                                     
    /*0x4B0*/      ULONG32      DpcTime;                                                                                      
    /*0x4B4*/      ULONG32      DpcTimeCount;                                                                                 
    /*0x4B8*/      ULONG32      InterruptTime;                                                                                
    /*0x4BC*/      ULONG32      AdjustDpcThreshold;                                                                           
    /*0x4C0*/      ULONG32      PageColor;                                                                                    
    /*0x4C4*/      UINT8        DebuggerSavedIRQL;                                                                            
    /*0x4C5*/      UINT8        NodeColor;                                                                                    
    /*0x4C6*/      UINT8        PrcbPad20[2];                                                                                 
    /*0x4C8*/      ULONG32      NodeShiftedColor;                                                                             
    /*0x4CC*/      struct _KNODE* ParentNode;                                                                                 
    /*0x4D0*/      ULONG32      SecondaryColorMask;                                                                           
    /*0x4D4*/      ULONG32      DpcTimeLimit;                                                                                 
    /*0x4D8*/      ULONG32      PrcbPad21[2];                                                                                 
    /*0x4E0*/      ULONG32      CcFastReadNoWait;                                                                             
    /*0x4E4*/      ULONG32      CcFastReadWait;                                                                               
    /*0x4E8*/      ULONG32      CcFastReadNotPossible;                                                                        
    /*0x4EC*/      ULONG32      CcCopyReadNoWait;                                                                             
    /*0x4F0*/      ULONG32      CcCopyReadWait;                                                                               
    /*0x4F4*/      ULONG32      CcCopyReadNoWaitMiss;                                                                         
    /*0x4F8*/      LONG32       MmSpinLockOrdering;                                                                           
    /*0x4FC*/      LONG32       IoReadOperationCount;                                                                         
    /*0x500*/      LONG32       IoWriteOperationCount;                                                                        
    /*0x504*/      LONG32       IoOtherOperationCount;                                                                        
    /*0x508*/      union _LARGE_INTEGER IoReadTransferCount;                           // 4 elements, 0x8 bytes (sizeof)      
    /*0x510*/      union _LARGE_INTEGER IoWriteTransferCount;                          // 4 elements, 0x8 bytes (sizeof)      
    /*0x518*/      union _LARGE_INTEGER IoOtherTransferCount;                          // 4 elements, 0x8 bytes (sizeof)      
    /*0x520*/      ULONG32      CcFastMdlReadNoWait;                                                                          
    /*0x524*/      ULONG32      CcFastMdlReadWait;                                                                            
    /*0x528*/      ULONG32      CcFastMdlReadNotPossible;                                                                     
    /*0x52C*/      ULONG32      CcMapDataNoWait;                                                                              
    /*0x530*/      ULONG32      CcMapDataWait;                                                                                
    /*0x534*/      ULONG32      CcPinMappedDataCount;                                                                         
    /*0x538*/      ULONG32      CcPinReadNoWait;                                                                              
    /*0x53C*/      ULONG32      CcPinReadWait;                                                                                
    /*0x540*/      ULONG32      CcMdlReadNoWait;                                                                              
    /*0x544*/      ULONG32      CcMdlReadWait;                                                                                
    /*0x548*/      ULONG32      CcLazyWriteHotSpots;                                                                          
    /*0x54C*/      ULONG32      CcLazyWriteIos;                                                                               
    /*0x550*/      ULONG32      CcLazyWritePages;                                                                             
    /*0x554*/      ULONG32      CcDataFlushes;                                                                                
    /*0x558*/      ULONG32      CcDataPages;                                                                                  
    /*0x55C*/      ULONG32      CcLostDelayedWrites;                                                                          
    /*0x560*/      ULONG32      CcFastReadResourceMiss;                                                                       
    /*0x564*/      ULONG32      CcCopyReadWaitMiss;                                                                           
    /*0x568*/      ULONG32      CcFastMdlReadResourceMiss;                                                                    
    /*0x56C*/      ULONG32      CcMapDataNoWaitMiss;                                                                          
    /*0x570*/      ULONG32      CcMapDataWaitMiss;                                                                            
    /*0x574*/      ULONG32      CcPinReadNoWaitMiss;                                                                          
    /*0x578*/      ULONG32      CcPinReadWaitMiss;                                                                            
    /*0x57C*/      ULONG32      CcMdlReadNoWaitMiss;                                                                          
    /*0x580*/      ULONG32      CcMdlReadWaitMiss;                                                                            
    /*0x584*/      ULONG32      CcReadAheadIos;                                                                               
    /*0x588*/      ULONG32      KeAlignmentFixupCount;                                                                        
    /*0x58C*/      ULONG32      KeExceptionDispatchCount;                                                                     
    /*0x590*/      ULONG32      KeSystemCalls;                                                                                
    /*0x594*/      ULONG32      AvailableTime;                                                                                
    /*0x598*/      ULONG32      PrcbPad22[2];                                                                                 
    /*0x5A0*/      struct _PP_LOOKASIDE_LIST PPLookasideList[16];                                                             
    /*0x620*/      struct _GENERAL_LOOKASIDE_POOL PPNPagedLookasideList[32];                                                  
    /*0xF20*/      struct _GENERAL_LOOKASIDE_POOL PPPagedLookasideList[32];                                                   
    /*0x1820*/     ULONG32      PacketBarrier;                                                                                
    /*0x1824*/     LONG32       ReverseStall;                                                                                 
    /*0x1828*/     VOID*        IpiFrame;                                                                                     
    /*0x182C*/     UINT8        PrcbPad3[52];                                                                                 
    /*0x1860*/     VOID*        CurrentPacket[3];                                                                             
    /*0x186C*/     ULONG32      TargetSet;                                                                                    
    /*0x1870*/     FUNCT_00A4_0668_WorkerRoutine* WorkerRoutine;                                                              
    /*0x1874*/     ULONG32      IpiFrozen;                                                                                    
    /*0x1878*/     UINT8        PrcbPad4[40];                                                                                 
    /*0x18A0*/     ULONG32      RequestSummary;                                                                               
    /*0x18A4*/     struct _KPRCB* SignalDone;                                                                                 
    /*0x18A8*/     UINT8        PrcbPad50[56];                                                                                
    /*0x18E0*/     struct _KDPC_DATA DpcData[2];                                                                              
    /*0x1908*/     VOID*        DpcStack;                                                                                     
    /*0x190C*/     LONG32       MaximumDpcQueueDepth;                                                                         
    /*0x1910*/     ULONG32      DpcRequestRate;                                                                               
    /*0x1914*/     ULONG32      MinimumDpcRate;                                                                               
    /*0x1918*/     ULONG32      DpcLastCount;                                                                                 
    /*0x191C*/     ULONG32      PrcbLock;                                                                                     
    /*0x1920*/     struct _KGATE DpcGate;                                              // 1 elements, 0x10 bytes (sizeof)     
    /*0x1930*/     UINT8        ThreadDpcEnable;                                                                              
    /*0x1931*/     UINT8        QuantumEnd;                                                                                   
    /*0x1932*/     UINT8        DpcRoutineActive;                                                                             
    /*0x1933*/     UINT8        IdleSchedule;                                                                                 
                   union                                                               // 3 elements, 0x4 bytes (sizeof)      
                   {                                                                                                          
    /*0x1934*/         LONG32       DpcRequestSummary;                                                                        
    /*0x1934*/         INT16        DpcRequestSlot[2];                                                                        
                       struct                                                          // 2 elements, 0x4 bytes (sizeof)      
                       {                                                                                                      
    /*0x1934*/             INT16        NormalDpcState;                                                                       
                           union                                                       // 2 elements, 0x2 bytes (sizeof)      
                           {                                                                                                  
    /*0x1936*/                 UINT16       DpcThreadActive : 1;                       // 0 BitPosition                       
    /*0x1936*/                 INT16        ThreadDpcState;                                                                   
                           };                                                                                                 
                       };                                                                                                     
                   };                                                                                                         
    /*0x1938*/     ULONG32      TimerHand;                                                                                    
    /*0x193C*/     ULONG32      LastTick;                                                                                     
    /*0x1940*/     LONG32       MasterOffset;                                                                                 
    /*0x1944*/     ULONG32      PrcbPad41[2];                                                                                 
    /*0x194C*/     ULONG32      PeriodicCount;                                                                                
    /*0x1950*/     ULONG32      PeriodicBias;                                                                                 
    /*0x1954*/     UINT8        _PADDING0_[0x4];                                                                              
    /*0x1958*/     UINT64       TickOffset;                                                                                   
    /*0x1960*/     struct _KTIMER_TABLE TimerTable;                                    // 2 elements, 0x1840 bytes (sizeof)   
    /*0x31A0*/     struct _KDPC CallDpc;                                               // 9 elements, 0x20 bytes (sizeof)     
    /*0x31C0*/     LONG32       ClockKeepAlive;                                                                               
    /*0x31C4*/     UINT8        ClockCheckSlot;                                                                               
    /*0x31C5*/     UINT8        ClockPollCycle;                                                                               
    /*0x31C6*/     UINT8        PrcbPad6[2];                                                                                  
    /*0x31C8*/     LONG32       DpcWatchdogPeriod;                                                                            
    /*0x31CC*/     LONG32       DpcWatchdogCount;                                                                             
    /*0x31D0*/     LONG32       ThreadWatchdogPeriod;                                                                         
    /*0x31D4*/     LONG32       ThreadWatchdogCount;                                                                          
    /*0x31D8*/     LONG32       KeSpinLockOrdering;                                                                           
    /*0x31DC*/     ULONG32      PrcbPad70[1];                                                                                 
    /*0x31E0*/     struct _LIST_ENTRY WaitListHead;                                    // 2 elements, 0x8 bytes (sizeof)      
    /*0x31E8*/     ULONG32      WaitLock;                                                                                     
    /*0x31EC*/     ULONG32      ReadySummary;                                                                                 
    /*0x31F0*/     ULONG32      QueueIndex;                                                                                   
    /*0x31F4*/     struct _SINGLE_LIST_ENTRY DeferredReadyListHead;                    // 1 elements, 0x4 bytes (sizeof)      
    /*0x31F8*/     UINT64       StartCycles;                                                                                  
    /*0x3200*/     UINT64       CycleTime;                                                                                    
    /*0x3208*/     ULONG32      HighCycleTime;                                                                                
    /*0x320C*/     ULONG32      PrcbPad71;                                                                                    
    /*0x3210*/     UINT64       PrcbPad72[2];                                                                                 
    /*0x3220*/     struct _LIST_ENTRY DispatcherReadyListHead[32];                                                            
    /*0x3320*/     VOID*        ChainedInterruptList;                                                                         
    /*0x3324*/     LONG32       LookasideIrpFloat;                                                                            
    /*0x3328*/     LONG32       MmPageFaultCount;                                                                             
    /*0x332C*/     LONG32       MmCopyOnWriteCount;                                                                           
    /*0x3330*/     LONG32       MmTransitionCount;                                                                            
    /*0x3334*/     LONG32       MmCacheTransitionCount;                                                                       
    /*0x3338*/     LONG32       MmDemandZeroCount;                                                                            
    /*0x333C*/     LONG32       MmPageReadCount;                                                                              
    /*0x3340*/     LONG32       MmPageReadIoCount;                                                                            
    /*0x3344*/     LONG32       MmCacheReadCount;                                                                             
    /*0x3348*/     LONG32       MmCacheIoCount;                                                                               
    /*0x334C*/     LONG32       MmDirtyPagesWriteCount;                                                                       
    /*0x3350*/     LONG32       MmDirtyWriteIoCount;                                                                          
    /*0x3354*/     LONG32       MmMappedPagesWriteCount;                                                                      
    /*0x3358*/     LONG32       MmMappedWriteIoCount;                                                                         
    /*0x335C*/     ULONG32      CachedCommit;                                                                                 
    /*0x3360*/     ULONG32      CachedResidentAvailable;                                                                      
    /*0x3364*/     VOID*        HyperPte;                                                                                     
    /*0x3368*/     UINT8        PrcbPad8[4];                                                                                  
    /*0x336C*/     UINT8        VendorString[13];                                                                             
    /*0x3379*/     UINT8        InitialApicId;                                                                                
    /*0x337A*/     UINT8        LogicalProcessorsPerPhysicalProcessor;                                                        
    /*0x337B*/     UINT8        PrcbPad9[5];                                                                                  
    /*0x3380*/     ULONG32      FeatureBits;                                                                                  
    /*0x3384*/     UINT8        _PADDING1_[0x4];                                                                              
    /*0x3388*/     union _LARGE_INTEGER UpdateSignature;                               // 4 elements, 0x8 bytes (sizeof)      
    /*0x3390*/     UINT64       IsrTime;                                                                                      
    /*0x3398*/     UINT64       RuntimeAccumulation;                                                                          
    /*0x33A0*/     struct _PROCESSOR_POWER_STATE PowerState;                           // 27 elements, 0xC8 bytes (sizeof)    
    /*0x3468*/     struct _KDPC DpcWatchdogDpc;                                        // 9 elements, 0x20 bytes (sizeof)     
    /*0x3488*/     struct _KTIMER DpcWatchdogTimer;                                    // 5 elements, 0x28 bytes (sizeof)     
    /*0x34B0*/     VOID*        WheaInfo;                                                                                     
    /*0x34B4*/     VOID*        EtwSupport;                                                                                   
    /*0x34B8*/     union _SLIST_HEADER InterruptObjectPool;                            // 4 elements, 0x8 bytes (sizeof)      
    /*0x34C0*/     union _SLIST_HEADER HypercallPageList;                              // 4 elements, 0x8 bytes (sizeof)      
    /*0x34C8*/     VOID*        HypercallPageVirtual;                                                                         
    /*0x34CC*/     VOID*        VirtualApicAssist;                                                                            
    /*0x34D0*/     UINT64*      StatisticsPage;                                                                               
    /*0x34D4*/     VOID*        RateControl;                                                                                  
    /*0x34D8*/     struct _CACHE_DESCRIPTOR Cache[5];                                                                         
    /*0x3514*/     ULONG32      CacheCount;                                                                                   
    /*0x3518*/     ULONG32      CacheProcessorMask[5];                                                                        
    /*0x352C*/     struct _KAFFINITY_EX PackageProcessorSet;                           // 4 elements, 0xC bytes (sizeof)      
    /*0x3538*/     ULONG32      PrcbPad91[1];                                                                                 
    /*0x353C*/     ULONG32      CoreProcessorSet;                                                                             
    /*0x3540*/     struct _KDPC TimerExpirationDpc;                                    // 9 elements, 0x20 bytes (sizeof)     
    /*0x3560*/     ULONG32      SpinLockAcquireCount;                                                                         
    /*0x3564*/     ULONG32      SpinLockContentionCount;                                                                      
    /*0x3568*/     ULONG32      SpinLockSpinCount;                                                                            
    /*0x356C*/     ULONG32      IpiSendRequestBroadcastCount;                                                                 
    /*0x3570*/     ULONG32      IpiSendRequestRoutineCount;                                                                   
    /*0x3574*/     ULONG32      IpiSendSoftwareInterruptCount;                                                                
    /*0x3578*/     ULONG32      ExInitializeResourceCount;                                                                    
    /*0x357C*/     ULONG32      ExReInitializeResourceCount;                                                                  
    /*0x3580*/     ULONG32      ExDeleteResourceCount;                                                                        
    /*0x3584*/     ULONG32      ExecutiveResourceAcquiresCount;                                                               
    /*0x3588*/     ULONG32      ExecutiveResourceContentionsCount;                                                            
    /*0x358C*/     ULONG32      ExecutiveResourceReleaseExclusiveCount;                                                       
    /*0x3590*/     ULONG32      ExecutiveResourceReleaseSharedCount;                                                          
    /*0x3594*/     ULONG32      ExecutiveResourceConvertsCount;                                                               
    /*0x3598*/     ULONG32      ExAcqResExclusiveAttempts;                                                                    
    /*0x359C*/     ULONG32      ExAcqResExclusiveAcquiresExclusive;                                                           
    /*0x35A0*/     ULONG32      ExAcqResExclusiveAcquiresExclusiveRecursive;                                                  
    /*0x35A4*/     ULONG32      ExAcqResExclusiveWaits;                                                                       
    /*0x35A8*/     ULONG32      ExAcqResExclusiveNotAcquires;                                                                 
    /*0x35AC*/     ULONG32      ExAcqResSharedAttempts;                                                                       
    /*0x35B0*/     ULONG32      ExAcqResSharedAcquiresExclusive;                                                              
    /*0x35B4*/     ULONG32      ExAcqResSharedAcquiresShared;                                                                 
    /*0x35B8*/     ULONG32      ExAcqResSharedAcquiresSharedRecursive;                                                        
    /*0x35BC*/     ULONG32      ExAcqResSharedWaits;                                                                          
    /*0x35C0*/     ULONG32      ExAcqResSharedNotAcquires;                                                                    
    /*0x35C4*/     ULONG32      ExAcqResSharedStarveExclusiveAttempts;                                                        
    /*0x35C8*/     ULONG32      ExAcqResSharedStarveExclusiveAcquiresExclusive;                                               
    /*0x35CC*/     ULONG32      ExAcqResSharedStarveExclusiveAcquiresShared;                                                  
    /*0x35D0*/     ULONG32      ExAcqResSharedStarveExclusiveAcquiresSharedRecursive;                                         
    /*0x35D4*/     ULONG32      ExAcqResSharedStarveExclusiveWaits;                                                           
    /*0x35D8*/     ULONG32      ExAcqResSharedStarveExclusiveNotAcquires;                                                     
    /*0x35DC*/     ULONG32      ExAcqResSharedWaitForExclusiveAttempts;                                                       
    /*0x35E0*/     ULONG32      ExAcqResSharedWaitForExclusiveAcquiresExclusive;                                              
    /*0x35E4*/     ULONG32      ExAcqResSharedWaitForExclusiveAcquiresShared;                                                 
    /*0x35E8*/     ULONG32      ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive;                                        
    /*0x35EC*/     ULONG32      ExAcqResSharedWaitForExclusiveWaits;                                                          
    /*0x35F0*/     ULONG32      ExAcqResSharedWaitForExclusiveNotAcquires;                                                    
    /*0x35F4*/     ULONG32      ExSetResOwnerPointerExclusive;                                                                
    /*0x35F8*/     ULONG32      ExSetResOwnerPointerSharedNew;                                                                
    /*0x35FC*/     ULONG32      ExSetResOwnerPointerSharedOld;                                                                
    /*0x3600*/     ULONG32      ExTryToAcqExclusiveAttempts;                                                                  
    /*0x3604*/     ULONG32      ExTryToAcqExclusiveAcquires;                                                                  
    /*0x3608*/     ULONG32      ExBoostExclusiveOwner;                                                                        
    /*0x360C*/     ULONG32      ExBoostSharedOwners;                                                                          
    /*0x3610*/     ULONG32      ExEtwSynchTrackingNotificationsCount;                                                         
    /*0x3614*/     ULONG32      ExEtwSynchTrackingNotificationsAccountedCount;                                                
    /*0x3618*/     struct _CONTEXT* Context;                                                                                  
    /*0x361C*/     ULONG32      ContextFlags;                                                                                 
    /*0x3620*/     struct _XSAVE_AREA* ExtendedState;                                                                         
    /*0x3624*/     UINT8        _PADDING2_[0x4];                                                                              
               }KPRCB, *PKPRCB;

Similar Threads

  1. Rebootless Windows Updates (Ksplice for Windows) and AutoDiff
    By Piotr Bania Chronicles in forum Blogs Forum
    Replies: 0
    Last Post: December 30th, 2010, 09:17
  2. Windows Windows Debuging Tools 6.8.4.0
    By JMI in forum Tools of Our Trade (TOT) Messageboard
    Replies: 0
    Last Post: October 20th, 2007, 15:08
  3. Windows.h
    By Swimmer in forum Off Topic
    Replies: 10
    Last Post: September 3rd, 2007, 17:54
  4. x64 Windows
    By bruffellz in forum OllyDbg Support Forums
    Replies: 6
    Last Post: September 4th, 2006, 22:31
  5. Changing a Windows XP software to run under Windows NT
    By peterg70 in forum The Newbie Forum
    Replies: 2
    Last Post: April 26th, 2004, 06:04

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •