GetHotkeys 通过驱动获取系统热键 [ 顺便写了 SSDT + Shadow SSDT ]

ssdt sssdt 表结构，一看就知道不多说啦  源码下载   GetHotkeys_sys_src.7z

// 0xBF9B0BD8 the is ghkFirst homeXP SP3 long pSSDTShadow_offset_gphkFirst = 0xBF9B0BD8; long ptr_gphkFirst = *((long*)pSSDTShadow_offset_gphkFirst); DbgPrint ( "SSDTShadow_offset_gphkFirst = [%08X] -> %08X offset = %X <-- win32k.sys globle variable", pSSDTShadow_offset_gphkFirst, ptr_gphkFirst, pSSDTShadow_offset_gphkFirst - pSSDTShadow_W32pST_new ); PHOT_KEY_ITEM phki=(PHOT_KEY_ITEM)(ptr_gphkFirst); _PETHREAD pet = (_PETHREAD)(phki->Thread); DbgPrint("===ETHREAD=== size=[%d] %c",sizeof(ETHREAD),*((char*)(pet+0x220)+0x174) ); //find 0x86D7AA98 DbgPrint("===KTHREAD=== size=[%d]",sizeof(KTHREAD)); int iCount = 0; while(phki != NULL) { iCount ++; sprintf( ptrMe,"%02d.[%08X] T:%08X S:%08X M:%08X V:%02X I:%08X N:%08X\r\n", iCount, phki, phki->Thread, phki->spwnd, phki->fsModifiers, phki->vk, phki->id, phki->phkNext); DbgPrint ( ptrMe ); strcat( strGetHotKeys , ptrMe ); phki=(PHOT_KEY_ITEM)(phki->phkNext); } 运行结果 00000003 0.00005839 PEPROCESS = [8214F020] ImageFileName = [_testDriver1.ex] Version = 3.0 00000004 0.00006844 KeServiceDescriptorTable = [80563520] <-- SSDT 00000005 0.00007934 ->ServiceTableBase = [804E58D0] -> [805893DB] 00000006 0.00008660 ->ServiceCounterTable = 0 00000007 0.00009443 ->NumberOfServices = 284 00000008 0.00010337 ->ParamTableBase = [80512184] 00000009 0.00011538 0 0x0000.[804E58D0] = 805893DB - ZwAcceptConnectPort 00000010 0.00012711 1 0x0001.[804E58D4] = 80580556 - ZwAccessCheck 00000011 0.00013884 2 0x0002.[804E58D8] = 80598BD1 - ZwAccessCheckAndAuditAlarm 00000012 0.00015030 3 0x0003.[804E58DC] = 805915E4 - ZwAccessCheckByType 00000013 0.00016259 4 0x0004.[804E58E0] = 80598C58 - ZwAccessCheckByTypeAndAuditAlarm 00000014 0.00017460 5 0x0005.[804E58E4] = 806418A0 - ZwAccessCheckByTypeResultList 00000015 0.00018745 6 0x0006.[804E58E8] = 80643A31 - ZwAccessCheckByTypeResultListAndAuditAlarm 00000016 0.00020058 7 0x0007.[804E58EC] = 80643A7A - ZwAccessCheckByTypeResultListAndAuditAlarmByHandle 00000017 0.00021148 8 0x0008.[804E58F0] = 8057D022 - ZwAddAtom 00000018 0.00022349 9 0x0009.[804E58F4] = 8065193F - ZwAddBootEntry 00000019 0.00023523 10 0x000A.[804E58F8] = 8064105F - ZwAdjustGroupsToken 00000020 0.00024640 11 0x000B.[804E58FC] = 80598423 - ZwAdjustPrivilegesToken 00000021 0.00025785 12 0x000C.[804E5900] = 80638C26 - ZwAlertResumeThread 00000022 0.00026875 13 0x000D.[804E5904] = 80593EFA - ZwAlertThread 00000023 0.00028048 14 0x000E.[804E5908] = 80592D3E - ZwAllocateLocallyUniqueId 00000024 0.00029194 15 0x000F.[804E590C] = 8062F86A - ZwAllocateUserPhysicalPages 00000025 0.00030339 16 0x0010.[804E5910] = 805E10D1 - ZwAllocateUuids 00000026 0.00031540 17 0x0011.[804E5914] = 80571BC5 - ZwAllocateVirtualMemory 00000027 0.00032742 18 0x0012.[804E5918] = 805E1D36 - ZwAreMappedFilesTheSame 00000028 0.00033943 19 0x0013.[804E591C] = 805E2DDB - ZwAssignProcessToJobObject 00000029 0.00035116 20 0x0014.[804E5920] = 804E5EE4 - ZwCallbackReturn 00000030 0.00036345 21 0x0015.[804E5924] = 8065192B - ZwCancelDeviceWakeupRequest 00000031 0.00037435 22 0x0016.[804E5928] = 805D4DBF - ZwCancelIoFile 00000032 0.00038441 23 0x0017.[804E592C] = 804ECBD7 - ZwCancelTimer 00000033 0.00039502 24 0x0018.[804E5930] = 805716C3 - ZwClearEvent 00000034 0.00040508 25 0x0019.[804E5934] = 805708D7 - ZwClose 00000035 0.00041793 26 0x001A.[804E5938] = 80598801 - ZwCloseObjectAuditAlarm 00000036 0.00042827 27 0x001B.[804E593C] = 80657A8C - ZwCompactKeys 00000037 0.00044168 28 0x001C.[804E5940] = 80592856 - ZwCompareTokens 00000038 0.00045453 29 0x001D.[804E5944] = 80591160 - ZwCompleteConnectPort 00000039 0.00046514 30 0x001E.[804E5948] = 80657CFB - ZwCompressKey 00000040 0.00047688 31 0x001F.[804E594C] = 80591C5B - ZwConnectPort 00000041 0.00048721 32 0x0020.[804E5950] = 804E223F - ZwContinue 00000042 0.00050118 33 0x0021.[804E5954] = 8066313E - ZwCreateDebugObject 00000043 0.00051347 34 0x0022.[804E5958] = 805B1ECB - ZwCreateDirectoryObject 00000044 0.00052437 35 0x0023.[804E595C] = 805754F6 - ZwCreateEvent 00000045 0.00053470 36 0x0024.[804E5960] = 80651F90 - ZwCreateEventPair 00000046 0.00054532 37 0x0025.[804E5964] = 80574DFB - ZwCreateFile 00000047 0.00055705 38 0x0026.[804E5968] = 805E57BB - ZwCreateIoCompletion 00000048 0.00056879 39 0x0027.[804E596C] = 805DE62E - ZwCreateJobObject 00000049 0.00058164 40 0x0028.[804E5970] = 806390CF - ZwCreateJobSet 00000050 0.00059449 41 0x0029.[804E5974] = 80579ABE - ZwCreateKey 00000051 0.00060566 42 0x002A.[804E5978] = 805DF7D7 - ZwCreateMailslotFile 00000052 0.00061740 43 0x002B.[804E597C] = 80581B62 - ZwCreateMutant 00000053 0.00062913 44 0x002C.[804E5980] = 80589DC2 - ZwCreateNamedPipeFile 00000054 0.00064198 45 0x002D.[804E5984] = 805BCECF - ZwCreatePagingFile 00000055 0.00065399 46 0x002E.[804E5988] = 8059CFA8 - ZwCreatePort 00000056 0.00066517 47 0x002F.[804E598C] = 805B8BF5 - ZwCreateProcess 00000057 0.00067662 48 0x0030.[804E5990] = 8058C7F4 - ZwCreateProcessEx 00000058 0.00068808 49 0x0031.[804E5994] = 806525C7 - ZwCreateProfile 00000059 0.00069897 50 0x0032.[804E5998] = 8056EB66 - ZwCreateSection 00000060 0.00071070 51 0x0033.[804E599C] = 8057CF49 - ZwCreateSemaphore 00000061 0.00072272 52 0x0034.[804E59A0] = 805E1922 - ZwCreateSymbolicLinkObject 00000062 0.00073417 53 0x0035.[804E59A4] = AA0CD1B0 - ZwCreateThread 00000063 0.00074563 54 0x0036.[804E59A8] = 805E9981 - ZwCreateTimer 00000064 0.00075652 55 0x0037.[804E59AC] = 805AF238 - ZwCreateToken 00000065 0.00076797 56 0x0038.[804E59B0] = 805B2CB2 - ZwCreateWaitablePort 00000066 0.00077971 57 0x0039.[804E59B4] = 806642B5 - ZwDebugActiveProcess 00000067 0.00079088 58 0x003A.[804E59B8] = 8066440F - ZwDebugContinue 00000068 0.00080234 59 0x003B.[804E59BC] = 8056FB03 - ZwDelayExecution 00000069 0.00081379 60 0x003C.[804E59C0] = 805959AA - ZwDeleteAtom 00000070 0.00082497 61 0x003D.[804E59C4] = 8065192B - ZwDeleteBootEntry 00000071 0.00083642 62 0x003E.[804E59C8] = 805DDE04 - ZwDeleteFile 00000072 0.00084815 63 0x003F.[804E59CC] = 8059B5CD - ZwDeleteKey 00000073 0.00086017 64 0x0040.[804E59D0] = 80643AD1 - ZwDeleteObjectAuditAlarm 00000074 0.00087134 65 0x0041.[804E59D4] = 8059A1EC - ZwDeleteValueKey 00000075 0.00088307 66 0x0042.[804E59D8] = 80589ABD - ZwDeviceIoControlFile 00000076 0.00089509 67 0x0043.[804E59DC] = 805BE382 - ZwDisplayString 00000077 0.00090598 68 0x0044.[804E59E0] = 8057EDAF - ZwDuplicateObject 00000078 0.00091799 69 0x0045.[804E59E4] = 80586A99 - ZwDuplicateToken 00000079 0.00092973 70 0x0046.[804E59E8] = 8065193F - ZwEnumerateBootEntries 00000080 0.00094118 71 0x0047.[804E59EC] = 80582EEA - ZwEnumerateKey 00000081 0.00095347 72 0x0048.[804E59F0] = 80651917 - ZwEnumerateSystemEnvironmentValuesEx 00000082 0.00096493 73 0x0049.[804E59F4] = 8059103A - ZwEnumerateValueKey 00000083 0.00097694 74 0x004A.[804E59F8] = 8062E829 - ZwExtendSection 00000084 0.00098839 75 0x004B.[804E59FC] = 805D6CF5 - ZwFilterToken 00000085 0.00099901 76 0x004C.[804E5A00] = 805E61A7 - ZwFindAtom 00000086 0.00101074 77 0x004D.[804E5A04] = 80593C44 - ZwFlushBuffersFile 00000087 0.00102192 78 0x004E.[804E5A08] = 80587A2D - ZwFlushInstructionCache 00000088 0.00103253 79 0x004F.[804E5A0C] = 805E7ED1 - ZwFlushKey 00000089 0.00104399 80 0x0050.[804E5A10] = 805EA683 - ZwFlushVirtualMemory 00000090 0.00105460 81 0x0051.[804E5A14] = 806300C7 - ZwFlushWriteBuffer 00000091 0.00106606 82 0x0052.[804E5A18] = 8062FC1D - ZwFreeUserPhysicalPages 00000092 0.00107723 83 0x0053.[804E5A1C] = 805720BF - ZwFreeVirtualMemory 00000093 0.00108897 84 0x0054.[804E5A20] = 80583287 - ZwFsControlFile 00000094 0.00110126 85 0x0055.[804E5A24] = 80637067 - ZwGetContextThread 00000095 0.00111327 86 0x0056.[804E5A28] = 8063501B - ZwGetDevicePowerState 00000096 0.00112500 87 0x0057.[804E5A2C] = 805A3868 - ZwGetPlugPlayEvent 00000097 0.00113702 88 0x0058.[804E5A30] = 805407B7 - ZwGetWriteWatch 00000098 0.00114959 89 0x0059.[804E5A34] = 8059CB5D - ZwImpersonateAnonymousToken 00000099 0.00116160 90 0x005A.[804E5A38] = 805921C9 - ZwImpersonateClientOfPort 00000100 0.00117333 91 0x005B.[804E5A3C] = 805884C1 - ZwImpersonateThread 00000101 0.00118507 92 0x005C.[804E5A40] = 805B2485 - ZwInitializeRegistry 00000102 0.00119708 93 0x005D.[804E5A44] = 80634DE7 - ZwInitiatePowerAction 00000103 0.00120825 94 0x005E.[804E5A48] = 80638F83 - ZwIsProcessInJob 00000104 0.00121999 95 0x005F.[804E5A4C] = 80635002 - ZwIsSystemResumeAutomatic 00000105 0.00123060 96 0x0060.[804E5A50] = 805B22F4 - ZwListenPort 00000106 0.00124150 97 0x0061.[804E5A54] = 805B16F6 - ZwLoadDriver 00000107 0.00125295 98 0x0062.[804E5A58] = 805D708D - ZwLoadKey 00000108 0.00126469 99 0x0063.[804E5A5C] = 805D71EC - ZwLoadKey2 00000109 0.00127614 100 0x0064.[804E5A60] = 80595D77 - ZwLockFile 00000110 0.00128843 101 0x0065.[804E5A64] = 805D656A - ZwLockProductActivationKeys 00000111 0.00130017 102 0x0066.[804E5A68] = 805CF9DD - ZwLockRegistryKey 00000112 0.00131246 103 0x0067.[804E5A6C] = 805B6835 - ZwLockVirtualMemory 00000113 0.00132475 104 0x0068.[804E5A70] = 805E1B2A - ZwMakePermanentObject 00000114 0.00133732 105 0x0069.[804E5A74] = 805E1BF1 - ZwMakeTemporaryObject 00000115 0.00134989 106 0x006A.[804E5A78] = 8062EEC6 - ZwMapUserPhysicalPages 00000116 0.00136218 107 0x006B.[804E5A7C] = 8062F31F - ZwMapUserPhysicalPagesScatter 00000117 0.00137420 108 0x006C.[804E5A80] = 8057BA19 - ZwMapViewOfSection 00000118 0.00138593 109 0x006D.[804E5A84] = 8065192B - ZwModifyBootEntry 00000119 0.00139766 110 0x006E.[804E5A88] = 8059719B - ZwNotifyChangeDirectoryFile 00000120 0.00140828 111 0x006F.[804E5A8C] = 80597D8F - ZwNotifyChangeKey 00000121 0.00141945 112 0x0070.[804E5A90] = 80597BA1 - ZwNotifyChangeMultipleKeys 00000122 0.00143119 113 0x0071.[804E5A94] = 8058B1CE - ZwOpenDirectoryObject 00000123 0.00144208 114 0x0072.[804E5A98] = 8058AB69 - ZwOpenEvent 00000124 0.00145326 115 0x0073.[804E5A9C] = 80652083 - ZwOpenEventPair 00000125 0.00146415 116 0x0074.[804E5AA0] = 8057AE8D - ZwOpenFile 00000126 0.00147533 117 0x0075.[804E5AA4] = 806224CF - ZwOpenIoCompletion 00000127 0.00148650 118 0x0076.[804E5AA8] = 80639327 - ZwOpenJobObject 00000128 0.00149740 119 0x0077.[804E5AAC] = 80573BDF - ZwOpenKey 00000129 0.00150857 120 0x0078.[804E5AB0] = 80581C10 - ZwOpenMutant 00000130 0.00151975 121 0x0079.[804E5AB4] = 805E74EC - ZwOpenObjectAuditAlarm 00000131 0.00153120 122 0x007A.[804E5AB8] = 8057CB80 - ZwOpenProcess 00000132 0.00154293 123 0x007B.[804E5ABC] = 805794F6 - ZwOpenProcessToken 00000133 0.00155467 124 0x007C.[804E5AC0] = 8057944D - ZwOpenProcessTokenEx 00000134 0.00156556 125 0x007D.[804E5AC4] = 8057C96A - ZwOpenSection 00000135 0.00157674 126 0x007E.[804E5AC8] = 805E1CA8 - ZwOpenSemaphore 00000136 0.00158875 127 0x007F.[804E5ACC] = 8058B151 - ZwOpenSymbolicLinkObject 00000137 0.00160048 128 0x0080.[804E5AD0] = 80597A0F - ZwOpenThread 00000138 0.00161222 129 0x0081.[804E5AD4] = 805756D2 - ZwOpenThreadToken 00000139 0.00162423 130 0x0082.[804E5AD8] = 805755CF - ZwOpenThreadTokenEx 00000140 0.00163624 131 0x0083.[804E5ADC] = 80651EB9 - ZwOpenTimer 00000141 0.00164797 132 0x0084.[804E5AE0] = 805A14BD - ZwPlugPlayControl 00000142 0.00165943 133 0x0085.[804E5AE4] = 805AC9EA - ZwPowerInformation 00000143 0.00167144 134 0x0086.[804E5AE8] = 805A17B8 - ZwPrivilegeCheck 00000144 0.00168373 135 0x0087.[804E5AEC] = 805E1217 - ZwPrivilegeObjectAuditAlarm 00000145 0.00169603 136 0x0088.[804E5AF0] = 805D618F - ZwPrivilegedServiceAuditAlarm 00000146 0.00170748 137 0x0089.[804E5AF4] = 80583621 - ZwProtectVirtualMemory 00000147 0.00171810 138 0x008A.[804E5AF8] = 805B2C0A - ZwPulseEvent 00000148 0.00172983 139 0x008B.[804E5AFC] = 8057B0BC - ZwQueryAttributesFile 00000149 0.00174184 140 0x008C.[804E5B00] = 8065193F - ZwQueryBootEntryOrder 00000150 0.00175357 141 0x008D.[804E5B04] = 8065193F - ZwQueryBootOptions 00000151 0.00176531 142 0x008E.[804E5B08] = 804FC559 - ZwQueryDebugFilterState 00000152 0.00177732 143 0x008F.[804E5B0C] = 805700D0 - ZwQueryDefaultLocale 00000153 0.00178989 144 0x0090.[804E5B10] = 8058A59D - ZwQueryDefaultUILanguage 00000154 0.00180190 145 0x0091.[804E5B14] = 8057D793 - ZwQueryDirectoryFile 00000155 0.00181448 146 0x0092.[804E5B18] = 80590A8E - ZwQueryDirectoryObject 00000156 0.00182621 147 0x0093.[804E5B1C] = 8062271C - ZwQueryEaFile 00000157 0.00183738 148 0x0094.[804E5B20] = 8058AF38 - ZwQueryEvent 00000158 0.00184940 149 0x0095.[804E5B24] = 805859EE - ZwQueryFullAttributesFile 00000159 0.00186169 150 0x0096.[804E5B28] = 805B2F72 - ZwQueryInformationAtom 00000160 0.00187314 151 0x0097.[804E5B2C] = 8057BD38 - ZwQueryInformationFile 00000161 0.00188516 152 0x0098.[804E5B30] = 8058CEFB - ZwQueryInformationJobObject 00000162 0.00189661 153 0x0099.[804E5B34] = 8062C4CD - ZwQueryInformationPort 00000163 0.00190918 154 0x009A.[804E5B38] = 805757B6 - ZwQueryInformationProcess 00000164 0.00192175 155 0x009B.[804E5B3C] = 8057786A - ZwQueryInformationThread 00000165 0.00193377 156 0x009C.[804E5B40] = 805782E4 - ZwQueryInformationToken 00000166 0.00194578 157 0x009D.[804E5B44] = 8058ACD2 - ZwQueryInstallUILanguage 00000167 0.00195779 158 0x009E.[804E5B48] = 80652A77 - ZwQueryIntervalProfile 00000168 0.00196924 159 0x009F.[804E5B4C] = 80622590 - ZwQueryIoCompletion 00000169 0.00198098 160 0x00A0.[804E5B50] = 80582AEA - ZwQueryKey 00000170 0.00199327 161 0x00A1.[804E5B54] = 80657473 - ZwQueryMultipleValueKey 00000171 0.00200500 162 0x00A2.[804E5B58] = 806523FC - ZwQueryMutant 00000172 0.00201674 163 0x00A3.[804E5B5C] = 8058B466 - ZwQueryObject 00000173 0.00202903 164 0x00A4.[804E5B60] = 8065767B - ZwQueryOpenSubKeys 00000174 0.00204132 165 0x00A5.[804E5B64] = 805718A6 - ZwQueryPerformanceCounter 00000175 0.00205305 166 0x00A6.[804E5B68] = 80622FD3 - ZwQueryQuotaInformationFile 00000176 0.00206479 167 0x00A7.[804E5B6C] = 80587E7A - ZwQuerySection 00000177 0.00207708 168 0x00A8.[804E5B70] = 8059FE28 - ZwQuerySecurityObject 00000178 0.00208881 169 0x00A9.[804E5B74] = 806511E9 - ZwQuerySemaphore 00000179 0.00210083 170 0x00AA.[804E5B78] = 8058AFC2 - ZwQuerySymbolicLinkObject 00000180 0.00211312 171 0x00AB.[804E5B7C] = 80651967 - ZwQuerySystemEnvironmentValue 00000181 0.00212569 172 0x00AC.[804E5B80] = 80651903 - ZwQuerySystemEnvironmentValueEx 00000182 0.00213742 173 0x00AD.[804E5B84] = 80585B3D - ZwQuerySystemInformation 00000183 0.00214916 174 0x00AE.[804E5B88] = 80593915 - ZwQuerySystemTime 00000184 0.00216033 175 0x00AF.[804E5B8C] = 8059B98D - ZwQueryTimer 00000185 0.00217123 176 0x00B0.[804E5B90] = 8058DE21 - ZwQueryTimerResolution 00000186 0.00218296 177 0x00B1.[804E5B94] = 80573F19 - ZwQueryValueKey 00000187 0.00219469 178 0x00B2.[804E5B98] = 80579E03 - ZwQueryVirtualMemory 00000188 0.00220698 179 0x00B3.[804E5B9C] = 8057B1D8 - ZwQueryVolumeInformationFile 00000189 0.00221816 180 0x00B4.[804E5BA0] = 8059B8E8 - ZwQueueApcThread 00000190 0.00222933 181 0x00B5.[804E5BA4] = 804E2287 - ZwRaiseException 00000191 0.00224079 182 0x00B6.[804E5BA8] = 80650F25 - ZwRaiseHardError 00000192 0.00225252 183 0x00B7.[804E5BAC] = 8057595D - ZwReadFile 00000193 0.00226425 184 0x00B8.[804E5BB0] = 806238AB - ZwReadFileScatter 00000194 0.00227683 185 0x00B9.[804E5BB4] = 805926E1 - ZwReadRequestData 00000195 0.00228884 186 0x00BA.[804E5BB8] = 805882FE - ZwReadVirtualMemory 00000196 0.00230085 187 0x00BB.[804E5BBC] = 80587811 - ZwRegisterThreadTerminatePort 00000197 0.00231231 188 0x00BC.[804E5BC0] = 8056FB6E - ZwReleaseMutant 00000198 0.00232404 189 0x00BD.[804E5BC4] = 80577F40 - ZwReleaseSemaphore 00000199 0.00233605 190 0x00BE.[804E5BC8] = 8057054C - ZwRemoveIoCompletion 00000200 0.00234750 191 0x00BF.[804E5BCC] = 8066438A - ZwRemoveProcessDebug 00000201 0.00235896 192 0x00C0.[804E5BD0] = 806578F0 - ZwRenameKey 00000202 0.00237069 193 0x00C1.[804E5BD4] = 8065824C - ZwReplaceKey 00000203 0.00238215 194 0x00C2.[804E5BD8] = 80586792 - ZwReplyPort 00000204 0.00239500 195 0x00C3.[804E5BDC] = 80577821 - ZwReplyWaitReceivePort 00000205 0.00240729 196 0x00C4.[804E5BE0] = 80577339 - ZwReplyWaitReceivePortEx 00000206 0.00241874 197 0x00C5.[804E5BE4] = 8062C5AC - ZwReplyWaitReplyPort 00000207 0.00243048 198 0x00C6.[804E5BE8] = 80634F8F - ZwRequestDeviceWakeup 00000208 0.00244137 199 0x00C7.[804E5BEC] = 805E7AD1 - ZwRequestPort 00000209 0.00245311 200 0x00C8.[804E5BF0] = 8057E89E - ZwRequestWaitReplyPort 00000210 0.00246540 201 0x00C9.[804E5BF4] = 80634D88 - ZwRequestWakeupLatency 00000211 0.00247657 202 0x00CA.[804E5BF8] = 805E9CED - ZwResetEvent 00000212 0.00248858 203 0x00CB.[804E5BFC] = 80540C32 - ZwResetWriteWatch 00000213 0.00249920 204 0x00CC.[804E5C00] = 80657DE1 - ZwRestoreKey 00000214 0.00250870 205 0x00CD.[804E5C04] = 80638BC6 - ZwResumeProcess 00000215 0.00251764 206 0x00CE.[804E5C08] = 80587737 - ZwResumeThread 00000216 0.00252658 207 0x00CF.[804E5C0C] = 80657EE2 - ZwSaveKey 00000217 0.00253552 208 0x00D0.[804E5C10] = 80657FCD - ZwSaveKeyEx 00000218 0.00254474 209 0x00D1.[804E5C14] = 806580FA - ZwSaveMergedKeys 00000219 0.00255368 210 0x00D2.[804E5C18] = 80588C11 - ZwSecureConnectPort 00000220 0.00256290 211 0x00D3.[804E5C1C] = 8065193F - ZwSetBootEntryOrder 00000221 0.00257156 212 0x00D4.[804E5C20] = 8065193F - ZwSetBootOptions 00000222 0.00258050 213 0x00D5.[804E5C24] = 8063728D - ZwSetContextThread 00000223 0.00258944 214 0x00D6.[804E5C28] = 80665D6C - ZwSetDebugFilterState 00000224 0.00259865 215 0x00D7.[804E5C2C] = 805B84F9 - ZwSetDefaultHardErrorPort 00000225 0.00260759 216 0x00D8.[804E5C30] = 805DEC9B - ZwSetDefaultLocale 00000226 0.00261681 217 0x00D9.[804E5C34] = 805DEC42 - ZwSetDefaultUILanguage 00000227 0.00262575 218 0x00DA.[804E5C38] = 80622C63 - ZwSetEaFile 00000228 0.00263469 219 0x00DB.[804E5C3C] = 80571634 - ZwSetEvent 00000229 0.00264391 220 0x00DC.[804E5C40] = 80577CAA - ZwSetEventBoostPriority 00000230 0.00265313 221 0x00DD.[804E5C44] = 80652383 - ZwSetHighEventPair 00000231 0.00266235 222 0x00DE.[804E5C48] = 806522A3 - ZwSetHighWaitLowEventPair 00000232 0.00267185 223 0x00DF.[804E5C4C] = 80663D2B - ZwSetInformationDebugObject 00000233 0.00268135 224 0x00E0.[804E5C50] = 805841AD - ZwSetInformationFile 00000234 0.00269057 225 0x00E1.[804E5C54] = 805DE782 - ZwSetInformationJobObject 00000235 0.00269951 226 0x00E2.[804E5C58] = 80656FD6 - ZwSetInformationKey 00000236 0.00270872 227 0x00E3.[804E5C5C] = 8058AC51 - ZwSetInformationObject 00000237 0.00271766 228 0x00E4.[804E5C60] = 80575B1F - ZwSetInformationProcess 00000238 0.00272688 229 0x00E5.[804E5C64] = 80577ABD - ZwSetInformationThread 00000239 0.00273582 230 0x00E6.[804E5C68] = 805AE8D2 - ZwSetInformationToken 00000240 0.00274476 231 0x00E7.[804E5C6C] = 806525A3 - ZwSetIntervalProfile 00000241 0.00275370 232 0x00E8.[804E5C70] = 80577DF0 - ZwSetIoCompletion 00000242 0.00276236 233 0x00E9.[804E5C74] = 80637ADF - ZwSetLdtEntries 00000243 0.00277130 234 0x00EA.[804E5C78] = 80652317 - ZwSetLowEventPair 00000244 0.00278052 235 0x00EB.[804E5C7C] = 8065222F - ZwSetLowWaitHighEventPair 00000245 0.00279002 236 0x00EC.[804E5C80] = 80622FAB - ZwSetQuotaInformationFile 00000246 0.00279924 237 0x00ED.[804E5C84] = 8059FC29 - ZwSetSecurityObject 00000247 0.00280846 238 0x00EE.[804E5C88] = 80651C04 - ZwSetSystemEnvironmentValue 00000248 0.00281796 239 0x00EF.[804E5C8C] = 80651903 - ZwSetSystemEnvironmentValueEx 00000249 0.00282690 240 0x00F0.[804E5C90] = 805B3328 - ZwSetSystemInformation 00000250 0.00283611 241 0x00F1.[804E5C94] = 806710E7 - ZwSetSystemPowerState 00000251 0.00284505 242 0x00F2.[804E5C98] = 80650BD9 - ZwSetSystemTime 00000252 0.00285399 243 0x00F3.[804E5C9C] = 805EC0AA - ZwSetThreadExecutionState 00000253 0.00286293 244 0x00F4.[804E5CA0] = 804E8A35 - ZwSetTimer 00000254 0.00287215 245 0x00F5.[804E5CA4] = 805EC370 - ZwSetTimerResolution 00000255 0.00288109 246 0x00F6.[804E5CA8] = 805D633B - ZwSetUuidSeed 00000256 0.00289003 247 0x00F7.[804E5CAC] = 8057C4EF - ZwSetValueKey 00000257 0.00289925 248 0x00F8.[804E5CB0] = 806234E9 - ZwSetVolumeInformationFile 00000258 0.00290819 249 0x00F9.[804E5CB4] = 80650327 - ZwShutdownSystem 00000259 0.00291741 250 0x00FA.[804E5CB8] = 8051D3C9 - ZwSignalAndWaitForSingleObject 00000260 0.00292635 251 0x00FB.[804E5CBC] = 8065280E - ZwStartProfile 00000261 0.00293529 252 0x00FC.[804E5CC0] = 806529C7 - ZwStopProfile 00000262 0.00294423 253 0x00FD.[804E5CC4] = 80638B6B - ZwSuspendProcess 00000263 0.00295345 254 0x00FE.[804E5CC8] = 80638A87 - ZwSuspendThread 00000264 0.00296267 255 0x00FF.[804E5CCC] = 80652B27 - ZwSystemDebugControl 00000265 0.00297189 256 0x0100.[804E5CD0] = 80639499 - ZwTerminateJobObject 00000266 0.00298111 257 0x0101.[804E5CD4] = 8058F6B9 - ZwTerminateProcess 00000267 0.00299032 258 0x0102.[804E5CD8] = 80583DDA - ZwTerminateThread 00000268 0.00299898 259 0x0103.[804E5CDC] = 8058721F - ZwTestAlert 00000269 0.00300792 260 0x0104.[804E5CE0] = 8054AA70 - ZwTraceEvent 00000270 0.00301714 261 0x0105.[804E5CE4] = 80651953 - ZwTranslateFilePath 00000271 0.00302608 262 0x0106.[804E5CE8] = 80625BAC - ZwUnloadDriver 00000272 0.00303474 263 0x0107.[804E5CEC] = 80656B3A - ZwUnloadKey 00000273 0.00304368 264 0x0108.[804E5CF0] = 80656D6B - ZwUnloadKeyEx 00000274 0.00305262 265 0x0109.[804E5CF4] = 80595ED7 - ZwUnlockFile 00000275 0.00306184 266 0x010A.[804E5CF8] = 8063013B - ZwUnlockVirtualMemory 00000276 0.00307078 267 0x010B.[804E5CFC] = 8057B5A1 - ZwUnmapViewOfSection 00000277 0.00307944 268 0x010C.[804E5D00] = 805B5E66 - ZwVdmControl 00000278 0.00308866 269 0x010D.[804E5D04] = 80663A76 - ZwWaitForDebugEvent 00000279 0.00309788 270 0x010E.[804E5D08] = 8056FC49 - ZwWaitForMultipleObjects 00000280 0.00310710 271 0x010F.[804E5D0C] = 8056EF62 - ZwWaitForSingleObject 00000281 0.00311632 272 0x0110.[804E5D10] = 806521C3 - ZwWaitHighEventPair 00000282 0.00312526 273 0x0111.[804E5D14] = 80652157 - ZwWaitLowEventPair 00000283 0.00313392 274 0x0112.[804E5D18] = 8058442D - ZwWriteFile 00000284 0.00314314 275 0x0113.[804E5D1C] = 805D50AC - ZwWriteFileGather 00000285 0.00315236 276 0x0114.[804E5D20] = 80592765 - ZwWriteRequestData 00000286 0.00316157 277 0x0115.[804E5D24] = 805883F6 - ZwWriteVirtualMemory 00000287 0.00317051 278 0x0116.[804E5D28] = 80516ACF - ZwYieldExecution 00000288 0.00317973 279 0x0117.[804E5D2C] = 805CB1A2 - ZwCreateKeyedEvent 00000289 0.00318867 280 0x0118.[804E5D30] = 8058CA46 - ZwOpenKeyedEvent 00000290 0.00319789 281 0x0119.[804E5D34] = 80652F9B - ZwReleaseKeyedEvent 00000291 0.00320711 282 0x011A.[804E5D38] = 80653206 - ZwWaitForKeyedEvent 00000292 0.00321633 283 0x011B.[804E5D3C] = 80636377 - ZwQueryPortInformationProcess 00000293 0.00322471 SSDTShadow --> = [805634E0] = 804E58D0 00000294 0.00323309 pSSDTShadow_W32pST --> = [805634F0] = BF99E900 00000295 0.00323896 -->ServiceCounterTable = 0 00000296 0.00324455 -->NumberOfServices = 667 00000297 0.00325125 -->ParamTableBase = [BF99F610] 00000298 0.00326466 pSSDTShadow_W32pST_new --> = [BF99E900] = BF93AA5E <-- from win32k.sys 00000299 0.00327472 0 000 0x1000.[BF99E900] = BF93AA5E - NtGdiAbortDoc 00000300 0.00328422 1 001 0x1001.[BF99E904] = BF94C08C - NtGdiAbortPath 00000301 0.00329371 2 002 0x1002.[BF99E908] = BF86FCB2 - NtGdiAddFontResourceW 00000302 0.00330349 3 003 0x1003.[BF99E90C] = BF943B93 - NtGdiAddRemoteFontToDC 00000303 0.00331299 4 004 0x1004.[BF99E910] = BF94D6AE - NtGdiAddFontMemResourceEx 00000304 0.00332249 5 005 0x1005.[BF99E914] = BF93ACF2 - NtGdiRemoveMergeFont 00000305 0.00333227 6 006 0x1006.[BF99E918] = BF93AD97 - NtGdiAddRemoteMMInstanceToDC 00000306 0.00334149 7 007 0x1007.[BF99E91C] = BF831496 - NtGdiAlphaBlend 00000307 0.00335098 8 008 0x1008.[BF99E920] = BF94CFCA - NtGdiAngleArc 00000308 0.00336048 9 009 0x1009.[BF99E924] = BF938E5D - NtGdiAnyLinkedFonts 00000309 0.00337026 10 010 0x100A.[BF99E928] = BF94D5C2 - NtGdiFontIsLinked 00000310 0.00338004 11 011 0x100B.[BF99E92C] = BF91126C - NtGdiArcInternal 00000311 0.00338982 12 012 0x100C.[BF99E930] = BF8FEFAE - NtGdiBeginPath 00000312 0.00339931 13 013 0x100D.[BF99E934] = BF809952 - NtGdiBitBlt 00000313 0.00340909 14 014 0x100E.[BF99E938] = BF94D494 - NtGdiCancelDC 00000314 0.00341859 15 015 0x100F.[BF99E93C] = BF94EC9B - NtGdiCheckBitmapBits 00000315 0.00342809 16 016 0x1010.[BF99E940] = BF8FD8AB - NtGdiCloseFigure 00000316 0.00343815 17 017 0x1011.[BF99E944] = BF876E0D - NtGdiClearBitmapAttributes 00000317 0.00344820 18 018 0x1012.[BF99E948] = BF94D572 - NtGdiClearBrushAttributes 00000318 0.00345826 19 019 0x1013.[BF99E94C] = BF94EDCE - NtGdiColorCorrectPalette 00000319 0.00346804 20 020 0x1014.[BF99E950] = BF81C660 - NtGdiCombineRgn 00000320 0.00347810 21 021 0x1015.[BF99E954] = BF8DE033 - NtGdiCombineTransform 00000321 0.00348815 22 022 0x1016.[BF99E958] = BF8AC55E - NtGdiComputeXformCoefficients 00000322 0.00349793 23 023 0x1017.[BF99E95C] = BF859E69 - NtGdiConsoleTextOut 00000323 0.00350799 24 024 0x1018.[BF99E960] = BF9124A7 - NtGdiConvertMetafileRect 00000324 0.00351749 25 025 0x1019.[BF99E964] = BF80E30D - NtGdiCreateBitmap 00000325 0.00352754 26 026 0x101A.[BF99E968] = BF8DDCDB - NtGdiCreateClientObj 00000326 0.00353732 27 027 0x101B.[BF99E96C] = BF94EA93 - NtGdiCreateColorSpace 00000327 0.00354710 28 028 0x101C.[BF99E970] = BF94F99E - NtGdiCreateColorTransform 00000328 0.00355716 29 029 0x101D.[BF99E974] = BF813AB9 - NtGdiCreateCompatibleBitmap 00000329 0.00356721 30 030 0x101E.[BF99E978] = BF80C8AE - NtGdiCreateCompatibleDC 00000330 0.00357699 31 031 0x101F.[BF99E97C] = BF8D2CFE - NtGdiCreateDIBBrush 00000331 0.00358705 32 032 0x1020.[BF99E980] = BF828CBD - NtGdiCreateDIBitmapInternal 00000332 0.00359683 33 033 0x1021.[BF99E984] = BF8295BF - NtGdiCreateDIBSection 00000333 0.00360632 34 034 0x1022.[BF99E988] = BF93D30A - NtGdiCreateEllipticRgn 00000334 0.00361610 35 035 0x1023.[BF99E98C] = BF8AC368 - NtGdiCreateHalftonePalette 00000335 0.00362616 36 036 0x1024.[BF99E990] = BF950A2A - NtGdiCreateHatchBrushInternal 00000336 0.00363594 37 037 0x1025.[BF99E994] = BF8F32CE - NtGdiCreateMetafileDC 00000337 0.00364599 38 038 0x1026.[BF99E998] = BF85F18A - NtGdiCreatePaletteInternal 00000338 0.00365605 39 039 0x1027.[BF99E99C] = BF8AA759 - NtGdiCreatePatternBrushInternal 00000339 0.00366583 40 040 0x1028.[BF99E9A0] = BF8A44E9 - NtGdiCreatePen 00000340 0.00367533 41 041 0x1029.[BF99E9A4] = BF835054 - NtGdiCreateRectRgn 00000341 0.00368538 42 042 0x102A.[BF99E9A8] = BF8B7AD8 - NtGdiCreateRoundRectRgn 00000342 0.00369544 43 043 0x102B.[BF99E9AC] = BF9123AC - NtGdiCreateServerMetaFile 00000343 0.00370494 44 044 0x102C.[BF99E9B0] = BF819D99 - NtGdiCreateSolidBrush 00000344 0.00371500 45 045 0x102D.[BF99E9B4] = BF93847D - NtGdiD3dContextCreate 00000345 0.00372505 46 046 0x102E.[BF99E9B8] = BF938490 - NtGdiD3dContextDestroy 00000346 0.00373511 47 047 0x102F.[BF99E9BC] = BF9384A3 - NtGdiD3dContextDestroyAll 00000347 0.00374517 48 048 0x1030.[BF99E9C0] = BF9384B6 - NtGdiD3dValidateTextureStageState 00000348 0.00375495 49 049 0x1031.[BF99E9C4] = BF9384C9 - NtGdiD3dDrawPrimitives2 00000349 0.00376472 50 050 0x1032.[BF99E9C8] = BF9384DC - NtGdiDdGetDriverState 00000350 0.00377478 51 051 0x1033.[BF99E9CC] = BF938352 - NtGdiDdAddAttachedSurface 00000351 0.00378456 52 052 0x1034.[BF99E9D0] = BF93859C - NtGdiDdAlphaBlt 00000352 0.00379406 53 053 0x1035.[BF99E9D4] = BF906454 - NtGdiDdAttachSurface 00000353 0.00380411 54 054 0x1036.[BF99E9D8] = BF938547 - NtGdiDdBeginMoCompFrame 00000354 0.00381333 55 055 0x1037.[BF99E9DC] = BF906467 - NtGdiDdBlt 00000355 0.00382311 56 056 0x1038.[BF99E9E0] = BF906241 - NtGdiDdCanCreateSurface 00000356 0.00383317 57 057 0x1039.[BF99E9E4] = BF938454 - NtGdiDdCanCreateD3DBuffer 00000357 0.00384323 58 058 0x103A.[BF99E9E8] = BF938365 - NtGdiDdColorControl 00000358 0.00385328 59 059 0x103B.[BF99E9EC] = BF8EB106 - NtGdiDdCreateDirectDrawObject 00000359 0.00386278 60 060 0x103C.[BF99E9F0] = BF8EB119 - NtGdiDdCreateSurface 00000360 0.00387284 61 061 0x103D.[BF99E9F4] = BF93843E - NtGdiDdCreateD3DBuffer 00000361 0.00388234 62 062 0x103E.[BF99E9F8] = BF906280 - NtGdiDdCreateMoComp 00000362 0.00389211 63 063 0x103F.[BF99E9FC] = BF9068AB - NtGdiDdCreateSurfaceObject 00000363 0.00390245 64 064 0x1040.[BF99EA00] = BF8EB362 - NtGdiDdDeleteDirectDrawObject 00000364 0.00391251 65 065 0x1041.[BF99EA04] = BF906428 - NtGdiDdDeleteSurfaceObject 00000365 0.00392229 66 066 0x1042.[BF99EA08] = BF906254 - NtGdiDdDestroyMoComp 00000366 0.00393234 67 067 0x1043.[BF99EA0C] = BF8EB34C - NtGdiDdDestroySurface 00000367 0.00394212 68 068 0x1044.[BF99EA10] = BF938467 - NtGdiDdDestroyD3DBuffer 00000368 0.00395218 69 069 0x1045.[BF99EA14] = BF93855A - NtGdiDdEndMoCompFrame 00000369 0.00396196 70 070 0x1046.[BF99EA18] = BF906951 - NtGdiDdFlip 00000370 0.00397201 71 071 0x1047.[BF99EA1C] = BF90705C - NtGdiDdFlipToGDISurface 00000371 0.00398207 72 072 0x1048.[BF99EA20] = BF90643E - NtGdiDdGetAvailDriverMemory 00000372 0.00399185 73 073 0x1049.[BF99EA24] = BF938378 - NtGdiDdGetBltStatus 00000373 0.00400135 74 074 0x104A.[BF99EA28] = BF9061AC - NtGdiDdGetDC 00000374 0.00401112 75 075 0x104B.[BF99EA2C] = BF9061EB - NtGdiDdGetDriverInfo 00000375 0.00402090 76 076 0x104C.[BF99EA30] = BF9383E6 - NtGdiDdGetDxHandle 00000376 0.00403040 77 077 0x104D.[BF99EA34] = BF93838E - NtGdiDdGetFlipStatus 00000377 0.00404046 78 078 0x104E.[BF99EA38] = BF938531 - NtGdiDdGetInternalMoCompInfo 00000378 0.00405079 79 079 0x104F.[BF99EA3C] = BF93851B - NtGdiDdGetMoCompBuffInfo 00000379 0.00406085 80 080 0x1050.[BF99EA40] = BF90626A - NtGdiDdGetMoCompGuids 00000380 0.00407063 81 081 0x1051.[BF99EA44] = BF938505 - NtGdiDdGetMoCompFormats 00000381 0.00408069 82 082 0x1052.[BF99EA48] = BF907162 - NtGdiDdGetScanLine 00000382 0.00409018 83 083 0x1053.[BF99EA4C] = BF8C7D66 - NtGdiDdLock 00000383 0.00409996 84 084 0x1054.[BF99EA50] = BF938412 - NtGdiDdLockD3D 00000384 0.00411002 85 085 0x1055.[BF99EA54] = BF8EB0A5 - NtGdiDdQueryDirectDrawObject 00000385 0.00411980 86 086 0x1056.[BF99EA58] = BF938586 - NtGdiDdQueryMoCompStatus 00000386 0.00412985 87 087 0x1057.[BF99EA5C] = BF8EB0E0 - NtGdiDdReenableDirectDrawObject 00000387 0.00413963 88 088 0x1058.[BF99EA60] = BF906320 - NtGdiDdReleaseDC 00000388 0.00414913 89 089 0x1059.[BF99EA64] = BF938570 - NtGdiDdRenderMoComp 00000389 0.00415891 90 090 0x105A.[BF99EA68] = BF8C7BAC - NtGdiDdResetVisrgn 00000390 0.00416897 91 091 0x105B.[BF99EA6C] = BF906967 - NtGdiDdSetColorKey 00000391 0.00417902 92 092 0x105C.[BF99EA70] = BF9383A4 - NtGdiDdSetExclusiveMode 00000392 0.00418880 93 093 0x105D.[BF99EA74] = BF9383FC - NtGdiDdSetGammaRamp 00000393 0.00419830 94 094 0x105E.[BF99EA78] = BF9384EF - NtGdiDdCreateSurfaceEx 00000394 0.00420808 95 095 0x105F.[BF99EA7C] = BF9383BA - NtGdiDdSetOverlayPosition 00000395 0.00421813 96 096 0x1060.[BF99EA80] = BF9064F4 - NtGdiDdUnattachSurface 00000396 0.00422791 97 097 0x1061.[BF99EA84] = BF8C7B5C - NtGdiDdUnlock 00000397 0.00423769 98 098 0x1062.[BF99EA88] = BF938428 - NtGdiDdUnlockD3D 00000398 0.00424719 99 099 0x1063.[BF99EA8C] = BF90693B - NtGdiDdUpdateOverlay 00000399 0.00425724 100 100 0x1064.[BF99EA90] = BF9383D0 - NtGdiDdWaitForVerticalBlank 00000400 0.00426758 101 101 0x1065.[BF99EA94] = BF9385AF - NtGdiDvpCanCreateVideoPort 00000401 0.00427764 102 102 0x1066.[BF99EA98] = BF9385C5 - NtGdiDvpColorControl 00000402 0.00428798 103 103 0x1067.[BF99EA9C] = BF9385DB - NtGdiDvpCreateVideoPort 00000403 0.00429803 104 104 0x1068.[BF99EAA0] = BF9385F1 - NtGdiDvpDestroyVideoPort 00000404 0.00430781 105 105 0x1069.[BF99EAA4] = BF938607 - NtGdiDvpFlipVideoPort 00000405 0.00431815 106 106 0x106A.[BF99EAA8] = BF93861D - NtGdiDvpGetVideoPortBandwidth 00000406 0.00432820 107 107 0x106B.[BF99EAAC] = BF938633 - NtGdiDvpGetVideoPortField 00000407 0.00433854 108 108 0x106C.[BF99EAB0] = BF938649 - NtGdiDvpGetVideoPortFlipStatus 00000408 0.00434888 109 109 0x106D.[BF99EAB4] = BF93865F - NtGdiDvpGetVideoPortInputFormats 00000409 0.00435865 110 110 0x106E.[BF99EAB8] = BF938675 - NtGdiDvpGetVideoPortLine 00000410 0.00436899 111 111 0x106F.[BF99EABC] = BF93868B - NtGdiDvpGetVideoPortOutputFormats 00000411 0.00437961 112 112 0x1070.[BF99EAC0] = BF9386A1 - NtGdiDvpGetVideoPortConnectInfo 00000412 0.00438938 113 113 0x1071.[BF99EAC4] = BF9386B7 - NtGdiDvpGetVideoSignalStatus 00000413 0.00439916 114 114 0x1072.[BF99EAC8] = BF9386CD - NtGdiDvpUpdateVideoPort 00000414 0.00440922 115 115 0x1073.[BF99EACC] = BF9386E3 - NtGdiDvpWaitForVideoPortSync 00000415 0.00441900 116 116 0x1074.[BF99EAD0] = BF9386F9 - NtGdiDvpAcquireNotification 00000416 0.00442905 117 117 0x1075.[BF99EAD4] = BF93870F - NtGdiDvpReleaseNotification 00000417 0.00443883 118 118 0x1076.[BF99EAD8] = BF93833F - NtGdiDxgGenericThunk 00000418 0.00444861 119 119 0x1077.[BF99EADC] = BF8DDDFD - NtGdiDeleteClientObj 00000419 0.00445867 120 120 0x1078.[BF99EAE0] = BF94EA86 - NtGdiDeleteColorSpace 00000420 0.00446872 121 121 0x1079.[BF99EAE4] = BF94FC5A - NtGdiDeleteColorTransform 00000421 0.00447878 122 122 0x107A.[BF99EAE8] = BF813946 - NtGdiDeleteObjectApp 00000422 0.00448856 123 123 0x107B.[BF99EAEC] = BF94E184 - NtGdiDescribePixelFormat 00000423 0.00449834 124 124 0x107C.[BF99EAF0] = BF8F964E - NtGdiGetPerBandInfo 00000424 0.00450839 125 125 0x107D.[BF99EAF4] = BF8FAC62 - NtGdiDoBanding 00000425 0.00451789 126 126 0x107E.[BF99EAF8] = BF837D99 - NtGdiDoPalette 00000426 0.00452767 127 127 0x107F.[BF99EAFC] = BF94D014 - NtGdiDrawEscape 00000427 0.00453745 128 128 0x1080.[BF99EB00] = BF8D5803 - NtGdiEllipse 00000428 0.00454695 129 129 0x1081.[BF99EB04] = BF8752D9 - NtGdiEnableEudc 00000429 0.00455644 130 130 0x1082.[BF99EB08] = BF8FA5DE - NtGdiEndDoc 00000430 0.00456622 131 131 0x1083.[BF99EB0C] = BF903A88 - NtGdiEndPage 00000431 0.00457572 132 132 0x1084.[BF99EB10] = BF8FF04E - NtGdiEndPath 00000432 0.00458550 133 133 0x1085.[BF99EB14] = BF86A74F - NtGdiEnumFontChunk 00000433 0.00459556 134 134 0x1086.[BF99EB18] = BF86A6CE - NtGdiEnumFontClose 00000434 0.00460505 135 135 0x1087.[BF99EB1C] = BF869D5D - NtGdiEnumFontOpen 00000435 0.00461511 136 136 0x1088.[BF99EB20] = BF8D3006 - NtGdiEnumObjects 00000436 0.00462489 137 137 0x1089.[BF99EB24] = BF93D405 - NtGdiEqualRgn 00000437 0.00463467 138 138 0x108A.[BF99EB28] = BF954235 - NtGdiEudcLoadUnloadLink 00000438 0.00464472 139 139 0x108B.[BF99EB2C] = BF827DAE - NtGdiExcludeClipRect 00000439 0.00465478 140 140 0x108C.[BF99EB30] = BF8CAF78 - NtGdiExtCreatePen 00000440 0.00466456 141 141 0x108D.[BF99EB34] = BF835548 - NtGdiExtCreateRegion 00000441 0.00467434 142 142 0x108E.[BF99EB38] = BF8B5E69 - NtGdiExtEscape 00000442 0.00468439 143 143 0x108F.[BF99EB3C] = BF955053 - NtGdiExtFloodFill 00000443 0.00469445 144 144 0x1090.[BF99EB40] = BF826EEF - NtGdiExtGetObjectW 00000444 0.00470451 145 145 0x1091.[BF99EB44] = BF80F1CD - NtGdiExtSelectClipRgn 00000445 0.00471429 146 146 0x1092.[BF99EB48] = BF8995A0 - NtGdiExtTextOutW 00000446 0.00472378 147 147 0x1093.[BF99EB4C] = BF94C1B1 - NtGdiFillPath 00000447 0.00473356 148 148 0x1094.[BF99EB50] = BF8AA09A - NtGdiFillRgn 00000448 0.00474334 149 149 0x1095.[BF99EB54] = BF94C116 - NtGdiFlattenPath 00000449 0.00475312 150 150 0x1096.[BF99EB58] = BF80C391 - NtGdiFlushUserBatch 00000450 0.00476290 151 151 0x1097.[BF99EB5C] = BF80A255 - NtGdiFlush 00000451 0.00477295 152 152 0x1098.[BF99EB60] = BF94E064 - NtGdiForceUFIMapping 00000452 0.00478245 153 153 0x1099.[BF99EB64] = BF8B7D4A - NtGdiFrameRgn 00000453 0.00479223 154 154 0x109A.[BF99EB68] = BF9400E2 - NtGdiFullscreenControl 00000454 0.00480229 155 155 0x109B.[BF99EB6C] = BF8CA249 - NtGdiGetAndSetDCDword 00000455 0.00481206 156 156 0x109C.[BF99EB70] = BF8164D5 - NtGdiGetAppClipBox 00000456 0.00482212 157 157 0x109D.[BF99EB74] = BF8AA58D - NtGdiGetBitmapBits 00000457 0.00483218 158 158 0x109E.[BF99EB78] = BF94DF86 - NtGdiGetBitmapDimension 00000458 0.00484196 159 159 0x109F.[BF99EB7C] = BF8BD8B8 - NtGdiGetBoundsRect 00000459 0.00485201 160 160 0x10A0.[BF99EB80] = BF8F1C82 - NtGdiGetCharABCWidthsW 00000460 0.00486207 161 161 0x10A1.[BF99EB84] = BF94C71F - NtGdiGetCharacterPlacementW 00000461 0.00487157 162 162 0x10A2.[BF99EB88] = BF80F808 - NtGdiGetCharSet 00000462 0.00488163 163 163 0x10A3.[BF99EB8C] = BF8ED868 - NtGdiGetCharWidthW 00000463 0.00489168 164 164 0x10A4.[BF99EB90] = BF8AB2A3 - NtGdiGetCharWidthInfo 00000464 0.00490174 165 165 0x10A5.[BF99EB94] = BF94D336 - NtGdiGetColorAdjustment 00000465 0.00491208 166 166 0x10A6.[BF99EB98] = BF955908 - NtGdiGetColorSpaceforBitmap 00000466 0.00492185 167 167 0x10A7.[BF99EB9C] = BF8271BC - NtGdiGetDCDword 00000467 0.00493191 168 168 0x10A8.[BF99EBA0] = BF89828C - NtGdiGetDCforBitmap 00000468 0.00494169 169 169 0x10A9.[BF99EBA4] = BF827049 - NtGdiGetDCObject 00000469 0.00495147 170 170 0x10AA.[BF99EBA8] = BF8C3115 - NtGdiGetDCPoint 00000470 0.00496125 171 171 0x10AB.[BF99EBAC] = BF94D532 - NtGdiGetDeviceCaps 00000471 0.00497130 172 172 0x10AC.[BF99EBB0] = BF94F031 - NtGdiGetDeviceGammaRamp 00000472 0.00498136 173 173 0x10AD.[BF99EBB4] = BF8C94EA - NtGdiGetDeviceCapsAll 00000473 0.00499142 174 174 0x10AE.[BF99EBB8] = BF839B83 - NtGdiGetDIBitsInternal 00000474 0.00500119 175 175 0x10AF.[BF99EBBC] = BF95686B - NtGdiGetETM 00000475 0.00501153 176 176 0x10B0.[BF99EBC0] = BF951CD7 - NtGdiGetEudcTimeStampEx 00000476 0.00502131 177 177 0x10B1.[BF99EBC4] = BF8EF084 - NtGdiGetFontData 00000477 0.00503165 178 178 0x10B2.[BF99EBC8] = BF94D7DC - NtGdiGetFontResourceInfoInternalW 00000478 0.00504142 179 179 0x10B3.[BF99EBCC] = BF94E467 - NtGdiGetGlyphIndicesW 00000479 0.00505120 180 180 0x10B4.[BF99EBD0] = BF94E30A - NtGdiGetGlyphIndicesWInternal 00000480 0.00506098 181 181 0x10B5.[BF99EBD4] = BF94D127 - NtGdiGetGlyphOutline 00000481 0.00507104 182 182 0x10B6.[BF99EBD8] = BF94D22C - NtGdiGetKerningPairs 00000482 0.00508081 183 183 0x10B7.[BF99EBDC] = BF93AA76 - NtGdiGetLinkedUFIs 00000483 0.00509059 184 184 0x10B8.[BF99EBE0] = BF8F3336 - NtGdiGetMiterLimit 00000484 0.00510037 185 185 0x10B9.[BF99EBE4] = BF943024 - NtGdiGetMonitorID 00000485 0.00511015 186 186 0x10BA.[BF99EBE8] = BF827F04 - NtGdiGetNearestColor 00000486 0.00512048 187 187 0x10BB.[BF99EBEC] = BF950AB0 - NtGdiGetNearestPaletteIndex 00000487 0.00513054 188 188 0x10BC.[BF99EBF0] = BF94D2BD - NtGdiGetObjectBitmapHandle 00000488 0.00514088 189 189 0x10BD.[BF99EBF4] = BF8ED091 - NtGdiGetOutlineTextMetricsInternalW 00000489 0.00515065 190 190 0x10BE.[BF99EBF8] = BF94C57E - NtGdiGetPath 00000490 0.00516043 191 191 0x10BF.[BF99EBFC] = BF864A04 - NtGdiGetPixel 00000491 0.00517021 192 192 0x10C0.[BF99EC00] = BF80F1DD - NtGdiGetRandomRgn 00000492 0.00517999 193 193 0x10C1.[BF99EC04] = BF8EFBC2 - NtGdiGetRasterizerCaps 00000493 0.00519005 194 194 0x10C2.[BF99EC08] = BF94E512 - NtGdiGetRealizationInfo 00000494 0.00520010 195 195 0x10C3.[BF99EC0C] = BF83A553 - NtGdiGetRegionData 00000495 0.00520988 196 196 0x10C4.[BF99EC10] = BF8C305F - NtGdiGetRgnBox 00000496 0.00521994 197 197 0x10C5.[BF99EC14] = BF912606 - NtGdiGetServerMetaFileBits 00000497 0.00522999 198 198 0x10C6.[BF99EC18] = BF8927F8 - NtGdiGetSpoolMessage 00000498 0.00523949 199 199 0x10C7.[BF99EC1C] = BF9569E8 - NtGdiGetStats 00000499 0.00524955 200 200 0x10C8.[BF99EC20] = BF852912 - NtGdiGetStockObject 00000500 0.00525933 201 201 0x10C9.[BF99EC24] = BF9538C9 - NtGdiGetStringBitmapW 00000501 0.00526938 202 202 0x10CA.[BF99EC28] = BF8F0EEF - NtGdiGetSystemPaletteUse 00000502 0.00527972 203 203 0x10CB.[BF99EC2C] = BF8284F7 - NtGdiGetTextCharsetInfo 00000503 0.00528950 204 204 0x10CC.[BF99EC30] = BF84E3DA - NtGdiGetTextExtent 00000504 0.00529928 205 205 0x10CD.[BF99EC34] = BF8D286C - NtGdiGetTextExtentExW 00000505 0.00530933 206 206 0x10CE.[BF99EC38] = BF82FB83 - NtGdiGetTextFaceW 00000506 0.00531939 207 207 0x10CF.[BF99EC3C] = BF828355 - NtGdiGetTextMetricsW 00000507 0.00532945 208 208 0x10D0.[BF99EC40] = BF8B384F - NtGdiGetTransform 00000508 0.00533895 209 209 0x10D1.[BF99EC44] = BF94DA23 - NtGdiGetUFI 00000509 0.00534844 210 210 0x10D2.[BF99EC48] = BF94DAEC - NtGdiGetEmbUFI 00000510 0.00535822 211 211 0x10D3.[BF99EC4C] = BF94DBCC - NtGdiGetUFIPathname 00000511 0.00536800 212 212 0x10D4.[BF99EC50] = BF94D9A4 - NtGdiGetEmbedFonts 00000512 0.00537806 213 213 0x10D5.[BF99EC54] = BF94D9AE - NtGdiChangeGhostFont 00000513 0.00538812 214 214 0x10D6.[BF99EC58] = BF939708 - NtGdiAddEmbFontToDC 00000514 0.00539817 215 215 0x10D7.[BF99EC5C] = BF94E48B - NtGdiGetFontUnicodeRanges 00000515 0.00540823 216 216 0x10D8.[BF99EC60] = BF82ED3B - NtGdiGetWidthTable 00000516 0.00541801 217 217 0x10D9.[BF99EC64] = BF860B36 - NtGdiGradientFill 00000517 0.00542806 218 218 0x10DA.[BF99EC68] = BF828043 - NtGdiHfontCreate 00000518 0.00543756 219 219 0x10DB.[BF99EC6C] = BF94F615 - NtGdiIcmBrushInfo 00000519 0.00544706 220 220 0x10DC.[BF99EC70] = BF85900C - NtGdiInit 00000520 0.00545684 221 221 0x10DD.[BF99EC74] = BF8772F7 - NtGdiInitSpool 00000521 0.00546690 222 222 0x10DE.[BF99EC78] = BF815FFE - NtGdiIntersectClipRect 00000522 0.00547639 223 223 0x10DF.[BF99EC7C] = BF8F11C3 - NtGdiInvertRgn 00000523 0.00548617 224 224 0x10E0.[BF99EC80] = BF8C569C - NtGdiLineTo 00000524 0.00549595 225 225 0x10E1.[BF99EC84] = BF94E1FE - NtGdiMakeFontDir 00000525 0.00550601 226 226 0x10E2.[BF99EC88] = BF955941 - NtGdiMakeInfoDC 00000526 0.00551578 227 227 0x10E3.[BF99EC8C] = BF828A8E - NtGdiMaskBlt 00000527 0.00552584 228 228 0x10E4.[BF99EC90] = BF8B362C - NtGdiModifyWorldTransform 00000528 0.00553562 229 229 0x10E5.[BF99EC94] = BF8F3509 - NtGdiMonoBitmap 00000529 0.00554540 230 230 0x10E6.[BF99EC98] = BF94D4C4 - NtGdiMoveTo 00000530 0.00555518 231 231 0x10E7.[BF99EC9C] = BF8FAB21 - NtGdiOffsetClipRgn 00000531 0.00556495 232 232 0x10E8.[BF99ECA0] = BF898650 - NtGdiOffsetRgn 00000532 0.00557473 233 233 0x10E9.[BF99ECA4] = BF839F00 - NtGdiOpenDCW 00000533 0.00558451 234 234 0x10EA.[BF99ECA8] = BF8C2ACA - NtGdiPatBlt 00000534 0.00559429 235 235 0x10EB.[BF99ECAC] = BF82AECE - NtGdiPolyPatBlt 00000535 0.00560434 236 236 0x10EC.[BF99ECB0] = BF94C28B - NtGdiPathToRegion 00000536 0.00561412 237 237 0x10ED.[BF99ECB4] = BF947E24 - NtGdiPlgBlt 00000537 0.00562362 238 238 0x10EE.[BF99ECB8] = BF94CBB2 - NtGdiPolyDraw 00000538 0.00563368 239 239 0x10EF.[BF99ECBC] = BF8A3D40 - NtGdiPolyPolyDraw 00000539 0.00564345 240 240 0x10F0.[BF99ECC0] = BF94CCAF - NtGdiPolyTextOutW 00000540 0.00565295 241 241 0x10F1.[BF99ECC4] = BF94D5B2 - NtGdiPtInRegion 00000541 0.00566273 242 242 0x10F2.[BF99ECC8] = BF93D5A7 - NtGdiPtVisible 00000542 0.00567279 243 243 0x10F3.[BF99ECCC] = BF94D5D2 - NtGdiQueryFonts 00000543 0.00568285 244 244 0x10F4.[BF99ECD0] = BF859527 - NtGdiQueryFontAssocInfo 00000544 0.00569262 245 245 0x10F5.[BF99ECD4] = BF8C70B8 - NtGdiRectangle 00000545 0.00570240 246 246 0x10F6.[BF99ECD8] = BF8F89E2 - NtGdiRectInRegion 00000546 0.00571218 247 247 0x10F7.[BF99ECDC] = BF899F2A - NtGdiRectVisible 00000547 0.00572224 248 248 0x10F8.[BF99ECE0] = BF8D2142 - NtGdiRemoveFontResourceW 00000548 0.00573229 249 249 0x10F9.[BF99ECE4] = BF94D7C0 - NtGdiRemoveFontMemResourceEx 00000549 0.00574179 250 250 0x10FA.[BF99ECE8] = BF8E3F2B - NtGdiResetDC 00000550 0.00575157 251 251 0x10FB.[BF99ECEC] = BF950D24 - NtGdiResizePalette 00000551 0.00576135 252 252 0x10FC.[BF99ECF0] = BF82A2C5 - NtGdiRestoreDC 00000552 0.00577112 253 253 0x10FD.[BF99ECF4] = BF910430 - NtGdiRoundRect 00000553 0.00578062 254 254 0x10FE.[BF99ECF8] = BF82A2D5 - NtGdiSaveDC 00000554 0.00579068 255 255 0x10FF.[BF99ECFC] = BF945F9A - NtGdiScaleViewportExtEx 00000555 0.00580102 256 256 0x1100.[BF99ED00] = BF94DF12 - NtGdiScaleWindowExtEx 00000556 0.00581079 257 257 0x1101.[BF99ED04] = BF808560 - GreSelectBitmap 00000557 0.00582085 258 258 0x1102.[BF99ED08] = BF94D4A4 - NtGdiSelectBrush 00000558 0.00583091 259 259 0x1103.[BF99ED0C] = BF8FF14D - NtGdiSelectClipPath 00000559 0.00584069 260 260 0x1104.[BF99ED10] = BF81C670 - NtGdiSelectFont 00000560 0.00585046 261 261 0x1105.[BF99ED14] = BF94D4B4 - NtGdiSelectPen 00000561 0.00586024 262 262 0x1106.[BF99ED18] = BF876D41 - NtGdiSetBitmapAttributes 00000562 0.00587002 263 263 0x1107.[BF99ED1C] = BF8C3595 - NtGdiSetBitmapBits 00000563 0.00588008 264 264 0x1108.[BF99ED20] = BF94DFF0 - NtGdiSetBitmapDimension 00000564 0.00589013 265 265 0x1109.[BF99ED24] = BF8BDCBF - NtGdiSetBoundsRect 00000565 0.00589991 266 266 0x110A.[BF99ED28] = BF94D552 - NtGdiSetBrushAttributes 00000566 0.00590969 267 267 0x110B.[BF99ED2C] = BF8C3633 - NtGdiSetBrushOrg 00000567 0.00591947 268 268 0x110C.[BF99ED30] = BF94D397 - NtGdiSetColorAdjustment 00000568 0.00592925 269 269 0x110D.[BF99ED34] = BF94EB48 - NtGdiSetColorSpace 00000569 0.00593958 270 270 0x110E.[BF99ED38] = BF94F36D - NtGdiSetDeviceGammaRamp 00000570 0.00594992 271 271 0x110F.[BF99ED3C] = BF826904 - NtGdiSetDIBitsToDeviceInternal 00000571 0.00595970 272 272 0x1110.[BF99ED40] = BF891849 - NtGdiSetFontEnumeration 00000572 0.00596975 273 273 0x1111.[BF99ED44] = BF8DE1B3 - NtGdiSetFontXform 00000573 0.00597953 274 274 0x1112.[BF99ED48] = BF8C4FDF - NtGdiSetIcmMode 00000574 0.00598931 275 275 0x1113.[BF99ED4C] = BF8F934C - NtGdiSetLinkedUFIs 00000575 0.00599937 276 276 0x1114.[BF99ED50] = BF951142 - NtGdiSetMagicColors 00000576 0.00600914 277 277 0x1115.[BF99ED54] = BF8DDF32 - NtGdiSetMetaRgn 00000577 0.00601892 278 278 0x1116.[BF99ED58] = BF8DDF54 - NtGdiSetMiterLimit 00000578 0.00602870 279 279 0x1117.[BF99ED5C] = BF94DF02 - NtGdiGetDeviceWidth 00000579 0.00603876 280 280 0x1118.[BF99ED60] = BF94DEF2 - NtGdiMirrorWindowOrg 00000580 0.00604825 281 281 0x1119.[BF99ED64] = BF827CB6 - NtGdiSetLayout 00000581 0.00605775 282 282 0x111A.[BF99ED68] = BF864C46 - NtGdiSetPixel 00000582 0.00606753 283 283 0x111B.[BF99ED6C] = BF9576B2 - NtGdiSetPixelFormat 00000583 0.00607703 284 284 0x111C.[BF99ED70] = BF94D5A2 - NtGdiSetRectRgn 00000584 0.00608709 285 285 0x111D.[BF99ED74] = BF94D542 - NtGdiSetSystemPaletteUse 00000585 0.00609686 286 286 0x111E.[BF99ED78] = BF956C78 - NtGdiSetTextJustification 00000586 0.00610664 287 287 0x111F.[BF99ED7C] = BF87296D - NtGdiSetupPublicCFONT 00000587 0.00611698 288 288 0x1120.[BF99ED80] = BF8DDD56 - NtGdiSetVirtualResolution 00000588 0.00612676 289 289 0x1121.[BF99ED84] = BF8DE224 - NtGdiSetSizeDevice 00000589 0.00613625 290 290 0x1122.[BF99ED88] = BF902945 - NtGdiStartDoc 00000590 0.00614603 291 291 0x1123.[BF99ED8C] = BF9038CC - NtGdiStartPage 00000591 0.00615609 292 292 0x1124.[BF99ED90] = BF89443B - NtGdiStretchBlt 00000592 0.00616615 293 293 0x1125.[BF99ED94] = BF8AFA63 - NtGdiStretchDIBitsInternal 00000593 0.00617592 294 294 0x1126.[BF99ED98] = BF8FDCC4 - NtGdiStrokeAndFillPath 00000594 0.00618598 295 295 0x1127.[BF99ED9C] = BF94C492 - NtGdiStrokePath 00000595 0.00619576 296 296 0x1128.[BF99EDA0] = BF95785A - NtGdiSwapBuffers 00000596 0.00620554 297 297 0x1129.[BF99EDA4] = BF8C940C - NtGdiTransformPoints 00000597 0.00621531 298 298 0x112A.[BF99EDA8] = BF894F13 - NtGdiTransparentBlt 00000598 0.00622537 299 299 0x112B.[BF99EDAC] = BF94E0D5 - NtGdiUnloadPrinterDriver 00000599 0.00623515 300 301 0x112D.[BF99EDB0] = BF94D592 - NtGdiUnrealizeObject 00000600 0.00624493 301 301 0x112D.[BF99EDB4] = BF94D592 - 0x112c - unknow - 00000601 0.00625471 302 302 0x112E.[BF99EDB8] = BF950FAE - NtGdiUpdateColors 00000602 0.00626448 303 303 0x112F.[BF99EDBC] = BF94C373 - NtGdiWidenPath 00000603 0.00627482 304 304 0x1130.[BF99EDC0] = BF86868F - NtUserActivateKeyboardLayout 00000604 0.00628460 305 305 0x1131.[BF99EDC4] = BF863043 - NtUserAlterWindowStyle 00000605 0.00629493 306 306 0x1132.[BF99EDC8] = BF9168D9 - NtUserAssociateInputContext 00000606 0.00630499 307 307 0x1133.[BF99EDCC] = BF8EB49B - NtUserAttachThreadInput 00000607 0.00631449 308 308 0x1134.[BF99EDD0] = BF815BE6 - NtUserBeginPaint 00000608 0.00632427 309 309 0x1135.[BF99EDD4] = BF8F0F15 - NtUserBitBltSysBmp 00000609 0.00633405 310 310 0x1136.[BF99EDD8] = BF91520A - NtUserBlockInput 00000610 0.00634410 311 311 0x1137.[BF99EDDC] = BF916A10 - NtUserBuildHimcList 00000611 0.00635416 312 312 0x1138.[BF99EDE0] = BF8957D3 - NtUserBuildHwndList 00000612 0.00636422 313 313 0x1139.[BF99EDE4] = BF85E3B5 - NtUserBuildNameList 00000613 0.00637427 314 314 0x113A.[BF99EDE8] = BF914FCD - NtUserBuildPropList 00000614 0.00638405 315 315 0x113B.[BF99EDEC] = BF86537A - NtUserCallHwnd 00000615 0.00639411 316 316 0x113C.[BF99EDF0] = BF898597 - NtUserCallHwndLock 00000616 0.00640389 317 317 0x113D.[BF99EDF4] = BF874321 - NtUserCallHwndOpt 00000617 0.00641338 318 318 0x113E.[BF99EDF8] = BF89878A - NtUserCallHwndParam 00000618 0.00642372 319 319 0x113F.[BF99EDFC] = BF824124 - NtUserCallHwndParamLock 00000619 0.00643406 320 320 0x1140.[BF99EE00] = BF8F0E24 - NtUserCallMsgFilter 00000620 0.00644412 321 321 0x1141.[BF99EE04] = BF8ECA1B - NtUserCallNextHookEx 00000621 0.00645389 322 322 0x1142.[BF99EE08] = BF801127 - NtUserCallNoParam 00000622 0.00646367 323 323 0x1143.[BF99EE0C] = BF8010DF - NtUserCallOneParam 00000623 0.00647373 324 324 0x1144.[BF99EE10] = BF89874A - NtUserCallTwoParam 00000624 0.00648378 325 325 0x1145.[BF99EE14] = BF8F2215 - NtUserChangeClipboardChain 00000625 0.00649412 326 326 0x1146.[BF99EE18] = BF88FE2C - NtUserChangeDisplaySettings 00000626 0.00650418 327 327 0x1147.[BF99EE1C] = BF8A194C - NtUserCheckImeHotKey 00000627 0.00651424 328 328 0x1148.[BF99EE20] = BF8CE091 - NtUserCheckMenuItem 00000628 0.00652457 329 329 0x1149.[BF99EE24] = BF86D757 - NtUserChildWindowFromPointEx 00000629 0.00653435 330 330 0x114A.[BF99EE28] = BF8F916C - NtUserClipCursor 00000630 0.00654413 331 331 0x114B.[BF99EE2C] = BF8F10C8 - NtUserCloseClipboard 00000631 0.00655363 332 332 0x114C.[BF99EE30] = BF85E090 - NtUserCloseDesktop 00000632 0.00656396 333 333 0x114D.[BF99EE34] = BF85E152 - NtUserCloseWindowStation 00000633 0.00657402 334 334 0x114E.[BF99EE38] = BF858A40 - NtUserConsoleControl 00000634 0.00658408 335 335 0x114F.[BF99EE3C] = BF8F773F - NtUserConvertMemHandle 00000635 0.00659441 336 336 0x1150.[BF99EE40] = BF90FA69 - NtUserCopyAcceleratorTable 00000636 0.00660447 337 337 0x1151.[BF99EE44] = BF8F0EC9 - NtUserCountClipboardFormats 00000637 0.00661453 338 338 0x1152.[BF99EE48] = BF8AC28D - NtUserCreateAcceleratorTable 00000638 0.00662459 339 339 0x1153.[BF99EE4C] = BF8A2EDA - NtUserCreateCaret 00000639 0.00663464 340 340 0x1154.[BF99EE50] = BF8769E4 - NtUserCreateDesktop 00000640 0.00664470 341 341 0x1155.[BF99EE54] = BF91683F - NtUserCreateInputContext 00000641 0.00665504 342 342 0x1156.[BF99EE58] = BF8F2570 - NtUserCreateLocalMemHandle 00000642 0.00666509 343 343 0x1157.[BF99EE5C] = BF832C49 - NtUserCreateWindowEx 00000643 0.00667515 344 344 0x1158.[BF99EE60] = BF877037 - NtUserCreateWindowStation 00000644 0.00668688 345 345 0x1159.[BF99EE64] = BF914057 - NtUserDdeGetQualityOfService 00000645 0.00669890 346 346 0x115A.[BF99EE68] = BF874FB5 - NtUserDdeInitialize 00000646 0.00671286 347 347 0x115B.[BF99EE6C] = BF913F87 - NtUserDdeSetQualityOfService 00000647 0.00672711 348 348 0x115C.[BF99EE70] = BF8A14D9 - NtUserDeferWindowPos 00000648 0.00673885 349 349 0x115D.[BF99EE74] = BF8A1E6D - NtUserDefSetText 00000649 0.00674834 350 350 0x115E.[BF99EE78] = BF8A3306 - NtUserDeleteMenu 00000650 0.00675980 351 351 0x115F.[BF99EE7C] = BF8F910B - NtUserDestroyAcceleratorTable 00000651 0.00677237 352 352 0x1160.[BF99EE80] = BF896796 - NtUserDestroyCursor 00000652 0.00678494 353 353 0x1161.[BF99EE84] = BF91688F - NtUserDestroyInputContext 00000653 0.00679835 354 354 0x1162.[BF99EE88] = BF8A27D1 - NtUserDestroyMenu 00000654 0.00681120 355 355 0x1163.[BF99EE8C] = BF89D863 - NtUserDestroyWindow 00000655 0.00682349 356 356 0x1164.[BF99EE90] = BF916FE5 - NtUserDisableThreadIme 00000656 0.00683383 357 357 0x1165.[BF99EE94] = BF80EC6F - NtUserDispatchMessage 00000657 0.00684361 358 358 0x1166.[BF99EE98] = BF9150C8 - NtUserDragDetect 00000658 0.00685366 359 359 0x1167.[BF99EE9C] = BF913500 - NtUserDragObject 00000659 0.00686372 360 360 0x1168.[BF99EEA0] = BF914227 - NtUserDrawAnimatedRects 00000660 0.00687378 361 361 0x1169.[BF99EEA4] = BF9142EA - NtUserDrawCaption 00000661 0.00688356 362 362 0x116A.[BF99EEA8] = BF90D7B8 - NtUserDrawCaptionTemp 00000662 0.00689333 363 363 0x116B.[BF99EEAC] = BF83205C - NtUserDrawIconEx 00000663 0.00690339 364 364 0x116C.[BF99EEB0] = BF915295 - NtUserDrawMenuBarTemp 00000664 0.00691317 365 365 0x116D.[BF99EEB4] = BF8F73D1 - NtUserEmptyClipboard 00000665 0.00692295 366 366 0x116E.[BF99EEB8] = BF8C321A - NtUserEnableMenuItem 00000666 0.00693300 367 367 0x116F.[BF99EEBC] = BF913F02 - NtUserEnableScrollBar 00000667 0.00694334 368 368 0x1170.[BF99EEC0] = BF827689 - NtUserEndDeferWindowPosEx 00000668 0.00695340 369 369 0x1171.[BF99EEC4] = BF914393 - NtUserEndMenu 00000669 0.00696318 370 370 0x1172.[BF99EEC8] = BF81589D - NtUserEndPaint 00000670 0.00697323 371 371 0x1173.[BF99EECC] = BF865C95 - NtUserEnumDisplayDevices 00000671 0.00698301 372 372 0x1174.[BF99EED0] = BF896236 - NtUserEnumDisplayMonitors 00000672 0.00699307 373 373 0x1175.[BF99EED4] = BF8935FA - NtUserEnumDisplaySettings 00000673 0.00700285 374 374 0x1176.[BF99EED8] = BF91378D - NtUserEvent 00000674 0.00701262 375 375 0x1177.[BF99EEDC] = BF8F13C9 - NtUserExcludeUpdateRgn 00000675 0.00702212 376 376 0x1178.[BF99EEE0] = BF8F0D5B - NtUserFillWindow 00000676 0.00703246 377 377 0x1179.[BF99EEE4] = BF84E640 - NtUserFindExistingCursorIcon 00000677 0.00704224 378 378 0x117A.[BF99EEE8] = BF85BE1F - NtUserFindWindowEx 00000678 0.00705229 379 379 0x117B.[BF99EEEC] = BF9173F2 - NtUserFlashWindowEx 00000679 0.00706235 380 380 0x117C.[BF99EEF0] = BF8F55EB - NtUserGetAltTabInfo 00000680 0.00707213 381 381 0x117D.[BF99EEF4] = BF827851 - NtUserGetAncestor 00000681 0.00708219 382 382 0x117E.[BF99EEF8] = BF916DE4 - NtUserGetAppImeLevel 00000682 0.00709224 383 383 0x117F.[BF99EEFC] = BF89C2CE - NtUserGetAsyncKeyState 00000683 0.00710202 384 384 0x1180.[BF99EF00] = BF832E25 - NtUserGetAtomName 00000684 0.00711208 385 385 0x1181.[BF99EF04] = BF8A1A25 - NtUserGetCaretBlinkTime 00000685 0.00712213 386 386 0x1182.[BF99EF08] = BF8C38DE - NtUserGetCaretPos 00000686 0.00713191 387 387 0x1183.[BF99EF0C] = BF837A5A - NtUserGetClassInfo 00000687 0.00714169 388 388 0x1184.[BF99EF10] = BF81F719 - NtUserGetClassName 00000688 0.00715175 389 389 0x1185.[BF99EF14] = BF8F23AB - NtUserGetClipboardData 00000689 0.00716180 390 390 0x1186.[BF99EF18] = BF8F8AA7 - NtUserGetClipboardFormatName 00000690 0.00717158 391 391 0x1187.[BF99EF1C] = BF8F74C7 - NtUserGetClipboardOwner 00000691 0.00718192 392 392 0x1188.[BF99EF20] = BF8C2E57 - NtUserGetClipboardSequenceNumber 00000692 0.00719170 393 393 0x1189.[BF99EF24] = BF9143D9 - NtUserGetClipboardViewer 00000693 0.00720175 394 394 0x118A.[BF99EF28] = BF913E6A - NtUserGetClipCursor 00000694 0.00721153 395 395 0x118B.[BF99EF2C] = BF913AA0 - NtUserGetComboBoxInfo 00000695 0.00722131 396 396 0x118C.[BF99EF30] = BF8AB1BA - NtUserGetControlBrush 00000696 0.00723137 397 397 0x118D.[BF99EF34] = BF905D2D - NtUserGetControlColor 00000697 0.00724114 398 398 0x118E.[BF99EF38] = BF81CCA3 - NtUserGetCPD 00000698 0.00725120 399 399 0x118F.[BF99EF3C] = BF8608B4 - NtUserGetCursorFrameInfo 00000699 0.00726154 400 400 0x1190.[BF99EF40] = BF913BBD - NtUserGetCursorInfo 00000700 0.00727132 401 401 0x1191.[BF99EF44] = BF8043C6 - NtUserGetDC 00000701 0.00728109 402 402 0x1192.[BF99EF48] = BF82FFD6 - NtUserGetDCEx 00000702 0.00729143 403 403 0x1193.[BF99EF4C] = BF831039 - NtUserGetDoubleClickTime 00000703 0.00730149 404 404 0x1194.[BF99EF50] = BF81C2ED - NtUserGetForegroundWindow 00000704 0.00731126 405 405 0x1195.[BF99EF54] = BF9135C9 - NtUserGetGuiResources 00000705 0.00732132 406 406 0x1196.[BF99EF58] = BF85C7A9 - NtUserGetGUIThreadInfo 00000706 0.00733082 407 407 0x1197.[BF99EF5C] = BF8371A9 - NtUserGetIconInfo 00000707 0.00734060 408 408 0x1198.[BF99EF60] = BF8372F9 - NtUserGetIconSize 00000708 0.00735038 409 409 0x1199.[BF99EF64] = BF916CA2 - NtUserGetImeHotKey 00000709 0.00736015 410 410 0x119A.[BF99EF68] = BF916B12 - NtUserGetImeInfoEx 00000710 0.00737049 411 411 0x119B.[BF99EF6C] = BF91381E - NtUserGetInternalWindowPos 00000711 0.00738083 412 412 0x119C.[BF99EF70] = BF89A260 - NtUserGetKeyboardLayoutList 00000712 0.00739116 413 413 0x119D.[BF99EF74] = BF8EB72E - NtUserGetKeyboardLayoutName 00000713 0.00740122 414 414 0x119E.[BF99EF78] = BF85BCDA - NtUserGetKeyboardState 00000714 0.00741100 415 415 0x119F.[BF99EF7C] = BF90DB09 - NtUserGetKeyNameText 00000715 0.00742078 416 416 0x11A0.[BF99EF80] = BF81C598 - NtUserGetKeyState 00000716 0.00743055 417 417 0x11A1.[BF99EF84] = BF913B69 - NtUserGetListBoxInfo 00000717 0.00744061 418 418 0x11A2.[BF99EF88] = BF913CBA - NtUserGetMenuBarInfo 00000718 0.00745039 419 419 0x11A3.[BF99EF8C] = BF914110 - NtUserGetMenuIndex 00000719 0.00746017 420 420 0x11A4.[BF99EF90] = BF914C44 - NtUserGetMenuItemRect 00000720 0.00746994 421 421 0x11A5.[BF99EF94] = BF819CD3 - NtUserGetMessage 00000721 0.00748028 422 422 0x11A6.[BF99EF98] = BF91491F - NtUserGetMouseMovePointsEx 00000722 0.00749062 423 423 0x11A7.[BF99EF9C] = BF819F4B - NtUserGetObjectInformation 00000723 0.00750095 424 424 0x11A8.[BF99EFA0] = BF8F0E9D - NtUserGetOpenClipboardWindow 00000724 0.00751129 425 425 0x11A9.[BF99EFA4] = BF914405 - NtUserGetPriorityClipboardFormat 00000725 0.00752135 426 426 0x11AA.[BF99EFA8] = BF819DB6 - NtUserGetProcessWindowStation 00000726 0.00753140 427 427 0x11AB.[BF99EFAC] = BF917C72 - NtUserGetRawInputBuffer 00000727 0.00754146 428 428 0x11AC.[BF99EFB0] = BF917572 - NtUserGetRawInputData 00000728 0.00755152 429 429 0x11AD.[BF99EFB4] = BF91774C - NtUserGetRawInputDeviceInfo 00000729 0.00756186 430 430 0x11AE.[BF99EFB8] = BF917A41 - NtUserGetRawInputDeviceList 00000730 0.00757219 431 431 0x11AF.[BF99EFBC] = BF917C37 - NtUserGetRegisteredRawInputDevices 00000731 0.00758197 432 432 0x11B0.[BF99EFC0] = BF8A1174 - NtUserGetScrollBarInfo 00000732 0.00759203 433 433 0x11B1.[BF99EFC4] = BF83522E - NtUserGetSystemMenu 00000733 0.00760208 434 434 0x11B2.[BF99EFC8] = BF81A201 - NtUserGetThreadDesktop 00000734 0.00761214 435 435 0x11B3.[BF99EFCC] = BF81F1B4 - NtUserGetThreadState 00000735 0.00762220 436 436 0x11B4.[BF99EFD0] = BF830260 - NtUserGetTitleBarInfo 00000736 0.00763226 437 437 0x11B5.[BF99EFD4] = BF830E66 - NtUserGetUpdateRect 00000737 0.00764203 438 438 0x11B6.[BF99EFD8] = BF8C2F06 - NtUserGetUpdateRgn 00000738 0.00765209 439 439 0x11B7.[BF99EFDC] = BF8037C6 - NtUserGetWindowDC 00000739 0.00766215 440 440 0x11B8.[BF99EFE0] = BF8F00EE - NtUserGetWindowPlacement 00000740 0.00767192 441 441 0x11B9.[BF99EFE4] = BF90FE15 - NtUserGetWOWClass 00000741 0.00768170 442 442 0x11BA.[BF99EFE8] = BF91340A - NtUserHardErrorControl 00000742 0.00769148 443 443 0x11BB.[BF99EFEC] = BF8992AD - NtUserHideCaret 00000743 0.00770126 444 444 0x11BC.[BF99EFF0] = BF91448E - NtUserHiliteMenuItem 00000744 0.00771159 445 445 0x11BD.[BF99EFF4] = BF915230 - NtUserImpersonateDdeClientWindow 00000745 0.00772165 446 446 0x11BE.[BF99EFF8] = BF88B309 - NtUserInitialize 00000746 0.00773171 447 447 0x11BF.[BF99EFFC] = BF88585E - NtUserInitializeClientPfnArrays 00000747 0.00774177 448 448 0x11C0.[BF99F000] = BF9138FD - NtUserInitTask 00000748 0.00775210 449 449 0x11C1.[BF99F004] = BF83035C - NtUserInternalGetWindowText 00000749 0.00776216 450 450 0x11C2.[BF99F008] = BF814F34 - NtUserInvalidateRect 00000750 0.00777194 451 451 0x11C3.[BF99F00C] = BF8A2777 - NtUserInvalidateRgn 00000751 0.00778255 452 452 0x11C4.[BF99F010] = BF8C2E1D - NtUserIsClipboardFormatAvailable 00000752 0.00779205 453 453 0x11C5.[BF99F014] = BF80E91D - NtUserKillTimer 00000753 0.00780211 454 454 0x11C6.[BF99F018] = BF8B8FB5 - NtUserLoadKeyboardLayoutEx 00000754 0.00781217 455 455 0x11C7.[BF99F01C] = BF876C46 - NtUserLockWindowStation 00000755 0.00782194 456 456 0x11C8.[BF99F020] = BF8CDFD9 - NtUserLockWindowUpdate 00000756 0.00783200 457 457 0x11C9.[BF99F024] = BF9134E3 - NtUserLockWorkStation 00000757 0.00784206 458 458 0x11CA.[BF99F028] = BF8C6882 - NtUserMapVirtualKeyEx 00000758 0.00785184 459 459 0x11CB.[BF99F02C] = BF914D1B - NtUserMenuItemFromPoint 00000759 0.00786133 460 460 0x11CC.[BF99F030] = BF80EEB3 - NtUserMessageCall 00000760 0.00787139 461 461 0x11CD.[BF99F034] = BF911A0F - NtUserMinMaximize 00000761 0.00788089 462 462 0x11CE.[BF99F038] = BF9145DE - NtUserMNDragLeave 00000762 0.00789067 463 463 0x11CF.[BF99F03C] = BF91452E - NtUserMNDragOver 00000763 0.00790100 464 464 0x11D0.[BF99F040] = BF8F8CCC - NtUserModifyUserStartupInfoFlags 00000764 0.00791050 465 465 0x11D1.[BF99F044] = BF828E81 - NtUserMoveWindow 00000765 0.00792084 466 466 0x11D2.[BF99F048] = BF916F80 - NtUserNotifyIMEStatus 00000766 0.00793090 467 467 0x11D3.[BF99F04C] = BF859042 - NtUserNotifyProcessCreate 00000767 0.00794067 468 468 0x11D4.[BF99F050] = BF8C31C5 - NtUserNotifyWinEvent 00000768 0.00795073 469 469 0x11D5.[BF99F054] = BF8F1045 - NtUserOpenClipboard 00000769 0.00796051 470 470 0x11D6.[BF99F058] = BF85E32A - NtUserOpenDesktop 00000770 0.00797029 471 471 0x11D7.[BF99F05C] = BF873264 - NtUserOpenInputDesktop 00000771 0.00798034 472 472 0x11D8.[BF99F060] = BF8F0336 - NtUserOpenWindowStation 00000772 0.00799012 473 473 0x11D9.[BF99F064] = BF868945 - NtUserPaintDesktop 00000773 0.00799962 474 474 0x11DA.[BF99F068] = BF8036B5 - NtUserPeekMessage 00000774 0.00800968 475 475 0x11DB.[BF99F06C] = BF808327 - NtUserPostMessage 00000775 0.00801973 476 476 0x11DC.[BF99F070] = BF85DC84 - NtUserPostThreadMessage 00000776 0.00802951 477 477 0x11DD.[BF99F074] = BF89194C - NtUserPrintWindow 00000777 0.00803957 478 478 0x11DE.[BF99F078] = BF856D7E - NtUserProcessConnect 00000778 0.00804963 479 479 0x11DF.[BF99F07C] = BF914DAD - NtUserQueryInformationThread 00000779 0.00805968 480 480 0x11E0.[BF99F080] = BF91698C - NtUserQueryInputContext 00000780 0.00806974 481 481 0x11E1.[BF99F084] = BF91515B - NtUserQuerySendMessage 00000781 0.00807980 482 482 0x11E2.[BF99F088] = BF917089 - NtUserQueryUserCounters 00000782 0.00808958 483 483 0x11E3.[BF99F08C] = BF80A142 - NtUserQueryWindow 00000783 0.00809991 484 484 0x11E4.[BF99F090] = BF913C7C - NtUserRealChildWindowFromPoint 00000784 0.00811025 485 485 0x11E5.[BF99F094] = BF872D08 - NtUserRealInternalGetMessage 00000785 0.00812031 486 486 0x11E6.[BF99F098] = BF914B84 - NtUserRealWaitMessageEx 00000786 0.00813008 487 487 0x11E7.[BF99F09C] = BF81F389 - NtUserRedrawWindow 00000787 0.00814042 488 488 0x11E8.[BF99F0A0] = BF85222E - NtUserRegisterClassExWOW 00000788 0.00815048 489 489 0x11E9.[BF99F0A4] = BF877423 - NtUserRegisterUserApiHook 00000789 0.00816053 490 490 0x11EA.[BF99F0A8] = BF890E91 - NtUserRegisterHotKey 00000790 0.00817087 491 491 0x11EB.[BF99F0AC] = BF917B8B - NtUserRegisterRawInputDevices 00000791 0.00818065 492 492 0x11EC.[BF99F0B0] = BF913A4E - NtUserRegisterTasklist 00000792 0.00819071 493 493 0x11ED.[BF99F0B4] = BF80A3E6 - NtUserRegisterWindowMessage 00000793 0.00820048 494 494 0x11EE.[BF99F0B8] = BF891874 - NtUserRemoveMenu 00000794 0.00821026 495 495 0x11EF.[BF99F0BC] = BF895AE6 - NtUserRemoveProp 00000795 0.00822032 496 496 0x11F0.[BF99F0C0] = BF86B8AD - NtUserResolveDesktop 00000796 0.00823038 497 497 0x11F1.[BF99F0C4] = BF917E83 - NtUserResolveDesktopForWOW 00000797 0.00824015 498 498 0x11F2.[BF99F0C8] = BF8A101B - NtUserSBGetParms 00000798 0.00824993 499 499 0x11F3.[BF99F0CC] = BF85668E - NtUserScrollDC 00000799 0.00825999 500 500 0x11F4.[BF99F0D0] = BF8F801A - NtUserScrollWindowEx 00000800 0.00826977 501 501 0x11F5.[BF99F0D4] = BF828908 - NtUserSelectPalette 00000801 0.00827954 502 502 0x11F6.[BF99F0D8] = BF8C1D0C - NtUserSendInput 00000802 0.00828960 503 503 0x11F7.[BF99F0DC] = BF8AB42A - NtUserSetActiveWindow 00000803 0.00829938 504 504 0x11F8.[BF99F0E0] = BF916D79 - NtUserSetAppImeLevel 00000804 0.00830916 505 505 0x11F9.[BF99F0E4] = BF89D33B - NtUserSetCapture 00000805 0.00831921 506 506 0x11FA.[BF99F0E8] = BF8A0B91 - NtUserSetClassLong 00000806 0.00832927 507 507 0x11FB.[BF99F0EC] = BF9145FB - NtUserSetClassWord 00000807 0.00833933 508 508 0x11FC.[BF99F0F0] = BF8F7663 - NtUserSetClipboardData 00000808 0.00834939 509 509 0x11FD.[BF99F0F4] = BF8F212B - NtUserSetClipboardViewer 00000809 0.00835944 510 510 0x11FE.[BF99F0F8] = BF869430 - NtUserSetConsoleReserveKeys 00000810 0.00837062 511 511 0x11FF.[BF99F0FC] = BF81C813 - NtUserSetCursor 00000811 0.00838431 512 512 0x1200.[BF99F100] = BF914BFD - NtUserSetCursorContents 00000812 0.00839688 513 513 0x1201.[BF99F104] = BF83740B - NtUserSetCursorIconData 00000813 0.00840973 514 514 0x1202.[BF99F108] = BF914193 - NtUserSetDbgTag 00000814 0.00842118 515 515 0x1203.[BF99F10C] = BF830752 - NtUserSetFocus 00000815 0.00843571 516 516 0x1204.[BF99F110] = BF8B8ED5 - NtUserSetImeHotKey 00000816 0.00844968 517 517 0x1205.[BF99F114] = BF916BF7 - NtUserSetImeInfoEx 00000817 0.00846113 518 518 0x1206.[BF99F118] = BF916E4E - NtUserSetImeOwnerWindow 00000818 0.00847398 519 519 0x1207.[BF99F11C] = BF858CA6 - NtUserSetInformationProcess 00000819 0.00848571 520 520 0x1208.[BF99F120] = BF8691FA - NtUserSetInformationThread 00000820 0.00849829 521 521 0x1209.[BF99F124] = BF913D89 - NtUserSetInternalWindowPos 00000821 0.00850862 522 522 0x120A.[BF99F128] = BF8F14A9 - NtUserSetKeyboardState 00000822 0.00851952 523 523 0x120B.[BF99F12C] = BF87F611 - NtUserSetLogonNotifyWindow 00000823 0.00853097 524 524 0x120C.[BF99F130] = BF90D9CF - NtUserSetMenu 00000824 0.00854299 525 525 0x120D.[BF99F134] = BF9141B6 - NtUserSetMenuContextHelpId 00000825 0.00855500 526 526 0x120E.[BF99F138] = BF891809 - NtUserSetMenuDefaultItem 00000826 0.00856533 527 527 0x120F.[BF99F13C] = BF9141F3 - NtUserSetMenuFlagRtoL 00000827 0.00857679 528 528 0x1210.[BF99F140] = BF913455 - NtUserSetObjectInformation 00000828 0.00858908 529 529 0x1211.[BF99F144] = BF8AAF77 - NtUserSetParent 00000829 0.00860249 530 530 0x1212.[BF99F148] = BF85E71A - NtUserSetProcessWindowStation 00000830 0.00861646 531 531 0x1213.[BF99F14C] = BF823D8D - NtUserSetProp 00000831 0.00862931 532 532 0x1214.[BF99F150] = BF914170 - NtUserSetRipFlags 00000832 0.00864076 533 533 0x1215.[BF99F154] = BF80E65A - NtUserSetScrollInfo 00000833 0.00865250 534 534 0x1216.[BF99F158] = BF873B02 - NtUserSetShellWindowEx 00000834 0.00866535 535 535 0x1217.[BF99F15C] = BF914636 - NtUserSetSysColors 00000835 0.00867736 536 536 0x1218.[BF99F160] = BF914BC4 - NtUserSetSystemCursor 00000836 0.00868742 537 537 0x1219.[BF99F164] = BF8EC677 - NtUserSetSystemMenu 00000837 0.00869719 538 538 0x121A.[BF99F168] = BF915122 - NtUserSetSystemTimer 00000838 0.00870725 539 539 0x121B.[BF99F16C] = BF85E772 - NtUserSetThreadDesktop 00000839 0.00871759 540 540 0x121C.[BF99F170] = BF916EFF - NtUserSetThreadLayoutHandles 00000840 0.00872765 541 541 0x121D.[BF99F174] = BF8AB17E - NtUserSetThreadState 00000841 0.00873742 542 542 0x121E.[BF99F178] = BF803A60 - NtUserSetTimer 00000842 0.00874692 543 543 0x121F.[BF99F17C] = BF8AB022 - NtUserSetWindowFNID 00000843 0.00875670 544 544 0x1220.[BF99F180] = BF895C7B - NtUserSetWindowLong 00000844 0.00876676 545 545 0x1221.[BF99F184] = BF8B87CB - NtUserSetWindowPlacement 00000845 0.00877653 546 546 0x1222.[BF99F188] = BF823B34 - NtUserSetWindowPos 00000846 0.00878659 547 547 0x1223.[BF99F18C] = BF834FA9 - NtUserSetWindowRgn 00000847 0.00879665 548 548 0x1224.[BF99F190] = BF860138 - NtUserSetWindowsHookAW 00000848 0.00880698 549 549 0x1225.[BF99F194] = BF85F626 - NtUserSetWindowsHookEx 00000849 0.00881704 550 550 0x1226.[BF99F198] = BF876AE3 - NtUserSetWindowStationUser 00000850 0.00882710 551 551 0x1227.[BF99F19C] = BF8F1A5A - NtUserSetWindowWord 00000851 0.00883716 552 552 0x1228.[BF99F1A0] = BF8EFF5C - NtUserSetWinEventHook 00000852 0.00884693 553 553 0x1229.[BF99F1A4] = BF89930F - NtUserShowCaret 00000853 0.00885699 554 554 0x122A.[BF99F1A8] = BF8C3FE4 - NtUserShowScrollBar 00000854 0.00886677 555 555 0x122B.[BF99F1AC] = BF899E73 - NtUserShowWindow 00000855 0.00887655 556 556 0x122C.[BF99F1B0] = BF86B7A0 - NtUserShowWindowAsync 00000856 0.00888633 557 557 0x122D.[BF99F1B4] = BF8F8DC4 - NtUserSoundSentry 00000857 0.00889638 558 558 0x122E.[BF99F1B8] = BF873DA1 - NtUserSwitchDesktop 00000858 0.00890644 559 559 0x122F.[BF99F1BC] = BF8517AB - NtUserSystemParametersInfo 00000859 0.00891678 560 560 0x1230.[BF99F1C0] = BF90FFA0 - NtUserTestForInteractiveUser 00000860 0.00892711 561 561 0x1231.[BF99F1C4] = BF8EC5D8 - NtUserThunkedMenuInfo 00000861 0.00893717 562 562 0x1232.[BF99F1C8] = BF89FB74 - NtUserThunkedMenuItemInfo 00000862 0.00894723 563 563 0x1233.[BF99F1CC] = BF9149CF - NtUserToUnicodeEx 00000863 0.00895756 564 564 0x1234.[BF99F1D0] = BF85AB55 - NtUserTrackMouseEvent 00000864 0.00896762 565 565 0x1235.[BF99F1D4] = BF9147EC - NtUserTrackPopupMenuEx 00000865 0.00897740 566 566 0x1236.[BF99F1D8] = BF8304C7 - NtUserCalcMenuBar 00000866 0.00898718 567 567 0x1237.[BF99F1DC] = BF8E4D5B - NtUserPaintMenuBar 00000867 0.00899695 568 568 0x1238.[BF99F1E0] = BF8F0841 - NtUserTranslateAccelerator 00000868 0.00900701 569 569 0x1239.[BF99F1E4] = BF89BA3C - NtUserTranslateMessage 00000869 0.00901735 570 570 0x123A.[BF99F1E8] = BF86055E - NtUserUnhookWindowsHookEx 00000870 0.00902713 571 571 0x123B.[BF99F1EC] = BF8F0037 - NtUserUnhookWinEvent 00000871 0.00903690 572 572 0x123C.[BF99F1F0] = BF91509A - NtUserUnloadKeyboardLayout 00000872 0.00904724 573 573 0x123D.[BF99F1F4] = BF8BC86D - NtUserUnlockWindowStation 00000873 0.00905730 574 574 0x123E.[BF99F1F8] = BF852BE2 - NtUserUnregisterClass 00000874 0.00906735 575 575 0x123F.[BF99F1FC] = BF8768C0 - NtUserUnregisterUserApiHook 00000875 0.00907769 576 576 0x1240.[BF99F200] = BF9148E2 - NtUserUnregisterHotKey 00000876 0.00908747 577 577 0x1241.[BF99F204] = BF91693C - NtUserUpdateInputContext 00000877 0.00909752 578 578 0x1242.[BF99F208] = BF9136F8 - NtUserUpdateInstance 00000878 0.00910758 579 579 0x1243.[BF99F20C] = BF8A9F17 - NtUserUpdateLayeredWindow 00000879 0.00911792 580 580 0x1244.[BF99F210] = BF9174B4 - NtUserGetLayeredWindowAttributes 00000880 0.00912825 581 581 0x1245.[BF99F214] = BF8A28AD - NtUserSetLayeredWindowAttributes 00000881 0.00913859 582 582 0x1246.[BF99F218] = BF87C630 - NtUserUpdatePerUserSystemParameters 00000882 0.00914865 583 583 0x1247.[BF99F21C] = BF914DF4 - NtUserUserHandleGrantAccess 00000883 0.00915871 584 584 0x1248.[BF99F220] = BF801951 - NtUserValidateHandleSecure 00000884 0.00916848 585 585 0x1249.[BF99F224] = BF8F1698 - NtUserValidateRect 00000885 0.00917882 586 586 0x124A.[BF99F228] = BF80A70D - NtUserValidateTimerCallback 00000886 0.00918860 587 587 0x124B.[BF99F22C] = BF8C26DF - NtUserVkKeyScanEx 00000887 0.00919838 588 588 0x124C.[BF99F230] = BF90F7E4 - NtUserWaitForInputIdle 00000888 0.00920843 589 589 0x124D.[BF99F234] = BF90E6F8 - NtUserWaitForMsgAndEvent 00000889 0.00921793 590 590 0x124E.[BF99F238] = BF80375C - NtUserWaitMessage 00000890 0.00922827 591 591 0x124F.[BF99F23C] = BF91344B - NtUserWin32PoolAllocationStats 00000891 0.00923805 592 592 0x1250.[BF99F240] = BF81CB71 - NtUserWindowFromPoint 00000892 0.00924782 593 593 0x1251.[BF99F244] = BF90FF38 - NtUserYieldTask 00000893 0.00925788 594 594 0x1252.[BF99F248] = BF873689 - NtUserRemoteConnect 00000894 0.00926794 595 595 0x1253.[BF99F24C] = BF9132D2 - NtUserRemoteRedrawRectangle 00000895 0.00927799 596 596 0x1254.[BF99F250] = BF91331F - NtUserRemoteRedrawScreen 00000896 0.00928833 597 597 0x1255.[BF99F254] = BF913373 - NtUserRemoteStopScreenUpdates 00000897 0.00929811 598 598 0x1256.[BF99F258] = BF9133C0 - NtUserCtxDisplayIOCtl 00000898 0.00930817 599 599 0x1257.[BF99F25C] = BF8FA485 - NtGdiEngAssociateSurface 00000899 0.00931822 600 600 0x1258.[BF99F260] = BF8FAE79 - NtGdiEngCreateBitmap 00000900 0.00932800 601 601 0x1259.[BF99F264] = BF8FA452 - NtGdiEngCreateDeviceSurface 00000901 0.00933834 602 602 0x125A.[BF99F268] = BF957BCE - NtGdiEngCreateDeviceBitmap 00000902 0.00934840 603 603 0x125B.[BF99F26C] = BF8E037B - NtGdiEngCreatePalette 00000903 0.00935845 604 604 0x125C.[BF99F270] = BF904AC1 - NtGdiEngComputeGlyphSet 00000904 0.00936851 605 605 0x125D.[BF99F274] = BF95812A - NtGdiEngCopyBits 00000905 0.00937857 606 606 0x125E.[BF99F278] = BF8E0F07 - NtGdiEngDeletePalette 00000906 0.00938834 607 607 0x125F.[BF99F27C] = BF8FA3D8 - NtGdiEngDeleteSurface 00000907 0.00939868 608 608 0x1260.[BF99F280] = BF957D54 - NtGdiEngEraseSurface 00000908 0.00940874 609 609 0x1261.[BF99F284] = BF8FE676 - NtGdiEngUnlockSurface 00000909 0.00941879 610 610 0x1262.[BF99F288] = BF8FA87B - NtGdiEngLockSurface 00000910 0.00942857 611 611 0x1263.[BF99F28C] = BF903651 - NtGdiEngBitBlt 00000911 0.00943863 612 612 0x1264.[BF99F290] = BF8FEA4F - NtGdiEngStretchBlt 00000912 0.00944813 613 613 0x1265.[BF99F294] = BF958522 - NtGdiEngPlgBlt 00000913 0.00945846 614 614 0x1266.[BF99F298] = BF8FAF1B - NtGdiEngMarkBandingSurface 00000914 0.00946824 615 615 0x1267.[BF99F29C] = BF8FBD15 - NtGdiEngStrokePath 00000915 0.00947802 616 616 0x1268.[BF99F2A0] = BF958719 - NtGdiEngFillPath 00000916 0.00948808 617 617 0x1269.[BF99F2A4] = BF8FC9AA - NtGdiEngStrokeAndFillPath 00000917 0.00949813 618 618 0x126A.[BF99F2A8] = BF958884 - NtGdiEngPaint 00000918 0.00950763 619 619 0x126B.[BF99F2AC] = BF9589A0 - NtGdiEngLineTo 00000919 0.00951769 620 620 0x126C.[BF99F2B0] = BF958AC9 - NtGdiEngAlphaBlend 00000920 0.00952747 621 621 0x126D.[BF99F2B4] = BF958C48 - NtGdiEngGradientFill 00000921 0.00953725 622 622 0x126E.[BF99F2B8] = BF958E21 - NtGdiEngTransparentBlt 00000922 0.00954702 623 623 0x126F.[BF99F2BC] = BF8FD4CB - NtGdiEngTextOut 00000923 0.00955736 624 624 0x1270.[BF99F2C0] = BF9582C6 - NtGdiEngStretchBltROP 00000924 0.00956742 625 625 0x1271.[BF99F2C4] = BF9598EE - NtGdiXLATEOBJ_cGetPalette 00000925 0.00957720 626 626 0x1272.[BF99F2C8] = BF9599AA - NtGdiXLATEOBJ_iXlate 00000926 0.00958753 627 627 0x1273.[BF99F2CC] = BF9598A0 - NtGdiXLATEOBJ_hGetColorTransform 00000927 0.00959731 628 628 0x1274.[BF99F2D0] = BF8FC212 - NtGdiCLIPOBJ_bEnum 00000928 0.00960737 629 629 0x1275.[BF99F2D4] = BF8FC2BF - NtGdiCLIPOBJ_cEnumStart 00000929 0.00961742 630 630 0x1276.[BF99F2D8] = BF957E45 - NtGdiCLIPOBJ_ppoGetPath 00000930 0.00962692 631 631 0x1277.[BF99F2DC] = BF957E83 - NtGdiEngDeletePath 00000931 0.00963698 632 632 0x1278.[BF99F2E0] = BF957EBD - NtGdiEngCreateClip 00000932 0.00964704 633 633 0x1279.[BF99F2E4] = BF957EEF - NtGdiEngDeleteClip 00000933 0.00965709 634 634 0x127A.[BF99F2E8] = BF8FB87D - NtGdiBRUSHOBJ_ulGetBrushColor 00000934 0.00966715 635 635 0x127B.[BF99F2EC] = BF958F8D - NtGdiBRUSHOBJ_pvAllocRbrush 00000935 0.00967721 636 636 0x127C.[BF99F2F0] = BF958FDE - NtGdiBRUSHOBJ_pvGetRbrush 00000936 0.00968754 637 637 0x127D.[BF99F2F4] = BF904B47 - NtGdiBRUSHOBJ_hGetColorTransform 00000937 0.00969760 638 638 0x127E.[BF99F2F8] = BF904490 - NtGdiXFORMOBJ_bApplyXform 00000938 0.00970766 639 639 0x127F.[BF99F2FC] = BF8F9782 - NtGdiXFORMOBJ_iGetXform 00000939 0.00971772 640 640 0x1280.[BF99F300] = BF904651 - NtGdiFONTOBJ_vGetInfo 00000940 0.00972777 641 641 0x1281.[BF99F304] = BF8F96E8 - NtGdiFONTOBJ_pxoGetXform 00000941 0.00973811 642 642 0x1282.[BF99F308] = BF9040F5 - NtGdiFONTOBJ_cGetGlyphs 00000942 0.00974789 643 643 0x1283.[BF99F30C] = BF8F98F3 - NtGdiFONTOBJ_pifi 00000943 0.00975766 644 644 0x1284.[BF99F310] = BF9590F7 - NtGdiFONTOBJ_pfdg 00000944 0.00976800 645 645 0x1285.[BF99F314] = BF9591FE - NtGdiFONTOBJ_pQueryGlyphAttrs 00000945 0.00977806 646 646 0x1286.[BF99F318] = BF9597D0 - NtGdiFONTOBJ_pvTrueTypeFontFile 00000946 0.00978839 647 647 0x1287.[BF99F31C] = BF95902C - NtGdiFONTOBJ_cGetAllGlyphHandles 00000947 0.00979845 648 648 0x1288.[BF99F320] = BF9592D6 - NtGdiSTROBJ_bEnum 00000948 0.00980879 649 649 0x1289.[BF99F324] = BF90487F - NtGdiSTROBJ_bEnumPositionsOnly 00000949 0.00981912 650 650 0x128A.[BF99F328] = BF8F9A06 - NtGdiSTROBJ_bGetAdvanceWidths 00000950 0.00982890 651 651 0x128B.[BF99F32C] = BF90489D - NtGdiSTROBJ_vEnumStart 00000951 0.00983868 652 652 0x128C.[BF99F330] = BF9592F4 - NtGdiSTROBJ_dwGetCodePage 00000952 0.00984874 653 653 0x128D.[BF99F334] = BF9593E5 - NtGdiPATHOBJ_vGetBounds 00000953 0.00985879 654 654 0x128E.[BF99F338] = BF959476 - NtGdiPATHOBJ_bEnum 00000954 0.00986857 655 655 0x128F.[BF99F33C] = BF959583 - NtGdiPATHOBJ_vEnumStart 00000955 0.00987891 656 656 0x1290.[BF99F340] = BF9595DF - NtGdiPATHOBJ_vEnumStartClipLines 00000956 0.00988869 657 657 0x1291.[BF99F344] = BF95969D - NtGdiPATHOBJ_bEnumClipLines 00000957 0.00989819 658 658 0x1292.[BF99F348] = BF957BA7 - NtGdiGetDhpdev 00000958 0.00990824 659 659 0x1293.[BF99F34C] = BF957F29 - NtGdiEngCheckAbort 00000959 0.00991858 660 660 0x1294.[BF99F350] = BF903F3A - NtGdiHT_Get8BPPFormatPalette 00000960 0.00992864 661 661 0x1295.[BF99F354] = BF957C10 - NtGdiHT_Get8BPPMaskPalette 00000961 0.00993869 662 662 0x1296.[BF99F358] = BF94615F - NtGdiUpdateTransform 00000962 0.00994847 663 663 0x1297.[BF99F35C] = BF8DEA93 - NtGdiSetPUMPDOBJ 00000963 0.00995825 664 664 0x1298.[BF99F360] = BF959342 - NtGdiBRUSHOBJ_DeleteRbrush 00000964 0.00996831 665 665 0x1299.[BF99F364] = BF94D6A3 - NtGdiUnmapMemFont 00000965 0.00997808 666 666 0x129A.[BF99F368] = BF817D8C - NtGdiDrawStream 00000966 0.00998926 SSDTShadow_offset_gphkFirst = [BF9B0BD8] -> E1156A68 offset = 122D8 <-- win32k.sys globle variable 00000967 0.00999596 ===ETHREAD=== size=[672] 00000968 0.01000183 ===KTHREAD=== size=[496] 00000969 0.01001775 01.[E1156A68] T:E27ECEB0 S:BBE68840 M:00000006 V:C0 I:0000C01B N:E31482E0 00000970 0.01003340 02.[E31482E0] T:E27ECEB0 S:BBE68840 M:00000003 V:4A I:0000000C N:E18DCE98 00000971 0.01004904 03.[E18DCE98] T:E27ECEB0 S:BBE68840 M:00000003 V:BD I:0000000B N:E2EFCF08 00000972 0.01006525 04.[E2EFCF08] T:E27ECEB0 S:BBE68840 M:00000003 V:4E I:0000000A N:E187EC60 00000973 0.01008145 05.[E187EC60] T:E27ECEB0 S:BBE68840 M:00000003 V:53 I:00000009 N:E1F1FE98 00000974 0.01009793 06.[E1F1FE98] T:E27ECEB0 S:BBE68840 M:00000003 V:35 I:00000008 N:E1A7A3B8 00000975 0.01011441 07.[E1A7A3B8] T:E27ECEB0 S:BBE68840 M:00000003 V:36 I:00000007 N:E2A97C48 00000976 0.01013173 08.[E2A97C48] T:E27ECEB0 S:BBE68840 M:00000003 V:57 I:00000006 N:E187F5F0 00000977 0.01014906 09.[E187F5F0] T:E27ECEB0 S:BBE68840 M:00000003 V:45 I:00000005 N:E19144E8 00000978 0.01016721 10.[E19144E8] T:E27ECEB0 S:BBE68840 M:00000003 V:4B I:00000004 N:E1FE9AB8 00000979 0.01018565 11.[E1FE9AB8] T:E27ECEB0 S:BBE68840 M:00000003 V:4F I:00000003 N:E27F9C08 00000980 0.01020409 12.[E27F9C08] T:E27ECEB0 S:BBE68840 M:00000003 V:44 I:00000002 N:E1F597C0 00000981 0.01022337 13.[E1F597C0] T:E27ECEB0 S:BBE68840 M:00000003 V:50 I:00000001 N:E1FE8CD0 00000982 0.01024264 14.[E1FE8CD0] T:E27ECEB0 S:BBE68840 M:00000003 V:49 I:00000000 N:E2F20540 00000983 0.01026248 15.[E2F20540] T:E2F273C8 S:BBE6A050 M:00000002 V:1B I:0000F130 N:E18454A8 00000984 0.01028287 16.[E18454A8] T:E27ECEB0 S:BBE68840 M:00000008 V:42 I:000001FF N:E1FE4400 00000985 0.01030299 17.[E1FE4400] T:E27ECEB0 S:BBE68840 M:00000008 V:44 I:000001FE N:E1FDCEE8 00000986 0.01032394 18.[E1FDCEE8] T:E27ECEB0 S:BBE68840 M:00000008 V:13 I:000001FD N:E1F53780 00000987 0.01034489 19.[E1F53780] T:E27ECEB0 S:BBE68840 M:0000000C V:09 I:000001FC N:E1845408 00000988 0.01036612 20.[E1845408] T:E27ECEB0 S:BBE68840 M:00000008 V:09 I:000001FB N:E2A42978 00000989 0.01038791 21.[E2A42978] T:E27ECEB0 S:BBE68840 M:0000000A V:46 I:000001FA N:E1FF1460 00000990 0.01041026 22.[E1FF1460] T:E27ECEB0 S:BBE68840 M:00000008 V:46 I:000001F9 N:E196CE08 00000991 0.01043289 23.[E196CE08] T:E27ECEB0 S:BBE68840 M:00000008 V:45 I:000001F8 N:E2A304F0 00000992 0.01045552 24.[E2A304F0] T:E27ECEB0 S:BBE68840 M:00000008 V:70 I:000001F7 N:E1FFEA40 00000993 0.01047843 25.[E1FFEA40] T:E27ECEB0 S:BBE68840 M:0000000C V:4D I:000001F6 N:E1897B68 00000994 0.01050189 26.[E1897B68] T:E27ECEB0 S:BBE68840 M:00000008 V:4D I:000001F5 N:E1860500 00000995 0.01052592 27.[E1860500] T:E27ECEB0 S:BBE68840 M:00000008 V:52 I:000001F4 N:E1A644F0 00000996 0.01054994 28.[E1A644F0] T:E1D0B878 S:BBE326C0 M:00000008 V:55 I:00000006 N:E189A3C0 00000997 0.01057397 29.[E189A3C0] T:E1D0B878 S:BBE326C0 M:00000008 V:4C I:00000005 N:E1A78550 00000998 0.01059855 30.[E1A78550] T:E1D0B878 S:BBE326C0 M:00000006 V:1B I:00000004 N:E1A644D0 00000999 0.01062398 31.[E1A644D0] T:E1D0B878 S:BBE326C0 M:80000003 V:2E I:00000000 N:E1F0E248 00001000 0.01064912 32.[E1F0E248] T:E1D434A8 S:00000001 M:00000004 V:7B I:FFFFFFFA N:E1A9B110 00001001 0.01067454 33.[E1A9B110] T:E1D434A8 S:00000001 M:00000000 V:7B I:FFFFFFFB N:E1A176F8 00001002 0.01069940 34.[E1A176F8] T:E1D434A8 S:00000001 M:00000008 V:00 I:FFFFFFF9 N:00000000 00001003 0.01071868 IoControlCodes = 8000C004 00001004 0.01074997 --DRIVER1_DispatchDeviceControl-- 00001005 0.01076729 --DRIVER1_DispatchCreateClose--