Zw 系列函式
轉:http://blog.sina.com.cn/s/blog_4a1acc7f0100cfud.html
896 37F 0000D379 ZwAcceptConnectPort
897 380 0000D38E ZwAccessCheck
898 381 0000D3A3 ZwAccessCheckAndAuditAlarm
899 382 0000D3B8 ZwAccessCheckByType
900 383 0000D3CD ZwAccessCheckByTypeAndAuditAlarm
901 384 0000D3E2 ZwAccessCheckByTypeResultList
902 385 0000D3F7 ZwAccessCheckByTypeResultListAndAuditAlarm
903 386 0000D40C ZwAccessCheckByTypeResultListAndAuditAlarmByHandle
904 387 0000D421 ZwAddAtom
905 388 0000D436 ZwAddBootEntry
906 389 0000D44B ZwAdjustGroupsToken
907 38A 0000D460 ZwAdjustPrivilegesToken
908 38B 0000D475 ZwAlertResumeThread
909 38C 0000D48A ZwAlertThread
910 38D 0000D49F ZwAllocateLocallyUniqueId
911 38E 0000D4B4 ZwAllocateUserPhysicalPages
912 38F 0000D4C9 ZwAllocateUuids
913 390 0000D4DE ZwAllocateVirtualMemory
914 391 0000D4F3 ZwAreMappedFilesTheSame
915 392 0000D508 ZwAssignProcessToJobObject
916 393 0000D51D ZwCallbackReturn
917 394 0000D532 ZwCancelDeviceWakeupRequest
918 395 0000D547 ZwCancelIoFile
919 396 0000D55C ZwCancelTimer
920 397 0000D571 ZwClearEvent
921 398 0000D586 ZwClose
922 399 0000D59B ZwCloseObjectAuditAlarm
923 39A 0000D5B0 ZwCompactKeys
924 39B 0000D5C5 ZwCompareTokens
925 39C 0000D5DA ZwCompleteConnectPort
926 39D 0000D5EF ZwCompressKey
927 39E 0000D604 ZwConnectPort
928 39F 0000D619 ZwContinue
929 3A0 0000D62E ZwCreateDebugObject
930 3A1 0000D643 ZwCreateDirectoryObject
931 3A2 0000D658 ZwCreateEvent
932 3A3 0000D66D ZwCreateEventPair
933 3A4 0000D682 ZwCreateFile
934 3A5 0000D697 ZwCreateIoCompletion
935 3A6 0000D6AC ZwCreateJobObject
936 3A7 0000D6C1 ZwCreateJobSet
937 3A8 0000D6D6 ZwCreateKey
938 3A9 0000EA5C ZwCreateKeyedEvent
939 3AA 0000D6EB ZwCreateMailslotFile
940 3AB 0000D700 ZwCreateMutant
941 3AC 0000D715 ZwCreateNamedPipeFile
942 3AD 0000D72A ZwCreatePagingFile
943 3AE 0000D73F ZwCreatePort
944 3AF 0000D754 ZwCreateProcess
945 3B0 0000D769 ZwCreateProcessEx
946 3B1 0000D77E ZwCreateProfile
947 3B2 0000D793 ZwCreateSection
948 3B3 0000D7A8 ZwCreateSemaphore
949 3B4 0000D7BD ZwCreateSymbolicLinkObject
950 3B5 0000D7D2 ZwCreateThread
951 3B6 0000D7E7 ZwCreateTimer
952 3B7 0000D7FC ZwCreateToken
953 3B8 0000D811 ZwCreateWaitablePort
954 3B9 0000D826 ZwDebugActiveProcess
955 3BA 0000D83B ZwDebugContinue
956 3BB 0000D850 ZwDelayExecution
957 3BC 0000D865 ZwDeleteAtom
958 3BD 0000D87A ZwDeleteBootEntry
959 3BE 0000D88F ZwDeleteFile
960 3BF 0000D8A4 ZwDeleteKey
961 3C0 0000D8B9 ZwDeleteObjectAuditAlarm
962 3C1 0000D8CE ZwDeleteValueKey
963 3C2 0000D8E3 ZwDeviceIoControlFile
964 3C3 0000D8F8 ZwDisplayString
965 3C4 0000D90D ZwDuplicateObject
966 3C5 0000D922 ZwDuplicateToken
967 3C6 0000D937 ZwEnumerateBootEntries
968 3C7 0000D94C ZwEnumerateKey
969 3C8 0000D961 ZwEnumerateSystemEnvironmentValuesEx
970 3C9 0000D976 ZwEnumerateValueKey
971 3CA 0000D98B ZwExtendSection
972 3CB 0000D9A0 ZwFilterToken
973 3CC 0000D9B5 ZwFindAtom
974 3CD 0000D9CA ZwFlushBuffersFile
975 3CE 0000D9DF ZwFlushInstructionCache
976 3CF 0000D9F4 ZwFlushKey
977 3D0 0000DA09 ZwFlushVirtualMemory
978 3D1 0000DA1E ZwFlushWriteBuffer
979 3D2 0000DA33 ZwFreeUserPhysicalPages
980 3D3 0000DA48 ZwFreeVirtualMemory
981 3D4 0000DA5D ZwFsControlFile
982 3D5 0000DA72 ZwGetContextThread
983 3D6 0000DA87 ZwGetDevicePowerState
984 3D7 0000DA9C ZwGetPlugPlayEvent
985 3D8 0000DAB1 ZwGetWriteWatch
986 3D9 0000DAC6 ZwImpersonateAnonymousToken
987 3DA 0000DADB ZwImpersonateClientOfPort
988 3DB 0000DAF0 ZwImpersonateThread
989 3DC 0000DB05 ZwInitializeRegistry
990 3DD 0000DB1A ZwInitiatePowerAction
991 3DE 0000DB2F ZwIsProcessInJob
992 3DF 0000DB44 ZwIsSystemResumeAutomatic
993 3E0 0000DB59 ZwListenPort
994 3E1 0000DB6E ZwLoadDriver
996 3E2 0000DB83 ZwLoadKey
995 3E3 0000DB98 ZwLoadKey2
997 3E4 0000DBAD ZwLockFile
998 3E5 0000DBC2 ZwLockProductActivationKeys
999 3E6 0000DBD7 ZwLockRegistryKey
1000 3E7 0000DBEC ZwLockVirtualMemory
1001 3E8 0000DC01 ZwMakePermanentObject
1002 3E9 0000DC16 ZwMakeTemporaryObject
1003 3EA 0000DC2B ZwMapUserPhysicalPages
1004 3EB 0000DC40 ZwMapUserPhysicalPagesScatter
1005 3EC 0000DC55 ZwMapViewOfSection
1006 3ED 0000DC6A ZwModifyBootEntry
1007 3EE 0000DC7F ZwNotifyChangeDirectoryFile
1008 3EF 0000DC94 ZwNotifyChangeKey
1009 3F0 0000DCA9 ZwNotifyChangeMultipleKeys
1010 3F1 0000DCBE ZwOpenDirectoryObject
1011 3F2 0000DCD3 ZwOpenEvent
1012 3F3 0000DCE8 ZwOpenEventPair
1013 3F4 0000DCFD ZwOpenFile
1014 3F5 0000DD12 ZwOpenIoCompletion
1015 3F6 0000DD27 ZwOpenJobObject
1016 3F7 0000DD3C ZwOpenKey
1017 3F8 0000EA71 ZwOpenKeyedEvent
1018 3F9 0000DD51 ZwOpenMutant
1019 3FA 0000DD66 ZwOpenObjectAuditAlarm
1020 3FB 0000DD7B ZwOpenProcess
1021 3FC 0000DD90 ZwOpenProcessToken
1022 3FD 0000DDA5 ZwOpenProcessTokenEx
1023 3FE 0000DDBA ZwOpenSection
1024 3FF 0000DDCF ZwOpenSemaphore
1025 400 0000DDE4 ZwOpenSymbolicLinkObject
1026 401 0000DDF9 ZwOpenThread
1027 402 0000DE0E ZwOpenThreadToken
1028 403 0000DE23 ZwOpenThreadTokenEx
1029 404 0000DE38 ZwOpenTimer
1030 405 0000DE4D ZwPlugPlayControl
1031 406 0000DE62 ZwPowerInformation
1032 407 0000DE77 ZwPrivilegeCheck
1033 408 0000DE8C ZwPrivilegeObjectAuditAlarm
1034 409 0000DEA1 ZwPrivilegedServiceAuditAlarm
1035 40A 0000DEB6 ZwProtectVirtualMemory
1036 40B 0000DECB ZwPulseEvent
1037 40C 0000DEE0 ZwQueryAttributesFile
1038 40D 0000DEF5 ZwQueryBootEntryOrder
1039 40E 0000DF0A ZwQueryBootOptions
1040 40F 0000DF1F ZwQueryDebugFilterState
1041 410 0000DF34 ZwQueryDefaultLocale
1042 411 0000DF49 ZwQueryDefaultUILanguage
1043 412 0000DF5E ZwQueryDirectoryFile
1044 413 0000DF73 ZwQueryDirectoryObject
1045 414 0000DF88 ZwQueryEaFile
1046 415 0000DF9D ZwQueryEvent
1047 416 0000DFB2 ZwQueryFullAttributesFile
1048 417 0000DFC7 ZwQueryInformationAtom
1049 418 0000DFDC ZwQueryInformationFile
1050 419 0000DFF1 ZwQueryInformationJobObject
1051 41A 0000E006 ZwQueryInformationPort
1052 41B 0000E01B ZwQueryInformationProcess
1053 41C 0000E030 ZwQueryInformationThread
1054 41D 0000E045 ZwQueryInformationToken
1055 41E 0000E05A ZwQueryInstallUILanguage
1056 41F 0000E06F ZwQueryIntervalProfile
1057 420 0000E084 ZwQueryIoCompletion
1058 421 0000E099 ZwQueryKey
1059 422 0000E0AE ZwQueryMultipleValueKey
1060 423 0000E0C3 ZwQueryMutant
1061 424 0000E0D8 ZwQueryObject
1062 425 0000E0ED ZwQueryOpenSubKeys
1063 426 0000E102 ZwQueryPerformanceCounter
1064 427 0000EAB0 ZwQueryPortInformationProcess
1065 428 0000E117 ZwQueryQuotaInformationFile
1066 429 0000E12C ZwQuerySection
1067 42A 0000E141 ZwQuerySecurityObject
1068 42B 0000E156 ZwQuerySemaphore
1069 42C 0000E16B ZwQuerySymbolicLinkObject
1070 42D 0000E180 ZwQuerySystemEnvironmentValue
1071 42E 0000E195 ZwQuerySystemEnvironmentValueEx
1072 42F 0000E1AA ZwQuerySystemInformation
1073 430 0000E1BF ZwQuerySystemTime
1074 431 0000E1D4 ZwQueryTimer
1075 432 0000E1E9 ZwQueryTimerResolution
1076 433 0000E1FE ZwQueryValueKey
1077 434 0000E213 ZwQueryVirtualMemory
1078 435 0000E228 ZwQueryVolumeInformationFile
1079 436 0000E23D ZwQueueApcThread
1080 437 0000E252 ZwRaiseException
1081 438 0000E267 ZwRaiseHardError
1082 439 0000E27C ZwReadFile
1083 43A 0000E291 ZwReadFileScatter
1084 43B 0000E2A6 ZwReadRequestData
1085 43C 0000E2BB ZwReadVirtualMemory
1086 43D 0000E2D0 ZwRegisterThreadTerminatePort
1087 43E 0000EA86 ZwReleaseKeyedEvent
1088 43F 0000E2E5 ZwReleaseMutant
1089 440 0000E2FA ZwReleaseSemaphore
1090 441 0000E30F ZwRemoveIoCompletion
1091 442 0000E324 ZwRemoveProcessDebug
1092 443 0000E339 ZwRenameKey
1093 444 0000E34E ZwReplaceKey
1094 445 0000E363 ZwReplyPort
1095 446 0000E378 ZwReplyWaitReceivePort
1096 447 0000E38D ZwReplyWaitReceivePortEx
1097 448 0000E3A2 ZwReplyWaitReplyPort
1098 449 0000E3B7 ZwRequestDeviceWakeup
1099 44A 0000E3CC ZwRequestPort
1100 44B 0000E3E1 ZwRequestWaitReplyPort
1101 44C 0000E3F6 ZwRequestWakeupLatency
1102 44D 0000E40B ZwResetEvent
1103 44E 0000E420 ZwResetWriteWatch
1104 44F 0000E435 ZwRestoreKey
1105 450 0000E44A ZwResumeProcess
1106 451 0000E45F ZwResumeThread
1107 452 0000E474 ZwSaveKey
1108 453 0000E489 ZwSaveKeyEx
1109 454 0000E49E ZwSaveMergedKeys
1110 455 0000E4B3 ZwSecureConnectPort
1111 456 0000E4C8 ZwSetBootEntryOrder
1112 457 0000E4DD ZwSetBootOptions
1113 458 0000E4F2 ZwSetContextThread
1114 459 0000E507 ZwSetDebugFilterState
1115 45A 0000E51C ZwSetDefaultHardErrorPort
1116 45B 0000E531 ZwSetDefaultLocale
1117 45C 0000E546 ZwSetDefaultUILanguage
1118 45D 0000E55B ZwSetEaFile
1119 45E 0000E570 ZwSetEvent
1120 45F 0000E585 ZwSetEventBoostPriority
1121 460 0000E59A ZwSetHighEventPair
1122 461 0000E5AF ZwSetHighWaitLowEventPair
1123 462 0000E5C4 ZwSetInformationDebugObject
1124 463 0000E5D9 ZwSetInformationFile
1125 464 0000E5EE ZwSetInformationJobObject
1126 465 0000E603 ZwSetInformationKey
1127 466 0000E618 ZwSetInformationObject
1128 467 0000E62D ZwSetInformationProcess
1129 468 0000E642 ZwSetInformationThread
1130 469 0000E657 ZwSetInformationToken
1131 46A 0000E66C ZwSetIntervalProfile
1132 46B 0000E681 ZwSetIoCompletion
1133 46C 0000E696 ZwSetLdtEntries
1134 46D 0000E6AB ZwSetLowEventPair
1135 46E 0000E6C0 ZwSetLowWaitHighEventPair
1136 46F 0000E6D5 ZwSetQuotaInformationFile
1137 470 0000E6EA ZwSetSecurityObject
1138 471 0000E6FF ZwSetSystemEnvironmentValue
1139 472 0000E714 ZwSetSystemEnvironmentValueEx
1140 473 0000E729 ZwSetSystemInformation
1141 474 0000E73E ZwSetSystemPowerState
1142 475 0000E753 ZwSetSystemTime
1143 476 0000E768 ZwSetThreadExecutionState
1144 477 0000E77D ZwSetTimer
1145 478 0000E792 ZwSetTimerResolution
1146 479 0000E7A7 ZwSetUuidSeed
1147 47A 0000E7BC ZwSetValueKey
1148 47B 0000E7D1 ZwSetVolumeInformationFile
1149 47C 0000E7E6 ZwShutdownSystem
1150 47D 0000E7FB ZwSignalAndWaitForSingleObject
1151 47E 0000E810 ZwStartProfile
1152 47F 0000E825 ZwStopProfile
1153 480 0000E83A ZwSuspendProcess
1154 481 0000E84F ZwSuspendThread
1155 482 0000E864 ZwSystemDebugControl
1156 483 0000E879 ZwTerminateJobObject
1157 484 0000E88E ZwTerminateProcess
1158 485 0000E8A3 ZwTerminateThread
1159 486 0000E8B8 ZwTestAlert
1160 487 0000E8CD ZwTraceEvent
1161 488 0000E8E2 ZwTranslateFilePath
1162 489 0000E8F7 ZwUnloadDriver
1163 48A 0000E90C ZwUnloadKey
1164 48B 0000E921 ZwUnloadKeyEx
1165 48C 0000E936 ZwUnlockFile
1166 48D 0000E94B ZwUnlockVirtualMemory
1167 48E 0000E960 ZwUnmapViewOfSection
1168 48F 0000E975 ZwVdmControl
1169 490 0000E98A ZwWaitForDebugEvent
1170 491 0000EA9B ZwWaitForKeyedEvent
1171 492 0000E99F ZwWaitForMultipleObjects
1172 493 0000E9B4 ZwWaitForSingleObject
1173 494 0000E9C9 ZwWaitHighEventPair
1174 495 0000E9DE ZwWaitLowEventPair
1175 496 0000E9F3 ZwWriteFile
1176 497 0000EA08 ZwWriteFileGather
1177 498 0000EA1D ZwWriteRequestData
1178 499 0000EA32 ZwWriteVirtualMemory
1179 49A 0000EA47 ZwYieldExecution