📄 ntice325.inc
字号:
pPrintLine_Color EQU 0x000382EEpPrintLine_Help EQU 0x0003830ApPrintErrorToCommandWindow EQU 0x00038349pMemset EQU 0x000383DBpMemcopy EQU 0x0003842ApMapSelectorOffsetToLinAddr EQU 0x0003856EpCopyDword EQU 0x00038599pCopyWord EQU 0x000385C4pCopyByte EQU 0x000385F0pWriteDword EQU 0x0003861BpReadArea EQU 0x0003863BpMovEAX_PTR_EBX EQU 0x00038671jPAGEIN_INT3 EQU 0x00038673c_PAGEIN__ EQU 0x00038674pagein_ring0 EQU 0x000386D2pINT3_CleanupForPAGEIN EQU 0x00038708pSwitchContext EQU 0x00038744pGetNumber EQU 0x00038A2Fc_addr_ EQU 0x00038DE3pEvaluateProcessType EQU 0x00038FBDpGetCurrentThreadAndProcessPointers EQU 0x0003906Fc_ADDR EQU 0x000391CCpPrintADDRResults EQU 0x0003927Ec_NTCALL_ EQU 0x0003931Bc_query_ EQU 0x00039457query_extendedinfo EQU 0x00039484query_alien_context EQU 0x0003949Bquery_switch_to_next_context EQU 0x000394C0query_exec_query EQU 0x000394EAquery_leave EQU 0x0003950Ac_QUERY EQU 0x00039513query_has_args EQU 0x00039536query_process EQU 0x0003954Bquery_ret EQU 0x00039577pHookMapViewOfImageSection EQU 0x0003A10CpHookAddValidPageToWorkingSet EQU 0x0003A191pHookCopyOnWrite EQU 0x0003A273pHookRtlAssert EQU 0x0003A2E2pINT_2D EQU 0x0003AB69fInitDone EQU 0x0003AED6pINT_2E EQU 0x0003AED7nullsub_22 EQU 0x0003B3CEpDispatchIo EQU 0x0003BC68devio_UnknownControlCode EQU 0x0003BCD5devio_Leave EQU 0x0003BEC9pIoDispatchTable EQU 0x0003BF08pDeviceIOControl EQU 0x0003BF61pInitFailureCleanup EQU 0x0003BF98pPatchInt2D EQU 0x0003C484pSprintf_ EQU 0x0003C808pInitTypeParsers_1 EQU 0x0003DB19jInitEvalStructs EQU 0x0003E70BpInitEvalStructs EQU 0x0003E80EpParser_EVALUE EQU 0x000403E8pGetIRQLLevel EQU 0x000404EApExpression2Integer2_ EQU 0x00042624pExpression2Integer2 EQU 0x000427AEpEval_Bx_IF EQU 0x00042882pGetPrintLineStatus EQU 0x000492F0pPrintf EQU 0x0004949EpIsNullPointer EQU 0x00049C49pGetValueFromPCRB EQU 0x00049C7Ec_XFRAME__ EQU 0x0004A663c_OBJDIR_ EQU 0x0004D6F7c_device_ EQU 0x0004DAEFc_driver_ EQU 0x0004DF05c_IRP_ EQU 0x0004E64Ac_FOBJ_ EQU 0x0004EB1Bc_objtab_ EQU 0x0004F16BpIsBuild817 EQU 0x0004FC65pRetriveNtVersionData EQU 0x0004FC86pGetMinorVersion EQU 0x0004FCFApGetMajorVersion EQU 0x0004FD01pGetBuildType EQU 0x0004FD0CpDiplayNtVersions EQU 0x0004FD13pGetBuildNumber EQU 0x0004FD5EpGetCSDVersion EQU 0x0004FD65pGetUniprocValue EQU 0x0004FD6Cc_TIMER EQU 0x000501EEc_INTOBJ EQU 0x000505C9c_DPC EQU 0x00050869c_APC EQU 0x00050C16c_BSTAT_ EQU 0x0005166Dc_WHAT__ EQU 0x00052311pEval_Bx_DO EQU 0x000549DDc_MACRO_ EQU 0x00054A18pParseUserCommand EQU 0x00054D82pParse_EXCLUDE_SIWVIDRANGE EQU 0x00055763pSTATUS_NOT_IMPLEMENTED EQU 0x00056234nullsub_7 EQU 0x0005623ApDeleteSymbolTable__ EQU 0x00059270nullsub_8 EQU 0x0005929CpDeleteSymbolTable_ EQU 0x0005929FpDeviceIO_3 EQU 0x00059ACBc_SYM_ EQU 0x0005EC42c_types_ EQU 0x0005EEFDc_PEEK_ EQU 0x0005F33Ec_POKE_ EQU 0x0005F46Fc_altscr_ EQU 0x0005F5C4pInitUpdateFunctions_Base EQU 0x0005F826nullsub_17 EQU 0x0005F847nullsub_18 EQU 0x0005F848nullsub_19 EQU 0x0005F849nullsub_20 EQU 0x0005F84FpUpdateBase_38 EQU 0x0005F852pUpdateBase_20 EQU 0x0005F85BpUpdateBase_00 EQU 0x0005F8EEpInitUpdateFunctions_Locals EQU 0x0005FBA6pUpdateLocals_44 EQU 0x0005FEBCpPrintLocals_ EQU 0x000600CDpInitUpdateFunctions_Watches EQU 0x000605FCpUpdateWatches_44 EQU 0x00060726pPrintWatches_ EQU 0x00060AB1c_PCI_QueryPCIRegisters EQU 0x00060DACc_PCI_Query_BusDeviceFunction EQU 0x00060F45c_PCI_ EQU 0x00061467c_fiber_ EQU 0x0006174Ac_width_ EQU 0x00062AF0pAllocateHeapBlock EQU 0x000654F1pHeapFree EQU 0x00065523c_PAGEIN_ EQU 0x0006554Dpin_PageNotPresent EQU 0x0006561Epin_InterrupsEnabled EQU 0x0006563Bpin_IrqlLevelBelow2 EQU 0x00065661JPageinAcceptCommand EQU 0x000656B3JPagein_ret EQU 0x000656BFnullsub_9 EQU 0x000658ACj_strstr EQU 0x00066402j_RtlUnwind EQU 0x000665A0IoFastMutex EQU 0x000695C8dNticeStartType EQU 0x00095530fDoingDeviceIO EQU 0x000956C3wRing0_SS EQU 0x000956D9dRing0_ESP EQU 0x000956DBIDTBase EQU 0x00097BE7IoMapingSpaceVirtualAddress EQU 0x0009CDD9wNTICE_DS EQU 0x0009CDF2fCS_Type_v86_32_ EQU 0x0009CE29fNticeFlags EQU 0x0009CE35fExecuteMoreCommands EQU 0x0009CE39fClientMode EQU 0x0009CE3BtNTiceIntHandlers EQU 0x0009E4D6tAllRegisters EQU 0x0009EC56dDR0 EQU 0x0009F879dDR1 EQU 0x0009F87DdDR2 EQU 0x0009F881dDR3 EQU 0x0009F885dDR7 EQU 0x0009F889oOLD_IDT_INT_02 EQU 0x0009F88DoOLD_INT02_AR EQU 0x0009F893oOLD_IDT_INT_0E EQU 0x0009F894oNEW_IDT_INT_0E EQU 0x0009F898fIOAPIC_Used EQU 0x0009F8DFoLocalAPICRegisters EQU 0x0009F8E0_off_PCR_var EQU 0x0009F8E8NumberOfCPUs EQU 0x0009F8ECProcessorControlRegion EQU 0x0009F8F0wInitialFS EQU 0x0009F8F4dClient_EAX EQU 0x000A01CDdClient_EBX EQU 0x000A01D1dClient_ECX EQU 0x000A01D5dClient_EDX EQU 0x000A01D9dClient_ESI EQU 0x000A01DDdClient_EDI EQU 0x000A01E1dClient_EBP EQU 0x000A01E5dClient_ESP EQU 0x000A01E9dClient_EIP EQU 0x000A01EDdClient_EFLAGS EQU 0x000A01F1dClient_CS EQU 0x000A01F5dClient_DS EQU 0x000A01F9dClient_SS EQU 0x000A01FDdClient_ES EQU 0x000A0201dClient_FS EQU 0x000A0205dClient_GS EQU 0x000A0209tClientRegistersMirrorTable EQU 0x000A0219bUserCommand EQU 0x000A35EFtCommands EQU 0x000A4F87tTwoLineBuffer_140 EQU 0x000B2ED2dCurentProcessKPROCESS EQU 0x000B30F0fDebugRegistersLimit EQU 0x000CE009fForcePagein_InProgress EQU 0x000D15A5dCurrentContext EQU 0x000DED1FdPopupContext EQU 0x000DED23dNTICE_CR0 EQU 0x000DED2CdNTICE_CR3 EQU 0x000DED30fPAGEIN_InProgress EQU 0x000E38FBtClientRegistersBckupArea EQU 0x000E38FFoPAGEIN_INT3 EQU 0x000E3947tContextTable EQU 0x000E4563_off_KeUpdateSystemTime EQU 0x000E4AC1wBuildType EQU 0x000F17A8wBuildNumber EQU 0x000F17ACwUniprocesor EQU 0x000F17B4dCSDversion EQU 0x000F17B8ExAcquireFastMutex EQU 0x00102860ExReleaseFastMutex EQU 0x00102864KdComPortInUse EQU 0x00102868HalInitializeProcessor EQU 0x0010286CHalDisplayString EQU 0x00102870MmIsAddressValid EQU 0x00102878DbgBreakPoint EQU 0x0010287CObReferenceObjectByHandle EQU 0x00102880PsCreateSystemProcess EQU 0x00102884ExRaiseDatatypeMisalignment EQU 0x00102888KeUpdateSystemTime EQU 0x0010288CRtlAssert EQU 0x00102890ExAllocatePoolWithTag EQU 0x00102894ExFreePool EQU 0x00102898KeInitializeEvent EQU 0x0010289CIoRegisterShutdownNotification EQU 0x001028A0PsInitialSystemProcess EQU 0x001028A4KeServiceDescriptorTable EQU 0x001028A8NtBuildNumber EQU 0x001028ACMmMapIoSpace EQU 0x001028B0IoDeleteDevice EQU 0x001028B4IoCreateSymbolicLink EQU 0x001028B8IoCreateDevice EQU 0x001028BCRtlInitUnicodeString EQU 0x001028C0ZwClose EQU 0x001028C4ObfDereferenceObject EQU 0x001028C8MmUnmapViewOfSection EQU 0x001028CCKeBugCheckEx EQU 0x001028D0RtlUnicodeStringToAnsiString EQU 0x001028D4IoQueryDeviceDescription EQU 0x001028D8strstr EQU 0x001028DCIofCompleteRequest EQU 0x001028E0IoDeleteSymbolicLink EQU 0x001028E4MmUnmapIoSpace EQU 0x001028E8ZwQueryValueKey EQU 0x001028ECZwOpenKey EQU 0x001028F0IoGetDeviceObjectPointer EQU 0x001028F4RtlFreeUnicodeString EQU 0x001028F8ZwWriteFile EQU 0x001028FCZwCreateFile EQU 0x00102900RtlAnsiStringToUnicodeString EQU 0x00102904RtlInitAnsiString EQU 0x00102908KeDelayExecutionThread EQU 0x0010290CExReleaseResourceForThread EQU 0x00102910RtlAppendUnicodeToString EQU 0x00102914RtlCopyUnicodeString EQU 0x00102918ZwReadFile EQU 0x0010291CZwQueryInformationFile EQU 0x00102920_purecall EQU 0x00102924RtlUnwind EQU 0x00102928IoDisconnectInterrupt EQU 0x0010292CMmIsThisAnNtAsSystem EQU 0x00102930ZwOpenDirectoryObject EQU 0x00102934IoConnectInterrupt EQU 0x00102938RtlFreeAnsiString EQU 0x0010293Cstart EQU 0x00102E20iomap_ok EQU 0x00102F0FjUserConfirmedLoad EQU 0x00102F28jBuildUnder1902 EQU 0x00102F3CjBuildOver1902 EQU 0x00102F42start_call_main EQU 0x001034E2jSTATUS_INSUFICIENT_RESOURCES EQU 0x00103509start_ret EQU 0x00103514pRetriveRegistryValue EQU 0x001036F1pRetriveRegistryValueLite EQU 0x00103795pPrintToBlueScreen EQU 0x001040FEpInitAskUserForLoad EQU 0x00104136jBuildUnder1381 EQU 0x0010417EjBuildOver1381 EQU 0x00104187jKbLoop EQU 0x0010419FjNotEsc EQU 0x001041C8⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -