📄 ntundoc.c
字号:
.NtQueryValueKey = (void*) 0x000A3DDA,
.NtSetInformationFile = (void*) 0x0009E4B6,
.NtSetValueKey = (void*) 0x000A7B60,
.ObpFreeObject = (void*) 0x0009CB89,
.PspTerminateProcess = (void*) 0x000FDBAF,
.swprintf = (void*) 0x00061112,
.ZwOpenProcess = (void*) 0x00000E9A,
.ZwProtectVirtualMemory = (void*) 0x00000F6A,
.ZwReadVirtualMemory = (void*) 0x0000123A,
}
},
{
TEXT("ntkrnlpa 5.00.2195.5438 (german)"),
TEXT("3D362A9019C800"),
{
.NtCreateProcess = (void*) 0x000E28CC,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000CA1B0,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E36C8,
.NtQueryInformationFile = (void*) 0x000AA122,
.NtQueryKey = (void*) 0x001128C0,
.NtQueryValueKey = (void*) 0x00112B56,
.NtSetInformationFile = (void*) 0x000AA770,
.NtSetValueKey = (void*) 0x001131E8,
.ObpFreeObject = (void*) 0x000D8C80,
.PspTerminateProcess = (void*) 0x000E384A,
.swprintf = (void*) 0x00062250,
.ZwOpenProcess = (void*) 0x0002E708,
.ZwProtectVirtualMemory = (void*) 0x0002E7D8,
.ZwReadVirtualMemory = (void*) 0x0002EAA8,
}
},
{
TEXT("ntkrnlpa 5.00.2195.5438 (polish)"),
TEXT("3D362A9019C580"),
{
.NtCreateProcess = (void*) 0x000E28CC,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000CA1B0,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E36C8,
.NtQueryInformationFile = (void*) 0x000AA122,
.NtQueryKey = (void*) 0x001128C0,
.NtQueryValueKey = (void*) 0x00112B56,
.NtSetInformationFile = (void*) 0x000AA770,
.NtSetValueKey = (void*) 0x001131E8,
.ObpFreeObject = (void*) 0x000D8C80,
.PspTerminateProcess = (void*) 0x000E384A,
.swprintf = (void*) 0x00062250,
.ZwOpenProcess = (void*) 0x0002E708,
.ZwProtectVirtualMemory = (void*) 0x0002E7D8,
.ZwReadVirtualMemory = (void*) 0x0002EAA8,
}
},
{
TEXT("ntkrnlpa 5.00.2195.5438 (russian)"),
TEXT("3D362A9019BF40"),
{
.NtCreateProcess = (void*) 0x000E28CC,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000CA1B0,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E36C8,
.NtQueryInformationFile = (void*) 0x000AA122,
.NtQueryKey = (void*) 0x001128C0,
.NtQueryValueKey = (void*) 0x00112B56,
.NtSetInformationFile = (void*) 0x000AA770,
.NtSetValueKey = (void*) 0x001131E8,
.ObpFreeObject = (void*) 0x000D8C80,
.PspTerminateProcess = (void*) 0x000E384A,
.swprintf = (void*) 0x00062250,
.ZwOpenProcess = (void*) 0x0002E708,
.ZwProtectVirtualMemory = (void*) 0x0002E7D8,
.ZwReadVirtualMemory = (void*) 0x0002EAA8,
}
},
{
TEXT("ntoskrnl 5.00.2195.5438 (german)"),
TEXT("3D366B8B1A2A00"),
{
.NtCreateProcess = (void*) 0x000A8780,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x0009EB93,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000A8FE0,
.NtQueryInformationFile = (void*) 0x00098669,
.NtQueryKey = (void*) 0x000B37F1,
.NtQueryValueKey = (void*) 0x000B3969,
.NtSetInformationFile = (void*) 0x00098ACF,
.NtSetValueKey = (void*) 0x000B3B25,
.ObpFreeObject = (void*) 0x000A5BD8,
.PspTerminateProcess = (void*) 0x000FE877,
.swprintf = (void*) 0x00061842,
.ZwOpenProcess = (void*) 0x00000E9A,
.ZwProtectVirtualMemory = (void*) 0x00000F6A,
.ZwReadVirtualMemory = (void*) 0x0000123A,
}
},
{
TEXT("ntoskrnl 5.00.2195.5438 (polish)"),
TEXT("3D366B8B1A2780"),
{
.NtCreateProcess = (void*) 0x000A8780,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x0009EB93,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000A8FE0,
.NtQueryInformationFile = (void*) 0x00098669,
.NtQueryKey = (void*) 0x000B37F1,
.NtQueryValueKey = (void*) 0x000B3969,
.NtSetInformationFile = (void*) 0x00098ACF,
.NtSetValueKey = (void*) 0x000B3B25,
.ObpFreeObject = (void*) 0x000A5BD8,
.PspTerminateProcess = (void*) 0x000FE877,
.swprintf = (void*) 0x00061842,
.ZwOpenProcess = (void*) 0x00000E9A,
.ZwProtectVirtualMemory = (void*) 0x00000F6A,
.ZwReadVirtualMemory = (void*) 0x0000123A,
}
},
{
TEXT("ntoskrnl 5.00.2195.5438 (russian)"),
TEXT("3D366B8B1A2140"),
{
.NtCreateProcess = (void*) 0x000A8780,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x0009EB93,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000A8FE0,
.NtQueryInformationFile = (void*) 0x00098669,
.NtQueryKey = (void*) 0x000B37F1,
.NtQueryValueKey = (void*) 0x000B3969,
.NtSetInformationFile = (void*) 0x00098ACF,
.NtSetValueKey = (void*) 0x000B3B25,
.ObpFreeObject = (void*) 0x000A5BD8,
.PspTerminateProcess = (void*) 0x000FE877,
.swprintf = (void*) 0x00061842,
.ZwOpenProcess = (void*) 0x00000E9A,
.ZwProtectVirtualMemory = (void*) 0x00000F6A,
.ZwReadVirtualMemory = (void*) 0x0000123A,
}
},
{
TEXT("ntkrpamp 5.00.2195.6717 (english)"),
TEXT("3EE650CD1A2B40"),
{
.NtCreateProcess = (void*) 0x000E6BCA,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000CE0EA,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E7C34,
.NtQueryInformationFile = (void*) 0x000AE056,
.NtQueryKey = (void*) 0x00117624,
.NtQueryValueKey = (void*) 0x001178BA,
.NtSetInformationFile = (void*) 0x000AE6A0,
.NtSetValueKey = (void*) 0x00117F4C,
.ObpFreeObject = (void*) 0x000DCC3C,
.PspTerminateProcess = (void*) 0x000E7DB6,
.swprintf = (void*) 0x00064F90,
.ZwOpenProcess = (void*) 0x00030554,
.ZwProtectVirtualMemory = (void*) 0x00030624,
.ZwReadVirtualMemory = (void*) 0x000308F4,
}
},
{
TEXT("ntkrpamp 5.00.2195.6717 (french)"),
TEXT("3EE650CD1A3900"),
{
.NtCreateProcess = (void*) 0x000E6BCA,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000CE0EA,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E7C34,
.NtQueryInformationFile = (void*) 0x000AE056,
.NtQueryKey = (void*) 0x00117624,
.NtQueryValueKey = (void*) 0x001178BA,
.NtSetInformationFile = (void*) 0x000AE6A0,
.NtSetValueKey = (void*) 0x00117F4C,
.ObpFreeObject = (void*) 0x000DCC3C,
.PspTerminateProcess = (void*) 0x000E7DB6,
.swprintf = (void*) 0x00064F90,
.ZwOpenProcess = (void*) 0x00030554,
.ZwProtectVirtualMemory = (void*) 0x00030624,
.ZwReadVirtualMemory = (void*) 0x000308F4,
}
},
{
TEXT("ntkrpamp 5.00.2195.6717 (italian)"),
TEXT("3EE650CD1C82C0"),
{
.NtCreateProcess = (void*) 0x000E6BCA,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000CE0EA,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E7C34,
.NtQueryInformationFile = (void*) 0x000AE056,
.NtQueryKey = (void*) 0x00117624,
.NtQueryValueKey = (void*) 0x001178BA,
.NtSetInformationFile = (void*) 0x000AE6A0,
.NtSetValueKey = (void*) 0x00117F4C,
.ObpFreeObject = (void*) 0x000DCC3C,
.PspTerminateProcess = (void*) 0x000E7DB6,
.swprintf = (void*) 0x00064F90,
.ZwOpenProcess = (void*) 0x00030554,
.ZwProtectVirtualMemory = (void*) 0x00030624,
.ZwReadVirtualMemory = (void*) 0x000308F4,
}
},
{
TEXT("ntkrnlpa 5.00.2195.6717"),
TEXT("3EE650C919E740"),
{
.NtCreateProcess = (void*) 0x000E29A6,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000C9F3E,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E3A0E,
.NtQueryInformationFile = (void*) 0x000A9DD6,
.NtQueryKey = (void*) 0x001133AC,
.NtQueryValueKey = (void*) 0x00113642,
.NtSetInformationFile = (void*) 0x000AA424,
.NtSetValueKey = (void*) 0x00113CD4,
.ObpFreeObject = (void*) 0x000D8A1E,
.PspTerminateProcess = (void*) 0x000E3B90,
.swprintf = (void*) 0x00062890,
.ZwOpenProcess = (void*) 0x0002EA60,
.ZwProtectVirtualMemory = (void*) 0x0002EB30,
.ZwReadVirtualMemory = (void*) 0x0002EE00,
}
},
{
TEXT("ntkrnlpa 5.00.2195.6717 (english)"),
TEXT("3EE650C919D980"),
{
.NtCreateProcess = (void*) 0x000E29A6,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000C9F3E,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E3A0E,
.NtQueryInformationFile = (void*) 0x000A9DD6,
.NtQueryKey = (void*) 0x001133AC,
.NtQueryValueKey = (void*) 0x00113642,
.NtSetInformationFile = (void*) 0x000AA424,
.NtSetValueKey = (void*) 0x00113CD4,
.ObpFreeObject = (void*) 0x000D8A1E,
.PspTerminateProcess = (void*) 0x000E3B90,
.swprintf = (void*) 0x00062890,
.ZwOpenProcess = (void*) 0x0002EA60,
.ZwProtectVirtualMemory = (void*) 0x0002EB30,
.ZwReadVirtualMemory = (void*) 0x0002EE00,
}
},
{
TEXT("ntkrnlpa 5.00.2195.6717 (german)"),
TEXT("3EE650C919E240"),
{
.NtCreateProcess = (void*) 0x000E29A6,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000C9F3E,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E3A0E,
.NtQueryInformationFile = (void*) 0x000A9DD6,
.NtQueryKey = (void*) 0x001133AC,
.NtQueryValueKey = (void*) 0x00113642,
.NtSetInformationFile = (void*) 0x000AA424,
.NtSetValueKey = (void*) 0x00113CD4,
.ObpFreeObject = (void*) 0x000D8A1E,
.PspTerminateProcess = (void*) 0x000E3B90,
.swprintf = (void*) 0x00062890,
.ZwOpenProcess = (void*) 0x0002EA60,
.ZwProtectVirtualMemory = (void*) 0x0002EB30,
.ZwReadVirtualMemory = (void*) 0x0002EE00,
}
},
{
TEXT("ntoskrnl 5.00.2195.6717"),
TEXT("3EE6C0021A47C0"),
{
.NtCreateProcess = (void*) 0x000A9212,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x0009F7F1,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000A9BF3,
.NtQueryInformationFile = (void*) 0x000987C1,
.NtQueryKey = (void*) 0x000B2FC0,
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -