📄 ntundoc.c
字号:
.NtQueryValueKey = (void*) 0x000B3138,
.NtSetInformationFile = (void*) 0x00098C08,
.NtSetValueKey = (void*) 0x000B32F4,
.ObpFreeObject = (void*) 0x000A6852,
.PspTerminateProcess = (void*) 0x000FBDBA,
.swprintf = (void*) 0x00061E42,
.ZwOpenProcess = (void*) 0x00000EDA,
.ZwProtectVirtualMemory = (void*) 0x00000FAA,
.ZwReadVirtualMemory = (void*) 0x0000127A,
}
},
{
TEXT("ntoskrnl 5.00.2195.6717 (english)"),
TEXT("3EE6C0021A3A00"),
{
.NtCreateProcess = (void*) 0x000A9212,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x0009F7F1,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000A9BF3,
.NtQueryInformationFile = (void*) 0x000987C1,
.NtQueryKey = (void*) 0x000B2FC0,
.NtQueryValueKey = (void*) 0x000B3138,
.NtSetInformationFile = (void*) 0x00098C08,
.NtSetValueKey = (void*) 0x000B32F4,
.ObpFreeObject = (void*) 0x000A6852,
.PspTerminateProcess = (void*) 0x000FBDBA,
.swprintf = (void*) 0x00061E42,
.ZwOpenProcess = (void*) 0x00000EDA,
.ZwProtectVirtualMemory = (void*) 0x00000FAA,
.ZwReadVirtualMemory = (void*) 0x0000127A,
}
},
{
TEXT("ntoskrnl 5.00.2195.6717 (german)"),
TEXT("3EE6C0021A42C0"),
{
.NtCreateProcess = (void*) 0x000A9212,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x0009F7F1,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000A9BF3,
.NtQueryInformationFile = (void*) 0x000987C1,
.NtQueryKey = (void*) 0x000B2FC0,
.NtQueryValueKey = (void*) 0x000B3138,
.NtSetInformationFile = (void*) 0x00098C08,
.NtSetValueKey = (void*) 0x000B32F4,
.ObpFreeObject = (void*) 0x000A6852,
.PspTerminateProcess = (void*) 0x000FBDBA,
.swprintf = (void*) 0x00061E42,
.ZwOpenProcess = (void*) 0x00000EDA,
.ZwProtectVirtualMemory = (void*) 0x00000FAA,
.ZwReadVirtualMemory = (void*) 0x0000127A,
}
},
{
TEXT("ntkrnlmp 5.00.2195.6717 (english)"),
TEXT("3EE650B319DD00"),
{
.NtCreateProcess = (void*) 0x000E3244,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000CAC68,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E42AE,
.NtQueryInformationFile = (void*) 0x000AAC96,
.NtQueryKey = (void*) 0x00113C98,
.NtQueryValueKey = (void*) 0x00113F2E,
.NtSetInformationFile = (void*) 0x000AB2E0,
.NtSetValueKey = (void*) 0x001145C0,
.ObpFreeObject = (void*) 0x000D92BE,
.PspTerminateProcess = (void*) 0x000E4430,
.swprintf = (void*) 0x00062330,
.ZwOpenProcess = (void*) 0x00030408,
.ZwProtectVirtualMemory = (void*) 0x000304D8,
.ZwReadVirtualMemory = (void*) 0x000307A8,
}
},
{
TEXT("ntkrnlmp 5.00.2195.6717 (french)"),
TEXT("3EE650B319EAC0"),
{
.NtCreateProcess = (void*) 0x000E3244,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000CAC68,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E42AE,
.NtQueryInformationFile = (void*) 0x000AAC96,
.NtQueryKey = (void*) 0x00113C98,
.NtQueryValueKey = (void*) 0x00113F2E,
.NtSetInformationFile = (void*) 0x000AB2E0,
.NtSetValueKey = (void*) 0x001145C0,
.ObpFreeObject = (void*) 0x000D92BE,
.PspTerminateProcess = (void*) 0x000E4430,
.swprintf = (void*) 0x00062330,
.ZwOpenProcess = (void*) 0x00030408,
.ZwProtectVirtualMemory = (void*) 0x000304D8,
.ZwReadVirtualMemory = (void*) 0x000307A8,
}
},
{
TEXT("ntkrnlmp 5.00.2195.6717 (italian)"),
TEXT("3EE650B31C3480"),
{
.NtCreateProcess = (void*) 0x000E3244,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000CAC68,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E42AE,
.NtQueryInformationFile = (void*) 0x000AAC96,
.NtQueryKey = (void*) 0x00113C98,
.NtQueryValueKey = (void*) 0x00113F2E,
.NtSetInformationFile = (void*) 0x000AB2E0,
.NtSetValueKey = (void*) 0x001145C0,
.ObpFreeObject = (void*) 0x000D92BE,
.PspTerminateProcess = (void*) 0x000E4430,
.swprintf = (void*) 0x00062330,
.ZwOpenProcess = (void*) 0x00030408,
.ZwProtectVirtualMemory = (void*) 0x000304D8,
.ZwReadVirtualMemory = (void*) 0x000307A8,
}
},
{
TEXT("ntkrpamp 5.00.2195.6902 (german)"),
TEXT("403D35F91A47C0"),
{
.NtCreateProcess = (void*) 0x000E7A58,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000D0084,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E8AC2,
.NtQueryInformationFile = (void*) 0x000AE91A,
.NtQueryKey = (void*) 0x0011843C,
.NtQueryValueKey = (void*) 0x001186D2,
.NtSetInformationFile = (void*) 0x000AEF92,
.NtSetValueKey = (void*) 0x00118D64,
.ObpFreeObject = (void*) 0x000DDAB0,
.PspTerminateProcess = (void*) 0x000E8C44,
.swprintf = (void*) 0x000654C0,
.ZwOpenProcess = (void*) 0x00030654,
.ZwProtectVirtualMemory = (void*) 0x00030724,
.ZwReadVirtualMemory = (void*) 0x000309F4,
}
},
{
TEXT("ntkrnlpa 5.00.2195.6902 (english)"),
TEXT("403D35F819EDC0"),
{
.NtCreateProcess = (void*) 0x000E38EE,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000CBF98,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E4956,
.NtQueryInformationFile = (void*) 0x000AA790,
.NtQueryKey = (void*) 0x00114296,
.NtQueryValueKey = (void*) 0x0011452C,
.NtSetInformationFile = (void*) 0x000AAE16,
.NtSetValueKey = (void*) 0x00114BBE,
.ObpFreeObject = (void*) 0x000D9956,
.PspTerminateProcess = (void*) 0x000E4AD8,
.swprintf = (void*) 0x00062E10,
.ZwOpenProcess = (void*) 0x0002EB70,
.ZwProtectVirtualMemory = (void*) 0x0002EC40,
.ZwReadVirtualMemory = (void*) 0x0002EF10,
}
},
{
TEXT("ntkrnlpa 5.00.2195.6902 (german)"),
TEXT("403D35F819F680"),
{
.NtCreateProcess = (void*) 0x000E38EE,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000CBF98,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E4956,
.NtQueryInformationFile = (void*) 0x000AA790,
.NtQueryKey = (void*) 0x00114296,
.NtQueryValueKey = (void*) 0x0011452C,
.NtSetInformationFile = (void*) 0x000AAE16,
.NtSetValueKey = (void*) 0x00114BBE,
.ObpFreeObject = (void*) 0x000D9956,
.PspTerminateProcess = (void*) 0x000E4AD8,
.swprintf = (void*) 0x00062E10,
.ZwOpenProcess = (void*) 0x0002EB70,
.ZwProtectVirtualMemory = (void*) 0x0002EC40,
.ZwReadVirtualMemory = (void*) 0x0002EF10,
}
},
{
TEXT("ntoskrnl 5.00.2195.6902 (?)"),
TEXT("4047DB831A59C0"),
{
.NtCreateProcess = (void*) 0x000BA844,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000A49AE,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000BCA6F,
.NtQueryInformationFile = (void*) 0x0009C252,
.NtQueryKey = (void*) 0x0009857B,
.NtQueryValueKey = (void*) 0x00098256,
.NtSetInformationFile = (void*) 0x000999B7,
.NtSetValueKey = (void*) 0x000A7DF1,
.ObpFreeObject = (void*) 0x00094E14,
.PspTerminateProcess = (void*) 0x000FC759,
.swprintf = (void*) 0x00062342,
.ZwOpenProcess = (void*) 0x00000ED2,
.ZwProtectVirtualMemory = (void*) 0x00000FA2,
.ZwReadVirtualMemory = (void*) 0x00001272,
}
},
{
TEXT("ntoskrnl 5.00.2195.6902 (english)"),
TEXT("4047DB831A5540"),
{
.NtCreateProcess = (void*) 0x000BA844,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000A49AE,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000BCA6F,
.NtQueryInformationFile = (void*) 0x0009C252,
.NtQueryKey = (void*) 0x0009857B,
.NtQueryValueKey = (void*) 0x00098256,
.NtSetInformationFile = (void*) 0x000999B7,
.NtSetValueKey = (void*) 0x000A7DF1,
.ObpFreeObject = (void*) 0x00094E14,
.PspTerminateProcess = (void*) 0x000FC759,
.swprintf = (void*) 0x00062342,
.ZwOpenProcess = (void*) 0x00000ED2,
.ZwProtectVirtualMemory = (void*) 0x00000FA2,
.ZwReadVirtualMemory = (void*) 0x00001272,
}
},
{
TEXT("ntoskrnl 5.00.2195.6902 (german)"),
TEXT("4047DB831A5E00"),
{
.NtCreateProcess = (void*) 0x000BA844,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000A49AE,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000BCA6F,
.NtQueryInformationFile = (void*) 0x0009C252,
.NtQueryKey = (void*) 0x0009857B,
.NtQueryValueKey = (void*) 0x00098256,
.NtSetInformationFile = (void*) 0x000999B7,
.NtSetValueKey = (void*) 0x000A7DF1,
.ObpFreeObject = (void*) 0x00094E14,
.PspTerminateProcess = (void*) 0x000FC759,
.swprintf = (void*) 0x00062342,
.ZwOpenProcess = (void*) 0x00000ED2,
.ZwProtectVirtualMemory = (void*) 0x00000FA2,
.ZwReadVirtualMemory = (void*) 0x00001272,
}
},
{
TEXT("ntkrnlmp 5.00.2195.6902 (german)"),
TEXT("403D35E219F900"),
{
.NtCreateProcess = (void*) 0x000E40C8,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000CCC10,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E5132,
.NtQueryInformationFile = (void*) 0x000AB5DA,
.NtQueryKey = (void*) 0x00114AB8,
.NtQueryValueKey = (void*) 0x00114D4E,
.NtSetInformationFile = (void*) 0x000ABC52,
.NtSetValueKey = (void*) 0x001153E0,
.ObpFreeObject = (void*) 0x000DA128,
.PspTerminateProcess = (void*) 0x000E52B4,
.swprintf = (void*) 0x00062840,
.ZwOpenProcess = (void*) 0x000304F4,
.ZwProtectVirtualMemory = (void*) 0x000305C4,
.ZwReadVirtualMemory = (void*) 0x00030894,
}
},
{
TEXT("ntkrnlpa 5.00.2195.6952 (english)"),
TEXT("40D1D1AD19FF40"),
{
.NtCreateProcess = (void*) 0x000E3B26,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000CC040,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E4B8E,
.NtQueryInformationFile = (void*) 0x000AA838,
.NtQueryKey = (void*) 0x00114F1E,
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -