📄 ntundoc.c
字号:
.NtQueryValueKey = (void*) 0x001151B4,
.NtSetInformationFile = (void*) 0x000AAEBE,
.NtSetValueKey = (void*) 0x00115846,
.ObpFreeObject = (void*) 0x000D9A70,
.PspTerminateProcess = (void*) 0x000E4D10,
.swprintf = (void*) 0x00063500,
.ZwOpenProcess = (void*) 0x0002EE2C,
.ZwProtectVirtualMemory = (void*) 0x0002EEFC,
.ZwReadVirtualMemory = (void*) 0x0002F1CC,
}
},
{
TEXT("ntkrnlpa 5.00.2195.6952 (italian)"),
TEXT("40D1D1AD1C56C0"),
{
.NtCreateProcess = (void*) 0x000E3B26,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000CC040,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E4B8E,
.NtQueryInformationFile = (void*) 0x000AA838,
.NtQueryKey = (void*) 0x00114F1E,
.NtQueryValueKey = (void*) 0x001151B4,
.NtSetInformationFile = (void*) 0x000AAEBE,
.NtSetValueKey = (void*) 0x00115846,
.ObpFreeObject = (void*) 0x000D9A70,
.PspTerminateProcess = (void*) 0x000E4D10,
.swprintf = (void*) 0x00063500,
.ZwOpenProcess = (void*) 0x0002EE2C,
.ZwProtectVirtualMemory = (void*) 0x0002EEFC,
.ZwReadVirtualMemory = (void*) 0x0002F1CC,
}
},
{
TEXT("ntoskrnl 5.00.2195.6952 (english)"),
TEXT("40D1D18319A640"),
{
.NtCreateProcess = (void*) 0x000DF9E2,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000C8488,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E0A4A,
.NtQueryInformationFile = (void*) 0x000A6DF8,
.NtQueryKey = (void*) 0x00110DD4,
.NtQueryValueKey = (void*) 0x0011106A,
.NtSetInformationFile = (void*) 0x000A747E,
.NtSetValueKey = (void*) 0x001116FC,
.ObpFreeObject = (void*) 0x000D5934,
.PspTerminateProcess = (void*) 0x000E0BCC,
.swprintf = (void*) 0x00060250,
.ZwOpenProcess = (void*) 0x0002EDDC,
.ZwProtectVirtualMemory = (void*) 0x0002EEAC,
.ZwReadVirtualMemory = (void*) 0x0002F17C,
}
},
{
TEXT("ntoskrnl 5.00.2195.6952 (italian)"),
TEXT("40D1D1831BFDC0"),
{
.NtCreateProcess = (void*) 0x000DF9E2,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000C8488,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E0A4A,
.NtQueryInformationFile = (void*) 0x000A6DF8,
.NtQueryKey = (void*) 0x00110DD4,
.NtQueryValueKey = (void*) 0x0011106A,
.NtSetInformationFile = (void*) 0x000A747E,
.NtSetValueKey = (void*) 0x001116FC,
.ObpFreeObject = (void*) 0x000D5934,
.PspTerminateProcess = (void*) 0x000E0BCC,
.swprintf = (void*) 0x00060250,
.ZwOpenProcess = (void*) 0x0002EDDC,
.ZwProtectVirtualMemory = (void*) 0x0002EEAC,
.ZwReadVirtualMemory = (void*) 0x0002F17C,
}
},
{
TEXT("ntkrnlpa 5.00.2195.6992 (english)"),
TEXT("4177334C1A0180"),
{
.NtCreateProcess = (void*) 0x000E3EC6,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000CC3BE,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E4F2E,
.NtQueryInformationFile = (void*) 0x000AAA38,
.NtQueryKey = (void*) 0x001152CE,
.NtQueryValueKey = (void*) 0x00115564,
.NtSetInformationFile = (void*) 0x000AB0BE,
.NtSetValueKey = (void*) 0x00115BF6,
.ObpFreeObject = (void*) 0x000D9E18,
.PspTerminateProcess = (void*) 0x000E50B0,
.swprintf = (void*) 0x000636E0,
.ZwOpenProcess = (void*) 0x0002EFFC,
.ZwProtectVirtualMemory = (void*) 0x0002F0CC,
.ZwReadVirtualMemory = (void*) 0x0002F39C,
}
},
{
TEXT("ntkrnlpa 5.00.2195.6992 (italian)"),
TEXT("4177334C1C5900"),
{
.NtCreateProcess = (void*) 0x000E3EC6,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000CC3BE,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E4F2E,
.NtQueryInformationFile = (void*) 0x000AAA38,
.NtQueryKey = (void*) 0x001152CE,
.NtQueryValueKey = (void*) 0x00115564,
.NtSetInformationFile = (void*) 0x000AB0BE,
.NtSetValueKey = (void*) 0x00115BF6,
.ObpFreeObject = (void*) 0x000D9E18,
.PspTerminateProcess = (void*) 0x000E50B0,
.swprintf = (void*) 0x000636E0,
.ZwOpenProcess = (void*) 0x0002EFFC,
.ZwProtectVirtualMemory = (void*) 0x0002F0CC,
.ZwReadVirtualMemory = (void*) 0x0002F39C,
}
},
{
TEXT("ntkrnlpa 5.00.2195.6992 (spanish)"),
TEXT("4177334C1A15C0"),
{
.NtCreateProcess = (void*) 0x000E3EC6,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000CC3BE,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E4F2E,
.NtQueryInformationFile = (void*) 0x000AAA38,
.NtQueryKey = (void*) 0x001152CE,
.NtQueryValueKey = (void*) 0x00115564,
.NtSetInformationFile = (void*) 0x000AB0BE,
.NtSetValueKey = (void*) 0x00115BF6,
.ObpFreeObject = (void*) 0x000D9E18,
.PspTerminateProcess = (void*) 0x000E50B0,
.swprintf = (void*) 0x000636E0,
.ZwOpenProcess = (void*) 0x0002EFFC,
.ZwProtectVirtualMemory = (void*) 0x0002F0CC,
.ZwReadVirtualMemory = (void*) 0x0002F39C,
}
},
{
TEXT("ntoskrnl 5.00.2195.6992 (english)"),
TEXT("4177333519A800"),
{
.NtCreateProcess = (void*) 0x000DFD34,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000C87B8,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E0D9C,
.NtQueryInformationFile = (void*) 0x000A6FB8,
.NtQueryKey = (void*) 0x0011113C,
.NtQueryValueKey = (void*) 0x001113D2,
.NtSetInformationFile = (void*) 0x000A763E,
.NtSetValueKey = (void*) 0x00111A64,
.ObpFreeObject = (void*) 0x000D5C86,
.PspTerminateProcess = (void*) 0x000E0F1E,
.swprintf = (void*) 0x00060420,
.ZwOpenProcess = (void*) 0x0002EFB8,
.ZwProtectVirtualMemory = (void*) 0x0002F088,
.ZwReadVirtualMemory = (void*) 0x0002F358,
}
},
{
TEXT("ntoskrnl 5.00.2195.6992 (italian)"),
TEXT("417733351BFF80"),
{
.NtCreateProcess = (void*) 0x000DFD34,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000C87B8,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E0D9C,
.NtQueryInformationFile = (void*) 0x000A6FB8,
.NtQueryKey = (void*) 0x0011113C,
.NtQueryValueKey = (void*) 0x001113D2,
.NtSetInformationFile = (void*) 0x000A763E,
.NtSetValueKey = (void*) 0x00111A64,
.ObpFreeObject = (void*) 0x000D5C86,
.PspTerminateProcess = (void*) 0x000E0F1E,
.swprintf = (void*) 0x00060420,
.ZwOpenProcess = (void*) 0x0002EFB8,
.ZwProtectVirtualMemory = (void*) 0x0002F088,
.ZwReadVirtualMemory = (void*) 0x0002F358,
}
},
{
TEXT("ntoskrnl 5.00.2195.6992 (spanish)"),
TEXT("4177333519BC40"),
{
.NtCreateProcess = (void*) 0x000DFD34,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000C87B8,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E0D9C,
.NtQueryInformationFile = (void*) 0x000A6FB8,
.NtQueryKey = (void*) 0x0011113C,
.NtQueryValueKey = (void*) 0x001113D2,
.NtSetInformationFile = (void*) 0x000A763E,
.NtSetValueKey = (void*) 0x00111A64,
.ObpFreeObject = (void*) 0x000D5C86,
.PspTerminateProcess = (void*) 0x000E0F1E,
.swprintf = (void*) 0x00060420,
.ZwOpenProcess = (void*) 0x0002EFB8,
.ZwProtectVirtualMemory = (void*) 0x0002F088,
.ZwReadVirtualMemory = (void*) 0x0002F358,
}
},
{
TEXT("ntkrnlpa 5.00.2195.7035 (english)"),
TEXT("42258C0E1A2480"),
{
.NtCreateProcess = (void*) 0x000E6218,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000CEB90,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E7280,
.NtQueryInformationFile = (void*) 0x000AC5F4,
.NtQueryKey = (void*) 0x0011761A,
.NtQueryValueKey = (void*) 0x001178B0,
.NtSetInformationFile = (void*) 0x000ACC7A,
.NtSetValueKey = (void*) 0x00117F42,
.ObpFreeObject = (void*) 0x000DBCA4,
.PspTerminateProcess = (void*) 0x000E7402,
.swprintf = (void*) 0x000646E0,
.ZwOpenProcess = (void*) 0x0002FF18,
.ZwProtectVirtualMemory = (void*) 0x0002FFE8,
.ZwReadVirtualMemory = (void*) 0x000302B8,
}
},
{
TEXT("ntkrnlpa 5.00.2195.7035 (french)"),
TEXT("42258C0E1A3240"),
{
.NtCreateProcess = (void*) 0x000E6218,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000CEB90,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E7280,
.NtQueryInformationFile = (void*) 0x000AC5F4,
.NtQueryKey = (void*) 0x0011761A,
.NtQueryValueKey = (void*) 0x001178B0,
.NtSetInformationFile = (void*) 0x000ACC7A,
.NtSetValueKey = (void*) 0x00117F42,
.ObpFreeObject = (void*) 0x000DBCA4,
.PspTerminateProcess = (void*) 0x000E7402,
.swprintf = (void*) 0x000646E0,
.ZwOpenProcess = (void*) 0x0002FF18,
.ZwProtectVirtualMemory = (void*) 0x0002FFE8,
.ZwReadVirtualMemory = (void*) 0x000302B8,
}
},
{
TEXT("ntkrnlpa 5.00.2195.7035 (german)"),
TEXT("42258C0E1A2D40"),
{
.NtCreateProcess = (void*) 0x000E6218,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000CEB90,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E7280,
.NtQueryInformationFile = (void*) 0x000AC5F4,
.NtQueryKey = (void*) 0x0011761A,
.NtQueryValueKey = (void*) 0x001178B0,
.NtSetInformationFile = (void*) 0x000ACC7A,
.NtSetValueKey = (void*) 0x00117F42,
.ObpFreeObject = (void*) 0x000DBCA4,
.PspTerminateProcess = (void*) 0x000E7402,
.swprintf = (void*) 0x000646E0,
.ZwOpenProcess = (void*) 0x0002FF18,
.ZwProtectVirtualMemory = (void*) 0x0002FFE8,
.ZwReadVirtualMemory = (void*) 0x000302B8,
}
},
{
TEXT("ntkrnlpa 5.00.2195.7035 (spanish)"),
TEXT("42258C0E1A38C0"),
{
.NtCreateProcess = (void*) 0x000E6218,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000CEB90,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E7280,
.NtQueryInformationFile = (void*) 0x000AC5F4,
.NtQueryKey = (void*) 0x0011761A,
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -