From ba45b572720d6894b43bff853f8f7e0356d3fbfc Mon Sep 17 00:00:00 2001 From: "KJK::Hyperion" Date: Mon, 12 Apr 2004 22:07:45 +0000 Subject: [PATCH] System call thunk generation made marginally more portable: - generate real C functions with inline asm. Should fix a problem with cross-compilation on 64-bit hosts - store parameter count, not parameter block size in sysfuncs.lst svn path=/trunk/; revision=9119 --- reactos/iface/addsys/genw32k.c | 147 ++++++----- reactos/iface/native/genntdll.c | 154 ++++++----- reactos/iface/native/sysfuncs.lst | 426 +++++++++++++++--------------- 3 files changed, 386 insertions(+), 341 deletions(-) diff --git a/reactos/iface/addsys/genw32k.c b/reactos/iface/addsys/genw32k.c index c43c9775e1b..5b95ded4db6 100644 --- a/reactos/iface/addsys/genw32k.c +++ b/reactos/iface/addsys/genw32k.c @@ -1,4 +1,4 @@ -/* $Id: genw32k.c,v 1.9 2004/04/07 15:32:24 ekohl Exp $ +/* $Id: genw32k.c,v 1.10 2004/04/12 22:07:45 hyperion Exp $ * * COPYRIGHT: See COPYING in the top level directory * PROJECT: ReactOS version of ntdll @@ -29,14 +29,82 @@ /* FUNCTIONS ****************************************************************/ +void write_stub_header(FILE * out) +{ + fputs + ( + "/* Machine generated, don't edit */\n" + "\n" + "#ifdef __cplusplus\n" + "#define EXTERN_C extern \"C\"\n" + "#else\n" + "#define EXTERN_C\n" + "#endif\n" + "\n" + "EXTERN_C static __inline__ __attribute__((regparm(2)))" + "void*ZwRosSystemServiceThunk(long n,void*a)" + "{" + "void*ret;" + "__asm__" + "(" + "\"int $0x2E\":" + "\"=a\"(ret):" + "\"a\"(n),\"d\"(a)" + ");" + "return ret;" + "}\n", + out + ); +} + +void write_syscall_stub_func(FILE* out, char* name, unsigned nr_args, + unsigned int sys_call_idx) +{ + unsigned i; + + fprintf(out, "EXTERN_C void*__stdcall %s(", name); + + if(nr_args == 0) + fputs("void", out); + else + for(i = 0; i < nr_args; ++ i) + { + if(i > 0) + fputs(",", out); + + fprintf(out, "void*a%u", i); + } + + fputs("){", out); + + if(nr_args > 1) + for(i = 1; i < nr_args; ++ i) + fprintf(out, "(void)a%u;", i); + + fprintf(out, "return ZwRosSystemServiceThunk(%u,", sys_call_idx); + + if(nr_args == 0) + fputs("0", out); + else + fputs("&a0", out); + + fputs(");}\n", out); +} + +void write_syscall_stub(FILE* out1, FILE* out2, char* name, + unsigned nr_args, unsigned int sys_call_idx) +{ + write_syscall_stub_func(out1, name, nr_args, sys_call_idx); + write_syscall_stub_func(out2, name, nr_args, sys_call_idx); +} + int makeSystemServiceTable(FILE *in, FILE *out) { char line [INPUT_BUFFER_SIZE]; char *s; char *name; int sys_call_idx; -char *nr_args; -char *stmp; +char *snr_args; /* * Main SSDT Header @@ -67,15 +135,7 @@ char *stmp; { /* Extract the NtXXX name */ name = (char *)strtok(s," \t"); - /* Extract the stack size */ - nr_args = (char *)strtok(NULL," \t"); - /* - * Remove, if present, the trailing LF. - */ - if ((stmp = strchr(nr_args, '\n')) != NULL) - { - *stmp = '\0'; - } + #ifdef VERBOSE printf("%3d \"%s\"\n",sys_call_idx | INDEX,name); #endif @@ -123,14 +183,8 @@ char *stmp; /* Extract the NtXXX name */ name = (char *)strtok(s," \t"); /* Extract the stack size */ - nr_args = (char *)strtok(NULL," \t"); - /* - * Remove, if present, the trailing LF. - */ - if ((stmp = strchr(nr_args, '\n')) != NULL) - { - *stmp = '\0'; - } + snr_args = (char *)strtok(NULL," \t"); + #ifdef VERBOSE printf("%3d \"%s\"\n",sys_call_idx|INDEX,name); #endif @@ -143,7 +197,7 @@ char *stmp; * Now write the current system call's ID * in the service table along with its Parameters Size. */ - fprintf(out,"\t\t%d",atoi(nr_args) * sizeof(void*)); + fprintf(out,"\t\t%lu * sizeof(void*)", strtoul(snr_args, NULL, 0)); /* Next system call index */ sys_call_idx++; @@ -177,21 +231,17 @@ process( char * s; char * name; /* NtXXX name */ int sys_call_idx; /* NtXXX index number in the service table */ - char * nr_args; /* stack_size / machine_word_size */ - char * stmp; - int stacksize; + char * snr_args; /* stack_size / machine_word_size */ /* * GDI32 stubs file header */ - fprintf(out1,"// Machine generated, don't edit\n"); - fprintf(out1,"\n\n"); + write_stub_header(out1); /* * USER32 stubs file header */ - fprintf(out2,"// Machine generated, don't edit\n"); - fprintf(out2,"\n\n"); + write_stub_header(out2); /* * Scan the database. DB is a text file; each line @@ -230,48 +280,13 @@ process( /* Extract the NtXXX name */ name = (char *)strtok(s," \t"); /* Extract the stack size */ - nr_args = (char *)strtok(NULL," \t"); - stacksize = atoi(nr_args)*sizeof(void*); - /* - * Remove, if present, the trailing LF. - */ - if ((stmp = strchr(nr_args, '\n')) != NULL) - { - *stmp = '\0'; - } + snr_args = (char *)strtok(NULL," \t"); + #ifdef VERBOSE printf("%3d \"%s\"\n",sys_call_idx | INDEX,name); #endif - /* - * Write the GDI32 stub for the current system call. - */ -#ifdef PARAMETERIZED_LIBS - fprintf(out1,"__asm__(\"\\n\\t.global _%s@%d\\n\\t\"\n",name,stacksize); - fprintf(out1,"\"_%s@%d:\\n\\t\"\n",name,stacksize); -#else - fprintf(out1,"__asm__(\"\\n\\t.global _%s\\n\\t\"\n",name); - fprintf(out1,"\"_%s:\\n\\t\"\n",name); -#endif - fprintf(out1,"\t\"mov\t$%d,%%eax\\n\\t\"\n",sys_call_idx | INDEX); - fprintf(out1,"\t\"lea\t4(%%esp),%%edx\\n\\t\"\n"); - fprintf(out1,"\t\"int\t$0x2E\\n\\t\"\n"); - fprintf(out1,"\t\"ret\t$%d\\n\\t\");\n\n",stacksize); - - /* - * Write the USER32 stub for the current system call - */ -#ifdef PARAMETERIZED_LIBS - fprintf(out2,"__asm__(\"\\n\\t.global _%s@%d\\n\\t\"\n",name,stacksize); - fprintf(out2,"\"_%s@%d:\\n\\t\"\n",name,stacksize); -#else - fprintf(out2,"__asm__(\"\\n\\t.global _%s\\n\\t\"\n",name); - fprintf(out2,"\"_%s:\\n\\t\"\n",name); -#endif - fprintf(out2,"\t\"mov\t$%d,%%eax\\n\\t\"\n",sys_call_idx | INDEX); - fprintf(out2,"\t\"lea\t4(%%esp),%%edx\\n\\t\"\n"); - fprintf(out2,"\t\"int\t$0x2E\\n\\t\"\n"); - fprintf(out2,"\t\"ret\t$%d\\n\\t\");\n\n",stacksize); + write_syscall_stub(out1, out2, name, strtoul(snr_args, NULL, 0), sys_call_idx | INDEX); /* Next system call index */ sys_call_idx++; diff --git a/reactos/iface/native/genntdll.c b/reactos/iface/native/genntdll.c index 795de62c820..b81e22ba14f 100644 --- a/reactos/iface/native/genntdll.c +++ b/reactos/iface/native/genntdll.c @@ -1,4 +1,4 @@ -/* $Id: genntdll.c,v 1.16 2004/04/07 15:32:41 ekohl Exp $ +/* $Id: genntdll.c,v 1.17 2004/04/12 22:07:45 hyperion Exp $ * * COPYRIGHT: See COPYING in the top level directory * PROJECT: ReactOS version of ntdll @@ -11,6 +11,12 @@ * to twin NtXXX calls, via int 0x2e (x86). * 19990617 (ea) * Fixed a bug in function numbers in kernel ZwXXX stubs. + * 20040406 (kjkh) + * The sysfuncs.lst file now specifies the number of parameters, + * not their stack size, for obvious portability reastons. Also, we + * now generate real C functions to let the compiler do the correct + * name decoration and whatever else (this also makes this tool + * marginally more portable). * */ @@ -28,43 +34,80 @@ /* FUNCTIONS ****************************************************************/ -void write_syscall_stub(FILE* out, FILE* out3, char* name, char* name2, - char* nr_args, unsigned int sys_call_idx) +void write_stub_header(FILE * out) { -#ifdef PARAMETERIZED_LIBS - fprintf(out,"__asm__(\"\\n\\t.global _%s@%s\\n\\t\"\n",name,nr_args); - fprintf(out,"\".global _%s@%s\\n\\t\"\n",name2,nr_args); - fprintf(out,"\"_%s@%s:\\n\\t\"\n",name,nr_args); - fprintf(out,"\"_%s@%s:\\n\\t\"\n",name2,nr_args); -#else - fprintf(out,"__asm__(\"\\n\\t.global _%s\\n\\t\"\n",name); - fprintf(out,"\".global _%s\\n\\t\"\n",name2); - fprintf(out,"\"_%s:\\n\\t\"\n",name); - fprintf(out,"\"_%s:\\n\\t\"\n",name2); -#endif - fprintf(out,"\t\"pushl\t%%ebp\\n\\t\"\n"); - fprintf(out,"\t\"movl\t%%esp, %%ebp\\n\\t\"\n"); - fprintf(out,"\t\"mov\t$%d,%%eax\\n\\t\"\n",sys_call_idx); - fprintf(out,"\t\"lea\t8(%%ebp),%%edx\\n\\t\"\n"); - fprintf(out,"\t\"int\t$0x2E\\n\\t\"\n"); - fprintf(out,"\t\"popl\t%%ebp\\n\\t\"\n"); - fprintf(out,"\t\"ret\t$%s\\n\\t\");\n\n",nr_args); - + fputs + ( + "/* Machine generated, don't edit */\n" + "\n" + "#ifdef __cplusplus\n" + "#define EXTERN_C extern \"C\"\n" + "#else\n" + "#define EXTERN_C\n" + "#endif\n" + "\n" + "EXTERN_C static __inline__ __attribute__((regparm(2)))" + "void*ZwRosSystemServiceThunk(long n,void*a)" + "{" + "void*ret;" + "__asm__" + "(" + "\"int $0x2E\":" + "\"=a\"(ret):" + "\"a\"(n),\"d\"(a)" + ");" + "return ret;" + "}\n", + out + ); +} + +void write_syscall_stub_func(FILE* out, char* name, unsigned nr_args, + unsigned int sys_call_idx) +{ + unsigned i; + + fprintf(out, "EXTERN_C void*__stdcall %s(", name); + + if(nr_args == 0) + fputs("void", out); + else + for(i = 0; i < nr_args; ++ i) + { + if(i > 0) + fputs(",", out); + + fprintf(out, "void*a%u", i); + } + + fputs("){", out); + + if(nr_args > 1) + for(i = 1; i < nr_args; ++ i) + fprintf(out, "(void)a%u;", i); + + fprintf(out, "return ZwRosSystemServiceThunk(%u,", sys_call_idx); + + if(nr_args == 0) + fputs("0", out); + else + fputs("&a0", out); + + fputs(");}\n", out); +} + +void write_syscall_stub(FILE* out, FILE* out3, char* name, char* name2, + unsigned nr_args, unsigned int sys_call_idx) +{ + write_syscall_stub_func(out, name, nr_args, sys_call_idx); + write_syscall_stub_func(out, name2, nr_args, sys_call_idx); + /* * Now write the NTOSKRNL stub for the * current system call. ZwXXX does NOT * alias the corresponding NtXXX call. */ - fprintf(out3,"__asm__(\n"); - fprintf(out3,"\".global _%s@%s\\n\\t\"\n",name2,nr_args); - fprintf(out3,"\"_%s@%s:\\n\\t\"\n",name2,nr_args); - fprintf(out3,"\t\"pushl\t%%ebp\\n\\t\"\n"); - fprintf(out3,"\t\"movl\t%%esp, %%ebp\\n\\t\"\n"); - fprintf(out3,"\t\"mov\t$%d,%%eax\\n\\t\"\n",sys_call_idx); - fprintf(out3,"\t\"lea\t8(%%ebp),%%edx\\n\\t\"\n"); - fprintf(out3,"\t\"int\t$0x2E\\n\\t\"\n"); - fprintf(out3,"\t\"popl\t%%ebp\\n\\t\"\n"); - fprintf(out3,"\t\"ret\t$%s\\n\\t\");\n\n",nr_args); + write_syscall_stub_func(out3, name2, nr_args, sys_call_idx); } int makeSystemServiceTable(FILE *in, FILE *out) @@ -74,13 +117,13 @@ char *s; char *name; char *name2; int sys_call_idx; -char *nr_args; +char *snr_args; char *stmp; /* * Main SSDT Header */ - fprintf(out,"// Machine generated, don't edit\n"); + fprintf(out,"/* Machine generated, don't edit */\n"); fprintf(out,"\n\n"); /* @@ -114,12 +157,12 @@ char *stmp; /* Extract the ZwXXX name */ name2 = (char *)strtok(NULL," \t"); //value = strtok(NULL," \t"); - /* Extract the stack size */ - nr_args = (char *)strtok(NULL," \t"); + /* Extract the argument count */ + snr_args = (char *)strtok(NULL," \t"); /* * Remove, if present, the trailing LF. */ - if ((stmp = strchr(nr_args, '\n')) != NULL) + if ((stmp = strchr(snr_args, '\n')) != NULL) { *stmp = '\0'; } @@ -173,15 +216,8 @@ char *stmp; /* Extract the ZwXXX name */ name2 = (char *)strtok(NULL," \t"); //value = strtok(NULL," \t"); - /* Extract the stack size */ - nr_args = (char *)strtok(NULL," \t"); - /* - * Remove, if present, the trailing LF. - */ - if ((stmp = strchr(nr_args, '\n')) != NULL) - { - *stmp = '\0'; - } + /* Extract the argument count */ + snr_args = (char *)strtok(NULL," \t"); #ifdef VERBOSE printf("%3d \"%s\"\n",sys_call_idx,name); #endif @@ -194,7 +230,7 @@ char *stmp; * Now write the current system call's ID * in the service table along with its Parameters Size. */ - fprintf(out,"\t\t%s",nr_args); + fprintf(out,"\t\t%lu * sizeof(void *)",strtoul(snr_args, NULL, 0)); } } /* @@ -226,20 +262,18 @@ process( char * name; /* NtXXX name */ char * name2; /* ZwXXX name */ int sys_call_idx; /* NtXXX index number in the service table */ - char * nr_args; /* stack_size / machine_word_size */ - char * stmp; + char * snr_args; /* stack_size / machine_word_size */ /* * NTDLL stubs file header */ - fprintf(out,"// Machine generated, don't edit\n"); - fprintf(out,"\n\n"); + write_stub_header(out); /* * NTOSKRNL Zw functions stubs header */ - fprintf(out3,"// Machine generated, don't edit\n"); - fprintf(out3,"\n\n"); + write_stub_header(out3); + /* * Scan the database. DB is a text file; each line * is a record, which contains data for one system @@ -274,20 +308,16 @@ process( s = & line[0]; if ((*s) != '#' && (*s) != '\0') { + unsigned nr_args; + /* Extract the NtXXX name */ name = (char *)strtok(s," \t"); /* Extract the ZwXXX name */ name2 = (char *)strtok(NULL," \t"); //value = strtok(NULL," \t"); - /* Extract the stack size */ - nr_args = (char *)strtok(NULL," \t"); - /* - * Remove, if present, the trailing LF. - */ - if ((stmp = strchr(nr_args, '\n')) != NULL) - { - *stmp = '\0'; - } + /* Extract the argument count */ + snr_args = (char *)strtok(NULL," \t"); + nr_args = strtoul(snr_args, NULL, 0); #ifdef VERBOSE printf("%3d \"%s\"\n",sys_call_idx,name); #endif diff --git a/reactos/iface/native/sysfuncs.lst b/reactos/iface/native/sysfuncs.lst index 52e82a37661..cde4c07bab8 100644 --- a/reactos/iface/native/sysfuncs.lst +++ b/reactos/iface/native/sysfuncs.lst @@ -1,213 +1,213 @@ -NtAcceptConnectPort ZwAcceptConnectPort 24 -NtAccessCheck ZwAccessCheck 32 -NtAccessCheckAndAuditAlarm ZwAccessCheckAndAuditAlarm 44 -NtAddAtom ZwAddAtom 8 -NtAdjustGroupsToken ZwAdjustGroupsToken 24 -NtAdjustPrivilegesToken ZwAdjustPrivilegesToken 24 -NtAlertResumeThread ZwAlertResumeThread 8 -NtAlertThread ZwAlertThread 4 -NtAllocateLocallyUniqueId ZwAllocateLocallyUniqueId 4 -NtAllocateUuids ZwAllocateUuids 12 -NtAllocateVirtualMemory ZwAllocateVirtualMemory 24 -NtCallbackReturn ZwCallbackReturn 12 -NtCancelIoFile ZwCancelIoFile 8 -NtCancelTimer ZwCancelTimer 8 -NtClearEvent ZwClearEvent 4 -NtClose ZwClose 4 -NtCloseObjectAuditAlarm ZwCloseObjectAuditAlarm 12 -NtCompleteConnectPort ZwCompleteConnectPort 4 -NtConnectPort ZwConnectPort 32 -NtContinue ZwContinue 8 -NtCreateDirectoryObject ZwCreateDirectoryObject 12 -NtCreateEvent ZwCreateEvent 20 -NtCreateEventPair ZwCreateEventPair 12 -NtCreateFile ZwCreateFile 44 -NtCreateIoCompletion ZwCreateIoCompletion 16 -NtCreateKey ZwCreateKey 28 -NtCreateMailslotFile ZwCreateMailslotFile 32 -NtCreateMutant ZwCreateMutant 16 -NtCreateNamedPipeFile ZwCreateNamedPipeFile 56 -NtCreatePagingFile ZwCreatePagingFile 16 -NtCreatePort ZwCreatePort 20 -NtCreateProcess ZwCreateProcess 32 -NtCreateProfile ZwCreateProfile 36 -NtCreateSection ZwCreateSection 28 -NtCreateSemaphore ZwCreateSemaphore 20 -NtCreateSymbolicLinkObject ZwCreateSymbolicLinkObject 16 -NtCreateThread ZwCreateThread 32 -NtCreateTimer ZwCreateTimer 16 -NtCreateToken ZwCreateToken 52 -NtCreateWaitablePort ZwCreateWaitablePort 20 -NtDelayExecution ZwDelayExecution 8 -NtDeleteAtom ZwDeleteAtom 4 -NtDeleteFile ZwDeleteFile 4 -NtDeleteKey ZwDeleteKey 4 -NtDeleteObjectAuditAlarm ZwDeleteObjectAuditAlarm 12 -NtDeleteValueKey ZwDeleteValueKey 8 -NtDeviceIoControlFile ZwDeviceIoControlFile 40 -NtDisplayString ZwDisplayString 4 -NtDuplicateObject ZwDuplicateObject 28 -NtDuplicateToken ZwDuplicateToken 24 -NtEnumerateKey ZwEnumerateKey 24 -NtEnumerateValueKey ZwEnumerateValueKey 24 -NtExtendSection ZwExtendSection 8 -NtFindAtom ZwFindAtom 8 -NtFlushBuffersFile ZwFlushBuffersFile 8 -NtFlushInstructionCache ZwFlushInstructionCache 12 -NtFlushKey ZwFlushKey 4 -NtFlushVirtualMemory ZwFlushVirtualMemory 16 -NtFlushWriteBuffer ZwFlushWriteBuffer 0 -NtFreeVirtualMemory ZwFreeVirtualMemory 16 -NtFsControlFile ZwFsControlFile 40 -NtGetContextThread ZwGetContextThread 8 -NtGetPlugPlayEvent ZwGetPlugPlayEvent 16 -NtGetTickCount ZwGetTickCount 4 -NtImpersonateClientOfPort ZwImpersonateClientOfPort 8 -NtImpersonateThread ZwImpersonateThread 12 -NtInitializeRegistry ZwInitializeRegistry 4 -NtListenPort ZwListenPort 8 -NtLoadDriver ZwLoadDriver 4 -NtLoadKey ZwLoadKey 8 -NtLoadKey2 ZwLoadKey2 12 -NtLockFile ZwLockFile 40 -NtLockVirtualMemory ZwLockVirtualMemory 16 -NtMakeTemporaryObject ZwMakeTemporaryObject 4 -NtMapViewOfSection ZwMapViewOfSection 40 -NtNotifyChangeDirectoryFile ZwNotifyChangeDirectoryFile 36 -NtNotifyChangeKey ZwNotifyChangeKey 40 -NtOpenDirectoryObject ZwOpenDirectoryObject 12 -NtOpenEvent ZwOpenEvent 12 -NtOpenEventPair ZwOpenEventPair 12 -NtOpenFile ZwOpenFile 24 -NtOpenIoCompletion ZwOpenIoCompletion 12 -NtOpenKey ZwOpenKey 12 -NtOpenMutant ZwOpenMutant 12 -NtOpenObjectAuditAlarm ZwOpenObjectAuditAlarm 48 -NtOpenProcess ZwOpenProcess 16 -NtOpenProcessToken ZwOpenProcessToken 12 -NtOpenSection ZwOpenSection 12 -NtOpenSemaphore ZwOpenSemaphore 12 -NtOpenSymbolicLinkObject ZwOpenSymbolicLinkObject 12 -NtOpenThread ZwOpenThread 16 -NtOpenThreadToken ZwOpenThreadToken 16 -NtOpenTimer ZwOpenTimer 12 -NtPlugPlayControl ZwPlugPlayControl 16 -NtPrivilegeCheck ZwPrivilegeCheck 12 -NtPrivilegedServiceAuditAlarm ZwPrivilegedServiceAuditAlarm 20 -NtPrivilegeObjectAuditAlarm ZwPrivilegeObjectAuditAlarm 24 -NtProtectVirtualMemory ZwProtectVirtualMemory 20 -NtPulseEvent ZwPulseEvent 8 -NtQueryInformationAtom ZwQueryInformationAtom 20 -NtQueryAttributesFile ZwQueryAttributesFile 8 -NtQueryDefaultLocale ZwQueryDefaultLocale 8 -NtQueryDirectoryFile ZwQueryDirectoryFile 44 -NtQueryDirectoryObject ZwQueryDirectoryObject 28 -NtQueryEaFile ZwQueryEaFile 36 -NtQueryEvent ZwQueryEvent 20 -NtQueryFullAttributesFile ZwQueryFullAttributesFile 8 -NtQueryInformationFile ZwQueryInformationFile 20 -NtQueryInformationPort ZwQueryInformationPort 20 -NtQueryInformationProcess ZwQueryInformationProcess 20 -NtQueryInformationThread ZwQueryInformationThread 20 -NtQueryInformationToken ZwQueryInformationToken 20 -NtQueryIntervalProfile ZwQueryIntervalProfile 8 -NtQueryIoCompletion ZwQueryIoCompletion 20 -NtQueryKey ZwQueryKey 20 -NtQueryMultipleValueKey ZwQueryMultipleValueKey 24 -NtQueryMutant ZwQueryMutant 20 -NtQueryObject ZwQueryObject 20 -NtQueryOleDirectoryFile ZwQueryOleDirectoryFile 44 -NtQueryPerformanceCounter ZwQueryPerformanceCounter 8 -NtQuerySection ZwQuerySection 20 -NtQuerySecurityObject ZwQuerySecurityObject 20 -NtQuerySemaphore ZwQuerySemaphore 20 -NtQuerySymbolicLinkObject ZwQuerySymbolicLinkObject 12 -NtQuerySystemEnvironmentValue ZwQuerySystemEnvironmentValue 16 -NtQuerySystemInformation ZwQuerySystemInformation 16 -NtQuerySystemTime ZwQuerySystemTime 4 -NtQueryTimer ZwQueryTimer 20 -NtQueryTimerResolution ZwQueryTimerResolution 12 -NtQueryValueKey ZwQueryValueKey 24 -NtQueryVirtualMemory ZwQueryVirtualMemory 24 -NtQueryVolumeInformationFile ZwQueryVolumeInformationFile 20 -NtQueueApcThread ZwQueueApcThread 20 -NtRaiseException ZwRaiseException 12 -NtRaiseHardError ZwRaiseHardError 24 -NtReadFile ZwReadFile 36 -NtReadFileScatter ZwReadFileScatter 36 -NtReadRequestData ZwReadRequestData 24 -NtReadVirtualMemory ZwReadVirtualMemory 20 -NtRegisterThreadTerminatePort ZwRegisterThreadTerminatePort 4 -NtReleaseMutant ZwReleaseMutant 8 -NtReleaseSemaphore ZwReleaseSemaphore 12 -NtRemoveIoCompletion ZwRemoveIoCompletion 20 -NtReplaceKey ZwReplaceKey 12 -NtReplyPort ZwReplyPort 8 -NtReplyWaitReceivePort ZwReplyWaitReceivePort 16 -NtReplyWaitReplyPort ZwReplyWaitReplyPort 8 -NtRequestPort ZwRequestPort 8 -NtRequestWaitReplyPort ZwRequestWaitReplyPort 12 -NtResetEvent ZwResetEvent 8 -NtRestoreKey ZwRestoreKey 12 -NtResumeThread ZwResumeThread 8 -NtSaveKey ZwSaveKey 8 -NtSetIoCompletion ZwSetIoCompletion 20 -NtSetContextThread ZwSetContextThread 8 -NtSetDefaultHardErrorPort ZwSetDefaultHardErrorPort 4 -NtSetDefaultLocale ZwSetDefaultLocale 8 -NtSetEaFile ZwSetEaFile 16 -NtSetEvent ZwSetEvent 8 -NtSetHighEventPair ZwSetHighEventPair 4 -NtSetHighWaitLowEventPair ZwSetHighWaitLowEventPair 4 -NtSetHighWaitLowThread ZwSetHighWaitLowThread 0 -NtSetInformationFile ZwSetInformationFile 20 -NtSetInformationKey ZwSetInformationKey 16 -NtSetInformationObject ZwSetInformationObject 16 -NtSetInformationProcess ZwSetInformationProcess 16 -NtSetInformationThread ZwSetInformationThread 16 -NtSetInformationToken ZwSetInformationToken 16 -NtSetIntervalProfile ZwSetIntervalProfile 8 -NtSetLdtEntries ZwSetLdtEntries 24 -NtSetLowEventPair ZwSetLowEventPair 4 -NtSetLowWaitHighEventPair ZwSetLowWaitHighEventPair 4 -NtSetLowWaitHighThread ZwSetLowWaitHighThread 0 -NtSetSecurityObject ZwSetSecurityObject 12 -NtSetSystemEnvironmentValue ZwSetSystemEnvironmentValue 8 -NtSetSystemInformation ZwSetSystemInformation 12 -NtSetSystemPowerState ZwSetSystemPowerState 12 -NtSetSystemTime ZwSetSystemTime 8 -NtSetTimer ZwSetTimer 28 -NtSetTimerResolution ZwSetTimerResolution 12 -NtSetValueKey ZwSetValueKey 24 -NtSetVolumeInformationFile ZwSetVolumeInformationFile 20 -NtShutdownSystem ZwShutdownSystem 4 -NtSignalAndWaitForSingleObject ZwSignalAndWaitForSingleObject 16 -NtStartProfile ZwStartProfile 4 -NtStopProfile ZwStopProfile 4 -NtSuspendThread ZwSuspendThread 8 -NtSystemDebugControl ZwSystemDebugControl 24 -NtTerminateProcess ZwTerminateProcess 8 -NtTerminateThread ZwTerminateThread 8 -NtTestAlert ZwTestAlert 0 -NtUnloadDriver ZwUnloadDriver 4 -NtUnloadKey ZwUnloadKey 4 -NtUnlockFile ZwUnlockFile 20 -NtUnlockVirtualMemory ZwUnlockVirtualMemory 16 -NtUnmapViewOfSection ZwUnmapViewOfSection 8 -NtVdmControl ZwVdmControl 8 -NtWaitForMultipleObjects ZwWaitForMultipleObjects 20 -NtWaitForSingleObject ZwWaitForSingleObject 12 -NtWaitHighEventPair ZwWaitHighEventPair 4 -NtWaitLowEventPair ZwWaitLowEventPair 4 -NtWriteFile ZwWriteFile 36 -NtWriteFileGather ZwWriteFileGather 36 -NtWriteRequestData ZwWriteRequestData 24 -NtWriteVirtualMemory ZwWriteVirtualMemory 20 -NtW32Call ZwW32Call 20 -NtCreateChannel ZwCreateChannel 8 -NtListenChannel ZwListenChannel 8 -NtOpenChannel ZwOpenChannel 8 -NtReplyWaitSendChannel ZwReplyWaitSendChannel 12 -NtSendWaitReplyChannel ZwSendWaitReplyChannel 16 -NtSetContextChannel ZwSetContextChannel 4 -NtYieldExecution ZwYieldExecution 0 +NtAcceptConnectPort ZwAcceptConnectPort 6 +NtAccessCheck ZwAccessCheck 8 +NtAccessCheckAndAuditAlarm ZwAccessCheckAndAuditAlarm 11 +NtAddAtom ZwAddAtom 2 +NtAdjustGroupsToken ZwAdjustGroupsToken 6 +NtAdjustPrivilegesToken ZwAdjustPrivilegesToken 6 +NtAlertResumeThread ZwAlertResumeThread 2 +NtAlertThread ZwAlertThread 1 +NtAllocateLocallyUniqueId ZwAllocateLocallyUniqueId 1 +NtAllocateUuids ZwAllocateUuids 3 +NtAllocateVirtualMemory ZwAllocateVirtualMemory 6 +NtCallbackReturn ZwCallbackReturn 3 +NtCancelIoFile ZwCancelIoFile 2 +NtCancelTimer ZwCancelTimer 2 +NtClearEvent ZwClearEvent 1 +NtClose ZwClose 1 +NtCloseObjectAuditAlarm ZwCloseObjectAuditAlarm 3 +NtCompleteConnectPort ZwCompleteConnectPort 1 +NtConnectPort ZwConnectPort 8 +NtContinue ZwContinue 2 +NtCreateDirectoryObject ZwCreateDirectoryObject 3 +NtCreateEvent ZwCreateEvent 5 +NtCreateEventPair ZwCreateEventPair 3 +NtCreateFile ZwCreateFile 11 +NtCreateIoCompletion ZwCreateIoCompletion 4 +NtCreateKey ZwCreateKey 7 +NtCreateMailslotFile ZwCreateMailslotFile 8 +NtCreateMutant ZwCreateMutant 4 +NtCreateNamedPipeFile ZwCreateNamedPipeFile 14 +NtCreatePagingFile ZwCreatePagingFile 4 +NtCreatePort ZwCreatePort 5 +NtCreateProcess ZwCreateProcess 8 +NtCreateProfile ZwCreateProfile 9 +NtCreateSection ZwCreateSection 7 +NtCreateSemaphore ZwCreateSemaphore 5 +NtCreateSymbolicLinkObject ZwCreateSymbolicLinkObject 4 +NtCreateThread ZwCreateThread 8 +NtCreateTimer ZwCreateTimer 4 +NtCreateToken ZwCreateToken 13 +NtCreateWaitablePort ZwCreateWaitablePort 5 +NtDelayExecution ZwDelayExecution 2 +NtDeleteAtom ZwDeleteAtom 1 +NtDeleteFile ZwDeleteFile 1 +NtDeleteKey ZwDeleteKey 1 +NtDeleteObjectAuditAlarm ZwDeleteObjectAuditAlarm 3 +NtDeleteValueKey ZwDeleteValueKey 2 +NtDeviceIoControlFile ZwDeviceIoControlFile 10 +NtDisplayString ZwDisplayString 1 +NtDuplicateObject ZwDuplicateObject 7 +NtDuplicateToken ZwDuplicateToken 6 +NtEnumerateKey ZwEnumerateKey 6 +NtEnumerateValueKey ZwEnumerateValueKey 6 +NtExtendSection ZwExtendSection 2 +NtFindAtom ZwFindAtom 2 +NtFlushBuffersFile ZwFlushBuffersFile 2 +NtFlushInstructionCache ZwFlushInstructionCache 3 +NtFlushKey ZwFlushKey 1 +NtFlushVirtualMemory ZwFlushVirtualMemory 4 +NtFlushWriteBuffer ZwFlushWriteBuffer 0 +NtFreeVirtualMemory ZwFreeVirtualMemory 4 +NtFsControlFile ZwFsControlFile 10 +NtGetContextThread ZwGetContextThread 2 +NtGetPlugPlayEvent ZwGetPlugPlayEvent 4 +NtGetTickCount ZwGetTickCount 1 +NtImpersonateClientOfPort ZwImpersonateClientOfPort 2 +NtImpersonateThread ZwImpersonateThread 3 +NtInitializeRegistry ZwInitializeRegistry 1 +NtListenPort ZwListenPort 2 +NtLoadDriver ZwLoadDriver 1 +NtLoadKey ZwLoadKey 2 +NtLoadKey2 ZwLoadKey2 3 +NtLockFile ZwLockFile 10 +NtLockVirtualMemory ZwLockVirtualMemory 4 +NtMakeTemporaryObject ZwMakeTemporaryObject 1 +NtMapViewOfSection ZwMapViewOfSection 10 +NtNotifyChangeDirectoryFile ZwNotifyChangeDirectoryFile 9 +NtNotifyChangeKey ZwNotifyChangeKey 10 +NtOpenDirectoryObject ZwOpenDirectoryObject 3 +NtOpenEvent ZwOpenEvent 3 +NtOpenEventPair ZwOpenEventPair 3 +NtOpenFile ZwOpenFile 6 +NtOpenIoCompletion ZwOpenIoCompletion 3 +NtOpenKey ZwOpenKey 3 +NtOpenMutant ZwOpenMutant 3 +NtOpenObjectAuditAlarm ZwOpenObjectAuditAlarm 12 +NtOpenProcess ZwOpenProcess 4 +NtOpenProcessToken ZwOpenProcessToken 3 +NtOpenSection ZwOpenSection 3 +NtOpenSemaphore ZwOpenSemaphore 3 +NtOpenSymbolicLinkObject ZwOpenSymbolicLinkObject 3 +NtOpenThread ZwOpenThread 4 +NtOpenThreadToken ZwOpenThreadToken 4 +NtOpenTimer ZwOpenTimer 3 +NtPlugPlayControl ZwPlugPlayControl 4 +NtPrivilegeCheck ZwPrivilegeCheck 3 +NtPrivilegedServiceAuditAlarm ZwPrivilegedServiceAuditAlarm 5 +NtPrivilegeObjectAuditAlarm ZwPrivilegeObjectAuditAlarm 6 +NtProtectVirtualMemory ZwProtectVirtualMemory 5 +NtPulseEvent ZwPulseEvent 2 +NtQueryInformationAtom ZwQueryInformationAtom 5 +NtQueryAttributesFile ZwQueryAttributesFile 2 +NtQueryDefaultLocale ZwQueryDefaultLocale 2 +NtQueryDirectoryFile ZwQueryDirectoryFile 11 +NtQueryDirectoryObject ZwQueryDirectoryObject 7 +NtQueryEaFile ZwQueryEaFile 9 +NtQueryEvent ZwQueryEvent 5 +NtQueryFullAttributesFile ZwQueryFullAttributesFile 2 +NtQueryInformationFile ZwQueryInformationFile 5 +NtQueryInformationPort ZwQueryInformationPort 5 +NtQueryInformationProcess ZwQueryInformationProcess 5 +NtQueryInformationThread ZwQueryInformationThread 5 +NtQueryInformationToken ZwQueryInformationToken 5 +NtQueryIntervalProfile ZwQueryIntervalProfile 2 +NtQueryIoCompletion ZwQueryIoCompletion 5 +NtQueryKey ZwQueryKey 5 +NtQueryMultipleValueKey ZwQueryMultipleValueKey 6 +NtQueryMutant ZwQueryMutant 5 +NtQueryObject ZwQueryObject 5 +NtQueryOleDirectoryFile ZwQueryOleDirectoryFile 11 +NtQueryPerformanceCounter ZwQueryPerformanceCounter 2 +NtQuerySection ZwQuerySection 5 +NtQuerySecurityObject ZwQuerySecurityObject 5 +NtQuerySemaphore ZwQuerySemaphore 5 +NtQuerySymbolicLinkObject ZwQuerySymbolicLinkObject 3 +NtQuerySystemEnvironmentValue ZwQuerySystemEnvironmentValue 4 +NtQuerySystemInformation ZwQuerySystemInformation 4 +NtQuerySystemTime ZwQuerySystemTime 1 +NtQueryTimer ZwQueryTimer 5 +NtQueryTimerResolution ZwQueryTimerResolution 3 +NtQueryValueKey ZwQueryValueKey 6 +NtQueryVirtualMemory ZwQueryVirtualMemory 6 +NtQueryVolumeInformationFile ZwQueryVolumeInformationFile 5 +NtQueueApcThread ZwQueueApcThread 5 +NtRaiseException ZwRaiseException 3 +NtRaiseHardError ZwRaiseHardError 6 +NtReadFile ZwReadFile 9 +NtReadFileScatter ZwReadFileScatter 9 +NtReadRequestData ZwReadRequestData 6 +NtReadVirtualMemory ZwReadVirtualMemory 5 +NtRegisterThreadTerminatePort ZwRegisterThreadTerminatePort 1 +NtReleaseMutant ZwReleaseMutant 2 +NtReleaseSemaphore ZwReleaseSemaphore 3 +NtRemoveIoCompletion ZwRemoveIoCompletion 5 +NtReplaceKey ZwReplaceKey 3 +NtReplyPort ZwReplyPort 2 +NtReplyWaitReceivePort ZwReplyWaitReceivePort 4 +NtReplyWaitReplyPort ZwReplyWaitReplyPort 2 +NtRequestPort ZwRequestPort 2 +NtRequestWaitReplyPort ZwRequestWaitReplyPort 3 +NtResetEvent ZwResetEvent 2 +NtRestoreKey ZwRestoreKey 3 +NtResumeThread ZwResumeThread 2 +NtSaveKey ZwSaveKey 2 +NtSetIoCompletion ZwSetIoCompletion 5 +NtSetContextThread ZwSetContextThread 2 +NtSetDefaultHardErrorPort ZwSetDefaultHardErrorPort 1 +NtSetDefaultLocale ZwSetDefaultLocale 2 +NtSetEaFile ZwSetEaFile 4 +NtSetEvent ZwSetEvent 2 +NtSetHighEventPair ZwSetHighEventPair 1 +NtSetHighWaitLowEventPair ZwSetHighWaitLowEventPair 1 +NtSetHighWaitLowThread ZwSetHighWaitLowThread 0 +NtSetInformationFile ZwSetInformationFile 5 +NtSetInformationKey ZwSetInformationKey 4 +NtSetInformationObject ZwSetInformationObject 4 +NtSetInformationProcess ZwSetInformationProcess 4 +NtSetInformationThread ZwSetInformationThread 4 +NtSetInformationToken ZwSetInformationToken 4 +NtSetIntervalProfile ZwSetIntervalProfile 2 +NtSetLdtEntries ZwSetLdtEntries 6 +NtSetLowEventPair ZwSetLowEventPair 1 +NtSetLowWaitHighEventPair ZwSetLowWaitHighEventPair 1 +NtSetLowWaitHighThread ZwSetLowWaitHighThread 0 +NtSetSecurityObject ZwSetSecurityObject 3 +NtSetSystemEnvironmentValue ZwSetSystemEnvironmentValue 2 +NtSetSystemInformation ZwSetSystemInformation 3 +NtSetSystemPowerState ZwSetSystemPowerState 3 +NtSetSystemTime ZwSetSystemTime 2 +NtSetTimer ZwSetTimer 7 +NtSetTimerResolution ZwSetTimerResolution 3 +NtSetValueKey ZwSetValueKey 6 +NtSetVolumeInformationFile ZwSetVolumeInformationFile 5 +NtShutdownSystem ZwShutdownSystem 1 +NtSignalAndWaitForSingleObject ZwSignalAndWaitForSingleObject 4 +NtStartProfile ZwStartProfile 1 +NtStopProfile ZwStopProfile 1 +NtSuspendThread ZwSuspendThread 2 +NtSystemDebugControl ZwSystemDebugControl 6 +NtTerminateProcess ZwTerminateProcess 2 +NtTerminateThread ZwTerminateThread 2 +NtTestAlert ZwTestAlert 0 +NtUnloadDriver ZwUnloadDriver 1 +NtUnloadKey ZwUnloadKey 1 +NtUnlockFile ZwUnlockFile 5 +NtUnlockVirtualMemory ZwUnlockVirtualMemory 4 +NtUnmapViewOfSection ZwUnmapViewOfSection 2 +NtVdmControl ZwVdmControl 2 +NtWaitForMultipleObjects ZwWaitForMultipleObjects 5 +NtWaitForSingleObject ZwWaitForSingleObject 3 +NtWaitHighEventPair ZwWaitHighEventPair 1 +NtWaitLowEventPair ZwWaitLowEventPair 1 +NtWriteFile ZwWriteFile 9 +NtWriteFileGather ZwWriteFileGather 9 +NtWriteRequestData ZwWriteRequestData 6 +NtWriteVirtualMemory ZwWriteVirtualMemory 5 +NtW32Call ZwW32Call 5 +NtCreateChannel ZwCreateChannel 2 +NtListenChannel ZwListenChannel 2 +NtOpenChannel ZwOpenChannel 2 +NtReplyWaitSendChannel ZwReplyWaitSendChannel 3 +NtSendWaitReplyChannel ZwSendWaitReplyChannel 4 +NtSetContextChannel ZwSetContextChannel 1 +NtYieldExecution ZwYieldExecution 0