summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--src/refs/NTHASH253
-rwxr-xr-xsrc/refs/nthash.sh11
2 files changed, 264 insertions, 0 deletions
diff --git a/src/refs/NTHASH b/src/refs/NTHASH
new file mode 100644
index 0000000..77ba37d
--- /dev/null
+++ b/src/refs/NTHASH
@@ -0,0 +1,253 @@
+ZwQueryObject
+ZwSetInformationObject
+ZwDuplicateObject
+ZwMakeTemporaryObject
+ZwClose
+ZwQuerySecurityObject
+ZwSetSecurityObject
+ZwCreateDirectoryObject
+ZwOpenDirectoryObject
+ZwQueryDirectoryObject
+ZwCreateSymbolicLinkObject
+ZwOpenSymbolicLinkObject
+ZwQuerySymbolicLinkObject
+ZwQuerySystemInformation
+ZwSetSystemInformation
+ZwQuerySystemEnvironmentValue
+ZwSetSystemEnvironmentValue
+ZwShutdownSystem
+ZwSystemDebugControl
+ZwAllocateVirtualMemory
+ZwFreeVirtualMemory
+ZwQueryVirtualMemory
+ZwProtectVirtualMemory
+ZwReadVirtualMemory
+ZwWriteVirtualMemory
+ZwLockVirtualMemory
+ZwUnlockVirtualMemory
+ZwFlushVirtualMemory
+ZwAllocateUserPhysicalPages
+ZwFreeUserPhysicalPages
+ZwMapUserPhysicalPages
+ZwGetWriteWatch
+ZwResetWriteWatch
+ZwCreateSection
+ZwOpenSection
+ZwQuerySection
+ZwExtendSection
+ZwMapViewOfSection
+ZwUnmapViewOfSection
+ZwAreMappedFilesTheSame
+ZwCreateThread
+ZwOpenThread
+ZwTerminateThread
+ZwQueryInformationThread
+ZwSetInformationThread
+ZwSuspendThread
+ZwResumeThread
+ZwGetContextThread
+ZwSetContextThread
+ZwQueueApcThread
+ZwTestAlert
+ZwAlertThread
+ZwAlertResumeThread
+ZwRegisterThreadTerminatePort
+ZwImpersonateThread
+ZwImpersonateAnonymousToken
+ZwCreateProcess
+ZwCreateUserProcess
+ZwOpenProcess
+ZwTerminateProcess
+ZwQueryInformationProcess
+ZwSetInformationProcess
+ZwFlushInstructionCache
+RtlCreateProcessParameters
+RtlDestroyProcessParameters
+RtlNormalizeProcessParams
+RtlCreateQueryDebugBuffer
+RtlDestroyQueryDebugBuffer
+RtlQueryProcessDebugInformation
+ZwCreateJobObject
+ZwOpenJobObject
+ZwTerminateJobObject
+ZwAssignProcessToJobObject
+ZwQueryInformationJobObject
+ZwSetInformationJobObject
+ZwCreateToken
+ZwOpenProcessToken
+ZwOpenThreadToken
+ZwDuplicateToken
+ZwFilterToken
+ZwAdjustPrivilegesToken
+ZwAdjustGroupsToken
+ZwQueryInformationToken
+ZwSetInformationToken
+ZwWaitForSingleObject
+ZwSignalAndWaitForSingleObject
+ZwWaitForMultipleObjects
+ZwCreateTimer
+ZwOpenTimer
+ZwCancelTimer
+ZwSetTimer
+ZwQueryTimer
+ZwCreateEvent
+ZwOpenEvent
+ZwSetEvent
+ZwPulseEvent
+ZwResetEvent
+ZwClearEvent
+ZwQueryEvent
+ZwCreateSemaphore
+ZwOpenSemaphore
+ZwReleaseSemaphore
+ZwQuerySemaphore
+ZwCreateMutant
+ZwOpenMutant
+ZwReleaseMutant
+ZwQueryMutant
+ZwCreateIoCompletion
+ZwOpenIoCompletion
+ZwSetIoCompletion
+ZwRemoveIoCompletion
+ZwQueryIoCompletion
+ZwCreateEventPair
+ZwOpenEventPair
+ZwWaitLowEventPair
+ZwSetLowEventPair
+ZwWaitHighEventPair
+ZwSetHighEventPair
+ZwSetLowWaitHighEventPair
+ZwSetHighWaitLowEventPair
+ZwQuerySystemTime
+ZwSetSystemTime
+ZwQueryPerformanceCounter
+ZwSetTimerResolution
+ZwQueryTimerResolution
+ZwDelayExecution
+ZwYieldExecution
+ZwCreateProfile
+ZwSetIntervalProfile
+ZwQueryIntervalProfile
+ZwStartProfile
+ZwStopProfile
+ZwCreatePort
+ZwCreateWaitablePort
+ZwConnectPort
+ZwSecureConnectPort
+ZwListenPort
+ZwAcceptConnectPort
+ZwCompleteConnectPort
+ZwRequestPort
+ZwRequestWaitReplyPort
+ZwReplyPort
+ZwReplyWaitReplyPort
+ZwReplyWaitReceivePort
+ZwReplyWaitReceivePortEx
+ZwReadRequestData
+ZwWriteRequestData
+ZwQueryInformationPort
+ZwImpersonateClientOfPort
+CsrClientCallServer
+CsrPortHandle
+ZwLoadDriver
+ZwUnloadDriver
+ZwCreateFile
+ZwOpenFile
+ZwDeleteFile
+ZwFlushBuffersFile
+ZwCancelIoFile
+ZwCancelIoFileEx
+ZwReadFile
+ZwWriteFile
+ZwReadFileScatter
+ZwWriteFileGather
+ZwLockFile
+ZwUnlockFile
+ZwDeviceIoControlFile
+ZwFsControlFile
+ZwNotifyChangeDirectoryFile
+ZwQueryEaFile
+ZwSetEaFile
+ZwCreateNamedPipeFile
+ZwCreateMailslotFile
+ZwQueryVolumeInformationFile
+ZwSetVolumeInformationFile
+ZwQueryQuotaInformationFile
+ZwSetQuotaInformationFile
+ZwQueryAttributesFile
+ZwQueryFullAttributesFile
+ZwQueryDirectoryFile
+ZwQueryInformationFile
+ZwSetInformationFile
+ZwCreateKey
+ZwOpenKey
+ZwDeleteKey
+ZwFlushKey
+ZwSaveKey
+ZwSaveMergedKeys
+ZwRestoreKey
+ZwLoadKey
+ZwLoadKey2
+ZwUnloadKey
+ZwQueryOpenSubKeys
+ZwReplaceKey
+ZwSetInformationKey
+ZwQueryKey
+ZwEnumerateKey
+ZwNotifyChangeKey
+ZwNotifyChangeMultipleKeys
+ZwDeleteValueKey
+ZwSetValueKey
+ZwQueryValueKey
+ZwEnumerateValueKey
+ZwQueryMultipleValueKey
+ZwInitializeRegistry
+ZwPrivilegeCheck
+ZwPrivilegeObjectAuditAlarm
+ZwPrivilegedServiceAuditAlarm
+ZwAccessCheck
+ZwAccessCheckAndAuditAlarm
+ZwAccessCheckByType
+ZwAccessCheckByTypeResultList
+ZwOpenObjectAuditAlarm
+ZwCloseObjectAuditAlarm
+ZwDeleteObjectAuditAlarm
+ZwAccessCheckByTypeAndAuditAlarm
+ZwAccessCheckByTypeResultListAndAuditAlarm
+ZwAccessCheckByTypeResultListAndAuditAlarmByHandle
+ZwIsSystemResumeAutomatic
+ZwSetThreadExecutionState
+ZwGetDevicePowerState
+ZwSetSystemPowerState
+ZwInitiatePowerAction
+ZwPowerInformation
+ZwPlugPlayControl
+ZwGetPlugPlayEvent
+ZwRaiseException
+ZwContinue
+ZwQueryDefaultLocale
+ZwSetDefaultLocale
+ZwQueryDefaultUILanguage
+ZwSetDefaultUILanguage
+ZwQueryInstallUILanguage
+ZwAllocateLocallyUniqueId
+ZwAllocateUuids
+ZwSetUuidSeed
+ZwAddAtom
+ZwFindAtom
+ZwDeleteAtom
+ZwQueryInformationAtom
+ZwFlushWriteBuffer
+ZwRaiseHardError
+ZwSetDefaultHardErrorPort
+ZwDisplayString
+ZwCreatePagingFile
+ZwSetLdtEntries
+ZwVdmControl
+LdrLoadDll
+LdrUnloadDll
+memset
+sprintf
+_snprintf
+vsprintf
+_vsnprintf
diff --git a/src/refs/nthash.sh b/src/refs/nthash.sh
new file mode 100755
index 0000000..fc9d3ba
--- /dev/null
+++ b/src/refs/nthash.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+printf '#define __NTAPI_HASH_TABLE %s\n' '\'
+
+N=0; for f in $(cat NTHASH); do
+ HASH="0x$(printf "%s\n" $f | mdso -c32 - | cut -d' ' -f1)";
+ printf "\t{0x%08x,\t(%d)},\t/* %s */ %s\n" $HASH $N $f '\';
+ N=$((N + 1));
+done | sort -k2 -g
+
+printf '\n#define __NT_IMPORTED_SYMBOLS_ARRAY_SIZE\t%d\n' "$(cat NTHASH | wc -l)"