windows internals
My Computer is not Your Corporate Playground
Dear so-called professional software development companies,
Would you please stop shitting all over my computer ?
I don’t want you to assume that I’m running as root. I’m not.
I don’t want you to register unneeded services or processes at startup.
I don’t want to use autoruns and process explorer to disable your products because you didn’t think it was necessary to include an uninstaller.
I don’t want you to spray your DLLs all over my system. Look, you have a nice little folder just for you, use it. Oh and please, *remove* them when you leave my system.
I don’t want to register your product so that you can harvest my email.
I don’t want to run your “quickloader” because apart from slowing everything else, it’s useless.
I don’t want to run your automatic updates service. Why does every single app in the world want to have a separate process in the background for checking updates ?
I don’t want you to store settings and data all over the registry or the Windows folder. What do you think my home folder is for ? Use it to store my *data*, morons.
And finally, I don’t want to launch a root shell just to remove your desktop icon because you didn’t think it was necessary to drop your rights.
Yours faithfully, dan.
Digging up System Calls Ordinals – on XP SP2 x64
In case anybody needs system call ordinals for an x64 system, I have retrieved them on my test machine since I couldn’t find them anywhere (not even metasploit’s system call table).
Ero Carrera posted a compact IDAPython script that did the trick, so I adapted the code a little. In ntdll.dll, there are two patterns that we need to look for:
mov eax, XXXX ; XXXX is the system call ordinal we need xor ecx, ecx lea edx, [esp+arg_0] call large dword ptr fs:0C0h
and
mov eax, XXXX ; again, we need XXXX mov ecx, 1Ah lea edx, [esp+arg_0] call large dword ptr fs:0C0h
This translates to the following byte sequences: ‘B8 ? ? 00 00 33 C9 8D 54 24 04 64 FF 15 C0 00 00 00’ and ‘B8 ? ? 00 00 B9 ? 00 00 00 8D 54 24 04 64 FF 15 C0 00 00 00’. Here is the adapted IDAPython script:
syscall_ordinal_code = 'B8 ? ? 00 00 33 C9 8D 54 24 04 64 FF 15 C0 00 00 00' syscall_ordinal_code2 = 'B8 ? ? 00 00 B9 ? 00 00 00 8D 54 24 04 64 FF 15 C0 00 00 00'
out = open('c:\\temp\\idapython.txt', 'w')
for seg in Segments():
for func in Functions(seg, SegEnd(seg)):
address = FindBinary(func, SEARCH_DOWN, syscall_ordinal_code)
address2 = FindBinary(func, SEARCH_DOWN, syscall_ordinal_code2)
if address == func or address2 == func:
out.write('%08x: Syscall ordinal %04x for %s (%s)\n' % (func, Dword(func+1), Name(func), Comment(func)))
out.close()
UPDATE: user32.dll and kernel32.dll also contain references to system call ordinals, using the following pattern:
mov eax, XXXXh
lea edx, [esp+arg_0]
mov ecx, 4
call large dword ptr fs:0C0h
so we must also look for byte sequence ‘B8 ? ? 00 00 8D 54 24 04 B9 ? 00 00 00 64 FF 15 C0’ in user32.dll.
And finally, the output of the script (on Windows XP SP2 x64):
7d61c7fb: Syscall ordinal 0000 for _ZwMapUserPhysicalPagesScatter@12 (NtMapUserPhysicalPagesScatter) 7d61c813: Syscall ordinal 0001 for _ZwWaitForSingleObject@12 (NtWaitForSingleObject) 7d61c82b: Syscall ordinal 0002 for _ZwCallbackReturn@12 (NtCallbackReturn) 7d61c843: Syscall ordinal 0003 for _NtReadFile@36 (NtReadFile) 7d61c85b: Syscall ordinal 0004 for _ZwDeviceIoControlFile@40 (NtDeviceIoControlFile) 7d61c873: Syscall ordinal 0005 for _NtWriteFile@36 (NtWriteFile) 7d61c88b: Syscall ordinal 0006 for _ZwRemoveIoCompletion@20 (NtRemoveIoCompletion) 7d61c8a3: Syscall ordinal 0007 for _NtReleaseSemaphore@12 (NtReleaseSemaphore) 7d61c8bb: Syscall ordinal 0008 for _NtReplyWaitReceivePort@16 (NtReplyWaitReceivePort) 7d61c8d3: Syscall ordinal 0009 for _ZwReplyPort@8 (NtReplyPort) 7d61c8eb: Syscall ordinal 000a for _ZwSetInformationThread@16 (NtSetInformationThread) 7d61c903: Syscall ordinal 000b for _NtSetEvent@8 (NtSetEvent) 7d61c91b: Syscall ordinal 000c for _NtClose@4 (NtClose) 7d61c933: Syscall ordinal 000d for _NtQueryObject@20 (NtQueryObject) 7d61c94b: Syscall ordinal 000e for _ZwQueryInformationFile@20 (NtQueryInformationFile) 7d61c963: Syscall ordinal 000f for _ZwOpenKey@12 (NtOpenKey) 7d61c97b: Syscall ordinal 0010 for _NtEnumerateValueKey@24 (NtEnumerateValueKey) 7d61c993: Syscall ordinal 0011 for _NtFindAtom@12 (NtFindAtom) 7d61c9ab: Syscall ordinal 0012 for _NtQueryDefaultLocale@8 (NtQueryDefaultLocale) 7d61c9c3: Syscall ordinal 0013 for _ZwQueryKey@20 (NtQueryKey) 7d61c9db: Syscall ordinal 0014 for _ZwQueryValueKey@24 (NtQueryValueKey) 7d61c9f3: Syscall ordinal 0015 for _NtAllocateVirtualMemory@24 (NtAllocateVirtualMemory) 7d61ca0b: Syscall ordinal 0016 for _ZwQueryInformationProcess@20 (NtQueryInformationProcess) 7d61ca23: Syscall ordinal 0017 for _NtWaitForMultipleObjects32@20 (NtWaitForMultipleObjects32) 7d61ca3b: Syscall ordinal 0018 for _NtWriteFileGather@36 (NtWriteFileGather) 7d61ca53: Syscall ordinal 0019 for _ZwSetInformationProcess@16 (NtSetInformationProcess) 7d61ca6b: Syscall ordinal 001a for _ZwCreateKey@28 (NtCreateKey) 7d61ca83: Syscall ordinal 001b for _NtFreeVirtualMemory@16 (NtFreeVirtualMemory) 7d61ca9b: Syscall ordinal 001c for _ZwImpersonateClientOfPort@8 (NtImpersonateClientOfPort) 7d61cab3: Syscall ordinal 001d for _ZwReleaseMutant@8 (NtReleaseMutant) 7d61cacb: Syscall ordinal 001e for _ZwQueryInformationToken@20 (NtQueryInformationToken) 7d61cae3: Syscall ordinal 001f for _NtRequestWaitReplyPort@12 (NtRequestWaitReplyPort) 7d61cafb: Syscall ordinal 0020 for _NtQueryVirtualMemory@24 (NtQueryVirtualMemory) 7d61cb13: Syscall ordinal 0021 for _NtOpenThreadToken@16 (NtOpenThreadToken) 7d61cb2b: Syscall ordinal 0022 for _NtQueryInformationThread@20 (NtQueryInformationThread) 7d61cb43: Syscall ordinal 0023 for _ZwOpenProcess@16 (NtOpenProcess) 7d61cb5b: Syscall ordinal 0024 for _ZwSetInformationFile@20 (NtSetInformationFile) 7d61cb73: Syscall ordinal 0025 for _ZwMapViewOfSection@40 (NtMapViewOfSection) 7d61cb8b: Syscall ordinal 0026 for _ZwAccessCheckAndAuditAlarm@44 (NtAccessCheckAndAuditAlarm) 7d61cba3: Syscall ordinal 0027 for _NtUnmapViewOfSection@8 (NtUnmapViewOfSection) 7d61cbbb: Syscall ordinal 0028 for _NtReplyWaitReceivePortEx@20 (NtReplyWaitReceivePortEx) 7d61cbd3: Syscall ordinal 0029 for _ZwTerminateProcess@8 (NtTerminateProcess) 7d61cbeb: Syscall ordinal 002a for _NtSetEventBoostPriority@4 (NtSetEventBoostPriority) 7d61cc03: Syscall ordinal 002b for _NtReadFileScatter@36 (NtReadFileScatter) 7d61cc1b: Syscall ordinal 002c for _NtOpenThreadTokenEx@20 (NtOpenThreadTokenEx) 7d61cc33: Syscall ordinal 002d for _ZwOpenProcessTokenEx@16 (NtOpenProcessTokenEx) 7d61cc4b: Syscall ordinal 002e for _NtQueryPerformanceCounter@8 (NtQueryPerformanceCounter) 7d61cc63: Syscall ordinal 002f for _ZwEnumerateKey@24 (NtEnumerateKey) 7d61cc7b: Syscall ordinal 0030 for _NtOpenFile@24 (NtOpenFile) 7d61cc93: Syscall ordinal 0031 for _ZwDelayExecution@8 (NtDelayExecution) 7d61ccab: Syscall ordinal 0032 for _ZwQueryDirectoryFile@44 (NtQueryDirectoryFile) 7d61ccc3: Syscall ordinal 0033 for _NtQuerySystemInformation@16 (NtQuerySystemInformation) 7d61ccdb: Syscall ordinal 0034 for _NtOpenSection@12 (NtOpenSection) 7d61ccf3: Syscall ordinal 0035 for _ZwQueryTimer@20 (NtQueryTimer) 7d61cd0b: Syscall ordinal 0036 for _NtFsControlFile@40 (NtFsControlFile) 7d61cd23: Syscall ordinal 0037 for _NtWriteVirtualMemory@20 (NtWriteVirtualMemory) 7d61cd3b: Syscall ordinal 0038 for _ZwCloseObjectAuditAlarm@12 (NtCloseObjectAuditAlarm) 7d61cd53: Syscall ordinal 0039 for _ZwDuplicateObject@28 (NtDuplicateObject) 7d61cd6b: Syscall ordinal 003a for _ZwQueryAttributesFile@8 (NtQueryAttributesFile) 7d61cd83: Syscall ordinal 003b for _NtClearEvent@4 (NtClearEvent) 7d61cd9b: Syscall ordinal 003c for _NtReadVirtualMemory@20 (NtReadVirtualMemory) 7d61cdb3: Syscall ordinal 003d for _NtOpenEvent@12 (NtOpenEvent) 7d61cdcb: Syscall ordinal 003e for _ZwAdjustPrivilegesToken@24 (NtAdjustPrivilegesToken) 7d61cde3: Syscall ordinal 003f for _NtDuplicateToken@24 (NtDuplicateToken) 7d61cdfb: Syscall ordinal 0040 for _ZwContinue@8 (NtContinue) 7d61ce13: Syscall ordinal 0041 for _ZwQueryDefaultUILanguage@4 (NtQueryDefaultUILanguage) 7d61ce2b: Syscall ordinal 0042 for _NtQueueApcThread@20 (NtQueueApcThread) 7d61ce43: Syscall ordinal 0043 for _ZwYieldExecution@0 (NtYieldExecution) 7d61ce5c: Syscall ordinal 0044 for _NtAddAtom@12 (NtAddAtom) 7d61ce74: Syscall ordinal 0045 for _NtCreateEvent@20 (NtCreateEvent) 7d61ce8c: Syscall ordinal 0046 for _NtQueryVolumeInformationFile@20 (NtQueryVolumeInformationFile) 7d61cea4: Syscall ordinal 0047 for _NtCreateSection@28 (NtCreateSection) 7d61cebc: Syscall ordinal 0048 for _ZwFlushBuffersFile@8 (NtFlushBuffersFile) 7d61ced4: Syscall ordinal 0049 for _NtApphelpCacheControl@8 (NtApphelpCacheControl) 7d61ceec: Syscall ordinal 004a for _ZwCreateProcessEx@36 (NtCreateProcessEx) 7d61cf04: Syscall ordinal 004b for _NtCreateThread@32 (NtCreateThread) 7d61cf1c: Syscall ordinal 004c for _ZwIsProcessInJob@8 (NtIsProcessInJob) 7d61cf34: Syscall ordinal 004d for _ZwProtectVirtualMemory@20 (NtProtectVirtualMemory) 7d61cf4c: Syscall ordinal 004e for _ZwQuerySection@20 (NtQuerySection) 7d61cf64: Syscall ordinal 004f for _ZwResumeThread@8 (NtResumeThread) 7d61cf7c: Syscall ordinal 0050 for _ZwTerminateThread@8 (NtTerminateThread) 7d61cf94: Syscall ordinal 0051 for _ZwReadRequestData@24 (NtReadRequestData) 7d61cfac: Syscall ordinal 0052 for _NtCreateFile@44 (NtCreateFile) 7d61cfc4: Syscall ordinal 0053 for _NtQueryEvent@20 (NtQueryEvent) 7d61cfdc: Syscall ordinal 0054 for _NtWriteRequestData@24 (NtWriteRequestData) 7d61cff4: Syscall ordinal 0055 for _ZwOpenDirectoryObject@12 (NtOpenDirectoryObject) 7d61d00c: Syscall ordinal 0056 for _NtAccessCheckByTypeAndAuditAlarm@64 (NtAccessCheckByTypeAndAuditAlarm) 7d61d024: Syscall ordinal 0057 for _NtQuerySystemTime@4 (NtQuerySystemTime) 7d61d03c: Syscall ordinal 0058 for _NtWaitForMultipleObjects@20 (NtWaitForMultipleObjects) 7d61d054: Syscall ordinal 0059 for _ZwSetInformationObject@16 (NtSetInformationObject) 7d61d06c: Syscall ordinal 005a for _ZwCancelIoFile@8 (NtCancelIoFile) 7d61d084: Syscall ordinal 005b for _NtTraceEvent@16 (NtTraceEvent) 7d61d09c: Syscall ordinal 005c for _ZwPowerInformation@20 (NtPowerInformation) 7d61d0b4: Syscall ordinal 005d for _ZwSetValueKey@24 (NtSetValueKey) 7d61d0cc: Syscall ordinal 005e for _ZwCancelTimer@8 (NtCancelTimer) 7d61d0e4: Syscall ordinal 005f for _ZwSetTimer@28 (NtSetTimer) 7d61d0fc: Syscall ordinal 0060 for _NtAcceptConnectPort@24 (NtAcceptConnectPort) 7d61d114: Syscall ordinal 0061 for _NtAccessCheck@32 (NtAccessCheck) 7d61d12c: Syscall ordinal 0062 for _NtAccessCheckByType@44 (NtAccessCheckByType) 7d61d144: Syscall ordinal 0063 for _NtAccessCheckByTypeResultList@44 (NtAccessCheckByTypeResultList) 7d61d15c: Syscall ordinal 0064 for _NtAccessCheckByTypeResultListAndAuditAlarm@64 (NtAccessCheckByTypeResultListAndAuditAlarm) 7d61d174: Syscall ordinal 0065 for _ZwAccessCheckByTypeResultListAndAuditAlarmByHandle@68 (NtAccessCheckByTypeResultListAndAuditAlarmByHandle) 7d61d18c: Syscall ordinal 0066 for _ZwAddBootEntry@8 (NtAddBootEntry) 7d61d1a4: Syscall ordinal 0067 for _NtAddDriverEntry@8 (NtAddDriverEntry) 7d61d1bc: Syscall ordinal 0068 for _ZwAdjustGroupsToken@24 (NtAdjustGroupsToken) 7d61d1d4: Syscall ordinal 0069 for _NtAlertResumeThread@8 (NtAlertResumeThread) 7d61d1ec: Syscall ordinal 006a for _NtAlertThread@4 (NtAlertThread) 7d61d204: Syscall ordinal 006b for _ZwAllocateLocallyUniqueId@4 (NtAllocateLocallyUniqueId) 7d61d21c: Syscall ordinal 006c for _NtAllocateUserPhysicalPages@12 (NtAllocateUserPhysicalPages) 7d61d234: Syscall ordinal 006d for _NtAllocateUuids@16 (NtAllocateUuids) 7d61d24c: Syscall ordinal 006e for _ZwAreMappedFilesTheSame@8 (NtAreMappedFilesTheSame) 7d61d264: Syscall ordinal 006f for _ZwAssignProcessToJobObject@8 (NtAssignProcessToJobObject) 7d61d27c: Syscall ordinal 0070 for _NtCancelDeviceWakeupRequest@4 (NtCancelDeviceWakeupRequest) 7d61d294: Syscall ordinal 0071 for _NtCompactKeys@8 (NtCompactKeys) 7d61d2ac: Syscall ordinal 0072 for _ZwCompareTokens@12 (NtCompareTokens) 7d61d2c4: Syscall ordinal 0073 for _NtCompleteConnectPort@4 (NtCompleteConnectPort) 7d61d2dc: Syscall ordinal 0074 for _ZwCompressKey@4 (NtCompressKey) 7d61d2f4: Syscall ordinal 0075 for _NtConnectPort@32 (NtConnectPort) 7d61d30c: Syscall ordinal 0076 for _ZwCreateDebugObject@16 (NtCreateDebugObject) 7d61d324: Syscall ordinal 0077 for _ZwCreateDirectoryObject@12 (NtCreateDirectoryObject) 7d61d33c: Syscall ordinal 0078 for _NtCreateEventPair@12 (NtCreateEventPair) 7d61d354: Syscall ordinal 0079 for _NtCreateIoCompletion@16 (NtCreateIoCompletion) 7d61d36c: Syscall ordinal 007a for _ZwCreateJobObject@12 (NtCreateJobObject) 7d61d384: Syscall ordinal 007b for _NtCreateJobSet@12 (NtCreateJobSet) 7d61d39c: Syscall ordinal 007c for _ZwCreateKeyedEvent@16 (NtCreateKeyedEvent) 7d61d3b4: Syscall ordinal 007d for _ZwCreateMailslotFile@32 (NtCreateMailslotFile) 7d61d3cc: Syscall ordinal 007e for _ZwCreateMutant@16 (NtCreateMutant) 7d61d3e4: Syscall ordinal 007f for _ZwCreateNamedPipeFile@56 (NtCreateNamedPipeFile) 7d61d3fc: Syscall ordinal 0080 for _NtCreatePagingFile@16 (NtCreatePagingFile) 7d61d414: Syscall ordinal 0081 for _ZwCreatePort@20 (NtCreatePort) 7d61d42c: Syscall ordinal 0082 for _ZwCreateProcess@32 (NtCreateProcess) 7d61d444: Syscall ordinal 0083 for _ZwCreateProfile@36 (NtCreateProfile) 7d61d45c: Syscall ordinal 0084 for _NtCreateSemaphore@20 (NtCreateSemaphore) 7d61d474: Syscall ordinal 0085 for _ZwCreateSymbolicLinkObject@16 (NtCreateSymbolicLinkObject) 7d61d48c: Syscall ordinal 0086 for _ZwCreateTimer@16 (NtCreateTimer) 7d61d4a4: Syscall ordinal 0087 for _NtCreateToken@52 (NtCreateToken) 7d61d4bc: Syscall ordinal 0088 for _ZwCreateWaitablePort@20 (NtCreateWaitablePort) 7d61d4d4: Syscall ordinal 0089 for _NtDebugActiveProcess@8 (NtDebugActiveProcess) 7d61d4ec: Syscall ordinal 008a for _ZwDebugContinue@12 (NtDebugContinue) 7d61d504: Syscall ordinal 008b for _ZwDeleteAtom@4 (NtDeleteAtom) 7d61d51c: Syscall ordinal 008c for _NtDeleteBootEntry@4 (NtDeleteBootEntry) 7d61d534: Syscall ordinal 008d for _ZwDeleteDriverEntry@4 (NtDeleteDriverEntry) 7d61d54c: Syscall ordinal 008e for _NtDeleteFile@4 (NtDeleteFile) 7d61d564: Syscall ordinal 008f for _ZwDeleteKey@4 (NtDeleteKey) 7d61d57c: Syscall ordinal 0090 for _NtDeleteObjectAuditAlarm@12 (NtDeleteObjectAuditAlarm) 7d61d594: Syscall ordinal 0091 for _NtDeleteValueKey@8 (NtDeleteValueKey) 7d61d5ac: Syscall ordinal 0092 for _NtDisplayString@4 (NtDisplayString) 7d61d5c4: Syscall ordinal 0093 for _ZwEnumerateBootEntries@8 (NtEnumerateBootEntries) 7d61d5dc: Syscall ordinal 0094 for _NtEnumerateDriverEntries@8 (NtEnumerateDriverEntries) 7d61d5f4: Syscall ordinal 0095 for _ZwEnumerateSystemEnvironmentValuesEx@12 (NtEnumerateSystemEnvironmentValuesEx) 7d61d60c: Syscall ordinal 0096 for _ZwExtendSection@8 (NtExtendSection) 7d61d624: Syscall ordinal 0097 for _NtFilterToken@24 (NtFilterToken) 7d61d63c: Syscall ordinal 0098 for _ZwFlushInstructionCache@12 (NtFlushInstructionCache) 7d61d654: Syscall ordinal 0099 for _NtFlushKey@4 (NtFlushKey) 7d61d66c: Syscall ordinal 009a for _ZwFlushVirtualMemory@16 (NtFlushVirtualMemory) 7d61d684: Syscall ordinal 009b for _NtFlushWriteBuffer@0 (NtFlushWriteBuffer) 7d61d69c: Syscall ordinal 009c for _NtFreeUserPhysicalPages@12 (NtFreeUserPhysicalPages) 7d61d6b4: Syscall ordinal 009d for _NtGetContextThread@8 (NtGetContextThread) 7d61d6cc: Syscall ordinal 009e for _NtGetCurrentProcessorNumber@0 (NtGetCurrentProcessorNumber RtlGetCurrentProcessorNumber) 7d61d6e4: Syscall ordinal 009f for _NtGetDevicePowerState@8 (NtGetDevicePowerState) 7d61d6fc: Syscall ordinal 00a0 for _ZwGetPlugPlayEvent@16 (NtGetPlugPlayEvent) 7d61d714: Syscall ordinal 00a1 for _NtGetWriteWatch@28 (NtGetWriteWatch) 7d61d72c: Syscall ordinal 00a2 for _NtImpersonateAnonymousToken@4 (NtImpersonateAnonymousToken) 7d61d744: Syscall ordinal 00a3 for _ZwImpersonateThread@12 (NtImpersonateThread) 7d61d75c: Syscall ordinal 00a4 for _ZwInitializeRegistry@4 (NtInitializeRegistry) 7d61d774: Syscall ordinal 00a5 for _NtInitiatePowerAction@16 (NtInitiatePowerAction) 7d61d78c: Syscall ordinal 00a6 for _NtIsSystemResumeAutomatic@0 (NtIsSystemResumeAutomatic) 7d61d7a4: Syscall ordinal 00a7 for _ZwListenPort@8 (NtListenPort) 7d61d7bc: Syscall ordinal 00a8 for _NtLoadDriver@4 (NtLoadDriver) 7d61d7d4: Syscall ordinal 00a9 for _NtLoadKey@8 (NtLoadKey) 7d61d7ec: Syscall ordinal 00aa for _NtLoadKey2@12 (NtLoadKey2) 7d61d804: Syscall ordinal 00ab for _NtLoadKeyEx@16 (NtLoadKeyEx) 7d61d81c: Syscall ordinal 00ac for _NtLockFile@40 (NtLockFile) 7d61d834: Syscall ordinal 00ad for _ZwLockProductActivationKeys@8 (NtLockProductActivationKeys) 7d61d84c: Syscall ordinal 00ae for _NtLockRegistryKey@4 (NtLockRegistryKey) 7d61d864: Syscall ordinal 00af for _ZwLockVirtualMemory@16 (NtLockVirtualMemory) 7d61d87c: Syscall ordinal 00b0 for _ZwMakePermanentObject@4 (NtMakePermanentObject) 7d61d894: Syscall ordinal 00b1 for _NtMakeTemporaryObject@4 (NtMakeTemporaryObject) 7d61d8ac: Syscall ordinal 00b2 for _NtMapUserPhysicalPages@12 (NtMapUserPhysicalPages) 7d61d8c4: Syscall ordinal 00b3 for _NtModifyBootEntry@4 (NtModifyBootEntry) 7d61d8dc: Syscall ordinal 00b4 for _ZwModifyDriverEntry@4 (NtModifyDriverEntry) 7d61d8f4: Syscall ordinal 00b5 for _NtNotifyChangeDirectoryFile@36 (NtNotifyChangeDirectoryFile) 7d61d90c: Syscall ordinal 00b6 for _NtNotifyChangeKey@40 (NtNotifyChangeKey) 7d61d924: Syscall ordinal 00b7 for _NtNotifyChangeMultipleKeys@48 (NtNotifyChangeMultipleKeys) 7d61d93c: Syscall ordinal 00b8 for _NtOpenEventPair@12 (NtOpenEventPair) 7d61d954: Syscall ordinal 00b9 for _ZwOpenIoCompletion@12 (NtOpenIoCompletion) 7d61d96c: Syscall ordinal 00ba for _ZwOpenJobObject@12 (NtOpenJobObject) 7d61d984: Syscall ordinal 00bb for _NtOpenKeyedEvent@12 (NtOpenKeyedEvent) 7d61d99c: Syscall ordinal 00bc for _NtOpenMutant@12 (NtOpenMutant) 7d61d9b4: Syscall ordinal 00bd for _ZwOpenObjectAuditAlarm@48 (NtOpenObjectAuditAlarm) 7d61d9cc: Syscall ordinal 00be for _ZwOpenProcessToken@12 (NtOpenProcessToken) 7d61d9e4: Syscall ordinal 00bf for _NtOpenSemaphore@12 (NtOpenSemaphore) 7d61d9fc: Syscall ordinal 00c0 for _NtOpenSymbolicLinkObject@12 (NtOpenSymbolicLinkObject) 7d61da14: Syscall ordinal 00c1 for _ZwOpenThread@16 (NtOpenThread) 7d61da2c: Syscall ordinal 00c2 for _ZwOpenTimer@12 (NtOpenTimer) 7d61da44: Syscall ordinal 00c3 for _NtPlugPlayControl@12 (NtPlugPlayControl) 7d61da5c: Syscall ordinal 00c4 for _ZwPrivilegeCheck@12 (NtPrivilegeCheck) 7d61da74: Syscall ordinal 00c5 for _ZwPrivilegeObjectAuditAlarm@24 (NtPrivilegeObjectAuditAlarm) 7d61da8c: Syscall ordinal 00c6 for _NtPrivilegedServiceAuditAlarm@20 (NtPrivilegedServiceAuditAlarm) 7d61daa4: Syscall ordinal 00c7 for _ZwPulseEvent@8 (NtPulseEvent) 7d61dabc: Syscall ordinal 00c8 for _ZwQueryBootEntryOrder@8 (NtQueryBootEntryOrder) 7d61dad4: Syscall ordinal 00c9 for _ZwQueryBootOptions@8 (NtQueryBootOptions) 7d61daec: Syscall ordinal 00ca for _NtQueryDebugFilterState@8 (NtQueryDebugFilterState) 7d61db04: Syscall ordinal 00cb for _ZwQueryDirectoryObject@28 (NtQueryDirectoryObject) 7d61db1c: Syscall ordinal 00cc for _NtQueryDriverEntryOrder@8 (NtQueryDriverEntryOrder) 7d61db34: Syscall ordinal 00cd for _ZwQueryEaFile@36 (NtQueryEaFile) 7d61db4c: Syscall ordinal 00ce for _ZwQueryFullAttributesFile@8 (NtQueryFullAttributesFile) 7d61db64: Syscall ordinal 00cf for _NtQueryInformationAtom@20 (NtQueryInformationAtom) 7d61db7c: Syscall ordinal 00d0 for _ZwQueryInformationJobObject@20 (NtQueryInformationJobObject) 7d61db94: Syscall ordinal 00d1 for _ZwQueryInformationPort@20 (NtQueryInformationPort) 7d61dbac: Syscall ordinal 00d2 for _NtQueryInstallUILanguage@4 (NtQueryInstallUILanguage) 7d61dbc4: Syscall ordinal 00d3 for _NtQueryIntervalProfile@8 (NtQueryIntervalProfile) 7d61dbdc: Syscall ordinal 00d4 for _NtQueryIoCompletion@20 (NtQueryIoCompletion) 7d61dbf4: Syscall ordinal 00d5 for _NtQueryMultipleValueKey@24 (NtQueryMultipleValueKey) 7d61dc0c: Syscall ordinal 00d6 for _NtQueryMutant@20 (NtQueryMutant) 7d61dc24: Syscall ordinal 00d7 for _NtQueryOpenSubKeys@8 (NtQueryOpenSubKeys) 7d61dc3c: Syscall ordinal 00d8 for _NtQueryOpenSubKeysEx@16 (NtQueryOpenSubKeysEx) 7d61dc54: Syscall ordinal 00d9 for _ZwQueryPortInformationProcess@0 (NtQueryPortInformationProcess) 7d61dc6c: Syscall ordinal 00da for _ZwQueryQuotaInformationFile@36 (NtQueryQuotaInformationFile) 7d61dc84: Syscall ordinal 00db for _NtQuerySecurityObject@20 (NtQuerySecurityObject) 7d61dc9c: Syscall ordinal 00dc for _ZwQuerySemaphore@20 (NtQuerySemaphore) 7d61dcb4: Syscall ordinal 00dd for _ZwQuerySymbolicLinkObject@12 (NtQuerySymbolicLinkObject) 7d61dccc: Syscall ordinal 00de for _ZwQuerySystemEnvironmentValue@16 (NtQuerySystemEnvironmentValue) 7d61dce4: Syscall ordinal 00df for _ZwQuerySystemEnvironmentValueEx@20 (NtQuerySystemEnvironmentValueEx) 7d61dcfc: Syscall ordinal 00e0 for _NtQueryTimerResolution@12 (NtQueryTimerResolution) 7d61dd14: Syscall ordinal 00e1 for _ZwRaiseException@12 (NtRaiseException) 7d61dd2c: Syscall ordinal 00e2 for _ZwRaiseHardError@24 (NtRaiseHardError) 7d61dd44: Syscall ordinal 00e3 for _ZwRegisterThreadTerminatePort@4 (NtRegisterThreadTerminatePort) 7d61dd5c: Syscall ordinal 00e4 for _NtReleaseKeyedEvent@16 (NtReleaseKeyedEvent) 7d61dd74: Syscall ordinal 00e5 for _ZwRemoveProcessDebug@8 (NtRemoveProcessDebug) 7d61dd8c: Syscall ordinal 00e6 for _ZwRenameKey@8 (NtRenameKey) 7d61dda4: Syscall ordinal 00e7 for _ZwReplaceKey@12 (NtReplaceKey) 7d61ddbc: Syscall ordinal 00e8 for _NtReplyWaitReplyPort@8 (NtReplyWaitReplyPort) 7d61ddd4: Syscall ordinal 00e9 for _ZwRequestDeviceWakeup@4 (NtRequestDeviceWakeup) 7d61ddec: Syscall ordinal 00ea for _ZwRequestPort@8 (NtRequestPort) 7d61de04: Syscall ordinal 00eb for _ZwRequestWakeupLatency@4 (NtRequestWakeupLatency) 7d61de1c: Syscall ordinal 00ec for _NtResetEvent@8 (NtResetEvent) 7d61de34: Syscall ordinal 00ed for _ZwResetWriteWatch@12 (NtResetWriteWatch) 7d61de4c: Syscall ordinal 00ee for _NtRestoreKey@12 (NtRestoreKey) 7d61de64: Syscall ordinal 00ef for _ZwResumeProcess@4 (NtResumeProcess) 7d61de7c: Syscall ordinal 00f0 for _NtSaveKey@8 (NtSaveKey) 7d61de94: Syscall ordinal 00f1 for _NtSaveKeyEx@12 (NtSaveKeyEx) 7d61deac: Syscall ordinal 00f2 for _NtSaveMergedKeys@12 (NtSaveMergedKeys) 7d61dec4: Syscall ordinal 00f3 for _NtSecureConnectPort@36 (NtSecureConnectPort) 7d61dedc: Syscall ordinal 00f4 for _ZwSetBootEntryOrder@8 (NtSetBootEntryOrder) 7d61def4: Syscall ordinal 00f5 for _ZwSetBootOptions@8 (NtSetBootOptions) 7d61df0c: Syscall ordinal 00f6 for _ZwSetContextThread@8 (NtSetContextThread) 7d61df24: Syscall ordinal 00f7 for _NtSetDebugFilterState@12 (NtSetDebugFilterState) 7d61df3c: Syscall ordinal 00f8 for _NtSetDefaultHardErrorPort@4 (NtSetDefaultHardErrorPort) 7d61df54: Syscall ordinal 00f9 for _NtSetDefaultLocale@8 (NtSetDefaultLocale) 7d61df6c: Syscall ordinal 00fa for _ZwSetDefaultUILanguage@4 (NtSetDefaultUILanguage) 7d61df84: Syscall ordinal 00fb for _NtSetDriverEntryOrder@8 (NtSetDriverEntryOrder) 7d61df9c: Syscall ordinal 00fc for _ZwSetEaFile@16 (NtSetEaFile) 7d61dfb4: Syscall ordinal 00fd for _NtSetHighEventPair@4 (NtSetHighEventPair) 7d61dfcc: Syscall ordinal 00fe for _NtSetHighWaitLowEventPair@4 (NtSetHighWaitLowEventPair) 7d61dfe4: Syscall ordinal 00ff for _ZwSetInformationDebugObject@20 (NtSetInformationDebugObject) 7d61dffc: Syscall ordinal 0100 for _ZwSetInformationJobObject@16 (NtSetInformationJobObject) 7d61e014: Syscall ordinal 0101 for _ZwSetInformationKey@16 (NtSetInformationKey) 7d61e02c: Syscall ordinal 0102 for _ZwSetInformationToken@16 (NtSetInformationToken) 7d61e044: Syscall ordinal 0103 for _NtSetIntervalProfile@8 (NtSetIntervalProfile) 7d61e05c: Syscall ordinal 0104 for _NtSetIoCompletion@20 (NtSetIoCompletion) 7d61e074: Syscall ordinal 0105 for _ZwSetLdtEntries@24 (NtSetLdtEntries) 7d61e08c: Syscall ordinal 0106 for _ZwSetLowEventPair@4 (NtSetLowEventPair) 7d61e0a4: Syscall ordinal 0107 for _ZwSetLowWaitHighEventPair@4 (NtSetLowWaitHighEventPair) 7d61e0bc: Syscall ordinal 0108 for _ZwSetQuotaInformationFile@16 (NtSetQuotaInformationFile) 7d61e0d4: Syscall ordinal 0109 for _NtSetSecurityObject@12 (NtSetSecurityObject) 7d61e0ec: Syscall ordinal 010a for _ZwSetSystemEnvironmentValue@8 (NtSetSystemEnvironmentValue) 7d61e104: Syscall ordinal 010b for _ZwSetSystemEnvironmentValueEx@20 (NtSetSystemEnvironmentValueEx) 7d61e11c: Syscall ordinal 010c for _ZwSetSystemInformation@12 (NtSetSystemInformation) 7d61e134: Syscall ordinal 010d for _ZwSetSystemPowerState@12 (NtSetSystemPowerState) 7d61e14c: Syscall ordinal 010e for _ZwSetSystemTime@8 (NtSetSystemTime) 7d61e164: Syscall ordinal 010f for _ZwSetThreadExecutionState@8 (NtSetThreadExecutionState) 7d61e17c: Syscall ordinal 0110 for _NtSetTimerResolution@12 (NtSetTimerResolution) 7d61e194: Syscall ordinal 0111 for _ZwSetUuidSeed@4 (NtSetUuidSeed) 7d61e1ac: Syscall ordinal 0112 for _NtSetVolumeInformationFile@20 (NtSetVolumeInformationFile) 7d61e1c4: Syscall ordinal 0113 for _ZwShutdownSystem@4 (NtShutdownSystem) 7d61e1dc: Syscall ordinal 0114 for _ZwSignalAndWaitForSingleObject@16 (NtSignalAndWaitForSingleObject) 7d61e1f4: Syscall ordinal 0115 for _NtStartProfile@4 (NtStartProfile) 7d61e20c: Syscall ordinal 0116 for _ZwStopProfile@4 (NtStopProfile) 7d61e224: Syscall ordinal 0117 for _ZwSuspendProcess@4 (NtSuspendProcess) 7d61e23c: Syscall ordinal 0118 for _ZwSuspendThread@8 (NtSuspendThread) 7d61e254: Syscall ordinal 0119 for _NtSystemDebugControl@24 (NtSystemDebugControl) 7d61e26c: Syscall ordinal 011a for _ZwTerminateJobObject@8 (NtTerminateJobObject) 7d61e284: Syscall ordinal 011b for _NtTestAlert@0 (NtTestAlert) 7d61e29c: Syscall ordinal 011c for _NtTranslateFilePath@16 (NtTranslateFilePath) 7d61e2b4: Syscall ordinal 011d for _ZwUnloadDriver@4 (NtUnloadDriver) 7d61e2cc: Syscall ordinal 011e for _NtUnloadKey@4 (NtUnloadKey) 7d61e2e4: Syscall ordinal 011f for _ZwUnloadKey2@8 (NtUnloadKey2) 7d61e2fc: Syscall ordinal 0120 for _ZwUnloadKeyEx@8 (NtUnloadKeyEx) 7d61e314: Syscall ordinal 0121 for _ZwUnlockFile@20 (NtUnlockFile) 7d61e32c: Syscall ordinal 0122 for _NtUnlockVirtualMemory@16 (NtUnlockVirtualMemory) 7d61e344: Syscall ordinal 0123 for _NtVdmControl@8 (NtVdmControl) 7d61e35c: Syscall ordinal 0124 for _NtWaitForDebugEvent@16 (NtWaitForDebugEvent) 7d61e374: Syscall ordinal 0125 for _NtWaitForKeyedEvent@16 (NtWaitForKeyedEvent) 7d61e38c: Syscall ordinal 0126 for _ZwWaitHighEventPair@4 (NtWaitHighEventPair) 7d61e3a4: Syscall ordinal 0127 for _NtWaitLowEventPair@4 (NtWaitLowEventPair) 7d61e3bc: Syscall ordinal 0128 for _ZwWow64CsrClientConnectToServer@20 (NtWow64CsrClientConnectToServer) 7d61e3d4: Syscall ordinal 0129 for _NtWow64CsrNewThread@0 (NtWow64CsrNewThread) 7d61e3e8: Syscall ordinal 012a for _NtWow64CsrIdentifyAlertableThread@0 (NtWow64CsrIdentifyAlertableThread) 7d61e3fc: Syscall ordinal 012b for _NtWow64CsrClientCallServer@16 (NtWow64CsrClientCallServer) 7d61e414: Syscall ordinal 012c for _NtWow64CsrAllocateCaptureBuffer@8 (NtWow64CsrAllocateCaptureBuffer) 7d61e42c: Syscall ordinal 012d for _ZwWow64CsrFreeCaptureBuffer@4 (NtWow64CsrFreeCaptureBuffer) 7d61e444: Syscall ordinal 012e for _ZwWow64CsrAllocateMessagePointer@12 (NtWow64CsrAllocateMessagePointer) 7d61e45c: Syscall ordinal 012f for _ZwWow64CsrCaptureMessageBuffer@16 (NtWow64CsrCaptureMessageBuffer) 7d61e474: Syscall ordinal 0130 for _ZwWow64CsrCaptureMessageString@20 (NtWow64CsrCaptureMessageString) 7d61e48c: Syscall ordinal 0131 for _ZwWow64CsrSetPriorityClass@8 (NtWow64CsrSetPriorityClass) 7d61e4a4: Syscall ordinal 0132 for _NtWow64CsrGetProcessId@0 (NtWow64CsrGetProcessId) 7d61e4b8: Syscall ordinal 0133 for _NtWow64DebuggerCall@20 (NtWow64DebuggerCall) 7d61e4d0: Syscall ordinal 0134 for _ZwWow64GetNativeSystemInformation@16 (NtWow64GetNativeSystemInformation RtlGetNativeSystemInformation) 7d61e4e8: Syscall ordinal 0135 for _NtWow64QueryInformationProcess64@20 (NtWow64QueryInformationProcess64) 7d61e500: Syscall ordinal 0136 for _NtWow64ReadVirtualMemory64@28 (NtWow64ReadVirtualMemory64) 7d61e518: Syscall ordinal 0137 for _ZwWow64QueryVirtualMemory64@32 (NtWow64QueryVirtualMemory64)
Here is the output for user32.dll:
7d947018: Syscall ordinal 1005 for _NtUserCallNoParam@4 (None) 7d9470ba: Syscall ordinal 106b for _NtUserGetObjectInformation@20 (None) 7d9470f4: Syscall ordinal 1021 for _NtUserGetProcessWindowStation@0 (None) 7d9471dd: Syscall ordinal 100e for _NtUserPostMessage@16 (None) 7d947261: Syscall ordinal 105d for _NtUserMoveWindow@24 (None) 7d94784b: Syscall ordinal 1006 for _NtUserGetMessage@16 (None) 7d947a14: Syscall ordinal 125b for _NtUserInitializeClientPfnArrays@16 (None) 7d948043: Syscall ordinal 1002 for _NtUserCallOneParam@8 (None) 7d948270: Syscall ordinal 1041 for _NtUserSystemParametersInfo@16 (None) 7d948473: Syscall ordinal 1007 for _NtUserMessageCall@28 (None) 7d948535: Syscall ordinal 104b for _NtUserSetProp@12 (None) 7d9485c5: Syscall ordinal 109f for _NtUserCallHwndParam@12 (None) 7d948631: Syscall ordinal 100f for _NtUserQueryWindow@8 (None) 7d948670: Syscall ordinal 1017 for _NtUserSetTimer@16 (None) 7d94868d: Syscall ordinal 101a for _NtUserKillTimer@8 (None) 7d9486aa: Syscall ordinal 103b for _NtUserGetForegroundWindow@0 (None) 7d9488ff: Syscall ordinal 1291 for _NtUserUpdateLayeredWindow@40 (None) 7d9489e6: Syscall ordinal 106e for _NtUserFindWindowEx@20 (None) 7d948a1e: Syscall ordinal 1070 for _NtUserUnhookWindowsHookEx@4 (None) 7d948a3b: Syscall ordinal 10d1 for _NtUserValidateRect@8 (None) 7d948a58: Syscall ordinal 1078 for _NtUserSetParent@8 (None) 7d948a99: Syscall ordinal 10d9 for _NtUserGetWindowPlacement@8 (None) 7d948ab6: Syscall ordinal 105e for _NtUserPostThreadMessage@16 (None) 7d948cdd: Syscall ordinal 1036 for _NtUserRegisterWindowMessage@4 (None) 7d9490f6: Syscall ordinal 1019 for _NtUserSetCursor@4 (None) 7d94913e: Syscall ordinal 1045 for _NtUserRemoveProp@8 (None) 7d949175: Syscall ordinal 1023 for _NtUserSetWindowPos@28 (None) 7d9491f4: Syscall ordinal 1001 for _NtUserPeekMessage@20 (None) 7d949355: Syscall ordinal 100c for _NtUserWaitMessage@0 (None) 7d949370: Syscall ordinal 1035 for _NtUserDispatchMessage@4 (None) 7d94950b: Syscall ordinal 1004 for _NtUserInvalidateRect@12 (None) 7d9496c8: Syscall ordinal 1000 for _NtUserGetThreadState@4 (None) 7d9496f2: Syscall ordinal 1018 for _NtUserEndPaint@8 (None) 7d94970f: Syscall ordinal 1016 for _NtUserBeginPaint@8 (None) 7d94972c: Syscall ordinal 1012 for _NtUserRedrawWindow@16 (None) 7d9499f8: Syscall ordinal 107c for _NtUserGetClassName@12 (None) 7d949a42: Syscall ordinal 10b6 for _NtUserGetAncestor@8 (None) 7d949bbe: Syscall ordinal 1003 for _NtUserGetKeyState@4 (None) 7d949bdb: Syscall ordinal 1026 for _NtUserCallHwndParamLock@12 (None) 7d949da1: Syscall ordinal 1013 for _NtUserWindowFromPoint@8 (None) 7d94a011: Syscall ordinal 10cc for _NtUserInvalidateRgn@12 (None) 7d94a09d: Syscall ordinal 100a for _NtUserGetDC@4 (None) 7d94a183: Syscall ordinal 1057 for _NtUserShowWindow@8 (None) 7d94a312: Syscall ordinal 1063 for _NtUserGetWindowDC@4 (None) 7d94a5c1: Syscall ordinal 105b for _NtUserSetWindowLong@16 (None) 7d94a6df: Syscall ordinal 1048 for _NtUserSetCapture@4 (None) 7d94a722: Syscall ordinal 1058 for _NtUserGetKeyboardLayoutList@8 (None) 7d94ad62: Syscall ordinal 100d for _NtUserTranslateMessage@8 (None) 7d94adfb: Syscall ordinal 1020 for _NtUserCallHwndLock@8 (None) 7d94ae1d: Syscall ordinal 101e for _NtUserHideCaret@4 (None) 7d94ae3a: Syscall ordinal 1024 for _NtUserShowCaret@4 (None) 7d94af58: Syscall ordinal 1029 for _NtUserCallTwoParam@12 (None) 7d94af75: Syscall ordinal 1031 for _NtUserCreateCaret@16 (None) 7d94b0b8: Syscall ordinal 102e for _NtUserIsClipboardFormatAvailable@4 (None) 7d94b0d5: Syscall ordinal 1055 for _NtUserGetClipboardSequenceNumber@0 (None) 7d94b132: Syscall ordinal 102f for _NtUserSetScrollInfo@16 (None) 7d94b29f: Syscall ordinal 1025 for _NtUserEndDeferWindowPosEx@8 (None) 7d94b2bc: Syscall ordinal 1052 for _NtUserDeferWindowPos@32 (None) 7d94c0cf: Syscall ordinal 1050 for _NtUserSetFocus@4 (None) 7d94c268: Syscall ordinal 1090 for _NtUserGetTitleBarInfo@8 (None) 7d94c2ac: Syscall ordinal 1062 for _NtUserInternalGetWindowText@12 (None) 7d94c2c9: Syscall ordinal 1098 for _NtUserCalcMenuBar@20 (None) 7d94c2e6: Syscall ordinal 1093 for _NtUserGetDCEx@12 (None) 7d94c412: Syscall ordinal 105f for _NtUserDrawIconEx@44 (None) 7d94c6b5: Syscall ordinal 101b for _NtUserBuildHwndList@28 (None) 7d94c821: Syscall ordinal 109e for _NtUserDestroyWindow@4 (None) 7d94c856: Syscall ordinal 109d for _NtUserDestroyCursor@8 (None) 7d94c873: Syscall ordinal 104e for _NtUserGetIconInfo@24 (None) 7d94c8bf: Syscall ordinal 10ce for _NtUserSetWindowRgn@12 (None) 7d94cb0e: Syscall ordinal 10ad for _NtUserGetAtomName@8 (None) 7d94cc1b: Syscall ordinal 10bd for _NtUserGetClassInfoEx@20 (None) 7d94cd6a: Syscall ordinal 1099 for _NtUserThunkedMenuItemInfo@24 (None) 7d94cd87: Syscall ordinal 10c0 for _NtUserDeleteMenu@12 (None) 7d94d117: Syscall ordinal 10c2 for _NtUserScrollWindowEx@32 (None) 7d94d195: Syscall ordinal 127b for _NtUserSetLayeredWindowAttributes@16 (None) 7d94d1b2: Syscall ordinal 10c4 for _NtUserSetClassLong@16 (None) 7d94d3fd: Syscall ordinal 1104 for _NtUserGetGUIThreadInfo@8 (None) 7d94da17: Syscall ordinal 1010 for _NtUserTranslateAccelerator@12 (None) 7d94da4c: Syscall ordinal 1015 for _NtUserValidateTimerCallback@4 (None) 7d94deb1: Syscall ordinal 103d for _NtUserFindExistingCursorIcon@12 (None) 7d94df61: Syscall ordinal 103c for _NtUserShowScrollBar@12 (None) 7d94dfb5: Syscall ordinal 10e1 for _NtUserDestroyMenu@4 (None) 7d94e0d2: Syscall ordinal 10ba for _NtUserGetDoubleClickTime@0 (None) 7d94e284: Syscall ordinal 10bf for _NtUserUnregisterClass@12 (None) 7d94e5d6: Syscall ordinal 104d for _NtUserSBGetParms@16 (None) 7d94e66a: Syscall ordinal 1094 for _NtUserGetScrollBarInfo@12 (None) 7d94ed83: Syscall ordinal 10a8 for _NtUserSetCursorIconData@16 (None) 7d94f54e: Syscall ordinal 10f5 for _NtUserCreateAcceleratorTable@8 (None) 7d94f87b: Syscall ordinal 1077 for _NtUserCreateWindowEx@60 (None) 7d94f898: Syscall ordinal 10b4 for _NtUserRegisterClassExWOW@28 (None) 7d95008e: Syscall ordinal 1060 for _NtUserGetSystemMenu@8 (None) 7d9505a3: Syscall ordinal 1049 for _NtUserEnumDisplayMonitors@16 (None) 7d950e13: Syscall ordinal 105a for _NtUserMapVirtualKeyEx@16 (None) 7d950f8c: Syscall ordinal 110a for _NtUserUnhookWinEvent@4 (None) 7d951366: Syscall ordinal 10df for _NtUserTrackMouseEvent@4 (None) 7d9513f4: Syscall ordinal 1112 for _NtUserCallHwnd@8 (None) 7d9514e8: Syscall ordinal 10ec for _NtUserSetWindowWord@12 (None) 7d951835: Syscall ordinal 1089 for _NtUserGetIconSize@16 (None) 7d952548: Syscall ordinal 10f8 for _NtUserGetCaretBlinkTime@0 (None) 7d95256b: Syscall ordinal 123f for _NtUserGetCaretPos@4 (None) 7d9529aa: Syscall ordinal 1043 for _NtUserGetAsyncKeyState@4 (None) 7d952ab8: Syscall ordinal 10d2 for _NtUserCloseClipboard@0 (None) 7d952afd: Syscall ordinal 10d3 for _NtUserOpenClipboard@8 (None) 7d952c07: Syscall ordinal 104f for _NtUserExcludeUpdateRgn@8 (None) 7d952c24: Syscall ordinal 1079 for _NtUserGetKeyboardState@4 (None) 7d952c41: Syscall ordinal 10f3 for _NtUserSetKeyboardState@4 (None) 7d952d4b: Syscall ordinal 1044 for _NtUserGetCPD@12 (None) 7d952dce: Syscall ordinal 1027 for _NtUserVkKeyScanEx@12 (None) 7d952e3c: Syscall ordinal 102c for _NtUserNotifyWinEvent@16 (None) 7d9531f0: Syscall ordinal 1121 for _NtUserSetClipboardViewer@4 (None) 7d95320d: Syscall ordinal 111f for _NtUserChangeClipboardChain@8 (None) 7d953a99: Syscall ordinal 10f2 for _NtUserPaintMenuBar@24 (None) 7d954d8d: Syscall ordinal 108d for _NtUserSetWindowsHookEx@24 (None) 7d954f9a: Syscall ordinal 10b9 for _NtUserCloseWindowStation@4 (None) 7d955278: Syscall ordinal 1080 for _NtUserDefSetText@8 (None) 7d955c20: Syscall ordinal 1096 for _NtUserSetWindowFNID@8 (None) 7d955d70: Syscall ordinal 10dd for _NtUserSetThreadState@8 (None) 7d9566a3: Syscall ordinal 10e4 for _NtUserSetActiveWindow@4 (None) 7d956abc: Syscall ordinal 10f6 for _NtUserGetCursorFrameInfo@16 (None) 7d956b38: Syscall ordinal 101d for _NtUserCallNextHookEx@16 (None) 7d956bce: Syscall ordinal 10e6 for _NtUserSetWindowPlacement@8 (None) 7d956f86: Syscall ordinal 108a for _NtUserFillWindow@16 (None) 7d956fba: Syscall ordinal 1014 for _NtUserCallMsgFilter@8 (None) 7d957d5c: Syscall ordinal 110c for _NtUserLockWindowUpdate@4 (None) 7d958b57: Syscall ordinal 10fb for _NtUserEnumDisplayDevices@16 (None) 7d958cc0: Syscall ordinal 1109 for _NtUserSetWinEventHook@32 (None) 7d959cf6: Syscall ordinal 10aa for _NtUserCloseDesktop@4 (None) 7d959e46: Syscall ordinal 10b2 for _NtUserBuildNameList@16 (None) 7d959eb0: Syscall ordinal 10ab for _NtUserOpenDesktop@12 (None) 7d95a0f5: Syscall ordinal 10a1 for _NtUserOpenWindowStation@8 (None) 7d95a825: Syscall ordinal 107b for _NtUserGetControlBrush@12 (None) 7d9610e1: Syscall ordinal 10d7 for _NtUserAlterWindowStyle@12 (None) 7d9652e2: Syscall ordinal 1106 for _NtUserSetWindowsHookAW@12 (None) 7d96534d: Syscall ordinal 1108 for _NtUserCheckMenuItem@12 (None) 7d967424: Syscall ordinal 110d for _NtUserSetSystemMenu@8 (None) 7d9677a4: Syscall ordinal 110e for _NtUserThunkedMenuInfo@8 (None) 7d967fb4: Syscall ordinal 10cf for _NtUserBitBltSysBmp@32 (None) 7d969411: Syscall ordinal 1114 for _NtUserModifyUserStartupInfoFlags@8 (None) 7d9699bd: Syscall ordinal 1084 for _NtUserGetThreadDesktop@8 (None) 7d969c69: Syscall ordinal 10ed for _NtUserGetClipboardFormatName@12 (None) 7d969cf8: Syscall ordinal 10fc for _NtUserEmptyClipboard@0 (None) 7d969d13: Syscall ordinal 10cd for _NtUserGetClipboardOwner@0 (None) 7d969ef4: Syscall ordinal 10fd for _NtUserGetClipboardData@8 (None) 7d969f66: Syscall ordinal 10ef for _NtUserCreateLocalMemHandle@16 (None) 7d969f93: Syscall ordinal 10d5 for _NtUserSetClipboardData@12 (None) 7d96a120: Syscall ordinal 1102 for _NtUserConvertMemHandle@8 (None) 7d96a6bf: Syscall ordinal 10dc for _NtUserGetOpenClipboardWindow@0 (None) 7d96a6da: Syscall ordinal 1115 for _NtUserCountClipboardFormats@0 (None) 7d96a753: Syscall ordinal 122c for _NtUserClipCursor@4 (None) 7d96a8f2: Syscall ordinal 10c5 for _NtUserGetMenuBarInfo@16 (None) 7d96a963: Syscall ordinal 10fe for _NtUserRemoveMenu@12 (None) 7d96aa0e: Syscall ordinal 111a for _NtUserEnumDisplaySettings@16 (None) 7d96abbb: Syscall ordinal 102b for _NtUserCopyAcceleratorTable@12 (None) 7d96bca8: Syscall ordinal 107a for _NtUserToUnicodeEx@28 (None) 7d96c41c: Syscall ordinal 122b for _NtUserChildWindowFromPointEx@16 (None) 7d96c566: Syscall ordinal 1107 for _NtUserSetMenuDefaultItem@12 (None) 7d96d34e: Syscall ordinal 1113 for _NtUserDdeInitialize@20 (None) 7d96d976: Syscall ordinal 1231 for _NtUserDdeGetQualityOfService@12 (None) 7d96f7d7: Syscall ordinal 127d for _NtUserSetMenu@12 (None) 7d96f996: Syscall ordinal 10ac for _NtUserSetProcessWindowStation@4 (None) 7d96fa81: Syscall ordinal 1092 for _NtUserSetThreadDesktop@4 (None) 7d96fd73: Syscall ordinal 10e7 for _NtUserGetControlColor@16 (None) 7d9819d7: Syscall ordinal 1296 for _NtUserWaitForMsgAndEvent@4 (None) 7d981d9c: Syscall ordinal 1126 for _NtUserActivateKeyboardLayout@8 (None) 7d981db9: Syscall ordinal 1123 for _NtUserSetConsoleReserveKeys@8 (None) 7d981f00: Syscall ordinal 1262 for _NtUserMinMaximize@12 (None) 7d986b17: Syscall ordinal 1286 for _NtUserSetWindowStationUser@16 (None) 7d986b34: Syscall ordinal 1229 for _NtUserCallHwndOpt@8 (None) 7d986b51: Syscall ordinal 122f for _NtUserCreateWindowStation@28 (None) 7d9a0785: Syscall ordinal 1083 for _NtUserSendInput@12 (None) 7d9a07a2: Syscall ordinal 10bb for _NtUserEnableScrollBar@12 (None) 7d9a07bf: Syscall ordinal 10e5 for _NtUserSetInformationThread@16 (None) 7d9a07dc: Syscall ordinal 10ee for _NtUserRealInternalGetMessage@24 (None) 7d9a07f9: Syscall ordinal 10f0 for _NtUserAttachThreadInput@12 (None) 7d9a0816: Syscall ordinal 10f7 for _NtUserGetAltTabInfo@24 (None) 7d9a0833: Syscall ordinal 10fa for _NtUserProcessConnect@12 (None) 7d9a0850: Syscall ordinal 111b for _NtUserPaintDesktop@4 (None) 7d9a086d: Syscall ordinal 1122 for _NtUserShowWindowAsync@8 (None) 7d9a088a: Syscall ordinal 1226 for _NtUserBlockInput@4 (None) 7d9a08a7: Syscall ordinal 1228 for _NtUserBuildPropList@16 (None) 7d9a08c4: Syscall ordinal 122a for _NtUserChangeDisplaySettings@16 (None) 7d9a08e1: Syscall ordinal 122d for _NtUserCreateDesktop@20 (None) 7d9a08fe: Syscall ordinal 1232 for _NtUserDdeSetQualityOfService@12 (None) 7d9a091b: Syscall ordinal 1235 for _NtUserDragDetect@12 (None) 7d9a0938: Syscall ordinal 1236 for _NtUserDragObject@20 (None) 7d9a0955: Syscall ordinal 1237 for _NtUserDrawAnimatedRects@16 (None) 7d9a0972: Syscall ordinal 1238 for _NtUserDrawCaption@16 (None) 7d9a098f: Syscall ordinal 1239 for _NtUserDrawCaptionTemp@28 (None) 7d9a09ac: Syscall ordinal 123a for _NtUserDrawMenuBarTemp@20 (None) 7d9a09c9: Syscall ordinal 123b for _NtUserEndMenu@0 (None) 7d9a09e4: Syscall ordinal 123c for _NtUserEvent@4 (None) 7d9a0a01: Syscall ordinal 123d for _NtUserFlashWindowEx@4 (None) 7d9a0a1e: Syscall ordinal 1240 for _NtUserGetClipCursor@4 (None) 7d9a0a3b: Syscall ordinal 1241 for _NtUserGetClipboardViewer@0 (None) 7d9a0a56: Syscall ordinal 1242 for _NtUserGetComboBoxInfo@8 (None) 7d9a0a73: Syscall ordinal 1243 for _NtUserGetCursorInfo@4 (None) 7d9a0a90: Syscall ordinal 1244 for _NtUserGetGuiResources@8 (None) 7d9a0aad: Syscall ordinal 1245 for _NtUserGetImeHotKey@16 (None) 7d9a0aca: Syscall ordinal 1247 for _NtUserGetInternalWindowPos@12 (None) 7d9a0ae7: Syscall ordinal 1248 for _NtUserGetKeyNameText@12 (None) 7d9a0b04: Syscall ordinal 1249 for _NtUserGetKeyboardLayoutName@4 (None) 7d9a0b21: Syscall ordinal 124a for _NtUserGetLayeredWindowAttributes@16 (None) 7d9a0b3e: Syscall ordinal 124b for _NtUserGetListBoxInfo@4 (None) 7d9a0b5b: Syscall ordinal 124c for _NtUserGetMenuIndex@8 (None) 7d9a0b78: Syscall ordinal 124d for _NtUserGetMenuItemRect@16 (None) 7d9a0b95: Syscall ordinal 124e for _NtUserGetMouseMovePointsEx@20 (None) 7d9a0bb2: Syscall ordinal 124f for _NtUserGetPriorityClipboardFormat@8 (None) 7d9a0bcf: Syscall ordinal 1250 for _NtUserGetRawInputBuffer@12 (None) 7d9a0bec: Syscall ordinal 1251 for _NtUserGetRawInputData@20 (None) 7d9a0c09: Syscall ordinal 1252 for _NtUserGetRawInputDeviceInfo@16 (None) 7d9a0c26: Syscall ordinal 1253 for _NtUserGetRawInputDeviceList@12 (None) 7d9a0c43: Syscall ordinal 1254 for _NtUserGetRegisteredRawInputDevices@12 (None) 7d9a0c60: Syscall ordinal 1255 for _NtUserGetWOWClass@8 (None) 7d9a0c7d: Syscall ordinal 1257 for _NtUserHiliteMenuItem@16 (None) 7d9a0c9a: Syscall ordinal 1258 for _NtUserImpersonateDdeClientWindow@8 (None) 7d9a0cb7: Syscall ordinal 1259 for _NtUserInitTask@48 (None) 7d9a0cd4: Syscall ordinal 125c for _NtUserLoadKeyboardLayoutEx@28 (None) 7d9a0cf1: Syscall ordinal 125d for _NtUserLockWindowStation@4 (None) 7d9a0d0e: Syscall ordinal 125e for _NtUserLockWorkStation@0 (None) 7d9a0d29: Syscall ordinal 125f for _NtUserMNDragLeave@0 (None) 7d9a0d44: Syscall ordinal 1260 for _NtUserMNDragOver@8 (None) 7d9a0d61: Syscall ordinal 1261 for _NtUserMenuItemFromPoint@16 (None) 7d9a0d7e: Syscall ordinal 1263 for _NtUserNotifyIMEStatus@12 (None) 7d9a0d9b: Syscall ordinal 1264 for _NtUserOpenInputDesktop@12 (None) 7d9a0db8: Syscall ordinal 1265 for _NtUserPrintWindow@12 (None) 7d9a0dd5: Syscall ordinal 1268 for _NtUserQuerySendMessage@4 (None) 7d9a0df2: Syscall ordinal 1269 for _NtUserRealChildWindowFromPoint@12 (None) 7d9a0e0f: Syscall ordinal 126a for _NtUserRealWaitMessageEx@8 (None) 7d9a0e2c: Syscall ordinal 126b for _NtUserRegisterHotKey@16 (None) 7d9a0e49: Syscall ordinal 126c for _NtUserRegisterRawInputDevices@12 (None) 7d9a0e66: Syscall ordinal 126d for _NtUserRegisterTasklist@4 (None) 7d9a0e83: Syscall ordinal 126e for _NtUserRegisterUserApiHook@16 (None) 7d9a0ea0: Syscall ordinal 1273 for _NtUserResolveDesktopForWOW@4 (None) 7d9a0ebd: Syscall ordinal 1275 for _NtUserSetClassWord@12 (None) 7d9a0eda: Syscall ordinal 1276 for _NtUserSetCursorContents@8 (None) 7d9a0ef7: Syscall ordinal 1277 for _NtUserSetImeHotKey@20 (None) 7d9a0f14: Syscall ordinal 1279 for _NtUserSetImeOwnerWindow@8 (None) 7d9a0f31: Syscall ordinal 127a for _NtUserSetInternalWindowPos@16 (None) 7d9a0f4e: Syscall ordinal 127c for _NtUserSetLogonNotifyWindow@4 (None) 7d9a0f6b: Syscall ordinal 127e for _NtUserSetMenuContextHelpId@8 (None) 7d9a0f88: Syscall ordinal 127f for _NtUserSetMenuFlagRtoL@4 (None) 7d9a0fa5: Syscall ordinal 1280 for _NtUserSetObjectInformation@16 (SetUserObjectInformationA) 7d9a0fc2: Syscall ordinal 1281 for _NtUserSetShellWindowEx@8 (None) 7d9a0fdf: Syscall ordinal 1282 for _NtUserSetSysColors@16 (None) 7d9a0ffc: Syscall ordinal 1283 for _NtUserSetSystemCursor@8 (None) 7d9a1019: Syscall ordinal 1284 for _NtUserSetSystemTimer@16 (None) 7d9a1036: Syscall ordinal 1288 for _NtUserSwitchDesktop@4 (None) 7d9a1053: Syscall ordinal 1289 for _NtUserTestForInteractiveUser@4 (None) 7d9a1070: Syscall ordinal 128a for _NtUserTrackPopupMenuEx@24 (None) 7d9a108d: Syscall ordinal 128b for _NtUserUnloadKeyboardLayout@4 (None) 7d9a10aa: Syscall ordinal 128c for _NtUserUnlockWindowStation@4 (None) 7d9a10c7: Syscall ordinal 128d for _NtUserUnregisterHotKey@8 (None) 7d9a10e4: Syscall ordinal 128e for _NtUserUnregisterUserApiHook@0 (None) 7d9a10ff: Syscall ordinal 128f for _NtUserUpdateInputContext@12 (None) 7d9a111c: Syscall ordinal 1290 for _NtUserUpdateInstance@12 (None) 7d9a1139: Syscall ordinal 1292 for _NtUserUpdatePerUserSystemParameters@8 (None) 7d9a1156: Syscall ordinal 1293 for _NtUserUserHandleGrantAccess@12 (None) 7d9a1173: Syscall ordinal 1294 for _NtUserValidateHandleSecure@4 (None) 7d9a1190: Syscall ordinal 1295 for _NtUserWaitForInputIdle@12 (None) 7d9a11ad: Syscall ordinal 1297 for _NtUserWin32PoolAllocationStats@24 (None) 7d9a11ca: Syscall ordinal 1298 for _NtUserYieldTask@0 (None)
And here is the output for kernel32.dll:
7d4df1bc: Syscall ordinal 3000 for _NtWow64CsrBasepSoundSentryNotification@4 (None) 7d4df1d4: Syscall ordinal 3001 for _NtWow64CsrBasepRefreshIniFileMapping@4 (None) 7d4df1ec: Syscall ordinal 3002 for _NtWow64CsrBasepDefineDosDevice@12 (None) 7d4df204: Syscall ordinal 3003 for _NtWow64CsrBasepGetTempFile@0 (None) 7d4df218: Syscall ordinal 3004 for _NtWow64CsrBasepCreateProcess@4 (None) 7d4df230: Syscall ordinal 3005 for _NtWow64CsrBasepExitProcess@4 (None) 7d4df248: Syscall ordinal 3006 for _NtWow64CsrBasepSetProcessShutdownParam@8 (None) 7d4df260: Syscall ordinal 3007 for _NtWow64CsrBasepGetProcessShutdownParam@8 (None) 7d4df278: Syscall ordinal 3008 for _NtWow64CsrBasepSetTermsrvAppInstallMode@4 (None) 7d4df290: Syscall ordinal 3009 for _NtWow64CsrBasepSetClientTimeZoneInformation@4 (None) 7d4df2a8: Syscall ordinal 300a for _NtWow64CsrBasepCreateThread@12 (None) 7d4df2c0: Syscall ordinal 300b for _NtWow64CsrBaseClientConnectToServer@12 (None) 7d4df2d8: Syscall ordinal 300c for _NtWow64CsrBasepNlsSetUserInfo@12 (None) 7d4df2f0: Syscall ordinal 300d for _NtWow64CsrBasepNlsSetMultipleUserInfo@28 (None) 7d4df308: Syscall ordinal 300e for _NtWow64CsrBasepNlsCreateSection@12 (None) 7d4df320: Syscall ordinal 300f for _NtWow64CsrBasepCreateActCtx@4 (None) 7d4df338: Syscall ordinal 3010 for _NtWow64CsrBasepNlsUpdateCacheCount@0 (None) 7d4df34c: Syscall ordinal 3011 for _NtWow64CsrBaseCheckRunApp@40 (None) 7d4df364: Syscall ordinal 3012 for _NtWow64CsrBasepNlsGetUserInfo@8 (None) 7d4df37c: Syscall ordinal 3013 for _NtWow64CsrBaseQueryModuleData@20 (None) 7d4e9514: Syscall ordinal 203b for _ConnectConsoleInternal@12 (None) 7d4ea51e: Syscall ordinal 2000 for _OpenConsoleWInternal@16 (None) 7d4eade7: Syscall ordinal 203f for _GetConsoleLangId@4 (None) 7d4eb3ee: Syscall ordinal 204b for _GetConsoleTitleInternal@12 (None) 7d4eb7a2: Syscall ordinal 202a for _GetConsoleCP@0 (None) 7d4ed26f: Syscall ordinal 2007 for _VerifyConsoleIoHandle@4 (None) 7d4ed28c: Syscall ordinal 2012 for _GetConsoleMode@8 (None) 7d4ed2a9: Syscall ordinal 2002 for _WriteConsoleInternal@20 (None) 7d4ed325: Syscall ordinal 2004 for _DuplicateConsoleHandle@16 (None) 7d4ed34c: Syscall ordinal 2003 for _CloseConsoleHandle@4 (None) 7d4ed374: Syscall ordinal 201e for _SetConsoleMode@8 (None) 7d4ed51b: Syscall ordinal 202c for _GetConsoleOutputCP@0 (None) 7d503305: Syscall ordinal 2017 for _GetConsoleScreenBufferInfo@8 (None) 7d54f034: Syscall ordinal 2001 for _ReadConsoleInternal@32 (None) 7d54f051: Syscall ordinal 2005 for _GetConsoleHandleInformation@8 (None) 7d54f06e: Syscall ordinal 2006 for _SetConsoleHandleInformation@12 (None) 7d54f08b: Syscall ordinal 2008 for _SetLastConsoleEventActiveInternal@0 (None) 7d54f0a6: Syscall ordinal 2009 for _GetConsoleInput@24 (None) 7d54f0c3: Syscall ordinal 200a for _WriteConsoleInputInternal@24 (None) 7d54f0e0: Syscall ordinal 200b for _ReadConsoleOutputInternal@24 (None) 7d54f0fd: Syscall ordinal 200c for _WriteConsoleOutputInternal@24 (None) 7d54f11a: Syscall ordinal 200d for _ReadConsoleOutputString@28 (None) 7d54f137: Syscall ordinal 200e for _WriteConsoleOutputString@28 (None) 7d54f154: Syscall ordinal 200f for _FillConsoleOutput@24 (None) 7d54f171: Syscall ordinal 2010 for _CreateConsoleScreenBuffer@20 (None) 7d54f18e: Syscall ordinal 2011 for _InvalidateConsoleDIBits@8 (None) 7d54f1ab: Syscall ordinal 2013 for _GetConsoleProcessList@8 (None) 7d54f1c8: Syscall ordinal 2014 for _GetNumberOfConsoleFonts@0 (None) 7d54f1e3: Syscall ordinal 2015 for _GetNumberOfConsoleInputEvents@8 (None) 7d54f200: Syscall ordinal 2016 for _GetLargestConsoleWindowSize@4 (None) 7d54f21d: Syscall ordinal 2018 for _GetConsoleCursorInfo@8 (None) 7d54f23a: Syscall ordinal 2019 for _GetConsoleSelectionInfo@4 (None) 7d54f257: Syscall ordinal 201a for _GetNumberOfConsoleMouseButtons@4 (None) 7d54f274: Syscall ordinal 201b for _GetConsoleFontInfo@16 (None) 7d54f291: Syscall ordinal 201c for _GetConsoleFontSize@8 (None) 7d54f2ae: Syscall ordinal 201d for _GetCurrentConsoleFont@12 (None) 7d54f2cb: Syscall ordinal 201f for _GenerateConsoleCtrlEvent@8 (None) 7d54f2e8: Syscall ordinal 2020 for _SetConsoleActiveScreenBuffer@4 (None) 7d54f305: Syscall ordinal 2021 for _FlushConsoleInputBuffer@4 (None) 7d54f322: Syscall ordinal 2022 for _SetConsoleScreenBufferSize@8 (None) 7d54f33f: Syscall ordinal 2023 for _SetConsoleCursorPosition@8 (None) 7d54f35c: Syscall ordinal 2024 for _SetConsoleCursorInfo@8 (None) 7d54f379: Syscall ordinal 2025 for _SetConsoleWindowInfo@12 (None) 7d54f396: Syscall ordinal 2026 for _ScrollConsoleScreenBufferInternal@24 (None) 7d54f3b3: Syscall ordinal 2027 for _SetConsoleTextAttribute@8 (None) 7d54f3d0: Syscall ordinal 2028 for _SetConsoleFont@8 (None) 7d54f3ed: Syscall ordinal 2029 for _SetConsoleIcon@4 (None) 7d54f40a: Syscall ordinal 202b for _SetConsoleCP@4 (None) 7d54f427: Syscall ordinal 202d for _SetConsoleOutputCPInternal@4 (None) 7d54f444: Syscall ordinal 202e for _GetConsoleKeyboardLayoutNameWorker@8 (None) 7d54f461: Syscall ordinal 202f for _GetConsoleWindow@0 (None) 7d54f47c: Syscall ordinal 2030 for _SetConsoleCursor@8 (None) 7d54f499: Syscall ordinal 2031 for _ShowConsoleCursor@8 (None) 7d54f4b6: Syscall ordinal 2032 for _ConsoleMenuControl@12 (None) 7d54f4d3: Syscall ordinal 2033 for _SetConsolePaletteInternal@12 (None) 7d54f4f0: Syscall ordinal 2034 for _RegisterConsoleVDM@44 (None) 7d54f50d: Syscall ordinal 2035 for _SetConsoleDisplayMode@12 (None) 7d54f52a: Syscall ordinal 2036 for _GetConsoleHardwareState@12 (None) 7d54f547: Syscall ordinal 2037 for _SetConsoleHardwareState@12 (None) 7d54f564: Syscall ordinal 2038 for _GetConsoleDisplayMode@4 (None) 7d54f581: Syscall ordinal 2039 for _SetConsoleKeyShortcuts@16 (None) 7d54f59e: Syscall ordinal 203a for _SetConsoleMenuClose@4 (None) 7d54f5bb: Syscall ordinal 203c for _AllocConsoleInternal@44 (None) 7d54f5d8: Syscall ordinal 203d for _FreeConsoleInternal@0 (None) 7d54f5f3: Syscall ordinal 203e for _AttachConsoleInternal@16 (None) 7d54f610: Syscall ordinal 2040 for _AddConsoleAliasInternal@24 (None) 7d54f62d: Syscall ordinal 2041 for _GetConsoleAliasInternal@24 (None) 7d54f64a: Syscall ordinal 2042 for _GetConsoleAliasesLengthInternal@8 (None) 7d54f667: Syscall ordinal 2043 for _GetConsoleAliasExesLengthInternal@4 (None) 7d54f684: Syscall ordinal 2044 for _GetConsoleAliasesInternal@16 (None) 7d54f6a1: Syscall ordinal 2045 for _GetConsoleAliasExesInternal@12 (None) 7d54f6be: Syscall ordinal 2046 for _ExpungeConsoleCommandHistoryInternal@8 (None) 7d54f6db: Syscall ordinal 2047 for _SetConsoleNumberOfCommandsInternal@12 (None) 7d54f6f8: Syscall ordinal 2048 for _GetConsoleCommandHistoryLengthInternal@8 (None) 7d54f715: Syscall ordinal 2049 for _GetConsoleCommandHistoryInternal@16 (None) 7d54f732: Syscall ordinal 204a for _SetConsoleCommandHistoryMode@4 (None) 7d54f74f: Syscall ordinal 204c for _SetConsoleTitleInternal@12 (None) 7d54f76c: Syscall ordinal 204d for _GetConsoleCharType@12 (None) 7d54f789: Syscall ordinal 204e for _SetConsoleLocalEUDC@16 (None) 7d54f7a6: Syscall ordinal 204f for _SetConsoleCursorMode@12 (None) 7d54f7c3: Syscall ordinal 2050 for _GetConsoleCursorMode@12 (None) 7d54f7e0: Syscall ordinal 2051 for _RegisterConsoleOS2@4 (None) 7d54f7fd: Syscall ordinal 2052 for _SetConsoleOS2OemFormat@4 (None) 7d54f81a: Syscall ordinal 2053 for _GetConsoleNlsMode@8 (None) 7d54f837: Syscall ordinal 2054 for _SetConsoleNlsMode@8 (None) 7d54f854: Syscall ordinal 2055 for _RegisterConsoleIMEInternal@20 (None) 7d54f871: Syscall ordinal 2056 for _UnregisterConsoleIMEInternal@4 (None)
Indefinite Studies 