首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>系统安全>文章内容
Windows 系统调用功能列表
来源:www.whitecell.org 作者:tombkeeper 发布时间:2004-03-12  

Windows 系统调用功能列表

tombkeeper#nsfocus.com
tombkeeper#whitecell.org

Ralf Brown曾经维护过一份中断列表,其中包含了Windows NT 4 int 2e的调用表。
但是Windows 2000的int 2e调用和Windows NT 4已经完全不一样了,并且从Windows XP
开始,微软用更快速的所谓“Fast System Call”指令取代了int 2e。下面是我抽取的
Windows 2000、Windows XP、Windows 2003的所有系统调用功能号列表,也包括来自于
Ralf Brown的Windows NT 4 int 2e调用表。

Windows 2000 int 2e 功能表
共248个
EAX = function number
EDX = address of parameter block
0x0 AcceptConnectPort
0x1 AccessCheck
0x2 AccessCheckAndAuditAlarm
0x3 AccessCheckByType
0x4 AccessCheckByTypeAndAuditAlarm
0x5 AccessCheckByTypeResultList
0x6 AccessCheckByTypeResultListAndAuditAlarm
0x7 AccessCheckByTypeResultListAndAuditAlarmByHandle
0x8 AddAtom
0x9 AdjustGroupsToken
0xa AdjustPrivilegesToken
0xb AlertResumeThread
0xc AlertThread
0xd AllocateLocallyUniqueId
0xe AllocateUserPhysicalPages
0xf AllocateUuids
0x10 AllocateVirtualMemory
0x11 AreMappedFilesTheSame
0x12 AssignProcessToJobObject
0x13 CallbackReturn
0x14 CancelIoFile
0x15 CancelTimer
0x16 CancelDeviceWakeupRequest
0x17 ClearEvent
0x18 Close
0x19 CloseObjectAuditAlarm
0x1a CompleteConnectPort
0x1b ConnectPort
0x1c Continue
0x1d CreateDirectoryObject
0x1e CreateEvent
0x1f CreateEventPair
0x20 CreateFile
0x21 CreateIoCompletion
0x22 CreateJobObject
0x23 CreateKey
0x24 CreateMailslotFile
0x25 CreateMutant
0x26 CreateNamedPipeFile
0x27 CreatePagingFile
0x28 CreatePort
0x29 CreateProcess
0x2a CreateProfile
0x2b CreateSection
0x2c CreateSemaphore
0x2d CreateSymbolicLinkObject
0x2e CreateThread
0x2f CreateTimer
0x30 CreateToken
0x31 CreateWaitablePort
0x32 DelayExecution
0x33 DeleteAtom
0x34 DeleteFile
0x35 DeleteKey
0x36 DeleteObjectAuditAlarm
0x37 DeleteValueKey
0x38 DeviceIoControlFile
0x39 DisplayString
0x3a DuplicateObject
0x3b DuplicateToken
0x3c EnumerateKey
0x3d EnumerateValueKey
0x3e ExtendSection
0x3f FilterToken
0x40 FindAtom
0x41 FlushBuffersFile
0x42 FlushInstructionCache
0x43 FlushKey
0x44 FlushVirtualMemory
0x45 FlushWriteBuffer
0x46 FreeUserPhysicalPages
0x47 FreeVirtualMemory
0x48 FsControlFile
0x49 GetContextThread
0x4a GetDevicePowerState
0x4b GetPlugPlayEvent
0x4c GetTickCount
0x4d GetWriteWatch
0x4e ImpersonateAnonymousToken
0x4f ImpersonateClientOfPort
0x50 ImpersonateThread
0x51 InitializeRegistry
0x52 InitiatePowerAction
0x53 IsSystemResumeAutomatic
0x54 ListenPort
0x55 LoadDriver
0x56 LoadKey
0x57 LoadKey2
0x58 LockFile
0x59 LockVirtualMemory
0x5a MakeTemporaryObject
0x5b MapUserPhysicalPages
0x5c MapUserPhysicalPagesScatter
0x5d MapViewOfSection
0x5e NotifyChangeDirectoryFile
0x5f NotifyChangeKey
0x60 NotifyChangeMultipleKeys
0x61 OpenDirectoryObject
0x62 OpenEvent
0x63 OpenEventPair
0x64 OpenFile
0x65 OpenIoCompletion
0x66 OpenJobObject
0x67 OpenKey
0x68 OpenMutant
0x69 OpenObjectAuditAlarm
0x6a OpenProcess
0x6b OpenProcessToken
0x6c OpenSection
0x6d OpenSemaphore
0x6e OpenSymbolicLinkObject
0x6f OpenThread
0x70 OpenThreadToken
0x71 OpenTimer
0x72 PlugPlayControl
0x73 PowerInformation
0x74 PrivilegeCheck
0x75 PrivilegedServiceAuditAlarm
0x76 PrivilegeObjectAuditAlarm
0x77 ProtectVirtualMemory
0x78 PulseEvent
0x79 QueryInformationAtom
0x7a QueryAttributesFile
0x7b QueryDefaultLocale
0x7c QueryDefaultUILanguage
0x7d QueryDirectoryFile
0x7e QueryDirectoryObject
0x7f QueryEaFile
0x80 QueryEvent
0x81 QueryFullAttributesFile
0x82 QueryInformationFile
0x83 QueryInformationJobObject
0x84 QueryIoCompletion
0x85 QueryInformationPort
0x86 QueryInformationProcess
0x87 QueryInformationThread
0x88 QueryInformationToken
0x89 QueryInstallUILanguage
0x8a QueryIntervalProfile
0x8b QueryKey
0x8c QueryMultipleValueKey
0x8d QueryMutant
0x8e QueryObject
0x8f QueryOpenSubKeys
0x90 QueryPerformanceCounter
0x91 QueryQuotaInformationFile
0x92 QuerySection
0x93 QuerySecurityObject
0x94 QuerySemaphore
0x95 QuerySymbolicLinkObject
0x96 QuerySystemEnvironmentValue
0x97 QuerySystemInformation
0x98 QuerySystemTime
0x99 QueryTimer
0x9a QueryTimerResolution
0x9b QueryValueKey
0x9c QueryVirtualMemory
0x9d QueryVolumeInformationFile
0x9e QueueApcThread
0x9f RaiseException
0xa0 RaiseHardError
0xa1 ReadFile
0xa2 ReadFileScatter
0xa3 ReadRequestData
0xa4 ReadVirtualMemory
0xa5 RegisterThreadTerminatePort
0xa6 ReleaseMutant
0xa7 ReleaseSemaphore
0xa8 RemoveIoCompletion
0xa9 ReplaceKey
0xaa ReplyPort
0xab ReplyWaitReceivePort
0xac ReplyWaitReceivePortEx
0xad ReplyWaitReplyPort
0xae RequestDeviceWakeup
0xaf RequestPort
0xb0 RequestWaitReplyPort
0xb1 RequestWakeupLatency
0xb2 ResetEvent
0xb3 ResetWriteWatch
0xb4 RestoreKey
0xb5 ResumeThread
0xb6 SaveKey
0xb7 SaveMergedKeys
0xb8 SecureConnectPort
0xb9 SetIoCompletion
0xba SetContextThread
0xbb SetDefaultHardErrorPort
0xbc SetDefaultLocale
0xbd SetDefaultUILanguage
0xbe SetEaFile
0xbf SetEvent
0xc0 SetHighEventPair
0xc1 SetHighWaitLowEventPair
0xc2 SetInformationFile
0xc3 SetInformationJobObject
0xc4 SetInformationKey
0xc5 SetInformationObject
0xc6 SetInformationProcess
0xc7 SetInformationThread
0xc8 SetInformationToken
0xc9 SetIntervalProfile
0xca SetLdtEntries
0xcb SetLowEventPair
0xcc SetLowWaitHighEventPair
0xcd SetQuotaInformationFile
0xce SetSecurityObject
0xcf SetSystemEnvironmentValue
0xd0 SetSystemInformation
0xd1 SetSystemPowerState
0xd2 SetSystemTime
0xd3 SetThreadExecutionState
0xd4 SetTimer
0xd5 SetTimerResolution
0xd6 SetUuidSeed
0xd7 SetValueKey
0xd8 SetVolumeInformationFile
0xd9 ShutdownSystem
0xda SignalAndWaitForSingleObject
0xdb StartProfile
0xdc StopProfile
0xdd SuspendThread
0xde SystemDebugControl
0xdf TerminateJobObject
0xe0 TerminateProcess
0xe1 TerminateThread
0xe2 TestAlert
0xe3 UnloadDriver
0xe4 UnloadKey
0xe5 UnlockFile
0xe6 UnlockVirtualMemory
0xe7 UnmapViewOfSection
0xe8 VdmControl
0xe9 WaitForMultipleObjects
0xea WaitForSingleObject
0xeb WaitHighEventPair
0xec WaitLowEventPair
0xed WriteFile
0xee WriteFileGather
0xef WriteRequestData
0xf0 WriteVirtualMemory
0xf1 CreateChannel
0xf2 ListenChannel
0xf3 OpenChannel
0xf4 ReplyWaitSendChannel
0xf5 SendWaitReplyChannel
0xf6 SetContextChannel
0xf7 YieldExecution

Windows XP sysenter 功能表
共284个
0x0 AcceptConnectPort
0x1 AccessCheck
0x2 AccessCheckAndAuditAlarm
0x3 AccessCheckByType
0x4 AccessCheckByTypeAndAuditAlarm
0x5 AccessCheckByTypeResultList
0x6 AccessCheckByTypeResultListAndAuditAlarm
0x7 AccessCheckByTypeResultListAndAuditAlarmByHandle
0x8 AddAtom
0x9 AddBootEntry
0xa AdjustGroupsToken
0xb AdjustPrivilegesToken
0xc AlertResumeThread
0xd AlertThread
0xe AllocateLocallyUniqueId
0xf AllocateUserPhysicalPages
0x10 AllocateUuids
0x11 AllocateVirtualMemory
0x12 AreMappedFilesTheSame
0x13 AssignProcessToJobObject
0x14 CallbackReturn
0x15 CancelDeviceWakeupRequest
0x16 CancelIoFile
0x17 CancelTimer
0x18 ClearEvent
0x19 Close
0x1a CloseObjectAuditAlarm
0x1b CompactKeys
0x1c CompareTokens
0x1d CompleteConnectPort
0x1e CompressKey
0x1f ConnectPort
0x20 Continue
0x21 CreateDebugObject
0x22 CreateDirectoryObject
0x23 CreateEvent
0x24 CreateEventPair
0x25 CreateFile
0x26 CreateIoCompletion
0x27 CreateJobObject
0x28 CreateJobSet
0x29 CreateKey
0x2a CreateMailslotFile
0x2b CreateMutant
0x2c CreateNamedPipeFile
0x2d CreatePagingFile
0x2e CreatePort
0x2f CreateProcess
0x30 CreateProcessEx
0x31 CreateProfile
0x32 CreateSection
0x33 CreateSemaphore
0x34 CreateSymbolicLinkObject
0x35 CreateThread
0x36 CreateTimer
0x37 CreateToken
0x38 CreateWaitablePort
0x39 DebugActiveProcess
0x3a DebugContinue
0x3b DelayExecution
0x3c DeleteAtom
0x3d DeleteBootEntry
0x3e DeleteFile
0x3f DeleteKey
0x40 DeleteObjectAuditAlarm
0x41 DeleteValueKey
0x42 DeviceIoControlFile
0x43 DisplayString
0x44 DuplicateObject
0x45 DuplicateToken
0x46 EnumerateBootEntries
0x47 EnumerateKey
0x48 EnumerateSystemEnvironmentValuesEx
0x49 EnumerateValueKey
0x4a ExtendSection
0x4b FilterToken
0x4c FindAtom
0x4d FlushBuffersFile
0x4e FlushInstructionCache
0x4f FlushKey
0x50 FlushVirtualMemory
0x51 FlushWriteBuffer
0x52 FreeUserPhysicalPages
0x53 FreeVirtualMemory
0x54 FsControlFile
0x55 GetContextThread
0x56 GetDevicePowerState
0x57 GetPlugPlayEvent
0x58 GetWriteWatch
0x59 ImpersonateAnonymousToken
0x5a ImpersonateClientOfPort
0x5b ImpersonateThread
0x5c InitializeRegistry
0x5d InitiatePowerAction
0x5e IsProcessInJob
0x5f IsSystemResumeAutomatic
0x60 ListenPort
0x61 LoadDriver
0x62 LoadKey
0x63 LoadKey2
0x64 LockFile
0x65 LockProductActivationKeys
0x66 LockRegistryKey
0x67 LockVirtualMemory
0x68 MakePermanentObject
0x69 MakeTemporaryObject
0x6a MapUserPhysicalPages
0x6b MapUserPhysicalPagesScatter
0x6c MapViewOfSection
0x6d ModifyBootEntry
0x6e NotifyChangeDirectoryFile
0x6f NotifyChangeKey
0x70 NotifyChangeMultipleKeys
0x71 OpenDirectoryObject
0x72 OpenEvent
0x73 OpenEventPair
0x74 OpenFile
0x75 OpenIoCompletion
0x76 OpenJobObject
0x77 OpenKey
0x78 OpenMutant
0x79 OpenObjectAuditAlarm
0x7a OpenProcess
0x7b OpenProcessToken
0x7c OpenProcessTokenEx
0x7d OpenSection
0x7e OpenSemaphore
0x7f OpenSymbolicLinkObject
0x80 OpenThread
0x81 OpenThreadToken
0x82 OpenThreadTokenEx
0x83 OpenTimer
0x84 PlugPlayControl
0x85 PowerInformation
0x86 PrivilegeCheck
0x87 PrivilegeObjectAuditAlarm
0x88 PrivilegedServiceAuditAlarm
0x89 ProtectVirtualMemory
0x8a PulseEvent
0x8b QueryAttributesFile
0x8c QueryBootEntryOrder
0x8d QueryBootOptions
0x8e QueryDebugFilterState
0x8f QueryDefaultLocale
0x90 QueryDefaultUILanguage
0x91 QueryDirectoryFile
0x92 QueryDirectoryObject
0x93 QueryEaFile
0x94 QueryEvent
0x95 QueryFullAttributesFile
0x96 QueryInformationAtom
0x97 QueryInformationFile
0x98 QueryInformationJobObject
0x99 QueryInformationPort
0x9a QueryInformationProcess
0x9b QueryInformationThread
0x9c QueryInformationToken
0x9d QueryInstallUILanguage
0x9e QueryIntervalProfile
0x9f QueryIoCompletion
0xa0 QueryKey
0xa1 QueryMultipleValueKey
0xa2 QueryMutant
0xa3 QueryObject
0xa4 QueryOpenSubKeys
0xa5 QueryPerformanceCounter
0xa6 QueryQuotaInformationFile
0xa7 QuerySection
0xa8 QuerySecurityObject
0xa9 QuerySemaphore
0xaa QuerySymbolicLinkObject
0xab QuerySystemEnvironmentValue
0xac QuerySystemEnvironmentValueEx
0xad RtlGetNativeSystemInformation
0xae QuerySystemTime
0xaf QueryTimer
0xb0 QueryTimerResolution
0xb1 QueryValueKey
0xb2 QueryVirtualMemory
0xb3 QueryVolumeInformationFile
0xb4 QueueApcThread
0xb5 RaiseException
0xb6 RaiseHardError
0xb7 ReadFile
0xb8 ReadFileScatter
0xb9 ReadRequestData
0xba ReadVirtualMemory
0xbb RegisterThreadTerminatePort
0xbc ReleaseMutant
0xbd ReleaseSemaphore
0xbe RemoveIoCompletion
0xbf RemoveProcessDebug
0xc0 RenameKey
0xc1 ReplaceKey
0xc2 ReplyPort
0xc3 ReplyWaitReceivePort
0xc4 ReplyWaitReceivePortEx
0xc5 ReplyWaitReplyPort
0xc6 RequestDeviceWakeup
0xc7 RequestPort
0xc8 RequestWaitReplyPort
0xc9 RequestWakeupLatency
0xca ResetEvent
0xcb ResetWriteWatch
0xcc RestoreKey
0xcd ResumeProcess
0xce ResumeThread
0xcf SaveKey
0xd0 SaveKeyEx
0xd1 SaveMergedKeys
0xd2 SecureConnectPort
0xd3 SetBootEntryOrder
0xd4 SetBootOptions
0xd5 SetContextThread
0xd6 SetDebugFilterState
0xd7 SetDefaultHardErrorPort
0xd8 SetDefaultLocale
0xd9 SetDefaultUILanguage
0xda SetEaFile
0xdb SetEvent
0xdc SetEventBoostPriority
0xdd SetHighEventPair
0xde SetHighWaitLowEventPair
0xdf SetInformationDebugObject
0xe0 SetInformationFile
0xe1 SetInformationJobObject
0xe2 SetInformationKey
0xe3 SetInformationObject
0xe4 SetInformationProcess
0xe5 SetInformationThread
0xe6 SetInformationToken
0xe7 SetIntervalProfile
0xe8 SetIoCompletion
0xe9 SetLdtEntries
0xea SetLowEventPair
0xeb SetLowWaitHighEventPair
0xec SetQuotaInformationFile
0xed SetSecurityObject
0xee SetSystemEnvironmentValue
0xef SetSystemEnvironmentValueEx
0xf0 SetSystemInformation
0xf1 SetSystemPowerState
0xf2 SetSystemTime
0xf3 SetThreadExecutionState
0xf4 SetTimer
0xf5 SetTimerResolution
0xf6 SetUuidSeed
0xf7 SetValueKey
0xf8 SetVolumeInformationFile
0xf9 ShutdownSystem
0xfa SignalAndWaitForSingleObject
0xfb StartProfile
0xfc StopProfile
0xfd SuspendProcess
0xfe SuspendThread
0xff SystemDebugControl
0x100 TerminateJobObject
0x101 TerminateProcess
0x102 TerminateThread
0x103 TestAlert
0x104 TraceEvent
0x105 TranslateFilePath
0x106 UnloadDriver
0x107 UnloadKey
0x108 UnloadKeyEx
0x109 UnlockFile
0x10a UnlockVirtualMemory
0x10b UnmapViewOfSection
0x10c VdmControl
0x10d WaitForDebugEvent
0x10e WaitForMultipleObjects
0x10f WaitForSingleObject
0x110 WaitHighEventPair
0x111 WaitLowEventPair
0x112 WriteFile
0x113 WriteFileGather
0x114 WriteRequestData
0x115 WriteVirtualMemory
0x116 YieldExecution
0x117 CreateKeyedEvent
0x118 OpenKeyedEvent
0x119 ReleaseKeyedEvent
0x11a WaitForKeyedEvent
0x11b QueryPortInformationProcess

Windows 2003 sysenter 功能表
共295个
0x0 AcceptConnectPort
0x1 AccessCheck
0x2 AccessCheckAndAuditAlarm
0x3 AccessCheckByType
0x4 AccessCheckByTypeAndAuditAlarm
0x5 AccessCheckByTypeResultList
0x6 AccessCheckByTypeResultListAndAuditAlarm
0x7 AccessCheckByTypeResultListAndAuditAlarmByHandle
0x8 AddAtom
0x9 AddBootEntry
0xa AddDriverEntry
0xb AdjustGroupsToken
0xc AdjustPrivilegesToken
0xd AlertResumeThread
0xe AlertThread
0xf AllocateLocallyUniqueId
0x10 AllocateUserPhysicalPages
0x11 AllocateUuids
0x12 AllocateVirtualMemory
0x13 ApphelpCacheControl
0x14 AreMappedFilesTheSame
0x15 AssignProcessToJobObject
0x16 CallbackReturn
0x17 CancelDeviceWakeupRequest
0x18 CancelIoFile
0x19 CancelTimer
0x1a ClearEvent
0x1b Close
0x1c CloseObjectAuditAlarm
0x1d CompactKeys
0x1e CompareTokens
0x1f CompleteConnectPort
0x20 CompressKey
0x21 ConnectPort
0x22 Continue
0x23 CreateDebugObject
0x24 CreateDirectoryObject
0x25 CreateEvent
0x26 CreateEventPair
0x27 CreateFile
0x28 CreateIoCompletion
0x29 CreateJobObject
0x2a CreateJobSet
0x2b CreateKey
0x2c CreateMailslotFile
0x2d CreateMutant
0x2e CreateNamedPipeFile
0x2f CreatePagingFile
0x30 CreatePort
0x31 CreateProcess
0x32 CreateProcessEx
0x33 CreateProfile
0x34 CreateSection
0x35 CreateSemaphore
0x36 CreateSymbolicLinkObject
0x37 CreateThread
0x38 CreateTimer
0x39 CreateToken
0x3a CreateWaitablePort
0x3b DebugActiveProcess
0x3c DebugContinue
0x3d DelayExecution
0x3e DeleteAtom
0x3f DeleteBootEntry
0x40 DeleteDriverEntry
0x41 DeleteFile
0x42 DeleteKey
0x43 DeleteObjectAuditAlarm
0x44 DeleteValueKey
0x45 DeviceIoControlFile
0x46 DisplayString
0x47 DuplicateObject
0x48 DuplicateToken
0x49 EnumerateBootEntries
0x4a EnumerateDriverEntries
0x4b EnumerateKey
0x4c EnumerateSystemEnvironmentValuesEx
0x4d EnumerateValueKey
0x4e ExtendSection
0x4f FilterToken
0x50 FindAtom
0x51 FlushBuffersFile
0x52 FlushInstructionCache
0x53 FlushKey
0x54 FlushVirtualMemory
0x55 FlushWriteBuffer
0x56 FreeUserPhysicalPages
0x57 FreeVirtualMemory
0x58 FsControlFile
0x59 GetContextThread
0x5a GetDevicePowerState
0x5b GetPlugPlayEvent
0x5c GetWriteWatch
0x5d ImpersonateAnonymousToken
0x5e ImpersonateClientOfPort
0x5f ImpersonateThread
0x60 InitializeRegistry
0x61 InitiatePowerAction
0x62 IsProcessInJob
0x63 IsSystemResumeAutomatic
0x64 ListenPort
0x65 LoadDriver
0x66 LoadKey
0x67 LoadKey2
0x68 LoadKeyEx
0x69 LockFile
0x6a LockProductActivationKeys
0x6b LockRegistryKey
0x6c LockVirtualMemory
0x6d MakePermanentObject
0x6e MakeTemporaryObject
0x6f MapUserPhysicalPages
0x70 MapUserPhysicalPagesScatter
0x71 MapViewOfSection
0x72 ModifyBootEntry
0x73 ModifyDriverEntry
0x74 NotifyChangeDirectoryFile
0x75 NotifyChangeKey
0x76 NotifyChangeMultipleKeys
0x77 OpenDirectoryObject
0x78 OpenEvent
0x79 OpenEventPair
0x7a OpenFile
0x7b OpenIoCompletion
0x7c OpenJobObject
0x7d OpenKey
0x7e OpenMutant
0x7f OpenObjectAuditAlarm
0x80 OpenProcess
0x81 OpenProcessToken
0x82 OpenProcessTokenEx
0x83 OpenSection
0x84 OpenSemaphore
0x85 OpenSymbolicLinkObject
0x86 OpenThread
0x87 OpenThreadToken
0x88 OpenThreadTokenEx
0x89 OpenTimer
0x8a PlugPlayControl
0x8b PowerInformation
0x8c PrivilegeCheck
0x8d PrivilegeObjectAuditAlarm
0x8e PrivilegedServiceAuditAlarm
0x8f ProtectVirtualMemory
0x90 PulseEvent
0x91 QueryAttributesFile
0x92 QueryBootEntryOrder
0x93 QueryBootOptions
0x94 QueryDebugFilterState
0x95 QueryDefaultLocale
0x96 QueryDefaultUILanguage
0x97 QueryDirectoryFile
0x98 QueryDirectoryObject
0x99 QueryDriverEntryOrder
0x9a QueryEaFile
0x9b QueryEvent
0x9c QueryFullAttributesFile
0x9d QueryInformationAtom
0x9e QueryInformationFile
0x9f QueryInformationJobObject
0xa0 QueryInformationPort
0xa1 QueryInformationProcess
0xa2 QueryInformationThread
0xa3 QueryInformationToken
0xa4 QueryInstallUILanguage
0xa5 QueryIntervalProfile
0xa6 QueryIoCompletion
0xa7 QueryKey
0xa8 QueryMultipleValueKey
0xa9 QueryMutant
0xaa QueryObject
0xab QueryOpenSubKeys
0xac QueryOpenSubKeysEx
0xad QueryPerformanceCounter
0xae QueryQuotaInformationFile
0xaf QuerySection
0xb0 QuerySecurityObject
0xb1 QuerySemaphore
0xb2 QuerySymbolicLinkObject
0xb3 QuerySystemEnvironmentValue
0xb4 QuerySystemEnvironmentValueEx
0xb5 QuerySystemInformation
0xb6 QuerySystemTime
0xb7 QueryTimer
0xb8 QueryTimerResolution
0xb9 QueryValueKey
0xba QueryVirtualMemory
0xbb QueryVolumeInformationFile
0xbc QueueApcThread
0xbd RaiseException
0xbe RaiseHardError
0xbf ReadFile
0xc0 ReadFileScatter
0xc1 ReadRequestData
0xc2 ReadVirtualMemory
0xc3 RegisterThreadTerminatePort
0xc4 ReleaseMutant
0xc5 ReleaseSemaphore
0xc6 RemoveIoCompletion
0xc7 RemoveProcessDebug
0xc8 RenameKey
0xc9 ReplaceKey
0xca ReplyPort
0xcb ReplyWaitReceivePort
0xcc ReplyWaitReceivePortEx
0xcd ReplyWaitReplyPort
0xce RequestDeviceWakeup
0xcf RequestPort
0xd0 RequestWaitReplyPort
0xd1 RequestWakeupLatency
0xd2 ResetEvent
0xd3 ResetWriteWatch
0xd4 RestoreKey
0xd5 ResumeProcess
0xd6 ResumeThread
0xd7 SaveKey
0xd8 SaveKeyEx
0xd9 SaveMergedKeys
0xda SecureConnectPort
0xdb SetBootEntryOrder
0xdc SetBootOptions
0xdd SetContextThread
0xde SetDebugFilterState
0xdf SetDefaultHardErrorPort
0xe0 SetDefaultLocale
0xe1 SetDefaultUILanguage
0xe2 SetDriverEntryOrder
0xe3 SetEaFile
0xe4 SetEvent
0xe5 SetEventBoostPriority
0xe6 SetHighEventPair
0xe7 SetHighWaitLowEventPair
0xe8 SetInformationDebugObject
0xe9 SetInformationFile
0xea SetInformationJobObject
0xeb SetInformationKey
0xec SetInformationObject
0xed SetInformationProcess
0xee SetInformationThread
0xef SetInformationToken
0xf0 SetIntervalProfile
0xf1 SetIoCompletion
0xf2 SetLdtEntries
0xf3 SetLowEventPair
0xf4 SetLowWaitHighEventPair
0xf5 SetQuotaInformationFile
0xf6 SetSecurityObject
0xf7 SetSystemEnvironmentValue
0xf8 SetSystemEnvironmentValueEx
0xf9 SetSystemInformation
0xfa SetSystemPowerState
0xfb SetSystemTime
0xfc SetThreadExecutionState
0xfd SetTimer
0xfe SetTimerResolution
0xff SetUuidSeed
0x100 SetValueKey
0x101 SetVolumeInformationFile
0x102 ShutdownSystem
0x103 SignalAndWaitForSingleObject
0x104 StartProfile
0x105 StopProfile
0x106 SuspendProcess
0x107 SuspendThread
0x108 SystemDebugControl
0x109 TerminateJobObject
0x10a TerminateProcess
0x10b TerminateThread
0x10c TestAlert
0x10d TraceEvent
0x10e TranslateFilePath
0x10f UnloadDriver
0x110 UnloadKey
0x111 UnloadKey2
0x112 UnloadKeyEx
0x113 UnlockFile
0x114 UnlockVirtualMemory
0x115 UnmapViewOfSection
0x116 VdmControl
0x117 WaitForDebugEvent
0x118 WaitForMultipleObjects
0x119 WaitForSingleObject
0x11a WaitHighEventPair
0x11b WaitLowEventPair
0x11c WriteFile
0x11d WriteFileGather
0x11e WriteRequestData
0x11f WriteVirtualMemory
0x120 YieldExecution
0x121 CreateKeyedEvent
0x122 OpenKeyedEvent
0x123 ReleaseKeyedEvent
0x124 WaitForKeyedEvent
0x125 QueryPortInformationProcess
0x126 GetCurrentProcessorNumber

Windows NT int 2e 功能表
from Ralf Brown's interrupt lists
EAX = function number
EDX = address of parameter block

Values for Windows NT NTOS function number:
000h AcceptConnectPort (24 bytes of parameters)
001h AccessCheck (32 bytes of parameters)
002h AccessCheckAndAuditAlarm (44 bytes of parameters)
003h AddAtom (8 bytes of parameters)
004h AdjustGroupsToken (24 bytes of parameters)
005h AdjustPrivilegesToken (24 bytes of parameters)
006h AlertResumeThread (8 bytes of parameters)
007h AlertThread (4 bytes of parameters)
008h AllocateLocallyUniqueId (4 bytes of parameters)
009h AllocateUuids (12 bytes of parameters)
00Ah AllocateVirtualMemory (24 bytes of parameters)
00Bh CallbackReturn (12 bytes of parameters)
00Ch CancelIoFile (8 bytes of parameters)
00Dh CancelTimer (8 bytes of parameters)
00Eh ClearEvent (4 bytes of parameters)
00Fh Close (4 bytes of parameters)
010h CloseObjectAuditAlarm (12 bytes of parameters)
011h CompleteConnectPort (4 bytes of parameters)
012h ConnectPort (32 bytes of parameters)
013h Continue (8 bytes of parameters)
014h CreateDirectoryObject (12 bytes of parameters)
015h CreateEvent (20 bytes of parameters)
016h CreateEventPair (12 bytes of parameters)
017h CreateFile (44 bytes of parameters)
018h CreateIoCompletion (16 bytes of parameters)
019h CreateKey (28 bytes of parameters)
01Ah CreateMailslotFile (32 bytes of parameters)
01Bh CreateMutant (16 bytes of parameters)
01Ch CreateNamedPipeFile (56 bytes of parameters)
01Dh CreatePagingFile (16 bytes of parameters)
01Eh CreatePort (20 bytes of parameters)
01Fh CreateProcess (32 bytes of parameters)
020h CreateProfile (36 bytes of parameters)
021h CreateSection (28 bytes of parameters)
022h CreateSemaphore (20 bytes of parameters)
023h CreateSymbolicLinkObject (16 bytes of parameters)
024h CreateThread (32 bytes of parameters)
025h CreateTimer (16 bytes of parameters)
026h CreateToken (52 bytes of parameters)
027h DelayExecution (8 bytes of parameters)
028h DeleteAtom (4 bytes of parameters)
029h DeleteFile (4 bytes of parameters)
02Ah DeleteKey (4 bytes of parameters)
02Bh DeleteObjectAuditAlarm (12 bytes of parameters)
02Ch DeleteValueKey (8 bytes of parameters)
02Dh DeviceIoControlFile (40 bytes of parameters)
02Eh DisplayString (4 bytes of parameters)
02Fh DuplicateObject (28 bytes of parameters)
030h DuplicateToken (24 bytes of parameters)
031h EnumerateKey (24 bytes of parameters)
032h EnumerateValueKey (24 bytes of parameters)
033h ExtendSection (8 bytes of parameters)
034h FindAtom (8 bytes of parameters)
035h FlushBuffersFile (8 bytes of parameters)
036h FlushInstructionCache (12 bytes of parameters)
037h FlushKey (4 bytes of parameters)
038h FlushVirtualMemory (16 bytes of parameters)
039h FlushWriteBuffer (no parameters)
03Ah FreeVirtualMemory (16 bytes of parameters)
03Bh FsControlFile (40 bytes of parameters)
03Ch GetContextThread (8 bytes of parameters)
03Dh GetPlugPlayEvent (16 bytes of parameters)
03Eh GetTickCount (no parameters)
03Fh ImpersonateClientOfPort (8 bytes of parameters)
040h ImpersonateThread (12 bytes of parameters)
041h InitializeRegistry (4 bytes of parameters)
042h ListenPort (8 bytes of parameters)
043h LoadDriver (4 bytes of parameters)
044h LoadKey (8 bytes of parameters)
045h LoadKey2 (12 bytes of parameters)
046h LockFile (40 bytes of parameters)
047h LockVirtualMemory (16 bytes of parameters)
048h MakeTemporaryObject (4 bytes of parameters)
049h MapViewOfSection (40 bytes of parameters)
04Ah NotifyChangeDirectoryFile (36 bytes of parameters)
04Bh NotifyChangeKey (40 bytes of parameters)
04Ch OpenDirectoryObject (12 bytes of parameters)
04Dh OpenEvent (12 bytes of parameters)
04Eh OpenEventPair (12 bytes of parameters)
04Fh OpenFile (24 bytes of parameters)
050h OpenIoCompletion (12 bytes of parameters)
051h OpenKey (12 bytes of parameters)
052h OpenMutant (12 bytes of parameters)
053h OpenObjectAuditAlarm (48 bytes of parameters)
054h OpenProcess (16 bytes of parameters)
055h OpenProcessToken (12 bytes of parameters)
056h OpenSection (12 bytes of parameters)
057h OpenSemaphore (12 bytes of parameters)
058h OpenSymbolicLinkObject (12 bytes of parameters)
059h OpenThread (16 bytes of parameters)
05Ah OpenThreadToken (16 bytes of parameters)
05Bh OpenTimer (12 bytes of parameters)
05Ch PlugPlayControl (16 bytes of parameters)
05Dh PrivilegeCheck (12 bytes of parameters)
05Eh PrivilegedServiceAuditAlarm (20 bytes of parameters)
05Fh PrivilegeObjectAuditAlarm (24 bytes of parameters)
060h ProtectVirtualMemory (20 bytes of parameters)
061h PulseEvent (8 bytes of parameters)
062h QueryInformationAtom (20 bytes of parameters)
063h QueryAttributesFile (8 bytes of parameters)
064h QueryDefaultLocale (8 bytes of parameters)
065h QueryDirectoryFile (44 bytes of parameters)
066h QueryDirectoryObject (28 bytes of parameters)
067h QueryEaFile (36 bytes of parameters)
068h QueryEvent (20 bytes of parameters)
069h QueryFullAttributesFile (8 bytes of parameters)
06Ah QueryInformationFile (20 bytes of parameters)
06Bh QueryIoCompletion (20 bytes of parameters)
06Ch QueryInformationPort (20 bytes of parameters)
06Dh QueryInformationProcess (20 bytes of parameters)
06Eh QueryInformationThread (20 bytes of parameters)
06Fh QueryInformationToken (20 bytes of parameters)
070h QueryIntervalProfile (8 bytes of parameters)
071h QueryKey (20 bytes of parameters)
072h QueryMultipleValueKey (24 bytes of parameters)
073h QueryMutant (20 bytes of parameters)
074h QueryObject (20 bytes of parameters)
075h QueryOleDirectoryFile (44 bytes of parameters)
076h QueryPerformanceCounter (8 bytes of parameters)
077h QuerySection (20 bytes of parameters)
078h QuerySecurityObject (20 bytes of parameters)
079h QuerySemaphore (20 bytes of parameters)
07Ah QuerySymbolicLinkObject (12 bytes of parameters)
07Bh QuerySystemEnvironmentValue (16 bytes of parameters)
07Ch QuerySystemInformation (16 bytes of parameters)
07Dh QuerySystemTime (4 bytes of parameters)
07Eh QueryTimer (20 bytes of parameters)
07Fh QueryTimerResolution (12 bytes of parameters)
080h QueryValueKey (24 bytes of parameters)
081h QueryVirtualMemory (24 bytes of parameters)
082h QueryVolumeInformationFile (20 bytes of parameters)
083h QueueApcThread (20 bytes of parameters)
084h RaiseException (12 bytes of parameters)
085h RaiseHardError (24 bytes of parameters)
086h ReadFile (36 bytes of parameters)
087h ReadFileScatter (36 bytes of parameters)
088h ReadRequestData (24 bytes of parameters)
089h ReadVirtualMemory (20 bytes of parameters)
08Ah RegisterThreadTerminatePort (4 bytes of parameters)
08Bh ReleaseMutant (8 bytes of parameters)
08Ch ReleaseSemaphore (12 bytes of parameters)
08Dh RemoveIoCompletion (20 bytes of parameters)
08Eh ReplaceKey (12 bytes of parameters)
08Fh ReplyPort (8 bytes of parameters)
090h ReplyWaitReceivePort (16 bytes of parameters)
091h ReplyWaitReplyPort (8 bytes of parameters)
092h RequestPort (8 bytes of parameters)
093h RequestWaitReplyPort (12 bytes of parameters)
094h ResetEvent (8 bytes of parameters)
095h RestoreKey (12 bytes of parameters)
096h ResumeThread (8 bytes of parameters)
097h SaveKey (8 bytes of parameters)
098h SetIoCompletion (20 bytes of parameters)
099h SetContextThread (8 bytes of parameters)
09Ah SetDefaultHardErrorPort (4 bytes of parameters)
09Bh SetDefaultLocale (8 bytes of parameters)
09Ch SetEaFile (16 bytes of parameters)
09Dh SetEvent (8 bytes of parameters)
09Eh SetHighEventPair (4 bytes of parameters)
09Fh SetHighWaitLowEventPair (4 bytes of parameters)
0A0h ??? (??? bytes of parameters)
0A1h SetInformationFile (20 bytes of parameters)
0A2h SetInformationKey (16 bytes of parameters)
0A3h SetInformationObject (16 bytes of parameters)
0A4h SetInformationProcess (16 bytes of parameters)
0A5h SetInformationThread (16 bytes of parameters)
0A6h SetInformationToken (16 bytes of parameters)
0A7h SetIntervalProfile (8 bytes of parameters)
0A8h SetLdtEntries (24 bytes of parameters)
0A9h SetLowEventPair (4 bytes of parameters)
0AAh SetLowWaitHighEventPair (4 bytes of parameters)
0ABh ??? (??? bytes of parameters)
0ACh SetSecurityObject (12 bytes of parameters)
0ADh SetSystemEnvironmentValue (8 bytes of parameters)
0AEh SetSystemInformation (12 bytes of parameters)
0AFh SetSystemPowerState (12 bytes of parameters)
0B0h SetSystemTime (8 bytes of parameters)
0B1h SetTimer (28 bytes of parameters)
0B2h SetTimerResolution (12 bytes of parameters)
0B3h SetValueKey (24 bytes of parameters)
0B4h SetVolumeInformationFile (20 bytes of parameters)
0B5h ShutdownSystem (4 bytes of parameters)
0B6h SignalAndWaitForSingleObject (16 bytes of parameters)
0B7h StartProfile (4 bytes of parameters)
0B8h StopProfile (4 bytes of parameters)
0B9h SuspendThread (8 bytes of parameters)
0BAh SystemDebugControl (24 bytes of parameters)
0BBh TerminateProcess (8 bytes of parameters)
0BCh TerminateThread (8 bytes of parameters)
0BDh TestAlert (no parameters)
0BEh UnloadDriver (4 bytes of parameters)
0BFh UnloadKey (4 bytes of parameters)
0C0h UnlockFile (20 bytes of parameters)
0C1h UnlockVirtualMemory (16 bytes of parameters)
0C2h UnmapViewOfSection (8 bytes of parameters)
0C3h VdmControl (8 bytes of parameters)
0C4h WaitForMultipleObjects (20 bytes of parameters)
0C5h WaitForSingleObject (12 bytes of parameters)
0C6h WaitHighEventPair (4 bytes of parameters)
0C7h WaitLowEventPair (4 bytes of parameters)
0C8h WriteFile (36 bytes of parameters)
0C9h WriteFileGather (36 bytes of parameters)
0CAh WriteRequestData (24 bytes of parameters)
0CBh WriteVirtualMemory (20 bytes of parameters)
0CCh W32Call (20 bytes of parameters)
0CDh CreateChannel (8 bytes of parameters)
0CEh ListenChannel (8 bytes of parameters)
0CFh OpenChannel (8 bytes of parameters)
0D0h ReplyWaitSendChannel (12 bytes of parameters)
0D1h SendWaitReplyChannel (16 bytes of parameters)
0D2h SetContextChannel (4 bytes of parameters)
0D3h YieldExecution (no parameters)



 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·windows入侵提权-创建隐藏帐号(
· CC_STACKPROTECTOR防止内核stac
·Linux内核安全研究之Stack Overf
· Exploit The Linux Kernel NULL
·Kernel Locking 中文版
·IA32上Linux内核中断机制分析
·Award BIOS Rootkit,universal
·PHP代码审计
·N种内核注入DLL的思路及实现
·glibc 2.3.5 的一些新安全特性
·Struts2/XWork < 2.2.0 Remote C
·AIX 内核的文件操作流程
  相关文章
·在Win2000/XP上安静地替换正在使
·在Win2000/XP上安静地替换正在使
·路由器默认密码
·Linux内核的通用安全支持框架
·玩转freebsd内核模块
·Win2003安装后调整细节
·一个安全Web服务器的安装
·SQL SERVER 2000通讯管道后复用
·使用lilo, grub 和 NT OSLoader
·运行iis的最小ntfs权限
·三类 2000 系统进程 的总列表
·各种系统中密码文件的位置
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved