httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From TOKI...@aol.com
Subject Re: New Win32 apr_stat(), apr_lstat() performance
Date Mon, 13 Nov 2000 03:23:00 GMT

In a message dated 00-11-12 13:15:54 EST, William Rowe writes...

> Gathering the owner user and group SID, as well as the DACL (discressionary
> permissions, rather than system permissions, or SACL, which we are unlikely
> to have access to) for the owner, group and world:

  0000DCBA   324  RtlCopySecurityDescriptor
  0001C10A   422  RtlGetGroupSecurityDescriptor
  000217F0   424  RtlGetNtGlobalFlags
  0001C070   426  RtlGetOwnerSecurityDescriptor
  0001BFB4   428  RtlGetSaclSecurityDescriptor     <- SACL system permissions

> Stat'ed 2000, failed 0 requests
> using the GetFileInformationByHandle 
> BACKUP_SEMANTICS OPEN_NO_RECALL method
> with additional query to GetFileType and GetSecurityInfo
>                      16523 ms (kernal)
> +                   15502 ms (user)
> =                   32026 ms total cpu time

William...

If you really want the best file/directory/security/user/group
info under Win32/64 ( inlcuding best DACL/SACL ) and you 
want the best performance possible then forget the Win32/64 
ring 3 API calls. They are always going to be dogs. You have 
to get 'underneath' the Win32/64 API to really rock and roll.

Just about all of the Win32 API calls ( Even for Win95 ) are
simply 'calling down' to the lower rings using 'low level
native kernel API calls' and you can save a lot of time by
just calling these puppies directly.

* Low Level native kernel API calls

The native API routines are the equivalent of UNIX
system calls and VMS system services.

They are also referred to as 'native system service calls'.

Mostly undocumented but the heart of Win32/64.

About 10 percent of the Native API calls are, however,
completely and fully documented in the Windows DDK SDKs
since they are usually meant to be used from device drivers
which really need the SPEED and can stay at ring 0.

For the calls that ARE documented the prototypes, parameters 
and structures needed are found in ntddk.h.

The native kernel API is present to some degree in every Win32
version of Windows. The calls that are 'public' are all
contained inside NTDLL.DLL.

Most of these calls are the exact same ones that can
be found under OS/2 since they were part of the code
base before the Microsoft/IBM divorce which created
the 2 coding threads known as OS/2 and NT.

The native API calls are the ones that start with...

Nt...... <- Lower level than Win32 API
Rtl..... <- Lower level than Nt.......
Zw...... <- Generally same as Nt.... but skips preamble code.

* Some useful Native API calls for Apache??....

  Interesting Nt..... calls

  File/directory/security info...

  00007A0C   131  NtNotifyChangeDirectoryFile

  0000795C   119  NtImpersonateClientOfPort
  0000796C   120  NtImpersonateThread

  00007A2C   134  NtOpenDirectoryObject
  00007B3C   151  NtPrivilegeCheck

  00007B9C   156  NtQueryAttributesFile
  00007BAC   157  NtQueryDefaultLocale
  00007BBC   158  NtQueryDirectoryFile
  00007BCC   159  NtQueryDirectoryObject
  00007BDC   160  NtQueryEaFile
  00007BEC   161  NtQueryEvent
  00007BFC   162  NtQueryFullAttributesFile

  00007C0C   164  NtQueryInformationFile

  00007CEC   178  NtQuerySecurityObject
  00007D0C   180  NtQuerySymbolicLinkObject


  Interesting Rtl..... calls

  Security info...

  0000DCBA   324  RtlCopySecurityDescriptor
  0001C10A   422  RtlGetGroupSecurityDescriptor
  000217F0   424  RtlGetNtGlobalFlags
  0001C070   426  RtlGetOwnerSecurityDescriptor
  0001BFB4   428  RtlGetSaclSecurityDescriptor


  Interesting Zw.... low level calls

  ( Usually the same as equivalent Nt.... calls but skips )
  ( preamble code and can be faster if already in kernel mode ).

  UNIX style security checks...

  00007584   611  ZwAccessCheck
  00007594   612  ZwAccessCheckAndAuditAlarm
  0000795C   674  ZwImpersonateClientOfPort
  0000796C   675  ZwImpersonateThread
  00007B3C   706  ZwPrivilegeCheck
  00007B5C   707  ZwPrivilegeObjectAuditAlarm
  00007B4C   708  ZwPrivilegedServiceAuditAlarm

  Very low level ( and very fast ) File 'stat' calls...

  00007B9C   711  ZwQueryAttributesFile
  00007BAC   712  ZwQueryDefaultLocale
  00007BBC   713  ZwQueryDirectoryFile
  00007BCC   714  ZwQueryDirectoryObject
  00007BDC   715  ZwQueryEaFile
  00007BEC   716  ZwQueryEvent
  00007BFC   717  ZwQueryFullAttributesFile

* Other handy things...

* Terminating threads/processes safely from other threads

  00008104   803  ZwTerminateProcess
  00008114   804  ZwTerminateThread

Some time back there was a discussion about 'TerminateThread()'
and how it is (supposedly) unsafe to use that API call it because
the thread's initial stack is left allocated.

ZwTerminateThread is the puppy that any thread can call to
terminate another thread and still be able to 'clean up'.
Unlike the high-level Win32 API call(s) like TerminateThread(),
ZwTerminateThread can be used in conjunction with ZwFreeVirtualMemory
and the initial thread stack can be explicitly de-allocated after
the thread has been terminated and the thread object becomes 'signalled'.

Yours...
Kevin Kiley
CTO, Remote Communications, Inc.

Public symbol Dump of file NTDLL.DLL

File Header
  Machine:                      014C (i386)
  Number of Sections:           0007
  TimeDateStamp:                334EA15A
  PointerToSymbolTable:         00000000
  NumberOfSymbols:              00001A76
  SizeOfOptionalHeader:         00E0
  Characteristics:              2302
    EXECUTABLE_IMAGE
    32BIT_MACHINE
    DEBUG_STRIPPED
    DLL

Optional Header
  Magic                         010B
  linker version                3.10
  size of code                  38600
  size of initialized data      1E400
  size of uninitialized data    0
  entrypoint RVA                0
  base of code                  1000
  base of data                  3B000
  image base                    77F60000
  section align                 1000
  file align                    200
  required OS version           4.00
  image version                 4.00
  subsystem version             4.00
  Reserved1                     0
  size of image                 5C000
  size of headers               400
  checksum                      59B4D
  Subsystem                     0003 (Windows character)
  stack reserve size            100000
  stack commit size             1000
  heap reserve size             100000
  heap commit size              1000
  RVAs & sizes                  10

[snip]

exports table:

  Name:            ntdll.dll
  Characteristics: 00000000
  TimeDateStamp:   334E8EAA
  Version:         0.00
  Ordinal base:    00000001
  # of functions:  0000041B
  # of Names:      0000041B

  Entry Pt  Ordn  Name
  000149C0     1  ?Allocate@CBufferAllocator@@UAEPAXK@Z
  0001477E     2  PropertyLengthAsVariant
  000157AA     3  RtlCompareVariants
  00013B48     4  RtlConvertPropertyToVariant
  00013292     5  RtlConvertVariantToProperty
  0000908E     6  CsrAllocateCaptureBuffer
  00009186     7  CsrAllocateCapturePointer
  0000913C     8  CsrAllocateMessagePointer
  000091B2     9  CsrCaptureMessageBuffer
  000091E4    10  CsrCaptureMessageString
  0000925A    11  CsrCaptureTimeout
  00008F0E    12  CsrClientCallServer
  000089CE    13  CsrClientConnectToServer
  00009128    14  CsrFreeCaptureBuffer
  00008E9E    15  CsrIdentifyAlertableThread
  00008E92    16  CsrNewThread
  000092D0    17  CsrProbeForRead
  0000928A    18  CsrProbeForWrite
  00008ED2    19  CsrSetPriorityClass
  00016148    20  DbgBreakPoint
  00016158    21  DbgPrint
  000161E8    22  DbgPrompt
  000095F4    23  DbgSsHandleKmApiMsg
  000095AC    24  DbgSsInitialize
  000098B0    25  DbgUiConnectToDbg
  000099EA    26  DbgUiContinue
  0000996C    27  DbgUiWaitStateChange
  0001614C    28  DbgUserBreakPoint
  000162A4    29  KiRaiseUserExceptionDispatcher
  0001622C    30  KiUserApcDispatcher
  0001623C    31  KiUserCallbackDispatcher
  00016258    32  KiUserExceptionDispatcher
  000162E4    33  LdrAccessResource
  00001C48    34  LdrDisableThreadCalloutsForDll
  0001698E    35  LdrEnumResources
  00016418    36  LdrFindEntryForAddress
  0001648E    37  LdrFindResourceDirectory_U
  00016472    38  LdrFindResource_U
  00003A6E    39  LdrGetDllHandle
  0000BA50    40  LdrGetProcedureAddress
  00007564    41  LdrInitializeThunk
  00003A0E    42  LdrLoadDll
  00016C54    43  LdrProcessRelocationBlock
  00009E5C    44  LdrQueryImageFileExecutionOptions
  0000BEA6    45  LdrQueryProcessModuleInformation
  00009B57    46  LdrShutdownProcess
  00009CBA    47  LdrShutdownThread
  0000B5BC    48  LdrUnloadDll
  0000BD20    49  LdrVerifyImageMatchesChecksum
  00036558    50  NPXEMULATORTABLE
  00046180    51  NlsAnsiCodePage
  00043844    52  NlsMbCodePageTag
  0004384C    53  NlsMbOemCodePageTag
  00007574    54  NtAcceptConnectPort
  00007584    55  NtAccessCheck
  00007594    56  NtAccessCheckAndAuditAlarm
  000075A4    57  NtAddAtom
  000075B4    58  NtAdjustGroupsToken
  000075C4    59  NtAdjustPrivilegesToken
  000075D4    60  NtAlertResumeThread
  000075E4    61  NtAlertThread
  000075F4    62  NtAllocateLocallyUniqueId
  00007604    63  NtAllocateUuids
  00007614    64  NtAllocateVirtualMemory
  00007624    65  NtCallbackReturn
  00007634    66  NtCancelIoFile
  00007644    67  NtCancelTimer
  00007654    68  NtClearEvent
  00007664    69  NtClose
  00007674    70  NtCloseObjectAuditAlarm
  00007684    71  NtCompleteConnectPort
  00007694    72  NtConnectPort
  000076A4    73  NtContinue
  00008220    74  NtCreateChannel
  000076B4    75  NtCreateDirectoryObject
  000076C4    76  NtCreateEvent
  000076D4    77  NtCreateEventPair
  000076E4    78  NtCreateFile
  000076F4    79  NtCreateIoCompletion
  00007704    80  NtCreateKey
  00007714    81  NtCreateMailslotFile
  00007724    82  NtCreateMutant
  00007734    83  NtCreateNamedPipeFile
  00007744    84  NtCreatePagingFile
  00007754    85  NtCreatePort
  00007764    86  NtCreateProcess
  00007774    87  NtCreateProfile
  00007784    88  NtCreateSection
  00007794    89  NtCreateSemaphore
  000077A4    90  NtCreateSymbolicLinkObject
  000077B4    91  NtCreateThread
  000077C4    92  NtCreateTimer
  000077D4    93  NtCreateToken
  0001927C    94  NtCurrentTeb
  000077E4    95  NtDelayExecution
  000077F4    96  NtDeleteAtom
  00007804    97  NtDeleteFile
  00007814    98  NtDeleteKey
  00007824    99  NtDeleteObjectAuditAlarm
  00007834   100  NtDeleteValueKey
  00007844   101  NtDeviceIoControlFile
  00007854   102  NtDisplayString
  00007864   103  NtDuplicateObject
  00007874   104  NtDuplicateToken
  00007884   105  NtEnumerateKey
  00007894   106  NtEnumerateValueKey
  000078A4   107  NtExtendSection
  000078B4   108  NtFindAtom
  000078C4   109  NtFlushBuffersFile
  000078D4   110  NtFlushInstructionCache
  000078E4   111  NtFlushKey
  000078F4   112  NtFlushVirtualMemory
  00007904   113  NtFlushWriteBuffer
  00007910   114  NtFreeVirtualMemory
  00007920   115  NtFsControlFile
  00007930   116  NtGetContextThread
  00007940   117  NtGetPlugPlayEvent
  00007950   118  NtGetTickCount
  0000795C   119  NtImpersonateClientOfPort
  0000796C   120  NtImpersonateThread
  0000797C   121  NtInitializeRegistry
  00008230   122  NtListenChannel
  0000798C   123  NtListenPort
  0000799C   124  NtLoadDriver
  000079BC   125  NtLoadKey2
  000079AC   126  NtLoadKey
  000079CC   127  NtLockFile
  000079DC   128  NtLockVirtualMemory
  000079EC   129  NtMakeTemporaryObject
  000079FC   130  NtMapViewOfSection
  00007A0C   131  NtNotifyChangeDirectoryFile
  00007A1C   132  NtNotifyChangeKey
  00008240   133  NtOpenChannel
  00007A2C   134  NtOpenDirectoryObject
  00007A3C   135  NtOpenEvent
  00007A4C   136  NtOpenEventPair
  00007A5C   137  NtOpenFile
  00007A6C   138  NtOpenIoCompletion
  00007A7C   139  NtOpenKey
  00007A8C   140  NtOpenMutant
  00007A9C   141  NtOpenObjectAuditAlarm
  00007AAC   142  NtOpenProcess
  00007ABC   143  NtOpenProcessToken
  00007ACC   144  NtOpenSection
  00007ADC   145  NtOpenSemaphore
  00007AEC   146  NtOpenSymbolicLinkObject
  00007AFC   147  NtOpenThread
  00007B0C   148  NtOpenThreadToken
  00007B1C   149  NtOpenTimer
  00007B2C   150  NtPlugPlayControl
  00007B3C   151  NtPrivilegeCheck
  00007B5C   152  NtPrivilegeObjectAuditAlarm
  00007B4C   153  NtPrivilegedServiceAuditAlarm
  00007B6C   154  NtProtectVirtualMemory
  00007B7C   155  NtPulseEvent
  00007B9C   156  NtQueryAttributesFile
  00007BAC   157  NtQueryDefaultLocale
  00007BBC   158  NtQueryDirectoryFile
  00007BCC   159  NtQueryDirectoryObject
  00007BDC   160  NtQueryEaFile
  00007BEC   161  NtQueryEvent
  00007BFC   162  NtQueryFullAttributesFile
  00007B8C   163  NtQueryInformationAtom
  00007C0C   164  NtQueryInformationFile
  00007C2C   165  NtQueryInformationPort
  00007C3C   166  NtQueryInformationProcess
  00007C4C   167  NtQueryInformationThread
  00007C5C   168  NtQueryInformationToken
  00007C6C   169  NtQueryIntervalProfile
  00007C1C   170  NtQueryIoCompletion
  00007C7C   171  NtQueryKey
  00007C8C   172  NtQueryMultipleValueKey
  00007C9C   173  NtQueryMutant
  00007CAC   174  NtQueryObject
  00007CBC   175  NtQueryOleDirectoryFile
  00007CCC   176  NtQueryPerformanceCounter
  00007CDC   177  NtQuerySection
  00007CEC   178  NtQuerySecurityObject
  00007CFC   179  NtQuerySemaphore
  00007D0C   180  NtQuerySymbolicLinkObject
  00007D1C   181  NtQuerySystemEnvironmentValue
  00007D2C   182  NtQuerySystemInformation
  00007D3C   183  NtQuerySystemTime
  00007D4C   184  NtQueryTimer
  00007D5C   185  NtQueryTimerResolution
  00007D6C   186  NtQueryValueKey
  00007D7C   187  NtQueryVirtualMemory
  00007D8C   188  NtQueryVolumeInformationFile
  00007D9C   189  NtQueueApcThread
  00007DAC   190  NtRaiseException
  00007DBC   191  NtRaiseHardError
  00007DCC   192  NtReadFile
  00007DDC   193  NtReadFileScatter
  00007DEC   194  NtReadRequestData
  00007DFC   195  NtReadVirtualMemory
  00007E0C   196  NtRegisterThreadTerminatePort
  00007E1C   197  NtReleaseMutant
  00007E2C   198  NtReleaseSemaphore
  00007E3C   199  NtRemoveIoCompletion
  00007E4C   200  NtReplaceKey
  00007E5C   201  NtReplyPort
  00007E6C   202  NtReplyWaitReceivePort
  00007E7C   203  NtReplyWaitReplyPort
  00008250   204  NtReplyWaitSendChannel
  00007E8C   205  NtRequestPort
  00007E9C   206  NtRequestWaitReplyPort
  00007EAC   207  NtResetEvent
  00007EBC   208  NtRestoreKey
  00007ECC   209  NtResumeThread
  00007EDC   210  NtSaveKey
  00008260   211  NtSendWaitReplyChannel
  00008270   212  NtSetContextChannel
  00007EFC   213  NtSetContextThread
  00007F0C   214  NtSetDefaultHardErrorPort
  00007F1C   215  NtSetDefaultLocale
  00007F2C   216  NtSetEaFile
  00007F3C   217  NtSetEvent
  00007F4C   218  NtSetHighEventPair
  00007F5C   219  NtSetHighWaitLowEventPair
  00007F6C   220  NtSetHighWaitLowThread
  00007F70   221  NtSetInformationFile
  00007F80   222  NtSetInformationKey
  00007F90   223  NtSetInformationObject
  00007FA0   224  NtSetInformationProcess
  00007FB0   225  NtSetInformationThread
  00007FC0   226  NtSetInformationToken
  00007FD0   227  NtSetIntervalProfile
  00007EEC   228  NtSetIoCompletion
  00007FE0   229  NtSetLdtEntries
  00007FF0   230  NtSetLowEventPair
  00008000   231  NtSetLowWaitHighEventPair
  00008010   232  NtSetLowWaitHighThread
  00008014   233  NtSetSecurityObject
  00008024   234  NtSetSystemEnvironmentValue
  00008034   235  NtSetSystemInformation
  00008044   236  NtSetSystemPowerState
  00008054   237  NtSetSystemTime
  00008064   238  NtSetTimer
  00008074   239  NtSetTimerResolution
  00008084   240  NtSetValueKey
  00008094   241  NtSetVolumeInformationFile
  000080A4   242  NtShutdownSystem
  000080B4   243  NtSignalAndWaitForSingleObject
  000080C4   244  NtStartProfile
  000080D4   245  NtStopProfile
  000080E4   246  NtSuspendThread
  000080F4   247  NtSystemDebugControl
  00008104   248  NtTerminateProcess
  00008114   249  NtTerminateThread
  00008124   250  NtTestAlert
  00008130   251  NtUnloadDriver
  00008140   252  NtUnloadKey
  00008150   253  NtUnlockFile
  00008160   254  NtUnlockVirtualMemory
  00008170   255  NtUnmapViewOfSection
  00008180   256  NtVdmControl
  00008210   257  NtW32Call
  00008190   258  NtWaitForMultipleObjects
  000081A0   259  NtWaitForSingleObject
  000081B0   260  NtWaitHighEventPair
  000081C0   261  NtWaitLowEventPair
  000081D0   262  NtWriteFile
  000081E0   263  NtWriteFileGather
  000081F0   264  NtWriteRequestData
  00008200   265  NtWriteVirtualMemory
  00008280   266  NtYieldExecution

[snip]
  
 00027E86   415  RtlGetCallersAddress
  00024854   416  RtlGetCompressionWorkSpaceSize
  0001BE5A   417  RtlGetControlSecurityDescriptor
  0000840E   418  RtlGetCurrentDirectory_U
  0001BEE6   419  RtlGetDaclSecurityDescriptor
  00026E80   420  RtlGetElementGenericTable
  000085D6   421  RtlGetFullPathName_U
  0001C10A   422  RtlGetGroupSecurityDescriptor
  0000839C   423  RtlGetLongestNtPathLength
  000217F0   424  RtlGetNtGlobalFlags
  00028346   425  RtlGetNtProductType
  0001C070   426  RtlGetOwnerSecurityDescriptor
  00021E56   427  RtlGetProcessHeaps
  0001BFB4   428  RtlGetSaclSecurityDescriptor
  000231BA   429  RtlGetUserInfoHeap
  00015E0A   430  RtlGuidToPropertySetName
  0001B880   431  RtlIdentifierAuthoritySid
  000285D0   432  RtlImageDirectoryEntryToData
  000284E6   433  RtlImageNtHeader
  00028630   434  RtlImageRvaToSection
  00028670   435  RtlImageRvaToVa
  0001C1C8   436  RtlImpersonateSelf
  000286F0   437  RtlInitAnsiString
  00001F3E   438  RtlInitCodePageTable
  00001F14   439  RtlInitNlsTables
  000286C4   440  RtlInitString
  0002871C   441  RtlInitUnicodeString
  0001AA52   442  RtlInitializeAtomPackage
  0001FCF0   443  RtlInitializeBitMap
  0002874C   444  RtlInitializeContext
  00002014   445  RtlInitializeCriticalSection
  0000C93C   446  RtlInitializeCriticalSectionAndSpinCount
  00026C0E   447  RtlInitializeGenericTable
  0001CB8A   448  RtlInitializeHandleTable
  00019672   449  RtlInitializeRXact
  0000C1E2   450  RtlInitializeResource
  0001B832   451  RtlInitializeSid
  00026C46   452  RtlInsertElementGenericTable
  000207AC   453  RtlIntegerToChar
  00020C26   454  RtlIntegerToUnicodeString
  000084EE   455  RtlIsDosDeviceName_U
  00026E72   456  RtlIsGenericTableEmpty
  00027D20   457  RtlIsNameLegalDOS8Dot3
  0001F574   458  RtlIsTextUnicode
  0001CD86   459  RtlIsValidHandle
  0001CDB0   460  RtlIsValidIndexHandle
  00034294   461  RtlLargeIntegerAdd
  00034474   462  RtlLargeIntegerArithmeticShift
  00028946   463  RtlLargeIntegerDivide
  000344A0   464  RtlLargeIntegerNegate
  00034424   465  RtlLargeIntegerShiftLeft
  0003444C   466  RtlLargeIntegerShiftRight
  000344B4   467  RtlLargeIntegerSubtract
  00020C76   468  RtlLargeIntegerToChar
  000074E0   469  RtlLeaveCriticalSection
  0001B766   470  RtlLengthRequiredSid
  0001BD62   471  RtlLengthSecurityDescriptor
  0001B8A2   472  RtlLengthSid
  000267D4   473  RtlLocalTimeToSystemTime
  00005106   474  RtlLockHeap
  0001B000   475  RtlLookupAtomInAtomTable
  00026DE8   476  RtlLookupElementGenericTable
  00019F7C   477  RtlMakeSelfRelativeSD
  0001C178   478  RtlMapGenericMask
  00034250   479  RtlMoveMemory
  00006924   480  RtlMultiByteToUnicodeN
  00017168   481  RtlMultiByteToUnicodeSize
  0000DB00   482  RtlNewInstanceSecurityObject
  0000DB70   483  RtlNewSecurityGrantedAccess
  0000CD9A   484  RtlNewSecurityObject
  00001E8C   485  RtlNormalizeProcessParams
  00028A02   486  RtlNtStatusToDosError
  00026F08   487  RtlNumberGenericTableElements
  000205B4   488  RtlNumberOfClearBits
  000205F2   489  RtlNumberOfSetBits
  0001EF9E   490  RtlOemStringToUnicodeSize
  00006EE8   491  RtlOemStringToUnicodeString
  00006FA2   492  RtlOemToUnicodeN
  00014C04   493  RtlOnMappedStreamEvent
  000218DE   494  RtlOpenCurrentUser
  00028BCC   495  RtlPcToFileHeader
  0001B21A   496  RtlPinAtomInAtomTable
  0001FB68   497  RtlPrefixString
  0001F23C   498  RtlPrefixUnicodeString
  00015F88   499  RtlPropertySetNameToGuid
  00024747   500  RtlProtectHeap
  0001B2E0   501  RtlQueryAtomInAtomTable
  00024BD8   502  RtlQueryEnvironmentVariable_U
  0001A2AE   503  RtlQueryInformationAcl
  0000EFF4   504  RtlQueryProcessBackTraceInformation
  0000EE00   505  RtlQueryProcessDebugInformation
  0000F1F8   506  RtlQueryProcessHeapInformation
  0000F822   507  RtlQueryProcessLockInformation
  0001509A   508  RtlQueryProperties
  00015510   509  RtlQueryPropertyNames
  000156B4   510  RtlQueryPropertySet
  0002121E   511  RtlQueryRegistryValues
  0000D8D6   512  RtlQuerySecurityObject

[snip]

  00007574   610  ZwAcceptConnectPort
  00007584   611  ZwAccessCheck
  00007594   612  ZwAccessCheckAndAuditAlarm
  000075A4   613  ZwAddAtom
  000075B4   614  ZwAdjustGroupsToken
  000075C4   615  ZwAdjustPrivilegesToken
  000075D4   616  ZwAlertResumeThread
  000075E4   617  ZwAlertThread
  000075F4   618  ZwAllocateLocallyUniqueId
  00007604   619  ZwAllocateUuids
  00007614   620  ZwAllocateVirtualMemory
  00007624   621  ZwCallbackReturn
  00007634   622  ZwCancelIoFile
  00007644   623  ZwCancelTimer
  00007654   624  ZwClearEvent
  00007664   625  ZwClose
  00007674   626  ZwCloseObjectAuditAlarm
  00007684   627  ZwCompleteConnectPort
  00007694   628  ZwConnectPort
  000076A4   629  ZwContinue
  00008220   630  ZwCreateChannel
  000076B4   631  ZwCreateDirectoryObject
  000076C4   632  ZwCreateEvent
  000076D4   633  ZwCreateEventPair
  000076E4   634  ZwCreateFile
  000076F4   635  ZwCreateIoCompletion
  00007704   636  ZwCreateKey
  00007714   637  ZwCreateMailslotFile
  00007724   638  ZwCreateMutant
  00007734   639  ZwCreateNamedPipeFile
  00007744   640  ZwCreatePagingFile
  00007754   641  ZwCreatePort
  00007764   642  ZwCreateProcess
  00007774   643  ZwCreateProfile
  00007784   644  ZwCreateSection
  00007794   645  ZwCreateSemaphore
  000077A4   646  ZwCreateSymbolicLinkObject
  000077B4   647  ZwCreateThread
  000077C4   648  ZwCreateTimer
  000077D4   649  ZwCreateToken
  000077E4   650  ZwDelayExecution
  000077F4   651  ZwDeleteAtom
  00007804   652  ZwDeleteFile
  00007814   653  ZwDeleteKey
  00007824   654  ZwDeleteObjectAuditAlarm
  00007834   655  ZwDeleteValueKey
  00007844   656  ZwDeviceIoControlFile
  00007854   657  ZwDisplayString
  00007864   658  ZwDuplicateObject
  00007874   659  ZwDuplicateToken
  00007884   660  ZwEnumerateKey
  00007894   661  ZwEnumerateValueKey
  000078A4   662  ZwExtendSection
  000078B4   663  ZwFindAtom
  000078C4   664  ZwFlushBuffersFile
  000078D4   665  ZwFlushInstructionCache
  000078E4   666  ZwFlushKey
  000078F4   667  ZwFlushVirtualMemory
  00007904   668  ZwFlushWriteBuffer
  00007910   669  ZwFreeVirtualMemory
  00007920   670  ZwFsControlFile
  00007930   671  ZwGetContextThread
  00007940   672  ZwGetPlugPlayEvent
  00007950   673  ZwGetTickCount
  0000795C   674  ZwImpersonateClientOfPort
  0000796C   675  ZwImpersonateThread
  0000797C   676  ZwInitializeRegistry
  00008230   677  ZwListenChannel
  0000798C   678  ZwListenPort
  0000799C   679  ZwLoadDriver
  000079BC   680  ZwLoadKey2
  000079AC   681  ZwLoadKey
  000079CC   682  ZwLockFile
  000079DC   683  ZwLockVirtualMemory
  000079EC   684  ZwMakeTemporaryObject
  000079FC   685  ZwMapViewOfSection
  00007A0C   686  ZwNotifyChangeDirectoryFile
  00007A1C   687  ZwNotifyChangeKey
  00008240   688  ZwOpenChannel
  00007A2C   689  ZwOpenDirectoryObject
  00007A3C   690  ZwOpenEvent
  00007A4C   691  ZwOpenEventPair
  00007A5C   692  ZwOpenFile
  00007A6C   693  ZwOpenIoCompletion
  00007A7C   694  ZwOpenKey
  00007A8C   695  ZwOpenMutant
  00007A9C   696  ZwOpenObjectAuditAlarm
  00007AAC   697  ZwOpenProcess
  00007ABC   698  ZwOpenProcessToken
  00007ACC   699  ZwOpenSection
  00007ADC   700  ZwOpenSemaphore
  00007AEC   701  ZwOpenSymbolicLinkObject
  00007AFC   702  ZwOpenThread
  00007B0C   703  ZwOpenThreadToken
  00007B1C   704  ZwOpenTimer
  00007B2C   705  ZwPlugPlayControl
  00007B3C   706  ZwPrivilegeCheck
  00007B5C   707  ZwPrivilegeObjectAuditAlarm
  00007B4C   708  ZwPrivilegedServiceAuditAlarm
  00007B6C   709  ZwProtectVirtualMemory
  00007B7C   710  ZwPulseEvent
  00007B9C   711  ZwQueryAttributesFile
  00007BAC   712  ZwQueryDefaultLocale
  00007BBC   713  ZwQueryDirectoryFile
  00007BCC   714  ZwQueryDirectoryObject
  00007BDC   715  ZwQueryEaFile
  00007BEC   716  ZwQueryEvent
  00007BFC   717  ZwQueryFullAttributesFile
  00007B8C   718  ZwQueryInformationAtom
  00007C0C   719  ZwQueryInformationFile
  00007C2C   720  ZwQueryInformationPort
  00007C3C   721  ZwQueryInformationProcess
  00007C4C   722  ZwQueryInformationThread
  00007C5C   723  ZwQueryInformationToken
  00007C6C   724  ZwQueryIntervalProfile
  00007C1C   725  ZwQueryIoCompletion
  00007C7C   726  ZwQueryKey
  00007C8C   727  ZwQueryMultipleValueKey
  00007C9C   728  ZwQueryMutant
  00007CAC   729  ZwQueryObject
  00007CBC   730  ZwQueryOleDirectoryFile
  00007CCC   731  ZwQueryPerformanceCounter
  00007CDC   732  ZwQuerySection
  00007CEC   733  ZwQuerySecurityObject
  00007CFC   734  ZwQuerySemaphore
  00007D0C   735  ZwQuerySymbolicLinkObject
  00007D1C   736  ZwQuerySystemEnvironmentValue
  00007D2C   737  ZwQuerySystemInformation
  00007D3C   738  ZwQuerySystemTime
  00007D4C   739  ZwQueryTimer
  00007D5C   740  ZwQueryTimerResolution
  00007D6C   741  ZwQueryValueKey
  00007D7C   742  ZwQueryVirtualMemory
  00007D8C   743  ZwQueryVolumeInformationFile
  00007D9C   744  ZwQueueApcThread
  00007DAC   745  ZwRaiseException
  00007DBC   746  ZwRaiseHardError
  00007DCC   747  ZwReadFile
  00007DDC   748  ZwReadFileScatter
  00007DEC   749  ZwReadRequestData
  00007DFC   750  ZwReadVirtualMemory
  00007E0C   751  ZwRegisterThreadTerminatePort
  00007E1C   752  ZwReleaseMutant
  00007E2C   753  ZwReleaseSemaphore
  00007E3C   754  ZwRemoveIoCompletion
  00007E4C   755  ZwReplaceKey
  00007E5C   756  ZwReplyPort
  00007E6C   757  ZwReplyWaitReceivePort
  00007E7C   758  ZwReplyWaitReplyPort
  00008250   759  ZwReplyWaitSendChannel
  00007E8C   760  ZwRequestPort
  00007E9C   761  ZwRequestWaitReplyPort
  00007EAC   762  ZwResetEvent
  00007EBC   763  ZwRestoreKey
  00007ECC   764  ZwResumeThread
  00007EDC   765  ZwSaveKey
  00008260   766  ZwSendWaitReplyChannel
  00008270   767  ZwSetContextChannel
  00007EFC   768  ZwSetContextThread
  00007F0C   769  ZwSetDefaultHardErrorPort
  00007F1C   770  ZwSetDefaultLocale
  00007F2C   771  ZwSetEaFile
  00007F3C   772  ZwSetEvent
  00007F4C   773  ZwSetHighEventPair
  00007F5C   774  ZwSetHighWaitLowEventPair
  00007F6C   775  ZwSetHighWaitLowThread
  00007F70   776  ZwSetInformationFile
  00007F80   777  ZwSetInformationKey
  00007F90   778  ZwSetInformationObject
  00007FA0   779  ZwSetInformationProcess
  00007FB0   780  ZwSetInformationThread
  00007FC0   781  ZwSetInformationToken
  00007FD0   782  ZwSetIntervalProfile
  00007EEC   783  ZwSetIoCompletion
  00007FE0   784  ZwSetLdtEntries
  00007FF0   785  ZwSetLowEventPair
  00008000   786  ZwSetLowWaitHighEventPair
  00008010   787  ZwSetLowWaitHighThread
  00008014   788  ZwSetSecurityObject
  00008024   789  ZwSetSystemEnvironmentValue
  00008034   790  ZwSetSystemInformation
  00008044   791  ZwSetSystemPowerState
  00008054   792  ZwSetSystemTime
  00008064   793  ZwSetTimer
  00008074   794  ZwSetTimerResolution
  00008084   795  ZwSetValueKey
  00008094   796  ZwSetVolumeInformationFile
  000080A4   797  ZwShutdownSystem
  000080B4   798  ZwSignalAndWaitForSingleObject
  000080C4   799  ZwStartProfile
  000080D4   800  ZwStopProfile
  000080E4   801  ZwSuspendThread
  000080F4   802  ZwSystemDebugControl
  00008104   803  ZwTerminateProcess
  00008114   804  ZwTerminateThread
  00008124   805  ZwTestAlert
  00008130   806  ZwUnloadDriver
  00008140   807  ZwUnloadKey
  00008150   808  ZwUnlockFile
  00008160   809  ZwUnlockVirtualMemory
  00008170   810  ZwUnmapViewOfSection
  00008180   811  ZwVdmControl
  00008210   812  ZwW32Call
  00008190   813  ZwWaitForMultipleObjects
  000081A0   814  ZwWaitForSingleObject
  000081B0   815  ZwWaitHighEventPair
  000081C0   816  ZwWaitLowEventPair
  000081D0   817  ZwWriteFile
  000081E0   818  ZwWriteFileGather
  000081F0   819  ZwWriteRequestData
  00008200   820  ZwWriteVirtualMemory
  00008280   821  ZwYieldExecution
  
[snip]

END LIST

Mime
View raw message