|
|
| 顶 | 踩 |
| 标题 | 简介 | 类型 | 公开时间 | ||||||||||
|
|||||||||||||
|
|||||||||||||
| 详情 | |||||||||||||
|
[SAFE-ID: JIWO-2024-239] 作者: ecawen 发表于: [2017-08-06]
本文共 [581] 位读者顶过
教主2004年整理的,有点老了,有相关大牛可以更新一下。 Ralf Brown曾经维护过一份中断列表,其中包含了Windows NT 4 int 2e的调用表。 但是Windows 2000的int 2e调用和Windows NT 4已经完全不一样了,并且从Windows XP[出自:jiwo.org]开始,微软用更快速的所谓“Fast System Call”指令取代了int 2e。下面是我抽取的 Windows 2000、Windows XP、Windows 2003的所有系统调用功能号列表,也包括来自于 Ralf Brown的Windows NT 4 int 2e调用表。 Windows 2000 int 2e 功能表 共248个 EAX = function number EDX = address of parameter block 0x0 AcceptConnectPort 0x1 AccessCheck 0x2 AccessCheckAndAuditAlarm 0x3 AccessCheckByType 0x4 AccessCheckByTypeAndAuditAlarm 0x5 AccessCheckByTypeResultList 0x6 AccessCheckByTypeResultListAndAuditAlarm 0x7 AccessCheckByTypeResultListAndAuditAlarmByHandle 0x8 AddAtom 0x9 AdjustGroupsToken 0xa AdjustPrivilegesToken 0xb AlertResumeThread 0xc AlertThread 0xd AllocateLocallyUniqueId 0xe AllocateUserPhysicalPages 0xf AllocateUuids 0x10 AllocateVirtualMemory 0x11 AreMappedFilesTheSame 0x12 AssignProcessToJobObject 0x13 CallbackReturn 0x14 CancelIoFile 0x15 CancelTimer 0x16 CancelDeviceWakeupRequest 0x17 ClearEvent 0x18 Close 0x19 CloseObjectAuditAlarm 0x1a CompleteConnectPort 0x1b ConnectPort 0x1c Continue 0x1d CreateDirectoryObject 0x1e CreateEvent 0x1f CreateEventPair 0x20 CreateFile 0x21 CreateIoCompletion 0x22 CreateJobObject 0x23 CreateKey 0x24 CreateMailslotFile 0x25 CreateMutant 0x26 CreateNamedPipeFile 0x27 CreatePagingFile 0x28 CreatePort 0x29 CreateProcess 0x2a CreateProfile 0x2b CreateSection 0x2c CreateSemaphore 0x2d CreateSymbolicLinkObject 0x2e CreateThread 0x2f CreateTimer 0x30 CreateToken 0x31 CreateWaitablePort 0x32 DelayExecution 0x33 DeleteAtom 0x34 DeleteFile 0x35 DeleteKey 0x36 DeleteObjectAuditAlarm 0x37 DeleteValueKey 0x38 DeviceIoControlFile 0x39 DisplayString 0x3a DuplicateObject 0x3b DuplicateToken 0x3c EnumerateKey 0x3d EnumerateValueKey 0x3e ExtendSection 0x3f FilterToken 0x40 FindAtom 0x41 FlushBuffersFile 0x42 FlushInstructionCache 0x43 FlushKey 0x44 FlushVirtualMemory 0x45 FlushWriteBuffer 0x46 FreeUserPhysicalPages 0x47 FreeVirtualMemory 0x48 FsControlFile 0x49 GetContextThread 0x4a GetDevicePowerState 0x4b GetPlugPlayEvent 0x4c GetTickCount 0x4d GetWriteWatch 0x4e ImpersonateAnonymousToken 0x4f ImpersonateClientOfPort 0x50 ImpersonateThread 0x51 InitializeRegistry 0x52 InitiatePowerAction 0x53 IsSystemResumeAutomatic 0x54 ListenPort 0x55 LoadDriver 0x56 LoadKey 0x57 LoadKey2 0x58 LockFile 0x59 LockVirtualMemory 0x5a MakeTemporaryObject 0x5b MapUserPhysicalPages 0x5c MapUserPhysicalPagesScatter 0x5d MapViewOfSection 0x5e NotifyChangeDirectoryFile 0x5f NotifyChangeKey 0x60 NotifyChangeMultipleKeys 0x61 OpenDirectoryObject 0x62 OpenEvent 0x63 OpenEventPair 0x64 OpenFile 0x65 OpenIoCompletion 0x66 OpenJobObject 0x67 OpenKey 0x68 OpenMutant 0x69 OpenObjectAuditAlarm 0x6a OpenProcess 0x6b OpenProcessToken 0x6c OpenSection 0x6d OpenSemaphore 0x6e OpenSymbolicLinkObject 0x6f OpenThread 0x70 OpenThreadToken 0x71 OpenTimer 0x72 PlugPlayControl 0x73 PowerInformation 0x74 PrivilegeCheck 0x75 PrivilegedServiceAuditAlarm 0x76 PrivilegeObjectAuditAlarm 0x77 ProtectVirtualMemory 0x78 PulseEvent 0x79 QueryInformationAtom 0x7a QueryAttributesFile 0x7b QueryDefaultLocale 0x7c QueryDefaultUILanguage 0x7d QueryDirectoryFile 0x7e QueryDirectoryObject 0x7f QueryEaFile 0x80 QueryEvent 0x81 QueryFullAttributesFile 0x82 QueryInformationFile 0x83 QueryInformationJobObject 0x84 QueryIoCompletion 0x85 QueryInformationPort 0x86 QueryInformationProcess 0x87 QueryInformationThread 0x88 QueryInformationToken 0x89 QueryInstallUILanguage 0x8a QueryIntervalProfile 0x8b QueryKey 0x8c QueryMultipleValueKey 0x8d QueryMutant 0x8e QueryObject 0x8f QueryOpenSubKeys 0x90 QueryPerformanceCounter 0x91 QueryQuotaInformationFile 0x92 QuerySection 0x93 QuerySecurityObject 0x94 QuerySemaphore 0x95 QuerySymbolicLinkObject 0x96 QuerySystemEnvironmentValue 0x97 QuerySystemInformation 0x98 QuerySystemTime 0x99 QueryTimer 0x9a QueryTimerResolution 0x9b QueryValueKey 0x9c QueryVirtualMemory 0x9d QueryVolumeInformationFile 0x9e QueueApcThread 0x9f RaiseException 0xa0 RaiseHardError 0xa1 ReadFile 0xa2 ReadFileScatter 0xa3 ReadRequestData 0xa4 ReadVirtualMemory 0xa5 RegisterThreadTerminatePort 0xa6 ReleaseMutant 0xa7 ReleaseSemaphore 0xa8 RemoveIoCompletion 0xa9 ReplaceKey 0xaa ReplyPort 0xab ReplyWaitReceivePort 0xac ReplyWaitReceivePortEx 0xad ReplyWaitReplyPort 0xae RequestDeviceWakeup 0xaf RequestPort 0xb0 RequestWaitReplyPort 0xb1 RequestWakeupLatency 0xb2 ResetEvent 0xb3 ResetWriteWatch 0xb4 RestoreKey 0xb5 ResumeThread 0xb6 SaveKey 0xb7 SaveMergedKeys 0xb8 SecureConnectPort 0xb9 SetIoCompletion 0xba SetContextThread 0xbb SetDefaultHardErrorPort 0xbc SetDefaultLocale 0xbd SetDefaultUILanguage 0xbe SetEaFile 0xbf SetEvent 0xc0 SetHighEventPair 0xc1 SetHighWaitLowEventPair 0xc2 SetInformationFile 0xc3 SetInformationJobObject 0xc4 SetInformationKey 0xc5 SetInformationObject 0xc6 SetInformationProcess 0xc7 SetInformationThread 0xc8 SetInformationToken 0xc9 SetIntervalProfile 0xca SetLdtEntries 0xcb SetLowEventPair 0xcc SetLowWaitHighEventPair 0xcd SetQuotaInformationFile 0xce SetSecurityObject 0xcf SetSystemEnvironmentValue 0xd0 SetSystemInformation 0xd1 SetSystemPowerState 0xd2 SetSystemTime 0xd3 SetThreadExecutionState 0xd4 SetTimer 0xd5 SetTimerResolution 0xd6 SetUuidSeed 0xd7 SetValueKey 0xd8 SetVolumeInformationFile 0xd9 ShutdownSystem 0xda SignalAndWaitForSingleObject 0xdb StartProfile 0xdc StopProfile 0xdd SuspendThread 0xde SystemDebugControl 0xdf TerminateJobObject 0xe0 TerminateProcess 0xe1 TerminateThread 0xe2 TestAlert 0xe3 UnloadDriver 0xe4 UnloadKey 0xe5 UnlockFile 0xe6 UnlockVirtualMemory 0xe7 UnmapViewOfSection 0xe8 VdmControl 0xe9 WaitForMultipleObjects 0xea WaitForSingleObject 0xeb WaitHighEventPair 0xec WaitLowEventPair 0xed WriteFile 0xee WriteFileGather 0xef WriteRequestData 0xf0 WriteVirtualMemory 0xf1 CreateChannel 0xf2 ListenChannel 0xf3 OpenChannel 0xf4 ReplyWaitSendChannel 0xf5 SendWaitReplyChannel 0xf6 SetContextChannel 0xf7 YieldExecution Windows XP sysenter 功能表 共284个 0x0 AcceptConnectPort 0x1 AccessCheck 0x2 AccessCheckAndAuditAlarm 0x3 AccessCheckByType 0x4 AccessCheckByTypeAndAuditAlarm 0x5 AccessCheckByTypeResultList 0x6 AccessCheckByTypeResultListAndAuditAlarm 0x7 AccessCheckByTypeResultListAndAuditAlarmByHandle 0x8 AddAtom 0x9 AddBootEntry 0xa AdjustGroupsToken 0xb AdjustPrivilegesToken 0xc AlertResumeThread 0xd AlertThread 0xe AllocateLocallyUniqueId 0xf AllocateUserPhysicalPages 0x10 AllocateUuids 0x11 AllocateVirtualMemory 0x12 AreMappedFilesTheSame 0x13 AssignProcessToJobObject 0x14 CallbackReturn 0x15 CancelDeviceWakeupRequest 0x16 CancelIoFile 0x17 CancelTimer 0x18 ClearEvent 0x19 Close 0x1a CloseObjectAuditAlarm 0x1b CompactKeys 0x1c CompareTokens 0x1d CompleteConnectPort 0x1e CompressKey 0x1f ConnectPort 0x20 Continue 0x21 CreateDebugObject 0x22 CreateDirectoryObject 0x23 CreateEvent 0x24 CreateEventPair 0x25 CreateFile 0x26 CreateIoCompletion 0x27 CreateJobObject 0x28 CreateJobSet 0x29 CreateKey 0x2a CreateMailslotFile 0x2b CreateMutant 0x2c CreateNamedPipeFile 0x2d CreatePagingFile 0x2e CreatePort 0x2f CreateProcess 0x30 CreateProcessEx 0x31 CreateProfile 0x32 CreateSection 0x33 CreateSemaphore 0x34 CreateSymbolicLinkObject 0x35 CreateThread 0x36 CreateTimer 0x37 CreateToken 0x38 CreateWaitablePort 0x39 DebugActiveProcess 0x3a DebugContinue 0x3b DelayExecution 0x3c DeleteAtom 0x3d DeleteBootEntry 0x3e DeleteFile 0x3f DeleteKey 0x40 DeleteObjectAuditAlarm 0x41 DeleteValueKey 0x42 DeviceIoControlFile 0x43 DisplayString 0x44 DuplicateObject 0x45 DuplicateToken 0x46 EnumerateBootEntries 0x47 EnumerateKey 0x48 EnumerateSystemEnvironmentValuesEx 0x49 EnumerateValueKey 0x4a ExtendSection 0x4b FilterToken 0x4c FindAtom 0x4d FlushBuffersFile 0x4e FlushInstructionCache 0x4f FlushKey 0x50 FlushVirtualMemory 0x51 FlushWriteBuffer 0x52 FreeUserPhysicalPages 0x53 FreeVirtualMemory 0x54 FsControlFile 0x55 GetContextThread 0x56 GetDevicePowerState 0x57 GetPlugPlayEvent 0x58 GetWriteWatch 0x59 ImpersonateAnonymousToken 0x5a ImpersonateClientOfPort 0x5b ImpersonateThread 0x5c InitializeRegistry 0x5d InitiatePowerAction 0x5e IsProcessInJob 0x5f IsSystemResumeAutomatic 0x60 ListenPort 0x61 LoadDriver 0x62 LoadKey 0x63 LoadKey2 0x64 LockFile 0x65 LockProductActivationKeys 0x66 LockRegistryKey 0x67 LockVirtualMemory 0x68 MakePermanentObject 0x69 MakeTemporaryObject 0x6a MapUserPhysicalPages 0x6b MapUserPhysicalPagesScatter 0x6c MapViewOfSection 0x6d ModifyBootEntry 0x6e NotifyChangeDirectoryFile 0x6f NotifyChangeKey 0x70 NotifyChangeMultipleKeys 0x71 OpenDirectoryObject 0x72 OpenEvent 0x73 OpenEventPair 0x74 OpenFile 0x75 OpenIoCompletion 0x76 OpenJobObject 0x77 OpenKey 0x78 OpenMutant 0x79 OpenObjectAuditAlarm 0x7a OpenProcess 0x7b OpenProcessToken 0x7c OpenProcessTokenEx 0x7d OpenSection 0x7e OpenSemaphore 0x7f OpenSymbolicLinkObject 0x80 OpenThread 0x81 OpenThreadToken 0x82 OpenThreadTokenEx 0x83 OpenTimer 0x84 PlugPlayControl 0x85 PowerInformation 0x86 PrivilegeCheck 0x87 PrivilegeObjectAuditAlarm 0x88 PrivilegedServiceAuditAlarm 0x89 ProtectVirtualMemory 0x8a PulseEvent 0x8b QueryAttributesFile 0x8c QueryBootEntryOrder 0x8d QueryBootOptions 0x8e QueryDebugFilterState 0x8f QueryDefaultLocale 0x90 QueryDefaultUILanguage 0x91 QueryDirectoryFile 0x92 QueryDirectoryObject 0x93 QueryEaFile 0x94 QueryEvent 0x95 QueryFullAttributesFile 0x96 QueryInformationAtom 0x97 QueryInformationFile 0x98 QueryInformationJobObject 0x99 QueryInformationPort 0x9a QueryInformationProcess 0x9b QueryInformationThread 0x9c QueryInformationToken 0x9d QueryInstallUILanguage 0x9e QueryIntervalProfile 0x9f QueryIoCompletion 0xa0 QueryKey 0xa1 QueryMultipleValueKey 0xa2 QueryMutant 0xa3 QueryObject 0xa4 QueryOpenSubKeys 0xa5 QueryPerformanceCounter 0xa6 QueryQuotaInformationFile 0xa7 QuerySection 0xa8 QuerySecurityObject 0xa9 QuerySemaphore 0xaa QuerySymbolicLinkObject 0xab QuerySystemEnvironmentValue 0xac QuerySystemEnvironmentValueEx 0xad RtlGetNativeSystemInformation 0xae QuerySystemTime 0xaf QueryTimer 0xb0 QueryTimerResolution 0xb1 QueryValueKey 0xb2 QueryVirtualMemory 0xb3 QueryVolumeInformationFile 0xb4 QueueApcThread 0xb5 RaiseException 0xb6 RaiseHardError 0xb7 ReadFile 0xb8 ReadFileScatter 0xb9 ReadRequestData 0xba ReadVirtualMemory 0xbb RegisterThreadTerminatePort 0xbc ReleaseMutant 0xbd ReleaseSemaphore 0xbe RemoveIoCompletion 0xbf RemoveProcessDebug 0xc0 RenameKey 0xc1 ReplaceKey 0xc2 ReplyPort 0xc3 ReplyWaitReceivePort 0xc4 ReplyWaitReceivePortEx 0xc5 ReplyWaitReplyPort 0xc6 RequestDeviceWakeup 0xc7 RequestPort 0xc8 RequestWaitReplyPort 0xc9 RequestWakeupLatency 0xca ResetEvent 0xcb ResetWriteWatch 0xcc RestoreKey 0xcd ResumeProcess 0xce ResumeThread 0xcf SaveKey 0xd0 SaveKeyEx 0xd1 SaveMergedKeys 0xd2 SecureConnectPort 0xd3 SetBootEntryOrder 0xd4 SetBootOptions 0xd5 SetContextThread 0xd6 SetDebugFilterState 0xd7 SetDefaultHardErrorPort 0xd8 SetDefaultLocale 0xd9 SetDefaultUILanguage 0xda SetEaFile 0xdb SetEvent 0xdc SetEventBoostPriority 0xdd SetHighEventPair 0xde SetHighWaitLowEventPair 0xdf SetInformationDebugObject 0xe0 SetInformationFile 0xe1 SetInformationJobObject 0xe2 SetInformationKey 0xe3 SetInformationObject 0xe4 SetInformationProcess 0xe5 SetInformationThread 0xe6 SetInformationToken 0xe7 SetIntervalProfile 0xe8 SetIoCompletion 0xe9 SetLdtEntries 0xea SetLowEventPair 0xeb SetLowWaitHighEventPair 0xec SetQuotaInformationFile 0xed SetSecurityObject 0xee SetSystemEnvironmentValue 0xef SetSystemEnvironmentValueEx 0xf0 SetSystemInformation 0xf1 SetSystemPowerState 0xf2 SetSystemTime 0xf3 SetThreadExecutionState 0xf4 SetTimer 0xf5 SetTimerResolution 0xf6 SetUuidSeed 0xf7 SetValueKey 0xf8 SetVolumeInformationFile 0xf9 ShutdownSystem 0xfa SignalAndWaitForSingleObject 0xfb StartProfile 0xfc StopProfile 0xfd SuspendProcess 0xfe SuspendThread 0xff SystemDebugControl 0x100 TerminateJobObject 0x101 TerminateProcess 0x102 TerminateThread 0x103 TestAlert 0x104 TraceEvent 0x105 TranslateFilePath 0x106 UnloadDriver 0x107 UnloadKey 0x108 UnloadKeyEx 0x109 UnlockFile 0x10a UnlockVirtualMemory 0x10b UnmapViewOfSection 0x10c VdmControl 0x10d WaitForDebugEvent 0x10e WaitForMultipleObjects 0x10f WaitForSingleObject 0x110 WaitHighEventPair 0x111 WaitLowEventPair 0x112 WriteFile 0x113 WriteFileGather 0x114 WriteRequestData 0x115 WriteVirtualMemory 0x116 YieldExecution 0x117 CreateKeyedEvent 0x118 OpenKeyedEvent 0x119 ReleaseKeyedEvent 0x11a WaitForKeyedEvent 0x11b QueryPortInformationProcess Windows 2003 sysenter 功能表 共295个 0x0 AcceptConnectPort 0x1 AccessCheck 0x2 AccessCheckAndAuditAlarm 0x3 AccessCheckByType 0x4 AccessCheckByTypeAndAuditAlarm 0x5 AccessCheckByTypeResultList 0x6 AccessCheckByTypeResultListAndAuditAlarm 0x7 AccessCheckByTypeResultListAndAuditAlarmByHandle 0x8 AddAtom 0x9 AddBootEntry 0xa AddDriverEntry 0xb AdjustGroupsToken 0xc AdjustPrivilegesToken 0xd AlertResumeThread 0xe AlertThread 0xf AllocateLocallyUniqueId 0x10 AllocateUserPhysicalPages 0x11 AllocateUuids 0x12 AllocateVirtualMemory 0x13 ApphelpCacheControl 0x14 AreMappedFilesTheSame 0x15 AssignProcessToJobObject 0x16 CallbackReturn 0x17 CancelDeviceWakeupRequest 0x18 CancelIoFile 0x19 CancelTimer 0x1a ClearEvent 0x1b Close 0x1c CloseObjectAuditAlarm 0x1d CompactKeys 0x1e CompareTokens 0x1f CompleteConnectPort 0x20 CompressKey 0x21 ConnectPort 0x22 Continue 0x23 CreateDebugObject 0x24 CreateDirectoryObject 0x25 CreateEvent 0x26 CreateEventPair 0x27 CreateFile 0x28 CreateIoCompletion 0x29 CreateJobObject 0x2a CreateJobSet 0x2b CreateKey 0x2c CreateMailslotFile 0x2d CreateMutant 0x2e CreateNamedPipeFile 0x2f CreatePagingFile 0x30 CreatePort 0x31 CreateProcess 0x32 CreateProcessEx 0x33 CreateProfile 0x34 CreateSection 0x35 CreateSemaphore 0x36 CreateSymbolicLinkObject 0x37 CreateThread 0x38 CreateTimer 0x39 CreateToken 0x3a CreateWaitablePort 0x3b DebugActiveProcess 0x3c DebugContinue 0x3d DelayExecution 0x3e DeleteAtom 0x3f DeleteBootEntry 0x40 DeleteDriverEntry 0x41 DeleteFile 0x42 DeleteKey 0x43 DeleteObjectAuditAlarm 0x44 DeleteValueKey 0x45 DeviceIoControlFile 0x46 DisplayString 0x47 DuplicateObject 0x48 DuplicateToken 0x49 EnumerateBootEntries 0x4a EnumerateDriverEntries 0x4b EnumerateKey 0x4c EnumerateSystemEnvironmentValuesEx 0x4d EnumerateValueKey 0x4e ExtendSection 0x4f FilterToken 0x50 FindAtom 0x51 FlushBuffersFile 0x52 FlushInstructionCache 0x53 FlushKey 0x54 FlushVirtualMemory 0x55 FlushWriteBuffer 0x56 FreeUserPhysicalPages 0x57 FreeVirtualMemory 0x58 FsControlFile 0x59 GetContextThread 0x5a GetDevicePowerState 0x5b GetPlugPlayEvent 0x5c GetWriteWatch 0x5d ImpersonateAnonymousToken 0x5e ImpersonateClientOfPort 0x5f ImpersonateThread 0x60 InitializeRegistry 0x61 InitiatePowerAction 0x62 IsProcessInJob 0x63 IsSystemResumeAutomatic 0x64 ListenPort 0x65 LoadDriver 0x66 LoadKey 0x67 LoadKey2 0x68 LoadKeyEx 0x69 LockFile 0x6a LockProductActivationKeys 0x6b LockRegistryKey 0x6c LockVirtualMemory 0x6d MakePermanentObject 0x6e MakeTemporaryObject 0x6f MapUserPhysicalPages 0x70 MapUserPhysicalPagesScatter 0x71 MapViewOfSection 0x72 ModifyBootEntry 0x73 ModifyDriverEntry 0x74 NotifyChangeDirectoryFile 0x75 NotifyChangeKey 0x76 NotifyChangeMultipleKeys 0x77 OpenDirectoryObject 0x78 OpenEvent 0x79 OpenEventPair 0x7a OpenFile 0x7b OpenIoCompletion 0x7c OpenJobObject 0x7d OpenKey 0x7e OpenMutant 0x7f OpenObjectAuditAlarm 0x80 OpenProcess 0x81 OpenProcessToken 0x82 OpenProcessTokenEx 0x83 OpenSection 0x84 OpenSemaphore 0x85 OpenSymbolicLinkObject 0x86 OpenThread 0x87 OpenThreadToken 0x88 OpenThreadTokenEx 0x89 OpenTimer 0x8a PlugPlayControl 0x8b PowerInformation 0x8c PrivilegeCheck 0x8d PrivilegeObjectAuditAlarm 0x8e PrivilegedServiceAuditAlarm 0x8f ProtectVirtualMemory 0x90 PulseEvent 0x91 QueryAttributesFile 0x92 QueryBootEntryOrder 0x93 QueryBootOptions 0x94 QueryDebugFilterState 0x95 QueryDefaultLocale 0x96 QueryDefaultUILanguage 0x97 QueryDirectoryFile 0x98 QueryDirectoryObject 0x99 QueryDriverEntryOrder 0x9a QueryEaFile 0x9b QueryEvent 0x9c QueryFullAttributesFile 0x9d QueryInformationAtom 0x9e QueryInformationFile 0x9f QueryInformationJobObject 0xa0 QueryInformationPort 0xa1 QueryInformationProcess 0xa2 QueryInformationThread 0xa3 QueryInformationToken 0xa4 QueryInstallUILanguage 0xa5 QueryIntervalProfile 0xa6 QueryIoCompletion 0xa7 QueryKey 0xa8 QueryMultipleValueKey 0xa9 QueryMutant 0xaa QueryObject 0xab QueryOpenSubKeys 0xac QueryOpenSubKeysEx 0xad QueryPerformanceCounter 0xae QueryQuotaInformationFile 0xaf QuerySection 0xb0 QuerySecurityObject 0xb1 QuerySemaphore 0xb2 QuerySymbolicLinkObject 0xb3 QuerySystemEnvironmentValue 0xb4 QuerySystemEnvironmentValueEx 0xb5 QuerySystemInformation 0xb6 QuerySystemTime 0xb7 QueryTimer 0xb8 QueryTimerResolution 0xb9 QueryValueKey 0xba QueryVirtualMemory 0xbb QueryVolumeInformationFile 0xbc QueueApcThread 0xbd RaiseException 0xbe RaiseHardError 0xbf ReadFile 0xc0 ReadFileScatter 0xc1 ReadRequestData 0xc2 ReadVirtualMemory 0xc3 RegisterThreadTerminatePort 0xc4 ReleaseMutant 0xc5 ReleaseSemaphore 0xc6 RemoveIoCompletion 0xc7 RemoveProcessDebug 0xc8 RenameKey 0xc9 ReplaceKey 0xca ReplyPort 0xcb ReplyWaitReceivePort 0xcc ReplyWaitReceivePortEx 0xcd ReplyWaitReplyPort 0xce RequestDeviceWakeup 0xcf RequestPort 0xd0 RequestWaitReplyPort 0xd1 RequestWakeupLatency 0xd2 ResetEvent 0xd3 ResetWriteWatch 0xd4 RestoreKey 0xd5 ResumeProcess 0xd6 ResumeThread 0xd7 SaveKey 0xd8 SaveKeyEx 0xd9 SaveMergedKeys 0xda SecureConnectPort 0xdb SetBootEntryOrder 0xdc SetBootOptions 0xdd SetContextThread 0xde SetDebugFilterState 0xdf SetDefaultHardErrorPort 0xe0 SetDefaultLocale 0xe1 SetDefaultUILanguage 0xe2 SetDriverEntryOrder 0xe3 SetEaFile 0xe4 SetEvent 0xe5 SetEventBoostPriority 0xe6 SetHighEventPair 0xe7 SetHighWaitLowEventPair 0xe8 SetInformationDebugObject 0xe9 SetInformationFile 0xea SetInformationJobObject 0xeb SetInformationKey 0xec SetInformationObject 0xed SetInformationProcess 0xee SetInformationThread 0xef SetInformationToken 0xf0 SetIntervalProfile 0xf1 SetIoCompletion 0xf2 SetLdtEntries 0xf3 SetLowEventPair 0xf4 SetLowWaitHighEventPair 0xf5 SetQuotaInformationFile 0xf6 SetSecurityObject 0xf7 SetSystemEnvironmentValue 0xf8 SetSystemEnvironmentValueEx 0xf9 SetSystemInformation 0xfa SetSystemPowerState 0xfb SetSystemTime 0xfc SetThreadExecutionState 0xfd SetTimer 0xfe SetTimerResolution 0xff SetUuidSeed 0x100 SetValueKey 0x101 SetVolumeInformationFile 0x102 ShutdownSystem 0x103 SignalAndWaitForSingleObject 0x104 StartProfile 0x105 StopProfile 0x106 SuspendProcess 0x107 SuspendThread 0x108 SystemDebugControl 0x109 TerminateJobObject 0x10a TerminateProcess 0x10b TerminateThread 0x10c TestAlert 0x10d TraceEvent 0x10e TranslateFilePath 0x10f UnloadDriver 0x110 UnloadKey 0x111 UnloadKey2 0x112 UnloadKeyEx 0x113 UnlockFile 0x114 UnlockVirtualMemory 0x115 UnmapViewOfSection 0x116 VdmControl 0x117 WaitForDebugEvent 0x118 WaitForMultipleObjects 0x119 WaitForSingleObject 0x11a WaitHighEventPair 0x11b WaitLowEventPair 0x11c WriteFile 0x11d WriteFileGather 0x11e WriteRequestData 0x11f WriteVirtualMemory 0x120 YieldExecution 0x121 CreateKeyedEvent 0x122 OpenKeyedEvent 0x123 ReleaseKeyedEvent 0x124 WaitForKeyedEvent 0x125 QueryPortInformationProcess 0x126 GetCurrentProcessorNumber Windows NT int 2e 功能表 from Ralf Brown's interrupt lists EAX = function number EDX = address of parameter block Values for Windows NT NTOS function number: 000h AcceptConnectPort (24 bytes of parameters) 001h AccessCheck (32 bytes of parameters) 002h AccessCheckAndAuditAlarm (44 bytes of parameters) 003h AddAtom (8 bytes of parameters) 004h AdjustGroupsToken (24 bytes of parameters) 005h AdjustPrivilegesToken (24 bytes of parameters) 006h AlertResumeThread (8 bytes of parameters) 007h AlertThread (4 bytes of parameters) 008h AllocateLocallyUniqueId (4 bytes of parameters) 009h AllocateUuids (12 bytes of parameters) 00Ah AllocateVirtualMemory (24 bytes of parameters) 00Bh CallbackReturn (12 bytes of parameters) 00Ch CancelIoFile (8 bytes of parameters) 00Dh CancelTimer (8 bytes of parameters) 00Eh ClearEvent (4 bytes of parameters) 00Fh Close (4 bytes of parameters) 010h CloseObjectAuditAlarm (12 bytes of parameters) 011h CompleteConnectPort (4 bytes of parameters) 012h ConnectPort (32 bytes of parameters) 013h Continue (8 bytes of parameters) 014h CreateDirectoryObject (12 bytes of parameters) 015h CreateEvent (20 bytes of parameters) 016h CreateEventPair (12 bytes of parameters) 017h CreateFile (44 bytes of parameters) 018h CreateIoCompletion (16 bytes of parameters) 019h CreateKey (28 bytes of parameters) 01Ah CreateMailslotFile (32 bytes of parameters) 01Bh CreateMutant (16 bytes of parameters) 01Ch CreateNamedPipeFile (56 bytes of parameters) 01Dh CreatePagingFile (16 bytes of parameters) 01Eh CreatePort (20 bytes of parameters) 01Fh CreateProcess (32 bytes of parameters) 020h CreateProfile (36 bytes of parameters) 021h CreateSection (28 bytes of parameters) 022h CreateSemaphore (20 bytes of parameters) 023h CreateSymbolicLinkObject (16 bytes of parameters) 024h CreateThread (32 bytes of parameters) 025h CreateTimer (16 bytes of parameters) 026h CreateToken (52 bytes of parameters) 027h DelayExecution (8 bytes of parameters) 028h DeleteAtom (4 bytes of parameters) 029h DeleteFile (4 bytes of parameters) 02Ah DeleteKey (4 bytes of parameters) 02Bh DeleteObjectAuditAlarm (12 bytes of parameters) 02Ch DeleteValueKey (8 bytes of parameters) 02Dh DeviceIoControlFile (40 bytes of parameters) 02Eh DisplayString (4 bytes of parameters) 02Fh DuplicateObject (28 bytes of parameters) 030h DuplicateToken (24 bytes of parameters) 031h EnumerateKey (24 bytes of parameters) 032h EnumerateValueKey (24 bytes of parameters) 033h ExtendSection (8 bytes of parameters) 034h FindAtom (8 bytes of parameters) 035h FlushBuffersFile (8 bytes of parameters) 036h FlushInstructionCache (12 bytes of parameters) 037h FlushKey (4 bytes of parameters) 038h FlushVirtualMemory (16 bytes of parameters) 039h FlushWriteBuffer (no parameters) 03Ah FreeVirtualMemory (16 bytes of parameters) 03Bh FsControlFile (40 bytes of parameters) 03Ch GetContextThread (8 bytes of parameters) 03Dh GetPlugPlayEvent (16 bytes of parameters) 03Eh GetTickCount (no parameters) 03Fh ImpersonateClientOfPort (8 bytes of parameters) 040h ImpersonateThread (12 bytes of parameters) 041h InitializeRegistry (4 bytes of parameters) 042h ListenPort (8 bytes of parameters) 043h LoadDriver (4 bytes of parameters) 044h LoadKey (8 bytes of parameters) 045h LoadKey2 (12 bytes of parameters) 046h LockFile (40 bytes of parameters) 047h LockVirtualMemory (16 bytes of parameters) 048h MakeTemporaryObject (4 bytes of parameters) 049h MapViewOfSection (40 bytes of parameters) 04Ah NotifyChangeDirectoryFile (36 bytes of parameters) 04Bh NotifyChangeKey (40 bytes of parameters) 04Ch OpenDirectoryObject (12 bytes of parameters) 04Dh OpenEvent (12 bytes of parameters) 04Eh OpenEventPair (12 bytes of parameters) 04Fh OpenFile (24 bytes of parameters) 050h OpenIoCompletion (12 bytes of parameters) 051h OpenKey (12 bytes of parameters) 052h OpenMutant (12 bytes of parameters) 053h OpenObjectAuditAlarm (48 bytes of parameters) 054h OpenProcess (16 bytes of parameters) 055h OpenProcessToken (12 bytes of parameters) 056h OpenSection (12 bytes of parameters) 057h OpenSemaphore (12 bytes of parameters) 058h OpenSymbolicLinkObject (12 bytes of parameters) 059h OpenThread (16 bytes of parameters) 05Ah OpenThreadToken (16 bytes of parameters) 05Bh OpenTimer (12 bytes of parameters) 05Ch PlugPlayControl (16 bytes of parameters) 05Dh PrivilegeCheck (12 bytes of parameters) 05Eh PrivilegedServiceAuditAlarm (20 bytes of parameters) 05Fh PrivilegeObjectAuditAlarm (24 bytes of parameters) 060h ProtectVirtualMemory (20 bytes of parameters) 061h PulseEvent (8 bytes of parameters) 062h QueryInformationAtom (20 bytes of parameters) 063h QueryAttributesFile (8 bytes of parameters) 064h QueryDefaultLocale (8 bytes of parameters) 065h QueryDirectoryFile (44 bytes of parameters) 066h QueryDirectoryObject (28 bytes of parameters) 067h QueryEaFile (36 bytes of parameters) 068h QueryEvent (20 bytes of parameters) 069h QueryFullAttributesFile (8 bytes of parameters) 06Ah QueryInformationFile (20 bytes of parameters) 06Bh QueryIoCompletion (20 bytes of parameters) 06Ch QueryInformationPort (20 bytes of parameters) 06Dh QueryInformationProcess (20 bytes of parameters) 06Eh QueryInformationThread (20 bytes of parameters) 06Fh QueryInformationToken (20 bytes of parameters) 070h QueryIntervalProfile (8 bytes of parameters) 071h QueryKey (20 bytes of parameters) 072h QueryMultipleValueKey (24 bytes of parameters) 073h QueryMutant (20 bytes of parameters) 074h QueryObject (20 bytes of parameters) 075h QueryOleDirectoryFile (44 bytes of parameters) 076h QueryPerformanceCounter (8 bytes of parameters) 077h QuerySection (20 bytes of parameters) 078h QuerySecurityObject (20 bytes of parameters) 079h QuerySemaphore (20 bytes of parameters) 07Ah QuerySymbolicLinkObject (12 bytes of parameters) 07Bh QuerySystemEnvironmentValue (16 bytes of parameters) 07Ch QuerySystemInformation (16 bytes of parameters) 07Dh QuerySystemTime (4 bytes of parameters) 07Eh QueryTimer (20 bytes of parameters) 07Fh QueryTimerResolution (12 bytes of parameters) 080h QueryValueKey (24 bytes of parameters) 081h QueryVirtualMemory (24 bytes of parameters) 082h QueryVolumeInformationFile (20 bytes of parameters) 083h QueueApcThread (20 bytes of parameters) 084h RaiseException (12 bytes of parameters) 085h RaiseHardError (24 bytes of parameters) 086h ReadFile (36 bytes of parameters) 087h ReadFileScatter (36 bytes of parameters) 088h ReadRequestData (24 bytes of parameters) 089h ReadVirtualMemory (20 bytes of parameters) 08Ah RegisterThreadTerminatePort (4 bytes of parameters) 08Bh ReleaseMutant (8 bytes of parameters) 08Ch ReleaseSemaphore (12 bytes of parameters) 08Dh RemoveIoCompletion (20 bytes of parameters) 08Eh ReplaceKey (12 bytes of parameters) 08Fh ReplyPort (8 bytes of parameters) 090h ReplyWaitReceivePort (16 bytes of parameters) 091h ReplyWaitReplyPort (8 bytes of parameters) 092h RequestPort (8 bytes of parameters) 093h RequestWaitReplyPort (12 bytes of parameters) 094h ResetEvent (8 bytes of parameters) 095h RestoreKey (12 bytes of parameters) 096h ResumeThread (8 bytes of parameters) 097h SaveKey (8 bytes of parameters) 098h SetIoCompletion (20 bytes of parameters) 099h SetContextThread (8 bytes of parameters) 09Ah SetDefaultHardErrorPort (4 bytes of parameters) 09Bh SetDefaultLocale (8 bytes of parameters) 09Ch SetEaFile (16 bytes of parameters) 09Dh SetEvent (8 bytes of parameters) 09Eh SetHighEventPair (4 bytes of parameters) 09Fh SetHighWaitLowEventPair (4 bytes of parameters) 0A0h ??? (??? bytes of parameters) 0A1h SetInformationFile (20 bytes of parameters) 0A2h SetInformationKey (16 bytes of parameters) 0A3h SetInformationObject (16 bytes of parameters) 0A4h SetInformationProcess (16 bytes of parameters) 0A5h SetInformationThread (16 bytes of parameters) 0A6h SetInformationToken (16 bytes of parameters) 0A7h SetIntervalProfile (8 bytes of parameters) 0A8h SetLdtEntries (24 bytes of parameters) 0A9h SetLowEventPair (4 bytes of parameters) 0AAh SetLowWaitHighEventPair (4 bytes of parameters) 0ABh ??? (??? bytes of parameters) 0ACh SetSecurityObject (12 bytes of parameters) 0ADh SetSystemEnvironmentValue (8 bytes of parameters) 0AEh SetSystemInformation (12 bytes of parameters) 0AFh SetSystemPowerState (12 bytes of parameters) 0B0h SetSystemTime (8 bytes of parameters) 0B1h SetTimer (28 bytes of parameters) 0B2h SetTimerResolution (12 bytes of parameters) 0B3h SetValueKey (24 bytes of parameters) 0B4h SetVolumeInformationFile (20 bytes of parameters) 0B5h ShutdownSystem (4 bytes of parameters) 0B6h SignalAndWaitForSingleObject (16 bytes of parameters) 0B7h StartProfile (4 bytes of parameters) 0B8h StopProfile (4 bytes of parameters) 0B9h SuspendThread (8 bytes of parameters) 0BAh SystemDebugControl (24 bytes of parameters) 0BBh TerminateProcess (8 bytes of parameters) 0BCh TerminateThread (8 bytes of parameters) 0BDh TestAlert (no parameters) 0BEh UnloadDriver (4 bytes of parameters) 0BFh UnloadKey (4 bytes of parameters) 0C0h UnlockFile (20 bytes of parameters) 0C1h UnlockVirtualMemory (16 bytes of parameters) 0C2h UnmapViewOfSection (8 bytes of parameters) 0C3h VdmControl (8 bytes of parameters) 0C4h WaitForMultipleObjects (20 bytes of parameters) 0C5h WaitForSingleObject (12 bytes of parameters) 0C6h WaitHighEventPair (4 bytes of parameters) 0C7h WaitLowEventPair (4 bytes of parameters) 0C8h WriteFile (36 bytes of parameters) 0C9h WriteFileGather (36 bytes of parameters) 0CAh WriteRequestData (24 bytes of parameters) 0CBh WriteVirtualMemory (20 bytes of parameters) 0CCh W32Call (20 bytes of parameters) 0CDh CreateChannel (8 bytes of parameters) 0CEh ListenChannel (8 bytes of parameters) 0CFh OpenChannel (8 bytes of parameters) 0D0h ReplyWaitSendChannel (12 bytes of parameters) 0D1h SendWaitReplyChannel (16 bytes of parameters) 0D2h SetContextChannel (4 bytes of parameters) 0D3h YieldExecution (no parameters) 简单的倒计时代码>> + 作者: tombkeeper 2004年03月11日,星期四 00:16:06 回复(0 ) | 引用(0) 写exp的时候需要用到一个简单的倒计时功能,原本打算乖乖用WriteConsole的那一堆API,不过估计折腾的时间就够吃几顿饭的了。想了个简单的办法: int i; char bel[]={0x08,0x08,0x07}; //倒计时并提示音 printf ("If xxxx installed, your system will BSOD in 10 sec.\n"); printf ("But you can press \"Ctrl+C\" to cancel this program.\n\n"); for (i=9; i>=0; i--) { printf ("%s%d",bel,i); Sleep (1000); } |
|||||||||||||
|
|
|
| 顶 | 踩 |