NtOsKrnl.exe starts at 800D4000

Service table address: 80502588  Number of services:0000011C
0000  0008:805953AA  params=06  ntoskrnl!RvNtAcceptConnectPort
0001  0008:8057DCB7  params=08  ntoskrnl!RvNtAccessCheck
0002  0008:8057BB65  params=0B  ntoskrnl!RvNtAccessCheckAndAuditAlarm
0003  0008:805C0CDB  params=0B  ntoskrnl!RvNtAccessCheckByType
0004  0008:80573C7A  params=10  ntoskrnl!RvNtAccessCheckByTypeAndAuditAlarm
0005  0008:8061737E  params=0B  ntoskrnl!RvNtAccessCheckByTypeResultList
0006  0008:806194EE  params=10  ntoskrnl!RvNtAccessCheckByTypeResultListAndAuditAlarm
0007  0008:8061952B  params=11  ntoskrnl!RvNtAccessCheckByTypeResultListAndAuditAlarmByHandle
0008  0008:8056AE3B  params=03  ntoskrnl!NtAddAtom
0009  0008:80625E4E  params=02  ntoskrnl!RvNtAddBootEntry
000A  0008:80616E7A  params=06  ntoskrnl!RvNtAdjustGroupsToken
000B  0008:8057AEDB  params=06  ntoskrnl!NtAdjustPrivilegesToken
000C  0008:80610E61  params=02  ntoskrnl!RvNtAlertResumeThread
000D  0008:8057BEC6  params=01  ntoskrnl!RvNtAlertThread
000E  0008:80575ECF  params=01  ntoskrnl!NtAllocateLocallyUniqueId
000F  0008:8060A667  params=03  ntoskrnl!RvNtAllocateUserPhysicalPages
0010  0008:8057BC7E  params=04  ntoskrnl!NtAllocateUuids
0011  0008:8058E58D  params=06  ntoskrnl!NtAllocateVirtualMemory
0012  0008:805600FC  params=02  ntoskrnl!RvNtAreMappedFilesTheSame
0013  0008:8055204E  params=02  ntoskrnl!RvNtAssignProcessToJobObject
0014  0008:8050FA11  params=03  ntoskrnl!RvNtCallbackReturn
0015  0008:8060E649  params=01  ntoskrnl!RvNtCancelDeviceWakeupRequest
0016  0008:80565A55  params=02  ntoskrnl!RvNtCancelIoFile
0017  0008:804E906F  params=02  ntoskrnl!RvNtCancelTimer
0018  0008:80579402  params=01  ntoskrnl!RvNtClearEvent
0019  0008:80581355  params=01  ntoskrnl!NtClose
001A  0008:8057BB30  params=03  ntoskrnl!RvNtCloseObjectAuditAlarm
001B  0008:8062A9ED  params=02  ntoskrnl!RvNtCompactKeys
001C  0008:8061A04F  params=03  ntoskrnl!RvNtCompareTokens
001D  0008:8059589C  params=01  ntoskrnl!RvNtCompleteConnectPort
001E  0008:8062AC19  params=01  ntoskrnl!RvNtCompressKey
001F  0008:8057418C  params=08  ntoskrnl!NtConnectPort
0020  0008:804DD54C  params=02  ntoskrnl!RvNtContinue
0021  0008:805BC5DE  params=04  ntoskrnl!RvNtCreateDebugObject
0022  0008:805B24B7  params=03  ntoskrnl!RvNtCreateDirectoryObject
0023  0008:80588E22  params=05  ntoskrnl!NtCreateEvent
0024  0008:80625E56  params=03  ntoskrnl!RvNtCreateEventPair
0025  0008:8058B1C2  params=0B  ntoskrnl!NtCreateFile
0026  0008:805652F3  params=04  ntoskrnl!RvNtCreateIoCompletion
0027  0008:805B8EC4  params=03  ntoskrnl!RvNtCreateJobObject
0028  0008:80611282  params=03  ntoskrnl!RvNtCreateJobSet
0029  0008:8057AA2E  params=07  ntoskrnl!RvNtCreateKey
002A  0008:8057674F  params=08  ntoskrnl!RvNtCreateMailslotFile
002B  0008:80593A89  params=04  ntoskrnl!RvNtCreateMutant
002C  0008:8057D88C  params=0E  ntoskrnl!RvNtCreateNamedPipeFile
002D  0008:805AB7A0  params=04  ntoskrnl!RvNtCreatePagingFile
002E  0008:8056108A  params=05  ntoskrnl!RvNtCreatePort
002F  0008:805AE8B3  params=08  ntoskrnl!RvNtCreateProcess
0030  0008:80590950  params=09  ntoskrnl!RvNtCreateProcessEx
0031  0008:80626395  params=09  ntoskrnl!RvNtCreateProfile
0032  0008:8057FB92  params=07  ntoskrnl!NtCreateSection
0033  0008:8056E5BD  params=05  ntoskrnl!RvNtCreateSemaphore
0034  0008:805C0109  params=04  ntoskrnl!RvNtCreateSymbolicLinkObject
0035  0008:8058F00C  params=08  ntoskrnl!RvNtCreateThread
0036  0008:805689B9  params=04  ntoskrnl!RvNtCreateTimer
0037  0008:805BDE1C  params=0D  ntoskrnl!RvNtCreateToken
0038  0008:805B8087  params=05  ntoskrnl!RvNtCreateWaitablePort
0039  0008:805BCE9F  params=02  ntoskrnl!RvNtDebugActiveProcess
003A  0008:805BC9BA  params=03  ntoskrnl!RvNtDebugContinue
003B  0008:8058071A  params=02  ntoskrnl!RvNtDelayExecution
003C  0008:8056B00F  params=01  ntoskrnl!NtDeleteAtom
003D  0008:8060E649  params=01  ntoskrnl!RvNtDeleteBootEntry
003E  0008:805B760B  params=01  ntoskrnl!NtDeleteFile
003F  0008:8056DE4B  params=01  ntoskrnl!RvNtDeleteKey
0040  0008:805C8DC1  params=03  ntoskrnl!RvNtDeleteObjectAuditAlarm
0041  0008:80567F3F  params=02  ntoskrnl!RvNtDeleteValueKey
0042  0008:805987C4  params=0A  ntoskrnl!NtDeviceIoControlFile
0043  0008:805A954D  params=01  ntoskrnl!RvNtSisplayString
0044  0008:80592B99  params=07  ntoskrnl!NtDuplicateObject
0045  0008:8057DD82  params=06  ntoskrnl!NtDuplicateToken
0046  0008:80625E4E  params=02  ntoskrnl!RvNtEnumerateBootEntries
0047  0008:8057D323  params=06  ntoskrnl!RvNtEnumerateKey
0048  0008:80625927  params=03  ntoskrnl!RvNtEnumerateSystemEnvironmentValuesEx
0049  0008:8056A5F7  params=06  ntoskrnl!RvNtEnumerateValueKey
004A  0008:805531D8  params=02  ntoskrnl!RvNtExtendSection
004B  0008:805B87B7  params=06  ntoskrnl!RvNtFilterToken
004C  0008:80568AAC  params=03  ntoskrnl!NtFindAtom
004D  0008:8057781B  params=02  ntoskrnl!RvNtFlushBuffersFile
004E  0008:8058D9ED  params=03  ntoskrnl!RvNtFlushInstructionCache
004F  0008:805616E0  params=01  ntoskrnl!RvNtFlushKey
0050  0008:8055EA50  params=04  ntoskrnl!RvNtFlushVirtualmemory
0051  0008:8060AF2E  params=00  ntoskrnl!RvNtFlushWriteBuffer
0052  0008:8060AA04  params=03  ntoskrnl!RvNtFreeUserPhysicalPages
0053  0008:8058F5C2  params=04  ntoskrnl!NtFreeVirtualMemory
0054  0008:8058C568  params=0A  ntoskrnl!NtFsControlFile
0055  0008:8055177B  params=02  ntoskrnl!RvNtGetContextThread
0056  0008:8060E65F  params=02  ntoskrnl!RvNtGetDevicePowerState
0057  0008:80556AE3  params=04  ntoskrnl!RvNtGetPlugPlayEvent
0058  0008:8052AC1A  params=07  ntoskrnl!RvNtGetWriteWatch
0059  0008:80619D5D  params=01  ntoskrnl!RvNtImpersonateAnonymousToken
005A  0008:80575FEE  params=02  ntoskrnl!RvNtImpersonateClientOfPort
005B  0008:805700FA  params=03  ntoskrnl!RvNtImpersonateThread
005C  0008:805B682A  params=01  ntoskrnl!RvNtInitializeRegistry
005D  0008:8060E460  params=04  ntoskrnl!RvNtInitiatePowerAction
005E  0008:80611158  params=02  ntoskrnl!RvNtIsProcessInjob
005F  0008:8060E651  params=00  ntoskrnl!RvNtIsSystemResumeAutomatic
0060  0008:805B5ABD  params=02  ntoskrnl!RvNtListenPort
0061  0008:805505A5  params=01  ntoskrnl!RvNtLoadDriver
0062  0008:805B4523  params=02  ntoskrnl!RvNtLoadKey
0063  0008:805B4535  params=03  ntoskrnl!RvNtLoadKey2
0064  0008:8056FF7A  params=0A  ntoskrnl!NtLockFile
0065  0008:805B4C74  params=02  ntoskrnl!RvNtLockProductActivationKeys
0066  0008:805A1A66  params=01  ntoskrnl!RvNtLockRegistryKey
0067  0008:805C0343  params=04  ntoskrnl!RvNtLockVirtualmemory
0068  0008:805C0049  params=01  ntoskrnl!NtMakePermanentObject
0069  0008:805BFEBA  params=01  ntoskrnl!RvNtMakeTempororyObject
006A  0008:80609981  params=03  ntoskrnl!RvNtMapUSerPhysicalPages
006B  0008:80609F1B  params=03  ntoskrnl!RvNtMapUserPhysicalPagesScatter
006C  0008:80584CE0  params=0A  ntoskrnl!NtMapViewOfSection
006D  0008:8060E649  params=01  ntoskrnl!RvNtModifyBootEntry
006E  0008:8056C855  params=09  ntoskrnl!NtNotifyChangeDirectoryFile
006F  0008:805739E6  params=0A  ntoskrnl!RvNtNotifyChangeKey
0070  0008:805736E1  params=0C  ntoskrnl!RvNtNotifyChangeMultipleKeys
0071  0008:8058E243  params=03  ntoskrnl!RvNtOpenDirectoryObject
0072  0008:8057BF0F  params=03  ntoskrnl!RvNtOpenEvent
0073  0008:80625F28  params=03  ntoskrnl!RvNtOpenEventPair
0074  0008:80585233  params=06  ntoskrnl!NtOpenFile
0075  0008:805FF06F  params=03  ntoskrnl!RvNtOpenIoCompletion
0076  0008:80562238  params=03  ntoskrnl!RvNtOpenJobObject
0077  0008:8058272F  params=03  ntoskrnl!RvNtOpenKey
0078  0008:80597282  params=03  ntoskrnl!RvNtOpenmutant
0079  0008:80563360  params=0C  ntoskrnl!RvNtOpenObjectAuditAlarm
007A  0008:80578115  params=04  ntoskrnl!NtOpenProcess
007B  0008:805917F1  params=03  ntoskrnl!NtOpenProcessToken
007C  0008:8058CBA7  params=04  ntoskrnl!NtOpenProcessTokenEx
007D  0008:80588D43  params=03  ntoskrnl!RvNtOpenSection
007E  0008:8056179C  params=03  ntoskrnl!RvNtOpenSemaphore
007F  0008:80588FEB  params=03  ntoskrnl!RvNtOpenSymbolicLinkObject
0080  0008:80570202  params=04  ntoskrnl!NtOpenThread
0081  0008:80596979  params=04  ntoskrnl!NtOpenThreadToken
0082  0008:8058F939  params=05  ntoskrnl!NtOpenThreadTokenEx
0083  0008:805BAB4E  params=03  ntoskrnl!RvNtOpenTimer
0084  0008:805654DB  params=03  ntoskrnl!RvNtPlugPlayControl
0085  0008:80566113  params=05  ntoskrnl!RvNtPowerInformation
0086  0008:80563E46  params=03  ntoskrnl!RvNtPrivilegeCheck
0087  0008:805B17BE  params=06  ntoskrnl!RvNtPrivilegeObjectAuditAlarm
0088  0008:805BE6A9  params=05  ntoskrnl!RvNtPrivilegedServiceAuditAlarm
0089  0008:8058CF39  params=05  ntoskrnl!RvNtProtectVirtualMemory
008A  0008:8056001A  params=02  ntoskrnl!RvNtPulseEvent
008B  0008:8058D906  params=02  ntoskrnl!RvNtQueryAttributesFile
008C  0008:80625E4E  params=02  ntoskrnl!RvNtQueryBootEntryOrder
008D  0008:80625E4E  params=02  ntoskrnl!RvNtQueryBootOptions
008E  0008:804FC992  params=02  ntoskrnl!RvNtQueryDebugFilterState
008F  0008:8058D50B  params=02  ntoskrnl!RvNtQueryDefaultLocale
0090  0008:80591043  params=01  ntoskrnl!RvNtQueryDefaultUILanguage
0091  0008:805951E4  params=0B  ntoskrnl!NtQueryDirectoryFile
0092  0008:80577D5A  params=07  ntoskrnl!RvNtQueryDirectoryObject
0093  0008:805FF418  params=09  ntoskrnl!NtQueryEaFile
0094  0008:805971FD  params=05  ntoskrnl!RvNtQueryEvent
0095  0008:8056AC1D  params=02  ntoskrnl!RvNtQueryFullAttributesFile
0096  0008:8055ED76  params=05  ntoskrnl!NtQueryInformationAtom
0097  0008:80584514  params=05  ntoskrnl!NtQueryInformationFile
0098  0008:805969A1  params=05  ntoskrnl!RvNtQueryInformationJobObject
0099  0008:80607563  params=05  ntoskrnl!RvNtQueryInformationPort
009A  0008:805895A3  params=05  ntoskrnl!NtQueryInformationProcess
009B  0008:805938B6  params=05  ntoskrnl!NtQueryInformationThread
009C  0008:8058F4CE  params=05  ntoskrnl!NtQueryInformationToken
009D  0008:8056A8D8  params=01  ntoskrnl!RvNtQueryInstallUILanguage
009E  0008:80626804  params=02  ntoskrnl!RvNtQueryIntervalProfile
009F  0008:805FF112  params=05  ntoskrnl!RvNtQueryIoCompletion
00A0  0008:80573460  params=05  ntoskrnl!RvNtQueryKey
00A1  0008:8062A577  params=06  ntoskrnl!RvNtQueryMultipleValueKey
00A2  0008:80626212  params=05  ntoskrnl!RvNtQueryMutant
00A3  0008:8058AD0A  params=05  ntoskrnl!RvNtQueryObject
00A4  0008:8062A74A  params=02  ntoskrnl!RvNtQueryOpenSubKeys
00A5  0008:80593F31  params=02  ntoskrnl!RvNtQueryPerformanceCounter
00A6  0008:805FFC36  params=09  ntoskrnl!NtQueryQuotaInformationFile
00A7  0008:8058D43C  params=05  ntoskrnl!RvNtQuerySection
00A8  0008:8056879C  params=05  ntoskrnl!NtQuerySecurityObject
00A9  0008:80625485  params=05  ntoskrnl!RvNtQuerySemaphore
00AA  0008:80589675  params=03  ntoskrnl!RvNtQuerySymbolicLinkObject
00AB  0008:80625937  params=04  ntoskrnl!RvNtQuerySystemEnvironmentValue
00AC  0008:8062591F  params=05  ntoskrnl!RvNtQuerySystemEnvironmentValueEx
00AD  0008:8058B1F4  params=04  ntoskrnl!NtQuerySystemInformation
00AE  0008:8057469F  params=01  ntoskrnl!RvNtQuerySystemTime
00AF  0008:8057842E  params=05  ntoskrnl!RvNtQueryTimer
00B0  0008:8056AF87  params=03  ntoskrnl!RvNtQueryTimerResolution
00B1  0008:805833FB  params=06  ntoskrnl!RvNtQueryValueKey
00B2  0008:8058D566  params=06  ntoskrnl!RvNtQueryVirtualMemory
00B3  0008:8058B580  params=05  ntoskrnl!NtQueryVolumeInformationFile
00B4  0008:80578390  params=05  ntoskrnl!RvNtQueueApcThread
00B5  0008:804DD593  params=03  ntoskrnl!RvNtRaiseException
00B6  0008:8055FACD  params=06  ntoskrnl!RvNtRaiseHArdError
00B7  0008:8058C594  params=09  ntoskrnl!NtReadFile
00B8  0008:80557D93  params=09  ntoskrnl!RvNtReadFileScatter
00B9  0008:80573D99  params=06  ntoskrnl!RvNtReadRequestData
00BA  0008:805963EF  params=05  ntoskrnl!RvNtReadVirtualMemory
00BB  0008:80594E29  params=01  ntoskrnl!RvNtRegisterThreadTerminatePort
00BC  0008:80580780  params=02  ntoskrnl!RvNtReleaseMutant
00BD  0008:80575F2F  params=03  ntoskrnl!RvNtReleaseSemaphore
00BE  0008:8057E11F  params=05  ntoskrnl!RvNtRemoveIoCompletion
00BF  0008:8063351C  params=02  ntoskrnl!RvNtRemoveProcessDebug
00C0  0008:8062A8BB  params=02  ntoskrnl!RvNtRenameKey
00C1  0008:8062AC99  params=03  ntoskrnl!RvNtReplaceKey
00C2  0008:80596ABB  params=02  ntoskrnl!RvNtReplyPort
00C3  0008:805915B5  params=04  ntoskrnl!RvNtReplyWaitReceivePort
00C4  0008:805911D7  params=05  ntoskrnl!RvNtReplyWaitReceivePortEx
00C5  0008:80607624  params=02  ntoskrnl!RvNtReplyWaitReplyPort
00C6  0008:8060E5E2  params=01  ntoskrnl!RvNtRequestDeviceWakeup
00C7  0008:8056E775  params=02  ntoskrnl!NtRequestPort
00C8  0008:80594954  params=03  ntoskrnl!NtRequestWaitReplyPort
00C9  0008:8060E410  params=01  ntoskrnl!RvNtRequestWakeupLatency
00CA  0008:805BE5FC  params=02  ntoskrnl!RvNtResetEvent
00CB  0008:8052B13E  params=03  ntoskrnl!RvNtResetWriteWatch
00CC  0008:80629B9A  params=03  ntoskrnl!RvNtRestoreKey
00CD  0008:80610E12  params=01  ntoskrnl!RvNtResumeProcess
00CE  0008:8058F519  params=02  ntoskrnl!RvNtResumeThread
00CF  0008:80629C34  params=02  ntoskrnl!RvNtSaveKEy
00D0  0008:80629CBC  params=03  ntoskrnl!RvNtSaveKeyEx
00D1  0008:80629D80  params=03  ntoskrnl!RvNtSaveMergedKeys
00D2  0008:8058BDEC  params=09  ntoskrnl!RvNtSecureConnectPort
00D3  0008:80625E4E  params=02  ntoskrnl!RvNtSetBootEntryOrder
00D4  0008:80625E4E  params=02  ntoskrnl!RvNtSetBootOptions
00D5  0008:805BBD83  params=02  ntoskrnl!RvNtSetContextThread
00D6  0008:806346C0  params=03  ntoskrnl!RvNtSetDebugFilterState
00D7  0008:805B0894  params=01  ntoskrnl!RvNtSetDefaultHardErrorPort
00D8  0008:805B1E41  params=02  ntoskrnl!RvNtSetDefaultLocale
00D9  0008:805B1E17  params=01  ntoskrnl!RvNtSetDefaultUILanguage
00DA  0008:805FF920  params=04  ntoskrnl!NtSetEaFile
00DB  0008:805792AD  params=02  ntoskrnl!NtSetEvent
00DC  0008:8057AC09  params=01  ntoskrnl!RvNtSetEventBoostPriority
00DD  0008:806261B6  params=01  ntoskrnl!RvNtSetHighEventPair
00DE  0008:806260F6  params=01  ntoskrnl!RvNtSetHighWaitLowEventPair
00DF  0008:80633322  params=05  ntoskrnl!RvNtSetInformationDebugObject
00E0  0008:80592589  params=05  ntoskrnl!NtSetInformationFile
00E1  0008:805B9013  params=04  ntoskrnl!RvNtSetInformationJobObject
00E2  0008:8062A157  params=04  ntoskrnl!RvNtSetInformationKey
00E3  0008:8059274F  params=04  ntoskrnl!RvNtSetInformationObject
00E4  0008:80590056  params=04  ntoskrnl!NtSetInformationProcess
00E5  0008:805946BB  params=04  ntoskrnl!NtSetInformationThread
00E6  0008:805BE146  params=04  ntoskrnl!RvNtSetInformationToken
00E7  0008:80626383  params=02  ntoskrnl!RvSetIntervalProfile
00E8  0008:8057AD2B  params=05  ntoskrnl!RvNtSetIoCompletion
00E9  0008:806100A7  params=06  ntoskrnl!RvNtSetLdtEntries
00EA  0008:8062615A  params=01  ntoskrnl!RvNtSetLowEventPair
00EB  0008:80626092  params=01  ntoskrnl!RvNtSetLowWaitHighEventPair
00EC  0008:805FFC1C  params=04  ntoskrnl!NtSetQuotaInformationFile
00ED  0008:805641B0  params=03  ntoskrnl!NtSetSecurityObject
00EE  0008:80625BB6  params=02  ntoskrnl!RvNtSetSystemEnvironmentValue
00EF  0008:8062591F  params=05  ntoskrnl!RvNtSetSystemEnvironmentValueEx
00F0  0008:805779DC  params=03  ntoskrnl!RvNtSetSystemInformation
00F1  0008:80642B4C  params=03  ntoskrnl!RvNtSetSystemPowerState
00F2  0008:806251A0  params=02  ntoskrnl!RvNtSetSystemTime
00F3  0008:805BFB9F  params=02  ntoskrnl!RvNtSetThreadExecutionState
00F4  0008:804E911C  params=07  ntoskrnl!RvNtSetTimer
00F5  0008:805C6337  params=03  ntoskrnl!RvNtSetTimerResolution
00F6  0008:805B4F94  params=01  ntoskrnl!RvNtSetUuidSeed
00F7  0008:805722DC  params=06  ntoskrnl!RvNtSetValueKey
00F8  0008:80600110  params=05  ntoskrnl!NtSetVolumeInformationFile
00F9  0008:80624BFD  params=01  ntoskrnl!NtShutdownSystem
00FA  0008:8052C1C8  params=04  ntoskrnl!RvNtSignalAndWaitForSingleObject
00FB  0008:806265BE  params=01  ntoskrnl!RvNtStartProfile
00FC  0008:80626762  params=01  ntoskrnl!RvNtStopProfile
00FD  0008:80610DC3  params=01  ntoskrnl!RvNtSuspendProcess
00FE  0008:805C1DD7  params=02  ntoskrnl!RvNtSuspendThread
00FF  0008:8062688D  params=06  ntoskrnl!RvNtSystemDebugControl
0100  0008:806116D6  params=02  ntoskrnl!RvNtTerminateJobObject
0101  0008:80591C32  params=02  ntoskrnl!RvNtTerminateProcess
0102  0008:80595B6B  params=02  ntoskrnl!RvNtTerminateThread
0103  0008:8058ED09  params=00  ntoskrnl!RvNtTestAlert
0104  0008:80532574  params=04  ntoskrnl!NtTraceEvent
0105  0008:8062592F  params=04  ntoskrnl!RvNtTranslateFilePath
0106  0008:80601DF6  params=01  ntoskrnl!RvNtUnloadDriver
0107  0008:80629E33  params=01  ntoskrnl!RvNtUnloadKEy
0108  0008:80629FAA  params=02  ntoskrnl!RvNtUnloadKeyEx
0109  0008:8056FE48  params=05  ntoskrnl!NtUnlockFile
010A  0008:805C06B7  params=04  ntoskrnl!RvNtUnlockVirtualMemory
010B  0008:80587EE7  params=02  ntoskrnl!RvNtUnmapViewOfSection
010C  0008:805AFF36  params=02  ntoskrnl!NtVdmControl
010D  0008:805BCC89  params=04  ntoskrnl!RvNtWaitForDebugEvent
010E  0008:80594462  params=05  ntoskrnl!RvNtWaitForMultipleObjects
010F  0008:80580534  params=03  ntoskrnl!NtWaitForSingleObject
0110  0008:80626036  params=01  ntoskrnl!RvNtWaitHighEventPair
0111  0008:80625FDA  params=01  ntoskrnl!RvNtWaitLowEventPair
0112  0008:8058DC04  params=09  ntoskrnl!NtWriteFile
0113  0008:805591A2  params=09  ntoskrnl!RvNtWriteFileGather
0114  0008:80576673  params=06  ntoskrnl!RvNtWriteRequestData
0115  0008:8058FF6C  params=05  ntoskrnl!RvNtWriteVirtualMemory
0116  0008:804E4635  params=00  ntoskrnl!RvNtYieldExecution
0117  0008:8059C2A4  params=04  ntoskrnl!RvNtCreateKeyedEvent
0118  0008:80590DCF  params=03  ntoskrnl!RvNtOpenKeyedEvent
0119  0008:80626C7A  params=04  ntoskrnl!RvNtReleaseKeyedEvent
011A  0008:80626F01  params=04  ntoskrnl!RvNtWaitForKeyedEvent
011B  0008:8060F675  params=00  ntoskrnl!RvNtQueryPortInformationProcess
1
Hosted by www.Geocities.ws