" ^[0-9]*[1-9][0-9]*$ " // 正整敊W?/span>
" ^((-\d+)|(0+))$ " // 非正整数Q负整数 (tng)+ (tng)0Q?/span>
" ^-[0-9]*[1-9][0-9]*$ " // 负整敊W?/span>
" ^-?\d+$ " // 整数 (tng)
" ^\d+(\.\d+)?$ " // 非负点敎ͼ正QҎ(gu) (tng)+ (tng)0Q?/span>
" ^(([0-9]+\.[0-9]*[1-9][0-9]*)|([0-9]*[1-9][0-9]*\.[0-9]+)|([0-9]*[1-9][0-9]*))$ " // 正QҎ(gu) (tng)
" ^((-\d+(\.\d+)?)|(0+(\.0+)?))$ " // 非正点敎ͼ负QҎ(gu) (tng)+ (tng)0Q?/span>
" ^(-(([0-9]+\.[0-9]*[1-9][0-9]*)|([0-9]*[1-9][0-9]*\.[0-9]+)|([0-9]*[1-9][0-9]*)))$ " // 负QҎ(gu) (tng)
" ^(-?\d+)(\.\d+)?$ " // 点敊W?/span>
" ^[A-Za-z]+$ " // ?6个英文字母组成的字符串?/span>
" ^[A-Z]+$ " // ?6个英文字母的大写l成的字W串 (tng)
" ^[a-z]+$ " // ?6个英文字母的写l成的字W串 (tng)
" ^[A-Za-z0-9]+$ " // 由数字和26个英文字母组成的字符串?/span>
" ^\w+$ " // 由数字?6个英文字母或者下划线l成的字W串 (tng)
" ^[\w-]+(\.[\w-]+)*@[\w-]+(\.[\w-]+)+$ " // email地址 (tng)
" ^[a-zA-z]+://(\w+(-\w+)*)(\.(\w+(-\w+)*))*(\?\S*)?$ " // url
/^ (d { 2 } | d { 4 } ) - (( 0 ([ 1 - 9 ] { 1 } )) | ( 1 [ 1 | 2 ])) - (([ 0 - 2 ]([ 1 - 9 ] { 1 } )) | ( 3 [ 0 | 1 ]))$ / (tng) (tng) (tng) // (tng) (tng)q???/span>
/^ (( 0 ([ 1 - 9 ] { 1 } )) | ( 1 [ 1 | 2 ])) / (([ 0 - 2 ]([ 1 - 9 ] { 1 } )) | ( 3 [ 0 | 1 ])) / (d { 2 } | d { 4 } )$ / (tng) (tng) (tng) // (tng)??q?/span>
" ^([w-.]+)@(([[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.)|(([w-]+.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(]?)$ " (tng) (tng) (tng) // Emil
" (d+-)?(d{4}-?d{7}|d{3}-?d{8}|^d{7,8})(-d+)? " (tng) (tng) (tng) (tng) (tng) // ?sh)话L(fng)
" ^(d{1,2}|1dd|2[0-4]d|25[0-5]).(d{1,2}|1dd|2[0-4]d|25[0-5]).(d{1,2}|1dd|2[0-4]d|25[0-5]).(d{1,2}|1dd|2[0-4]d|25[0-5])$ " (tng) (tng) (tng) // IP地址
(tng)
匚w中文字符的正则表辑ּQ?[\u4e00-\u9fa5]
匚w双字节字W?包括汉字在内)Q[^\x00-\xff]
匚wI的正则表辑ּQ\n[\s| ]*\r
匚wHTML标记的正则表辑ּQ?<(.*)>.*<\/\1>|<(.*) \/>/
匚w首尾I格的正则表辑ּQ?^\s*)|(\s*$)
匚wEmail地址的正则表辑ּQ\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*
匚w|址URL的正则表辑ּQ^[a-zA-z]+://(\\w+(-\\w+)*)(\\.(\\w+(-\\w+)*))*(\\?\\S*)?$
匚w帐号是否合法(字母开_(d)允许5-16字节Q允许字母数字下划线)Q^[a-zA-Z][a-zA-Z0-9_]{4,15}$
匚w国内?sh)话L(fng)Q?\d{3}-|\d{4}-)?(\d{8}|\d{7})?
匚w腾讯QQP(x)^[1-9]*[1-9][0-9]*$
下表是元字符?qing)其在正则表辑ּ上下文中的行为的一个完整列表:(x)
\ 下一个字W标Cؓ(f)一个特D字W、或一个原义字W、或一个后向引用、或一个八q制转义W?br />
^ 匚w输入字符串的开始位|。如果设|了(jin) RegExp 对象的Multiline 属性,^ 也匹?’\n??’\r?之后的位|?
$ 匚w输入字符串的l束位置。如果设|了(jin) RegExp 对象的Multiline 属性,$ 也匹?’\n??’\r?之前的位|?
* 匚w前面的子表达式零ơ或多次?
+ 匚w前面的子表达式一ơ或多次? {h(hun)?{1,}?
? 匚w前面的子表达式零ơ或一ơ? {h(hun)?{0,1}?
{n} n 是一个非负整敎ͼ匚w定的n ơ?br />
{n,} n 是一个非负整敎ͼ臛_匚wn ơ?
{n,m} m ?n 均ؓ(f)非负整数Q其中n <= m。最匹?n ơ且最多匹?m ơ。在逗号和两个数之间不能有空根{?br />
? 当该字符紧跟在Q何一个其他限制符 (*, +, ?, {n}, {n,}, {n,m}) 后面Ӟ匚w模式是非贪婪的。非贪婪模式可能少的匹配所搜烦(ch)的字W串Q而默认的贪婪模式则尽可能多的匚w所搜烦(ch)的字W串?
. 匚w?"\n" 之外的Q何单个字W。要匚w包括 ’\n?在内的Q何字W,请用象 ’[.\n]?的模式?
(pattern) 匚wpattern q获取这一匚w?
(?:pattern) 匚wpattern 但不获取匚wl果Q也是说这是一个非获取匚wQ不q行存储供以后用?
(?=pattern) 正向预查Q在M匚w pattern 的字W串开始处匚w查找字符丌Ӏ这是一个非获取匚wQ也是_(d)该匹配不需要获取供以后使用?
(?!pattern) 负向预查Q与(?=pattern)作用相反
x|y 匚w x ?y?
[xyz] 字符集合?
[^xyz] 负值字W集合?
[a-z] 字符范围Q匹配指定范围内的Q意字W?
[^a-z] 负值字W范_(d)匚wM不在指定范围内的L字符?
\b 匚w一个单词边界,也就是指单词和空格间的位|?br />
\B 匚w非单词边界?
\cx 匚w由x指明的控制字W?
\d 匚w一个数字字W。等价于 [0-9]?
\D 匚w一个非数字字符。等价于 [^0-9]?
\f 匚w一个换늬。等价于 \x0c ?\cL?
\n 匚w一个换行符。等价于 \x0a ?\cJ?
\r 匚w一个回车符。等价于 \x0d ?\cM?
\s 匚wMI白字符Q包括空根{制表符、换늬{等。等价于[ \f\n\r\t\v]?
\S 匚wM非空白字W。等价于 [^ \f\n\r\t\v]?
\t 匚w一个制表符。等价于 \x09 ?\cI?
\v 匚w一个垂直制表符。等价于 \x0b ?\cK?
\w 匚w包括下划U的M单词字符。等价于’[A-Za-z0-9_]’?
\W 匚wM非单词字W。等价于 ’[^A-Za-z0-9_]’?
\xn 匚w nQ其?n 为十六进制{义倹{十六进制{义值必Mؓ(f)定的两个数字长?br />
\num 匚w numQ其中num是一个正整数。对所获取的匹配的引用?
\n 标识一个八q制转义值或一个后向引用。如?\n 之前臛_ n 个获取的子表辑ּQ则 n 为后向引用。否则,如果 n 为八q制数字 (0-7)Q则 n Z个八q制转义倹{?
\nm 标识一个八q制转义值或一个后向引用。如?\nm 之前臛_有is preceded by at least nm 个获取得子表辑ּQ则 nm 为后向引用。如?\nm 之前臛_?n 个获取,?n Z个后跟文?m 的后向引用。如果前面的条g都不满Q若 n ?m 均ؓ(f)八进制数?(0-7)Q则 \nm 匹配八q制转义?nm?
\nml 如果 n 为八q制数字 (0-3)Q且 m ?l 均ؓ(f)八进制数?(0-7)Q则匚w八进制{义?nml?
\un 匚w nQ其?n 是一个用四个十六q制数字表示的Unicode字符?
匚w中文字符的正则表辑ּQ?[u4e00-u9fa5]
匚w双字节字W?包括汉字在内)Q[^x00-xff]
应用Q计字W串的长度(一个双字节字符长度?QASCII字符?Q?/p>
String.prototype.len=function(){return this.replace([^x00-xff]/g,"aa").length;}
匚wI的正则表辑ּQn[s| ]*r
匚wHTML标记的正则表辑ּQ?<(.*)>.*</1>|<(.*) />/
匚w首尾I格的正则表辑ּQ?^s*)|(s*$)
应用Qjavascript中没有像vbscript那样的trim函数Q我们就可以利用q个表达式来实现Q如下:(x)
String.prototype.trim = function()
{
return this.replace(/(^s*)|(s*$)/g, "");
}
利用正则表达式分解和转换IP地址Q?/p>
下面是利用正则表辑ּ匚wIP地址QƈIP地址转换成对应数值的JavascriptE序Q?/p>
function IP2V(ip)
{
re=/(d+).(d+).(d+).(d+)/g //匚wIP地址的正则表辑ּ
if(re.test(ip))
{
return RegExp.$1*Math.pow(255,3))+RegExp.$2*Math.pow(255,2))+RegExp.$3*255+RegExp.$4*1
}
else
{
throw new Error("Not a valid IP address!")
}
}
不过上面的程序如果不用正则表辑ּQ而直接用split函数来分解可能更单,E序如下Q?/p>
var ip="10.100.20.168"
ip=ip.split(".")
alert("IP值是Q?+(ip[0]*255*255*255+ip[1]*255*255+ip[2]*255+ip[3]*1))
匚wEmail地址的正则表辑ּQw+([-+.]w+)*@w+([-.]w+)*.w+([-.]w+)*
匚w|址URL的正则表辑ּQhttp://([w-]+.)+[w-]+(/[w- ./?%&=]*)?
利用正则表达式去除字串中重复的字W的法E序Q?/p>
var s="abacabefgeeii"
var s1=s.replace(/(.).*1/g,"$1")
var re=new RegExp("["+s1+"]","g")
var s2=s.replace(re,"")
alert(s1+s2) //l果为:(x)abcefgi
我原来在CSDN上发贴寻求一个表辑ּ来实现去除重复字W的Ҏ(gu)Q最l没有找刎ͼq是我能惛_的最单的实现Ҏ(gu)。思\是用后向引用取出包括重复的字符Q再以重复的字符建立W二个表辑ּQ取C重复的字W,两者串q。这个方法对于字W顺序有要求的字W串可能不适用?/p>
得用正则表达式从URL地址中提取文件名的javascriptE序Q如下结果ؓ(f)page1
s="http://www.9499.net/page1.htm"
s=s.replace(/(.*/){0,}([^.]+).*/ig,"$2")
alert(s)
利用正则表达式限制网表单里的文本框输入内容Q?/p>
用正则表辑ּ限制只能输入中文Qonkeyup="value=value.replace(/[^u4E00-u9FA5]/g,'')" onbeforepaste="clipboardData.setData('text',clipboardData.getData('text').replace(/[^u4E00-u9FA5]/g,''))"
用正则表辑ּ限制只能输入全角字符Q?onkeyup="value=value.replace(/[^uFF00-uFFFF]/g,'')" onbeforepaste="clipboardData.setData('text',clipboardData.getData('text').replace(/[^uFF00-uFFFF]/g,''))"
用正则表辑ּ限制只能输入数字Qonkeyup="value=value.replace(/[^d]/g,'') "onbeforepaste="clipboardData.setData('text',clipboardData.getData('text').replace(/[^d]/g,''))"
用正则表辑ּ限制只能输入数字和英文:(x)onkeyup="value=value.replace(/[W]/g,'') "onbeforepaste="clipboardData.setData('text',clipboardData.getData('text').replace(/[^d]/g,''))"
MAIL: whg0001@163.com
SITE: http://www.cnasm.com
VISTA 内核服务函数列表Q数?0x18E(比NT?50个系l服务函?
WIN2K3/sp1 内核服务函数列表Q数?0x127(比NT?7个系l服务函?
winxp/sp2 内核服务函数列表Q数?0x11C(比NT?6个系l服务函?
winnt/sp4 内核服务函数列表Q数?0x0F8
VISTA 内核服务函数列表Q数?18E
(此表由创ZCNASM内部pȝ分析工具3.0)
~号 (tng) 地址 (tng) (tng) (tng) (tng) 名字(参数个数)
000=806F916A:ZwAcceptConnectPort(06)
001=8050BF4F:ZwAccessCheck(08)
002=806C22BD:ZwAccessCheckAndAuditAlarm(0B)
003=804FC7EF:ZwAccessCheckByType(0B)
004=806FC1EE:ZwAccessCheckByTypeAndAuditAlarm(10)
005=805A755A:ZwAccessCheckByTypeResultList(0B)
006=80754AE5:ZwAccessCheckByTypeResultListAndAuditAlarm(10)
007=80754B2E:ZwAccessCheckByTypeResultListAndAuditAlarmByHandle(11)
008=806EC1EE:ZwAddAtom(03)
009=8076A8AE:ZwAddBootEntry(02)
00A=8076BB52:ZwAddDriverEntry(02)
00B=8065A1D6:ZwAdjustGroupsToken(06)
00C=806CEAE0:ZwAdjustPrivilegesToken(06)
00D=80745CBB:ZwAlertResumeThread(02)
00E=80745C63:ZwAlertThread(01)
00F=80675E5F:ZwAllocateLocallyUniqueId(01)
010=807374F3:ZwAllocateUserPhysicalPages(03)
011=80683D62:ZwAllocateUuids(04)
012=806A1748:ZwAllocateVirtualMemory(06)
013=806BE30D:ZwAlpcAcceptConnectPort(09)
014=80649F47:ZwAlpcCancelMessage(03)
015=806BD3FA:ZwAlpcConnectPort(0B)
016=8067E7B7:ZwAlpcCreatePort(03)
017=80681EB3:ZwAlpcCreatePortSection(06)
018=8066CF5C:ZwAlpcCreateResourceReserve(04)
019=80681C83:ZwAlpcCreateSectionView(03)
01A=806F13E6:ZwAlpcCreateSecurityContext(03)
01B=8068204D:ZwAlpcDeletePortSection(03)
01C=807303B0:ZwAlpcDeleteResourceReserve(03)
01D=80669528:ZwAlpcDeleteSectionView(03)
01E=806FC50C:ZwAlpcDeleteSecurityContext(03)
01F=8066A340:ZwAlpcDisconnectPort(02)
020=806C2115:ZwAlpcImpersonateClientOfPort(03)
021=807319F4:ZwAlpcOpenSenderProcess(06)
022=80731FA5:ZwAlpcOpenSenderThread(06)
023=80680670:ZwAlpcQueryInformation(05)
024=806C1D9E:ZwAlpcQueryInformationMessage(06)
025=807304D0:ZwAlpcRevokeSecurityContext(03)
026=806BD62B:ZwAlpcSendWaitReceivePort(08)
027=80676164:ZwAlpcSetInformation(04)
028=806EB6F1:ZwApphelpCacheControl(02)
029=80639B60:ZwAreMappedFilesTheSame(02)
02A=806864B8:ZwAssignProcessToJobObject(02)
02B=8052EC4C:ZwCallbackReturn(03)
02C=80740445:ZwCancelDeviceWakeupRequest(01)
02D=8065C0D7:ZwCancelIoFile(02)
02E=804FC825:ZwCancelTimer(02)
02F=806FA8C4:ZwClearEvent(01)
030=806B49C8:ZwClose(01)
031=806FC113:ZwCloseObjectAuditAlarm(03)
032=807013EF:ZwCompactKeys(02)
033=806818A6:ZwCompareTokens(03)
034=806F91E7:ZwCompleteConnectPort(01)
035=80701679:ZwCompressKey(01)
036=806F913D:ZwConnectPort(08)
037=80521E28:ZwContinue(02)
038=80713026:ZwCreateDebugObject(04)
039=8063BD44:ZwCreateDirectoryObject(03)
03A=806DFD23:ZwCreateEvent(05)
03B=8076F22D:ZwCreateEventPair(03)
03C=806F07D5:ZwCreateFile(0B)
03D=806EAB47:ZwCreateIoCompletion(04)
03E=80688AE4:ZwCreateJobObject(03)
03F=807479DB:ZwCreateJobSet(03)
040=8067174A:ZwCreateKey(07)
041=806FF0EE:ZwCreateKeyTransacted(08)
042=8066D58B:ZwCreateMailslotFile(08)
043=806EE6C7:ZwCreateMutant(04)
044=806E4562:ZwCreateNamedPipeFile(0E)
045=8062E5B5:ZwCreatePrivateNamespace(04)
046=8061A905:ZwCreatePagingFile(04)
047=8063F197:ZwCreatePort(05)
048=80743BA4:ZwCreateProcess(08)
049=80743BEF:ZwCreateProcessEx(09)
04A=8076F8B7:ZwCreateProfile(09)
04B=806DB493:ZwCreateSection(07)
04C=806EAC4E:ZwCreateSemaphore(05)
04D=80643DFB:ZwCreateSymbolicLinkObject(04)
04E=807439E3:ZwCreateThread(08)
04F=806735C1:ZwCreateTimer(04)
050=8066C6C7:ZwCreateToken(0D)
051=80650684:ZwCreateTransaction(0A)
052=80619645:ZwOpenTransaction(05)
053=807576FA:ZwQueryInformationTransaction(05)
054=80619DFE:ZwQueryInformationTransactionManager(05)
055=8075827C:ZwPrePrepareEnlistment(02)
056=807581BB:ZwPrepareEnlistment(02)
057=8075833D:ZwCommitEnlistment(02)
058=807587D4:ZwReadOnlyEnlistment(02)
059=80758893:ZwRollbackComplete(02)
05A=807583FE:ZwRollbackEnlistment(02)
05B=80654BFE:ZwCommitTransaction(02)
05C=80757C10:ZwRollbackTransaction(02)
05D=80758580:ZwPrePrepareComplete(02)
05E=807584BF:ZwPrepareComplete(02)
05F=80758641:ZwCommitComplete(02)
060=80758715:ZwSinglePhaseReject(02)
061=80757C79:ZwSetInformationTransaction(04)
062=80759183:ZwSetInformationTransactionManager(04)
063=80758CA8:ZwSetInformationResourceManager(04)
064=80618C17:ZwCreateTransactionManager(06)
065=80758E49:ZwOpenTransactionManager(06)
066=807590B8:ZwRollforwardTransactionManager(02)
067=80757DDB:ZwRecoverEnlistment(02)
068=80619C40:ZwRecoverResourceManager(01)
069=806194A6:ZwRecoverTransactionManager(01)
06A=8064CE7F:ZwCreateResourceManager(07)
06B=8061C2C7:ZwOpenResourceManager(05)
06C=80758964:ZwGetNotificationResourceManager(07)
06D=80758A79:ZwQueryInformationResourceManager(05)
06E=80650B7D:ZwCreateEnlistment(08)
06F=8061C46C:ZwOpenEnlistment(05)
070=8075801E:ZwSetInformationEnlistment(04)
071=80757E37:ZwQueryInformationEnlistment(05)
072=807576E2:ZwStartTm(00)
073=8062EC94:ZwCreateWaitablePort(05)
074=80713DEC:ZwDebugActiveProcess(02)
075=80714444:ZwDebugContinue(03)
076=806FBB9F:ZwDelayExecution(02)
077=80682E51:ZwDeleteAtom(01)
078=8076A8DF:ZwDeleteBootEntry(01)
079=8076BB83:ZwDeleteDriverEntry(01)
07A=8063B3D5:ZwDeleteFile(01)
07B=8066FF07:ZwDeleteKey(01)
07C=8073C33B:ZwDeletePrivateNamespace(01)
07D=80754B85:ZwDeleteObjectAuditAlarm(03)
07E=806727F4:ZwDeleteValueKey(02)
07F=806F8B00:ZwDeviceIoControlFile(0A)
080=8061A244:ZwDisplayString(01)
081=806EAA00:ZwDuplicateObject(07)
082=806929B0:ZwDuplicateToken(06)
083=8076AAE0:ZwEnumerateBootEntries(02)
084=8076BD82:ZwEnumerateDriverEntries(02)
085=806C8DEC:ZwEnumerateKey(06)
086=8076A6AF:ZwEnumerateSystemEnvironmentValuesEx(03)
087=805A7AAB:ZwEnumerateTransactionObject(05)
088=806E4F6A:ZwEnumerateValueKey(06)
089=80734D53:ZwExtendSection(02)
08A=806741C5:ZwFilterToken(06)
08B=8067467C:ZwFindAtom(03)
08C=806E1B7F:ZwFlushBuffersFile(02)
08D=806810EC:ZwFlushInstructionCache(03)
08E=80643BE3:ZwFlushKey(01)
08F=804FA390:ZwFlushProcessWriteBuffers(00)
090=806DD24E:ZwFlushVirtualMemory(04)
091=807384F8:ZwFlushWriteBuffer(00)
092=80737C22:ZwFreeUserPhysicalPages(03)
093=8054F833:ZwFreeVirtualMemory(04)
094=8057BFC4:ZwFreezeRegistry(01)
095=805A7CB3:ZwFreezeTransactions(02)
096=80690B5D:ZwFsControlFile(0A)
097=806FD78A:ZwGetContextThread(02)
098=80740477:ZwGetDevicePowerState(02)
099=806600F1:ZwGetNlsSectionPtr(05)
09A=806790CC:ZwGetPlugPlayEvent(04)
09B=80595BA0:ZwGetWriteWatch(07)
09C=8068052D:ZwImpersonateAnonymousToken(01)
09D=806FAC56:ZwImpersonateClientOfPort(02)
09E=8068786C:ZwImpersonateThread(03)
09F=806F19D4:ZwInitializeNlsFiles(03)
0A0=8063B2D1:ZwInitializeRegistry(01)
0A1=80740250:ZwInitiatePowerAction(04)
0A2=806EBA10:ZwIsProcessInJob(02)
0A3=8074045B:ZwIsSystemResumeAutomatic(00)
0A4=8062E024:ZwListenPort(02)
0A5=8062DB81:ZwLoadDriver(01)
0A6=8064FEE1:ZwLoadKey(02)
0A7=806FFCB3:ZwLoadKey2(03)
0A8=8064F4E0:ZwLoadKeyEx(08)
0A9=806DE1AD:ZwLockFile(0A)
0AA=806621E3:ZwLockProductActivationKeys(02)
0AB=8060823D:ZwLockRegistryKey(01)
0AC=804EFE25:ZwLockVirtualMemory(04)
0AD=80644800:ZwMakePermanentObject(01)
0AE=80643B7E:ZwMakeTemporaryObject(01)
0AF=80736A1D:ZwMapUserPhysicalPages(03)
0B0=80736EDF:ZwMapUserPhysicalPagesScatter(03)
0B1=806E284C:ZwMapViewOfSection(0A)
0B2=8076AAAF:ZwModifyBootEntry(01)
0B3=8076BD53:ZwModifyDriverEntry(01)
0B4=80667AF9:ZwNotifyChangeDirectoryFile(09)
0B5=8069280F:ZwNotifyChangeKey(0A)
0B6=80691C84:ZwNotifyChangeMultipleKeys(0C)
0B7=806C231E:ZwOpenDirectoryObject(03)
0B8=806E51E4:ZwOpenEvent(03)
0B9=8076F363:ZwOpenEventPair(03)
0BA=806EFADB:ZwOpenFile(06)
0BB=8071CDC3:ZwOpenIoCompletion(03)
0BC=80747687:ZwOpenJobObject(03)
0BD=806FD826:ZwOpenKey(03)
0BE=806FF4EF:ZwOpenKeyTransacted(04)
0BF=8067F7D4:ZwOpenMutant(03)
0C0=8066118D:ZwOpenPrivateNamespace(04)
0C1=8066D9AB:ZwOpenObjectAuditAlarm(0C)
0C2=806C25EC:ZwOpenProcess(04)
0C3=806F8B33:ZwOpenProcessToken(03)
0C4=806F3C7A:ZwOpenProcessTokenEx(04)
0C5=806F2C6C:ZwOpenSection(03)
0C6=806896D5:ZwOpenSemaphore(03)
0C7=80624549:ZwOpenSession(03)
0C8=806E4648:ZwOpenSymbolicLinkObject(03)
0C9=806E268C:ZwOpenThread(04)
0CA=806C0A2D:ZwOpenThreadToken(04)
0CB=806AF2F0:ZwOpenThreadTokenEx(05)
0CC=8076EFDC:ZwOpenTimer(03)
0CD=8067FFC1:ZwPlugPlayControl(03)
0CE=806DFE47:ZwPowerInformation(05)
0CF=8066F689:ZwPrivilegeCheck(03)
0D0=8062EA76:ZwPrivilegeObjectAuditAlarm(06)
0D1=8066A406:ZwPrivilegedServiceAuditAlarm(05)
0D2=806E2035:ZwProtectVirtualMemory(05)
0D3=8062F68E:ZwPulseEvent(02)
0D4=806F77B5:ZwQueryAttributesFile(02)
0D5=8076AF91:ZwQueryBootEntryOrder(02)
0D6=8076B3ED:ZwQueryBootOptions(02)
0D7=80546C18:ZwQueryDebugFilterState(02)
0D8=806EA3C3:ZwQueryDefaultLocale(02)
0D9=8063C3D0:ZwQueryDefaultUILanguage(01)
0DA=806F1DB9:ZwQueryDirectoryFile(0B)
0DB=80687439:ZwQueryDirectoryObject(07)
0DC=8076B903:ZwQueryDriverEntryOrder(02)
0DD=806154CA:ZwQueryEaFile(09)
0DE=80670195:ZwQueryEvent(05)
0DF=806FBC44:ZwQueryFullAttributesFile(02)
0E0=8065F224:ZwQueryInformationAtom(05)
0E1=806CA188:ZwQueryInformationFile(05)
0E2=80642CFA:ZwQueryInformationJobObject(05)
0E3=8072D839:ZwQueryInformationPort(05)
0E4=806AFB39:ZwQueryInformationProcess(05)
0E5=806CC3FD:ZwQueryInformationThread(05)
0E6=806F4F20:ZwQueryInformationToken(05)
0E7=806EE2ED:ZwQueryInstallUILanguage(01)
0E8=8076FDAB:ZwQueryIntervalProfile(02)
0E9=8071CE9A:ZwQueryIoCompletion(05)
0EA=806CE69C:ZwQueryKey(05)
0EB=8070094D:ZwQueryMultipleValueKey(06)
0EC=8076F6B2:ZwQueryMutant(05)
0ED=806DEF4E:ZwQueryObject(05)
0EE=80700BA9:ZwQueryOpenSubKeys(02)
0EF=80700E2F:ZwQueryOpenSubKeysEx(04)
0F0=806BAD12:ZwQueryPerformanceCounter(02)
0F1=8071E57F:ZwQueryQuotaInformationFile(09)
0F2=8065F631:ZwQuerySection(05)
0F3=806EC0CD:ZwQuerySecurityObject(05)
0F4=80768E0C:ZwQuerySemaphore(05)
0F5=806E75B7:ZwQuerySymbolicLinkObject(03)
0F6=80769AD7:ZwQuerySystemEnvironmentValue(04)
0F7=8076A0E5:ZwQuerySystemEnvironmentValueEx(05)
0F8=806A5A70:ZwQuerySystemInformation(04)
0F9=806BE61E:ZwQuerySystemTime(01)
0FA=8076F0AF:ZwQueryTimer(05)
0FB=8068AE96:ZwQueryTimerResolution(03)
0FC=806EF018:ZwQueryValueKey(06)
0FD=806D1122:ZwQueryVirtualMemory(06)
0FE=806D1E9D:ZwQueryVolumeInformationFile(05)
0FF=80680479:ZwQueueApcThread(05)
100=80521E70:ZwRaiseException(03)
101=8065EB2B:ZwRaiseHardError(06)
102=806B8330:ZwReadFile(09)
103=80666B3B:ZwReadFileScatter(09)
104=806FB0F9:ZwReadRequestData(06)
105=806EAE97:ZwReadVirtualMemory(05)
106=8074537F:ZwRegisterThreadTerminatePort(01)
107=806E26D1:ZwReleaseMutant(02)
108=806FAA76:ZwReleaseSemaphore(03)
109=806C0A4E:ZwRemoveIoCompletion(05)
10A=80713F37:ZwRemoveProcessDebug(02)
10B=8070116F:ZwRenameKey(02)
10C=80700822:ZwReplaceKey(03)
10D=806C0EFA:ZwReplyPort(02)
10E=806B962E:ZwReplyWaitReceivePort(04)
10F=806B94DD:ZwReplyWaitReceivePortEx(05)
110=8072D9FF:ZwReplyWaitReplyPort(02)
111=80740445:ZwRequestDeviceWakeup(01)
112=80664BBB:ZwRequestPort(02)
113=806BFCC1:ZwRequestWaitReplyPort(03)
114=807401F3:ZwRequestWakeupLatency(01)
115=806EE88F:ZwResetEvent(02)
116=8059641F:ZwResetWriteWatch(03)
117=806FF7C7:ZwRestoreKey(03)
118=80745C05:ZwResumeProcess(01)
119=806E21CA:ZwResumeThread(02)
11A=806FF8E7:ZwSaveKey(02)
11B=806FF9EE:ZwSaveKeyEx(03)
11C=806FFB3B:ZwSaveMergedKeys(03)
11D=80758702:ZwClearSavepointTransaction(02)
11E=80740445:ZwClearAllSavepointsTransaction(01)
11F=80758702:ZwRollbackSavepointTransaction(02)
120=80757BF7:ZwSavepointTransaction(03)
121=80758702:ZwSavepointComplete(02)
122=806F8B53:ZwSecureConnectPort(09)
123=8076B1E0:ZwSetBootEntryOrder(02)
124=8076B6E2:ZwSetBootOptions(02)
125=80744D5F:ZwSetContextThread(02)
126=806052B0:ZwSetDebugFilterState(03)
127=80622B53:ZwSetDefaultHardErrorPort(01)
128=8063BF7E:ZwSetDefaultLocale(02)
129=8063CB25:ZwSetDefaultUILanguage(01)
12A=8076C193:ZwSetDriverEntryOrder(02)
12B=8071DFCA:ZwSetEaFile(04)
12C=806BC7D1:ZwSetEvent(02)
12D=80768AD3:ZwSetEventBoostPriority(01)
12E=8076F643:ZwSetHighEventPair(01)
12F=8076F575:ZwSetHighWaitLowEventPair(01)
130=807145A7:ZwSetInformationDebugObject(05)
131=806D7925:ZwSetInformationFile(05)
132=80687E53:ZwSetInformationJobObject(04)
133=807003BF:ZwSetInformationKey(04)
134=806D2379:ZwSetInformationObject(04)
135=806A981A:ZwSetInformationProcess(04)
136=806B774C:ZwSetInformationThread(04)
137=806F95E6:ZwSetInformationToken(04)
138=8076FD86:ZwSetIntervalProfile(02)
139=806D1960:ZwSetIoCompletion(05)
13A=8074733D:ZwSetLdtEntries(06)
13B=8076F5E0:ZwSetLowEventPair(01)
13C=8076F50A:ZwSetLowWaitHighEventPair(01)
13D=8071EBD1:ZwSetQuotaInformationFile(04)
13E=806870F9:ZwSetSecurityObject(03)
13F=80769DE3:ZwSetSystemEnvironmentValue(02)
140=8076A40B:ZwSetSystemEnvironmentValueEx(05)
141=806CF91F:ZwSetSystemInformation(03)
142=80795848:ZwSetSystemPowerState(03)
143=807656F9:ZwSetSystemTime(02)
144=806642FE:ZwSetThreadExecutionState(02)
145=8054C8BB:ZwSetTimer(07)
146=8065D538:ZwSetTimerResolution(03)
147=80625529:ZwSetUuidSeed(01)
148=8068B066:ZwSetValueKey(06)
149=8071EBEB:ZwSetVolumeInformationFile(05)
14A=80765661:ZwShutdownSystem(01)
14B=804F1872:ZwSignalAndWaitForSingleObject(04)
14C=8076FAF6:ZwStartProfile(01)
14D=8076FCC5:ZwStopProfile(01)
14E=80745BA7:ZwSuspendProcess(01)
14F=806FD6A6:ZwSuspendThread(02)
150=8076FE70:ZwSystemDebugControl(06)
151=8065FBA9:ZwTerminateJobObject(02)
152=80690B90:ZwTerminateProcess(02)
153=8068F89A:ZwTerminateThread(02)
154=806E1D94:ZwTestAlert(00)
155=8057C027:ZwThawRegistry(00)
156=805A7D9A:ZwThawTransactions(00)
157=80558C15:ZwTraceEvent(04)
158=806E9AF7:ZwTraceControl(06)
159=8076C39F:ZwTranslateFilePath(04)
15A=8071F695:ZwUnloadDriver(01)
15B=80658B3D:ZwUnloadKey(01)
15C=80658515:ZwUnloadKey2(02)
15D=806FFCF4:ZwUnloadKeyEx(02)
15E=806E4118:ZwUnlockFile(05)
15F=80501C6A:ZwUnlockVirtualMemory(04)
160=806E4702:ZwUnmapViewOfSection(02)
161=8075B92A:ZwVdmControl(02)
162=80714183:ZwWaitForDebugEvent(04)
163=806BA75B:ZwWaitForMultipleObjects(05)
164=806B6BD4:ZwWaitForSingleObject(03)
165=8076F4A1:ZwWaitHighEventPair(01)
166=8076F438:ZwWaitLowEventPair(01)
167=806D349A:ZwWriteFile(09)
168=806664F6:ZwWriteFileGather(09)
169=806EE969:ZwWriteRequestData(06)
16A=806CEFC2:ZwWriteVirtualMemory(05)
16B=804FFB10:ZwYieldExecution(00)
16C=80675BCB:ZwCreateKeyedEvent(04)
16D=80770269:ZwOpenKeyedEvent(03)
16E=806C859E:ZwReleaseKeyedEvent(04)
16F=806C8880:ZwWaitForKeyedEvent(04)
170=80744986:ZwQueryPortInformationProcess(00)
171=806FD817:ZwGetCurrentProcessorNumber(00)
172=8073B9BF:ZwWaitForMultipleObjects32(05)
173=80745EF0:ZwGetNextProcess(05) //惛_是个好函?br />174=8074615D:ZwGetNextThread(06) (tng) //惛_是个好函?/font>
175=8071D021:ZwCancelIoFileEx(03)
176=8071D15E:ZwCancelSynchronousIoFile(03)
177=806EB38C:ZwRemoveIoCompletionEx(06)
178=805A8077:ZwRegisterProtocolAddressInformation(05)
179=805A8086:ZwPullTransaction(07)
17A=805A80AF:ZwMarshallTransaction(06)
17B=8057EB07:ZwPropagationComplete(04)
17C=805A809B:ZwPropagationFailed(03)
17D=80675EEB:ZwCreateWorkerFactory(0A)
17E=8054C43C:ZwReleaseWorkerFactoryWorker(01)
17F=8054C0D0:ZwWaitForWorkViaWorkerFactory(02)
180=804F6D60:ZwSetInformationWorkerFactory(04)
181=805AF4ED:ZwQueryInformationWorkerFactory(05)
182=80578126:ZwWorkerFactoryWorkerReady(01)
183=80644918:ZwShutdownWorkerFactory(02)
184=806DC1B9:ZwCreateThreadEx(0B)
185=806E8F2A:ZwCreateUserProcess(0B)
186=806ED0CB:ZwQueryLicenseValue(05)
187=806D8B2C:ZwMapCMFModule(06)
188=80757BF7:ZwListTransactions(03)
189=807712D3:ZwIsUILanguageComitted(00)
18A=807712F3:ZwFlushInstallUILanguage(02)
18B=80770EFF:ZwGetMUIRegistryInfo(03)
18C=8077039E:ZwAcquireCMFViewOwnership(03)
18D=80770567:ZwReleaseCMFViewOwnership
WIN2003 SP1 内核服务函数列表Q数?127(此表由创ZCNASM内部pȝ分析工具3.0)
000=8058FDCE:ZwAcceptConnectPort
001=80598B7E:ZwAccessCheck
002=805996CE:ZwAccessCheckAndAuditAlarm
003=805AABB7:ZwAccessCheckByType
004=8059B68A:ZwAccessCheckByTypeAndAuditAlarm
005=8065A705:ZwAccessCheckByTypeResultList
006=8065C9B2:ZwAccessCheckByTypeResultListAndAuditAlarm
007=8065C9F5:ZwAccessCheckByTypeResultListAndAuditAlarmByHandle
008=8059FC4F:ZwAddAtom
009=80669A5C:ZwAddBootEntry
00A=80669A5C:ZwAddDriverEntry
00B=8065A1E2:ZwAdjustGroupsToken
00C=80599836:ZwAdjustPrivilegesToken
00D=8065304B:ZwAlertResumeThread
00E=805991EA:ZwAlertThread
00F=8059B6CC:ZwAllocateLocallyUniqueId
010=80649EB9:ZwAllocateUserPhysicalPages
011=805A90DC:ZwAllocateUuids
012=80585188:ZwAllocateVirtualMemory
013=80591AFF:ZwApphelpCacheControl
014=805EB2FB:ZwAreMappedFilesTheSame
015=805ACE6F:ZwAssignProcessToJobObject
016=804EDBCC:ZwCallbackReturn
017=80669A4F:ZwCancelDeviceWakeupRequest
018=805ED49D:ZwCancelIoFile
019=804F9445:ZwCancelTimer
01A=8058E43A:ZwClearEvent
01B=805788AC:ZwClose
01C=80598EEA:ZwCloseObjectAuditAlarm
01D=80628F6F:ZwCompactKeys
01E=8065D8FF:ZwCompareTokens
01F=8058FC82:ZwCompleteConnectPort
020=806291D6:ZwCompressKey
021=8058E55A:ZwConnectPort
022=804ED14B:ZwContinue
023=805B2B1E:ZwCreateDebugObject
024=805ACBAF:ZwCreateDirectoryObject
025=8057A522:ZwCreateEvent
026=8066A009:ZwCreateEventPair
027=8057B0CB:ZwCreateFile
028=805A15AB:ZwCreateIoCompletion
029=805E29EB:ZwCreateJobObject
02A=80653805:ZwCreateJobSet
02B=80594A39:ZwCreateKey
02C=805F425D:ZwCreateMailslotFile
02D=805883A1:ZwCreateMutant
02E=80591416:ZwCreateNamedPipeFile
02F=805CAE1E:ZwCreatePagingFile
030=805A52A4:ZwCreatePort
031=805BF684:ZwCreateProcess
032=80590FE3:ZwCreateProcessEx
033=8066A5B7:ZwCreateProfile
034=80575ECA:ZwCreateSection
035=8059CFA9:ZwCreateSemaphore
036=805AD548:ZwCreateSymbolicLinkObject
037=8058A254:ZwCreateThread
038=805A4688:ZwCreateTimer
039=805A82A4:ZwCreateToken
03A=805BE212:ZwCreateWaitablePort
03B=805B32C1:ZwDebugActiveProcess
03C=805B37DC:ZwDebugContinue
03D=80576C08:ZwDelayExecution
03E=8059CB90:ZwDeleteAtom
03F=80669A4F:ZwDeleteBootEntry
040=80669A4F:ZwDeleteDriverEntry
041=805B9979:ZwDeleteFile
042=805EEA87:ZwDeleteKey
043=8065CA3A:ZwDeleteObjectAuditAlarm
044=805A40D4:ZwDeleteValueKey
045=80588F5E:ZwDeviceIoControlFile
046=805CBF0B:ZwDisplayString
047=8058251E:ZwDuplicateObject
048=8059EC7C:ZwDuplicateToken
049=80669A5C:ZwEnumerateBootEntries
04A=80669A5C:ZwEnumerateDriverEntries
04B=8059C085:ZwEnumerateKey
04C=80669A42:ZwEnumerateSystemEnvironmentValuesEx
04D=8059F849:ZwEnumerateValueKey
04E=805AE037:ZwExtendSection
04F=805E61D5:ZwFilterToken
050=805A001A:ZwFindAtom
051=805940A7:ZwFlushBuffersFile
052=8058C8B5:ZwFlushInstructionCache
053=805E915B:ZwFlushKey
054=805A330D:ZwFlushVirtualMemory
055=8064AB20:ZwFlushWriteBuffer
056=8064A52A:ZwFreeUserPhysicalPages
057=8057D2BF:ZwFreeVirtualMemory
058=80581504:ZwFsControlFile
059=805EA674:ZwGetContextThread
05A=8064FE05:ZwGetDevicePowerState
05B=805EACCB:ZwGetPlugPlayEvent
05C=80546EC4:ZwGetWriteWatch
05D=805F32E2:ZwImpersonateAnonymousToken
05E=80599FDF:ZwImpersonateClientOfPort
05F=8059D9C8:ZwImpersonateThread
060=805B97C8:ZwInitializeRegistry
061=8064FC59:ZwInitiatePowerAction
062=80590C31:ZwIsProcessInJob
063=8064FDF2:ZwIsSystemResumeAutomatic
064=805BE19C:ZwListenPort
065=805BBDFE:ZwLoadDriver
066=805B4D8F:ZwLoadKey
067=8062958C:ZwLoadKey2
068=805B6A6C:ZwLoadKeyEx
069=805A4342:ZwLockFile
06A=805E6EAA:ZwLockProductActivationKeys
06B=805E0064:ZwLockRegistryKey
06C=805E6A65:ZwLockVirtualMemory
06D=805AD8BA:ZwMakePermanentObject
06E=805ADB05:ZwMakeTemporaryObject
06F=80649392:ZwMapUserPhysicalPages
070=80649859:ZwMapUserPhysicalPagesScatter
071=8058B905:ZwMapViewOfSection
072=80669A4F:ZwModifyBootEntry
073=80669A4F:ZwModifyDriverEntry
074=805F159D:ZwNotifyChangeDirectoryFile
075=8059BF1C:ZwNotifyChangeKey
076=8059BD2D:ZwNotifyChangeMultipleKeys
077=80590F66:ZwOpenDirectoryObject
078=8059B615:ZwOpenEvent
079=8066A0F4:ZwOpenEventPair
07A=8057B09D:ZwOpenFile
07B=80636E03:ZwOpenIoCompletion
07C=805B18B0:ZwOpenJobObject
07D=8057AD88:ZwOpenKey
07E=80588508:ZwOpenMutant
07F=805EF885:ZwOpenObjectAuditAlarm
080=80595613:ZwOpenProcess
081=80580110:ZwOpenProcessToken
082=80580816:ZwOpenProcessTokenEx
083=8058C94B:ZwOpenSection
084=805B5152:ZwOpenSemaphore
085=80590A10:ZwOpenSymbolicLinkObject
086=805A4A8C:ZwOpenThread
087=80581976:ZwOpenThreadToken
088=805818E5:ZwOpenThreadTokenEx
089=805ED40F:ZwOpenTimer
08A=805A44A2:ZwPlugPlayControl
08B=805B0364:ZwPowerInformation
08C=805A4C28:ZwPrivilegeCheck
08D=805E68CE:ZwPrivilegeObjectAuditAlarm
08E=805A9BF0:ZwPrivilegedServiceAuditAlarm
08F=80586A67:ZwProtectVirtualMemory
090=805A1752:ZwPulseEvent
091=80587755:ZwQueryAttributesFile
092=80669A5C:ZwQueryBootEntryOrder
093=80669A5C:ZwQueryBootOptions
094=8050AC75:ZwQueryDebugFilterState
095=80581FD5:ZwQueryDefaultLocale
096=80589C53:ZwQueryDefaultUILanguage
097=8058931C:ZwQueryDirectoryFile
098=80597D65:ZwQueryDirectoryObject
099=80669A5C:ZwQueryDriverEntryOrder
09A=80637410:ZwQueryEaFile
09B=805A4D89:ZwQueryEvent
09C=8059D735:ZwQueryFullAttributesFile
09D=805EFFFE:ZwQueryInformationAtom
09E=805872CF:ZwQueryInformationFile
09F=805B15AB:ZwQueryInformationJobObject
0A0=80646A66:ZwQueryInformationPort
0A1=80581DEA:ZwQueryInformationProcess
0A2=80578DC6:ZwQueryInformationThread
0A3=80580718:ZwQueryInformationToken
0A4=8059F58C:ZwQueryInstallUILanguage
0A5=8066AA4E:ZwQueryIntervalProfile
0A6=80636EBC:ZwQueryIoCompletion
0A7=80582C31:ZwQueryKey
0A8=80628765:ZwQueryMultipleValueKey
0A9=8066A412:ZwQueryMutant
0AA=805F3CAD:ZwQueryObject
0AB=80628953:ZwQueryOpenSubKeys
0AC=80628B89:ZwQueryOpenSubKeysEx
0AD=8058159E:ZwQueryPerformanceCounter
0AE=80637C9D:ZwQueryQuotaInformationFile
0AF=8058879A:ZwQuerySection
0B0=8059B7E7:ZwQuerySecurityObject
0B1=80669325:ZwQuerySemaphore
0B2=80590816:ZwQuerySymbolicLinkObject
0B3=80669A76:ZwQuerySystemEnvironmentValue
0B4=80669A35:ZwQuerySystemEnvironmentValueEx
0B5=8057EBE2:ZwQuerySystemInformation
0B6=80599E57:ZwQuerySystemTime
0B7=8058E677:ZwQueryTimer
0B8=805A0436:ZwQueryTimerResolution
0B9=80579D61:ZwQueryValueKey
0BA=80584264:ZwQueryVirtualMemory
0BB=8057B60D:ZwQueryVolumeInformationFile
0BC=8058E78E:ZwQueueApcThread
0BD=804ED198:ZwRaiseException
0BE=80669075:ZwRaiseHardError
0BF=8057F886:ZwReadFile
0C0=805B0B82:ZwReadFileScatter
0C1=8059A59D:ZwReadRequestData
0C2=805881E0:ZwReadVirtualMemory
0C3=8058A402:ZwRegisterThreadTerminatePort
0C4=80576B77:ZwReleaseMutant
0C5=8059AEB5:ZwReleaseSemaphore
0C6=80579945:ZwRemoveIoCompletion
0C7=80670462:ZwRemoveProcessDebug
0C8=80628DEC:ZwRenameKey
0C9=8062948F:ZwReplaceKey
0CA=80582E50:ZwReplyPort
0CB=8057D2A0:ZwReplyWaitReceivePort
0CC=8057CDB0:ZwReplyWaitReceivePortEx
0CD=80646B39:ZwReplyWaitReplyPort
0CE=80669A4F:ZwRequestDeviceWakeup
0CF=8059A5F2:ZwRequestPort
0D0=8058EBC3:ZwRequestWaitReplyPort
0D1=8064FC04:ZwRequestWakeupLatency
0D2=805A6751:ZwResetEvent
0D3=8054743E:ZwResetWriteWatch
0D4=80629286:ZwRestoreKey
0D5=80652FF5:ZwResumeProcess
0D6=805826FA:ZwResumeThread
0D7=80629325:ZwSaveKey
0D8=806293B2:ZwSaveKeyEx
0D9=80627F0D:ZwSaveMergedKeys
0DA=8058F4B2:ZwSecureConnectPort
0DB=80669A5C:ZwSetBootEntryOrder
0DC=80669A5C:ZwSetBootOptions
0DD=805B36F1:ZwSetContextThread
0DE=806704F1:ZwSetDebugFilterState
0DF=805CC1AC:ZwSetDefaultHardErrorPort
0E0=805B948B:ZwSetDefaultLocale
0E1=805B9433:ZwSetDefaultUILanguage
0E2=80669A5C:ZwSetDriverEntryOrder
0E3=8063794E:ZwSetEaFile
0E4=8057CBD7:ZwSetEvent
0E5=80577690:ZwSetEventBoostPriority
0E6=8066A3B0:ZwSetHighEventPair
0E7=8066A2E6:ZwSetHighWaitLowEventPair
0E8=80670255:ZwSetInformationDebugObject
0E9=8057A747:ZwSetInformationFile
0EA=805E2B5F:ZwSetInformationJobObject
0EB=80628400:ZwSetInformationKey
0EC=8059423E:ZwSetInformationObject
0ED=80582221:ZwSetInformationProcess
0EE=80579629:ZwSetInformationThread
0EF=805A8844:ZwSetInformationToken
0F0=8066A5A0:ZwSetIntervalProfile
0F1=8057E39A:ZwSetIoCompletion
0F2=806528DB:ZwSetLdtEntries
0F3=8066A34F:ZwSetLowEventPair
0F4=8066A27D:ZwSetLowWaitHighEventPair
0F5=80637C7E:ZwSetQuotaInformationFile
0F6=805A7626:ZwSetSecurityObject
0F7=80669D39:ZwSetSystemEnvironmentValue
0F8=80669A35:ZwSetSystemEnvironmentValueEx
0F9=80599238:ZwSetSystemInformation
0FA=8067D325:ZwSetSystemPowerState
0FB=8066897B:ZwSetSystemTime
0FC=805ADC19:ZwSetThreadExecutionState
0FD=804F09BF:ZwSetTimer
0FE=805AEB3B:ZwSetTimerResolution
0FF=805BE73C:ZwSetUuidSeed
100=80594859:ZwSetValueKey
101=806381ED:ZwSetVolumeInformationFile
102=8066814B:ZwShutdownSystem
103=80548D9E:ZwSignalAndWaitForSingleObject
104=8066A7EC:ZwStartProfile
105=8066A999:ZwStopProfile
106=80652FA0:ZwSuspendProcess
107=805B2163:ZwSuspendThread
108=8066AAF2:ZwSystemDebugControl
109=80653A9B:ZwTerminateJobObject
10A=80592CBA:ZwTerminateProcess
10B=80578714:ZwTerminateThread
10C=805804F8:ZwTestAlert
10D=80520D5E:ZwTraceEvent
10E=80669A69:ZwTranslateFilePath
10F=8063A3C5:ZwUnloadDriver
110=8062947C:ZwUnloadKey
111=80627FC6:ZwUnloadKey2
112=806281CB:ZwUnloadKeyEx
113=805A420B:ZwUnlockFile
114=805B0977:ZwUnlockVirtualMemory
115=8058BE79:ZwUnmapViewOfSection
116=805C7AA2:ZwVdmControl
117=805B27C8:ZwWaitForDebugEvent
118=80576D38:ZwWaitForMultipleObjects
119=8057628D:ZwWaitForSingleObject
11A=8066A21C:ZwWaitHighEventPair
11B=8066A1BB:ZwWaitLowEventPair
11C=8057A248:ZwWriteFile
11D=805B0FE1:ZwWriteFileGather
11E=8059B0A6:ZwWriteRequestData
11F=805882D7:ZwWriteVirtualMemory
120=8050B1C1:ZwYieldExecution
121=805D9D7F:ZwCreateKeyedEvent
122=805915CF:ZwOpenKeyedEvent
123=8066B22F:ZwReleaseKeyedEvent
124=8066B4AA:ZwWaitForKeyedEvent
125=80651170:ZwQueryPortInformationProcess
winxp/sp2内核服务函数列表Q数?11C(此表由创ZCNASM内部pȝ分析工具3.0)
000=8058FF12:ZwAcceptConnectPort
001=8057B3B1:ZwAccessCheck
002=80598012:ZwAccessCheckAndAuditAlarm
003=805E01E6:ZwAccessCheckByType
004=80598099:ZwAccessCheckByTypeAndAuditAlarm
005=8063F008:ZwAccessCheckByTypeResultList
006=80641199:ZwAccessCheckByTypeResultListAndAuditAlarm
007=806411E2:ZwAccessCheckByTypeResultListAndAuditAlarmByHandle
008=80581221:ZwAddAtom
009=8064EEB3:ZwAddBootEntry
00A=8063E7CB:ZwAdjustGroupsToken
00B=80597849:ZwAdjustPrivilegesToken
00C=80636AE2:ZwAlertResumeThread
00D=805832D5:ZwAlertThread
00E=80596B44:ZwAllocateLocallyUniqueId
00F=8062D916:ZwAllocateUserPhysicalPages
010=805DC3E9:ZwAllocateUuids
011=80570E06:ZwAllocateVirtualMemory
012=805E5D79:ZwAreMappedFilesTheSame
013=805E8049:ZwAssignProcessToJobObject
014=804E5EC4:ZwCallbackReturn
015=8064EE9F:ZwCancelDeviceWakeupRequest
016=805ACCB3:ZwCancelIoFile
017=804EF208:ZwCancelTimer
018=80570718:ZwClearEvent
019=8056F9E9:ZwClose
01A=8059173A:ZwCloseObjectAuditAlarm
01B=806551C7:ZwCompactKeys
01C=8059200C:ZwCompareTokens
01D=805908F2:ZwCompleteConnectPort
01E=80655435:ZwCompressKey
01F=80591820:ZwConnectPort
020=804E222D:ZwContinue
021=806600F7:ZwCreateDebugObject
022=805AE932:ZwCreateDirectoryObject
023=805764A8:ZwCreateEvent
024=8064F504:ZwCreateEventPair
025=8057E3B5:ZwCreateFile
026=805DFD56:ZwCreateIoCompletion
027=805D979A:ZwCreateJobObject
028=80636F89:ZwCreateJobSet
029=80578284:ZwCreateKey
02A=805AD920:ZwCreateMailslotFile
02B=8057CD19:ZwCreateMutant
02C=80588378:ZwCreateNamedPipeFile
02D=805B9421:ZwCreatePagingFile
02E=805E29E8:ZwCreatePort
02F=805B50C0:ZwCreateProcess
030=8058BCC0:ZwCreateProcessEx
031=8064FB25:ZwCreateProfile
032=8056DE25:ZwCreateSection
033=8057A316:ZwCreateSemaphore
034=805E590C:ZwCreateSymbolicLinkObject
035=80585B62:ZwCreateThread
036=805E3350:ZwCreateTimer
037=805AA80B:ZwCreateToken
038=805AF220:ZwCreateWaitablePort
039=80661271:ZwDebugActiveProcess
03A=806613CB:ZwDebugContinue
03B=8056EB59:ZwDelayExecution
03C=805922B8:ZwDeleteAtom
03D=8064EE9F:ZwDeleteBootEntry
03E=805D8FA2:ZwDeleteFile
03F=8059B493:ZwDeleteKey
040=80641239:ZwDeleteObjectAuditAlarm
041=8059A085:ZwDeleteValueKey
042=80588074:ZwDeviceIoControlFile
043=805BA8C0:ZwDisplayString
044=80579C46:ZwDuplicateObject
045=8057D14D:ZwDuplicateToken
046=8064EEB3:ZwEnumerateBootEntries
047=805793FA:ZwEnumerateKey
048=8064EE8B:ZwEnumerateSystemEnvironmentValuesEx
049=8059060D:ZwEnumerateValueKey
04A=8062C8D5:ZwExtendSection
04B=805D3EF9:ZwFilterToken
04C=805E06C5:ZwFindAtom
04D=8058340B:ZwFlushBuffersFile
04E=805870CA:ZwFlushInstructionCache
04F=805E4A3F:ZwFlushKey
050=805E6D0A:ZwFlushVirtualMemory
051=8062E173:ZwFlushWriteBuffer
052=8062DCC9:ZwFreeUserPhysicalPages
053=805714A0:ZwFreeVirtualMemory
054=80581FCC:ZwFsControlFile
055=80634A5D:ZwGetContextThread
056=80632F37:ZwGetDevicePowerState
057=805A0FAF:ZwGetPlugPlayEvent
058=8053F879:ZwGetWriteWatch
059=805E259D:ZwImpersonateAnonymousToken
05A=80591445:ZwImpersonateClientOfPort
05B=80587C2C:ZwImpersonateThread
05C=805AF425:ZwInitializeRegistry
05D=80632D03:ZwInitiatePowerAction
05E=80636E3F:ZwIsProcessInJob
05F=80632F1E:ZwIsSystemResumeAutomatic
060=805D1564:ZwListenPort
061=805ADA28:ZwLoadDriver
062=805D43C2:ZwLoadKey
063=805D4210:ZwLoadKey2
064=80592D85:ZwLockFile
065=805D1630:ZwLockProductActivationKeys
066=805CF453:ZwLockRegistryKey
067=805B2D23:ZwLockVirtualMemory
068=805E5C24:ZwMakePermanentObject
069=805E5B6D:ZwMakeTemporaryObject
06A=8062CF72:ZwMapUserPhysicalPages
06B=8062D3CB:ZwMapUserPhysicalPagesScatter
06C=8057F70B:ZwMapViewOfSection
06D=8064EE9F:ZwModifyBootEntry
06E=80595ABF:ZwNotifyChangeDirectoryFile
06F=8059748D:ZwNotifyChangeKey
070=8059729F:ZwNotifyChangeMultipleKeys
071=80589255:ZwOpenDirectoryObject
072=80590733:ZwOpenEvent
073=8064F5F5:ZwOpenEventPair
074=8057E529:ZwOpenFile
075=80620665:ZwOpenIoCompletion
076=806371E1:ZwOpenJobObject
077=80572CBC:ZwOpenKey
078=8057CDC7:ZwOpenMutant
079=80598D03:ZwOpenObjectAuditAlarm
07A=8057A0DA:ZwOpenProcess
07B=80577C67:ZwOpenProcessToken
07C=80577BBE:ZwOpenProcessTokenEx
07D=8057FB3A:ZwOpenSection
07E=805E5CEB:ZwOpenSemaphore
07F=805891D8:ZwOpenSymbolicLinkObject
080=80596EF6:ZwOpenThread
081=80575F57:ZwOpenThreadToken
082=80575E51:ZwOpenThreadTokenEx
083=8064F42B:ZwOpenTimer
084=8059FE11:ZwPlugPlayControl
085=805E5F26:ZwPowerInformation
086=805A010C:ZwPrivilegeCheck
087=805DC52F:ZwPrivilegeObjectAuditAlarm
088=805D12E8:ZwPrivilegedServiceAuditAlarm
089=8057A3EF:ZwProtectVirtualMemory
08A=805AF178:ZwPulseEvent
08B=80582D30:ZwQueryAttributesFile
08C=8064EEB3:ZwQueryBootEntryOrder
08D=8064EEB3:ZwQueryBootOptions
08E=804FD6A9:ZwQueryDebugFilterState
08F=8056F139:ZwQueryDefaultLocale
090=80588B53:ZwQueryDefaultUILanguage
091=80580AD8:ZwQueryDirectoryFile
092=8058E401:ZwQueryDirectoryObject
093=80620AE4:ZwQueryEaFile
094=80590B5A:ZwQueryEvent
095=8058536F:ZwQueryFullAttributesFile
096=805AEC39:ZwQueryInformationAtom
097=8057FCAB:ZwQueryInformationFile
098=8058B546:ZwQueryInformationJobObject
099=8062A57B:ZwQueryInformationPort
09A=8057603B:ZwQueryInformationProcess
09B=8057564A:ZwQueryInformationThread
09C=80576A55:ZwQueryInformationToken
09D=80589384:ZwQueryInstallUILanguage
09E=8064FFD7:ZwQueryIntervalProfile
09F=80620726:ZwQueryIoCompletion
0A0=80578FFA:ZwQueryKey
0A1=80654BE8:ZwQueryMultipleValueKey
0A2=8064F95E:ZwQueryMutant
0A3=80589607:ZwQueryObject
0A4=80654DEE:ZwQueryOpenSubKeys
0A5=805708FB:ZwQueryPerformanceCounter
0A6=80621395:ZwQueryQuotaInformationFile
0A7=80587517:ZwQuerySection
0A8=805E84B4:ZwQuerySecurityObject
0A9=8064E763:ZwQuerySemaphore
0AA=80589049:ZwQuerySymbolicLinkObject
0AB=8064EEDB:ZwQuerySystemEnvironmentValue
0AC=8064EE75:ZwQuerySystemEnvironmentValueEx
0AD=805864CF:ZwQuerySystemInformation
0AE=805919F9:ZwQuerySystemTime
0AF=8059608C:ZwQueryTimer
0B0=8058ACE1:ZwQueryTimerResolution
0B1=80573100:ZwQueryValueKey
0B2=80582647:ZwQueryVirtualMemory
0B3=8057E667:ZwQueryVolumeInformationFile
0B4=80595FE7:ZwQueueApcThread
0B5=804E2275:ZwRaiseException
0B6=8064E49F:ZwRaiseHardError
0B7=8058295B:ZwReadFile
0B8=80621C6B:ZwReadFileScatter
0B9=80591E97:ZwReadRequestData
0BA=80587A43:ZwReadVirtualMemory
0BB=805862B3:ZwRegisterThreadTerminatePort
0BC=8056EBC4:ZwReleaseMutant
0BD=805835DF:ZwReleaseSemaphore
0BE=8056F65F:ZwRemoveIoCompletion
0BF=80661346:ZwRemoveProcessDebug
0C0=8065502F:ZwRenameKey
0C1=80655522:ZwReplaceKey
0C2=8057CE46:ZwReplyPort
0C3=80575629:ZwReplyWaitReceivePort
0C4=80575141:ZwReplyWaitReceivePortEx
0C5=8062A65A:ZwReplyWaitReplyPort
0C6=80632EAB:ZwRequestDeviceWakeup
0C7=805E9324:ZwRequestPort
0C8=805796C4:ZwRequestWaitReplyPort
0C9=80632CA4:ZwRequestWakeupLatency
0CA=805E36C3:ZwResetEvent
0CB=8053FCF2:ZwResetWriteWatch
0CC=80654040:ZwRestoreKey
0CD=80636A82:ZwResumeProcess
0CE=805861D9:ZwResumeThread
0CF=806540E7:ZwSaveKey
0D0=8065417F:ZwSaveKeyEx
0D1=80654253:ZwSaveMergedKeys
0D2=8058F748:ZwSecureConnectPort
0D3=8064EEB3:ZwSetBootEntryOrder
0D4=8064EEB3:ZwSetBootOptions
0D5=80634C83:ZwSetContextThread
0D6=80662D26:ZwSetDebugFilterState
0D7=805B49B1:ZwSetDefaultHardErrorPort
0D8=805D9E07:ZwSetDefaultLocale
0D9=805D9DAE:ZwSetDefaultUILanguage
0DA=80621029:ZwSetEaFile
0DB=80570689:ZwSetEvent
0DC=8057676E:ZwSetEventBoostPriority
0DD=8064F8E9:ZwSetHighEventPair
0DE=8064F80D:ZwSetHighWaitLowEventPair
0DF=80660CE7:ZwSetInformationDebugObject
0E0=805839EE:ZwSetInformationFile
0E1=805D98EE:ZwSetInformationJobObject
0E2=8065474B:ZwSetInformationKey
0E3=805907A9:ZwSetInformationObject
0E4=80582B1D:ZwSetInformationProcess
0E5=80576581:ZwSetInformationThread
0E6=805A9EA5:ZwSetInformationToken
0E7=8064FB03:ZwSetIntervalProfile
0E8=8057590F:ZwSetIoCompletion
0E9=8063599B:ZwSetLdtEntries
0EA=8064F87F:ZwSetLowEventPair
0EB=8064F79B:ZwSetLowWaitHighEventPair
0EC=8062136D:ZwSetQuotaInformationFile
0ED=805DFAD1:ZwSetSecurityObject
0EE=8064F178:ZwSetSystemEnvironmentValue
0EF=8064EE75:ZwSetSystemEnvironmentValueEx
0F0=805DA74F:ZwSetSystemInformation
0F1=8066E0F9:ZwSetSystemPowerState
0F2=8064E153:ZwSetSystemTime
0F3=805EB24F:ZwSetThreadExecutionState
0F4=804E89FD:ZwSetTimer
0F5=805EB516:ZwSetTimerResolution
0F6=805D4521:ZwSetUuidSeed
0F7=80580F03:ZwSetValueKey
0F8=806218A9:ZwSetVolumeInformationFile
0F9=8064D89F:ZwShutdownSystem
0FA=8051C9EB:ZwSignalAndWaitForSingleObject
0FB=8064FD6C:ZwStartProfile
0FC=8064FF25:ZwStopProfile
0FD=80636A27:ZwSuspendProcess
0FE=80636943:ZwSuspendThread
0FF=80650085:ZwSystemDebugControl
100=8063735F:ZwTerminateJobObject
101=8058D549:ZwTerminateProcess
102=805857A8:ZwTerminateThread
103=80585CC1:ZwTestAlert
104=80549A08:ZwTraceEvent
105=8064EEC7:ZwTranslateFilePath
106=80623ED4:ZwUnloadDriver
107=80654319:ZwUnloadKey
108=80654516:ZwUnloadKeyEx
109=80592EE5:ZwUnlockFile
10A=8062E1E7:ZwUnlockVirtualMemory
10B=8057F293:ZwUnmapViewOfSection
10C=805B2353:ZwVdmControl
10D=80660A30:ZwWaitForDebugEvent
10E=8056ECA1:ZwWaitForMultipleObjects
10F=8056E265:ZwWaitForSingleObject
110=8064F731:ZwWaitHighEventPair
111=8064F6C7:ZwWaitLowEventPair
112=80583C75:ZwWriteFile
113=805ACFA0:ZwWriteFileGather
114=80591F1B:ZwWriteRequestData
115=80587B3B:ZwWriteVirtualMemory
116=804F5102:ZwYieldExecution
117=805C7562:ZwCreateKeyedEvent
118=8058BECC:ZwOpenKeyedEvent
119=806504F9:ZwReleaseKeyedEvent
11A=80650764:ZwWaitForKeyedEvent
winnt/sp4内核服务函数列表Q数?F8(此表由创ZCNASM内部pȝ分析工具3.0)
000=8058B3BF:ZwAcceptConnectPort
001=8058E86B:ZwAccessCheck
002=8059DEF3:ZwAccessCheckAndAuditAlarm
003=805EB034:ZwAccessCheckByType
004=805A11F4:ZwAccessCheckByTypeAndAuditAlarm
005=80539214:ZwAccessCheckByTypeResultList
006=805EC2FF:ZwAccessCheckByTypeResultListAndAuditAlarm
007=805EC33F:ZwAccessCheckByTypeResultListAndAuditAlarmByHandle
008=8059581C:ZwAddAtom
009=805E8874:ZwAdjustGroupsToken
00A=8057860A:ZwAdjustPrivilegesToken
00B=805DC7E2:ZwAlertResumeThread
00C=805755F7:ZwAlertThread
00D=8057C8A6:ZwAllocateLocallyUniqueId
00E=80528472:ZwAllocateUserPhysicalPages
00F=80588D50:ZwAllocateUuids
010=80596BFB:ZwAllocateVirtualMemory
011=805D0CEF:ZwAreMappedFilesTheSame
012=805DCB95:ZwAssignProcessToJobObject
013=804E189A:ZwCallbackReturn
014=805B06CB:ZwCancelIoFile
015=804F8F66:ZwCancelTimer
016=805D69D4:ZwCancelDeviceWakeupRequest
017=8057E0CC:ZwClearEvent
018=8052C422:ZwClose
019=80576F58:ZwCloseObjectAuditAlarm
01A=8058B849:ZwCompleteConnectPort
01B=8058A9DA:ZwConnectPort
01C=80545250:ZwContinue
01D=805D4BD5:ZwCreateDirectoryObject
01E=8057BC80:ZwCreateEvent
01F=805AA7A5:ZwCreateEventPair
020=80580C2D:ZwCreateFile
021=805A18F5:ZwCreateIoCompletion
022=805DC8B8:ZwCreateJobObject
023=805883BE:ZwCreateKey
024=8056D3DA:ZwCreateMailslotFile
025=8057FCA5:ZwCreateMutant
026=8057628A:ZwCreateNamedPipeFile
027=805CE260:ZwCreatePagingFile
028=8058098F:ZwCreatePort
029=8058D948:ZwCreateProcess
02A=805A9D6F:ZwCreateProfile
02B=8058EFF6:ZwCreateSection
02C=805770F9:ZwCreateSemaphore
02D=8057C6C4:ZwCreateSymbolicLinkObject
02E=805769C1:ZwCreateThread
02F=805A1C6E:ZwCreateTimer
030=805EE543:ZwCreateToken
031=805CC375:ZwCreateWaitablePort
032=805A0467:ZwDelayExecution
033=805A0528:ZwDeleteAtom
034=805B0833:ZwDeleteFile
035=8059D3C5:ZwDeleteKey
036=80571D0C:ZwDeleteObjectAuditAlarm
037=80581309:ZwDeleteValueKey
038=80588EF6:ZwDeviceIoControlFile
039=805A61B4:ZwDisplayString
03A=8057FE25:ZwDuplicateObject
03B=8057CF2E:ZwDuplicateToken
03C=8057736D:ZwEnumerateKey
03D=805A0A3C:ZwEnumerateValueKey
03E=8057051D:ZwExtendSection
03F=805E9361:ZwFilterToken
040=805995ED:ZwFindAtom
041=8059A31A:ZwFlushBuffersFile
042=80576667:ZwFlushInstructionCache
043=8058E2C6:ZwFlushKey
044=80590F9C:ZwFlushVirtualMemory
045=805D19A4:ZwFlushWriteBuffer
046=80528A9D:ZwFreeUserPhysicalPages
047=80589828:ZwFreeVirtualMemory
048=80588B14:ZwFsControlFile
049=805A4F1B:ZwGetContextThread
04A=805D69EA:ZwGetDevicePowerState
04B=8059C159:ZwGetPlugPlayEvent
04C=80540086:ZwGetTickCount
04D=805290E4:ZwGetWriteWatch
04E=805EEFE4:ZwImpersonateAnonymousToken
04F=80575FCD:ZwImpersonateClientOfPort
050=80532C84:ZwImpersonateThread
051=805FE159:ZwInitializeRegistry
052=805D67D0:ZwInitiatePowerAction
053=805D69DC:ZwIsSystemResumeAutomatic
054=805CC598:ZwListenPort
055=8060A603:ZwLoadDriver
056=805FEDF3:ZwLoadKey
057=8053FA4E:ZwLoadKey2
058=8058A339:ZwLockFile
059=805D19FB:ZwLockVirtualMemory
05A=80594D99:ZwMakeTemporaryObject
05B=80527B61:ZwMapUserPhysicalPages
05C=80527F74:ZwMapUserPhysicalPagesScatter
05D=80588767:ZwMapViewOfSection
05E=8057844D:ZwNotifyChangeDirectoryFile
05F=805800E4:ZwNotifyChangeKey
060=80580112:ZwNotifyChangeMultipleKeys
061=80599BCA:ZwOpenDirectoryObject
062=8059570A:ZwOpenEvent
063=805AA891:ZwOpenEventPair
064=805835F9:ZwOpenFile
065=805B4F31:ZwOpenIoCompletion
066=805DCACD:ZwOpenJobObject
067=8058A4F2:ZwOpenKey
068=805986D0:ZwOpenMutant
069=805879E0:ZwOpenObjectAuditAlarm
06A=8057E77A:ZwOpenProcess
06B=80595234:ZwOpenProcessToken
06C=8058C198:ZwOpenSection
06D=8059C50F:ZwOpenSemaphore
06E=805A0953:ZwOpenSymbolicLinkObject
06F=805967E5:ZwOpenThread
070=80580E36:ZwOpenThreadToken
071=805AA46B:ZwOpenTimer
072=8058FC32:ZwPlugPlayControl
073=805A3755:ZwPowerInformation
074=80575E38:ZwPrivilegeCheck
075=805EBA39:ZwPrivilegedServiceAuditAlarm
076=805EB815:ZwPrivilegeObjectAuditAlarm
077=8059038B:ZwProtectVirtualMemory
078=805A1A4E:ZwPulseEvent
079=8058A8CE:ZwQueryInformationAtom
07A=80579EE5:ZwQueryAttributesFile
07B=8057EB50:ZwQueryDefaultLocale
07C=8059E87B:ZwQueryDefaultUILanguage
07D=80582459:ZwQueryDirectoryFile
07E=805A33FE:ZwQueryDirectoryObject
07F=805B5963:ZwQueryEaFile
080=8058AF98:ZwQueryEvent
081=8059CAB3:ZwQueryFullAttributesFile
082=8058E525:ZwQueryInformationFile
083=8058DF19:ZwQueryInformationJobObject
084=8059E337:ZwQueryIoCompletion
085=805CC616:ZwQueryInformationPort
086=80594426:ZwQueryInformationProcess
087=80589AB9:ZwQueryInformationThread
088=805790BD:ZwQueryInformationToken
089=8059BCE1:ZwQueryInstallUILanguage
08A=805AA33D:ZwQueryIntervalProfile
08B=8057923A:ZwQueryKey
08C=805FF4A8:ZwQueryMultipleValueKey
08D=805AA604:ZwQueryMutant
08E=8059AE69:ZwQueryObject
08F=805FFB4C:ZwQueryOpenSubKeys
090=80599B2D:ZwQueryPerformanceCounter
091=805B6865:ZwQueryQuotaInformationFile
092=805789AC:ZwQuerySection
093=8052C94A:ZwQuerySecurityObject
094=805A9009:ZwQuerySemaphore
095=8059984F:ZwQuerySymbolicLinkObject
096=805A97BE:ZwQuerySystemEnvironmentValue
097=8059F933:ZwQuerySystemInformation
098=8059B77C:ZwQuerySystemTime
099=8059AD4C:ZwQueryTimer
09A=8058CF1A:ZwQueryTimerResolution
09B=8057A077:ZwQueryValueKey
09C=8057C3CD:ZwQueryVirtualMemory
09D=8057EC21:ZwQueryVolumeInformationFile
09E=805913FF:ZwQueueApcThread
09F=80545298:ZwRaiseException
0A0=805A8C74:ZwRaiseHardError
0A1=8059B7FD:ZwReadFile
0A2=805B7508:ZwReadFileScatter
0A3=80589014:ZwReadRequestData
0A4=8059E05F:ZwReadVirtualMemory
0A5=805759A2:ZwRegisterThreadTerminatePort
0A6=8059BC18:ZwReleaseMutant
0A7=805871EB:ZwReleaseSemaphore
0A8=8059219F:ZwRemoveIoCompletion
0A9=805FF2D7:ZwReplaceKey
0AA=8057E519:ZwReplyPort
0AB=80593E83:ZwReplyWaitReceivePort
0AC=8051374A:ZwReplyWaitReceivePortEx
0AD=805CC819:ZwReplyWaitReplyPort
0AE=805D6972:ZwRequestDeviceWakeup
0AF=80595A2E:ZwRequestPort
0B0=80593AC6:ZwRequestWaitReplyPort
0B1=805D677C:ZwRequestWakeupLatency
0B2=8056C413:ZwResetEvent
0B3=805295CA:ZwResetWriteWatch
0B4=805FEA0C:ZwRestoreKey
0B5=80594998:ZwResumeThread
0B6=80572F99:ZwSaveKey
0B7=805FEB70:ZwSaveMergedKeys
0B8=80512E23:ZwSecureConnectPort
0B9=80580FA6:ZwSetIoCompletion
0BA=805714C5:ZwSetContextThread
0BB=805A8F0B:ZwSetDefaultHardErrorPort
0BC=805A6470:ZwSetDefaultLocale
0BD=805A6A3E:ZwSetDefaultUILanguage
0BE=805B5ED0:ZwSetEaFile
0BF=8058745D:ZwSetEvent
0C0=805AAB33:ZwSetHighEventPair
0C1=805AAA79:ZwSetHighWaitLowEventPair
0C2=805A1308:ZwSetInformationFile
0C3=805DD998:ZwSetInformationJobObject
0C4=805FEFDD:ZwSetInformationKey
0C5=80597435:ZwSetInformationObject
0C6=8057BFC8:ZwSetInformationProcess
0C7=805A0067:ZwSetInformationThread
0C8=805EF572:ZwSetInformationToken
0C9=805AA32B:ZwSetIntervalProfile
0CA=805710AD:ZwSetLdtEntries
0CB=805AAADD:ZwSetLowEventPair
0CC=805AAA15:ZwSetLowWaitHighEventPair
0CD=805B6DD0:ZwSetQuotaInformationFile
0CE=8052C855:ZwSetSecurityObject
0CF=805A9A48:ZwSetSystemEnvironmentValue
0D0=8056C5C0:ZwSetSystemInformation
0D1=80568947:ZwSetSystemPowerState
0D2=8056CBE7:ZwSetSystemTime
0D3=80592CA2:ZwSetThreadExecutionState
0D4=804F90FF:ZwSetTimer
0D5=805A1B95:ZwSetTimerResolution
0D6=805A93B5:ZwSetUuidSeed
0D7=80598D90:ZwSetValueKey
0D8=805B6EEC:ZwSetVolumeInformationFile
0D9=805A6182:ZwShutdownSystem
0DA=8052D2B1:ZwSignalAndWaitForSingleObject
0DB=805A9FE0:ZwStartProfile
0DC=805AA287:ZwStopProfile
0DD=805A522B:ZwSuspendThread
0DE=8060A462:ZwSystemDebugControl
0DF=805DE766:ZwTerminateJobObject
0E0=80582FAC:ZwTerminateProcess
0E1=8059DF29:ZwTerminateThread
0E2=80595218:ZwTestAlert
0E3=8060A7D0:ZwUnloadDriver
0E4=805FEE05:ZwUnloadKey
0E5=805881B4:ZwUnlockFile
0E6=805A0554:ZwUnlockVirtualMemory
0E7=8059A027:ZwUnmapViewOfSection
0E8=805A3B5D:ZwVdmControl
0E9=8052D4A2:ZwWaitForMultipleObjects
0EA=8057ADC3:ZwWaitForSingleObject
0EB=805AA9B7:ZwWaitHighEventPair
0EC=805AA959:ZwWaitLowEventPair
0ED=80577920:ZwWriteFile
0EE=805B7D76:ZwWriteFileGather
0EF=8059848C:ZwWriteRequestData
0F0=8058C248:ZwWriteVirtualMemory
0F1=805CB56F:ZwCreateChannel
0F2=805CB56F:ZwListenChannel
0F3=805CB56F:ZwOpenChannel
0F4=80512D65:ZwReplyWaitSendChannel
0F5=80525DB5:ZwSendWaitReplyChannel
0F6=805D69D4:ZwSetContextChannel
转蝲h明出处?/font>
Core Audio APIS Q?/span>
Vista 里面Q一l新的用h的音频lg提供l应用程序来改善应用E序操作音频的能力,
包括以下的一些方面:(x)
- 低gӞ几乎无故障的音频?/span>
- 提高可靠?/span> ( 很多音频函数从核?j)态移C(jin)用户?/span> )
- 提高?sh)(jin)安全?/span> Q在安全的,低优先别的U程处理被保护的音频内容Q?/span>
- 分配?jin)特定的pȝU别的规?/span> (console, multimedia, communications) l单独的音频讑֤?/span>
- 用户可以直接操作Q相?/span> endpoint 讑֤的Y件抽?/span> ( 如:(x)扩音器,耳麦?qing)麦克?/span> ) 以下的高?/span> API 是以 Core Audio APIs 来工作的?/span>
- DirectSound
- DirectMusic
- Windows multimedia waveXxx and mixerXxx functions
- Media Foundation
- Streaming Audio Renderer (SAR)
l大多数的音频应用程序与以上的高层次?/span> API 交互而不是直接操作底层的 Core Audio API 。例如以下一些应用可能用到高{?/span> API Q?/span>
(tng) (tng) (tng) (tng) (tng) (tng)
媒体播放?/span>
(tng) (tng) (tng) (tng) (tng) (tng)
DVD
播放?/span>
(tng) (tng) (tng) (tng) (tng) (tng)
游戏
(tng) (tng) (tng) (tng) (tng) (tng)
商用软g
通常q些应用用到 DirectSound 和媒体的底层函数?/span>
通常的应用不需要直接用?/span> Core Audio API Q例?/span> Core Audio API 中的 Audio streams 需要用一个音频设备的原始数据格式。然而,一些第三方的Y件开发h员开发以下的产品Ӟ需要用到这些核?j)?/span> API Q?/span>
(tng) (tng) (tng) (tng) (tng) (tng) 专业的音频应用程?/span> (PRO AUDIO)
(tng) (tng) (tng) (tng) (tng) (tng) 实时通信 (RTC) 应用E序
(tng) (tng) (tng) (tng) (tng) (tng) W三斚w?/span> API
一?/span> PRO AUDIO ?/span> RTC 应用E序可能需要直接用底层 Core Audio API 讉K音频g来达到最g时的效果。一个第三方的音?/span> API 需要直接访?/span> Core Audio API 来实现高层的 API 没有提供的功能?/span>
Core Audio API 包括Q?/span>
(tng) (tng) (tng) (tng) (tng) (tng)
Multimedia Device (MMDevice) API
Q用q些
API
来枚丄l中的音频设备?/span>
(tng) (tng) (tng) (tng) (tng) (tng)
Windows Audio Session API (WASAPI)
Q用q些
API
来创建和理来自音频讑֤音频?/span>
(tng) (tng) (tng) (tng) (tng) (tng)
DeviceTopology API
Q用q些
API
来直接访问声音适配器中的硬件数据通\的拓扑特性(如音量控Ӟ复用器等Q?/span>
(tng) (tng) (tng) (tng) (tng) (tng)
EndpointVolume API
Q用q些
API
直接讉K音频讑֤的声x(chng)制。这?/span>
API
通常是给那些以独占模式管理音频流的应用程序?/span>
q些 API 提供对于讑֤的抽象概念,q些概念被描q成?/span> Audio Endpoint Device 。每?/span> API 包含很多 COM 接口。由于音频需要低延时和精的同步Q所 MMDevice, WASAPI, DeviceTopology, ?/span> EndpointVolume APIs 不依赖于 .NET 框架?/span>
除了(jin) Vista 之外其他的操作系l都不支?/span> Core Audio API 。包括:(x) Microsoft Windows Server (tng)2003, Windows (tng)XP, Windows (tng)ME, Windows (tng)2000, ?/span> Windows (tng)98 ?/span>
Vista 中的音频控制的角色概念:(x)
假如pȝ中有多个音频讑֤Q那么一个设备可能用h用来播放?sh)?jing)的,另一个可能是用来玩游戏的。这?/span> Vista 中就引入?jin)角色的概念?/span>
|
ERole
帔R
|
讑֤角色
|
渲染举例
|
捕获举例
|
|
eConsole |
与计机交互
|
游戏和系l的通告声音
|
语音命o(h)
|
|
eCommunications |
与他人的声音交流
|
聊天?/span>
VOIP |
聊天?/span>
VOIP |
|
eMultimedia |
播放或者录制电(sh)影和音乐
|
?sh)?jing)和音?/span>
|
实时的声韛_?/span>
|
Vista 中的音量控制被分?/span> 4 U别:(x)
IAudioStream 接口提供 session 每个的音量控制?/span>
methods in the IAudioStreamVolume interface.
IChannelAudioVolume 接口提供 session 中每个通道的音量控制?/span>
ISimpleAudioVolume 接口控制每一?/span> Session 的主音量?/span>
假如需要更改设备的音量大小Q则需要操?/span> IAudioEndpointVolume 接口?/span>
开发D例:(x) Vista 中控制系l音?/span>
l (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) 初始?/span> COM Q?/span>
CoInitializeEx(NULL, COINIT_MULTITHREADED)
l (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) 获取 IMMDeviceEnumerator 讑֤指针Q?/span>
(tng) (tng) CoCreateInstance(__uuidof(MMDeviceEnumerator), NULL,
(tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) CLSCTX_ALL, __uuidof(IMMDeviceEnumerator),
(tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (void**)&m_pEnumerator)
l (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) 获取 IMMDevice 指针Q这是是所?/span> MM 讑֤ ?/span> 多媒体设备的?/span>
n (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) 其中W一个参数是指明讑֤的用?/span>
n (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) W二个参数指明设备角?/span>
m_pEnumerator->GetDefaultAudioEndpoint(eRender, eMultimedia, &m_pDeviceOut)
l (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) 获取 IAudioEndpointVolume 指针Q(我们需要控制系l音量所对应的对象)(j)
m_pDeviceOut->Activate(__uuidof(IAudioEndpointVolume),CLSCTX_ALL,NULL,(void**)&m_AudioEndpointVolume)
l (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) Ҏ(gu)需要调用该对象?/span> API Q进行操作?/span>
关于原始输入
除了(jin)传统的键盘和鼠标以外q有很多其他的输入设备。例如:(x)用户输入可以来自游戏杆设备,触摸屏,麦克风以?qing)其他可以提供用戯入的讑֤。这些设备被l称为HIDQh体工E学Q设备。Raw Input的API为应用程序提供了(jin)E_健壮的读取原始数据数据的方式Q包括键盘和鼠标?/p>
q篇文章主要包括3个部分:(x)
· (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) 原始输入模型
· (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) 注册原始输入
· (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) (tng) d原始输入
原始输入模型
以前鼠标和键盘数据处理模式是q样的,鼠标和键盘(sh)生输入数据,pȝ中断d理这些与讑֤信息相关的数据,让这些数据变得与讑֤无关。例如:(x)键盘?sh)生与键盘设备相关的ScanCode但是pȝ提供l应用程序虚拟键码。除?jin)隐藏原始输入的l节QW(xu)indows理器还?sh)支持所有新的HID讑֤。ؓ(f)?jin)要从HID讑֤里面得到信息Q一个应用程序必d理以下步骤:(x)打开讑֤,理׃n模式Q周期性读取设备或者设|IO完成端口Q或者更多操作。原始输入模型及(qing)其相关的API允许比较Ҏ(gu)的从输入讑֤中获取原始输入,包括键盘和鼠标?/p>
那么原始输入模型和微软原来的鼠标键盘输入模型有什么差别呢Q在原来的输入模型,一个应用程序通过发送到他窗口的消息获取与设备无关的消息Q例如WM_CHAR,WM_MOUSEMOVE和W(xu)M_APPCOMMAND。与之原来模式不同的?一个应用程序想获取原始数据的必L册他惌获取原始输入的那些设备,应用E序?x)收到WM_INPUT消息?/p>
原始输入模型有很多优点:(x)
- (tng)应用E序不需要查扑֒打开输入讑֤?
- (tng)应用E序直接从设备获取数据ƈҎ(gu)他们的需要获取数据?
- 应用E序能够甄别来自两个不同讑֤的输入,管他们有可能是同一个类型的讑֤。例如:(x)两个鼠标讑֤?
- 应用E序能够理数据?hu),可以从一c设备或者某U制定类型设备获取输入数据?
- 当HID讑֤在市(jng)Z可以买到时候,能够立即被用,而不需要等待操作系l更新新的消息定义或者操作系l更新WM_APPCOMMAND消息?
需要注意的是:(x)WM_APPCOMMAND实是ؓ(f)一些HID讑֤提供的。然而W(xu)M_APPCOMMAND是一个高层的非设备相关的输入事gQ而W(xu)M_INPUT消息发送原始的底层的设备相关的消息?/p>
注册原始输入
默认情况下,没有应用E序?x)接受WM_INPUT消息。ؓ(f)?jin)接受从一个设备发送原始输入,你必L册这个设备?/p>
Z(jin)注册q个讑֤Q一个应用程序首先必dZ个指明他所希望接受讑֤cd的(top level collection―?br />TLCQRAWINPUTDEVICEl构。TLC被定义成为UsagePageQ设备类Q和UsageQ设备类内的具体讑֤Q。例如ؓ(f)?jin)从键盘获取原始输入Q设|UsagePage = 1 and Usage = 6Q应用程序调用RegisterRawInputDeviceL册这个设备?/p>
注意Q应用程序可以注册系l当前没有的讑֤。当讑֤可用之后QW(xu)indows理器会(x)自动原始输入数据发送到应用E序。应用程序可以调用GetRawInputDeviceList来获取系l中原始输入讑֤的列表。用GetRawInputDeviceList获取的hDeviceQ应用程序调用GetRawInputDeviceInfo获取讑֤信息?/p>
通过RAWINPUTDEVICE中的dwFlagQ应用程序可以选择是否监听q是忽略来自某个指定讑֤的信息。例如:(x)一个应用程序能够监听所有的?sh)话讑֤除?jin){录机?/p>
注意Q鼠标和键盘?sh)是HID讑֤Q所以能够从Hid讑֤的WM_INPUT消息或者从传统的消息中获取信息。应用程序能够通过指定RAWINPUTDEVICE中的标志位选择L一个?/p>
可以调用GetRegisteredRawInputDevice来得到应用程序的该设备的注册状态?/p>
d原始输入
应用E序?x)收到符合所注册的TLC的HID讑֤的原始输入消息。当一个应用程序收C(jin)原始输入Q应用程序的消息队列׃(x)得到一个WM_INPUT消息Q系l状态被|成QS_RAWINPUT(QS_INPUT)同样包含q个标志。不应用程序在前台和后台都能够收到消息?/p>
有两U方法去d原始数据Q标准(没有~冲的)(j)Ҏ(gu)和缓冲方法。前者获取原始输入时Q每ơ获取一个RAWINPUT数据Q而且对于大多数HID讑֤都是可以用这U方式读取的。应用程序调用CallMessage得到WM_INPUT消息Q然后应用程序通过WM_INPUT消息Q调用GetRawInputData来获取RAWINPUT句柄?/p>
相对应的,~存方式每次得到一pd的RAWINPUTl构。这是给那些能够构生很大数据量的原始输入。用q种Ҏ(gu)去获取数据,首先调用GetRawInputBuffer去获取一pd的RAWINPUTl构。注意NEXTTRAWINPUTBLOCK宏是用来获取下一个RAWINPUTl构的?/p>
Z(jin)获取原始输入HID讑֤的详l信息。应用程序可以用GetRawInputdeviceInfo来查询相对应的句柄。这个句柄可以是从WM_INPUT消息或者RAWINPUTHRADER.hDevice获取?br />