You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
gmh5225
f558f4aa3c
|
12 months ago | |
|---|---|---|
| LICENSE | 12 months ago | |
| README.md | 12 months ago | |
| find_data_ptr.py | 12 months ago | |
| find_data_ptr_guard_dispatch_icall.py | 12 months ago | |
README.md
ida-find-.data-ptr
A simple ida python script to find .data ptr
Run find_data_ptr.py
Run find_data_ptr_guard_dispatch_icall.py
.data ptr with _guard_dispatch_icall: off_140C00A00
Function HvlGetSharedPageVa (called at: 0x140236507)
.data ptr with _guard_dispatch_icall: HalPerformEndOfInterruptAtController
Function HalPerformEndOfInterrupt (called at: 0x140274485)
Function HalpInterruptResetThisProcessor (called at: 0x1404b652c)
.data ptr with _guard_dispatch_icall: off_140C009E0
Function EtwGetKernelTraceTimestamp (called at: 0x14043ddea)
Function KiExecuteAllDpcs (called at: 0x140472afd)
Function EtwpReserveTraceBuffer (called at: 0x140472fe5)
Function EtwGetKernelTraceTimestampSilo (called at: 0x140481ad3)
Function EtwpGetLoggerTimeStamp (called at: 0x140489670)
Function EtwpInitializeTimeStamp (called at: 0x1407f4d34)
.data ptr with _guard_dispatch_icall: HalpProfileInterface
Function HalpProcessorPrepareForIdle (called at: 0x14043e59c)
Function HalpProcessorResumeFromIdle (called at: 0x14043e5e4)
Function HalpSetProfileSourceInterval (called at: 0x140369c5b)
Function HalpRestartProfiling (called at: 0x140383323)
Function HalpTimerInitializeProfiling (called at: 0x1403a52ad)
Function HalSetProfileInterval (called at: 0x1404b878a)
Function HalStartProfileInterrupt (called at: 0x1404b87c6)
Function HalStopProfileInterrupt (called at: 0x1404b87f1)
Function HalpAllocatePmcCounterSet (called at: 0x1404b894d)
Function HalpAllocatePmcCounterSet (called at: 0x1404b8983)
Function HalpAllocatePmcCounterSet (called at: 0x1404b89cd)
Function HalpFreePmcCounterSet (called at: 0x1404b8d07)
Function HalpPerfInterrupt (called at: 0x1404b8f61)
Function HalpPerfInterrupt (called at: 0x1404b8f87)
Function KiStopProfileTarget (called at: 0x140515f41)
Function HalpSetSystemInformation (called at: 0x14080f1e1)
Function HalpSetSystemInformation (called at: 0x14080f20d)
Function HalpQueryProfileInformation (called at: 0x140757447)
Function HalAllocateHardwareCounters (called at: 0x1408602d0)
Function HalFreeHardwareCounters (called at: 0x140860360)
Function HalFreeHardwareCounters (called at: 0x140860360)
Function HalpCompleteInitializeProfiling (called at: 0x140996c28)
Function HalpInitializeProfiling (called at: 0x140996c88)
.data ptr with _guard_dispatch_icall: off_140C00890
Function KiSetClockTickRate (called at: 0x14027b1cd)
Function KePrepareClockTimerForIdle (called at: 0x14027b4a6)
Function KiRestoreClockTickRate (called at: 0x14027b7a4)
Function KeInitializeClock (called at: 0x140a86322)
.data ptr with _guard_dispatch_icall: HalpPlatformFlags
Function HalpDpPostReplace (called at: 0x1409a4776)
.data ptr with _guard_dispatch_icall: HalpSystemHardwareLock
Function HalpAcquireCmosSpinLock (called at: 0x140446b6a)
.data ptr with _guard_dispatch_icall: PpmPerfCoreParkingMask
Function PpmParkReportMask (called at: 0x140446f65)
.data ptr with _guard_dispatch_icall: off_140C00868
Function KiIntSteerSetDestination (called at: 0x14029f0c2)
.data ptr with _guard_dispatch_icall: dword_140C020C0
Function CmSaveMergedKeys (called at: 0x140878f05)
.data ptr with _guard_dispatch_icall: HalIommuDispatch
Function ExFreeSvmAsid (called at: 0x140450106)
Function HalpIommuInterruptRoutine (called at: 0x1404c5f1f)
Function IommuProcessPageRequestQueue (called at: 0x1404d32a2)
Function IommuProcessPageRequestQueue (called at: 0x1404d3440)
Function IommuProcessPageRequestQueue (called at: 0x1404d3554)
Function IommuProcessPageRequestQueue (called at: 0x1404d36aa)
Function IommupHvInterruptRoutine (called at: 0x1404d406c)
Function ExFlushTb (called at: 0x1405b0a36)
Function ExShareAddressSpaceWithDevice (called at: 0x1405b0e48)
Function ExShareAddressSpaceWithDevice (called at: 0x1405b0f51)
Function ExShareAddressSpaceWithDevice (called at: 0x1405b1487)
Function ExShareAddressSpaceWithDevice (called at: 0x1405b14b4)
Function ExSvmBeginDeviceReset (called at: 0x1405b18b0)
Function ExSvmDevicePowerCallback (called at: 0x1405b1ae6)
Function ExSvmFinalizeDeviceReset (called at: 0x1405b1cd2)
Function ExpPrepareNewSvmDevice (called at: 0x1405b2488)
Function ExpPrepareNewSvmDevice (called at: 0x1405b251e)
Function ExpSvmDereferenceDevice (called at: 0x1405b283e)
Function ExpSvmWorkerThread (called at: 0x1405b2dbc)
Function HalpIommuInitSystem (called at: 0x14099705e)
Function HalpIommuInitSystem (called at: 0x140997076)
Function InitBootProcessor (called at: 0x140a37c95)
Function ExpInitializeSvm (called at: 0x140a6da40)
.data ptr with _guard_dispatch_icall: off_140C007D8
Function HalpTimerClockIpiRoutine (called at: 0x140326389)
Function HalpTimerClockInterrupt (called at: 0x14032f0a7)
Function HalpTimerAlwaysOnClockInterrupt (called at: 0x1404ce7a4)
Function EtwpReserveWithPmcCounters (called at: 0x1405a2ef3)
.data ptr with _guard_dispatch_icall: off_140C008C0
Function HalpTimerClockIpiRoutine (called at: 0x1403263ce)
Function KeClockInterruptNotify (called at: 0x140326517)
Function HalpTimerClockInterrupt (called at: 0x14032f0f1)
Function HalpTimerAlwaysOnClockInterrupt (called at: 0x1404ce757)
Function NtSetSystemInformation (called at: 0x14069ace1)
Function PopWriteHiberPages (called at: 0x14098d894)
Function PopRequestWrite (called at: 0x1409902ed)
.data ptr with _guard_dispatch_icall: off_140C00740
Function PpmIdleExecuteTransition (called at: 0x1403279d3)
.data ptr with _guard_dispatch_icall: off_140C00888
Function PpmIdleExecuteTransition (called at: 0x140327b4a)
Function KeResumeClockTimerFromIdle (called at: 0x140329bf2)
Function KeSuspendClockTimer (called at: 0x14038154b)
Function KeSuspendClockTimerSafe (called at: 0x14050d8d5)
Function KeSuspendClockTimerSafe (called at: 0x14050d971)
Function KeInitializeClock (called at: 0x140a862e9)
.data ptr with _guard_dispatch_icall: off_140C00750
Function PpmIdleExecuteTransition (called at: 0x1403288dd)
.data ptr with _guard_dispatch_icall: off_140C009A8
Function PpmIdleExecuteTransition (called at: 0x140328926)
Function HalpRestartProfiling (called at: 0x140383354)
Function HalpPerfInterrupt (called at: 0x1404b8f95)
.data ptr with _guard_dispatch_icall: off_140C00898
Function KeResumeClockTimerFromIdle (called at: 0x140329a42)
Function KeResumeClockTimerFromIdle (called at: 0x1404875e2)
Function KeResumeClockTimerFromIdle (called at: 0x140487689)
.data ptr with _guard_dispatch_icall: off_140C00880
Function KeResumeClockTimerFromIdle (called at: 0x140329be1)
Function KeResumeClockTimerFromIdle (called at: 0x140487720)
Function KiResumeClockTimer (called at: 0x140380c8b)
Function KeInitializeClock (called at: 0x140a862fc)
.data ptr with _guard_dispatch_icall: off_140C00968
Function KiGetNextTimerExpirationDueTime (called at: 0x14032a481)
.data ptr with _guard_dispatch_icall: off_140C00A70
Function KiSetIntervalWorker (called at: 0x14036a1a5)
Function EtwSetPerformanceTraceInformation (called at: 0x140934a38)
Function EtwSetPerformanceTraceInformation (called at: 0x140934b66)
Function EtwpLoadMicroarchitecturalProfileSource (called at: 0x14093687e)
Function VslpIumPhase0Initialize (called at: 0x140a8d5d7)
Function VslpIumPhase0Initialize (called at: 0x140a8d5ee)
.data ptr with _guard_dispatch_icall: off_140C00780
Function HalDisableInterrupt (called at: 0x14045a851)
Function HalEnableInterrupt (called at: 0x14045ac6b)
Function KiIntSteerConnect (called at: 0x140375165)
Function KiIsInterruptTypeSecondary (called at: 0x14045af1e)
Function HalpUnmaskInterrupt (called at: 0x14049748b)
Function HalpMaskInterrupt (called at: 0x1404a3845)
Function HalpInterruptRequestInterrupt (called at: 0x1404b6736)
Function HalpInterruptRequestSecondaryInterrupt (called at: 0x1404cb068)
Function IopConnectInterrupt (called at: 0x1407444b6)
Function IopConnectInterruptFullySpecified (called at: 0x1407adc0d)
Function IopAllocatePassiveInterruptBlock (called at: 0x14089d91a)
.data ptr with _guard_dispatch_icall: off_140C008E0
Function KeConnectInterrupt (called at: 0x14045aa49)
.data ptr with _guard_dispatch_icall: off_140C00778
Function KeConnectInterrupt (called at: 0x14045aa75)
Function KeUnmaskInterrupt (called at: 0x1403890d1)
Function IopPassiveInterruptWorker (called at: 0x140506efe)
Function KiUnmaskSecondaryInterruptInternal (called at: 0x14051343d)
.data ptr with _guard_dispatch_icall: off_140C00768
Function KiIntSteerConnect (called at: 0x14045acfd)
.data ptr with _guard_dispatch_icall: off_140C00878
Function KiResumeClockTimer (called at: 0x140380c9a)
Function KeInitializeClock (called at: 0x140a8630a)
.data ptr with _guard_dispatch_icall: off_140C007F0
Function HalpSetResumeTime (called at: 0x1404944df)
Function AnFwDisplayBackgroundUpdate (called at: 0x1409f313d)
Function AnFwpBackgroundUpdateTimer (called at: 0x1409f41d1)
Function GetBootSystemTime (called at: 0x140a6d6fa)
.data ptr with _guard_dispatch_icall: off_140C005C8
Function HalTranslateBusAddress (called at: 0x1403a207f)
.data ptr with _guard_dispatch_icall: off_140C00948
Function HalpPowerStateCallback (called at: 0x1403a351e)
Function PopTransitionSystemPowerStateEx (called at: 0x14098e330)
.data ptr with _guard_dispatch_icall: off_140C00618
Function KiMaskInterruptInternal (called at: 0x1403a38eb)
.data ptr with _guard_dispatch_icall: off_140C00770
Function KiMaskInterruptInternal (called at: 0x1403a392d)
Function IoProcessPassiveInterrupts (called at: 0x140506825)
Function KiMaskSecondaryInterruptInternal (called at: 0x1405130d3)
.data ptr with _guard_dispatch_icall: qword_140C00720
Function HvlEnlightenProcessor (called at: 0x1404a3ed5)
Function HvlEnlightenProcessor (called at: 0x1404a3f69)
Function HvlpTryConfigureInterface (called at: 0x140457659)
Function HvlpInitializeBootProcessor (called at: 0x1404ec9ca)
Function HvlpPhase0Enlightenments (called at: 0x1404f4167)
.data ptr with _guard_dispatch_icall: qword_140C00718
Function HvlpTryConfigureInterface (called at: 0x1404575dd)
Function HvlpInitializeBootProcessor (called at: 0x1404ec936)
Function HvlpInitializeBootProcessor (called at: 0x1404ec97a)
Function HvlpSetupBootProcessorEarlyHypercallPages (called at: 0x1404ed7d7)
Function HvlpPhase0Enlightenments (called at: 0x1404f4129)
.data ptr with _guard_dispatch_icall: off_140C00A68
Function HvlStartBootLogicalProcessors (called at: 0x14045770f)
Function MiInitializeLargePageColorSizes (called at: 0x1403aedb5)
Function EtwpAddLogHeader (called at: 0x140638015)
Function ExpQuerySystemInformation (called at: 0x1406f2ed0)
Function ExpQuerySystemInformation (called at: 0x1406f2f2a)
Function ExpQuerySystemInformation (called at: 0x14083ba7a)
Function ExpQuerySystemInformation (called at: 0x14083c2cd)
Function ExpQuerySystemInformation (called at: 0x14083c357)
Function ExpQuerySystemInformation (called at: 0x14083c3f6)
Function KeQueryIntervalProfile (called at: 0x14071826d)
Function EtwQueryPerformanceTraceInformation (called at: 0x140933ef7)
Function EtwSetPerformanceTraceInformation (called at: 0x1409349a4)
Function EtwpLogPmcCounterRundown (called at: 0x140939ac7)
Function EtwpSampledProfileRunDown (called at: 0x14093ab05)
Function EtwpCoverageSamplerStart (called at: 0x140942ff5)
Function ExpProfileCreate (called at: 0x140955f30)
Function BapdRecordFirmwareBootStats (called at: 0x14099683b)
Function BapdRecordFirmwareBootStats (called at: 0x140996888)
Function PopDiagTraceFirmwareS3Stats (called at: 0x1409ae54c)
Function KiIntSteerInit (called at: 0x140a3e5f1)
Function MiInitNucleus (called at: 0x140a42559)
Function PipDmgInitPhaseZero (called at: 0x140a48eef)
Function EtwpInitialize (called at: 0x140a6027d)
Function KeNumaInitialize (called at: 0x140a6f6f6)
Function PoFxRegisterDebugger (called at: 0x140a6fac9)
Function PoFxRegisterDebugger (called at: 0x140a8915d)
Function MiInitializeChannelRangesTemporary (called at: 0x140a898c2)
Function VslpIumPhase0Initialize (called at: 0x140a8d486)
Function BgkInitialize (called at: 0x140a94c3e)
.data ptr with _guard_dispatch_icall: qword_140C00630
Function HalpUsbLegacyScanBusForHandoff (called at: 0x1403b5eee)
Function HalpUsbLegacyScanBusForHandoff (called at: 0x1403b5f78)
Function x86BiosGetPciBusData (called at: 0x1403ca4d5)
Function HalpUsbLegacyStopOhciInterrupt (called at: 0x1404d126b)
Function HalpUsbLegacyStopUhciInterrupt (called at: 0x1404d13c7)
Function HalpUsbLegacyStopUhciInterrupt (called at: 0x1404d140d)
Function HalpStopLegacyUsbInterruptsInternal (called at: 0x1409a561f)
Function KdpSysReadBusData (called at: 0x1409b5ec3)
.data ptr with _guard_dispatch_icall: PcDmaDispatch
Function HalpDmaInitializeControllers (called at: 0x1403b7813)
Function HalpDmaInitializeControllers (called at: 0x1403b7813)
.data ptr with _guard_dispatch_icall: off_140C006A8
Function PpmInstallNewIdleStates (called at: 0x1403c04b6)
Function PpmRemoveIdleStates (called at: 0x140560fb0)
.data ptr with _guard_dispatch_icall: off_140C00648
Function HalGetVectorInput (called at: 0x1403c6245)
.data ptr with _guard_dispatch_icall: off_140C00700
Function HvlDebuggerSupportInitialize (called at: 0x1404afb6f)
.data ptr with _guard_dispatch_icall: off_140C005F8
Function HvlDebuggerSupportInitialize (called at: 0x1404afd4c)
Function HeadlessInit (called at: 0x140a89da9)
.data ptr with _guard_dispatch_icall: off_140C006B8
Function HalpCreateMcaMemoryErrorRecord (called at: 0x1404b3d3e)
Function HalpCreateMcaProcessorErrorRecord (called at: 0x1404b3f41)
Function HalpCreateNMIErrorRecord (called at: 0x1404b78f6)
.data ptr with _guard_dispatch_icall: off_140C007C8
Function HalpGetMcaExtendedLogStatusBlock (called at: 0x1404b40ff)
Function HalpMcaInitializeErrorSection (called at: 0x1404b4614)
Function HvlpQueryApicIdAndNumaNode (called at: 0x1404ecb8e)
.data ptr with _guard_dispatch_icall: off_140C00640
Function HalGetInterruptVector (called at: 0x1404b51ef)
.data ptr with _guard_dispatch_icall: HalpMcaEnabled
Function HalpMcaSetProcessorConfig (called at: 0x140995158)
.data ptr with _guard_dispatch_icall: off_140C00950
Function HalReturnToFirmware (called at: 0x1404b81a1)
.data ptr with _guard_dispatch_icall: qword_140C00638
Function x86BiosSetPciBusData (called at: 0x1404b9365)
Function HalpUsbLegacyStopUhciInterrupt (called at: 0x1404d13a8)
Function HalpUsbLegacyStopUhciInterrupt (called at: 0x1404d1432)
Function KdpSysWriteBusData (called at: 0x1409b5f2b)
.data ptr with _guard_dispatch_icall: HalpMoveMemory
Function HalpDmaSyncMapBuffers (called at: 0x1404c23b2)
Function HalpDmaSyncMapBuffersWithEmergencyResources (called at: 0x1404c2655)
.data ptr with _guard_dispatch_icall: off_140C00810
Function HalpInterruptRequestSecondaryInterrupt (called at: 0x1404cb0d9)
.data ptr with _guard_dispatch_icall: off_140C007A0
Function HvlPrepareForRootCrashdump (called at: 0x1404ef7d9)
Function HvlSkCrashdumpCallbackRoutine (called at: 0x1404f27ca)
Function PopSaveHiberContext (called at: 0x14099ff29)
.data ptr with _guard_dispatch_icall: off_140C00698
Function HvlPrepareForRootCrashdump (called at: 0x1404ef7ea)
Function HvlCrashdumpCallbackRoutine (called at: 0x1404f25f5)
Function HvlSkCrashdumpCallbackRoutine (called at: 0x1404f27db)
Function KeBugCheck2 (called at: 0x140510ccd)
.data ptr with _guard_dispatch_icall: qword_140C00A30
Function HvlpHandleIommuFaultMessage (called at: 0x1404f2e67)
.data ptr with _guard_dispatch_icall: off_140C00940
Function IoInitializeBugCheckProgress (called at: 0x1404fbd04)
Function PopCheckpointSystemSleep (called at: 0x14099fc4c)
.data ptr with _guard_dispatch_icall: off_140C008D8
Function IoWriteCrashDump (called at: 0x1404fcb75)
Function NtSetSystemInformation (called at: 0x14069acbe)
.data ptr with _guard_dispatch_icall: off_140C00848
Function IopWriteTriageDumpToFirmware (called at: 0x1404fe7c0)
.data ptr with _guard_dispatch_icall: off_140C00738
Function KdPowerTransitionEx (called at: 0x14050a88a)
Function KdPowerTransitionEx (called at: 0x14050a8b9)
Function KeFreezeExecution (called at: 0x14051727a)
Function KeThawExecution (called at: 0x140517624)
Function KiFreezeTargetExecution (called at: 0x140517986)
Function KiFreezeTargetExecution (called at: 0x140517a79)
.data ptr with _guard_dispatch_icall: off_140C00990
Function KiClearLastBranchRecordStack (called at: 0x14050c15b)
.data ptr with _guard_dispatch_icall: off_140C00978
Function KiProcessNMI (called at: 0x14050c4eb)
Function KiProcessNMI (called at: 0x14050c584)
.data ptr with _guard_dispatch_icall: off_140C00928
Function KeConvertAuxiliaryCounterToPerformanceCounter (called at: 0x14050db4b)
Function NtConvertBetweenAuxiliaryCounterAndPerformanceCounter (called at: 0x14095641b)
Function NtConvertBetweenAuxiliaryCounterAndPerformanceCounter (called at: 0x14095645f)
.data ptr with _guard_dispatch_icall: off_140C00920
Function KeConvertPerformanceCounterToAuxiliaryCounter (called at: 0x14050db6b)
Function NtConvertBetweenAuxiliaryCounterAndPerformanceCounter (called at: 0x14095641b)
Function NtConvertBetweenAuxiliaryCounterAndPerformanceCounter (called at: 0x14095645f)
.data ptr with _guard_dispatch_icall: off_140C00930
Function KeQueryAuxiliaryCounterFrequency (called at: 0x14050defb)
Function NtQueryAuxiliaryCounterFrequency (called at: 0x14095661c)
Function NtQueryAuxiliaryCounterFrequency (called at: 0x14095663a)
.data ptr with _guard_dispatch_icall: off_140C008E8
Function KeQueryWakeSource (called at: 0x14050e145)
.data ptr with _guard_dispatch_icall: off_140C008A8
Function KeBugCheck2 (called at: 0x14051088b)
Function KeBugCheck2 (called at: 0x1405112b6)
Function KdpSendWaitContinue (called at: 0x1409b5a55)
.data ptr with _guard_dispatch_icall: off_140C008C8
Function KeBugCheck2 (called at: 0x140510c9a)
Function NtSetSystemInformation (called at: 0x14069ace1)
Function PopInvokeSystemStateHandler (called at: 0x14099f8b2)
Function PopSaveHiberContext (called at: 0x1409a037c)
Function KdEnterDebugger (called at: 0x1409b409f)
.data ptr with _guard_dispatch_icall: KiNmiInProgress
Function KeBugCheck2 (called at: 0x140510ccd)
.data ptr with _guard_dispatch_icall: off_140C007A8
Function KeBugCheck2 (called at: 0x140511262)
Function PopHiberCheckResume (called at: 0x1409a1cdc)
.data ptr with _guard_dispatch_icall: off_140C008B8
Function KeBugCheck2 (called at: 0x140511284)
Function NtSetSystemInformation (called at: 0x14069ace1)
Function PopInvokeSystemStateHandler (called at: 0x14098f01a)
Function KdExitDebugger (called at: 0x1409b4211)
.data ptr with _guard_dispatch_icall: off_140C005D8
Function KeBugCheck2 (called at: 0x140511315)
Function KiBugCheckDebugBreak (called at: 0x140511917)
Function PopShutdownHandler (called at: 0x1409ae985)
.data ptr with _guard_dispatch_icall: qword_140C049A8
Function KseHookExAllocatePoolWithTag (called at: 0x140520c44)
.data ptr with _guard_dispatch_icall: qword_140C03158
Function KseDsCallbackHookAddDevice (called at: 0x140520cc1)
Function KseDsCallbackHookDriverStartIo (called at: 0x140520d8e)
Function KseDsCallbackHookDriverUnload (called at: 0x140520de3)
Function KseDsCallbackHookIrpDeviceControlFunction (called at: 0x140520e42)
Function KseDsCallbackHookIrpFunction (called at: 0x140520ec2)
Function KseDsCallbackHookIrpPnpFunction (called at: 0x140520f6f)
Function KseDsCallbackHookIrpPnpFunction (called at: 0x140520f82)
Function KseDsCallbackHookIrpPowerFunction (called at: 0x14052102e)
Function KseDsCallbackHookIrpPowerFunction (called at: 0x140521041)
.data ptr with _guard_dispatch_icall: qword_140C04CE8
Function KseDsHookExAllocatePool (called at: 0x1405211bb)
.data ptr with _guard_dispatch_icall: qword_140C04CA8
Function KseDsHookExAllocatePoolWithTag (called at: 0x140521223)
.data ptr with _guard_dispatch_icall: qword_140C04D08
Function KseDsHookExFreePool (called at: 0x140521280)
.data ptr with _guard_dispatch_icall: qword_140C04CC8
Function KseDsHookExFreePoolWithTag (called at: 0x1405212c6)
.data ptr with _guard_dispatch_icall: qword_140C04C68
Function KseDsHookIoCreateDevice (called at: 0x140521339)
.data ptr with _guard_dispatch_icall: qword_140C04D48
Function KseHookMmGetVirtualForPhysical (called at: 0x1405222d2)
.data ptr with _guard_dispatch_icall: qword_140C04D68
Function KseHookMmMapIoSpace (called at: 0x140522312)
.data ptr with _guard_dispatch_icall: qword_140C009F8
Function PopPowerButtonWorkCallback (called at: 0x140572429)
.data ptr with _guard_dispatch_icall: dword_140C0523C
Function VfQueryDispatchTable (called at: 0x14059a4cd)
.data ptr with _guard_dispatch_icall: VfXdvDispatchTable
Function VfQueryDispatchTable (called at: 0x14059a4cd)
.data ptr with _guard_dispatch_icall: off_140C00988
Function EtwpTraceLastBranchRecord (called at: 0x1405a9c16)
.data ptr with _guard_dispatch_icall: off_140C009D8
Function WheapGenericErrSrcRecover (called at: 0x1405b67eb)
.data ptr with _guard_dispatch_icall: off_140C05300
Function SpiInit (called at: 0x1405c49e1)
Function SpiInit (called at: 0x1405c49f9)
Function SpiInit (called at: 0x1405c4a08)
Function SpiInit (called at: 0x1405c4a82)
Function SpiInit (called at: 0x1405c4a93)
Function SpiSend16 (called at: 0x1405c4ec3)
Function SpiSend16 (called at: 0x1405c4eda)
Function UsifGetByte (called at: 0x1405c4f28)
Function UsifGetByte (called at: 0x1405c4f42)
Function UsifPutByte (called at: 0x1405c4fc0)
Function UsifPutByte (called at: 0x1405c4fd9)
Function UsifRxReady (called at: 0x1405c503c)
Function ReadRegisterWithIndex32 (called at: 0x1405c515b)
.data ptr with _guard_dispatch_icall: off_140C05308
Function SpiInit (called at: 0x1405c4a1e)
Function SpiInit (called at: 0x1405c4a33)
Function SpiInit (called at: 0x1405c4a47)
Function SpiInit (called at: 0x1405c4a59)
Function SpiInit (called at: 0x1405c4a6b)
Function SpiInit (called at: 0x1405c4ab1)
Function SpiSend16 (called at: 0x1405c4ea1)
Function SpiSend16 (called at: 0x1405c4eb3)
Function UsifPutByte (called at: 0x1405c4ff8)
Function WriteRegisterWithIndex32 (called at: 0x1405c53af)
.data ptr with _guard_dispatch_icall: off_140C052C0
Function ReadPortWithIndex16 (called at: 0x1405c509b)
.data ptr with _guard_dispatch_icall: off_140C052D0
Function ReadPortWithIndex32 (called at: 0x1405c50cb)
.data ptr with _guard_dispatch_icall: UartHardwareAccess
Function ReadPortWithIndex8 (called at: 0x1405c50fb)
.data ptr with _guard_dispatch_icall: off_140C052F0
Function ReadRegisterWithIndex16 (called at: 0x1405c512b)
.data ptr with _guard_dispatch_icall: off_140C05310
Function ReadRegisterWithIndex64 (called at: 0x1405c518b)
.data ptr with _guard_dispatch_icall: off_140C052E0
Function ReadRegisterWithIndex8 (called at: 0x1405c51bb)
.data ptr with _guard_dispatch_icall: off_140C052C8
Function WritePortWithIndex16 (called at: 0x1405c52ef)
.data ptr with _guard_dispatch_icall: off_140C052D8
Function WritePortWithIndex32 (called at: 0x1405c531f)
.data ptr with _guard_dispatch_icall: off_140C052B8
Function WritePortWithIndex8 (called at: 0x1405c534e)
.data ptr with _guard_dispatch_icall: off_140C052F8
Function WriteRegisterWithIndex16 (called at: 0x1405c537f)
.data ptr with _guard_dispatch_icall: off_140C05318
Function WriteRegisterWithIndex64 (called at: 0x1405c53df)
.data ptr with _guard_dispatch_icall: off_140C052E8
Function WriteRegisterWithIndex8 (called at: 0x1405c540e)
.data ptr with _guard_dispatch_icall: off_140C007E0
Function EtwpFreeLoggerContext (called at: 0x1407d072a)
Function EtwpUpdatePmcCounters (called at: 0x140936d28)
.data ptr with _guard_dispatch_icall: off_140C009B8
Function EtwpFreeLoggerContext (called at: 0x1407d078a)
.data ptr with _guard_dispatch_icall: off_140C008D0
Function ExpQuerySystemInformation (called at: 0x14083b727)
Function PoInitSystem (called at: 0x140a3c905)
.data ptr with _guard_dispatch_icall: off_140C009C0
Function PiDmaGuardProcessPostRemove (called at: 0x1408165b5)
.data ptr with _guard_dispatch_icall: off_140C009C8
Function PipProcessStartPhase1 (called at: 0x14081690a)
.data ptr with _guard_dispatch_icall: off_140C00908
Function IoGetDmaAdapter (called at: 0x140747f65)
Function IoGetDmaAdapter (called at: 0x140747fa2)
.data ptr with _guard_dispatch_icall: off_140C00A38
Function PipDmgSaveDeviceDmarPolicy (called at: 0x140750886)
Function HalpDmaAllocateChildAdapterV3 (called at: 0x1407a50f3)
.data ptr with _guard_dispatch_icall: off_140C005A8
Function PopAllocateHiberContext (called at: 0x14075b687)
Function PopMarkComponentsBootPhase (called at: 0x1409a20f1)
.data ptr with _guard_dispatch_icall: off_140C00AF8
Function CmpAcceptBoot (called at: 0x140770f4e)
Function PopGracefulShutdown (called at: 0x1409ad331)
.data ptr with _guard_dispatch_icall: off_140C00860
Function KeInitializeTimerTable (called at: 0x140819391)
Function PopInitPlatformSettings (called at: 0x140a6d346)
.data ptr with _guard_dispatch_icall: off_140C009A0
Function EtwpInitializeLastBranchTracing (called at: 0x1407b63e2)
.data ptr with _guard_dispatch_icall: off_140C009D0
Function IoGetIommuInterface (called at: 0x1407b6907)
.data ptr with _guard_dispatch_icall: off_140C005D0
Function HalAssignSlotResources (called at: 0x14086017a)
.data ptr with _guard_dispatch_icall: off_140C00980
Function IopEnumerateEnvironmentVariablesHal (called at: 0x14089629b)
.data ptr with _guard_dispatch_icall: off_140C00678
Function PnprReplaceStart (called at: 0x1408aaabe)
.data ptr with _guard_dispatch_icall: qword_140C04DE8
Function KseHookQueryValueKey (called at: 0x1408bda16)
.data ptr with _guard_dispatch_icall: AlpcpLogCallbackListHead
Function AlpcpInvokeLogCallbacks (called at: 0x1408bf97d)
Function AlpcpInvokeLogCallbacks (called at: 0x1408bf97d)
.data ptr with _guard_dispatch_icall: unk_140C031C8
Function PopPolicyDeviceRemove (called at: 0x1408ed50d)
.data ptr with _guard_dispatch_icall: off_140C007D0
Function EtwpUpdatePmcCounters (called at: 0x140936ce8)
.data ptr with _guard_dispatch_icall: off_140C00870
Function EtwpClockSourceRunDown (called at: 0x1409396c7)
Function KeInitializeClock (called at: 0x140a6984f)
.data ptr with _guard_dispatch_icall: off_140C009B0
Function EtwpUpdateLastBranchTracingConfiguration (called at: 0x140943f5f)
.data ptr with _guard_dispatch_icall: off_140C005C0
Function PopTransitionSystemPowerStateEx (called at: 0x14098e1c3)
Function PopTransitionSystemPowerStateEx (called at: 0x14098e40d)
.data ptr with _guard_dispatch_icall: off_140C006A0
Function PopInvokeSystemStateHandler (called at: 0x14098f224)
Function PopInvokeSystemStateHandler (called at: 0x14099f971)
.data ptr with _guard_dispatch_icall: off_140C00858
Function PopRestoreHiberContext (called at: 0x14098f82f)
Function PopRestoreHiberContext (called at: 0x14099fcb6)
.data ptr with _guard_dispatch_icall: off_140C00850
Function PopSaveHiberContext (called at: 0x14098fb00)
.data ptr with _guard_dispatch_icall: off_140C007C0
Function HalpAcpiPostSleep (called at: 0x1409a0bdd)
Function HaliLocateHiberRanges (called at: 0x1409a1244)
Function PopHiberCheckResume (called at: 0x140993fb6)
.data ptr with _guard_dispatch_icall: off_140C006C0
Function HalpAcpiPostSleep (called at: 0x1409a0c97)
Function PopHiberCheckResume (called at: 0x140993f8d)
.data ptr with _guard_dispatch_icall: off_140C00800
Function HaliLocateHiberRanges (called at: 0x1409a1244)
.data ptr with _guard_dispatch_icall: off_140C00838
Function PopHiberCheckResume (called at: 0x140993f69)
Function PopHiberCheckResume (called at: 0x140993f9c)
.data ptr with _guard_dispatch_icall: off_140C00688
Function PnprEndMirroring (called at: 0x1409a9ae1)
Function PnprInitiateReplaceOperation (called at: 0x1409a9dc2)
Function PnprQuiesceProcessors (called at: 0x1409aad77)
Function PnprQuiesceProcessors (called at: 0x1409aaee3)
Function PnprWakeProcessors (called at: 0x1409ab205)
.data ptr with _guard_dispatch_icall: off_140C00690
Function PnprInitiateReplaceOperation (called at: 0x1409a9ef5)
.data ptr with _guard_dispatch_icall: off_140C006E8
Function PnprQuiesceProcessorDpc (called at: 0x1409aa8d2)
.data ptr with _guard_dispatch_icall: off_140C00680
Function PnprQuiesceProcessorDpc (called at: 0x1409aa8ec)
.data ptr with _guard_dispatch_icall: off_140C006F0
Function PnprQuiesceProcessorDpc (called at: 0x1409aaa94)
.data ptr with _guard_dispatch_icall: off_140C006D8
Function PnprQuiesceProcessors (called at: 0x1409aacbf)
.data ptr with _guard_dispatch_icall: off_140C006B0
Function PnprWakeProcessors (called at: 0x1409ab1e1)
Function KiInitializeDynamicProcessorDpc (called at: 0x1409ab8b5)
Function KeStartAllProcessors (called at: 0x140a3ef05)
.data ptr with _guard_dispatch_icall: off_140C006E0
Function PnprWakeProcessors (called at: 0x1409ab256)
.data ptr with _guard_dispatch_icall: off_140C00910
Function VfGetDmaAdapter (called at: 0x1409c8f03)
.data ptr with _guard_dispatch_icall: off_140C008B0
Function InitBootProcessor (called at: 0x140a37c95)
.data ptr with _guard_dispatch_icall: off_140C00AC0
Function IoInitSystemPreDrivers (called at: 0x140a3b901)
.data ptr with _guard_dispatch_icall: KiNumaQueryNodeCapacity
Function KiPerformGroupConfiguration (called at: 0x140a3f1c7)
.data ptr with _guard_dispatch_icall: KiNumaQueryNodeDistance
Function KiPerformGroupConfiguration (called at: 0x140a3f2aa)
.data ptr with _guard_dispatch_icall: HalpExtensionImports
Function HalpExtInitExtensions (called at: 0x140a86c5f)
Some discussions on UnknownCheats
TODO
- Add additional pattern matching