|
|
|
|
@ -1,9 +1,523 @@
|
|
|
|
|
# ida-find-.data-ptr
|
|
|
|
|
A simple ida python script to find .data ptr
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Run ``find_data_ptr.py``
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Run ``find_data_ptr_guard_dispatch_icall.py``
|
|
|
|
|
```asm
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00A00
|
|
|
|
|
Function HvlGetSharedPageVa (called at: 0x140236507)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: HalPerformEndOfInterruptAtController
|
|
|
|
|
Function HalPerformEndOfInterrupt (called at: 0x140274485)
|
|
|
|
|
Function HalpInterruptResetThisProcessor (called at: 0x1404b652c)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C009E0
|
|
|
|
|
Function EtwGetKernelTraceTimestamp (called at: 0x14043ddea)
|
|
|
|
|
Function KiExecuteAllDpcs (called at: 0x140472afd)
|
|
|
|
|
Function EtwpReserveTraceBuffer (called at: 0x140472fe5)
|
|
|
|
|
Function EtwGetKernelTraceTimestampSilo (called at: 0x140481ad3)
|
|
|
|
|
Function EtwpGetLoggerTimeStamp (called at: 0x140489670)
|
|
|
|
|
Function EtwpInitializeTimeStamp (called at: 0x1407f4d34)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: HalpProfileInterface
|
|
|
|
|
Function HalpProcessorPrepareForIdle (called at: 0x14043e59c)
|
|
|
|
|
Function HalpProcessorResumeFromIdle (called at: 0x14043e5e4)
|
|
|
|
|
Function HalpSetProfileSourceInterval (called at: 0x140369c5b)
|
|
|
|
|
Function HalpRestartProfiling (called at: 0x140383323)
|
|
|
|
|
Function HalpTimerInitializeProfiling (called at: 0x1403a52ad)
|
|
|
|
|
Function HalSetProfileInterval (called at: 0x1404b878a)
|
|
|
|
|
Function HalStartProfileInterrupt (called at: 0x1404b87c6)
|
|
|
|
|
Function HalStopProfileInterrupt (called at: 0x1404b87f1)
|
|
|
|
|
Function HalpAllocatePmcCounterSet (called at: 0x1404b894d)
|
|
|
|
|
Function HalpAllocatePmcCounterSet (called at: 0x1404b8983)
|
|
|
|
|
Function HalpAllocatePmcCounterSet (called at: 0x1404b89cd)
|
|
|
|
|
Function HalpFreePmcCounterSet (called at: 0x1404b8d07)
|
|
|
|
|
Function HalpPerfInterrupt (called at: 0x1404b8f61)
|
|
|
|
|
Function HalpPerfInterrupt (called at: 0x1404b8f87)
|
|
|
|
|
Function KiStopProfileTarget (called at: 0x140515f41)
|
|
|
|
|
Function HalpSetSystemInformation (called at: 0x14080f1e1)
|
|
|
|
|
Function HalpSetSystemInformation (called at: 0x14080f20d)
|
|
|
|
|
Function HalpQueryProfileInformation (called at: 0x140757447)
|
|
|
|
|
Function HalAllocateHardwareCounters (called at: 0x1408602d0)
|
|
|
|
|
Function HalFreeHardwareCounters (called at: 0x140860360)
|
|
|
|
|
Function HalFreeHardwareCounters (called at: 0x140860360)
|
|
|
|
|
Function HalpCompleteInitializeProfiling (called at: 0x140996c28)
|
|
|
|
|
Function HalpInitializeProfiling (called at: 0x140996c88)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00890
|
|
|
|
|
Function KiSetClockTickRate (called at: 0x14027b1cd)
|
|
|
|
|
Function KePrepareClockTimerForIdle (called at: 0x14027b4a6)
|
|
|
|
|
Function KiRestoreClockTickRate (called at: 0x14027b7a4)
|
|
|
|
|
Function KeInitializeClock (called at: 0x140a86322)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: HalpPlatformFlags
|
|
|
|
|
Function HalpDpPostReplace (called at: 0x1409a4776)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: HalpSystemHardwareLock
|
|
|
|
|
Function HalpAcquireCmosSpinLock (called at: 0x140446b6a)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: PpmPerfCoreParkingMask
|
|
|
|
|
Function PpmParkReportMask (called at: 0x140446f65)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00868
|
|
|
|
|
Function KiIntSteerSetDestination (called at: 0x14029f0c2)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: dword_140C020C0
|
|
|
|
|
Function CmSaveMergedKeys (called at: 0x140878f05)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: HalIommuDispatch
|
|
|
|
|
Function ExFreeSvmAsid (called at: 0x140450106)
|
|
|
|
|
Function HalpIommuInterruptRoutine (called at: 0x1404c5f1f)
|
|
|
|
|
Function IommuProcessPageRequestQueue (called at: 0x1404d32a2)
|
|
|
|
|
Function IommuProcessPageRequestQueue (called at: 0x1404d3440)
|
|
|
|
|
Function IommuProcessPageRequestQueue (called at: 0x1404d3554)
|
|
|
|
|
Function IommuProcessPageRequestQueue (called at: 0x1404d36aa)
|
|
|
|
|
Function IommupHvInterruptRoutine (called at: 0x1404d406c)
|
|
|
|
|
Function ExFlushTb (called at: 0x1405b0a36)
|
|
|
|
|
Function ExShareAddressSpaceWithDevice (called at: 0x1405b0e48)
|
|
|
|
|
Function ExShareAddressSpaceWithDevice (called at: 0x1405b0f51)
|
|
|
|
|
Function ExShareAddressSpaceWithDevice (called at: 0x1405b1487)
|
|
|
|
|
Function ExShareAddressSpaceWithDevice (called at: 0x1405b14b4)
|
|
|
|
|
Function ExSvmBeginDeviceReset (called at: 0x1405b18b0)
|
|
|
|
|
Function ExSvmDevicePowerCallback (called at: 0x1405b1ae6)
|
|
|
|
|
Function ExSvmFinalizeDeviceReset (called at: 0x1405b1cd2)
|
|
|
|
|
Function ExpPrepareNewSvmDevice (called at: 0x1405b2488)
|
|
|
|
|
Function ExpPrepareNewSvmDevice (called at: 0x1405b251e)
|
|
|
|
|
Function ExpSvmDereferenceDevice (called at: 0x1405b283e)
|
|
|
|
|
Function ExpSvmWorkerThread (called at: 0x1405b2dbc)
|
|
|
|
|
Function HalpIommuInitSystem (called at: 0x14099705e)
|
|
|
|
|
Function HalpIommuInitSystem (called at: 0x140997076)
|
|
|
|
|
Function InitBootProcessor (called at: 0x140a37c95)
|
|
|
|
|
Function ExpInitializeSvm (called at: 0x140a6da40)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C007D8
|
|
|
|
|
Function HalpTimerClockIpiRoutine (called at: 0x140326389)
|
|
|
|
|
Function HalpTimerClockInterrupt (called at: 0x14032f0a7)
|
|
|
|
|
Function HalpTimerAlwaysOnClockInterrupt (called at: 0x1404ce7a4)
|
|
|
|
|
Function EtwpReserveWithPmcCounters (called at: 0x1405a2ef3)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C008C0
|
|
|
|
|
Function HalpTimerClockIpiRoutine (called at: 0x1403263ce)
|
|
|
|
|
Function KeClockInterruptNotify (called at: 0x140326517)
|
|
|
|
|
Function HalpTimerClockInterrupt (called at: 0x14032f0f1)
|
|
|
|
|
Function HalpTimerAlwaysOnClockInterrupt (called at: 0x1404ce757)
|
|
|
|
|
Function NtSetSystemInformation (called at: 0x14069ace1)
|
|
|
|
|
Function PopWriteHiberPages (called at: 0x14098d894)
|
|
|
|
|
Function PopRequestWrite (called at: 0x1409902ed)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00740
|
|
|
|
|
Function PpmIdleExecuteTransition (called at: 0x1403279d3)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00888
|
|
|
|
|
Function PpmIdleExecuteTransition (called at: 0x140327b4a)
|
|
|
|
|
Function KeResumeClockTimerFromIdle (called at: 0x140329bf2)
|
|
|
|
|
Function KeSuspendClockTimer (called at: 0x14038154b)
|
|
|
|
|
Function KeSuspendClockTimerSafe (called at: 0x14050d8d5)
|
|
|
|
|
Function KeSuspendClockTimerSafe (called at: 0x14050d971)
|
|
|
|
|
Function KeInitializeClock (called at: 0x140a862e9)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00750
|
|
|
|
|
Function PpmIdleExecuteTransition (called at: 0x1403288dd)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C009A8
|
|
|
|
|
Function PpmIdleExecuteTransition (called at: 0x140328926)
|
|
|
|
|
Function HalpRestartProfiling (called at: 0x140383354)
|
|
|
|
|
Function HalpPerfInterrupt (called at: 0x1404b8f95)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00898
|
|
|
|
|
Function KeResumeClockTimerFromIdle (called at: 0x140329a42)
|
|
|
|
|
Function KeResumeClockTimerFromIdle (called at: 0x1404875e2)
|
|
|
|
|
Function KeResumeClockTimerFromIdle (called at: 0x140487689)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00880
|
|
|
|
|
Function KeResumeClockTimerFromIdle (called at: 0x140329be1)
|
|
|
|
|
Function KeResumeClockTimerFromIdle (called at: 0x140487720)
|
|
|
|
|
Function KiResumeClockTimer (called at: 0x140380c8b)
|
|
|
|
|
Function KeInitializeClock (called at: 0x140a862fc)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00968
|
|
|
|
|
Function KiGetNextTimerExpirationDueTime (called at: 0x14032a481)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00A70
|
|
|
|
|
Function KiSetIntervalWorker (called at: 0x14036a1a5)
|
|
|
|
|
Function EtwSetPerformanceTraceInformation (called at: 0x140934a38)
|
|
|
|
|
Function EtwSetPerformanceTraceInformation (called at: 0x140934b66)
|
|
|
|
|
Function EtwpLoadMicroarchitecturalProfileSource (called at: 0x14093687e)
|
|
|
|
|
Function VslpIumPhase0Initialize (called at: 0x140a8d5d7)
|
|
|
|
|
Function VslpIumPhase0Initialize (called at: 0x140a8d5ee)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00780
|
|
|
|
|
Function HalDisableInterrupt (called at: 0x14045a851)
|
|
|
|
|
Function HalEnableInterrupt (called at: 0x14045ac6b)
|
|
|
|
|
Function KiIntSteerConnect (called at: 0x140375165)
|
|
|
|
|
Function KiIsInterruptTypeSecondary (called at: 0x14045af1e)
|
|
|
|
|
Function HalpUnmaskInterrupt (called at: 0x14049748b)
|
|
|
|
|
Function HalpMaskInterrupt (called at: 0x1404a3845)
|
|
|
|
|
Function HalpInterruptRequestInterrupt (called at: 0x1404b6736)
|
|
|
|
|
Function HalpInterruptRequestSecondaryInterrupt (called at: 0x1404cb068)
|
|
|
|
|
Function IopConnectInterrupt (called at: 0x1407444b6)
|
|
|
|
|
Function IopConnectInterruptFullySpecified (called at: 0x1407adc0d)
|
|
|
|
|
Function IopAllocatePassiveInterruptBlock (called at: 0x14089d91a)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C008E0
|
|
|
|
|
Function KeConnectInterrupt (called at: 0x14045aa49)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00778
|
|
|
|
|
Function KeConnectInterrupt (called at: 0x14045aa75)
|
|
|
|
|
Function KeUnmaskInterrupt (called at: 0x1403890d1)
|
|
|
|
|
Function IopPassiveInterruptWorker (called at: 0x140506efe)
|
|
|
|
|
Function KiUnmaskSecondaryInterruptInternal (called at: 0x14051343d)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00768
|
|
|
|
|
Function KiIntSteerConnect (called at: 0x14045acfd)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00878
|
|
|
|
|
Function KiResumeClockTimer (called at: 0x140380c9a)
|
|
|
|
|
Function KeInitializeClock (called at: 0x140a8630a)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C007F0
|
|
|
|
|
Function HalpSetResumeTime (called at: 0x1404944df)
|
|
|
|
|
Function AnFwDisplayBackgroundUpdate (called at: 0x1409f313d)
|
|
|
|
|
Function AnFwpBackgroundUpdateTimer (called at: 0x1409f41d1)
|
|
|
|
|
Function GetBootSystemTime (called at: 0x140a6d6fa)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C005C8
|
|
|
|
|
Function HalTranslateBusAddress (called at: 0x1403a207f)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00948
|
|
|
|
|
Function HalpPowerStateCallback (called at: 0x1403a351e)
|
|
|
|
|
Function PopTransitionSystemPowerStateEx (called at: 0x14098e330)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00618
|
|
|
|
|
Function KiMaskInterruptInternal (called at: 0x1403a38eb)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00770
|
|
|
|
|
Function KiMaskInterruptInternal (called at: 0x1403a392d)
|
|
|
|
|
Function IoProcessPassiveInterrupts (called at: 0x140506825)
|
|
|
|
|
Function KiMaskSecondaryInterruptInternal (called at: 0x1405130d3)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: qword_140C00720
|
|
|
|
|
Function HvlEnlightenProcessor (called at: 0x1404a3ed5)
|
|
|
|
|
Function HvlEnlightenProcessor (called at: 0x1404a3f69)
|
|
|
|
|
Function HvlpTryConfigureInterface (called at: 0x140457659)
|
|
|
|
|
Function HvlpInitializeBootProcessor (called at: 0x1404ec9ca)
|
|
|
|
|
Function HvlpPhase0Enlightenments (called at: 0x1404f4167)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: qword_140C00718
|
|
|
|
|
Function HvlpTryConfigureInterface (called at: 0x1404575dd)
|
|
|
|
|
Function HvlpInitializeBootProcessor (called at: 0x1404ec936)
|
|
|
|
|
Function HvlpInitializeBootProcessor (called at: 0x1404ec97a)
|
|
|
|
|
Function HvlpSetupBootProcessorEarlyHypercallPages (called at: 0x1404ed7d7)
|
|
|
|
|
Function HvlpPhase0Enlightenments (called at: 0x1404f4129)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00A68
|
|
|
|
|
Function HvlStartBootLogicalProcessors (called at: 0x14045770f)
|
|
|
|
|
Function MiInitializeLargePageColorSizes (called at: 0x1403aedb5)
|
|
|
|
|
Function EtwpAddLogHeader (called at: 0x140638015)
|
|
|
|
|
Function ExpQuerySystemInformation (called at: 0x1406f2ed0)
|
|
|
|
|
Function ExpQuerySystemInformation (called at: 0x1406f2f2a)
|
|
|
|
|
Function ExpQuerySystemInformation (called at: 0x14083ba7a)
|
|
|
|
|
Function ExpQuerySystemInformation (called at: 0x14083c2cd)
|
|
|
|
|
Function ExpQuerySystemInformation (called at: 0x14083c357)
|
|
|
|
|
Function ExpQuerySystemInformation (called at: 0x14083c3f6)
|
|
|
|
|
Function KeQueryIntervalProfile (called at: 0x14071826d)
|
|
|
|
|
Function EtwQueryPerformanceTraceInformation (called at: 0x140933ef7)
|
|
|
|
|
Function EtwSetPerformanceTraceInformation (called at: 0x1409349a4)
|
|
|
|
|
Function EtwpLogPmcCounterRundown (called at: 0x140939ac7)
|
|
|
|
|
Function EtwpSampledProfileRunDown (called at: 0x14093ab05)
|
|
|
|
|
Function EtwpCoverageSamplerStart (called at: 0x140942ff5)
|
|
|
|
|
Function ExpProfileCreate (called at: 0x140955f30)
|
|
|
|
|
Function BapdRecordFirmwareBootStats (called at: 0x14099683b)
|
|
|
|
|
Function BapdRecordFirmwareBootStats (called at: 0x140996888)
|
|
|
|
|
Function PopDiagTraceFirmwareS3Stats (called at: 0x1409ae54c)
|
|
|
|
|
Function KiIntSteerInit (called at: 0x140a3e5f1)
|
|
|
|
|
Function MiInitNucleus (called at: 0x140a42559)
|
|
|
|
|
Function PipDmgInitPhaseZero (called at: 0x140a48eef)
|
|
|
|
|
Function EtwpInitialize (called at: 0x140a6027d)
|
|
|
|
|
Function KeNumaInitialize (called at: 0x140a6f6f6)
|
|
|
|
|
Function PoFxRegisterDebugger (called at: 0x140a6fac9)
|
|
|
|
|
Function PoFxRegisterDebugger (called at: 0x140a8915d)
|
|
|
|
|
Function MiInitializeChannelRangesTemporary (called at: 0x140a898c2)
|
|
|
|
|
Function VslpIumPhase0Initialize (called at: 0x140a8d486)
|
|
|
|
|
Function BgkInitialize (called at: 0x140a94c3e)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: qword_140C00630
|
|
|
|
|
Function HalpUsbLegacyScanBusForHandoff (called at: 0x1403b5eee)
|
|
|
|
|
Function HalpUsbLegacyScanBusForHandoff (called at: 0x1403b5f78)
|
|
|
|
|
Function x86BiosGetPciBusData (called at: 0x1403ca4d5)
|
|
|
|
|
Function HalpUsbLegacyStopOhciInterrupt (called at: 0x1404d126b)
|
|
|
|
|
Function HalpUsbLegacyStopUhciInterrupt (called at: 0x1404d13c7)
|
|
|
|
|
Function HalpUsbLegacyStopUhciInterrupt (called at: 0x1404d140d)
|
|
|
|
|
Function HalpStopLegacyUsbInterruptsInternal (called at: 0x1409a561f)
|
|
|
|
|
Function KdpSysReadBusData (called at: 0x1409b5ec3)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: PcDmaDispatch
|
|
|
|
|
Function HalpDmaInitializeControllers (called at: 0x1403b7813)
|
|
|
|
|
Function HalpDmaInitializeControllers (called at: 0x1403b7813)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C006A8
|
|
|
|
|
Function PpmInstallNewIdleStates (called at: 0x1403c04b6)
|
|
|
|
|
Function PpmRemoveIdleStates (called at: 0x140560fb0)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00648
|
|
|
|
|
Function HalGetVectorInput (called at: 0x1403c6245)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00700
|
|
|
|
|
Function HvlDebuggerSupportInitialize (called at: 0x1404afb6f)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C005F8
|
|
|
|
|
Function HvlDebuggerSupportInitialize (called at: 0x1404afd4c)
|
|
|
|
|
Function HeadlessInit (called at: 0x140a89da9)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C006B8
|
|
|
|
|
Function HalpCreateMcaMemoryErrorRecord (called at: 0x1404b3d3e)
|
|
|
|
|
Function HalpCreateMcaProcessorErrorRecord (called at: 0x1404b3f41)
|
|
|
|
|
Function HalpCreateNMIErrorRecord (called at: 0x1404b78f6)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C007C8
|
|
|
|
|
Function HalpGetMcaExtendedLogStatusBlock (called at: 0x1404b40ff)
|
|
|
|
|
Function HalpMcaInitializeErrorSection (called at: 0x1404b4614)
|
|
|
|
|
Function HvlpQueryApicIdAndNumaNode (called at: 0x1404ecb8e)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00640
|
|
|
|
|
Function HalGetInterruptVector (called at: 0x1404b51ef)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: HalpMcaEnabled
|
|
|
|
|
Function HalpMcaSetProcessorConfig (called at: 0x140995158)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00950
|
|
|
|
|
Function HalReturnToFirmware (called at: 0x1404b81a1)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: qword_140C00638
|
|
|
|
|
Function x86BiosSetPciBusData (called at: 0x1404b9365)
|
|
|
|
|
Function HalpUsbLegacyStopUhciInterrupt (called at: 0x1404d13a8)
|
|
|
|
|
Function HalpUsbLegacyStopUhciInterrupt (called at: 0x1404d1432)
|
|
|
|
|
Function KdpSysWriteBusData (called at: 0x1409b5f2b)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: HalpMoveMemory
|
|
|
|
|
Function HalpDmaSyncMapBuffers (called at: 0x1404c23b2)
|
|
|
|
|
Function HalpDmaSyncMapBuffersWithEmergencyResources (called at: 0x1404c2655)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00810
|
|
|
|
|
Function HalpInterruptRequestSecondaryInterrupt (called at: 0x1404cb0d9)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C007A0
|
|
|
|
|
Function HvlPrepareForRootCrashdump (called at: 0x1404ef7d9)
|
|
|
|
|
Function HvlSkCrashdumpCallbackRoutine (called at: 0x1404f27ca)
|
|
|
|
|
Function PopSaveHiberContext (called at: 0x14099ff29)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00698
|
|
|
|
|
Function HvlPrepareForRootCrashdump (called at: 0x1404ef7ea)
|
|
|
|
|
Function HvlCrashdumpCallbackRoutine (called at: 0x1404f25f5)
|
|
|
|
|
Function HvlSkCrashdumpCallbackRoutine (called at: 0x1404f27db)
|
|
|
|
|
Function KeBugCheck2 (called at: 0x140510ccd)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: qword_140C00A30
|
|
|
|
|
Function HvlpHandleIommuFaultMessage (called at: 0x1404f2e67)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00940
|
|
|
|
|
Function IoInitializeBugCheckProgress (called at: 0x1404fbd04)
|
|
|
|
|
Function PopCheckpointSystemSleep (called at: 0x14099fc4c)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C008D8
|
|
|
|
|
Function IoWriteCrashDump (called at: 0x1404fcb75)
|
|
|
|
|
Function NtSetSystemInformation (called at: 0x14069acbe)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00848
|
|
|
|
|
Function IopWriteTriageDumpToFirmware (called at: 0x1404fe7c0)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00738
|
|
|
|
|
Function KdPowerTransitionEx (called at: 0x14050a88a)
|
|
|
|
|
Function KdPowerTransitionEx (called at: 0x14050a8b9)
|
|
|
|
|
Function KeFreezeExecution (called at: 0x14051727a)
|
|
|
|
|
Function KeThawExecution (called at: 0x140517624)
|
|
|
|
|
Function KiFreezeTargetExecution (called at: 0x140517986)
|
|
|
|
|
Function KiFreezeTargetExecution (called at: 0x140517a79)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00990
|
|
|
|
|
Function KiClearLastBranchRecordStack (called at: 0x14050c15b)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00978
|
|
|
|
|
Function KiProcessNMI (called at: 0x14050c4eb)
|
|
|
|
|
Function KiProcessNMI (called at: 0x14050c584)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00928
|
|
|
|
|
Function KeConvertAuxiliaryCounterToPerformanceCounter (called at: 0x14050db4b)
|
|
|
|
|
Function NtConvertBetweenAuxiliaryCounterAndPerformanceCounter (called at: 0x14095641b)
|
|
|
|
|
Function NtConvertBetweenAuxiliaryCounterAndPerformanceCounter (called at: 0x14095645f)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00920
|
|
|
|
|
Function KeConvertPerformanceCounterToAuxiliaryCounter (called at: 0x14050db6b)
|
|
|
|
|
Function NtConvertBetweenAuxiliaryCounterAndPerformanceCounter (called at: 0x14095641b)
|
|
|
|
|
Function NtConvertBetweenAuxiliaryCounterAndPerformanceCounter (called at: 0x14095645f)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00930
|
|
|
|
|
Function KeQueryAuxiliaryCounterFrequency (called at: 0x14050defb)
|
|
|
|
|
Function NtQueryAuxiliaryCounterFrequency (called at: 0x14095661c)
|
|
|
|
|
Function NtQueryAuxiliaryCounterFrequency (called at: 0x14095663a)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C008E8
|
|
|
|
|
Function KeQueryWakeSource (called at: 0x14050e145)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C008A8
|
|
|
|
|
Function KeBugCheck2 (called at: 0x14051088b)
|
|
|
|
|
Function KeBugCheck2 (called at: 0x1405112b6)
|
|
|
|
|
Function KdpSendWaitContinue (called at: 0x1409b5a55)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C008C8
|
|
|
|
|
Function KeBugCheck2 (called at: 0x140510c9a)
|
|
|
|
|
Function NtSetSystemInformation (called at: 0x14069ace1)
|
|
|
|
|
Function PopInvokeSystemStateHandler (called at: 0x14099f8b2)
|
|
|
|
|
Function PopSaveHiberContext (called at: 0x1409a037c)
|
|
|
|
|
Function KdEnterDebugger (called at: 0x1409b409f)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: KiNmiInProgress
|
|
|
|
|
Function KeBugCheck2 (called at: 0x140510ccd)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C007A8
|
|
|
|
|
Function KeBugCheck2 (called at: 0x140511262)
|
|
|
|
|
Function PopHiberCheckResume (called at: 0x1409a1cdc)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C008B8
|
|
|
|
|
Function KeBugCheck2 (called at: 0x140511284)
|
|
|
|
|
Function NtSetSystemInformation (called at: 0x14069ace1)
|
|
|
|
|
Function PopInvokeSystemStateHandler (called at: 0x14098f01a)
|
|
|
|
|
Function KdExitDebugger (called at: 0x1409b4211)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C005D8
|
|
|
|
|
Function KeBugCheck2 (called at: 0x140511315)
|
|
|
|
|
Function KiBugCheckDebugBreak (called at: 0x140511917)
|
|
|
|
|
Function PopShutdownHandler (called at: 0x1409ae985)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: qword_140C049A8
|
|
|
|
|
Function KseHookExAllocatePoolWithTag (called at: 0x140520c44)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: qword_140C03158
|
|
|
|
|
Function KseDsCallbackHookAddDevice (called at: 0x140520cc1)
|
|
|
|
|
Function KseDsCallbackHookDriverStartIo (called at: 0x140520d8e)
|
|
|
|
|
Function KseDsCallbackHookDriverUnload (called at: 0x140520de3)
|
|
|
|
|
Function KseDsCallbackHookIrpDeviceControlFunction (called at: 0x140520e42)
|
|
|
|
|
Function KseDsCallbackHookIrpFunction (called at: 0x140520ec2)
|
|
|
|
|
Function KseDsCallbackHookIrpPnpFunction (called at: 0x140520f6f)
|
|
|
|
|
Function KseDsCallbackHookIrpPnpFunction (called at: 0x140520f82)
|
|
|
|
|
Function KseDsCallbackHookIrpPowerFunction (called at: 0x14052102e)
|
|
|
|
|
Function KseDsCallbackHookIrpPowerFunction (called at: 0x140521041)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: qword_140C04CE8
|
|
|
|
|
Function KseDsHookExAllocatePool (called at: 0x1405211bb)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: qword_140C04CA8
|
|
|
|
|
Function KseDsHookExAllocatePoolWithTag (called at: 0x140521223)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: qword_140C04D08
|
|
|
|
|
Function KseDsHookExFreePool (called at: 0x140521280)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: qword_140C04CC8
|
|
|
|
|
Function KseDsHookExFreePoolWithTag (called at: 0x1405212c6)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: qword_140C04C68
|
|
|
|
|
Function KseDsHookIoCreateDevice (called at: 0x140521339)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: qword_140C04D48
|
|
|
|
|
Function KseHookMmGetVirtualForPhysical (called at: 0x1405222d2)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: qword_140C04D68
|
|
|
|
|
Function KseHookMmMapIoSpace (called at: 0x140522312)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: qword_140C009F8
|
|
|
|
|
Function PopPowerButtonWorkCallback (called at: 0x140572429)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: dword_140C0523C
|
|
|
|
|
Function VfQueryDispatchTable (called at: 0x14059a4cd)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: VfXdvDispatchTable
|
|
|
|
|
Function VfQueryDispatchTable (called at: 0x14059a4cd)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00988
|
|
|
|
|
Function EtwpTraceLastBranchRecord (called at: 0x1405a9c16)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C009D8
|
|
|
|
|
Function WheapGenericErrSrcRecover (called at: 0x1405b67eb)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C05300
|
|
|
|
|
Function SpiInit (called at: 0x1405c49e1)
|
|
|
|
|
Function SpiInit (called at: 0x1405c49f9)
|
|
|
|
|
Function SpiInit (called at: 0x1405c4a08)
|
|
|
|
|
Function SpiInit (called at: 0x1405c4a82)
|
|
|
|
|
Function SpiInit (called at: 0x1405c4a93)
|
|
|
|
|
Function SpiSend16 (called at: 0x1405c4ec3)
|
|
|
|
|
Function SpiSend16 (called at: 0x1405c4eda)
|
|
|
|
|
Function UsifGetByte (called at: 0x1405c4f28)
|
|
|
|
|
Function UsifGetByte (called at: 0x1405c4f42)
|
|
|
|
|
Function UsifPutByte (called at: 0x1405c4fc0)
|
|
|
|
|
Function UsifPutByte (called at: 0x1405c4fd9)
|
|
|
|
|
Function UsifRxReady (called at: 0x1405c503c)
|
|
|
|
|
Function ReadRegisterWithIndex32 (called at: 0x1405c515b)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C05308
|
|
|
|
|
Function SpiInit (called at: 0x1405c4a1e)
|
|
|
|
|
Function SpiInit (called at: 0x1405c4a33)
|
|
|
|
|
Function SpiInit (called at: 0x1405c4a47)
|
|
|
|
|
Function SpiInit (called at: 0x1405c4a59)
|
|
|
|
|
Function SpiInit (called at: 0x1405c4a6b)
|
|
|
|
|
Function SpiInit (called at: 0x1405c4ab1)
|
|
|
|
|
Function SpiSend16 (called at: 0x1405c4ea1)
|
|
|
|
|
Function SpiSend16 (called at: 0x1405c4eb3)
|
|
|
|
|
Function UsifPutByte (called at: 0x1405c4ff8)
|
|
|
|
|
Function WriteRegisterWithIndex32 (called at: 0x1405c53af)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C052C0
|
|
|
|
|
Function ReadPortWithIndex16 (called at: 0x1405c509b)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C052D0
|
|
|
|
|
Function ReadPortWithIndex32 (called at: 0x1405c50cb)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: UartHardwareAccess
|
|
|
|
|
Function ReadPortWithIndex8 (called at: 0x1405c50fb)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C052F0
|
|
|
|
|
Function ReadRegisterWithIndex16 (called at: 0x1405c512b)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C05310
|
|
|
|
|
Function ReadRegisterWithIndex64 (called at: 0x1405c518b)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C052E0
|
|
|
|
|
Function ReadRegisterWithIndex8 (called at: 0x1405c51bb)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C052C8
|
|
|
|
|
Function WritePortWithIndex16 (called at: 0x1405c52ef)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C052D8
|
|
|
|
|
Function WritePortWithIndex32 (called at: 0x1405c531f)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C052B8
|
|
|
|
|
Function WritePortWithIndex8 (called at: 0x1405c534e)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C052F8
|
|
|
|
|
Function WriteRegisterWithIndex16 (called at: 0x1405c537f)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C05318
|
|
|
|
|
Function WriteRegisterWithIndex64 (called at: 0x1405c53df)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C052E8
|
|
|
|
|
Function WriteRegisterWithIndex8 (called at: 0x1405c540e)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C007E0
|
|
|
|
|
Function EtwpFreeLoggerContext (called at: 0x1407d072a)
|
|
|
|
|
Function EtwpUpdatePmcCounters (called at: 0x140936d28)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C009B8
|
|
|
|
|
Function EtwpFreeLoggerContext (called at: 0x1407d078a)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C008D0
|
|
|
|
|
Function ExpQuerySystemInformation (called at: 0x14083b727)
|
|
|
|
|
Function PoInitSystem (called at: 0x140a3c905)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C009C0
|
|
|
|
|
Function PiDmaGuardProcessPostRemove (called at: 0x1408165b5)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C009C8
|
|
|
|
|
Function PipProcessStartPhase1 (called at: 0x14081690a)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00908
|
|
|
|
|
Function IoGetDmaAdapter (called at: 0x140747f65)
|
|
|
|
|
Function IoGetDmaAdapter (called at: 0x140747fa2)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00A38
|
|
|
|
|
Function PipDmgSaveDeviceDmarPolicy (called at: 0x140750886)
|
|
|
|
|
Function HalpDmaAllocateChildAdapterV3 (called at: 0x1407a50f3)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C005A8
|
|
|
|
|
Function PopAllocateHiberContext (called at: 0x14075b687)
|
|
|
|
|
Function PopMarkComponentsBootPhase (called at: 0x1409a20f1)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00AF8
|
|
|
|
|
Function CmpAcceptBoot (called at: 0x140770f4e)
|
|
|
|
|
Function PopGracefulShutdown (called at: 0x1409ad331)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00860
|
|
|
|
|
Function KeInitializeTimerTable (called at: 0x140819391)
|
|
|
|
|
Function PopInitPlatformSettings (called at: 0x140a6d346)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C009A0
|
|
|
|
|
Function EtwpInitializeLastBranchTracing (called at: 0x1407b63e2)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C009D0
|
|
|
|
|
Function IoGetIommuInterface (called at: 0x1407b6907)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C005D0
|
|
|
|
|
Function HalAssignSlotResources (called at: 0x14086017a)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00980
|
|
|
|
|
Function IopEnumerateEnvironmentVariablesHal (called at: 0x14089629b)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00678
|
|
|
|
|
Function PnprReplaceStart (called at: 0x1408aaabe)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: qword_140C04DE8
|
|
|
|
|
Function KseHookQueryValueKey (called at: 0x1408bda16)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: AlpcpLogCallbackListHead
|
|
|
|
|
Function AlpcpInvokeLogCallbacks (called at: 0x1408bf97d)
|
|
|
|
|
Function AlpcpInvokeLogCallbacks (called at: 0x1408bf97d)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: unk_140C031C8
|
|
|
|
|
Function PopPolicyDeviceRemove (called at: 0x1408ed50d)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C007D0
|
|
|
|
|
Function EtwpUpdatePmcCounters (called at: 0x140936ce8)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00870
|
|
|
|
|
Function EtwpClockSourceRunDown (called at: 0x1409396c7)
|
|
|
|
|
Function KeInitializeClock (called at: 0x140a6984f)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C009B0
|
|
|
|
|
Function EtwpUpdateLastBranchTracingConfiguration (called at: 0x140943f5f)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C005C0
|
|
|
|
|
Function PopTransitionSystemPowerStateEx (called at: 0x14098e1c3)
|
|
|
|
|
Function PopTransitionSystemPowerStateEx (called at: 0x14098e40d)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C006A0
|
|
|
|
|
Function PopInvokeSystemStateHandler (called at: 0x14098f224)
|
|
|
|
|
Function PopInvokeSystemStateHandler (called at: 0x14099f971)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00858
|
|
|
|
|
Function PopRestoreHiberContext (called at: 0x14098f82f)
|
|
|
|
|
Function PopRestoreHiberContext (called at: 0x14099fcb6)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00850
|
|
|
|
|
Function PopSaveHiberContext (called at: 0x14098fb00)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C007C0
|
|
|
|
|
Function HalpAcpiPostSleep (called at: 0x1409a0bdd)
|
|
|
|
|
Function HaliLocateHiberRanges (called at: 0x1409a1244)
|
|
|
|
|
Function PopHiberCheckResume (called at: 0x140993fb6)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C006C0
|
|
|
|
|
Function HalpAcpiPostSleep (called at: 0x1409a0c97)
|
|
|
|
|
Function PopHiberCheckResume (called at: 0x140993f8d)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00800
|
|
|
|
|
Function HaliLocateHiberRanges (called at: 0x1409a1244)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00838
|
|
|
|
|
Function PopHiberCheckResume (called at: 0x140993f69)
|
|
|
|
|
Function PopHiberCheckResume (called at: 0x140993f9c)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00688
|
|
|
|
|
Function PnprEndMirroring (called at: 0x1409a9ae1)
|
|
|
|
|
Function PnprInitiateReplaceOperation (called at: 0x1409a9dc2)
|
|
|
|
|
Function PnprQuiesceProcessors (called at: 0x1409aad77)
|
|
|
|
|
Function PnprQuiesceProcessors (called at: 0x1409aaee3)
|
|
|
|
|
Function PnprWakeProcessors (called at: 0x1409ab205)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00690
|
|
|
|
|
Function PnprInitiateReplaceOperation (called at: 0x1409a9ef5)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C006E8
|
|
|
|
|
Function PnprQuiesceProcessorDpc (called at: 0x1409aa8d2)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00680
|
|
|
|
|
Function PnprQuiesceProcessorDpc (called at: 0x1409aa8ec)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C006F0
|
|
|
|
|
Function PnprQuiesceProcessorDpc (called at: 0x1409aaa94)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C006D8
|
|
|
|
|
Function PnprQuiesceProcessors (called at: 0x1409aacbf)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C006B0
|
|
|
|
|
Function PnprWakeProcessors (called at: 0x1409ab1e1)
|
|
|
|
|
Function KiInitializeDynamicProcessorDpc (called at: 0x1409ab8b5)
|
|
|
|
|
Function KeStartAllProcessors (called at: 0x140a3ef05)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C006E0
|
|
|
|
|
Function PnprWakeProcessors (called at: 0x1409ab256)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00910
|
|
|
|
|
Function VfGetDmaAdapter (called at: 0x1409c8f03)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C008B0
|
|
|
|
|
Function InitBootProcessor (called at: 0x140a37c95)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: off_140C00AC0
|
|
|
|
|
Function IoInitSystemPreDrivers (called at: 0x140a3b901)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: KiNumaQueryNodeCapacity
|
|
|
|
|
Function KiPerformGroupConfiguration (called at: 0x140a3f1c7)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: KiNumaQueryNodeDistance
|
|
|
|
|
Function KiPerformGroupConfiguration (called at: 0x140a3f2aa)
|
|
|
|
|
.data ptr with _guard_dispatch_icall: HalpExtensionImports
|
|
|
|
|
Function HalpExtInitExtensions (called at: 0x140a86c5f)
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
## Some discussions on UnknownCheats
|
|
|
|
|
https://www.unknowncheats.me/forum/general-programming-and-reversing/582086-simple-ida-python-script-data-ptr.html
|
|
|
|
|
|
