#pragma once #include // Code below is adapted from @modexpblog. Read linked article for more details. // https://www.mdsec.co.uk/2020/12/bypassing-user-mode-hooks-and-direct-invocation-of-system-calls-for-red-teams #ifndef SW3_HEADER_H_ #define SW3_HEADER_H_ #ifndef _NTDEF_ typedef _Return_type_success_(return >= 0) LONG NTSTATUS; typedef NTSTATUS* PNTSTATUS; #endif #define SW3_SEED 0xCC6A5286 #define SW3_ROL8(v) (v << 8 | v >> 24) #define SW3_ROR8(v) (v >> 8 | v << 24) #define SW3_ROX8(v) ((SW3_SEED % 2) ? SW3_ROL8(v) : SW3_ROR8(v)) #define SW3_MAX_ENTRIES 600 #define SW3_RVA2VA(Type, DllBase, Rva) (Type)((ULONG_PTR) DllBase + Rva) // Typedefs are prefixed to avoid pollution. typedef struct _SW3_SYSCALL_ENTRY { DWORD Hash; DWORD Address; PVOID SyscallAddress; } SW3_SYSCALL_ENTRY, *PSW3_SYSCALL_ENTRY; typedef struct _SW3_SYSCALL_LIST { DWORD Count; SW3_SYSCALL_ENTRY Entries[SW3_MAX_ENTRIES]; } SW3_SYSCALL_LIST, *PSW3_SYSCALL_LIST; typedef struct _SW3_PEB_LDR_DATA { BYTE Reserved1[8]; PVOID Reserved2[3]; LIST_ENTRY InMemoryOrderModuleList; } SW3_PEB_LDR_DATA, *PSW3_PEB_LDR_DATA; typedef struct _SW3_LDR_DATA_TABLE_ENTRY { PVOID Reserved1[2]; LIST_ENTRY InMemoryOrderLinks; PVOID Reserved2[2]; PVOID DllBase; } SW3_LDR_DATA_TABLE_ENTRY, *PSW3_LDR_DATA_TABLE_ENTRY; typedef struct _SW3_PEB { BYTE Reserved1[2]; BYTE BeingDebugged; BYTE Reserved2[1]; PVOID Reserved3[2]; PSW3_PEB_LDR_DATA Ldr; } SW3_PEB, *PSW3_PEB; DWORD SW3_HashSyscall(PCSTR FunctionName); BOOL SW3_PopulateSyscallList(); EXTERN_C DWORD SW3_GetSyscallNumber(DWORD FunctionHash); EXTERN_C PVOID SW3_GetSyscallAddress(DWORD FunctionHash); EXTERN_C PVOID internal_cleancall_wow64_gate(VOID); typedef struct _UNICODE_STRING { USHORT Length; USHORT MaximumLength; PWSTR Buffer; } UNICODE_STRING, *PUNICODE_STRING; typedef struct _SYSTEM_HANDLE { ULONG ProcessId; BYTE ObjectTypeNumber; BYTE Flags; USHORT Handle; PVOID Object; ACCESS_MASK GrantedAccess; } SYSTEM_HANDLE, *PSYSTEM_HANDLE; typedef struct _TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE { PVOID pValue; ULONG ValueLength; } TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE, *PTOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE; typedef struct _TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE { ULONG64 Version; UNICODE_STRING Name; } TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE, *PTOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE; typedef struct _WNF_TYPE_ID { GUID TypeId; } WNF_TYPE_ID, *PWNF_TYPE_ID; typedef enum _KCONTINUE_TYPE { KCONTINUE_UNWIND, KCONTINUE_RESUME, KCONTINUE_LONGJUMP, KCONTINUE_SET, KCONTINUE_LAST } KCONTINUE_TYPE; typedef struct _IO_STATUS_BLOCK { union { NTSTATUS Status; VOID* Pointer; }; ULONG_PTR Information; } IO_STATUS_BLOCK, *PIO_STATUS_BLOCK; typedef enum _PS_CREATE_STATE { PsCreateInitialState, PsCreateFailOnFileOpen, PsCreateFailOnSectionCreate, PsCreateFailExeFormat, PsCreateFailMachineMismatch, PsCreateFailExeName, PsCreateSuccess, PsCreateMaximumStates } PS_CREATE_STATE, *PPS_CREATE_STATE; typedef struct _SYSTEM_HANDLE_INFORMATION { ULONG HandleCount; SYSTEM_HANDLE Handles[1]; } SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION; typedef struct _CLIENT_ID { HANDLE UniqueProcess; HANDLE UniqueThread; } CLIENT_ID, *PCLIENT_ID; typedef enum _PLUGPLAY_EVENT_CATEGORY { HardwareProfileChangeEvent, TargetDeviceChangeEvent, DeviceClassChangeEvent, CustomDeviceEvent, DeviceInstallEvent, DeviceArrivalEvent, PowerEvent, VetoEvent, BlockedDriverEvent, InvalidIDEvent, MaxPlugEventCategory } PLUGPLAY_EVENT_CATEGORY, *PPLUGPLAY_EVENT_CATEGORY; typedef enum _PNP_VETO_TYPE { PNP_VetoTypeUnknown, // unspecified PNP_VetoLegacyDevice, // instance path PNP_VetoPendingClose, // instance path PNP_VetoWindowsApp, // module PNP_VetoWindowsService, // service PNP_VetoOutstandingOpen, // instance path PNP_VetoDevice, // instance path PNP_VetoDriver, // driver service name PNP_VetoIllegalDeviceRequest, // instance path PNP_VetoInsufficientPower, // unspecified PNP_VetoNonDisableable, // instance path PNP_VetoLegacyDriver, // service PNP_VetoInsufficientRights // unspecified } PNP_VETO_TYPE, *PPNP_VETO_TYPE; typedef struct _TOKEN_SECURITY_ATTRIBUTE_V1 { UNICODE_STRING Name; USHORT ValueType; USHORT Reserved; ULONG Flags; ULONG ValueCount; union { PLONG64 pInt64; PULONG64 pUint64; PUNICODE_STRING pString; PTOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE pFqbn; PTOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE pOctetString; } Values; } TOKEN_SECURITY_ATTRIBUTE_V1, *PTOKEN_SECURITY_ATTRIBUTE_V1; typedef VOID(KNORMAL_ROUTINE) ( IN PVOID NormalContext, IN PVOID SystemArgument1, IN PVOID SystemArgument2); typedef struct _PS_ATTRIBUTE { ULONG Attribute; SIZE_T Size; union { ULONG Value; PVOID ValuePtr; } u1; PSIZE_T ReturnLength; } PS_ATTRIBUTE, *PPS_ATTRIBUTE; typedef struct _WNF_STATE_NAME { ULONG Data[2]; } WNF_STATE_NAME, *PWNF_STATE_NAME; #ifndef InitializeObjectAttributes #define InitializeObjectAttributes( p, n, a, r, s ) { \ (p)->Length = sizeof( OBJECT_ATTRIBUTES ); \ (p)->RootDirectory = r; \ (p)->Attributes = a; \ (p)->ObjectName = n; \ (p)->SecurityDescriptor = s; \ (p)->SecurityQualityOfService = NULL; \ } #endif typedef struct _KEY_VALUE_ENTRY { PUNICODE_STRING ValueName; ULONG DataLength; ULONG DataOffset; ULONG Type; } KEY_VALUE_ENTRY, *PKEY_VALUE_ENTRY; typedef enum _KEY_SET_INFORMATION_CLASS { KeyWriteTimeInformation, KeyWow64FlagsInformation, KeyControlFlagsInformation, KeySetVirtualizationInformation, KeySetDebugInformation, KeySetHandleTagsInformation, MaxKeySetInfoClass // MaxKeySetInfoClass should always be the last enum. } KEY_SET_INFORMATION_CLASS, *PKEY_SET_INFORMATION_CLASS; typedef enum _SYSTEM_INFORMATION_CLASS { SystemBasicInformation = 0, SystemPerformanceInformation = 2, SystemTimeOfDayInformation = 3, SystemProcessInformation = 5, SystemProcessorPerformanceInformation = 8, SystemHandleInformation = 16, SystemInterruptInformation = 23, SystemExceptionInformation = 33, SystemRegistryQuotaInformation = 37, SystemLookasideInformation = 45, SystemCodeIntegrityInformation = 103, SystemPolicyInformation = 134, } SYSTEM_INFORMATION_CLASS, *PSYSTEM_INFORMATION_CLASS; typedef enum _PROCESSINFOCLASS { ProcessBasicInformation = 0, ProcessDebugPort = 7, ProcessWow64Information = 26, ProcessImageFileName = 27, ProcessBreakOnTermination = 29 } PROCESSINFOCLASS, *PPROCESSINFOCLASS; typedef struct _MEMORY_RANGE_ENTRY { PVOID VirtualAddress; SIZE_T NumberOfBytes; } MEMORY_RANGE_ENTRY, *PMEMORY_RANGE_ENTRY; typedef struct _T2_SET_PARAMETERS_V0 { ULONG Version; ULONG Reserved; LONGLONG NoWakeTolerance; } T2_SET_PARAMETERS, *PT2_SET_PARAMETERS; typedef struct _FILE_PATH { ULONG Version; ULONG Length; ULONG Type; CHAR FilePath[1]; } FILE_PATH, *PFILE_PATH; typedef struct _FILE_USER_QUOTA_INFORMATION { ULONG NextEntryOffset; ULONG SidLength; LARGE_INTEGER ChangeTime; LARGE_INTEGER QuotaUsed; LARGE_INTEGER QuotaThreshold; LARGE_INTEGER QuotaLimit; SID Sid[1]; } FILE_USER_QUOTA_INFORMATION, *PFILE_USER_QUOTA_INFORMATION; typedef struct _FILE_QUOTA_LIST_INFORMATION { ULONG NextEntryOffset; ULONG SidLength; SID Sid[1]; } FILE_QUOTA_LIST_INFORMATION, *PFILE_QUOTA_LIST_INFORMATION; typedef struct _FILE_NETWORK_OPEN_INFORMATION { LARGE_INTEGER CreationTime; LARGE_INTEGER LastAccessTime; LARGE_INTEGER LastWriteTime; LARGE_INTEGER ChangeTime; LARGE_INTEGER AllocationSize; LARGE_INTEGER EndOfFile; ULONG FileAttributes; ULONG Unknown; } FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION; typedef enum _FILTER_BOOT_OPTION_OPERATION { FilterBootOptionOperationOpenSystemStore, FilterBootOptionOperationSetElement, FilterBootOptionOperationDeleteElement, FilterBootOptionOperationMax } FILTER_BOOT_OPTION_OPERATION, *PFILTER_BOOT_OPTION_OPERATION; typedef enum _EVENT_TYPE { NotificationEvent = 0, SynchronizationEvent = 1, } EVENT_TYPE, *PEVENT_TYPE; typedef struct _FILE_FULL_EA_INFORMATION { ULONG NextEntryOffset; UCHAR Flags; UCHAR EaNameLength; USHORT EaValueLength; CHAR EaName[1]; } FILE_FULL_EA_INFORMATION, *PFILE_FULL_EA_INFORMATION; typedef struct _FILE_GET_EA_INFORMATION { ULONG NextEntryOffset; BYTE EaNameLength; CHAR EaName[1]; } FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION; typedef struct _BOOT_OPTIONS { ULONG Version; ULONG Length; ULONG Timeout; ULONG CurrentBootEntryId; ULONG NextBootEntryId; WCHAR HeadlessRedirection[1]; } BOOT_OPTIONS, *PBOOT_OPTIONS; typedef ULONG WNF_CHANGE_STAMP, *PWNF_CHANGE_STAMP; typedef enum _WNF_DATA_SCOPE { WnfDataScopeSystem = 0, WnfDataScopeSession = 1, WnfDataScopeUser = 2, WnfDataScopeProcess = 3, WnfDataScopeMachine = 4 } WNF_DATA_SCOPE, *PWNF_DATA_SCOPE; typedef enum _WNF_STATE_NAME_LIFETIME { WnfWellKnownStateName = 0, WnfPermanentStateName = 1, WnfPersistentStateName = 2, WnfTemporaryStateName = 3 } WNF_STATE_NAME_LIFETIME, *PWNF_STATE_NAME_LIFETIME; typedef enum _VIRTUAL_MEMORY_INFORMATION_CLASS { VmPrefetchInformation, VmPagePriorityInformation, VmCfgCallTargetInformation } VIRTUAL_MEMORY_INFORMATION_CLASS, *PVIRTUAL_MEMORY_INFORMATION_CLASS; typedef enum _IO_SESSION_EVENT { IoSessionEventIgnore, IoSessionEventCreated, IoSessionEventTerminated, IoSessionEventConnected, IoSessionEventDisconnected, IoSessionEventLogon, IoSessionEventLogoff, IoSessionEventMax } IO_SESSION_EVENT, *PIO_SESSION_EVENT; typedef enum _PORT_INFORMATION_CLASS { PortBasicInformation, #if DEVL PortDumpInformation #endif } PORT_INFORMATION_CLASS, *PPORT_INFORMATION_CLASS; typedef enum _PLUGPLAY_CONTROL_CLASS { PlugPlayControlEnumerateDevice, PlugPlayControlRegisterNewDevice, PlugPlayControlDeregisterDevice, PlugPlayControlInitializeDevice, PlugPlayControlStartDevice, PlugPlayControlUnlockDevice, PlugPlayControlQueryAndRemoveDevice, PlugPlayControlUserResponse, PlugPlayControlGenerateLegacyDevice, PlugPlayControlGetInterfaceDeviceList, PlugPlayControlProperty, PlugPlayControlDeviceClassAssociation, PlugPlayControlGetRelatedDevice, PlugPlayControlGetInterfaceDeviceAlias, PlugPlayControlDeviceStatus, PlugPlayControlGetDeviceDepth, PlugPlayControlQueryDeviceRelations, PlugPlayControlTargetDeviceRelation, PlugPlayControlQueryConflictList, PlugPlayControlRetrieveDock, PlugPlayControlResetDevice, PlugPlayControlHaltDevice, PlugPlayControlGetBlockedDriverList, MaxPlugPlayControl } PLUGPLAY_CONTROL_CLASS, *PPLUGPLAY_CONTROL_CLASS; typedef enum _IO_COMPLETION_INFORMATION_CLASS { IoCompletionBasicInformation } IO_COMPLETION_INFORMATION_CLASS, *PIO_COMPLETION_INFORMATION_CLASS; typedef enum _SECTION_INHERIT { ViewShare = 1, ViewUnmap = 2 } SECTION_INHERIT, *PSECTION_INHERIT; typedef enum _DEBUGOBJECTINFOCLASS { DebugObjectFlags = 1, MaxDebugObjectInfoClass } DEBUGOBJECTINFOCLASS, *PDEBUGOBJECTINFOCLASS; typedef enum _SEMAPHORE_INFORMATION_CLASS { SemaphoreBasicInformation } SEMAPHORE_INFORMATION_CLASS, *PSEMAPHORE_INFORMATION_CLASS; typedef struct _PS_ATTRIBUTE_LIST { SIZE_T TotalLength; PS_ATTRIBUTE Attributes[1]; } PS_ATTRIBUTE_LIST, *PPS_ATTRIBUTE_LIST; typedef enum _VDMSERVICECLASS { VdmStartExecution, VdmQueueInterrupt, VdmDelayInterrupt, VdmInitialize, VdmFeatures, VdmSetInt21Handler, VdmQueryDir, VdmPrinterDirectIoOpen, VdmPrinterDirectIoClose, VdmPrinterInitialize, VdmSetLdtEntries, VdmSetProcessLdtInfo, VdmAdlibEmulation, VdmPMCliControl, VdmQueryVdmProcess } VDMSERVICECLASS, *PVDMSERVICECLASS; typedef struct _PS_CREATE_INFO { SIZE_T Size; PS_CREATE_STATE State; union { // PsCreateInitialState struct { union { ULONG InitFlags; struct { UCHAR WriteOutputOnExit : 1; UCHAR DetectManifest : 1; UCHAR IFEOSkipDebugger : 1; UCHAR IFEODoNotPropagateKeyState : 1; UCHAR SpareBits1 : 4; UCHAR SpareBits2 : 8; USHORT ProhibitedImageCharacteristics : 16; }; }; ACCESS_MASK AdditionalFileAccess; } InitState; // PsCreateFailOnSectionCreate struct { HANDLE FileHandle; } FailSection; // PsCreateFailExeFormat struct { USHORT DllCharacteristics; } ExeFormat; // PsCreateFailExeName struct { HANDLE IFEOKey; } ExeName; // PsCreateSuccess struct { union { ULONG OutputFlags; struct { UCHAR ProtectedProcess : 1; UCHAR AddressSpaceOverride : 1; UCHAR DevOverrideEnabled : 1; // from Image File Execution Options UCHAR ManifestDetected : 1; UCHAR ProtectedProcessLight : 1; UCHAR SpareBits1 : 3; UCHAR SpareBits2 : 8; USHORT SpareBits3 : 16; }; }; HANDLE FileHandle; HANDLE SectionHandle; ULONGLONG UserProcessParametersNative; ULONG UserProcessParametersWow64; ULONG CurrentParameterFlags; ULONGLONG PebAddressNative; ULONG PebAddressWow64; ULONGLONG ManifestAddress; ULONG ManifestSize; } SuccessState; }; } PS_CREATE_INFO, *PPS_CREATE_INFO; typedef enum _MEMORY_INFORMATION_CLASS { MemoryBasicInformation, MemoryWorkingSetInformation, MemoryMappedFilenameInformation, MemoryRegionInformation, MemoryWorkingSetExInformation, MemorySharedCommitInformation, MemoryImageInformation, MemoryRegionInformationEx, MemoryPrivilegedBasicInformation, MemoryEnclaveImageInformation, MemoryBasicInformationCapped } MEMORY_INFORMATION_CLASS, *PMEMORY_INFORMATION_CLASS; typedef enum _MEMORY_RESERVE_TYPE { MemoryReserveUserApc, MemoryReserveIoCompletion, MemoryReserveTypeMax } MEMORY_RESERVE_TYPE, *PMEMORY_RESERVE_TYPE; typedef enum _ALPC_PORT_INFORMATION_CLASS { AlpcBasicInformation, AlpcPortInformation, AlpcAssociateCompletionPortInformation, AlpcConnectedSIDInformation, AlpcServerInformation, AlpcMessageZoneInformation, AlpcRegisterCompletionListInformation, AlpcUnregisterCompletionListInformation, AlpcAdjustCompletionListConcurrencyCountInformation, AlpcRegisterCallbackInformation, AlpcCompletionListRundownInformation } ALPC_PORT_INFORMATION_CLASS, *PALPC_PORT_INFORMATION_CLASS; typedef struct _ALPC_CONTEXT_ATTR { PVOID PortContext; PVOID MessageContext; ULONG SequenceNumber; ULONG MessageID; ULONG CallbackID; } ALPC_CONTEXT_ATTR, *PALPC_CONTEXT_ATTR; typedef struct _ALPC_DATA_VIEW_ATTR { ULONG Flags; HANDLE SectionHandle; PVOID ViewBase; SIZE_T ViewSize; } ALPC_DATA_VIEW_ATTR, *PALPC_DATA_VIEW_ATTR; typedef struct _ALPC_SECURITY_ATTR { ULONG Flags; PSECURITY_QUALITY_OF_SERVICE SecurityQos; HANDLE ContextHandle; ULONG Reserved1; ULONG Reserved2; } ALPC_SECURITY_ATTR, *PALPC_SECURITY_ATTR; typedef PVOID* PPVOID; typedef enum _KPROFILE_SOURCE { ProfileTime = 0, ProfileAlignmentFixup = 1, ProfileTotalIssues = 2, ProfilePipelineDry = 3, ProfileLoadInstructions = 4, ProfilePipelineFrozen = 5, ProfileBranchInstructions = 6, ProfileTotalNonissues = 7, ProfileDcacheMisses = 8, ProfileIcacheMisses = 9, ProfileCacheMisses = 10, ProfileBranchMispredictions = 11, ProfileStoreInstructions = 12, ProfileFpInstructions = 13, ProfileIntegerInstructions = 14, Profile2Issue = 15, Profile3Issue = 16, Profile4Issue = 17, ProfileSpecialInstructions = 18, ProfileTotalCycles = 19, ProfileIcacheIssues = 20, ProfileDcacheAccesses = 21, ProfileMemoryBarrierCycles = 22, ProfileLoadLinkedIssues = 23, ProfileMaximum = 24, } KPROFILE_SOURCE, *PKPROFILE_SOURCE; typedef enum _ALPC_MESSAGE_INFORMATION_CLASS { AlpcMessageSidInformation, AlpcMessageTokenModifiedIdInformation } ALPC_MESSAGE_INFORMATION_CLASS, *PALPC_MESSAGE_INFORMATION_CLASS; typedef enum _WORKERFACTORYINFOCLASS { WorkerFactoryTimeout, WorkerFactoryRetryTimeout, WorkerFactoryIdleTimeout, WorkerFactoryBindingCount, WorkerFactoryThreadMinimum, WorkerFactoryThreadMaximum, WorkerFactoryPaused, WorkerFactoryBasicInformation, WorkerFactoryAdjustThreadGoal, WorkerFactoryCallbackType, WorkerFactoryStackInformation, MaxWorkerFactoryInfoClass } WORKERFACTORYINFOCLASS, *PWORKERFACTORYINFOCLASS; typedef enum _MEMORY_PARTITION_INFORMATION_CLASS { SystemMemoryPartitionInformation, SystemMemoryPartitionMoveMemory, SystemMemoryPartitionAddPagefile, SystemMemoryPartitionCombineMemory, SystemMemoryPartitionInitialAddMemory, SystemMemoryPartitionGetMemoryEvents, SystemMemoryPartitionMax } MEMORY_PARTITION_INFORMATION_CLASS, *PMEMORY_PARTITION_INFORMATION_CLASS; typedef enum _MUTANT_INFORMATION_CLASS { MutantBasicInformation, MutantOwnerInformation } MUTANT_INFORMATION_CLASS, *PMUTANT_INFORMATION_CLASS; typedef enum _ATOM_INFORMATION_CLASS { AtomBasicInformation, AtomTableInformation } ATOM_INFORMATION_CLASS, *PATOM_INFORMATION_CLASS; typedef enum _SHUTDOWN_ACTION { ShutdownNoReboot, ShutdownReboot, ShutdownPowerOff } SHUTDOWN_ACTION; typedef VOID(CALLBACK* PTIMER_APC_ROUTINE)( IN PVOID TimerContext, IN ULONG TimerLowValue, IN LONG TimerHighValue); typedef enum _KEY_VALUE_INFORMATION_CLASS { KeyValueBasicInformation = 0, KeyValueFullInformation, KeyValuePartialInformation, KeyValueFullInformationAlign64, KeyValuePartialInformationAlign64, MaxKeyValueInfoClass } KEY_VALUE_INFORMATION_CLASS; typedef LANGID* PLANGID; typedef struct _PLUGPLAY_EVENT_BLOCK { GUID EventGuid; PLUGPLAY_EVENT_CATEGORY EventCategory; PULONG Result; ULONG Flags; ULONG TotalSize; PVOID DeviceObject; union { struct { GUID ClassGuid; WCHAR SymbolicLinkName[1]; } DeviceClass; struct { WCHAR DeviceIds[1]; } TargetDevice; struct { WCHAR DeviceId[1]; } InstallDevice; struct { PVOID NotificationStructure; WCHAR DeviceIds[1]; } CustomNotification; struct { PVOID Notification; } ProfileNotification; struct { ULONG NotificationCode; ULONG NotificationData; } PowerNotification; struct { PNP_VETO_TYPE VetoType; WCHAR DeviceIdVetoNameBuffer[1]; // DeviceIdVetoName } VetoNotification; struct { GUID BlockedDriverGuid; } BlockedDriverNotification; struct { WCHAR ParentId[1]; } InvalidIDNotification; } u; } PLUGPLAY_EVENT_BLOCK, *PPLUGPLAY_EVENT_BLOCK; typedef VOID(NTAPI* PIO_APC_ROUTINE) ( IN PVOID ApcContext, IN PIO_STATUS_BLOCK IoStatusBlock, IN ULONG Reserved); typedef KNORMAL_ROUTINE* PKNORMAL_ROUTINE; typedef enum _DIRECTORY_NOTIFY_INFORMATION_CLASS { DirectoryNotifyInformation = 1, DirectoryNotifyExtendedInformation = 2, } DIRECTORY_NOTIFY_INFORMATION_CLASS, *PDIRECTORY_NOTIFY_INFORMATION_CLASS; typedef enum _EVENT_INFORMATION_CLASS { EventBasicInformation } EVENT_INFORMATION_CLASS, *PEVENT_INFORMATION_CLASS; typedef struct _ALPC_MESSAGE_ATTRIBUTES { unsigned long AllocatedAttributes; unsigned long ValidAttributes; } ALPC_MESSAGE_ATTRIBUTES, *PALPC_MESSAGE_ATTRIBUTES; typedef struct _ALPC_PORT_ATTRIBUTES { ULONG Flags; SECURITY_QUALITY_OF_SERVICE SecurityQos; SIZE_T MaxMessageLength; SIZE_T MemoryBandwidth; SIZE_T MaxPoolUsage; SIZE_T MaxSectionSize; SIZE_T MaxViewSize; SIZE_T MaxTotalSectionSize; ULONG DupObjectTypes; #ifdef _WIN64 ULONG Reserved; #endif } ALPC_PORT_ATTRIBUTES, *PALPC_PORT_ATTRIBUTES; typedef enum _IO_SESSION_STATE { IoSessionStateCreated = 1, IoSessionStateInitialized = 2, IoSessionStateConnected = 3, IoSessionStateDisconnected = 4, IoSessionStateDisconnectedLoggedOn = 5, IoSessionStateLoggedOn = 6, IoSessionStateLoggedOff = 7, IoSessionStateTerminated = 8, IoSessionStateMax = 9, } IO_SESSION_STATE, *PIO_SESSION_STATE; typedef const WNF_STATE_NAME *PCWNF_STATE_NAME; typedef const WNF_TYPE_ID *PCWNF_TYPE_ID; typedef struct _WNF_DELIVERY_DESCRIPTOR { unsigned __int64 SubscriptionId; WNF_STATE_NAME StateName; unsigned long ChangeStamp; unsigned long StateDataSize; unsigned long EventMask; WNF_TYPE_ID TypeId; unsigned long StateDataOffset; } WNF_DELIVERY_DESCRIPTOR, *PWNF_DELIVERY_DESCRIPTOR; typedef enum _DEBUG_CONTROL_CODE { SysDbgQueryModuleInformation = 0, SysDbgQueryTraceInformation = 1, SysDbgSetTracePoint = 2, SysDbgSetSpecialCall = 3, SysDbgClearSpecialCalls = 4, SysDbgQuerySpecialCalls = 5, SysDbgBreakPoint = 6, SysDbgQueryVersion = 7, SysDbgReadVirtual = 8, SysDbgWriteVirtual = 9, SysDbgReadPhysical = 10, SysDbgWritePhysical = 11, SysDbgReadControlSpace = 12, SysDbgWriteControlSpace = 13, SysDbgReadIoSpace = 14, SysDbgWriteIoSpace = 15, SysDbgReadMsr = 16, SysDbgWriteMsr = 17, SysDbgReadBusData = 18, SysDbgWriteBusData = 19, SysDbgCheckLowMemory = 20, SysDbgEnableKernelDebugger = 21, SysDbgDisableKernelDebugger = 22, SysDbgGetAutoKdEnable = 23, SysDbgSetAutoKdEnable = 24, SysDbgGetPrintBufferSize = 25, SysDbgSetPrintBufferSize = 26, SysDbgGetKdUmExceptionEnable = 27, SysDbgSetKdUmExceptionEnable = 28, SysDbgGetTriageDump = 29, SysDbgGetKdBlockEnable = 30, SysDbgSetKdBlockEnable = 31 } DEBUG_CONTROL_CODE, *PDEBUG_CONTROL_CODE; typedef struct _PORT_MESSAGE { union { union { struct { short DataLength; short TotalLength; } s1; unsigned long Length; }; } u1; union { union { struct { short Type; short DataInfoOffset; } s2; unsigned long ZeroInit; }; } u2; union { CLIENT_ID ClientId; double DoNotUseThisField; }; unsigned long MessageId; union { unsigned __int64 ClientViewSize; struct { unsigned long CallbackId; long __PADDING__[1]; }; }; } PORT_MESSAGE, *PPORT_MESSAGE; typedef struct _FILE_BASIC_INFORMATION { LARGE_INTEGER CreationTime; LARGE_INTEGER LastAccessTime; LARGE_INTEGER LastWriteTime; LARGE_INTEGER ChangeTime; ULONG FileAttributes; } FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION; typedef struct _PORT_SECTION_READ { ULONG Length; ULONG ViewSize; ULONG ViewBase; } PORT_SECTION_READ, *PPORT_SECTION_READ; typedef struct _PORT_SECTION_WRITE { ULONG Length; HANDLE SectionHandle; ULONG SectionOffset; ULONG ViewSize; PVOID ViewBase; PVOID TargetViewBase; } PORT_SECTION_WRITE, *PPORT_SECTION_WRITE; typedef enum _TIMER_TYPE { NotificationTimer, SynchronizationTimer } TIMER_TYPE, *PTIMER_TYPE; typedef struct _BOOT_ENTRY { ULONG Version; ULONG Length; ULONG Id; ULONG Attributes; ULONG FriendlyNameOffset; ULONG BootFilePathOffset; ULONG OsOptionsLength; UCHAR OsOptions[ANYSIZE_ARRAY]; } BOOT_ENTRY, *PBOOT_ENTRY; typedef struct _EFI_DRIVER_ENTRY { ULONG Version; ULONG Length; ULONG Id; ULONG Attributes; ULONG FriendlyNameOffset; ULONG DriverFilePathOffset; } EFI_DRIVER_ENTRY, *PEFI_DRIVER_ENTRY; typedef USHORT RTL_ATOM, *PRTL_ATOM; typedef enum _TIMER_SET_INFORMATION_CLASS { TimerSetCoalescableTimer, MaxTimerInfoClass } TIMER_SET_INFORMATION_CLASS, *PTIMER_SET_INFORMATION_CLASS; typedef enum _FSINFOCLASS { FileFsVolumeInformation = 1, FileFsLabelInformation = 2, FileFsSizeInformation = 3, FileFsDeviceInformation = 4, FileFsAttributeInformation = 5, FileFsControlInformation = 6, FileFsFullSizeInformation = 7, FileFsObjectIdInformation = 8, FileFsDriverPathInformation = 9, FileFsVolumeFlagsInformation = 10, FileFsSectorSizeInformation = 11, FileFsDataCopyInformation = 12, FileFsMetadataSizeInformation = 13, FileFsFullSizeInformationEx = 14, FileFsMaximumInformation = 15, } FSINFOCLASS, *PFSINFOCLASS; typedef enum _WAIT_TYPE { WaitAll = 0, WaitAny = 1 } WAIT_TYPE, *PWAIT_TYPE; typedef struct _USER_STACK { PVOID FixedStackBase; PVOID FixedStackLimit; PVOID ExpandableStackBase; PVOID ExpandableStackLimit; PVOID ExpandableStackBottom; } USER_STACK, *PUSER_STACK; typedef enum _SECTION_INFORMATION_CLASS { SectionBasicInformation, SectionImageInformation, } SECTION_INFORMATION_CLASS, *PSECTION_INFORMATION_CLASS; typedef enum _APPHELPCACHESERVICECLASS { ApphelpCacheServiceLookup = 0, ApphelpCacheServiceRemove = 1, ApphelpCacheServiceUpdate = 2, ApphelpCacheServiceFlush = 3, ApphelpCacheServiceDump = 4, ApphelpDBGReadRegistry = 0x100, ApphelpDBGWriteRegistry = 0x101, } APPHELPCACHESERVICECLASS, *PAPPHELPCACHESERVICECLASS; typedef struct _TOKEN_SECURITY_ATTRIBUTES_INFORMATION { USHORT Version; USHORT Reserved; ULONG AttributeCount; union { PTOKEN_SECURITY_ATTRIBUTE_V1 pAttributeV1; } Attribute; } TOKEN_SECURITY_ATTRIBUTES_INFORMATION, *PTOKEN_SECURITY_ATTRIBUTES_INFORMATION; typedef struct _FILE_IO_COMPLETION_INFORMATION { PVOID KeyContext; PVOID ApcContext; IO_STATUS_BLOCK IoStatusBlock; } FILE_IO_COMPLETION_INFORMATION, *PFILE_IO_COMPLETION_INFORMATION; typedef PVOID PT2_CANCEL_PARAMETERS; typedef enum _THREADINFOCLASS { ThreadBasicInformation, ThreadTimes, ThreadPriority, ThreadBasePriority, ThreadAffinityMask, ThreadImpersonationToken, ThreadDescriptorTableEntry, ThreadEnableAlignmentFaultFixup, ThreadEventPair_Reusable, ThreadQuerySetWin32StartAddress, ThreadZeroTlsCell, ThreadPerformanceCount, ThreadAmILastThread, ThreadIdealProcessor, ThreadPriorityBoost, ThreadSetTlsArrayAddress, ThreadIsIoPending, ThreadHideFromDebugger, ThreadBreakOnTermination, MaxThreadInfoClass } THREADINFOCLASS, *PTHREADINFOCLASS; typedef enum _OBJECT_INFORMATION_CLASS { ObjectBasicInformation, ObjectNameInformation, ObjectTypeInformation, ObjectAllTypesInformation, ObjectHandleInformation } OBJECT_INFORMATION_CLASS, *POBJECT_INFORMATION_CLASS; typedef enum _FILE_INFORMATION_CLASS { FileDirectoryInformation = 1, FileFullDirectoryInformation = 2, FileBothDirectoryInformation = 3, FileBasicInformation = 4, FileStandardInformation = 5, FileInternalInformation = 6, FileEaInformation = 7, FileAccessInformation = 8, FileNameInformation = 9, FileRenameInformation = 10, FileLinkInformation = 11, FileNamesInformation = 12, FileDispositionInformation = 13, FilePositionInformation = 14, FileFullEaInformation = 15, FileModeInformation = 16, FileAlignmentInformation = 17, FileAllInformation = 18, FileAllocationInformation = 19, FileEndOfFileInformation = 20, FileAlternateNameInformation = 21, FileStreamInformation = 22, FilePipeInformation = 23, FilePipeLocalInformation = 24, FilePipeRemoteInformation = 25, FileMailslotQueryInformation = 26, FileMailslotSetInformation = 27, FileCompressionInformation = 28, FileObjectIdInformation = 29, FileCompletionInformation = 30, FileMoveClusterInformation = 31, FileQuotaInformation = 32, FileReparsePointInformation = 33, FileNetworkOpenInformation = 34, FileAttributeTagInformation = 35, FileTrackingInformation = 36, FileIdBothDirectoryInformation = 37, FileIdFullDirectoryInformation = 38, FileValidDataLengthInformation = 39, FileShortNameInformation = 40, FileIoCompletionNotificationInformation = 41, FileIoStatusBlockRangeInformation = 42, FileIoPriorityHintInformation = 43, FileSfioReserveInformation = 44, FileSfioVolumeInformation = 45, FileHardLinkInformation = 46, FileProcessIdsUsingFileInformation = 47, FileNormalizedNameInformation = 48, FileNetworkPhysicalNameInformation = 49, FileIdGlobalTxDirectoryInformation = 50, FileIsRemoteDeviceInformation = 51, FileUnusedInformation = 52, FileNumaNodeInformation = 53, FileStandardLinkInformation = 54, FileRemoteProtocolInformation = 55, FileRenameInformationBypassAccessCheck = 56, FileLinkInformationBypassAccessCheck = 57, FileVolumeNameInformation = 58, FileIdInformation = 59, FileIdExtdDirectoryInformation = 60, FileReplaceCompletionInformation = 61, FileHardLinkFullIdInformation = 62, FileIdExtdBothDirectoryInformation = 63, FileDispositionInformationEx = 64, FileRenameInformationEx = 65, FileRenameInformationExBypassAccessCheck = 66, FileMaximumInformation = 67, } FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS; typedef enum _KEY_INFORMATION_CLASS { KeyBasicInformation = 0, KeyNodeInformation = 1, KeyFullInformation = 2, KeyNameInformation = 3, KeyCachedInformation = 4, KeyFlagsInformation = 5, KeyVirtualizationInformation = 6, KeyHandleTagsInformation = 7, MaxKeyInfoClass = 8 } KEY_INFORMATION_CLASS, *PKEY_INFORMATION_CLASS; typedef struct _OBJECT_ATTRIBUTES { ULONG Length; HANDLE RootDirectory; PUNICODE_STRING ObjectName; ULONG Attributes; PVOID SecurityDescriptor; PVOID SecurityQualityOfService; } OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES; typedef enum _TIMER_INFORMATION_CLASS { TimerBasicInformation } TIMER_INFORMATION_CLASS, *PTIMER_INFORMATION_CLASS; typedef struct _KCONTINUE_ARGUMENT { KCONTINUE_TYPE ContinueType; ULONG ContinueFlags; ULONGLONG Reserved[2]; } KCONTINUE_ARGUMENT, *PKCONTINUE_ARGUMENT; EXTERN_C NTSTATUS Sw3NtAccessCheck( IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN HANDLE ClientToken, IN ACCESS_MASK DesiaredAccess, IN PGENERIC_MAPPING GenericMapping, OUT PPRIVILEGE_SET PrivilegeSet OPTIONAL, IN OUT PULONG PrivilegeSetLength, OUT PACCESS_MASK GrantedAccess, OUT PBOOLEAN AccessStatus); EXTERN_C NTSTATUS Sw3NtWorkerFactoryWorkerReady( IN HANDLE WorkerFactoryHandle); EXTERN_C NTSTATUS Sw3NtAcceptConnectPort( OUT PHANDLE ServerPortHandle, IN ULONG AlternativeReceivePortHandle OPTIONAL, IN PPORT_MESSAGE ConnectionReply, IN BOOLEAN AcceptConnection, IN OUT PPORT_SECTION_WRITE ServerSharedMemory OPTIONAL, OUT PPORT_SECTION_READ ClientSharedMemory OPTIONAL); EXTERN_C NTSTATUS Sw3NtMapUserPhysicalPagesScatter( IN PVOID VirtualAddresses, IN PULONG NumberOfPages, IN PULONG UserPfnArray OPTIONAL); EXTERN_C NTSTATUS Sw3NtWaitForSingleObject( IN HANDLE ObjectHandle, IN BOOLEAN Alertable, IN PLARGE_INTEGER TimeOut OPTIONAL); EXTERN_C NTSTATUS Sw3NtCallbackReturn( IN PVOID OutputBuffer OPTIONAL, IN ULONG OutputLength, IN NTSTATUS Status); EXTERN_C NTSTATUS Sw3NtReadFile( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, OUT PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PVOID Buffer, IN ULONG Length, IN PLARGE_INTEGER ByteOffset OPTIONAL, IN PULONG Key OPTIONAL); EXTERN_C NTSTATUS Sw3NtDeviceIoControlFile( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG IoControlCode, IN PVOID InputBuffer OPTIONAL, IN ULONG InputBufferLength, OUT PVOID OutputBuffer OPTIONAL, IN ULONG OutputBufferLength); EXTERN_C NTSTATUS Sw3NtWriteFile( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PVOID Buffer, IN ULONG Length, IN PLARGE_INTEGER ByteOffset OPTIONAL, IN PULONG Key OPTIONAL); EXTERN_C NTSTATUS Sw3NtRemoveIoCompletion( IN HANDLE IoCompletionHandle, OUT PULONG KeyContext, OUT PULONG ApcContext, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PLARGE_INTEGER Timeout OPTIONAL); EXTERN_C NTSTATUS Sw3NtReleaseSemaphore( IN HANDLE SemaphoreHandle, IN LONG ReleaseCount, OUT PLONG PreviousCount OPTIONAL); EXTERN_C NTSTATUS Sw3NtReplyWaitReceivePort( IN HANDLE PortHandle, OUT PVOID PortContext OPTIONAL, IN PPORT_MESSAGE ReplyMessage OPTIONAL, OUT PPORT_MESSAGE ReceiveMessage); EXTERN_C NTSTATUS Sw3NtReplyPort( IN HANDLE PortHandle, IN PPORT_MESSAGE ReplyMessage); EXTERN_C NTSTATUS Sw3NtSetInformationThread( IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, IN PVOID ThreadInformation, IN ULONG ThreadInformationLength); EXTERN_C NTSTATUS Sw3NtSetEvent( IN HANDLE EventHandle, OUT PULONG PreviousState OPTIONAL); EXTERN_C NTSTATUS Sw3NtClose( IN HANDLE Handle); EXTERN_C NTSTATUS Sw3NtQueryObject( IN HANDLE Handle, IN OBJECT_INFORMATION_CLASS ObjectInformationClass, OUT PVOID ObjectInformation OPTIONAL, IN ULONG ObjectInformationLength, OUT PULONG ReturnLength OPTIONAL); EXTERN_C NTSTATUS Sw3NtQueryInformationFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PVOID FileInformation, IN ULONG Length, IN FILE_INFORMATION_CLASS FileInformationClass); EXTERN_C NTSTATUS Sw3NtOpenKey( OUT PHANDLE KeyHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes); EXTERN_C NTSTATUS Sw3NtEnumerateValueKey( IN HANDLE KeyHandle, IN ULONG Index, IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass, OUT PVOID KeyValueInformation OPTIONAL, IN ULONG Length, OUT PULONG ResultLength); EXTERN_C NTSTATUS Sw3NtFindAtom( IN PWSTR AtomName OPTIONAL, IN ULONG Length, OUT PUSHORT Atom OPTIONAL); EXTERN_C NTSTATUS Sw3NtQueryDefaultLocale( IN BOOLEAN UserProfile, OUT PLCID DefaultLocaleId); EXTERN_C NTSTATUS Sw3NtQueryKey( IN HANDLE KeyHandle, IN KEY_INFORMATION_CLASS KeyInformationClass, OUT PVOID KeyInformation OPTIONAL, IN ULONG Length, OUT PULONG ResultLength); EXTERN_C NTSTATUS Sw3NtQueryValueKey( IN HANDLE KeyHandle, IN PUNICODE_STRING ValueName, IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass, OUT PVOID KeyValueInformation OPTIONAL, IN ULONG Length, OUT PULONG ResultLength); EXTERN_C NTSTATUS Sw3NtAllocateVirtualMemory( IN HANDLE ProcessHandle, IN OUT PVOID * BaseAddress, IN ULONG ZeroBits, IN OUT PSIZE_T RegionSize, IN ULONG AllocationType, IN ULONG Protect); EXTERN_C NTSTATUS Sw3NtQueryInformationProcess( IN HANDLE ProcessHandle, IN PROCESSINFOCLASS ProcessInformationClass, OUT PVOID ProcessInformation, IN ULONG ProcessInformationLength, OUT PULONG ReturnLength OPTIONAL); EXTERN_C NTSTATUS Sw3NtWaitForMultipleObjects32( IN ULONG ObjectCount, IN PHANDLE Handles, IN WAIT_TYPE WaitType, IN BOOLEAN Alertable, IN PLARGE_INTEGER Timeout OPTIONAL); EXTERN_C NTSTATUS Sw3NtWriteFileGather( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PFILE_SEGMENT_ELEMENT SegmentArray, IN ULONG Length, IN PLARGE_INTEGER ByteOffset, IN PULONG Key OPTIONAL); EXTERN_C NTSTATUS Sw3NtCreateKey( OUT PHANDLE KeyHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN ULONG TitleIndex, IN PUNICODE_STRING Class OPTIONAL, IN ULONG CreateOptions, OUT PULONG Disposition OPTIONAL); EXTERN_C NTSTATUS Sw3NtFreeVirtualMemory( IN HANDLE ProcessHandle, IN OUT PVOID * BaseAddress, IN OUT PSIZE_T RegionSize, IN ULONG FreeType); EXTERN_C NTSTATUS Sw3NtImpersonateClientOfPort( IN HANDLE PortHandle, IN PPORT_MESSAGE Message); EXTERN_C NTSTATUS Sw3NtReleaseMutant( IN HANDLE MutantHandle, OUT PULONG PreviousCount OPTIONAL); EXTERN_C NTSTATUS Sw3NtQueryInformationToken( IN HANDLE TokenHandle, IN TOKEN_INFORMATION_CLASS TokenInformationClass, OUT PVOID TokenInformation, IN ULONG TokenInformationLength, OUT PULONG ReturnLength); EXTERN_C NTSTATUS Sw3NtRequestWaitReplyPort( IN HANDLE PortHandle, IN PPORT_MESSAGE RequestMessage, OUT PPORT_MESSAGE ReplyMessage); EXTERN_C NTSTATUS Sw3NtQueryVirtualMemory( IN HANDLE ProcessHandle, IN PVOID BaseAddress, IN MEMORY_INFORMATION_CLASS MemoryInformationClass, OUT PVOID MemoryInformation, IN SIZE_T MemoryInformationLength, OUT PSIZE_T ReturnLength OPTIONAL); EXTERN_C NTSTATUS Sw3NtOpenThreadToken( IN HANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN BOOLEAN OpenAsSelf, OUT PHANDLE TokenHandle); EXTERN_C NTSTATUS Sw3NtQueryInformationThread( IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, OUT PVOID ThreadInformation, IN ULONG ThreadInformationLength, OUT PULONG ReturnLength OPTIONAL); EXTERN_C NTSTATUS Sw3NtOpenProcess( OUT PHANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN PCLIENT_ID ClientId OPTIONAL); EXTERN_C NTSTATUS Sw3NtSetInformationFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PVOID FileInformation, IN ULONG Length, IN FILE_INFORMATION_CLASS FileInformationClass); EXTERN_C NTSTATUS Sw3NtMapViewOfSection( IN HANDLE SectionHandle, IN HANDLE ProcessHandle, IN OUT PVOID BaseAddress, IN ULONG ZeroBits, IN SIZE_T CommitSize, IN OUT PLARGE_INTEGER SectionOffset OPTIONAL, IN OUT PSIZE_T ViewSize, IN SECTION_INHERIT InheritDisposition, IN ULONG AllocationType, IN ULONG Win32Protect); EXTERN_C NTSTATUS Sw3NtAccessCheckAndAuditAlarm( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId OPTIONAL, IN PUNICODE_STRING ObjectTypeName, IN PUNICODE_STRING ObjectName, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN ACCESS_MASK DesiredAccess, IN PGENERIC_MAPPING GenericMapping, IN BOOLEAN ObjectCreation, OUT PACCESS_MASK GrantedAccess, OUT PBOOLEAN AccessStatus, OUT PBOOLEAN GenerateOnClose); EXTERN_C NTSTATUS Sw3NtUnmapViewOfSection( IN HANDLE ProcessHandle, IN PVOID BaseAddress); EXTERN_C NTSTATUS Sw3NtReplyWaitReceivePortEx( IN HANDLE PortHandle, OUT PULONG PortContext OPTIONAL, IN PPORT_MESSAGE ReplyMessage OPTIONAL, OUT PPORT_MESSAGE ReceiveMessage, IN PLARGE_INTEGER Timeout OPTIONAL); EXTERN_C NTSTATUS Sw3NtTerminateProcess( IN HANDLE ProcessHandle OPTIONAL, IN NTSTATUS ExitStatus); EXTERN_C NTSTATUS Sw3NtSetEventBoostPriority( IN HANDLE EventHandle); EXTERN_C NTSTATUS Sw3NtReadFileScatter( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PFILE_SEGMENT_ELEMENT SegmentArray, IN ULONG Length, IN PLARGE_INTEGER ByteOffset OPTIONAL, IN PULONG Key OPTIONAL); EXTERN_C NTSTATUS Sw3NtOpenThreadTokenEx( IN HANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN BOOLEAN OpenAsSelf, IN ULONG HandleAttributes, OUT PHANDLE TokenHandle); EXTERN_C NTSTATUS Sw3NtOpenProcessTokenEx( IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, OUT PHANDLE TokenHandle); EXTERN_C NTSTATUS Sw3NtQueryPerformanceCounter( OUT PLARGE_INTEGER PerformanceCounter, OUT PLARGE_INTEGER PerformanceFrequency OPTIONAL); EXTERN_C NTSTATUS Sw3NtEnumerateKey( IN HANDLE KeyHandle, IN ULONG Index, IN KEY_INFORMATION_CLASS KeyInformationClass, OUT PVOID KeyInformation OPTIONAL, IN ULONG Length, OUT PULONG ResultLength); EXTERN_C NTSTATUS Sw3NtOpenFile( OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG ShareAccess, IN ULONG OpenOptions); EXTERN_C NTSTATUS Sw3NtDelayExecution( IN BOOLEAN Alertable, IN PLARGE_INTEGER DelayInterval); EXTERN_C NTSTATUS Sw3NtQueryDirectoryFile( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PVOID FileInformation, IN ULONG Length, IN FILE_INFORMATION_CLASS FileInformationClass, IN BOOLEAN ReturnSingleEntry, IN PUNICODE_STRING FileName OPTIONAL, IN BOOLEAN RestartScan); EXTERN_C NTSTATUS Sw3NtQuerySystemInformation( IN SYSTEM_INFORMATION_CLASS SystemInformationClass, IN OUT PVOID SystemInformation, IN ULONG SystemInformationLength, OUT PULONG ReturnLength OPTIONAL); EXTERN_C NTSTATUS Sw3NtOpenSection( OUT PHANDLE SectionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes); EXTERN_C NTSTATUS Sw3NtQueryTimer( IN HANDLE TimerHandle, IN TIMER_INFORMATION_CLASS TimerInformationClass, OUT PVOID TimerInformation, IN ULONG TimerInformationLength, OUT PULONG ReturnLength OPTIONAL); EXTERN_C NTSTATUS Sw3NtFsControlFile( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG FsControlCode, IN PVOID InputBuffer OPTIONAL, IN ULONG InputBufferLength, OUT PVOID OutputBuffer OPTIONAL, IN ULONG OutputBufferLength); EXTERN_C NTSTATUS Sw3NtWriteVirtualMemory( IN HANDLE ProcessHandle, IN PVOID BaseAddress, IN PVOID Buffer, IN SIZE_T NumberOfBytesToWrite, OUT PSIZE_T NumberOfBytesWritten OPTIONAL); EXTERN_C NTSTATUS Sw3NtCloseObjectAuditAlarm( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId OPTIONAL, IN BOOLEAN GenerateOnClose); EXTERN_C NTSTATUS Sw3NtDuplicateObject( IN HANDLE SourceProcessHandle, IN HANDLE SourceHandle, IN HANDLE TargetProcessHandle OPTIONAL, OUT PHANDLE TargetHandle OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, IN ULONG Options); EXTERN_C NTSTATUS Sw3NtQueryAttributesFile( IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PFILE_BASIC_INFORMATION FileInformation); EXTERN_C NTSTATUS Sw3NtClearEvent( IN HANDLE EventHandle); EXTERN_C NTSTATUS Sw3NtReadVirtualMemory( IN HANDLE ProcessHandle, IN PVOID BaseAddress OPTIONAL, OUT PVOID Buffer, IN SIZE_T BufferSize, OUT PSIZE_T NumberOfBytesRead OPTIONAL); EXTERN_C NTSTATUS Sw3NtOpenEvent( OUT PHANDLE EventHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes); EXTERN_C NTSTATUS Sw3NtAdjustPrivilegesToken( IN HANDLE TokenHandle, IN BOOLEAN DisableAllPrivileges, IN PTOKEN_PRIVILEGES NewState OPTIONAL, IN ULONG BufferLength, OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL, OUT PULONG ReturnLength OPTIONAL); EXTERN_C NTSTATUS Sw3NtDuplicateToken( IN HANDLE ExistingTokenHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN BOOLEAN EffectiveOnly, IN TOKEN_TYPE TokenType, OUT PHANDLE NewTokenHandle); EXTERN_C NTSTATUS Sw3NtContinue( IN PCONTEXT ContextRecord, IN BOOLEAN TestAlert); EXTERN_C NTSTATUS Sw3NtQueryDefaultUILanguage( OUT PLANGID DefaultUILanguageId); EXTERN_C NTSTATUS Sw3NtQueueApcThread( IN HANDLE ThreadHandle, IN PKNORMAL_ROUTINE ApcRoutine, IN PVOID ApcArgument1 OPTIONAL, IN PVOID ApcArgument2 OPTIONAL, IN PVOID ApcArgument3 OPTIONAL); EXTERN_C NTSTATUS Sw3NtYieldExecution(); EXTERN_C NTSTATUS Sw3NtAddAtom( IN PWSTR AtomName OPTIONAL, IN ULONG Length, OUT PUSHORT Atom OPTIONAL); EXTERN_C NTSTATUS Sw3NtCreateEvent( OUT PHANDLE EventHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN EVENT_TYPE EventType, IN BOOLEAN InitialState); EXTERN_C NTSTATUS Sw3NtQueryVolumeInformationFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PVOID FsInformation, IN ULONG Length, IN FSINFOCLASS FsInformationClass); EXTERN_C NTSTATUS Sw3NtCreateSection( OUT PHANDLE SectionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN PLARGE_INTEGER MaximumSize OPTIONAL, IN ULONG SectionPageProtection, IN ULONG AllocationAttributes, IN HANDLE FileHandle OPTIONAL); EXTERN_C NTSTATUS Sw3NtFlushBuffersFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock); EXTERN_C NTSTATUS Sw3NtApphelpCacheControl( IN APPHELPCACHESERVICECLASS Service, IN PVOID ServiceData); EXTERN_C NTSTATUS Sw3NtCreateProcessEx( OUT PHANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN HANDLE ParentProcess, IN ULONG Flags, IN HANDLE SectionHandle OPTIONAL, IN HANDLE DebugPort OPTIONAL, IN HANDLE ExceptionPort OPTIONAL, IN ULONG JobMemberLevel); EXTERN_C NTSTATUS Sw3NtCreateThread( OUT PHANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN HANDLE ProcessHandle, OUT PCLIENT_ID ClientId, IN PCONTEXT ThreadContext, IN PUSER_STACK InitialTeb, IN BOOLEAN CreateSuspended); EXTERN_C NTSTATUS Sw3NtIsProcessInJob( IN HANDLE ProcessHandle, IN HANDLE JobHandle OPTIONAL); EXTERN_C NTSTATUS Sw3NtProtectVirtualMemory( IN HANDLE ProcessHandle, IN OUT PVOID * BaseAddress, IN OUT PSIZE_T RegionSize, IN ULONG NewProtect, OUT PULONG OldProtect); EXTERN_C NTSTATUS Sw3NtQuerySection( IN HANDLE SectionHandle, IN SECTION_INFORMATION_CLASS SectionInformationClass, OUT PVOID SectionInformation, IN ULONG SectionInformationLength, OUT PULONG ReturnLength OPTIONAL); EXTERN_C NTSTATUS Sw3NtResumeThread( IN HANDLE ThreadHandle, IN OUT PULONG PreviousSuspendCount OPTIONAL); EXTERN_C NTSTATUS Sw3NtTerminateThread( IN HANDLE ThreadHandle, IN NTSTATUS ExitStatus); EXTERN_C NTSTATUS Sw3NtReadRequestData( IN HANDLE PortHandle, IN PPORT_MESSAGE Message, IN ULONG DataEntryIndex, OUT PVOID Buffer, IN ULONG BufferSize, OUT PULONG NumberOfBytesRead OPTIONAL); EXTERN_C NTSTATUS Sw3NtCreateFile( OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PLARGE_INTEGER AllocationSize OPTIONAL, IN ULONG FileAttributes, IN ULONG ShareAccess, IN ULONG CreateDisposition, IN ULONG CreateOptions, IN PVOID EaBuffer OPTIONAL, IN ULONG EaLength); EXTERN_C NTSTATUS Sw3NtQueryEvent( IN HANDLE EventHandle, IN EVENT_INFORMATION_CLASS EventInformationClass, OUT PVOID EventInformation, IN ULONG EventInformationLength, OUT PULONG ReturnLength OPTIONAL); EXTERN_C NTSTATUS Sw3NtWriteRequestData( IN HANDLE PortHandle, IN PPORT_MESSAGE Request, IN ULONG DataIndex, IN PVOID Buffer, IN ULONG Length, OUT PULONG ResultLength OPTIONAL); EXTERN_C NTSTATUS Sw3NtOpenDirectoryObject( OUT PHANDLE DirectoryHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes); EXTERN_C NTSTATUS Sw3NtAccessCheckByTypeAndAuditAlarm( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId OPTIONAL, IN PUNICODE_STRING ObjectTypeName, IN PUNICODE_STRING ObjectName, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID PrincipalSelfSid OPTIONAL, IN ACCESS_MASK DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN ULONG Flags, IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL, IN ULONG ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOLEAN ObjectCreation, OUT PACCESS_MASK GrantedAccess, OUT PULONG AccessStatus, OUT PBOOLEAN GenerateOnClose); EXTERN_C NTSTATUS Sw3NtWaitForMultipleObjects( IN ULONG Count, IN PHANDLE Handles, IN WAIT_TYPE WaitType, IN BOOLEAN Alertable, IN PLARGE_INTEGER Timeout OPTIONAL); EXTERN_C NTSTATUS Sw3NtSetInformationObject( IN HANDLE Handle, IN OBJECT_INFORMATION_CLASS ObjectInformationClass, IN PVOID ObjectInformation, IN ULONG ObjectInformationLength); EXTERN_C NTSTATUS Sw3NtCancelIoFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock); EXTERN_C NTSTATUS Sw3NtTraceEvent( IN HANDLE TraceHandle, IN ULONG Flags, IN ULONG FieldSize, IN PVOID Fields); EXTERN_C NTSTATUS Sw3NtPowerInformation( IN POWER_INFORMATION_LEVEL InformationLevel, IN PVOID InputBuffer OPTIONAL, IN ULONG InputBufferLength, OUT PVOID OutputBuffer OPTIONAL, IN ULONG OutputBufferLength); EXTERN_C NTSTATUS Sw3NtSetValueKey( IN HANDLE KeyHandle, IN PUNICODE_STRING ValueName, IN ULONG TitleIndex OPTIONAL, IN ULONG Type, IN PVOID SystemData, IN ULONG DataSize); EXTERN_C NTSTATUS Sw3NtCancelTimer( IN HANDLE TimerHandle, OUT PBOOLEAN CurrentState OPTIONAL); EXTERN_C NTSTATUS Sw3NtSetTimer( IN HANDLE TimerHandle, IN PLARGE_INTEGER DueTime, IN PTIMER_APC_ROUTINE TimerApcRoutine OPTIONAL, IN PVOID TimerContext OPTIONAL, IN BOOLEAN ResumeTimer, IN LONG Period OPTIONAL, OUT PBOOLEAN PreviousState OPTIONAL); EXTERN_C NTSTATUS Sw3NtAccessCheckByType( IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID PrincipalSelfSid OPTIONAL, IN HANDLE ClientToken, IN ULONG DesiredAccess, IN POBJECT_TYPE_LIST ObjectTypeList, IN ULONG ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, OUT PPRIVILEGE_SET PrivilegeSet, IN OUT PULONG PrivilegeSetLength, OUT PACCESS_MASK GrantedAccess, OUT PULONG AccessStatus); EXTERN_C NTSTATUS Sw3NtAccessCheckByTypeResultList( IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID PrincipalSelfSid OPTIONAL, IN HANDLE ClientToken, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE_LIST ObjectTypeList, IN ULONG ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, OUT PPRIVILEGE_SET PrivilegeSet, IN OUT PULONG PrivilegeSetLength, OUT PACCESS_MASK GrantedAccess, OUT PULONG AccessStatus); EXTERN_C NTSTATUS Sw3NtAccessCheckByTypeResultListAndAuditAlarm( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId OPTIONAL, IN PUNICODE_STRING ObjectTypeName, IN PUNICODE_STRING ObjectName, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID PrincipalSelfSid OPTIONAL, IN ACCESS_MASK DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN ULONG Flags, IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL, IN ULONG ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOLEAN ObjectCreation, OUT PACCESS_MASK GrantedAccess, OUT PULONG AccessStatus, OUT PULONG GenerateOnClose); EXTERN_C NTSTATUS Sw3NtAccessCheckByTypeResultListAndAuditAlarmByHandle( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId OPTIONAL, IN HANDLE ClientToken, IN PUNICODE_STRING ObjectTypeName, IN PUNICODE_STRING ObjectName, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID PrincipalSelfSid OPTIONAL, IN ACCESS_MASK DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN ULONG Flags, IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL, IN ULONG ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOLEAN ObjectCreation, OUT PACCESS_MASK GrantedAccess, OUT PULONG AccessStatus, OUT PULONG GenerateOnClose); EXTERN_C NTSTATUS Sw3NtAcquireProcessActivityReference(); EXTERN_C NTSTATUS Sw3NtAddAtomEx( IN PWSTR AtomName, IN ULONG Length, IN PRTL_ATOM Atom, IN ULONG Flags); EXTERN_C NTSTATUS Sw3NtAddBootEntry( IN PBOOT_ENTRY BootEntry, OUT PULONG Id OPTIONAL); EXTERN_C NTSTATUS Sw3NtAddDriverEntry( IN PEFI_DRIVER_ENTRY DriverEntry, OUT PULONG Id OPTIONAL); EXTERN_C NTSTATUS Sw3NtAdjustGroupsToken( IN HANDLE TokenHandle, IN BOOLEAN ResetToDefault, IN PTOKEN_GROUPS NewState OPTIONAL, IN ULONG BufferLength OPTIONAL, OUT PTOKEN_GROUPS PreviousState OPTIONAL, OUT PULONG ReturnLength); EXTERN_C NTSTATUS Sw3NtAdjustTokenClaimsAndDeviceGroups( IN HANDLE TokenHandle, IN BOOLEAN UserResetToDefault, IN BOOLEAN DeviceResetToDefault, IN BOOLEAN DeviceGroupsResetToDefault, IN PTOKEN_SECURITY_ATTRIBUTES_INFORMATION NewUserState OPTIONAL, IN PTOKEN_SECURITY_ATTRIBUTES_INFORMATION NewDeviceState OPTIONAL, IN PTOKEN_GROUPS NewDeviceGroupsState OPTIONAL, IN ULONG UserBufferLength, OUT PTOKEN_SECURITY_ATTRIBUTES_INFORMATION PreviousUserState OPTIONAL, IN ULONG DeviceBufferLength, OUT PTOKEN_SECURITY_ATTRIBUTES_INFORMATION PreviousDeviceState OPTIONAL, IN ULONG DeviceGroupsBufferLength, OUT PTOKEN_GROUPS PreviousDeviceGroups OPTIONAL, OUT PULONG UserReturnLength OPTIONAL, OUT PULONG DeviceReturnLength OPTIONAL, OUT PULONG DeviceGroupsReturnBufferLength OPTIONAL); EXTERN_C NTSTATUS Sw3NtAlertResumeThread( IN HANDLE ThreadHandle, OUT PULONG PreviousSuspendCount OPTIONAL); EXTERN_C NTSTATUS Sw3NtAlertThread( IN HANDLE ThreadHandle); EXTERN_C NTSTATUS Sw3NtAlertThreadByThreadId( IN ULONG ThreadId); EXTERN_C NTSTATUS Sw3NtAllocateLocallyUniqueId( OUT PLUID Luid); EXTERN_C NTSTATUS Sw3NtAllocateReserveObject( OUT PHANDLE MemoryReserveHandle, IN POBJECT_ATTRIBUTES ObjectAttributes, IN MEMORY_RESERVE_TYPE Type); EXTERN_C NTSTATUS Sw3NtAllocateUserPhysicalPages( IN HANDLE ProcessHandle, IN OUT PULONG NumberOfPages, OUT PULONG UserPfnArray); EXTERN_C NTSTATUS Sw3NtAllocateUuids( OUT PLARGE_INTEGER Time, OUT PULONG Range, OUT PULONG Sequence, OUT PUCHAR Seed); EXTERN_C NTSTATUS Sw3NtAllocateVirtualMemoryEx( IN HANDLE ProcessHandle, IN OUT PPVOID lpAddress, IN ULONG_PTR ZeroBits, IN OUT PSIZE_T pSize, IN ULONG flAllocationType, IN OUT PVOID DataBuffer OPTIONAL, IN ULONG DataCount); EXTERN_C NTSTATUS Sw3NtAlpcAcceptConnectPort( OUT PHANDLE PortHandle, IN HANDLE ConnectionPortHandle, IN ULONG Flags, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN PALPC_PORT_ATTRIBUTES PortAttributes OPTIONAL, IN PVOID PortContext OPTIONAL, IN PPORT_MESSAGE ConnectionRequest, IN OUT PALPC_MESSAGE_ATTRIBUTES ConnectionMessageAttributes OPTIONAL, IN BOOLEAN AcceptConnection); EXTERN_C NTSTATUS Sw3NtAlpcCancelMessage( IN HANDLE PortHandle, IN ULONG Flags, IN PALPC_CONTEXT_ATTR MessageContext); EXTERN_C NTSTATUS Sw3NtAlpcConnectPort( OUT PHANDLE PortHandle, IN PUNICODE_STRING PortName, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN PALPC_PORT_ATTRIBUTES PortAttributes OPTIONAL, IN ULONG Flags, IN PSID RequiredServerSid OPTIONAL, IN OUT PPORT_MESSAGE ConnectionMessage OPTIONAL, IN OUT PULONG BufferLength OPTIONAL, IN OUT PALPC_MESSAGE_ATTRIBUTES OutMessageAttributes OPTIONAL, IN OUT PALPC_MESSAGE_ATTRIBUTES InMessageAttributes OPTIONAL, IN PLARGE_INTEGER Timeout OPTIONAL); EXTERN_C NTSTATUS Sw3NtAlpcConnectPortEx( OUT PHANDLE PortHandle, IN POBJECT_ATTRIBUTES ConnectionPortObjectAttributes, IN POBJECT_ATTRIBUTES ClientPortObjectAttributes OPTIONAL, IN PALPC_PORT_ATTRIBUTES PortAttributes OPTIONAL, IN ULONG Flags, IN PSECURITY_DESCRIPTOR ServerSecurityRequirements OPTIONAL, IN OUT PPORT_MESSAGE ConnectionMessage OPTIONAL, IN OUT PSIZE_T BufferLength OPTIONAL, IN OUT PALPC_MESSAGE_ATTRIBUTES OutMessageAttributes OPTIONAL, IN OUT PALPC_MESSAGE_ATTRIBUTES InMessageAttributes OPTIONAL, IN PLARGE_INTEGER Timeout OPTIONAL); EXTERN_C NTSTATUS Sw3NtAlpcCreatePort( OUT PHANDLE PortHandle, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN PALPC_PORT_ATTRIBUTES PortAttributes OPTIONAL); EXTERN_C NTSTATUS Sw3NtAlpcCreatePortSection( IN HANDLE PortHandle, IN ULONG Flags, IN HANDLE SectionHandle OPTIONAL, IN SIZE_T SectionSize, OUT PHANDLE AlpcSectionHandle, OUT PSIZE_T ActualSectionSize); EXTERN_C NTSTATUS Sw3NtAlpcCreateResourceReserve( IN HANDLE PortHandle, IN ULONG Flags, IN SIZE_T MessageSize, OUT PHANDLE ResourceId); EXTERN_C NTSTATUS Sw3NtAlpcCreateSectionView( IN HANDLE PortHandle, IN ULONG Flags, IN OUT PALPC_DATA_VIEW_ATTR ViewAttributes); EXTERN_C NTSTATUS Sw3NtAlpcCreateSecurityContext( IN HANDLE PortHandle, IN ULONG Flags, IN OUT PALPC_SECURITY_ATTR SecurityAttribute); EXTERN_C NTSTATUS Sw3NtAlpcDeletePortSection( IN HANDLE PortHandle, IN ULONG Flags, IN HANDLE SectionHandle); EXTERN_C NTSTATUS Sw3NtAlpcDeleteResourceReserve( IN HANDLE PortHandle, IN ULONG Flags, IN HANDLE ResourceId); EXTERN_C NTSTATUS Sw3NtAlpcDeleteSectionView( IN HANDLE PortHandle, IN ULONG Flags, IN PVOID ViewBase); EXTERN_C NTSTATUS Sw3NtAlpcDeleteSecurityContext( IN HANDLE PortHandle, IN ULONG Flags, IN HANDLE ContextHandle); EXTERN_C NTSTATUS Sw3NtAlpcDisconnectPort( IN HANDLE PortHandle, IN ULONG Flags); EXTERN_C NTSTATUS Sw3NtAlpcImpersonateClientContainerOfPort( IN HANDLE PortHandle, IN PPORT_MESSAGE Message, IN ULONG Flags); EXTERN_C NTSTATUS Sw3NtAlpcImpersonateClientOfPort( IN HANDLE PortHandle, IN PPORT_MESSAGE Message, IN PVOID Flags); EXTERN_C NTSTATUS Sw3NtAlpcOpenSenderProcess( OUT PHANDLE ProcessHandle, IN HANDLE PortHandle, IN PPORT_MESSAGE PortMessage, IN ULONG Flags, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes); EXTERN_C NTSTATUS Sw3NtAlpcOpenSenderThread( OUT PHANDLE ThreadHandle, IN HANDLE PortHandle, IN PPORT_MESSAGE PortMessage, IN ULONG Flags, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes); EXTERN_C NTSTATUS Sw3NtAlpcQueryInformation( IN HANDLE PortHandle OPTIONAL, IN ALPC_PORT_INFORMATION_CLASS PortInformationClass, IN OUT PVOID PortInformation, IN ULONG Length, OUT PULONG ReturnLength OPTIONAL); EXTERN_C NTSTATUS Sw3NtAlpcQueryInformationMessage( IN HANDLE PortHandle, IN PPORT_MESSAGE PortMessage, IN ALPC_MESSAGE_INFORMATION_CLASS MessageInformationClass, OUT PVOID MessageInformation OPTIONAL, IN ULONG Length, OUT PULONG ReturnLength OPTIONAL); EXTERN_C NTSTATUS Sw3NtAlpcRevokeSecurityContext( IN HANDLE PortHandle, IN ULONG Flags, IN HANDLE ContextHandle); EXTERN_C NTSTATUS Sw3NtAlpcSendWaitReceivePort( IN HANDLE PortHandle, IN ULONG Flags, IN PPORT_MESSAGE SendMessage OPTIONAL, IN OUT PALPC_MESSAGE_ATTRIBUTES SendMessageAttributes OPTIONAL, OUT PPORT_MESSAGE ReceiveMessage OPTIONAL, IN OUT PSIZE_T BufferLength OPTIONAL, IN OUT PALPC_MESSAGE_ATTRIBUTES ReceiveMessageAttributes OPTIONAL, IN PLARGE_INTEGER Timeout OPTIONAL); EXTERN_C NTSTATUS Sw3NtAlpcSetInformation( IN HANDLE PortHandle, IN ALPC_PORT_INFORMATION_CLASS PortInformationClass, IN PVOID PortInformation OPTIONAL, IN ULONG Length); EXTERN_C NTSTATUS Sw3NtAreMappedFilesTheSame( IN PVOID File1MappedAsAnImage, IN PVOID File2MappedAsFile); EXTERN_C NTSTATUS Sw3NtAssignProcessToJobObject( IN HANDLE JobHandle, IN HANDLE ProcessHandle); EXTERN_C NTSTATUS Sw3NtAssociateWaitCompletionPacket( IN HANDLE WaitCompletionPacketHandle, IN HANDLE IoCompletionHandle, IN HANDLE TargetObjectHandle, IN PVOID KeyContext OPTIONAL, IN PVOID ApcContext OPTIONAL, IN NTSTATUS IoStatus, IN ULONG_PTR IoStatusInformation, OUT PBOOLEAN AlreadySignaled OPTIONAL); EXTERN_C NTSTATUS Sw3NtCallEnclave( IN PENCLAVE_ROUTINE Routine, IN PVOID Parameter, IN BOOLEAN WaitForThread, IN OUT PVOID ReturnValue OPTIONAL); EXTERN_C NTSTATUS Sw3NtCancelIoFileEx( IN HANDLE FileHandle, IN PIO_STATUS_BLOCK IoRequestToCancel OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock); EXTERN_C NTSTATUS Sw3NtCancelSynchronousIoFile( IN HANDLE ThreadHandle, IN PIO_STATUS_BLOCK IoRequestToCancel OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock); EXTERN_C NTSTATUS Sw3NtCancelTimer2( IN HANDLE TimerHandle, IN PT2_CANCEL_PARAMETERS Parameters); EXTERN_C NTSTATUS Sw3NtCancelWaitCompletionPacket( IN HANDLE WaitCompletionPacketHandle, IN BOOLEAN RemoveSignaledPacket); EXTERN_C NTSTATUS Sw3NtCommitComplete( IN HANDLE EnlistmentHandle, IN PLARGE_INTEGER TmVirtualClock OPTIONAL); EXTERN_C NTSTATUS Sw3NtCommitEnlistment( IN HANDLE EnlistmentHandle, IN PLARGE_INTEGER TmVirtualClock OPTIONAL); EXTERN_C NTSTATUS Sw3NtCommitRegistryTransaction( IN HANDLE RegistryHandle, IN BOOL Wait); EXTERN_C NTSTATUS Sw3NtCommitTransaction( IN HANDLE TransactionHandle, IN BOOLEAN Wait); EXTERN_C NTSTATUS Sw3NtCompactKeys( IN ULONG Count, IN HANDLE KeyArray); EXTERN_C NTSTATUS Sw3NtCompareObjects( IN HANDLE FirstObjectHandle, IN HANDLE SecondObjectHandle); EXTERN_C NTSTATUS Sw3NtCompareSigningLevels( IN ULONG UnknownParameter1, IN ULONG UnknownParameter2); EXTERN_C NTSTATUS Sw3NtCompareTokens( IN HANDLE FirstTokenHandle, IN HANDLE SecondTokenHandle, OUT PBOOLEAN Equal); EXTERN_C NTSTATUS Sw3NtCompleteConnectPort( IN HANDLE PortHandle); EXTERN_C NTSTATUS Sw3NtCompressKey( IN HANDLE Key); EXTERN_C NTSTATUS Sw3NtConnectPort( OUT PHANDLE PortHandle, IN PUNICODE_STRING PortName, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos, IN OUT PPORT_SECTION_WRITE ClientView OPTIONAL, IN OUT PPORT_SECTION_READ ServerView OPTIONAL, OUT PULONG MaxMessageLength OPTIONAL, IN OUT PVOID ConnectionInformation OPTIONAL, IN OUT PULONG ConnectionInformationLength OPTIONAL); EXTERN_C NTSTATUS Sw3NtConvertBetweenAuxiliaryCounterAndPerformanceCounter( IN ULONG UnknownParameter1, IN ULONG UnknownParameter2, IN ULONG UnknownParameter3, IN ULONG UnknownParameter4); EXTERN_C NTSTATUS Sw3NtCreateDebugObject( OUT PHANDLE DebugObjectHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN ULONG Flags); EXTERN_C NTSTATUS Sw3NtCreateDirectoryObject( OUT PHANDLE DirectoryHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes); EXTERN_C NTSTATUS Sw3NtCreateDirectoryObjectEx( OUT PHANDLE DirectoryHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN HANDLE ShadowDirectoryHandle, IN ULONG Flags); EXTERN_C NTSTATUS Sw3NtCreateEnclave( IN HANDLE ProcessHandle, IN OUT PVOID BaseAddress, IN ULONG_PTR ZeroBits, IN SIZE_T Size, IN SIZE_T InitialCommitment, IN ULONG EnclaveType, IN PVOID EnclaveInformation, IN ULONG EnclaveInformationLength, OUT PULONG EnclaveError OPTIONAL); EXTERN_C NTSTATUS Sw3NtCreateEnlistment( OUT PHANDLE EnlistmentHandle, IN ACCESS_MASK DesiredAccess, IN HANDLE ResourceManagerHandle, IN HANDLE TransactionHandle, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN ULONG CreateOptions OPTIONAL, IN NOTIFICATION_MASK NotificationMask, IN PVOID EnlistmentKey OPTIONAL); EXTERN_C NTSTATUS Sw3NtCreateEventPair( OUT PHANDLE EventPairHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL); EXTERN_C NTSTATUS Sw3NtCreateIRTimer( OUT PHANDLE TimerHandle, IN ACCESS_MASK DesiredAccess); EXTERN_C NTSTATUS Sw3NtCreateIoCompletion( OUT PHANDLE IoCompletionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN ULONG Count OPTIONAL); EXTERN_C NTSTATUS Sw3NtCreateJobObject( OUT PHANDLE JobHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL); EXTERN_C NTSTATUS Sw3NtCreateJobSet( IN ULONG NumJob, IN PJOB_SET_ARRAY UserJobSet, IN ULONG Flags); EXTERN_C NTSTATUS Sw3NtCreateKeyTransacted( OUT PHANDLE KeyHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN ULONG TitleIndex, IN PUNICODE_STRING Class OPTIONAL, IN ULONG CreateOptions, IN HANDLE TransactionHandle, OUT PULONG Disposition OPTIONAL); EXTERN_C NTSTATUS Sw3NtCreateKeyedEvent( OUT PHANDLE KeyedEventHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN ULONG Flags); EXTERN_C NTSTATUS Sw3NtCreateLowBoxToken( OUT PHANDLE TokenHandle, IN HANDLE ExistingTokenHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN PSID PackageSid, IN ULONG CapabilityCount, IN PSID_AND_ATTRIBUTES Capabilities OPTIONAL, IN ULONG HandleCount, IN HANDLE Handles OPTIONAL); EXTERN_C NTSTATUS Sw3NtCreateMailslotFile( OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG CreateOptions, IN ULONG MailslotQuota, IN ULONG MaximumMessageSize, IN PLARGE_INTEGER ReadTimeout); EXTERN_C NTSTATUS Sw3NtCreateMutant( OUT PHANDLE MutantHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN BOOLEAN InitialOwner); EXTERN_C NTSTATUS Sw3NtCreateNamedPipeFile( OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG ShareAccess, IN ULONG CreateDisposition, IN ULONG CreateOptions, IN BOOLEAN NamedPipeType, IN BOOLEAN ReadMode, IN BOOLEAN CompletionMode, IN ULONG MaximumInstances, IN ULONG InboundQuota, IN ULONG OutboundQuota, IN PLARGE_INTEGER DefaultTimeout OPTIONAL); EXTERN_C NTSTATUS Sw3NtCreatePagingFile( IN PUNICODE_STRING PageFileName, IN PULARGE_INTEGER MinimumSize, IN PULARGE_INTEGER MaximumSize, IN ULONG Priority); EXTERN_C NTSTATUS Sw3NtCreatePartition( OUT PHANDLE PartitionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN ULONG PreferredNode); EXTERN_C NTSTATUS Sw3NtCreatePort( OUT PHANDLE PortHandle, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN ULONG MaxConnectionInfoLength, IN ULONG MaxMessageLength, IN ULONG MaxPoolUsage OPTIONAL); EXTERN_C NTSTATUS Sw3NtCreatePrivateNamespace( OUT PHANDLE NamespaceHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN PVOID BoundaryDescriptor); EXTERN_C NTSTATUS Sw3NtCreateProcess( OUT PHANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN HANDLE ParentProcess, IN BOOLEAN InheritObjectTable, IN HANDLE SectionHandle OPTIONAL, IN HANDLE DebugPort OPTIONAL, IN HANDLE ExceptionPort OPTIONAL); EXTERN_C NTSTATUS Sw3NtCreateProfile( OUT PHANDLE ProfileHandle, IN HANDLE Process OPTIONAL, IN PVOID ProfileBase, IN ULONG ProfileSize, IN ULONG BucketSize, IN PULONG Buffer, IN ULONG BufferSize, IN KPROFILE_SOURCE ProfileSource, IN ULONG Affinity); EXTERN_C NTSTATUS Sw3NtCreateProfileEx( OUT PHANDLE ProfileHandle, IN HANDLE Process OPTIONAL, IN PVOID ProfileBase, IN SIZE_T ProfileSize, IN ULONG BucketSize, IN PULONG Buffer, IN ULONG BufferSize, IN KPROFILE_SOURCE ProfileSource, IN USHORT GroupCount, IN PGROUP_AFFINITY GroupAffinity); EXTERN_C NTSTATUS Sw3NtCreateRegistryTransaction( OUT PHANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN DWORD Flags); EXTERN_C NTSTATUS Sw3NtCreateResourceManager( OUT PHANDLE ResourceManagerHandle, IN ACCESS_MASK DesiredAccess, IN HANDLE TmHandle, IN LPGUID RmGuid, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN ULONG CreateOptions OPTIONAL, IN PUNICODE_STRING Description OPTIONAL); EXTERN_C NTSTATUS Sw3NtCreateSemaphore( OUT PHANDLE SemaphoreHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN LONG InitialCount, IN LONG MaximumCount); EXTERN_C NTSTATUS Sw3NtCreateSymbolicLinkObject( OUT PHANDLE LinkHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN PUNICODE_STRING LinkTarget); EXTERN_C NTSTATUS Sw3NtCreateThreadEx( OUT PHANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN HANDLE ProcessHandle, IN PVOID StartRoutine, IN PVOID Argument OPTIONAL, IN ULONG CreateFlags, IN SIZE_T ZeroBits, IN SIZE_T StackSize, IN SIZE_T MaximumStackSize, IN PPS_ATTRIBUTE_LIST AttributeList OPTIONAL); EXTERN_C NTSTATUS Sw3NtCreateTimer( OUT PHANDLE TimerHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN TIMER_TYPE TimerType); EXTERN_C NTSTATUS Sw3NtCreateTimer2( OUT PHANDLE TimerHandle, IN PVOID Reserved1 OPTIONAL, IN PVOID Reserved2 OPTIONAL, IN ULONG Attributes, IN ACCESS_MASK DesiredAccess); EXTERN_C NTSTATUS Sw3NtCreateToken( OUT PHANDLE TokenHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN TOKEN_TYPE TokenType, IN PLUID AuthenticationId, IN PLARGE_INTEGER ExpirationTime, IN PTOKEN_USER User, IN PTOKEN_GROUPS Groups, IN PTOKEN_PRIVILEGES Privileges, IN PTOKEN_OWNER Owner OPTIONAL, IN PTOKEN_PRIMARY_GROUP PrimaryGroup, IN PTOKEN_DEFAULT_DACL DefaultDacl OPTIONAL, IN PTOKEN_SOURCE TokenSource); EXTERN_C NTSTATUS Sw3NtCreateTokenEx( OUT PHANDLE TokenHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN TOKEN_TYPE TokenType, IN PLUID AuthenticationId, IN PLARGE_INTEGER ExpirationTime, IN PTOKEN_USER User, IN PTOKEN_GROUPS Groups, IN PTOKEN_PRIVILEGES Privileges, IN PTOKEN_SECURITY_ATTRIBUTES_INFORMATION UserAttributes OPTIONAL, IN PTOKEN_SECURITY_ATTRIBUTES_INFORMATION DeviceAttributes OPTIONAL, IN PTOKEN_GROUPS DeviceGroups OPTIONAL, IN PTOKEN_MANDATORY_POLICY TokenMandatoryPolicy OPTIONAL, IN PTOKEN_OWNER Owner OPTIONAL, IN PTOKEN_PRIMARY_GROUP PrimaryGroup, IN PTOKEN_DEFAULT_DACL DefaultDacl OPTIONAL, IN PTOKEN_SOURCE TokenSource); EXTERN_C NTSTATUS Sw3NtCreateTransaction( OUT PHANDLE TransactionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN LPGUID Uow OPTIONAL, IN HANDLE TmHandle OPTIONAL, IN ULONG CreateOptions OPTIONAL, IN ULONG IsolationLevel OPTIONAL, IN ULONG IsolationFlags OPTIONAL, IN PLARGE_INTEGER Timeout OPTIONAL, IN PUNICODE_STRING Description OPTIONAL); EXTERN_C NTSTATUS Sw3NtCreateTransactionManager( OUT PHANDLE TmHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN PUNICODE_STRING LogFileName OPTIONAL, IN ULONG CreateOptions OPTIONAL, IN ULONG CommitStrength OPTIONAL); EXTERN_C NTSTATUS Sw3NtCreateUserProcess( OUT PHANDLE ProcessHandle, OUT PHANDLE ThreadHandle, IN ACCESS_MASK ProcessDesiredAccess, IN ACCESS_MASK ThreadDesiredAccess, IN POBJECT_ATTRIBUTES ProcessObjectAttributes OPTIONAL, IN POBJECT_ATTRIBUTES ThreadObjectAttributes OPTIONAL, IN ULONG ProcessFlags, IN ULONG ThreadFlags, IN PVOID ProcessParameters OPTIONAL, IN OUT PPS_CREATE_INFO CreateInfo, IN PPS_ATTRIBUTE_LIST AttributeList OPTIONAL); EXTERN_C NTSTATUS Sw3NtCreateWaitCompletionPacket( OUT PHANDLE WaitCompletionPacketHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL); EXTERN_C NTSTATUS Sw3NtCreateWaitablePort( OUT PHANDLE PortHandle, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN ULONG MaxConnectionInfoLength, IN ULONG MaxMessageLength, IN ULONG MaxPoolUsage OPTIONAL); EXTERN_C NTSTATUS Sw3NtCreateWnfStateName( OUT PCWNF_STATE_NAME StateName, IN WNF_STATE_NAME_LIFETIME NameLifetime, IN WNF_DATA_SCOPE DataScope, IN BOOLEAN PersistData, IN PCWNF_TYPE_ID TypeId OPTIONAL, IN ULONG MaximumStateSize, IN PSECURITY_DESCRIPTOR SecurityDescriptor); EXTERN_C NTSTATUS Sw3NtCreateWorkerFactory( OUT PHANDLE WorkerFactoryHandleReturn, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN HANDLE CompletionPortHandle, IN HANDLE WorkerProcessHandle, IN PVOID StartRoutine, IN PVOID StartParameter OPTIONAL, IN ULONG MaxThreadCount OPTIONAL, IN SIZE_T StackReserve OPTIONAL, IN SIZE_T StackCommit OPTIONAL); EXTERN_C NTSTATUS Sw3NtDebugActiveProcess( IN HANDLE ProcessHandle, IN HANDLE DebugObjectHandle); EXTERN_C NTSTATUS Sw3NtDebugContinue( IN HANDLE DebugObjectHandle, IN PCLIENT_ID ClientId, IN NTSTATUS ContinueStatus); EXTERN_C NTSTATUS Sw3NtDeleteAtom( IN USHORT Atom); EXTERN_C NTSTATUS Sw3NtDeleteBootEntry( IN ULONG Id); EXTERN_C NTSTATUS Sw3NtDeleteDriverEntry( IN ULONG Id); EXTERN_C NTSTATUS Sw3NtDeleteFile( IN POBJECT_ATTRIBUTES ObjectAttributes); EXTERN_C NTSTATUS Sw3NtDeleteKey( IN HANDLE KeyHandle); EXTERN_C NTSTATUS Sw3NtDeleteObjectAuditAlarm( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId OPTIONAL, IN BOOLEAN GenerateOnClose); EXTERN_C NTSTATUS Sw3NtDeletePrivateNamespace( IN HANDLE NamespaceHandle); EXTERN_C NTSTATUS Sw3NtDeleteValueKey( IN HANDLE KeyHandle, IN PUNICODE_STRING ValueName); EXTERN_C NTSTATUS Sw3NtDeleteWnfStateData( IN PCWNF_STATE_NAME StateName, IN PVOID ExplicitScope OPTIONAL); EXTERN_C NTSTATUS Sw3NtDeleteWnfStateName( IN PCWNF_STATE_NAME StateName); EXTERN_C NTSTATUS Sw3NtDisableLastKnownGood(); EXTERN_C NTSTATUS Sw3NtDisplayString( IN PUNICODE_STRING String); EXTERN_C NTSTATUS Sw3NtDrawText( IN PUNICODE_STRING String); EXTERN_C NTSTATUS Sw3NtEnableLastKnownGood(); EXTERN_C NTSTATUS Sw3NtEnumerateBootEntries( OUT PVOID Buffer OPTIONAL, IN OUT PULONG BufferLength); EXTERN_C NTSTATUS Sw3NtEnumerateDriverEntries( OUT PVOID Buffer OPTIONAL, IN OUT PULONG BufferLength); EXTERN_C NTSTATUS Sw3NtEnumerateSystemEnvironmentValuesEx( IN ULONG InformationClass, OUT PVOID Buffer, IN OUT PULONG BufferLength); EXTERN_C NTSTATUS Sw3NtEnumerateTransactionObject( IN HANDLE RootObjectHandle OPTIONAL, IN KTMOBJECT_TYPE QueryType, IN OUT PKTMOBJECT_CURSOR ObjectCursor, IN ULONG ObjectCursorLength, OUT PULONG ReturnLength); EXTERN_C NTSTATUS Sw3NtExtendSection( IN HANDLE SectionHandle, IN OUT PLARGE_INTEGER NewSectionSize); EXTERN_C NTSTATUS Sw3NtFilterBootOption( IN FILTER_BOOT_OPTION_OPERATION FilterOperation, IN ULONG ObjectType, IN ULONG ElementType, IN PVOID SystemData OPTIONAL, IN ULONG DataSize); EXTERN_C NTSTATUS Sw3NtFilterToken( IN HANDLE ExistingTokenHandle, IN ULONG Flags, IN PTOKEN_GROUPS SidsToDisable OPTIONAL, IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL, IN PTOKEN_GROUPS RestrictedSids OPTIONAL, OUT PHANDLE NewTokenHandle); EXTERN_C NTSTATUS Sw3NtFilterTokenEx( IN HANDLE TokenHandle, IN ULONG Flags, IN PTOKEN_GROUPS SidsToDisable OPTIONAL, IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL, IN PTOKEN_GROUPS RestrictedSids OPTIONAL, IN ULONG DisableUserClaimsCount, IN PUNICODE_STRING UserClaimsToDisable OPTIONAL, IN ULONG DisableDeviceClaimsCount, IN PUNICODE_STRING DeviceClaimsToDisable OPTIONAL, IN PTOKEN_GROUPS DeviceGroupsToDisable OPTIONAL, IN PTOKEN_SECURITY_ATTRIBUTES_INFORMATION RestrictedUserAttributes OPTIONAL, IN PTOKEN_SECURITY_ATTRIBUTES_INFORMATION RestrictedDeviceAttributes OPTIONAL, IN PTOKEN_GROUPS RestrictedDeviceGroups OPTIONAL, OUT PHANDLE NewTokenHandle); EXTERN_C NTSTATUS Sw3NtFlushBuffersFileEx( IN HANDLE FileHandle, IN ULONG Flags, IN PVOID Parameters, IN ULONG ParametersSize, OUT PIO_STATUS_BLOCK IoStatusBlock); EXTERN_C NTSTATUS Sw3NtFlushInstallUILanguage( IN LANGID InstallUILanguage, IN ULONG SetComittedFlag); EXTERN_C NTSTATUS Sw3NtFlushInstructionCache( IN HANDLE ProcessHandle, IN PVOID BaseAddress OPTIONAL, IN ULONG Length); EXTERN_C NTSTATUS Sw3NtFlushKey( IN HANDLE KeyHandle); EXTERN_C NTSTATUS Sw3NtFlushProcessWriteBuffers(); EXTERN_C NTSTATUS Sw3NtFlushVirtualMemory( IN HANDLE ProcessHandle, IN OUT PVOID BaseAddress, IN OUT PULONG RegionSize, OUT PIO_STATUS_BLOCK IoStatusBlock); EXTERN_C NTSTATUS Sw3NtFlushWriteBuffer(); EXTERN_C NTSTATUS Sw3NtFreeUserPhysicalPages( IN HANDLE ProcessHandle, IN OUT PULONG NumberOfPages, IN PULONG UserPfnArray); EXTERN_C NTSTATUS Sw3NtFreezeRegistry( IN ULONG TimeOutInSeconds); EXTERN_C NTSTATUS Sw3NtFreezeTransactions( IN PLARGE_INTEGER FreezeTimeout, IN PLARGE_INTEGER ThawTimeout); EXTERN_C NTSTATUS Sw3NtGetCachedSigningLevel( IN HANDLE File, OUT PULONG Flags, OUT PSE_SIGNING_LEVEL SigningLevel, OUT PUCHAR Thumbprint OPTIONAL, IN OUT PULONG ThumbprintSize OPTIONAL, OUT PULONG ThumbprintAlgorithm OPTIONAL); EXTERN_C NTSTATUS Sw3NtGetCompleteWnfStateSubscription( IN PCWNF_STATE_NAME OldDescriptorStateName OPTIONAL, IN PLARGE_INTEGER OldSubscriptionId OPTIONAL, IN ULONG OldDescriptorEventMask OPTIONAL, IN ULONG OldDescriptorStatus OPTIONAL, OUT PWNF_DELIVERY_DESCRIPTOR NewDeliveryDescriptor, IN ULONG DescriptorSize); EXTERN_C NTSTATUS Sw3NtGetContextThread( IN HANDLE ThreadHandle, IN OUT PCONTEXT ThreadContext); EXTERN_C NTSTATUS Sw3NtGetCurrentProcessorNumber(); EXTERN_C NTSTATUS Sw3NtGetCurrentProcessorNumberEx( OUT PULONG ProcNumber OPTIONAL); EXTERN_C NTSTATUS Sw3NtGetDevicePowerState( IN HANDLE Device, OUT PDEVICE_POWER_STATE State); EXTERN_C NTSTATUS Sw3NtGetMUIRegistryInfo( IN ULONG Flags, IN OUT PULONG DataSize, OUT PVOID SystemData); EXTERN_C NTSTATUS Sw3NtGetNextProcess( IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, IN ULONG Flags, OUT PHANDLE NewProcessHandle); EXTERN_C NTSTATUS Sw3NtGetNextThread( IN HANDLE ProcessHandle, IN HANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, IN ULONG Flags, OUT PHANDLE NewThreadHandle); EXTERN_C NTSTATUS Sw3NtGetNlsSectionPtr( IN ULONG SectionType, IN ULONG SectionData, IN PVOID ContextData, OUT PVOID SectionPointer, OUT PULONG SectionSize); EXTERN_C NTSTATUS Sw3NtGetNotificationResourceManager( IN HANDLE ResourceManagerHandle, OUT PTRANSACTION_NOTIFICATION TransactionNotification, IN ULONG NotificationLength, IN PLARGE_INTEGER Timeout OPTIONAL, OUT PULONG ReturnLength OPTIONAL, IN ULONG Asynchronous, IN ULONG AsynchronousContext OPTIONAL); EXTERN_C NTSTATUS Sw3NtGetWriteWatch( IN HANDLE ProcessHandle, IN ULONG Flags, IN PVOID BaseAddress, IN ULONG RegionSize, OUT PULONG UserAddressArray, IN OUT PULONG EntriesInUserAddressArray, OUT PULONG Granularity); EXTERN_C NTSTATUS Sw3NtImpersonateAnonymousToken( IN HANDLE ThreadHandle); EXTERN_C NTSTATUS Sw3NtImpersonateThread( IN HANDLE ServerThreadHandle, IN HANDLE ClientThreadHandle, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos); EXTERN_C NTSTATUS Sw3NtInitializeEnclave( IN HANDLE ProcessHandle, IN PVOID BaseAddress, IN PVOID EnclaveInformation, IN ULONG EnclaveInformationLength, OUT PULONG EnclaveError OPTIONAL); EXTERN_C NTSTATUS Sw3NtInitializeNlsFiles( OUT PVOID BaseAddress, OUT PLCID DefaultLocaleId, OUT PLARGE_INTEGER DefaultCasingTableSize); EXTERN_C NTSTATUS Sw3NtInitializeRegistry( IN USHORT BootCondition); EXTERN_C NTSTATUS Sw3NtInitiatePowerAction( IN POWER_ACTION SystemAction, IN SYSTEM_POWER_STATE LightestSystemState, IN ULONG Flags, IN BOOLEAN Asynchronous); EXTERN_C NTSTATUS Sw3NtIsSystemResumeAutomatic(); EXTERN_C NTSTATUS Sw3NtIsUILanguageComitted(); EXTERN_C NTSTATUS Sw3NtListenPort( IN HANDLE PortHandle, OUT PPORT_MESSAGE ConnectionRequest); EXTERN_C NTSTATUS Sw3NtLoadDriver( IN PUNICODE_STRING DriverServiceName); EXTERN_C NTSTATUS Sw3NtLoadEnclaveData( IN HANDLE ProcessHandle, IN PVOID BaseAddress, IN PVOID Buffer, IN SIZE_T BufferSize, IN ULONG Protect, IN PVOID PageInformation, IN ULONG PageInformationLength, OUT PSIZE_T NumberOfBytesWritten OPTIONAL, OUT PULONG EnclaveError OPTIONAL); EXTERN_C NTSTATUS Sw3NtLoadHotPatch( IN PUNICODE_STRING HotPatchName, IN ULONG LoadFlag); EXTERN_C NTSTATUS Sw3NtLoadKey( IN POBJECT_ATTRIBUTES TargetKey, IN POBJECT_ATTRIBUTES SourceFile); EXTERN_C NTSTATUS Sw3NtLoadKey2( IN POBJECT_ATTRIBUTES TargetKey, IN POBJECT_ATTRIBUTES SourceFile, IN ULONG Flags); EXTERN_C NTSTATUS Sw3NtLoadKeyEx( IN POBJECT_ATTRIBUTES TargetKey, IN POBJECT_ATTRIBUTES SourceFile, IN ULONG Flags, IN HANDLE TrustClassKey OPTIONAL, IN HANDLE Event OPTIONAL, IN ACCESS_MASK DesiredAccess OPTIONAL, OUT PHANDLE RootHandle OPTIONAL, OUT PIO_STATUS_BLOCK IoStatus OPTIONAL); EXTERN_C NTSTATUS Sw3NtLockFile( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PULARGE_INTEGER ByteOffset, IN PULARGE_INTEGER Length, IN ULONG Key, IN BOOLEAN FailImmediately, IN BOOLEAN ExclusiveLock); EXTERN_C NTSTATUS Sw3NtLockProductActivationKeys( IN OUT PULONG pPrivateVer OPTIONAL, OUT PULONG pSafeMode OPTIONAL); EXTERN_C NTSTATUS Sw3NtLockRegistryKey( IN HANDLE KeyHandle); EXTERN_C NTSTATUS Sw3NtLockVirtualMemory( IN HANDLE ProcessHandle, IN PVOID BaseAddress, IN PULONG RegionSize, IN ULONG MapType); EXTERN_C NTSTATUS Sw3NtMakePermanentObject( IN HANDLE Handle); EXTERN_C NTSTATUS Sw3NtMakeTemporaryObject( IN HANDLE Handle); EXTERN_C NTSTATUS Sw3NtManagePartition( IN HANDLE TargetHandle, IN HANDLE SourceHandle, IN MEMORY_PARTITION_INFORMATION_CLASS PartitionInformationClass, IN OUT PVOID PartitionInformation, IN ULONG PartitionInformationLength); EXTERN_C NTSTATUS Sw3NtMapCMFModule( IN ULONG What, IN ULONG Index, OUT PULONG CacheIndexOut OPTIONAL, OUT PULONG CacheFlagsOut OPTIONAL, OUT PULONG ViewSizeOut OPTIONAL, OUT PVOID BaseAddress OPTIONAL); EXTERN_C NTSTATUS Sw3NtMapUserPhysicalPages( IN PVOID VirtualAddress, IN PULONG NumberOfPages, IN PULONG UserPfnArray OPTIONAL); EXTERN_C NTSTATUS Sw3NtMapViewOfSectionEx( IN HANDLE SectionHandle, IN HANDLE ProcessHandle, IN OUT PLARGE_INTEGER SectionOffset, IN OUT PPVOID BaseAddress, IN OUT PSIZE_T ViewSize, IN ULONG AllocationType, IN ULONG Protect, IN OUT PVOID DataBuffer OPTIONAL, IN ULONG DataCount); EXTERN_C NTSTATUS Sw3NtModifyBootEntry( IN PBOOT_ENTRY BootEntry); EXTERN_C NTSTATUS Sw3NtModifyDriverEntry( IN PEFI_DRIVER_ENTRY DriverEntry); EXTERN_C NTSTATUS Sw3NtNotifyChangeDirectoryFile( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PFILE_NOTIFY_INFORMATION Buffer, IN ULONG Length, IN ULONG CompletionFilter, IN BOOLEAN WatchTree); EXTERN_C NTSTATUS Sw3NtNotifyChangeDirectoryFileEx( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PVOID Buffer, IN ULONG Length, IN ULONG CompletionFilter, IN BOOLEAN WatchTree, IN DIRECTORY_NOTIFY_INFORMATION_CLASS DirectoryNotifyInformationClass OPTIONAL); EXTERN_C NTSTATUS Sw3NtNotifyChangeKey( IN HANDLE KeyHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG CompletionFilter, IN BOOLEAN WatchTree, OUT PVOID Buffer OPTIONAL, IN ULONG BufferSize, IN BOOLEAN Asynchronous); EXTERN_C NTSTATUS Sw3NtNotifyChangeMultipleKeys( IN HANDLE MasterKeyHandle, IN ULONG Count OPTIONAL, IN POBJECT_ATTRIBUTES SubordinateObjects OPTIONAL, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG CompletionFilter, IN BOOLEAN WatchTree, OUT PVOID Buffer OPTIONAL, IN ULONG BufferSize, IN BOOLEAN Asynchronous); EXTERN_C NTSTATUS Sw3NtNotifyChangeSession( IN HANDLE SessionHandle, IN ULONG ChangeSequenceNumber, IN PLARGE_INTEGER ChangeTimeStamp, IN IO_SESSION_EVENT Event, IN IO_SESSION_STATE NewState, IN IO_SESSION_STATE PreviousState, IN PVOID Payload OPTIONAL, IN ULONG PayloadSize); EXTERN_C NTSTATUS Sw3NtOpenEnlistment( OUT PHANDLE EnlistmentHandle, IN ACCESS_MASK DesiredAccess, IN HANDLE ResourceManagerHandle, IN LPGUID EnlistmentGuid, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL); EXTERN_C NTSTATUS Sw3NtOpenEventPair( OUT PHANDLE EventPairHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes); EXTERN_C NTSTATUS Sw3NtOpenIoCompletion( OUT PHANDLE IoCompletionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes); EXTERN_C NTSTATUS Sw3NtOpenJobObject( OUT PHANDLE JobHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes); EXTERN_C NTSTATUS Sw3NtOpenKeyEx( OUT PHANDLE KeyHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN ULONG OpenOptions); EXTERN_C NTSTATUS Sw3NtOpenKeyTransacted( OUT PHANDLE KeyHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN HANDLE TransactionHandle); EXTERN_C NTSTATUS Sw3NtOpenKeyTransactedEx( OUT PHANDLE KeyHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN ULONG OpenOptions, IN HANDLE TransactionHandle); EXTERN_C NTSTATUS Sw3NtOpenKeyedEvent( OUT PHANDLE KeyedEventHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes); EXTERN_C NTSTATUS Sw3NtOpenMutant( OUT PHANDLE MutantHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes); EXTERN_C NTSTATUS Sw3NtOpenObjectAuditAlarm( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId OPTIONAL, IN PUNICODE_STRING ObjectTypeName, IN PUNICODE_STRING ObjectName, IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL, IN HANDLE ClientToken, IN ACCESS_MASK DesiredAccess, IN ACCESS_MASK GrantedAccess, IN PPRIVILEGE_SET Privileges OPTIONAL, IN BOOLEAN ObjectCreation, IN BOOLEAN AccessGranted, OUT PBOOLEAN GenerateOnClose); EXTERN_C NTSTATUS Sw3NtOpenPartition( OUT PHANDLE PartitionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes); EXTERN_C NTSTATUS Sw3NtOpenPrivateNamespace( OUT PHANDLE NamespaceHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN PVOID BoundaryDescriptor); EXTERN_C NTSTATUS Sw3NtOpenProcessToken( IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, OUT PHANDLE TokenHandle); EXTERN_C NTSTATUS Sw3NtOpenRegistryTransaction( OUT PHANDLE RegistryHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes); EXTERN_C NTSTATUS Sw3NtOpenResourceManager( OUT PHANDLE ResourceManagerHandle, IN ACCESS_MASK DesiredAccess, IN HANDLE TmHandle, IN LPGUID ResourceManagerGuid OPTIONAL, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL); EXTERN_C NTSTATUS Sw3NtOpenSemaphore( OUT PHANDLE SemaphoreHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes); EXTERN_C NTSTATUS Sw3NtOpenSession( OUT PHANDLE SessionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes); EXTERN_C NTSTATUS Sw3NtOpenSymbolicLinkObject( OUT PHANDLE LinkHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes); EXTERN_C NTSTATUS Sw3NtOpenThread( OUT PHANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN PCLIENT_ID ClientId OPTIONAL); EXTERN_C NTSTATUS Sw3NtOpenTimer( OUT PHANDLE TimerHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes); EXTERN_C NTSTATUS Sw3NtOpenTransaction( OUT PHANDLE TransactionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN LPGUID Uow, IN HANDLE TmHandle OPTIONAL); EXTERN_C NTSTATUS Sw3NtOpenTransactionManager( OUT PHANDLE TmHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN PUNICODE_STRING LogFileName OPTIONAL, IN LPGUID TmIdentity OPTIONAL, IN ULONG OpenOptions OPTIONAL); EXTERN_C NTSTATUS Sw3NtPlugPlayControl( IN PLUGPLAY_CONTROL_CLASS PnPControlClass, IN OUT PVOID PnPControlData, IN ULONG PnPControlDataLength); EXTERN_C NTSTATUS Sw3NtPrePrepareComplete( IN HANDLE EnlistmentHandle, IN PLARGE_INTEGER TmVirtualClock OPTIONAL); EXTERN_C NTSTATUS Sw3NtPrePrepareEnlistment( IN HANDLE EnlistmentHandle, IN PLARGE_INTEGER TmVirtualClock OPTIONAL); EXTERN_C NTSTATUS Sw3NtPrepareComplete( IN HANDLE EnlistmentHandle, IN PLARGE_INTEGER TmVirtualClock OPTIONAL); EXTERN_C NTSTATUS Sw3NtPrepareEnlistment( IN HANDLE EnlistmentHandle, IN PLARGE_INTEGER TmVirtualClock OPTIONAL); EXTERN_C NTSTATUS Sw3NtPrivilegeCheck( IN HANDLE ClientToken, IN OUT PPRIVILEGE_SET RequiredPrivileges, OUT PBOOLEAN Result); EXTERN_C NTSTATUS Sw3NtPrivilegeObjectAuditAlarm( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId OPTIONAL, IN HANDLE ClientToken, IN ACCESS_MASK DesiredAccess, IN PPRIVILEGE_SET Privileges, IN BOOLEAN AccessGranted); EXTERN_C NTSTATUS Sw3NtPrivilegedServiceAuditAlarm( IN PUNICODE_STRING SubsystemName, IN PUNICODE_STRING ServiceName, IN HANDLE ClientToken, IN PPRIVILEGE_SET Privileges, IN BOOLEAN AccessGranted); EXTERN_C NTSTATUS Sw3NtPropagationComplete( IN HANDLE ResourceManagerHandle, IN ULONG RequestCookie, IN ULONG BufferLength, IN PVOID Buffer); EXTERN_C NTSTATUS Sw3NtPropagationFailed( IN HANDLE ResourceManagerHandle, IN ULONG RequestCookie, IN NTSTATUS PropStatus); EXTERN_C NTSTATUS Sw3NtPulseEvent( IN HANDLE EventHandle, OUT PULONG PreviousState OPTIONAL); EXTERN_C NTSTATUS Sw3NtQueryAuxiliaryCounterFrequency( OUT PULONGLONG lpAuxiliaryCounterFrequency); EXTERN_C NTSTATUS Sw3NtQueryBootEntryOrder( OUT PULONG Ids OPTIONAL, IN OUT PULONG Count); EXTERN_C NTSTATUS Sw3NtQueryBootOptions( OUT PBOOT_OPTIONS BootOptions OPTIONAL, IN OUT PULONG BootOptionsLength); EXTERN_C NTSTATUS Sw3NtQueryDebugFilterState( IN ULONG ComponentId, IN ULONG Level); EXTERN_C NTSTATUS Sw3NtQueryDirectoryFileEx( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PVOID FileInformation, IN ULONG Length, IN FILE_INFORMATION_CLASS FileInformationClass, IN ULONG QueryFlags, IN PUNICODE_STRING FileName OPTIONAL); EXTERN_C NTSTATUS Sw3NtQueryDirectoryObject( IN HANDLE DirectoryHandle, OUT PVOID Buffer OPTIONAL, IN ULONG Length, IN BOOLEAN ReturnSingleEntry, IN BOOLEAN RestartScan, IN OUT PULONG Context, OUT PULONG ReturnLength OPTIONAL); EXTERN_C NTSTATUS Sw3NtQueryDriverEntryOrder( IN PULONG Ids OPTIONAL, IN OUT PULONG Count); EXTERN_C NTSTATUS Sw3NtQueryEaFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PFILE_FULL_EA_INFORMATION Buffer, IN ULONG Length, IN BOOLEAN ReturnSingleEntry, IN PFILE_GET_EA_INFORMATION EaList OPTIONAL, IN ULONG EaListLength, IN PULONG EaIndex OPTIONAL, IN BOOLEAN RestartScan); EXTERN_C NTSTATUS Sw3NtQueryFullAttributesFile( IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation); EXTERN_C NTSTATUS Sw3NtQueryInformationAtom( IN USHORT Atom, IN ATOM_INFORMATION_CLASS AtomInformationClass, OUT PVOID AtomInformation, IN ULONG AtomInformationLength, OUT PULONG ReturnLength OPTIONAL); EXTERN_C NTSTATUS Sw3NtQueryInformationByName( IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PVOID FileInformation, IN ULONG Length, IN FILE_INFORMATION_CLASS FileInformationClass); EXTERN_C NTSTATUS Sw3NtQueryInformationEnlistment( IN HANDLE EnlistmentHandle, IN ENLISTMENT_INFORMATION_CLASS EnlistmentInformationClass, OUT PVOID EnlistmentInformation, IN ULONG EnlistmentInformationLength, OUT PULONG ReturnLength OPTIONAL); EXTERN_C NTSTATUS Sw3NtQueryInformationJobObject( IN HANDLE JobHandle, IN JOBOBJECTINFOCLASS JobObjectInformationClass, OUT PVOID JobObjectInformation, IN ULONG JobObjectInformationLength, OUT PULONG ReturnLength OPTIONAL); EXTERN_C NTSTATUS Sw3NtQueryInformationPort( IN HANDLE PortHandle, IN PORT_INFORMATION_CLASS PortInformationClass, OUT PVOID PortInformation, IN ULONG Length, OUT PULONG ReturnLength OPTIONAL); EXTERN_C NTSTATUS Sw3NtQueryInformationResourceManager( IN HANDLE ResourceManagerHandle, IN RESOURCEMANAGER_INFORMATION_CLASS ResourceManagerInformationClass, OUT PVOID ResourceManagerInformation, IN ULONG ResourceManagerInformationLength, OUT PULONG ReturnLength OPTIONAL); EXTERN_C NTSTATUS Sw3NtQueryInformationTransaction( IN HANDLE TransactionHandle, IN TRANSACTION_INFORMATION_CLASS TransactionInformationClass, OUT PVOID TransactionInformation, IN ULONG TransactionInformationLength, OUT PULONG ReturnLength OPTIONAL); EXTERN_C NTSTATUS Sw3NtQueryInformationTransactionManager( IN HANDLE TransactionManagerHandle, IN TRANSACTIONMANAGER_INFORMATION_CLASS TransactionManagerInformationClass, OUT PVOID TransactionManagerInformation, IN ULONG TransactionManagerInformationLength, OUT PULONG ReturnLength OPTIONAL); EXTERN_C NTSTATUS Sw3NtQueryInformationWorkerFactory( IN HANDLE WorkerFactoryHandle, IN WORKERFACTORYINFOCLASS WorkerFactoryInformationClass, OUT PVOID WorkerFactoryInformation, IN ULONG WorkerFactoryInformationLength, OUT PULONG ReturnLength OPTIONAL); EXTERN_C NTSTATUS Sw3NtQueryInstallUILanguage( OUT PLANGID InstallUILanguageId); EXTERN_C NTSTATUS Sw3NtQueryIntervalProfile( IN KPROFILE_SOURCE ProfileSource, OUT PULONG Interval); EXTERN_C NTSTATUS Sw3NtQueryIoCompletion( IN HANDLE IoCompletionHandle, IN IO_COMPLETION_INFORMATION_CLASS IoCompletionInformationClass, OUT PVOID IoCompletionInformation, IN ULONG IoCompletionInformationLength, OUT PULONG ReturnLength OPTIONAL); EXTERN_C NTSTATUS Sw3NtQueryLicenseValue( IN PUNICODE_STRING ValueName, OUT PULONG Type OPTIONAL, OUT PVOID SystemData OPTIONAL, IN ULONG DataSize, OUT PULONG ResultDataSize); EXTERN_C NTSTATUS Sw3NtQueryMultipleValueKey( IN HANDLE KeyHandle, IN OUT PKEY_VALUE_ENTRY ValueEntries, IN ULONG EntryCount, OUT PVOID ValueBuffer, IN PULONG BufferLength, OUT PULONG RequiredBufferLength OPTIONAL); EXTERN_C NTSTATUS Sw3NtQueryMutant( IN HANDLE MutantHandle, IN MUTANT_INFORMATION_CLASS MutantInformationClass, OUT PVOID MutantInformation, IN ULONG MutantInformationLength, OUT PULONG ReturnLength OPTIONAL); EXTERN_C NTSTATUS Sw3NtQueryOpenSubKeys( IN POBJECT_ATTRIBUTES TargetKey, OUT PULONG HandleCount); EXTERN_C NTSTATUS Sw3NtQueryOpenSubKeysEx( IN POBJECT_ATTRIBUTES TargetKey, IN ULONG BufferLength, OUT PVOID Buffer, OUT PULONG RequiredSize); EXTERN_C NTSTATUS Sw3NtQueryPortInformationProcess(); EXTERN_C NTSTATUS Sw3NtQueryQuotaInformationFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PFILE_USER_QUOTA_INFORMATION Buffer, IN ULONG Length, IN BOOLEAN ReturnSingleEntry, IN PFILE_QUOTA_LIST_INFORMATION SidList OPTIONAL, IN ULONG SidListLength, IN PSID StartSid OPTIONAL, IN BOOLEAN RestartScan); EXTERN_C NTSTATUS Sw3NtQuerySecurityAttributesToken( IN HANDLE TokenHandle, IN PUNICODE_STRING Attributes OPTIONAL, IN ULONG NumberOfAttributes, OUT PVOID Buffer, IN ULONG Length, OUT PULONG ReturnLength); EXTERN_C NTSTATUS Sw3NtQuerySecurityObject( IN HANDLE Handle, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL, IN ULONG Length, OUT PULONG LengthNeeded); EXTERN_C NTSTATUS Sw3NtQuerySecurityPolicy( IN ULONG_PTR UnknownParameter1, IN ULONG_PTR UnknownParameter2, IN ULONG_PTR UnknownParameter3, IN ULONG_PTR UnknownParameter4, IN ULONG_PTR UnknownParameter5, IN ULONG_PTR UnknownParameter6); EXTERN_C NTSTATUS Sw3NtQuerySemaphore( IN HANDLE SemaphoreHandle, IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass, OUT PVOID SemaphoreInformation, IN ULONG SemaphoreInformationLength, OUT PULONG ReturnLength OPTIONAL); EXTERN_C NTSTATUS Sw3NtQuerySymbolicLinkObject( IN HANDLE LinkHandle, IN OUT PUNICODE_STRING LinkTarget, OUT PULONG ReturnedLength OPTIONAL); EXTERN_C NTSTATUS Sw3NtQuerySystemEnvironmentValue( IN PUNICODE_STRING VariableName, OUT PVOID VariableValue, IN ULONG ValueLength, OUT PULONG ReturnLength OPTIONAL); EXTERN_C NTSTATUS Sw3NtQuerySystemEnvironmentValueEx( IN PUNICODE_STRING VariableName, IN LPGUID VendorGuid, OUT PVOID Value OPTIONAL, IN OUT PULONG ValueLength, OUT PULONG Attributes OPTIONAL); EXTERN_C NTSTATUS Sw3NtQuerySystemInformationEx( IN SYSTEM_INFORMATION_CLASS SystemInformationClass, IN PVOID InputBuffer, IN ULONG InputBufferLength, OUT PVOID SystemInformation OPTIONAL, IN ULONG SystemInformationLength, OUT PULONG ReturnLength OPTIONAL); EXTERN_C NTSTATUS Sw3NtQueryTimerResolution( OUT PULONG MaximumTime, OUT PULONG MinimumTime, OUT PULONG CurrentTime); EXTERN_C NTSTATUS Sw3NtQueryWnfStateData( IN PCWNF_STATE_NAME StateName, IN PCWNF_TYPE_ID TypeId OPTIONAL, IN PVOID ExplicitScope OPTIONAL, OUT PWNF_CHANGE_STAMP ChangeStamp, OUT PVOID Buffer OPTIONAL, IN OUT PULONG BufferSize); EXTERN_C NTSTATUS Sw3NtQueryWnfStateNameInformation( IN PCWNF_STATE_NAME StateName, IN PCWNF_TYPE_ID NameInfoClass, IN PVOID ExplicitScope OPTIONAL, OUT PVOID InfoBuffer, IN ULONG InfoBufferSize); EXTERN_C NTSTATUS Sw3NtQueueApcThreadEx( IN HANDLE ThreadHandle, IN HANDLE UserApcReserveHandle OPTIONAL, IN PKNORMAL_ROUTINE ApcRoutine, IN PVOID ApcArgument1 OPTIONAL, IN PVOID ApcArgument2 OPTIONAL, IN PVOID ApcArgument3 OPTIONAL); EXTERN_C NTSTATUS Sw3NtRaiseException( IN PEXCEPTION_RECORD ExceptionRecord, IN PCONTEXT ContextRecord, IN BOOLEAN FirstChance); EXTERN_C NTSTATUS Sw3NtRaiseHardError( IN NTSTATUS ErrorStatus, IN ULONG NumberOfParameters, IN ULONG UnicodeStringParameterMask, IN PULONG_PTR Parameters, IN ULONG ValidResponseOptions, OUT PULONG Response); EXTERN_C NTSTATUS Sw3NtReadOnlyEnlistment( IN HANDLE EnlistmentHandle, IN PLARGE_INTEGER TmVirtualClock OPTIONAL); EXTERN_C NTSTATUS Sw3NtRecoverEnlistment( IN HANDLE EnlistmentHandle, IN PVOID EnlistmentKey OPTIONAL); EXTERN_C NTSTATUS Sw3NtRecoverResourceManager( IN HANDLE ResourceManagerHandle); EXTERN_C NTSTATUS Sw3NtRecoverTransactionManager( IN HANDLE TransactionManagerHandle); EXTERN_C NTSTATUS Sw3NtRegisterProtocolAddressInformation( IN HANDLE ResourceManager, IN LPGUID ProtocolId, IN ULONG ProtocolInformationSize, IN PVOID ProtocolInformation, IN ULONG CreateOptions OPTIONAL); EXTERN_C NTSTATUS Sw3NtRegisterThreadTerminatePort( IN HANDLE PortHandle); EXTERN_C NTSTATUS Sw3NtReleaseKeyedEvent( IN HANDLE KeyedEventHandle, IN PVOID KeyValue, IN BOOLEAN Alertable, IN PLARGE_INTEGER Timeout OPTIONAL); EXTERN_C NTSTATUS Sw3NtReleaseWorkerFactoryWorker( IN HANDLE WorkerFactoryHandle); EXTERN_C NTSTATUS Sw3NtRemoveIoCompletionEx( IN HANDLE IoCompletionHandle, OUT PFILE_IO_COMPLETION_INFORMATION IoCompletionInformation, IN ULONG Count, OUT PULONG NumEntriesRemoved, IN PLARGE_INTEGER Timeout OPTIONAL, IN BOOLEAN Alertable); EXTERN_C NTSTATUS Sw3NtRemoveProcessDebug( IN HANDLE ProcessHandle, IN HANDLE DebugObjectHandle); EXTERN_C NTSTATUS Sw3NtRenameKey( IN HANDLE KeyHandle, IN PUNICODE_STRING NewName); EXTERN_C NTSTATUS Sw3NtRenameTransactionManager( IN PUNICODE_STRING LogFileName, IN LPGUID ExistingTransactionManagerGuid); EXTERN_C NTSTATUS Sw3NtReplaceKey( IN POBJECT_ATTRIBUTES NewFile, IN HANDLE TargetHandle, IN POBJECT_ATTRIBUTES OldFile); EXTERN_C NTSTATUS Sw3NtReplacePartitionUnit( IN PUNICODE_STRING TargetInstancePath, IN PUNICODE_STRING SpareInstancePath, IN ULONG Flags); EXTERN_C NTSTATUS Sw3NtReplyWaitReplyPort( IN HANDLE PortHandle, IN OUT PPORT_MESSAGE ReplyMessage); EXTERN_C NTSTATUS Sw3NtRequestPort( IN HANDLE PortHandle, IN PPORT_MESSAGE RequestMessage); EXTERN_C NTSTATUS Sw3NtResetEvent( IN HANDLE EventHandle, OUT PULONG PreviousState OPTIONAL); EXTERN_C NTSTATUS Sw3NtResetWriteWatch( IN HANDLE ProcessHandle, IN PVOID BaseAddress, IN ULONG RegionSize); EXTERN_C NTSTATUS Sw3NtRestoreKey( IN HANDLE KeyHandle, IN HANDLE FileHandle, IN ULONG Flags); EXTERN_C NTSTATUS Sw3NtResumeProcess( IN HANDLE ProcessHandle); EXTERN_C NTSTATUS Sw3NtRevertContainerImpersonation(); EXTERN_C NTSTATUS Sw3NtRollbackComplete( IN HANDLE EnlistmentHandle, IN PLARGE_INTEGER TmVirtualClock OPTIONAL); EXTERN_C NTSTATUS Sw3NtRollbackEnlistment( IN HANDLE EnlistmentHandle, IN PLARGE_INTEGER TmVirtualClock OPTIONAL); EXTERN_C NTSTATUS Sw3NtRollbackRegistryTransaction( IN HANDLE RegistryHandle, IN BOOL Wait); EXTERN_C NTSTATUS Sw3NtRollbackTransaction( IN HANDLE TransactionHandle, IN BOOLEAN Wait); EXTERN_C NTSTATUS Sw3NtRollforwardTransactionManager( IN HANDLE TransactionManagerHandle, IN PLARGE_INTEGER TmVirtualClock OPTIONAL); EXTERN_C NTSTATUS Sw3NtSaveKey( IN HANDLE KeyHandle, IN HANDLE FileHandle); EXTERN_C NTSTATUS Sw3NtSaveKeyEx( IN HANDLE KeyHandle, IN HANDLE FileHandle, IN ULONG Format); EXTERN_C NTSTATUS Sw3NtSaveMergedKeys( IN HANDLE HighPrecedenceKeyHandle, IN HANDLE LowPrecedenceKeyHandle, IN HANDLE FileHandle); EXTERN_C NTSTATUS Sw3NtSecureConnectPort( OUT PHANDLE PortHandle, IN PUNICODE_STRING PortName, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos, IN OUT PPORT_SECTION_WRITE ClientView OPTIONAL, IN PSID RequiredServerSid OPTIONAL, IN OUT PPORT_SECTION_READ ServerView OPTIONAL, OUT PULONG MaxMessageLength OPTIONAL, IN OUT PVOID ConnectionInformation OPTIONAL, IN OUT PULONG ConnectionInformationLength OPTIONAL); EXTERN_C NTSTATUS Sw3NtSerializeBoot(); EXTERN_C NTSTATUS Sw3NtSetBootEntryOrder( IN PULONG Ids, IN ULONG Count); EXTERN_C NTSTATUS Sw3NtSetBootOptions( IN PBOOT_OPTIONS BootOptions, IN ULONG FieldsToChange); EXTERN_C NTSTATUS Sw3NtSetCachedSigningLevel( IN ULONG Flags, IN SE_SIGNING_LEVEL InputSigningLevel, IN PHANDLE SourceFiles, IN ULONG SourceFileCount, IN HANDLE TargetFile OPTIONAL); EXTERN_C NTSTATUS Sw3NtSetCachedSigningLevel2( IN ULONG Flags, IN ULONG InputSigningLevel, IN PHANDLE SourceFiles, IN ULONG SourceFileCount, IN HANDLE TargetFile OPTIONAL, IN PVOID LevelInformation OPTIONAL); EXTERN_C NTSTATUS Sw3NtSetContextThread( IN HANDLE ThreadHandle, IN PCONTEXT Context); EXTERN_C NTSTATUS Sw3NtSetDebugFilterState( IN ULONG ComponentId, IN ULONG Level, IN BOOLEAN State); EXTERN_C NTSTATUS Sw3NtSetDefaultHardErrorPort( IN HANDLE PortHandle); EXTERN_C NTSTATUS Sw3NtSetDefaultLocale( IN BOOLEAN UserProfile, IN LCID DefaultLocaleId); EXTERN_C NTSTATUS Sw3NtSetDefaultUILanguage( IN LANGID DefaultUILanguageId); EXTERN_C NTSTATUS Sw3NtSetDriverEntryOrder( IN PULONG Ids, IN PULONG Count); EXTERN_C NTSTATUS Sw3NtSetEaFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaBufferSize); EXTERN_C NTSTATUS Sw3NtSetHighEventPair( IN HANDLE EventPairHandle); EXTERN_C NTSTATUS Sw3NtSetHighWaitLowEventPair( IN HANDLE EventPairHandle); EXTERN_C NTSTATUS Sw3NtSetIRTimer( IN HANDLE TimerHandle, IN PLARGE_INTEGER DueTime OPTIONAL); EXTERN_C NTSTATUS Sw3NtSetInformationDebugObject( IN HANDLE DebugObject, IN DEBUGOBJECTINFOCLASS InformationClass, IN PVOID Information, IN ULONG InformationLength, OUT PULONG ReturnLength OPTIONAL); EXTERN_C NTSTATUS Sw3NtSetInformationEnlistment( IN HANDLE EnlistmentHandle, IN ENLISTMENT_INFORMATION_CLASS EnlistmentInformationClass, IN PVOID EnlistmentInformation, IN ULONG EnlistmentInformationLength); EXTERN_C NTSTATUS Sw3NtSetInformationJobObject( IN HANDLE JobHandle, IN JOBOBJECTINFOCLASS JobObjectInformationClass, IN PVOID JobObjectInformation, IN ULONG JobObjectInformationLength); EXTERN_C NTSTATUS Sw3NtSetInformationKey( IN HANDLE KeyHandle, IN KEY_SET_INFORMATION_CLASS KeySetInformationClass, IN PVOID KeySetInformation, IN ULONG KeySetInformationLength); EXTERN_C NTSTATUS Sw3NtSetInformationResourceManager( IN HANDLE ResourceManagerHandle, IN RESOURCEMANAGER_INFORMATION_CLASS ResourceManagerInformationClass, IN PVOID ResourceManagerInformation, IN ULONG ResourceManagerInformationLength); EXTERN_C NTSTATUS Sw3NtSetInformationSymbolicLink( IN HANDLE Handle, IN ULONG Class, IN PVOID Buffer, IN ULONG BufferLength); EXTERN_C NTSTATUS Sw3NtSetInformationToken( IN HANDLE TokenHandle, IN TOKEN_INFORMATION_CLASS TokenInformationClass, IN PVOID TokenInformation, IN ULONG TokenInformationLength); EXTERN_C NTSTATUS Sw3NtSetInformationTransaction( IN HANDLE TransactionHandle, IN TRANSACTIONMANAGER_INFORMATION_CLASS TransactionInformationClass, IN PVOID TransactionInformation, IN ULONG TransactionInformationLength); EXTERN_C NTSTATUS Sw3NtSetInformationTransactionManager( IN HANDLE TransactionHandle, IN TRANSACTION_INFORMATION_CLASS TransactionInformationClass, IN PVOID TransactionInformation, IN ULONG TransactionInformationLength); EXTERN_C NTSTATUS Sw3NtSetInformationVirtualMemory( IN HANDLE ProcessHandle, IN VIRTUAL_MEMORY_INFORMATION_CLASS VmInformationClass, IN ULONG_PTR NumberOfEntries, IN PMEMORY_RANGE_ENTRY VirtualAddresses, IN PVOID VmInformation, IN ULONG VmInformationLength); EXTERN_C NTSTATUS Sw3NtSetInformationWorkerFactory( IN HANDLE WorkerFactoryHandle, IN WORKERFACTORYINFOCLASS WorkerFactoryInformationClass, IN PVOID WorkerFactoryInformation, IN ULONG WorkerFactoryInformationLength); EXTERN_C NTSTATUS Sw3NtSetIntervalProfile( IN ULONG Interval, IN KPROFILE_SOURCE Source); EXTERN_C NTSTATUS Sw3NtSetIoCompletion( IN HANDLE IoCompletionHandle, IN ULONG CompletionKey, OUT PIO_STATUS_BLOCK IoStatusBlock, IN NTSTATUS CompletionStatus, IN ULONG NumberOfBytesTransfered); EXTERN_C NTSTATUS Sw3NtSetIoCompletionEx( IN HANDLE IoCompletionHandle, IN HANDLE IoCompletionPacketHandle, IN PVOID KeyContext OPTIONAL, IN PVOID ApcContext OPTIONAL, IN NTSTATUS IoStatus, IN ULONG_PTR IoStatusInformation); EXTERN_C NTSTATUS Sw3NtSetLdtEntries( IN ULONG Selector0, IN ULONG Entry0Low, IN ULONG Entry0Hi, IN ULONG Selector1, IN ULONG Entry1Low, IN ULONG Entry1Hi); EXTERN_C NTSTATUS Sw3NtSetLowEventPair( IN HANDLE EventPairHandle); EXTERN_C NTSTATUS Sw3NtSetLowWaitHighEventPair( IN HANDLE EventPairHandle); EXTERN_C NTSTATUS Sw3NtSetQuotaInformationFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PFILE_USER_QUOTA_INFORMATION Buffer, IN ULONG Length); EXTERN_C NTSTATUS Sw3NtSetSecurityObject( IN HANDLE ObjectHandle, IN SECURITY_INFORMATION SecurityInformationClass, IN PSECURITY_DESCRIPTOR DescriptorBuffer); EXTERN_C NTSTATUS Sw3NtSetSystemEnvironmentValue( IN PUNICODE_STRING VariableName, IN PUNICODE_STRING Value); EXTERN_C NTSTATUS Sw3NtSetSystemEnvironmentValueEx( IN PUNICODE_STRING VariableName, IN LPGUID VendorGuid, IN PVOID Value OPTIONAL, IN ULONG ValueLength, IN ULONG Attributes); EXTERN_C NTSTATUS Sw3NtSetSystemInformation( IN SYSTEM_INFORMATION_CLASS SystemInformationClass, IN PVOID SystemInformation, IN ULONG SystemInformationLength); EXTERN_C NTSTATUS Sw3NtSetSystemPowerState( IN POWER_ACTION SystemAction, IN SYSTEM_POWER_STATE MinSystemState, IN ULONG Flags); EXTERN_C NTSTATUS Sw3NtSetSystemTime( IN PLARGE_INTEGER SystemTime, OUT PLARGE_INTEGER PreviousTime OPTIONAL); EXTERN_C NTSTATUS Sw3NtSetThreadExecutionState( IN EXECUTION_STATE ExecutionState, OUT PEXECUTION_STATE PreviousExecutionState); EXTERN_C NTSTATUS Sw3NtSetTimer2( IN HANDLE TimerHandle, IN PLARGE_INTEGER DueTime, IN PLARGE_INTEGER Period OPTIONAL, IN PT2_SET_PARAMETERS Parameters); EXTERN_C NTSTATUS Sw3NtSetTimerEx( IN HANDLE TimerHandle, IN TIMER_SET_INFORMATION_CLASS TimerSetInformationClass, IN OUT PVOID TimerSetInformation OPTIONAL, IN ULONG TimerSetInformationLength); EXTERN_C NTSTATUS Sw3NtSetTimerResolution( IN ULONG DesiredResolution, IN BOOLEAN SetResolution, OUT PULONG CurrentResolution); EXTERN_C NTSTATUS Sw3NtSetUuidSeed( IN PUCHAR Seed); EXTERN_C NTSTATUS Sw3NtSetVolumeInformationFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PVOID FileSystemInformation, IN ULONG Length, IN FSINFOCLASS FileSystemInformationClass); EXTERN_C NTSTATUS Sw3NtSetWnfProcessNotificationEvent( IN HANDLE NotificationEvent); EXTERN_C NTSTATUS Sw3NtShutdownSystem( IN SHUTDOWN_ACTION Action); EXTERN_C NTSTATUS Sw3NtShutdownWorkerFactory( IN HANDLE WorkerFactoryHandle, IN OUT PLONG PendingWorkerCount); EXTERN_C NTSTATUS Sw3NtSignalAndWaitForSingleObject( IN HANDLE hObjectToSignal, IN HANDLE hObjectToWaitOn, IN BOOLEAN bAlertable, IN PLARGE_INTEGER dwMilliseconds OPTIONAL); EXTERN_C NTSTATUS Sw3NtSinglePhaseReject( IN HANDLE EnlistmentHandle, IN PLARGE_INTEGER TmVirtualClock OPTIONAL); EXTERN_C NTSTATUS Sw3NtStartProfile( IN HANDLE ProfileHandle); EXTERN_C NTSTATUS Sw3NtStopProfile( IN HANDLE ProfileHandle); EXTERN_C NTSTATUS Sw3NtSubscribeWnfStateChange( IN PCWNF_STATE_NAME StateName, IN WNF_CHANGE_STAMP ChangeStamp OPTIONAL, IN ULONG EventMask, OUT PLARGE_INTEGER SubscriptionId OPTIONAL); EXTERN_C NTSTATUS Sw3NtSuspendProcess( IN HANDLE ProcessHandle); EXTERN_C NTSTATUS Sw3NtSuspendThread( IN HANDLE ThreadHandle, OUT PULONG PreviousSuspendCount); EXTERN_C NTSTATUS Sw3NtSystemDebugControl( IN DEBUG_CONTROL_CODE Command, IN PVOID InputBuffer OPTIONAL, IN ULONG InputBufferLength, OUT PVOID OutputBuffer OPTIONAL, IN ULONG OutputBufferLength, OUT PULONG ReturnLength OPTIONAL); EXTERN_C NTSTATUS Sw3NtTerminateEnclave( IN PVOID BaseAddress, IN BOOLEAN WaitForThread); EXTERN_C NTSTATUS Sw3NtTerminateJobObject( IN HANDLE JobHandle, IN NTSTATUS ExitStatus); EXTERN_C NTSTATUS Sw3NtTestAlert(); EXTERN_C NTSTATUS Sw3NtThawRegistry(); EXTERN_C NTSTATUS Sw3NtThawTransactions(); EXTERN_C NTSTATUS Sw3NtTraceControl( IN ULONG FunctionCode, IN PVOID InputBuffer OPTIONAL, IN ULONG InputBufferLength, OUT PVOID OutputBuffer OPTIONAL, IN ULONG OutputBufferLength, OUT PULONG ReturnLength); EXTERN_C NTSTATUS Sw3NtTranslateFilePath( IN PFILE_PATH InputFilePath, IN ULONG OutputType, OUT PFILE_PATH OutputFilePath OPTIONAL, IN OUT PULONG OutputFilePathLength OPTIONAL); EXTERN_C NTSTATUS Sw3NtUmsThreadYield( IN PVOID SchedulerParam); EXTERN_C NTSTATUS Sw3NtUnloadDriver( IN PUNICODE_STRING DriverServiceName); EXTERN_C NTSTATUS Sw3NtUnloadKey( IN POBJECT_ATTRIBUTES DestinationKeyName); EXTERN_C NTSTATUS Sw3NtUnloadKey2( IN POBJECT_ATTRIBUTES TargetKey, IN ULONG Flags); EXTERN_C NTSTATUS Sw3NtUnloadKeyEx( IN POBJECT_ATTRIBUTES TargetKey, IN HANDLE Event OPTIONAL); EXTERN_C NTSTATUS Sw3NtUnlockFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PULARGE_INTEGER ByteOffset, IN PULARGE_INTEGER Length, IN ULONG Key); EXTERN_C NTSTATUS Sw3NtUnlockVirtualMemory( IN HANDLE ProcessHandle, IN PVOID * BaseAddress, IN PSIZE_T NumberOfBytesToUnlock, IN ULONG LockType); EXTERN_C NTSTATUS Sw3NtUnmapViewOfSectionEx( IN HANDLE ProcessHandle, IN PVOID BaseAddress OPTIONAL, IN ULONG Flags); EXTERN_C NTSTATUS Sw3NtUnsubscribeWnfStateChange( IN PCWNF_STATE_NAME StateName); EXTERN_C NTSTATUS Sw3NtUpdateWnfStateData( IN PCWNF_STATE_NAME StateName, IN PVOID Buffer OPTIONAL, IN ULONG Length OPTIONAL, IN PCWNF_TYPE_ID TypeId OPTIONAL, IN PVOID ExplicitScope OPTIONAL, IN WNF_CHANGE_STAMP MatchingChangeStamp, IN ULONG CheckStamp); EXTERN_C NTSTATUS Sw3NtVdmControl( IN VDMSERVICECLASS Service, IN OUT PVOID ServiceData); EXTERN_C NTSTATUS Sw3NtWaitForAlertByThreadId( IN HANDLE Handle, IN PLARGE_INTEGER Timeout OPTIONAL); EXTERN_C NTSTATUS Sw3NtWaitForDebugEvent( IN HANDLE DebugObjectHandle, IN BOOLEAN Alertable, IN PLARGE_INTEGER Timeout OPTIONAL, OUT PVOID WaitStateChange); EXTERN_C NTSTATUS Sw3NtWaitForKeyedEvent( IN HANDLE KeyedEventHandle, IN PVOID Key, IN BOOLEAN Alertable, IN PLARGE_INTEGER Timeout OPTIONAL); EXTERN_C NTSTATUS Sw3NtWaitForWorkViaWorkerFactory( IN HANDLE WorkerFactoryHandle, OUT PVOID MiniPacket); EXTERN_C NTSTATUS Sw3NtWaitHighEventPair( IN HANDLE EventHandle); EXTERN_C NTSTATUS Sw3NtWaitLowEventPair( IN HANDLE EventHandle); EXTERN_C NTSTATUS Sw3NtAcquireCMFViewOwnership( OUT BOOLEAN TimeStamp, OUT BOOLEAN TokenTaken, IN BOOLEAN ReplaceExisting); EXTERN_C NTSTATUS Sw3NtCancelDeviceWakeupRequest( IN HANDLE DeviceHandle); EXTERN_C NTSTATUS Sw3NtClearAllSavepointsTransaction( IN HANDLE TransactionHandle); EXTERN_C NTSTATUS Sw3NtClearSavepointTransaction( IN HANDLE TransactionHandle, IN ULONG SavePointId); EXTERN_C NTSTATUS Sw3NtRollbackSavepointTransaction( IN HANDLE TransactionHandle, IN ULONG SavePointId); EXTERN_C NTSTATUS Sw3NtSavepointTransaction( IN HANDLE TransactionHandle, IN BOOLEAN Flag, OUT ULONG SavePointId); EXTERN_C NTSTATUS Sw3NtSavepointComplete( IN HANDLE TransactionHandle, IN PLARGE_INTEGER TmVirtualClock OPTIONAL); EXTERN_C NTSTATUS Sw3NtCreateSectionEx( OUT PHANDLE SectionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN PLARGE_INTEGER MaximumSize OPTIONAL, IN ULONG SectionPageProtection, IN ULONG AllocationAttributes, IN HANDLE FileHandle OPTIONAL, IN PMEM_EXTENDED_PARAMETER ExtendedParameters, IN ULONG ExtendedParametersCount); EXTERN_C NTSTATUS Sw3NtCreateCrossVmEvent(); EXTERN_C NTSTATUS Sw3NtGetPlugPlayEvent( IN HANDLE EventHandle, IN PVOID Context OPTIONAL, OUT PPLUGPLAY_EVENT_BLOCK EventBlock, IN ULONG EventBufferSize); EXTERN_C NTSTATUS Sw3NtListTransactions(); EXTERN_C NTSTATUS Sw3NtMarshallTransaction(); EXTERN_C NTSTATUS Sw3NtPullTransaction(); EXTERN_C NTSTATUS Sw3NtReleaseCMFViewOwnership(); EXTERN_C NTSTATUS Sw3NtWaitForWnfNotifications(); EXTERN_C NTSTATUS Sw3NtStartTm(); EXTERN_C NTSTATUS Sw3NtSetInformationProcess( IN HANDLE DeviceHandle, IN PROCESSINFOCLASS ProcessInformationClass, IN PVOID ProcessInformation, IN ULONG Length); EXTERN_C NTSTATUS Sw3NtRequestDeviceWakeup( IN HANDLE DeviceHandle); EXTERN_C NTSTATUS Sw3NtRequestWakeupLatency( IN ULONG LatencyTime); EXTERN_C NTSTATUS Sw3NtQuerySystemTime( OUT PLARGE_INTEGER SystemTime); EXTERN_C NTSTATUS Sw3NtManageHotPatch( IN ULONG UnknownParameter1, IN ULONG UnknownParameter2, IN ULONG UnknownParameter3, IN ULONG UnknownParameter4); EXTERN_C NTSTATUS Sw3NtContinueEx( IN PCONTEXT ContextRecord, IN PKCONTINUE_ARGUMENT ContinueArgument); #endif //#define DEBUG #define JUMPER #ifdef _M_IX86 EXTERN_C PVOID internal_cleancall_wow64_gate(VOID) { return (PVOID)__readfsdword(0xC0); } __declspec(naked) BOOL local_is_wow64(void) { __asm { mov eax, fs:[0xc0] test eax, eax jne wow64 mov eax, 0 ret wow64: mov eax, 1 ret } } #endif // Code below is adapted from @modexpblog. Read linked article for more details. // https://www.mdsec.co.uk/2020/12/bypassing-user-mode-hooks-and-direct-invocation-of-system-calls-for-red-teams SW3_SYSCALL_LIST SW3_SyscallList; // SEARCH_AND_REPLACE #ifdef SEARCH_AND_REPLACE // THIS IS NOT DEFINED HERE; don't know if I'll add it in a future release EXTERN void SearchAndReplace(unsigned char[], unsigned char[]); #endif DWORD SW3_HashSyscall(PCSTR FunctionName) { DWORD i = 0; DWORD Hash = SW3_SEED; while (FunctionName[i]) { WORD PartialName = *(WORD*)((ULONG_PTR)FunctionName + i++); Hash ^= PartialName + SW3_ROR8(Hash); } return Hash; } #ifndef JUMPER PVOID SC_Address(PVOID NtApiAddress) { return NULL; } #else PVOID SC_Address(PVOID NtApiAddress) { DWORD searchLimit = 512; PVOID SyscallAddress; #ifdef _WIN64 // If the process is 64-bit on a 64-bit OS, we need to search for syscall BYTE syscall_code[] = { 0x0f, 0x05, 0xc3 }; ULONG distance_to_syscall = 0x12; #else // If the process is 32-bit on a 32-bit OS, we need to search for sysenter BYTE syscall_code[] = { 0x0f, 0x34, 0xc3 }; ULONG distance_to_syscall = 0x0f; #endif #ifdef _M_IX86 // If the process is 32-bit on a 64-bit OS, we need to jump to WOW32Reserved if (local_is_wow64()) { #ifdef DEBUG // printf("[+] Running 32-bit app on x64 (WOW64)\n"); #endif return NULL; } #endif // we don't really care if there is a 'jmp' between // NtApiAddress and the 'syscall; ret' instructions SyscallAddress = SW3_RVA2VA(PVOID, NtApiAddress, distance_to_syscall); int match = 1; // Assume a match initially for (size_t i = 0; i < sizeof(syscall_code); i++) { if (((BYTE*)syscall_code)[i] != ((BYTE*)SyscallAddress)[i]) { match = 0; // Set match to 0 if any byte doesn't match break; } } if (match) { // we can use the original code for this system call :) #if defined(DEBUG) // printf("Found Syscall Opcodes at address 0x%p\n", SyscallAddress); #endif return SyscallAddress; } // the 'syscall; ret' intructions have not been found, // we will try to use one near it, similarly to HalosGate for (ULONG32 num_jumps = 1; num_jumps < searchLimit; num_jumps++) { // let's try with an Nt* API below our syscall SyscallAddress = SW3_RVA2VA( PVOID, NtApiAddress, distance_to_syscall + num_jumps * 0x20); match = 1; // Assume a match initially for (size_t i = 0; i < sizeof(syscall_code); i++) { if (((BYTE*)syscall_code)[i] != ((BYTE*)SyscallAddress)[i]) { match = 0; // Set match to 0 if any byte doesn't match break; } } if (match) { // we can use the original code for this system call :) #if defined(DEBUG) // printf("Found Syscall Opcodes at address 0x%p\n", SyscallAddress); #endif return SyscallAddress; } // let's try with an Nt* API above our syscall SyscallAddress = SW3_RVA2VA( PVOID, NtApiAddress, distance_to_syscall - num_jumps * 0x20); match = 1; // Assume a match initially for (size_t i = 0; i < sizeof(syscall_code); i++) { if (((BYTE*)syscall_code)[i] != ((BYTE*)SyscallAddress)[i]) { match = 0; // Set match to 0 if any byte doesn't match break; } } if (match) { // we can use the original code for this system call :) #if defined(DEBUG) // printf("Found Syscall Opcodes at address 0x%p\n", SyscallAddress); #endif return SyscallAddress; } } #ifdef DEBUG // printf("Syscall Opcodes not found!\n"); #endif return NULL; } #endif BOOL SW3_PopulateSyscallList() { // Return early if the list is already populated. if (SW3_SyscallList.Count) return TRUE; #ifdef _WIN64 PSW3_PEB Peb = (PSW3_PEB)__readgsqword(0x60); #else PSW3_PEB Peb = (PSW3_PEB)__readfsdword(0x30); #endif PSW3_PEB_LDR_DATA Ldr = Peb->Ldr; PIMAGE_EXPORT_DIRECTORY ExportDirectory = NULL; PVOID DllBase = NULL; // Get the DllBase address of NTDLL.dll. NTDLL is not guaranteed to be the second // in the list, so it's safer to loop through the full list and find it. PSW3_LDR_DATA_TABLE_ENTRY LdrEntry; for (LdrEntry = (PSW3_LDR_DATA_TABLE_ENTRY)Ldr->Reserved2[1]; LdrEntry->DllBase != NULL; LdrEntry = (PSW3_LDR_DATA_TABLE_ENTRY)LdrEntry->Reserved1[0]) { DllBase = LdrEntry->DllBase; PIMAGE_DOS_HEADER DosHeader = (PIMAGE_DOS_HEADER)DllBase; PIMAGE_NT_HEADERS NtHeaders = SW3_RVA2VA(PIMAGE_NT_HEADERS, DllBase, DosHeader->e_lfanew); PIMAGE_DATA_DIRECTORY DataDirectory = (PIMAGE_DATA_DIRECTORY)NtHeaders->OptionalHeader.DataDirectory; DWORD VirtualAddress = DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress; if (VirtualAddress == 0) continue; ExportDirectory = (PIMAGE_EXPORT_DIRECTORY)SW3_RVA2VA(ULONG_PTR, DllBase, VirtualAddress); // If this is NTDLL.dll, exit loop. PCHAR DllName = SW3_RVA2VA(PCHAR, DllBase, ExportDirectory->Name); if ((*(ULONG*)DllName | 0x20202020) != 0x6c64746e) continue; if ((*(ULONG*)(DllName + 4) | 0x20202020) == 0x6c642e6c) break; } if (!ExportDirectory) return FALSE; DWORD NumberOfNames = ExportDirectory->NumberOfNames; PDWORD Functions = SW3_RVA2VA(PDWORD, DllBase, ExportDirectory->AddressOfFunctions); PDWORD Names = SW3_RVA2VA(PDWORD, DllBase, ExportDirectory->AddressOfNames); PWORD Ordinals = SW3_RVA2VA(PWORD, DllBase, ExportDirectory->AddressOfNameOrdinals); // Populate SW3_SyscallList with unsorted Zw* entries. DWORD i = 0; PSW3_SYSCALL_ENTRY Entries = SW3_SyscallList.Entries; do { PCHAR FunctionName = SW3_RVA2VA(PCHAR, DllBase, Names[NumberOfNames - 1]); // Is this a system call? if (*(USHORT*)FunctionName == 0x775a) { Entries[i].Hash = SW3_HashSyscall(FunctionName); Entries[i].Address = Functions[Ordinals[NumberOfNames - 1]]; Entries[i].SyscallAddress = SC_Address(SW3_RVA2VA(PVOID, DllBase, Entries[i].Address)); i++; if (i == SW3_MAX_ENTRIES) break; } } while (--NumberOfNames); // Save total number of system calls found. SW3_SyscallList.Count = i; // Sort the list by address in ascending order. for (DWORD i = 0; i < SW3_SyscallList.Count - 1; i++) { for (DWORD j = 0; j < SW3_SyscallList.Count - i - 1; j++) { if (Entries[j].Address > Entries[j + 1].Address) { // Swap entries. SW3_SYSCALL_ENTRY TempEntry; TempEntry.Hash = Entries[j].Hash; TempEntry.Address = Entries[j].Address; TempEntry.SyscallAddress = Entries[j].SyscallAddress; Entries[j].Hash = Entries[j + 1].Hash; Entries[j].Address = Entries[j + 1].Address; Entries[j].SyscallAddress = Entries[j + 1].SyscallAddress; Entries[j + 1].Hash = TempEntry.Hash; Entries[j + 1].Address = TempEntry.Address; Entries[j + 1].SyscallAddress = TempEntry.SyscallAddress; } } } return TRUE; } EXTERN_C DWORD SW3_GetSyscallNumber(DWORD FunctionHash) { // Ensure SW3_SyscallList is populated. if (!SW3_PopulateSyscallList()) return -1; for (DWORD i = 0; i < SW3_SyscallList.Count; i++) { if (FunctionHash == SW3_SyscallList.Entries[i].Hash) { return i; } } return -1; } EXTERN_C PVOID SW3_GetSyscallAddress(DWORD FunctionHash) { // Ensure SW3_SyscallList is populated. if (!SW3_PopulateSyscallList()) return NULL; for (DWORD i = 0; i < SW3_SyscallList.Count; i++) { if (FunctionHash == SW3_SyscallList.Entries[i].Hash) { return SW3_SyscallList.Entries[i].SyscallAddress; } } return NULL; } DWORD LCG() { static DWORD seed = 123987654; return (seed >> 16) & 0x7FFF; // return a pseudo-random number } EXTERN_C PVOID SW3_GetRandomSyscallAddress(DWORD FunctionHash) { // Ensure SW3_SyscallList is populated. if (!SW3_PopulateSyscallList()) return NULL; DWORD index = LCG() % SW3_SyscallList.Count; while (FunctionHash == SW3_SyscallList.Entries[index].Hash){ // Spoofing the syscall return address index = LCG() % SW3_SyscallList.Count; } return SW3_SyscallList.Entries[index].SyscallAddress; } #if _WIN64 #define Sw3ZwAccessCheck Sw3NtAccessCheck __asm__("Sw3NtAccessCheck: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x090BDE162 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x090BDE162 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwWorkerFactoryWorkerReady Sw3NtWorkerFactoryWorkerReady __asm__("Sw3NtWorkerFactoryWorkerReady: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0B198C761 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0B198C761 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAcceptConnectPort Sw3NtAcceptConnectPort __asm__("Sw3NtAcceptConnectPort: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x02ABE2B30 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x02ABE2B30 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwMapUserPhysicalPagesScatter Sw3NtMapUserPhysicalPagesScatter __asm__("Sw3NtMapUserPhysicalPagesScatter: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x019A82701 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x019A82701 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwWaitForSingleObject Sw3NtWaitForSingleObject __asm__("Sw3NtWaitForSingleObject: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0AA974ACB \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0AA974ACB \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCallbackReturn Sw3NtCallbackReturn __asm__("Sw3NtCallbackReturn: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0CA9EEB09 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0CA9EEB09 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwReadFile Sw3NtReadFile __asm__("Sw3NtReadFile: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x052D55A76 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x052D55A76 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwDeviceIoControlFile Sw3NtDeviceIoControlFile __asm__("Sw3NtDeviceIoControlFile: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x04AD55862 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x04AD55862 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwWriteFile Sw3NtWriteFile __asm__("Sw3NtWriteFile: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x09E05AED2 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x09E05AED2 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwRemoveIoCompletion Sw3NtRemoveIoCompletion __asm__("Sw3NtRemoveIoCompletion: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x002986257 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x002986257 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwReleaseSemaphore Sw3NtReleaseSemaphore __asm__("Sw3NtReleaseSemaphore: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0F7649DAB \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0F7649DAB \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwReplyWaitReceivePort Sw3NtReplyWaitReceivePort __asm__("Sw3NtReplyWaitReceivePort: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x07AF2887C \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x07AF2887C \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwReplyPort Sw3NtReplyPort __asm__("Sw3NtReplyPort: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x022B42B28 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x022B42B28 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetInformationThread Sw3NtSetInformationThread __asm__("Sw3NtSetInformationThread: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x014469558 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x014469558 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetEvent Sw3NtSetEvent __asm__("Sw3NtSetEvent: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0CB6BEADD \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0CB6BEADD \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwClose Sw3NtClose __asm__("Sw3NtClose: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0028DF4DD \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0028DF4DD \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryObject Sw3NtQueryObject __asm__("Sw3NtQueryObject: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x03EA6CBDE \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x03EA6CBDE \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryInformationFile Sw3NtQueryInformationFile __asm__("Sw3NtQueryInformationFile: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0583D26E6 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0583D26E6 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwOpenKey Sw3NtOpenKey __asm__("Sw3NtOpenKey: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x02522D15D \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x02522D15D \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwEnumerateValueKey Sw3NtEnumerateValueKey __asm__("Sw3NtEnumerateValueKey: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x011958D8E \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x011958D8E \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwFindAtom Sw3NtFindAtom __asm__("Sw3NtFindAtom: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x048DE6F0C \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x048DE6F0C \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryDefaultLocale Sw3NtQueryDefaultLocale __asm__("Sw3NtQueryDefaultLocale: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0A6AAFC1D \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0A6AAFC1D \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryKey Sw3NtQueryKey __asm__("Sw3NtQueryKey: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x095157F77 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x095157F77 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryValueKey Sw3NtQueryValueKey __asm__("Sw3NtQueryValueKey: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00FDA326C \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00FDA326C \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAllocateVirtualMemory Sw3NtAllocateVirtualMemory __asm__("Sw3NtAllocateVirtualMemory: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x041D23933 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x041D23933 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryInformationProcess Sw3NtQueryInformationProcess __asm__("Sw3NtQueryInformationProcess: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x08F3D6E50 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x08F3D6E50 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwWaitForMultipleObjects32 Sw3NtWaitForMultipleObjects32 __asm__("Sw3NtWaitForMultipleObjects32: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0102CEE619 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0102CEE619 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwWriteFileGather Sw3NtWriteFileGather __asm__("Sw3NtWriteFileGather: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0AD8D79AC \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0AD8D79AC \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateKey Sw3NtCreateKey __asm__("Sw3NtCreateKey: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0AAED834C \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0AAED834C \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwFreeVirtualMemory Sw3NtFreeVirtualMemory __asm__("Sw3NtFreeVirtualMemory: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0CF4F2620 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0CF4F2620 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwImpersonateClientOfPort Sw3NtImpersonateClientOfPort __asm__("Sw3NtImpersonateClientOfPort: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x06EF76164 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x06EF76164 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwReleaseMutant Sw3NtReleaseMutant __asm__("Sw3NtReleaseMutant: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x03ED41482 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x03ED41482 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryInformationToken Sw3NtQueryInformationToken __asm__("Sw3NtQueryInformationToken: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00B92515E \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00B92515E \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwRequestWaitReplyPort Sw3NtRequestWaitReplyPort __asm__("Sw3NtRequestWaitReplyPort: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x06AB04F60 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x06AB04F60 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryVirtualMemory Sw3NtQueryVirtualMemory __asm__("Sw3NtQueryVirtualMemory: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0C455F4EC \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0C455F4EC \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwOpenThreadToken Sw3NtOpenThreadToken __asm__("Sw3NtOpenThreadToken: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0FCA9D433 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0FCA9D433 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryInformationThread Sw3NtQueryInformationThread __asm__("Sw3NtQueryInformationThread: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x01AB45A1F \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x01AB45A1F \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwOpenProcess Sw3NtOpenProcess __asm__("Sw3NtOpenProcess: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00FA30E32 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00FA30E32 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetInformationFile Sw3NtSetInformationFile __asm__("Sw3NtSetInformationFile: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0E3D831EF \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0E3D831EF \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwMapViewOfSection Sw3NtMapViewOfSection __asm__("Sw3NtMapViewOfSection: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x034AD1A31 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x034AD1A31 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAccessCheckAndAuditAlarm Sw3NtAccessCheckAndAuditAlarm __asm__("Sw3NtAccessCheckAndAuditAlarm: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0923C6C70 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0923C6C70 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwUnmapViewOfSection Sw3NtUnmapViewOfSection __asm__("Sw3NtUnmapViewOfSection: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x01C343EA5 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x01C343EA5 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwReplyWaitReceivePortEx Sw3NtReplyWaitReceivePortEx __asm__("Sw3NtReplyWaitReceivePortEx: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0608F3450 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0608F3450 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwTerminateProcess Sw3NtTerminateProcess __asm__("Sw3NtTerminateProcess: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0FDA3163F \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0FDA3163F \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetEventBoostPriority Sw3NtSetEventBoostPriority __asm__("Sw3NtSetEventBoostPriority: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x02C9C407A \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x02C9C407A \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwReadFileScatter Sw3NtReadFileScatter __asm__("Sw3NtReadFileScatter: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0C3B0CE2B \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0C3B0CE2B \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwOpenThreadTokenEx Sw3NtOpenThreadTokenEx __asm__("Sw3NtOpenThreadTokenEx: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x02A9BE5CD \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x02A9BE5CD \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwOpenProcessTokenEx Sw3NtOpenProcessTokenEx __asm__("Sw3NtOpenProcessTokenEx: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0091E59C7 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0091E59C7 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryPerformanceCounter Sw3NtQueryPerformanceCounter __asm__("Sw3NtQueryPerformanceCounter: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0BB0FC18B \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0BB0FC18B \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwEnumerateKey Sw3NtEnumerateKey __asm__("Sw3NtEnumerateKey: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x01F997A62 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x01F997A62 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwOpenFile Sw3NtOpenFile __asm__("Sw3NtOpenFile: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x054C29D70 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x054C29D70 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwDelayExecution Sw3NtDelayExecution __asm__("Sw3NtDelayExecution: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x01C950239 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x01C950239 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryDirectoryFile Sw3NtQueryDirectoryFile __asm__("Sw3NtQueryDirectoryFile: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x023B4CD31 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x023B4CD31 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQuerySystemInformation Sw3NtQuerySystemInformation __asm__("Sw3NtQuerySystemInformation: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00E6A1681 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00E6A1681 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwOpenSection Sw3NtOpenSection __asm__("Sw3NtOpenSection: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0D30CD39E \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0D30CD39E \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryTimer Sw3NtQueryTimer __asm__("Sw3NtQueryTimer: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0E44735E4 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0E44735E4 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwFsControlFile Sw3NtFsControlFile __asm__("Sw3NtFsControlFile: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x050DFC2E8 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x050DFC2E8 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwWriteVirtualMemory Sw3NtWriteVirtualMemory __asm__("Sw3NtWriteVirtualMemory: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00992F8FD \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00992F8FD \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCloseObjectAuditAlarm Sw3NtCloseObjectAuditAlarm __asm__("Sw3NtCloseObjectAuditAlarm: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0FE3CF8A8 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0FE3CF8A8 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwDuplicateObject Sw3NtDuplicateObject __asm__("Sw3NtDuplicateObject: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00A155AD8 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00A155AD8 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryAttributesFile Sw3NtQueryAttributesFile __asm__("Sw3NtQueryAttributesFile: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0C6FC32EE \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0C6FC32EE \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwClearEvent Sw3NtClearEvent __asm__("Sw3NtClearEvent: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x03CA6232C \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x03CA6232C \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwReadVirtualMemory Sw3NtReadVirtualMemory __asm__("Sw3NtReadVirtualMemory: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x003971B07 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x003971B07 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwOpenEvent Sw3NtOpenEvent __asm__("Sw3NtOpenEvent: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0973F90AD \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0973F90AD \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAdjustPrivilegesToken Sw3NtAdjustPrivilegesToken __asm__("Sw3NtAdjustPrivilegesToken: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0F3D6C176 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0F3D6C176 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwDuplicateToken Sw3NtDuplicateToken __asm__("Sw3NtDuplicateToken: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0B5918530 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0B5918530 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwContinue Sw3NtContinue __asm__("Sw3NtContinue: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0C2B521F9 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0C2B521F9 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryDefaultUILanguage Sw3NtQueryDefaultUILanguage __asm__("Sw3NtQueryDefaultUILanguage: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0358BF32A \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0358BF32A \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueueApcThread Sw3NtQueueApcThread __asm__("Sw3NtQueueApcThread: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0C897152E \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0C897152E \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwYieldExecution Sw3NtYieldExecution __asm__("Sw3NtYieldExecution: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0C8A3CA33 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0C8A3CA33 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAddAtom Sw3NtAddAtom __asm__("Sw3NtAddAtom: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x054C15D50 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x054C15D50 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateEvent Sw3NtCreateEvent __asm__("Sw3NtCreateEvent: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0014C04C4 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0014C04C4 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryVolumeInformationFile Sw3NtQueryVolumeInformationFile __asm__("Sw3NtQueryVolumeInformationFile: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0D949BA4D \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0D949BA4D \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateSection Sw3NtCreateSection __asm__("Sw3NtCreateSection: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0128C3419 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0128C3419 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwFlushBuffersFile Sw3NtFlushBuffersFile __asm__("Sw3NtFlushBuffersFile: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x038B8FF1A \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x038B8FF1A \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwApphelpCacheControl Sw3NtApphelpCacheControl __asm__("Sw3NtApphelpCacheControl: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0E38CFC0F \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0E38CFC0F \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateProcessEx Sw3NtCreateProcessEx __asm__("Sw3NtCreateProcessEx: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x015EB5512 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x015EB5512 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateThread Sw3NtCreateThread __asm__("Sw3NtCreateThread: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00B4EDFFE \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00B4EDFFE \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwIsProcessInJob Sw3NtIsProcessInJob __asm__("Sw3NtIsProcessInJob: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x02FD7D983 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x02FD7D983 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwProtectVirtualMemory Sw3NtProtectVirtualMemory __asm__("Sw3NtProtectVirtualMemory: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x03DA9534F \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x03DA9534F \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQuerySection Sw3NtQuerySection __asm__("Sw3NtQuerySection: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0A8602873 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0A8602873 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwResumeThread Sw3NtResumeThread __asm__("Sw3NtResumeThread: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x03C85E6BB \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x03C85E6BB \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwTerminateThread Sw3NtTerminateThread __asm__("Sw3NtTerminateThread: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x078DC366D \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x078DC366D \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwReadRequestData Sw3NtReadRequestData __asm__("Sw3NtReadRequestData: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x023830CCF \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x023830CCF \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateFile Sw3NtCreateFile __asm__("Sw3NtCreateFile: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0F95E1C05 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0F95E1C05 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryEvent Sw3NtQueryEvent __asm__("Sw3NtQueryEvent: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x016830504 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x016830504 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwWriteRequestData Sw3NtWriteRequestData __asm__("Sw3NtWriteRequestData: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0765FA36D \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0765FA36D \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwOpenDirectoryObject Sw3NtOpenDirectoryObject __asm__("Sw3NtOpenDirectoryObject: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0203E2EA3 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0203E2EA3 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAccessCheckByTypeAndAuditAlarm Sw3NtAccessCheckByTypeAndAuditAlarm __asm__("Sw3NtAccessCheckByTypeAndAuditAlarm: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x052D57480 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x052D57480 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwWaitForMultipleObjects Sw3NtWaitForMultipleObjects __asm__("Sw3NtWaitForMultipleObjects: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x01BE5DFD93 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x01BE5DFD93 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetInformationObject Sw3NtSetInformationObject __asm__("Sw3NtSetInformationObject: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x03A150AA9 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x03A150AA9 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCancelIoFile Sw3NtCancelIoFile __asm__("Sw3NtCancelIoFile: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0B7194803 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0B7194803 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwTraceEvent Sw3NtTraceEvent __asm__("Sw3NtTraceEvent: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x010843514 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x010843514 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwPowerInformation Sw3NtPowerInformation __asm__("Sw3NtPowerInformation: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0E84EE6D5 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0E84EE6D5 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetValueKey Sw3NtSetValueKey __asm__("Sw3NtSetValueKey: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x05BE22000 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x05BE22000 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCancelTimer Sw3NtCancelTimer __asm__("Sw3NtCancelTimer: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x099A2E129 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x099A2E129 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetTimer Sw3NtSetTimer __asm__("Sw3NtSetTimer: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0E044CCFD \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0E044CCFD \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAccessCheckByType Sw3NtAccessCheckByType __asm__("Sw3NtAccessCheckByType: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0DF07D26F \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0DF07D26F \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAccessCheckByTypeResultList Sw3NtAccessCheckByTypeResultList __asm__("Sw3NtAccessCheckByTypeResultList: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x02EB0C9A3 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x02EB0C9A3 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAccessCheckByTypeResultListAndAuditAlarm Sw3NtAccessCheckByTypeResultListAndAuditAlarm __asm__("Sw3NtAccessCheckByTypeResultListAndAuditAlarm: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x09F339E5F \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x09F339E5F \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAccessCheckByTypeResultListAndAuditAlarmByHandle Sw3NtAccessCheckByTypeResultListAndAuditAlarmByHandle __asm__("Sw3NtAccessCheckByTypeResultListAndAuditAlarmByHandle: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0973CB876 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0973CB876 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAcquireProcessActivityReference Sw3NtAcquireProcessActivityReference __asm__("Sw3NtAcquireProcessActivityReference: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0569AADFA \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0569AADFA \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAddAtomEx Sw3NtAddAtomEx __asm__("Sw3NtAddAtomEx: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00990B594 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00990B594 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAddBootEntry Sw3NtAddBootEntry __asm__("Sw3NtAddBootEntry: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x049853376 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x049853376 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAddDriverEntry Sw3NtAddDriverEntry __asm__("Sw3NtAddDriverEntry: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x047EB7D28 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x047EB7D28 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAdjustGroupsToken Sw3NtAdjustGroupsToken __asm__("Sw3NtAdjustGroupsToken: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x01390DDCC \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x01390DDCC \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAdjustTokenClaimsAndDeviceGroups Sw3NtAdjustTokenClaimsAndDeviceGroups __asm__("Sw3NtAdjustTokenClaimsAndDeviceGroups: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x08DC0A159 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x08DC0A159 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAlertResumeThread Sw3NtAlertResumeThread __asm__("Sw3NtAlertResumeThread: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x01E86542F \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x01E86542F \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAlertThread Sw3NtAlertThread __asm__("Sw3NtAlertThread: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x040E00A35 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x040E00A35 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAlertThreadByThreadId Sw3NtAlertThreadByThreadId __asm__("Sw3NtAlertThreadByThreadId: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x022D6DD4D \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x022D6DD4D \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAllocateLocallyUniqueId Sw3NtAllocateLocallyUniqueId __asm__("Sw3NtAllocateLocallyUniqueId: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x07F8B431A \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x07F8B431A \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAllocateReserveObject Sw3NtAllocateReserveObject __asm__("Sw3NtAllocateReserveObject: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0E0BF00E2 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0E0BF00E2 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAllocateUserPhysicalPages Sw3NtAllocateUserPhysicalPages __asm__("Sw3NtAllocateUserPhysicalPages: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0A9B6BE16 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0A9B6BE16 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAllocateUuids Sw3NtAllocateUuids __asm__("Sw3NtAllocateUuids: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0AD9CDB79 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0AD9CDB79 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAllocateVirtualMemoryEx Sw3NtAllocateVirtualMemoryEx __asm__("Sw3NtAllocateVirtualMemoryEx: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x066E23835 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x066E23835 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAlpcAcceptConnectPort Sw3NtAlpcAcceptConnectPort __asm__("Sw3NtAlpcAcceptConnectPort: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0E54CDEE3 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0E54CDEE3 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAlpcCancelMessage Sw3NtAlpcCancelMessage __asm__("Sw3NtAlpcCancelMessage: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0B111222C \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0B111222C \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAlpcConnectPort Sw3NtAlpcConnectPort __asm__("Sw3NtAlpcConnectPort: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x030B61AE8 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x030B61AE8 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAlpcConnectPortEx Sw3NtAlpcConnectPortEx __asm__("Sw3NtAlpcConnectPortEx: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0A65FF889 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0A65FF889 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAlpcCreatePort Sw3NtAlpcCreatePort __asm__("Sw3NtAlpcCreatePort: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0E870C1EC \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0E870C1EC \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAlpcCreatePortSection Sw3NtAlpcCreatePortSection __asm__("Sw3NtAlpcCreatePortSection: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x09255EA9F \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x09255EA9F \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAlpcCreateResourceReserve Sw3NtAlpcCreateResourceReserve __asm__("Sw3NtAlpcCreateResourceReserve: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0289B3A33 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0289B3A33 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAlpcCreateSectionView Sw3NtAlpcCreateSectionView __asm__("Sw3NtAlpcCreateSectionView: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x092C4A77E \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x092C4A77E \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAlpcCreateSecurityContext Sw3NtAlpcCreateSecurityContext __asm__("Sw3NtAlpcCreateSecurityContext: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0F66FF3E6 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0F66FF3E6 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAlpcDeletePortSection Sw3NtAlpcDeletePortSection __asm__("Sw3NtAlpcDeletePortSection: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00A81CAD2 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00A81CAD2 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAlpcDeleteResourceReserve Sw3NtAlpcDeleteResourceReserve __asm__("Sw3NtAlpcDeleteResourceReserve: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x006D95411 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x006D95411 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAlpcDeleteSectionView Sw3NtAlpcDeleteSectionView __asm__("Sw3NtAlpcDeleteSectionView: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0EE48D7EF \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0EE48D7EF \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAlpcDeleteSecurityContext Sw3NtAlpcDeleteSecurityContext __asm__("Sw3NtAlpcDeleteSecurityContext: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x094CC5A8D \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x094CC5A8D \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAlpcDisconnectPort Sw3NtAlpcDisconnectPort __asm__("Sw3NtAlpcDisconnectPort: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0E037E7BC \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0E037E7BC \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAlpcImpersonateClientContainerOfPort Sw3NtAlpcImpersonateClientContainerOfPort __asm__("Sw3NtAlpcImpersonateClientContainerOfPort: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0E477EFE8 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0E477EFE8 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAlpcImpersonateClientOfPort Sw3NtAlpcImpersonateClientOfPort __asm__("Sw3NtAlpcImpersonateClientOfPort: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x05CB4552A \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x05CB4552A \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAlpcOpenSenderProcess Sw3NtAlpcOpenSenderProcess __asm__("Sw3NtAlpcOpenSenderProcess: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0693F9773 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0693F9773 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAlpcOpenSenderThread Sw3NtAlpcOpenSenderThread __asm__("Sw3NtAlpcOpenSenderThread: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x014884C37 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x014884C37 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAlpcQueryInformation Sw3NtAlpcQueryInformation __asm__("Sw3NtAlpcQueryInformation: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x05CC45E55 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x05CC45E55 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAlpcQueryInformationMessage Sw3NtAlpcQueryInformationMessage __asm__("Sw3NtAlpcQueryInformationMessage: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x027123CAB \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x027123CAB \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAlpcRevokeSecurityContext Sw3NtAlpcRevokeSecurityContext __asm__("Sw3NtAlpcRevokeSecurityContext: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x016B20D3A \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x016B20D3A \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAlpcSendWaitReceivePort Sw3NtAlpcSendWaitReceivePort __asm__("Sw3NtAlpcSendWaitReceivePort: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0ED760C6B \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0ED760C6B \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAlpcSetInformation Sw3NtAlpcSetInformation __asm__("Sw3NtAlpcSetInformation: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0178A1718 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0178A1718 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAreMappedFilesTheSame Sw3NtAreMappedFilesTheSame __asm__("Sw3NtAreMappedFilesTheSame: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0B1909816 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0B1909816 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAssignProcessToJobObject Sw3NtAssignProcessToJobObject __asm__("Sw3NtAssignProcessToJobObject: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x008946A49 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x008946A49 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAssociateWaitCompletionPacket Sw3NtAssociateWaitCompletionPacket __asm__("Sw3NtAssociateWaitCompletionPacket: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x07B5C01B1 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x07B5C01B1 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCallEnclave Sw3NtCallEnclave __asm__("Sw3NtCallEnclave: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x03AAA5638 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x03AAA5638 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCancelIoFileEx Sw3NtCancelIoFileEx __asm__("Sw3NtCancelIoFileEx: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0E51A3345 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0E51A3345 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCancelSynchronousIoFile Sw3NtCancelSynchronousIoFile __asm__("Sw3NtCancelSynchronousIoFile: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x055DC6B49 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x055DC6B49 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCancelTimer2 Sw3NtCancelTimer2 __asm__("Sw3NtCancelTimer2: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0B03B31EC \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0B03B31EC \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCancelWaitCompletionPacket Sw3NtCancelWaitCompletionPacket __asm__("Sw3NtCancelWaitCompletionPacket: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x029AC4F7E \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x029AC4F7E \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCommitComplete Sw3NtCommitComplete __asm__("Sw3NtCommitComplete: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x04EB13672 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x04EB13672 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCommitEnlistment Sw3NtCommitEnlistment __asm__("Sw3NtCommitEnlistment: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x033BB262D \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x033BB262D \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCommitRegistryTransaction Sw3NtCommitRegistryTransaction __asm__("Sw3NtCommitRegistryTransaction: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x01E58D104 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x01E58D104 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCommitTransaction Sw3NtCommitTransaction __asm__("Sw3NtCommitTransaction: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0D8822BC6 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0D8822BC6 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCompactKeys Sw3NtCompactKeys __asm__("Sw3NtCompactKeys: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x059B04422 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x059B04422 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCompareObjects Sw3NtCompareObjects __asm__("Sw3NtCompareObjects: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x081ADB90F \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x081ADB90F \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCompareSigningLevels Sw3NtCompareSigningLevels __asm__("Sw3NtCompareSigningLevels: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0A21BE2CE \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0A21BE2CE \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCompareTokens Sw3NtCompareTokens __asm__("Sw3NtCompareTokens: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x077D6695B \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x077D6695B \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCompleteConnectPort Sw3NtCompleteConnectPort __asm__("Sw3NtCompleteConnectPort: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x064F16F6E \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x064F16F6E \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCompressKey Sw3NtCompressKey __asm__("Sw3NtCompressKey: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x088CD5F92 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x088CD5F92 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwConnectPort Sw3NtConnectPort __asm__("Sw3NtConnectPort: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x058F15B7E \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x058F15B7E \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwConvertBetweenAuxiliaryCounterAndPerformanceCounter Sw3NtConvertBetweenAuxiliaryCounterAndPerformanceCounter __asm__("Sw3NtConvertBetweenAuxiliaryCounterAndPerformanceCounter: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0E7D6389A \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0E7D6389A \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateDebugObject Sw3NtCreateDebugObject __asm__("Sw3NtCreateDebugObject: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00E33E64F \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00E33E64F \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateDirectoryObject Sw3NtCreateDirectoryObject __asm__("Sw3NtCreateDirectoryObject: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x018A42619 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x018A42619 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateDirectoryObjectEx Sw3NtCreateDirectoryObjectEx __asm__("Sw3NtCreateDirectoryObjectEx: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0B0BCC246 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0B0BCC246 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateEnclave Sw3NtCreateEnclave __asm__("Sw3NtCreateEnclave: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0135CE116 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0135CE116 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateEnlistment Sw3NtCreateEnlistment __asm__("Sw3NtCreateEnlistment: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x079E37869 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x079E37869 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateEventPair Sw3NtCreateEventPair __asm__("Sw3NtCreateEventPair: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x01235DE6F \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x01235DE6F \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateIRTimer Sw3NtCreateIRTimer __asm__("Sw3NtCreateIRTimer: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x005963FDE \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x005963FDE \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateIoCompletion Sw3NtCreateIoCompletion __asm__("Sw3NtCreateIoCompletion: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00F296DB8 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00F296DB8 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateJobObject Sw3NtCreateJobObject __asm__("Sw3NtCreateJobObject: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x09655BEE9 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x09655BEE9 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateJobSet Sw3NtCreateJobSet __asm__("Sw3NtCreateJobSet: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00716F85D \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00716F85D \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateKeyTransacted Sw3NtCreateKeyTransacted __asm__("Sw3NtCreateKeyTransacted: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x060BC2262 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x060BC2262 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateKeyedEvent Sw3NtCreateKeyedEvent __asm__("Sw3NtCreateKeyedEvent: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x04F0D5284 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x04F0D5284 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateLowBoxToken Sw3NtCreateLowBoxToken __asm__("Sw3NtCreateLowBoxToken: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x01A5200DF \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x01A5200DF \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateMailslotFile Sw3NtCreateMailslotFile __asm__("Sw3NtCreateMailslotFile: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0393CB028 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0393CB028 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateMutant Sw3NtCreateMutant __asm__("Sw3NtCreateMutant: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0D10CD69F \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0D10CD69F \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateNamedPipeFile Sw3NtCreateNamedPipeFile __asm__("Sw3NtCreateNamedPipeFile: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x01E5CE906 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x01E5CE906 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreatePagingFile Sw3NtCreatePagingFile __asm__("Sw3NtCreatePagingFile: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0E5659673 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0E5659673 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreatePartition Sw3NtCreatePartition __asm__("Sw3NtCreatePartition: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00B4E678C \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00B4E678C \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreatePort Sw3NtCreatePort __asm__("Sw3NtCreatePort: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0E570FAE3 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0E570FAE3 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreatePrivateNamespace Sw3NtCreatePrivateNamespace __asm__("Sw3NtCreatePrivateNamespace: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x017332B6A \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x017332B6A \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateProcess Sw3NtCreateProcess __asm__("Sw3NtCreateProcess: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x019A80240 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x019A80240 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateProfile Sw3NtCreateProfile __asm__("Sw3NtCreateProfile: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x074B7122C \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x074B7122C \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateProfileEx Sw3NtCreateProfileEx __asm__("Sw3NtCreateProfileEx: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0409A1C4F \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0409A1C4F \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateRegistryTransaction Sw3NtCreateRegistryTransaction __asm__("Sw3NtCreateRegistryTransaction: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0CC9E2602 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0CC9E2602 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateResourceManager Sw3NtCreateResourceManager __asm__("Sw3NtCreateResourceManager: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x035E66124 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x035E66124 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateSemaphore Sw3NtCreateSemaphore __asm__("Sw3NtCreateSemaphore: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0742656EA \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0742656EA \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateSymbolicLinkObject Sw3NtCreateSymbolicLinkObject __asm__("Sw3NtCreateSymbolicLinkObject: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x010BD4667 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x010BD4667 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateThreadEx Sw3NtCreateThreadEx __asm__("Sw3NtCreateThreadEx: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x052B396EE \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x052B396EE \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateTimer Sw3NtCreateTimer __asm__("Sw3NtCreateTimer: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x07DC783AF \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x07DC783AF \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateTimer2 Sw3NtCreateTimer2 __asm__("Sw3NtCreateTimer2: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0D2BA19AC \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0D2BA19AC \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateToken Sw3NtCreateToken __asm__("Sw3NtCreateToken: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x071D583B5 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x071D583B5 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateTokenEx Sw3NtCreateTokenEx __asm__("Sw3NtCreateTokenEx: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0786322BE \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0786322BE \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateTransaction Sw3NtCreateTransaction __asm__("Sw3NtCreateTransaction: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x01774D223 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x01774D223 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateTransactionManager Sw3NtCreateTransactionManager __asm__("Sw3NtCreateTransactionManager: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x011B13D28 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x011B13D28 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateUserProcess Sw3NtCreateUserProcess __asm__("Sw3NtCreateUserProcess: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x09E34A7BB \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x09E34A7BB \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateWaitCompletionPacket Sw3NtCreateWaitCompletionPacket __asm__("Sw3NtCreateWaitCompletionPacket: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0B96399DE \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0B96399DE \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateWaitablePort Sw3NtCreateWaitablePort __asm__("Sw3NtCreateWaitablePort: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0A4B64F29 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0A4B64F29 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateWnfStateName Sw3NtCreateWnfStateName __asm__("Sw3NtCreateWnfStateName: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x074924D47 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x074924D47 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateWorkerFactory Sw3NtCreateWorkerFactory __asm__("Sw3NtCreateWorkerFactory: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x001151588 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x001151588 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwDebugActiveProcess Sw3NtDebugActiveProcess __asm__("Sw3NtDebugActiveProcess: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x025952408 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x025952408 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwDebugContinue Sw3NtDebugContinue __asm__("Sw3NtDebugContinue: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0D670918C \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0D670918C \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwDeleteAtom Sw3NtDeleteAtom __asm__("Sw3NtDeleteAtom: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x034A2D02B \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x034A2D02B \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwDeleteBootEntry Sw3NtDeleteBootEntry __asm__("Sw3NtDeleteBootEntry: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x009841114 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x009841114 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwDeleteDriverEntry Sw3NtDeleteDriverEntry __asm__("Sw3NtDeleteDriverEntry: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x003920900 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x003920900 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwDeleteFile Sw3NtDeleteFile __asm__("Sw3NtDeleteFile: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x004B5CCE7 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x004B5CCE7 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwDeleteKey Sw3NtDeleteKey __asm__("Sw3NtDeleteKey: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x01A4EC31C \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x01A4EC31C \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwDeleteObjectAuditAlarm Sw3NtDeleteObjectAuditAlarm __asm__("Sw3NtDeleteObjectAuditAlarm: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0CC93EE5E \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0CC93EE5E \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwDeletePrivateNamespace Sw3NtDeletePrivateNamespace __asm__("Sw3NtDeletePrivateNamespace: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x011BDE62F \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x011BDE62F \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwDeleteValueKey Sw3NtDeleteValueKey __asm__("Sw3NtDeleteValueKey: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x02E9B310C \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x02E9B310C \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwDeleteWnfStateData Sw3NtDeleteWnfStateData __asm__("Sw3NtDeleteWnfStateData: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x062DD908C \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x062DD908C \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwDeleteWnfStateName Sw3NtDeleteWnfStateName __asm__("Sw3NtDeleteWnfStateName: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x004CB81D3 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x004CB81D3 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwDisableLastKnownGood Sw3NtDisableLastKnownGood __asm__("Sw3NtDisableLastKnownGood: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x007B88DAE \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x007B88DAE \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwDisplayString Sw3NtDisplayString __asm__("Sw3NtDisplayString: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0FACDACF0 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0FACDACF0 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwDrawText Sw3NtDrawText __asm__("Sw3NtDrawText: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0A2DD8D4F \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0A2DD8D4F \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwEnableLastKnownGood Sw3NtEnableLastKnownGood __asm__("Sw3NtEnableLastKnownGood: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x029BA1D12 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x029BA1D12 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwEnumerateBootEntries Sw3NtEnumerateBootEntries __asm__("Sw3NtEnumerateBootEntries: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0F965FEF2 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0F965FEF2 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwEnumerateDriverEntries Sw3NtEnumerateDriverEntries __asm__("Sw3NtEnumerateDriverEntries: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00126F94D \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00126F94D \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwEnumerateSystemEnvironmentValuesEx Sw3NtEnumerateSystemEnvironmentValuesEx __asm__("Sw3NtEnumerateSystemEnvironmentValuesEx: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0F160323B \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0F160323B \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwEnumerateTransactionObject Sw3NtEnumerateTransactionObject __asm__("Sw3NtEnumerateTransactionObject: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x084B9B415 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x084B9B415 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwExtendSection Sw3NtExtendSection __asm__("Sw3NtExtendSection: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0F76CD7F2 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0F76CD7F2 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwFilterBootOption Sw3NtFilterBootOption __asm__("Sw3NtFilterBootOption: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0048823DD \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0048823DD \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwFilterToken Sw3NtFilterToken __asm__("Sw3NtFilterToken: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00D950306 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00D950306 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwFilterTokenEx Sw3NtFilterTokenEx __asm__("Sw3NtFilterTokenEx: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00691504E \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00691504E \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwFlushBuffersFileEx Sw3NtFlushBuffersFileEx __asm__("Sw3NtFlushBuffersFileEx: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x04DA38117 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x04DA38117 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwFlushInstallUILanguage Sw3NtFlushInstallUILanguage __asm__("Sw3NtFlushInstallUILanguage: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0C415F3C9 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0C415F3C9 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwFlushInstructionCache Sw3NtFlushInstructionCache __asm__("Sw3NtFlushInstructionCache: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x069BE1567 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x069BE1567 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwFlushKey Sw3NtFlushKey __asm__("Sw3NtFlushKey: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x08491A72B \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x08491A72B \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwFlushProcessWriteBuffers Sw3NtFlushProcessWriteBuffers __asm__("Sw3NtFlushProcessWriteBuffers: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0405C4CC4 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0405C4CC4 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwFlushVirtualMemory Sw3NtFlushVirtualMemory __asm__("Sw3NtFlushVirtualMemory: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00D964559 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00D964559 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwFlushWriteBuffer Sw3NtFlushWriteBuffer __asm__("Sw3NtFlushWriteBuffer: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x01282CC22 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x01282CC22 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwFreeUserPhysicalPages Sw3NtFreeUserPhysicalPages __asm__("Sw3NtFreeUserPhysicalPages: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0FF61E8E2 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0FF61E8E2 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwFreezeRegistry Sw3NtFreezeRegistry __asm__("Sw3NtFreezeRegistry: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x002DA7A2B \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x002DA7A2B \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwFreezeTransactions Sw3NtFreezeTransactions __asm__("Sw3NtFreezeTransactions: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x04BDBA8CD \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x04BDBA8CD \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwGetCachedSigningLevel Sw3NtGetCachedSigningLevel __asm__("Sw3NtGetCachedSigningLevel: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0989B1BA4 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0989B1BA4 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwGetCompleteWnfStateSubscription Sw3NtGetCompleteWnfStateSubscription __asm__("Sw3NtGetCompleteWnfStateSubscription: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00A922E03 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00A922E03 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwGetContextThread Sw3NtGetContextThread __asm__("Sw3NtGetContextThread: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0E84FA6ED \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0E84FA6ED \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwGetCurrentProcessorNumber Sw3NtGetCurrentProcessorNumber __asm__("Sw3NtGetCurrentProcessorNumber: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x007AAEEF2 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x007AAEEF2 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwGetCurrentProcessorNumberEx Sw3NtGetCurrentProcessorNumberEx __asm__("Sw3NtGetCurrentProcessorNumberEx: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x07F57B303 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x07F57B303 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwGetDevicePowerState Sw3NtGetDevicePowerState __asm__("Sw3NtGetDevicePowerState: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x08D9DED10 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x08D9DED10 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwGetMUIRegistryInfo Sw3NtGetMUIRegistryInfo __asm__("Sw3NtGetMUIRegistryInfo: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x084BFA417 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x084BFA417 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwGetNextProcess Sw3NtGetNextProcess __asm__("Sw3NtGetNextProcess: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x005AB0E34 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x005AB0E34 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwGetNextThread Sw3NtGetNextThread __asm__("Sw3NtGetNextThread: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x01C304109 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x01C304109 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwGetNlsSectionPtr Sw3NtGetNlsSectionPtr __asm__("Sw3NtGetNlsSectionPtr: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0B512DB0E \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0B512DB0E \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwGetNotificationResourceManager Sw3NtGetNotificationResourceManager __asm__("Sw3NtGetNotificationResourceManager: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x029BEF3F6 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x029BEF3F6 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwGetWriteWatch Sw3NtGetWriteWatch __asm__("Sw3NtGetWriteWatch: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0E749E9DF \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0E749E9DF \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwImpersonateAnonymousToken Sw3NtImpersonateAnonymousToken __asm__("Sw3NtImpersonateAnonymousToken: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x06FD97754 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x06FD97754 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwImpersonateThread Sw3NtImpersonateThread __asm__("Sw3NtImpersonateThread: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x089284184 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x089284184 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwInitializeEnclave Sw3NtInitializeEnclave __asm__("Sw3NtInitializeEnclave: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x06AB60A7C \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x06AB60A7C \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwInitializeNlsFiles Sw3NtInitializeNlsFiles __asm__("Sw3NtInitializeNlsFiles: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x096B3A70C \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x096B3A70C \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwInitializeRegistry Sw3NtInitializeRegistry __asm__("Sw3NtInitializeRegistry: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x012990011 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x012990011 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwInitiatePowerAction Sw3NtInitiatePowerAction __asm__("Sw3NtInitiatePowerAction: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x08C178E87 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x08C178E87 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwIsSystemResumeAutomatic Sw3NtIsSystemResumeAutomatic __asm__("Sw3NtIsSystemResumeAutomatic: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x01EB92B2E \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x01EB92B2E \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwIsUILanguageComitted Sw3NtIsUILanguageComitted __asm__("Sw3NtIsUILanguageComitted: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0161A2485 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0161A2485 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwListenPort Sw3NtListenPort __asm__("Sw3NtListenPort: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0A23199FE \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0A23199FE \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwLoadDriver Sw3NtLoadDriver __asm__("Sw3NtLoadDriver: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0E447D09E \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0E447D09E \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwLoadEnclaveData Sw3NtLoadEnclaveData __asm__("Sw3NtLoadEnclaveData: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0BD034913 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0BD034913 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwLoadHotPatch Sw3NtLoadHotPatch __asm__("Sw3NtLoadHotPatch: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0E4BF28EC \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0E4BF28EC \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwLoadKey Sw3NtLoadKey __asm__("Sw3NtLoadKey: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0C13CC0A4 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0C13CC0A4 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwLoadKey2 Sw3NtLoadKey2 __asm__("Sw3NtLoadKey2: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x065FDAE60 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x065FDAE60 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwLoadKeyEx Sw3NtLoadKeyEx __asm__("Sw3NtLoadKeyEx: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00B98CCC7 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00B98CCC7 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwLockFile Sw3NtLockFile __asm__("Sw3NtLockFile: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x01AD9107E \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x01AD9107E \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwLockProductActivationKeys Sw3NtLockProductActivationKeys __asm__("Sw3NtLockProductActivationKeys: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x04AD7A349 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x04AD7A349 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwLockRegistryKey Sw3NtLockRegistryKey __asm__("Sw3NtLockRegistryKey: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0172102BE \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0172102BE \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwLockVirtualMemory Sw3NtLockVirtualMemory __asm__("Sw3NtLockVirtualMemory: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0B1ADA932 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0B1ADA932 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwMakePermanentObject Sw3NtMakePermanentObject __asm__("Sw3NtMakePermanentObject: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x012BC4C11 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x012BC4C11 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwMakeTemporaryObject Sw3NtMakeTemporaryObject __asm__("Sw3NtMakeTemporaryObject: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x074591ABA \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x074591ABA \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwManagePartition Sw3NtManagePartition __asm__("Sw3NtManagePartition: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00C9C6847 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00C9C6847 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwMapCMFModule Sw3NtMapCMFModule __asm__("Sw3NtMapCMFModule: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x054DC6E5C \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x054DC6E5C \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwMapUserPhysicalPages Sw3NtMapUserPhysicalPages __asm__("Sw3NtMapUserPhysicalPages: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x09EA0B300 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x09EA0B300 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwMapViewOfSectionEx Sw3NtMapViewOfSectionEx __asm__("Sw3NtMapViewOfSectionEx: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0169D6260 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0169D6260 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwModifyBootEntry Sw3NtModifyBootEntry __asm__("Sw3NtModifyBootEntry: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0099D1D02 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0099D1D02 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwModifyDriverEntry Sw3NtModifyDriverEntry __asm__("Sw3NtModifyDriverEntry: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x031E02178 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x031E02178 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwNotifyChangeDirectoryFile Sw3NtNotifyChangeDirectoryFile __asm__("Sw3NtNotifyChangeDirectoryFile: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x024B4D4EF \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x024B4D4EF \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwNotifyChangeDirectoryFileEx Sw3NtNotifyChangeDirectoryFileEx __asm__("Sw3NtNotifyChangeDirectoryFileEx: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0C05A2120 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0C05A2120 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwNotifyChangeKey Sw3NtNotifyChangeKey __asm__("Sw3NtNotifyChangeKey: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0AA9AA900 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0AA9AA900 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwNotifyChangeMultipleKeys Sw3NtNotifyChangeMultipleKeys __asm__("Sw3NtNotifyChangeMultipleKeys: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0B433BF47 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0B433BF47 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwNotifyChangeSession Sw3NtNotifyChangeSession __asm__("Sw3NtNotifyChangeSession: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0178CD9D0 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0178CD9D0 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwOpenEnlistment Sw3NtOpenEnlistment __asm__("Sw3NtOpenEnlistment: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0C9E33DA4 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0C9E33DA4 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwOpenEventPair Sw3NtOpenEventPair __asm__("Sw3NtOpenEventPair: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x05EE36E41 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x05EE36E41 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwOpenIoCompletion Sw3NtOpenIoCompletion __asm__("Sw3NtOpenIoCompletion: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0C2EDE2B3 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0C2EDE2B3 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwOpenJobObject Sw3NtOpenJobObject __asm__("Sw3NtOpenJobObject: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00738FD36 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00738FD36 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwOpenKeyEx Sw3NtOpenKeyEx __asm__("Sw3NtOpenKeyEx: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0FC7F0902 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0FC7F0902 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwOpenKeyTransacted Sw3NtOpenKeyTransacted __asm__("Sw3NtOpenKeyTransacted: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0D09DB644 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0D09DB644 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwOpenKeyTransactedEx Sw3NtOpenKeyTransactedEx __asm__("Sw3NtOpenKeyTransactedEx: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0E8D8A821 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0E8D8A821 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwOpenKeyedEvent Sw3NtOpenKeyedEvent __asm__("Sw3NtOpenKeyedEvent: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x048CA4B5C \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x048CA4B5C \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwOpenMutant Sw3NtOpenMutant __asm__("Sw3NtOpenMutant: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0CD8FA06E \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0CD8FA06E \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwOpenObjectAuditAlarm Sw3NtOpenObjectAuditAlarm __asm__("Sw3NtOpenObjectAuditAlarm: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x09E30605C \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x09E30605C \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwOpenPartition Sw3NtOpenPartition __asm__("Sw3NtOpenPartition: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0DB441A16 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0DB441A16 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwOpenPrivateNamespace Sw3NtOpenPrivateNamespace __asm__("Sw3NtOpenPrivateNamespace: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0CACEFD5D \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0CACEFD5D \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwOpenProcessToken Sw3NtOpenProcessToken __asm__("Sw3NtOpenProcessToken: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00396888F \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00396888F \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwOpenRegistryTransaction Sw3NtOpenRegistryTransaction __asm__("Sw3NtOpenRegistryTransaction: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00A1D34B5 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00A1D34B5 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwOpenResourceManager Sw3NtOpenResourceManager __asm__("Sw3NtOpenResourceManager: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00A929FB0 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00A929FB0 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwOpenSemaphore Sw3NtOpenSemaphore __asm__("Sw3NtOpenSemaphore: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0D8880239 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0D8880239 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwOpenSession Sw3NtOpenSession __asm__("Sw3NtOpenSession: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x09E05BC99 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x09E05BC99 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwOpenSymbolicLinkObject Sw3NtOpenSymbolicLinkObject __asm__("Sw3NtOpenSymbolicLinkObject: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00406029B \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00406029B \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwOpenThread Sw3NtOpenThread __asm__("Sw3NtOpenThread: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0020050BE \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0020050BE \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwOpenTimer Sw3NtOpenTimer __asm__("Sw3NtOpenTimer: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x004130C89 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x004130C89 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwOpenTransaction Sw3NtOpenTransaction __asm__("Sw3NtOpenTransaction: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0D20DF2D3 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0D20DF2D3 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwOpenTransactionManager Sw3NtOpenTransactionManager __asm__("Sw3NtOpenTransactionManager: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0192279D1 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0192279D1 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwPlugPlayControl Sw3NtPlugPlayControl __asm__("Sw3NtPlugPlayControl: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00791E1C3 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00791E1C3 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwPrePrepareComplete Sw3NtPrePrepareComplete __asm__("Sw3NtPrePrepareComplete: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x02CD0DB5C \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x02CD0DB5C \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwPrePrepareEnlistment Sw3NtPrePrepareEnlistment __asm__("Sw3NtPrePrepareEnlistment: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00CB6CCC5 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00CB6CCC5 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwPrepareComplete Sw3NtPrepareComplete __asm__("Sw3NtPrepareComplete: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x048D1B28E \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x048D1B28E \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwPrepareEnlistment Sw3NtPrepareEnlistment __asm__("Sw3NtPrepareEnlistment: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0098CC9DB \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0098CC9DB \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwPrivilegeCheck Sw3NtPrivilegeCheck __asm__("Sw3NtPrivilegeCheck: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x01AB5D195 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x01AB5D195 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwPrivilegeObjectAuditAlarm Sw3NtPrivilegeObjectAuditAlarm __asm__("Sw3NtPrivilegeObjectAuditAlarm: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0D2D5D440 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0D2D5D440 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwPrivilegedServiceAuditAlarm Sw3NtPrivilegedServiceAuditAlarm __asm__("Sw3NtPrivilegedServiceAuditAlarm: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0D6B931EE \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0D6B931EE \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwPropagationComplete Sw3NtPropagationComplete __asm__("Sw3NtPropagationComplete: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0ACB0C7BE \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0ACB0C7BE \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwPropagationFailed Sw3NtPropagationFailed __asm__("Sw3NtPropagationFailed: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x02196A18A \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x02196A18A \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwPulseEvent Sw3NtPulseEvent __asm__("Sw3NtPulseEvent: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0020513EF \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0020513EF \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryAuxiliaryCounterFrequency Sw3NtQueryAuxiliaryCounterFrequency __asm__("Sw3NtQueryAuxiliaryCounterFrequency: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x077470AC1 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x077470AC1 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryBootEntryOrder Sw3NtQueryBootEntryOrder __asm__("Sw3NtQueryBootEntryOrder: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x08B9E7C9A \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x08B9E7C9A \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryBootOptions Sw3NtQueryBootOptions __asm__("Sw3NtQueryBootOptions: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00A9BE4C6 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00A9BE4C6 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryDebugFilterState Sw3NtQueryDebugFilterState __asm__("Sw3NtQueryDebugFilterState: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x032903C34 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x032903C34 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryDirectoryFileEx Sw3NtQueryDirectoryFileEx __asm__("Sw3NtQueryDirectoryFileEx: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x07682ACD0 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x07682ACD0 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryDirectoryObject Sw3NtQueryDirectoryObject __asm__("Sw3NtQueryDirectoryObject: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x04B637DD9 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x04B637DD9 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryDriverEntryOrder Sw3NtQueryDriverEntryOrder __asm__("Sw3NtQueryDriverEntryOrder: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x09B396272 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x09B396272 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryEaFile Sw3NtQueryEaFile __asm__("Sw3NtQueryEaFile: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0FDDC2DE8 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0FDDC2DE8 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryFullAttributesFile Sw3NtQueryFullAttributesFile __asm__("Sw3NtQueryFullAttributesFile: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x008B96472 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x008B96472 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryInformationAtom Sw3NtQueryInformationAtom __asm__("Sw3NtQueryInformationAtom: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0D13DB435 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0D13DB435 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryInformationByName Sw3NtQueryInformationByName __asm__("Sw3NtQueryInformationByName: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0B8D9C539 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0B8D9C539 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryInformationEnlistment Sw3NtQueryInformationEnlistment __asm__("Sw3NtQueryInformationEnlistment: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0D651E9F2 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0D651E9F2 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryInformationJobObject Sw3NtQueryInformationJobObject __asm__("Sw3NtQueryInformationJobObject: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0DB44F9DA \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0DB44F9DA \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryInformationPort Sw3NtQueryInformationPort __asm__("Sw3NtQueryInformationPort: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0A538AABB \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0A538AABB \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryInformationResourceManager Sw3NtQueryInformationResourceManager __asm__("Sw3NtQueryInformationResourceManager: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x01EB789B6 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x01EB789B6 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryInformationTransaction Sw3NtQueryInformationTransaction __asm__("Sw3NtQueryInformationTransaction: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x076EC1431 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x076EC1431 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryInformationTransactionManager Sw3NtQueryInformationTransactionManager __asm__("Sw3NtQueryInformationTransactionManager: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x029B0E7E0 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x029B0E7E0 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryInformationWorkerFactory Sw3NtQueryInformationWorkerFactory __asm__("Sw3NtQueryInformationWorkerFactory: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00C5218CF \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00C5218CF \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryInstallUILanguage Sw3NtQueryInstallUILanguage __asm__("Sw3NtQueryInstallUILanguage: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0A8365A2B \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0A8365A2B \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryIntervalProfile Sw3NtQueryIntervalProfile __asm__("Sw3NtQueryIntervalProfile: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x09E3C579E \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x09E3C579E \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryIoCompletion Sw3NtQueryIoCompletion __asm__("Sw3NtQueryIoCompletion: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x08C96EA06 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x08C96EA06 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryLicenseValue Sw3NtQueryLicenseValue __asm__("Sw3NtQueryLicenseValue: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x07A91453E \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x07A91453E \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryMultipleValueKey Sw3NtQueryMultipleValueKey __asm__("Sw3NtQueryMultipleValueKey: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00AFB1769 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00AFB1769 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryMutant Sw3NtQueryMutant __asm__("Sw3NtQueryMutant: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0963399A0 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0963399A0 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryOpenSubKeys Sw3NtQueryOpenSubKeys __asm__("Sw3NtQueryOpenSubKeys: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0EEBBE53D \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0EEBBE53D \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryOpenSubKeysEx Sw3NtQueryOpenSubKeysEx __asm__("Sw3NtQueryOpenSubKeysEx: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00B87C6D3 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00B87C6D3 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryPortInformationProcess Sw3NtQueryPortInformationProcess __asm__("Sw3NtQueryPortInformationProcess: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0772C96B0 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0772C96B0 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryQuotaInformationFile Sw3NtQueryQuotaInformationFile __asm__("Sw3NtQueryQuotaInformationFile: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x010947812 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x010947812 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQuerySecurityAttributesToken Sw3NtQuerySecurityAttributesToken __asm__("Sw3NtQuerySecurityAttributesToken: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0C95FC9FE \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0C95FC9FE \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQuerySecurityObject Sw3NtQuerySecurityObject __asm__("Sw3NtQuerySecurityObject: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x08BB5B9FB \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x08BB5B9FB \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQuerySecurityPolicy Sw3NtQuerySecurityPolicy __asm__("Sw3NtQuerySecurityPolicy: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x091ABB6F7 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x091ABB6F7 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQuerySemaphore Sw3NtQuerySemaphore __asm__("Sw3NtQuerySemaphore: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x08716AD59 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x08716AD59 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQuerySymbolicLinkObject Sw3NtQuerySymbolicLinkObject __asm__("Sw3NtQuerySymbolicLinkObject: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x086B9BEF5 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x086B9BEF5 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQuerySystemEnvironmentValue Sw3NtQuerySystemEnvironmentValue __asm__("Sw3NtQuerySystemEnvironmentValue: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0069D86B6 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0069D86B6 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQuerySystemEnvironmentValueEx Sw3NtQuerySystemEnvironmentValueEx __asm__("Sw3NtQuerySystemEnvironmentValueEx: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0002A4CFF \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0002A4CFF \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQuerySystemInformationEx Sw3NtQuerySystemInformationEx __asm__("Sw3NtQuerySystemInformationEx: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x010EA582A \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x010EA582A \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryTimerResolution Sw3NtQueryTimerResolution __asm__("Sw3NtQueryTimerResolution: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x012081297 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x012081297 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryWnfStateData Sw3NtQueryWnfStateData __asm__("Sw3NtQueryWnfStateData: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0C685D537 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0C685D537 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueryWnfStateNameInformation Sw3NtQueryWnfStateNameInformation __asm__("Sw3NtQueryWnfStateNameInformation: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x018037A0F \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x018037A0F \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQueueApcThreadEx Sw3NtQueueApcThreadEx __asm__("Sw3NtQueueApcThreadEx: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x055B8097C \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x055B8097C \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwRaiseException Sw3NtRaiseException __asm__("Sw3NtRaiseException: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00892543F \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00892543F \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwRaiseHardError Sw3NtRaiseHardError __asm__("Sw3NtRaiseHardError: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0D651D7C2 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0D651D7C2 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwReadOnlyEnlistment Sw3NtReadOnlyEnlistment __asm__("Sw3NtReadOnlyEnlistment: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x069D16043 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x069D16043 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwRecoverEnlistment Sw3NtRecoverEnlistment __asm__("Sw3NtRecoverEnlistment: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x071EE9685 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x071EE9685 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwRecoverResourceManager Sw3NtRecoverResourceManager __asm__("Sw3NtRecoverResourceManager: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x069B70354 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x069B70354 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwRecoverTransactionManager Sw3NtRecoverTransactionManager __asm__("Sw3NtRecoverTransactionManager: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x06BB46528 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x06BB46528 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwRegisterProtocolAddressInformation Sw3NtRegisterProtocolAddressInformation __asm__("Sw3NtRegisterProtocolAddressInformation: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x01FB52134 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x01FB52134 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwRegisterThreadTerminatePort Sw3NtRegisterThreadTerminatePort __asm__("Sw3NtRegisterThreadTerminatePort: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0AA3EA3A2 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0AA3EA3A2 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwReleaseKeyedEvent Sw3NtReleaseKeyedEvent __asm__("Sw3NtReleaseKeyedEvent: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x07EE15774 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x07EE15774 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwReleaseWorkerFactoryWorker Sw3NtReleaseWorkerFactoryWorker __asm__("Sw3NtReleaseWorkerFactoryWorker: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x094A3F471 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x094A3F471 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwRemoveIoCompletionEx Sw3NtRemoveIoCompletionEx __asm__("Sw3NtRemoveIoCompletionEx: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x06CCEA288 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x06CCEA288 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwRemoveProcessDebug Sw3NtRemoveProcessDebug __asm__("Sw3NtRemoveProcessDebug: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x04024538C \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x04024538C \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwRenameKey Sw3NtRenameKey __asm__("Sw3NtRenameKey: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x06AFA85AD \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x06AFA85AD \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwRenameTransactionManager Sw3NtRenameTransactionManager __asm__("Sw3NtRenameTransactionManager: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0633CAD60 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0633CAD60 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwReplaceKey Sw3NtReplaceKey __asm__("Sw3NtReplaceKey: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x05EE37B7F \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x05EE37B7F \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwReplacePartitionUnit Sw3NtReplacePartitionUnit __asm__("Sw3NtReplacePartitionUnit: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0F778C9F1 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0F778C9F1 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwReplyWaitReplyPort Sw3NtReplyWaitReplyPort __asm__("Sw3NtReplyWaitReplyPort: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x062F05F50 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x062F05F50 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwRequestPort Sw3NtRequestPort __asm__("Sw3NtRequestPort: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x06EF0676E \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x06EF0676E \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwResetEvent Sw3NtResetEvent __asm__("Sw3NtResetEvent: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x08A2195B2 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x08A2195B2 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwResetWriteWatch Sw3NtResetWriteWatch __asm__("Sw3NtResetWriteWatch: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x01C429076 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x01C429076 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwRestoreKey Sw3NtRestoreKey __asm__("Sw3NtRestoreKey: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x07EAA1F50 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x07EAA1F50 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwResumeProcess Sw3NtResumeProcess __asm__("Sw3NtResumeProcess: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0D12F37BA \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0D12F37BA \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwRevertContainerImpersonation Sw3NtRevertContainerImpersonation __asm__("Sw3NtRevertContainerImpersonation: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x05EC85E5F \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x05EC85E5F \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwRollbackComplete Sw3NtRollbackComplete __asm__("Sw3NtRollbackComplete: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0964B681E \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0964B681E \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwRollbackEnlistment Sw3NtRollbackEnlistment __asm__("Sw3NtRollbackEnlistment: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00F96E984 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00F96E984 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwRollbackRegistryTransaction Sw3NtRollbackRegistryTransaction __asm__("Sw3NtRollbackRegistryTransaction: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x02CA8701B \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x02CA8701B \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwRollbackTransaction Sw3NtRollbackTransaction __asm__("Sw3NtRollbackTransaction: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00D450DD4 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00D450DD4 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwRollforwardTransactionManager Sw3NtRollforwardTransactionManager __asm__("Sw3NtRollforwardTransactionManager: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x005C180D2 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x005C180D2 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSaveKey Sw3NtSaveKey __asm__("Sw3NtSaveKey: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x066FE5744 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x066FE5744 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSaveKeyEx Sw3NtSaveKeyEx __asm__("Sw3NtSaveKeyEx: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x031BBFDCF \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x031BBFDCF \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSaveMergedKeys Sw3NtSaveMergedKeys __asm__("Sw3NtSaveMergedKeys: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x02AB6171D \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x02AB6171D \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSecureConnectPort Sw3NtSecureConnectPort __asm__("Sw3NtSecureConnectPort: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0DE4DC7A0 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0DE4DC7A0 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSerializeBoot Sw3NtSerializeBoot __asm__("Sw3NtSerializeBoot: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0329C2233 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0329C2233 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetBootEntryOrder Sw3NtSetBootEntryOrder __asm__("Sw3NtSetBootEntryOrder: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x073CD5B57 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x073CD5B57 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetBootOptions Sw3NtSetBootOptions __asm__("Sw3NtSetBootOptions: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x017953D01 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x017953D01 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetCachedSigningLevel Sw3NtSetCachedSigningLevel __asm__("Sw3NtSetCachedSigningLevel: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0207226C3 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0207226C3 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetCachedSigningLevel2 Sw3NtSetCachedSigningLevel2 __asm__("Sw3NtSetCachedSigningLevel2: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0E3526281 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0E3526281 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetContextThread Sw3NtSetContextThread __asm__("Sw3NtSetContextThread: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x034963C39 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x034963C39 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetDebugFilterState Sw3NtSetDebugFilterState __asm__("Sw3NtSetDebugFilterState: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0229809D4 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0229809D4 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetDefaultHardErrorPort Sw3NtSetDefaultHardErrorPort __asm__("Sw3NtSetDefaultHardErrorPort: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x024B75F38 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x024B75F38 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetDefaultLocale Sw3NtSetDefaultLocale __asm__("Sw3NtSetDefaultLocale: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x043DE7109 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x043DE7109 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetDefaultUILanguage Sw3NtSetDefaultUILanguage __asm__("Sw3NtSetDefaultUILanguage: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0A91B6FBA \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0A91B6FBA \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetDriverEntryOrder Sw3NtSetDriverEntryOrder __asm__("Sw3NtSetDriverEntryOrder: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0218D1735 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0218D1735 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetEaFile Sw3NtSetEaFile __asm__("Sw3NtSetEaFile: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x03E6540BD \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x03E6540BD \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetHighEventPair Sw3NtSetHighEventPair __asm__("Sw3NtSetHighEventPair: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x074CC93A2 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x074CC93A2 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetHighWaitLowEventPair Sw3NtSetHighWaitLowEventPair __asm__("Sw3NtSetHighWaitLowEventPair: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00EB0323D \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00EB0323D \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetIRTimer Sw3NtSetIRTimer __asm__("Sw3NtSetIRTimer: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x027973716 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x027973716 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetInformationDebugObject Sw3NtSetInformationDebugObject __asm__("Sw3NtSetInformationDebugObject: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x068559059 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x068559059 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetInformationEnlistment Sw3NtSetInformationEnlistment __asm__("Sw3NtSetInformationEnlistment: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0099B2C2D \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0099B2C2D \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetInformationJobObject Sw3NtSetInformationJobObject __asm__("Sw3NtSetInformationJobObject: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0FF54C7D8 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0FF54C7D8 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetInformationKey Sw3NtSetInformationKey __asm__("Sw3NtSetInformationKey: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0AE9B3988 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0AE9B3988 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetInformationResourceManager Sw3NtSetInformationResourceManager __asm__("Sw3NtSetInformationResourceManager: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00531159C \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00531159C \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetInformationSymbolicLink Sw3NtSetInformationSymbolicLink __asm__("Sw3NtSetInformationSymbolicLink: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0F357F3C1 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0F357F3C1 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetInformationToken Sw3NtSetInformationToken __asm__("Sw3NtSetInformationToken: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x07355266E \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x07355266E \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetInformationTransaction Sw3NtSetInformationTransaction __asm__("Sw3NtSetInformationTransaction: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x04886065F \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x04886065F \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetInformationTransactionManager Sw3NtSetInformationTransactionManager __asm__("Sw3NtSetInformationTransactionManager: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0BB65C7A8 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0BB65C7A8 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetInformationVirtualMemory Sw3NtSetInformationVirtualMemory __asm__("Sw3NtSetInformationVirtualMemory: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0FB90F506 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0FB90F506 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetInformationWorkerFactory Sw3NtSetInformationWorkerFactory __asm__("Sw3NtSetInformationWorkerFactory: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0DB4AD3C5 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0DB4AD3C5 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetIntervalProfile Sw3NtSetIntervalProfile __asm__("Sw3NtSetIntervalProfile: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0F4BF6DBB \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0F4BF6DBB \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetIoCompletion Sw3NtSetIoCompletion __asm__("Sw3NtSetIoCompletion: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x03EA41FF3 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x03EA41FF3 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetIoCompletionEx Sw3NtSetIoCompletionEx __asm__("Sw3NtSetIoCompletionEx: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0A156DDD2 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0A156DDD2 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetLdtEntries Sw3NtSetLdtEntries __asm__("Sw3NtSetLdtEntries: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x02A81C395 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x02A81C395 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetLowEventPair Sw3NtSetLowEventPair __asm__("Sw3NtSetLowEventPair: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x05EB2462B \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x05EB2462B \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetLowWaitHighEventPair Sw3NtSetLowWaitHighEventPair __asm__("Sw3NtSetLowWaitHighEventPair: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x02232329B \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x02232329B \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetQuotaInformationFile Sw3NtSetQuotaInformationFile __asm__("Sw3NtSetQuotaInformationFile: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0DE5F0418 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0DE5F0418 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetSecurityObject Sw3NtSetSecurityObject __asm__("Sw3NtSetSecurityObject: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0FA40C2CC \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0FA40C2CC \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetSystemEnvironmentValue Sw3NtSetSystemEnvironmentValue __asm__("Sw3NtSetSystemEnvironmentValue: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x03C972B1C \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x03C972B1C \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetSystemEnvironmentValueEx Sw3NtSetSystemEnvironmentValueEx __asm__("Sw3NtSetSystemEnvironmentValueEx: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0978AC356 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0978AC356 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetSystemInformation Sw3NtSetSystemInformation __asm__("Sw3NtSetSystemInformation: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0349A4F8F \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0349A4F8F \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetSystemPowerState Sw3NtSetSystemPowerState __asm__("Sw3NtSetSystemPowerState: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x01CA3F6D2 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x01CA3F6D2 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetSystemTime Sw3NtSetSystemTime __asm__("Sw3NtSetSystemTime: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x086A2D69F \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x086A2D69F \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetThreadExecutionState Sw3NtSetThreadExecutionState __asm__("Sw3NtSetThreadExecutionState: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x09D966489 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x09D966489 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetTimer2 Sw3NtSetTimer2 __asm__("Sw3NtSetTimer2: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x01DA4DA2D \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x01DA4DA2D \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetTimerEx Sw3NtSetTimerEx __asm__("Sw3NtSetTimerEx: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x026B9998E \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x026B9998E \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetTimerResolution Sw3NtSetTimerResolution __asm__("Sw3NtSetTimerResolution: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x03CAB3C3D \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x03CAB3C3D \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetUuidSeed Sw3NtSetUuidSeed __asm__("Sw3NtSetUuidSeed: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0F1CF72F3 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0F1CF72F3 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetVolumeInformationFile Sw3NtSetVolumeInformationFile __asm__("Sw3NtSetVolumeInformationFile: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00A9CC2BA \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00A9CC2BA \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetWnfProcessNotificationEvent Sw3NtSetWnfProcessNotificationEvent __asm__("Sw3NtSetWnfProcessNotificationEvent: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x03924D47D \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x03924D47D \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwShutdownSystem Sw3NtShutdownSystem __asm__("Sw3NtShutdownSystem: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x090BC8003 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x090BC8003 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwShutdownWorkerFactory Sw3NtShutdownWorkerFactory __asm__("Sw3NtShutdownWorkerFactory: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x08C02BABA \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x08C02BABA \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSignalAndWaitForSingleObject Sw3NtSignalAndWaitForSingleObject __asm__("Sw3NtSignalAndWaitForSingleObject: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x07CA8145F \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x07CA8145F \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSinglePhaseReject Sw3NtSinglePhaseReject __asm__("Sw3NtSinglePhaseReject: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x03E850E39 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x03E850E39 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwStartProfile Sw3NtStartProfile __asm__("Sw3NtStartProfile: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0CC9D0F3B \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0CC9D0F3B \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwStopProfile Sw3NtStopProfile __asm__("Sw3NtStopProfile: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x010B49B84 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x010B49B84 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSubscribeWnfStateChange Sw3NtSubscribeWnfStateChange __asm__("Sw3NtSubscribeWnfStateChange: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0CC5EFDC4 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0CC5EFDC4 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSuspendProcess Sw3NtSuspendProcess __asm__("Sw3NtSuspendProcess: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0C6BBDF57 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0C6BBDF57 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSuspendThread Sw3NtSuspendThread __asm__("Sw3NtSuspendThread: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x014B83629 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x014B83629 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSystemDebugControl Sw3NtSystemDebugControl __asm__("Sw3NtSystemDebugControl: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x047D16953 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x047D16953 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwTerminateEnclave Sw3NtTerminateEnclave __asm__("Sw3NtTerminateEnclave: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00EC2F49E \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00EC2F49E \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwTerminateJobObject Sw3NtTerminateJobObject __asm__("Sw3NtTerminateJobObject: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x07EA07C3D \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x07EA07C3D \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwTestAlert Sw3NtTestAlert __asm__("Sw3NtTestAlert: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0F2C58F34 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0F2C58F34 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwThawRegistry Sw3NtThawRegistry __asm__("Sw3NtThawRegistry: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x024AE2623 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x024AE2623 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwThawTransactions Sw3NtThawTransactions __asm__("Sw3NtThawTransactions: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0CC1ED09E \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0CC1ED09E \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwTraceControl Sw3NtTraceControl __asm__("Sw3NtTraceControl: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0BF914486 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0BF914486 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwTranslateFilePath Sw3NtTranslateFilePath __asm__("Sw3NtTranslateFilePath: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0721347BE \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0721347BE \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwUmsThreadYield Sw3NtUmsThreadYield __asm__("Sw3NtUmsThreadYield: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x007BB766F \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x007BB766F \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwUnloadDriver Sw3NtUnloadDriver __asm__("Sw3NtUnloadDriver: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x018AB3010 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x018AB3010 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwUnloadKey Sw3NtUnloadKey __asm__("Sw3NtUnloadKey: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0082969B1 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0082969B1 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwUnloadKey2 Sw3NtUnloadKey2 __asm__("Sw3NtUnloadKey2: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0B92132FC \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0B92132FC \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwUnloadKeyEx Sw3NtUnloadKeyEx __asm__("Sw3NtUnloadKeyEx: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x07B98ADC5 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x07B98ADC5 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwUnlockFile Sw3NtUnlockFile __asm__("Sw3NtUnlockFile: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x009990733 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x009990733 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwUnlockVirtualMemory Sw3NtUnlockVirtualMemory __asm__("Sw3NtUnlockVirtualMemory: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00A5B00DB \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00A5B00DB \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwUnmapViewOfSectionEx Sw3NtUnmapViewOfSectionEx __asm__("Sw3NtUnmapViewOfSectionEx: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x09A91C446 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x09A91C446 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwUnsubscribeWnfStateChange Sw3NtUnsubscribeWnfStateChange __asm__("Sw3NtUnsubscribeWnfStateChange: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0D344D0DD \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0D344D0DD \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwUpdateWnfStateData Sw3NtUpdateWnfStateData __asm__("Sw3NtUpdateWnfStateData: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x066C9F2FE \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x066C9F2FE \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwVdmControl Sw3NtVdmControl __asm__("Sw3NtVdmControl: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x09F93E505 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x09F93E505 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwWaitForAlertByThreadId Sw3NtWaitForAlertByThreadId __asm__("Sw3NtWaitForAlertByThreadId: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0ACB3E812 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0ACB3E812 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwWaitForDebugEvent Sw3NtWaitForDebugEvent __asm__("Sw3NtWaitForDebugEvent: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x01085371E \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x01085371E \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwWaitForKeyedEvent Sw3NtWaitForKeyedEvent __asm__("Sw3NtWaitForKeyedEvent: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0B73DA6BB \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0B73DA6BB \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwWaitForWorkViaWorkerFactory Sw3NtWaitForWorkViaWorkerFactory __asm__("Sw3NtWaitForWorkViaWorkerFactory: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x044954E00 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x044954E00 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwWaitHighEventPair Sw3NtWaitHighEventPair __asm__("Sw3NtWaitHighEventPair: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x08315B9B2 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x08315B9B2 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwWaitLowEventPair Sw3NtWaitLowEventPair __asm__("Sw3NtWaitLowEventPair: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0F4B1D4EF \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0F4B1D4EF \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwAcquireCMFViewOwnership Sw3NtAcquireCMFViewOwnership __asm__("Sw3NtAcquireCMFViewOwnership: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x04E131538 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x04E131538 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCancelDeviceWakeupRequest Sw3NtCancelDeviceWakeupRequest __asm__("Sw3NtCancelDeviceWakeupRequest: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x041CF4952 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x041CF4952 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwClearAllSavepointsTransaction Sw3NtClearAllSavepointsTransaction __asm__("Sw3NtClearAllSavepointsTransaction: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x05D0961A3 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x05D0961A3 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwClearSavepointTransaction Sw3NtClearSavepointTransaction __asm__("Sw3NtClearSavepointTransaction: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0A206BCAF \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0A206BCAF \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwRollbackSavepointTransaction Sw3NtRollbackSavepointTransaction __asm__("Sw3NtRollbackSavepointTransaction: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x08099DE55 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x08099DE55 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSavepointTransaction Sw3NtSavepointTransaction __asm__("Sw3NtSavepointTransaction: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0174CD316 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0174CD316 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSavepointComplete Sw3NtSavepointComplete __asm__("Sw3NtSavepointComplete: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0E9569349 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0E9569349 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateSectionEx Sw3NtCreateSectionEx __asm__("Sw3NtCreateSectionEx: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x08694D44E \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x08694D44E \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwCreateCrossVmEvent Sw3NtCreateCrossVmEvent __asm__("Sw3NtCreateCrossVmEvent: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0C60CCF98 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0C60CCF98 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwGetPlugPlayEvent Sw3NtGetPlugPlayEvent __asm__("Sw3NtGetPlugPlayEvent: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0124DF03B \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0124DF03B \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwListTransactions Sw3NtListTransactions __asm__("Sw3NtListTransactions: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x00F5D17D7 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x00F5D17D7 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwMarshallTransaction Sw3NtMarshallTransaction __asm__("Sw3NtMarshallTransaction: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x074AA567B \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x074AA567B \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwPullTransaction Sw3NtPullTransaction __asm__("Sw3NtPullTransaction: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0C881EE55 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0C881EE55 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwReleaseCMFViewOwnership Sw3NtReleaseCMFViewOwnership __asm__("Sw3NtReleaseCMFViewOwnership: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0808559CF \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0808559CF \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwWaitForWnfNotifications Sw3NtWaitForWnfNotifications __asm__("Sw3NtWaitForWnfNotifications: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0C5893EE2 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0C5893EE2 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwStartTm Sw3NtStartTm __asm__("Sw3NtStartTm: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0539E1B22 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0539E1B22 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwSetInformationProcess Sw3NtSetInformationProcess __asm__("Sw3NtSetInformationProcess: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x06739AA60 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x06739AA60 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwRequestDeviceWakeup Sw3NtRequestDeviceWakeup __asm__("Sw3NtRequestDeviceWakeup: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x045A10570 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x045A10570 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwRequestWakeupLatency Sw3NtRequestWakeupLatency __asm__("Sw3NtRequestWakeupLatency: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x001095ECC \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x001095ECC \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwQuerySystemTime Sw3NtQuerySystemTime __asm__("Sw3NtQuerySystemTime: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0E96EBE5E \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0E96EBE5E \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwManageHotPatch Sw3NtManageHotPatch __asm__("Sw3NtManageHotPatch: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0B0AD6FE9 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0B0AD6FE9 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #define Sw3ZwContinueEx Sw3NtContinueEx __asm__("Sw3NtContinueEx: \n\ mov [rsp +8], rcx \n\ mov [rsp+16], rdx \n\ mov [rsp+24], r8 \n\ mov [rsp+32], r9 \n\ sub rsp, 0x28 \n\ mov ecx, 0x0F34DB5F2 \n\ call SW3_GetSyscallAddress \n\ mov r11, rax \n\ mov ecx, 0x0F34DB5F2 \n\ call SW3_GetSyscallNumber \n\ add rsp, 0x28 \n\ mov rcx, [rsp+8] \n\ mov rdx, [rsp+16] \n\ mov r8, [rsp+24] \n\ mov r9, [rsp+32] \n\ mov r10, rcx \n\ jmp r11 \n\ "); #endif