.code EXTERN SW3_GetSyscallNumber: PROC NtCreateProcess PROC mov [rsp +8], rcx ; Save registers. mov [rsp+16], rdx mov [rsp+24], r8 mov [rsp+32], r9 sub rsp, 28h mov ecx, 029943818h ; Load function hash into ECX. call SW3_GetSyscallNumber ; Resolve function hash into syscall number. add rsp, 28h mov rcx, [rsp+8] ; Restore registers. mov rdx, [rsp+16] mov r8, [rsp+24] mov r9, [rsp+32] mov r10, rcx syscall ; Invoke system call. ret NtCreateProcess ENDP NtCreateThreadEx PROC mov [rsp +8], rcx ; Save registers. mov [rsp+16], rdx mov [rsp+24], r8 mov [rsp+32], r9 sub rsp, 28h mov ecx, 052B6124Eh ; Load function hash into ECX. call SW3_GetSyscallNumber ; Resolve function hash into syscall number. add rsp, 28h mov rcx, [rsp+8] ; Restore registers. mov rdx, [rsp+16] mov r8, [rsp+24] mov r9, [rsp+32] mov r10, rcx syscall ; Invoke system call. ret NtCreateThreadEx ENDP NtOpenProcess PROC mov [rsp +8], rcx ; Save registers. mov [rsp+16], rdx mov [rsp+24], r8 mov [rsp+32], r9 sub rsp, 28h mov ecx, 00DD60C24h ; Load function hash into ECX. call SW3_GetSyscallNumber ; Resolve function hash into syscall number. add rsp, 28h mov rcx, [rsp+8] ; Restore registers. mov rdx, [rsp+16] mov r8, [rsp+24] mov r9, [rsp+32] mov r10, rcx syscall ; Invoke system call. ret NtOpenProcess ENDP NtOpenProcessToken PROC mov [rsp +8], rcx ; Save registers. mov [rsp+16], rdx mov [rsp+24], r8 mov [rsp+32], r9 sub rsp, 28h mov ecx, 0C3914A8Dh ; Load function hash into ECX. call SW3_GetSyscallNumber ; Resolve function hash into syscall number. add rsp, 28h mov rcx, [rsp+8] ; Restore registers. mov rdx, [rsp+16] mov r8, [rsp+24] mov r9, [rsp+32] mov r10, rcx syscall ; Invoke system call. ret NtOpenProcessToken ENDP NtTestAlert PROC mov [rsp +8], rcx ; Save registers. mov [rsp+16], rdx mov [rsp+24], r8 mov [rsp+32], r9 sub rsp, 28h mov ecx, 02EB45D3Ah ; Load function hash into ECX. call SW3_GetSyscallNumber ; Resolve function hash into syscall number. add rsp, 28h mov rcx, [rsp+8] ; Restore registers. mov rdx, [rsp+16] mov r8, [rsp+24] mov r9, [rsp+32] mov r10, rcx syscall ; Invoke system call. ret NtTestAlert ENDP NtOpenThread PROC mov [rsp +8], rcx ; Save registers. mov [rsp+16], rdx mov [rsp+24], r8 mov [rsp+32], r9 sub rsp, 28h mov ecx, 075426DE5h ; Load function hash into ECX. call SW3_GetSyscallNumber ; Resolve function hash into syscall number. add rsp, 28h mov rcx, [rsp+8] ; Restore registers. mov rdx, [rsp+16] mov r8, [rsp+24] mov r9, [rsp+32] mov r10, rcx syscall ; Invoke system call. ret NtOpenThread ENDP NtSuspendProcess PROC mov [rsp +8], rcx ; Save registers. mov [rsp+16], rdx mov [rsp+24], r8 mov [rsp+32], r9 sub rsp, 28h mov ecx, 0F022DFBFh ; Load function hash into ECX. call SW3_GetSyscallNumber ; Resolve function hash into syscall number. add rsp, 28h mov rcx, [rsp+8] ; Restore registers. mov rdx, [rsp+16] mov r8, [rsp+24] mov r9, [rsp+32] mov r10, rcx syscall ; Invoke system call. ret NtSuspendProcess ENDP NtSuspendThread PROC mov [rsp +8], rcx ; Save registers. mov [rsp+16], rdx mov [rsp+24], r8 mov [rsp+32], r9 sub rsp, 28h mov ecx, 00F3F9E0Dh ; Load function hash into ECX. call SW3_GetSyscallNumber ; Resolve function hash into syscall number. add rsp, 28h mov rcx, [rsp+8] ; Restore registers. mov rdx, [rsp+16] mov r8, [rsp+24] mov r9, [rsp+32] mov r10, rcx syscall ; Invoke system call. ret NtSuspendThread ENDP NtResumeProcess PROC mov [rsp +8], rcx ; Save registers. mov [rsp+16], rdx mov [rsp+24], r8 mov [rsp+32], r9 sub rsp, 28h mov ecx, 041D54040h ; Load function hash into ECX. call SW3_GetSyscallNumber ; Resolve function hash into syscall number. add rsp, 28h mov rcx, [rsp+8] ; Restore registers. mov rdx, [rsp+16] mov r8, [rsp+24] mov r9, [rsp+32] mov r10, rcx syscall ; Invoke system call. ret NtResumeProcess ENDP NtResumeThread PROC mov [rsp +8], rcx ; Save registers. mov [rsp+16], rdx mov [rsp+24], r8 mov [rsp+32], r9 sub rsp, 28h mov ecx, 0B28FAC35h ; Load function hash into ECX. call SW3_GetSyscallNumber ; Resolve function hash into syscall number. add rsp, 28h mov rcx, [rsp+8] ; Restore registers. mov rdx, [rsp+16] mov r8, [rsp+24] mov r9, [rsp+32] mov r10, rcx syscall ; Invoke system call. ret NtResumeThread ENDP NtGetContextThread PROC mov [rsp +8], rcx ; Save registers. mov [rsp+16], rdx mov [rsp+24], r8 mov [rsp+32], r9 sub rsp, 28h mov ecx, 0BB97FF4Fh ; Load function hash into ECX. call SW3_GetSyscallNumber ; Resolve function hash into syscall number. add rsp, 28h mov rcx, [rsp+8] ; Restore registers. mov rdx, [rsp+16] mov r8, [rsp+24] mov r9, [rsp+32] mov r10, rcx syscall ; Invoke system call. ret NtGetContextThread ENDP NtSetContextThread PROC mov [rsp +8], rcx ; Save registers. mov [rsp+16], rdx mov [rsp+24], r8 mov [rsp+32], r9 sub rsp, 28h mov ecx, 093B3CF03h ; Load function hash into ECX. call SW3_GetSyscallNumber ; Resolve function hash into syscall number. add rsp, 28h mov rcx, [rsp+8] ; Restore registers. mov rdx, [rsp+16] mov r8, [rsp+24] mov r9, [rsp+32] mov r10, rcx syscall ; Invoke system call. ret NtSetContextThread ENDP NtClose PROC mov [rsp +8], rcx ; Save registers. mov [rsp+16], rdx mov [rsp+24], r8 mov [rsp+32], r9 sub rsp, 28h mov ecx, 04B1B40BBh ; Load function hash into ECX. call SW3_GetSyscallNumber ; Resolve function hash into syscall number. add rsp, 28h mov rcx, [rsp+8] ; Restore registers. mov rdx, [rsp+16] mov r8, [rsp+24] mov r9, [rsp+32] mov r10, rcx syscall ; Invoke system call. ret NtClose ENDP NtReadVirtualMemory PROC mov [rsp +8], rcx ; Save registers. mov [rsp+16], rdx mov [rsp+24], r8 mov [rsp+32], r9 sub rsp, 28h mov ecx, 009824143h ; Load function hash into ECX. call SW3_GetSyscallNumber ; Resolve function hash into syscall number. add rsp, 28h mov rcx, [rsp+8] ; Restore registers. mov rdx, [rsp+16] mov r8, [rsp+24] mov r9, [rsp+32] mov r10, rcx syscall ; Invoke system call. ret NtReadVirtualMemory ENDP NtWriteVirtualMemory PROC mov [rsp +8], rcx ; Save registers. mov [rsp+16], rdx mov [rsp+24], r8 mov [rsp+32], r9 sub rsp, 28h mov ecx, 08E108490h ; Load function hash into ECX. call SW3_GetSyscallNumber ; Resolve function hash into syscall number. add rsp, 28h mov rcx, [rsp+8] ; Restore registers. mov rdx, [rsp+16] mov r8, [rsp+24] mov r9, [rsp+32] mov r10, rcx syscall ; Invoke system call. ret NtWriteVirtualMemory ENDP NtAllocateVirtualMemory PROC mov [rsp +8], rcx ; Save registers. mov [rsp+16], rdx mov [rsp+24], r8 mov [rsp+32], r9 sub rsp, 28h mov ecx, 0C253FAF2h ; Load function hash into ECX. call SW3_GetSyscallNumber ; Resolve function hash into syscall number. add rsp, 28h mov rcx, [rsp+8] ; Restore registers. mov rdx, [rsp+16] mov r8, [rsp+24] mov r9, [rsp+32] mov r10, rcx syscall ; Invoke system call. ret NtAllocateVirtualMemory ENDP NtProtectVirtualMemory PROC mov [rsp +8], rcx ; Save registers. mov [rsp+16], rdx mov [rsp+24], r8 mov [rsp+32], r9 sub rsp, 28h mov ecx, 0C0603A1Dh ; Load function hash into ECX. call SW3_GetSyscallNumber ; Resolve function hash into syscall number. add rsp, 28h mov rcx, [rsp+8] ; Restore registers. mov rdx, [rsp+16] mov r8, [rsp+24] mov r9, [rsp+32] mov r10, rcx syscall ; Invoke system call. ret NtProtectVirtualMemory ENDP NtFreeVirtualMemory PROC mov [rsp +8], rcx ; Save registers. mov [rsp+16], rdx mov [rsp+24], r8 mov [rsp+32], r9 sub rsp, 28h mov ecx, 087118D83h ; Load function hash into ECX. call SW3_GetSyscallNumber ; Resolve function hash into syscall number. add rsp, 28h mov rcx, [rsp+8] ; Restore registers. mov rdx, [rsp+16] mov r8, [rsp+24] mov r9, [rsp+32] mov r10, rcx syscall ; Invoke system call. ret NtFreeVirtualMemory ENDP NtQuerySystemInformation PROC mov [rsp +8], rcx ; Save registers. mov [rsp+16], rdx mov [rsp+24], r8 mov [rsp+32], r9 sub rsp, 28h mov ecx, 0A4069EABh ; Load function hash into ECX. call SW3_GetSyscallNumber ; Resolve function hash into syscall number. add rsp, 28h mov rcx, [rsp+8] ; Restore registers. mov rdx, [rsp+16] mov r8, [rsp+24] mov r9, [rsp+32] mov r10, rcx syscall ; Invoke system call. ret NtQuerySystemInformation ENDP NtQueryDirectoryFile PROC mov [rsp +8], rcx ; Save registers. mov [rsp+16], rdx mov [rsp+24], r8 mov [rsp+32], r9 sub rsp, 28h mov ecx, 09533C586h ; Load function hash into ECX. call SW3_GetSyscallNumber ; Resolve function hash into syscall number. add rsp, 28h mov rcx, [rsp+8] ; Restore registers. mov rdx, [rsp+16] mov r8, [rsp+24] mov r9, [rsp+32] mov r10, rcx syscall ; Invoke system call. ret NtQueryDirectoryFile ENDP NtQueryInformationFile PROC mov [rsp +8], rcx ; Save registers. mov [rsp+16], rdx mov [rsp+24], r8 mov [rsp+32], r9 sub rsp, 28h mov ecx, 0AC3E2418h ; Load function hash into ECX. call SW3_GetSyscallNumber ; Resolve function hash into syscall number. add rsp, 28h mov rcx, [rsp+8] ; Restore registers. mov rdx, [rsp+16] mov r8, [rsp+24] mov r9, [rsp+32] mov r10, rcx syscall ; Invoke system call. ret NtQueryInformationFile ENDP NtQueryInformationProcess PROC mov [rsp +8], rcx ; Save registers. mov [rsp+16], rdx mov [rsp+24], r8 mov [rsp+32], r9 sub rsp, 28h mov ecx, 002AC0B33h ; Load function hash into ECX. call SW3_GetSyscallNumber ; Resolve function hash into syscall number. add rsp, 28h mov rcx, [rsp+8] ; Restore registers. mov rdx, [rsp+16] mov r8, [rsp+24] mov r9, [rsp+32] mov r10, rcx syscall ; Invoke system call. ret NtQueryInformationProcess ENDP NtQueryInformationThread PROC mov [rsp +8], rcx ; Save registers. mov [rsp+16], rdx mov [rsp+24], r8 mov [rsp+32], r9 sub rsp, 28h mov ecx, 0745A2EE3h ; Load function hash into ECX. call SW3_GetSyscallNumber ; Resolve function hash into syscall number. add rsp, 28h mov rcx, [rsp+8] ; Restore registers. mov rdx, [rsp+16] mov r8, [rsp+24] mov r9, [rsp+32] mov r10, rcx syscall ; Invoke system call. ret NtQueryInformationThread ENDP NtCreateSection PROC mov [rsp +8], rcx ; Save registers. mov [rsp+16], rdx mov [rsp+24], r8 mov [rsp+32], r9 sub rsp, 28h mov ecx, 0F42FD4F1h ; Load function hash into ECX. call SW3_GetSyscallNumber ; Resolve function hash into syscall number. add rsp, 28h mov rcx, [rsp+8] ; Restore registers. mov rdx, [rsp+16] mov r8, [rsp+24] mov r9, [rsp+32] mov r10, rcx syscall ; Invoke system call. ret NtCreateSection ENDP NtOpenSection PROC mov [rsp +8], rcx ; Save registers. mov [rsp+16], rdx mov [rsp+24], r8 mov [rsp+32], r9 sub rsp, 28h mov ecx, 064CE6A2Fh ; Load function hash into ECX. call SW3_GetSyscallNumber ; Resolve function hash into syscall number. add rsp, 28h mov rcx, [rsp+8] ; Restore registers. mov rdx, [rsp+16] mov r8, [rsp+24] mov r9, [rsp+32] mov r10, rcx syscall ; Invoke system call. ret NtOpenSection ENDP NtMapViewOfSection PROC mov [rsp +8], rcx ; Save registers. mov [rsp+16], rdx mov [rsp+24], r8 mov [rsp+32], r9 sub rsp, 28h mov ecx, 0508A5019h ; Load function hash into ECX. call SW3_GetSyscallNumber ; Resolve function hash into syscall number. add rsp, 28h mov rcx, [rsp+8] ; Restore registers. mov rdx, [rsp+16] mov r8, [rsp+24] mov r9, [rsp+32] mov r10, rcx syscall ; Invoke system call. ret NtMapViewOfSection ENDP NtUnmapViewOfSection PROC mov [rsp +8], rcx ; Save registers. mov [rsp+16], rdx mov [rsp+24], r8 mov [rsp+32], r9 sub rsp, 28h mov ecx, 0DF54DBCEh ; Load function hash into ECX. call SW3_GetSyscallNumber ; Resolve function hash into syscall number. add rsp, 28h mov rcx, [rsp+8] ; Restore registers. mov rdx, [rsp+16] mov r8, [rsp+24] mov r9, [rsp+32] mov r10, rcx syscall ; Invoke system call. ret NtUnmapViewOfSection ENDP NtAdjustPrivilegesToken PROC mov [rsp +8], rcx ; Save registers. mov [rsp+16], rdx mov [rsp+24], r8 mov [rsp+32], r9 sub rsp, 28h mov ecx, 05DC34340h ; Load function hash into ECX. call SW3_GetSyscallNumber ; Resolve function hash into syscall number. add rsp, 28h mov rcx, [rsp+8] ; Restore registers. mov rdx, [rsp+16] mov r8, [rsp+24] mov r9, [rsp+32] mov r10, rcx syscall ; Invoke system call. ret NtAdjustPrivilegesToken ENDP NtDeviceIoControlFile PROC mov [rsp +8], rcx ; Save registers. mov [rsp+16], rdx mov [rsp+24], r8 mov [rsp+32], r9 sub rsp, 28h mov ecx, 0D1DAE373h ; Load function hash into ECX. call SW3_GetSyscallNumber ; Resolve function hash into syscall number. add rsp, 28h mov rcx, [rsp+8] ; Restore registers. mov rdx, [rsp+16] mov r8, [rsp+24] mov r9, [rsp+32] mov r10, rcx syscall ; Invoke system call. ret NtDeviceIoControlFile ENDP NtQueueApcThread PROC mov [rsp +8], rcx ; Save registers. mov [rsp+16], rdx mov [rsp+24], r8 mov [rsp+32], r9 sub rsp, 28h mov ecx, 0E851AAFFh ; Load function hash into ECX. call SW3_GetSyscallNumber ; Resolve function hash into syscall number. add rsp, 28h mov rcx, [rsp+8] ; Restore registers. mov rdx, [rsp+16] mov r8, [rsp+24] mov r9, [rsp+32] mov r10, rcx syscall ; Invoke system call. ret NtQueueApcThread ENDP NtWaitForMultipleObjects PROC mov [rsp +8], rcx ; Save registers. mov [rsp+16], rdx mov [rsp+24], r8 mov [rsp+32], r9 sub rsp, 28h mov ecx, 003837B11h ; Load function hash into ECX. call SW3_GetSyscallNumber ; Resolve function hash into syscall number. add rsp, 28h mov rcx, [rsp+8] ; Restore registers. mov rdx, [rsp+16] mov r8, [rsp+24] mov r9, [rsp+32] mov r10, rcx syscall ; Invoke system call. ret NtWaitForMultipleObjects ENDP end