|
|
/*++
Copyright (c) 2001 Microsoft Corporation
Module Name:
apimap.c
Abstract: A table containing API categorization to help in logging.
Author:
03-May-2001 KenCoope
Revision History:
--*/
//
// API Categories
//
API_CATEGORY Wow64ApiCategories[] ={ { "ExecutiveFunctions", 0, WHNT32_INDEX }, { "IoFunctions", 0, WHNT32_INDEX }, { "KernelFunctions", 0, WHNT32_INDEX }, { "LpcFunctions", 0, WHNT32_INDEX }, { "MemoryFunctions", 0, WHNT32_INDEX }, { "ObjectFunctions", 0, WHNT32_INDEX }, { "PnpFunctions", 0, WHNT32_INDEX }, { "PowerFunctions", 0, WHNT32_INDEX }, { "ProcessFunctions", 0, WHNT32_INDEX }, { "RegistryFunctions", 0, WHNT32_INDEX }, { "SecurityFunctions", 0, WHNT32_INDEX }, { "ExceptionFunctions", 0, WHNT32_INDEX }, { "NtWow64CsrFunctions", 0, WHNT32_INDEX }, { "BaseWow64CsrFunctions", 0, WHBASE_INDEX }, { "UnclassifiedNtosKrnlFunctions", 0, WHNT32_INDEX }, { "UnclassifiedConsoleFunctions", 0, WHCON_INDEX }, { "UnclassifiedWin32Functions", 0, WHWIN32_INDEX }, { "UnclassifiedBaseFunctions", 0, WHBASE_INDEX }, // null terminating entry
{ NULL, 0 }};
//
// API Category Mappings
//
ULONG ApiCategoryMappingNextFree = (ULONG)(-1);
API_CATEGORY_MAPPING Wow64ApiCategoryMappings[MAX_API_MAPPINGS] ={ // NT Executive APIs (ntexapi.h)
{ "NtDelayExecution", APICAT_EXECUTIVE, 0 }, { "NtQuerySystemEnvironmentValue", APICAT_EXECUTIVE, 0 }, { "NtSetSystemEnvironmentValue", APICAT_EXECUTIVE, 0 }, { "NtQuerySystemEnvironmentValueEx", APICAT_EXECUTIVE, 0 }, { "NtSetSystemEnvironmentValueEx", APICAT_EXECUTIVE, 0 }, { "NtEnumerateSystemEnvironmentValuesEx", APICAT_EXECUTIVE, 0 }, { "NtAddBootEntry", APICAT_EXECUTIVE, 0 }, { "NtDeleteBootEntry", APICAT_EXECUTIVE, 0 }, { "NtModifyBootEntry", APICAT_EXECUTIVE, 0 }, { "NtEnumerateBootEntries", APICAT_EXECUTIVE, 0 }, { "NtQueryBootEntryOrder", APICAT_EXECUTIVE, 0 }, { "NtSetBootEntryOrder", APICAT_EXECUTIVE, 0 }, { "NtQueryBootOptions", APICAT_EXECUTIVE, 0 }, { "NtSetBootOptions", APICAT_EXECUTIVE, 0 }, { "NtTranslateFilePath", APICAT_EXECUTIVE, 0 }, { "NtClearEvent", APICAT_EXECUTIVE, 0 }, { "NtCreateEvent", APICAT_EXECUTIVE, 0 }, { "NtOpenEvent", APICAT_EXECUTIVE, 0 }, { "NtPulseEvent", APICAT_EXECUTIVE, 0 }, { "NtQueryEvent", APICAT_EXECUTIVE, 0 }, { "NtResetEvent", APICAT_EXECUTIVE, 0 }, { "NtSetEvent", APICAT_EXECUTIVE, 0 }, { "NtSetEventBoostPriority", APICAT_EXECUTIVE, 0 }, { "NtCreateEventPair", APICAT_EXECUTIVE, 0 }, { "NtOpenEventPair", APICAT_EXECUTIVE, 0 }, { "NtWaitLowEventPair", APICAT_EXECUTIVE, 0 }, { "NtWaitHighEventPair", APICAT_EXECUTIVE, 0 }, { "NtSetLowWaitHighEventPair", APICAT_EXECUTIVE, 0 }, { "NtSetHighWaitLowEventPair", APICAT_EXECUTIVE, 0 }, { "NtSetLowEventPair", APICAT_EXECUTIVE, 0 }, { "NtSetHighEventPair", APICAT_EXECUTIVE, 0 }, { "NtCreateMutant", APICAT_EXECUTIVE, 0 }, { "NtOpenMutant", APICAT_EXECUTIVE, 0 }, { "NtQueryMutant", APICAT_EXECUTIVE, 0 }, { "NtReleaseMutant", APICAT_EXECUTIVE, 0 }, { "NtCreateSemaphore", APICAT_EXECUTIVE, 0 }, { "NtOpenSemaphore", APICAT_EXECUTIVE, 0 }, { "NtQuerySemaphore", APICAT_EXECUTIVE, 0 }, { "NtReleaseSemaphore", APICAT_EXECUTIVE, 0 }, { "NtCreateTimer", APICAT_EXECUTIVE, 0 }, { "NtOpenTimer", APICAT_EXECUTIVE, 0 }, { "NtCancelTimer", APICAT_EXECUTIVE, 0 }, { "NtQueryTimer", APICAT_EXECUTIVE, 0 }, { "NtSetTimer", APICAT_EXECUTIVE, 0 }, { "NtQuerySystemTime", APICAT_EXECUTIVE, 0 }, { "NtSetSystemTime", APICAT_EXECUTIVE, 0 }, { "NtQueryTimerResolution", APICAT_EXECUTIVE, 0 }, { "NtSetTimerResolution", APICAT_EXECUTIVE, 0 }, { "NtAllocateLocallyUniqueId", APICAT_EXECUTIVE, 0 }, { "NtSetUuidSeed", APICAT_EXECUTIVE, 0 }, { "NtAllocateUuids", APICAT_EXECUTIVE, 0 }, { "NtCreateProfile", APICAT_EXECUTIVE, 0 }, { "NtStartProfile", APICAT_EXECUTIVE, 0 }, { "NtStopProfile", APICAT_EXECUTIVE, 0 }, { "NtSetIntervalProfile", APICAT_EXECUTIVE, 0 }, { "NtQueryIntervalProfile", APICAT_EXECUTIVE, 0 }, { "NtQueryPerformanceCounter", APICAT_EXECUTIVE, 0 }, { "NtCreateKeyedEvent", APICAT_EXECUTIVE, 0 }, { "NtOpenKeyedEvent", APICAT_EXECUTIVE, 0 }, { "NtReleaseKeyedEvent", APICAT_EXECUTIVE, 0 }, { "NtWaitForKeyedEvent", APICAT_EXECUTIVE, 0 },// { "NapClearData", APICAT_EXECUTIVE, 0 },
// { "NapRetrieveData", APICAT_EXECUTIVE, 0 },
// { "NapGetApiCount", APICAT_EXECUTIVE, 0 },
// { "NapPause", APICAT_EXECUTIVE, 0 },
// { "NapResume", APICAT_EXECUTIVE, 0 },
{ "NtQuerySystemInformation", APICAT_EXECUTIVE, 0 }, { "NtSetSystemInformation", APICAT_EXECUTIVE, 0 }, { "NtSystemDebugControl", APICAT_EXECUTIVE, 0 }, { "NtRaiseHardError", APICAT_EXECUTIVE, 0 }, { "NtGetTickCount", APICAT_EXECUTIVE, 0 }, { "NtQueryDefaultLocale", APICAT_EXECUTIVE, 0 }, { "NtSetDefaultLocale", APICAT_EXECUTIVE, 0 }, { "NtQueryInstallUILanguage", APICAT_EXECUTIVE, 0 }, { "NtQueryDefaultUILanguage", APICAT_EXECUTIVE, 0 }, { "NtSetDefaultUILanguage", APICAT_EXECUTIVE, 0 }, { "NtSetDefaultHardErrorPort", APICAT_EXECUTIVE, 0 }, { "NtShutdownSystem", APICAT_EXECUTIVE, 0 }, { "NtDisplayString", APICAT_EXECUTIVE, 0 }, { "NtAddAtom", APICAT_EXECUTIVE, 0 }, { "NtFindAtom", APICAT_EXECUTIVE, 0 }, { "NtDeleteAtom", APICAT_EXECUTIVE, 0 }, { "NtQueryInformationAtom", APICAT_EXECUTIVE, 0 },
// NT Io APIs (ntioapi.h)
{ "NtCancelIoFile", APICAT_IO, 0 }, { "NtCreateNamedPipeFile", APICAT_IO, 0 }, { "NtCreateMailslotFile", APICAT_IO, 0 }, { "NtDeleteFile", APICAT_IO, 0 }, { "NtFlushBuffersFile", APICAT_IO, 0 }, { "NtNotifyChangeDirectoryFile", APICAT_IO, 0 }, { "NtQueryAttributesFile", APICAT_IO, 0 }, { "NtQueryFullAttributesFile", APICAT_IO, 0 }, { "NtQueryEaFile", APICAT_IO, 0 }, { "NtCreateFile", APICAT_IO, 0 }, { "NtDeviceIoControlFile", APICAT_IO, 0 }, { "NtFsControlFile", APICAT_IO, 0 }, { "NtLockFile", APICAT_IO, 0 }, { "NtOpenFile", APICAT_IO, 0 }, { "NtQueryDirectoryFile", APICAT_IO, 0 }, { "NtQueryInformationFile", APICAT_IO, 0 }, { "NtQueryQuotaInformationFile", APICAT_IO, 0 }, { "NtQueryVolumeInformationFile", APICAT_IO, 0 }, { "NtReadFile", APICAT_IO, 0 }, { "NtSetInformationFile", APICAT_IO, 0 }, { "NtSetQuotaInformationFile", APICAT_IO, 0 }, { "NtSetVolumeInformationFile", APICAT_IO, 0 }, { "NtWriteFile", APICAT_IO, 0 }, { "NtUnlockFile", APICAT_IO, 0 }, { "NtReadFile64", APICAT_IO, 0 }, { "NtReadFileScatter", APICAT_IO, 0 }, { "NtSetEaFile", APICAT_IO, 0 }, { "NtWriteFile64", APICAT_IO, 0 }, { "NtWriteFileGather", APICAT_IO, 0 }, { "NtLoadDriver", APICAT_IO, 0 }, { "NtUnloadDriver", APICAT_IO, 0 }, { "NtCreateIoCompletion", APICAT_IO, 0 }, { "NtOpenIoCompletion", APICAT_IO, 0 }, { "NtQueryIoCompletion", APICAT_IO, 0 }, { "NtSetIoCompletion", APICAT_IO, 0 }, { "NtRemoveIoCompletion", APICAT_IO, 0 }, // NT Kernel APIs (ntkeapi.h)
{ "NtCallbackReturn", APICAT_KERNEL, 0 }, { "NtQueryDebugFilterState", APICAT_KERNEL, 0 }, { "NtSetDebugFilterState", APICAT_KERNEL, 0 }, { "NtW32Call", APICAT_KERNEL, 0 }, { "NtYieldExecution", APICAT_KERNEL, 0 },
// NT LPC APIs (ntlpcapi.h)
{ "NtCreatePort", APICAT_LPC, 0 }, { "NtCreateWaitablePort", APICAT_LPC, 0 }, { "NtConnectPort", APICAT_LPC, 0 }, { "NtSecureConnectPort", APICAT_LPC, 0 }, { "NtListenPort", APICAT_LPC, 0 }, { "NtAcceptConnectPort", APICAT_LPC, 0 }, { "NtCompleteConnectPort", APICAT_LPC, 0 }, { "NtRequestPort", APICAT_LPC, 0 }, { "NtRequestWaitReplyPort", APICAT_LPC, 0 }, { "NtReplyPort", APICAT_LPC, 0 }, { "NtReplyWaitReplyPort", APICAT_LPC, 0 }, { "NtReplyWaitReceivePort", APICAT_LPC, 0 }, { "NtReplyWaitReceivePortEx", APICAT_LPC, 0 }, { "NtImpersonateClientOfPort", APICAT_LPC, 0 }, { "NtReadRequestData", APICAT_LPC, 0 }, { "NtWriteRequestData", APICAT_LPC, 0 }, { "NtQueryInformationPort", APICAT_LPC, 0 },
// NT Memory APIs (ntmmapi.h)
{ "NtCreateSection", APICAT_MEMORY, 0 }, { "NtOpenSection", APICAT_MEMORY, 0 }, { "NtMapViewOfSection", APICAT_MEMORY, 0 }, { "NtUnmapViewOfSection", APICAT_MEMORY, 0 }, { "NtExtendSection", APICAT_MEMORY, 0 }, { "NtAreMappedFilesTheSame", APICAT_MEMORY, 0 }, { "NtAllocateVirtualMemory", APICAT_MEMORY, 0 }, { "NtFreeVirtualMemory", APICAT_MEMORY, 0 }, { "NtReadVirtualMemory", APICAT_MEMORY, 0 }, { "NtWriteVirtualMemory", APICAT_MEMORY, 0 }, { "NtFlushVirtualMemory", APICAT_MEMORY, 0 }, { "NtLockVirtualMemory", APICAT_MEMORY, 0 }, { "NtUnlockVirtualMemory", APICAT_MEMORY, 0 }, { "NtProtectVirtualMemory", APICAT_MEMORY, 0 }, { "NtQueryVirtualMemory", APICAT_MEMORY, 0 }, { "NtQuerySection", APICAT_MEMORY, 0 }, { "NtMapUserPhysicalPages", APICAT_MEMORY, 0 }, { "NtMapUserPhysicalPagesScatter", APICAT_MEMORY, 0 }, { "NtAllocateUserPhysicalPages", APICAT_MEMORY, 0 }, { "NtFreeUserPhysicalPages", APICAT_MEMORY, 0 }, { "NtGetWriteWatch", APICAT_MEMORY, 0 }, { "NtResetWriteWatch", APICAT_MEMORY, 0 }, { "NtCreatePagingFile", APICAT_MEMORY, 0 }, { "NtFlushInstructionCache", APICAT_MEMORY, 0 }, { "NtFlushWriteBuffer", APICAT_MEMORY, 0 },
// NT Object Manager APIs (ntobapi.h)
{ "NtQueryObject", APICAT_OBJECT, 0 }, { "NtSetInformationObject", APICAT_OBJECT, 0 }, { "NtDuplicateObject", APICAT_OBJECT, 0 }, { "NtMakeTemporaryObject", APICAT_OBJECT, 0 }, { "NtMakePermanentObject", APICAT_OBJECT, 0 }, { "NtSignalAndWaitForSingleObject", APICAT_OBJECT, 0 }, { "NtWaitForSingleObject", APICAT_OBJECT, 0 }, { "NtWaitForMultipleObjects", APICAT_OBJECT, 0 }, { "NtSetSecurityObject", APICAT_OBJECT, 0 }, { "NtQuerySecurityObject", APICAT_OBJECT, 0 }, { "NtClose", APICAT_OBJECT, 0 }, { "NtCreateDirectoryObject", APICAT_OBJECT, 0 }, { "NtOpenDirectoryObject", APICAT_OBJECT, 0 }, { "NtQueryDirectoryObject", APICAT_OBJECT, 0 }, { "NtCreateSymbolicLinkObject", APICAT_OBJECT, 0 }, { "NtOpenSymbolicLinkObject", APICAT_OBJECT, 0 }, { "NtQuerySymbolicLinkObject", APICAT_OBJECT, 0 },
// NT PnP APIs (ntpnpapi.h)
{ "NtGetPlugPlayEvent", APICAT_PNP, 0 }, { "NtPlugPlayControl", APICAT_PNP, 0 },
// NT Power APIs (ntpoapi.h)
{ "NtPowerInformation", APICAT_POWER, 0 }, { "NtSetThreadExecutionState", APICAT_POWER, 0 }, { "NtRequestWakeupLatency", APICAT_POWER, 0 }, { "NtInitiatePowerAction", APICAT_POWER, 0 }, { "NtSetSystemPowerState", APICAT_POWER, 0 }, { "NtGetDevicePowerState", APICAT_POWER, 0 }, { "NtCancelDeviceWakeupRequest", APICAT_POWER, 0 }, { "NtIsSystemResumeAutomatic", APICAT_POWER, 0 }, { "NtRequestDeviceWakeup", APICAT_POWER, 0 },
// NT Process APIs (ntpsapi.h)
{ "NtCreateProcess", APICAT_PROCESS, 0 }, { "NtCreateProcessEx", APICAT_PROCESS, 0 }, { "NtOpenProcess", APICAT_PROCESS, 0 }, { "NtTerminateProcess", APICAT_PROCESS, 0 }, { "NtQueryInformationProcess", APICAT_PROCESS, 0 }, { "NtSetInformationProcess", APICAT_PROCESS, 0 }, { "NtCreateThread", APICAT_PROCESS, 0 }, { "NtOpenThread", APICAT_PROCESS, 0 }, { "NtTerminateThread", APICAT_PROCESS, 0 }, { "NtSuspendThread", APICAT_PROCESS, 0 }, { "NtResumeThread", APICAT_PROCESS, 0 }, { "NtSuspendProcess", APICAT_PROCESS, 0 }, { "NtResumeProcess", APICAT_PROCESS, 0 }, { "NtGetContextThread", APICAT_PROCESS, 0 }, { "NtSetContextThread", APICAT_PROCESS, 0 }, { "NtQueryInformationThread", APICAT_PROCESS, 0 }, { "NtSetInformationThread", APICAT_PROCESS, 0 }, { "NtAlertThread", APICAT_PROCESS, 0 }, { "NtAlertResumeThread", APICAT_PROCESS, 0 }, { "NtImpersonateThread", APICAT_PROCESS, 0 }, { "NtTestAlert", APICAT_PROCESS, 0 }, { "NtRegisterThreadTerminatePort", APICAT_PROCESS, 0 }, { "NtSetLdtEntries", APICAT_PROCESS, 0 }, { "NtQueueApcThread", APICAT_PROCESS, 0 }, { "NtCreateJobObject", APICAT_PROCESS, 0 }, { "NtOpenJobObject", APICAT_PROCESS, 0 }, { "NtAssignProcessToJobObject", APICAT_PROCESS, 0 }, { "NtTerminateJobObject", APICAT_PROCESS, 0 }, { "NtIsProcessInJob", APICAT_PROCESS, 0 }, { "NtCreateJobSet", APICAT_PROCESS, 0 }, { "NtQueryInformationJobObject", APICAT_PROCESS, 0 }, { "NtSetInformationJobObject", APICAT_PROCESS, 0 }, // NT Registry APIs (ntregapi.h)
{ "NtCreateKey", APICAT_REGISTRY, 0 }, { "NtDeleteKey", APICAT_REGISTRY, 0 }, { "NtDeleteValueKey", APICAT_REGISTRY, 0 }, { "NtEnumerateKey", APICAT_REGISTRY, 0 }, { "NtEnumerateValueKey", APICAT_REGISTRY, 0 }, { "NtFlushKey", APICAT_REGISTRY, 0 }, { "NtInitializeRegistry", APICAT_REGISTRY, 0 }, { "NtNotifyChangeKey", APICAT_REGISTRY, 0 }, { "NtNotifyChangeMultipleKeys", APICAT_REGISTRY, 0 }, { "NtLoadKey", APICAT_REGISTRY, 0 }, { "NtLoadKey2", APICAT_REGISTRY, 0 }, { "NtOpenKey", APICAT_REGISTRY, 0 }, { "NtQueryKey", APICAT_REGISTRY, 0 }, { "NtQueryValueKey", APICAT_REGISTRY, 0 }, { "NtQueryMultipleValueKey",APICAT_REGISTRY, 0 }, { "NtReplaceKey", APICAT_REGISTRY, 0 }, { "NtRenameKey", APICAT_REGISTRY, 0 }, { "NtCompactKeys", APICAT_REGISTRY, 0 }, { "NtCompressKey", APICAT_REGISTRY, 0 }, { "NtRestoreKey", APICAT_REGISTRY, 0 }, { "NtSaveKey", APICAT_REGISTRY, 0 }, { "NtSaveKeyEx", APICAT_REGISTRY, 0 }, { "NtSaveMergedKeys", APICAT_REGISTRY, 0 }, { "NtSetValueKey", APICAT_REGISTRY, 0 }, { "NtUnloadKey", APICAT_REGISTRY, 0 }, { "NtUnloadKeyEx", APICAT_REGISTRY, 0 }, { "NtSetInformationKey", APICAT_REGISTRY, 0 }, { "NtQueryOpenSubKeys", APICAT_REGISTRY, 0 }, { "NtLockRegistryKey", APICAT_REGISTRY, 0 }, { "NtLockProductActivationKeys", APICAT_REGISTRY, 0 }, // NT Security APIs (ntseapi.h)
{ "NtAccessCheck", APICAT_SECURITY, 0 }, { "NtAccessCheckByType", APICAT_SECURITY, 0 }, { "NtAccessCheckByTypeResultList", APICAT_SECURITY, 0 }, { "NtCreateToken", APICAT_SECURITY, 0 }, { "NtCompareTokens", APICAT_SECURITY, 0 }, { "NtOpenThreadToken", APICAT_SECURITY, 0 }, { "NtOpenThreadTokenEx", APICAT_SECURITY, 0 }, { "NtOpenProcessToken", APICAT_SECURITY, 0 }, { "NtOpenProcessTokenEx", APICAT_SECURITY, 0 }, { "NtOpenJobObjectToken", APICAT_SECURITY, 0 }, { "NtDuplicateToken", APICAT_SECURITY, 0 }, { "NtFilterToken", APICAT_SECURITY, 0 }, { "NtImpersonateAnonymousToken", APICAT_SECURITY, 0 }, { "NtQueryInformationToken", APICAT_SECURITY, 0 }, { "NtSetInformationToken", APICAT_SECURITY, 0 }, { "NtAdjustPrivilegesToken", APICAT_SECURITY, 0 }, { "NtAdjustGroupsToken", APICAT_SECURITY, 0 }, { "NtPrivilegeCheck", APICAT_SECURITY, 0 }, { "NtAccessCheckAndAuditAlarm", APICAT_SECURITY, 0 }, { "NtAccessCheckByTypeAndAuditAlarm", APICAT_SECURITY, 0 }, { "NtAccessCheckByTypeResultListAndAuditAlarm", APICAT_SECURITY, 0 }, { "NtAccessCheckByTypeResultListAndAuditAlarmByHandle", APICAT_SECURITY, 0 }, { "NtOpenObjectAuditAlarm", APICAT_SECURITY, 0 }, { "NtPrivilegeObjectAuditAlarm", APICAT_SECURITY, 0 }, { "NtCloseObjectAuditAlarm", APICAT_SECURITY, 0 }, { "NtDeleteObjectAuditAlarm", APICAT_SECURITY, 0 }, { "NtPrivilegedServiceAuditAlarm", APICAT_SECURITY, 0 }, // NT Exception APIs (ntxcapi.h)
{ "NtContinue", APICAT_XCEPT, 0 }, { "NtRaiseException", APICAT_XCEPT, 0 },
// NT WOW64 CSR APIs
{ "NtWow64CsrClientConnectToServer", APICAT_NTWOW64, 0 }, { "NtWow64CsrNewThread", APICAT_NTWOW64, 0 }, { "NtWow64CsrIdentifyAlertableThread", APICAT_NTWOW64, 0 }, { "NtWow64CsrClientCallServer", APICAT_NTWOW64, 0 }, { "NtWow64CsrAllocateCaptureBuffer", APICAT_NTWOW64, 0 }, { "NtWow64CsrFreeCaptureBuffer", APICAT_NTWOW64, 0 }, { "NtWow64CsrAllocateMessagePointer", APICAT_NTWOW64, 0 }, { "NtWow64CsrCaptureMessageBuffer", APICAT_NTWOW64, 0 }, { "NtWow64CsrCaptureMessageString", APICAT_NTWOW64, 0 }, { "NtWow64CsrSetPriorityClass", APICAT_NTWOW64, 0 }, { "NtWow64CsrGetProcessId", APICAT_NTWOW64, 0 }, { "NtWow64DebuggerCall", APICAT_NTWOW64, 0 },
// BASE WOW64 CSR APIs
{ "NtWow64CsrBasepSoundSentryNotification", APICAT_BASEWOW64, 0 }, { "NtWow64CsrBasepRefreshIniFileMapping", APICAT_BASEWOW64, 0 }, { "NtWow64CsrBasepDefineDosDevice", APICAT_BASEWOW64, 0 }, { "NtWow64CsrBasepGetTempFile", APICAT_BASEWOW64, 0 }, { "NtWow64CsrBasepCreateProcess", APICAT_BASEWOW64, 0 }, { "NtWow64CsrBasepExitProcess", APICAT_BASEWOW64, 0 }, { "NtWow64CsrBasepSetProcessShutdownParam", APICAT_BASEWOW64, 0 }, { "NtWow64CsrBasepGetProcessShutdownParam", APICAT_BASEWOW64, 0 }, { "NtWow64CsrBasepSetTermsrvAppInstallMode", APICAT_BASEWOW64, 0 }, { "NtWow64CsrBasepSetClientTimeZoneInformation", APICAT_BASEWOW64, 0 }, { "NtWow64CsrBasepCreateThread", APICAT_BASEWOW64, 0 }, { "NtWow64CsrBaseClientConnectToServer", APICAT_BASEWOW64, 0 }, { "NtWow64CsrBasepNlsSetUserInfo", APICAT_BASEWOW64, 0 }, { "NtWow64CsrBasepNlsSetMultipleUserInfo", APICAT_BASEWOW64, 0 }, { "NtWow64CsrBasepNlsCreateSection", APICAT_BASEWOW64, 0 }, { "NtWow64CsrBasepCreateActCtx", APICAT_BASEWOW64, 0 }, { "NtWow64CsrBasepNlsUpdateCacheCount", APICAT_BASEWOW64, 0 }, { "NtWow64CsrBasepNlsGetUserInfo", APICAT_BASEWOW64, 0 }, // null terminating entry
{ NULL, 0, 0 }};
|
