Difference between revisions of "Kernel"
From xboxdevwiki
Eighthpence (talk | contribs) (Created page with "== See Also == Hard Drive Files") |
m (Mention that some keys are depending on running XBE (details need to be documented)) |
||
| (22 intermediate revisions by 4 users not shown) | |||
| Line 1: | Line 1: | ||
| − | + | The Xbox kernel is called xboxkrnl.exe. It is closely related to the Windows NT [[Wikipedia:Ntoskrnl.exe|ntoskrnl.exe]]. | |
| + | Its image base address is always 0x80010000. | ||
| − | [[ | + | == Header modifications == |
| + | |||
| + | xboxkrnl.exe is a mostly standard exe file. | ||
| + | However, the MS-DOS header was patched to contain Xbox specific data in the reserved 20 byte block starting at offset 40: | ||
| + | |||
| + | {| class=wikitable | ||
| + | ! Offset !! Meaning | ||
| + | |- | ||
| + | |40 || Size of uninitialized portion of the .data section | ||
| + | |- | ||
| + | |44 || Size of initialized portion of the .data section | ||
| + | |- | ||
| + | |48 || Memory address of initialized portion of the .data section (usually in [[Flash]]). <br> Used to re-initialize the data section pointed to by the next field. <br> Note that the pointer might be invalid during normal execution as the Flash might not be mapped at all times. | ||
| + | |- | ||
| + | |52 || Memory address where the .data section is stored (usually the same as in the section header + image base). | ||
| + | |} | ||
| + | |||
| + | == Sections == | ||
| + | |||
| + | All sections are identity mapped (meaning file offsets and offsets in RAM match). This is because the kernel is not loaded through a traditional PE / exe loader, but just unpacked into memory. | ||
| + | |||
| + | === .text === | ||
| + | |||
| + | The .text section contains the kernel exports. | ||
| + | |||
| + | === .data === | ||
| + | |||
| + | The .data section stores initialized and uninitialized data. | ||
| + | A copy of the initialized portion of this section is usually stored in the [[BIOS]]. | ||
| + | |||
| + | === STICKY === | ||
| + | |||
| + | Stores variables which must be preserved across a quick-reboot. | ||
| + | |||
| + | === IDEXPRDT === | ||
| + | |||
| + | A Physical Region Descriptor Table (PRDT) for the IDE bus. This section serves as a memory allocation only, it does not have to be initialized when loading the kernel{{citation needed}}. | ||
| + | |||
| + | === INIT === | ||
| + | |||
| + | This section is always the last one. It contains the entrypoint of the kernel. | ||
| + | This does all the cold-boot kernel initialization as described [[Boot_Process#Initialization|here]]. | ||
| + | Later kernels{{FIXME|reason=Which revision? right now it appears that *ALL* kernels will discard this}} will discard this section after initialization. | ||
| + | INIT also contains the [[Boot Animation]], so once the kernel has finished booting it can't do a full hardware re-initialization or play the boot animation anymore. | ||
| + | |||
| + | == Kernel exports == | ||
| + | {| class="wikitable" | ||
| + | |+Kernel exports | ||
| + | |- | ||
| + | !Name | ||
| + | !Ordinal | ||
| + | !x86 Calling Convention | ||
| + | !Notes | ||
| + | |- | ||
| + | |[[Kernel/AvGetSavedDataAddress]] | ||
| + | |1 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/AvSendTVEncoderOption]] | ||
| + | |2 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/AvSetDisplayMode]] | ||
| + | |3 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/AvSetSavedDataAddress]] | ||
| + | |4 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/DbgBreakPoint]] | ||
| + | |5 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/DbgBreakPointWithStatus]] | ||
| + | |6 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/DbgLoadImageSymbols]] | ||
| + | |7 | ||
| + | |stdcall | ||
| + | |Devkits only! | ||
| + | |- | ||
| + | |[[Kernel/DbgPrint]] | ||
| + | |8 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/HalReadSMCTrayState]] | ||
| + | |9 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/DbgPrompt]] | ||
| + | |10 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/DbgUnLoadImageSymbols]] | ||
| + | |11 | ||
| + | |stdcall | ||
| + | |Devkits only! | ||
| + | |- | ||
| + | |[[Kernel/ExAcquireReadWriteLockExclusive]] | ||
| + | |12 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/ExAcquireReadWriteLockShared]] | ||
| + | |13 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/ExAllocatePool]] | ||
| + | |14 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/ExAllocatePoolWithTag]] | ||
| + | |15 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/ExEventObjectType]] | ||
| + | |16 | ||
| + | | | ||
| + | |Variable: OBJECT_TYPE | ||
| + | |- | ||
| + | |[[Kernel/ExFreePool]] | ||
| + | |17 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/ExInitializeReadWriteLock]] | ||
| + | |18 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/ExInterlockedAddLargeInteger]] | ||
| + | |19 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/ExInterlockedAddLargeStatistic]] | ||
| + | |20 | ||
| + | |fastcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/ExInterlockedCompareExchange64]] | ||
| + | |21 | ||
| + | |fastcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/ExMutantObjectType]] | ||
| + | |22 | ||
| + | | | ||
| + | |Variable: OBJECT_TYPE | ||
| + | |- | ||
| + | |[[Kernel/ExQueryPoolBlockSize]] | ||
| + | |23 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/ExQueryNonVolatileSetting]] | ||
| + | |24 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/ExReadWriteRefurbInfo]] | ||
| + | |25 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/ExRaiseException]] | ||
| + | |26 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/ExRaiseStatus]] | ||
| + | |27 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/ExReleaseReadWriteLock]] | ||
| + | |28 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/ExSaveNonVolatileSetting]] | ||
| + | |29 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/ExSemaphoreObjectType]] | ||
| + | |30 | ||
| + | | | ||
| + | |Variable: OBJECT_TYPE | ||
| + | |- | ||
| + | |[[Kernel/ExTimerObjectType]] | ||
| + | |31 | ||
| + | | | ||
| + | |Variable: OBJECT_TYPE | ||
| + | |- | ||
| + | |[[Kernel/ExfInterlockedInsertHeadList]] | ||
| + | |32 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/ExfInterlockedInsertTailList]] | ||
| + | |33 | ||
| + | |fastcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/ExfInterlockedRemoveHeadList]] | ||
| + | |34 | ||
| + | |fastcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/FscGetCacheSize]] | ||
| + | |35 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/FscInvalidateIdleBlocks]] | ||
| + | |36 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/FscSetCacheSize]] | ||
| + | |37 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/HalClearSoftwareInterrupt]] | ||
| + | |38 | ||
| + | |fastcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/HalDisableSystemInterrupt]] | ||
| + | |39 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/HalDiskCachePartitionCount]] | ||
| + | |40 | ||
| + | | | ||
| + | |Variable: ULONG | ||
| + | |- | ||
| + | |[[Kernel/HalDiskModelNumber]] | ||
| + | |41 | ||
| + | | | ||
| + | |Variable: STRING | ||
| + | |- | ||
| + | |[[Kernel/HalDiskSerialNumber]] | ||
| + | |42 | ||
| + | | | ||
| + | |Variable: STRING | ||
| + | |- | ||
| + | |[[Kernel/HalEnableSystemInterrupt]] | ||
| + | |43 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/HalGetInterruptVector]] | ||
| + | |44 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/HalReadSMBusValue]] | ||
| + | |45 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/HalReadWritePCISpace]] | ||
| + | |46 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/HalRegisterShutdownNotification]] | ||
| + | |47 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/HalRequestSoftwareInterrupt]] | ||
| + | |48 | ||
| + | |fastcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/HalReturnToFirmware]] | ||
| + | |49 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/HalWriteSMBusValue]] | ||
| + | |50 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/InterlockedCompareExchange]] | ||
| + | |51 | ||
| + | |fastcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/InterlockedDecrement]] | ||
| + | |52 | ||
| + | |fastcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/InterlockedIncrement]] | ||
| + | |53 | ||
| + | |fastcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/InterlockedExchange]] | ||
| + | |54 | ||
| + | |fastcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/InterlockedExchangeAdd]] | ||
| + | |55 | ||
| + | |fastcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/InterlockedFlushSList]] | ||
| + | |56 | ||
| + | |fastcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/InterlockedPopEntrySList]] | ||
| + | |57 | ||
| + | |fastcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/InterlockedPushEntrySList]] | ||
| + | |58 | ||
| + | |fastcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/IoAllocateIrp]] | ||
| + | |59 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/IoBuildAsynchronousFsdRequest]] | ||
| + | |60 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/IoBuildDeviceIoControlRequest]] | ||
| + | |61 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/IoBuildSynchronousFsdRequest]] | ||
| + | |62 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/IoCheckShareAccess]] | ||
| + | |63 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/IoCompletionObjectType]] | ||
| + | |64 | ||
| + | | | ||
| + | |Variable: OBJECT_TYPE | ||
| + | |- | ||
| + | |[[Kernel/IoCreateDevice]] | ||
| + | |65 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/IoCreateFile]] | ||
| + | |66 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/IoCreateSymbolicLink]] | ||
| + | |67 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/IoDeleteDevice]] | ||
| + | |68 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/IoDeleteSymbolicLink]] | ||
| + | |69 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/IoDeviceObjectType]] | ||
| + | |70 | ||
| + | | | ||
| + | |Variable: OBJECT_TYPE | ||
| + | |- | ||
| + | |[[Kernel/IoFileObjectType]] | ||
| + | |71 | ||
| + | | | ||
| + | |Variable: OBJECT_TYPE | ||
| + | |- | ||
| + | |[[Kernel/IoFreeIrp]] | ||
| + | |72 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/IoInitializeIrp]] | ||
| + | |73 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/IoInvalidDeviceRequest]] | ||
| + | |74 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/IoQueryFileInformation]] | ||
| + | |75 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/IoQueryVolumeInformation]] | ||
| + | |76 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/IoQueueThreadIrp]] | ||
| + | |77 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/IoRemoveShareAccess]] | ||
| + | |78 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/IoSetIoCompletion]] | ||
| + | |79 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/IoSetShareAccess]] | ||
| + | |80 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/IoStartNextPacket]] | ||
| + | |81 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/IoStartNextPacketByKey]] | ||
| + | |82 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/IoStartPacket]] | ||
| + | |83 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/IoSynchronousDeviceIoControlRequest]] | ||
| + | |84 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/IoSynchronousFsdRequest]] | ||
| + | |85 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/IofCallDriver]] | ||
| + | |86 | ||
| + | |fastcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/IofCompleteRequest]] | ||
| + | |87 | ||
| + | |fastcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KdDebuggerEnabled]] | ||
| + | |88 | ||
| + | | | ||
| + | |Variable: BOOLEAN | ||
| + | |- | ||
| + | |[[Kernel/KdDebuggerNotPresent]] | ||
| + | |89 | ||
| + | | | ||
| + | |Variable: BOOLEAN | ||
| + | |- | ||
| + | |[[Kernel/IoDismountVolume]] | ||
| + | |90 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/IoDismountVolumeByName]] | ||
| + | |91 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeAlertResumeThread]] | ||
| + | |92 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeAlertThread]] | ||
| + | |93 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeBoostPriorityThread]] | ||
| + | |94 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeBugCheck]] | ||
| + | |95 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeBugCheckEx]] | ||
| + | |96 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeCancelTimer]] | ||
| + | |97 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeConnectInterrupt]] | ||
| + | |98 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeDelayExecutionThread]] | ||
| + | |99 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeDisconnectInterrupt]] | ||
| + | |100 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeEnterCriticalRegion]] | ||
| + | |101 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/MmGlobalData]] | ||
| + | |102 | ||
| + | | | ||
| + | |Variable: MMGLOBALDATA | ||
| + | |- | ||
| + | |[[Kernel/KeGetCurrentIrql]] | ||
| + | |103 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeGetCurrentThread]] | ||
| + | |104 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeInitializeApc]] | ||
| + | |105 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeInitializeDeviceQueue]] | ||
| + | |106 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeInitializeDpc]] | ||
| + | |107 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeInitializeEvent]] | ||
| + | |108 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeInitializeInterrupt]] | ||
| + | |109 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeInitializeMutant]] | ||
| + | |110 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeInitializeQueue]] | ||
| + | |111 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeInitializeSemaphore]] | ||
| + | |112 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeInitializeTimerEx]] | ||
| + | |113 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeInsertByKeyDeviceQueue]] | ||
| + | |114 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeInsertDeviceQueue]] | ||
| + | |115 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeInsertHeadQueue]] | ||
| + | |116 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeInsertQueue]] | ||
| + | |117 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeInsertQueueApc]] | ||
| + | |118 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeInsertQueueDpc]] | ||
| + | |119 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeInterruptTime]] | ||
| + | |120 | ||
| + | | | ||
| + | |Variable: KSYSTEM_TIME | ||
| + | |- | ||
| + | |[[Kernel/KeIsExecutingDpc]] | ||
| + | |121 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeLeaveCriticalRegion]] | ||
| + | |122 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KePulseEvent]] | ||
| + | |123 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeQueryBasePriorityThread]] | ||
| + | |124 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeQueryInterruptTime]] | ||
| + | |125 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeQueryPerformanceCounter]] | ||
| + | |126 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeQueryPerformanceFrequency]] | ||
| + | |127 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeQuerySystemTime]] | ||
| + | |128 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeRaiseIrqlToDpcLevel]] | ||
| + | |129 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeRaiseIrqlToSynchLevel]] | ||
| + | |130 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeReleaseMutant]] | ||
| + | |131 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeReleaseSemaphore]] | ||
| + | |132 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeRemoveByKeyDeviceQueue]] | ||
| + | |133 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeRemoveDeviceQueue]] | ||
| + | |134 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeRemoveEntryDeviceQueue]] | ||
| + | |135 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeRemoveQueue]] | ||
| + | |136 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeRemoveQueueDpc]] | ||
| + | |137 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeResetEvent]] | ||
| + | |138 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeRestoreFloatingPointState]] | ||
| + | |139 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeResumeThread]] | ||
| + | |140 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeRundownQueue]] | ||
| + | |141 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeSaveFloatingPointState]] | ||
| + | |142 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeSetBasePriorityThread]] | ||
| + | |143 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeSetDisableBoostThread]] | ||
| + | |144 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeSetEvent]] | ||
| + | |145 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeSetEventBoostPriority]] | ||
| + | |146 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeSetPriorityProcess]] | ||
| + | |147 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeSetPriorityThread]] | ||
| + | |148 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeSetTimer]] | ||
| + | |149 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeSetTimerEx]] | ||
| + | |150 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeStallExecutionProcessor]] | ||
| + | |151 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeSuspendThread]] | ||
| + | |152 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeSynchronizeExecution]] | ||
| + | |153 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeSystemTime]] | ||
| + | |154 | ||
| + | | | ||
| + | |Variable: KSYSTEM_TIME | ||
| + | |- | ||
| + | |[[Kernel/KeTestAlertThread]] | ||
| + | |155 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeTickCount]] | ||
| + | |156 | ||
| + | | | ||
| + | |Variable: ULONG | ||
| + | |- | ||
| + | |[[Kernel/KeTimeIncrement]] | ||
| + | |157 | ||
| + | | | ||
| + | |Variable: ULONG | ||
| + | |- | ||
| + | |[[Kernel/KeWaitForMultipleObjects]] | ||
| + | |158 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KeWaitForSingleObject]] | ||
| + | |159 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KfRaiseIrql]] | ||
| + | |160 | ||
| + | |fastcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KfLowerIrql]] | ||
| + | |161 | ||
| + | |fastcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/KiBugCheckData]] | ||
| + | |162 | ||
| + | | | ||
| + | |Variable: ULONG_PTR[5] | ||
| + | |- | ||
| + | |[[Kernel/KiUnlockDispatcherDatabase]] | ||
| + | |163 | ||
| + | |fastcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/LaunchDataPage]] | ||
| + | |164 | ||
| + | | | ||
| + | |Variable: PLAUNCH_DATA_PAGE | ||
| + | |- | ||
| + | |[[Kernel/MmAllocateContiguousMemory]] | ||
| + | |165 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/MmAllocateContiguousMemoryEx]] | ||
| + | |166 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/MmAllocateSystemMemory]] | ||
| + | |167 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/MmClaimGpuInstanceMemory]] | ||
| + | |168 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/MmCreateKernelStack]] | ||
| + | |169 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/MmDeleteKernelStack]] | ||
| + | |170 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/MmFreeContiguousMemory]] | ||
| + | |171 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/MmFreeSystemMemory]] | ||
| + | |172 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/MmGetPhysicalAddress]] | ||
| + | |173 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/MmIsAddressValid]] | ||
| + | |174 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/MmLockUnlockBufferPages]] | ||
| + | |175 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/MmLockUnlockPhysicalPage]] | ||
| + | |176 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/MmMapIoSpace]] | ||
| + | |177 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/MmPersistContiguousMemory]] | ||
| + | |178 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/MmQueryAddressProtect]] | ||
| + | |179 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/MmQueryAllocationSize]] | ||
| + | |180 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/MmQueryStatistics]] | ||
| + | |181 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/MmSetAddressProtect]] | ||
| + | |182 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/MmUnmapIoSpace]] | ||
| + | |183 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtAllocateVirtualMemory]] | ||
| + | |184 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtCancelTimer]] | ||
| + | |185 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtClearEvent]] | ||
| + | |186 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtClose]] | ||
| + | |187 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtCreateDirectoryObject]] | ||
| + | |188 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtCreateEvent]] | ||
| + | |189 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtCreateFile]] | ||
| + | |190 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtCreateIoCompletion]] | ||
| + | |191 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtCreateMutant]] | ||
| + | |192 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtCreateSemaphore]] | ||
| + | |193 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtCreateTimer]] | ||
| + | |194 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtDeleteFile]] | ||
| + | |195 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtDeviceIoControlFile]] | ||
| + | |196 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtDuplicateObject]] | ||
| + | |197 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtFlushBuffersFile]] | ||
| + | |198 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtFreeVirtualMemory]] | ||
| + | |199 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtFsControlFile]] | ||
| + | |200 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtOpenDirectoryObject]] | ||
| + | |201 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtOpenFile]] | ||
| + | |202 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtOpenSymbolicLinkObject]] | ||
| + | |203 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtProtectVirtualMemory]] | ||
| + | |204 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtPulseEvent]] | ||
| + | |205 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtQueueApcThread]] | ||
| + | |206 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtQueryDirectoryFile]] | ||
| + | |207 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtQueryDirectoryObject]] | ||
| + | |208 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtQueryEvent]] | ||
| + | |209 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtQueryFullAttributesFile]] | ||
| + | |210 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtQueryInformationFile]] | ||
| + | |211 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtQueryIoCompletion]] | ||
| + | |212 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtQueryMutant]] | ||
| + | |213 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtQuerySemaphore]] | ||
| + | |214 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtQuerySymbolicLinkObject]] | ||
| + | |215 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtQueryTimer]] | ||
| + | |216 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtQueryVirtualMemory]] | ||
| + | |217 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtQueryVolumeInformationFile]] | ||
| + | |218 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtReadFile]] | ||
| + | |219 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtReadFileScatter]] | ||
| + | |220 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtReleaseMutant]] | ||
| + | |221 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtReleaseSemaphore]] | ||
| + | |222 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtRemoveIoCompletion]] | ||
| + | |223 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtResumeThread]] | ||
| + | |224 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtSetEvent]] | ||
| + | |225 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtSetInformationFile]] | ||
| + | |226 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtSetIoCompletion]] | ||
| + | |227 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtSetSystemTime]] | ||
| + | |228 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtSetTimerEx]] | ||
| + | |229 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtSignalAndWaitForSingleObjectEx]] | ||
| + | |230 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtSuspendThread]] | ||
| + | |231 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtUserIoApcDispatcher]] | ||
| + | |232 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtWaitForSingleObject]] | ||
| + | |233 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtWaitForSingleObjectEx]] | ||
| + | |234 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtWaitForMultipleObjectsEx]] | ||
| + | |235 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtWriteFile]] | ||
| + | |236 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtWriteFileGather]] | ||
| + | |237 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/NtYieldExecution]] | ||
| + | |238 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/ObCreateObject]] | ||
| + | |239 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/ObDirectoryObjectType]] | ||
| + | |240 | ||
| + | | | ||
| + | |Variable: OBJECT_TYPE | ||
| + | |- | ||
| + | |[[Kernel/ObInsertObject]] | ||
| + | |241 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/ObMakeTemporaryObject]] | ||
| + | |242 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/ObOpenObjectByName]] | ||
| + | |243 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/ObOpenObjectByPointer]] | ||
| + | |244 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/ObpObjectHandleTable]] | ||
| + | |245 | ||
| + | | | ||
| + | |Variable: OBJECT_HANDLE_TABLE | ||
| + | |- | ||
| + | |[[Kernel/ObReferenceObjectByHandle]] | ||
| + | |246 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/ObReferenceObjectByName]] | ||
| + | |247 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/ObReferenceObjectByPointer]] | ||
| + | |248 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/ObSymbolicLinkObjectType]] | ||
| + | |249 | ||
| + | | | ||
| + | |Variable: OBJECT_TYPE | ||
| + | |- | ||
| + | |[[Kernel/ObfDereferenceObject]] | ||
| + | |250 | ||
| + | |fastcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/ObfReferenceObject]] | ||
| + | |251 | ||
| + | |fastcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/PhyGetLinkState]] | ||
| + | |252 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/PhyInitialize]] | ||
| + | |253 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/PsCreateSystemThread]] | ||
| + | |254 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/PsCreateSystemThreadEx]] | ||
| + | |255 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/PsQueryStatistics]] | ||
| + | |256 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/PsSetCreateThreadNotifyRoutine]] | ||
| + | |257 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/PsTerminateSystemThread]] | ||
| + | |258 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/PsThreadObjectType]] | ||
| + | |259 | ||
| + | | | ||
| + | |Variable: OBJECT_TYPE | ||
| + | |- | ||
| + | |[[Kernel/RtlAnsiStringToUnicodeString]] | ||
| + | |260 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlAppendStringToString]] | ||
| + | |261 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlAppendUnicodeStringToString]] | ||
| + | |262 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlAppendUnicodeToString]] | ||
| + | |263 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlAssert]] | ||
| + | |264 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlCaptureContext]] | ||
| + | |265 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlCaptureStackBackTrace]] | ||
| + | |266 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlCharToInteger]] | ||
| + | |267 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlCompareMemory]] | ||
| + | |268 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlCompareMemoryUlong]] | ||
| + | |269 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlCompareString]] | ||
| + | |270 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlCompareUnicodeString]] | ||
| + | |271 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlCopyString]] | ||
| + | |272 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlCopyUnicodeString]] | ||
| + | |273 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlCreateUnicodeString]] | ||
| + | |274 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlDowncaseUnicodeChar]] | ||
| + | |275 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlDowncaseUnicodeString]] | ||
| + | |276 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlEnterCriticalSection]] | ||
| + | |277 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlEnterCriticalSectionAndRegion]] | ||
| + | |278 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlEqualString]] | ||
| + | |279 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlEqualUnicodeString]] | ||
| + | |280 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlExtendedIntegerMultiply]] | ||
| + | |281 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlExtendedLargeIntegerDivide]] | ||
| + | |282 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlExtendedMagicDivide]] | ||
| + | |283 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlFillMemory]] | ||
| + | |284 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlFillMemoryUlong]] | ||
| + | |285 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlFreeAnsiString]] | ||
| + | |286 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlFreeUnicodeString]] | ||
| + | |287 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlGetCallersAddress]] | ||
| + | |288 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlInitAnsiString]] | ||
| + | |289 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlInitUnicodeString]] | ||
| + | |290 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlInitializeCriticalSection]] | ||
| + | |291 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlIntegerToChar]] | ||
| + | |292 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlIntegerToUnicodeString]] | ||
| + | |293 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlLeaveCriticalSection]] | ||
| + | |294 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlLeaveCriticalSectionAndRegion]] | ||
| + | |295 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlLowerChar]] | ||
| + | |296 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlMapGenericMask]] | ||
| + | |297 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlMoveMemory]] | ||
| + | |298 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlMultiByteToUnicodeN]] | ||
| + | |299 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlMultiByteToUnicodeSize]] | ||
| + | |300 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlNtStatusToDosError]] | ||
| + | |301 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlRaiseException]] | ||
| + | |302 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlRaiseStatus]] | ||
| + | |303 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlTimeFieldsToTime]] | ||
| + | |304 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlTimeToTimeFields]] | ||
| + | |305 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlTryEnterCriticalSection]] | ||
| + | |306 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlUlongByteSwap]] | ||
| + | |307 | ||
| + | |fastcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlUnicodeStringToAnsiString]] | ||
| + | |308 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlUnicodeStringToInteger]] | ||
| + | |309 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlUnicodeToMultiByteN]] | ||
| + | |310 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlUnicodeToMultiByteSize]] | ||
| + | |311 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlUnwind]] | ||
| + | |312 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlUpcaseUnicodeChar]] | ||
| + | |313 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlUpcaseUnicodeString]] | ||
| + | |314 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlUpcaseUnicodeToMultiByteN]] | ||
| + | |315 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlUpperChar]] | ||
| + | |316 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlUpperString]] | ||
| + | |317 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlUshortByteSwap]] | ||
| + | |318 | ||
| + | |fastcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlWalkFrameChain]] | ||
| + | |319 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlZeroMemory]] | ||
| + | |320 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/XboxEEPROMKey]] | ||
| + | |321 | ||
| + | | | ||
| + | |Variable: XBOX_KEY_DATA | ||
| + | |- | ||
| + | |[[Kernel/XboxHardwareInfo]] | ||
| + | |322 | ||
| + | | | ||
| + | |Variable: XBOX_HARDWARE_INFO | ||
| + | |- | ||
| + | |[[Kernel/XboxHDKey]] | ||
| + | |323 | ||
| + | | | ||
| + | |Variable: XBOX_KEY_DATA | ||
| + | |- | ||
| + | |[[Kernel/XboxKrnlVersion]] | ||
| + | |324 | ||
| + | | | ||
| + | |Variable: XBOX_KRNL_VERSION | ||
| + | |- | ||
| + | |[[Kernel/XboxSignatureKey]] | ||
| + | |325 | ||
| + | | | ||
| + | |Variable: XBOX_KEY_DATA; modified by active XBE Certificate | ||
| + | |- | ||
| + | |[[Kernel/XeImageFileName]] | ||
| + | |326 | ||
| + | | | ||
| + | |Variable: OBJECT_STRING | ||
| + | |- | ||
| + | |[[Kernel/XeLoadSection]] | ||
| + | |327 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/XeUnloadSection]] | ||
| + | |328 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/READ_PORT_BUFFER_UCHAR]] | ||
| + | |329 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/READ_PORT_BUFFER_USHORT]] | ||
| + | |330 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/READ_PORT_BUFFER_ULONG]] | ||
| + | |331 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/WRITE_PORT_BUFFER_UCHAR]] | ||
| + | |332 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/WRITE_PORT_BUFFER_USHORT]] | ||
| + | |333 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/WRITE_PORT_BUFFER_ULONG]] | ||
| + | |334 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/XcSHAInit]] | ||
| + | |335 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/XcSHAUpdate]] | ||
| + | |336 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/XcSHAFinal]] | ||
| + | |337 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/XcRC4Key]] | ||
| + | |338 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/XcRC4Crypt]] | ||
| + | |339 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/XcHMAC]] | ||
| + | |340 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/XcPKEncPublic]] | ||
| + | |341 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/XcPKDecPrivate]] | ||
| + | |342 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/XcPKGetKeyLen]] | ||
| + | |343 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/XcVerifyPKCS1Signature]] | ||
| + | |344 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/XcModExp]] | ||
| + | |345 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/XcDESKeyParity]] | ||
| + | |346 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/XcKeyTable]] | ||
| + | |347 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/XcBlockCrypt]] | ||
| + | |348 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/XcBlockCryptCBC]] | ||
| + | |349 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/XcCryptService]] | ||
| + | |350 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/XcUpdateCrypto]] | ||
| + | |351 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlRip]] | ||
| + | |352 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/XboxLANKey]] | ||
| + | |353 | ||
| + | | | ||
| + | |Variable: XBOX_KEY_DATA; modified by active XBE Certificate | ||
| + | |- | ||
| + | |[[Kernel/XboxAlternateSignatureKeys]] | ||
| + | |354 | ||
| + | | | ||
| + | |Variable: XBOX_KEY_DATA[XBEIMAGE_ALTERNATE_TITLE_ID_COUNT]; modified by active XBE Certificate | ||
| + | |- | ||
| + | |[[Kernel/XePublicKeyData]] | ||
| + | |355 | ||
| + | | | ||
| + | |Variable: UCHAR[XC_PUBLIC_KEYDATA_SIZE] | ||
| + | |- | ||
| + | |[[Kernel/HalBootSMCVideoMode]] | ||
| + | |356 | ||
| + | | | ||
| + | |Variable: ULONG | ||
| + | |- | ||
| + | |[[Kernel/IdexChannelObject]] | ||
| + | |357 | ||
| + | | | ||
| + | |Variable: IDE_CHANNEL_OBJECT | ||
| + | |- | ||
| + | |[[Kernel/HalIsResetOrShutdownPending]] | ||
| + | |358 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/IoMarkIrpMustComplete]] | ||
| + | |359 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/HalInitiateShutdown]] | ||
| + | |360 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/RtlSnprintf]] | ||
| + | |361 | ||
| + | |stdcall | ||
| + | |Unused? | ||
| + | |- | ||
| + | |[[Kernel/RtlSprintf]] | ||
| + | |362 | ||
| + | |stdcall | ||
| + | |Unused? | ||
| + | |- | ||
| + | |[[Kernel/RtlVsnprintf]] | ||
| + | |363 | ||
| + | |stdcall | ||
| + | |Unused? | ||
| + | |- | ||
| + | |[[Kernel/RtlVsprintf]] | ||
| + | |364 | ||
| + | |stdcall | ||
| + | |Unused? | ||
| + | |- | ||
| + | |[[Kernel/HalEnableSecureTrayEject]] | ||
| + | |365 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | |[[Kernel/HalWriteSMCScratchRegister]] | ||
| + | |366 | ||
| + | |stdcall | ||
| + | | | ||
| + | |- | ||
| + | | | ||
| + | |367 | ||
| + | | | ||
| + | |Unused? | ||
| + | |- | ||
| + | | | ||
| + | |368 | ||
| + | | | ||
| + | |Unused? | ||
| + | |- | ||
| + | | | ||
| + | |369 | ||
| + | | | ||
| + | |Unused? | ||
| + | |- | ||
| + | |[[Kernel/XProfpControl]] | ||
| + | |370 | ||
| + | | | ||
| + | |Profiling-enabled builds only! | ||
| + | |- | ||
| + | |[[Kernel/XProfpGetData]] | ||
| + | |371 | ||
| + | | | ||
| + | |Profiling-enabled builds only! | ||
| + | |- | ||
| + | |[[Kernel/IrtClientInitFast]] | ||
| + | |372 | ||
| + | | | ||
| + | |Profiling-enabled builds only! | ||
| + | |- | ||
| + | |[[Kernel/IrtSweep]] | ||
| + | |373 | ||
| + | | | ||
| + | |Profiling-enabled builds only! | ||
| + | |- | ||
| + | |[[Kernel/MmDbgAllocateMemory]] | ||
| + | |374 | ||
| + | |stdcall | ||
| + | |Devkits only! | ||
| + | |- | ||
| + | |[[Kernel/MmDbgFreeMemory]] | ||
| + | |375 | ||
| + | |stdcall | ||
| + | |Devkits only! | ||
| + | |- | ||
| + | |[[Kernel/MmDbgQueryAvailablePages]] | ||
| + | |376 | ||
| + | |stdcall | ||
| + | |Devkits only! | ||
| + | |- | ||
| + | |[[Kernel/MmDbgReleaseAddress]] | ||
| + | |377 | ||
| + | |stdcall | ||
| + | |Devkits only! | ||
| + | |- | ||
| + | |[[Kernel/MmDbgWriteCheck]] | ||
| + | |378 | ||
| + | |stdcall | ||
| + | |Devkits only! | ||
| + | |} | ||
Latest revision as of 17:23, 21 October 2018
The Xbox kernel is called xboxkrnl.exe. It is closely related to the Windows NT ntoskrnl.exe. Its image base address is always 0x80010000.
Contents
Header modifications
xboxkrnl.exe is a mostly standard exe file. However, the MS-DOS header was patched to contain Xbox specific data in the reserved 20 byte block starting at offset 40:
| Offset | Meaning |
|---|---|
| 40 | Size of uninitialized portion of the .data section |
| 44 | Size of initialized portion of the .data section |
| 48 | Memory address of initialized portion of the .data section (usually in Flash). Used to re-initialize the data section pointed to by the next field. Note that the pointer might be invalid during normal execution as the Flash might not be mapped at all times. |
| 52 | Memory address where the .data section is stored (usually the same as in the section header + image base). |
Sections
All sections are identity mapped (meaning file offsets and offsets in RAM match). This is because the kernel is not loaded through a traditional PE / exe loader, but just unpacked into memory.
.text
The .text section contains the kernel exports.
.data
The .data section stores initialized and uninitialized data. A copy of the initialized portion of this section is usually stored in the BIOS.
STICKY
Stores variables which must be preserved across a quick-reboot.
IDEXPRDT
A Physical Region Descriptor Table (PRDT) for the IDE bus. This section serves as a memory allocation only, it does not have to be initialized when loading the kernel[citation needed].
INIT
This section is always the last one. It contains the entrypoint of the kernel. This does all the cold-boot kernel initialization as described here. Later kernels[FIXME] will discard this section after initialization. INIT also contains the Boot Animation, so once the kernel has finished booting it can't do a full hardware re-initialization or play the boot animation anymore.
