-
Notifications
You must be signed in to change notification settings - Fork 351
/
Copy pathcortex.txt
99 lines (97 loc) · 2.08 KB
/
cortex.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
User-Mode hoooks
- JMP Based Hook:
NtAllocateVirtualMemory
NtFreeVirtualMemory
NtSetInformationProcess
- PUSH; RET Based Hook:
NtMapViewOfSection
NtUnmapViewOfSection
NtContinue
RegNtCallbackObjectContextCleanup
RegNtPostCreateKey
RegNtPostCreateKeyEx
RegNtPostDeleteKey
RegNtPostDeleteValueKey
RegNtPostEnumerateKey
RegNtPostEnumerateValueKey
RegNtPostFlushKey
RegNtPostKeyHandleClose
RegNtPostLoadKey
RegNtPostOpenKey
RegNtPostOpenKeyEx
RegNtPostQueryKey
RegNtPostQueryKeyName
RegNtPostQueryKeySecurity
RegNtPostQueryMultipleValueKey
RegNtPostQueryValueKey
RegNtPostRenameKey
RegNtPostReplaceKey
RegNtPostRestoreKey
RegNtPostSaveKey
RegNtPostSetInformationKey
RegNtPostSetKeySecurity
RegNtPostSetValueKey
RegNtPostUnLoadKey
RegNtPreCreateKey
RegNtPreCreateKeyEx
RegNtPreDeleteKey
RegNtPreDeleteValueKey
RegNtPreEnumerateKey
RegNtPreEnumerateValueKey
RegNtPreFlushKey
RegNtPreKeyHandleClose
RegNtPreLoadKey
RegNtPreOpenKey
RegNtPreOpenKeyEx
RegNtPreQueryKey
RegNtPreQueryKeyName
RegNtPreQueryKeySecurity
RegNtPreQueryMultipleValueKey
RegNtPreQueryValueKey
RegNtPreRenameKey
RegNtPreReplaceKey
RegNtPreRestoreKey
RegNtPreSaveKey
RegNtPreSetInformationKey
RegNtPreSetKeySecurity
RegNtPreSetValueKey
RegNtPreUnLoadKey
NtAddBootEntry
NtAdjustPrivilegesToken
NtAllocateVirtualMemory
NtAllocateVirtualMemoryEx
NtCreateMutant
NtDelayExecution
NtDeleteBootEntry
NtGdiBitBlt
NtLoadDriver
NtMapViewOfSection
NtMapViewOfSectionEx
NtModifyBootEntry
NtOpenCreateFile
NtOpenProcessToken
NtOpenProcessTokenEx
NtOpenThreadToken
NtOpenThreadTokenEx
NtProtectVirtualMemory
NtQueryInformationTokenTokenUser
NtQuerySystemInformation
NtQueueApcThread
NtQueueApcThreadEx
NtQueueApcThreadEx2
NtReadVirtualMemory
NtSetContextThread
NtSetInformationProcess
NtSetInformationProcessCriticalProcess
NtSetInformationThreadCriticalThread
NtSetInformationThreadHideFromDebugger
NtSetInformationThreadImpersonationToken
NtSetInformationThreadWow64Context
NtSetInformationVirtualMemory
NtSystemDebugControl
NtUnmapViewOfSection
NtUnmapViewOfSectionEx
NtUserGetAsyncKeyState
NtUserGetClipboardData
NtUserSetWindowsHookEx
NtWriteVirtualMemory