use crate::emu::Emu;
use crate::constants::*;
mod memory;
mod process;
pub fn gateway(emu: &mut Emu) {
let nr = emu.regs().rax;
match nr {
WIN64_NTALLOCATEVIRTUALMEMORY => memory::nt_allocate_virtual_memory(emu),
WIN64_NTFREEVIRTUALMEMORY => memory::nt_free_virtual_memory(emu),
WIN64_NTPROTECTVIRTUALMEMORY => memory::nt_protect_virtual_memory(emu),
WIN64_NTQUERYVIRTUALMEMORY => memory::nt_query_virtual_memory(emu),
WIN64_NTREADVIRTUALMEMORY => memory::nt_read_virtual_memory(emu),
WIN64_NTWRITEVIRTUALMEMORY => memory::nt_write_virtual_memory(emu),
WIN64_NTMAPVIEWOFSECTION => memory::nt_map_view_of_section(emu),
WIN64_NTUNMAPVIEWOFSECTION => memory::nt_unmap_view_of_section(emu),
WIN64_NTQUERYINFORMATIONPROCESS => process::nt_query_information_process(emu),
WIN64_NTQUERYINFORMATIONTHREAD => process::nt_query_information_thread(emu),
WIN64_NTSETINFORMATIONPROCESS => process::nt_set_information_process(emu),
WIN64_NTSETINFORMATIONTHREAD => process::nt_set_information_thread(emu),
WIN64_NTOPENPROCESS => process::nt_open_process(emu),
WIN64_NTTERMINATEPROCESS => process::nt_terminate_process(emu),
WIN64_NTQUERYPERFORMANCECOUNTER => process::nt_query_performance_counter(emu),
_ => {
let name = what_syscall(nr);
log_orange!(
emu,
"syscall 0x{:x}: {} (unimplemented)",
nr,
name,
);
}
}
}
pub fn what_syscall(sys: u64) -> String {
match sys {
0x0 => "NtAccessCheck".to_string(),
0x1 => "NtWorkerFactoryWorkerReady".to_string(),
0x2 => "NtAcceptConnectPort".to_string(),
0x3 => "NtMapUserPhysicalPagesScatter".to_string(),
0x4 => "NtWaitForSingleObject".to_string(),
0x5 => "NtCallbackReturn".to_string(),
0x6 => "NtReadFile".to_string(),
0x7 => "NtDeviceIoControlFile".to_string(),
0x8 => "NtWriteFile".to_string(),
0x9 => "NtRemoveIoCompletion".to_string(),
0xa => "NtReleaseSemaphore".to_string(),
0xb => "NtReplyWaitReceivePort".to_string(),
0xc => "NtReplyPort".to_string(),
0xd => "NtSetInformationThread".to_string(),
0xe => "NtSetEvent".to_string(),
0xf => "NtClose".to_string(),
0x10 => "NtQueryObject".to_string(),
0x11 => "NtQueryInformationFile".to_string(),
0x12 => "NtOpenKey".to_string(),
0x13 => "NtEnumerateValueKey".to_string(),
0x14 => "NtFindAtom".to_string(),
0x15 => "NtQueryDefaultLocale".to_string(),
0x16 => "NtQueryKey".to_string(),
0x17 => "NtQueryValueKey".to_string(),
0x18 => "NtAllocateVirtualMemory".to_string(),
0x19 => "NtQueryInformationProcess".to_string(),
0x1a => "NtWaitForMultipleObjects32".to_string(),
0x1b => "NtWriteFileGather".to_string(),
0x1c => "NtSetInformationProcess".to_string(),
0x1d => "NtCreateKey".to_string(),
0x1e => "NtFreeVirtualMemory".to_string(),
0x1f => "NtImpersonateClientOfPort".to_string(),
0x20 => "NtReleaseMutant".to_string(),
0x21 => "NtQueryInformationToken".to_string(),
0x22 => "NtRequestWaitReplyPort".to_string(),
0x23 => "NtQueryVirtualMemory".to_string(),
0x24 => "NtOpenThreadToken".to_string(),
0x25 => "NtQueryInformationThread".to_string(),
0x26 => "NtOpenProcess".to_string(),
0x27 => "NtSetInformationFile".to_string(),
0x28 => "NtMapViewOfSection".to_string(),
0x29 => "NtAccessCheckAndAuditAlarm".to_string(),
0x2a => "NtUnmapViewOfSection".to_string(),
0x2b => "NtReplyWaitReceivePortEx".to_string(),
0x2c => "NtTerminateProcess".to_string(),
0x2d => "NtSetEventBoostPriority".to_string(),
0x2e => "NtReadFileScatter".to_string(),
0x2f => "NtOpenThreadTokenEx".to_string(),
0x30 => "NtOpenProcessTokenEx".to_string(),
0x31 => "NtQueryPerformanceCounter".to_string(),
0x32 => "NtEnumerateKey".to_string(),
0x33 => "NtOpenFile".to_string(),
0x34 => "NtDelayExecution".to_string(),
0x35 => "NtQueryDirectoryFile".to_string(),
0x36 => "NtQuerySystemInformation".to_string(),
0x37 => "NtOpenSection".to_string(),
0x38 => "NtQueryTimer".to_string(),
0x39 => "NtFsControlFile".to_string(),
0x3a => "NtWriteVirtualMemory".to_string(),
0x3b => "NtCloseObjectAuditAlarm".to_string(),
0x3c => "NtDuplicateObject".to_string(),
0x3d => "NtQueryAttributesFile".to_string(),
0x3e => "NtClearEvent".to_string(),
0x3f => "NtReadVirtualMemory".to_string(),
0x40 => "NtOpenEvent".to_string(),
0x41 => "NtAdjustPrivilegesToken".to_string(),
0x42 => "NtDuplicateToken".to_string(),
0x43 => "NtContinue".to_string(),
0x44 => "NtQueryDefaultUILanguage".to_string(),
0x45 => "NtQueueApcThread".to_string(),
0x46 => "NtYieldExecution".to_string(),
0x47 => "NtAddAtom".to_string(),
0x48 => "NtCreateEvent".to_string(),
0x49 => "NtQueryVolumeInformationFile".to_string(),
0x4a => "NtCreateSection".to_string(),
0x4b => "NtFlushBuffersFile".to_string(),
0x4c => "NtApphelpCacheControl".to_string(),
0x4d => "NtCreateProcessEx".to_string(),
0x4e => "NtCreateThread".to_string(),
0x4f => "NtIsProcessInJob".to_string(),
0x50 => "NtProtectVirtualMemory".to_string(),
0x51 => "NtQuerySection".to_string(),
0x52 => "NtResumeThread".to_string(),
0x53 => "NtTerminateThread".to_string(),
0x54 => "NtReadRequestData".to_string(),
0x55 => "NtCreateFile".to_string(),
0x56 => "NtQueryEvent".to_string(),
0x57 => "NtWriteRequestData".to_string(),
0x58 => "NtOpenDirectoryObject".to_string(),
0x59 => "NtAccessCheckByTypeAndAuditAlarm".to_string(),
0x5a => "NtQuerySystemTime".to_string(),
0x5b => "NtWaitForMultipleObjects".to_string(),
0x5c => "NtSetInformationObject".to_string(),
0x5d => "NtCancelIoFile".to_string(),
0x5e => "NtTraceEvent".to_string(),
0x5f => "NtPowerInformation".to_string(),
0x60 => "NtSetValueKey".to_string(),
0x61 => "NtCancelTimer".to_string(),
0x62 => "NtSetTimer".to_string(),
0x63 => "NtAccessCheckByType".to_string(),
0x64 => "NtAccessCheckByTypeResultList".to_string(),
0x65 => "NtAccessCheckByTypeResultListAndAuditAlarm".to_string(),
0x66 => "NtAccessCheckByTypeResultListAndAuditAlarmByHandle".to_string(),
0x67 => "NtAcquireCrossVmMutant".to_string(),
0x68 => "NtAcquireProcessActivityReference".to_string(),
0x69 => "NtAddAtomEx".to_string(),
0x6a => "NtAddBootEntry".to_string(),
0x6b => "NtAddDriverEntry".to_string(),
0x6c => "NtAdjustGroupsToken".to_string(),
0x6d => "NtAdjustTokenClaimsAndDeviceGroups".to_string(),
0x6e => "NtAlertMultipleThreadByThreadId".to_string(),
0x6f => "NtAlertResumeThread".to_string(),
0x70 => "NtAlertThread".to_string(),
0x71 => "NtAlertThreadByThreadId".to_string(),
0x72 => "NtAlertThreadByThreadIdEx".to_string(),
0x73 => "NtAllocateLocallyUniqueId".to_string(),
0x74 => "NtAllocateReserveObject".to_string(),
0x75 => "NtAllocateUserPhysicalPages".to_string(),
0x76 => "NtAllocateUserPhysicalPagesEx".to_string(),
0x77 => "NtAllocateUuids".to_string(),
0x78 => "NtAllocateVirtualMemoryEx".to_string(),
0x79 => "NtAlpcAcceptConnectPort".to_string(),
0x7a => "NtAlpcCancelMessage".to_string(),
0x7b => "NtAlpcConnectPort".to_string(),
0x7c => "NtAlpcConnectPortEx".to_string(),
0x7d => "NtAlpcCreatePort".to_string(),
0x7e => "NtAlpcCreatePortSection".to_string(),
0x7f => "NtAlpcCreateResourceReserve".to_string(),
0x80 => "NtAlpcCreateSectionView".to_string(),
0x81 => "NtAlpcCreateSecurityContext".to_string(),
0x82 => "NtAlpcDeletePortSection".to_string(),
0x83 => "NtAlpcDeleteResourceReserve".to_string(),
0x84 => "NtAlpcDeleteSectionView".to_string(),
0x85 => "NtAlpcDeleteSecurityContext".to_string(),
0x86 => "NtAlpcDisconnectPort".to_string(),
0x87 => "NtAlpcImpersonateClientContainerOfPort".to_string(),
0x88 => "NtAlpcImpersonateClientOfPort".to_string(),
0x89 => "NtAlpcOpenSenderProcess".to_string(),
0x8a => "NtAlpcOpenSenderThread".to_string(),
0x8b => "NtAlpcQueryInformation".to_string(),
0x8c => "NtAlpcQueryInformationMessage".to_string(),
0x8d => "NtAlpcRevokeSecurityContext".to_string(),
0x8e => "NtAlpcSendWaitReceivePort".to_string(),
0x8f => "NtAlpcSetInformation".to_string(),
0x90 => "NtAreMappedFilesTheSame".to_string(),
0x91 => "NtAssignProcessToJobObject".to_string(),
0x92 => "NtAssociateWaitCompletionPacket".to_string(),
0x93 => "NtCallEnclave".to_string(),
0x94 => "NtCancelIoFileEx".to_string(),
0x95 => "NtCancelSynchronousIoFile".to_string(),
0x96 => "NtCancelTimer2".to_string(),
0x97 => "NtCancelWaitCompletionPacket".to_string(),
0x98 => "NtChangeProcessState".to_string(),
0x99 => "NtChangeThreadState".to_string(),
0x9a => "NtCommitComplete".to_string(),
0x9b => "NtCommitEnlistment".to_string(),
0x9c => "NtCommitRegistryTransaction".to_string(),
0x9d => "NtCommitTransaction".to_string(),
0x9e => "NtCompactKeys".to_string(),
0x9f => "NtCompareObjects".to_string(),
0xa0 => "NtCompareSigningLevels".to_string(),
0xa1 => "NtCompareTokens".to_string(),
0xa2 => "NtCompleteConnectPort".to_string(),
0xa3 => "NtCompressKey".to_string(),
0xa4 => "NtConnectPort".to_string(),
0xa5 => "NtContinueEx".to_string(),
0xa6 => "NtConvertBetweenAuxiliaryCounterAndPerformanceCounter".to_string(),
0xa7 => "NtCopyFileChunk".to_string(),
0xa8 => "NtCreateCpuPartition".to_string(),
0xa9 => "NtCreateCrossVmEvent".to_string(),
0xaa => "NtCreateCrossVmMutant".to_string(),
0xab => "NtCreateDebugObject".to_string(),
0xac => "NtCreateDirectoryObject".to_string(),
0xad => "NtCreateDirectoryObjectEx".to_string(),
0xae => "NtCreateEnclave".to_string(),
0xaf => "NtCreateEnlistment".to_string(),
0xb0 => "NtCreateEventPair".to_string(),
0xb1 => "NtCreateIRTimer".to_string(),
0xb2 => "NtCreateIoCompletion".to_string(),
0xb3 => "NtCreateIoRing".to_string(),
0xb4 => "NtCreateJobObject".to_string(),
0xb5 => "NtCreateJobSet".to_string(),
0xb6 => "NtCreateKeyTransacted".to_string(),
0xb7 => "NtCreateKeyedEvent".to_string(),
0xb8 => "NtCreateLowBoxToken".to_string(),
0xb9 => "NtCreateMailslotFile".to_string(),
0xba => "NtCreateMutant".to_string(),
0xbb => "NtCreateNamedPipeFile".to_string(),
0xbc => "NtCreatePagingFile".to_string(),
0xbd => "NtCreatePartition".to_string(),
0xbe => "NtCreatePort".to_string(),
0xbf => "NtCreatePrivateNamespace".to_string(),
0xc0 => "NtCreateProcess".to_string(),
0xc1 => "NtCreateProcessStateChange".to_string(),
0xc2 => "NtCreateProfile".to_string(),
0xc3 => "NtCreateProfileEx".to_string(),
0xc4 => "NtCreateRegistryTransaction".to_string(),
0xc5 => "NtCreateResourceManager".to_string(),
0xc6 => "NtCreateSectionEx".to_string(),
0xc7 => "NtCreateSemaphore".to_string(),
0xc8 => "NtCreateSymbolicLinkObject".to_string(),
0xc9 => "NtCreateThreadEx".to_string(),
0xca => "NtCreateThreadStateChange".to_string(),
0xcb => "NtCreateTimer".to_string(),
0xcc => "NtCreateTimer2".to_string(),
0xcd => "NtCreateToken".to_string(),
0xce => "NtCreateTokenEx".to_string(),
0xcf => "NtCreateTransaction".to_string(),
0xd0 => "NtCreateTransactionManager".to_string(),
0xd1 => "NtCreateUserProcess".to_string(),
0xd2 => "NtCreateWaitCompletionPacket".to_string(),
0xd3 => "NtCreateWaitablePort".to_string(),
0xd4 => "NtCreateWnfStateName".to_string(),
0xd5 => "NtCreateWorkerFactory".to_string(),
0xd6 => "NtDebugActiveProcess".to_string(),
0xd7 => "NtDebugContinue".to_string(),
0xd8 => "NtDeleteAtom".to_string(),
0xd9 => "NtDeleteBootEntry".to_string(),
0xda => "NtDeleteDriverEntry".to_string(),
0xdb => "NtDeleteFile".to_string(),
0xdc => "NtDeleteKey".to_string(),
0xdd => "NtDeleteObjectAuditAlarm".to_string(),
0xde => "NtDeletePrivateNamespace".to_string(),
0xdf => "NtDeleteValueKey".to_string(),
0xe0 => "NtDeleteWnfStateData".to_string(),
0xe1 => "NtDeleteWnfStateName".to_string(),
0xe2 => "NtDirectGraphicsCall".to_string(),
0xe3 => "NtDisableLastKnownGood".to_string(),
0xe4 => "NtDisplayString".to_string(),
0xe5 => "NtDrawText".to_string(),
0xe6 => "NtEnableLastKnownGood".to_string(),
0xe7 => "NtEnumerateBootEntries".to_string(),
0xe8 => "NtEnumerateDriverEntries".to_string(),
0xe9 => "NtEnumerateSystemEnvironmentValuesEx".to_string(),
0xea => "NtEnumerateTransactionObject".to_string(),
0xeb => "NtExtendSection".to_string(),
0xec => "NtFilterBootOption".to_string(),
0xed => "NtFilterToken".to_string(),
0xee => "NtFilterTokenEx".to_string(),
0xef => "NtFlushBuffersFileEx".to_string(),
0xf0 => "NtFlushInstallUILanguage".to_string(),
0xf1 => "NtFlushInstructionCache".to_string(),
0xf2 => "NtFlushKey".to_string(),
0xf3 => "NtFlushProcessWriteBuffers".to_string(),
0xf4 => "NtFlushVirtualMemory".to_string(),
0xf5 => "NtFlushWriteBuffer".to_string(),
0xf6 => "NtFreeUserPhysicalPages".to_string(),
0xf7 => "NtFreezeRegistry".to_string(),
0xf8 => "NtFreezeTransactions".to_string(),
0xf9 => "NtGetCachedSigningLevel".to_string(),
0xfa => "NtGetCompleteWnfStateSubscription".to_string(),
0xfb => "NtGetContextThread".to_string(),
0xfc => "NtGetCurrentProcessorNumber".to_string(),
0xfd => "NtGetCurrentProcessorNumberEx".to_string(),
0xfe => "NtGetDevicePowerState".to_string(),
0xff => "NtGetMUIRegistryInfo".to_string(),
0x100 => "NtGetNextProcess".to_string(),
0x101 => "NtGetNextThread".to_string(),
0x102 => "NtGetNlsSectionPtr".to_string(),
0x103 => "NtGetNotificationResourceManager".to_string(),
0x104 => "NtGetWriteWatch".to_string(),
0x105 => "NtImpersonateAnonymousToken".to_string(),
0x106 => "NtImpersonateThread".to_string(),
0x107 => "NtInitializeEnclave".to_string(),
0x108 => "NtInitializeNlsFiles".to_string(),
0x109 => "NtInitializeRegistry".to_string(),
0x10a => "NtInitiatePowerAction".to_string(),
0x10b => "NtIsSystemResumeAutomatic".to_string(),
0x10c => "NtIsUILanguageComitted".to_string(),
0x10d => "NtListenPort".to_string(),
0x10e => "NtLoadDriver".to_string(),
0x10f => "NtLoadEnclaveData".to_string(),
0x110 => "NtLoadKey".to_string(),
0x111 => "NtLoadKey2".to_string(),
0x112 => "NtLoadKey3".to_string(),
0x113 => "NtLoadKeyEx".to_string(),
0x114 => "NtLockFile".to_string(),
0x115 => "NtLockProductActivationKeys".to_string(),
0x116 => "NtLockRegistryKey".to_string(),
0x117 => "NtLockVirtualMemory".to_string(),
0x118 => "NtMakePermanentObject".to_string(),
0x119 => "NtMakeTemporaryObject".to_string(),
0x11a => "NtManageHotPatch".to_string(),
0x11b => "NtManagePartition".to_string(),
0x11c => "NtMapCMFModule".to_string(),
0x11d => "NtMapUserPhysicalPages".to_string(),
0x11e => "NtMapViewOfSectionEx".to_string(),
0x11f => "NtModifyBootEntry".to_string(),
0x120 => "NtModifyDriverEntry".to_string(),
0x121 => "NtNotifyChangeDirectoryFile".to_string(),
0x122 => "NtNotifyChangeDirectoryFileEx".to_string(),
0x123 => "NtNotifyChangeKey".to_string(),
0x124 => "NtNotifyChangeMultipleKeys".to_string(),
0x125 => "NtNotifyChangeSession".to_string(),
0x126 => "NtOpenCpuPartition".to_string(),
0x127 => "NtOpenEnlistment".to_string(),
0x128 => "NtOpenEventPair".to_string(),
0x129 => "NtOpenIoCompletion".to_string(),
0x12a => "NtOpenJobObject".to_string(),
0x12b => "NtOpenKeyEx".to_string(),
0x12c => "NtOpenKeyTransacted".to_string(),
0x12d => "NtOpenKeyTransactedEx".to_string(),
0x12e => "NtOpenKeyedEvent".to_string(),
0x12f => "NtOpenMutant".to_string(),
0x130 => "NtOpenObjectAuditAlarm".to_string(),
0x131 => "NtOpenPartition".to_string(),
0x132 => "NtOpenPrivateNamespace".to_string(),
0x133 => "NtOpenProcessToken".to_string(),
0x134 => "NtOpenRegistryTransaction".to_string(),
0x135 => "NtOpenResourceManager".to_string(),
0x136 => "NtOpenSemaphore".to_string(),
0x137 => "NtOpenSession".to_string(),
0x138 => "NtOpenSymbolicLinkObject".to_string(),
0x139 => "NtOpenThread".to_string(),
0x13a => "NtOpenTimer".to_string(),
0x13b => "NtOpenTransaction".to_string(),
0x13c => "NtOpenTransactionManager".to_string(),
0x13d => "NtPlugPlayControl".to_string(),
0x13e => "NtPrePrepareComplete".to_string(),
0x13f => "NtPrePrepareEnlistment".to_string(),
0x140 => "NtPrepareComplete".to_string(),
0x141 => "NtPrepareEnlistment".to_string(),
0x142 => "NtPrivilegeCheck".to_string(),
0x143 => "NtPrivilegeObjectAuditAlarm".to_string(),
0x144 => "NtPrivilegedServiceAuditAlarm".to_string(),
0x145 => "NtPropagationComplete".to_string(),
0x146 => "NtPropagationFailed".to_string(),
0x147 => "NtPssCaptureVaSpaceBulk".to_string(),
0x148 => "NtPulseEvent".to_string(),
0x149 => "NtQueryAuxiliaryCounterFrequency".to_string(),
0x14a => "NtQueryBootEntryOrder".to_string(),
0x14b => "NtQueryBootOptions".to_string(),
0x14c => "NtQueryDebugFilterState".to_string(),
0x14d => "NtQueryDirectoryFileEx".to_string(),
0x14e => "NtQueryDirectoryObject".to_string(),
0x14f => "NtQueryDriverEntryOrder".to_string(),
0x150 => "NtQueryEaFile".to_string(),
0x151 => "NtQueryFullAttributesFile".to_string(),
0x152 => "NtQueryInformationAtom".to_string(),
0x153 => "NtQueryInformationByName".to_string(),
0x154 => "NtQueryInformationCpuPartition".to_string(),
0x155 => "NtQueryInformationEnlistment".to_string(),
0x156 => "NtQueryInformationJobObject".to_string(),
0x157 => "NtQueryInformationPort".to_string(),
0x158 => "NtQueryInformationResourceManager".to_string(),
0x159 => "NtQueryInformationTransaction".to_string(),
0x15a => "NtQueryInformationTransactionManager".to_string(),
0x15b => "NtQueryInformationWorkerFactory".to_string(),
0x15c => "NtQueryInstallUILanguage".to_string(),
0x15d => "NtQueryIntervalProfile".to_string(),
0x15e => "NtQueryIoCompletion".to_string(),
0x15f => "NtQueryIoRingCapabilities".to_string(),
0x160 => "NtQueryLicenseValue".to_string(),
0x161 => "NtQueryMultipleValueKey".to_string(),
0x162 => "NtQueryMutant".to_string(),
0x163 => "NtQueryOpenSubKeys".to_string(),
0x164 => "NtQueryOpenSubKeysEx".to_string(),
0x165 => "NtQueryPortInformationProcess".to_string(),
0x166 => "NtQueryQuotaInformationFile".to_string(),
0x167 => "NtQuerySecurityAttributesToken".to_string(),
0x168 => "NtQuerySecurityObject".to_string(),
0x169 => "NtQuerySecurityPolicy".to_string(),
0x16a => "NtQuerySemaphore".to_string(),
0x16b => "NtQuerySymbolicLinkObject".to_string(),
0x16c => "NtQuerySystemEnvironmentValue".to_string(),
0x16d => "NtQuerySystemEnvironmentValueEx".to_string(),
0x16e => "NtQuerySystemInformationEx".to_string(),
0x16f => "NtQueryTimerResolution".to_string(),
0x170 => "NtQueryWnfStateData".to_string(),
0x171 => "NtQueryWnfStateNameInformation".to_string(),
0x172 => "NtQueueApcThreadEx".to_string(),
0x173 => "NtQueueApcThreadEx2".to_string(),
0x174 => "NtRaiseException".to_string(),
0x175 => "NtRaiseHardError".to_string(),
0x176 => "NtReadOnlyEnlistment".to_string(),
0x177 => "NtReadVirtualMemoryEx".to_string(),
0x178 => "NtRecoverEnlistment".to_string(),
0x179 => "NtRecoverResourceManager".to_string(),
0x17a => "NtRecoverTransactionManager".to_string(),
0x17b => "NtRegisterProtocolAddressInformation".to_string(),
0x17c => "NtRegisterThreadTerminatePort".to_string(),
0x17d => "NtReleaseKeyedEvent".to_string(),
0x17e => "NtReleaseWorkerFactoryWorker".to_string(),
0x17f => "NtRemoveIoCompletionEx".to_string(),
0x180 => "NtRemoveProcessDebug".to_string(),
0x181 => "NtRenameKey".to_string(),
0x182 => "NtRenameTransactionManager".to_string(),
0x183 => "NtReplaceKey".to_string(),
0x184 => "NtReplacePartitionUnit".to_string(),
0x185 => "NtReplyWaitReplyPort".to_string(),
0x186 => "NtRequestPort".to_string(),
0x187 => "NtResetEvent".to_string(),
0x188 => "NtResetWriteWatch".to_string(),
0x189 => "NtRestoreKey".to_string(),
0x18a => "NtResumeProcess".to_string(),
0x18b => "NtRevertContainerImpersonation".to_string(),
0x18c => "NtRollbackComplete".to_string(),
0x18d => "NtRollbackEnlistment".to_string(),
0x18e => "NtRollbackRegistryTransaction".to_string(),
0x18f => "NtRollbackTransaction".to_string(),
0x190 => "NtRollforwardTransactionManager".to_string(),
0x191 => "NtSaveKey".to_string(),
0x192 => "NtSaveKeyEx".to_string(),
0x193 => "NtSaveMergedKeys".to_string(),
0x194 => "NtSecureConnectPort".to_string(),
0x195 => "NtSerializeBoot".to_string(),
0x196 => "NtSetBootEntryOrder".to_string(),
0x197 => "NtSetBootOptions".to_string(),
0x198 => "NtSetCachedSigningLevel".to_string(),
0x199 => "NtSetCachedSigningLevel2".to_string(),
0x19a => "NtSetContextThread".to_string(),
0x19b => "NtSetDebugFilterState".to_string(),
0x19c => "NtSetDefaultHardErrorPort".to_string(),
0x19d => "NtSetDefaultLocale".to_string(),
0x19e => "NtSetDefaultUILanguage".to_string(),
0x19f => "NtSetDriverEntryOrder".to_string(),
0x1a0 => "NtSetEaFile".to_string(),
0x1a1 => "NtSetEventEx".to_string(),
0x1a2 => "NtSetHighEventPair".to_string(),
0x1a3 => "NtSetHighWaitLowEventPair".to_string(),
0x1a4 => "NtSetIRTimer".to_string(),
0x1a5 => "NtSetInformationCpuPartition".to_string(),
0x1a6 => "NtSetInformationDebugObject".to_string(),
0x1a7 => "NtSetInformationEnlistment".to_string(),
0x1a8 => "NtSetInformationIoRing".to_string(),
0x1a9 => "NtSetInformationJobObject".to_string(),
0x1aa => "NtSetInformationKey".to_string(),
0x1ab => "NtSetInformationResourceManager".to_string(),
0x1ac => "NtSetInformationSymbolicLink".to_string(),
0x1ad => "NtSetInformationToken".to_string(),
0x1ae => "NtSetInformationTransaction".to_string(),
0x1af => "NtSetInformationTransactionManager".to_string(),
0x1b0 => "NtSetInformationVirtualMemory".to_string(),
0x1b1 => "NtSetInformationWorkerFactory".to_string(),
0x1b2 => "NtSetIntervalProfile".to_string(),
0x1b3 => "NtSetIoCompletion".to_string(),
0x1b4 => "NtSetIoCompletionEx".to_string(),
0x1b5 => "NtSetLdtEntries".to_string(),
0x1b6 => "NtSetLowEventPair".to_string(),
0x1b7 => "NtSetLowWaitHighEventPair".to_string(),
0x1b8 => "NtSetQuotaInformationFile".to_string(),
0x1b9 => "NtSetSecurityObject".to_string(),
0x1ba => "NtSetSystemEnvironmentValue".to_string(),
0x1bb => "NtSetSystemEnvironmentValueEx".to_string(),
0x1bc => "NtSetSystemInformation".to_string(),
0x1bd => "NtSetSystemPowerState".to_string(),
0x1be => "NtSetSystemTime".to_string(),
0x1bf => "NtSetThreadExecutionState".to_string(),
0x1c0 => "NtSetTimer2".to_string(),
0x1c1 => "NtSetTimerEx".to_string(),
0x1c2 => "NtSetTimerResolution".to_string(),
0x1c3 => "NtSetUuidSeed".to_string(),
0x1c4 => "NtSetVolumeInformationFile".to_string(),
0x1c5 => "NtSetWnfProcessNotificationEvent".to_string(),
0x1c6 => "NtShutdownSystem".to_string(),
0x1c7 => "NtShutdownWorkerFactory".to_string(),
0x1c8 => "NtSignalAndWaitForSingleObject".to_string(),
0x1c9 => "NtSinglePhaseReject".to_string(),
0x1ca => "NtStartProfile".to_string(),
0x1cb => "NtStopProfile".to_string(),
0x1cc => "NtSubmitIoRing".to_string(),
0x1cd => "NtSubscribeWnfStateChange".to_string(),
0x1ce => "NtSuspendProcess".to_string(),
0x1cf => "NtSuspendThread".to_string(),
0x1d0 => "NtSystemDebugControl".to_string(),
0x1d1 => "NtTerminateEnclave".to_string(),
0x1d2 => "NtTerminateJobObject".to_string(),
0x1d3 => "NtTestAlert".to_string(),
0x1d4 => "NtThawRegistry".to_string(),
0x1d5 => "NtThawTransactions".to_string(),
0x1d6 => "NtTraceControl".to_string(),
0x1d7 => "NtTranslateFilePath".to_string(),
0x1d8 => "NtUmsThreadYield".to_string(),
0x1d9 => "NtUnloadDriver".to_string(),
0x1da => "NtUnloadKey".to_string(),
0x1db => "NtUnloadKey2".to_string(),
0x1dc => "NtUnloadKeyEx".to_string(),
0x1dd => "NtUnlockFile".to_string(),
0x1de => "NtUnlockVirtualMemory".to_string(),
0x1df => "NtUnmapViewOfSectionEx".to_string(),
0x1e0 => "NtUnsubscribeWnfStateChange".to_string(),
0x1e1 => "NtUpdateWnfStateData".to_string(),
0x1e2 => "NtVdmControl".to_string(),
0x1e3 => "NtWaitForAlertByThreadId".to_string(),
0x1e4 => "NtWaitForDebugEvent".to_string(),
0x1e5 => "NtWaitForKeyedEvent".to_string(),
0x1e6 => "NtWaitForWorkViaWorkerFactory".to_string(),
0x1e7 => "NtWaitHighEventPair".to_string(),
0x1e8 => "NtWaitLowEventPair".to_string(),
_ => format!("NtSyscall_unknown(0x{:x})", sys),
}
}