另外贴一份Windows 7（Windows 7 SP1 32位，即Windows NT 6.1.7601下的SSDT
首先：
dd KeServiceDescriptorTable
得到：

83d899c0  83c9dd9c 00000000 00000191 83c9e3e4
83d899d0  00000000 00000000 00000000 00000000
83d899e0  83cfc6af 00000000 0239dd4d 00000bb8
83d899f0  00000011 00000100 5385d2ba d717548f
83d89a00  83c9dd9c 00000000 00000191 83c9e3e4
83d89a10  94006000 00000000 00000339 9400702c
83d89a20  00000000 00000000 83d89a24 00000340
83d89a30  00000340 863f1a38 00000007 00000000

参考SSDT的结构：

typedef struct _KSERVICE_TABLE_DESCRIPTOR {
    PULONG_PTR Base;
    PULONG Count;
    ULONG Limit;
    PUCHAR Number;
} KSERVICE_TABLE_DESCRIPTOR, *PKSERVICE_TABLE_DESCRIPTOR;

可知
Base = 0x83c9dd9c
Limit = KSERVICE_TABLE_DESCRIPTOR + 8
即SSDT中有0x191个项，一共401项
然后
dds 83c9dd9c l 191

得到：

83c9dd9c  83e99c28 nt!NtAcceptConnectPort
83c9dda0  83ce040d nt!NtAccessCheck
83c9dda4  83e29b68 nt!NtAccessCheckAndAuditAlarm
83c9dda8  83c4488a nt!NtAccessCheckByType
83c9ddac  83e9b4ff nt!NtAccessCheckByTypeAndAuditAlarm
83c9ddb0  83d1d3fa nt!NtAccessCheckByTypeResultList
83c9ddb4  83f0bb05 nt!NtAccessCheckByTypeResultListAndAuditAlarm
83c9ddb8  83f0bb4e nt!NtAccessCheckByTypeResultListAndAuditAlarmByHandle
83c9ddbc  83e1e3bd nt!NtAddAtom
83c9ddc0  83f25368 nt!NtAddBootEntry
83c9ddc4  83f265c1 nt!NtAddDriverEntry
83c9ddc8  83e14b95 nt!NtAdjustGroupsToken
83c9ddcc  83ea5b35 nt!NtAdjustPrivilegesToken
83c9ddd0  83efe963 nt!NtAlertResumeThread
83c9ddd4  83e51a56 nt!NtAlertThread
83c9ddd8  83e216cc nt!NtAllocateLocallyUniqueId
83c9dddc  83db7928 nt!NtAllocateReserveObject
83c9dde0  83ef0898 nt!NtAllocateUserPhysicalPages
83c9dde4  83e0814e nt!NtAllocateUuids
83c9dde8  83e4aa62 nt!NtAllocateVirtualMemory
83c9ddec  83e96df1 nt!NtAlpcAcceptConnectPort
83c9ddf0  83df8238 nt!NtAlpcCancelMessage
83c9ddf4  83e961fe nt!NtAlpcConnectPort
83c9ddf8  83e15c0c nt!NtAlpcCreatePort
83c9ddfc  83ea75bc nt!NtAlpcCreatePortSection
83c9de00  83e1828f nt!NtAlpcCreateResourceReserve
83c9de04  83ea739c nt!NtAlpcCreateSectionView
83c9de08  83e9fafc nt!NtAlpcCreateSecurityContext
83c9de0c  83e2a0f0 nt!NtAlpcDeletePortSection
83c9de10  83eeb657 nt!NtAlpcDeleteResourceReserve
83c9de14  83e9cec9 nt!NtAlpcDeleteSectionView
83c9de18  83ea77ee nt!NtAlpcDeleteSecurityContext
83c9de1c  83e801fc nt!NtAlpcDisconnectPort
83c9de20  83e9af2e nt!NtAlpcImpersonateClientOfPort
83c9de24  83e2cd15 nt!NtAlpcOpenSenderProcess
83c9de28  83e20cf3 nt!NtAlpcOpenSenderThread
83c9de2c  83e12b70 nt!NtAlpcQueryInformation
83c9de30  83e80a83 nt!NtAlpcQueryInformationMessage
83c9de34  83eeb77f nt!NtAlpcRevokeSecurityContext
83c9de38  83e72f0a nt!NtAlpcSendWaitReceivePort
83c9de3c  83e20702 nt!NtAlpcSetInformation
83c9de40  83e3221b nt!NtApphelpCacheControl
83c9de44  83dee0e3 nt!NtAreMappedFilesTheSame
83c9de48  83e1fed1 nt!NtAssignProcessToJobObject
83c9de4c  83c9e8bc nt!NtCallbackReturn
83c9de50  83de95c3 nt!NtCancelIoFile
83c9de54  83e1dce7 nt!NtCancelIoFileEx
83c9de58  83ed7fb0 nt!NtCancelSynchronousIoFile
83c9de5c  83c4ad56 nt!NtCancelTimer
83c9de60  83e4cb5f nt!NtClearEvent
83c9de64  83e6537a nt!NtClose
83c9de68  83e9b42e nt!NtCloseObjectAuditAlarm
83c9de6c  83f13412 nt!NtCommitComplete
83c9de70  83f13132 nt!NtCommitEnlistment
83c9de74  83df49b9 nt!NtCommitTransaction
83c9de78  83ebd013 nt!NtCompactKeys
83c9de7c  83e1bc9d nt!NtCompareTokens
83c9de80  83e20ce9 nt!NtCompleteConnectPort
83c9de84  83ebd27f nt!NtCompressKey
83c9de88  83e98d09 nt!NtConnectPort
83c9de8c  83c60d0c nt!NtContinue
83c9de90  83ecdc79 nt!NtCreateDebugObject
83c9de94  83e23505 nt!NtCreateDirectoryObject
83c9de98  83dc5a55 nt!NtCreateEnlistment
83c9de9c  83e61671 nt!NtCreateEvent
83c9dea0  83f2b068 nt!NtCreateEventPair
83c9dea4  83e701e4 nt!NtCreateFile
83c9dea8  83e7b667 nt!NtCreateIoCompletion
83c9deac  83e12977 nt!NtCreateJobObject
83c9deb0  83f006de nt!NtCreateJobSet
83c9deb4  83e21e2a nt!NtCreateKey
83c9deb8  83e30d1e nt!NtCreateKeyedEvent
83c9debc  83df2a36 nt!NtCreateKeyTransacted
83c9dec0  83e2632f nt!NtCreateMailslotFile
83c9dec4  83e31196 nt!NtCreateMutant
83c9dec8  83ea14f9 nt!NtCreateNamedPipeFile
83c9decc  83dad406 nt!NtCreatePagingFile
83c9ded0  83e1275f nt!NtCreatePort
83c9ded4  83df457f nt!NtCreatePrivateNamespace
83c9ded8  83efcdf9 nt!NtCreateProcess
83c9dedc  83efce44 nt!NtCreateProcessEx
83c9dee0  83f2bafb nt!NtCreateProfile
83c9dee4  83f2bac1 nt!NtCreateProfileEx
83c9dee8  83dc835f nt!NtCreateResourceManager
83c9deec  83e43f2b nt!NtCreateSection
83c9def0  83e2698d nt!NtCreateSemaphore
83c9def4  83e227f5 nt!NtCreateSymbolicLinkObject
83c9def8  83efcc02 nt!NtCreateThread
83c9defc  83e91124 nt!NtCreateThreadEx
83c9df00  83e1f304 nt!NtCreateTimer
83c9df04  83e25ac8 nt!NtCreateToken
83c9df08  83df0e62 nt!NtCreateTransaction
83c9df0c  83dc816b nt!NtCreateTransactionManager
83c9df10  83e8f056 nt!NtCreateUserProcess
83c9df14  83dc5134 nt!NtCreateWaitablePort
83c9df18  83e30f39 nt!NtCreateWorkerFactory
83c9df1c  83eceb36 nt!NtDebugActiveProcess
83c9df20  83ecf1f3 nt!NtDebugContinue
83c9df24  83e4996f nt!NtDelayExecution
83c9df28  83e0d07b nt!NtDeleteAtom
83c9df2c  83f2539b nt!NtDeleteBootEntry
83c9df30  83f265f3 nt!NtDeleteDriverEntry
83c9df34  83db96ad nt!NtDeleteFile
83c9df38  83e0c911 nt!NtDeleteKey
83c9df3c  83eab9df nt!NtDeleteObjectAuditAlarm
83c9df40  83eb46f6 nt!NtDeletePrivateNamespace
83c9df44  83dfe328 nt!NtDeleteValueKey
83c9df48  83e943ca nt!NtDeviceIoControlFile
83c9df4c  83ee84da nt!NtDisableLastKnownGood
83c9df50  83f235ef nt!NtDisplayString
83c9df54  83d34259 nt!NtDrawText
83c9df58  83e524f0 nt!NtDuplicateObject
83c9df5c  83e8c974 nt!NtDuplicateToken
83c9df60  83ee85bb nt!NtEnableLastKnownGood
83c9df64  83f2559d nt!NtEnumerateBootEntries
83c9df68  83f267f3 nt!NtEnumerateDriverEntries
83c9df6c  83e87a59 nt!NtEnumerateKey
83c9df70  83f2517b nt!NtEnumerateSystemEnvironmentValuesEx
83c9df74  83f13f4c nt!NtEnumerateTransactionObject
83c9df78  83e89ebf nt!NtEnumerateValueKey
83c9df7c  83eeea0f nt!NtExtendSection
83c9df80  83e05d81 nt!NtFilterToken
83c9df84  83e118ff nt!NtFindAtom
83c9df88  83e29117 nt!NtFlushBuffersFile
83c9df8c  83db590f nt!NtFlushInstallUILanguage
83c9df90  83e204c2 nt!NtFlushInstructionCache
83c9df94  83dff9cd nt!NtFlushKey
83c9df98  83c451b1 nt!NtFlushProcessWriteBuffers
83c9df9c  83dfb130 nt!NtFlushVirtualMemory
83c9dfa0  83ef19b7 nt!NtFlushWriteBuffer
83c9dfa4  83ef1039 nt!NtFreeUserPhysicalPages
83c9dfa8  83cd94db nt!NtFreeVirtualMemory
83c9dfac  83cf36fc nt!NtFreezeRegistry
83c9dfb0  83f1439a nt!NtFreezeTransactions
83c9dfb4  83e766a2 nt!NtFsControlFile
83c9dfb8  83eb5dc1 nt!NtGetContextThread
83c9dfbc  83eb5d56 nt!NtGetCurrentProcessorNumber
83c9dfc0  83ef9e37 nt!NtGetDevicePowerState
83c9dfc4  83e31daf nt!NtGetMUIRegistryInfo
83c9dfc8  83efeb54 nt!NtGetNextProcess
83c9dfcc  83eadc0a nt!NtGetNextThread
83c9dfd0  83dfa5c6 nt!NtGetNlsSectionPtr
83c9dfd4  83f144f4 nt!NtGetNotificationResourceManager
83c9dfd8  83ddfe67 nt!NtGetPlugPlayEvent
83c9dfdc  83d0a5c7 nt!NtGetWriteWatch
83c9dfe0  83e167ca nt!NtImpersonateAnonymousToken
83c9dfe4  83eea7a1 nt!NtImpersonateClientOfPort
83c9dfe8  83e9a5fc nt!NtImpersonateThread
83c9dfec  83e7cf0d nt!NtInitializeNlsFiles
83c9dff0  83db91ca nt!NtInitializeRegistry
83c9dff4  83eb05c3 nt!NtInitiatePowerAction
83c9dff8  83eb1cdd nt!NtIsProcessInJob
83c9dffc  83ef9e1e nt!NtIsSystemResumeAutomatic
83c9e000  83db3de9 nt!NtIsUILanguageComitted
83c9e004  83db0c75 nt!NtListenPort
83c9e008  83de6b78 nt!NtLoadDriver
83c9e00c  83db2426 nt!NtLoadKey
83c9e010  83d9fa1c nt!NtLoadKey2
83c9e014  83dc2e72 nt!NtLoadKeyEx
83c9e018  83e2432b nt!NtLockFile
83c9e01c  83d99026 nt!NtLockProductActivationKeys
83c9e020  83d946d5 nt!NtLockRegistryKey
83c9e024  83c44191 nt!NtLockVirtualMemory
83c9e028  83de71b1 nt!NtMakePermanentObject
83c9e02c  83e2c851 nt!NtMakeTemporaryObject
83c9e030  83e3135b nt!NtMapCMFModule
83c9e034  83eefb57 nt!NtMapUserPhysicalPages
83c9e038  83ef012d nt!NtMapUserPhysicalPagesScatter
83c9e03c  83e67394 nt!NtMapViewOfSection
83c9e040  83f2556c nt!NtModifyBootEntry
83c9e044  83f267c4 nt!NtModifyDriverEntry
83c9e048  83e16db6 nt!NtNotifyChangeDirectoryFile
83c9e04c  83e1ae17 nt!NtNotifyChangeKey
83c9e050  83e19f39 nt!NtNotifyChangeMultipleKeys
83c9e054  83de0d6b nt!NtNotifyChangeSession
83c9e058  83e63584 nt!NtOpenDirectoryObject
83c9e05c  83f12995 nt!NtOpenEnlistment
83c9e060  83e30b92 nt!NtOpenEvent
83c9e064  83f2b169 nt!NtOpenEventPair
83c9e068  83e52b10 nt!NtOpenFile
83c9e06c  83ed7ca5 nt!NtOpenIoCompletion
83c9e070  83f00057 nt!NtOpenJobObject
83c9e074  83e6c642 nt!NtOpenKey
83c9e078  83e30add nt!NtOpenKeyEx
83c9e07c  83f2b49f nt!NtOpenKeyedEvent
83c9e080  83df0169 nt!NtOpenKeyTransacted
83c9e084  83df00f9 nt!NtOpenKeyTransactedEx
83c9e088  83e820e2 nt!NtOpenMutant
83c9e08c  83df94b2 nt!NtOpenObjectAuditAlarm
83c9e090  83dfaf07 nt!NtOpenPrivateNamespace
83c9e094  83e329dc nt!NtOpenProcess
83c9e098  83e84fff nt!NtOpenProcessToken
83c9e09c  83e72b37 nt!NtOpenProcessTokenEx
83c9e0a0  83d9e0c7 nt!NtOpenResourceManager
83c9e0a4  83e8a674 nt!NtOpenSection
83c9e0a8  83e060c6 nt!NtOpenSemaphore
83c9e0ac  83ea7977 nt!NtOpenSession
83c9e0b0  83e6eb6f nt!NtOpenSymbolicLinkObject
83c9e0b4  83e7ed87 nt!NtOpenThread
83c9e0b8  83e992e4 nt!NtOpenThreadToken
83c9e0bc  83e72c4e nt!NtOpenThreadTokenEx
83c9e0c0  83f2ae0f nt!NtOpenTimer
83c9e0c4  83f136f1 nt!NtOpenTransaction
83c9e0c8  83f14989 nt!NtOpenTransactionManager
83c9e0cc  83e04506 nt!NtPlugPlayControl
83c9e0d0  83e61970 nt!NtPowerInformation
83c9e0d4  83f132a2 nt!NtPrepareComplete
83c9e0d8  83f12fc2 nt!NtPrepareEnlistment
83c9e0dc  83f1335a nt!NtPrePrepareComplete
83c9e0e0  83f1307a nt!NtPrePrepareEnlistment
83c9e0e4  83e1793f nt!NtPrivilegeCheck
83c9e0e8  83de6f60 nt!NtPrivilegedServiceAuditAlarm
83c9e0ec  83e01a51 nt!NtPrivilegeObjectAuditAlarm
83c9e0f0  83f150e4 nt!NtPropagationComplete
83c9e0f4  83f151aa nt!NtPropagationFailed
83c9e0f8  83e63403 nt!NtProtectVirtualMemory
83c9e0fc  83eb45a7 nt!NtPulseEvent
83c9e100  83e789a1 nt!NtQueryAttributesFile
83c9e104  83f25a3e nt!NtQueryBootEntryOrder
83c9e108  83f25e83 nt!NtQueryBootOptions
83c9e10c  83ce3d34 nt!NtQueryDebugFilterState
83c9e110  83e97b8c nt!NtQueryDefaultLocale
83c9e114  83dc3f5c nt!NtQueryDefaultUILanguage
83c9e118  83e54d11 nt!NtQueryDirectoryFile
83c9e11c  83e799f0 nt!NtQueryDirectoryObject
83c9e120  83f26381 nt!NtQueryDriverEntryOrder
83c9e124  83db2b4a nt!NtQueryEaFile
83c9e128  83e1b81e nt!NtQueryEvent
83c9e12c  83ea15d5 nt!NtQueryFullAttributesFile
83c9e130  83e0d24c nt!NtQueryInformationAtom
83c9e134  83f12ba2 nt!NtQueryInformationEnlistment
83c9e138  83e766d5 nt!NtQueryInformationFile
83c9e13c  83ead0ff nt!NtQueryInformationJobObject
83c9e140  83eea7d4 nt!NtQueryInformationPort
83c9e144  83e57644 nt!NtQueryInformationProcess
83c9e148  83f145fe nt!NtQueryInformationResourceManager
83c9e14c  83e7dd6d nt!NtQueryInformationThread
83c9e150  83e7306e nt!NtQueryInformationToken
83c9e154  83f138e4 nt!NtQueryInformationTransaction
83c9e158  83d9dbcf nt!NtQueryInformationTransactionManager
83c9e15c  83d34e81 nt!NtQueryInformationWorkerFactory
83c9e160  83dffc3f nt!NtQueryInstallUILanguage
83c9e164  83f2be6b nt!NtQueryIntervalProfile
83c9e168  83ed7d68 nt!NtQueryIoCompletion
83c9e16c  83e6ccae nt!NtQueryKey
83c9e170  83e22e8d nt!NtQueryLicenseValue
83c9e174  83e01cc0 nt!NtQueryMultipleValueKey
83c9e178  83f2b57c nt!NtQueryMutant
83c9e17c  83e21ed6 nt!NtQueryObject
83c9e180  83ebcb05 nt!NtQueryOpenSubKeys
83c9e184  83eaadf8 nt!NtQueryOpenSubKeysEx
83c9e188  83e31277 nt!NtQueryPerformanceCounter
83c9e18c  83efd2c4 nt!NtQueryPortInformationProcess
83c9e190  83ed9349 nt!NtQueryQuotaInformationFile
83c9e194  83e979e6 nt!NtQuerySection
83c9e198  83e172d0 nt!NtQuerySecurityAttributesToken
83c9e19c  83e1ae4c nt!NtQuerySecurityObject
83c9e1a0  83f243fc nt!NtQuerySemaphore
83c9e1a4  83e6ec15 nt!NtQuerySymbolicLinkObject
83c9e1a8  83f245d3 nt!NtQuerySystemEnvironmentValue
83c9e1ac  83f24bc7 nt!NtQuerySystemEnvironmentValueEx
83c9e1b0  83e50cd4 nt!NtQuerySystemInformation
83c9e1b4  83e89ddd nt!NtQuerySystemInformationEx
83c9e1b8  83e97af7 nt!NtQuerySystemTime
83c9e1bc  83f2aece nt!NtQueryTimer
83c9e1c0  83e0d729 nt!NtQueryTimerResolution
83c9e1c4  83e6b405 nt!NtQueryValueKey
83c9e1c8  83e7c6a7 nt!NtQueryVirtualMemory
83c9e1cc  83e772c8 nt!NtQueryVolumeInformationFile
83c9e1d0  83e1ccaa nt!NtQueueApcThread
83c9e1d4  83e18e67 nt!NtQueueApcThreadEx
83c9e1d8  83c60d54 nt!NtRaiseException
83c9e1dc  83df80a3 nt!NtRaiseHardError
83c9e1e0  83e82c8c nt!NtReadFile
83c9e1e4  83db86a7 nt!NtReadFileScatter
83c9e1e8  83f13580 nt!NtReadOnlyEnlistment
83c9e1ec  83eea8b9 nt!NtReadRequestData
83c9e1f0  83e8082c nt!NtReadVirtualMemory
83c9e1f4  83f12b46 nt!NtRecoverEnlistment
83c9e1f8  83dc888c nt!NtRecoverResourceManager
83c9e1fc  83dca128 nt!NtRecoverTransactionManager
83c9e200  83f14f38 nt!NtRegisterProtocolAddressInformation
83c9e204  83efe09c nt!NtRegisterThreadTerminatePort
83c9e208  83e510ed nt!NtReleaseKeyedEvent
83c9e20c  83e49873 nt!NtReleaseMutant
83c9e210  83e33b6a nt!NtReleaseSemaphore
83c9e214  83ca3c28 nt!NtReleaseWorkerFactoryWorker
83c9e218  83e26a8e nt!NtRemoveIoCompletion
83c9e21c  83e21a8e nt!NtRemoveIoCompletionEx
83c9e220  83ecec81 nt!NtRemoveProcessDebug
83c9e224  83ebcd4b nt!NtRenameKey
83c9e228  83f14bd4 nt!NtRenameTransactionManager
83c9e22c  83ebc898 nt!NtReplaceKey
83c9e230  83cfc3d3 nt!NtReplacePartitionUnit
83c9e234  83e11a3d nt!NtReplyPort
83c9e238  83e595e2 nt!NtReplyWaitReceivePort
83c9e23c  83e59165 nt!NtReplyWaitReceivePortEx
83c9e240  83eeaa85 nt!NtReplyWaitReplyPort
83c9e244  83ea1435 nt!NtRequestPort
83c9e248  83e5e8d9 nt!NtRequestWaitReplyPort
83c9e24c  83dfcec3 nt!NtResetEvent
83c9e250  83d0ac18 nt!NtResetWriteWatch
83c9e254  83eb2904 nt!NtRestoreKey
83c9e258  83efe8fd nt!NtResumeProcess
83c9e25c  83e9134b nt!NtResumeThread
83c9e260  83f13636 nt!NtRollbackComplete
83c9e264  83f131ea nt!NtRollbackEnlistment
83c9e268  83dc6c7c nt!NtRollbackTransaction
83c9e26c  83f14d36 nt!NtRollforwardTransactionManager
83c9e270  83eb4176 nt!NtSaveKey
83c9e274  83eb391c nt!NtSaveKeyEx
83c9e278  83ebbbbb nt!NtSaveMergedKeys
83c9e27c  83e7edbc nt!NtSecureConnectPort
83c9e280  83dabf07 nt!NtSerializeBoot
83c9e284  83f25c7f nt!NtSetBootEntryOrder
83c9e288  83f2616b nt!NtSetBootOptions
83c9e28c  83efdcff nt!NtSetContextThread
83c9e290  83d919bd nt!NtSetDebugFilterState
83c9e294  83daf895 nt!NtSetDefaultHardErrorPort
83c9e298  83dc3ce1 nt!NtSetDefaultLocale
83c9e29c  83dc4250 nt!NtSetDefaultUILanguage
83c9e2a0  83f26bf5 nt!NtSetDriverEntryOrder
83c9e2a4  83ed8dda nt!NtSetEaFile
83c9e2a8  83e4a6de nt!NtSetEvent
83c9e2ac  83f240b7 nt!NtSetEventBoostPriority
83c9e2b0  83f2b435 nt!NtSetHighEventPair
83c9e2b4  83f2b367 nt!NtSetHighWaitLowEventPair
83c9e2b8  83ecf3b9 nt!NtSetInformationDebugObject
83c9e2bc  83f12dea nt!NtSetInformationEnlistment
83c9e2c0  83e7775c nt!NtSetInformationFile
83c9e2c4  83e1ccce nt!NtSetInformationJobObject
83c9e2c8  83ebc3ad nt!NtSetInformationKey
83c9e2cc  83e29314 nt!NtSetInformationObject
83c9e2d0  83e59603 nt!NtSetInformationProcess
83c9e2d4  83f1480c nt!NtSetInformationResourceManager
83c9e2d8  83e8aaaf nt!NtSetInformationThread
83c9e2dc  83e24780 nt!NtSetInformationToken
83c9e2e0  83f14146 nt!NtSetInformationTransaction
83c9e2e4  83f14dfb nt!NtSetInformationTransactionManager
83c9e2e8  83ccd362 nt!NtSetInformationWorkerFactory
83c9e2ec  83f2be48 nt!NtSetIntervalProfile
83c9e2f0  83e04b82 nt!NtSetIoCompletion
83c9e2f4  83ed7e8e nt!NtSetIoCompletionEx
83c9e2f8  83effd17 nt!NtSetLdtEntries
83c9e2fc  83f2b3d2 nt!NtSetLowEventPair
83c9e300  83f2b2fc nt!NtSetLowWaitHighEventPair
83c9e304  83ed995f nt!NtSetQuotaInformationFile
83c9e308  83e22626 nt!NtSetSecurityObject
83c9e30c  83f248cd nt!NtSetSystemEnvironmentValue
83c9e310  83f24edf nt!NtSetSystemEnvironmentValueEx
83c9e314  83e6f0ee nt!NtSetSystemInformation
83c9e318  83f41d7a nt!NtSetSystemPowerState
83c9e31c  83eb0e70 nt!NtSetSystemTime
83c9e320  83eb7b4d nt!NtSetThreadExecutionState
83c9e324  83ca3d52 nt!NtSetTimer
83c9e328  83cb64b9 nt!NtSetTimerEx
83c9e32c  83e11b3e nt!NtSetTimerResolution
83c9e330  83db32d7 nt!NtSetUuidSeed
83c9e334  83e2b427 nt!NtSetValueKey
83c9e338  83ed9979 nt!NtSetVolumeInformationFile
83c9e33c  83f235ad nt!NtShutdownSystem
83c9e340  83e339b7 nt!NtShutdownWorkerFactory
83c9e344  83ced701 nt!NtSignalAndWaitForSingleObject
83c9e348  83f134ca nt!NtSinglePhaseReject
83c9e34c  83f2bb84 nt!NtStartProfile
83c9e350  83f2bd7b nt!NtStopProfile
83c9e354  83efe89f nt!NtSuspendProcess
83c9e358  83eb5e2d nt!NtSuspendThread
83c9e35c  83ea6464 nt!NtSystemDebugControl
83c9e360  83e1336f nt!NtTerminateJobObject
83c9e364  83e7b9bf nt!NtTerminateProcess
83c9e368  83e99334 nt!NtTerminateThread
83c9e36c  83e90afa nt!NtTestAlert
83c9e370  83cf375f nt!NtThawRegistry
83c9e374  83f14478 nt!NtThawTransactions
83c9e378  83e709bb nt!NtTraceControl
83c9e37c  83ce66a0 nt!NtTraceEvent
83c9e380  83f26df9 nt!NtTranslateFilePath
83c9e384  83eea74b nt!NtUmsThreadYield
83c9e388  83eda1cf nt!NtUnloadDriver
83c9e38c  83ea9503 nt!NtUnloadKey
83c9e390  83ea951d nt!NtUnloadKey2
83c9e394  83ebbd53 nt!NtUnloadKeyEx
83c9e398  83e26eaf nt!NtUnlockFile
83c9e39c  83c3cb17 nt!NtUnlockVirtualMemory
83c9e3a0  83e8563a nt!NtUnmapViewOfSection
83c9e3a4  83f18769 nt!NtVdmControl
83c9e3a8  83eceed7 nt!NtWaitForDebugEvent
83c9e3ac  83e50e16 nt!NtWaitForKeyedEvent
83c9e3b0  83e49435 nt!NtWaitForMultipleObjects
83c9e3b4  83ef4904 nt!NtWaitForMultipleObjects32
83c9e3b8  83e48ae7 nt!NtWaitForSingleObject
83c9e3bc  83ca37b1 nt!NtWaitForWorkViaWorkerFactory
83c9e3c0  83f2b293 nt!NtWaitHighEventPair
83c9e3c4  83f2b22a nt!NtWaitLowEventPair
83c9e3c8  83cdc4b4 nt!NtWorkerFactoryWorkerReady
83c9e3cc  83e8ff2b nt!NtWriteFile
83c9e3d0  83dc02f7 nt!NtWriteFileGather
83c9e3d4  83eea926 nt!NtWriteRequestData
83c9e3d8  83e8071c nt!NtWriteVirtualMemory
83c9e3dc  83c4b5c5 nt!NtYieldExecution

其它几个域就用不着给出了吧。。。