

                    NTDLL.DLL::NtQuerySystemInformation
                    
 winNT
 B8{7C 00 00 00} mov eax, 7Ch
 8D 54 24 04     lea edx, [esp+4]
 CD 2E           int 2Eh
 C2 10 00        retn 10h

 win2K
 B8{97 00 00 00} mov eax, 97h
 8D 54 24 04     lea edx, [esp+4]
 CD 2E           int 2Eh
 C2 10 00        retn 10h

 winXP
 B8{AD 00 00 00} mov eax, ADh
 BA 00 03 FE 7F  mov edx, 7FFE0300h
 FF D2           call edx
 C2 10 00        retn 10h


                         NTDLL.DLL::NtResumeThread
                         
 winNT
 B8{95 00 00 00} mov eax, 95h
 8D 54 24 04     lea edx, [esp+4]
 CD 2E           int 2Eh
 C2 08 00        retn 8

 win2k
 B8{B5 00 00 00} mov eax, 0B5h
 8D 54 24 04     lea edx, [esp+4]
 CD 2E           int 2Eh
 C2 08 00        retn 8

 winXP
 B8{CE 00 00 00} mov eax, 0CEh
 BA 00 03 FE 7F  mov edx, 7FFE0300h
 FF D2           call edx
 C2 08 00        retn 8

                         NTDLL.DLL::LdrGetDllHandle

 winNT
 64 A1 00 00 00 00   mov eax, fs:[0]
 55                  push ebp
 8B EC               mov ebp, esp

 win2k
 55     push ebp
 8B EC  mov ebp, esp
 6A FF  push -1

 winXP
 FF 74 24 10   push [esp+10h]
 FF 74 24 10   push [esp+10h]


                       KERNEL32.DLL::FindFirstFileExW

 winNT
 55                 push ebp
 8B EC              mov ebp, esp
 81 EC{BC 02 00 00} sub esp, 2BCh

 win2K
 55                 push ebp
 8B EC              mov ebp, esp
 81 EC{B8 02 00 00} sub esp, 2B8h

 winXP
 55                 push ebp
 8B EC              mov ebp, esp
 81 EC{B4 02 00 00} sub esp, 2B4h


                        KERNEL32.DLL::FindNextFileW

 winNT
 64 A1 00 00 00 00   mov eax, fs:[0]
 55     push ebp
 8B EC  mov ebp, esp

 win2k
 55     push ebp
 8B EC  mov ebp, esp
 6A FF  push -1

 winXP
 6A 2C           push 2Ch
 68{18 5B E9 77} push 77E95B18h


                     ADVAPI32.DLL::EnumServicesStatusA
        
 winNT
 64 A1 00 00 00 00   mov eax, fs:[0]
 55                  push ebp
 8B EC               mov ebp, esp

 win2K
 55     push ebp
 8B EC  mov ebp, esp
 6A FF  push -1

 winXP
 6A 34           push 34h
 68{80 EF DE 77} push 77DEEF80h


                     ADVAPI32.DLL::EnumServicesStatusW

 winNT,2K,XP
 55     push ebp
 8B EC  mov ebp, esp
 6A 00  push 0

                        ADVAPI32.DLL::RegEnumKeyExW

 winNT
 55       push ebp
 8B EC    mov ebp, esp
 83 EC{10}sub esp, 10h

 win2K,XP
 55       push ebp
 8B EC    mov ebp, esp
 83 EC{14}sub esp, 14h


                         ADVAPI32.DLL::RegEnumKeyW

 winNT
 55                      push ebp
 B8 06 00 00 00          mov eax, 6

 win2K
 55                      push ebp
 8B EC                   mov ebp, esp
 81 7D 08{04 00 00 80}   cmp dword ptr [ebp+8], 80000004h

 winXP
 55       push ebp
 8B EC    mov ebp, esp
 83 EC{14}sub esp, 14h


                     IPHLPAPI.DLL::GetTcpTableFromStack

 win2K
 55        push ebp
 8B EC     mov ebp, esp
 83 EC{2C} sub esp, 2Ch

 winXP
 55        push ebp
 8B EC     mov ebp, esp
 83 EC{28} sub esp, 28h

                     IPHLPAPI.DLL::GetUdpTableFromStack
 win2K
 55        push ebp
 8B EC     mov ebp, esp
 83 EC{2C} sub esp, 2Ch

 winXP
 55        push ebp
 8B EC     mov ebp, esp
 83 EC{28} sub esp, 28h


