Eidolon
synthetic iat · rva-keyed

Decoded API Map

The synthetic IAT thunk table at RVA 0x1DAE190 holds 248per-API polymorphic trampolines. The table below lists every slot decoded by the emulator, cross-referenced against the target module’s export table and listed by target-RVA(offset within kernelbase / ntdll / kernel32).

64 decoded · 184 unresolved (modified fold variants; extending the emulator to handle arithmetic-interleaved folds would unlock most of them).

48
kernelbase APIs
11
ntdll APIs
5
kernel32 APIs
Thunk RVAAPIModuleTarget RVAFolds
+0x38CreateEventWkernelbase+0x56ED01
+0x40CreateFiberkernelbase+0x578402
+0x60CreateProcessWkernelbase+0x3C6900
+0x68CreateThreadkernelbase+0x331100
+0x80DeactivateActCtxkernelbase+0x3B0003
+0xB8RtlExitUserThreadntdll+0x8C4400
+0xE8FlsAllockernelbase+0x3FC002
+0x110FlushInstructionCachekernelbase+0x3B5601
+0x158GetCommandLineWkernelbase+0x40F101
+0x160GetComputerNameWkernelbase+0x3BE800
+0x178GetCurrentDirectoryWkernelbase+0x3EBD02
+0x188GetCurrentProcessIdkernelbase+0x236E00
+0x1E8GetFinalPathNameByHandleWkernelbase+0x573900
+0x218GetModuleFileNameWkernelbase+0x3C5900
+0x220GetModuleHandleAkernelbase+0x3C5F02
+0x228GetModuleHandleExWkernelbase+0x3E5202
+0x230GetModuleHandleWkernelbase+0x3B4601
+0x240GetOEMCPkernelbase+0x449C00
+0x260GetProcessIdkernelbase+0x352302
+0x268GetStartupInfoWkernelbase+0x3E4D01
+0x2F0GetVersionExWkernelbase+0x3FAC00
+0x300GlobalMemoryStatusExkernelbase+0x3AFC01
+0x358RtlRunOnceInitializentdll+0xEB4501
+0x380IsThreadAFiberkernelbase+0x320502
+0x3C0MapViewOfFilekernelbase+0x383200
+0x3D0Module32FirstWkernelbase+0x335702
+0x3D8Module32NextWkernelbase+0x244E02
+0x420QueryPerformanceFrequencykernelbase+0x331F02
+0x440ReadFilekernelbase+0x574C02
+0x450RtlReleaseSRWLockSharedntdll+0x1B0200
+0x460ResetEventkernelbase+0x56FE02
+0x478SetEndOfFilekernelbase+0x575303
+0x488SetEventkernelbase+0x56FF01
+0x498SetFilePointerkernelbase+0x575701
+0x4A0SetFilePointerExkernelbase+0x575800
+0x4A8SetLastErrorkernelbase+0x28DB00
+0x4B0SetStdHandlekernelbase+0x54E202
+0x4C0SetThreadContextkernelbase+0x451001
+0x4D0SetUnhandledExceptionFilterkernelbase+0x436101
+0x4E0Sleepkernelbase+0x319901
+0x4F0SleepExkernelbase+0x570101
+0x4F8TpStartAsyncIoOperationntdll+0x718602
+0x500SuspendThreadkernelbase+0x3E8800
+0x518SystemTimeToTzSpecificLocalTimekernelbase+0x3F6E02
+0x530Thread32Firstkernelbase+0xDAC01
+0x550TlsGetValuekernelbase+0x842E02
+0x560RtlTryAcquireSRWLockExclusiventdll+0x148500
+0x578UnmapViewOfFilekernelbase+0x384
+0x580VerifyVersionInfoWkernelbase+0x2E0D01
+0x588VirtualAllockernelbase+0x33CA02
+0x590VirtualFreekernelbase+0x35C001
+0x598VirtualProtectkernelbase+0x382C02
+0x5A8WaitForMultipleObjectskernelbase+0x570202
+0x5F8ZwContinuentdll+0x1623502
+0x610ZwQueryInformationProcessntdll+0x161E102
+0x628RtlCaptureContextntdll+0x120BE01
+0x630RtlLookupFunctionEntryntdll+0xE0101
+0x640RtlRestoreContextntdll+0x4CD901
+0x660VerSetConditionMaskntdll+0xEA2C02
+0x690CryptDestroyKeykernel32+0x345900
+0x698CryptEncryptkernel32+0x376700
+0x6C8GetUserNameWkernel32+0x303602
+0x6D0RegCloseKeykernel32+0x287B00
+0x6E8RegOpenKeyExWkernel32+0x273001