After my recent work on extracting the SSDT from kernels without a debugger I synced this up with the symbols from the freely-available PDBs and ran a diff between the 20H2 kernel and the latest build (22523) and here's what we see:

Syscalls removed:

• NtAdjustTokenClaimsAndDeviceGroups
• NtCompleteConnectPort
• NtCreateEventPair
• NtCreateJobSet
• NtDirectGraphicsCall
• NtFilterTokenEx
• NtFlushInstructionCache
• NtFlushWriteBuffer
• NtOpenEventPair
• NtQueryPortInformationProcess
• NtSetHighEventPair
• NtSetHighWaitLowEventPair
• NtSetLdtEntries
• NtSetLowEventPair
• NtSetLowWaitHighEventPair
• NtUmsThreadYield
• NtVdmControl
• NtWaitHighEventPair
• NtWaitLowEventPair

Syscalls added:

• CmpPrepareToInvalidateAllHigherLayerKcbsPreCallback
• FsRtlSyncVolumes
• MmConfigureGraphicsPtes
• NtChangeProcessState
• NtChangeThreadState
• NtCreateCpuPartition
• NtCreateIoRing
• NtCreateProcessStateChange
• NtCreateThreadStateChange
• NtOpenCpuPartition
• NtQueryInformationCpuPartition
• NtQueryIoRingCapabilities
• NtQueueApcThreadEx2
• NtReadVirtualMemoryEx
• NtSetInformationCpuPartition
• NtSetInformationIoRing
• NtSubmitIoRing
• PoRegisterDeviceNotify
• SeAdjustObjectSecurity
• SkIsSecureKernel

Note that hfiref0x.github.io/syscalls.html seems to be fairly up to date with the windows 11 builds.

It'll be fun to see what these do and where they're used, but that's all for now.

PS: extract_ssdt now has scripts to download the PDB for your kernel and dump symbols so these can be used to fill out the names for any SSDT you generate, give it a try.