IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_AGGRESIVE_WS_TRIM

IMAGE_FILE_32BIT_MACHINE

NtTerminateProcess

NtRaiseHardError

RtlInitUnicodeString

RtlAdjustPrivilege

RtlFreeHeap

RtlUpcaseUnicodeChar

RtlUnicodeStringToInteger

RtlAllocateHeap

RtlFreeUnicodeString

DbgPrintEx

RtlExtendedIntegerMultiply

NtQueryVolumeInformationFile

NtOpenFile

NtClose

wcslen

wcscpy

NtQueryInformationProcess

NtCreatePagingFile

NtSetInformationFile

NtQueryInformationFile

DbgPrint

NtQuerySystemInformation

_allmul

NtSetSecurityObject

RtlSetOwnerSecurityDescriptor

RtlSetDaclSecurityDescriptor

RtlAddAccessAllowedAce

RtlCreateAcl

RtlCreateSecurityDescriptor

RtlAllocateAndInitializeSid

RtlDosPathNameToNtPathName_U

RtlExpandEnvironmentStrings_U

NtQueryValueKey

swprintf

NtOpenKey

NtSetValueKey

NtCreateKey

NtCreateFile

NtReadFile

_chkstk

wcsstr

_wcsupr

NtMakeTemporaryObject

NtCreateSymbolicLinkObject

NtOpenDirectoryObject

wcsncpy

RtlAnsiStringToUnicodeString

RtlInitAnsiString

_stricmp

NtCreateSection

LdrVerifyImageMatchesChecksum

NtCreateDirectoryObject

RtlSetEnvironmentVariable

LdrUnloadDll

LdrGetProcedureAddress

RtlInitString

LdrLoadDll

RtlCompareUnicodeString

RtlEqualString

memmove

_wcsicmp

RtlCreateUnicodeString

RtlDosSearchPath_U

RtlQueryEnvironmentVariable_U

RtlEqualUnicodeString

RtlAppendUnicodeToString

RtlAppendUnicodeStringToString

NtWaitForSingleObject

NtResumeThread

RtlDestroyProcessParameters

RtlCreateUserProcess

RtlCreateProcessParameters

RtlUnlockBootStatusData

RtlGetSetBootStatusData

RtlLockBootStatusData

NtDisplayString

sprintf

NtDuplicateObject

RtlLengthSid

RtlGetAce

RtlPrefixUnicodeString

NtQuerySymbolicLinkObject

NtOpenSymbolicLinkObject

NtQueryDirectoryObject

NtRequestWaitReplyPort

RtlFindMessage

NtSetEvent

NtSetSystemInformation

NtCreateEvent

RtlLeaveCriticalSection

RtlEnterCriticalSection

wcscat

LdrQueryImageFileExecutionOptions

NtDelayExecution

NtInitializeRegistry

RtlQueryRegistryValues

NtDeleteValueKey

RtlCreateEnvironment

RtlCreateUserThread

NtCreatePort

RtlInitializeCriticalSection

NtSetInformationProcess

RtlCreateTagHeap

NtSetInformationThread

NtQueryInformationToken

NtOpenThreadToken

NtImpersonateClientOfPort

NtConnectPort

NtCompleteConnectPort

NtAcceptConnectPort

NtOpenProcess

NtReplyWaitReceivePort

RtlExitUserThread

NtReplyPort

RtlSetThreadIsCritical

NtWaitForMultipleObjects

RtlSetProcessIsCritical

RtlUnicodeStringToAnsiString

NtAdjustPrivilegesToken

NtOpenProcessToken

RtlUnhandledExceptionFilter

RtlUnwind

NtQueryVirtualMemory

DbgBreakPoint

RtlNormalizeProcessParams

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE