IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

RtlSetBits

MmUnlockPagableImageSection

SeLockSubjectContext

ObOpenObjectByPointer

IoQueryDeviceDescription

ZwCreateFile

RtlUpcaseUnicodeString

ExCreateCallback

FsRtlFreeFileLock

MmFreeMappingAddress

RtlSecondsSince1980ToTime

RtlFillMemoryUlong

MmIsAddressValid

IoCsqRemoveIrp

DbgBreakPoint

RtlCreateAcl

IoAllocateErrorLogEntry

IoReleaseRemoveLockAndWaitEx

IoDeleteDevice

RtlxOemStringToUnicodeSize

CcCanIWrite

ZwOpenSection

RtlFreeAnsiString

RtlNumberOfClearBits

RtlFindSetBits

CcCopyWrite

RtlTimeToSecondsSince1970

RtlIntegerToUnicodeString

PsImpersonateClient

MmAllocateNonCachedMemory

PsRevertToSelf

KeSetTimer

RtlInitUnicodeString

IoCreateNotificationEvent

IoIsSystemThread

ObQueryNameString

RtlAppendStringToString

ZwUnloadDriver

ZwOpenSymbolicLinkObject

CcCopyRead

ExAcquireResourceSharedLite

RtlLengthSecurityDescriptor

ExAcquireFastMutexUnsafe

RtlCopyLuid

CcFastMdlReadWait

MmMapIoSpace

RtlInsertUnicodePrefix

IoFreeIrp

PoRegisterSystemState

IoCreateStreamFileObjectLite

ZwClose

KeGetCurrentThread

PoStartNextPowerIrp

CcInitializeCacheMap

ExRaiseDatatypeMisalignment

IoAllocateAdapterChannel

KeResetEvent

SeDeleteObjectAuditAlarm

CcMdlWriteAbort

KeRemoveQueue

MmUnmapIoSpace

KeSetImportanceDpc

RtlFindUnicodePrefix

MmHighestUserAddress

RtlClearAllBits

RtlUnicodeStringToInteger

RtlEqualString

PsReturnPoolQuota

ObGetObjectSecurity

FsRtlDeregisterUncProvider

ZwOpenProcess

MmUnmapReservedMapping

SeValidSecurityDescriptor

KeRundownQueue

ZwDeleteValueKey

SeSetSecurityDescriptorInfo

ObfReferenceObject

SeCaptureSubjectContext

ZwMapViewOfSection

RtlCopyString

RtlAddAccessAllowedAce

CcSetReadAheadGranularity

RtlWriteRegistryValue

KeEnterCriticalRegion

ZwCreateDirectoryObject

IoGetDeviceProperty

PsCreateSystemThread

ExSetResourceOwnerPointer

IoReadPartitionTableEx

PsSetLoadImageNotifyRoutine

RtlCharToInteger

KeTickCount

ObMakeTemporaryObject

RtlTimeToSecondsSince1980

KeSaveFloatingPointState

KeReadStateMutex

KeReadStateTimer

MmProbeAndLockPages

KeInsertQueueDpc

ZwQuerySymbolicLinkObject

SeFreePrivileges

ZwReadFile

RtlCreateSecurityDescriptor

ZwOpenFile

RtlUpcaseUnicodeToOemN

ZwQueryKey

PsGetProcessId

IoCheckQuotaBufferValidity

MmIsDriverVerifying

ZwSetValueKey

MmUnlockPages

ExReleaseResourceLite

SeSinglePrivilegeCheck

KefAcquireSpinLockAtDpcLevel

PoCallDriver

CcUnpinRepinnedBcb

CcFastCopyRead

IoSetSystemPartition

MmIsVerifierEnabled

CcPreparePinWrite

CcSetDirtyPinnedData

IoReleaseRemoveLockEx

IoStartTimer

RtlGetVersion

IoSetHardErrorOrVerifyDevice

IoGetRequestorProcessId

CcPurgeCacheSection

ObInsertObject

ZwSetSecurityObject

RtlUpperString

FsRtlIsHpfsDbcsLegal

IoCreateSynchronizationEvent

IoConnectInterrupt

IoOpenDeviceRegistryKey

RtlInitializeGenericTable

IoGetDeviceToVerify

KeSetEvent

ExReleaseFastMutexUnsafe

IoCreateSymbolicLink

IoSetTopLevelIrp

DbgPrompt

IoCancelIrp

IoCheckShareAccess

PsTerminateSystemThread

KeLeaveCriticalRegion

RtlSubAuthoritySid

IoGetAttachedDevice

SeAssignSecurity

RtlNtStatusToDosError

SeAppendPrivileges

ZwFsControlFile

IoRegisterDeviceInterface

PoSetPowerState

RtlVolumeDeviceToDosName

IoIsWdmVersionAvailable

RtlTimeFieldsToTime

IoDeviceObjectType

KeInitializeTimerEx

RtlUnicodeToMultiByteN

IoRegisterFileSystem

RtlInitializeUnicodePrefix

KdDisableDebugger

IoVolumeDeviceToDosName

KeRemoveByKeyDeviceQueue

RtlInitAnsiString

KeInitializeDeviceQueue

PoUnregisterSystemState

KeSetSystemAffinityThread

IoRemoveShareAccess

MmAllocateContiguousMemory

RtlAppendUnicodeToString

ZwCreateSection

RtlCompareString

FsRtlIsNameInExpression

IoAllocateMdl

KeQueryActiveProcessors

IoStopTimer

KeQueryInterruptTime

IoUpdateShareAccess

IoEnumerateDeviceObjectList

RtlOemStringToUnicodeString

RtlIsNameLegalDOS8Dot3

RtlEqualSid

KeFlushQueuedDpcs

IoWMIRegistrationControl

RtlInitString

FsRtlIsDbcsInExpression

ZwFlushKey

ProbeForRead

IoStartPacket

IoGetRequestorProcess

RtlFindClearBits

PsGetVersion

HalExamineMBR

RtlFindLeastSignificantBit

RtlCreateRegistryKey

RtlSecondsSince1970ToTime

KeRemoveQueueDpc

IoGetAttachedDeviceReference

PsReferencePrimaryToken

MmUnsecureVirtualMemory

IoCreateStreamFileObject

IoSetDeviceInterfaceState

KeSetTargetProcessorDpc

IoFreeMdl

IoThreadToProcess

IoGetDiskDeviceObject

ExAllocatePoolWithQuota

IoAllocateWorkItem

ExAllocatePoolWithTag

RtlVerifyVersionInfo

KeInitializeApc

KeBugCheckEx

SeOpenObjectAuditAlarm

PoRequestPowerIrp

RtlGetCallersAddress

RtlFreeUnicodeString

RtlEnumerateGenericTable

ExLocalTimeToSystemTime

IoGetDeviceInterfaces

RtlUnicodeToOemN

IoReuseIrp

RtlDeleteRegistryValue

ZwAllocateVirtualMemory

MmBuildMdlForNonPagedPool

IoStartNextPacket

MmAllocatePagesForMdl

ZwEnumerateKey

IoAcquireCancelSpinLock

RtlCopySid

IoGetLowerDeviceObject

RtlEqualUnicodeString

KeReadStateEvent

ObReferenceObjectByPointer

SeImpersonateClientEx

RtlDeleteNoSplay

ZwQueryValueKey

ObCreateObject

IoSetPartitionInformation

IoGetBootDiskInformation

FsRtlGetNextFileLock

MmQuerySystemSize

FsRtlCheckOplock

RtlInitializeSid

ZwNotifyChangeKey

SeQueryAuthenticationIdToken

ZwEnumerateValueKey

RtlRemoveUnicodePrefix

PsGetThreadProcessId

ExDeleteNPagedLookasideList

RtlOemToUnicodeN

IoGetStackLimits

RtlSetDaclSecurityDescriptor

KeInitializeTimer

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ