PsSetCreateProcessNotifyRoutine
ExFreePool
wcsrchr
_wcslwr
MmIsAddressValid
wcsncpy
wcsstr
ExAllocatePoolWithTag
ZwMapViewOfSection
ZwCreateSection
ZwCreateFile
strncmp
IoGetCurrentProcess
strncpy
IoCreateFile
PsGetVersion
MmGetSystemRoutineAddress
_stricmp
PsLookupProcessByProcessId
ZwUnmapViewOfSection
swprintf
wcslen
IoDeleteDevice
KeInitializeSpinLock
KeInitializeEvent
IoCreateSymbolicLink
IoCreateDevice
MmUnmapIoSpace
MmMapIoSpace
MmGetPhysicalAddress
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
MmUnlockPages
ZwQueryInformationFile
ZwReadFile
ZwWriteFile
IofCallDriver
IoGetRelatedDeviceObject
sprintf
ObReferenceObjectByName
IoDriverObjectType
KeServiceDescriptorTable
IoGetBaseFileSystemDeviceObject
InterlockedIncrement
InterlockedDecrement
_allmul
ZwOpenKey
ZwCreateKey
ZwOpenFile
RtlCopyUnicodeString
wcscat
wcscpy
IoFileObjectType
IoDeviceObjectType
ZwQuerySystemInformation
strstr
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
NlsMbCodePageTag
RtlInitAnsiString
MmSystemRangeStart
wcscmp
strncat
wcsncat
ZwSetInformationFile
RtlCompareUnicodeString
PsLookupThreadByThreadId
KeBugCheckEx
KeCancelTimer
KeSetEvent
KeInsertQueueApc
KeInitializeApc
ZwFreeVirtualMemory
ZwAllocateVirtualMemory
ZwOpenProcess
KeUnstackDetachProcess
IoFreeIrp
KeGetCurrentThread
IoAllocateIrp
wcstombs
IoCancelIrp
KeDetachProcess
KeAttachProcess
memmove
ZwOpenSymbolicLinkObject
KeClearEvent
KdDisableDebugger
KdDebuggerEnabled
KeBugCheck
ProbeForRead
_except_handler3
PsCreateSystemThread
PsThreadType
ObReferenceObjectByHandle
KeWaitForSingleObject
ObfDereferenceObject
ZwClose
atoi
KeDelayExecutionThread
PsTerminateSystemThread
RtlInitUnicodeString
IoCreateNotificationEvent
IofCompleteRequest
ZwSetValueKey
DbgPrint
