RtlInitUnicodeString
RtlGetVersion
ZwCreateFile
ZwClose
RtlCopyUnicodeString
DbgPrint
ExAllocatePool
ExFreePoolWithTag
ExInitializeNPagedLookasideList
PsCreateSystemThread
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoGetCurrentProcess
IoRegisterShutdownNotification
MmIsAddressValid
PsSetLoadImageNotifyRoutine
_snwprintf
_strlwr
RtlInitAnsiString
RtlQueryRegistryValues
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
ZwOpenKey
ZwQueryValueKey
strstr
_strupr
wcsncat
wcsncmp
wcsncpy
wcsrchr
wcsstr
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
RtlTimeToTimeFields
KeInitializeEvent
KeDelayExecutionThread
KeWaitForSingleObject
ExSystemTimeToLocalTime
PsGetVersion
IofCompleteRequest
ZwQueryInformationFile
ZwReadFile
ZwWriteFile
sprintf
swprintf
rand
srand
ZwDeleteFile
ProbeForRead
PsTerminateSystemThread
ObfDereferenceObject
ObReferenceObjectByName
IoDriverObjectType
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
ExQueryDepthSList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExDeleteNPagedLookasideList
strncpy
_vsnprintf
ExAllocatePoolWithTag
RtlInitString
ZwOpenFile
ZwCreateSection
ZwMapViewOfSection
RtlCompareString
PsGetCurrentProcessId
PsLookupProcessByProcessId
RtlImageNtHeader
PsGetProcessPeb
__C_specific_handler
strchr
_wcsupr
RtlWriteRegistryValue
RtlDeleteRegistryValue
RtlAppendUnicodeStringToString
ZwCreateKey
ZwDeleteKey
ZwEnumerateKey
ZwEnumerateValueKey
ZwQueryKey
atoi
mbstowcs
_strnicmp
strrchr
ZwSetInformationFile
strncmp
_snprintf
KeSetEvent
ObfReferenceObject
MmProbeAndLockPages
IoAllocateIrp
IoAllocateMdl
IoBuildDeviceIoControlRequest
IofCallDriver
IoFreeIrp
IoFreeMdl
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
RtlCompareUnicodeString
MmGetSystemRoutineAddress
IoCreateFile
IoGetFileObjectGenericMapping
ObQueryNameString
ZwOpenDirectoryObject
ObCreateObject
SeCreateAccessState
wcscmp
IoFileObjectType
PsThreadType
RtlAppendUnicodeToString
RtlCompareMemory
IoUnregisterShutdownNotification
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
PsSetCreateProcessNotifyRoutine
PsSetCreateProcessNotifyRoutineEx
ZwOpenProcess
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
ZwQueryDirectoryFile
_wcsicmp
_wcslwr
IoGetDeviceObjectPointer
IoStopTimer
PsRemoveLoadImageNotifyRoutine
IoGetDeviceAttachmentBaseRef
_stricmp
NtOpenProcess
ZwQueryObject
ZwDuplicateObject
PsLookupThreadByThreadId
ZwOpenThread
ZwUnmapViewOfSection
KeStackAttachProcess
KeUnstackDetachProcess
ZwAllocateVirtualMemory
PsIsThreadTerminating
KeInitializeApc
KeInsertQueueApc
CmRegisterCallback
CmUnRegisterCallback
KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
KeClearEvent
KeBugCheckEx
KeRevertToUserAffinityThread
KeSetSystemAffinityThread
KeCancelTimer
KeNumberProcessors
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
