IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

ExQueueWorkItem

ExAllocatePoolWithTag

IoBuildDeviceIoControlRequest

ExFreePoolWithTag

ExReleaseFastMutex

ExAcquireFastMutex

RtlInitUnicodeString

IoDeleteDevice

KeSetEvent

MmGetSystemRoutineAddress

RtlAppendUnicodeToString

KeInitializeEvent

ZwSetValueKey

IoDetachDevice

RtlEqualUnicodeString

KeDelayExecutionThread

ObQueryNameString

strncpy

IoGetDeviceObjectPointer

ZwQueryValueKey

ZwClose

RtlAppendUnicodeStringToString

IofCompleteRequest

KeWaitForSingleObject

IoAttachDeviceToDeviceStack

PsGetVersion

RtlCompareUnicodeString

ObfReferenceObject

IoCreateSymbolicLink

PsGetCurrentProcessId

RtlCopyUnicodeString

ObfDereferenceObject

IoCreateDevice

ExAllocatePoolWithTagPriority

DbgPrint

IoRegisterFsRegistrationChange

IofCallDriver

ZwOpenKey

PsSetCreateThreadNotifyRoutine

RtlUnicodeStringToAnsiString

IoIs32bitProcess

KeInitializeTimer

PsCreateSystemThread

PsTerminateSystemThread

PsSetCreateProcessNotifyRoutineEx

RtlFreeAnsiString

ZwOpenProcess

_wcsicmp

ZwQuerySymbolicLinkObject

_wcsnicmp

wcsncpy

ExpInterlockedPushEntrySList

ExpInterlockedPopEntrySList

ZwOpenSymbolicLinkObject

_wcslwr

ZwCreateFile

ExAllocatePool

ExQueryDepthSList

ZwQueryVolumeInformationFile

ZwQuerySystemInformation

wcsrchr

wcschr

wcsncmp

_stricmp

_strnicmp

_strlwr

PsLookupProcessByProcessId

strstr

ZwMapViewOfSection

strchr

KeReleaseSpinLock

KeUnstackDetachProcess

IoFileObjectType

ExEventObjectType

ObReferenceObjectByHandle

strrchr

ZwCreateSection

ZwOpenFile

KeStackAttachProcess

KeAcquireSpinLockRaiseToDpc

PsProcessType

ObRegisterCallbacks

_snwprintf

ObGetFilterVersion

PsGetProcessId

strncmp

RtlVolumeDeviceToDosName

IoFreeIrp

IoAllocateIrp

IoGetTopLevelIrp

RtlAnsiStringToUnicodeString

ZwReadFile

IoCreateFile

_snprintf

ZwSetInformationFile

ExSystemTimeToLocalTime

KeQueryTimeIncrement

RtlTimeToTimeFields

ZwQueryInformationProcess

PsGetCurrentThreadId

MmIsAddressValid

ZwQueryInformationFile

ZwWriteFile

ExInitializeNPagedLookasideList

RtlInitAnsiString

RtlFreeUnicodeString

ExInitializePagedLookasideList

ZwCreateKey

ZwDeleteValueKey

ZwFlushKey

ZwDeleteKey

IoGetCurrentProcess

RtlStringFromGUID

KeBugCheckEx

KeClearEvent

IoCreateSynchronizationEvent

ExFreePool

ZwUnmapViewOfSection

__C_specific_handler

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ