FsRtlIsNameInExpression
PsGetProcessImageFileName
ZwQueryInformationProcess
__C_specific_handler
strchr
RtlAppendUnicodeToString
KeInitializeSemaphore
KeReleaseSemaphore
KeWaitForSingleObject
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
PsCreateSystemThread
PsTerminateSystemThread
ZwQueryInformationFile
ZwWriteFile
PsGetCurrentThreadId
ZwDeleteFile
_vsnprintf
PsThreadType
PsSetCreateProcessNotifyRoutine
PsGetProcessSessionId
RtlAppendUnicodeStringToString
ZwDeleteValueKey
ZwSetValueKey
towupper
RtlIntegerToUnicodeString
KeInitializeEvent
KeSetEvent
KeAcquireSpinLockAtDpcLevel
KeReleaseSpinLockFromDpcLevel
MmProbeAndLockPages
IoAllocateIrp
IoAllocateMdl
IofCallDriver
IoFreeIrp
IoFreeMdl
IoGetDeviceObjectPointer
IoGetRelatedDeviceObject
ObCloseHandle
ObfReferenceObject
ZwSetInformationFile
ZwReadFile
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
IoCreateFileSpecifyDeviceObjectHint
IoGetDeviceAttachmentBaseRef
FsRtlGetFileSize
ObQueryNameString
IoFileObjectType
KeReadStateEvent
ExQueueWorkItem
ExGetPreviousMode
MmGetSystemRoutineAddress
NtOpenProcess
ZwCreateEvent
ZwWaitForSingleObject
ZwSetEvent
NtQuerySystemInformation
ExEventObjectType
NtBuildNumber
ZwDeleteKey
ObReferenceObjectByName
IoDriverObjectType
MmIsDriverVerifying
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
RtlSetDaclSecurityDescriptor
MmMapLockedPagesSpecifyCache
PsGetProcessId
IoThreadToProcess
PsGetCurrentProcessSessionId
ZwTerminateProcess
KeStackAttachProcess
KeUnstackDetachProcess
ZwOpenThread
PsProcessType
ExInterlockedInsertHeadList
ExInterlockedRemoveHeadList
CmRegisterCallback
CmUnRegisterCallback
RtlCreateRegistryKey
ZwOpenKey
ZwEnumerateKey
ZwQueryKey
ZwQueryValueKey
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
ProbeForWrite
PsSetLoadImageNotifyRoutine
PsRemoveLoadImageNotifyRoutine
PsGetProcessSectionBaseAddress
MmSystemRangeStart
KeBugCheckEx
PsLookupProcessByProcessId
ZwOpenProcess
PsGetCurrentProcessId
RtlUpcaseUnicodeString
RtlUpperString
ZwClose
ZwCreateFile
ObfDereferenceObject
ObReferenceObjectByHandle
ProbeForRead
ExFreePoolWithTag
ExAllocatePoolWithTag
KeDelayExecutionThread
RtlGetVersion
DbgPrint
RtlCopyUnicodeString
RtlInitUnicodeString
wcsstr
ZwQuerySystemInformation
strstr
