IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

PsRemoveLoadImageNotifyRoutine

ExpInterlockedPushEntrySList

ExpInterlockedPopEntrySList

ExDeletePagedLookasideList

ExQueryDepthSList

ExInitializePagedLookasideList

KeSetEvent

KeWaitForSingleObject

IoDeleteSymbolicLink

IoDeleteDevice

InitSafeBootMode

IoCreateSymbolicLink

IoCreateDevice

IoAcquireRemoveLockEx

IoReleaseRemoveLockEx

MmUnmapLockedPages

RtlAnsiStringToUnicodeString

ZwReadFile

KeInitializeApc

KeInsertQueueApc

IoCreateFile

RtlInitAnsiString

RtlUnicodeStringToAnsiString

IoIs32bitProcess

MmProtectMdlSystemAddress

RtlEqualUnicodeString

IoFreeMdl

RtlImageDirectoryEntryToData

ZwSetInformationFile

RtlFreeUnicodeString

ZwCreateFile

PsCreateSystemThread

MmMapLockedPagesSpecifyCache

PsTerminateSystemThread

ZwFreeVirtualMemory

RtlRandomEx

RtlFreeAnsiString

MmProbeAndLockPages

PsThreadType

RtlCompareMemory

MmUnlockPages

ZwOpenFile

RtlImageNtHeader

ZwQueryInformationFile

ZwWriteFile

IoAllocateMdl

ZwAllocateVirtualMemory

RtlGetVersion

ZwDeleteValueKey

ZwSetValueKey

ZwQueryValueKey

RtlCompareUnicodeString

ExAcquireResourceExclusiveLite

KeLeaveCriticalRegion

ExGetPreviousMode

PsSetCreateProcessNotifyRoutine

ObQueryNameString

ExAcquireResourceSharedLite

ExReleaseResourceLite

RtlPrefixUnicodeString

IofCompleteRequest

ZwDeviceIoControlFile

ObfReferenceObject

CmRegisterCallbackEx

_vsnwprintf

CmUnRegisterCallback

KeDelayExecutionThread

KeQueryTimeIncrement

ProbeForWrite

PsGetProcessInheritedFromUniqueProcessId

ZwOpenProcess

PsGetProcessWow64Process

MmSystemRangeStart

RtlSetDaclSecurityDescriptor

ExUnregisterCallback

IoRegisterShutdownNotification

ExRegisterCallback

ExCreateCallback

PsGetProcessCreateTimeQuadPart

RtlCopyUnicodeString

KeResetEvent

KeReleaseSpinLock

KeReleaseMutex

KeAcquireSpinLockRaiseToDpc

IoFreeWorkItem

IoAllocateWorkItem

IoReleaseRemoveLockAndWaitEx

IoInitializeRemoveLockEx

IoQueueWorkItem

RtlInitString

MmBuildMdlForNonPagedPool

RtlEqualString

KeBugCheckEx

PsSetLoadImageNotifyRoutine

PsGetCurrentProcessId

ZwOpenKey

PsGetCurrentThreadId

ObReferenceObjectByHandle

IoGetCurrentProcess

IoGetDeviceObjectPointer

MmUserProbeAddress

IoVolumeDeviceToDosName

KeUnstackDetachProcess

ZwQuerySystemInformation

RtlQueryRegistryValues

MmGetSystemRoutineAddress

RtlInitUnicodeString

_wcsnicmp

PsLookupProcessByProcessId

ExFreePoolWithTag

ExRaiseStatus

ProbeForRead

ObOpenObjectByName

ZwCreateKey

KeInitializeEvent

RtlAppendUnicodeToString

ExAcquireFastMutex

ExReleaseFastMutex

ExInitializeResourceLite

ExDeleteResourceLite

RtlHashUnicodeString

KeStackAttachProcess

ObOpenObjectByPointer

ObfDereferenceObject

MmIsAddressValid

ZwQueryInformationProcess

RtlAppendUnicodeStringToString

KeEnterCriticalRegion

ZwClose

wcslen

ZwEnumerateValueKey

ZwEnumerateKey

strlen

ZwMapViewOfSection

ZwUnmapViewOfSection

strcmp

ZwCreateSection

FsRtlIsNameInExpression

towupper

PsProcessType

IoGetTopLevelIrp

PsLookupThreadByThreadId

KeAreApcsDisabled

RtlDeleteElementGenericTable

RtlLookupElementGenericTable

RtlEnumerateGenericTable

RtlIsGenericTableEmpty

RtlInitializeGenericTable

RtlInsertElementGenericTable

PsIsThreadTerminating

RtlCompressBuffer

RtlDecompressBuffer

RtlGetCompressionWorkSpaceSize

RtlDeleteElementGenericTableAvl

RtlInsertElementGenericTableAvl

RtlInitializeGenericTableAvl

RtlLookupElementGenericTableAvl

FsRtlDissectName

ExAllocatePoolWithTag

wcsncpy

_stricmp

__C_specific_handler

_local_unwind

NdisFreeNetBufferListPool

NdisAllocateNetBufferListPool

NdisAllocateGenericObject

NdisFreeGenericObject

FltDeletePushLock

FltGetFileNameInformationUnsafe

FltCloseClientPort

FltStartFiltering

FltRegisterFilter

FltBuildDefaultSecurityDescriptor

FltCloseCommunicationPort

FltUnregisterFilter

FltFreeSecurityDescriptor

FltCreateCommunicationPort

FltAcquirePushLockExclusive

FltInitializePushLock

FltReleasePushLock

FltAcquirePushLockShared

FltSendMessage

FltReleaseFileNameInformation

FwpmBfeStateUnsubscribeChanges0

FwpsInjectionHandleDestroy0

FwpsInjectionHandleCreate0

FwpmTransactionCommit0

FwpmCalloutAdd0

FwpmBfeStateSubscribeChanges0

FwpsCalloutUnregisterById0

FwpmTransactionAbort0

FwpmEngineOpen0

FwpmFilterAdd0

FwpsCalloutRegister1

FwpmTransactionBegin0

FwpmEngineClose0

FwpsFreeNetBufferList0

FwpsStreamInjectAsync0

FwpsCopyStreamDataToBuffer0

FwpmBfeStateGet0

FwpsAllocateNetBufferAndNetBufferList0

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ