IoGetCurrentProcess
PsInitialSystemProcess
IoGetDeviceObjectPointer
RtlCompareUnicodeString
ProbeForRead
ExReleaseFastMutex
ExAcquireFastMutex
ProbeForWrite
KeInitializeEvent
PsSetCreateProcessNotifyRoutine
RtlCopyUnicodeString
ExAcquireResourceExclusiveLite
KeLeaveCriticalRegion
RtlDeleteElementGenericTable
KeEnterCriticalRegion
ExAcquireResourceSharedLite
ExReleaseResourceLite
RtlLookupElementGenericTable
RtlEnumerateGenericTable
RtlCompareMemory
ExDeleteResourceLite
ExInitializeResourceLite
RtlInitializeGenericTable
RtlInsertElementGenericTable
ObQueryNameString
CmRegisterCallback
MmHighestUserAddress
ZwFreeVirtualMemory
PsGetCurrentThreadId
PsLookupThreadByThreadId
ZwAllocateVirtualMemory
RtlAppendUnicodeStringToString
MmSystemRangeStart
PsSetLoadImageNotifyRoutine
PsRemoveLoadImageNotifyRoutine
RtlUpcaseUnicodeString
wcsnlen
wcschr
ZwCreateKey
ZwDeleteValueKey
ZwSetValueKey
ZwQueryValueKey
RtlCompressBuffer
RtlDecompressBuffer
ZwOpenKey
RtlGetCompressionWorkSpaceSize
RtlIntegerToUnicodeString
ExSystemTimeToLocalTime
RtlTimeToTimeFields
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
ExDeletePagedLookasideList
ExQueryDepthSList
ExInitializePagedLookasideList
RtlAppendUnicodeToString
CmUnRegisterCallback
_strnicmp
ZwQuerySystemInformation
PsGetProcessId
ZwDeleteFile
ZwQueryInformationFile
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
ZwOpenFile
_wcsicmp
RtlCreateUnicodeString
wcsncpy
wcsncmp
RtlGetVersion
PsCreateSystemThread
RtlUnicodeStringToInteger
ZwEnumerateKey
ZwQueryKey
KeDelayExecutionThread
wcsrchr
PsTerminateSystemThread
RtlImageNtHeader
ExInitializeRundownProtection
PsIsSystemThread
MmMapLockedPagesSpecifyCache
IoGetTopLevelIrp
RtlPrefixUnicodeString
ExWaitForRundownProtectionRelease
ExAcquireRundownProtection
KeResetEvent
ZwQuerySymbolicLinkObject
KeSetEvent
ExReleaseRundownProtection
KeReleaseSpinLock
ZwOpenSymbolicLinkObject
ZwSetInformationThread
KeWaitForSingleObject
KeAcquireSpinLockRaiseToDpc
KeInitializeSemaphore
KeReleaseSemaphore
KeWaitForMultipleObjects
ZwQueryInformationProcess
ObOpenObjectByPointer
PsGetProcessPeb
PsGetProcessCreateTimeQuadPart
KeUnstackDetachProcess
PsGetVersion
ObfReferenceObject
PsGetProcessExitTime
KeStackAttachProcess
RtlQueryRegistryValues
MmUserProbeAddress
RtlWalkFrameChain
PsSetCreateThreadNotifyRoutine
RtlSetBit
RtlTestBit
RtlCaptureStackBackTrace
_wcsnicmp
CmKeyObjectType
IoFileObjectType
KeBugCheckEx
ZwWriteFile
PsGetThreadProcessId
ObfDereferenceObject
PsThreadType
ObReferenceObjectByHandle
PsGetProcessInheritedFromUniqueProcessId
_vsnprintf
RtlHashUnicodeString
RtlEqualUnicodeString
RtlInitAnsiString
ExGetPreviousMode
ZwReadFile
PsLookupProcessByProcessId
PsProcessType
IoThreadToProcess
IoCreateDevice
PsGetCurrentProcessId
IoCreateSymbolicLink
ZwDeviceIoControlFile
IofCompleteRequest
ZwClose
_vsnwprintf
InitSafeBootMode
ZwCreateFile
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
IoRegisterShutdownNotification
ExFreePoolWithTag
ZwSetInformationFile
MmUnmapLockedPages
KeInitializeApc
KeInsertQueueApc
IoFreeMdl
MmProbeAndLockPages
PsIsThreadTerminating
MmUnlockPages
MmIsAddressValid
IoAllocateMdl
vDbgPrintEx
FsRtlIsDbcsInExpression
RtlUnicodeStringToAnsiString
FsRtlIsNameInExpression
RtlFreeAnsiString
PsGetCurrentThreadTeb
wcslen
ZwEnumerateValueKey
IoGetBaseFileSystemDeviceObject
IoCreateFile
ZwQueryObject
ZwDuplicateObject
IoFreeIrp
IoAllocateIrp
ZwOpenProcess
ZwSetInformationObject
_stricmp
ExRaiseStatus
KeAreApcsDisabled
ZwMapViewOfSection
IoVolumeDeviceToDosName
ZwUnmapViewOfSection
ExRaiseDatatypeMisalignment
ZwCreateSection
strlen
strcmp
RtlIsGenericTableEmpty
RtlDeleteElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlLookupElementGenericTableAvl
FsRtlDissectName
ExAllocatePoolWithTag
__C_specific_handler
_local_unwind
