ExReleaseRundownProtection
ExWaitForRundownProtectionRelease
ExFreePoolWithTag
ObfDereferenceObject
PsLookupProcessByProcessId
memset
_allshl
CmUnRegisterCallback
PsSetCreateProcessNotifyRoutine
PsSetLoadImageNotifyRoutine
PsSetCreateThreadNotifyRoutine
ZwClose
PsCreateSystemThread
MmGetSystemRoutineAddress
KeInitializeEvent
ExInitializeNPagedLookasideList
KeDelayExecutionThread
KeSetEvent
_vsnwprintf
ExReInitializeRundownProtection
CmRegisterCallback
ExAllocatePoolWithTag
RtlEqualUnicodeString
RtlMultiByteToUnicodeN
PsTerminateSystemThread
KeWaitForSingleObject
RtlCopyUnicodeString
IoGetTopLevelIrp
MmIsAddressValid
PsGetCurrentThreadId
PsGetCurrentProcessId
ObQueryNameString
ExInitializeRundownProtection
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
_wcsnicmp
ZwTerminateProcess
ZwOpenProcess
RtlInitializeBitMap
ExReleaseResourceLite
RtlInsertElementGenericTableAvl
ExAcquireResourceExclusiveLite
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
ExAcquireResourceSharedLite
ObfReferenceObject
RtlInitializeGenericTableAvl
ExInitializePagedLookasideList
ExInitializeResourceLite
RtlCompareUnicodeString
memcpy
RtlImageNtHeader
KeQuerySystemTime
MmSystemRangeStart
KeRegisterBugCheckReasonCallback
ExUuidCreate
ExGetPreviousMode
MmUserProbeAddress
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwQuerySystemInformation
ZwQueryInformationFile
ZwOpenFile
_allmul
RtlTimeToTimeFields
ExSystemTimeToLocalTime
IofCompleteRequest
RtlAppendUnicodeToString
ZwCreateFile
ObReferenceObjectByHandle
IoFileObjectType
KeGetCurrentThread
ZwWriteFile
ZwDeleteFile
RtlAppendUnicodeStringToString
RtlPrefixUnicodeString
ZwWaitForSingleObject
ZwQueryDirectoryFile
ZwCreateEvent
ZwFlushKey
ZwSetValueKey
ZwOpenKey
_aulldiv
MmHighestUserAddress
RtlCaptureStackBackTrace
KeTickCount
KeBugCheckEx
InitSafeBootMode
RtlUnwind
KeLeaveCriticalRegion
ExAcquireRundownProtection
RtlInitUnicodeString
ExAcquireRundownProtectionEx
ExReleaseRundownProtectionEx
InterlockedPushEntrySList
IoCreateDevice
IoDeleteDevice
IoRegisterShutdownNotification
IoCreateSymbolicLink
IoUnregisterShutdownNotification
IoRegisterDriverReinitialization
FsRtlIsNameInExpression
RtlUnicodeStringToAnsiString
IoGetDeviceObjectPointer
ZwDeleteKey
ZwQueryValueKey
wcslen
ZwDeleteValueKey
ZwEnumerateKey
ZwEnumerateValueKey
ZwCreateKey
KeClearEvent
KeWaitForMultipleObjects
RtlGetVersion
ZwQueryInformationProcess
ObOpenObjectByPointer
PsProcessType
PsGetProcessCreateTimeQuadPart
KeUnstackDetachProcess
ProbeForRead
KeStackAttachProcess
PsGetProcessPeb
PsThreadType
PsLookupThreadByThreadId
ZwQueryInformationThread
PsIsThreadTerminating
MmUnmapLockedPages
IoFreeMdl
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
IoAllocateMdl
KeInsertQueueApc
KeInitializeApc
ZwMapViewOfSection
ZwCreateSection
ZwUnmapViewOfSection
strcmp
_stricmp
IoGetDeviceAttachmentBaseRef
IoGetRelatedDeviceObject
ZwReadFile
IoCreateFileSpecifyDeviceObjectHint
ZwSetInformationFile
memmove
RtlCompareMemory
ZwSetInformationObject
ZwQueryObject
IoAllocateIrp
IoGetBaseFileSystemDeviceObject
IoFreeIrp
IoCreateFile
ZwDuplicateObject
RtlQueryRegistryValues
KeAreApcsDisabled
ExRaiseStatus
IoVolumeDeviceToDosName
_aullshr
_strnicmp
_allshr
RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
RtlDecompressBuffer
FsRtlDissectName
RtlDeleteElementGenericTable
RtlInsertElementGenericTable
RtlLookupElementGenericTable
RtlEnumerateGenericTable
RtlInitializeGenericTable
RtlHashUnicodeString
RtlIsGenericTableEmpty
InterlockedPopEntrySList
KeEnterCriticalRegion
IoRegisterBootDriverReinitialization
