memcpy
PsGetCurrentThreadId
PsGetCurrentProcessId
_purecall
KeDelayExecutionThread
KeIsExecutingDpc
KeInitializeEvent
_vsnprintf
_vsnwprintf
memmove
towlower
memset
wcschr
_wcslwr
RtlAnsiStringToUnicodeString
RtlUnicodeStringToAnsiString
isspace
_wcsicmp
_stricmp
isdigit
_allmul
isxdigit
RtlCopyUnicodeString
RtlAppendUnicodeToString
ZwClose
ZwWaitForSingleObject
KeSetEvent
ZwEnumerateValueKey
ZwOpenKey
ZwEnumerateKey
KeWaitForSingleObject
PsCreateSystemThread
RtlUnicodeStringToInteger
tolower
toupper
ZwQueryValueKey
RtlInitUnicodeString
strchr
ZwQueryInformationProcess
ZwOpenProcess
RtlTimeToTimeFields
ObfDereferenceObject
IoFileObjectType
_except_handler3
ZwQueryKey
CmUnRegisterCallback
RtlPrefixUnicodeString
CmRegisterCallback
MmGetSystemRoutineAddress
PsGetVersion
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
IoAllocateMdl
IoFreeMdl
MmUnmapLockedPages
KeServiceDescriptorTable
KeStackAttachProcess
KeUnstackDetachProcess
ZwWriteFile
ZwCreateFile
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
_alldiv
PsProcessType
ProbeForRead
PsLookupProcessByProcessId
RtlCharToInteger
ZwReadFile
ZwFsControlFile
ZwOpenFile
ZwAllocateVirtualMemory
ZwSetInformationFile
ZwSetValueKey
NtClose
ObReferenceObjectByHandle
RtlAppendUnicodeStringToString
ZwQueryInformationFile
RtlGetVersion
MmIsAddressValid
RtlCompareMemory
strstr
ExFreePoolWithTag
_strlwr
ExAllocatePoolWithTag
KeTickCount
wcsstr
KeQuerySystemTime
ObReferenceObjectByPointer
isprint
ZwQuerySystemInformation
ObQueryNameString
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
ZwOpenDirectoryObject
ZwQueryObject
IofCompleteRequest
MmUnlockPages
MmProtectMdlSystemAddress
IoDeleteSymbolicLink
ZwCreateKey
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
