IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

IoUnregisterFileSystem

ZwOpenKey

ZwLoadDriver

SeAppendPrivileges

RtlInitString

RtlInsertUnicodePrefix

IoGetCurrentProcess

FsRtlIsNameInExpression

CcMdlRead

MmAllocateMappingAddress

IoUpdateShareAccess

MmUnlockPagableImageSection

KeAttachProcess

PsImpersonateClient

ZwFsControlFile

KeRundownQueue

FsRtlNotifyInitializeSync

IoAllocateErrorLogEntry

KeInitializeDeviceQueue

KeSetTimer

RtlWriteRegistryValue

RtlEqualString

KeInsertQueueDpc

CcFastMdlReadWait

IoSetDeviceInterfaceState

PoStartNextPowerIrp

SeReleaseSubjectContext

IoSetDeviceToVerify

IoCsqRemoveIrp

RtlDeleteRegistryValue

ZwSetSecurityObject

CcInitializeCacheMap

MmUnsecureVirtualMemory

IoQueryFileDosDeviceName

IoAllocateMdl

ObOpenObjectByPointer

ExSetTimerResolution

IoRegisterDeviceInterface

ObInsertObject

KeSetTargetProcessorDpc

KeReleaseMutex

SeFilterToken

ExGetExclusiveWaiterCount

IoGetRelatedDeviceObject

KeRemoveEntryDeviceQueue

ZwQueryInformationFile

RtlAnsiStringToUnicodeString

ExAllocatePoolWithQuota

FsRtlDeregisterUncProvider

RtlClearBits

PsGetCurrentThreadId

RtlLengthRequiredSid

RtlOemToUnicodeN

ZwPowerInformation

RtlTimeToSecondsSince1970

RtlNtStatusToDosError

SeImpersonateClientEx

RtlInitUnicodeString

KeUnstackDetachProcess

IoAcquireVpbSpinLock

ExRaiseDatatypeMisalignment

KeReadStateMutex

ZwOpenProcess

ObReferenceObjectByPointer

IoRequestDeviceEject

ExDeletePagedLookasideList

RtlCreateSecurityDescriptor

RtlUpcaseUnicodeChar

PsRevertToSelf

ExSystemTimeToLocalTime

ProbeForRead

KeInitializeEvent

IoGetDriverObjectExtension

CcRepinBcb

ZwCreateFile

ZwWriteFile

MmCanFileBeTruncated

IofCompleteRequest

ZwDeleteValueKey

MmUnmapIoSpace

KeFlushQueuedDpcs

CcFastCopyWrite

FsRtlFreeFileLock

RtlxUnicodeStringToAnsiSize

PsReferencePrimaryToken

PoRequestPowerIrp

SeSetSecurityDescriptorInfo

RtlUpperString

KeSetTimerEx

SeOpenObjectAuditAlarm

MmAddVerifierThunks

RtlStringFromGUID

RtlVolumeDeviceToDosName

SeDeleteObjectAuditAlarm

FsRtlCheckOplock

MmGetSystemRoutineAddress

RtlCopySid

ExNotifyCallback

MmFreePagesFromMdl

RtlClearAllBits

ExInitializeResourceLite

IoGetRequestorProcess

HalExamineMBR

MmUnmapReservedMapping

RtlIntegerToUnicodeString

IoFreeController

RtlSubAuthoritySid

RtlFindLongestRunClear

KeSynchronizeExecution

SeQueryInformationToken

MmMapIoSpace

MmIsThisAnNtAsSystem

RtlExtendedIntegerMultiply

CcIsThereDirtyData

KeInitializeTimerEx

ExVerifySuite

MmSetAddressRangeModified

RtlCreateUnicodeString

RtlOemStringToUnicodeString

ZwQueryVolumeInformationFile

IoAcquireCancelSpinLock

MmFreeContiguousMemory

IoDisconnectInterrupt

CcPreparePinWrite

RtlFindClearBits

IoMakeAssociatedIrp

IoCreateDevice

PoUnregisterSystemState

KeReleaseSemaphore

ExRegisterCallback

RtlInitializeBitMap

FsRtlCheckLockForWriteAccess

ObfDereferenceObject

ObReferenceObjectByHandle

KdEnableDebugger

RtlAppendStringToString

DbgPrompt

KeEnterCriticalRegion

KeRemoveQueueDpc

PsCreateSystemThread

RtlUnicodeStringToInteger

KeRemoveByKeyDeviceQueue

RtlIsNameLegalDOS8Dot3

ZwOpenFile

RtlDeleteElementGenericTable

ExLocalTimeToSystemTime

KeWaitForMultipleObjects

FsRtlIsTotalDeviceFailure

IoQueryDeviceDescription

RtlGUIDFromString

RtlCopyUnicodeString

IoCancelIrp

PsGetProcessExitTime

MmAllocatePagesForMdl

KeDetachProcess

RtlHashUnicodeString

IoInitializeIrp

RtlRemoveUnicodePrefix

RtlQueryRegistryValues

RtlFreeOemString

RtlInitializeSid

SeCreateClientSecurity

CcPinRead

SeSinglePrivilegeCheck

KeInitializeTimer

MmFreeNonCachedMemory

KeInsertHeadQueue

KeDelayExecutionThread

ZwCreateKey

ObfReferenceObject

MmHighestUserAddress

RtlUpperChar

RtlCompareMemory

SeValidSecurityDescriptor

CcUnpinData

KeQueryInterruptTime

RtlMapGenericMask

IoAllocateWorkItem

RtlInitializeUnicodePrefix

KeRemoveDeviceQueue

KeSetSystemAffinityThread

CcPurgeCacheSection

RtlDelete

FsRtlIsHpfsDbcsLegal

SePrivilegeCheck

RtlNumberOfClearBits

IofCallDriver

IoDeleteDevice

CcUnpinRepinnedBcb

CcUnpinDataForThread

MmProbeAndLockPages

IoGetDeviceAttachmentBaseRef

RtlFindSetBits

ZwSetVolumeInformationFile

KeRemoveQueue

RtlUnicodeStringToAnsiString

CcSetDirtyPinnedData

ExReinitializeResourceLite

ExAcquireResourceSharedLite

IoReleaseVpbSpinLock

KeDeregisterBugCheckCallback

ExAllocatePoolWithQuotaTag

KeSetBasePriorityThread

IoGetDeviceProperty

FsRtlCheckLockForReadAccess

KeInitializeSpinLock

MmFreeMappingAddress

PsSetLoadImageNotifyRoutine

IoSetTopLevelIrp

KeGetCurrentThread

KeInsertByKeyDeviceQueue

PoCallDriver

MmQuerySystemSize

RtlLengthSecurityDescriptor

IoStartPacket

IoConnectInterrupt

CcSetReadAheadGranularity

ObCreateObject

KeRegisterBugCheckCallback

ExFreePoolWithTag

PsChargeProcessPoolQuota

IoCreateSynchronizationEvent

PoRegisterSystemState

IoReadDiskSignature

IoRemoveShareAccess

KeLeaveCriticalRegion

IoCheckQuotaBufferValidity

IoCreateStreamFileObject

IoReleaseCancelSpinLock

KeQuerySystemTime

IoVerifyVolume

RtlEqualSid

IoFreeIrp

RtlFindClearRuns

MmIsDriverVerifying

ZwDeviceIoControlFile

ZwEnumerateValueKey

PsGetThreadProcessId

ZwCreateDirectoryObject

KeRevertToUserAffinityThread

RtlGenerate8dot3Name

IoQueryFileInformation

SeTokenIsAdmin

RtlVerifyVersionInfo

RtlCopyString

ObQueryNameString

ZwSetValueKey

KdDisableDebugger

PsLookupProcessByProcessId

RtlSetBits

CcCanIWrite

RtlDeleteNoSplay

KeInitializeQueue

ZwMakeTemporaryObject

CcGetFileObjectFromBcb

RtlUnicodeStringToOemString

FsRtlLookupLastLargeMcbEntry

CcSetFileSizes

KeCancelTimer

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ