IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

FltUnregisterFilter

FltStartFiltering

FltGetFileNameInformation

FltRegisterFilter

FltEnumerateFilters

FltGetFilterInformation

FltReleaseFileNameInformation

FltGetFileNameInformationUnsafe

FltParseFileName

ExAllocatePoolWithTag

ExFreePoolWithTag

MmGetSystemRoutineAddress

PsCreateSystemThread

IofCompleteRequest

IoCreateDevice

IoCreateSymbolicLink

IoDeleteDevice

IoDeleteSymbolicLink

IoGetCurrentProcess

IoRegisterShutdownNotification

IoUnregisterShutdownNotification

EtwRegister

EtwUnregister

EtwWriteTransfer

ObfReferenceObject

ObfDereferenceObject

ZwClose

ZwOpenKey

RtlGetVersion

RtlUpcaseUnicodeString

MmGetPhysicalAddress

MmIsAddressValid

PsSetLoadImageNotifyRoutine

ZwOpenProcess

PsLookupProcessByProcessId

PsLookupThreadByThreadId

ObOpenObjectByPointer

ZwDuplicateObject

ZwQueryInformationProcess

ZwOpenThread

ObReferenceObjectByName

__C_specific_handler

PsProcessType

IoDriverObjectType

InitSafeBootMode

KeBugCheckEx

RtlAppendUnicodeToString

RtlCopyUnicodeString

RtlInitUnicodeString

_wcsicmp

wcsrchr

KeSetPriorityThread

RtlEnumerateGenericTableAvl

KeInitializeEvent

ExAcquireFastMutex

ExReleaseFastMutex

RtlCompareUnicodeString

RtlFreeUnicodeString

ExAllocatePool

MmUnlockPages

IoFreeMdl

KeStackAttachProcess

KeUnstackDetachProcess

ZwQuerySystemInformation

ObReferenceObjectByHandleWithTag

ObfDereferenceObjectWithTag

ZwOpenFile

ZwCreateSection

ZwOpenSection

ZwMapViewOfSection

ZwUnmapViewOfSection

RtlRunOnceInitialize

RtlRunOnceBeginInitialize

RtlRunOnceComplete

PsGetCurrentProcessId

ObMakeTemporaryObject

ZwQuerySecurityObject

RtlImageNtHeader

ZwQuerySection

RtlImageDirectoryEntryToData

PsInitialSystemProcess

wcscpy_s

KeEnterCriticalRegion

KeLeaveCriticalRegion

ExAcquireRundownProtection

ExAcquireRundownProtectionEx

ExReleaseRundownProtection

ExReleaseRundownProtectionEx

CmUnRegisterCallback

PsTerminateSystemThread

IoIs32bitProcess

ObUnRegisterCallbacks

PsSetCreateProcessNotifyRoutine

PsSetCreateProcessNotifyRoutineEx

PsRemoveCreateThreadNotifyRoutine

PsRemoveLoadImageNotifyRoutine

vsprintf_s

PsThreadType

ExDesktopObjectType

vDbgPrintExWithPrefix

PsGetThreadId

PsGetThreadProcessId

KeNumberProcessors

KeAcquireSpinLockRaiseToDpc

KeReleaseSpinLock

ExInitializeResourceLite

ExDeleteResourceLite

wcsstr

wcsnlen

RtlEqualUnicodeString

ProbeForRead

PsGetCurrentThreadTeb

wcsncat_s

KeSetEvent

KeWaitForSingleObject

ExRaiseStatus

IoAllocateIrp

IofCallDriver

IoCreateFile

IoFreeIrp

ObReferenceObjectByHandle

ZwCreateFile

ZwQueryInformationFile

ZwSetInformationFile

ZwReadFile

ZwWriteFile

ZwOpenSymbolicLinkObject

ZwQuerySymbolicLinkObject

IoGetFileObjectGenericMapping

ZwDeleteFile

ObCreateObject

SeCreateAccessState

IoFileObjectType

MmMapIoSpace

MmUnmapIoSpace

ZwQueryVirtualMemory

KeClearEvent

ExAllocatePoolWithQuotaTag

ExGetPreviousMode

ObCloseHandle

PsGetProcessId

SeLocateProcessImageName

PsGetThreadProcess

ObInsertObject

PsReferenceProcessFilePointer

ZwFlushInstructionCache

MmUserProbeAddress

ZwCreateKey

ZwDeleteKey

ZwSetValueKey

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ