ExReleaseRundownProtection
ExWaitForRundownProtectionRelease
MmProbeAndLockPages
MmUnlockPages
MmGetSystemRoutineAddress
MmMapLockedPagesSpecifyCache
PsCreateSystemThread
PsTerminateSystemThread
IoAllocateMdl
IoFreeMdl
IoGetCurrentProcess
IoCsqInitialize
IoCsqInsertIrp
IoCsqRemoveNextIrp
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
KeStackAttachProcess
KeUnstackDetachProcess
IoGetRequestorProcess
__C_specific_handler
PsThreadType
RtlGetVersion
IoRegisterBootDriverReinitialization
IoRegisterDriverReinitialization
NtBuildNumber
ExAllocatePoolWithTag
ExFreePoolWithTag
ExInitializePagedLookasideList
ExDeletePagedLookasideList
KeResetEvent
MmBuildMdlForNonPagedPool
MmUnmapLockedPages
ExEventObjectType
wcschr
wcsncmp
ProbeForWrite
ExGetPreviousMode
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
ExRaiseAccessViolation
MmIsAddressValid
PsGetProcessId
ZwOpenProcess
PsLookupProcessByProcessId
ObOpenObjectByPointer
ObQueryNameString
PsGetProcessPeb
ZwQueryInformationProcess
IoFileObjectType
PsProcessType
MmUserProbeAddress
PsSetCreateProcessNotifyRoutine
PsSetCreateThreadNotifyRoutine
PsSetLoadImageNotifyRoutine
ZwOpenKey
ZwSetValueKey
PsGetCurrentProcessId
RtlCompareUnicodeString
ZwOpenFile
PsGetCurrentThreadId
_snprintf
qsort
wcsncpy
wcsrchr
_wcsicmp
_wcsnicmp
_wcslwr
RtlCopyUnicodeString
KeDelayExecutionThread
ExQueueWorkItem
ExAcquireRundownProtection
IoAllocateWorkItem
IoFreeWorkItem
IoQueueWorkItem
ObfReferenceObject
ZwCreateFile
ZwQueryValueKey
ZwTerminateProcess
PsIsThreadTerminating
FsRtlIsNameInExpression
ZwQueryDirectoryFile
KeInitializeApc
KeInsertQueueApc
ZwQuerySystemInformation
RtlPrefixUnicodeString
strchr
_strnicmp
strrchr
_vsnprintf
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
strncpy
RtlWalkFrameChain
strncmp
IoGetDeviceObjectPointer
_vsnwprintf
RtlUpcaseUnicodeChar
ZwQueryInformationFile
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
RtlCompareMemory
ZwReadFile
ZwWaitForSingleObject
KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
KeAreApcsDisabled
IoBuildDeviceIoControlRequest
IofCallDriver
IoCreateFile
IoGetTopLevelIrp
IoQueryFileInformation
FsRtlInsertPerStreamContext
FsRtlLookupPerStreamContextInternal
RtlQueryRegistryValues
CmRegisterCallback
ZwDeleteKey
ObReferenceObjectByName
IoDriverObjectType
KeClearEvent
IoAllocateIrp
IoQueueThreadIrp
IoFreeIrp
MmAllocatePagesForMdl
MmFreePagesFromMdl
MmSystemRangeStart
IoGetFileObjectGenericMapping
ObInsertObject
SeCreateAccessState
ObCreateObject
PsLookupThreadByThreadId
ZwDuplicateObject
ZwQueryInformationThread
IoDeviceObjectType
ExInitializeRundownProtection
ExDeleteResourceLite
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
ExAcquireResourceSharedLite
ExInitializeResourceLite
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
ExQueryDepthSList
ExReleaseFastMutex
ExAcquireFastMutex
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
KeWaitForSingleObject
KeWaitForMultipleObjects
KeLeaveCriticalRegion
KeEnterCriticalRegion
KeSetPriorityThread
KeSetEvent
KeInitializeEvent
ZwSetSecurityObject
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwCreateKey
RtlFreeUnicodeString
RtlInitUnicodeString
towlower
MmProtectMdlSystemAddress
KeBugCheckEx
ExFreePool
MmMapIoSpace
MmUnmapIoSpace
MmGetPhysicalAddress
