IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

ZwFsControlFile

ZwReadFile

KeSetPriorityThread

IoGetRelatedDeviceObject

RtlInitUnicodeString

IoDeleteDevice

KeSetEvent

KeInitializeEvent

wcsncat

ZwOpenProcessToken

ZwAdjustPrivilegesToken

ZwSetInformationFile

KeSetTimerEx

SeCreateClientSecurity

ZwCreateFile

PsCreateSystemThread

MmMapLockedPagesSpecifyCache

ExInterlockedInsertTailList

PsTerminateSystemThread

ZwClose

IofCompleteRequest

ObReferenceObjectByHandle

KeWaitForSingleObject

SeImpersonateClientEx

PsRevertToSelf

ExInterlockedRemoveHeadList

IoIsWdmVersionAvailable

PsDereferenceImpersonationToken

IoCreateSymbolicLink

ObfDereferenceObject

KeInitializeTimerEx

ExFreePoolWithTag

ZwWriteFile

ObOpenObjectByPointer

DbgPrint

PsDereferencePrimaryToken

IofCallDriver

SeTokenType

KeBugCheckEx

MmGetSystemRoutineAddress

IoCreateDevice

ZwSetSecurityObject

IoDeviceObjectType

_snwprintf

RtlLengthSecurityDescriptor

SeCaptureSecurityDescriptor

RtlCreateSecurityDescriptor

RtlSetDaclSecurityDescriptor

RtlAbsoluteToSelfRelativeSD

SeExports

wcschr

_wcsnicmp

RtlLengthSid

RtlAddAccessAllowedAce

RtlGetSaclSecurityDescriptor

RtlGetDaclSecurityDescriptor

RtlGetGroupSecurityDescriptor

RtlGetOwnerSecurityDescriptor

ZwOpenKey

ZwCreateKey

ZwQueryValueKey

ZwSetValueKey

RtlFreeUnicodeString

IoDeleteSymbolicLink

IoBuildDeviceIoControlRequest

ZwQueryInformationFile

ExAllocatePoolWithTag

ProbeForRead

ProbeForWrite

RtlAppendUnicodeToString

MmProtectMdlSystemAddress

IoFreeMdl

ExEventObjectType

MmProbeAndLockPages

RtlCompareMemory

MmUnlockPages

PsGetCurrentProcessId

IoAllocateMdl

RtlTimeToSecondsSince1970

ZwWaitForSingleObject

RtlAnsiStringToUnicodeString

RtlInitAnsiString

RtlUnicodeStringToAnsiString

RtlCompareString

_vsnprintf

ZwMapViewOfSection

RtlGetVersion

ExSystemTimeToLocalTime

ZwSetEvent

_vsnwprintf

RtlTimeToTimeFields

RtlFreeAnsiString

RtlCompareUnicodeString

ZwCreateSection

ZwOpenSection

ZwEnumerateKey

KeInitializeMutex

isspace

strstr

strchr

KeReleaseMutex

ExInitializeNPagedLookasideList

ExpInterlockedPushEntrySList

ExpInterlockedPopEntrySList

KeDelayExecutionThread

IoFileObjectType

ExDeletePagedLookasideList

ZwFreeVirtualMemory

ExQueryDepthSList

ZwOpenProcess

ZwQueryInformationProcess

RtlCopyUnicodeString

ExInitializePagedLookasideList

ZwOpenFile

IoQueryFileDosDeviceName

ExDeleteNPagedLookasideList

ZwAllocateVirtualMemory

RtlAppendUnicodeStringToString

ExDeleteResourceLite

ExInitializeResourceLite

ZwDeleteKey

RtlRandomEx

ZwOpenEvent

ZwCreateEvent

IoWMIQueryAllData

IoWMIOpenBlock

RtlUnicodeStringToInteger

IoReuseIrp

KeResetEvent

KeReadStateEvent

KeReleaseInStackQueuedSpinLock

KeAcquireInStackQueuedSpinLock

IoCancelIrp

IoFreeIrp

IoAllocateIrp

KeWaitForMultipleObjects

IoDriverObjectType

wcsstr

ObReferenceObjectByName

IoGetDeviceProperty

__C_specific_handler

WskDeregister

WskCaptureProviderNPI

WskRegister

WskReleaseProviderNPI

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ