RtlInitUnicodeString
RtlGetVersion
ZwCreateFile
ZwClose
RtlCopyUnicodeString
DbgPrint
ExAllocatePool
ExFreePoolWithTag
ExInitializeNPagedLookasideList
PsCreateSystemThread
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoGetCurrentProcess
IoRegisterShutdownNotification
ZwOpenKey
MmIsAddressValid
PsSetLoadImageNotifyRoutine
_snwprintf
_strlwr
RtlInitAnsiString
RtlQueryRegistryValues
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
ZwQueryValueKey
strstr
_strupr
wcsncat
wcsncmp
wcsncpy
wcsrchr
wcsstr
_wcslwr
RtlAnsiStringToUnicodeString
RtlAppendUnicodeStringToString
RtlFreeUnicodeString
RtlTimeToTimeFields
KeInitializeEvent
KeDelayExecutionThread
KeWaitForSingleObject
ExAllocatePoolWithTag
ExSystemTimeToLocalTime
PsGetVersion
IofCompleteRequest
ZwQueryInformationFile
ZwReadFile
ZwWriteFile
ZwEnumerateKey
ZwQueryKey
ZwDeleteFile
ZwQueryDirectoryFile
sprintf
swprintf
rand
srand
ProbeForRead
PsTerminateSystemThread
ObfDereferenceObject
ObReferenceObjectByName
IoDriverObjectType
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
ExQueryDepthSList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExDeleteNPagedLookasideList
strncpy
_vsnprintf
RtlInitString
ZwOpenFile
ZwCreateSection
ZwMapViewOfSection
RtlCompareString
PsGetCurrentProcessId
PsLookupProcessByProcessId
RtlImageNtHeader
PsGetProcessPeb
__C_specific_handler
strchr
_wcsupr
RtlWriteRegistryValue
RtlDeleteRegistryValue
ZwCreateKey
ZwDeleteKey
ZwEnumerateValueKey
atoi
mbstowcs
__chkstk
_strnicmp
strrchr
ZwSetInformationFile
strncmp
_snprintf
KeSetEvent
ObfReferenceObject
MmProbeAndLockPages
IoAllocateIrp
IoAllocateMdl
IoBuildDeviceIoControlRequest
IofCallDriver
IoFreeIrp
IoFreeMdl
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
RtlCompareUnicodeString
MmGetSystemRoutineAddress
IoCreateFile
IoGetFileObjectGenericMapping
ObQueryNameString
ZwOpenDirectoryObject
ObCreateObject
SeCreateAccessState
wcscmp
IoFileObjectType
PsThreadType
RtlAppendUnicodeToString
RtlCompareMemory
IoUnregisterShutdownNotification
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
PsSetCreateProcessNotifyRoutine
PsSetCreateProcessNotifyRoutineEx
ZwOpenProcess
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
_wcsicmp
IoGetDeviceObjectPointer
IoStopTimer
PsRemoveLoadImageNotifyRoutine
IoGetDeviceAttachmentBaseRef
_stricmp
NtOpenProcess
ZwQueryObject
ZwDuplicateObject
PsLookupThreadByThreadId
ZwOpenThread
ZwUnloadKey
ZwLoadKey
ZwUnmapViewOfSection
ZwSetValueKey
ObSetHandleAttributes
KeStackAttachProcess
KeUnstackDetachProcess
PsInitialSystemProcess
ZwAllocateVirtualMemory
PsIsThreadTerminating
KeInitializeApc
KeInsertQueueApc
CmRegisterCallback
CmUnRegisterCallback
KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
KeClearEvent
KeBugCheckEx
KeRevertToUserAffinityThread
KeSetSystemAffinityThread
KeCancelTimer
KeNumberProcessors
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation