RtlInitUnicodeString
RtlGetVersion
ZwCreateFile
ZwClose
wcsncpy
RtlQueryRegistryValues
RtlCopyUnicodeString
RtlAppendUnicodeStringToString
DbgPrint
KeInitializeEvent
ExAllocatePool
ExAllocatePoolWithTag
ExFreePoolWithTag
ExInitializeNPagedLookasideList
PsCreateSystemThread
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoGetCurrentProcess
IoRegisterShutdownNotification
ZwOpenKey
ZwEnumerateKey
ZwQueryKey
MmIsAddressValid
PsSetLoadImageNotifyRoutine
ZwQueryDirectoryFile
_strlwr
RtlInitAnsiString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
ZwQueryValueKey
strstr
_strupr
wcsncat
wcsncmp
wcsrchr
wcsstr
_wcslwr
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
RtlTimeToTimeFields
KeSetEvent
KeDelayExecutionThread
KeWaitForSingleObject
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
KeQueryTimeIncrement
ExSystemTimeToLocalTime
MmProbeAndLockPages
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
PsGetVersion
IoAllocateMdl
IofCompleteRequest
IoFreeIrp
IoFreeMdl
IoGetDeviceObjectPointer
ObfDereferenceObject
ZwQueryInformationFile
ZwSetInformationFile
ZwReadFile
ZwWriteFile
ZwDeleteFile
sprintf
swprintf
_snwprintf
rand
srand
ObReferenceObjectByName
__C_specific_handler
IoDriverObjectType
ProbeForRead
PsTerminateSystemThread
ExQueryDepthSList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExDeleteNPagedLookasideList
strncpy
_vsnprintf
RtlInitString
ZwOpenFile
ZwCreateSection
ZwMapViewOfSection
RtlCompareString
PsGetCurrentProcessId
PsLookupProcessByProcessId
RtlImageNtHeader
PsGetProcessPeb
strchr
_wcsupr
RtlWriteRegistryValue
RtlDeleteRegistryValue
ZwCreateKey
ZwDeleteKey
ZwEnumerateValueKey
atoi
mbstowcs
__chkstk
strncmp
_strnicmp
strrchr
ExAcquireFastMutex
ExReleaseFastMutex
_snprintf
ObfReferenceObject
IoAllocateIrp
IoBuildDeviceIoControlRequest
IofCallDriver
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
RtlCompareUnicodeString
MmGetSystemRoutineAddress
IoCreateFile
IoGetFileObjectGenericMapping
ObQueryNameString
ZwOpenDirectoryObject
ObCreateObject
SeCreateAccessState
wcscmp
IoFileObjectType
PsThreadType
RtlAppendUnicodeToString
RtlCompareMemory
IoUnregisterShutdownNotification
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
PsSetCreateProcessNotifyRoutine
PsSetCreateProcessNotifyRoutineEx
ZwOpenProcess
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
_wcsicmp
IoStopTimer
PsRemoveLoadImageNotifyRoutine
IoGetDeviceAttachmentBaseRef
_stricmp
NtOpenProcess
ZwQueryObject
ZwDuplicateObject
PsLookupThreadByThreadId
ZwOpenThread
ZwUnloadKey
ZwLoadKey
ZwUnmapViewOfSection
ZwSetValueKey
ObSetHandleAttributes
KeStackAttachProcess
KeUnstackDetachProcess
PsInitialSystemProcess
ZwAllocateVirtualMemory
PsIsThreadTerminating
KeInitializeApc
KeInsertQueueApc
ExInitializePagedLookasideList
ExDeletePagedLookasideList
CmRegisterCallback
CmUnRegisterCallback
KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
KeClearEvent
KeBugCheckEx
RtlUnicodeStringToInteger
MmAllocatePagesForMdl
MmFreePagesFromMdl
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmMapViewInSystemSpace
MmUnmapViewInSystemSpace
MmSectionObjectType
RtlCaptureContext
KeCapturePersistentThreadState
MmSystemRangeStart
IoDeviceObjectType
KeRevertToUserAffinityThread
KeSetSystemAffinityThread
KeCancelTimer
KeNumberProcessors
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation