IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

KeRemoveByKeyDeviceQueue

ZwOpenSymbolicLinkObject

KeWaitForSingleObject

IofCallDriver

RtlCharToInteger

PsCreateSystemThread

SeOpenObjectAuditAlarm

IoUpdateShareAccess

IoConnectInterrupt

ZwSetVolumeInformationFile

ZwOpenProcess

IoAllocateWorkItem

CcMdlReadComplete

RtlFreeAnsiString

PsImpersonateClient

KeBugCheck

KdDisableDebugger

KeSetTimerEx

ExAcquireFastMutexUnsafe

ZwDeviceIoControlFile

FsRtlNotifyInitializeSync

SeQueryAuthenticationIdToken

CcPurgeCacheSection

RtlFindUnicodePrefix

SeTokenIsAdmin

SeReleaseSubjectContext

ExRaiseAccessViolation

IoCreateStreamFileObjectLite

DbgBreakPoint

FsRtlIsTotalDeviceFailure

ExRegisterCallback

RtlUpcaseUnicodeString

MmMapLockedPages

IoCheckShareAccess

KeClearEvent

RtlCopyString

KeInitializeTimer

IoIsOperationSynchronous

ProbeForWrite

RtlEqualUnicodeString

RtlAddAccessAllowedAceEx

RtlTimeToSecondsSince1970

IoDeleteDevice

IoWriteErrorLogEntry

RtlCopyUnicodeString

IoRegisterDeviceInterface

CcMdlWriteComplete

ZwCreateDirectoryObject

KeQuerySystemTime

CcFastCopyWrite

RtlClearAllBits

IoAllocateMdl

KeDelayExecutionThread

DbgPrompt

IoAcquireVpbSpinLock

ZwReadFile

RtlCreateAcl

RtlWriteRegistryValue

KeSetBasePriorityThread

ZwOpenSection

ExAllocatePoolWithQuotaTag

IoMakeAssociatedIrp

CcCanIWrite

IoGetDeviceProperty

IoGetLowerDeviceObject

KeInsertQueue

CcPreparePinWrite

IoReleaseVpbSpinLock

IoBuildSynchronousFsdRequest

ExSetTimerResolution

MmProbeAndLockPages

RtlFindLongestRunClear

IoGetRelatedDeviceObject

RtlUnicodeToOemN

MmUnlockPages

IoSetDeviceInterfaceState

SeTokenIsRestricted

CcGetFileObjectFromBcb

VerSetConditionMask

RtlTimeFieldsToTime

MmBuildMdlForNonPagedPool

PsChargeProcessPoolQuota

ZwFreeVirtualMemory

FsRtlCheckLockForWriteAccess

ZwQueryVolumeInformationFile

ZwNotifyChangeKey

ExSetResourceOwnerPointer

RtlCreateRegistryKey

RtlDeleteElementGenericTable

MmPageEntireDriver

KeCancelTimer

RtlClearBits

FsRtlFreeFileLock

ZwCreateKey

IoReadPartitionTable

RtlFillMemoryUlong

KeQueryInterruptTime

SeSinglePrivilegeCheck

IoInitializeIrp

KeSaveFloatingPointState

RtlDeleteNoSplay

RtlEqualString

ObGetObjectSecurity

KeUnstackDetachProcess

RtlInitString

MmFreeMappingAddress

IoBuildPartialMdl

RtlEnumerateGenericTable

RtlValidSid

KeQueryActiveProcessors

SePrivilegeCheck

KeInsertQueueDpc

IoRegisterFileSystem

IoSetPartitionInformation

FsRtlIsFatDbcsLegal

IoQueryFileInformation

IoStartTimer

IoAllocateErrorLogEntry

ZwDeleteValueKey

RtlLengthSecurityDescriptor

RtlCompareString

KeSynchronizeExecution

FsRtlNotifyUninitializeSync

SeLockSubjectContext

ZwSetSecurityObject

MmSizeOfMdl

RtlFreeUnicodeString

RtlSubAuthoritySid

RtlCreateUnicodeString

KeInitializeDpc

KeReleaseMutex

IoCheckQuotaBufferValidity

IoSetTopLevelIrp

IoSetThreadHardErrorMode

ObMakeTemporaryObject

ZwQuerySymbolicLinkObject

ZwMapViewOfSection

ExAllocatePoolWithTag

ZwQueryKey

RtlInitializeBitMap

RtlCopyLuid

IoInitializeTimer

IoGetDeviceObjectPointer

PsReturnPoolQuota

SeFreePrivileges

ProbeForRead

SeUnlockSubjectContext

ZwOpenKey

RtlSetDaclSecurityDescriptor

RtlCopySid

RtlFindSetBits

IoCreateDevice

PoSetSystemState

ExDeletePagedLookasideList

RtlOemToUnicodeN

CcUnpinRepinnedBcb

CcPinRead

PsGetCurrentProcess

ZwQueryObject

MmUnlockPagableImageSection

RtlValidSecurityDescriptor

MmUnmapLockedPages

IoReleaseRemoveLockAndWaitEx

IoReportResourceForDetection

FsRtlFastCheckLockForRead

IoGetTopLevelIrp

KeLeaveCriticalRegion

PsGetThreadProcessId

ZwWriteFile

MmAddVerifierThunks

IoCreateFile

IoStopTimer

IoSetHardErrorOrVerifyDevice

FsRtlAllocateFileLock

KeRestoreFloatingPointState

MmAllocateMappingAddress

KeRemoveQueueDpc

KeInitializeDeviceQueue

KeBugCheckEx

ExFreePool

RtlCreateSecurityDescriptor

MmSecureVirtualMemory

PsGetCurrentProcessId

IoWMIRegistrationControl

CcMapData

IoGetDeviceInterfaces

RtlAppendStringToString

IoAllocateAdapterChannel

FsRtlIsDbcsInExpression

IoDeleteSymbolicLink

IoGetAttachedDeviceReference

KeWaitForMultipleObjects

RtlFindLeastSignificantBit

ExRaiseStatus

RtlSetAllBits

KeReadStateTimer

RtlUnicodeStringToOemString

KeRemoveQueue

KeResetEvent

IoIsSystemThread

MmForceSectionClosed

KeRundownQueue

KeDeregisterBugCheckCallback

KeGetCurrentThread

RtlMultiByteToUnicodeN

CcUnpinData

MmMapUserAddressesToPage

IoWMIWriteEvent

MmSetAddressRangeModified

KeAttachProcess

IoFreeMdl

RtlVerifyVersionInfo

WmiQueryTraceInformation

RtlInt64ToUnicodeString

RtlInitializeUnicodePrefix

RtlGetCallersAddress

RtlCheckRegistryKey

RtlDelete

IoGetDiskDeviceObject

PsLookupThreadByThreadId

CcUninitializeCacheMap

MmCanFileBeTruncated

MmFreePagesFromMdl

RtlDowncaseUnicodeString

ObfReferenceObject

IoSetDeviceToVerify

SeAssignSecurity

PsGetProcessId

IoWritePartitionTableEx

IoFreeIrp

RtlRemoveUnicodePrefix

MmAllocatePagesForMdl

IoCheckEaBufferValidity

KeStackAttachProcess

IoGetStackLimits

IoCreateStreamFileObject

ExLocalTimeToSystemTime

IoFreeErrorLogEntry

ExAllocatePool

DbgBreakPointWithStatus

IoFreeWorkItem

IoGetCurrentProcess

IoReportDetectedDevice

CcRepinBcb

IoReadPartitionTableEx

CcRemapBcb

IoSetShareAccess

PoUnregisterSystemState

ZwFsControlFile

RtlFindLastBackwardRunClear

RtlVolumeDeviceToDosName

PsGetVersion

KeSetEvent

ZwOpenFile

ObQueryNameString

ExDeleteNPagedLookasideList

ObCreateObject

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ