CcGetFileObjectFromBcb
ExUuidCreate
RtlInitializeSid
CcPreparePinWrite
RtlCompareUnicodeString
RtlxOemStringToUnicodeSize
RtlOemToUnicodeN
FsRtlCheckOplock
SeAppendPrivileges
KeWaitForMultipleObjects
KeStackAttachProcess
RtlIntegerToUnicodeString
IoReadPartitionTableEx
SeUnlockSubjectContext
ZwPowerInformation
WmiQueryTraceInformation
SeDeleteObjectAuditAlarm
PsGetProcessId
SeLockSubjectContext
ObReferenceObjectByHandle
ObQueryNameString
IoSetPartitionInformationEx
IoInvalidateDeviceState
IoCheckQuotaBufferValidity
RtlDowncaseUnicodeString
CcUnpinDataForThread
MmMapLockedPages
RtlCopyLuid
CcSetFileSizes
RtlFindLeastSignificantBit
SeFilterToken
KeSetTargetProcessorDpc
ZwCreateFile
CcPurgeCacheSection
RtlEqualUnicodeString
IoWMIWriteEvent
KeResetEvent
RtlNtStatusToDosError
IoFreeIrp
RtlAppendUnicodeToString
IoStartPacket
MmCanFileBeTruncated
SeTokenIsRestricted
IoReleaseRemoveLockAndWaitEx
SeImpersonateClientEx
VerSetConditionMask
ZwFlushKey
CcInitializeCacheMap
KeSynchronizeExecution
ExNotifyCallback
RtlFindUnicodePrefix
KeRemoveQueue
SeOpenObjectAuditAlarm
IoFreeErrorLogEntry
IoIsOperationSynchronous
CcMdlReadComplete
KeQueryInterruptTime
ObGetObjectSecurity
SeCreateClientSecurity
MmForceSectionClosed
ProbeForWrite
RtlCreateUnicodeString
IoWMIRegistrationControl
KeSetBasePriorityThread
CcFastCopyWrite
ExDeleteResourceLite
ZwDeviceIoControlFile
ExInitializeResourceLite
ObfDereferenceObject
PsCreateSystemThread
ZwDeleteValueKey
KeRegisterBugCheckCallback
RtlPrefixUnicodeString
PoSetSystemState
IoReportDetectedDevice
ExAllocatePoolWithTag
IoAllocateMdl
IofCallDriver
PsTerminateSystemThread
MmAllocateMappingAddress
RtlLengthSecurityDescriptor
MmUnsecureVirtualMemory
IoGetDeviceToVerify
RtlInitUnicodeString
IoReleaseVpbSpinLock
RtlLengthSid
RtlFindMostSignificantBit
ZwQueryVolumeInformationFile
RtlCompareString
DbgBreakPointWithStatus
RtlInt64ToUnicodeString
MmLockPagableDataSection
IoGetStackLimits
SeSinglePrivilegeCheck
RtlCheckRegistryKey
DbgPrompt
IoReuseIrp
IoGetDriverObjectExtension
IoStopTimer
CcSetDirtyPinnedData
RtlRemoveUnicodePrefix
KeBugCheck
KeSetTimerEx
MmProbeAndLockProcessPages
CcCopyWrite
IoGetDeviceObjectPointer
IoGetLowerDeviceObject
IoGetTopLevelIrp
IofCompleteRequest
FsRtlFreeFileLock
ExIsProcessorFeaturePresent
RtlTimeToSecondsSince1980
IoThreadToProcess
KeInitializeDpc
IoVerifyPartitionTable
RtlFreeAnsiString
PsLookupThreadByThreadId
ZwCreateSection
MmIsVerifierEnabled
PoCallDriver
RtlWriteRegistryValue
ZwCreateKey
SeQueryInformationToken
IoAllocateIrp
RtlDeleteRegistryValue
KeDeregisterBugCheckCallback
MmMapIoSpace
CcPinMappedData
IoCreateDevice
IoReleaseCancelSpinLock
RtlFreeOemString
RtlEqualSid
IoDeleteController
MmAdvanceMdl
IoDetachDevice
IoAcquireRemoveLockEx
ExUnregisterCallback
KdDisableDebugger
PsLookupProcessByProcessId
ExFreePoolWithTag
ZwOpenSymbolicLinkObject
ExGetSharedWaiterCount
RtlCopyUnicodeString
KeInsertDeviceQueue
KeReadStateMutex
ZwQuerySymbolicLinkObject
RtlSetBits
IoQueryDeviceDescription
ObCreateObject
RtlInitString
ZwQueryObject
CcPinRead
KeSetPriorityThread
MmUnmapReservedMapping
PsSetLoadImageNotifyRoutine
IoGetDmaAdapter
IoSetStartIoAttributes
MmBuildMdlForNonPagedPool
IoCreateSymbolicLink
PsGetCurrentProcessId
RtlMultiByteToUnicodeN
KeRundownQueue
RtlCharToInteger
RtlUpperString
MmUnlockPages
FsRtlLookupLastLargeMcbEntry
ExSetTimerResolution
SeSetSecurityDescriptorInfo
IoWritePartitionTableEx
RtlDeleteElementGenericTable
KeQueryTimeIncrement
IoStartNextPacket
KeCancelTimer
KeWaitForSingleObject
RtlAddAccessAllowedAceEx
RtlInitAnsiString
RtlSecondsSince1980ToTime
KeDetachProcess
RtlCreateRegistryKey
RtlCompareMemory
MmGetPhysicalAddress
ExQueueWorkItem
RtlDeleteNoSplay
KeSetEvent
KeUnstackDetachProcess
ZwOpenFile
IoGetRequestorProcess
KeInitializeMutex
RtlDelete
IoSetSystemPartition
KeRemoveEntryDeviceQueue
ZwReadFile
IoSetShareAccess
IoCreateFile
KeSetImportanceDpc
ObReleaseObjectSecurity
MmAllocateContiguousMemory
IoVolumeDeviceToDosName
IoSetDeviceInterfaceState
RtlSplay
MmGetSystemRoutineAddress
FsRtlIsHpfsDbcsLegal
IoAcquireCancelSpinLock
ZwOpenKey
IoGetDiskDeviceObject
SeValidSecurityDescriptor
KeFlushQueuedDpcs
MmIsAddressValid
KeInsertQueueDpc
MmSecureVirtualMemory
IoGetRequestorProcessId
IoSetHardErrorOrVerifyDevice
RtlxUnicodeStringToAnsiSize
FsRtlDeregisterUncProvider
ObOpenObjectByPointer
ZwQueryValueKey
RtlGetCallersAddress
IoGetCurrentProcess
MmAllocatePagesForMdl
CcMdlRead
IoGetDeviceInterfaces
RtlEnumerateGenericTable
KeRemoveDeviceQueue
ExSystemTimeToLocalTime
ZwMapViewOfSection
MmFreePagesFromMdl
MmHighestUserAddress
IoRegisterDeviceInterface
RtlUnicodeStringToAnsiString
ZwSetSecurityObject
MmFreeMappingAddress
RtlOemStringToUnicodeString
RtlIsNameLegalDOS8Dot3
ZwOpenProcess
RtlUnicodeToOemN
IoInitializeRemoveLockEx
RtlFillMemoryUlong
RtlEqualString
RtlMapGenericMask
ExGetExclusiveWaiterCount
IoUpdateShareAccess
IoRaiseHardError
DbgBreakPoint
CcFastCopyRead
RtlTimeToSecondsSince1970
RtlInitializeGenericTable
RtlSecondsSince1970ToTime
ExLocalTimeToSystemTime
RtlFindSetBits
RtlValidSecurityDescriptor
KeQueryActiveProcessors
KeEnterCriticalRegion
RtlGetVersion
PsIsThreadTerminating
ExRaiseAccessViolation
IoFreeWorkItem
CcCopyRead
KeInitializeTimerEx
RtlStringFromGUID
CcDeferWrite
RtlAnsiCharToUnicodeChar
FsRtlAllocateFileLock
KeReadStateEvent
