IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

ExSystemTimeToLocalTime

DbgBreakPointWithStatus

KeRemoveEntryDeviceQueue

ZwDeviceIoControlFile

IoCreateStreamFileObjectLite

KeEnterCriticalRegion

RtlFreeUnicodeString

RtlEqualUnicodeString

IoInvalidateDeviceRelations

ExFreePool

IoCreateNotificationEvent

RtlSubAuthoritySid

MmAllocatePagesForMdl

FsRtlDeregisterUncProvider

ExDeleteResourceLite

RtlStringFromGUID

RtlDelete

KeReadStateMutex

PoCallDriver

ExNotifyCallback

RtlInitString

PsSetLoadImageNotifyRoutine

RtlAnsiCharToUnicodeChar

IoGetDiskDeviceObject

ZwFsControlFile

MmProbeAndLockPages

KeInitializeDeviceQueue

PsDereferencePrimaryToken

KeReadStateTimer

KeReadStateSemaphore

HalExamineMBR

KeInitializeDpc

KdEnableDebugger

RtlFindClearBitsAndSet

RtlGetVersion

CcPinMappedData

IoDetachDevice

RtlFindMostSignificantBit

MmUnmapLockedPages

MmResetDriverPaging

PsImpersonateClient

DbgBreakPoint

MmFreePagesFromMdl

RtlUnicodeStringToOemString

KeInitializeSemaphore

MmPageEntireDriver

ObfDereferenceObject

ZwCreateFile

ZwOpenProcess

ExVerifySuite

SeAppendPrivileges

ObReferenceObjectByPointer

MmIsThisAnNtAsSystem

IoReadDiskSignature

RtlTimeToTimeFields

PsLookupThreadByThreadId

SeCaptureSubjectContext

IoGetRequestorProcessId

IoReportResourceForDetection

ProbeForRead

ExInitializeResourceLite

ZwNotifyChangeKey

SeQueryInformationToken

KeRestoreFloatingPointState

ZwClose

CcIsThereDirtyData

SeAssignSecurity

IoGetDeviceInterfaceAlias

ZwFreeVirtualMemory

CcMapData

IoReadPartitionTableEx

SeCreateClientSecurity

SeUnlockSubjectContext

RtlDowncaseUnicodeString

IoIsOperationSynchronous

ExAcquireFastMutexUnsafe

RtlIsNameLegalDOS8Dot3

FsRtlCheckOplock

SeDeassignSecurity

IoDeleteSymbolicLink

IoGetDeviceInterfaces

IoConnectInterrupt

IoOpenDeviceRegistryKey

CcUnpinDataForThread

MmForceSectionClosed

CcMdlReadComplete

PsChargeProcessPoolQuota

FsRtlFastUnlockSingle

RtlSetAllBits

ExQueueWorkItem

KeInitializeMutex

RtlLengthRequiredSid

IoDeviceObjectType

SeSinglePrivilegeCheck

KeFlushQueuedDpcs

MmFreeNonCachedMemory

FsRtlCheckLockForWriteAccess

MmFreeMappingAddress

KeInitializeQueue

IoInvalidateDeviceState

RtlOemStringToUnicodeString

MmHighestUserAddress

MmIsVerifierEnabled

CcCopyWrite

IoWMIRegistrationControl

RtlSecondsSince1980ToTime

MmUnmapIoSpace

ExRaiseDatatypeMisalignment

ObQueryNameString

RtlSetDaclSecurityDescriptor

IoWritePartitionTableEx

PoSetSystemState

RtlUpcaseUnicodeToOemN

ExRegisterCallback

MmGetPhysicalAddress

IoVerifyPartitionTable

CcSetDirtyPinnedData

RtlValidSid

RtlVolumeDeviceToDosName

IoReleaseCancelSpinLock

IoCreateDisk

CcFlushCache

ExLocalTimeToSystemTime

CcSetReadAheadGranularity

KeBugCheck

ProbeForWrite

KeReleaseSemaphore

RtlAreBitsClear

ZwQueryValueKey

RtlGenerate8dot3Name

SeQueryAuthenticationIdToken

RtlEqualSid

ZwUnloadDriver

IoIsWdmVersionAvailable

ExFreePoolWithTag

IoCheckQuotaBufferValidity

RtlDeleteElementGenericTable

RtlCreateUnicodeString

CcSetBcbOwnerPointer

RtlTimeFieldsToTime

IoDisconnectInterrupt

ExReleaseFastMutexUnsafe

FsRtlSplitLargeMcb

IoGetDriverObjectExtension

IoGetRelatedDeviceObject

DbgPrompt

RtlCompareString

KeSetPriorityThread

MmCanFileBeTruncated

RtlClearBits

KeDetachProcess

IoAllocateAdapterChannel

ZwEnumerateValueKey

IoGetStackLimits

MmIsAddressValid

RtlUnicodeToMultiByteN

ZwQueryVolumeInformationFile

RtlDeleteNoSplay

IoStartTimer

IoCheckShareAccess

MmQuerySystemSize

CcMdlRead

RtlMultiByteToUnicodeN

IoFreeController

KeUnstackDetachProcess

ObGetObjectSecurity

FsRtlIsTotalDeviceFailure

ZwFlushKey

KeAttachProcess

KeSetTimer

MmAdvanceMdl

RtlAddAccessAllowedAce

KeSetKernelStackSwapEnable

KeQuerySystemTime

MmAllocateMappingAddress

IoSetTopLevelIrp

CcRemapBcb

MmSetAddressRangeModified

ExGetSharedWaiterCount

IoStartPacket

KeSetSystemAffinityThread

IoThreadToProcess

ExSetResourceOwnerPointer

RtlQueryRegistryValues

RtlInitializeUnicodePrefix

RtlFindUnicodePrefix

RtlNumberOfClearBits

ZwQueryKey

IoUpdateShareAccess

RtlClearAllBits

IoFreeWorkItem

PsReturnPoolQuota

RtlTimeToSecondsSince1970

ExSetTimerResolution

KeInitializeApc

FsRtlIsFatDbcsLegal

ExUuidCreate

ZwSetValueKey

PsGetCurrentThread

RtlFindLeastSignificantBit

RtlInitAnsiString

SeFilterToken

PsGetCurrentProcess

SeTokenIsAdmin

IoCsqRemoveIrp

RtlCompareMemory

PoSetPowerState

FsRtlIsHpfsDbcsLegal

CcFastCopyRead

IoSetDeviceInterfaceState

IoFreeErrorLogEntry

PsGetVersion

IoGetDeviceProperty

ZwSetVolumeInformationFile

RtlxUnicodeStringToAnsiSize

CcGetFileObjectFromBcb

MmSizeOfMdl

IoCreateSymbolicLink

IoAllocateWorkItem

RtlCreateAcl

PoRegisterSystemState

RtlNtStatusToDosError

IoStopTimer

MmMapLockedPagesSpecifyCache

SeValidSecurityDescriptor

IoAcquireCancelSpinLock

RtlAnsiStringToUnicodeString

IoGetDeviceToVerify

MmAllocateNonCachedMemory

RtlInitializeSid

IoRaiseHardError

RtlVerifyVersionInfo

CcPreparePinWrite

KeSetBasePriorityThread

IoGetDeviceAttachmentBaseRef

IoVolumeDeviceToDosName

ZwCreateDirectoryObject

FsRtlGetNextFileLock

RtlCopyString

IoSetThreadHardErrorMode

CcUnpinData

KeWaitForSingleObject

ZwSetSecurityObject

RtlCopySid

KeDeregisterBugCheckCallback

ZwOpenSection

MmMapUserAddressesToPage

RtlFindLongestRunClear

RtlCharToInteger

ZwCreateKey

KeQueryInterruptTime

MmUnlockPages

ZwDeleteKey

MmFlushImageSection

FsRtlNotifyUninitializeSync

RtlFindLastBackwardRunClear

RtlUpcaseUnicodeString

ZwMapViewOfSection

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ