IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

RtlCompareMemory

KeInsertDeviceQueue

IoCreateNotificationEvent

PsLookupProcessByProcessId

CcCopyWrite

RtlSecondsSince1980ToTime

RtlInitializeSid

PsCreateSystemThread

RtlStringFromGUID

MmAllocateContiguousMemory

ObReferenceObjectByHandle

RtlValidSid

IoGetStackLimits

IoDisconnectInterrupt

KeReadStateSemaphore

PsGetProcessId

RtlFindClearBits

IoSetShareAccess

RtlDeleteElementGenericTable

RtlRandom

KeAttachProcess

CcPinMappedData

IoAllocateWorkItem

ZwFsControlFile

IoCreateDevice

RtlAddAccessAllowedAceEx

IoIsWdmVersionAvailable

IoQueueWorkItem

CcDeferWrite

FsRtlNotifyInitializeSync

HalExamineMBR

ZwClose

ZwQueryKey

MmAdvanceMdl

MmIsDriverVerifying

KeCancelTimer

KeRegisterBugCheckCallback

RtlWriteRegistryValue

ZwOpenProcess

ZwDeleteKey

RtlCopyUnicodeString

KefAcquireSpinLockAtDpcLevel

ExRaiseAccessViolation

PsChargeProcessPoolQuota

MmAllocateNonCachedMemory

RtlDelete

PsImpersonateClient

ZwDeleteValueKey

ZwOpenSection

RtlDeleteRegistryValue

IoQueryFileInformation

KeBugCheckEx

RtlInitUnicodeString

PoCallDriver

KeFlushQueuedDpcs

RtlEqualString

IoRemoveShareAccess

RtlFindUnicodePrefix

IoRegisterDeviceInterface

IoFreeErrorLogEntry

ZwQuerySymbolicLinkObject

RtlInitializeUnicodePrefix

RtlInitAnsiString

MmFlushImageSection

ZwUnloadDriver

RtlDeleteNoSplay

FsRtlIsDbcsInExpression

ZwWriteFile

IoRegisterFileSystem

ExReinitializeResourceLite

IoSetDeviceInterfaceState

IoReadPartitionTable

KeStackAttachProcess

SeReleaseSubjectContext

RtlSetDaclSecurityDescriptor

KeUnstackDetachProcess

SeAccessCheck

RtlFindMostSignificantBit

ExSetResourceOwnerPointer

RtlEnumerateGenericTable

RtlCreateSecurityDescriptor

ExUnregisterCallback

KdEnableDebugger

KeReadStateMutex

RtlCopySid

FsRtlSplitLargeMcb

RtlNumberOfClearBits

MmUnsecureVirtualMemory

ExRaiseDatatypeMisalignment

IoWMIWriteEvent

IoUnregisterFileSystem

IoBuildPartialMdl

IoDeleteDevice

IoReleaseCancelSpinLock

KeEnterCriticalRegion

KeSetSystemAffinityThread

CcRepinBcb

ExDeletePagedLookasideList

KeInsertQueueDpc

FsRtlIsFatDbcsLegal

IoRaiseHardError

ZwCreateSection

IoGetBootDiskInformation

RtlUnicodeToOemN

RtlCharToInteger

ZwCreateFile

RtlSubAuthoritySid

RtlAppendStringToString

KeInitializeTimer

IoGetRequestorProcess

PsGetProcessExitTime

MmUnmapIoSpace

ObOpenObjectByPointer

ObfDereferenceObject

RtlxUnicodeStringToAnsiSize

IoVolumeDeviceToDosName

KeReadStateEvent

ExAcquireFastMutexUnsafe

KeRemoveQueue

MmProbeAndLockPages

IoReportResourceForDetection

IoVerifyVolume

RtlTimeToSecondsSince1970

IoBuildSynchronousFsdRequest

IoGetDeviceInterfaces

CcSetDirtyPinnedData

MmCanFileBeTruncated

CcFastMdlReadWait

IoStartTimer

RtlAreBitsClear

IoAcquireVpbSpinLock

ZwMakeTemporaryObject

IoReleaseRemoveLockEx

ExInitializeResourceLite

RtlCreateUnicodeString

RtlCheckRegistryKey

FsRtlLookupLastLargeMcbEntry

IoSetTopLevelIrp

RtlAddAccessAllowedAce

MmHighestUserAddress

IoCheckShareAccess

CcUnpinData

ZwEnumerateValueKey

RtlDowncaseUnicodeString

IoReportDetectedDevice

ObReleaseObjectSecurity

KeSetTimer

DbgPrompt

FsRtlCheckLockForReadAccess

FsRtlIsHpfsDbcsLegal

IoGetDmaAdapter

KeSetKernelStackSwapEnable

IoFreeController

IoSetDeviceToVerify

RtlLengthSecurityDescriptor

IoGetAttachedDeviceReference

IoCheckQuotaBufferValidity

IoSetPartitionInformationEx

RtlVerifyVersionInfo

IoCreateSymbolicLink

MmLockPagableSectionByHandle

CcFlushCache

ExVerifySuite

ExReleaseResourceLite

IofCompleteRequest

RtlVolumeDeviceToDosName

RtlInitializeBitMap

RtlSplay

KeSetImportanceDpc

ExGetExclusiveWaiterCount

CcFastCopyRead

KeGetCurrentThread

RtlIntegerToUnicodeString

IoReuseIrp

RtlHashUnicodeString

ZwFlushKey

ExAllocatePoolWithQuotaTag

IoGetTopLevelIrp

ProbeForWrite

CcMdlWriteComplete

SeOpenObjectAuditAlarm

SeDeleteObjectAuditAlarm

PsGetCurrentThread

ZwQueryValueKey

MmSizeOfMdl

RtlEqualSid

IoGetRequestorProcessId

RtlMultiByteToUnicodeN

MmUnmapLockedPages

FsRtlMdlWriteCompleteDev

RtlFindClearRuns

ZwSetVolumeInformationFile

KeResetEvent

DbgBreakPoint

RtlInsertUnicodePrefix

CcUnpinRepinnedBcb

KeSaveFloatingPointState

MmUnlockPagableImageSection

PoRegisterSystemState

IoAllocateController

IoGetDriverObjectExtension

ZwNotifyChangeKey

MmUnlockPages

IoGetDeviceObjectPointer

IoVerifyPartitionTable

ZwEnumerateKey

MmIsThisAnNtAsSystem

MmIsVerifierEnabled

IoWMIRegistrationControl

RtlFindSetBits

CcSetFileSizes

PoSetSystemState

RtlUnicodeStringToInteger

ObMakeTemporaryObject

PsGetVersion

SePrivilegeCheck

RtlAppendUnicodeToString

CcRemapBcb

KeInitializeDeviceQueue

ExGetSharedWaiterCount

KeRestoreFloatingPointState

MmFreeContiguousMemory

FsRtlFastUnlockSingle

PsLookupThreadByThreadId

ExLocalTimeToSystemTime

ZwQueryVolumeInformationFile

IoStartPacket

MmGetPhysicalAddress

WmiQueryTraceInformation

RtlInitString

SeValidSecurityDescriptor

IoWritePartitionTableEx

RtlSecondsSince1970ToTime

ObQueryNameString

ZwAllocateVirtualMemory

ExReleaseFastMutexUnsafe

ZwMapViewOfSection

ExCreateCallback

MmForceSectionClosed

RtlCopyLuid

IoInvalidateDeviceRelations

PoSetPowerState

CcInitializeCacheMap

PoStartNextPowerIrp

IoGetDeviceToVerify

ZwCreateEvent

SeUnlockSubjectContext

RtlTimeToTimeFields

CcPinRead

ObGetObjectSecurity

IoAcquireRemoveLockEx

SeTokenIsRestricted

ExSystemTimeToLocalTime

IoAllocateAdapterChannel

ZwDeviceIoControlFile

IoInitializeIrp

ZwOpenSymbolicLinkObject

CcSetBcbOwnerPointer

FsRtlFastCheckLockForRead

KeInitializeMutex

KeInitializeTimerEx

IoGetLowerDeviceObject

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ