RtlInitUnicodeString
MmGetSystemRoutineAddress
RtlCompareMemory
IoWMIRegistrationControl
ZwOpenKey
ZwQueryValueKey
ZwCreateFile
ZwWriteFile
ZwDeleteValueKey
ZwSetValueKey
IoGetDeviceProperty
IoCreateSymbolicLink
IoDeleteSymbolicLink
ExFreePoolWithTag
EtwUnregister
EtwRegister
ExAllocatePoolWithQuotaTag
KeClearEvent
KeReadStateEvent
KeInitializeGuardedMutex
KeAcquireGuardedMutex
KeReleaseGuardedMutex
KeInitializeMutex
KeReleaseMutex
KeInitializeSemaphore
KeReleaseSemaphore
ZwOpenEvent
SeCaptureSubjectContext
ExGetPreviousMode
SeAccessCheck
SeReleaseSubjectContext
KeQueryTimeIncrement
ZwCreateKey
ObGetObjectSecurity
SeAssignSecurityEx
RtlSetControlSecurityDescriptor
ZwSetSecurityObject
SeDeassignSecurity
ObReleaseObjectSecurity
ZwDeleteKey
PsGetCurrentProcess
KeSetEvent
IoWriteErrorLogEntry
KeWaitForMultipleObjects
ObOpenObjectByPointer
ZwQueryInformationToken
ZwEnumerateValueKey
RtlCreateRegistryKey
RtlWriteRegistryValue
ZwQueryKey
ZwEnumerateKey
HalDispatchTable
_purecall
IoRegisterPlugPlayNotification
IoUnregisterPlugPlayNotificationEx
MmMapIoSpace
MmUnmapIoSpace
IoSizeofWorkItem
IoInitializeWorkItem
IoQueueWorkItem
IoUninitializeWorkItem
ObfReferenceObject
IoInvalidateDeviceRelations
ExAllocatePoolWithTag
IoUnregisterPlugPlayNotification
memcpy_s
memmove_s
bsearch
RtlConvertSidToUnicodeString
RtlFreeUnicodeString
SeLocateProcessImageName
wcschr
_wcsnicmp
RtlSetDaclSecurityDescriptor
RtlAddAccessAllowedAce
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
RtlLengthSid
RtlCreateSecurityDescriptor
_vsnwprintf
PsTerminateSystemThread
_wcsicmp
ExInterlockedInsertTailList
KeResetEvent
EtwWrite
ExInterlockedRemoveHeadList
KeInitializeSpinLock
ObfDereferenceObject
ZwClose
ObReferenceObjectByHandle
PsCreateSystemThread
RtlCopyUnicodeString
KeWaitForSingleObject
IofCallDriver
IoBuildDeviceIoControlRequest
IoAllocateErrorLogEntry
KeInitializeEvent
__chkstk
