RtlInitAnsiString
MmGetSystemRoutineAddress
RtlInitUnicodeString
memset
ZwSetSecurityObject
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
ExAllocatePoolWithTag
RtlLengthSid
SeExports
ZwClose
wcsrchr
ZwSetValueKey
ZwDeleteValueKey
ZwCreateKey
ZwQueryValueKey
ZwOpenKey
memcpy
wcsncpy
_wcsnicmp
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
ZwWriteFile
PsGetCurrentProcessId
ZwDuplicateObject
ZwOpenProcess
ObfDereferenceObject
_strnicmp
ObReferenceObjectByHandle
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
IoGetRelatedDeviceObject
RtlAppendUnicodeToString
ZwDeleteKey
ZwEnumerateKey
ZwQueryKey
RtlAppendUnicodeStringToString
strrchr
PsGetCurrentThreadPreviousMode
ProbeForWrite
KeUnstackDetachProcess
ProbeForRead
KeStackAttachProcess
PsProcessType
_except_handler3
RtlCopyUnicodeString
IoFreeIrp
IoFreeMdl
KeSetEvent
KeWaitForSingleObject
IofCallDriver
KeGetCurrentThread
SeCreateAccessState
IoGetFileObjectGenericMapping
KeInitializeEvent
IoAllocateIrp
ObCreateObject
IoFileObjectType
MmBuildMdlForNonPagedPool
IoAllocateMdl
IoCreateFile
IoDeleteDevice
IoDeleteSymbolicLink
IoUnregisterShutdownNotification
IofCompleteRequest
IoStopTimer
RtlAnsiStringToUnicodeString
ZwAllocateVirtualMemory
ZwUnmapViewOfSection
PsSetLoadImageNotifyRoutine
IoRegisterShutdownNotification
IoCreateSymbolicLink
IoCreateDevice
KeServiceDescriptorTable
InterlockedPushEntrySList
ZwLoadDriver
strstr
RtlUnicodeStringToInteger
_snprintf
PsTerminateSystemThread
KeCancelTimer
ExfInterlockedRemoveHeadList
KeWaitForMultipleObjects
KeSetTimerEx
KeInitializeTimerEx
KeSetPriorityThread
rand
PsCreateSystemThread
MmUnmapLockedPages
KeSetAffinityThread
KeNumberProcessors
MmMapLockedPages
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ZwQuerySystemInformation
strncpy
PsGetProcessImageFileName
_strlwr
IoGetCurrentProcess
ZwQueryDirectoryFile
InterlockedPopEntrySList
ExfInterlockedInsertHeadList
ExfInterlockedInsertTailList
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
IoStartTimer
ObQueryNameString
CmRegisterCallback
strchr
ObOpenObjectByPointer
ZwQueryInformationProcess
ObReferenceObjectByPointer
PsLookupProcessByProcessId
PsSetCreateProcessNotifyRoutine
IoInitializeTimer
IoBuildDeviceIoControlRequest
MmUnlockPages
MmProbeAndLockPages
IoCancelIrp
KeTickCount
KeQueryTimeIncrement
_alldiv
_allmul
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
RtlEqualUnicodeString
strncmp
MmSectionObjectType
srand
ExAllocatePool
ExFreePoolWithTag
RtlFreeUnicodeString
NtBuildNumber
CmUnRegisterCallback
MmIsAddressValid