#undef RtlMoveMemory #undef RtlCopyMemory #undef RtlFillMemory #undef RtlZeroMemory NAME ntoskrnl.exe EXPORTS CcCanIWrite CcCopyRead CcCopyWrite CcDeferWrite CcFastCopyRead CcFastCopyWrite CcFastMdlReadWait CONSTANT // Data - use pointer for access CcFastReadNotPossible CONSTANT // Data - use pointer for access CcFastReadWait CONSTANT // Data - use pointer for access CcFlushCache CcGetDirtyPages CcGetFileObjectFromBcb CcGetFileObjectFromSectionPtrs CcGetFlushedValidData CcGetLsnForFileObject CcInitializeCacheMap CcIsThereDirtyData CcMapData CcMdlRead CcMdlReadComplete CcMdlWriteAbort CcMdlWriteComplete CcPinMappedData CcPinRead CcPrepareMdlWrite CcPreparePinWrite CcPurgeCacheSection CcRemapBcb CcRepinBcb CcScheduleReadAhead CcSetAdditionalCacheAttributes CcSetBcbOwnerPointer CcSetDirtyPageThreshold CcSetDirtyPinnedData CcSetFileSizes CcSetLogHandleForFile CcSetReadAheadGranularity CcUninitializeCacheMap CcUnpinData CcUnpinDataForThread CcUnpinRepinnedBcb CcWaitForCurrentLazyWriterActivity CcZeroData CmRegisterCallback CmUnRegisterCallback DbgBreakPoint DbgBreakPointWithStatus DbgLoadImageSymbols DbgPrint DbgPrintEx vDbgPrintEx vDbgPrintExWithPrefix DbgPrintReturnControlC DbgPrompt DbgQueryDebugFilterState DbgSetDebugFilterState ExAcquireFastMutexUnsafe ExAcquireResourceExclusiveLite ExAcquireResourceSharedLite ExAcquireSharedStarveExclusive ExAcquireSharedWaitForExclusive ExAcquireRundownProtection ExReleaseRundownProtection ExWaitForRundownProtectionRelease ExInitializeRundownProtection=ExfInitializeRundownProtection ExReInitializeRundownProtection ExRundownCompleted ExAllocatePool ExAllocatePoolWithQuota ExAllocatePoolWithQuotaTag ExAllocatePoolWithTag ExAllocatePoolWithTagPriority ExConvertExclusiveToSharedLite ExCreateCallback ExDeleteNPagedLookasideList ExDeletePagedLookasideList ExDeleteResourceLite ExDesktopObjectType CONSTANT // Data - use pointer for access ExDisableResourceBoostLite ExEnumHandleTable ExEventObjectType CONSTANT // Data - use pointer for access ExExtendZone ExFreePool ExFreePoolWithTag ExGetCurrentProcessorCounts ExGetCurrentProcessorCpuUsage ExGetExclusiveWaiterCount ExGetPreviousMode ExGetSharedWaiterCount ExInitializeNPagedLookasideList ExInitializePagedLookasideList ExInitializeResourceLite ExInitializeZone ExInterlockedAddLargeInteger ExInterlockedAddLargeStatistic ExInterlockedAddUlong #if !defined(_AMD64_) ExInterlockedDecrementLong ExInterlockedExchangeUlong #endif ExInterlockedExtendZone #if !defined(_AMD64_) ExInterlockedIncrementLong #endif ExInterlockedInsertHeadList ExInterlockedInsertTailList ExInterlockedPopEntryList ExInterlockedPushEntryList ExInterlockedRemoveHeadList ExIsProcessorFeaturePresent ExIsResourceAcquiredExclusiveLite ExIsResourceAcquiredSharedLite ExLocalTimeToSystemTime ExNotifyCallback ExQueryPoolBlockSize ExQueueWorkItem ExRaiseAccessViolation ExRaiseDatatypeMisalignment ExRaiseHardError #if defined(_AMD64_) || defined(_IA64_) ExRaiseException = RtlRaiseException ExRaiseStatus = RtlRaiseStatus #else ExRaiseException ExRaiseStatus #endif ExRegisterCallback ExReinitializeResourceLite ExReleaseFastMutexUnsafe ExReleaseResourceForThreadLite ExReleaseResourceLite ExSemaphoreObjectType CONSTANT // Data - use pointer for access ExSetResourceOwnerPointer ExSetTimerResolution ExSystemExceptionFilter ExSystemTimeToLocalTime // ExTryToAcquireFastMutexUnsafe ExUnregisterCallback ExUuidCreate ExVerifySuite ExWindowStationObjectType CONSTANT // Data - use pointer for access FsRtlAcquireFileExclusive FsRtlAddLargeMcbEntry FsRtlAddMcbEntry FsRtlAddToTunnelCache FsRtlAllocateFileLock FsRtlAllocatePool FsRtlAllocatePoolWithQuota FsRtlAllocatePoolWithQuotaTag FsRtlAllocatePoolWithTag FsRtlAllocateResource FsRtlAreNamesEqual FsRtlBalanceReads FsRtlCheckLockForReadAccess FsRtlCheckLockForWriteAccess FsRtlCheckOplock FsRtlCopyRead FsRtlCopyWrite FsRtlCurrentBatchOplock FsRtlDeleteKeyFromTunnelCache FsRtlDeleteTunnelCache FsRtlDeregisterUncProvider FsRtlDissectDbcs FsRtlDissectName FsRtlDoesDbcsContainWildCards FsRtlDoesNameContainWildCards FsRtlFastCheckLockForRead FsRtlFastCheckLockForWrite FsRtlFastUnlockAll FsRtlFastUnlockAllByKey FsRtlFastUnlockSingle FsRtlFindInTunnelCache FsRtlFreeFileLock FsRtlGetFileSize FsRtlGetNextFileLock FsRtlGetNextLargeMcbEntry FsRtlGetNextMcbEntry FsRtlIncrementCcFastReadNotPossible FsRtlIncrementCcFastReadNoWait FsRtlIncrementCcFastReadResourceMiss FsRtlIncrementCcFastReadWait FsRtlInitializeFileLock FsRtlInitializeLargeMcb FsRtlInitializeMcb FsRtlInitializeOplock FsRtlInitializeTunnelCache FsRtlInsertPerStreamContext FsRtlInsertPerFileObjectContext FsRtlIsDbcsInExpression FsRtlIsFatDbcsLegal FsRtlIsHpfsDbcsLegal FsRtlIsNameInExpression FsRtlIsNtstatusExpected FsRtlIsPagingFile FsRtlIsTotalDeviceFailure FsRtlLegalAnsiCharacterArray CONSTANT // Data - use pointer for access FsRtlLookupPerStreamContextInternal FsRtlLookupPerFileObjectContext FsRtlLookupLargeMcbEntry FsRtlLookupLastLargeMcbEntry FsRtlLookupLastLargeMcbEntryAndIndex FsRtlLookupLastMcbEntry FsRtlLookupMcbEntry FsRtlMdlRead FsRtlMdlReadComplete FsRtlMdlReadCompleteDev FsRtlMdlReadDev FsRtlMdlWriteComplete FsRtlMdlWriteCompleteDev FsRtlNormalizeNtstatus FsRtlNotifyChangeDirectory FsRtlNotifyCleanup FsRtlNotifyFullChangeDirectory FsRtlNotifyFullReportChange FsRtlNotifyFilterChangeDirectory FsRtlNotifyFilterReportChange FsRtlNotifyInitializeSync FsRtlNotifyReportChange FsRtlNotifyUninitializeSync FsRtlNotifyVolumeEvent FsRtlNumberOfRunsInLargeMcb FsRtlNumberOfRunsInMcb FsRtlOplockFsctrl FsRtlOplockIsFastIoPossible FsRtlPostPagingFileStackOverflow FsRtlPostStackOverflow FsRtlPrepareMdlWrite FsRtlPrepareMdlWriteDev FsRtlPrivateLock FsRtlProcessFileLock FsRtlRegisterUncProvider FsRtlRegisterFileSystemFilterCallbacks FsRtlReleaseFile FsRtlRemovePerStreamContext FsRtlRemovePerFileObjectContext FsRtlRemoveLargeMcbEntry FsRtlRemoveMcbEntry FsRtlResetLargeMcb FsRtlSplitLargeMcb FsRtlSyncVolumes FsRtlTeardownPerStreamContexts FsRtlTruncateLargeMcb FsRtlTruncateMcb FsRtlUninitializeFileLock FsRtlUninitializeLargeMcb FsRtlUninitializeMcb FsRtlUninitializeOplock HalDispatchTable CONSTANT // Data - use pointer for access HalExamineMBR HalPrivateDispatchTable CONSTANT // Data - use pointer for access HeadlessDispatch InbvCheckDisplayOwnership InbvNotifyDisplayOwnershipLost InbvAcquireDisplayOwnership InbvDisplayString InbvEnableBootDriver InbvEnableDisplayString InbvInstallDisplayStringFilter InbvIsBootDriverInstalled InbvResetDisplay InbvSetScrollRegion InbvSetTextColor InbvSolidColorFill InitSafeBootMode CONSTANT // Data - use pointer for access IoAcquireCancelSpinLock IoAcquireRemoveLockEx IoAcquireVpbSpinLock IoAdapterObjectType CONSTANT // Data - use pointer for access IoAllocateAdapterChannel IoAllocateController IoAllocateDriverObjectExtension IoAllocateErrorLogEntry IoAllocateIrp IoAllocateMdl IoAllocateWorkItem IoAssignDriveLetters IoAssignResources IoAttachDevice IoAttachDeviceByPointer IoAttachDeviceToDeviceStack IoAttachDeviceToDeviceStackSafe IoBuildAsynchronousFsdRequest IoBuildDeviceIoControlRequest IoBuildPartialMdl IoBuildSynchronousFsdRequest IoCallDriver IoCancelIrp IoCancelFileOpen IoCheckDesiredAccess IoCheckEaBufferValidity IoCheckFunctionAccess IoCheckQuerySetFileInformation IoCheckQuerySetVolumeInformation IoCheckQuotaBufferValidity IoCheckShareAccess IoCompleteRequest IoConnectInterrupt IoCreateController IoCreateDevice IoCreateDisk IoCreateDriver IoCreateFile IoCreateFileSpecifyDeviceObjectHint IoCreateNotificationEvent IoCreateStreamFileObject IoCreateStreamFileObjectEx IoCreateStreamFileObjectLite IoCreateSymbolicLink IoCreateSynchronizationEvent IoCreateUnprotectedSymbolicLink IoCsqInitialize IoCsqInsertIrp IoCsqRemoveIrp IoCsqRemoveNextIrp IoDeleteController IoDeleteDevice IoDeleteDriver IoDeleteSymbolicLink IoDetachDevice IoDeviceHandlerObjectSize CONSTANT // Data - use pointer for access IoDeviceHandlerObjectType CONSTANT // Data - use pointer for access IoDeviceObjectType CONSTANT // Data - use pointer for access IoDisconnectInterrupt IoDriverObjectType CONSTANT // Data - use pointer for access IoEnqueueIrp IoFastQueryNetworkAttributes IoFileObjectType CONSTANT // Data - use pointer for access IoForwardIrpSynchronously IoForwardAndCatchIrp=IoForwardIrpSynchronously IoFreeController IoFreeErrorLogEntry IoFreeIrp IoFreeMdl IoFreeWorkItem IoGetAttachedDevice IoGetAttachedDeviceReference IoGetBaseFileSystemDeviceObject IoGetBootDiskInformation IoGetConfigurationInformation IoGetCurrentProcess IoGetDeviceInterfaceAlias IoGetDeviceInterfaces IoGetDeviceObjectPointer IoGetDeviceProperty IoGetDeviceToVerify IoEnumerateDeviceObjectList IoGetDeviceAttachmentBaseRef IoGetDiskDeviceObject IoGetLowerDeviceObject IoGetDmaAdapter IoGetDriverObjectExtension IoGetFileObjectGenericMapping IoGetInitialStack IoGetRelatedDeviceObject IoGetRequestorProcess IoGetRequestorProcessId IoGetRequestorSessionId IoGetStackLimits=RtlpGetStackLimits IoGetTopLevelIrp IoInitializeIrp IoInitializeRemoveLockEx IoInitializeTimer IoInvalidateDeviceRelations IoInvalidateDeviceState IoIsFileOriginRemote IoIsOperationSynchronous IoIsSystemThread IoIsValidNameGraftingBuffer IoIsWdmVersionAvailable #if defined(_WIN64) IoIs32bitProcess #endif IoMakeAssociatedIrp IoOpenDeviceInterfaceRegistryKey IoOpenDeviceRegistryKey IoPageRead IoQueryDeviceDescription IoQueryFileDosDeviceName IoQueryFileInformation IoQueryVolumeInformation IoQueueThreadIrp IoQueueWorkItem IoRaiseHardError IoRaiseInformationalHardError IoReadDiskSignature IoReadOperationCount CONSTANT // Data - use pointer for access IoReadPartitionTable IoReadPartitionTableEx IoReadTransferCount CONSTANT // Data - use pointer for access IoRegisterBootDriverReinitialization IoRegisterDeviceInterface IoRegisterDriverReinitialization IoRegisterFileSystem IoRegisterFsRegistrationChange IoRegisterLastChanceShutdownNotification IoRegisterPlugPlayNotification IoRegisterShutdownNotification IoReleaseCancelSpinLock IoReleaseRemoveLockEx IoReleaseRemoveLockAndWaitEx IoReleaseVpbSpinLock IoReuseIrp IoRemoveShareAccess IoReportDetectedDevice IoReportHalResourceUsage IoReportResourceUsage IoReportResourceForDetection IoReportTargetDeviceChange IoReportTargetDeviceChangeAsynchronous IoRequestDeviceEject IoPnPDeliverServicePowerNotification IoSetCompletionRoutineEx IoSetDeviceInterfaceState IoSetDeviceToVerify IoSetHardErrorOrVerifyDevice IoSetInformation IoSetIoCompletion IoSetPartitionInformation IoSetPartitionInformationEx IoSetShareAccess IoSetStartIoAttributes IoSetThreadHardErrorMode IoSetTopLevelIrp IoSetSystemPartition IoSetFileOrigin #if defined(REMOTE_BOOT) IoStartCscForTextmodeSetup #endif // defined(REMOTE_BOOT) IoStartNextPacket IoStartNextPacketByKey IoStartPacket IoStartTimer IoStatisticsLock CONSTANT // Data - use pointer for access IoStopTimer IoSynchronousInvalidateDeviceRelations IoSynchronousPageWrite IoThreadToProcess IoUnregisterFileSystem IoUnregisterFsRegistrationChange IoUnregisterPlugPlayNotification IoUnregisterShutdownNotification IoUpdateShareAccess IoValidateDeviceIoControlAccess IoVerifyVolume IoVerifyPartitionTable IoVolumeDeviceToDosName IoWMIAllocateInstanceIds IoWMIDeviceObjectToInstanceName #if defined(_WIN64) IoWMIDeviceObjectToProviderId #endif IoWMIExecuteMethod IoWMIHandleToInstanceName IoWMIOpenBlock IoWMIRegistrationControl IoWMIQueryAllData IoWMIQueryAllDataMultiple IoWMIQuerySingleInstance IoWMIQuerySingleInstanceMultiple IoWMISetNotificationCallback IoWMISetSingleInstance IoWMISetSingleItem IoWMISuggestInstanceName IoWMIWriteEvent IoWriteErrorLogEntry IoWriteOperationCount CONSTANT // Data - use pointer for access IoWritePartitionTable IoWritePartitionTableEx IoWriteTransferCount CONSTANT // Data - use pointer for access IofCallDriver IofCompleteRequest KdDebuggerEnabled CONSTANT // Data - use pointer for access KdDebuggerNotPresent CONSTANT // Data - use pointer for access KdDisableDebugger KdEnableDebugger KdEnteredDebugger CONSTANT // Data - use pointer for access KdPollBreakIn KdPowerTransition // // Spin lock functions // KeInitializeSpinLock KeAcquireInterruptSpinLock KeReleaseInterruptSpinLock #if defined(_WIN64) KeAcquireQueuedSpinLock KeReleaseQueuedSpinLock KeTryToAcquireQueuedSpinLock KeAcquireInStackQueuedSpinLock KeReleaseInStackQueuedSpinLock #endif KeAcquireInStackQueuedSpinLockAtDpcLevel KeReleaseInStackQueuedSpinLockFromDpcLevel KeAcquireSpinLockAtDpcLevel KeReleaseSpinLockFromDpcLevel #if !defined(_AMD64_) KiAcquireSpinLock KiReleaseSpinLock #endif KeAddSystemServiceTable KeAreApcsDisabled KeAttachProcess KeStackAttachProcess KeBugCheck KeBugCheckEx KeCancelTimer KeClearEvent KeConnectInterrupt KeDcacheFlushCount CONSTANT // Data - use pointer for access KeDelayExecutionThread KeDeregisterBugCheckCallback KeDeregisterBugCheckReasonCallback KeDetachProcess KeUnstackDetachProcess KeDisconnectInterrupt KeEnterCriticalRegion KeEnterKernelDebugger KeFindConfigurationEntry KeFindConfigurationNextEntry KeFlushEntireTb KeGetRecommendedSharedDataAlignment KeIcacheFlushCount CONSTANT // Data - use pointer for access KeInitializeApc KeInitializeDeviceQueue KeInitializeDpc KeInitializeEvent KeInitializeInterrupt KeInitializeMutant KeInitializeMutex KeInitializeQueue KeInitializeSemaphore KeInitializeTimer KeInitializeTimerEx KeInsertByKeyDeviceQueue KeInsertDeviceQueue KeInsertHeadQueue KeInsertQueue KeInsertQueueApc KeInsertQueueDpc KeIsAttachedProcess KeLeaveCriticalRegion KeLoaderBlock CONSTANT // Data - use pointer for access KeNumberProcessors DATA #if !defined(_AMD64_) KeProfileInterrupt #endif KeProfileInterruptWithSource KePulseEvent KeQueryActiveProcessors KeQueryInterruptTime KeQueryPriorityThread KeQueryRuntimeThread KeQuerySystemTime KeQueryTickCount KeQueryTimeIncrement KeRaiseUserException KeReadStateEvent KeReadStateMutant KeReadStateMutex=KeReadStateMutant KeReadStateQueue KeReadStateSemaphore KeReadStateTimer KeRegisterBugCheckCallback KeRegisterBugCheckReasonCallback KeReleaseMutant KeReleaseMutex KeReleaseSemaphore KeRemoveByKeyDeviceQueue KeRemoveByKeyDeviceQueueIfBusy KeRemoveDeviceQueue KeRemoveEntryDeviceQueue KeRemoveQueue KeRemoveQueueDpc KeRemoveSystemServiceTable KeResetEvent KeRevertToUserAffinityThread KeRundownQueue KeSaveStateForHibernate KeServiceDescriptorTable CONSTANT // Data - use pointer for access KeSetAffinityThread KeSetBasePriorityThread KeSetDmaIoCoherency KeSetEvent KeSetEventBoostPriority KeSetIdealProcessorThread KeSetImportanceDpc KeSetKernelStackSwapEnable KeSetPriorityThread KeSetSystemAffinityThread KeSetTargetProcessorDpc KeSetTimeIncrement KeSetTimeUpdateNotifyRoutine; KeSetTimer KeSetTimerEx KeSynchronizeExecution KeTerminateThread KeTickCount CONSTANT // Data - use pointer for access KeUpdateRunTime KeUpdateSystemTime KeUserModeCallback KeWaitForMultipleObjects KeWaitForMutexObject=KeWaitForSingleObject KeWaitForSingleObject KiBugCheckData CONSTANT // Data - use pointer for access KiEnableTimerWatchdog CONSTANT // Data - use pointer for access LdrAccessResource LdrEnumResources LdrFindResourceDirectory_U LdrFindResource_U LpcPortObjectType CONSTANT // Data - use pointer for access LpcRequestPort LpcRequestWaitReplyPort LsaCallAuthenticationPackage LsaDeregisterLogonProcess LsaFreeReturnBuffer LsaLogonUser LsaLookupAuthenticationPackage LsaRegisterLogonProcess #ifdef MEMPRINT MemPrint MemPrintInitialize #endif MmIsVerifierEnabled MmAddVerifierThunks MmAdvanceMdl Mm64BitPhysicalAddress CONSTANT // Data - use pointer for access MmAddPhysicalMemory MmAdjustWorkingSetSize MmAllocateContiguousMemory MmAllocateContiguousMemorySpecifyCache MmAllocateNonCachedMemory MmAllocatePagesForMdl MmBuildMdlForNonPagedPool MmCanFileBeTruncated MmCreateMdl MmCreateSection MmDisableModifiedWriteOfSection MmFlushImageSection MmForceSectionClosed MmFreeContiguousMemory MmFreeContiguousMemorySpecifyCache MmFreeNonCachedMemory MmFreePagesFromMdl MmGetPhysicalAddress MmGetPhysicalMemoryRanges MmGetSystemRoutineAddress MmGetVirtualForPhysical MmGrowKernelStack MmIsAddressValid MmIsDriverVerifying MmIsNonPagedSystemAddressValid MmIsRecursiveIoFault MmIsThisAnNtAsSystem MmLockPagableDataSection MmLockPagableSectionByHandle MmMapIoSpace MmMapLockedPages MmMapLockedPagesSpecifyCache MmAllocateMappingAddress MmFreeMappingAddress MmMapLockedPagesWithReservedMapping MmUnmapReservedMapping MmMapMemoryDumpMdl MmMapUserAddressesToPage MmMapVideoDisplay MmMapViewOfSection MmMapViewInSessionSpace MmMapViewInSystemSpace MmMarkPhysicalMemoryAsBad MmMarkPhysicalMemoryAsGood MmPageEntireDriver MmPrefetchPages MmProbeAndLockPages MmProbeAndLockSelectedPages MmProbeAndLockProcessPages MmProtectMdlSystemAddress MmQuerySystemSize MmRemovePhysicalMemory MmResetDriverPaging MmSectionObjectType CONSTANT MmSecureVirtualMemory MmSetAddressRangeModified MmSetBankedSection MmSizeOfMdl MmTrimAllSystemPagableMemory MmUnlockPagableImageSection MmUnlockPages MmUnmapIoSpace MmUnmapLockedPages MmUnmapVideoDisplay MmUnmapViewOfSection MmUnmapViewInSystemSpace MmUnmapViewInSessionSpace MmUnsecureVirtualMemory NlsAnsiCodePage CONSTANT // Data - use pointer for access NlsOemCodePage CONSTANT // Data - use pointer for access NlsLeadByteInfo CONSTANT // Data - use pointer for access NlsOemLeadByteInfo CONSTANT // Data - use pointer for access NlsMbCodePageTag CONSTANT // Data - use pointer for access NlsMbOemCodePageTag CONSTANT // Data - use pointer for access NtAddAtom NtAdjustPrivilegesToken NtAllocateLocallyUniqueId NtAllocateUuids NtAllocateVirtualMemory NtBuildNumber CONSTANT NtClose NtConnectPort NtCreateEvent NtCreateFile NtCreateSection NtDeleteAtom NtDeleteFile NtDeviceIoControlFile NtDuplicateObject NtDuplicateToken NtFindAtom NtFreeVirtualMemory NtFsControlFile NtGlobalFlag CONSTANT // Data - use pointer for access NtLockFile NtMakePermanentObject NtMapViewOfSection NtNotifyChangeDirectoryFile NtOpenFile NtOpenProcess NtOpenProcessToken NtOpenProcessTokenEx NtOpenThread NtOpenThreadToken NtOpenThreadTokenEx NtQueryDirectoryFile NtQueryEaFile NtQueryInformationAtom NtQueryInformationFile NtQueryInformationProcess NtQueryInformationThread NtQueryInformationToken NtQueryQuotaInformationFile NtQuerySecurityObject NtQuerySystemInformation NtQueryVolumeInformationFile NtReadFile NtRequestPort NtRequestWaitReplyPort NtSetEaFile NtSetEvent NtSetInformationFile NtSetInformationProcess NtSetInformationThread NtSetQuotaInformationFile NtSetVolumeInformationFile NtSetSecurityObject NtShutdownSystem NtTraceEvent NtUnlockFile NtVdmControl NtWaitForSingleObject NtWriteFile ObAssignSecurity ObCheckCreateObjectAccess ObCheckObjectAccess ObCreateObject ObCreateObjectType ObDereferenceObject ObfDereferenceObject ObFindHandleForObject ObGetObjectSecurity ObInsertObject ObLogSecurityDescriptor ObReferenceSecurityDescriptor ObDereferenceSecurityDescriptor ObMakeTemporaryObject ObOpenObjectByName ObOpenObjectByPointer ObQueryObjectAuditingByHandle ObQueryNameString ObReferenceObjectByHandle ObReferenceObjectByName ObReferenceObjectByPointer ObReleaseObjectSecurity ObSetSecurityDescriptorInfo ObSetSecurityObjectByPointer ObfReferenceObject ObSetHandleAttributes ObCloseHandle PfxFindPrefix PfxInitialize PfxInsertPrefix PfxRemovePrefix PoCallDriver PoCancelDeviceNotify PoQueueShutdownWorkItem PoRegisterDeviceForIdleDetection PoRegisterDeviceNotify PoRegisterSystemState PoRequestPowerIrp PoRequestShutdownEvent PoSetHiberRange PoSetPowerState PoSetSystemState PoStartNextPowerIrp PoShutdownBugCheck PoUnregisterSystemState ProbeForRead ProbeForWrite PsAssignImpersonationToken PsChargePoolQuota PsChargeProcessPoolQuota PsChargeProcessNonPagedPoolQuota PsChargeProcessPagedPoolQuota PsCreateSystemProcess PsCreateSystemThread PsDisableImpersonation PsGetCurrentProcess PsGetContextThread PsSetContextThread PsGetCurrentProcessId PsGetCurrentProcessSessionId PsGetCurrentThread PsGetCurrentThreadId PsGetCurrentThreadStackBase PsGetCurrentThreadStackLimit PsGetCurrentThreadPreviousMode PsGetJobLock PsGetJobSessionId PsGetJobUIRestrictionsClass PsGetProcessCreateTimeQuadPart PsGetProcessDebugPort PsGetProcessExitProcessCalled PsGetProcessExitStatus PsGetProcessExitTime PsGetProcessId PsGetProcessImageFileName PsGetProcessInheritedFromUniqueProcessId PsGetProcessJob PsGetProcessPeb PsGetProcessPriorityClass PsGetProcessSectionBaseAddress PsGetProcessSecurityPort PsGetProcessSessionId PsGetProcessWin32WindowStation PsGetProcessWin32Process #ifdef _WIN64 PsGetProcessWow64Process #endif PsGetThreadId PsGetThreadFreezeCount PsGetThreadHardErrorsAreDisabled PsGetThreadProcess PsGetThreadProcessId PsGetThreadSessionId PsGetThreadTeb PsGetThreadWin32Thread PsGetVersion PsImpersonateClient PsInitialSystemProcess CONSTANT PsIsProcessBeingDebugged PsIsThreadTerminating PsIsSystemThread PsIsThreadImpersonating PsJobType CONSTANT PsEstablishWin32Callouts PsLookupProcessThreadByCid PsLookupProcessByProcessId PsLookupThreadByThreadId PsProcessType CONSTANT PsReferenceImpersonationToken PsReferencePrimaryToken PsDereferenceImpersonationToken PsDereferencePrimaryToken PsRestoreImpersonation PsReturnPoolQuota PsReturnProcessNonPagedPoolQuota PsReturnProcessPagedPoolQuota PsRevertToSelf PsRevertThreadToSelf PsSetCreateProcessNotifyRoutine PsSetCreateThreadNotifyRoutine PsRemoveCreateThreadNotifyRoutine PsSetJobUIRestrictionsClass PsSetLegoNotifyRoutine PsSetLoadImageNotifyRoutine PsRemoveLoadImageNotifyRoutine PsSetProcessPriorityClass PsSetProcessPriorityByClass PsSetProcessSecurityPort PsSetProcessWin32Process PsSetProcessWindowStation PsSetThreadHardErrorsAreDisabled PsSetThreadWin32Thread PsTerminateSystemThread PsThreadType CONSTANT RtlAbsoluteToSelfRelativeSD RtlAddAccessAllowedAce RtlAddAce RtlAddAtomToAtomTable RtlAddRange RtlAllocateHeap RtlAnsiCharToUnicodeChar RtlAnsiStringToUnicodeSize=RtlxAnsiStringToUnicodeSize RtlAnsiStringToUnicodeString RtlAppendAsciizToString RtlAppendStringToString RtlAppendUnicodeStringToString RtlAppendUnicodeToString RtlAreAllAccessesGranted RtlAreAnyAccessesGranted RtlAreBitsClear RtlAreBitsSet RtlAssert RtlCaptureStackBackTrace RtlCharToInteger RtlCheckRegistryKey RtlClearAllBits RtlClearBit RtlClearBits RtlCompareMemory RtlCompareMemoryUlong RtlCompareString RtlCompareUnicodeString RtlCompressBuffer RtlCompressChunks #if !defined(_WIN64) RtlConvertLongToLargeInteger = __RtlConvertLongToLargeInteger RtlConvertUlongToLargeInteger = __RtlConvertUlongToLargeInteger #elif defined(IA64) // BUGBUG: Temporary until Whistler Beta1 is released. Needed to // support upgrading from 2250 to 2251 RtlConvertLongToLargeInteger PRIVATE RtlConvertUlongToLargeInteger PRIVATE #endif RtlConvertSidToUnicodeString RtlCopyLuid RtlCopyRangeList RtlCopySid RtlCopyString RtlCopyUnicodeString RtlCreateAcl RtlCreateAtomTable RtlCreateHeap RtlCreateRegistryKey RtlCreateSecurityDescriptor RtlCreateSystemVolumeInformationFolder RtlCreateUnicodeString RtlCustomCPToUnicodeN RtlDecompressBuffer RtlDecompressChunks RtlDecompressFragment RtlDelete RtlDeleteAce RtlDeleteAtomFromAtomTable RtlDeleteElementGenericTable RtlDeleteElementGenericTableAvl RtlDeleteNoSplay RtlDeleteOwnersRanges RtlDeleteRange RtlDeleteRegistryValue RtlDescribeChunk RtlDestroyAtomTable RtlDestroyHeap RtlDowncaseUnicodeString RtlEmptyAtomTable #ifndef _WIN64 RtlEnlargedIntegerMultiply = _RtlEnlargedIntegerMultiply RtlEnlargedUnsignedDivide = _RtlEnlargedUnsignedDivide RtlEnlargedUnsignedMultiply = _RtlEnlargedUnsignedMultiply #endif RtlEnumerateGenericTable RtlEnumerateGenericTableAvl RtlEnumerateGenericTableLikeADirectory RtlEnumerateGenericTableWithoutSplaying RtlEnumerateGenericTableWithoutSplayingAvl RtlEqualLuid RtlEqualSid RtlEqualString RtlEqualUnicodeString #if !defined(_WIN64) RtlExtendedIntegerMultiply RtlExtendedLargeIntegerDivide #endif #if defined(_X86_) || defined(_IA64_) RtlExtendedMagicDivide #endif RtlFillMemory RtlFillMemoryUlong RtlFindClearBits RtlFindClearBitsAndSet RtlFindClearRuns RtlFindFirstRunClear RtlFindLastBackwardRunClear RtlFindLeastSignificantBit RtlFindLongestRunClear RtlFindMessage RtlFindMostSignificantBit RtlFindNextForwardRunClear RtlFindRange RtlFindSetBits RtlFindSetBitsAndClear RtlFindUnicodePrefix RtlFormatCurrentUserKeyPath RtlFreeAnsiString RtlFreeHeap RtlFreeOemString RtlFreeRangeList RtlFreeUnicodeString RtlGUIDFromString RtlGenerate8dot3Name RtlGetAce RtlGetCallersAddress RtlGetCompressionWorkSpaceSize RtlGetDaclSecurityDescriptor RtlGetDefaultCodePage RtlGetElementGenericTable RtlGetElementGenericTableAvl RtlGetFirstRange RtlGetGroupSecurityDescriptor RtlGetNextRange RtlGetNtGlobalFlags RtlGetOwnerSecurityDescriptor RtlGetSaclSecurityDescriptor RtlGetVersion RtlHashUnicodeString RtlImageNtHeader RtlImageDirectoryEntryToData RtlInitAnsiString RtlInitCodePageTable RtlInitString RtlInitUnicodeString RtlInitializeBitMap RtlInitializeGenericTable RtlInitializeGenericTableAvl RtlInitializeRangeList RtlInitializeSid RtlInitializeUnicodePrefix RtlInsertElementGenericTable RtlInsertElementGenericTableAvl RtlInsertElementGenericTableFull RtlInsertElementGenericTableFullAvl RtlInsertUnicodePrefix RtlInt64ToUnicodeString RtlIntegerToChar RtlIntegerToUnicode RtlIntegerToUnicodeString RtlInvertRangeList RtlIpv4AddressToStringA RtlIpv4AddressToStringW RtlIpv4StringToAddressA RtlIpv4StringToAddressW RtlIpv6AddressToStringA RtlIpv6AddressToStringW RtlIpv6StringToAddressA RtlIpv6StringToAddressW RtlIsGenericTableEmpty RtlIsGenericTableEmptyAvl RtlIsNameLegalDOS8Dot3 RtlIsRangeAvailable RtlIsValidOemCharacter #if !defined(_WIN64) RtlLargeIntegerAdd RtlLargeIntegerArithmeticShift RtlLargeIntegerDivide RtlLargeIntegerNegate RtlLargeIntegerShiftLeft RtlLargeIntegerShiftRight RtlLargeIntegerSubtract #endif RtlLengthRequiredSid RtlLengthSecurityDescriptor RtlLengthSid RtlLookupAtomInAtomTable RtlLookupElementGenericTable RtlLookupElementGenericTableAvl RtlLookupElementGenericTableFull RtlLookupElementGenericTableFullAvl RtlMapGenericMask RtlMapSecurityErrorToNtStatus RtlMergeRangeLists RtlMoveMemory RtlMultiByteToUnicodeN RtlMultiByteToUnicodeSize RtlNextUnicodePrefix RtlNtStatusToDosError RtlNtStatusToDosErrorNoTeb RtlNumberGenericTableElements RtlNumberGenericTableElementsAvl RtlNumberOfClearBits RtlNumberOfSetBits RtlOemStringToCountedUnicodeString RtlOemStringToUnicodeSize=RtlxOemStringToUnicodeSize RtlOemStringToUnicodeString RtlOemToUnicodeN RtlPinAtomInAtomTable RtlPrefetchMemoryNonTemporal RtlPrefixString RtlPrefixUnicodeString RtlQueryAtomInAtomTable RtlQueryRegistryValues RtlQueryTimeZoneInformation RtlRaiseException RtlRandom RtlRandomEx RtlRealPredecessor RtlRealSuccessor RtlRemoveUnicodePrefix RtlReserveChunk RtlSecondsSince1970ToTime RtlSecondsSince1980ToTime RtlSelfRelativeToAbsoluteSD RtlSelfRelativeToAbsoluteSD2 RtlSetAllBits RtlSetBit RtlSetBits RtlSetDaclSecurityDescriptor RtlSetGroupSecurityDescriptor RtlSetOwnerSecurityDescriptor RtlSetSaclSecurityDescriptor RtlSetTimeZoneInformation RtlSizeHeap RtlSplay RtlStringFromGUID RtlSubAuthorityCountSid RtlSubAuthoritySid RtlSubtreePredecessor RtlSubtreeSuccessor RtlTestBit RtlTimeFieldsToTime RtlTimeToSecondsSince1970 RtlTimeToSecondsSince1980 RtlTimeToTimeFields RtlTimeToElapsedTimeFields RtlTraceDatabaseCreate RtlTraceDatabaseDestroy RtlTraceDatabaseValidate RtlTraceDatabaseAdd RtlTraceDatabaseFind RtlTraceDatabaseEnumerate RtlTraceDatabaseLock RtlTraceDatabaseUnlock RtlLockBootStatusData RtlUnlockBootStatusData RtlGetSetBootStatusData #if !defined(_AMD64_) RtlUlongByteSwap RtlUlonglongByteSwap #endif RtlUnicodeStringToAnsiSize=RtlxUnicodeStringToAnsiSize RtlUnicodeStringToAnsiString RtlUnicodeStringToCountedOemString RtlUnicodeStringToInteger RtlUnicodeStringToOemSize=RtlxUnicodeStringToOemSize RtlUnicodeStringToOemString RtlUnicodeToCustomCPN RtlUnicodeToMultiByteN RtlUnicodeToMultiByteSize RtlUnicodeToOemN RtlUnwind RtlUpcaseUnicodeChar RtlUpcaseUnicodeString RtlUpcaseUnicodeStringToAnsiString RtlUpcaseUnicodeStringToCountedOemString RtlUpcaseUnicodeStringToOemString RtlUpcaseUnicodeToCustomCPN RtlUpcaseUnicodeToMultiByteN RtlUpcaseUnicodeToOemN RtlUpperChar RtlUpperString #if !defined(_AMD64_) RtlUshortByteSwap #endif RtlValidSecurityDescriptor RtlValidRelativeSecurityDescriptor RtlValidSid RtlVerifyVersionInfo RtlVolumeDeviceToDosName=IoVolumeDeviceToDosName RtlWalkFrameChain RtlWriteRegistryValue RtlZeroHeap RtlZeroMemory RtlxAnsiStringToUnicodeSize RtlxOemStringToUnicodeSize RtlxUnicodeStringToAnsiSize RtlxUnicodeStringToOemSize SeAccessCheck SeAppendPrivileges SeAssignSecurity SeAssignSecurityEx SeAuditingFileEvents SeAuditingFileOrGlobalEvents SeAuditingHardLinkEvents SeAuditHardLinkCreation SeCaptureSecurityDescriptor SeCaptureSubjectContext SeCloseObjectAuditAlarm SeCreateAccessState SeCreateClientSecurity SeCreateClientSecurityFromSubjectContext SeDeassignSecurity SeDeleteAccessState SeDeleteObjectAuditAlarm // // Pointer to structure containing security // exports // // // Use SeEnableAccessToExports() before // using (see se.h) SeExports DATA SeFilterToken SeFreePrivileges SeImpersonateClient SeImpersonateClientEx SeLockSubjectContext SeMarkLogonSessionForTerminationNotification SeOpenObjectAuditAlarm SeOpenObjectForDeleteAuditAlarm SePrivilegeCheck SePrivilegeObjectAuditAlarm // System default DACLs // // SePublicDefaultDacl - is for protecting things so that // normal users can use it. SePublicDefaultDacl CONSTANT SeQueryAuthenticationIdToken SeQueryInformationToken SeQuerySecurityDescriptorInfo SeQuerySessionIdToken SeRegisterLogonSessionTerminatedRoutine SeReleaseSecurityDescriptor SeReleaseSubjectContext SeSetAccessStateGenericMapping SeSetSecurityDescriptorInfo SeSetSecurityDescriptorInfoEx SeSinglePrivilegeCheck // SeSystemDefaultDacl - is for protecting things so that // only the system (and administrators) can get to it. SeSystemDefaultDacl CONSTANT SeTokenImpersonationLevel SeTokenIsAdmin SeTokenIsRestricted SeTokenObjectType CONSTANT // Data - use pointer for access SeTokenType SeUnlockSubjectContext SeUnregisterLogonSessionTerminatedRoutine SeValidSecurityDescriptor VerSetConditionMask VfFailDeviceNode VfFailDriver VfFailSystemBIOS VfIsVerificationEnabled WmiFlushTrace WmiGetClock WmiQueryTrace WmiQueryTraceInformation WmiStartTrace WmiStopTrace WmiTraceMessage WmiTraceMessageVa WmiUpdateTrace ZwAccessCheckAndAuditAlarm ZwAddBootEntry ZwAdjustPrivilegesToken ZwAlertThread ZwAllocateVirtualMemory ZwAssignProcessToJobObject ZwCancelIoFile ZwCancelTimer ZwClearEvent ZwClose ZwCloseObjectAuditAlarm ZwConnectPort ZwCreateDirectoryObject ZwCreateEvent ZwCreateFile ZwCreateJobObject ZwCreateKey ZwCreateSection ZwCreateSymbolicLinkObject ZwCreateTimer ZwDeleteBootEntry ZwDeleteFile ZwDeleteKey ZwDeleteValueKey ZwDeviceIoControlFile ZwDisplayString ZwDuplicateObject ZwDuplicateToken ZwEnumerateBootEntries ZwEnumerateKey ZwEnumerateValueKey ZwFlushInstructionCache ZwFlushKey ZwFlushVirtualMemory ZwFreeVirtualMemory ZwFsControlFile ZwInitiatePowerAction ZwIsProcessInJob ZwLoadDriver ZwLoadKey ZwMakeTemporaryObject ZwMapViewOfSection ZwNotifyChangeKey ZwOpenDirectoryObject ZwOpenEvent ZwOpenFile ZwOpenJobObject ZwOpenKey ZwOpenProcess ZwOpenProcessToken ZwOpenProcessTokenEx ZwOpenSection ZwOpenSymbolicLinkObject ZwOpenThread ZwOpenThreadToken ZwOpenThreadTokenEx ZwOpenTimer ZwPowerInformation ZwPulseEvent ZwQueryBootEntryOrder ZwQueryBootOptions ZwQueryDefaultLocale ZwQueryDefaultUILanguage ZwQueryInstallUILanguage ZwQueryDirectoryFile ZwQueryDirectoryObject ZwQueryEaFile ZwQueryFullAttributesFile ZwQueryInformationFile ZwQueryInformationJobObject ZwQueryInformationProcess ZwQueryInformationThread ZwQueryInformationToken ZwQueryInformationToken ZwQueryKey ZwQueryObject ZwQuerySection ZwQuerySecurityObject ZwQuerySymbolicLinkObject ZwQuerySystemInformation ZwQueryValueKey ZwQueryVolumeInformationFile ZwReadFile ZwReplaceKey ZwRequestWaitReplyPort ZwResetEvent ZwRestoreKey ZwSaveKey ZwSaveKeyEx ZwSetBootEntryOrder ZwSetBootOptions ZwSetDefaultLocale ZwSetDefaultUILanguage ZwSetEaFile ZwSetEvent ZwSetInformationFile ZwSetInformationJobObject ZwSetInformationObject ZwSetInformationProcess ZwSetInformationThread ZwSetSecurityObject ZwSetSystemInformation ZwSetSystemTime ZwSetTimer ZwSetValueKey ZwSetVolumeInformationFile ZwTerminateJobObject ZwTerminateProcess ZwTranslateFilePath ZwUnloadDriver ZwUnloadKey ZwUnmapViewOfSection ZwWaitForMultipleObjects ZwWaitForSingleObject ZwWriteFile ZwYieldExecution // // ntcrt.lib // #if defined(_X86_) _alloca_probe #elif defined(_IA64_) __alloca_probe #endif _itoa _itow _purecall _snprintf _snwprintf _stricmp _strlwr _strnicmp _strnset _strrev _strset _strupr _vsnprintf _vsnwprintf _wcsicmp _wcslwr _wcsnicmp _wcsnset _wcsrev _wcsupr isdigit islower isprint isspace isupper isxdigit mbstowcs mbtowc memchr qsort rand sprintf srand strcat strchr strcmp strcpy strlen strncat strncmp strncpy strrchr strspn strstr swprintf tolower towlower toupper towupper vsprintf wcscat wcschr wcscmp wcscpy wcscspn wcslen wcsncat wcsncmp wcsncpy wcsrchr wcsspn wcsstr wcstombs wctomb // // Hack-o-rama to support the stupid ATI miniport driver. // Get rid of these if we can someday. // atol atoi // // Export Kernel Icecap probe functions so drivers can be traced // #ifdef _CAPKERN __CAP_Start_Profiling@8 __CAP_End_Profiling@4 #endif // // Export CreateLiveDump function to use in videoprt.sys EA recovery // KeCapturePersistentThreadState