Author: Mateusz "j00ru" Jurczyk (j00ru.vx tech blog)
Team Vexillium
| ApiSetQueryApiSetPresence | |
| EtwEventSetInformation | |
| LdrAddDllDirectory | |
| LdrGetDllDirectory | |
| LdrGetDllFullName | |
| LdrGetDllPath | |
| LdrGetProcedureAddressForCaller | |
| LdrProcessRelocationBlockEx | |
| LdrQueryOptionalDelayLoadedAPI | |
| LdrRemoveDllDirectory | |
| LdrResolveDelayLoadedAPI | |
| LdrResolveDelayLoadsFromDll | |
| LdrSetDefaultDllDirectories | |
| LdrSetDllDirectory | |
| LdrSetPackagedDllDirectoriesList | |
| LdrSystemDllInitBlock | |
| NtAddAtomEx | |
| NtAdjustTokenClaimsAndDeviceGroups | |
| NtAlertThreadByThreadId | |
| NtAlpcConnectPortEx | |
| NtAssociateWaitCompletionPacket | |
| NtCancelWaitCompletionPacket | |
| NtCreateDirectoryObjectEx | |
| NtCreateLowBoxToken | |
| NtCreateTokenEx | |
| NtCreateWaitCompletionPacket | |
| NtCreateWnfStateName | |
| NtDeleteWnfStateData | |
| NtDeleteWnfStateName | |
| NtFilterTokenEx | |
| NtFlushBuffersFileEx | |
| NtPrefetchVirtualMemory | |
| NtQueryWnfStateData | |
| NtQueryWnfStateNameInformation | |
| NtSetSystemCodeIntegrityRoots | |
| NtSubscribeWnfStateChange | |
| NtUnmapViewOfSectionEx | |
| NtUnsubscribeWnfStateChange | |
| NtUpdateWnfStateData | |
| NtWaitForAlertByThreadId | |
| NtWaitForWnfNotifications | |
| NtWow64AllocateVirtualMemory64 | |
| RtlAddResourceAttributeAce | |
| RtlAddScopedPolicyIDAce | |
| RtlAllocateWnfSerializationGroup | |
| RtlCancelWnfMetaNotification | |
| RtlCheckPortableOperatingSystem | |
| RtlCheckTokenCapability | |
| RtlCheckTokenMembership | |
| RtlCheckTokenMembershipEx | |
| RtlClearBit | |
| RtlCopyBitMap | |
| RtlCopyContext | |
| RtlDecompressBufferEx | |
| RtlDeleteElementGenericTableAvlEx | |
| RtlEqualWnfChangeStamps | |
| RtlExtractBitMap | |
| RtlGetAppContainerNamedObjectPath | |
| RtlGetExePath | |
| RtlGetSearchPath | |
| RtlGetSystemTimePrecise | |
| RtlInsertElementGenericTableAvl2 | |
| RtlIsCapabilitySid | |
| RtlIsPackageSid | |
| RtlLookupElementGenericTableAvl2 | |
| RtlNumberOfClearBitsInRange | |
| RtlNumberOfSetBitsInRange | |
| RtlPublishWnfStateData | |
| RtlQueryValidationRunlevel | |
| RtlQueryWnfMetaNotification | |
| RtlQueryWnfStateData | |
| RtlQueryWnfStateDataWithExplicitScope | |
| RtlRbInsertNodeEx | |
| RtlRbRemoveNode | |
| RtlRegisterForWnfMetaNotification | |
| RtlReleasePath | |
| RtlSetBit | |
| RtlSetPortableOperatingSystem | |
| RtlSetSearchPathMode | |
| RtlSubscribeWnfStateChangeNotification | |
| RtlTestAndPublishWnfStateData | |
| RtlTryConvertSRWLockSharedToExclusiveOrRelease | |
| RtlUnsubscribeWnfNotificationWaitForCompletion | |
| RtlUnsubscribeWnfNotificationWithCompletionCallback | |
| RtlUnsubscribeWnfStateChangeNotification | |
| RtlWaitForWnfMetaNotification | |
| RtlWaitOnAddress | |
| RtlWakeAddressAll | |
| RtlWakeAddressSingle | |
| RtlWnfDllUnloadCallback | |
| RtlpConvertAbsoluteToRelativeSecurityAttribute | |
| RtlpConvertRelativeToAbsoluteSecurityAttribute | |
| RtlpMergeSecurityAttributeInformation | |
| RtlpWnfNotificationThread | |
| TpAllocJobNotification | |
| TpCallbackDetectedUnrecoverableError | |
| TpReleaseJobNotification | |
| TpSetTimerEx | |
| TpSetWaitEx | |
| TpTimerOutstandingCallbackCount | |
| TpWaitForJobNotification | |
| ZwAddAtomEx | |
| ZwAdjustTokenClaimsAndDeviceGroups | |
| ZwAlertThreadByThreadId | |
| ZwAlpcConnectPortEx | |
| ZwAssociateWaitCompletionPacket | |
| ZwCancelWaitCompletionPacket | |
| ZwCreateDirectoryObjectEx | |
| ZwCreateLowBoxToken | |
| ZwCreateTokenEx | |
| ZwCreateWaitCompletionPacket | |
| ZwCreateWnfStateName | |
| ZwDeleteWnfStateData | |
| ZwDeleteWnfStateName | |
| ZwFilterTokenEx | |
| ZwFlushBuffersFileEx | |
| ZwPrefetchVirtualMemory | |
| ZwQueryWnfStateData | |
| ZwQueryWnfStateNameInformation | |
| ZwSetSystemCodeIntegrityRoots | |
| ZwSubscribeWnfStateChange | |
| ZwUnmapViewOfSectionEx | |
| ZwUnsubscribeWnfStateChange | |
| ZwUpdateWnfStateData | |
| ZwWaitForAlertByThreadId | |
| ZwWaitForWnfNotifications | |
| ZwWow64AllocateVirtualMemory64 | |
| _errno | |
| _except_handler4_common | |
| _ftol2 | |
| _ftol2_sse | |
| _local_unwind4 | |
| _strlwr_s | |
| _strupr_s | |
| _wcslwr_s | |
| _wcstoi64 | |
| _wcsupr_s | |
| iswalnum | |
| iswascii | |
| iswgraph | |
| iswprint | |
| qsort_s | |
| wcstok_s | |
| NtGetPlugPlayEvent | |
| NtWow64InterlockedPopEntrySList | |
| RtlEnlargedUnsignedDivide | |
| TpDbgGetFreeInfo | |
| TpPoolFreeUnusedNodes | |
| ZwGetPlugPlayEvent | |
| ZwWow64InterlockedPopEntrySList |