0x01 打印出ntdll.dll中所有函數名字和地址
0x02 在任何進程中都可以找到ntdll.dll和kernel32.dll這個動態鏈接庫的基地址,另外每一個動態鏈接庫基地址實際上都存放在一個雙向鏈表的節點上,只要找到這個雙向鏈表,就可以找到所需要的動態鏈接庫基地址,然後就可以調用亂七八糟的函數,將shellcode放在一個精妙的地方。
0x03 代碼如下:
// GetKernel32FuncAddr.cpp :
#include <stdio.h>
#include <stdlib.h>
unsigned long GetKernel32FuncAddr()
{
unsigned long pBaseOfKernel32, pNameOfModule;
unsigned long pAddressOfFunctions, pAddress0fNames;
unsigned long aryFunAddr,aryNameAddr,num;
__asm{
mov edx, fs:30h ; PEB base
mov edx, [edx+0ch] ; PEB_LER_DATA
// base of ntdll.dll=====================
mov edx, [edx+1ch] ; The first element of InInitOrderModuleList
// base of kernel32.dll=====================
//mov edx,[edx] ; Next element
mov eax, [edx+8] ; Base address of second module
mov pBaseOfKernel32,eax ; Save it to local variable
mov ebx, eax ; Base address of kernel32.dll, save it to ebx
// get the addrs of first function =========
mov edx,[ebx+3ch] ; e_lfanew
mov edx,[edx+ebx+78h] ; DataDirectory[0]
add edx,ebx ; RVA + base
mov esi,edx ; Save first DataDirectory to esi
// get fields of IMAGE_EXPORT_DIRECTORY pNameOfModule
mov edx,[esi+0ch] ; Name
add edx,ebx ; RVA + base
mov pNameOfModule,edx ; Save it to local variable
mov edx,[esi+1ch] ; AddressOfFunctions RVA
add edx,ebx ; RVA + base
mov pAddressOfFunctions,edx ; Save it to local variable
mov ecx,[esi+14h];numoffunctions
mov num,ecx;
//分配存儲函數地址的空間
mov edx,[esi+14h] ; NumberOfFunctions
mov ecx,4 ; alloc 4 x NumberOfFunctions bytes
stack_zero:
sub esp,edx ;
loop stack_zero ;
mov edx,esp ; edx store the start addr of Functions[]
mov aryFunAddr,edx
mov ecx,[esi+14h] ; NumberOfFunctions
//將函數地址存儲到數組裏
store_functions:
mov eax, [esi+1Ch] ; AddressOfFunctions RVA
add eax, ebx ; rva2va//第一個函數偏移的地址
mov eax, [eax+ecx*4-4] ; FunctionAddress RVA
add eax, ebx ; rva2va
mov [edx+ecx*4-4],eax ; save to aryFunAddr[ecx]
loop store_functions;
//分配存儲函數名字的空間
mov edx,[esi+18h] ; NumberOfNames
mov ecx,4 ; alloc 4 x NumberOfNames bytes
stack_zero1:
sub esp,[esi+18h] ;
loop stack_zero1 ;
mov edx,esp ; edx store the start addr of Names[]
mov aryNameAddr,edx ;
mov ecx,[esi+18h] ; NumberOfFunctions
//存儲函數名
store_names:
mov eax, [esi+20h] ; AddressOfNames RVA
add eax, ebx ; rva2va
mov eax, [eax+ecx*4-4] ; FunctionAddress RVA
add eax, ebx ; rva2va
mov [edx+ecx*4-4],eax ; save to aryNameAddr[ecx]
loop store_names;
}
FILE *fp;
fp=fopen("bbb.txt","w+");
for(int i=0; i<num; i++)
{
fprintf(fp,"%.4d: \tAddr=0x%p\tname=%s\n",
i,*((long *)(aryFunAddr+i*4)),
(char*)(*( (long *)(aryNameAddr+i*4) )));
}
fclose(fp);
}
void main(void)
{
GetKernel32FuncAddr();
}
0x04 運行結果:
0000: Addr=0x7C99416B name=CsrAllocateCaptureBuffer
0001: Addr=0x7C9940D3 name=CsrAllocateMessagePointer
0002: Addr=0x7C994031 name=CsrCaptureMessageBuffer
0003: Addr=0x7C958B9C name=CsrCaptureMessageMultiUnicodeStringsInPlace
0004: Addr=0x7C958C08 name=CsrCaptureMessageString
0005: Addr=0x7C94BD36 name=CsrCaptureTimeout
0006: Addr=0x7C94BDB6 name=CsrClientCallServer
0007: Addr=0x7C94BDC6 name=CsrClientConnectToServer
0008: Addr=0x7C94BDA6 name=CsrFreeCaptureBuffer
0009: Addr=0x7C94BD04 name=CsrGetProcessId
0010: Addr=0x7C94BD02 name=CsrIdentifyAlertableThread
0011: Addr=0x7C94BCF5 name=CsrNewThread
0012: Addr=0x7C9651B1 name=CsrProbeForRead
0013: Addr=0x7C965242 name=CsrProbeForWrite
0014: Addr=0x7C9658B7 name=CsrSetPriorityClass
0015: Addr=0x7C945257 name=DbgBreakPoint
0016: Addr=0x7C945044 name=DbgPrint
0017: Addr=0x7C98CF91 name=DbgPrintEx
0018: Addr=0x7C95EBD3 name=DbgPrintReturnControlC
0019: Addr=0x7C9653CD name=DbgPrompt
0020: Addr=0x7C965288 name=DbgQueryDebugFilterState
0021: Addr=0x7C98CF86 name=DbgSetDebugFilterState
0022: Addr=0x7C96FC9A name=DbgUiConnectToDbg
0023: Addr=0x7C95FB19 name=DbgUiContinue
0024: Addr=0x7C98CFFD name=DbgUiConvertStateChangeStructure
0025: Addr=0x7C98CFC4 name=DbgUiDebugActiveProcess
0026: Addr=0x7C98CF79 name=DbgUiGetThreadDebugObject
0027: Addr=0x7C94A3E1 name=DbgUiIssueRemoteBreakin
0028: Addr=0x7C938061 name=DbgUiRemoteBreakin
0029: Addr=0x7C943152 name=DbgUiSetThreadDebugObject
0030: Addr=0x7C99434B name=DbgUiStopDebugging
0031: Addr=0x7C9942E5 name=DbgUiWaitStateChange
0032: Addr=0x7C99432B name=DbgUserBreakPoint
0033: Addr=0x7C99433B name=EtwControlTraceA
0034: Addr=0x7C98D032 name=EtwControlTraceW
0035: Addr=0x7C98D0DA name=EtwCreateTraceInstanceId
0036: Addr=0x7C96FE3E name=EtwEnableTrace
0037: Addr=0x7C98D121 name=EtwEnumerateTraceGuids
0038: Addr=0x7C98D084 name=EtwFlushTraceA
0039: Addr=0x7C96FD6F name=EtwFlushTraceW
0040: Addr=0x7C96FDB4 name=EtwGetTraceEnableFlags
0041: Addr=0x7C98D096 name=EtwGetTraceEnableLevel
0042: Addr=0x7C98D0FF name=EtwGetTraceLoggerHandle
0043: Addr=0x7C98D0B3 name=EtwNotificationRegistrationA
0044: Addr=0x7C94A3E6 name=EtwNotificationRegistrationW
0045: Addr=0x7C9AFC39 name=EtwQueryAllTracesA
0046: Addr=0x7C932C02 name=EtwQueryAllTracesW
0047: Addr=0x7C9B06E4 name=EtwQueryTraceA
0048: Addr=0x7C932F13 name=EtwQueryTraceW
0049: Addr=0x7C9B07A1 name=EtwReceiveNotificationsA
0050: Addr=0x7C9B0970 name=EtwReceiveNotificationsW
0051: Addr=0x7C9B114F name=EtwRegisterTraceGuidsA
0052: Addr=0x7C9325DB name=EtwRegisterTraceGuidsW
0053: Addr=0x7C9325A1 name=EtwStartTraceA
0054: Addr=0x7C93252A name=EtwStartTraceW
0055: Addr=0x7C9B1170 name=EtwStopTraceA
0056: Addr=0x7C9374E2 name=EtwStopTraceW
0057: Addr=0x7C9B10EF name=EtwTraceEvent
0058: Addr=0x7C9B10D1 name=EtwTraceEventInstance
0059: Addr=0x7C9B090D name=EtwTraceMessage
0060: Addr=0x7C932BE1 name=EtwTraceMessageVa
0061: Addr=0x7C9B1198 name=EtwUnregisterTraceGuids
0062: Addr=0x7C936253 name=EtwUpdateTraceA
0063: Addr=0x7C93BFB6 name=EtwUpdateTraceW
0064: Addr=0x7C93CF5D name=EtwpGetTraceBuffer
0065: Addr=0x7C9B09E0 name=EtwpSetHWConfigFunction
0066: Addr=0x7C933011 name=ExpInterlockedPopEntrySListEnd
0067: Addr=0x7C9B092E name=ExpInterlockedPopEntrySListFault
0068: Addr=0x7C9B110D name=ExpInterlockedPopEntrySListResume
0069: Addr=0x7C936DAC name=KiFastSystemCall
0070: Addr=0x7C9B02D1 name=KiFastSystemCallRet
0071: Addr=0x7C96EE51 name=KiIntSystemCall
0072: Addr=0x7C96EDF0 name=KiRaiseUserExceptionDispatcher
0073: Addr=0x7C93A9C7 name=KiUserApcDispatcher
0074: Addr=0x7C9B094F name=KiUserCallbackDispatcher
0075: Addr=0x7C9B112E name=KiUserExceptionDispatcher
0076: Addr=0x7C93377C name=LdrAccessOutOfProcessResource
0077: Addr=0x7C960C81 name=LdrAccessResource
0078: Addr=0x7C9585E8 name=LdrAddRefDll
0079: Addr=0x7C9585EC name=LdrAlternateResourcesEnabled
0080: Addr=0x7C9585F8 name=LdrCreateOutOfProcessImage
0081: Addr=0x7C95859C name=LdrDestroyOutOfProcessImage
0082: Addr=0x7C9584A0 name=LdrDisableThreadCalloutsForDll
0083: Addr=0x7C958508 name=LdrEnumResources
0084: Addr=0x7C958550 name=LdrEnumerateLoadedModules
0085: Addr=0x7C9451C5 name=LdrFindCreateProcessManifest
0086: Addr=0x7C968BFC name=LdrFindEntryForAddress
0087: Addr=0x7C93D525 name=LdrFindResourceDirectory_U
0088: Addr=0x7C964B11 name=LdrFindResourceEx_U
0089: Addr=0x7C96A155 name=LdrFindResource_U
0090: Addr=0x7C96A0A0 name=LdrFlushAlternateResourceModules
0091: Addr=0x7C9674AA name=LdrGetDllHandle
0092: Addr=0x7C99442E name=LdrGetDllHandleEx
0093: Addr=0x7C967807 name=LdrGetProcedureAddress
0094: Addr=0x7C96A27D name=LdrHotPatchRoutine
0095: Addr=0x7C994399 name=LdrInitShimEngineDynamic
0096: Addr=0x7C9689AE name=LdrInitializeThunk
0097: Addr=0x7C9956FA name=LdrLoadAlternateResourceModule
0098: Addr=0x7C968BDB name=LdrLoadDll
0099: Addr=0x7C934F23 name=LdrLockLoaderLock
0100: Addr=0x7C95F28B name=LdrOpenImageFileOptionsKey
0101: Addr=0x7C95F2AC name=LdrProcessRelocationBlock
0102: Addr=0x7C95DA99 name=LdrQueryImageFileExecutionOptions
0103: Addr=0x7C98D286 name=LdrQueryImageFileExecutionOptionsEx
0104: Addr=0x7C98DDEB name=LdrQueryImageFileKeyOption
0105: Addr=0x7C94A32E name=LdrQueryProcessModuleInformation
0106: Addr=0x7C964A8A name=LdrSetAppCompatDllRedirectionCallback
0107: Addr=0x7C963F63 name=LdrSetDllManifestProber
0108: Addr=0x7C95D1D8 name=LdrShutdownProcess
0109: Addr=0x7C9652D8 name=LdrShutdownThread
0110: Addr=0x7C99571C name=LdrUnloadAlternateResourceModule
0111: Addr=0x7C931978 name=LdrUnloadDll
0112: Addr=0x7C93199F name=LdrUnlockLoaderLock
0113: Addr=0x7C96971B name=LdrVerifyImageMatchesChecksum
0114: Addr=0x7C98D571 name=NlsAnsiCodePage
0115: Addr=0x7C98D591 name=NlsMbCodePageTag
0116: Addr=0x7C965AAD name=NlsMbOemCodePageTag
0117: Addr=0x7C960EC1 name=NtAcceptConnectPort
0118: Addr=0x7C949069 name=NtAccessCheck
0119: Addr=0x7C969C03 name=NtAccessCheckAndAuditAlarm
0120: Addr=0x7C96980F name=NtAccessCheckByType
0121: Addr=0x7C95D291 name=NtAccessCheckByTypeAndAuditAlarm
0122: Addr=0x7C931253 name=NtAccessCheckByTypeResultList
0123: Addr=0x7C9B7714 name=NtAccessCheckByTypeResultListAndAuditAlarm
0124: Addr=0x7C9B7720 name=NtAccessCheckByTypeResultListAndAuditAlarmByHandle
0125: Addr=0x7C9B7728 name=NtAddAtom
0126: Addr=0x7C956B6F name=NtAddBootEntry
0127: Addr=0x7C956B7F name=NtAddDriverEntry
0128: Addr=0x7C956B8F name=NtAdjustGroupsToken
0129: Addr=0x7C956B9F name=NtAdjustPrivilegesToken
0130: Addr=0x7C956BAF name=NtAlertResumeThread
0131: Addr=0x7C956BBF name=NtAlertThread
0132: Addr=0x7C956BCF name=NtAllocateLocallyUniqueId
0133: Addr=0x7C956BDF name=NtAllocateUserPhysicalPages
0134: Addr=0x7C956BEF name=NtAllocateUuids
0135: Addr=0x7C956BFF name=NtAllocateVirtualMemory
0136: Addr=0x7C956C0F name=NtApphelpCacheControl
0137: Addr=0x7C956C1F name=NtAreMappedFilesTheSame
0138: Addr=0x7C956C2F name=NtAssignProcessToJobObject
0139: Addr=0x7C956C3F name=NtCallbackReturn
0140: Addr=0x7C956C4F name=NtCancelDeviceWakeupRequest
0141: Addr=0x7C956C5F name=NtCancelIoFile
0142: Addr=0x7C956C6F name=NtCancelTimer
0143: Addr=0x7C956C7F name=NtClearEvent
0144: Addr=0x7C956C8F name=NtClose
0145: Addr=0x7C956C9F name=NtCloseObjectAuditAlarm
0146: Addr=0x7C956CAF name=NtCompactKeys
0147: Addr=0x7C956CBF name=NtCompareTokens
0148: Addr=0x7C956CCF name=NtCompleteConnectPort
0149: Addr=0x7C956CDF name=NtCompressKey
0150: Addr=0x7C956CEF name=NtConnectPort
0151: Addr=0x7C956CFF name=NtContinue
0152: Addr=0x7C956D0F name=NtCreateDebugObject
0153: Addr=0x7C956D1F name=NtCreateDirectoryObject
0154: Addr=0x7C956D2F name=NtCreateEvent
0155: Addr=0x7C956D3F name=NtCreateEventPair
0156: Addr=0x7C956D4F name=NtCreateFile
0157: Addr=0x7C956D5F name=NtCreateIoCompletion
0158: Addr=0x7C956D6F name=NtCreateJobObject
0159: Addr=0x7C956D7F name=NtCreateJobSet
0160: Addr=0x7C956D8F name=NtCreateKey
0161: Addr=0x7C956D9F name=NtCreateKeyedEvent
0162: Addr=0x7C956DAF name=NtCreateMailslotFile
0163: Addr=0x7C956DBF name=NtCreateMutant
0164: Addr=0x7C956DCF name=NtCreateNamedPipeFile
0165: Addr=0x7C956DDF name=NtCreatePagingFile
0166: Addr=0x7C956DEF name=NtCreatePort
0167: Addr=0x7C956DFF name=NtCreateProcess
0168: Addr=0x7C956E0F name=NtCreateProcessEx
0169: Addr=0x7C956E1F name=NtCreateProfile
0170: Addr=0x7C957D7F name=NtCreateSection
0171: Addr=0x7C956E2F name=NtCreateSemaphore
0172: Addr=0x7C956E3F name=NtCreateSymbolicLinkObject
0173: Addr=0x7C956E4F name=NtCreateThread
0174: Addr=0x7C956E5F name=NtCreateTimer
0175: Addr=0x7C956E6F name=NtCreateToken
0176: Addr=0x7C956E7F name=NtCreateWaitablePort
0177: Addr=0x7C956E8F name=NtCurrentTeb
0178: Addr=0x7C956E9F name=NtDebugActiveProcess
0179: Addr=0x7C956EAF name=NtDebugContinue
0180: Addr=0x7C956EBF name=NtDelayExecution
0181: Addr=0x7C956ECF name=NtDeleteAtom
0182: Addr=0x7C956EDF name=NtDeleteBootEntry
0183: Addr=0x7C956EEF name=NtDeleteDriverEntry
0184: Addr=0x7C956EFF name=NtDeleteFile
0185: Addr=0x7C956F0F name=NtDeleteKey
0186: Addr=0x7C94A3F2 name=NtDeleteObjectAuditAlarm
0187: Addr=0x7C956F1F name=NtDeleteValueKey
0188: Addr=0x7C956F2F name=NtDeviceIoControlFile
0189: Addr=0x7C956F3F name=NtDisplayString
0190: Addr=0x7C956F4F name=NtDuplicateObject
0191: Addr=0x7C956F5F name=NtDuplicateToken
0192: Addr=0x7C956F6F name=NtEnumerateBootEntries
0193: Addr=0x7C956F7F name=NtEnumerateDriverEntries
0194: Addr=0x7C956F8F name=NtEnumerateKey
0195: Addr=0x7C956F9F name=NtEnumerateSystemEnvironmentValuesEx
0196: Addr=0x7C956FAF name=NtEnumerateValueKey
0197: Addr=0x7C956FBF name=NtExtendSection
0198: Addr=0x7C956FCF name=NtFilterToken
0199: Addr=0x7C956FDF name=NtFindAtom
0200: Addr=0x7C956FEF name=NtFlushBuffersFile
0201: Addr=0x7C956FFF name=NtFlushInstructionCache
0202: Addr=0x7C95700F name=NtFlushKey
0203: Addr=0x7C95701F name=NtFlushVirtualMemory
0204: Addr=0x7C95702F name=NtFlushWriteBuffer
0205: Addr=0x7C95703F name=NtFreeUserPhysicalPages
0206: Addr=0x7C95704F name=NtFreeVirtualMemory
0207: Addr=0x7C95705F name=NtFsControlFile
0208: Addr=0x7C95706F name=NtGetContextThread
0209: Addr=0x7C95707F name=NtGetCurrentProcessorNumber
0210: Addr=0x7C95708F name=NtGetDevicePowerState
0211: Addr=0x7C95709F name=NtGetPlugPlayEvent
0212: Addr=0x7C9570AF name=NtGetTickCount
0213: Addr=0x7C9570BF name=NtGetWriteWatch
0214: Addr=0x7C9570CF name=NtImpersonateAnonymousToken
0215: Addr=0x7C9570DF name=NtImpersonateClientOfPort
0216: Addr=0x7C9570EF name=NtImpersonateThread
0217: Addr=0x7C9570FF name=NtInitializeRegistry
0218: Addr=0x7C957DCF name=NtInitiatePowerAction
0219: Addr=0x7C95710F name=NtIsProcessInJob
0220: Addr=0x7C95711F name=NtIsSystemResumeAutomatic
0221: Addr=0x7C9963B4 name=NtListenPort
0222: Addr=0x7C95712F name=NtLoadDriver
0223: Addr=0x7C95713F name=NtLoadKey
0224: Addr=0x7C95714F name=NtLoadKey2
0225: Addr=0x7C95715F name=NtLoadKeyEx
0226: Addr=0x7C95716F name=NtLockFile
0227: Addr=0x7C95717F name=NtLockProductActivationKeys
0228: Addr=0x7C95718F name=NtLockRegistryKey
0229: Addr=0x7C95719F name=NtLockVirtualMemory
0230: Addr=0x7C9571AF name=NtMakePermanentObject
0231: Addr=0x7C9571BF name=NtMakeTemporaryObject
0232: Addr=0x7C9571DF name=NtMapUserPhysicalPages
0233: Addr=0x7C9571CF name=NtMapUserPhysicalPagesScatter
0234: Addr=0x7C9571EF name=NtMapViewOfSection
0235: Addr=0x7C9571FF name=NtModifyBootEntry
0236: Addr=0x7C95720F name=NtModifyDriverEntry
0237: Addr=0x7C95721F name=NtNotifyChangeDirectoryFile
0238: Addr=0x7C95722F name=NtNotifyChangeKey
0239: Addr=0x7C95723F name=NtNotifyChangeMultipleKeys
0240: Addr=0x7C95724F name=NtOpenDirectoryObject
0241: Addr=0x7C95725F name=NtOpenEvent
0242: Addr=0x7C95726F name=NtOpenEventPair
0243: Addr=0x7C95727F name=NtOpenFile
0244: Addr=0x7C95728F name=NtOpenIoCompletion
0245: Addr=0x7C95729F name=NtOpenJobObject
0246: Addr=0x7C9572AF name=NtOpenKey
0247: Addr=0x7C9572BF name=NtOpenKeyedEvent
0248: Addr=0x7C9572CF name=NtOpenMutant
0249: Addr=0x7C9572DF name=NtOpenObjectAuditAlarm
0250: Addr=0x7C9572EF name=NtOpenProcess
0251: Addr=0x7C9572FF name=NtOpenProcessToken
0252: Addr=0x7C95730F name=NtOpenProcessTokenEx
0253: Addr=0x7C95731F name=NtOpenSection
0254: Addr=0x7C95732F name=NtOpenSemaphore
0255: Addr=0x7C95733F name=NtOpenSymbolicLinkObject
0256: Addr=0x7C957D8F name=NtOpenThread
0257: Addr=0x7C95734F name=NtOpenThreadToken
0258: Addr=0x7C95735F name=NtOpenThreadTokenEx
0259: Addr=0x7C95736F name=NtOpenTimer
0260: Addr=0x7C95737F name=NtPlugPlayControl
0261: Addr=0x7C95738F name=NtPowerInformation
0262: Addr=0x7C95739F name=NtPrivilegeCheck
0263: Addr=0x7C9573AF name=NtPrivilegeObjectAuditAlarm
0264: Addr=0x7C9573BF name=NtPrivilegedServiceAuditAlarm
0265: Addr=0x7C9573CF name=NtProtectVirtualMemory
0266: Addr=0x7C9573DF name=NtPulseEvent
0267: Addr=0x7C9573EF name=NtQueryAttributesFile
0268: Addr=0x7C9573FF name=NtQueryBootEntryOrder
0269: Addr=0x7C95740F name=NtQueryBootOptions
0270: Addr=0x7C95741F name=NtQueryDebugFilterState
0271: Addr=0x7C95742F name=NtQueryDefaultLocale
0272: Addr=0x7C95743F name=NtQueryDefaultUILanguage
0273: Addr=0x7C95744F name=NtQueryDirectoryFile
0274: Addr=0x7C95745F name=NtQueryDirectoryObject
0275: Addr=0x7C95746F name=NtQueryDriverEntryOrder
0276: Addr=0x7C95747F name=NtQueryEaFile
0277: Addr=0x7C95748F name=NtQueryEvent
0278: Addr=0x7C95749F name=NtQueryFullAttributesFile
0279: Addr=0x7C9574AF name=NtQueryInformationAtom
0280: Addr=0x7C9574BF name=NtQueryInformationFile
0281: Addr=0x7C9574CF name=NtQueryInformationJobObject
0282: Addr=0x7C9574DF name=NtQueryInformationPort
0283: Addr=0x7C9574EF name=NtQueryInformationProcess
0284: Addr=0x7C9574FF name=NtQueryInformationThread
0285: Addr=0x7C95750F name=NtQueryInformationToken
0286: Addr=0x7C95751F name=NtQueryInstallUILanguage
0287: Addr=0x7C95752F name=NtQueryIntervalProfile
0288: Addr=0x7C95753F name=NtQueryIoCompletion
0289: Addr=0x7C95754F name=NtQueryKey
0290: Addr=0x7C95755F name=NtQueryMultipleValueKey
0291: Addr=0x7C95756F name=NtQueryMutant
0292: Addr=0x7C95757F name=NtQueryObject
0293: Addr=0x7C95758F name=NtQueryOpenSubKeys
0294: Addr=0x7C95759F name=NtQueryOpenSubKeysEx
0295: Addr=0x7C9575AF name=NtQueryPerformanceCounter
0296: Addr=0x7C9575BF name=NtQueryPortInformationProcess
0297: Addr=0x7C9575CF name=NtQueryQuotaInformationFile
0298: Addr=0x7C9575DF name=NtQuerySection
0299: Addr=0x7C9575EF name=NtQuerySecurityObject
0300: Addr=0x7C9575FF name=NtQuerySemaphore
0301: Addr=0x7C95760F name=NtQuerySymbolicLinkObject
0302: Addr=0x7C95761F name=NtQuerySystemEnvironmentValue
0303: Addr=0x7C95762F name=NtQuerySystemEnvironmentValueEx
0304: Addr=0x7C95763F name=NtQuerySystemInformation
0305: Addr=0x7C957DBF name=NtQuerySystemTime
0306: Addr=0x7C95764F name=NtQueryTimer
0307: Addr=0x7C95765F name=NtQueryTimerResolution
0308: Addr=0x7C95766F name=NtQueryValueKey
0309: Addr=0x7C95767F name=NtQueryVirtualMemory
0310: Addr=0x7C95768F name=NtQueryVolumeInformationFile
0311: Addr=0x7C95769F name=NtQueueApcThread
0312: Addr=0x7C9576AF name=NtRaiseException
0313: Addr=0x7C9576BF name=NtRaiseHardError
0314: Addr=0x7C9576CF name=NtReadFile
0315: Addr=0x7C9576DF name=NtReadFileScatter
0316: Addr=0x7C9576EF name=NtReadRequestData
0317: Addr=0x7C9576FF name=NtReadVirtualMemory
0318: Addr=0x7C95770F name=NtRegisterThreadTerminatePort
0319: Addr=0x7C95771F name=NtReleaseKeyedEvent
0320: Addr=0x7C95772F name=NtReleaseMutant
0321: Addr=0x7C95773F name=NtReleaseSemaphore
0322: Addr=0x7C95774F name=NtRemoveIoCompletion
0323: Addr=0x7C95775F name=NtRemoveProcessDebug
0324: Addr=0x7C95776F name=NtRenameKey
0325: Addr=0x7C95777F name=NtReplaceKey
0326: Addr=0x7C95778F name=NtReplyPort
0327: Addr=0x7C95779F name=NtReplyWaitReceivePort
0328: Addr=0x7C957D9F name=NtReplyWaitReceivePortEx
0329: Addr=0x7C9577AF name=NtReplyWaitReplyPort
0330: Addr=0x7C9577BF name=NtRequestDeviceWakeup
0331: Addr=0x7C9577CF name=NtRequestPort
0332: Addr=0x7C9577DF name=NtRequestWaitReplyPort
0333: Addr=0x7C9577EF name=NtRequestWakeupLatency
0334: Addr=0x7C9577FF name=NtResetEvent
0335: Addr=0x7C95780F name=NtResetWriteWatch
0336: Addr=0x7C95781F name=NtRestoreKey
0337: Addr=0x7C95782F name=NtResumeProcess
0338: Addr=0x7C95783F name=NtResumeThread
0339: Addr=0x7C95784F name=NtSaveKey
0340: Addr=0x7C95785F name=NtSaveKeyEx
0341: Addr=0x7C95786F name=NtSaveMergedKeys
0342: Addr=0x7C95787F name=NtSecureConnectPort
0343: Addr=0x7C95788F name=NtSetBootEntryOrder
0344: Addr=0x7C95789F name=NtSetBootOptions
0345: Addr=0x7C9578AF name=NtSetContextThread
0346: Addr=0x7C9578BF name=NtSetDebugFilterState
0347: Addr=0x7C9578CF name=NtSetDefaultHardErrorPort
0348: Addr=0x7C9578DF name=NtSetDefaultLocale
0349: Addr=0x7C9578EF name=NtSetDefaultUILanguage
0350: Addr=0x7C9578FF name=NtSetDriverEntryOrder
0351: Addr=0x7C95790F name=NtSetEaFile
0352: Addr=0x7C95791F name=NtSetEvent
0353: Addr=0x7C95792F name=NtSetEventBoostPriority
0354: Addr=0x7C95793F name=NtSetHighEventPair
0355: Addr=0x7C95794F name=NtSetHighWaitLowEventPair
0356: Addr=0x7C95795F name=NtSetInformationDebugObject
0357: Addr=0x7C95796F name=NtSetInformationFile
0358: Addr=0x7C95797F name=NtSetInformationJobObject
0359: Addr=0x7C95798F name=NtSetInformationKey
0360: Addr=0x7C95799F name=NtSetInformationObject
0361: Addr=0x7C9579AF name=NtSetInformationProcess
0362: Addr=0x7C9579BF name=NtSetInformationThread
0363: Addr=0x7C9579CF name=NtSetInformationToken
0364: Addr=0x7C9579DF name=NtSetIntervalProfile
0365: Addr=0x7C9579EF name=NtSetIoCompletion
0366: Addr=0x7C9579FF name=NtSetLdtEntries
0367: Addr=0x7C957A0F name=NtSetLowEventPair
0368: Addr=0x7C957A1F name=NtSetLowWaitHighEventPair
0369: Addr=0x7C957A2F name=NtSetQuotaInformationFile
0370: Addr=0x7C957A3F name=NtSetSecurityObject
0371: Addr=0x7C957A4F name=NtSetSystemEnvironmentValue
0372: Addr=0x7C957A5F name=NtSetSystemEnvironmentValueEx
0373: Addr=0x7C957A6F name=NtSetSystemInformation
0374: Addr=0x7C957A7F name=NtSetSystemPowerState
0375: Addr=0x7C957A8F name=NtSetSystemTime
0376: Addr=0x7C957A9F name=NtSetThreadExecutionState
0377: Addr=0x7C957AAF name=NtSetTimer
0378: Addr=0x7C957ABF name=NtSetTimerResolution
0379: Addr=0x7C957ACF name=NtSetUuidSeed
0380: Addr=0x7C957ADF name=NtSetValueKey
0381: Addr=0x7C957AEF name=NtSetVolumeInformationFile
0382: Addr=0x7C957AFF name=NtShutdownSystem
0383: Addr=0x7C957B0F name=NtSignalAndWaitForSingleObject
0384: Addr=0x7C957B1F name=NtStartProfile
0385: Addr=0x7C957B2F name=NtStopProfile
0386: Addr=0x7C957B3F name=NtSuspendProcess
0387: Addr=0x7C957B4F name=NtSuspendThread
0388: Addr=0x7C957B5F name=NtSystemDebugControl
0389: Addr=0x7C957B6F name=NtTerminateJobObject
0390: Addr=0x7C957B7F name=NtTerminateProcess
0391: Addr=0x7C957B8F name=NtTerminateThread
0392: Addr=0x7C957B9F name=NtTestAlert
0393: Addr=0x7C957BAF name=NtTraceEvent
0394: Addr=0x7C957BBF name=NtTranslateFilePath
0395: Addr=0x7C957BCF name=NtUnloadDriver
0396: Addr=0x7C957BDF name=NtUnloadKey
0397: Addr=0x7C957BEF name=NtUnloadKey2
0398: Addr=0x7C957BFF name=NtUnloadKeyEx
0399: Addr=0x7C957C0F name=NtUnlockFile
0400: Addr=0x7C957C1F name=NtUnlockVirtualMemory
0401: Addr=0x7C957C2F name=NtUnmapViewOfSection
0402: Addr=0x7C957C3F name=NtVdmControl
0403: Addr=0x7C957C4F name=NtWaitForDebugEvent
0404: Addr=0x7C957C5F name=NtWaitForKeyedEvent
0405: Addr=0x7C957C7F name=NtWaitForMultipleObjects
0406: Addr=0x7C957C6F name=NtWaitForMultipleObjects32
0407: Addr=0x7C957C8F name=NtWaitForSingleObject
0408: Addr=0x7C957C9F name=NtWaitHighEventPair
0409: Addr=0x7C957CAF name=NtWaitLowEventPair
0410: Addr=0x7C957CBF name=NtWriteFile
0411: Addr=0x7C957CCF name=NtWriteFileGather
0412: Addr=0x7C957CDF name=NtWriteRequestData
0413: Addr=0x7C957DAF name=NtWriteVirtualMemory
0414: Addr=0x7C957DDF name=NtYieldExecution
0415: Addr=0x7C957CEF name=PfxFindPrefix
0416: Addr=0x7C957CFF name=PfxInitialize
0417: Addr=0x7C957D0F name=PfxInsertPrefix
0418: Addr=0x7C957D1F name=PfxRemovePrefix
0419: Addr=0x7C957D2F name=PropertyLengthAsVariant
0420: Addr=0x7C957D3F name=RtlAbortRXact
0421: Addr=0x7C957D4F name=RtlAbsoluteToSelfRelativeSD
0422: Addr=0x7C957D5F name=RtlAcquirePebLock
0423: Addr=0x7C957D6F name=RtlAcquirePrivilege
0424: Addr=0x7C996734 name=RtlAcquireResourceExclusive
0425: Addr=0x7C9963EC name=RtlAcquireResourceShared
0426: Addr=0x7C996651 name=RtlActivateActivationContext
0427: Addr=0x7C99640A name=RtlActivateActivationContextEx
0428: Addr=0x7C94014C name=RtlActivateActivationContextUnsafeFast
0429: Addr=0x7C96E193 name=RtlAddAccessAllowedAce
0430: Addr=0x7C95E478 name=RtlAddAccessAllowedAceEx
0431: Addr=0x7C93B75A name=RtlAddAccessAllowedObjectAce
0432: Addr=0x7C95FA6F name=RtlAddAccessDeniedAce
0433: Addr=0x7C945AA3 name=RtlAddAccessDeniedAceEx
0434: Addr=0x7C945C1D name=RtlAddAccessDeniedObjectAce
0435: Addr=0x7C945B2E name=RtlAddAce
0436: Addr=0x7C95F66D name=RtlAddActionToRXact
0437: Addr=0x7C943BAB name=RtlAddAtomToAtomTable
0438: Addr=0x7C997F38 name=RtlAddAttributeActionToRXact
0439: Addr=0x7C938BC5 name=RtlAddAuditAccessAce
0440: Addr=0x7C937496 name=RtlAddAuditAccessAceEx
0441: Addr=0x7C997F85 name=RtlAddAuditAccessObjectAce
0442: Addr=0x7C93C4CC name=RtlAddCompoundAce
0443: Addr=0x7C938D2E name=RtlAddRefActivationContext
0444: Addr=0x7C941623 name=RtlAddRefMemoryStream
0445: Addr=0x7C938D66 name=RtlAddVectoredContinueHandler
0446: Addr=0x7C931FEB name=RtlAddVectoredExceptionHandler
0447: Addr=0x7C997F00 name=RtlAddressInSectionTable
0448: Addr=0x7C997FD3 name=RtlAdjustPrivilege
0449: Addr=0x7C997CBC name=RtlAllocateActivationContextStack
0450: Addr=0x7C959CBD name=RtlAllocateAndInitializeSid
0451: Addr=0x7C9450A4 name=RtlAllocateHandle
0452: Addr=0x7C990663 name=RtlAllocateHeap
0453: Addr=0x7C990681 name=RtlAnsiCharToUnicodeChar
0454: Addr=0x7C968625 name=RtlAnsiStringToUnicodeSize
0455: Addr=0x7C9430AE name=RtlAnsiStringToUnicodeString
0456: Addr=0x7C95ECC9 name=RtlAppendAsciizToString
0457: Addr=0x7C95EEDC name=RtlAppendPathElement
0458: Addr=0x7C96B06C name=RtlAppendStringToString
0459: Addr=0x7C959FD6 name=RtlAppendUnicodeStringToString
0460: Addr=0x7C95FAC5 name=RtlAppendUnicodeToString
0461: Addr=0x7C998648 name=RtlApplicationVerifierStop
0462: Addr=0x7C94A2AB name=RtlApplyRXact
0463: Addr=0x7C9989B2 name=RtlApplyRXactNoFlush
0464: Addr=0x7C98CCEB name=RtlAreAllAccessesGranted
0465: Addr=0x7C998A12 name=RtlAreAnyAccessesGranted
0466: Addr=0x7C961916 name=RtlAreBitsClear
0467: Addr=0x7C96468B name=RtlAreBitsSet
0468: Addr=0x7C9920D8 name=RtlAssert
0469: Addr=0x7C931D89 name=RtlCancelTimer
0470: Addr=0x7C93904E name=RtlCaptureContext
0471: Addr=0x7C947414 name=RtlCaptureStackBackTrace
0472: Addr=0x7C99693E name=RtlCaptureStackContext
0473: Addr=0x7C99932C name=RtlCharToInteger
0474: Addr=0x7C93EBB9 name=RtlCheckForOrphanedCriticalSections
0475: Addr=0x7C999700 name=RtlCheckProcessParameters
0476: Addr=0x7C9998DD name=RtlCheckRegistryKey
0477: Addr=0x7C9587C4 name=RtlClearAllBits
0478: Addr=0x7C999BFE name=RtlClearBits
0479: Addr=0x7C999AF9 name=RtlCloneMemoryStream
0480: Addr=0x7C93C40F name=RtlCommitMemoryStream
0481: Addr=0x7C94A27D name=RtlCompactHeap
0482: Addr=0x7C931D3B name=RtlCompareMemory
0483: Addr=0x7C934411 name=RtlCompareMemoryUlong
0484: Addr=0x7C93D7EC name=RtlCompareString
0485: Addr=0x7C93EB73 name=RtlCompareUnicodeString
0486: Addr=0x7C98E57F name=RtlCompressBuffer
0487: Addr=0x7C98E57F name=RtlComputeCrc32
0488: Addr=0x7C99B649 name=RtlComputeImportTableHash
0489: Addr=0x7C94BDD9 name=RtlComputePrivatizedDllName_U
0490: Addr=0x7C94BE29 name=RtlConsoleMultiByteToUnicodeN
0491: Addr=0x7C9988C6 name=RtlConvertExclusiveToShared
0492: Addr=0x7C95E8ED name=RtlConvertLongToLargeInteger
0493: Addr=0x7C99BDED name=RtlConvertPropertyToVariant
0494: Addr=0x7C99C038 name=RtlConvertSharedToExclusive
0495: Addr=0x7C993DD0 name=RtlConvertSidToUnicodeString
0496: Addr=0x7C98E187 name=RtlConvertToAutoInheritSecurityObject
0497: Addr=0x7C96C3F3 name=RtlConvertUiListToApiList
0498: Addr=0x7C93B6B3 name=RtlConvertUlongToLargeInteger
0499: Addr=0x7C94C3DC name=RtlConvertVariantToProperty
0500: Addr=0x7C93E693 name=RtlCopyLuid
0501: Addr=0x7C95FB82 name=RtlCopyLuidAndAttributesArray
0502: Addr=0x7C98ECB9 name=RtlCopyMappedMemory
0503: Addr=0x7C98EFCC name=RtlCopyMemoryStreamTo
0504: Addr=0x7C94C3E4 name=RtlCopyOutOfProcessMemoryStreamTo
0505: Addr=0x7C96000F name=RtlCopySecurityDescriptor
0506: Addr=0x7C99690F name=RtlCopySid
0507: Addr=0x7C9472C6 name=RtlCopySidAndAttributesArray
0508: Addr=0x7C98E4F1 name=RtlCopyString
0509: Addr=0x7C98E572 name=RtlCopyUnicodeString
0510: Addr=0x7C93D852 name=RtlCreateAcl
0511: Addr=0x7C95EB6E name=RtlCreateActivationContext
0512: Addr=0x7C996852 name=RtlCreateAndSetSD
0513: Addr=0x7C9359F6 name=RtlCreateAtomTable
0514: Addr=0x7C95D01B name=RtlCreateBootStatusDataFile
0515: Addr=0x7C95F1AA name=RtlCreateEnvironment
0516: Addr=0x7C946CE6 name=RtlCreateHeap
0517: Addr=0x7C93509C name=RtlCreateProcessParameters
0518: Addr=0x7C9417B2 name=RtlCreateQueryDebugBuffer
0519: Addr=0x7C99C512 name=RtlCreateRegistryKey
0520: Addr=0x7C942FA5 name=RtlCreateSecurityDescriptor
0521: Addr=0x7C964CE0 name=RtlCreateSystemVolumeInformationFolder
0522: Addr=0x7C9666B1 name=RtlCreateTagHeap
0523: Addr=0x7C970E39 name=RtlCreateTimer
0524: Addr=0x7C99A104 name=RtlCreateTimerQueue
0525: Addr=0x7C95EFCC name=RtlCreateUnicodeString
0526: Addr=0x7C99CC67 name=RtlCreateUnicodeStringFromAsciiz
0527: Addr=0x7C965DC4 name=RtlCreateUserProcess
0528: Addr=0x7C96D569 name=RtlCreateUserSecurityObject
0529: Addr=0x7C93B987 name=RtlCreateUserThread
0530: Addr=0x7C95AEF0 name=RtlCustomCPToUnicodeN
0531: Addr=0x7C9496BA name=RtlCutoverTimeToSystemTime
0532: Addr=0x7C931654 name=RtlDeNormalizeProcessParams
0533: Addr=0x7C9352EA name=RtlDeactivateActivationContext
0534: Addr=0x7C93A5A7 name=RtlDeactivateActivationContextUnsafeFast
0535: Addr=0x7C99573E name=RtlDebugPrintTimes
0536: Addr=0x7C9488F9 name=RtlDecodePointer
0537: Addr=0x7C965E2F name=RtlDecodeSystemPointer
0538: Addr=0x7C945D40 name=RtlDecompressBuffer
0539: Addr=0x7C9998AD name=RtlDecompressFragment
0540: Addr=0x7C95B08E name=RtlDefaultNpAcl
0541: Addr=0x7C96B929 name=RtlDelete
0542: Addr=0x7C99BE69 name=RtlDeleteAce
0543: Addr=0x7C99BED5 name=RtlDeleteAtomFromAtomTable
0544: Addr=0x7C98ECC9 name=RtlDeleteCriticalSection
0545: Addr=0x7C961344 name=RtlDeleteElementGenericTable
0546: Addr=0x7C9718A2 name=RtlDeleteElementGenericTableAvl
0547: Addr=0x7C94217C name=RtlDeleteNoSplay
0548: Addr=0x7C95C988 name=RtlDeleteRegistryValue
0549: Addr=0x7C9612E8 name=RtlDeleteResource
0550: Addr=0x7C99D43A name=RtlDeleteSecurityObject
0551: Addr=0x7C99CEDB name=RtlDeleteTimer
0552: Addr=0x7C99A137 name=RtlDeleteTimerQueue
0553: Addr=0x7C96101C name=RtlDeleteTimerQueueEx
0554: Addr=0x7C945672 name=RtlDeregisterWait
0555: Addr=0x7C96DE04 name=RtlDeregisterWaitEx
0556: Addr=0x7C9998B5 name=RtlDestroyAtomTable
0557: Addr=0x7C96FB0D name=RtlDestroyEnvironment
0558: Addr=0x7C96CE55 name=RtlDestroyHandleTable
0559: Addr=0x7C96CBF9 name=RtlDestroyHeap
0560: Addr=0x7C998067 name=RtlDestroyProcessParameters
0561: Addr=0x7C96A6EE name=RtlDestroyQueryDebugBuffer
0562: Addr=0x7C96115E name=RtlDetermineDosPathNameType_U
0563: Addr=0x7C93EC4C name=RtlDllShutdownInProgress
0564: Addr=0x7C965E09 name=RtlDnsHostNameToComputerName
0565: Addr=0x7C9711E9 name=RtlDoesFileExists_U
0566: Addr=0x7C95BEAC name=RtlDosApplyFileIsolationRedirection_Ustr
0567: Addr=0x7C94A1B5 name=RtlDosPathNameToNtPathName_U
0568: Addr=0x7C9386B7 name=RtlDosPathNameToNtPathName_U_WithStatus
0569: Addr=0x7C96585B name=RtlDosPathNameToRelativeNtPathName_U
0570: Addr=0x7C95DDA1 name=RtlDosPathNameToRelativeNtPathName_U_WithStatus
0571: Addr=0x7C95E605 name=RtlDosSearchPath_U
0572: Addr=0x7C9393A8 name=RtlDosSearchPath_Ustr
0573: Addr=0x7C95E8C7 name=RtlDowncaseUnicodeChar
0574: Addr=0x7C95F904 name=RtlDowncaseUnicodeString
0575: Addr=0x7C937A29 name=RtlDumpResource
0576: Addr=0x7C968A4B name=RtlDuplicateUnicodeString
0577: Addr=0x7C9985C6 name=RtlEmptyAtomTable
0578: Addr=0x7C93B11D name=RtlEnableEarlyCriticalSectionEventCreation
0579: Addr=0x7C98E6B9 name=RtlEncodePointer
0580: Addr=0x7C96BFBF name=RtlEncodeSystemPointer
0581: Addr=0x7C998139 name=RtlEnlargedIntegerMultiply
0582: Addr=0x7C98E775 name=RtlEnlargedUnsignedDivide
0583: Addr=0x7C95B068 name=RtlEnlargedUnsignedMultiply
0584: Addr=0x7C96B929 name=RtlEnterCriticalSection
0585: Addr=0x7C94C1B6 name=RtlEnumProcessHeaps
0586: Addr=0x7C94C1CE name=RtlEnumerateGenericTable
0587: Addr=0x7C94C1C2 name=RtlEnumerateGenericTableAvl
0588: Addr=0x7C94A360 name=RtlEnumerateGenericTableLikeADirectory
0589: Addr=0x7C99AAE9 name=RtlEnumerateGenericTableWithoutSplaying
0590: Addr=0x7C99CF5B name=RtlEnumerateGenericTableWithoutSplayingAvl
0591: Addr=0x7C932022 name=RtlEqualComputerName
0592: Addr=0x7C99D4C4 name=RtlEqualDomainName
0593: Addr=0x7C960FE1 name=RtlEqualLuid
0594: Addr=0x7C932047 name=RtlEqualPrefixSid
0595: Addr=0x7C934401 name=RtlEqualSid
0596: Addr=0x7C94145E name=RtlEqualString
0597: Addr=0x7C9968E6 name=RtlEqualUnicodeString
0598: Addr=0x7C939AFE name=RtlEraseUnicodeString
0599: Addr=0x7C95FDD0 name=RtlExitUserThread
0600: Addr=0x7C94018B name=RtlExpandEnvironmentStrings_U
0601: Addr=0x7C95CF4E name=RtlExtendHeap
0602: Addr=0x7C935361 name=RtlExtendedIntegerMultiply
0603: Addr=0x7C96FE01 name=RtlExtendedLargeIntegerDivide
0604: Addr=0x7C967563 name=RtlExtendedMagicDivide
0605: Addr=0x7C99A829 name=RtlFillMemory
0606: Addr=0x7C94C2E0 name=RtlFillMemoryUlong
0607: Addr=0x7C94C1EE name=RtlFinalReleaseOutOfProcessMemoryStream
0608: Addr=0x7C94C250 name=RtlFindActivationContextSectionGuid
0609: Addr=0x7C94BE59 name=RtlFindActivationContextSectionString
0610: Addr=0x7C94BEC9 name=RtlFindCharInUnicodeString
0611: Addr=0x7C946CAF name=RtlFindClearBits
0612: Addr=0x7C947B39 name=RtlFindClearBitsAndSet
0613: Addr=0x7C95D0DE name=RtlFindClearRuns
0614: Addr=0x7C95DC25 name=RtlFindLastBackwardRunClear
0615: Addr=0x7C9645A2 name=RtlFindLeastSignificantBit
0616: Addr=0x7C96456F name=RtlFindLongestRunClear
0617: Addr=0x7C998DB4 name=RtlFindMessage
0618: Addr=0x7C9994A9 name=RtlFindMostSignificantBit
0619: Addr=0x7C999624 name=RtlFindNextForwardRunClear
0620: Addr=0x7C9990FD name=RtlFindSetBits
0621: Addr=0x7C93B4BA name=RtlFindSetBitsAndClear
0622: Addr=0x7C999579 name=RtlFirstEntrySList
0623: Addr=0x7C9993AF name=RtlFirstFreeAce
0624: Addr=0x7C998A66 name=RtlFlushSecureMemoryCache
0625: Addr=0x7C9996CD name=RtlFormatCurrentUserKeyPath
0626: Addr=0x7C94BD5E name=RtlFormatMessage
0627: Addr=0x7C95F16F name=RtlFormatMessageEx
0628: Addr=0x7C99D5F0 name=RtlFreeActivationContextStack
0629: Addr=0x7C968CB1 name=RtlFreeAnsiString
0630: Addr=0x7C931223 name=RtlFreeHandle
0631: Addr=0x7C93FBF3 name=RtlFreeHeap
0632: Addr=0x7C948FD7 name=RtlFreeOemString
0633: Addr=0x7C95B0BE name=RtlFreeSid
0634: Addr=0x7C96BC75 name=RtlFreeThreadActivationContextStack
0635: Addr=0x7C959E17 name=RtlFreeUnicodeString
0636: Addr=0x7C94143F name=RtlFreeUserThreadStack
0637: Addr=0x7C95EF4D name=RtlGUIDFromString
0638: Addr=0x7C94926A name=RtlGenerate8dot3Name
0639: Addr=0x7C95B0BE name=RtlGetAce
0640: Addr=0x7C99C77B name=RtlGetActiveActivationContext
0641: Addr=0x7C96B31D name=RtlGetCallersAddress
0642: Addr=0x7C99DA59 name=RtlGetCompressionWorkSpaceSize
0643: Addr=0x7C94319D name=RtlGetControlSecurityDescriptor
0644: Addr=0x7C961C69 name=RtlGetCriticalSectionRecursionCount
0645: Addr=0x7C999CB7 name=RtlGetCurrentDirectory_U
0646: Addr=0x7C99BD81 name=RtlGetCurrentPeb
0647: Addr=0x7C947726 name=RtlGetCurrentProcessorNumber
0648: Addr=0x7C95CB24 name=RtlGetDaclSecurityDescriptor
0649: Addr=0x7C96B1FD name=RtlGetElementGenericTable
0650: Addr=0x7C99A099 name=RtlGetElementGenericTableAvl
0651: Addr=0x7C98C9A5 name=RtlGetFrame
0652: Addr=0x7C96CF5D name=RtlGetFullPathName_U
0653: Addr=0x7C934DAB name=RtlGetFullPathName_UstrEx
0654: Addr=0x7C99D2C5 name=RtlGetGroupSecurityDescriptor
0655: Addr=0x7C98D1A6 name=RtlGetLastNtStatus
0656: Addr=0x7C95EF90 name=RtlGetLastWin32Error
0657: Addr=0x7C9638BD name=RtlGetLengthWithoutLastFullDosOrNtPathElement
0658: Addr=0x7C9479B4 name=RtlGetLengthWithoutTrailingPathSeperators
0659: Addr=0x7C99DE46 name=RtlGetLongestNtPathLength
0660: Addr=0x7C959E08 name=RtlGetNativeSystemInformation
0661: Addr=0x7C94546B name=RtlGetNtGlobalFlags
0662: Addr=0x7C935686 name=RtlGetNtProductType
0663: Addr=0x7C9405DB name=RtlGetNtVersionNumbers
0664: Addr=0x7C9576BF name=RtlGetOwnerSecurityDescriptor
0665: Addr=0x7C959F7D name=RtlGetProcessHeaps
0666: Addr=0x7C964501 name=RtlGetSaclSecurityDescriptor
0667: Addr=0x7C969FD7 name=RtlGetSecurityDescriptorRMControl
0668: Addr=0x7C947972 name=RtlGetSetBootStatusData
0669: Addr=0x7C99AA31 name=RtlGetThreadErrorMode
0670: Addr=0x7C9479F3 name=RtlGetUnloadEventTrace
0671: Addr=0x7C996D4F name=RtlGetUserInfoHeap
0672: Addr=0x7C931BBB name=RtlGetVersion
0673: Addr=0x7C96FC66 name=RtlHashUnicodeString
0674: Addr=0x7C970DC3 name=RtlIdentifierAuthoritySid
0675: Addr=0x7C941F44 name=RtlImageDirectoryEntryToData
0676: Addr=0x7C964418 name=RtlImageNtHeader
0677: Addr=0x7C95D44A name=RtlImageNtHeaderEx
0678: Addr=0x7C940C16 name=RtlImageRvaToSection
0679: Addr=0x7C95D541 name=RtlImageRvaToVa
0680: Addr=0x7C95B041 name=RtlImpersonateSelf
0681: Addr=0x7C95AF8D name=RtlInitAnsiString
0682: Addr=0x7C968657 name=RtlInitAnsiStringEx
0683: Addr=0x7C93138A name=RtlInitCodePageTable
0684: Addr=0x7C96CE8B name=RtlInitMemoryStream
0685: Addr=0x7C94A431 name=RtlInitNlsTables
0686: Addr=0x7C95F930 name=RtlInitOutOfProcessMemoryStream
0687: Addr=0x7C965F8F name=RtlInitString
0688: Addr=0x7C947220 name=RtlInitUnicodeString
0689: Addr=0x7C965F5E name=RtlInitUnicodeStringEx
0690: Addr=0x7C945318 name=RtlInitializeAtomPackage
0691: Addr=0x7C94A3F9 name=RtlInitializeBitMap
0692: Addr=0x7C94A469 name=RtlInitializeContext
0693: Addr=0x7C95AA43 name=RtlInitializeCriticalSection
0694: Addr=0x7C965D87 name=RtlInitializeCriticalSectionAndSpinCount
0695: Addr=0x7C96589B name=RtlInitializeGenericTable
0696: Addr=0x7C93A709 name=RtlInitializeGenericTableAvl
0697: Addr=0x7C963D1D name=RtlInitializeHandleTable
0698: Addr=0x7C95D62F name=RtlInitializeRXact
0699: Addr=0x7C9677A5 name=RtlInitializeResource
0700: Addr=0x7C931CEC name=RtlInitializeSListHead
0701: Addr=0x7C9652B1 name=RtlInitializeSid
0702: Addr=0x7C931E0D name=RtlInsertElementGenericTable
0703: Addr=0x7C967704 name=RtlInsertElementGenericTableAvl
0704: Addr=0x7C965873 name=RtlInsertElementGenericTableFull
0705: Addr=0x7C968C19 name=RtlInsertElementGenericTableFullAvl
0706: Addr=0x7C96BCAE name=RtlInt64ToUnicodeString
0707: Addr=0x7C99D407 name=RtlIntegerToChar
0708: Addr=0x7C96BCE0 name=RtlIntegerToUnicodeString
0709: Addr=0x7C99D1CE name=RtlInterlockedCompareExchange64
0710: Addr=0x7C99A029 name=RtlInterlockedFlushSList
0711: Addr=0x7C95B6CD name=RtlInterlockedPopEntrySList
0712: Addr=0x7C95B66A name=RtlInterlockedPushEntrySList
0713: Addr=0x7C94BD86 name=RtlInterlockedPushListSList
0714: Addr=0x7C96F9CC name=RtlIpv4AddressToStringA
0715: Addr=0x7C95D619 name=RtlIpv4AddressToStringExA
0716: Addr=0x7C95C95F name=RtlIpv4AddressToStringExW
0717: Addr=0x7C99E2D7 name=RtlIpv4AddressToStringW
0718: Addr=0x7C99E325 name=RtlIpv4StringToAddressA
0719: Addr=0x7C93E8AE name=RtlIpv4StringToAddressExA
0720: Addr=0x7C93E926 name=RtlIpv4StringToAddressExW
0721: Addr=0x7C93F526 name=RtlIpv4StringToAddressW
0722: Addr=0x7C99EC83 name=RtlIpv6AddressToStringA
0723: Addr=0x7C97197E name=RtlIpv6AddressToStringExA
0724: Addr=0x7C93F69F name=RtlIpv6AddressToStringExW
0725: Addr=0x7C99DFC5 name=RtlIpv6AddressToStringW
0726: Addr=0x7C99E1F1 name=RtlIpv6StringToAddressA
0727: Addr=0x7C99E633 name=RtlIpv6StringToAddressExA
0728: Addr=0x7C99E3CB name=RtlIpv6StringToAddressExW
0729: Addr=0x7C99E727 name=RtlIpv6StringToAddressW
0730: Addr=0x7C99EA46 name=RtlIsActivationContextActive
0731: Addr=0x7C99F11A name=RtlIsCriticalSectionLocked
0732: Addr=0x7C99EE1C name=RtlIsCriticalSectionLockedByThread
0733: Addr=0x7C992FF0 name=RtlIsDosDeviceName_U
0734: Addr=0x7C98E58C name=RtlIsGenericTableEmpty
0735: Addr=0x7C98E5A8 name=RtlIsGenericTableEmptyAvl
0736: Addr=0x7C95E88E name=RtlIsNameLegalDOS8Dot3
0737: Addr=0x7C96BE71 name=RtlIsTextUnicode
0738: Addr=0x7C99D2AC name=RtlIsThreadWithinLoaderCallout
0739: Addr=0x7C99D8DD name=RtlIsValidHandle
0740: Addr=0x7C9405F8 name=RtlIsValidIndexHandle
0741: Addr=0x7C96F5AB name=RtlLargeIntegerAdd
0742: Addr=0x7C96AFCB name=RtlLargeIntegerArithmeticShift
0743: Addr=0x7C96B010 name=RtlLargeIntegerDivide
0744: Addr=0x7C94C1A2 name=RtlLargeIntegerNegate
0745: Addr=0x7C94C388 name=RtlLargeIntegerShiftLeft
0746: Addr=0x7C99F37D name=RtlLargeIntegerShiftRight
0747: Addr=0x7C94C3B4 name=RtlLargeIntegerSubtract
0748: Addr=0x7C94C338 name=RtlLargeIntegerToChar
0749: Addr=0x7C94C360 name=RtlLeaveCriticalSection
0750: Addr=0x7C94C3C8 name=RtlLengthRequiredSid
0751: Addr=0x7C999D01 name=RtlLengthSecurityDescriptor
0752: Addr=0x7C94A3AB name=RtlLengthSid
0753: Addr=0x7C94373D name=RtlLocalTimeToSystemTime
0754: Addr=0x7C947444 name=RtlLockBootStatusData
0755: Addr=0x7C95EB52 name=RtlLockHeap
0756: Addr=0x7C996378 name=RtlLockMemoryStreamRegion
0757: Addr=0x7C931AA2 name=RtlLogStackBackTrace
0758: Addr=0x7C96D025 name=RtlLookupAtomInAtomTable
0759: Addr=0x7C98E572 name=RtlLookupElementGenericTable
0760: Addr=0x7C95D6F4 name=RtlLookupElementGenericTableAvl
0761: Addr=0x7C94763C name=RtlLookupElementGenericTableFull
0762: Addr=0x7C96BE89 name=RtlLookupElementGenericTableFullAvl
0763: Addr=0x7C99D593 name=RtlMakeSelfRelativeSD
0764: Addr=0x7C96BEAA name=RtlMapGenericMask
0765: Addr=0x7C99D492 name=RtlMapSecurityErrorToNtStatus
0766: Addr=0x7C96E0B5 name=RtlMoveMemory
0767: Addr=0x7C96D913 name=RtlMultiAppendUnicodeStringBuffer
0768: Addr=0x7C996E0C name=RtlMultiByteToUnicodeN
0769: Addr=0x7C94BF1C name=RtlMultiByteToUnicodeSize
0770: Addr=0x7C95F690 name=RtlMultipleAllocateHeap
0771: Addr=0x7C94C575 name=RtlMultipleFreeHeap
0772: Addr=0x7C9408EC name=RtlNewInstanceSecurityObject
0773: Addr=0x7C99B474 name=RtlNewSecurityGrantedAccess
0774: Addr=0x7C99B4F1 name=RtlNewSecurityObject
0775: Addr=0x7C98EB25 name=RtlNewSecurityObjectEx
0776: Addr=0x7C98EB9B name=RtlNewSecurityObjectWithMultipleInheritance
0777: Addr=0x7C937BE7 name=RtlNormalizeProcessParams
0778: Addr=0x7C947A28 name=RtlNtPathNameToDosPathName
0779: Addr=0x7C98E8D5 name=RtlNtStatusToDosError
0780: Addr=0x7C96593D name=RtlNtStatusToDosErrorNoTeb
0781: Addr=0x7C96B7E4 name=RtlNumberGenericTableElements
0782: Addr=0x7C9596A2 name=RtlNumberGenericTableElementsAvl
0783: Addr=0x7C9596F1 name=RtlNumberOfClearBits
0784: Addr=0x7C961188 name=RtlNumberOfSetBits
0785: Addr=0x7C99D39A name=RtlOemStringToUnicodeSize
0786: Addr=0x7C99930D name=RtlOemStringToUnicodeString
0787: Addr=0x7C999134 name=RtlOemToUnicodeN
0788: Addr=0x7C998648 name=RtlOpenCurrentUser
0789: Addr=0x7C93B1BD name=RtlPcToFileHeader
0790: Addr=0x7C93AF6C name=RtlPinAtomInAtomTable
0791: Addr=0x7C969C86 name=RtlPopFrame
0792: Addr=0x7C9414BB name=RtlPrefixString
0793: Addr=0x7C998201 name=RtlPrefixUnicodeString
0794: Addr=0x7C98D186 name=RtlProtectHeap
0795: Addr=0x7C9379CB name=RtlPushFrame
0796: Addr=0x7C960C1E name=RtlQueryAtomInAtomTable
0797: Addr=0x7C99A418 name=RtlQueryDepthSList
0798: Addr=0x7C98D163 name=RtlQueryEnvironmentVariable_U
0799: Addr=0x7C942283 name=RtlQueryHeapInformation
0800: Addr=0x7C95C94F name=RtlQueryInformationAcl
0801: Addr=0x7C95E6B4 name=RtlQueryInformationActivationContext
0802: Addr=0x7C99B427 name=RtlQueryInformationActiveActivationContext
0803: Addr=0x7C93D77B name=RtlQueryInterfaceMemoryStream
0804: Addr=0x7C959CD8 name=RtlQueryProcessBackTraceInformation
0805: Addr=0x7C948EA7 name=RtlQueryProcessDebugInformation
0806: Addr=0x7C94537D name=RtlQueryProcessHeapInformation
0807: Addr=0x7C98F326 name=RtlQueryProcessLockInformation
0808: Addr=0x7C9712EE name=RtlQueryRegistryValues
0809: Addr=0x7C98F4EC name=RtlQuerySecurityObject
0810: Addr=0x7C98FA95 name=RtlQueryTagHeap
0811: Addr=0x7C9347DF name=RtlQueryTimeZoneInformation
0812: Addr=0x7C98E90E name=RtlQueueApcWow64Thread
0813: Addr=0x7C99A6C5 name=RtlQueueWorkItem
0814: Addr=0x7C99A1D7 name=RtlRaiseException
0815: Addr=0x7C992ADD name=RtlRaiseStatus
0816: Addr=0x7C96A873 name=RtlRandom
0817: Addr=0x7C9585FF name=RtlRandomEx
0818: Addr=0x7C958672 name=RtlReAllocateHeap
0819: Addr=0x7C99FA90 name=RtlReadMemoryStream
0820: Addr=0x7C94593A name=RtlReadOutOfProcessMemoryStream
0821: Addr=0x7C95B0DC name=RtlRealPredecessor
0822: Addr=0x7C94727D name=RtlRealSuccessor
0823: Addr=0x7C9450E6 name=RtlRegisterSecureMemoryCacheCallback
0824: Addr=0x7C99CE9E name=RtlRegisterWait
0825: Addr=0x7C9611DE name=RtlReleaseActivationContext
0826: Addr=0x7C99D5B4 name=RtlReleaseMemoryStream
0827: Addr=0x7C96C81B name=RtlReleasePebLock
0828: Addr=0x7C95D080 name=RtlReleasePrivilege
0829: Addr=0x7C9450C0 name=RtlReleaseRelativeName
0830: Addr=0x7C95E48F name=RtlReleaseResource
0831: Addr=0x7C93B91E name=RtlRemoteCall
0832: Addr=0x7C95C68C name=RtlRemoveVectoredContinueHandler
0833: Addr=0x7C95F9C7 name=RtlRemoveVectoredExceptionHandler
0834: Addr=0x7C99DE58 name=RtlResetRtlTranslations
0835: Addr=0x7C99070B name=RtlRestoreLastWin32Error
0836: Addr=0x7C990726 name=RtlRevertMemoryStream
0837: Addr=0x7C965CA5 name=RtlRunDecodeUnicodeString
0838: Addr=0x7C95A136 name=RtlRunEncodeUnicodeString
0839: Addr=0x7C98E565 name=RtlSecondsSince1970ToTime
0840: Addr=0x7C935E03 name=RtlSecondsSince1980ToTime
0841: Addr=0x7C935DB5 name=RtlSeekMemoryStream
0842: Addr=0x7C971672 name=RtlSelfRelativeToAbsoluteSD
0843: Addr=0x7C996341 name=RtlSelfRelativeToAbsoluteSD2
0844: Addr=0x7C98E482 name=RtlSetAllBits
0845: Addr=0x7C9967D3 name=RtlSetAttributesSecurityDescriptor
0846: Addr=0x7C93D96D name=RtlSetBits
0847: Addr=0x7C93D81D name=RtlSetControlSecurityDescriptor
0848: Addr=0x7C996EF7 name=RtlSetCriticalSectionSpinCount
0849: Addr=0x7C96452B name=RtlSetCurrentDirectory_U
0850: Addr=0x7C93A025 name=RtlSetCurrentEnvironment
0851: Addr=0x7C949F95 name=RtlSetDaclSecurityDescriptor
0852: Addr=0x7C96065F name=RtlSetEnvironmentStrings
0853: Addr=0x7C99C6E9 name=RtlSetEnvironmentVariable
0854: Addr=0x7C95EFFA name=RtlSetGroupSecurityDescriptor
0855: Addr=0x7C93C1D5 name=RtlSetHeapInformation
0856: Addr=0x7C960909 name=RtlSetInformationAcl
0857: Addr=0x7C95FFC5 name=RtlSetIoCompletionCallback
0858: Addr=0x7C945743 name=RtlSetLastWin32Error
0859: Addr=0x7C997C70 name=RtlSetLastWin32ErrorAndNtStatusFromNtStatus
0860: Addr=0x7C93F603 name=RtlSetMemoryStreamSize
0861: Addr=0x7C95A136 name=RtlSetOwnerSecurityDescriptor
0862: Addr=0x7C93E1A1 name=RtlSetProcessIsCritical
0863: Addr=0x7C98E4E4 name=RtlSetSaclSecurityDescriptor
0864: Addr=0x7C95FF7B name=RtlSetSecurityDescriptorRMControl
0865: Addr=0x7C931A21 name=RtlSetSecurityObject
0866: Addr=0x7C9387C6 name=RtlSetSecurityObjectEx
0867: Addr=0x7C996DB1 name=RtlSetThreadErrorMode
0868: Addr=0x7C93DB85 name=RtlSetThreadIsCritical
0869: Addr=0x7C98E8E5 name=RtlSetThreadPoolStartFunc
0870: Addr=0x7C960DB1 name=RtlSetTimeZoneInformation
0871: Addr=0x7C9319CA name=RtlSetTimer
0872: Addr=0x7C965EE7 name=RtlSetUnhandledExceptionFilter
0873: Addr=0x7C99A2FF name=RtlSetUnicodeCallouts
0874: Addr=0x7C9998CD name=RtlSetUserFlagsHeap
0875: Addr=0x7C966CB3 name=RtlSetUserValueHeap
0876: Addr=0x7C994201 name=RtlSizeHeap
0877: Addr=0x7C99A57B name=RtlSplay
0878: Addr=0x7C941986 name=RtlStartRXact
0879: Addr=0x7C95A9BE name=RtlStatMemoryStream
0880: Addr=0x7C960F7F name=RtlStringFromGUID
0881: Addr=0x7C9400D6 name=RtlSubAuthorityCountSid
0882: Addr=0x7C945148 name=RtlSubAuthoritySid
0883: Addr=0x7C942032 name=RtlSubtreePredecessor
0884: Addr=0x7C96D961 name=RtlSubtreeSuccessor
0885: Addr=0x7C95FB6A name=RtlSystemTimeToLocalTime
0886: Addr=0x7C9613BA name=RtlTimeFieldsToTime
0887: Addr=0x7C99CE7B name=RtlTimeToElapsedTimeFields
0888: Addr=0x7C93B6E3 name=RtlTimeToSecondsSince1970
0889: Addr=0x7C95B7B6 name=RtlTimeToSecondsSince1980
0890: Addr=0x7C96ED69 name=RtlTimeToTimeFields
0891: Addr=0x7C93E6ED name=RtlTraceDatabaseAdd
0892: Addr=0x7C943C55 name=RtlTraceDatabaseCreate
0893: Addr=0x7C95AB97 name=RtlTraceDatabaseDestroy
0894: Addr=0x7C9A0111 name=RtlTraceDatabaseEnumerate
0895: Addr=0x7C99FD43 name=RtlTraceDatabaseFind
0896: Addr=0x7C99FE35 name=RtlTraceDatabaseLock
0897: Addr=0x7C99FCBB name=RtlTraceDatabaseUnlock
0898: Addr=0x7C99FF1D name=RtlTraceDatabaseValidate
0899: Addr=0x7C9A00F1 name=RtlTryEnterCriticalSection
0900: Addr=0x7C9A0101 name=RtlUlongByteSwap
0901: Addr=0x7C99FED3 name=RtlUlonglongByteSwap
0902: Addr=0x7C95FF36 name=RtlUnhandledExceptionFilter
0903: Addr=0x7C9A02ED name=RtlUnhandledExceptionFilter2
0904: Addr=0x7C9A0C77 name=RtlUnicodeStringToAnsiSize
0905: Addr=0x7C998623 name=RtlUnicodeStringToAnsiString
0906: Addr=0x7C95EAB8 name=RtlUnicodeStringToCountedOemString
0907: Addr=0x7C99871E name=RtlUnicodeStringToInteger
0908: Addr=0x7C967A94 name=RtlUnicodeStringToOemSize
0909: Addr=0x7C998623 name=RtlUnicodeStringToOemString
0910: Addr=0x7C93B099 name=RtlUnicodeToCustomCPN
0911: Addr=0x7C995922 name=RtlUnicodeToMultiByteN
0912: Addr=0x7C95E383 name=RtlUnicodeToMultiByteSize
0913: Addr=0x7C967538 name=RtlUnicodeToOemN
0914: Addr=0x7C9687E2 name=RtlUniform
0915: Addr=0x7C93596B name=RtlUnlockBootStatusData
0916: Addr=0x7C931CA6 name=RtlUnlockHeap
0917: Addr=0x7C96CFBC name=RtlUnlockMemoryStreamRegion
0918: Addr=0x7C98E572 name=RtlUnwind
0919: Addr=0x7C961701 name=RtlUpcaseUnicodeChar
0920: Addr=0x7C95C6AC name=RtlUpcaseUnicodeString
0921: Addr=0x7C96AF51 name=RtlUpcaseUnicodeStringToAnsiString
0922: Addr=0x7C99866F name=RtlUpcaseUnicodeStringToCountedOemString
0923: Addr=0x7C9987F2 name=RtlUpcaseUnicodeStringToOemString
0924: Addr=0x7C94139C name=RtlUpcaseUnicodeToCustomCPN
0925: Addr=0x7C995AD1 name=RtlUpcaseUnicodeToMultiByteN
0926: Addr=0x7C960515 name=RtlUpcaseUnicodeToOemN
0927: Addr=0x7C941084 name=RtlUpdateTimer
0928: Addr=0x7C93834A name=RtlUpperChar
0929: Addr=0x7C93EE93 name=RtlUpperString
0930: Addr=0x7C998969 name=RtlUsageHeap
0931: Addr=0x7C99B822 name=RtlUshortByteSwap
0932: Addr=0x7C95F055 name=RtlValidAcl
0933: Addr=0x7C93D61B name=RtlValidRelativeSecurityDescriptor
0934: Addr=0x7C945E69 name=RtlValidSecurityDescriptor
0935: Addr=0x7C95F53D name=RtlValidSid
0936: Addr=0x7C936FA1 name=RtlValidateHeap
0937: Addr=0x7C99B775 name=RtlValidateProcessHeaps
0938: Addr=0x7C95DADF name=RtlValidateUnicodeString
0939: Addr=0x7C9437DD name=RtlVerifyVersionInfo
0940: Addr=0x7C99994C name=RtlWalkFrameChain
0941: Addr=0x7C99AB71 name=RtlWalkHeap
0942: Addr=0x7C992AFA name=RtlWow64EnableFsRedirection
0943: Addr=0x7C992AED name=RtlWow64EnableFsRedirectionEx
0944: Addr=0x7C98E475 name=RtlWriteMemoryStream
0945: Addr=0x7C99A0A8 name=RtlWriteRegistryValue
0946: Addr=0x7C998335 name=RtlZeroHeap
0947: Addr=0x7C94BEEA name=RtlZeroMemory
0948: Addr=0x7C992DB9 name=RtlZombifyActivationContext
0949: Addr=0x7C943EC0 name=RtlpApplyLengthFunction
0950: Addr=0x7C96A62D name=RtlpEnsureBufferSize
0951: Addr=0x7C98E78B name=RtlpNotOwnerCriticalSection
0952: Addr=0x7C9A0D3B name=RtlpNtCreateKey
0953: Addr=0x7C9358A6 name=RtlpNtEnumerateSubKey
0954: Addr=0x7C9A0D94 name=RtlpNtMakeTemporaryKey
0955: Addr=0x7C9445D8 name=RtlpNtOpenKey
0956: Addr=0x7C9445FD name=RtlpNtQueryValueKey
0957: Addr=0x7C9A0D68 name=RtlpNtSetValueKey
0958: Addr=0x7C96D2E6 name=RtlpUnWaitCriticalSection
0959: Addr=0x7C98E5CC name=RtlpWaitForCriticalSection
0960: Addr=0x7C998648 name=RtlxAnsiStringToUnicodeSize
0961: Addr=0x7C998648 name=RtlxOemStringToUnicodeSize
0962: Addr=0x7C998623 name=RtlxUnicodeStringToAnsiSize
0963: Addr=0x7C998623 name=RtlxUnicodeStringToOemSize
0964: Addr=0x7C94379F name=VerSetConditionMask
0965: Addr=0x7C956B6F name=ZwAcceptConnectPort
0966: Addr=0x7C956B7F name=ZwAccessCheck
0967: Addr=0x7C956B8F name=ZwAccessCheckAndAuditAlarm
0968: Addr=0x7C956B9F name=ZwAccessCheckByType
0969: Addr=0x7C956BAF name=ZwAccessCheckByTypeAndAuditAlarm
0970: Addr=0x7C956BBF name=ZwAccessCheckByTypeResultList
0971: Addr=0x7C956BCF name=ZwAccessCheckByTypeResultListAndAuditAlarm
0972: Addr=0x7C956BDF name=ZwAccessCheckByTypeResultListAndAuditAlarmByHandle
0973: Addr=0x7C956BEF name=ZwAddAtom
0974: Addr=0x7C956BFF name=ZwAddBootEntry
0975: Addr=0x7C956C0F name=ZwAddDriverEntry
0976: Addr=0x7C956C1F name=ZwAdjustGroupsToken
0977: Addr=0x7C956C2F name=ZwAdjustPrivilegesToken
0978: Addr=0x7C956C3F name=ZwAlertResumeThread
0979: Addr=0x7C956C4F name=ZwAlertThread
0980: Addr=0x7C956C5F name=ZwAllocateLocallyUniqueId
0981: Addr=0x7C956C6F name=ZwAllocateUserPhysicalPages
0982: Addr=0x7C956C7F name=ZwAllocateUuids
0983: Addr=0x7C956C8F name=ZwAllocateVirtualMemory
0984: Addr=0x7C956C9F name=ZwApphelpCacheControl
0985: Addr=0x7C956CAF name=ZwAreMappedFilesTheSame
0986: Addr=0x7C956CBF name=ZwAssignProcessToJobObject
0987: Addr=0x7C956CCF name=ZwCallbackReturn
0988: Addr=0x7C956CDF name=ZwCancelDeviceWakeupRequest
0989: Addr=0x7C956CEF name=ZwCancelIoFile
0990: Addr=0x7C956CFF name=ZwCancelTimer
0991: Addr=0x7C956D0F name=ZwClearEvent
0992: Addr=0x7C956D1F name=ZwClose
0993: Addr=0x7C956D2F name=ZwCloseObjectAuditAlarm
0994: Addr=0x7C956D3F name=ZwCompactKeys
0995: Addr=0x7C956D4F name=ZwCompareTokens
0996: Addr=0x7C956D5F name=ZwCompleteConnectPort
0997: Addr=0x7C956D6F name=ZwCompressKey
0998: Addr=0x7C956D7F name=ZwConnectPort
0999: Addr=0x7C956D8F name=ZwContinue
1000: Addr=0x7C956D9F name=ZwCreateDebugObject
1001: Addr=0x7C956DAF name=ZwCreateDirectoryObject
1002: Addr=0x7C956DBF name=ZwCreateEvent
1003: Addr=0x7C956DCF name=ZwCreateEventPair
1004: Addr=0x7C956DDF name=ZwCreateFile
1005: Addr=0x7C956DEF name=ZwCreateIoCompletion
1006: Addr=0x7C956DFF name=ZwCreateJobObject
1007: Addr=0x7C956E0F name=ZwCreateJobSet
1008: Addr=0x7C956E1F name=ZwCreateKey
1009: Addr=0x7C957D7F name=ZwCreateKeyedEvent
1010: Addr=0x7C956E2F name=ZwCreateMailslotFile
1011: Addr=0x7C956E3F name=ZwCreateMutant
1012: Addr=0x7C956E4F name=ZwCreateNamedPipeFile
1013: Addr=0x7C956E5F name=ZwCreatePagingFile
1014: Addr=0x7C956E6F name=ZwCreatePort
1015: Addr=0x7C956E7F name=ZwCreateProcess
1016: Addr=0x7C956E8F name=ZwCreateProcessEx
1017: Addr=0x7C956E9F name=ZwCreateProfile
1018: Addr=0x7C956EAF name=ZwCreateSection
1019: Addr=0x7C956EBF name=ZwCreateSemaphore
1020: Addr=0x7C956ECF name=ZwCreateSymbolicLinkObject
1021: Addr=0x7C956EDF name=ZwCreateThread
1022: Addr=0x7C956EEF name=ZwCreateTimer
1023: Addr=0x7C956EFF name=ZwCreateToken
1024: Addr=0x7C956F0F name=ZwCreateWaitablePort
1025: Addr=0x7C956F1F name=ZwDebugActiveProcess
1026: Addr=0x7C956F2F name=ZwDebugContinue
1027: Addr=0x7C956F3F name=ZwDelayExecution
1028: Addr=0x7C956F4F name=ZwDeleteAtom
1029: Addr=0x7C956F5F name=ZwDeleteBootEntry
1030: Addr=0x7C956F6F name=ZwDeleteDriverEntry
1031: Addr=0x7C956F7F name=ZwDeleteFile
1032: Addr=0x7C956F8F name=ZwDeleteKey
1033: Addr=0x7C956F9F name=ZwDeleteObjectAuditAlarm
1034: Addr=0x7C956FAF name=ZwDeleteValueKey
1035: Addr=0x7C956FBF name=ZwDeviceIoControlFile
1036: Addr=0x7C956FCF name=ZwDisplayString
1037: Addr=0x7C956FDF name=ZwDuplicateObject
1038: Addr=0x7C956FEF name=ZwDuplicateToken
1039: Addr=0x7C956FFF name=ZwEnumerateBootEntries
1040: Addr=0x7C95700F name=ZwEnumerateDriverEntries
1041: Addr=0x7C95701F name=ZwEnumerateKey
1042: Addr=0x7C95702F name=ZwEnumerateSystemEnvironmentValuesEx
1043: Addr=0x7C95703F name=ZwEnumerateValueKey
1044: Addr=0x7C95704F name=ZwExtendSection
1045: Addr=0x7C95705F name=ZwFilterToken
1046: Addr=0x7C95706F name=ZwFindAtom
1047: Addr=0x7C95707F name=ZwFlushBuffersFile
1048: Addr=0x7C95708F name=ZwFlushInstructionCache
1049: Addr=0x7C95709F name=ZwFlushKey
1050: Addr=0x7C9570AF name=ZwFlushVirtualMemory
1051: Addr=0x7C9570BF name=ZwFlushWriteBuffer
1052: Addr=0x7C9570CF name=ZwFreeUserPhysicalPages
1053: Addr=0x7C9570DF name=ZwFreeVirtualMemory
1054: Addr=0x7C9570EF name=ZwFsControlFile
1055: Addr=0x7C9570FF name=ZwGetContextThread
1056: Addr=0x7C957DCF name=ZwGetCurrentProcessorNumber
1057: Addr=0x7C95710F name=ZwGetDevicePowerState
1058: Addr=0x7C95711F name=ZwGetPlugPlayEvent
1059: Addr=0x7C95712F name=ZwGetWriteWatch
1060: Addr=0x7C95713F name=ZwImpersonateAnonymousToken
1061: Addr=0x7C95714F name=ZwImpersonateClientOfPort
1062: Addr=0x7C95715F name=ZwImpersonateThread
1063: Addr=0x7C95716F name=ZwInitializeRegistry
1064: Addr=0x7C95717F name=ZwInitiatePowerAction
1065: Addr=0x7C95718F name=ZwIsProcessInJob
1066: Addr=0x7C95719F name=ZwIsSystemResumeAutomatic
1067: Addr=0x7C9571AF name=ZwListenPort
1068: Addr=0x7C9571BF name=ZwLoadDriver
1069: Addr=0x7C9571DF name=ZwLoadKey
1070: Addr=0x7C9571CF name=ZwLoadKey2
1071: Addr=0x7C9571EF name=ZwLoadKeyEx
1072: Addr=0x7C9571FF name=ZwLockFile
1073: Addr=0x7C95720F name=ZwLockProductActivationKeys
1074: Addr=0x7C95721F name=ZwLockRegistryKey
1075: Addr=0x7C95722F name=ZwLockVirtualMemory
1076: Addr=0x7C95723F name=ZwMakePermanentObject
1077: Addr=0x7C95724F name=ZwMakeTemporaryObject
1078: Addr=0x7C95725F name=ZwMapUserPhysicalPages
1079: Addr=0x7C95726F name=ZwMapUserPhysicalPagesScatter
1080: Addr=0x7C95727F name=ZwMapViewOfSection
1081: Addr=0x7C95728F name=ZwModifyBootEntry
1082: Addr=0x7C95729F name=ZwModifyDriverEntry
1083: Addr=0x7C9572AF name=ZwNotifyChangeDirectoryFile
1084: Addr=0x7C9572BF name=ZwNotifyChangeKey
1085: Addr=0x7C9572CF name=ZwNotifyChangeMultipleKeys
1086: Addr=0x7C9572DF name=ZwOpenDirectoryObject
1087: Addr=0x7C9572EF name=ZwOpenEvent
1088: Addr=0x7C9572FF name=ZwOpenEventPair
1089: Addr=0x7C95730F name=ZwOpenFile
1090: Addr=0x7C95731F name=ZwOpenIoCompletion
1091: Addr=0x7C95732F name=ZwOpenJobObject
1092: Addr=0x7C95733F name=ZwOpenKey
1093: Addr=0x7C957D8F name=ZwOpenKeyedEvent
1094: Addr=0x7C95734F name=ZwOpenMutant
1095: Addr=0x7C95735F name=ZwOpenObjectAuditAlarm
1096: Addr=0x7C95736F name=ZwOpenProcess
1097: Addr=0x7C95737F name=ZwOpenProcessToken
1098: Addr=0x7C95738F name=ZwOpenProcessTokenEx
1099: Addr=0x7C95739F name=ZwOpenSection
1100: Addr=0x7C9573AF name=ZwOpenSemaphore
1101: Addr=0x7C9573BF name=ZwOpenSymbolicLinkObject
1102: Addr=0x7C9573CF name=ZwOpenThread
1103: Addr=0x7C9573DF name=ZwOpenThreadToken
1104: Addr=0x7C9573EF name=ZwOpenThreadTokenEx
1105: Addr=0x7C9573FF name=ZwOpenTimer
1106: Addr=0x7C95740F name=ZwPlugPlayControl
1107: Addr=0x7C95741F name=ZwPowerInformation
1108: Addr=0x7C95742F name=ZwPrivilegeCheck
1109: Addr=0x7C95743F name=ZwPrivilegeObjectAuditAlarm
1110: Addr=0x7C95744F name=ZwPrivilegedServiceAuditAlarm
1111: Addr=0x7C95745F name=ZwProtectVirtualMemory
1112: Addr=0x7C95746F name=ZwPulseEvent
1113: Addr=0x7C95747F name=ZwQueryAttributesFile
1114: Addr=0x7C95748F name=ZwQueryBootEntryOrder
1115: Addr=0x7C95749F name=ZwQueryBootOptions
1116: Addr=0x7C9574AF name=ZwQueryDebugFilterState
1117: Addr=0x7C9574BF name=ZwQueryDefaultLocale
1118: Addr=0x7C9574CF name=ZwQueryDefaultUILanguage
1119: Addr=0x7C9574DF name=ZwQueryDirectoryFile
1120: Addr=0x7C9574EF name=ZwQueryDirectoryObject
1121: Addr=0x7C9574FF name=ZwQueryDriverEntryOrder
1122: Addr=0x7C95750F name=ZwQueryEaFile
1123: Addr=0x7C95751F name=ZwQueryEvent
1124: Addr=0x7C95752F name=ZwQueryFullAttributesFile
1125: Addr=0x7C95753F name=ZwQueryInformationAtom
1126: Addr=0x7C95754F name=ZwQueryInformationFile
1127: Addr=0x7C95755F name=ZwQueryInformationJobObject
1128: Addr=0x7C95756F name=ZwQueryInformationPort
1129: Addr=0x7C95757F name=ZwQueryInformationProcess
1130: Addr=0x7C95758F name=ZwQueryInformationThread
1131: Addr=0x7C95759F name=ZwQueryInformationToken
1132: Addr=0x7C9575AF name=ZwQueryInstallUILanguage
1133: Addr=0x7C9575BF name=ZwQueryIntervalProfile
1134: Addr=0x7C9575CF name=ZwQueryIoCompletion
1135: Addr=0x7C9575DF name=ZwQueryKey
1136: Addr=0x7C9575EF name=ZwQueryMultipleValueKey
1137: Addr=0x7C9575FF name=ZwQueryMutant
1138: Addr=0x7C95760F name=ZwQueryObject
1139: Addr=0x7C95761F name=ZwQueryOpenSubKeys
1140: Addr=0x7C95762F name=ZwQueryOpenSubKeysEx
1141: Addr=0x7C95763F name=ZwQueryPerformanceCounter
1142: Addr=0x7C957DBF name=ZwQueryPortInformationProcess
1143: Addr=0x7C95764F name=ZwQueryQuotaInformationFile
1144: Addr=0x7C95765F name=ZwQuerySection
1145: Addr=0x7C95766F name=ZwQuerySecurityObject
1146: Addr=0x7C95767F name=ZwQuerySemaphore
1147: Addr=0x7C95768F name=ZwQuerySymbolicLinkObject
1148: Addr=0x7C95769F name=ZwQuerySystemEnvironmentValue
1149: Addr=0x7C9576AF name=ZwQuerySystemEnvironmentValueEx
1150: Addr=0x7C9576BF name=ZwQuerySystemInformation
1151: Addr=0x7C9576CF name=ZwQuerySystemTime
1152: Addr=0x7C9576DF name=ZwQueryTimer
1153: Addr=0x7C9576EF name=ZwQueryTimerResolution
1154: Addr=0x7C9576FF name=ZwQueryValueKey
1155: Addr=0x7C95770F name=ZwQueryVirtualMemory
1156: Addr=0x7C95771F name=ZwQueryVolumeInformationFile
1157: Addr=0x7C95772F name=ZwQueueApcThread
1158: Addr=0x7C95773F name=ZwRaiseException
1159: Addr=0x7C95774F name=ZwRaiseHardError
1160: Addr=0x7C95775F name=ZwReadFile
1161: Addr=0x7C95776F name=ZwReadFileScatter
1162: Addr=0x7C95777F name=ZwReadRequestData
1163: Addr=0x7C95778F name=ZwReadVirtualMemory
1164: Addr=0x7C95779F name=ZwRegisterThreadTerminatePort
1165: Addr=0x7C957D9F name=ZwReleaseKeyedEvent
1166: Addr=0x7C9577AF name=ZwReleaseMutant
1167: Addr=0x7C9577BF name=ZwReleaseSemaphore
1168: Addr=0x7C9577CF name=ZwRemoveIoCompletion
1169: Addr=0x7C9577DF name=ZwRemoveProcessDebug
1170: Addr=0x7C9577EF name=ZwRenameKey
1171: Addr=0x7C9577FF name=ZwReplaceKey
1172: Addr=0x7C95780F name=ZwReplyPort
1173: Addr=0x7C95781F name=ZwReplyWaitReceivePort
1174: Addr=0x7C95782F name=ZwReplyWaitReceivePortEx
1175: Addr=0x7C95783F name=ZwReplyWaitReplyPort
1176: Addr=0x7C95784F name=ZwRequestDeviceWakeup
1177: Addr=0x7C95785F name=ZwRequestPort
1178: Addr=0x7C95786F name=ZwRequestWaitReplyPort
1179: Addr=0x7C95787F name=ZwRequestWakeupLatency
1180: Addr=0x7C95788F name=ZwResetEvent
1181: Addr=0x7C95789F name=ZwResetWriteWatch
1182: Addr=0x7C9578AF name=ZwRestoreKey
1183: Addr=0x7C9578BF name=ZwResumeProcess
1184: Addr=0x7C9578CF name=ZwResumeThread
1185: Addr=0x7C9578DF name=ZwSaveKey
1186: Addr=0x7C9578EF name=ZwSaveKeyEx
1187: Addr=0x7C9578FF name=ZwSaveMergedKeys
1188: Addr=0x7C95790F name=ZwSecureConnectPort
1189: Addr=0x7C95791F name=ZwSetBootEntryOrder
1190: Addr=0x7C95792F name=ZwSetBootOptions
1191: Addr=0x7C95793F name=ZwSetContextThread
1192: Addr=0x7C95794F name=ZwSetDebugFilterState
1193: Addr=0x7C95795F name=ZwSetDefaultHardErrorPort
1194: Addr=0x7C95796F name=ZwSetDefaultLocale
1195: Addr=0x7C95797F name=ZwSetDefaultUILanguage
1196: Addr=0x7C95798F name=ZwSetDriverEntryOrder
1197: Addr=0x7C95799F name=ZwSetEaFile
1198: Addr=0x7C9579AF name=ZwSetEvent
1199: Addr=0x7C9579BF name=ZwSetEventBoostPriority
1200: Addr=0x7C9579CF name=ZwSetHighEventPair
1201: Addr=0x7C9579DF name=ZwSetHighWaitLowEventPair
1202: Addr=0x7C9579EF name=ZwSetInformationDebugObject
1203: Addr=0x7C9579FF name=ZwSetInformationFile
1204: Addr=0x7C957A0F name=ZwSetInformationJobObject
1205: Addr=0x7C957A1F name=ZwSetInformationKey
1206: Addr=0x7C957A2F name=ZwSetInformationObject
1207: Addr=0x7C957A3F name=ZwSetInformationProcess
1208: Addr=0x7C957A4F name=ZwSetInformationThread
1209: Addr=0x7C957A5F name=ZwSetInformationToken
1210: Addr=0x7C957A6F name=ZwSetIntervalProfile
1211: Addr=0x7C957A7F name=ZwSetIoCompletion
1212: Addr=0x7C957A8F name=ZwSetLdtEntries
1213: Addr=0x7C957A9F name=ZwSetLowEventPair
1214: Addr=0x7C957AAF name=ZwSetLowWaitHighEventPair
1215: Addr=0x7C957ABF name=ZwSetQuotaInformationFile
1216: Addr=0x7C957ACF name=ZwSetSecurityObject
1217: Addr=0x7C957ADF name=ZwSetSystemEnvironmentValue
1218: Addr=0x7C957AEF name=ZwSetSystemEnvironmentValueEx
1219: Addr=0x7C957AFF name=ZwSetSystemInformation
1220: Addr=0x7C957B0F name=ZwSetSystemPowerState
1221: Addr=0x7C957B1F name=ZwSetSystemTime
1222: Addr=0x7C957B2F name=ZwSetThreadExecutionState
1223: Addr=0x7C957B3F name=ZwSetTimer
1224: Addr=0x7C957B4F name=ZwSetTimerResolution
1225: Addr=0x7C957B5F name=ZwSetUuidSeed
1226: Addr=0x7C957B6F name=ZwSetValueKey
1227: Addr=0x7C957B7F name=ZwSetVolumeInformationFile
1228: Addr=0x7C957B8F name=ZwShutdownSystem
1229: Addr=0x7C957B9F name=ZwSignalAndWaitForSingleObject
1230: Addr=0x7C957BAF name=ZwStartProfile
1231: Addr=0x7C957BBF name=ZwStopProfile
1232: Addr=0x7C957BCF name=ZwSuspendProcess
1233: Addr=0x7C957BDF name=ZwSuspendThread
1234: Addr=0x7C957BEF name=ZwSystemDebugControl
1235: Addr=0x7C957BFF name=ZwTerminateJobObject
1236: Addr=0x7C957C0F name=ZwTerminateProcess
1237: Addr=0x7C957C1F name=ZwTerminateThread
1238: Addr=0x7C957C2F name=ZwTestAlert
1239: Addr=0x7C957C3F name=ZwTraceEvent
1240: Addr=0x7C957C4F name=ZwTranslateFilePath
1241: Addr=0x7C957C5F name=ZwUnloadDriver
1242: Addr=0x7C957C7F name=ZwUnloadKey
1243: Addr=0x7C957C6F name=ZwUnloadKey2
1244: Addr=0x7C957C8F name=ZwUnloadKeyEx
1245: Addr=0x7C957C9F name=ZwUnlockFile
1246: Addr=0x7C957CAF name=ZwUnlockVirtualMemory
1247: Addr=0x7C957CBF name=ZwUnmapViewOfSection
1248: Addr=0x7C957CCF name=ZwVdmControl
1249: Addr=0x7C957CDF name=ZwWaitForDebugEvent
1250: Addr=0x7C957DAF name=ZwWaitForKeyedEvent
1251: Addr=0x7C957DDF name=ZwWaitForMultipleObjects
1252: Addr=0x7C957CEF name=ZwWaitForMultipleObjects32
1253: Addr=0x7C957CFF name=ZwWaitForSingleObject
1254: Addr=0x7C957D0F name=ZwWaitHighEventPair
1255: Addr=0x7C957D1F name=ZwWaitLowEventPair
1256: Addr=0x7C957D2F name=ZwWriteFile
1257: Addr=0x7C957D3F name=ZwWriteFileGather
1258: Addr=0x7C957D4F name=ZwWriteRequestData
1259: Addr=0x7C957D5F name=ZwWriteVirtualMemory
1260: Addr=0x7C957D6F name=ZwYieldExecution
1261: Addr=0x7C9588A9 name=_CIcos
1262: Addr=0x7C958966 name=_CIlog
1263: Addr=0x7C957DF2 name=_CIpow
1264: Addr=0x7C94A4A5 name=_CIsin
1265: Addr=0x7C94A553 name=_CIsqrt
1266: Addr=0x7C93F477 name=__isascii
1267: Addr=0x7C9ACE87 name=__iscsym
1268: Addr=0x7C9ACE37 name=__iscsymf
1269: Addr=0x7C9ACE25 name=__toascii
1270: Addr=0x7C94A60F name=_alldiv
1271: Addr=0x7C94A6B9 name=_alldvrm
1272: Addr=0x7C94A798 name=_allmul
1273: Addr=0x7C94A7CC name=_alloca_probe
1274: Addr=0x7C94A817 name=_allrem
1275: Addr=0x7C94A8CB name=_allshl
1276: Addr=0x7C94A8EA name=_allshr
1277: Addr=0x7C9ACED7 name=_atoi64
1278: Addr=0x7C94A90B name=_aulldiv
1279: Addr=0x7C94A973 name=_aulldvrm
1280: Addr=0x7C94AA08 name=_aullrem
1281: Addr=0x7C94AA7D name=_aullshr
1282: Addr=0x7C94A7CC name=_chkstk
1283: Addr=0x7C9B76B8 name=_fltused
1284: Addr=0x7C94AA9C name=_ftol
1285: Addr=0x7C9AD05A name=_i64toa
1286: Addr=0x7C9AD15D name=_i64tow
1287: Addr=0x7C93D418 name=_itoa
1288: Addr=0x7C9357FD name=_itow
1289: Addr=0x7C9AD1B7 name=_lfind
1290: Addr=0x7C9ACF9B name=_ltoa
1291: Addr=0x7C9AD0B4 name=_ltow
1292: Addr=0x7C94AAC3 name=_memccpy
1293: Addr=0x7C9AD1F0 name=_memicmp
1294: Addr=0x7C9AD200 name=_snprintf
1295: Addr=0x7C94304D name=_snwprintf
1296: Addr=0x7C9AD25E name=_splitpath
1297: Addr=0x7C961983 name=_strcmpi
1298: Addr=0x7C961983 name=_stricmp
1299: Addr=0x7C9AD3A6 name=_strlwr
1300: Addr=0x7C9694C5 name=_strnicmp
1301: Addr=0x7C9AD3D3 name=_strupr
1302: Addr=0x7C9AD400 name=_tolower
1303: Addr=0x7C9AD458 name=_toupper
1304: Addr=0x7C9AD092 name=_ui64toa
1305: Addr=0x7C9AD195 name=_ui64tow
1306: Addr=0x7C9ACFC7 name=_ultoa
1307: Addr=0x7C944005 name=_ultow
1308: Addr=0x7C9AD46A name=_vscwprintf
1309: Addr=0x7C93B3FA name=_vsnprintf
1310: Addr=0x7C96ADCB name=_vsnwprintf
1311: Addr=0x7C965757 name=_wcsicmp
1312: Addr=0x7C96BA49 name=_wcslwr
1313: Addr=0x7C9657D6 name=_wcsnicmp
1314: Addr=0x7C9477C9 name=_wcstoui64
1315: Addr=0x7C9AD4A1 name=_wcsupr
1316: Addr=0x7C9AD4D7 name=_wtoi
1317: Addr=0x7C9AD4E7 name=_wtoi64
1318: Addr=0x7C970391 name=_wtol
1319: Addr=0x7C9AD584 name=abs
1320: Addr=0x7C94AB1E name=atan
1321: Addr=0x7C93DA8C name=atoi
1322: Addr=0x7C93DA97 name=atol
1323: Addr=0x7C95CC80 name=bsearch
1324: Addr=0x7C94ABC1 name=ceil
1325: Addr=0x7C9588BD name=cos
1326: Addr=0x7C9AD599 name=fabs
1327: Addr=0x7C94ACF8 name=floor
1328: Addr=0x7C9ACD26 name=isalnum
1329: Addr=0x7C9ACBB4 name=isalpha
1330: Addr=0x7C9ACDE9 name=iscntrl
1331: Addr=0x7C93F445 name=isdigit
1332: Addr=0x7C9ACDA8 name=isgraph
1333: Addr=0x7C9ACC31 name=islower
1334: Addr=0x7C9ACD67 name=isprint
1335: Addr=0x7C9ACCEA name=ispunct
1336: Addr=0x7C9ACCAE name=isspace
1337: Addr=0x7C9ACBF5 name=isupper
1338: Addr=0x7C9AD651 name=iswalpha
1339: Addr=0x7C949ED9 name=iswctype
1340: Addr=0x7C949F7D name=iswdigit
1341: Addr=0x7C9AD66C name=iswlower
1342: Addr=0x7C9AD69F name=iswspace
1343: Addr=0x7C9AD684 name=iswxdigit
1344: Addr=0x7C9ACC6D name=isxdigit
1345: Addr=0x7C9AD584 name=labs
1346: Addr=0x7C958962 name=log
1347: Addr=0x7C970543 name=mbstowcs
1348: Addr=0x7C94AE40 name=memchr
1349: Addr=0x7C94AEEF name=memcmp
1350: Addr=0x7C94AFA7 name=memcpy
1351: Addr=0x7C94B2ED name=memmove
1352: Addr=0x7C94B62D name=memset
1353: Addr=0x7C957DEE name=pow
1354: Addr=0x7C943DD2 name=qsort
1355: Addr=0x7C94A4B9 name=sin
1356: Addr=0x7C948879 name=sprintf
1357: Addr=0x7C94A567 name=sqrt
1358: Addr=0x7C9AD6B7 name=sscanf
1359: Addr=0x7C94B69D name=strcat
1360: Addr=0x7C958AD7 name=strchr
1361: Addr=0x7C94B78B name=strcmp
1362: Addr=0x7C94B68D name=strcpy
1363: Addr=0x7C94B813 name=strcspn
1364: Addr=0x7C94B857 name=strlen
1365: Addr=0x7C94B8DA name=strncat
1366: Addr=0x7C94BA11 name=strncmp
1367: Addr=0x7C94BA4A name=strncpy
1368: Addr=0x7C94BB6F name=strpbrk
1369: Addr=0x7C94BBAE name=strrchr
1370: Addr=0x7C94BBDB name=strspn
1371: Addr=0x7C958A42 name=strstr
1372: Addr=0x7C9AD8C5 name=strtol
1373: Addr=0x7C9AD8E4 name=strtoul
1374: Addr=0x7C9401EB name=swprintf
1375: Addr=0x7C94BC33 name=tan
1376: Addr=0x7C9AD412 name=tolower
1377: Addr=0x7C96006A name=toupper
1378: Addr=0x7C947349 name=towlower
1379: Addr=0x7C9AD903 name=towupper
1380: Addr=0x7C943D72 name=vDbgPrintEx
1381: Addr=0x7C994375 name=vDbgPrintExWithPrefix
1382: Addr=0x7C9AD917 name=vsprintf
1383: Addr=0x7C942E62 name=wcscat
1384: Addr=0x7C95E828 name=wcschr
1385: Addr=0x7C93B71F name=wcscmp
1386: Addr=0x7C95B47B name=wcscpy
1387: Addr=0x7C93B637 name=wcscspn
1388: Addr=0x7C95A57E name=wcslen
1389: Addr=0x7C93B5F3 name=wcsncat
1390: Addr=0x7C941855 name=wcsncmp
1391: Addr=0x7C95D309 name=wcsncpy
1392: Addr=0x7C971629 name=wcspbrk
1393: Addr=0x7C95CFE2 name=wcsrchr
1394: Addr=0x7C9AD975 name=wcsspn
1395: Addr=0x7C967B94 name=wcsstr
1396: Addr=0x7C93D933 name=wcstol
1397: Addr=0x7C9AD9C3 name=wcstombs
1398: Addr=0x7C943B45 name=wcstoul