API Monitor - Supported API List

AssignProcessToJobObject, CommandLineToArgvW, ConvertThreadToFiber, CreateFiber, CreateJobObjectA, CreateJobObjectW, CreateProcessA, CreateProcessA, CreateProcessAsUserA, CreateProcessAsUserW, CreateProcessW, CreateProcessW, CreateRemoteThread, CreateThread, DeleteFiber, ExitProcess, ExitThread, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetCommandLineA, GetCommandLineW, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, GetEnvironmentStringsA, GetEnvironmentStringsW, GetEnvironmentVariableA, GetEnvironmentVariableW, GetExitCodeProcess, GetExitCodeThread, GetGuiResources, GetPriorityClass, GetProcessAffinityMask, GetProcessPriorityBoost, GetProcessShutdownParameters, GetProcessTimes, GetProcessVersion, GetProcessWorkingSetSize, GetStartupInfoA, GetStartupInfoW, GetThreadPriority, GetThreadPriorityBoost, GetThreadTimes, OpenJobObjectA, OpenJobObjectW, OpenProcess, QueryInformationJobObject, ResumeThread, SetEnvironmentVariableA, SetEnvironmentVariableW, SetInformationJobObject, SetPriorityClass, SetProcessAffinityMask, SetProcessPriorityBoost, SetProcessShutdownParameters, SetProcessWorkingSetSize, SetThreadAffinityMask, SetThreadIdealProcessor, SetThreadPriority, SetThreadPriorityBoost, Sleep, SleepEx, SuspendThread, SwitchToFiber, SwitchToThread, TerminateJobObject, TerminateProcess, TerminateThread, WaitForInputIdle, WinExec

_hread, _hwrite, _lclose, _lcreat, _llseek, _lopen, _lread, _lwrite, AreFileApisANSI, CancelIo, CopyFileA, CopyFileW, CreateDirectoryA, CreateDirectoryExA, CreateDirectoryExW, CreateDirectoryW, CreateFileA, CreateFileW, DeleteFileA, DeleteFileW, FindClose, FindCloseChangeNotification, FindFirstChangeNotificationA, FindFirstChangeNotificationW, FindFirstFileA, FindFirstFileW, FindNextFileA, FindNextFileW, FlushFileBuffers, GetCurrentDirectoryA, GetCurrentDirectoryW, GetDiskFreeSpaceA, GetDiskFreeSpaceExA, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetDriveTypeA, GetDriveTypeW, GetFileAttributesA, GetFileAttributesExA, GetFileAttributesExW, GetFileAttributesW, GetFileInformationByHandle, GetFileSize, GetFileType, GetFullPathNameA, GetFullPathNameW, GetLogicalDrives, GetLogicalDriveStringsA, GetLogicalDriveStringsW, GetLongPathNameA, GetLongPathNameW, GetShortPathNameA, GetShortPathNameW, GetTempFileNameA, GetTempFileNameW, GetTempPathA, GetTempPathW, LockFile, MoveFileA, MoveFileW, MulDiv, OpenFile, QueryDosDeviceA, QueryDosDeviceW, ReadFile, ReadFileEx, RemoveDirectoryA, RemoveDirectoryW, SearchPathA, SearchPathW, SetCurrentDirectoryA, SetCurrentDirectoryW, SetEndOfFile, SetFileApisToANSI, SetFileApisToOEM, SetFileAttributesA, SetFileAttributesW, SetFilePointer, SetHandleCount, SetVolumeLabelA, SetVolumeLabelW, UnlockFile, WriteFile, WriteFileEx

DeviceIoControl

GetModuleFileNameA, GetModuleFileNameW, GetProcAddress, LoadLibraryA – Always Hooked, LoadLibraryExA – Always Hooked LoadLibraryExW – Always Hooked, LoadLibraryW – Always Hooked, LoadModule

GetPrivateProfileIntA, GetPrivateProfileIntW, GetPrivateProfileSectionA, GetPrivateProfileSectionNamesA, GetPrivateProfileSectionNamesW, GetPrivateProfileSectionW, GetPrivateProfileStringA, GetPrivateProfileStringW, GetPrivateProfileStructA, GetPrivateProfileStructW, GetProfileIntA, GetProfileIntW, GetProfileSectionA, GetProfileSectionW, GetProfileStringA, GetProfileStringW, RegCloseKey, RegConnectRegistryA, RegConnectRegistryW, RegCreateKeyA, RegCreateKeyExA, RegCreateKeyExW, RegCreateKeyW, RegDeleteKeyA, RegDeleteKeyW, RegDeleteValueA, RegDeleteValueW, RegEnumKeyA, RegEnumKeyExA, RegEnumKeyExW, RegEnumKeyW, RegEnumValueA, RegEnumValueW, RegFlushKey, RegGetKeySecurity, RegLoadKeyA, RegLoadKeyW, RegNotifyChangeKeyValue, RegOpenKeyA, RegOpenKeyExA, RegOpenKeyExW, RegOpenKeyW, RegOverridePredefKey, RegQueryInfoKeyA, RegQueryInfoKeyW, RegQueryMultipleValuesA, RegQueryMultipleValuesW, RegQueryValueA, RegQueryValueExA, RegQueryValueExW, RegQueryValueW, RegReplaceKeyA, RegReplaceKeyW, RegRestoreKeyA, RegRestoreKeyW, RegSaveKeyA, RegSaveKeyW, RegSetKeySecurity, RegSetValueA, RegSetValueExA, RegSetValueExW, RegSetValueW, RegUnLoadKeyA, RegUnLoadKeyW, WritePrivateProfileSectionA, WritePrivateProfileSectionW, WritePrivateProfileStringA, WritePrivateProfileStringW, WritePrivateProfileStructA, WritePrivateProfileStructW, WriteProfileSectionA, WriteProfileSectionW, WriteProfileStringA, WriteProfileStringW

AccessCheck, AccessCheckAndAuditAlarmA, AccessCheckAndAuditAlarmW, AccessCheckByType, AccessCheckByTypeAndAuditAlarmA, AccessCheckByTypeAndAuditAlarmW, AccessCheckByTypeResultList, AccessCheckByTypeResultListAndAuditAlarmA, AccessCheckByTypeResultListAndAuditAlarmW, AddAccessAllowedAce, AddAccessAllowedAceEx, AddAccessAllowedObjectAce, AddAccessDeniedAce, AddAccessDeniedAceEx, AddAccessDeniedObjectAce, AddAce, AddAuditAccessAce, AddAuditAccessAceEx, AddAuditAccessObjectAce, AdjustTokenGroups, AdjustTokenPrivileges, AllocateAndInitializeSid, AllocateLocallyUniqueId, AreAllAccessesGranted, AreAnyAccessesGranted, BuildExplicitAccessWithNameA, BuildExplicitAccessWithNameW, BuildImpersonateExplicitAccessWithNameA, BuildImpersonateExplicitAccessWithNameW, BuildImpersonateTrusteeA, BuildImpersonateTrusteeW, BuildSecurityDescriptorA, BuildSecurityDescriptorW, BuildTrusteeWithNameA, BuildTrusteeWithNameW, BuildTrusteeWithSidA, BuildTrusteeWithSidW, ConvertToAutoInheritPrivateObjectSecurity, CopySid, CreatePrivateObjectSecurity, CreatePrivateObjectSecurityEx, CreateRestrictedToken, DeleteAce, DestroyPrivateObjectSecurity, DuplicateToken, DuplicateTokenEx, EqualPrefixSid, EqualSid, FindFirstFreeAce, FreeSid, GetAce, GetAclInformation, GetAuditedPermissionsFromAclA, GetAuditedPermissionsFromAclW, GetEffectiveRightsFromAclA, GetEffectiveRightsFromAclW, GetExplicitEntriesFromAclA, GetExplicitEntriesFromAclW, GetFileSecurityA, GetFileSecurityW, GetKernelObjectSecurity, GetLengthSid, GetMultipleTrusteeA, GetMultipleTrusteeOperationA, GetMultipleTrusteeOperationW, GetMultipleTrusteeW, GetNamedSecurityInfoA, GetNamedSecurityInfoW, GetPrivateObjectSecurity, GetSecurityDescriptorControl, GetSecurityDescriptorDacl, GetSecurityDescriptorGroup, GetSecurityDescriptorLength, GetSecurityDescriptorOwner, GetSecurityDescriptorSacl, GetSecurityInfo, GetSidIdentifierAuthority, GetSidLengthRequired, GetSidSubAuthority, GetSidSubAuthorityCount, GetTokenInformation, GetTrusteeFormA, GetTrusteeFormW, GetTrusteeNameA, GetTrusteeNameW, GetTrusteeTypeA, GetTrusteeTypeW, GetUserObjectSecurity, ImpersonateLoggedOnUser, ImpersonateNamedPipeClient, ImpersonateSelf, InitializeAcl, InitializeSecurityDescriptor, InitializeSid, IsTokenRestricted, IsValidAcl, IsValidSecurityDescriptor, IsValidSid, LogonUserA, LogonUserW, LookupAccountNameA, LookupAccountNameW, LookupAccountSidA, LookupAccountSidW, LookupPrivilegeDisplayNameA, LookupPrivilegeDisplayNameW, LookupPrivilegeNameA, LookupPrivilegeNameW, LookupPrivilegeValueA, LookupPrivilegeValueW, LookupSecurityDescriptorPartsA, LookupSecurityDescriptorPartsW, MakeAbsoluteSD, MakeSelfRelativeSD, MapGenericMask, ObjectCloseAuditAlarmA, ObjectCloseAuditAlarmW, ObjectDeleteAuditAlarmA, ObjectDeleteAuditAlarmW, ObjectOpenAuditAlarmA, ObjectOpenAuditAlarmW, ObjectPrivilegeAuditAlarmA, ObjectPrivilegeAuditAlarmW, OpenProcessToken, OpenThreadToken, PrivilegeCheck, PrivilegedServiceAuditAlarmA, PrivilegedServiceAuditAlarmW, RevertToSelf, SetAclInformation, SetEntriesInAclA, SetEntriesInAclW, SetFileSecurityA, SetFileSecurityW, SetKernelObjectSecurity, SetNamedSecurityInfoA, SetNamedSecurityInfoW, SetPrivateObjectSecurity, SetPrivateObjectSecurityEx, SetSecurityDescriptorControl, SetSecurityDescriptorDacl, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, SetSecurityDescriptorSacl, SetSecurityInfo, SetThreadToken, SetTokenInformation, SetUserObjectSecurity

ChangeServiceConfig2A, ChangeServiceConfig2W, ChangeServiceConfigA, ChangeServiceConfigW, CloseServiceHandle, ControlService, CreateServiceA, CreateServiceW, DeleteService, EnumDependentServicesA, EnumDependentServicesW, EnumServicesStatusA, EnumServicesStatusW, GetServiceDisplayNameA, GetServiceDisplayNameW, GetServiceKeyNameA, GetServiceKeyNameW, LockServiceDatabase, NotifyBootConfigStatus, OpenSCManagerA, OpenSCManagerW, OpenServiceA, OpenServiceW, QueryServiceConfig2A, QueryServiceConfig2W, QueryServiceConfigA, QueryServiceConfigW, QueryServiceLockStatusA, QueryServiceLockStatusW, QueryServiceObjectSecurity, QueryServiceStatus, RegisterServiceCtrlHandlerA, RegisterServiceCtrlHandlerW, SetServiceObjectSecurity, SetServiceStatus, StartServiceA, StartServiceCtrlDispatcherA, StartServiceCtrlDispatcherW, StartServiceW, UnlockServiceDatabase

MultinetGetConnectionPerformanceA, MultinetGetConnectionPerformanceW, NetAlertRaise, NetAlertRaiseEx, NetApiBufferAllocate, NetApiBufferFree, NetApiBufferReallocate, NetApiBufferSize, NetConnectionEnum, NetFileClose, NetFileGetInfo, NetGetAnyDCName, NetGetDCName, NetGetDisplayInformationIndex, NetGroupAdd, NetGroupAddUser, NetGroupDel, NetGroupDelUser, NetGroupEnum, NetGroupGetInfo, NetGroupGetUsers, NetGroupSetInfo, NetGroupSetUsers, NetLocalGroupAdd, NetLocalGroupAddMember, NetLocalGroupAddMembers, NetLocalGroupDel, NetLocalGroupDelMember, NetLocalGroupDelMembers, NetLocalGroupEnum, NetLocalGroupGetInfo, NetLocalGroupGetMembers, NetLocalGroupSetInfo, NetLocalGroupSetMembers, NetMessageBufferSend, NetMessageNameAdd, NetMessageNameDel, NetMessageNameEnum, NetMessageNameGetInfo, NetQueryDisplayInformation, NetRemoteComputerSupports, NetRemoteTOd, NetReplExportDirAdd, NetReplExportDirDel, NetReplExportDirEnum, NetReplExportDirGetInfo, NetReplExportDirLock, NetReplExportDirSetInfo, NetReplExportDirUnlock, NetReplGetInfo, NetReplImportDirAdd, NetReplImportDirDel, NetReplImportDirEnum, NetReplImportDirGetInfo, NetReplImportDirLock, NetReplImportDirUnlock, NetReplSetInfo, NetScheduleJobAdd, NetScheduleJobDel, NetScheduleJobEnum, NetScheduleJobGetInfo, NetServerComputerNameAdd, NetServerComputerNameDel, NetServerDiskEnum, NetServerEnum, NetServerEnumEx, NetServerGetInfo, NetServerSetInfo, NetServerTransportAdd, NetServerTransportAddEx, NetServerTransportDel, NetServerTransportEnum, NetSessionDel, NetSessionEnum, NetSessionGetInfo, NetShareAdd, NetShareCheck, NetShareDel, NetShareEnum, NetShareGetInfo, NetShareSetInfo, NetStatisticsGet, NetUseAdd, NetUseDel, NetUseEnum, NetUseGetInfo, NetUserAdd, NetUserChangePassword, NetUserDel, NetUserEnum, NetUserGetGroups, NetUserGetInfo, NetUserGetLocalGroups, NetUserModalsGet, NetUserModalsSet, NetUserSetGroups, NetUserSetInfo, NetWkstaGetInfo, NetWkstaSetInfo, NetWkstaTransportAdd, NetWkstaTransportDel, NetWkstaTransportEnum, NetWkstaUserEnum, NetWkstaUserGetInfo, NetWkstaUserSetInfo, WNetAddConnection2A, WNetAddConnection2W, WNetAddConnection3A, WNetAddConnection3W, WNetAddConnectionA, WNetAddConnectionW, WNetCancelConnection2A, WNetCancelConnection2W, WNetCancelConnectionA, WNetCancelConnectionW, WNetCloseEnum, WNetConnectionDialog, WNetConnectionDialog1A, WNetConnectionDialog1W, WNetDisconnectDialog, WNetDisconnectDialog1A, WNetDisconnectDialog1W, WNetEnumResourceA, WNetEnumResourceW, WNetGetConnectionA, WNetGetConnectionW, WNetGetLastErrorA, WNetGetLastErrorW, WNetGetNetworkInformationA, WNetGetNetworkInformationW, WNetGetProviderNameA, WNetGetProviderNameW, WNetGetResourceInformationA, WNetGetResourceInformationW, WNetGetResourceParentA, WNetGetResourceParentW, WNetGetUniversalNameA, WNetGetUniversalNameW, WNetGetUserA, WNetGetUserW, WNetOpenEnumA, WNetOpenEnumW, WNetUseConnectionA, WnetUseConnectionW

accept, bind, closesocket, connect, gethostbyaddr, gethostbyname, gethostname, getpeername, getprotobyname, getprotobynumber, getservbyname, getservbyport, getsockname, getsockopt, htonl, htons, inet_addr, inet_ntoa, ioctlsocket, listen, ntohl, ntohs, recv, recvfrom, select, send, sendto, setsockopt, shutdown, socket, WSAAccept, WSAAddressToStringA, WSAAddressToStringW, WSAAsyncGetHostByAddr, WSAAsyncGetHostByName, WSAAsyncGetProtoByName, WSAAsyncGetProtoByNumber, WSAAsyncGetServByName, WSAAsyncGetServByPort, WSAAsyncSelect, WSACancelAsyncRequest, WSACancelBlockingCall, WSACleanup, WSACloseEvent, WSAConnect, WSACreateEvent, WSADuplicateSocketA, WSADuplicateSocketW, WSAEnumNameSpaceProvidersA, WSAEnumNameSpaceProvidersW, WSAEnumNetworkEvents, WSAEnumProtocolsA, WSAEnumProtocolsW, WSAEventSelect, WSAGetLastError, WSAGetOverlappedResult, WSAGetQOSByName, WSAGetServiceClassInfoA, WSAGetServiceClassInfoW, WSAGetServiceClassNameByClassIdA, WSAGetServiceClassNameByClassIdW, WSAHtonl, WSAHtons, WSAInstallServiceClassA, WSAInstallServiceClassW, WSAIoctl, WSAIsBlocking, WSAJoinLeaf, WSALookupServiceBeginA, WSALookupServiceBeginW, WSALookupServiceEnd, WSALookupServiceNextA, WSALookupServiceNextW, WSANtohl, WSANtohs, WSAProviderConfigChange, WSARecv, WSARecvDisconnect, WSARecvFrom, WSARemoveServiceClass, WSAResetEvent, WSASend, WSASendDisconnect, WSASendTo, WSASetBlockingHook, WSASetEvent, WSASetLastError, WSASetServiceA, WSASetServiceW, WSASocketA, WSASocketW, WSAStartup, WSAStringToAddressA, WSAStringToAddressW, WSAUnhookBlockingHook, WSAWaitForMultipleEvents, WSCDeinstallProvider, WSCEnableNSProvider, WSCEnumProtocols, WSCGetProviderPath, WSCInstallNameSpace, WSCInstallProvider, WSCUnInstallNameSpace

ContinueDebugEvent, DebugActiveProcess, DebugBreak, FatalExit, FlushInstructionCache, GetThreadContext, GetThreadSelectorEntry, IsDebuggerPresent, OutputDebugStringA, OutputDebugStringW, ReadProcessMemory, SetDebugErrorLevel, SetThreadContext, WaitForDebugEvent, WriteProcessMemory

CloseHandle, DuplicateHandle, GetHandleInformation, SetHandleInformation

AdjustWindowRect, AdjustWindowRectEx, AllowSetForegroundWindow, AnimateWindow, AnyPopup, ArrangeIconicWindows, BeginDeferWindowPos, BringWindowToTop, CascadeWindows, ChildWindowFromPoint, ChildWindowFromPointEx, CloseWindow, CreateWindowExA, CreateWindowExW, DeferWindowPos, DestroyWindow, EndDeferWindowPos, EnumChildWindows, EnumThreadWindows, EnumWindows, FindWindowA, FindWindowExA, FindWindowExW, FindWindowW, GetAltTabInfoA, GetAltTabInfoW, GetAncestor, GetClientRect, GetDesktopWindow, GetForegroundWindow, GetGUIThreadInfo, GetLastActivePopup, GetLayout, GetParent, GetProcessDefaultLayout, GetTitleBarInf, GetTopWindow, GetWindow, GetWindowInfo, GetWindowModuleFileNameA, GetWindowModuleFileNameW, GetWindowPlacement, GetWindowRect, GetWindowTextA, GetWindowTextLengthA, GetWindowTextLengthW, GetWindowTextW, GetWindowThreadProcessId, IsChild, IsIconic, IsWindow, IsWindowUnicode, IsWindowVisible, IsZoomed, LockSetForegroundWindow, MoveWindow, OpenIcon, RealChildWindowFromPoint, RealGetWindowClassA, RealGetWindowClassW, SetForegroundWindow, SetLayeredWindowAttributes, SetLayout, SetParent, SetProcessDefaultLayout, SetWindowPlacement, SetWindowPos, SetWindowTextA, SetWindowTextW, ShowOwnedPopups, ShowWindow, ShowWindowAsync, TileWindows, UpdateLayeredWindow, WindowFromPoint

CreateDialogIndirectParamA, CreateDialogIndirectParamW, CreateDialogParamA, CreateDialogParamW, DefDlgProcA, DefDlgProcW, DialogBoxIndirectParamA, DialogBoxIndirectParamW, DialogBoxParamA, DialogBoxParamW, EndDialog, GetDialogBaseUnits, GetDlgCtrlID, GetDlgItem, GetDlgItemInt, GetDlgItemTextA, GetDlgItemTextW, GetNextDlgGroupItem, GetNextDlgTabItem, IsDialogMessageA, IsDialogMessageW, MapDialogRect, MessageBoxA, MessageBoxExA, MessageBoxExW, MessageBoxIndirectA, MessageBoxIndirectW, MessageBoxW, SendDlgItemMessageA, SendDlgItemMessageW, SetDlgItemInt, SetDlgItemTextA, SetDlgItemTextW

GetWriteWatch, GlobalMemoryStatus, GlobalMemoryStatusEx, IsBadCodePtr, IsBadReadPtr, IsBadStringPtrA, IsBadStringPtrW, IsBadWritePtr, ResetWriteWatch,AllocateUserPhysicalPages, FreeUserPhysicalPages, MapUserPhysicalPages, MapUserPhysicalPagesScatter, GlobalAlloc, GlobalFlags, GlobalFree, GlobalHandle, GlobalLock, GlobalReAlloc, GlobalSize, GlobalUnlock, LocalAlloc, LocalFlags, LocalFree, LocalHandle, LocalLock, LocalReAlloc, LocalSize, LocalUnlock, GetProcessHeap, GetProcessHeaps, HeapAlloc, HeapCompact, HeapCreate, HeapDestroy, HeapFree, HeapLock, HeapReAlloc, HeapSize, HeapUnlock, HeapValidate, HeapWalk, VirtualAlloc, VirtualAllocEx, VirtualFree, VirtualFreeEx, VirtualLock, VirtualProtect, VirtualProtectEx, VirtualQuery, VirtualQueryEx, VirtualUnlock, GetFreeSpace, GlobalCompact, GlobalFix, GlobalUnfix, GlobalUnWire, GlobalWire, IsBadHugeReadPtr, IsBadHugeWritePtr, LocalCompact, LocalShrink

GetClassInfoA, GetClassInfoW, GetClassInfoExA, GetClassInfoExW, GetClassLongA, GetClassLongW, GetClassLongPtrA, GetClassLongPtrW, RegisterClassA, RegisterClassW, RegisterClassExA, RegisterClassExW, SetClassLongA, SetClassLongW, SetClassLongPtrA, SetClassLongPtrW, SetWindowLongA, SetWindowLongW, SetWindowLongPtrA, SetWindowLongPtrW, UnregisterClassA, UnregisterClassW, GetClassWord, GetWindowWord, SetClassWord, SetWindowWord

CsrAllocateCaptureBuffer, CsrAllocateCapturePointer, CsrAllocateMessagePointer, CsrCaptureMessageBuffer, CsrCaptureMessageString, CsrCaptureTimeout, CsrClientCallServer, CsrClientConnectToServer, CsrFreeCaptureBuffer, CsrIdentifyAlertableThread, CsrNewThread, CsrProbeForRead, CsrProbeForWrite, CsrSetPriorityClass

LdrAccessResource, LdrDisableThreadCalloutsForDll, LdrEnumResources, LdrFindEntryForAddress, LdrFindResource_U, LdrFindResourceDirectory_U, LdrGetDllHandle, LdrGetProcedureAddress, LdrInitializeThunk, LdrLoadDll, LdrProcessRelocationBlock, LdrQueryImageFileExecutionOptions, LdrQueryProcessModuleInformation, LdrShutdownProcess, LdrShutdownThread, LdrUnloadDll, LdrVerifyImageMatchesChecksum

NtAcceptConnectPort/ZwAcceptConnectPort, NtCompleteConnectPort/ZwCompleteConnectPort, NtConnectPort/ZwConnectPort, NtCreatePort/ZwCreatePort, NtImpersonateClientOfPort/ZwImpersonateClientOfPort, NtListenPort/ZwListenPort, NtQueryInformationPort/ZwQueryInformationPort, NtReadRequestData/ZwReadRequestData, NtReplyPort/ZwReplyPort, NtReplyWaitReceivePort/ZwReplyWaitReceivePort, NtReplyWaitReplyPort/ZwReplyWaitReplyPort, NtRequestPort/ZwRequestPort, NtRequestWaitReplyPort/ZwRequestWaitReplyPort, NtSecureConnectPort/ZwSecureConnectPort, NtWriteRequestData/ZwWriteRequestData

NtAccessCheck/ZwAccessCheck, NtAccessCheckAndAuditAlarm/ZwAccessCheckAndAuditAlarm, NtAccessCheckByType/ZwAccessCheckByType, NtAccessCheckByTypeAndAuditAlarm/ZwAccessCheckByTypeAndAuditAlarm, NtAccessCheckByTypeResultList/ZwAccessCheckByTypeResultList, NtAdjustGroupsToken/ZwAdjustGroupsToken, NtAdjustPrivilegesToken/ZwAdjustPrivilegesToken, NtCloseObjectAuditAlarm/ZwCloseObjectAuditAlarm, NtCreateToken/ZwCreateToken, NtDeleteObjectAuditAlarm/ZwDeleteObjectAuditAlarm, NtDuplicateToken/ZwDuplicateToken, NtFilterToken/ZwFilterToken, NtImpersonateThread/ZwImpersonateThread, NtOpenObjectAuditAlarm/ZwOpenObjectAuditAlarm, NtOpenProcessToken/ZwOpenProcessToken, NtOpenThreadToken/ZwOpenThreadToken, NtPrivilegeCheck/ZwPrivilegeCheck, NtPrivilegedServiceAuditAlarm/ZwPrivilegedServiceAuditAlarm, NtPrivilegeObjectAuditAlarm/ZwPrivilegeObjectAuditAlarm, NtQueryInformationToken/ZwQueryInformationToken, NtQuerySecurityObject/ZwQuerySecurityObject, NtSetInformationToken/ZwSetInformationToken, NtSetSecurityObject/ZwSetSecurityObject

NtAddAtom/ZwAddAtom, NtDeleteAtom/ZwDeleteAtom, NtFindAtom/ZwFindAtom, NtQueryInformationAtom/ZwQueryInformationAtom

NtAlertResumeThread/ZwAlertResumeThread, NtAlertThread/ZwAlertThread, NtCreateProcess/ZwCreateProcess, NtCreateThread/ZwCreateThread, NtCurrentTeb, NtDelayExecution/ZwDelayExecution, NtGetContextThread/ZwGetContextThread, NtOpenProcess/ZwOpenProcess, NtOpenThread/ZwOpenThread, NtQueryInformationProcess/ZwQueryInformationProcess, NtQueryInformationThread/ZwQueryInformationThread, NtQueueApcThread/ZwQueueApcThread, NtResumeThread/ZwResumeThread, NtSetContextThread/ZwSetContextThread, NtSetHighWaitLowThread/ZwSetHighWaitLowThread, NtSetInformationProcess/ZwSetInformationProcess, NtSetInformationThread/ZwSetInformationThread, NtSetLowWaitHighThread/ZwSetLowWaitHighThread, NtSuspendThread/ZwSuspendThread, NtTerminateProcess/ZwTerminateProcess, NtTerminateThread/ZwTerminateThread, NtTestAlert/ZwTestAlert, NtYieldExecution/ZwYieldExecution

NtAllocateVirtualMemory/ZwAllocateVirtualMemory, NtAllocateVirtualMemory64/ZwAllocateVirtualMemory64, NtAreMappedFilesTheSame/ZwAreMappedFilesTheSame, NtCreateSection/ZwCreateSection, NtExtendSection/ZwExtendSection, NtFlushVirtualMemory/ZwFlushVirtualMemory, NtFreeVirtualMemory/ZwFreeVirtualMemory, NtFreeVirtualMemory64/ZwFreeVirtualMemory64, NtLockVirtualMemory/ZwLockVirtualMemory, NtMapViewOfSection/ZwMapViewOfSection, NtMapViewOfVlmSection/ZwMapViewOfVlmSection, NtOpenSection/ZwOpenSection, NtProtectVirtualMemory/ZwProtectVirtualMemory, NtProtectVirtualMemory64/ZwProtectVirtualMemory64, NtQueryVirtualMemory/ZwQueryVirtualMemory, NtQueryVirtualMemory64/ZwQueryVirtualMemory64, NtReadVirtualMemory/ZwReadVirtualMemory, NtReadVirtualMemory64/ZwReadVirtualMemory64, NtUnlockVirtualMemory/ZwUnlockVirtualMemory, NtUnmapViewOfSection/ZwUnmapViewOfSection, NtUnmapViewOfVlmSection/ZwUnmapViewOfVlmSection, NtWriteVirtualMemory/ZwWriteVirtualMemory, NtWriteVirtualMemory64/ZwWriteVirtualMemory64

NtAssignProcessToJobObject/ZwAssignProcessToJobObject, NtCreateJobObject/ZwCreateJobObject, NtOpenJobObject/ZwOpenJobObject, NtQueryInformationJobObject/ZwQueryInformationJobObject, NtSetInformationJobObject/ZwSetInformationJobObject, NtTerminateJobObject/ZwTerminateJobObject

NtCancelIoFile/ZwCancelIoFile, NtCreateFile/ZwCreateFile, NtCreateIoCompletion/ZwCreateIoCompletion, NtDeleteFile/ZwDeleteFile, NtDeviceIoControlFile/ZwDeviceIoControlFile, NtFlushBuffersFile/ZwFlushBuffersFile, NtFsControlFile/ZwFsControlFile, NtLockFile/ZwLockFile, NtNotifyChangeDirectoryFile/ZwNotifyChangeDirectoryFile, NtOpenFile/ZwOpenFile, NtOpenIoCompletion/ZwOpenIoCompletion, NtQueryAttributesFile/ZwQueryAttributesFile, NtQueryDirectoryFile/ZwQueryDirectoryFile, NtQueryEaFile/ZwQueryEaFile, NtQueryIoCompletion/ZwQueryIoCompletion, NtQueryQuotaInformationFile/ZwQueryQuotaInformationFile, NtQueryVolumeInformationFile/ZwQueryVolumeInformationFile, NtReadFile/ZwReadFile, NtReadFile64/ZwReadFile64, NtReadFileScatter/ZwReadFileScatter, NtRemoveIoCompletion/ZwRemoveIoCompletion, NtSetEaFile/ZwSetEaFile, NtSetInformationFile/ZwSetInformationFile, NtSetIoCompletion/ZwSetIoCompletion, NtSetQuotaInformationFile/ZwSetQuotaInformationFile, NtSetVolumeInformationFile/ZwSetVolumeInformationFile, NtUnlockFile/ZwUnlockFile, NtWriteFile/ZwWriteFile, NtWriteFile64/ZwWriteFile64, NtWriteFileGather/ZwWriteFileGather, NtQueryFullAttributesFile/ZwQueryFullAttributesFile, NtQueryInformationFile/ZwQueryInformationFile

RtlAbortRXact, RtlAbsoluteToSelfRelativeSD, RtlAcquirePebLock, RtlAcquireResourceExclusive, RtlAcquireResourceShared, RtlAddAccessAllowedAce, RtlAddAccessDeniedAce, RtlAddAce, RtlAddActionToRXact, RtlAddAtomToAtomTable, RtlAddAttributeActionToRXact, RtlAddAuditAccessAce, RtlAddCompoundAce, RtlAdjustPrivilege, RtlAllocateAndInitializeSid, RtlAllocateHandle, RtlAllocateHeap, RtlAnsiCharToUnicodeChar, RtlAnsiStringToUnicodeSize, RtlAnsiStringToUnicodeString, RtlAppendAsciizToString, RtlAppendStringToString, RtlAppendUnicodeStringToString, RtlAppendUnicodeToString, RtlApplyRXact, RtlApplyRXactNoFlush, RtlAreAllAccessesGranted, RtlAreAnyAccessesGranted, RtlAreBitsClear, RtlAreBitsSet, RtlAssert, RtlCaptureStackBackTrace, RtlCharToInteger, RtlCheckRegistryKey, RtlClearAllBits, RtlClearBits, RtlClosePropertySet, RtlCompactHeap, RtlCompareMemory, RtlCompareMemoryUlong, RtlCompareString, RtlCompareUnicodeString, RtlCompareVariants, RtlCompressBuffer, RtlConsoleMultiByteToUnicodeN, RtlConvertExclusiveToShared, RtlConvertLongToLargeInteger, RtlConvertPropertyToVariant, RtlConvertSharedToExclusive, RtlConvertSidToUnicodeString, RtlConvertUiListToApiList, RtlConvertUlongToLargeInteger, RtlConvertVariantToProperty, RtlCopyLuid, RtlCopyLuidAndAttributesArray, RtlCopySecurityDescriptor, RtlCopySid, RtlCopySidAndAttributesArray, RtlCopyString, RtlCopyUnicodeString, RtlCreateAcl, RtlCreateAndSetSD, RtlCreateAtomTable, RtlCreateEnvironment, RtlCreateHeap, RtlCreateProcessParameters, RtlCreatePropertySet, RtlCreateQueryDebugBuffer, RtlCreateRegistryKey, RtlCreateSecurityDescriptor, RtlCreateTagHeap, RtlCreateUnicodeString, RtlCreateUnicodeStringFromAsciiz, RtlCreateUserProcess, RtlCreateUserSecurityObject, RtlCreateUserThread, RtlCustomCPToUnicodeN, RtlCutoverTimeToSystemTime, RtlDecompressBuffer, RtlDecompressFragment, RtlDelete, RtlDeleteAce, RtlDeleteAtomFromAtomTable, RtlDeleteCriticalSection, RtlDeleteElementGenericTable, RtlDeleteNoSplay, RtlDeleteRegistryValue, RtlDeleteResource, RtlDeleteSecurityObject, RtlDeNormalizeProcessParams, RtlDestroyAtomTable, RtlDestroyEnvironment, RtlDestroyHandleTable, RtlDestroyHeap, RtlDestroyProcessParameters, RtlDestroyQueryDebugBuffer, RtlDetermineDosPathNameType_U, RtlDoesFileExists_U, RtlDosPathNameToNtPathName_U, RtlDosSearchPath_U, RtlDowncaseUnicodeString, RtlDumpResource, RtlEmptyAtomTable, RtlEnlargedIntegerMultiply, RtlEnlargedUnsignedDivide, RtlEnlargedUnsignedMultiply, RtlEnterCriticalSection, RtlEnumerateGenericTable, RtlEnumerateGenericTableWithoutSplaying, RtlEnumerateProperties, RtlEnumProcessHeaps, RtlEqualComputerName, RtlEqualDomainName, RtlEqualLuid, RtlEqualPrefixSid, RtlEqualSid, RtlEqualString, RtlEqualUnicodeString, RtlEraseUnicodeString, RtlExpandEnvironmentStrings_U, RtlExtendedIntegerMultiply, RtlExtendedLargeIntegerDivide, RtlExtendedMagicDivide, RtlExtendHeap, RtlFillMemory, RtlFillMemoryUlong, RtlFindClearBits, RtlFindClearBitsAndSet, RtlFindLongestRunClear, RtlFindLongestRunSet, RtlFindMessage, RtlFindSetBits, RtlFindSetBitsAndClear, RtlFirstFreeAce, RtlFlushPropertySet, RtlFormatCurrentUserKeyPath, RtlFormatMessage, RtlFreeAnsiString, RtlFreeHandle, RtlFreeHeap, RtlFreeOemString, RtlFreeSid, RtlFreeUnicodeString, RtlFreeUserThreadStack, RtlGenerate8dot3Name, RtlGetAce, RtlGetCallersAddress, RtlGetCompressionWorkSpaceSize, RtlGetControlSecurityDescriptor, RtlGetCurrentDirectory_U, RtlGetDaclSecurityDescriptor, RtlGetElementGenericTable, RtlGetFullPathName_U, RtlGetGroupSecurityDescriptor, RtlGetLongestNtPathLength, RtlGetNtGlobalFlags, RtlGetNtProductType, RtlGetOwnerSecurityDescriptor, RtlGetProcessHeaps, RtlGetSaclSecurityDescriptor, RtlGetUserInfoHeap, RtlGuidToPropertySetName, RtlIdentifierAuthoritySid, RtlImageDirectoryEntryToData, RtlImageNtHeader, RtlImageRvaToSection, RtlImageRvaToVa, RtlImpersonateSelf, RtlInitAnsiString, RtlInitCodePageTable, RtlInitializeAtomPackage, RtlInitializeBitMap, RtlInitializeContext, RtlInitializeCriticalSection, RtlInitializeCriticalSectionAndSpinCount, RtlInitializeGenericTable, RtlInitializeHandleTable, RtlInitializeResource, RtlInitializeRXact, RtlInitializeSid, RtlInitNlsTables, RtlInitString, RtlInitUnicodeString, RtlInsertElementGenericTable, RtlIntegerToChar, RtlIntegerToUnicodeString, RtlIsDosDeviceName_U, RtlIsGenericTableEmpty, RtlIsNameLegalDOS8Dot3, RtlIsTextUnicode, RtlIsValidHandle, RtlIsValidIndexHandle, RtlLargeIntegerAdd, RtlLargeIntegerArithmeticShift, RtlLargeIntegerDivide, RtlLargeIntegerNegate, RtlLargeIntegerShiftLeft, RtlLargeIntegerShiftRight, RtlLargeIntegerSubtract, RtlLargeIntegerToChar, RtlLeaveCriticalSection, RtlLengthRequiredSid, RtlLengthSecurityDescriptor, RtlLengthSid, RtlLocalTimeToSystemTime, RtlLockHeap, RtlLookupAtomInAtomTable, RtlLookupElementGenericTable, RtlMakeSelfRelativeSD, RtlMapGenericMask, RtlMoveMemory, RtlMultiByteToUnicodeN, RtlMultiByteToUnicodeSize, RtlNewInstanceSecurityObject, RtlNewSecurityGrantedAccess, RtlNewSecurityObject, RtlNormalizeProcessParams, RtlNtStatusToDosError, RtlNumberGenericTableElements, RtlNumberOfClearBits, RtlNumberOfSetBits, RtlOemStringToUnicodeSize, RtlOemStringToUnicodeString, RtlOemToUnicodeN, RtlOnMappedStreamEvent, RtlOpenCurrentUser, RtlPcToFileHeader, RtlPinAtomInAtomTable, RtlpNtCreateKey, RtlpNtEnumerateSubKey, RtlpNtMakeTemporaryKey, RtlpNtOpenKey, RtlpNtQueryValueKey, RtlpNtSetValueKey, RtlPrefixString, RtlPrefixUnicodeString, RtlPropertySetNameToGuid, RtlProtectHeap, RtlpUnWaitCriticalSection, RtlpWaitForCriticalSection, RtlQueryAtomInAtomTable, RtlQueryEnvironmentVariable_U, RtlQueryInformationAcl, RtlQueryProcessBackTraceInformation, RtlQueryProcessDebugInformation, RtlQueryProcessHeapInformation, RtlQueryProcessLockInformation, RtlQueryProperties, RtlQueryPropertyNames, RtlQueryPropertySet, RtlQueryRegistryValues, RtlQuerySecurityObject, RtlQueryTagHeap, RtlQueryTimeZoneInformation, RtlRaiseException, RtlRaiseStatus, RtlRandom, RtlReAllocateHeap, RtlRealPredecessor, RtlRealSuccessor, RtlReleasePebLock, RtlReleaseResource, RtlRemoteCall, RtlResetRtlTranslations, RtlRunDecodeUnicodeString, RtlRunEncodeUnicodeString, RtlSecondsSince1970ToTime, RtlSecondsSince1980ToTime, RtlSelfRelativeToAbsoluteSD, RtlSetAllBits, RtlSetAttributesSecurityDescriptor, RtlSetBits, RtlSetCriticalSectionSpinCount, RtlSetCurrentDirectory_U, RtlSetCurrentEnvironment, RtlSetDaclSecurityDescriptor, RtlSetEnvironmentVariable, RtlSetGroupSecurityDescriptor, RtlSetInformationAcl, RtlSetOwnerSecurityDescriptor, RtlSetProperties, RtlSetPropertyNames, RtlSetPropertySetClassId, RtlSetSaclSecurityDescriptor, RtlSetSecurityObject, RtlSetTimeZoneInformation, RtlSetUnicodeCallouts, RtlSetUserFlagsHeap, RtlSetUserValueHeap, RtlSizeHeap, RtlSplay, RtlStartRXact, RtlSubAuthorityCountSid, RtlSubAuthoritySid, RtlSubtreePredecessor, RtlSubtreeSuccessor, RtlSystemTimeToLocalTime, RtlTimeFieldsToTime, RtlTimeToElapsedTimeFields, RtlTimeToSecondsSince1970, RtlTimeToSecondsSince1980, RtlTimeToTimeFields, RtlTryEnterCriticalSection, RtlUnicodeStringToAnsiSize, RtlUnicodeStringToAnsiString, RtlUnicodeStringToCountedOemString, RtlUnicodeStringToInteger, RtlUnicodeStringToOemSize, RtlUnicodeStringToOemString, RtlUnicodeToCustomCPN, RtlUnicodeToMultiByteN, RtlUnicodeToMultiByteSize, RtlUnicodeToOemN, RtlUniform, RtlUnlockHeap, RtlUnwind, RtlUpcaseUnicodeChar, RtlUpcaseUnicodeString, RtlUpcaseUnicodeStringToAnsiString, RtlUpcaseUnicodeStringToCountedOemString, RtlUpcaseUnicodeStringToOemString, RtlUpcaseUnicodeToCustomCPN, RtlUpcaseUnicodeToMultiByteN, RtlUpcaseUnicodeToOemN, RtlUpperChar, RtlUpperString, RtlUsageHeap, RtlValidAcl, RtlValidateHeap, RtlValidateProcessHeaps, RtlValidSecurityDescriptor, RtlValidSid, RtlWalkHeap, RtlWriteRegistryValue, RtlxAnsiStringToUnicodeSize, RtlxOemStringToUnicodeSize, RtlxUnicodeStringToAnsiSize, RtlxUnicodeStringToOemSize, RtlZeroHeap, RtlZeroMemory

NtCancelTimer/ZwCancelTimer, NtCreateTimer/ZwCreateTimer, NtGetTickCount/ZwGetTickCount, NtOpenTimer/ZwOpenTimer, NtQueryPerformanceCounter/ZwQueryPerformanceCounter, NtQuerySystemTime/ZwQuerySystemTime, NtQueryTimer/ZwQueryTimer, NtQueryTimerResolution/ZwQueryTimerResolution, NtSetSystemTime/ZwSetSystemTime, NtSetTimer/ZwSetTimer, NtSetTimerResolution/ZwSetTimerResolution

NtClearEvent/ZwClearEvent, NtCreateEvent/ZwCreateEvent, NtCreateEventPair/ZwCreateEventPair, NtCreateMutant/ZwCreateMutant, NtCreateSemaphore/ZwCreateSemaphore, NtOpenEvent/ZwOpenEvent, NtOpenEventPair/ZwOpenEventPair, NtOpenMutant/ZwOpenMutant, NtOpenSemaphore/ZwOpenSemaphore, NtPulseEvent/ZwPulseEvent, NtQueryEvent/ZwQueryEvent, NtQueryMutant/ZwQueryMutant, NtQuerySemaphore/ZwQuerySemaphore, NtReleaseMutant/ZwReleaseMutant, NtReleaseProcessMutant/ZwReleaseProcessMutant, NtReleaseSemaphore/ZwReleaseSemaphore, NtReleaseThreadMutant/ZwReleaseThreadMutant, NtResetEvent/ZwResetEvent, NtSetEvent/ZwSetEvent, NtSetHighEventPair/ZwSetHighEventPair, NtSetHighWaitLowEventPair/ZwSetHighWaitLowEventPair, NtSetLowEventPair/ZwSetLowEventPair, NtSetLowWaitHighEventPair/ZwSetLowWaitHighEventPair, NtSignalAndWaitForSingleObject/ZwSignalAndWaitForSingleObject, NtWaitForMultipleObjects/ZwWaitForMultipleObjects, NtWaitForSingleObject/ZwWaitForSingleObject, NtWaitHighEventPair/ZwWaitHighEventPair, NtWaitLowEventPair/ZwWaitLowEventPair

NtClose/ZwClose, NtCreateDirectoryObject/ZwCreateDirectoryObject, NtCreateSymbolicLinkObject/ZwCreateSymbolicLinkObject, NtDuplicateObject/ZwDuplicateObject, NtMakeTemporaryObject/ZwMakeTemporaryObject, NtOpenDirectoryObject/ZwOpenDirectoryObject, NtOpenSymbolicLinkObject/ZwOpenSymbolicLinkObject, NtQueryDirectoryObject/ZwQueryDirectoryObject, NtQueryObject/ZwQueryObject, NtQuerySymbolicLinkObject/ZwQuerySymbolicLinkObject, NtSetInformationObject/ZwSetInformationObject

NtContinue/ZwContinue, NtRaiseException/ZwRaiseException, NtRaiseHardError/ZwRaiseHardError, NtSetDefaultHardErrorPort/ZwSetDefaultHardErrorPort

NtCreateChannel/ZwCreateChannel, NtListenChannel/ZwListenChannel, NtOpenChannel/ZwOpenChannel, NtReplyWaitSendChannel/ZwReplyWaitSendChannel, NtSendWaitReplyChannel/ZwSendWaitReplyChannel, NtSetContextChannel/ZwSetContextChannel

NtCreateKey/ZwCreateKey, NtDeleteKey/ZwDeleteKey, NtDeleteValueKey/ZwDeleteValueKey, NtEnumerateKey/ZwEnumerateKey, NtEnumerateValueKey/ZwEnumerateValueKey, NtFlushKey/ZwFlushKey, NtInitializeRegistry/ZwInitializeRegistry, NtLoadKey/ZwLoadKey, NtLoadKey2/ZwLoadKey2, NtNotifyChangeKey/ZwNotifyChangeKey, NtOpenKey/ZwOpenKey, NtQueryKey/ZwQueryKey, NtQueryMultipleValueKey/ZwQueryMultipleValueKey, NtQueryMultiplValueKey/ZwQueryMultiplValueKey, NtQueryValueKey/ZwQueryValueKey, NtReplaceKey/ZwReplaceKey, NtRestoreKey/ZwRestoreKey, NtSaveKey/ZwSaveKey, NtSetInformationKey/ZwSetInformationKey, NtSetValueKey/ZwSetValueKey, NtUnloadKey/ZwUnloadKey

NtCreateMailslotFile/ZwCreateMailslotFile, NtCreateNamedPipeFile/ZwCreateNamedPipeFile, NtCreatePagingFile/ZwCreatePagingFile

NtCreateProfile/ZwCreateProfile, NtQueryIntervalProfile/ZwQueryIntervalProfile, NtRegisterThreadTerminatePort/ZwRegisterThreadTerminatePort, NtSetIntervalProfile/ZwSetIntervalProfile, NtStartProfile/ZwStartProfile, NtStopProfile/ZwStopProfile, NtSystemDebugControl/ZwSystemDebugControl

NtEnumerateBus/ZwEnumerateBus, NtFlushInstructionCache/ZwFlushInstructionCache, NtFlushWriteBuffer/ZwFlushWriteBuffer, NtSetLdtEntries/ZwSetLdtEntries

NtGetPlugPlayEvent/ZwGetPlugPlayEvent, NtPlugPlayControl/ZwPlugPlayControl

NtInitiatePowerAction/ZwInitiatePowerAction, NtPowerInformation/ZwPowerInformation, NtRequestWakeupLatency/ZwRequestWakeupLatency, NtSetSystemPowerState/ZwSetSystemPowerState, NtSetThreadExecutionState/ZwSetThreadExecutionState

NtLoadDriver/ZwLoadDriver, NtRegisterNewDevice/ZwRegisterNewDevice, NtUnloadDriver/ZwUnloadDriver

NtQueryDefaultLocale/ZwQueryDefaultLocale, NtQueryDefaultUILanguage/ZwQueryDefaultUILanguage, NtQuerySystemEnvironmentValue/ZwQuerySystemEnvironmentValue, NtSetDefaultLocale/ZwSetDefaultLocale, NtSetDefaultUILanguage/ZwSetDefaultUILanguage, NtSetSystemEnvironmentValue/ZwSetSystemEnvironmentValue

DbgBreakPoint, DbgPrint, DbgPrompt, DbgSsHandleKmApiMsg, DbgSsInitialize, DbgUiConnectToDbg, DbgUiContinue, DbgUiWaitStateChange, DbgUserBreakPoint, KiRaiseUserExceptionDispatcher, KiUserApcDispatcher, KiUserCallbackDispatcher, KiUserExceptionDispatcher, NlsAnsiCodePage, NlsMbCodePageTag, NlsMbOemCodePageTag, NtAllocateLocallyUniqueId/ZwAllocateLocallyUniqueId, NtAllocateUuids/ZwAllocateUuids, NtCallbackReturn/ZwCallbackReturn, NtDisplayString/ZwDisplayString, NtQueryOleDirectoryFile/ZwQueryOleDirectoryFile, NtQuerySection/ZwQuerySection, NtQuerySystemInformation/ZwQuerySystemInformation, NtSetSystemInformation/ZwSetSystemInformation, NtShutdownSystem/ZwShutdownSystem, NtVdmControl/ZwVdmControl, NtW32Call/ZwW32Call, PfxFindPrefix, PfxInitialize, PfxInsertPrefix, PfxRemovePrefix, PropertyLengthAsVariant, RestoreEm87Context, SaveEm87Context