ExXxx():
ExAllocatePoolWithTag()
ExAcquireFastMutex
ExGetPreviousMode
IoXxx():io管理器相关的KeXxx
IoCreateDevice
IoCreateSymbolicLink
IoGetCurrentIrpStackLocation
IoAttachDeviceToDeviceStack
IoAllocateIrp
IoSetCompletionRoutine
KeXxx()与同步相关
KeWaitForSingleObject
KeSetEvent
KeInitializeEvent
OBXxx()跟驱动对象相关
ObReferenceObjectByHandle
ObQueryNameString
PsGetCurrentProcess
PsGetCurrentProcessId
PsCreateSystemThread
PsLookupProcessByProcessId
RtlXxx()运行时库,字符串操作相关
RtlZeroMemory
RtlInitUnicodeString
ZwXxx()与文件注册表相关的操作
ZwOpenKey
ZwCreateFile
ZwOpenProcess
ZwQuerySystemInformation
MmXxx()跟内存相关
MmGetSystemRoutineAddress
MmIsAddressValid