PDB Symbols - filetrace.sys (0x0657F9FD1A2474150AA9AEF8EE3650B02B6F89C1BAB7574FEAFBF08DBC852F57)

Generated by JEB on 2019/08/01

PE: C:\Windows\System32\drivers\filetrace.sys Base=0x1C0000000 SHA-256=0657F9FD1A2474150AA9AEF8EE3650B02B6F89C1BAB7574FEAFBF08DBC852F57
PDB: filetrace.pdb GUID={C2E18F51-883D-21BD-86EC837B8817C4A7} Age=1

191 located named symbols:
0x1C00045D8: "Start" ??_C@_1M@IOJLKPKK@?$AAS?$AAt?$AAa?$AAr?$AAt?$AA?$AA@
0x1C00071B0: "__cdecl _imp_ExAcquireFastMutex" __imp_ExAcquireFastMutex
0x1C0004378: "lh %I64X, " ??_C@_0L@MCJKJGMO@lh?5?$CFI64X?0?5?$AA@
0x1C00044E0: "Network drive mask " ??_C@_0BE@KKHDOEMJ@Network?5drive?5mask?5?$AA@
0x1C0007040: "__cdecl _imp_FltGetFileNameInformation" __imp_FltGetFileNameInformation
0x1C0005028: "__cdecl _security_cookie_complement" __security_cookie_complement
0x1C00071C8: "__cdecl _imp_ObfDereferenceObject" __imp_ObfDereferenceObject
0x1C0004570: "->PASS " ??_C@_07CEECCIDP@?9?$DOPASS?6?$AA@
0x1C0005080: FileTraceData
0x1C0005260: ThreadTable
0x1C0002240: FTPostOnlyOpCallback
0x1C0007208: "__cdecl _imp_ExInitializeNPagedLookasideList" __imp_ExInitializeNPagedLookasideList
0x1C0007210: "__cdecl _imp_RtlInitUnicodeString" __imp_RtlInitUnicodeString
0x1C00037B0: "__cdecl guard_dispatch_icall_nop" _guard_dispatch_icall_nop
0x1C0007108: "__cdecl _imp_PsGetProcessCreateTimeQuadPart" __imp_PsGetProcessCreateTimeQuadPart
0x1C0005000: WmiRegistrationContext
0x1C00019B8: FTReleaseOpResources
0x1C0007160: "__cdecl _imp_ExpInterlockedPushEntrySList" __imp_ExpInterlockedPushEntrySList
0x1C0007158: "__cdecl _imp_SeQueryInformationToken" __imp_SeQueryInformationToken
0x1C0004650: GUID_IO_VOLUME_NAME_CHANGE
0x1C00044C8: "All drives mask " ??_C@_0BB@CNOLLOMI@All?5drives?5mask?5?$AA@
0x1C0005C00: SessionLock
0x1C0007018: "__cdecl _imp_FltAllocateContext" __imp_FltAllocateContext
0x1C0007060: "__cdecl _imp_FltQuerySecurityObject" __imp_FltQuerySecurityObject
0x1C00042F8: "logger = %I64X, " ??_C@_0BB@FJEJNMGP@logger?5?$DN?5?$CFI64X?0?5?$AA@
0x1C0007240: "__cdecl _guard_dispatch_icall_fptr" __guard_dispatch_icall_fptr
0x1C0005C38: GlobalLateBoundFunctions
0x1C0008000: FilterContexts
0x1C00045F8: FT_MessageGuid
0x1C0007200: "__cdecl _imp_MmGetSystemRoutineAddress" __imp_MmGetSystemRoutineAddress
0x1C0007148: "__cdecl _imp_KeInitializeSpinLock" __imp_KeInitializeSpinLock
0x1C0009698: DetachFromDrives
0x1C0003020: FormatFileTraceEvent
0x1C0007180: "__cdecl _imp_RtlAppendUnicodeStringToString" __imp_RtlAppendUnicodeStringToString
0x1C0004510: "Bad device object ->FAIL " ??_C@_0BK@HHMOABA@Bad?5device?5object?5?9?$DOFAIL?6?$AA@
0x1C0007138: "__cdecl _imp_IoRegisterPlugPlayNotification" __imp_IoRegisterPlugPlayNotification
0x1C0009810: AttachToRequestedDrives
0x1C0004128: "__cdecl _guard_iat_table" __guard_iat_table
0x1C00037C0: memcpy
0x1C0007100: "__cdecl _imp_IoWMIWriteEvent" __imp_IoWMIWriteEvent
0x1C00045D0: "%ws" ??_C@_17EEOGHOKP@?$AA?$CF?$AAw?$AAs?$AA?$AA@
0x1C00070E8: "__cdecl _imp_RtlAbsoluteToSelfRelativeSD" __imp_RtlAbsoluteToSelfRelativeSD
0x1C000365D: "__cdecl _C_specific_handler" __C_specific_handler
0x1C00045E8: "Flags" ??_C@_1M@OAJFFPML@?$AAF?$AAl?$AAa?$AAg?$AAs?$AA?$AA@
0x1C00037C0: memmove
0x1C0004000: ControlGuidStrings
0x1C000B480: FTFilterUnload
0x1C0004410: " NOTHING!!! " ??_C@_0N@CJLNFKPL@?7NOTHING?$CB?$CB?$CB?6?$AA@
0x1C00036AC: "__cdecl _GSHandlerCheckCommon" __GSHandlerCheckCommon
0x1C0007130: "__cdecl _imp_IoGetDeviceObjectPointer" __imp_IoGetDeviceObjectPointer
0x1C00045A8: "WMI\GlobalLogger\" ??_C@_1CE@NKMJEEEC@?$AAW?$AAM?$AAI?$AA?2?$AAG?$AAl?$AAo?$AAb?$AAa?$AAl?$AAL?$AAo?$AAg?$AAg?$AAe?$AAr?$AA?2?$AA?$AA@
0x1C00070C0: "__cdecl _imp_FltRegisterFilter" __imp_FltRegisterFilter
0x1C0007028: "__cdecl _imp_FltReleaseFileNameInformation" __imp_FltReleaseFileNameInformation
0x1C0007010: "__cdecl _imp_FltGetVolumeName" __imp_FltGetVolumeName
0x1C000359C: ThreadTableClear
0x1C0004480: "FileTrace!AttachToRequestedDrive" ??_C@_0CK@NNKHJNGK@FileTrace?$CBAttachToRequestedDrive@
0x1C0007188: "__cdecl _imp_MmIsAddressValid" __imp_MmIsAddressValid
0x1C0004620: "0x00000000" ??_C@_1BG@MKOGCF@?$AA0?$AAx?$AA0?$AA0?$AA0?$AA0?$AA0?$AA0?$AA0?$AA0?$AA?$AA@
0x1C0007110: "__cdecl _imp_PsGetProcessSessionId" __imp_PsGetProcessSessionId
0x1C00071D8: "__cdecl _imp_ExReleaseFastMutex" __imp_ExReleaseFastMutex
0x1C0004438: " Keeping attachment to 0x%x " ??_C@_0BN@EHJDPNEP@?7Keeping?5attachment?5to?50x?$CFx?6?$AA@
0x1C00090F0: FTTraceCallback
0x1C0007118: "__cdecl _imp_ZwQueryInformationFile" __imp_ZwQueryInformationFile
0x1C00070F0: "__cdecl _imp_IoGetTopLevelIrp" __imp_IoGetTopLevelIrp
0x1C00044B0: " Checking Volume: " ??_C@_0BD@FNBLPKPK@?7Checking?5Volume?3?5?$AA@
0x1C00071A8: "__cdecl _imp_ExAllocatePoolWithTag" __imp_ExAllocatePoolWithTag
0x1C0004578: "->FAIL " ??_C@_07NJBDJKAP@?9?$DOFAIL?6?$AA@
0x1C0004558: "Bad volume name " ??_C@_0BB@FJPOGGOM@Bad?5volume?5name?5?$AA@
0x1C000C284: InitBootLoggingIfSet
0x1C00071D0: "__cdecl _imp_RtlUpcaseUnicodeChar" __imp_RtlUpcaseUnicodeChar
0x1C00070D8: FLTMGR_NULL_THUNK_DATA
0x1C0003714: "__cdecl _GSHandlerCheck_SEH" __GSHandlerCheck_SEH
0x1C0007228: "__cdecl _imp___C_specific_handler" __imp___C_specific_handler
0x1C0005030: ControlGuids
0x1C0004160: "RtlQueryRegistryValuesEx" ??_C@_1DC@OAPHKEJN@?$AAR?$AAt?$AAl?$AAQ?$AAu?$AAe?$AAr?$AAy?$AAR?$AAe?$AAg?$AAi?$AAs?$AAt?$AAr?$AAy?$AAV?$AAa?$AAl?$AAu?$AAe?$AAs?$AAE?$AAx?$AA?$AA@
0x1C0007220: "__cdecl _imp_PsReferenceImpersonationToken" __imp_PsReferenceImpersonationToken
0x1C0004290: "127D46AF-4AD3-489f-9165-F00BA64D" ??_C@_1EK@MJDLEMJO@?$AA1?$AA2?$AA7?$AAD?$AA4?$AA6?$AAA?$AAF?$AA?9?$AA4?$AAA?$AAD?$AA3?$AA?9?$AA4?$AA8?$AA9?$AAf?$AA?9?$AA9?$AA1?$AA6?$AA5?$AA?9?$AAF?$AA0?$AA0?$AAB?$AAA?$AA6?$AA4?$AAD@
0x1C0003688: "__cdecl _GSHandlerCheck" __GSHandlerCheck
0x1C0007178: "__cdecl _imp_ExpInterlockedPopEntrySList" __imp_ExpInterlockedPopEntrySList
0x1C0008070: FilterRegistration
0x1C0007048: "__cdecl _imp_FltIsDirectory" __imp_FltIsDirectory
0x1C0007080: "__cdecl _imp_FltGetDiskDeviceObject" __imp_FltGetDiskDeviceObject
0x1C0007050: "__cdecl _imp_FltReleaseContext" __imp_FltReleaseContext
0x1C0007190: "__cdecl _imp_RtlLengthSecurityDescriptor" __imp_RtlLengthSecurityDescriptor
0x1C00080E0: FTCallbacks
0x1C0001008: RtlStringCbPrintfW
0x1C000B73C: RemoveAttachedVolume
0x1C0009EAC: GetPreviousValue
0x1C0004340: "Refcount now %d " ??_C@_0BB@NMGEKCAM@Refcount?5now?5?$CFd?6?$AA@
0x1C0009CB4: GetLastAccessTime
0x1C000C5A0: GsDriverEntry
0x1C0007238: "__cdecl _guard_check_icall_fptr" __guard_check_icall_fptr
0x1C0007170: "__cdecl _imp_RtlAppendUnicodeToString" __imp_RtlAppendUnicodeToString
0x1C00041F0: "058DD951-7604-414d-A5D6-A56D3536" ??_C@_1EK@PLGGMAEE@?$AA0?$AA5?$AA8?$AAD?$AAD?$AA9?$AA5?$AA1?$AA?9?$AA7?$AA6?$AA0?$AA4?$AA?9?$AA4?$AA1?$AA4?$AAd?$AA?9?$AAA?$AA5?$AAD?$AA6?$AA?9?$AAA?$AA5?$AA6?$AAD?$AA3?$AA5?$AA3?$AA6@
0x1C000B5A0: FTInstanceTeardownStart
0x1C0004328: "TargetIndex = %d, " ??_C@_0BD@CFBNOJHD@TargetIndex?5?$DN?5?$CFd?0?5?$AA@
0x1C0002CA0: FTShutdownCallback
0x1C0007038: "__cdecl _imp_FltQueryVolumeInformation" __imp_FltQueryVolumeInformation
0x1C0004548: "Bit mask 0x%x " ??_C@_0P@LBIDKLIC@Bit?5mask?50x?$CFx?5?$AA@
0x1C0003550: FTContextCleanup
0x1C00043B8: "active session flags 0x%x " ??_C@_0BL@NBFDJMHI@active?5session?5flags?50x?$CFx?6?$AA@
0x1C00070B8: "__cdecl _imp_FltStartFiltering" __imp_FltStartFiltering
0x1C00070A0: "__cdecl _imp_FltAllocateGenericWorkItem" __imp_FltAllocateGenericWorkItem
0x1C0003620: "__cdecl _security_check_cookie" __security_check_cookie
0x1C0007098: "__cdecl _imp_FltObjectDereference" __imp_FltObjectDereference
0x1C000725C: "__cdecl _IMPORT_DESCRIPTOR_FLTMGR" __IMPORT_DESCRIPTOR_FLTMGR
0x1C0007248: "__cdecl _IMPORT_DESCRIPTOR_ntoskrnl" __IMPORT_DESCRIPTOR_ntoskrnl
0x1C00043D8: "FileTrace!DetachFromDrives: Star" ??_C@_0DF@FJLLEECA@FileTrace?$CBDetachFromDrives?3?5Star@
0x1C0004130: "KeAreAllApcsDisabled" ??_C@_1CK@JMIFAJIG@?$AAK?$AAe?$AAA?$AAr?$AAe?$AAA?$AAl?$AAl?$AAA?$AAp?$AAc?$AAs?$AAD?$AAi?$AAs?$AAa?$AAb?$AAl?$AAe?$AAd?$AA?$AA@
0x1C00070A8: "__cdecl _imp_FltGetVolumeProperties" __imp_FltGetVolumeProperties
0x1C000B6B0: DeviceChangeNotificationRoutine
0x1C0004310: "No matching guid " ??_C@_0BC@ICHEENMK@No?5matching?5guid?6?$AA@
0x1C000B590: FTInstanceQueryTeardown
0x1C00070B0: "__cdecl _imp_FltEnumerateVolumes" __imp_FltEnumerateVolumes
0x1C0007068: "__cdecl _imp_FltGetVolumeContext" __imp_FltGetVolumeContext
0x1C000AF60: FTInstanceSetup
0x1C000D000: "__cdecl _guard_fids_table" __guard_fids_table
0x1C00041A0: "D75D8303-6C21-4bde-9C98-ECC6320F" ??_C@_1EK@JPOHCINJ@?$AAD?$AA7?$AA5?$AAD?$AA8?$AA3?$AA0?$AA3?$AA?9?$AA6?$AAC?$AA2?$AA1?$AA?9?$AA4?$AAb?$AAd?$AAe?$AA?9?$AA9?$AAC?$AA9?$AA8?$AA?9?$AAE?$AAC?$AAC?$AA6?$AA3?$AA2?$AA0?$AAF@
0x1C0001090: FTPreOpCallback
0x1C00071C0: "__cdecl _imp_IoVolumeDeviceToDosName" __imp_IoVolumeDeviceToDosName
0x1C00043A0: "SESSION NOT FOUND! " ??_C@_0BE@FFPLCLLJ@SESSION?5NOT?5FOUND?$CB?6?$AA@
0x1C0004020: "__cdecl load_config_used" _load_config_used
0x1C0007168: "__cdecl _imp_PsDereferencePrimaryToken" __imp_PsDereferencePrimaryToken
0x1C0007058: "__cdecl _imp_FltGetRequestorProcess" __imp_FltGetRequestorProcess
0x1C0004530: "Drive letter '%c' " ??_C@_0BD@FPBCAMGL@Drive?5letter?5?8?$CFc?8?5?$AA@
0x1C00034E0: SetCallResult
0x1C0007120: "__cdecl _imp_PsDereferenceImpersonationToken" __imp_PsDereferenceImpersonationToken
0x1C0005BD8: SessionSerialNumber
0x1C0004580: "FileTrace!AttachToRequestedDrive" ??_C@_0CI@INKOGBIN@FileTrace?$CBAttachToRequestedDrive@
0x1C00071F8: "__cdecl _imp_KeInitializeEvent" __imp_KeInitializeEvent
0x1C00071E0: "__cdecl _imp_WmiQueryTraceInformation" __imp_WmiQueryTraceInformation
0x1C0007090: "__cdecl _imp_FltDetachVolume" __imp_FltDetachVolume
0x1C0007070: "__cdecl _imp_FltFreeGenericWorkItem" __imp_FltFreeGenericWorkItem
0x1C0007218: "__cdecl _imp_ExDeleteNPagedLookasideList" __imp_ExDeleteNPagedLookasideList
0x1C0003670: "__cdecl guard_check_icall_nop" _guard_check_icall_nop
0x1C00070F8: "__cdecl _imp_PsReferencePrimaryToken" __imp_PsReferencePrimaryToken
0x1C0007198: "__cdecl _imp_IoWMIRegistrationControl" __imp_IoWMIRegistrationControl
0x1C0004420: " Detaching from 0x%x " ??_C@_0BG@EHOPMPPL@?7Detaching?5from?50x?$CFx?6?$AA@
0x1C0007088: "__cdecl _imp_FltAttachVolume" __imp_FltAttachVolume
0x1C0005020: "__cdecl _security_cookie" __security_cookie
0x1C00042E0: "IRP_MN_ENABLE_EVENTS: " ??_C@_0BH@DJNLNGCA@IRP_MN_ENABLE_EVENTS?3?5?$AA@
0x1C0004608: ":00000000-" ??_C@_1BG@JNIJPAED@?$AA?3?$AA0?$AA0?$AA0?$AA0?$AA0?$AA0?$AA0?$AA0?$AA?9?$AA?$AA@
0x1C00044F8: "Local drive mask " ??_C@_0BC@LJLOFMAH@Local?5drive?5mask?5?$AA@
0x1C0007140: "__cdecl _imp_ExInterlockedInsertHeadList" __imp_ExInterlockedInsertHeadList
0x1C0004240: "7DA1385C-F8F5-41cc-B9D0-02FCA090" ??_C@_1EK@DOCIPMLC@?$AA7?$AAD?$AAA?$AA1?$AA3?$AA8?$AA5?$AAC?$AA?9?$AAF?$AA8?$AAF?$AA5?$AA?9?$AA4?$AA1?$AAc?$AAc?$AA?9?$AAB?$AA9?$AAD?$AA0?$AA?9?$AA0?$AA2?$AAF?$AAC?$AAA?$AA0?$AA9?$AA0@
0x1C00071E8: "__cdecl _imp_DbgPrintEx" __imp_DbgPrintEx
0x1C0007030: "__cdecl _imp_FltQueryInformationFile" __imp_FltQueryInformationFile
0x1C00071B8: "__cdecl _imp_RtlQueryRegistryValues" __imp_RtlQueryRegistryValues
0x1C00070C8: "__cdecl _imp_FltUnregisterFilter" __imp_FltUnregisterFilter
0x1C0007000: "__cdecl _imp_FltGetVolumeGuidName" __imp_FltGetVolumeGuidName
0x1C00071F0: "__cdecl _imp__vsnwprintf" __imp__vsnwprintf
0x1C0005248: FTSequenceNumber
0x1C00070E0: "__cdecl _imp_PsGetProcessWin32WindowStation" __imp_PsGetProcessWin32WindowStation
0x1C0004358: "FileTrace!DisableSession: " ??_C@_0BL@PCGFADFF@FileTrace?$CBDisableSession?3?5?$AA@
0x1C0007008: "__cdecl _imp_FltObjectReference" __imp_FltObjectReference
0x1C000C5D4: "__cdecl _security_init_cookie" __security_init_cookie
0x1C0004638: ":00000001-" ??_C@_1BG@FGNFCDOG@?$AA?3?$AA0?$AA0?$AA0?$AA0?$AA0?$AA0?$AA0?$AA1?$AA?9?$AA?$AA@
0x1C0004458: "FileTrace!DetachFromDrives: END " ??_C@_0CB@DPEJKJKG@FileTrace?$CBDetachFromDrives?3?5END?6@
0x1C0004388: "target session %d, " ??_C@_0BE@KBBFGACE@target?5session?5?$CFd?0?5?$AA@
0x1C0001B10: FTPostOpCallback
0x1C00070D0: "__cdecl _imp_FltSetVolumeContext" __imp_FltSetVolumeContext
0x1C000A3B8: CreateParameterBlob
0x1C0005BE0: LogSessions
0x1C0007020: "__cdecl _imp_FltGetRequestorProcessId" __imp_FltGetRequestorProcessId
0x1C0003650: "__cdecl _report_gsfailure" __report_gsfailure
0x1C0007078: "__cdecl _imp_FltQueueGenericWorkItem" __imp_FltQueueGenericWorkItem
0x1C0007128: "__cdecl _imp_IoUnregisterPlugPlayNotification" __imp_IoUnregisterPlugPlayNotification
0x1C0007150: "__cdecl _imp_ExQueryDepthSList" __imp_ExQueryDepthSList
0x1C0009D48: GetUserSidAndAcessToken
0x1C0007230: ntoskrnl_NULL_THUNK_DATA
0x1C00071A0: "__cdecl _imp_ExFreePoolWithTag" __imp_ExFreePoolWithTag
0x1C000B7F0: UpdateDosDriveLetter
0x1C000C008: DriverEntry
0x1C0009008: FTInitTracing
0x1C0009470: DisableSession
0x1C0003B00: memset
0x1C0007270: "__cdecl _NULL_IMPORT_DESCRIPTOR" __NULL_IMPORT_DESCRIPTOR

[JEB Decompiler by PNF Software]