Generated by JEB on 2019/08/01

PE: C:\Windows\System32\drivers\applockerfltr.sys Base=0x1C0000000 SHA-256=0AF16409D67B85191C25C45A7EC5639C4385E7E34269BE34FF3FD9148E077D9F
PDB: applockerfltr.pdb GUID={CF10A45D-E3D1-6EF1-DEFCB47ADA9C53E7} Age=1

110 located named symbols:
0x1C0001170: SmPreWrite
0x1C0005038: "__cdecl _imp_FltGetFileNameInformation" __imp_FltGetFileNameInformation
0x1C0003058: "__cdecl _security_cookie_complement" __security_cookie_complement
0x1C00050F8: "__cdecl _imp_ObfDereferenceObject" __imp_ObfDereferenceObject
0x1C0001670: "__cdecl guard_dispatch_icall_nop" _guard_dispatch_icall_nop
0x1C0002310: "SMARTLOCKER://ORIGINCLAIM" ??_C@_1DE@EPPICNLN@?$AAS?$AAM?$AAA?$AAR?$AAT?$AAL?$AAO?$AAC?$AAK?$AAE?$AAR?$AA?3?$AA?1?$AA?1?$AAO?$AAR?$AAI?$AAG?$AAI?$AAN?$AAC?$AAL?$AAA?$AAI?$AAM?$AA?$AA@
0x1C0002468: "__cdecl TraceLoggingMetadata" _TraceLoggingMetadata
0x1C0005160: "__cdecl _imp_ZwOpenProcess" __imp_ZwOpenProcess
0x1C0001434: SmGetCurrentAndParentProcessNames
0x1C0005080: "__cdecl _imp_FltAllocateContext" __imp_FltAllocateContext
0x1C0003070: SmData
0x1C0001210: SmpQueryFile
0x1C0001008: "__cdecl TlgWrite" _TlgWrite
0x1C0005180: "__cdecl _guard_dispatch_icall_fptr" __guard_dispatch_icall_fptr
0x1C0001250: SmpReadFile
0x1C0006CD0: SmLogSmartlockerFilterStatusEvent
0x1C0002010: Callbacks
0x1C0001680: memcpy
0x1C0005060: "__cdecl _imp_FltReleaseResource" __imp_FltReleaseResource
0x1C0001160: SmQueryTeardown
0x1C0005008: "__cdecl _imp_FltGetStreamHandleContext" __imp_FltGetStreamHandleContext
0x1C0002350: "\REGISTRY\MACHINE\System\Current" ??_C@_1KG@JIFPMPIC@?$AA?2?$AAR?$AAE?$AAG?$AAI?$AAS?$AAT?$AAR?$AAY?$AA?2?$AAM?$AAA?$AAC?$AAH?$AAI?$AAN?$AAE?$AA?2?$AAS?$AAy?$AAs?$AAt?$AAe?$AAm?$AA?2?$AAC?$AAu?$AAr?$AAr?$AAe?$AAn?$AAt@
0x1C0006090: SmInstanceSetup
0x1C0001680: memmove
0x1C0005058: "__cdecl _imp_FltAcquireResourceShared" __imp_FltAcquireResourceShared
0x1C00015FC: "__cdecl _GSHandlerCheckCommon" __GSHandlerCheckCommon
0x1C0005090: "__cdecl _imp_FltRegisterFilter" __imp_FltRegisterFilter
0x1C0005018: "__cdecl _imp_FltReleaseFileNameInformation" __imp_FltReleaseFileNameInformation
0x1C0006BAC: SmCheckOrigin
0x1C0005168: "__cdecl _imp_EtwSetInformation" __imp_EtwSetInformation
0x1C00011D0: SmPostWrite
0x1C0005128: "__cdecl _imp_ExAllocatePoolWithTag" __imp_ExAllocatePoolWithTag
0x1C0005140: "__cdecl _imp_EtwWriteTransfer" __imp_EtwWriteTransfer
0x1C0005028: "__cdecl _imp_FltFsControlFile" __imp_FltFsControlFile
0x1C00050A8: FLTMGR_NULL_THUNK_DATA
0x1C00050D0: "__cdecl _imp_PsGetProcessInheritedFromUniqueProcessId" __imp_PsGetProcessInheritedFromUniqueProcessId
0x1C00015D8: "__cdecl _GSHandlerCheck" __GSHandlerCheck
0x1C00050A0: "__cdecl _imp_FltPerformSynchronousIo" __imp_FltPerformSynchronousIo
0x1C0005150: "__cdecl _imp_ZwCreateFile" __imp_ZwCreateFile
0x1C0002090: FilterRegistration
0x1C0005138: "__cdecl _imp_RtlGetVersion" __imp_RtlGetVersion
0x1C0002238: SrpEventProviderId
0x1C0005050: "__cdecl _imp_FltReleaseContext" __imp_FltReleaseContext
0x1C0005048: "__cdecl _imp_FltSetStreamHandleContext" __imp_FltSetStreamHandleContext
0x1C0005158: "__cdecl _imp_ZwDeviceIoControlFile" __imp_ZwDeviceIoControlFile
0x1C0007400: GsDriverEntry
0x1C0005178: "__cdecl _guard_check_icall_fptr" __guard_check_icall_fptr
0x1C00050E0: "__cdecl _imp_ObReferenceObjectByHandle" __imp_ObReferenceObjectByHandle
0x1C00050B0: "__cdecl _imp_ZwQueryValueKey" __imp_ZwQueryValueKey
0x1C0006010: "__cdecl TlgEnableCallback" _TlgEnableCallback
0x1C00010B0: "__cdecl TlgDefineProvider_annotation__Tlgg_hLogProviderProv" _TlgDefineProvider_annotation__Tlgg_hLogProviderProv
0x1C0005000: "__cdecl _imp_FltStartFiltering" __imp_FltStartFiltering
0x1C0005088: "__cdecl _imp_FltAllocateCallbackData" __imp_FltAllocateCallbackData
0x1C0001580: "__cdecl _security_check_cookie" __security_check_cookie
0x1C00060B0: SmPreCreate
0x1C000519C: "__cdecl _IMPORT_DESCRIPTOR_FLTMGR" __IMPORT_DESCRIPTOR_FLTMGR
0x1C0005188: "__cdecl _IMPORT_DESCRIPTOR_ntoskrnl" __IMPORT_DESCRIPTOR_ntoskrnl
0x1C000268D: "__cdecl TraceLoggingMetadataEnd" _TraceLoggingMetadataEnd
0x1C0002220: "\??\AppID" ??_C@_1BE@MMEKBBNK@?$AA?2?$AA?$DP?$AA?$DP?$AA?2?$AAA?$AAp?$AAp?$AAI?$AAD?$AA?$AA@
0x1C0001298: SmCheckProcessOrigin
0x1C0003098: g_EtwEventHandle
0x1C00050E8: "__cdecl _imp_RtlInitAnsiString" __imp_RtlInitAnsiString
0x1C00022F0: GUID_ECP_PREFETCH_OPEN
0x1C0006AE0: SmPreCleanup
0x1C0002270: ContextRegistration
0x1C0005108: "__cdecl _imp_SeQuerySecurityAttributesToken" __imp_SeQuerySecurityAttributesToken
0x1C0005130: "__cdecl _imp_EtwUnregister" __imp_EtwUnregister
0x1C0008000: "__cdecl _guard_fids_table" __guard_fids_table
0x1C0002110: "__cdecl load_config_used" _load_config_used
0x1C0005100: "__cdecl _imp_PsDereferencePrimaryToken" __imp_PsDereferencePrimaryToken
0x1C0005068: "__cdecl _imp_FltFindExtraCreateParameter" __imp_FltFindExtraCreateParameter
0x1C0002300: AppIdSmartlockerFilterStatus
0x1C0005110: "__cdecl _imp_ZwClose" __imp_ZwClose
0x1C00050F0: "__cdecl _imp_PsGetProcessId" __imp_PsGetProcessId
0x1C0005148: "__cdecl _imp_IoThreadToProcess" __imp_IoThreadToProcess
0x1C0005070: "__cdecl _imp_FltFreeCallbackData" __imp_FltFreeCallbackData
0x1C00015C0: "__cdecl guard_check_icall_nop" _guard_check_icall_nop
0x1C00050C8: "__cdecl _imp_PsReferencePrimaryToken" __imp_PsReferencePrimaryToken
0x1C0005040: "__cdecl _imp_FltReadFile" __imp_FltReadFile
0x1C0006140: SmPostCreate
0x1C0003050: "__cdecl _security_cookie" __security_cookie
0x1C0005010: "__cdecl _imp_FltIsEcpFromUserMode" __imp_FltIsEcpFromUserMode
0x1C00010BC: SmReleaseOriginProcessData
0x1C0005020: "__cdecl _imp_FltQueryInformationFile" __imp_FltQueryInformationFile
0x1C0001338: SmCheckProcessSessionOrigin
0x1C0005030: "__cdecl _imp_FltGetEcpListFromCallbackData" __imp_FltGetEcpListFromCallbackData
0x1C0006508: SmTelemetrizeOriginInfo
0x1C00050B8: "__cdecl _imp_EtwWrite" __imp_EtwWrite
0x1C0005098: "__cdecl _imp_FltUnregisterFilter" __imp_FltUnregisterFilter
0x1C0007434: "__cdecl _security_init_cookie" __security_init_cookie
0x1C00050D8: "__cdecl _imp_PsGetProcessImageFileName" __imp_PsGetProcessImageFileName
0x1C0005120: "__cdecl _imp_EtwRegister" __imp_EtwRegister
0x1C00010E0: SmUnload
0x1C0002344: "-" ??_C@_13IMODFHAA@?$AA?9?$AA?$AA@
0x1C00015B0: "__cdecl _report_gsfailure" __report_gsfailure
0x1C00023F8: "DISABLED" ??_C@_1BC@IFPGCOKD@?$AAD?$AAI?$AAS?$AAA?$AAB?$AAL?$AAE?$AAD?$AA?$AA@
0x1C0005170: ntoskrnl_NULL_THUNK_DATA
0x1C0005118: "__cdecl _imp_ExFreePoolWithTag" __imp_ExFreePoolWithTag
0x1C0007008: DriverEntry
0x1C00050C0: "__cdecl _imp_ZwOpenKey" __imp_ZwOpenKey
0x1C0005078: "__cdecl _imp_FltParseFileNameInformation" __imp_FltParseFileNameInformation
0x1C00019C0: memset
0x1C00051B0: "__cdecl _NULL_IMPORT_DESCRIPTOR" __NULL_IMPORT_DESCRIPTOR

[JEB Decompiler by PNF Software]