PDB Symbols - ndiscap.sys (0x2AEE5C3652115E5069A1FF929EE47B19A91F52E3534BC9CD8020FB769A34226C)

Generated by JEB on 2019/08/01

PE: C:\Windows\System32\drivers\ndiscap.sys Base=0x1C0000000 SHA-256=2AEE5C3652115E5069A1FF929EE47B19A91F52E3534BC9CD8020FB769A34226C
PDB: ndiscap.pdb GUID={BD6995E1-5104-9389-9327579B7DCC198C} Age=1

209 located named symbols:
0x1C0005BD8: McTemplateK0uuhbr2
0x1C0008248: Microsoft_Windows_NDIS_PacketCaptureLevels
0x1C000B118: "__cdecl _imp_EtwProviderEnabled" __imp_EtwProviderEnabled
0x1C00083A8: "Microsoft NDIS Capture" ??_C@_1CO@INAJHDFM@?$AAM?$AAi?$AAc?$AAr?$AAo?$AAs?$AAo?$AAf?$AAt?$AA?5?$AAN?$AAD?$AAI?$AAS?$AA?5?$AAC?$AAa?$AAp?$AAt?$AAu?$AAr?$AAe?$AA?$AA@
0x1C000B028: "__cdecl _imp_NdisFIndicateStatus" __imp_NdisFIndicateStatus
0x1C00061E0: PktCapTraceRundown
0x1C0004204: RtlStringCchCopyW
0x1C0009058: "__cdecl _security_cookie_complement" __security_cookie_complement
0x1C0008398: "NDISCAP" ??_C@_1BA@BCFPGPFO@?$AAN?$AAD?$AAI?$AAS?$AAC?$AAA?$AAP?$AA?$AA@
0x1C00085C0: "Parameters" ??_C@_1BG@PGIGMDPA@?$AAP?$AAa?$AAr?$AAa?$AAm?$AAe?$AAt?$AAe?$AAr?$AAs?$AA?$AA@
0x1C00047C0: InspectIPv6Header
0x1C0008258: LayerLoadError
0x1C00017E4: FilterIssueSwitchNicArrayOidRequest
0x1C000B188: "__cdecl _imp_RtlInitUnicodeString" __imp_RtlInitUnicodeString
0x1C0007350: "__cdecl guard_dispatch_icall_nop" _guard_dispatch_icall_nop
0x1C0009078: g_CoalescedBufferLength
0x1C0009090: g_Rules
0x1C00028A0: FilterStatus
0x1C00081F8: StateRundown
0x1C0002CB0: FilterGetSwitchEventInfo
0x1C000B048: "__cdecl _imp_NdisEnumerateFilterModules" __imp_NdisEnumerateFilterModules
0x1C000B098: "__cdecl _imp_NdisFRegisterFilterDriver" __imp_NdisFRegisterFilterDriver
0x1C000B078: "__cdecl _imp_NdisWaitEvent" __imp_NdisWaitEvent
0x1C000B058: "__cdecl _imp_NdisAllocateCloneOidRequest" __imp_NdisAllocateCloneOidRequest
0x1C000B090: "__cdecl _imp_NdisFreeMemory" __imp_NdisFreeMemory
0x1C0008308: MICROSOFT_PACKETCAPTURE_PROVIDER
0x1C000B0B0: "__cdecl _imp_NmrDeregisterProvider" __imp_NmrDeregisterProvider
0x1C000B1A0: "__cdecl _guard_dispatch_icall_fptr" __guard_dispatch_icall_fptr
0x1C000459C: InspectDot11Header
0x1C0009064: ExternalRequestFailedCount
0x1C000B088: "__cdecl _imp_NdisInitializeEvent" __imp_NdisInitializeEvent
0x1C0008000: PktCapProviderDispatch
0x1C00040E0: McTemplateK0uuqq
0x1C000B168: "__cdecl _imp_KeInitializeSpinLock" __imp_KeInitializeSpinLock
0x1C0002FD0: FilterSendNetBufferLists
0x1C0006340: PktCapLogNetEvent
0x1C000B0C8: "__cdecl _imp_KeInitializeGuardedMutex" __imp_KeInitializeGuardedMutex
0x1C0008608: "PersistentRefCount" ??_C@_1CG@HLFCIDFC@?$AAP?$AAe?$AAr?$AAs?$AAi?$AAs?$AAt?$AAe?$AAn?$AAt?$AAR?$AAe?$AAf?$AAC?$AAo?$AAu?$AAn?$AAt?$AA?$AA@
0x1C00085D8: "CaptureMode" ??_C@_1BI@JJNKNNHF@?$AAC?$AAa?$AAp?$AAt?$AAu?$AAr?$AAe?$AAM?$AAo?$AAd?$AAe?$AA?$AA@
0x1C000B138: "__cdecl _imp_KeReleaseSpinLock" __imp_KeReleaseSpinLock
0x1C0001AD0: FilterOidRequest
0x1C0007380: memcpy
0x1C0005880: AllowedByCustomRule
0x1C00028C0: GetSwitchDestinationsBuffer
0x1C0002C30: GetInfoFromPortIdAndIndex
0x1C000B0D8: "__cdecl _imp_ZwSetValueKey" __imp_ZwSetValueKey
0x1C0008228: VMSwitchPacketFragment
0x1C0006C68: EtwEx_tidPacketFragmentArray
0x1C00085F0: "RefCount" ??_C@_1BC@GLBLBPKP@?$AAR?$AAe?$AAf?$AAC?$AAo?$AAu?$AAn?$AAt?$AA?$AA@
0x1C0007380: memmove
0x1C0008500: "\Registry\Machine\System\Current" ??_C@_1JK@MFHBEJBD@?$AA?2?$AAR?$AAe?$AAg?$AAi?$AAs?$AAt?$AAr?$AAy?$AA?2?$AAM?$AAa?$AAc?$AAh?$AAi?$AAn?$AAe?$AA?2?$AAS?$AAy?$AAs?$AAt?$AAe?$AAm?$AA?2?$AAC?$AAu?$AAr?$AAr?$AAe?$AAn?$AAt@
0x1C000B018: "__cdecl _imp_NdisFIndicateReceiveNetBufferLists" __imp_NdisFIndicateReceiveNetBufferLists
0x1C0002590: FilterRestart
0x1C000B170: "__cdecl _imp_RtlCopyUnicodeString" __imp_RtlCopyUnicodeString
0x1C00081B0: NPI_MS_PKTCAP_MODULEID
0x1C000109C: FilterGetOptionalSwitchHandlers
0x1C00072DC: "__cdecl _GSHandlerCheckCommon" __GSHandlerCheckCommon
0x1C000B0A0: NDIS_NULL_THUNK_DATA
0x1C0008208: CaptureRules
0x1C0006D74: McTemplateK0uqxxzz
0x1C00068E8: PktCapInspectPacket
0x1C000B0A8: "__cdecl _imp_NmrRegisterProvider" __imp_NmrRegisterProvider
0x1C000B110: "__cdecl _imp_MmIsAddressValid" __imp_MmIsAddressValid
0x1C0003AC4: EtwEx_tidVMSwitchNetBuffer
0x1C0004170: DeleteSwitchNicIndexInfo
0x1C0005F88: PktCapProviderUninitialize
0x1C000B178: "__cdecl _imp_ExAllocatePoolWithTag" __imp_ExAllocatePoolWithTag
0x1C00058F0: EtwEnableCallback
0x1C0006BDC: PacketFragmentCombine
0x1C0002810: FilterUnload
0x1C0009244: "__cdecl _@@_PchSym_@00@KxulyqvxgPillgKxulmvxlivUmvgUwrztmlhgrxhUmvggizxvUmwrhxzkUlyquivUznwGEUkivxlnkOlyq@ndiscap" __@@_PchSym_@00@KxulyqvxgPillgKxulmvxlivUmvgUwrztmlhgrxhUmvggizxvUmwrhxzkUlyquivUznwGEUkivxlnkOlyq@ndiscap
0x1C0006704: TraceLegacyVMSwitchPacket
0x1C000B158: "__cdecl _imp_EtwWriteTransfer" __imp_EtwWriteTransfer
0x1C0005D4C: RegUtilQuerySTRINGValue
0x1C0006650: InspectVSwitchInfo
0x1C00072B8: "__cdecl _GSHandlerCheck" __GSHandlerCheck
0x1C000392C: TraceNetBuffer
0x1C0006E84: McTemplateK0uzqhNR3
0x1C0004050: McTemplateK0qqqq
0x1C0008630: "NULL" ??_C@_19CIJIHAKK@?$AAN?$AAU?$AAL?$AAL?$AA?$AA@
0x1C000B1D0: "__cdecl _IMPORT_DESCRIPTOR_NETIO" __IMPORT_DESCRIPTOR_NETIO
0x1C0003D24: NetBufferFragmentCombine
0x1C000B008: "__cdecl _imp_NdisFNetPnPEvent" __imp_NdisFNetPnPEvent
0x1C00091A0: PktCap
0x1C00048FC: InspectPacket
0x1C000119C: FilterGetHostName
0x1C0003F8C: EtwEx_tidPacketMetadata
0x1C0008318: PacketMetadata
0x1C0008368: "Emulated" ??_C@_1BC@EPEOBMND@?$AAE?$AAm?$AAu?$AAl?$AAa?$AAt?$AAe?$AAd?$AA?$AA@
0x1C0004394: McTemplateK0zzzz
0x1C0008640: "*** EtwEnableCallback called (Is" ??_C@_0CN@LPJOIPP@?$CK?$CK?$CK?5EtwEnableCallback?5called?5?$CIIs@
0x1C00082C8: PacketFragment
0x1C0001040: FilterNetPnPEvent
0x1C0001638: filterDoInternalRequest
0x1C0005E98: RegUtilQueryULONGValue
0x1C000B060: "__cdecl _imp_NdisFGetOptionalSwitchHandlers" __imp_NdisFGetOptionalSwitchHandlers
0x1C0008068: g_NicTypes
0x1C00081C8: StartLayerLoad
0x1C0003920: FilterSetModuleOptions
0x1C000C3C0: GsDriverEntry
0x1C000B198: "__cdecl _guard_check_icall_fptr" __guard_check_icall_fptr
0x1C00033E0: FilterReceiveNetBufferLists
0x1C000907C: g_PacketInspectionRequired
0x1C000716C: TraceFilterEngineAllowedByRuleEx2
0x1C0004334: McGenEventWrite
0x1C000B0E0: "__cdecl _imp_ZwQueryValueKey" __imp_ZwQueryValueKey
0x1C0008280: Microsoft_Windows_NDIS_PacketCaptureKeywords
0x1C0007260: "__cdecl _security_check_cookie" __security_check_cookie
0x1C000B068: "__cdecl _imp_NdisFreeCloneOidRequest" __imp_NdisFreeCloneOidRequest
0x1C0009230: DriverRegistryPath
0x1C0008380: "Internal" ??_C@_1BC@FBOHHDN@?$AAI?$AAn?$AAt?$AAe?$AAr?$AAn?$AAa?$AAl?$AA?$AA@
0x1C00081A0: NPI_PKTCAP_INTERFACE_ID
0x1C000B1A8: "__cdecl _IMPORT_DESCRIPTOR_ntoskrnl" __IMPORT_DESCRIPTOR_ntoskrnl
0x1C0008020: PktCapProviderNotify
0x1C00082F8: RuleLoadError
0x1C0005FE8: PktCapUpdateClientConfig
0x1C0008268: DriverLoad
0x1C0003E20: EtwEx_tidPacketFragmentNetBuffer
0x1C000B150: "__cdecl _imp_EtwUnregister" __imp_EtwUnregister
0x1C0006F64: EvaluateBinaryRuleEx
0x1C00071D4: TraceFilterEngineValidateRule
0x1C00023E0: FilterPause
0x1C000D000: "__cdecl _guard_fids_table" __guard_fids_table
0x1C00085A0: "ComputerName" ??_C@_1BK@OADCIHHB@?$AAC?$AAo?$AAm?$AAp?$AAu?$AAt?$AAe?$AAr?$AAN?$AAa?$AAm?$AAe?$AA?$AA@
0x1C000651C: PktCapTracePacket
0x1C0009240: Microsoft_Windows_NDIS_PacketCaptureEnableBits
0x1C000135C: AddPort
0x1C0008090: "__cdecl load_config_used" _load_config_used
0x1C000428C: McGenEventUnregister
0x1C0008350: "Synthetic" ??_C@_1BE@GGDEKFIL@?$AAS?$AAy?$AAn?$AAt?$AAh?$AAe?$AAt?$AAi?$AAc?$AA?$AA@
0x1C0009220: FilterModuleList
0x1C000B148: "__cdecl _imp_ZwClose" __imp_ZwClose
0x1C0002444: CheckFilterPosition
0x1C00082D8: LayerUnload
0x1C000B0F8: "__cdecl _imp_wcsnlen" __imp_wcsnlen
0x1C0008430: "6.1.0000" ??_C@_1BC@MHGGGKE@?$AA6?$AA?4?$AA1?$AA?4?$AA0?$AA0?$AA0?$AA0?$AA?$AA@
0x1C00062D0: PktCapUpdateCaptureConfig
0x1C000B050: "__cdecl _imp_NdisFSetAttributes" __imp_NdisFSetAttributes
0x1C000B0D0: "__cdecl _imp_KeReleaseGuardedMutex" __imp_KeReleaseGuardedMutex
0x1C000B000: "__cdecl _imp_NdisFOidRequestComplete" __imp_NdisFOidRequestComplete
0x1C0009210: FilterListLock
0x1C000B040: "__cdecl _imp_NdisOpenConfigurationEx" __imp_NdisOpenConfigurationEx
0x1C00072A0: "__cdecl guard_check_icall_nop" _guard_check_icall_nop
0x1C000B100: "__cdecl _imp_MmMapLockedPagesSpecifyCache" __imp_MmMapLockedPagesSpecifyCache
0x1C0008328: DriverLoadError
0x1C0005B74: McTemplateK0q
0x1C00082E8: PktSourceInfo
0x1C0001508: GetSwitchNics
0x1C000B080: "__cdecl _imp_NdisFOidRequest" __imp_NdisFOidRequest
0x1C0008238: DriverUnload
0x1C000B140: "__cdecl _imp_KeAcquireSpinLockRaiseToDpc" __imp_KeAcquireSpinLockRaiseToDpc
0x1C0009050: "__cdecl _security_cookie" __security_cookie
0x1C0005C6C: RegUtilOpenKeyEx
0x1C0009060: ExternalRequestSuccessCount
0x1C0009200: FilterDriverHandle
0x1C000B128: "__cdecl _imp_RtlCompareMemory" __imp_RtlCompareMemory
0x1C0004430: McGenControlCallbackV2
0x1C0008338: "External" ??_C@_1BC@KMFBFJEN@?$AAE?$AAx?$AAt?$AAe?$AAr?$AAn?$AAa?$AAl?$AA?$AA@
0x1C000B038: "__cdecl _imp_NdisCloseConfiguration" __imp_NdisCloseConfiguration
0x1C0009080: g_MaxRuleInspectionOffset
0x1C00042C0: McTemplateK0qqq
0x1C000B108: "__cdecl _imp_EtwWrite" __imp_EtwWrite
0x1C000B0C0: NETIO_NULL_THUNK_DATA
0x1C000B0F0: "__cdecl _imp_DbgPrint" __imp_DbgPrint
0x1C000B010: "__cdecl _imp_NdisAllocateMemoryWithTagPriority" __imp_NdisAllocateMemoryWithTagPriority
0x1C000C3F4: "__cdecl _security_init_cookie" __security_init_cookie
0x1C000B0B8: "__cdecl _imp_NmrWaitForProviderDeregisterComplete" __imp_NmrWaitForProviderDeregisterComplete
0x1C000B030: "__cdecl _imp_NdisFDeregisterFilterDriver" __imp_NdisFDeregisterFilterDriver
0x1C000B160: "__cdecl _imp_EtwRegister" __imp_EtwRegister
0x1C0005CF0: RegUtilOpenKey
0x1C0008218: EndLayerLoad
0x1C00018F0: filterInternalRequestComplete
0x1C0006150: PktCapDetachClient
0x1C0006390: PktCapLogPacket
0x1C000455C: McGenEventRegister
0x1C00083E0: "{EA24CD6C-D17A-4348-9190-09F0D5B" ??_C@_1EO@GJKDMIFL@?$AA?$HL?$AAE?$AAA?$AA2?$AA4?$AAC?$AAD?$AA6?$AAC?$AA?9?$AAD?$AA1?$AA7?$AAA?$AA?9?$AA4?$AA3?$AA4?$AA8?$AA?9?$AA9?$AA1?$AA9?$AA0?$AA?9?$AA0?$AA9?$AAF?$AA0?$AAD?$AA5?$AAB@
0x1C0002630: FilterDetach
0x1C000B1BC: "__cdecl _IMPORT_DESCRIPTOR_NDIS" __IMPORT_DESCRIPTOR_NDIS
0x1C00019B0: FilterOidRequestComplete
0x1C0009208: FilterDriverObject
0x1C0007290: "__cdecl _report_gsfailure" __report_gsfailure
0x1C00061C0: PktCapCleanupClientContext
0x1C00055C0: InspectPacketMdl
0x1C000B070: "__cdecl _imp_NdisSetEvent" __imp_NdisSetEvent
0x1C0009000: MICROSOFT_PACKETCAPTURE_PROVIDER_Context
0x1C000B180: "__cdecl _imp_KeAcquireGuardedMutex" __imp_KeAcquireGuardedMutex
0x1C000B190: ntoskrnl_NULL_THUNK_DATA
0x1C000B130: "__cdecl _imp_ExFreePoolWithTag" __imp_ExFreePoolWithTag
0x1C0009068: LastIfIndex
0x1C000B020: "__cdecl _imp_NdisFSendNetBufferLists" __imp_NdisFSendNetBufferLists
0x1C000C008: DriverEntry
0x1C00081D8: LayerLoad
0x1C0006A18: EtwEx_tidVMSwitchPacketFragmentArray
0x1C00081E8: CaptureRule
0x1C0006050: PktCapAttachClient
0x1C000B120: "__cdecl _imp_memcpy_s" __imp_memcpy_s
0x1C0009070: g_CoalescedBuffer
0x1C000B0E8: "__cdecl _imp_ZwOpenKey" __imp_ZwOpenKey
0x1C0001D60: FilterAttach
0x1C0001010: FilterRegisterOptions
0x1C0008450: "\Registry\Machine\System\Current" ??_C@_1KG@EOFJGAPB@?$AA?2?$AAR?$AAe?$AAg?$AAi?$AAs?$AAt?$AAr?$AAy?$AA?2?$AAM?$AAa?$AAc?$AAh?$AAi?$AAn?$AAe?$AA?2?$AAS?$AAy?$AAs?$AAt?$AAe?$AAm?$AA?2?$AAC?$AAu?$AAr?$AAr?$AAe?$AAn?$AAt@
0x1C00076C0: memset
0x1C000B1E4: "__cdecl _NULL_IMPORT_DESCRIPTOR" __NULL_IMPORT_DESCRIPTOR

[JEB Decompiler by PNF Software]