PDB Symbols - UevAgentDriver.sys (0x3041A26959F9B5BA6B33E747B77F285B8005AC8D686DCD8240B17A0E3C157169)

Generated by JEB on 2019/08/01

PE: C:\Windows\System32\drivers\UevAgentDriver.sys Base=0x1C0000000 SHA-256=3041A26959F9B5BA6B33E747B77F285B8005AC8D686DCD8240B17A0E3C157169
PDB: UevAgentDriver.pdb GUID={1862B89A-04FA-7ACE-0BFD60028E4F9146} Age=1

313 located named symbols:
0x1C00025C8: "UevFilter.ComPortClose: Entry " ??_C@_0BP@MDIDNLAG@UevFilter?4ComPortClose?3?5Entry?6?$AA@
0x1C0005000: UevAgentDriver_Context
0x1C00029B0: Microsoft_User_Experience_Virtualization_Agent_DriverKeywords
0x1C00040C0: "UevFilter.AllocateGenericUnicode" ??_C@_0DN@LFKKLADM@UevFilter?4AllocateGenericUnicode@
0x1C0002CA0: "UevFilter.ProcessCreateNotificat" ??_C@_0FH@DNMHKHHM@UevFilter?4ProcessCreateNotificat@
0x1C0008300: ComPortCreate
0x1C00039C8: "UevFilter.ProcessEventInitialize" ??_C@_0DJ@GDJIHENA@UevFilter?4ProcessEventInitialize@
0x1C00044B8: "UevFilter.IsMonitoredProcess: En" ??_C@_0CF@HPKHNBLP@UevFilter?4IsMonitoredProcess?3?5En@
0x1C0008D40: ProcessNotification
0x1C0005088: "__cdecl _security_cookie_complement" __security_cookie_complement
0x1C0002860: "UevFilter.ComPortInit: Setting s" ??_C@_0DM@MLGIMBHM@UevFilter?4ComPortInit?3?5Setting?5s@
0x1C0002C60: "UevFilter.ProcessCreateNotificat" ??_C@_0DJ@LOFADANN@UevFilter?4ProcessCreateNotificat@
0x1C00050A8: pServerPort
0x1C0007140: "__cdecl _imp_RtlInitUnicodeString" __imp_RtlInitUnicodeString
0x1C0001970: "__cdecl guard_dispatch_icall_nop" _guard_dispatch_icall_nop
0x1C00042D8: "UevFilter.ReadRegistryDword: Ent" ??_C@_0CE@ODIIGLAP@UevFilter?4ReadRegistryDword?3?5Ent@
0x1C00088A8: AllocateFilterHashTable
0x1C0001664: IsProcessListedUnderRegistryKey
0x1C00050C0: pClientPort
0x1C0001578: AllocateGenericBuffer
0x1C00070C8: "__cdecl _imp_ZwOpenProcess" __imp_ZwOpenProcess
0x1C00022C0: "UevFilter.IsClientSessionValid: " ??_C@_0EC@MKMEEBOP@UevFilter?4IsClientSessionValid?3?5@
0x1C0007008: "__cdecl _imp_FltCloseCommunicationPort" __imp_FltCloseCommunicationPort
0x1C00050B8: pSendMsgTimeout
0x1C0004238: "UevFilter.ReadRegistryValue: Ent" ??_C@_0CE@MBNBEGIE@UevFilter?4ReadRegistryValue?3?5Ent@
0x1C0007000: "__cdecl _imp_FltFreeSecurityDescriptor" __imp_FltFreeSecurityDescriptor
0x1C0007130: "__cdecl _imp_RtlCreateSecurityDescriptor" __imp_RtlCreateSecurityDescriptor
0x1C00087FC: AddFilterHashTableEntry
0x1C0004340: "UevFilter.ReadRegistryDword: Exi" ??_C@_0DC@GHEHJBOI@UevFilter?4ReadRegistryDword?3?5Exi@
0x1C0007048: "__cdecl _imp_SecLookupWellKnownSid" __imp_SecLookupWellKnownSid
0x1C0003FF0: "UevFilter.AllocateGenericBuffer:" ??_C@_0CI@POCEABHD@UevFilter?4AllocateGenericBuffer?3@
0x1C0007190: "__cdecl _guard_dispatch_icall_fptr" __guard_dispatch_icall_fptr
0x1C0003430: "UevFilter.GetSessionIdFromProces" ??_C@_0FE@BJKJOAGA@UevFilter?4GetSessionIdFromProces@
0x1C00023A0: "UevFilter.PortConnectHandler: In" ??_C@_0DB@MOCPIJON@UevFilter?4PortConnectHandler?3?5In@
0x1C0002CF8: "UevFilter.ProcessCreateDestroyNo" ??_C@_0DC@JAMJIMPM@UevFilter?4ProcessCreateDestroyNo@
0x1C0002D30: "UevFilter.ProcessNotification: E" ??_C@_0CG@CCFPDOII@UevFilter?4ProcessNotification?3?5E@
0x1C0002C00: "UevFilter.RemoveHandleFromHashTa" ??_C@_0CL@FAEFJJMI@UevFilter?4RemoveHandleFromHashTa@
0x1C0002D58: "UevFilter.ProcessNotification: E" ??_C@_0CF@PALBGDEP@UevFilter?4ProcessNotification?3?5E@
0x1C0008C08: ProcessCreateNotification
0x1C0004378: "UevFilter.GetFileNameFromPath: E" ??_C@_0CG@IFLOPONG@UevFilter?4GetFileNameFromPath?3?5E@
0x1C0009864: ReadRegistryDword
0x1C0003AA0: "UevFilter.SendProcessEventMessag" ??_C@_0EN@JCFHKANF@UevFilter?4SendProcessEventMessag@
0x1C00026C0: "UevFilter.ComPortInit: Failed re" ??_C@_0EG@BKEONEOA@UevFilter?4ComPortInit?3?5Failed?5re@
0x1C0003260: "UevFilter.GetCompletionPortSecur" ??_C@_0FD@HOAELBKN@UevFilter?4GetCompletionPortSecur@
0x1C00044E0: "UevFilter.IsMonitoredProcess: In" ??_C@_0FC@JNEGDDEA@UevFilter?4IsMonitoredProcess?3?5In@
0x1C0007070: "__cdecl _imp_KeInitializeGuardedMutex" __imp_KeInitializeGuardedMutex
0x1C0007128: "__cdecl _imp_ZwQueryInformationToken" __imp_ZwQueryInformationToken
0x1C00070F0: "__cdecl _imp_RtlAppendUnicodeStringToString" __imp_RtlAppendUnicodeStringToString
0x1C00050E8: comPortInitialized
0x1C00089F0: FindKeyInFilterHashTable
0x1C0003F70: "\REGISTRY\MACHINE\SOFTWARE\Micro" ??_C@_1HO@FHOECJHP@?$AA?2?$AAR?$AAE?$AAG?$AAI?$AAS?$AAT?$AAR?$AAY?$AA?2?$AAM?$AAA?$AAC?$AAH?$AAI?$AAN?$AAE?$AA?2?$AAS?$AAO?$AAF?$AAT?$AAW?$AAA?$AAR?$AAE?$AA?2?$AAM?$AAi?$AAc?$AAr?$AAo@
0x1C00021A0: "UevFilter.IsClientSessionValid: " ??_C@_0CH@IDAABHBE@UevFilter?4IsClientSessionValid?3?5@
0x1C00033C8: "UevFilter.GetMaxConnections: Exi" ??_C@_0DI@MBOLHBOG@UevFilter?4GetMaxConnections?3?5Exi@
0x1C0008230: PortDisconnectHandler
0x1C0004260: "UevFilter.ReadRegistryValue: Inv" ??_C@_0DK@IJANCBHO@UevFilter?4ReadRegistryValue?3?5Inv@
0x1C0007068: "__cdecl _imp_PsSetCreateProcessNotifyRoutineEx" __imp_PsSetCreateProcessNotifyRoutineEx
0x1C0009684: ReadRegistryValue
0x1C00018AD: "__cdecl _C_specific_handler" __C_specific_handler
0x1C0003578: "UevFilter.GetSessionIdFromProces" ??_C@_0DL@EINJJKFH@UevFilter?4GetSessionIdFromProces@
0x1C0007100: "__cdecl _imp_RtlCopyUnicodeString" __imp_RtlCopyUnicodeString
0x1C0003898: "UevFilter.ProcessEventInitialize" ??_C@_0CJ@BFCDADCJ@UevFilter?4ProcessEventInitialize@
0x1C0004418: "UevFilter.GetProcessNameFromPath" ??_C@_0DK@BHOFPJHC@UevFilter?4GetProcessNameFromPath@
0x1C00070B0: "__cdecl _imp_RtlCreateAcl" __imp_RtlCreateAcl
0x1C0002938: "UevFilter.ComPortUnInit: Exit " ??_C@_0BP@LAADMDMA@UevFilter?4ComPortUnInit?3?5Exit?6?$AA@
0x1C00023D8: "UevFilter.PortConnectHandler: Ex" ??_C@_0DF@HFHKEIAJ@UevFilter?4PortConnectHandler?3?5Ex@
0x1C00018FC: "__cdecl _GSHandlerCheckCommon" __GSHandlerCheckCommon
0x1C0002BA8: "UevFilter.FreeHandleHashTable: E" ??_C@_0CF@DAGEELLH@UevFilter?4FreeHandleHashTable?3?5E@
0x1C0007030: "__cdecl _imp_FltRegisterFilter" __imp_FltRegisterFilter
0x1C0002C30: "UevFilter.ProcessCreateNotificat" ??_C@_0CM@NKHBPAOH@UevFilter?4ProcessCreateNotificat@
0x1C00025E8: "UevFilter.ComportClose: Exit " ??_C@_0BO@MGPMHPO@UevFilter?4ComportClose?3?5Exit?6?$AA@
0x1C00050EA: filterRegistered
0x1C00028A0: "UevFilter.ComPortInit: Exit, ret" ??_C@_0CP@MGDHGGM@UevFilter?4ComPortInit?3?5Exit?0?5ret@
0x1C0002590: "UevFilter.ComPortCreate: Exit, r" ??_C@_0DB@MLGFGDFI@UevFilter?4ComPortCreate?3?5Exit?0?5r@
0x1C0002F90: "UevFilter.CreateProcessEventComp" ??_C@_0EC@DHNHAEFD@UevFilter?4CreateProcessEventComp@
0x1C0002A80: "UevFilter.AllocateFilterHashTabl" ??_C@_0CJ@OKCAJBAO@UevFilter?4AllocateFilterHashTabl@
0x1C0002A20: "UevFilter.AddHandleHashTableEntr" ??_C@_0CJ@DMNKLLJJ@UevFilter?4AddHandleHashTableEntr@
0x1C0003370: "UevFilter.GetMaxConnections: Max" ??_C@_0FC@JHEGOIKA@UevFilter?4GetMaxConnections?3?5Max@
0x1C0007158: "__cdecl _imp_ExDeleteResourceLite" __imp_ExDeleteResourceLite
0x1C0003540: "UevFilter.GetSessionIdFromProces" ??_C@_0DH@PBIOIADI@UevFilter?4GetSessionIdFromProces@
0x1C0001374: DbgTraceErr
0x1C0002B50: "UevFilter.FindKeyInFilterHashTab" ??_C@_0CK@PANKOLAM@UevFilter?4FindKeyInFilterHashTab@
0x1C00021D0: "UevFilter.IsClientSessionValid: " ??_C@_0EN@EMMJCDPK@UevFilter?4IsClientSessionValid?3?5@
0x1C0002DE0: "UevFilter.CloseProcessEventCompl" ??_C@_0DC@DHEEAMBB@UevFilter?4CloseProcessEventCompl@
0x1C0002D80: "UevFilter.HookProcessNotify: Ent" ??_C@_0CE@KICOFCFM@UevFilter?4HookProcessNotify?3?5Ent@
0x1C0005140: comPortResource
0x1C0005128: Microsoft_User_Experience_Virtualization_Agent_DriverEnableBits
0x1C0008100: PortConnectHandler
0x1C00050E0: g_pFilter
0x1C0003DE0: "UevFilter.UnInitializeDriver: En" ??_C@_0CF@IMIMNCID@UevFilter?4UnInitializeDriver?3?5En@
0x1C0007108: "__cdecl _imp_ExAllocatePoolWithTag" __imp_ExAllocatePoolWithTag
0x1C00029E0: DriverLoaded
0x1C0002988: Microsoft_User_Experience_Virtualization_Agent_DriverLevels
0x1C00041C0: "UevFilter.FreeGenericUnicodeStri" ??_C@_0EB@OLIJPDPK@UevFilter?4FreeGenericUnicodeStri@
0x1C0002E50: "UevFilter.CreateProcessEventComp" ??_C@_0DD@KCMHMGE@UevFilter?4CreateProcessEventComp@
0x1C0007098: "__cdecl _imp_PsGetCurrentProcessId" __imp_PsGetCurrentProcessId
0x1C0002958: Trace_Verbose
0x1C0007060: "__cdecl _imp_EtwWriteTransfer" __imp_EtwWriteTransfer
0x1C0002B20: "UevFilter.FindKeyInFilterHashTab" ??_C@_0CL@MNIKEFCK@UevFilter?4FindKeyInFilterHashTab@
0x1C0003A68: "UevFilter.SendProcessEventMessag" ??_C@_0CK@HHOHKKLF@UevFilter?4SendProcessEventMessag@
0x1C00042A0: "UevFilter.ReadRegistryValue: Exi" ??_C@_0DC@CAHMDIOH@UevFilter?4ReadRegistryValue?3?5Exi@
0x1C0007040: FLTMGR_NULL_THUNK_DATA
0x1C0007178: "__cdecl _imp___C_specific_handler" __imp___C_specific_handler
0x1C0005090: g_DebugLevel
0x1C0002668: "UevFilter.ComPortSendMsg: Exit, " ??_C@_0DC@JKADKAIN@UevFilter?4ComPortSendMsg?3?5Exit?0?5@
0x1C00050A0: clientPortRefCount
0x1C0007058: "__cdecl _imp_KeLeaveCriticalRegion" __imp_KeLeaveCriticalRegion
0x1C0008548: ComPortSendMsg
0x1C00018D8: "__cdecl _GSHandlerCheck" __GSHandlerCheck
0x1C0003A08: "UevFilter.ProcessEventUninitiali" ??_C@_0CL@CAMMLIDG@UevFilter?4ProcessEventUninitiali@
0x1C0003AF0: "UevFilter.SendProcessEventMessag" ??_C@_0DM@DABPDKCC@UevFilter?4SendProcessEventMessag@
0x1C0008008: IsClientSessionValid
0x1C0009910: GetFileNameFromPath
0x1C0007090: "__cdecl _imp_RtlAddAccessAllowedAce" __imp_RtlAddAccessAllowedAce
0x1C0004458: "UevFilter.IsRestrictedProcess: E" ??_C@_0CG@GGNCDGJO@UevFilter?4IsRestrictedProcess?3?5E@
0x1C0003E30: "StringCchPrintfA() in DbgTraceFr" ??_C@_0EB@MKNNGBFC@StringCchPrintfA?$CI?$CJ?5in?5DbgTraceFr@
0x1C0002000: FilterRegistration
0x1C0003C40: "UevFilter.DriverEntry: Filter re" ??_C@_0EC@CLHDDOIA@UevFilter?4DriverEntry?3?5Filter?5re@
0x1C0002488: "UevFilter.ComPortCreate: Entry " ??_C@_0CA@IDJJPKAA@UevFilter?4ComPortCreate?3?5Entry?6?$AA@
0x1C0001328: DbgTrace
0x1C0003790: "UevFilter.PortConnectHandler: Fa" ??_C@_0EI@GHCLHFAA@UevFilter?4PortConnectHandler?3?5Fa@
0x1C0004018: "UevFilter.AllocateGenericBuffer:" ??_C@_0DO@CMPJHOMG@UevFilter?4AllocateGenericBuffer?3@
0x1C0003750: "UevFilter.IsSupportedVersion: Ex" ??_C@_0DF@PDKFKIBC@UevFilter?4IsSupportedVersion?3?5Ex@
0x1C00070A8: "__cdecl _imp_VerSetConditionMask" __imp_VerSetConditionMask
0x1C0002540: "UevFilter.ComPortCreate: Failed " ??_C@_0EL@DGPLALAJ@UevFilter?4ComPortCreate?3?5Failed?5@
0x1C0002B80: "UevFilter.FreeHandleHashTable: E" ??_C@_0CG@JBPJJBIO@UevFilter?4FreeHandleHashTable?3?5E@
0x1C0002AB0: "UevFilter.FindTableEntryInFilter" ??_C@_0DC@DOGDPBON@UevFilter?4FindTableEntryInFilter@
0x1C00050B0: clientPortConnected
0x1C00031A0: "UevFilter.GetCompletionPortSecur" ??_C@_0FJ@FBLJIDIN@UevFilter?4GetCompletionPortSecur@
0x1C0002308: "UevFilter.IsClientSessionValid: " ??_C@_0DH@BEMJCGLB@UevFilter?4IsClientSessionValid?3?5@
0x1C0007020: "__cdecl _imp_FltBuildDefaultSecurityDescriptor" __imp_FltBuildDefaultSecurityDescriptor
0x1C0003E08: "UevFilter.UnInitializeDriver: Ex" ??_C@_0CE@PCDHCCKH@UevFilter?4UnInitializeDriver?3?5Ex@
0x1C00070F8: "__cdecl _imp_RtlEqualUnicodeString" __imp_RtlEqualUnicodeString
0x1C00043D8: "UevFilter.GetFileNameFromPath: I" ??_C@_0DM@PIHCEDGP@UevFilter?4GetFileNameFromPath?3?5I@
0x1C0003988: "UevFilter.ProcessEventInitialize" ??_C@_0DP@BIJFCMJM@UevFilter?4ProcessEventInitialize@
0x1C00028D0: "UevFilter.ComPortUnInit: Entry " ??_C@_0CA@FPBIBCJJ@UevFilter?4ComPortUnInit?3?5Entry?6?$AA@
0x1C00029A0: Trace_Error
0x1C00050EC: processEventPortCreated
0x1C00026A0: "UevFilter.ComPortInit: Entry " ??_C@_0BO@EAIEEHLI@UevFilter?4ComPortInit?3?5Entry?6?$AA@
0x1C0002500: "\UevConnectCreateNotifyPort" ??_C@_1DI@MLBICNJH@?$AA?2?$AAU?$AAe?$AAv?$AAC?$AAo?$AAn?$AAn?$AAe?$AAc?$AAt?$AAC?$AAr?$AAe?$AAa?$AAt?$AAe?$AAN?$AAo?$AAt?$AAi?$AAf?$AAy?$AAP?$AAo?$AAr?$AAt?$AA?$AA@
0x1C000A6D0: GsDriverEntry
0x1C0007188: "__cdecl _guard_check_icall_fptr" __guard_check_icall_fptr
0x1C0003BC0: "NULL" ??_C@_04HIBGFPH@NULL?$AA@
0x1C0002DA8: "UevFilter.HookProcessNotify: Exi" ??_C@_0DF@LHMGODAD@UevFilter?4HookProcessNotify?3?5Exi@
0x1C0003CE0: "UevFilter.DriverEntry: Hook proc" ??_C@_0EC@IDENNILF@UevFilter?4DriverEntry?3?5Hook?5proc@
0x1C00036E0: "UevFilter.LookupWellKnownSid: Ex" ??_C@_0DE@NBMIACAO@UevFilter?4LookupWellKnownSid?3?5Ex@
0x1C0001008: McGenEventWrite
0x1C0007110: "__cdecl _imp_ZwQueryValueKey" __imp_ZwQueryValueKey
0x1C0002790: "FilterSendMsgTimeout" ??_C@_1CK@HFNLLJI@?$AAF?$AAi?$AAl?$AAt?$AAe?$AAr?$AAS?$AAe?$AAn?$AAd?$AAM?$AAs?$AAg?$AAT?$AAi?$AAm?$AAe?$AAo?$AAu?$AAt?$AA?$AA@
0x1C0002FD8: "UevFilter.FreeSessionTableEntry:" ??_C@_0CI@MIBCO@UevFilter?4FreeSessionTableEntry?3@
0x1C0003308: "UevFilter.GetMaxConnections: Ent" ??_C@_0CE@PMLDKLAL@UevFilter?4GetMaxConnections?3?5Ent@
0x1C0004100: "UevFilter.FreeGenericBuffer: Ent" ??_C@_0CE@CCEKKNLD@UevFilter?4FreeGenericBuffer?3?5Ent@
0x1C0002978: DriverUnloaded
0x1C0009564: UnInitializeDriver
0x1C00013B8: DbgTraceFrmt
0x1C0004190: "UevFilter.FreeGenericUnicodeStri" ??_C@_0CL@EMFPCGFJ@UevFilter?4FreeGenericUnicodeStri@
0x1C00070D8: "__cdecl _imp__vsnprintf" __imp__vsnprintf
0x1C0001870: "__cdecl _security_check_cookie" __security_check_cookie
0x1C0008440: ComPortClose
0x1C00043A0: "UevFilter.GetFileNameFromPath: I" ??_C@_0DD@KHJLILMJ@UevFilter?4GetFileNameFromPath?3?5I@
0x1C0002608: "UevFilter.ComPortSendMsg: Entry " ??_C@_0CB@NCPCNGKD@UevFilter?4ComPortSendMsg?3?5Entry?6@
0x1C0003DA0: "UevFilter.DriverUnload: Entry " ??_C@_0BP@CGHFNNBJ@UevFilter?4DriverUnload?3?5Entry?6?$AA@
0x1C0007018: "__cdecl _imp_FltCreateCommunicationPort" __imp_FltCreateCommunicationPort
0x1C00071C0: "__cdecl _IMPORT_DESCRIPTOR_FLTMGR" __IMPORT_DESCRIPTOR_FLTMGR
0x1C00045E8: "UevFilter.IsMonitoredProcess: Ex" ??_C@_0DF@IKIBJCD@UevFilter?4IsMonitoredProcess?3?5Ex@
0x1C0007198: "__cdecl _IMPORT_DESCRIPTOR_ntoskrnl" __IMPORT_DESCRIPTOR_ntoskrnl
0x1C0007028: "__cdecl _imp_FltCloseClientPort" __imp_FltCloseClientPort
0x1C0003140: "UevFilter.GetCompletionPortSecur" ??_C@_0FM@MFDOEIIL@UevFilter?4GetCompletionPortSecur@
0x1C0002AE8: "UevFilter.FindTableEntryInFilter" ??_C@_0DB@KABPGEBO@UevFilter?4FindTableEntryInFilter@
0x1C0002990: ProcessStart2
0x1C0002340: "UevFilter.PortConnectHandler: En" ??_C@_0CF@PHDBLNLC@UevFilter?4PortConnectHandler?3?5En@
0x1C0003EF0: "\REGISTRY\MACHINE\SOFTWARE\Micro" ??_C@_1HE@FGLMCJE@?$AA?2?$AAR?$AAE?$AAG?$AAI?$AAS?$AAT?$AAR?$AAY?$AA?2?$AAM?$AAA?$AAC?$AAH?$AAI?$AAN?$AAE?$AA?2?$AAS?$AAO?$AAF?$AAT?$AAW?$AAA?$AAR?$AAE?$AA?2?$AAM?$AAi?$AAc?$AAr?$AAo@
0x1C0007168: "__cdecl _imp_KeDelayExecutionThread" __imp_KeDelayExecutionThread
0x1C0002710: "\REGISTRY\MACHINE\SOFTWARE\Micro" ??_C@_1HK@OJJEKAEP@?$AA?2?$AAR?$AAE?$AAG?$AAI?$AAS?$AAT?$AAR?$AAY?$AA?2?$AAM?$AAA?$AAC?$AAH?$AAI?$AAN?$AAE?$AA?2?$AAS?$AAO?$AAF?$AAT?$AAW?$AAA?$AAR?$AAE?$AA?2?$AAM?$AAi?$AAc?$AAr?$AAo@
0x1C00092C0: ProcessEventUninitialize
0x1C0002EF8: "\UevProcessEventPort" ??_C@_1CK@CCOBBGNH@?$AA?2?$AAU?$AAe?$AAv?$AAP?$AAr?$AAo?$AAc?$AAe?$AAs?$AAs?$AAE?$AAv?$AAe?$AAn?$AAt?$AAP?$AAo?$AAr?$AAt?$AA?$AA@
0x1C00086D4: ComPortInit
0x1C0003718: "UevFilter.IsSupportedVersion: En" ??_C@_0CF@LLOIAELG@UevFilter?4IsSupportedVersion?3?5En@
0x1C00070E0: "__cdecl _imp_EtwUnregister" __imp_EtwUnregister
0x1C0008B3C: RemoveFilterHashTableEntry
0x1C000B000: "__cdecl _guard_fids_table" __guard_fids_table
0x1C0007148: "__cdecl _imp_ExAcquireResourceExclusiveLite" __imp_ExAcquireResourceExclusiveLite
0x1C0004620: "FilterDebugLevel" ??_C@_1CC@FNDKMKJL@?$AAF?$AAi?$AAl?$AAt?$AAe?$AAr?$AAD?$AAe?$AAb?$AAu?$AAg?$AAL?$AAe?$AAv?$AAe?$AAl?$AA?$AA@
0x1C0002090: "__cdecl load_config_used" _load_config_used
0x1C0001604: FreeGenericBuffer
0x1C00037E0: "UevFilter.PortConnectHandler: Se" ??_C@_0EG@GHCLPILE@UevFilter?4PortConnectHandler?3?5Se@
0x1C0008A98: FreeFilterHashTable
0x1C0009A18: GetDebugLevel
0x1C0007160: "__cdecl _imp_ZwOpenProcessTokenEx" __imp_ZwOpenProcessTokenEx
0x1C000123C: McGenEventUnregister
0x1C0002270: "UevFilter.IsClientSessionValid: " ??_C@_0EL@BINCFMDA@UevFilter?4IsClientSessionValid?3?5@
0x1C0007138: "__cdecl _imp_ZwClose" __imp_ZwClose
0x1C0002E90: "UevFilter.CreateProcessEventComp" ??_C@_0GB@PNNNCJBE@UevFilter?4CreateProcessEventComp@
0x1C0004058: "UevFilter.AllocateGenericBuffer:" ??_C@_0DG@ILOPHPKN@UevFilter?4AllocateGenericBuffer?3@
0x1C0003860: "UevFilter.PortConnectHandler: Ex" ??_C@_0DC@MIFFAMDE@UevFilter?4PortConnectHandler?3?5Ex@
0x1C0007010: "__cdecl _imp_FltSendMessage" __imp_FltSendMessage
0x1C000149C: DbgTraceFrmtErr
0x1C0002A50: "UevFilter.AllocateFilterHashTabl" ??_C@_0CK@CDJONOHM@UevFilter?4AllocateFilterHashTabl@
0x1C0003690: "UevFilter.LookupWellKnownSid: Fa" ??_C@_0EM@NGDFFFGK@UevFilter?4LookupWellKnownSid?3?5Fa@
0x1C0002460: "UevFilter.PortDisconnectHandler:" ??_C@_0CH@HKJGHAIJ@UevFilter?4PortDisconnectHandler?3@
0x1C00050E9: processNotifyHooked
0x1C0003740: "true" ??_C@_04LOAJBDKD@true?$AA@
0x1C0004208: "UevFilter.FreeGenericUnicodeStri" ??_C@_0CK@JLKPFFNI@UevFilter?4FreeGenericUnicodeStri@
0x1C0007050: ksecdd_NULL_THUNK_DATA
0x1C0002368: "UevFilter.PortConnectHandler: In" ??_C@_0DH@JECKEANO@UevFilter?4PortConnectHandler?3?5In@
0x1C00070A0: "__cdecl _imp_KeReleaseGuardedMutex" __imp_KeReleaseGuardedMutex
0x1C0003828: "UevFilter.PortConnectHandler: In" ??_C@_0DC@BLNOLHPK@UevFilter?4PortConnectHandler?3?5In@
0x1C0004128: "UevFilter.FreeGenericBuffer: Inv" ??_C@_0DK@CJEEANBH@UevFilter?4FreeGenericBuffer?3?5Inv@
0x1C0004480: "UevFilter.IsRestrictedProcess: E" ??_C@_0DG@HLBJDIJH@UevFilter?4IsRestrictedProcess?3?5E@
0x1C0004168: "UevFilter.FreeGenericBuffer: Exi" ??_C@_0CD@OFCCFIEP@UevFilter?4FreeGenericBuffer?3?5Exi@
0x1C00018C0: "__cdecl guard_check_icall_nop" _guard_check_icall_nop
0x1C00050EB: portCreated
0x1C0009384: SendProcessEventMessage
0x1C00024B0: "UevFilter.ComPortCreate: Failed " ??_C@_0EM@LNFBGBNH@UevFilter?4ComPortCreate?3?5Failed?5@
0x1C0003060: "UevFilter.GetCompletionPortSecur" ??_C@_0GG@BGNPDJC@UevFilter?4GetCompletionPortSecur@
0x1C0003D30: "UevFilter.DriverEntry: Failed to" ??_C@_0EL@DOGJMIBP@UevFilter?4DriverEntry?3?5Failed?5to@
0x1C00012B0: McTemplateK0s
0x1C00071AC: "__cdecl _IMPORT_DESCRIPTOR_ksecdd" __IMPORT_DESCRIPTOR_ksecdd
0x1C0004540: "UevFilter.IsMonitoredProcess: In" ??_C@_0FC@IHOBFIKA@UevFilter?4IsMonitoredProcess?3?5In@
0x1C0003DC0: "UevFilter.DriverUnload: Exit " ??_C@_0BO@BHEOHMJ@UevFilter?4DriverUnload?3?5Exit?6?$AA@
0x1C0003200: "UevFilter.GetCompletionPortSecur" ??_C@_0FJ@CHEIFJKC@UevFilter?4GetCompletionPortSecur@
0x1C0003640: "UevFilter.LookupWellKnownSid: Fa" ??_C@_0EG@EJNEDDHA@UevFilter?4LookupWellKnownSid?3?5Fa@
0x1C0001068: McTemplateK0hzr0q
0x1C0001270: McTemplateK0
0x1C0003B80: "UevFilter.SendProcessEventMessag" ??_C@_0DN@NBOKEEBN@UevFilter?4SendProcessEventMessag@
0x1C0004300: "UevFilter.ReadRegistryDword: Inv" ??_C@_0DK@GHANGFI@UevFilter?4ReadRegistryDword?3?5Inv@
0x1C0003C90: "UevFilter.DriverEntry: Communica" ??_C@_0EK@EEEDPEAP@UevFilter?4DriverEntry?3?5Communica@
0x1C0009510: DriverUnload
0x1C00034F0: "UevFilter.GetSessionIdFromProces" ??_C@_0EP@DNILHMMA@UevFilter?4GetSessionIdFromProces@
0x1C0003BF0: "UevFilter.DriverEntry: ComPort i" ??_C@_0EF@KBJHCBHF@UevFilter?4DriverEntry?3?5ComPort?5i@
0x1C00070B8: "__cdecl _imp_ExReleaseResourceLite" __imp_ExReleaseResourceLite
0x1C0005080: "__cdecl _security_cookie" __security_cookie
0x1C0002E18: "UevFilter.CloseProcessEventCompl" ??_C@_0DB@DBKOLDBC@UevFilter?4CloseProcessEventCompl@
0x1C0008D9C: HookProcessNotify
0x1C0002438: "UevFilter.ComPort: Closing clien" ??_C@_0CI@IGKBMKLO@UevFilter?4ComPort?3?5Closing?5clien@
0x1C0003028: "UevFilter.GetCompletionPortSecur" ??_C@_0DG@NFCEAJKC@UevFilter?4GetCompletionPortSecur@
0x1C0003BC8: "UevFilter.DriverEntry: Entry " ??_C@_0BO@JFPHIHAL@UevFilter?4DriverEntry?3?5Entry?6?$AA@
0x1C0003400: "UevFilter.GetSessionIdFromProces" ??_C@_0CM@PCCECMCA@UevFilter?4GetSessionIdFromProces@
0x1C0004090: "UevFilter.AllocateGenericUnicode" ??_C@_0CP@KEBMKHEK@UevFilter?4AllocateGenericUnicode@
0x1C0003B30: "UevFilter.SendProcessEventMessag" ??_C@_0EL@DKFCMDHN@UevFilter?4SendProcessEventMessag@
0x1C0003E80: "StringCchPrintfA() in DbgTraceFr" ??_C@_0EE@NFAGELHB@StringCchPrintfA?$CI?$CJ?5in?5DbgTraceFr@
0x1C00010F0: McGenControlCallbackV2
0x1C0002220: "UevFilter.IsClientSessionValid: " ??_C@_0EJ@LEHCDHLN@UevFilter?4IsClientSessionValid?3?5@
0x1C0002820: "UevFilter.ComPortInit: Setting s" ??_C@_0EA@NLJOAMCI@UevFilter?4ComPortInit?3?5Setting?5s@
0x1C0003330: "MaxProcessEventConnections" ??_C@_1DG@ECHJIHNC@?$AAM?$AAa?$AAx?$AAP?$AAr?$AAo?$AAc?$AAe?$AAs?$AAs?$AAE?$AAv?$AAe?$AAn?$AAt?$AAC?$AAo?$AAn?$AAn?$AAe?$AAc?$AAt?$AAi?$AAo?$AAn?$AAs?$AA?$AA@
0x1C00070D0: "__cdecl _imp_DbgPrintEx" __imp_DbgPrintEx
0x1C00027C0: "UevFilter.ComPortInit: Send mess" ??_C@_0FB@EECGHEBH@UevFilter?4ComPortInit?3?5Send?5mess@
0x1C0002968: UevAgentDriver
0x1C0003EC8: "mavinject.exe" ??_C@_1BM@MDKMFHI@?$AAm?$AAa?$AAv?$AAi?$AAn?$AAj?$AAe?$AAc?$AAt?$AA?4?$AAe?$AAx?$AAe?$AA?$AA@
0x1C0007038: "__cdecl _imp_FltUnregisterFilter" __imp_FltUnregisterFilter
0x1C00035E0: "UevFilter.LookupWellKnownSid: Fa" ??_C@_0FB@KGBEBHL@UevFilter?4LookupWellKnownSid?3?5Fa@
0x1C0005130: sendMsgTimeout
0x1C000A704: "__cdecl _security_init_cookie" __security_init_cookie
0x1C00070E8: "__cdecl _imp_EtwRegister" __imp_EtwRegister
0x1C0003748: "false" ??_C@_05LAPONLG@false?$AA@
0x1C0002F30: "UevFilter.CreateProcessEventComp" ??_C@_0GA@NFNKCPFE@UevFilter?4CreateProcessEventComp@
0x1C00011FC: McGenEventRegister
0x1C00028F0: "UevFilter.ComPortUnInit: Failed " ??_C@_0EC@EECGAEDD@UevFilter?4ComPortUnInit?3?5Failed?5@
0x1C0003A38: "UevFilter.ProcessEventUninitiali" ??_C@_0CK@OKENHIM@UevFilter?4ProcessEventUninitiali@
0x1C0007088: "__cdecl _imp_RtlLengthSid" __imp_RtlLengthSid
0x1C0002630: "UevFilter.ComPortSendMsg: Invali" ??_C@_0DH@BIFNKCNA@UevFilter?4ComPortSendMsg?3?5Invali@
0x1C00038D0: "UevFilter.ProcessEventInitialize" ??_C@_0FE@KGOFCEDA@UevFilter?4ProcessEventInitialize@
0x1C00018A0: "__cdecl _report_gsfailure" __report_gsfailure
0x1C00045A0: "UevFilter.IsMonitoredProcess: Fa" ??_C@_0EI@CPCDHFNN@UevFilter?4IsMonitoredProcess?3?5Fa@
0x1C00035B8: "UevFilter.LookupWellKnownSid: En" ??_C@_0CF@LJKJPJOH@UevFilter?4LookupWellKnownSid?3?5En@
0x1C0007080: "__cdecl _imp_RtlVerifyVersionInfo" __imp_RtlVerifyVersionInfo
0x1C0003490: "UevFilter.GetSessionIdFromProces" ??_C@_0FD@ODMOJNMK@UevFilter?4GetSessionIdFromProces@
0x1C00029F0: "UevFilter.AddHandleHashTableEntr" ??_C@_0CK@ENCDCCLB@UevFilter?4AddHandleHashTableEntr@
0x1C00070C0: "__cdecl _imp_ExInitializeResourceLite" __imp_ExInitializeResourceLite
0x1C0007170: "__cdecl _imp_KeAcquireGuardedMutex" __imp_KeAcquireGuardedMutex
0x1C0007180: ntoskrnl_NULL_THUNK_DATA
0x1C0007118: "__cdecl _imp_ExFreePoolWithTag" __imp_ExFreePoolWithTag
0x1C0007150: "__cdecl _imp_KeEnterCriticalRegion" __imp_KeEnterCriticalRegion
0x1C0003930: "UevFilter.ProcessEventInitialize" ??_C@_0FH@OOKAIHBC@UevFilter?4ProcessEventInitialize@
0x1C0007078: "__cdecl _imp_RtlSetDaclSecurityDescriptor" __imp_RtlSetDaclSecurityDescriptor
0x1C00030D0: "UevFilter.GetCompletionPortSecur" ??_C@_0GJ@KPNEANJP@UevFilter?4GetCompletionPortSecur@
0x1C000A568: DriverEntry
0x1C0003000: "UevFilter.FreeSessionTableEntry:" ??_C@_0CH@KBBIHMPJ@UevFilter?4FreeSessionTableEntry?3@
0x1C0002410: "UevFilter.PortDisconnectHandler:" ??_C@_0CI@FANCHOBO@UevFilter?4PortDisconnectHandler?3@
0x1C0002BD0: "UevFilter.RemoveHandleFromHashTa" ??_C@_0CM@FBCDNMPB@UevFilter?4RemoveHandleFromHashTa@
0x1C000A4B4: ProcessEventInitialize
0x1C0007120: "__cdecl _imp_ZwOpenKey" __imp_ZwOpenKey
0x1C0003D80: "UevFilter.DriverEntry: Exit " ??_C@_0BN@OFFENLDB@UevFilter?4DriverEntry?3?5Exit?6?$AA@
0x1C0001980: memset
0x1C00071D4: "__cdecl _NULL_IMPORT_DESCRIPTOR" __NULL_IMPORT_DESCRIPTOR
0x1C00032C0: "UevFilter.GetCompletionPortSecur" ??_C@_0EF@ILLGPPLP@UevFilter?4GetCompletionPortSecur@

[JEB Decompiler by PNF Software]