PDB Symbols - WdBoot.sys (0x3EC126095A98E76E003EE0F8CE71E44B1CD9CA6EF63FF94A84981CB763B4E2A6)

Generated by JEB on 2019/08/01

PE: C:\Windows\ELAMBKUP\WdBoot.sys Base=0x1C0000000 SHA-256=3EC126095A98E76E003EE0F8CE71E44B1CD9CA6EF63FF94A84981CB763B4E2A6
PDB: WdBoot.pdb GUID={DF9E6A71-2FF4-FA4A-B33A7393BB178F34} Age=1

182 located named symbols:
0x1C00011D0: WppClassicProviderCallback
0x1C0002020: MpQuickSort
0x1C0001F40: MpBinarySearch
0x1C0006038: "__cdecl _imp_BCryptVerifySignature" __imp_BCryptVerifySignature
0x1C0004018: "__cdecl _security_cookie_complement" __security_cookie_complement
0x1C0007110: WppTraceCallback
0x1C0006118: "__cdecl _imp_ObfDereferenceObject" __imp_ObfDereferenceObject
0x1C0003220: "\Callback\WdEbNotificationCallba" ??_C@_1EG@LOIFINMJ@?$AA?2?$AAC?$AAa?$AAl?$AAl?$AAb?$AAa?$AAc?$AAk?$AA?2?$AAW?$AAd?$AAE?$AAb?$AAN?$AAo?$AAt?$AAi?$AAf?$AAi?$AAc?$AAa?$AAt?$AAi?$AAo?$AAn?$AAC?$AAa?$AAl?$AAl?$AAb?$AAa@
0x1C0007974: MpEbGetFinalPathComponent
0x1C0006108: "__cdecl _imp_RtlInitUnicodeString" __imp_RtlInitUnicodeString
0x1C00027F0: "__cdecl guard_dispatch_icall_nop" _guard_dispatch_icall_nop
0x1C0007F2C: MpEbPreEnumerateValueKey
0x1C00032B8: "IoRegisterBootDriverCallback" ??_C@_1DK@FEEJCIML@?$AAI?$AAo?$AAR?$AAe?$AAg?$AAi?$AAs?$AAt?$AAe?$AAr?$AAB?$AAo?$AAo?$AAt?$AAD?$AAr?$AAi?$AAv?$AAe?$AAr?$AAC?$AAa?$AAl?$AAl?$AAb?$AAa?$AAc?$AAk?$AA?$AA@
0x1C00060A0: "__cdecl _imp_ExpInterlockedPushEntrySList" __imp_ExpInterlockedPushEntrySList
0x1C0006048: "__cdecl _imp_BCryptDestroyKey" __imp_BCryptDestroyKey
0x1C0003170: "WmiTraceMessage" ??_C@_1CA@OFIBBPKJ@?$AAW?$AAm?$AAi?$AAT?$AAr?$AAa?$AAc?$AAe?$AAM?$AAe?$AAs?$AAs?$AAa?$AAg?$AAe?$AA?$AA@
0x1C00036D0: g_MpPublicKeyRaw
0x1C0007A00: EbAllocateMemory
0x1C0001108: WPP_SF_qZL
0x1C000175C: EbCleanupSignatureData
0x1C0006168: "__cdecl _guard_dispatch_icall_fptr" __guard_dispatch_icall_fptr
0x1C00093B0: MpEbCopyImageInformation
0x1C00060E8: "__cdecl _imp_MmGetSystemRoutineAddress" __imp_MmGetSystemRoutineAddress
0x1C0001204: RtlUnicodeStringCopy
0x1C00060F8: "__cdecl _imp_wcsstr" __imp_wcsstr
0x1C00060F0: "__cdecl _imp_ExNotifyCallback" __imp_ExNotifyCallback
0x1C0007470: MpEbUnload
0x1C0006000: "__cdecl _imp_BCryptCreateHash" __imp_BCryptCreateHash
0x1C0002800: memcpy
0x1C0001CD0: EbLookupPropertyEx
0x1C0003478: "SystemStartOptions" ??_C@_1CG@BLIBLCJE@?$AAS?$AAy?$AAs?$AAt?$AAe?$AAm?$AAS?$AAt?$AAa?$AAr?$AAt?$AAO?$AAp?$AAt?$AAi?$AAo?$AAn?$AAs?$AA?$AA@
0x1C00060D0: "__cdecl _imp_ZwSetValueKey" __imp_ZwSetValueKey
0x1C00080A0: MpEbPostEnumerateValueKey
0x1C0003338: "WdBoot" ??_C@_1O@MJKNFPNM@?$AAW?$AAd?$AAB?$AAo?$AAo?$AAt?$AA?$AA@
0x1C0004050: pfnWppGetVersion
0x1C0002649: "__cdecl _C_specific_handler" __C_specific_handler
0x1C0002800: memmove
0x1C0006100: "__cdecl _imp_RtlCopyUnicodeString" __imp_RtlCopyUnicodeString
0x1C00025E4: "__cdecl _GSHandlerCheckCommon" __GSHandlerCheckCommon
0x1C00074F0: MpEbBootDriverCallback
0x1C0004160: WPP_MAIN_CB
0x1C0007A9C: MpEbPreQueryValueKey
0x1C00014B0: WPP_SF_qLLLL
0x1C00085D8: MpEbFreeRegistryEntry
0x1C00060C0: "__cdecl _imp_ZwDeleteValueKey" __imp_ZwDeleteValueKey
0x1C00033F8: "Signatures" ??_C@_1BG@CMLBLDFG@?$AAS?$AAi?$AAg?$AAn?$AAa?$AAt?$AAu?$AAr?$AAe?$AAs?$AA?$AA@
0x1C0006098: "__cdecl _imp_ExAllocatePoolWithTag" __imp_ExAllocatePoolWithTag
0x1C0006130: "__cdecl _imp_ExpInterlockedFlushSList" __imp_ExpInterlockedFlushSList
0x1C0004118: pfnWppQueryTraceInformation
0x1C0004060: MpEbGlobals
0x1C0006008: "__cdecl _imp_BCryptHashData" __imp_BCryptHashData
0x1C0006128: "__cdecl _imp_RtlUpcaseUnicodeChar" __imp_RtlUpcaseUnicodeChar
0x1C000314C: "" ??_C@_13BLAPAIAM@?$AA?$AI?$AA?$AA@
0x1C0002678: "__cdecl _GSHandlerCheck_SEH" __GSHandlerCheck_SEH
0x1C00035A8: WPP_5a40231bb555394103204d3410935eda_Traceguids
0x1C0006140: "__cdecl _imp___C_specific_handler" __imp___C_specific_handler
0x1C0009C98: MpEbGetEntryPointSnapshot
0x1C00025C0: "__cdecl _GSHandlerCheck" __GSHandlerCheck
0x1C0006120: "__cdecl _imp_CmUnRegisterCallback" __imp_CmUnRegisterCallback
0x1C0003150: "PsGetVersion" ??_C@_1BK@DHLDGJM@?$AAP?$AAs?$AAG?$AAe?$AAt?$AAV?$AAe?$AAr?$AAs?$AAi?$AAo?$AAn?$AA?$AA@
0x1C0006150: "__cdecl _imp_ExAllocatePoolWithQuotaTag" __imp_ExAllocatePoolWithQuotaTag
0x1C0006020: "__cdecl _imp_BCryptCloseAlgorithmProvider" __imp_BCryptCloseAlgorithmProvider
0x1C0003528: "SHA1" ??_C@_19DILNDFJH@?$AAS?$AAH?$AAA?$AA1?$AA?$AA@
0x1C0003140: "NULL" ??_C@_19CIJIHAKK@?$AAN?$AAU?$AAL?$AAL?$AA?$AA@
0x1C0004040: pfnEtwRegisterClassicProvider
0x1C00083E0: MpEbAddRegistryEntry
0x1C0009308: MpEbFreeDriverInfoEx
0x1C000AC24: MpEbInitModuleInformation
0x1C00097B0: MpEbGenerateElamInformation
0x1C0004120: pfnEtwUnregister
0x1C0008C58: MpEbClearModuleInformation
0x1C0006138: "__cdecl _imp_RtlEqualUnicodeString" __imp_RtlEqualUnicodeString
0x1C0001398: WPP_SF_qZZ
0x1C000B240: GsDriverEntry
0x1C0006160: "__cdecl _guard_check_icall_fptr" __guard_check_icall_fptr
0x1C000A850: MpEbGetSignatures
0x1C0006040: "__cdecl _imp_BCryptGetProperty" __imp_BCryptGetProperty
0x1C0006018: "__cdecl _imp_BCryptDestroyHash" __imp_BCryptDestroyHash
0x1C00034B8: WPP_ThisDir_CTLGUID_MpBoot
0x1C0004000: WPP_GLOBAL_Control
0x1C0006058: "__cdecl _imp_ZwQueryValueKey" __imp_ZwQueryValueKey
0x1C00060A8: "__cdecl _imp_CmCallbackGetKeyObjectID" __imp_CmCallbackGetKeyObjectID
0x1C0007A2C: EbFreeMemory
0x1C00033E0: "Measured" ??_C@_1BC@MCLEMEHP@?$AAM?$AAe?$AAa?$AAs?$AAu?$AAr?$AAe?$AAd?$AA?$AA@
0x1C0002580: "__cdecl _security_check_cookie" __security_check_cookie
0x1C00037F0: "RtlQueryModuleInformation" ??_C@_1DE@HMCCLJNL@?$AAR?$AAt?$AAl?$AAQ?$AAu?$AAe?$AAr?$AAy?$AAM?$AAo?$AAd?$AAu?$AAl?$AAe?$AAI?$AAn?$AAf?$AAo?$AAr?$AAm?$AAa?$AAt?$AAi?$AAo?$AAn?$AA?$AA@
0x1C0003410: "\Registry\Machine\SYSTEM\Current" ??_C@_1GG@DILNKBOH@?$AA?2?$AAR?$AAe?$AAg?$AAi?$AAs?$AAt?$AAr?$AAy?$AA?2?$AAM?$AAa?$AAc?$AAh?$AAi?$AAn?$AAe?$AA?2?$AAS?$AAY?$AAS?$AAT?$AAE?$AAM?$AA?2?$AAC?$AAu?$AAr?$AAr?$AAe?$AAn?$AAt@
0x1C0006110: "__cdecl _imp_ExCreateCallback" __imp_ExCreateCallback
0x1C0003580: "RSA" ??_C@_17CEGMJBCM@?$AAR?$AAS?$AAA?$AA?$AA@
0x1C0006170: "__cdecl _IMPORT_DESCRIPTOR_ntoskrnl" __IMPORT_DESCRIPTOR_ntoskrnl
0x1C0003010: g_MpFilterName
0x1C0006080: "__cdecl _imp_CmRegisterCallback" __imp_CmRegisterCallback
0x1C00060C8: "__cdecl _imp_RtlInitAnsiString" __imp_RtlInitAnsiString
0x1C0003270: "\Callback\MpEbNotificationCallba" ??_C@_1EG@CCCPKCAL@?$AA?2?$AAC?$AAa?$AAl?$AAl?$AAb?$AAa?$AAc?$AAk?$AA?2?$AAM?$AAp?$AAE?$AAb?$AAN?$AAo?$AAt?$AAi?$AAf?$AAi?$AAc?$AAa?$AAt?$AAi?$AAo?$AAn?$AAC?$AAa?$AAl?$AAl?$AAb?$AAa@
0x1C00073F0: WppCleanupKm
0x1C000C000: "__cdecl _guard_fids_table" __guard_fids_table
0x1C00035F8: "ElamInfo" ??_C@_1BC@OFPJOJDC@?$AAE?$AAl?$AAa?$AAm?$AAI?$AAn?$AAf?$AAo?$AA?$AA@
0x1C0003030: "__cdecl load_config_used" _load_config_used
0x1C0003610: WPP_20e526ad19533fb245ce1f7446a8437d_Traceguids
0x1C0006088: "__cdecl _imp_ZwClose" __imp_ZwClose
0x1C00035D8: "MpFilter.sys" ??_C@_1BK@NCIJGCMH@?$AAM?$AAp?$AAF?$AAi?$AAl?$AAt?$AAe?$AAr?$AA?4?$AAs?$AAy?$AAs?$AA?$AA@
0x1C00035B8: "WdFilter.sys" ??_C@_1BK@CONFLOAO@?$AAW?$AAd?$AAF?$AAi?$AAl?$AAt?$AAe?$AAr?$AA?4?$AAs?$AAy?$AAs?$AA?$AA@
0x1C000B20C: MpEbGetEntryPoint
0x1C0008678: EbAuthenticateSignatureData
0x1C0006030: "__cdecl _imp_BCryptOpenAlgorithmProvider" __imp_BCryptOpenAlgorithmProvider
0x1C0008628: MpEbClearRegistryList
0x1C0001F14: EbLookupProperty
0x1C0007C2C: MpEbPostQueryValueKey
0x1C0003190: "WmiQueryTraceInformation" ??_C@_1DC@DOCOAJH@?$AAW?$AAm?$AAi?$AAQ?$AAu?$AAe?$AAr?$AAy?$AAT?$AAr?$AAa?$AAc?$AAe?$AAI?$AAn?$AAf?$AAo?$AAr?$AAm?$AAa?$AAt?$AAi?$AAo?$AAn?$AA?$AA@
0x1C0003538: "ObjectLength" ??_C@_1BK@GPNIFMAA@?$AAO?$AAb?$AAj?$AAe?$AAc?$AAt?$AAL?$AAe?$AAn?$AAg?$AAt?$AAh?$AA?$AA@
0x1C00060B8: "__cdecl _imp_RtlAnsiStringToUnicodeString" __imp_RtlAnsiStringToUnicodeString
0x1C00034D8: WPP_7ae9e25700243d649a8e708528197df4_Traceguids
0x1C0006070: InitSafeBootMode
0x1C0003200: "EtwUnregister" ??_C@_1BM@CJMKDOJH@?$AAE?$AAt?$AAw?$AAU?$AAn?$AAr?$AAe?$AAg?$AAi?$AAs?$AAt?$AAe?$AAr?$AA?$AA@
0x1C0006078: "__cdecl _imp_InitializeSListHead" __imp_InitializeSListHead
0x1C0002660: "__cdecl guard_check_icall_nop" _guard_check_icall_nop
0x1C0002710: memcmp
0x1C0007A50: MpEbRegistryCallback
0x1C0007008: WppLoadTracingSupport
0x1C0006068: "__cdecl _imp_IoWMIRegistrationControl" __imp_IoWMIRegistrationControl
0x1C0006148: "__cdecl _imp_ZwQuerySystemInformation" __imp_ZwQuerySystemInformation
0x1C0009CD0: AuxKlibInitialize
0x1C0004010: "__cdecl _security_cookie" __security_cookie
0x1C0009130: MpEbAllocateDriverInfoEx2
0x1C0008F20: MpEbAllocateDriverInfoEx
0x1C00060D8: "__cdecl _imp_RtlCompareMemory" __imp_RtlCompareMemory
0x1C00031C8: "EtwRegisterClassicProvider" ??_C@_1DG@PFOPAIND@?$AAE?$AAt?$AAw?$AAR?$AAe?$AAg?$AAi?$AAs?$AAt?$AAe?$AAr?$AAC?$AAl?$AAa?$AAs?$AAs?$AAi?$AAc?$AAP?$AAr?$AAo?$AAv?$AAi?$AAd?$AAe?$AAr?$AA?$AA@
0x1C000A64C: MpEbLoadSignaturesEx
0x1C0006010: "__cdecl _imp_BCryptImportKeyPair" __imp_BCryptImportKeyPair
0x1C0009A3C: MpPackLoadedDriverInfo
0x1C000A6DC: MpEbLoadSignatures
0x1C0009D30: AuxKlibQueryModuleInformation
0x1C0001008: WPP_SF_qL
0x1C000105C: WPP_SF_qZ
0x1C00034C8: WPP_3a41175151b239079750dc4f890d5c22_Traceguids
0x1C00034A0: "TESTSIGNING" ??_C@_1BI@MHOMIIJN@?$AAT?$AAE?$AAS?$AAT?$AAS?$AAI?$AAG?$AAN?$AAI?$AAN?$AAG?$AA?$AA@
0x1C0006070: "__cdecl _imp_InitSafeBootMode" __imp_InitSafeBootMode
0x1C000A970: MpEbIsTestModeEnabled
0x1C000B274: "__cdecl _security_init_cookie" __security_init_cookie
0x1C0003558: "HashDigestLength" ??_C@_1CC@DMMMEHOM@?$AAH?$AAa?$AAs?$AAh?$AAD?$AAi?$AAg?$AAe?$AAs?$AAt?$AAL?$AAe?$AAn?$AAg?$AAt?$AAh?$AA?$AA@
0x1C0001354: WPP_SF_q
0x1C00032F8: "IoUnregisterBootDriverCallback" ??_C@_1DO@DLIPCDEA@?$AAI?$AAo?$AAU?$AAn?$AAr?$AAe?$AAg?$AAi?$AAs?$AAt?$AAe?$AAr?$AAB?$AAo?$AAo?$AAt?$AAD?$AAr?$AAi?$AAv?$AAe?$AAr?$AAC?$AAa?$AAl?$AAl?$AAb?$AAa?$AAc?$AAk?$AA?$AA@
0x1C0006028: "__cdecl _imp_BCryptFinishHash" __imp_BCryptFinishHash
0x1C0003588: "RSAPUBLICBLOB" ??_C@_1BM@BJJGGDHH@?$AAR?$AAS?$AAA?$AAP?$AAU?$AAB?$AAL?$AAI?$AAC?$AAB?$AAL?$AAO?$AAB?$AA?$AA@
0x1C0004110: WPPTraceSuite
0x1C0006050: cng_NULL_THUNK_DATA
0x1C000ADF8: MpEbEnumerateModules
0x1C00034E8: "Microsoft Primitive Provider" ??_C@_1DK@HJHMGPGD@?$AAM?$AAi?$AAc?$AAr?$AAo?$AAs?$AAo?$AAf?$AAt?$AA?5?$AAP?$AAr?$AAi?$AAm?$AAi?$AAt?$AAi?$AAv?$AAe?$AA?5?$AAP?$AAr?$AAo?$AAv?$AAi?$AAd?$AAe?$AAr?$AA?$AA@
0x1C0006184: "__cdecl _IMPORT_DESCRIPTOR_cng" __IMPORT_DESCRIPTOR_cng
0x1C00025B0: "__cdecl _report_gsfailure" __report_gsfailure
0x1C00095F0: MpEbPersistElamInformation
0x1C0003000: g_WdFilterName
0x1C0003348: "\Registry\Machine\ELAM" ??_C@_1CO@IJDDDFMO@?$AA?2?$AAR?$AAe?$AAg?$AAi?$AAs?$AAt?$AAr?$AAy?$AA?2?$AAM?$AAa?$AAc?$AAh?$AAi?$AAn?$AAe?$AA?2?$AAE?$AAL?$AAA?$AAM?$AA?$AA@
0x1C0008D88: MpEbGetModuleEntry
0x1C0003378: "Windows Defender" ??_C@_1CC@BGCBEJJH@?$AAW?$AAi?$AAn?$AAd?$AAo?$AAw?$AAs?$AA?5?$AAD?$AAe?$AAf?$AAe?$AAn?$AAd?$AAe?$AAr?$AA?$AA@
0x1C0006158: ntoskrnl_NULL_THUNK_DATA
0x1C0006060: "__cdecl _imp_ExFreePoolWithTag" __imp_ExFreePoolWithTag
0x1C00017DC: EbLoadSignatureData
0x1C000A008: DriverEntry
0x1C00060E0: "__cdecl _imp_PsGetVersion" __imp_PsGetVersion
0x1C00060B0: "__cdecl _imp_memcpy_s" __imp_memcpy_s
0x1C0004048: pfnWppTraceMessage
0x1C00033A0: "Microsoft Antimalware Platform" ??_C@_1DO@PHNFFHPM@?$AAM?$AAi?$AAc?$AAr?$AAo?$AAs?$AAo?$AAf?$AAt?$AA?5?$AAA?$AAn?$AAt?$AAi?$AAm?$AAa?$AAl?$AAw?$AAa?$AAr?$AAe?$AA?5?$AAP?$AAl?$AAa?$AAt?$AAf?$AAo?$AAr?$AAm?$AA?$AA@
0x1C0006090: "__cdecl _imp_ZwOpenKey" __imp_ZwOpenKey
0x1C0007364: WppInitKm
0x1C0002B40: memset
0x1C0006198: "__cdecl _NULL_IMPORT_DESCRIPTOR" __NULL_IMPORT_DESCRIPTOR

[JEB Decompiler by PNF Software]