PDB Symbols - ProcLaunchMon.sys (0x74CF70729834F96236D6CAAFF4B38D3E21D93FFD830A1FEECF49C02D9BF75D5B)

Generated by JEB on 2019/08/01

PE: C:\Windows\System32\drivers\ProcLaunchMon.sys Base=0x1C0000000 SHA-256=74CF70729834F96236D6CAAFF4B38D3E21D93FFD830A1FEECF49C02D9BF75D5B
PDB: ProcLaunchMon.pdb GUID={C18E603A-7580-DDF7-E85CD6BE9009704B} Age=1

162 located named symbols:
0x1C0004290: "RC" ??_C@_15IGNKAAHD@?$AAR?$AAC?$AA?$AA@
0x1C0001DF0: "public: virtual void * __ptr64 __cdecl ProcessLaunchMonitorDevice::`vector deleting destructor'(unsigned int) __ptr64" ??_EProcessLaunchMonitorDevice@@UEAAPEAXI@Z
0x1C0008768: SepSddlGetAclForString
0x1C0001968: "public: long __cdecl NTList<unsigned long,0,class NullLock>::InsertIfMissing(unsigned long const & __ptr64) __ptr64" ?InsertIfMissing@?$NTList@K$0A@VNullLock@@@@QEAAJAEBK@Z
0x1C00027DC: "public: __cdecl LegacyDevice::LegacyDevice(struct _DRIVER_OBJECT * __ptr64,unsigned short const * __ptr64,unsigned long,unsigned long,bool,struct _UNICODE_STRING const * __ptr64) __ptr64" ??0LegacyDevice@@QEAA@PEAU_DRIVER_OBJECT@@PEBGKK_NPEBU_UNICODE_STRING@@@Z
0x1C0007180: "__cdecl _imp_RtlFreeUnicodeString" __imp_RtlFreeUnicodeString
0x1C0005088: "__cdecl _security_cookie_complement" __security_cookie_complement
0x1C0007050: "__cdecl _imp_ObfDereferenceObject" __imp_ObfDereferenceObject
0x1C0005210: PfnIoCreateDeviceSecure
0x1C00070B0: "__cdecl _imp_RtlInitUnicodeString" __imp_RtlInitUnicodeString
0x1C0007088: "__cdecl _imp_ExEventObjectType" __imp_ExEventObjectType
0x1C0002C80: "__cdecl guard_dispatch_icall_nop" _guard_dispatch_icall_nop
0x1C0007098: "__cdecl _imp_ZwOpenProcess" __imp_ZwOpenProcess
0x1C000148C: "public: __cdecl ProcessLaunchMonitorClient::ProcessLaunchMonitorClient(long,long * __ptr64) __ptr64" ??0ProcessLaunchMonitorClient@@QEAA@JPEAJ@Z
0x1C00070E8: "__cdecl _imp_IoCreateDevice" __imp_IoCreateDevice
0x1C00070F0: "__cdecl _imp_IoDeviceObjectType" __imp_IoDeviceObjectType
0x1C0004298: "WD" ??_C@_15ELMAKJHJ@?$AAW?$AAD?$AA?$AA@
0x1C00070C8: "__cdecl _imp_IofCompleteRequest" __imp_IofCompleteRequest
0x1C0007138: "__cdecl _imp_RtlCreateSecurityDescriptor" __imp_RtlCreateSecurityDescriptor
0x1C00080F0: IoDevObjCreateDeviceSecure
0x1C0007128: "__cdecl _imp_wcschr" __imp_wcschr
0x1C00071B0: "__cdecl _guard_dispatch_icall_fptr" __guard_dispatch_icall_fptr
0x1C000521C: PiRegStateDiscriptor
0x1C0007068: "__cdecl _imp_PsSuspendProcess" __imp_PsSuspendProcess
0x1C0007168: "__cdecl _imp_RtlGetOwnerSecurityDescriptor" __imp_RtlGetOwnerSecurityDescriptor
0x1C0007130: "__cdecl _imp__wcsnicmp" __imp__wcsnicmp
0x1C000829C: IopDevObjApplyPostCreationSettings
0x1C0001DF0: "public: virtual void * __ptr64 __cdecl ProcessLaunchMonitorDevice::`scalar deleting destructor'(unsigned int) __ptr64" ??_GProcessLaunchMonitorDevice@@UEAAPEAXI@Z
0x1C0004038: SDDL_DEVOBJ_SYS_ALL_ADM_ALL
0x1C00070D8: "__cdecl _imp_MmGetSystemRoutineAddress" __imp_MmGetSystemRoutineAddress
0x1C0007080: "__cdecl _imp_ZwCreateEvent" __imp_ZwCreateEvent
0x1C00042B8: "GR" ??_C@_15DNGEKDKB@?$AAG?$AAR?$AA?$AA@
0x1C0007030: "__cdecl _imp_KeWaitForSingleObject" __imp_KeWaitForSingleObject
0x1C0007008: "__cdecl _imp_KeReleaseSpinLock" __imp_KeReleaseSpinLock
0x1C0002CC0: memcpy
0x1C00085B0: SepSddlDaclFromSDDLString
0x1C00070A8: "__cdecl _imp_ZwSetValueKey" __imp_ZwSetValueKey
0x1C00070B8: "__cdecl _imp_IoDeleteDevice" __imp_IoDeleteDevice
0x1C0007120: "__cdecl _imp_RtlAbsoluteToSelfRelativeSD" __imp_RtlAbsoluteToSelfRelativeSD
0x1C0002CC0: memmove
0x1C0008434: SepSddlSecurityDescriptorFromSDDLString
0x1C0004218: "IoCreateDeviceSecure" ??_C@_1CK@LEEDIGFP@?$AAI?$AAo?$AAC?$AAr?$AAe?$AAa?$AAt?$AAe?$AAD?$AAe?$AAv?$AAi?$AAc?$AAe?$AAS?$AAe?$AAc?$AAu?$AAr?$AAe?$AA?$AA@
0x1C0002C0C: "__cdecl _GSHandlerCheckCommon" __GSHandlerCheckCommon
0x1C0008C4C: SepSddlParseWideStringUlong
0x1C0001D34: "public: void __cdecl ProcessLaunchMonitorClient::Release(void) __ptr64" ?Release@ProcessLaunchMonitorClient@@QEAAXXZ
0x1C00042C8: "GX" ??_C@_15FCNJEDMF@?$AAG?$AAX?$AA?$AA@
0x1C00042A0: "WO" ??_C@_15JMMBCOHI@?$AAW?$AAO?$AA?$AA@
0x1C00070D0: "__cdecl _imp_IoCreateSymbolicLink" __imp_IoCreateSymbolicLink
0x1C0001BD8: "public: int __cdecl NTList<unsigned long,0,class SpinLock>::Erase(unsigned long const & __ptr64) __ptr64" ?Erase@?$NTList@K$0A@VSpinLock@@@@QEAAHAEBK@Z
0x1C0007018: "__cdecl _imp_ExAllocatePoolWithTag" __imp_ExAllocatePoolWithTag
0x1C0007150: "__cdecl _imp__snwprintf" __imp__snwprintf
0x1C00017EC: "public: long __cdecl ProcessLaunchMonitorClient::Shutdown(void) __ptr64" ?Shutdown@ProcessLaunchMonitorClient@@QEAAJXZ
0x1C0001A0C: "public: long __cdecl NTQueueWithExportableWaitHandle<struct ProcessLaunchMonitorEvent>::DequeueElement(struct ProcessLaunchMonitorEvent * __ptr64) __ptr64" ?DequeueElement@?$NTQueueWithExportableWaitHandle@UProcessLaunchMonitorEvent@@@@QEAAJPEAUProcessLaunchMonitorEvent@@@Z
0x1C0002A9C: "public: virtual __cdecl LegacyDevice::~LegacyDevice(void) __ptr64" ??1LegacyDevice@@UEAA@XZ
0x1C000433C: "A" ??_C@_13PNBDBPLL@?$AAA?$AA?$AA@
0x1C0007158: "__cdecl _imp_SeCaptureSecurityDescriptor" __imp_SeCaptureSecurityDescriptor
0x1C00020E0: "public: virtual long __cdecl ProcessLaunchMonitorDevice::DispatchClose(struct _FILE_OBJECT * __ptr64) __ptr64" ?DispatchClose@ProcessLaunchMonitorDevice@@UEAAJPEAU_FILE_OBJECT@@@Z
0x1C0002BE8: "__cdecl _GSHandlerCheck" __GSHandlerCheck
0x1C0007038: "__cdecl _imp_PsSetCreateProcessNotifyRoutine" __imp_PsSetCreateProcessNotifyRoutine
0x1C0007118: "__cdecl _imp_RtlAddAccessAllowedAce" __imp_RtlAddAccessAllowedAce
0x1C0007140: "__cdecl _imp_SeExports" __imp_SeExports
0x1C0004160: "com_microsoft_idna_ProcLaunchMon" ??_C@_1EC@IJGDBCNO@?$AAc?$AAo?$AAm?$AA_?$AAm?$AAi?$AAc?$AAr?$AAo?$AAs?$AAo?$AAf?$AAt?$AA_?$AAi?$AAd?$AAn?$AAa?$AA_?$AAP?$AAr?$AAo?$AAc?$AAL?$AAa?$AAu?$AAn?$AAc?$AAh?$AAM?$AAo?$AAn@
0x1C0007060: "__cdecl _imp_PsResumeProcess" __imp_PsResumeProcess
0x1C00070C0: "__cdecl _imp_IoDeleteSymbolicLink" __imp_IoDeleteSymbolicLink
0x1C000986C: CmRegUtilWstrValueGetDword
0x1C0004250: "IoValidateDeviceIoControlAccess" ??_C@_1EA@BAHCLPHE@?$AAI?$AAo?$AAV?$AAa?$AAl?$AAi?$AAd?$AAa?$AAt?$AAe?$AAD?$AAe?$AAv?$AAi?$AAc?$AAe?$AAI?$AAo?$AAC?$AAo?$AAn?$AAt?$AAr?$AAo?$AAl?$AAA?$AAc?$AAc?$AAe?$AAs?$AAs?$AA?$AA@
0x1C0007148: "__cdecl _imp_RtlLengthSecurityDescriptor" __imp_RtlLengthSecurityDescriptor
0x1C00042A8: "SD" ??_C@_15NAFBOLGP@?$AAS?$AAD?$AA?$AA@
0x1C00095F4: CmRegUtilUcValueSetUcString
0x1C0008370: SeSddlSecurityDescriptorFromSDDL
0x1C0007170: "__cdecl _imp_RtlGetGroupSecurityDescriptor" __imp_RtlGetGroupSecurityDescriptor
0x1C0004420: "\Registry\Machine\System\Current" ??_C@_1HC@DKINPPAJ@?$AA?2?$AAR?$AAe?$AAg?$AAi?$AAs?$AAt?$AAr?$AAy?$AA?2?$AAM?$AAa?$AAc?$AAh?$AAi?$AAn?$AAe?$AA?2?$AAS?$AAy?$AAs?$AAt?$AAe?$AAm?$AA?2?$AAC?$AAu?$AAr?$AAr?$AAe?$AAn?$AAt@
0x1C0009738: CmRegUtilOpenExistingWstrKey
0x1C0008EFC: PiRegStateReadStackCreationSettingsFromKey
0x1C0007078: "__cdecl _imp_KeClearEvent" __imp_KeClearEvent
0x1C00090CC: PiRegStateOpenClassKey
0x1C0002B24: WdmlibRtlInitUnicodeStringEx
0x1C00043A0: "Security" ??_C@_1BC@FCJNIDNL@?$AAS?$AAe?$AAc?$AAu?$AAr?$AAi?$AAt?$AAy?$AA?$AA@
0x1C0002390: "public: void __cdecl ProcessLaunchMonitorDevice::HandleProcessCreatedOrDestroyed(bool,unsigned long,unsigned long) __ptr64" ?HandleProcessCreatedOrDestroyed@ProcessLaunchMonitorDevice@@QEAAX_NKK@Z
0x1C000A010: GsDriverEntry
0x1C00071A8: "__cdecl _guard_check_icall_fptr" __guard_check_icall_fptr
0x1C0001AFC: "public: long __cdecl NTQueueWithExportableWaitHandle<struct ProcessLaunchMonitorEvent>::EnqueueElement(struct ProcessLaunchMonitorEvent const & __ptr64) __ptr64" ?EnqueueElement@?$NTQueueWithExportableWaitHandle@UProcessLaunchMonitorEvent@@@@QEAAJAEBUProcessLaunchMonitorEvent@@@Z
0x1C0007088: ExEventObjectType
0x1C0008D50: PpRegStateReadCreateClassCreationSettings
0x1C0001100: "void __cdecl DriverUnload(struct _DRIVER_OBJECT * __ptr64)" ?DriverUnload@@YAXPEAU_DRIVER_OBJECT@@@Z
0x1C0008690: SepSddlGetSidForString
0x1C00043B8: "DeviceType" ??_C@_1BG@KCOOGCNN@?$AAD?$AAe?$AAv?$AAi?$AAc?$AAe?$AAT?$AAy?$AAp?$AAe?$AA?$AA@
0x1C0007070: "__cdecl _imp_ObReferenceObjectByHandle" __imp_ObReferenceObjectByHandle
0x1C00044A0: "{%08X-%04X-%04X-%02X%02X-%02X%02" ??_C@_1GG@FCALANDO@?$AA?$HL?$AA?$CF?$AA0?$AA8?$AAX?$AA?9?$AA?$CF?$AA0?$AA4?$AAX?$AA?9?$AA?$CF?$AA0?$AA4?$AAX?$AA?9?$AA?$CF?$AA0?$AA2?$AAX?$AA?$CF?$AA0?$AA2?$AAX?$AA?9?$AA?$CF?$AA0?$AA2?$AAX?$AA?$CF?$AA0?$AA2@
0x1C0007040: "__cdecl _imp_KeResetEvent" __imp_KeResetEvent
0x1C0007058: PsProcessType
0x1C0007190: "__cdecl _imp_ZwQueryValueKey" __imp_ZwQueryValueKey
0x1C00042B0: "GA" ??_C@_15HPMIFLNA@?$AAG?$AAA?$AA?$AA@
0x1C0001620: "public: long __cdecl ProcessLaunchMonitorClient::AddMonitoredPid(unsigned long) __ptr64" ?AddMonitoredPid@ProcessLaunchMonitorClient@@QEAAJK@Z
0x1C0002B80: "__cdecl _security_check_cookie" __security_check_cookie
0x1C00029B0: "public: virtual void * __ptr64 __cdecl LegacyDevice::`vector deleting destructor'(unsigned int) __ptr64" ??_ELegacyDevice@@UEAAPEAXI@Z
0x1C0001588: "public: __cdecl NTQueueWithExportableWaitHandle<struct ProcessLaunchMonitorEvent>::~NTQueueWithExportableWaitHandle<struct ProcessLaunchMonitorEvent>(void) __ptr64" ??1?$NTQueueWithExportableWaitHandle@UProcessLaunchMonitorEvent@@@@QEAA@XZ
0x1C0004000: "const ProcessLaunchMonitorDevice::`vftable'" ??_7ProcessLaunchMonitorDevice@@6B@
0x1C00071B8: "__cdecl _IMPORT_DESCRIPTOR_ntoskrnl" __IMPORT_DESCRIPTOR_ntoskrnl
0x1C0001C94: "public: __cdecl NTList<unsigned long,0,class SpinLock>::~NTList<unsigned long,0,class SpinLock>(void) __ptr64" ??1?$NTList@K$0A@VSpinLock@@@@QEAA@XZ
0x1C00042D0: "SeConvertStringSecurityDescripto" ??_C@_1GM@JINLDKKK@?$AAS?$AAe?$AAC?$AAo?$AAn?$AAv?$AAe?$AAr?$AAt?$AAS?$AAt?$AAr?$AAi?$AAn?$AAg?$AAS?$AAe?$AAc?$AAu?$AAr?$AAi?$AAt?$AAy?$AAD?$AAe?$AAs?$AAc?$AAr?$AAi?$AAp?$AAt?$AAo@
0x1C000B000: "__cdecl _guard_fids_table" __guard_fids_table
0x1C00070F8: "__cdecl _imp_ZwSetSecurityObject" __imp_ZwSetSecurityObject
0x1C0004050: "__cdecl load_config_used" _load_config_used
0x1C0004340: "Properties" ??_C@_1BG@COALCEMK@?$AAP?$AAr?$AAo?$AAp?$AAe?$AAr?$AAt?$AAi?$AAe?$AAs?$AA?$AA@
0x1C0007090: "__cdecl _imp_ZwClose" __imp_ZwClose
0x1C0008B4C: SepSddlAddAceToAcl
0x1C00097B4: CmRegUtilCreateWstrKey
0x1C0007028: "__cdecl _imp_KeInitializeEvent" __imp_KeInitializeEvent
0x1C00070E0: "__cdecl _imp_ObOpenObjectByPointer" __imp_ObOpenObjectByPointer
0x1C00029B0: "public: virtual void * __ptr64 __cdecl LegacyDevice::`scalar deleting destructor'(unsigned int) __ptr64" ??_GLegacyDevice@@UEAAPEAXI@Z
0x1C0007160: "__cdecl _imp_RtlGetSaclSecurityDescriptor" __imp_RtlGetSaclSecurityDescriptor
0x1C0004368: "NoDisplayClass" ??_C@_1BO@DAOBINHA@?$AAN?$AAo?$AAD?$AAi?$AAs?$AAp?$AAl?$AAa?$AAy?$AAC?$AAl?$AAa?$AAs?$AAs?$AA?$AA@
0x1C0004028: "const LegacyDevice::`vftable'" ??_7LegacyDevice@@6B@
0x1C0007178: "__cdecl _imp_RtlGetDaclSecurityDescriptor" __imp_RtlGetDaclSecurityDescriptor
0x1C000925C: PpRegStateUpdateStackCreationSettings
0x1C0007108: "__cdecl _imp_IoIsWdmVersionAvailable" __imp_IoIsWdmVersionAvailable
0x1C00043D0: "DeviceCharacteristics" ??_C@_1CM@DIJFBEC@?$AAD?$AAe?$AAv?$AAi?$AAc?$AAe?$AAC?$AAh?$AAa?$AAr?$AAa?$AAc?$AAt?$AAe?$AAr?$AAi?$AAs?$AAt?$AAi?$AAc?$AAs?$AA?$AA@
0x1C00021D0: "public: virtual long __cdecl ProcessLaunchMonitorDevice::DispatchBufferedIoctl(struct _FILE_OBJECT * __ptr64,unsigned long,unsigned long,void * __ptr64,unsigned long,unsigned __int64 * __ptr64) __ptr64" ?DispatchBufferedIoctl@ProcessLaunchMonitorDevice@@UEAAJPEAU_FILE_OBJECT@@KKPEAXKPEA_K@Z
0x1C0001F00: "public: virtual void __cdecl ProcessLaunchMonitorDevice::DispatchRoutine(class IncomingIrpWrapper * __ptr64) __ptr64" ?DispatchRoutine@ProcessLaunchMonitorDevice@@UEAAXPEAVIncomingIrpWrapper@@@Z
0x1C00051E0: PiRegStateSysAllInherittedSecurityDescriptor
0x1C0005218: WdmlibInitialized
0x1C0002A90: "__cdecl guard_check_icall_nop" _guard_check_icall_nop
0x1C0008008: WdmlibIoCreateDeviceSecure
0x1C0004358: "Class" ??_C@_1M@OAHBGIFG@?$AAC?$AAl?$AAa?$AAs?$AAs?$AA?$AA@
0x1C00070A0: "__cdecl _imp_KeBugCheckEx" __imp_KeBugCheckEx
0x1C0007058: "__cdecl _imp_PsProcessType" __imp_PsProcessType
0x1C0007000: "__cdecl _imp_KeAcquireSpinLockRaiseToDpc" __imp_KeAcquireSpinLockRaiseToDpc
0x1C0005080: "__cdecl _security_cookie" __security_cookie
0x1C00041E0: SDDL_DEVOBJ_SYS_ALL_ADM_ALL_buffer
0x1C0004400: "Exclusive" ??_C@_1BE@DJHAJDEM@?$AAE?$AAx?$AAc?$AAl?$AAu?$AAs?$AAi?$AAv?$AAe?$AA?$AA@
0x1C00094B0: CmRegUtilUcValueGetFullBuffer
0x1C0001FB0: "public: virtual long __cdecl ProcessLaunchMonitorDevice::DispatchCreate(struct _FILE_OBJECT * __ptr64) __ptr64" ?DispatchCreate@ProcessLaunchMonitorDevice@@UEAAJPEAU_FILE_OBJECT@@@Z
0x1C0004388: "NoUseClass" ??_C@_1BG@OPOOGLJC@?$AAN?$AAo?$AAU?$AAs?$AAe?$AAC?$AAl?$AAa?$AAs?$AAs?$AA?$AA@
0x1C000A044: "__cdecl _security_init_cookie" __security_init_cookie
0x1C0007010: "__cdecl _imp_KeSetEvent" __imp_KeSetEvent
0x1C0007048: "__cdecl _imp_ZwDuplicateObject" __imp_ZwDuplicateObject
0x1C00093C8: SeUtilSecurityInfoFromSecurityDescriptor
0x1C00070F0: IoDeviceObjectType
0x1C00042C0: "GW" ??_C@_15KLKFDJD@?$AAG?$AAW?$AA?$AA@
0x1C0007110: "__cdecl _imp_RtlLengthSid" __imp_RtlLengthSid
0x1C0002BB0: "__cdecl _report_gsfailure" __report_gsfailure
0x1C0007188: "__cdecl _imp_ZwCreateKey" __imp_ZwCreateKey
0x1C0001718: "public: long __cdecl ProcessLaunchMonitorClient::ResumeProcess(unsigned long,bool * __ptr64) __ptr64" ?ResumeProcess@ProcessLaunchMonitorClient@@QEAAJKPEA_N@Z
0x1C0002A00: "public: static long __cdecl LegacyDevice::StaticDispatchRoutine(struct _DEVICE_OBJECT * __ptr64,struct _IRP * __ptr64)" ?StaticDispatchRoutine@LegacyDevice@@SAJPEAU_DEVICE_OBJECT@@PEAU_IRP@@@Z
0x1C00071A0: ntoskrnl_NULL_THUNK_DATA
0x1C0007020: "__cdecl _imp_ExFreePoolWithTag" __imp_ExFreePoolWithTag
0x1C0007100: "__cdecl _imp_RtlSetDaclSecurityDescriptor" __imp_RtlSetDaclSecurityDescriptor
0x1C00011AC: DriverEntry
0x1C0002A90: "protected: virtual void __cdecl LegacyDevice::DispatchRoutine(class IncomingIrpWrapper * __ptr64) __ptr64" ?DispatchRoutine@LegacyDevice@@MEAAXPEAVIncomingIrpWrapper@@@Z
0x1C0007198: "__cdecl _imp_ZwOpenKey" __imp_ZwOpenKey
0x1C0003000: memset
0x1C00071CC: "__cdecl _NULL_IMPORT_DESCRIPTOR" __NULL_IMPORT_DESCRIPTOR

[JEB Decompiler by PNF Software]