PDB Symbols - npsvctrig.sys (0x9B89EE13A9D6B1CC36B0ECF874DCFB0D40222414ADF7A8589C4EDD978210A6ED)

Generated by JEB on 2019/08/01

PE: C:\Windows\System32\drivers\npsvctrig.sys Base=0x1C0000000 SHA-256=9B89EE13A9D6B1CC36B0ECF874DCFB0D40222414ADF7A8589C4EDD978210A6ED
PDB: NpSvcTrig.pdb GUID={5C354DFE-5E2F-67BC-799DC80B4E12F2BB} Age=1

186 located named symbols:
0x1C0005090: "__cdecl _imp_FltSetCallbackDataDirty" __imp_FltSetCallbackDataDirty
0x1C0001CF0: WppClassicProviderCallback
0x1C00050E0: "__cdecl _imp_KeSetTimer" __imp_KeSetTimer
0x1C0003128: "__cdecl _security_cookie_complement" __security_cookie_complement
0x1C0007920: WppTraceCallback
0x1C000809C: RtdspGetTriggerEndpoints
0x1C0006918: NptrigDeleteLock
0x1C0005108: "__cdecl _imp_RtlInitUnicodeString" __imp_RtlInitUnicodeString
0x1C0001160: "__cdecl guard_dispatch_icall_nop" _guard_dispatch_icall_nop
0x1C0005138: "__cdecl _imp_ZwEnumerateKey" __imp_ZwEnumerateKey
0x1C0002380: "1f81d131-3fac-4537-9e0c-7e7b0c2f" ??_C@_1EK@LBCEHJEN@?$AA1?$AAf?$AA8?$AA1?$AAd?$AA1?$AA3?$AA1?$AA?9?$AA3?$AAf?$AAa?$AAc?$AA?9?$AA4?$AA5?$AA3?$AA7?$AA?9?$AA9?$AAe?$AA0?$AAc?$AA?9?$AA7?$AAe?$AA7?$AAb?$AA0?$AAc?$AA2?$AAf@
0x1C00021D0: "WmiTraceMessage" ??_C@_1CA@OFIBBPKJ@?$AAW?$AAm?$AAi?$AAT?$AAr?$AAa?$AAc?$AAe?$AAM?$AAe?$AAs?$AAs?$AAa?$AAg?$AAe?$AA?$AA@
0x1C0005080: "__cdecl _imp_FltAllocateContext" __imp_FltAllocateContext
0x1C0005178: "__cdecl _guard_dispatch_icall_fptr" __guard_dispatch_icall_fptr
0x1C00062F0: NptrigInstanceSetup
0x1C0005130: "__cdecl _imp_MmGetSystemRoutineAddress" __imp_MmGetSystemRoutineAddress
0x1C0005018: "__cdecl _imp_FltQueueDeferredIoWorkItem" __imp_FltQueueDeferredIoWorkItem
0x1C0005150: "__cdecl _imp_KeInitializeMutex" __imp_KeInitializeMutex
0x1C00022A0: NAMED_PIPE_EVENT_GUID
0x1C0001010: NptrigPostFsControlCallback
0x1C0005160: "__cdecl _imp_KeWaitForSingleObject" __imp_KeWaitForSingleObject
0x1C0005038: "__cdecl _imp_FltSetInstanceContext" __imp_FltSetInstanceContext
0x1C0001D28: RtdspInitializeLock
0x1C00022F0: ServiceTriggerPerfServiceTriggered
0x1C0001180: memcpy
0x1C0005118: "__cdecl _imp_KeInitializeDpc" __imp_KeInitializeDpc
0x1C0007280: NptrigUnlock
0x1C0003260: pfnWppGetVersion
0x1C0003140: RtdsTriggerUpdateLock
0x1C00030B0: RtdsProviderWnfState
0x1C0001180: memmove
0x1C0001DEC: RtlUnicodeStringCatString
0x1C0003060: NPTRIG_ETW_PROVIDER_GUID_Context
0x1C00010EC: "__cdecl _GSHandlerCheckCommon" __GSHandlerCheckCommon
0x1C0005088: "__cdecl _imp_FltRegisterFilter" __imp_FltRegisterFilter
0x1C0003200: WPP_MAIN_CB
0x1C0007F54: RtdspFreeEndpointList
0x1C0001AC0: NptrigWaitNamedPipeTimeoutCallback
0x1C0006680: NptrigAlterIoStatus
0x1C0002EF0: NptrigOperationRegistration
0x1C0005030: "__cdecl _imp_FltAcquirePushLockExclusiveEx" __imp_FltAcquirePushLockExclusiveEx
0x1C0006C4C: NptrigHandleTriggerableIo
0x1C0006150: NptrigPostCreateNamedPipeCallback
0x1C0002300: ServiceTriggerPerfServiceTimedOut
0x1C0007530: NptrigWaitNamedPipeQueueRemove
0x1C00050D8: "__cdecl _imp_ExAllocatePoolWithTag" __imp_ExAllocatePoolWithTag
0x1C0003270: pfnWppQueryTraceInformation
0x1C0005060: "__cdecl _imp_FltCbdqInitialize" __imp_FltCbdqInitialize
0x1C00050F8: "__cdecl _imp_EtwWriteTransfer" __imp_EtwWriteTransfer
0x1C00072F0: NptrigWaitNamedPipeQueueCompleteCanceled
0x1C00050A8: FLTMGR_NULL_THUNK_DATA
0x1C00010C8: "__cdecl _GSHandlerCheck" __GSHandlerCheck
0x1C00021B0: "PsGetVersion" ??_C@_1BK@DHLDGJM@?$AAP?$AAs?$AAG?$AAe?$AAt?$AAV?$AAe?$AAr?$AAs?$AAi?$AAo?$AAn?$AA?$AA@
0x1C000193C: McTemplateK0zz
0x1C00067FC: NptrigCreateTrigger
0x1C0006DD4: NptrigLock
0x1C0002280: "NULL" ??_C@_19CIJIHAKK@?$AAN?$AAU?$AAL?$AAL?$AA?$AA@
0x1C0003250: pfnEtwRegisterClassicProvider
0x1C00023D0: WNF_RTDS_NAMED_PIPE_TRIGGER_CHANGED
0x1C0005098: "__cdecl _imp_FltGetInstanceContext" __imp_FltGetInstanceContext
0x1C0005058: "__cdecl _imp_FltReleaseContext" __imp_FltReleaseContext
0x1C0007380: NptrigWaitNamedPipeQueueInsert
0x1C00066E4: NptrigCleanupOrphanedWaitNamedPipeRequests
0x1C0003278: pfnEtwUnregister
0x1C0005020: "__cdecl _imp_FltCbdqRemoveNextIo" __imp_FltCbdqRemoveNextIo
0x1C0005110: "__cdecl _imp_RtlEqualUnicodeString" __imp_RtlEqualUnicodeString
0x1C0005048: "__cdecl _imp_FltInitializePushLock" __imp_FltInitializePushLock
0x1C0005158: "__cdecl _imp_KeReleaseMutex" __imp_KeReleaseMutex
0x1C0009010: GsDriverEntry
0x1C00022B8: SERVICE_TRIGGER_PERF_EVENT_GUID
0x1C0005170: "__cdecl _guard_check_icall_fptr" __guard_check_icall_fptr
0x1C0002310: WPP_ThisDir_CTLGUID_NptrigTracing
0x1C0005008: "__cdecl _imp_FltAllocateDeferredIoWorkItem" __imp_FltAllocateDeferredIoWorkItem
0x1C0001D74: RtdspUnlock
0x1C0001A70: NptrigTakeRequestRef
0x1C0006010: NptrigPostCreateCallback
0x1C00022F0: ClientWaiting
0x1C00074E0: NptrigWaitNamedPipeQueueRelease
0x1C00022B0: Microsoft_Windows_ServiceTriggerPerfEventProviderKeywords
0x1C00018DC: McGenEventWrite
0x1C0003000: WPP_GLOBAL_Control
0x1C00050C8: "__cdecl _imp_ZwQueryValueKey" __imp_ZwQueryValueKey
0x1C00022B0: Microsoft_Windows_EndpointTriggerProviderKeywords
0x1C0002DC0: "1f81d131-3fac-4537-9e0c-7e7b0c2f" ??_C@_1EK@LBCEHJEN@?$AA1?$AAf?$AA8?$AA1?$AAd?$AA1?$AA3?$AA1?$AA?9?$AA3?$AAf?$AAa?$AAc?$AA?9?$AA4?$AA5?$AA3?$AA7?$AA?9?$AA9?$AAe?$AA0?$AAc?$AA?9?$AA7?$AAe?$AA7?$AAb?$AA0?$AAc?$AA2?$AAf@LBKOJDO@
0x1C0005040: "__cdecl _imp_FltStartFiltering" __imp_FltStartFiltering
0x1C0001070: "__cdecl _security_check_cookie" __security_check_cookie
0x1C0005194: "__cdecl _IMPORT_DESCRIPTOR_FLTMGR" __IMPORT_DESCRIPTOR_FLTMGR
0x1C0005180: "__cdecl _IMPORT_DESCRIPTOR_ntoskrnl" __IMPORT_DESCRIPTOR_ntoskrnl
0x1C0005010: "__cdecl _imp_FltCbdqInsertIo" __imp_FltCbdqInsertIo
0x1C0006940: NptrigDestroyFilterInstance
0x1C0007F00: RtdspFindEndpoint
0x1C0007D40: RtdsRegisterUpdateCallback
0x1C00076B4: WppCleanupKm
0x1C00050F0: "__cdecl _imp_EtwUnregister" __imp_EtwUnregister
0x1C00031C0: RtdsTriggerDbList
0x1C000A000: "__cdecl _guard_fids_table" __guard_fids_table
0x1C0002000: "__cdecl load_config_used" _load_config_used
0x1C0003010: SERVICE_TRIGGER_PERF_EVENT_GUID_Context
0x1C00018A8: McGenEventUnregister
0x1C0005070: "__cdecl _imp_FltFreeDeferredIoWorkItem" __imp_FltFreeDeferredIoWorkItem
0x1C0007230: NptrigTriggerChangeCallback
0x1C00050B0: "__cdecl _imp_ZwClose" __imp_ZwClose
0x1C0005028: "__cdecl _imp_FltCbdqDisable" __imp_FltCbdqDisable
0x1C0005140: "__cdecl _imp_ExSubscribeWnfStateChange" __imp_ExSubscribeWnfStateChange
0x1C00023D8: WNF_RTDS_RPC_INTERFACE_TRIGGER_CHANGED
0x1C0007090: NptrigReleasePendingRequests
0x1C00021F0: "WmiQueryTraceInformation" ??_C@_1DC@DOCOAJH@?$AAW?$AAm?$AAi?$AAQ?$AAu?$AAe?$AAr?$AAy?$AAT?$AAr?$AAa?$AAc?$AAe?$AAI?$AAn?$AAf?$AAo?$AAr?$AAm?$AAa?$AAt?$AAi?$AAo?$AAn?$AA?$AA@
0x1C0002260: "EtwUnregister" ??_C@_1BM@CJMKDOJH@?$AAE?$AAt?$AAw?$AAU?$AAn?$AAr?$AAe?$AAg?$AAi?$AAs?$AAt?$AAe?$AAr?$AA?$AA@
0x1C0006CB0: NptrigInitializeLock
0x1C00023E0: RTDS_TRIGGER_KEY
0x1C0002D00: "Software\Microsoft\Windows\Curre" ??_C@_1JC@JHIPFBHA@?$AAS?$AAo?$AAf?$AAt?$AAw?$AAa?$AAr?$AAe?$AA?2?$AAM?$AAi?$AAc?$AAr?$AAo?$AAs?$AAo?$AAf?$AAt?$AA?2?$AAW?$AAi?$AAn?$AAd?$AAo?$AAw?$AAs?$AA?2?$AAC?$AAu?$AAr?$AAr?$AAe@LBKOJDO@
0x1C0007B70: RtdsInternalUpdateCallback
0x1C00010B0: "__cdecl guard_check_icall_nop" _guard_check_icall_nop
0x1C0005050: "__cdecl _imp_FltCbdqRemoveIo" __imp_FltCbdqRemoveIo
0x1C0002E10: NptrigContextRegistration
0x1C00072A0: NptrigWaitNamedPipeQueueAcquire
0x1C00031E0: Microsoft_Windows_EndpointTriggerProviderEnableBits
0x1C0002D98: "NamedPipeTimeout" ??_C@_1CC@PDNHGHFE@?$AAN?$AAa?$AAm?$AAe?$AAd?$AAP?$AAi?$AAp?$AAe?$AAT?$AAi?$AAm?$AAe?$AAo?$AAu?$AAt?$AA?$AA@LBKOJDO@
0x1C00077D0: WppLoadTracingSupport
0x1C00050B8: "__cdecl _imp_IoWMIRegistrationControl" __imp_IoWMIRegistrationControl
0x1C0006AD0: NptrigFindTrigger
0x1C0003248: Microsoft_Windows_ServiceTriggerPerfEventProviderEnableBits
0x1C00065A0: DriverUnload
0x1C0003120: "__cdecl _security_cookie" __security_cookie
0x1C0007C88: RtdsReaderInitialize
0x1C00050E8: "__cdecl _imp_KeCancelTimer" __imp_KeCancelTimer
0x1C0006DF4: NptrigQueueWaitNamedPipeRequest
0x1C0001D48: RtdspLock
0x1C00022D0: WPP_ddb677bc035937626870b6cb1c79d7f7_Traceguids
0x1C0005128: "__cdecl _imp_RtlCompareMemory" __imp_RtlCompareMemory
0x1C0002290: NPTRIG_ETW_PROVIDER_GUID
0x1C0001770: McGenControlCallbackV2
0x1C0002228: "EtwRegisterClassicProvider" ??_C@_1DG@PFOPAIND@?$AAE?$AAt?$AAw?$AAR?$AAe?$AAg?$AAi?$AAs?$AAt?$AAe?$AAr?$AAC?$AAl?$AAa?$AAs?$AAs?$AAi?$AAc?$AAP?$AAr?$AAo?$AAv?$AAi?$AAd?$AAe?$AAr?$AA?$AA@
0x1C0002330: "bc90d167-9470-4139-a9ba-be0bbbf5" ??_C@_1EK@KPHNJPMN@?$AAb?$AAc?$AA9?$AA0?$AAd?$AA1?$AA6?$AA7?$AA?9?$AA9?$AA4?$AA7?$AA0?$AA?9?$AA4?$AA1?$AA3?$AA9?$AA?9?$AAa?$AA9?$AAb?$AAa?$AA?9?$AAb?$AAe?$AA0?$AAb?$AAb?$AAb?$AAf?$AA5@
0x1C0007E54: RtdsUnregisterUpdateCallback
0x1C0006B88: NptrigFireTrigger
0x1C0005148: "__cdecl _imp_ExUnsubscribeWnfStateChange" __imp_ExUnsubscribeWnfStateChange
0x1C0005100: "__cdecl _imp_KeInitializeTimer" __imp_KeInitializeTimer
0x1C00050A0: "__cdecl _imp_FltUnregisterFilter" __imp_FltUnregisterFilter
0x1C0001C30: WPP_SF_qL
0x1C0001C30: WPP_SF_qd
0x1C0001C8C: WPP_SF_qq
0x1C0006964: NptrigDestroyTrigger
0x1C0007560: NptrigWaitNamedPipeTimeoutWorkItem
0x1C00022C8: Microsoft_Windows_ServiceTriggerPerfEventProviderLevels
0x1C00022E0: RPC_INTERFACE_EVENT_GUID
0x1C00022C8: Microsoft_Windows_EndpointTriggerProviderLevels
0x1C0009044: "__cdecl _security_init_cookie" __security_init_cookie
0x1C0005068: "__cdecl _imp_FltDeletePushLock" __imp_FltDeletePushLock
0x1C0001BE0: WPP_SF_q
0x1C00050D0: "__cdecl _imp_EtwRegister" __imp_EtwRegister
0x1C0003268: WPPTraceSuite
0x1C000187C: McGenEventRegister
0x1C0007400: NptrigWaitNamedPipeQueuePeekNext
0x1C0003240: NptrigDriverInstance
0x1C0005000: "__cdecl _imp_FltCompletePendedPostOperation" __imp_FltCompletePendedPostOperation
0x1C00010A0: "__cdecl _report_gsfailure" __report_gsfailure
0x1C0006CD0: NptrigInstanceTeardownStartCallback
0x1C0006AA0: NptrigFilterUnloadCallback
0x1C0007CFC: RtdsReaderShutdown
0x1C00019FC: NptrigReleaseRequestRef
0x1C0005168: ntoskrnl_NULL_THUNK_DATA
0x1C00050C0: "__cdecl _imp_ExFreePoolWithTag" __imp_ExFreePoolWithTag
0x1C0007FD0: RtdspGenerateEndpointChangelist
0x1C0005078: "__cdecl _imp_FltReleasePushLockEx" __imp_FltReleasePushLockEx
0x1C0002E80: NptrigRegistration
0x1C0009078: DriverEntry
0x1C0002320: ServiceTriggerPerfServiceArrived
0x1C0003258: pfnWppTraceMessage
0x1C0005120: "__cdecl _imp_ZwOpenKey" __imp_ZwOpenKey
0x1C0007B8C: RtdsInternalUpdateCallbackWorker
0x1C000773C: WppInitKm
0x1C00014C0: memset
0x1C00051A8: "__cdecl _NULL_IMPORT_DESCRIPTOR" __NULL_IMPORT_DESCRIPTOR

[JEB Decompiler by PNF Software]