PDB Symbols - werkernel.sys (0xCB6BC8A6207D33B5993623EEFA04A8A992AB4FCF205DE82EB9FC052229239FF2)

Generated by JEB on 2019/08/01

PE: C:\Windows\System32\drivers\werkernel.sys Base=0x1C0000000 SHA-256=CB6BC8A6207D33B5993623EEFA04A8A992AB4FCF205DE82EB9FC052229239FF2
PDB: WerKernel.pdb GUID={A854323B-B07B-DD46-C3F1B851F2B45891} Age=1

278 located named symbols:
0x1C0003740: "WERKERNELHOST: WerpCreateDumpFil" ??_C@_0EG@LLJENFKF@WERKERNELHOST?3?5WerpCreateDumpFil@
0x1C0003260: "WERKERNELHOST: WerpCheckSpaceAva" ??_C@_0EE@LOHCLBIE@WERKERNELHOST?3?5WerpCheckSpaceAva@
0x1C000B5D0: DllUnload
0x1C0002130: "\WindowsErrorReportingServicePor" ??_C@_1EE@NIHCKLHD@?$AA?2?$AAW?$AAi?$AAn?$AAd?$AAo?$AAw?$AAs?$AAE?$AAr?$AAr?$AAo?$AAr?$AAR?$AAe?$AAp?$AAo?$AAr?$AAt?$AAi?$AAn?$AAg?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AAP?$AAo?$AAr@
0x1C0005008: "__cdecl _security_cookie_complement" __security_cookie_complement
0x1C000A7E0: WerpGetRegistryKey
0x1C0007038: "__cdecl _imp_ObfDereferenceObject" __imp_ObfDereferenceObject
0x1C00098E0: WerpCreateStoreDirectory
0x1C00042C0: "WERKERNELHOST: WerpInitThrottleP" ??_C@_0EM@CIIPGMDI@WERKERNELHOST?3?5WerpInitThrottleP@
0x1C0007118: "__cdecl _imp_RtlInitUnicodeString" __imp_RtlInitUnicodeString
0x1C0007090: "__cdecl _imp_ExEventObjectType" __imp_ExEventObjectType
0x1C0001800: "__cdecl guard_dispatch_icall_nop" _guard_dispatch_icall_nop
0x1C000AAD4: WerpSubmitReport
0x1C0002EA0: "WERKERNELHOST: WerLiveKernelSubm" ??_C@_0EC@GACPEABF@WERKERNELHOST?3?5WerLiveKernelSubm@
0x1C00035E0: "WERKERNELHOST: A dump file has a" ??_C@_0EC@OJEDOJGC@WERKERNELHOST?3?5A?5dump?5file?5has?5a@
0x1C0002180: "WERKERNELHOST: ZwQuerySystemInfo" ??_C@_0FM@BJGBEKJM@WERKERNELHOST?3?5ZwQuerySystemInfo@
0x1C0007168: "__cdecl _imp_ZwEnumerateKey" __imp_ZwEnumerateKey
0x1C00070D0: "__cdecl _imp_ZwUpdateWnfStateData" __imp_ZwUpdateWnfStateData
0x1C0002D30: "WERKERNELHOST: WerLiveKernelOpe" ??_C@_0EB@HHIBJMKL@WERKERNELHOST?3?5?5WerLiveKernelOpe@
0x1C000A5B0: WerpExceedsSystemThreshold
0x1C00071A8: "__cdecl _imp_RtlCreateSecurityDescriptor" __imp_RtlCreateSecurityDescriptor
0x1C00035A0: "WERKERNELHOST: WerpCreateDumpFil" ??_C@_0DG@MFGBABCN@WERKERNELHOST?3?5WerpCreateDumpFil@
0x1C0007000: "__cdecl _imp_SecLookupWellKnownSid" __imp_SecLookupWellKnownSid
0x1C0002CE0: "WERKERNELHOST: WerLiveKernelCrea" ??_C@_0EP@EOKFOINP@WERKERNELHOST?3?5WerLiveKernelCrea@
0x1C0004530: "WERKERNELHOST: Could not open NT" ??_C@_0EN@MKLGJFMI@WERKERNELHOST?3?5Could?5not?5open?5NT@
0x1C0002B90: "WERKERNELHOST: CheckPolicy faile" ??_C@_0DA@NPKCMJAN@WERKERNELHOST?3?5CheckPolicy?5faile@
0x1C00028B0: "\KernelObjects\SystemErrorPortRe" ??_C@_1EI@MEPMEHFB@?$AA?2?$AAK?$AAe?$AAr?$AAn?$AAe?$AAl?$AAO?$AAb?$AAj?$AAe?$AAc?$AAt?$AAs?$AA?2?$AAS?$AAy?$AAs?$AAt?$AAe?$AAm?$AAE?$AAr?$AAr?$AAo?$AAr?$AAP?$AAo?$AAr?$AAt?$AAR?$AAe@
0x1C0002580: "WERKERNELHOST: WerSubmitUserCras" ??_C@_0FC@CNIHMBPO@WERKERNELHOST?3?5WerSubmitUserCras@
0x1C000A630: WerpFreeMem
0x1C00071F0: "__cdecl _guard_dispatch_icall_fptr" __guard_dispatch_icall_fptr
0x1C0009C24: WerpCreateReportDirectory
0x1C000A124: WerpCreateReportMini
0x1C00030E8: "Busy" ??_C@_19PJALEPJJ@?$AAB?$AAu?$AAs?$AAy?$AA?$AA@
0x1C0003B90: "WERKERNELHOST: System memory thr" ??_C@_0GL@NIIJNODJ@WERKERNELHOST?3?5System?5memory?5thr@
0x1C0007058: "__cdecl _imp_ZwQueryInformationThread" __imp_ZwQueryInformationThread
0x1C000B0FC: WerStartSystemErrorHandler
0x1C0003E80: "WERKERNELHOST: ZwQuerySysInfo(Er" ??_C@_0ED@GLIFJPOP@WERKERNELHOST?3?5ZwQuerySysInfo?$CIEr@
0x1C0007078: "__cdecl _imp_ZwCreateEvent" __imp_ZwCreateEvent
0x1C000A654: WerpFullDumpIsThrottled
0x1C0003318: "WERKERNELHOST: WerpCheckSpaceAva" ??_C@_0DL@KKLOFNIC@WERKERNELHOST?3?5WerpCheckSpaceAva@
0x1C0008DE4: WerpCancelReport
0x1C0004310: "WERKERNELHOST: WerpInitThrottleP" ??_C@_0DP@FMJKPCJI@WERKERNELHOST?3?5WerpInitThrottleP@
0x1C0002DF0: "WERKERNELHOST: WerLiveKernelOpen" ??_C@_0FP@EEGCGGJL@WERKERNELHOST?3?5WerLiveKernelOpen@
0x1C00070B8: "__cdecl _imp_ZwWaitForSingleObject" __imp_ZwWaitForSingleObject
0x1C0003A10: "WERKERNELHOST: RtlStringCbPrintf" ??_C@_0EI@FOODEFLO@WERKERNELHOST?3?5RtlStringCbPrintf@
0x1C00036C0: "WERKERNELHOST: WerpSetDumpFileNa" ??_C@_0ED@KEMOBJFH@WERKERNELHOST?3?5WerpSetDumpFileNa@
0x1C00034A0: "WERKERNELHOST: WerpCheckPolicy: " ??_C@_0EP@EHOOBINK@WERKERNELHOST?3?5WerpCheckPolicy?3?5@
0x1C0001840: memcpy
0x1C0003390: "WERKERNELHOST: Full live kernel " ??_C@_0DF@BEAFDDBL@WERKERNELHOST?3?5Full?5live?5kernel?5@
0x1C00071B0: "__cdecl _imp_MmGetPhysicalMemoryRanges" __imp_MmGetPhysicalMemoryRanges
0x1C000D010: WerLiveKernelInitSystemExt
0x1C0004650: "__cdecl _xmm@000000c92a69c0000000000861c46800" __xmm@000000c92a69c0000000000861c46800
0x1C00070E0: "__cdecl _imp_RtlSubAuthoritySid" __imp_RtlSubAuthoritySid
0x1C00071B8: "__cdecl _imp_ZwSetValueKey" __imp_ZwSetValueKey
0x1C0007150: "__cdecl _imp_ZwFlushKey" __imp_ZwFlushKey
0x1C00030A8: "WERKERNELHOST: Invalid handle pa" ??_C@_0DK@IMPCPBFO@WERKERNELHOST?3?5Invalid?5handle?5pa@
0x1C0003530: "WERKERNELHOST: WerpCloseHandle: " ??_C@_0CN@GPJBEOFM@WERKERNELHOST?3?5WerpCloseHandle?3?5@
0x1C0004260: "WERKERNELHOST: Registry PerCompo" ??_C@_0FH@GEHGIKPM@WERKERNELHOST?3?5Registry?5PerCompo@
0x1C000172D: "__cdecl _C_specific_handler" __C_specific_handler
0x1C0001840: memmove
0x1C0003708: "WERKERNELHOST: Could not create " ??_C@_0DH@BJLKOEAC@WERKERNELHOST?3?5Could?5not?5create?5@
0x1C00015DC: RtlUnicodeStringCatString
0x1C0007140: "__cdecl _imp_RtlLengthRequiredSid" __imp_RtlLengthRequiredSid
0x1C00041B0: "\Registry\Machine\System\Current" ??_C@_1KM@IEMJAIOM@?$AA?2?$AAR?$AAe?$AAg?$AAi?$AAs?$AAt?$AAr?$AAy?$AA?2?$AAM?$AAa?$AAc?$AAh?$AAi?$AAn?$AAe?$AA?2?$AAS?$AAy?$AAs?$AAt?$AAe?$AAm?$AA?2?$AAC?$AAu?$AAr?$AAr?$AAe?$AAn?$AAt@
0x1C0007130: "__cdecl _imp_RtlCopyUnicodeString" __imp_RtlCopyUnicodeString
0x1C0002B68: "WERKERNELHOST: Key key length ex" ??_C@_0CI@KHIJACKC@WERKERNELHOST?3?5Key?5key?5length?5ex@
0x1C0007198: "__cdecl _imp_RtlCreateAcl" __imp_RtlCreateAcl
0x1C0001764: "__cdecl _GSHandlerCheckCommon" __GSHandlerCheckCommon
0x1C0002E50: "WERKERNELHOST: WerLiveKernelSubm" ??_C@_0EO@NCCJBAKM@WERKERNELHOST?3?5WerLiveKernelSubm@
0x1C0003C00: "WERKERNELHOST: System memory thr" ??_C@_0GH@KOOFBDEL@WERKERNELHOST?3?5System?5memory?5thr@
0x1C00085F0: WerLiveKernelCloseHandleExt
0x1C0003358: "WERKERNELHOST: Full live kernel " ??_C@_0DI@JKIFIMHL@WERKERNELHOST?3?5Full?5live?5kernel?5@
0x1C0003D80: "WERKERNELHOST: Failed to get the" ??_C@_0FK@DFFJECG@WERKERNELHOST?3?5Failed?5to?5get?5the@
0x1C0003D28: "VerifierExt" ??_C@_1BI@MOGPPHJD@?$AAV?$AAe?$AAr?$AAi?$AAf?$AAi?$AAe?$AAr?$AAE?$AAx?$AAt?$AA?$AA@
0x1C0008FDC: WerpCheckSpaceAvailableFull
0x1C0003A80: "WERKERNELHOST: WerpDeleteDumpFil" ??_C@_0DM@NCBAJBDN@WERKERNELHOST?3?5WerpDeleteDumpFil@
0x1C0007080: "__cdecl _imp_ExAllocatePoolWithTag" __imp_ExAllocatePoolWithTag
0x1C00029B8: "WERKERNELHOST: WerLiveKernelCanc" ??_C@_0DP@JKKALBDE@WERKERNELHOST?3?5WerLiveKernelCanc@
0x1C0003C70: "WERKERNELHOST: System threshold " ??_C@_0FJ@CCGEKBKL@WERKERNELHOST?3?5System?5threshold?5@
0x1C0003998: "WERKERNELHOST: Report id %S alre" ??_C@_0CM@EIIKBEGL@WERKERNELHOST?3?5Report?5id?5?$CFS?5alre@
0x1C00031C8: "WERKERNELHOST: Live kernel queue" ??_C@_0DA@LMCMNNML@WERKERNELHOST?3?5Live?5kernel?5queue@
0x1C0003FA8: "WERKERNELHOST: StringCchCopy fai" ??_C@_0DH@BMFKEGOB@WERKERNELHOST?3?5StringCchCopy?5fai@
0x1C0003EC8: "WERKERNELHOST: WerWaitForSystemE" ??_C@_0DO@FGJKMIII@WERKERNELHOST?3?5WerWaitForSystemE@
0x1C0004178: "ComponentThrottleThreshold" ??_C@_1DG@DNGDINIE@?$AAC?$AAo?$AAm?$AAp?$AAo?$AAn?$AAe?$AAn?$AAt?$AAT?$AAh?$AAr?$AAo?$AAt?$AAt?$AAl?$AAe?$AAT?$AAh?$AAr?$AAe?$AAs?$AAh?$AAo?$AAl?$AAd?$AA?$AA@
0x1C0007100: "__cdecl _imp__wcsicmp" __imp__wcsicmp
0x1C00071D8: "__cdecl _imp___C_specific_handler" __imp___C_specific_handler
0x1C0004060: "WERKERNELHOST: Service returned " ??_C@_0EC@HAJKBMOG@WERKERNELHOST?3?5Service?5returned?5@
0x1C0005240: WerKernelThrottlePolicy
0x1C0003200: "WERKERNELHOST: WerpCheckSpaceAva" ??_C@_0FB@OPCOIJLH@WERKERNELHOST?3?5WerpCheckSpaceAva@
0x1C0004350: "LiveKernelReportsPath" ??_C@_1CM@FPDOCENJ@?$AAL?$AAi?$AAv?$AAe?$AAK?$AAe?$AAr?$AAn?$AAe?$AAl?$AAR?$AAe?$AAp?$AAo?$AAr?$AAt?$AAs?$AAP?$AAa?$AAt?$AAh?$AA?$AA@
0x1C0002650: "WERKERNELHOST: WerSubmitUserCras" ??_C@_0FE@CLCAJMPL@WERKERNELHOST?3?5WerSubmitUserCras@
0x1C0001740: "__cdecl _GSHandlerCheck" __GSHandlerCheck
0x1C00070A8: "__cdecl _imp_RtlSetOwnerSecurityDescriptor" __imp_RtlSetOwnerSecurityDescriptor
0x1C00039C8: "%ws-%04u%02u%02u-%02u%02u.dmp" ??_C@_1DM@HMFHLGEM@?$AA?$CF?$AAw?$AAs?$AA?9?$AA?$CF?$AA0?$AA4?$AAu?$AA?$CF?$AA0?$AA2?$AAu?$AA?$CF?$AA0?$AA2?$AAu?$AA?9?$AA?$CF?$AA0?$AA2?$AAu?$AA?$CF?$AA0?$AA2?$AAu?$AA?4?$AAd?$AAm?$AAp?$AA?$AA@
0x1C0008EB0: WerpCheckSpaceAvailable
0x1C0008530: WerLiveKernelCancelReportExt
0x1C0004580: "WERKERNELHOST: Could not set val" ??_C@_0DF@PMFGDNIO@WERKERNELHOST?3?5Could?5not?5set?5val@
0x1C0002978: "WERKERNELHOST: WerpInitThrottleP" ??_C@_0DP@LAGCJNAF@WERKERNELHOST?3?5WerpInitThrottleP@
0x1C0008990: WerLiveKernelOpenDumpFileExt
0x1C000A940: WerpGetRegistryTimeoutValue
0x1C0003F08: "WERKERNELHOST: WerWaitForSystemE" ??_C@_0DH@BHNAPEFP@WERKERNELHOST?3?5WerWaitForSystemE@
0x1C0008010: WerSubmitUserCrashReportExt
0x1C0004510: "%wZ\%ws\%ws" ??_C@_1BI@CMLNPLC@?$AA?$CF?$AAw?$AAZ?$AA?2?$AA?$CF?$AAw?$AAs?$AA?2?$AA?$CF?$AAw?$AAs?$AA?$AA@
0x1C00021E0: "WERKERNELHOST: WerpSendWersvcMes" ??_C@_0FN@KKBHIPAF@WERKERNELHOST?3?5WerpSendWersvcMes@
0x1C000B22C: WerWaitForSystemErrorHandler
0x1C00029F8: "WERKERNELHOST: WerLiveKernelCanc" ??_C@_0DP@GLKNOIOD@WERKERNELHOST?3?5WerLiveKernelCanc@
0x1C0002120: "\" ??_C@_13FPGAJAPJ@?$AA?2?$AA?$AA@
0x1C0003678: "WERKERNELHOST: Failed to create " ??_C@_0DP@IHDPOKOF@WERKERNELHOST?3?5Failed?5to?5create?5@
0x1C0002A78: "WERKERNELHOST: WerLiveKernelClos" ??_C@_0DO@JJCMIHIP@WERKERNELHOST?3?5WerLiveKernelClos@
0x1C0004660: "__cdecl _xmm@0000058028e44000000003edd410c000" __xmm@0000058028e44000000003edd410c000
0x1C0005220: WerKernelLiveReportInitialized
0x1C0001554: RtlStringCbPrintfW
0x1C00024B0: "WERKERNELHOST: I can only handle" ??_C@_0FA@NMHBEFEE@WERKERNELHOST?3?5I?5can?5only?5handle@
0x1C00070D8: "__cdecl _imp_RtlEqualUnicodeString" __imp_RtlEqualUnicodeString
0x1C0002C10: "WERKERNELHOST: RtlStringCchCopy" ??_C@_0EN@HIKMPFNA@WERKERNELHOST?3?5?5RtlStringCchCopy@
0x1C0007060: "__cdecl _imp_ZwMapViewOfSection" __imp_ZwMapViewOfSection
0x1C000D8E0: GsDriverEntry
0x1C00071E8: "__cdecl _guard_check_icall_fptr" __guard_check_icall_fptr
0x1C0008A80: WerLiveKernelSubmitReportExt
0x1C0003198: "WERKERNELHOST: ZwQueryKey failed" ??_C@_0CM@IJGOOIAL@WERKERNELHOST?3?5ZwQueryKey?5failed@
0x1C0007148: "__cdecl _imp_ZwQueryDirectoryFile" __imp_ZwQueryDirectoryFile
0x1C0007090: ExEventObjectType
0x1C0007068: "__cdecl _imp_ObReferenceObjectByHandle" __imp_ObReferenceObjectByHandle
0x1C0002F60: "WERKERNELHOST: Could not open ro" ??_C@_0EA@DPIFJFFC@WERKERNELHOST?3?5Could?5not?5open?5ro@
0x1C00022A0: "WERKERNELHOST: WerpSendWersvcMes" ??_C@_0FM@CJGKDDBN@WERKERNELHOST?3?5WerpSendWersvcMes@
0x1C0003F78: "WERKERNELHOST: ZwAlpcConnectPort" ??_C@_0CM@NNLOEJO@WERKERNELHOST?3?5ZwAlpcConnectPort@
0x1C0003788: "WERKERNELHOST: ZwCreateKey faile" ??_C@_0DD@DFLPPIOP@WERKERNELHOST?3?5ZwCreateKey?5faile@
0x1C0003178: "WERKERNELHOST: Out of memory. " ??_C@_0BP@HFIGJPOG@WERKERNELHOST?3?5Out?5of?5memory?4?6?$AA@
0x1C00044B0: "%wZ\%ws" ??_C@_1BA@FKNPIBNG@?$AA?$CF?$AAw?$AAZ?$AA?2?$AA?$CF?$AAw?$AAs?$AA?$AA@
0x1C0007048: PsProcessType
0x1C0002500: "WERKERNELHOST: WerSubmitUserCras" ??_C@_0HE@JGGEEKEE@WERKERNELHOST?3?5WerSubmitUserCras@
0x1C0007190: "__cdecl _imp_ZwQueryValueKey" __imp_ZwQueryValueKey
0x1C00037C0: "WERKERNELHOST: Key id length exc" ??_C@_0CH@GOFODDPD@WERKERNELHOST?3?5Key?5id?5length?5exc@
0x1C00096E4: WerpCreateRegistryKey
0x1C0002300: "WERKERNELHOST: WerpSendWersvcMes" ??_C@_0FF@JEACJCE@WERKERNELHOST?3?5WerpSendWersvcMes@
0x1C000A8B8: WerpGetRegistryLong64Value
0x1C000D614: WerpInitRootPath
0x1C0002F38: "WERKERNELHOST: RtlInitializeSid " ??_C@_0CI@CMPBENJP@WERKERNELHOST?3?5RtlInitializeSid?5@
0x1C0003F40: "WERKERNELHOST: ZwAlpcConnectPort" ??_C@_0DD@HHFCNIMG@WERKERNELHOST?3?5ZwAlpcConnectPort@
0x1C0007020: "__cdecl _imp_ZwAlpcSendWaitReceivePort" __imp_ZwAlpcSendWaitReceivePort
0x1C0002FE0: "WERKERNELHOST: Failed to calcala" ??_C@_0DL@CKJCFJE@WERKERNELHOST?3?5Failed?5to?5calcala@
0x1C0002C60: "WERKERNELHOST: Could not create " ??_C@_0DH@KDNBAFBM@WERKERNELHOST?3?5Could?5not?5create?5@
0x1C00016F0: "__cdecl _security_check_cookie" __security_check_cookie
0x1C0003130: "WERKERNELHOST: ZwQueryKey failed" ??_C@_0EH@LNALGJBA@WERKERNELHOST?3?5ZwQueryKey?5failed@
0x1C0004468: "\SystemRoot\System32" ??_C@_1CK@MNDDGGOL@?$AA?2?$AAS?$AAy?$AAs?$AAt?$AAe?$AAm?$AAR?$AAo?$AAo?$AAt?$AA?2?$AAS?$AAy?$AAs?$AAt?$AAe?$AAm?$AA3?$AA2?$AA?$AA@
0x1C000A4AC: WerpExceedsPerComponentThreshold
0x1C00070C0: "__cdecl _imp_ZwQueryKey" __imp_ZwQueryKey
0x1C0002A38: "WERKERNELHOST: WerLiveKernelCanc" ??_C@_0DK@OMDLCHII@WERKERNELHOST?3?5WerLiveKernelCanc@
0x1C00071D0: "__cdecl _imp_ZwQueryVolumeInformationFile" __imp_ZwQueryVolumeInformationFile
0x1C00071F8: "__cdecl _IMPORT_DESCRIPTOR_ntoskrnl" __IMPORT_DESCRIPTOR_ntoskrnl
0x1C0003060: "WERKERNELHOST: Free disk space i" ??_C@_0ED@KOJBPCNI@WERKERNELHOST?3?5Free?5disk?5space?5i@
0x1C0005010: g_wszLiveKernelReportsQueueRoot
0x1C0004380: "LiveKernelReportsQueueRoot" ??_C@_1DG@PJIMIJGD@?$AAL?$AAi?$AAv?$AAe?$AAK?$AAe?$AAr?$AAn?$AAe?$AAl?$AAR?$AAe?$AAp?$AAo?$AAr?$AAt?$AAs?$AAQ?$AAu?$AAe?$AAu?$AAe?$AAR?$AAo?$AAo?$AAt?$AA?$AA@
0x1C0002B20: "WERKERNELHOST: WerLiveKernelCrea" ??_C@_0EG@FIELGMBA@WERKERNELHOST?3?5WerLiveKernelCrea@
0x1C0002EE8: "WERKERNELHOST: Invalid params " ??_C@_0BP@LBPCPCIL@WERKERNELHOST?3?5Invalid?5params?6?$AA@
0x1C00040D0: "FullLiveReportsMax" ??_C@_1CG@PNAEGJGD@?$AAF?$AAu?$AAl?$AAl?$AAL?$AAi?$AAv?$AAe?$AAR?$AAe?$AAp?$AAo?$AAr?$AAt?$AAs?$AAM?$AAa?$AAx?$AA?$AA@
0x1C00070F0: "__cdecl _imp_EtwEventEnabled" __imp_EtwEventEnabled
0x1C0007070: "__cdecl _imp_ZwAlpcConnectPort" __imp_ZwAlpcConnectPort
0x1C00070A0: "__cdecl _imp_ZwOpenEvent" __imp_ZwOpenEvent
0x1C0003560: "WERKERNELHOST: WerpCloseHandle: " ??_C@_0DL@PLFOPMLP@WERKERNELHOST?3?5WerpCloseHandle?3?5@
0x1C0004600: "WERKERNELHOST: WER context signa" ??_C@_0DK@KNHOKMMM@WERKERNELHOST?3?5WER?5context?5signa@
0x1C0008C34: WerpAllocateMem
0x1C0002360: "WERKERNELHOST: WerpSendWersvcMes" ??_C@_0GC@CPJMLIPM@WERKERNELHOST?3?5WerpSendWersvcMes@
0x1C0007158: "__cdecl _imp_EtwUnregister" __imp_EtwUnregister
0x1C00040A8: "LastFullLiveReport" ??_C@_1CG@OPBPJLNE@?$AAL?$AAa?$AAs?$AAt?$AAF?$AAu?$AAl?$AAl?$AAL?$AAi?$AAv?$AAe?$AAR?$AAe?$AAp?$AAo?$AAr?$AAt?$AA?$AA@
0x1C0003FE0: "WERKERNELHOST: StringCchCopy fai" ??_C@_0DG@JBKLEKB@WERKERNELHOST?3?5StringCchCopy?5fai@
0x1C000E000: "__cdecl _guard_fids_table" __guard_fids_table
0x1C0002010: "__cdecl load_config_used" _load_config_used
0x1C0007108: "__cdecl _imp_ZwQueryWnfStateNameInformation" __imp_ZwQueryWnfStateNameInformation
0x1C00028F8: "\SystemRoot\LiveKernelReports" ??_C@_1DM@BFMJCCKE@?$AA?2?$AAS?$AAy?$AAs?$AAt?$AAe?$AAm?$AAR?$AAo?$AAo?$AAt?$AA?2?$AAL?$AAi?$AAv?$AAe?$AAK?$AAe?$AAr?$AAn?$AAe?$AAl?$AAR?$AAe?$AAp?$AAo?$AAr?$AAt?$AAs?$AA?$AA@
0x1C00038B0: "WERKERNELHOST: WerpCheckSpaceAva" ??_C@_0EJ@OHNIKJPJ@WERKERNELHOST?3?5WerpCheckSpaceAva@
0x1C0003AC0: "WERKERNELHOST: Component %ws: Th" ??_C@_0GB@MMIBNBON@WERKERNELHOST?3?5Component?5?$CFws?3?5Th@
0x1C0007098: "__cdecl _imp_ZwClose" __imp_ZwClose
0x1C0007170: "__cdecl _imp_MmIsVerifierEnabled" __imp_MmIsVerifierEnabled
0x1C0007010: "__cdecl _imp_ZwUnmapViewOfSection" __imp_ZwUnmapViewOfSection
0x1C0002AB8: "WERKERNELHOST: Deleting WerConte" ??_C@_0CH@NJHLJAJK@WERKERNELHOST?3?5Deleting?5WerConte@
0x1C0004018: "WERKERNELHOST: ZwAlpcSendWaitRec" ??_C@_0DO@HMNDAPKM@WERKERNELHOST?3?5ZwAlpcSendWaitRec@
0x1C0004148: "SystemThrottleThreshold" ??_C@_1DA@MIOCOIDP@?$AAS?$AAy?$AAs?$AAt?$AAe?$AAm?$AAT?$AAh?$AAr?$AAo?$AAt?$AAt?$AAl?$AAe?$AAT?$AAh?$AAr?$AAe?$AAs?$AAh?$AAo?$AAl?$AAd?$AA?$AA@
0x1C0003950: "WERKERNELHOST: ZwCreateKey faile" ??_C@_0EF@NPFJGDKP@WERKERNELHOST?3?5ZwCreateKey?5faile@
0x1C0008B10: WerpAllocateAndInitializeSid
0x1C0003DE0: "WERKERNELHOST: WerpGetRegistryKe" ??_C@_0EA@DKNGNMH@WERKERNELHOST?3?5WerpGetRegistryKe@
0x1C0004100: "SystemMemoryThrottleThresholdInG" ??_C@_1EE@OLGLGPDA@?$AAS?$AAy?$AAs?$AAt?$AAe?$AAm?$AAM?$AAe?$AAm?$AAo?$AAr?$AAy?$AAT?$AAh?$AAr?$AAo?$AAt?$AAt?$AAl?$AAe?$AAT?$AAh?$AAr?$AAe?$AAs?$AAh?$AAo?$AAl?$AAd?$AAI?$AAn?$AAG@
0x1C000B2F0: WerpSetLastFullReportTime
0x1C0002440: "WERKERNELHOST: WerpSendWersvcMes" ??_C@_0GH@DDIECFFN@WERKERNELHOST?3?5WerpSendWersvcMes@
0x1C000D1B8: WerpInitThrottlePolicy
0x1C0009DC0: WerpCreateReportFull
0x1C0007008: ksecdd_NULL_THUNK_DATA
0x1C0003CD0: "WERKERNELHOST: System threshold " ??_C@_0FF@GGIJJBBI@WERKERNELHOST?3?5System?5threshold?5@
0x1C0008C60: WerpCheckDiskSpace
0x1C000A9A0: WerpGetRegistryUlongValue
0x1C0009818: WerpCreateReport
0x1C00017E0: "__cdecl guard_check_icall_nop" _guard_check_icall_nop
0x1C0005280: WerKernelLiveReportRootPath
0x1C0007178: "__cdecl _imp_IoCreateFile" __imp_IoCreateFile
0x1C000720C: "__cdecl _IMPORT_DESCRIPTOR_ksecdd" __IMPORT_DESCRIPTOR_ksecdd
0x1C0004498: "wersvc.dll" ??_C@_1BG@KBCHAPIL@?$AAw?$AAe?$AAr?$AAs?$AAv?$AAc?$AA?4?$AAd?$AAl?$AAl?$AA?$AA@
0x1C0003A58: "LiveKernelReports" ??_C@_1CE@GPFAPENO@?$AAL?$AAi?$AAv?$AAe?$AAK?$AAe?$AAr?$AAn?$AAe?$AAl?$AAR?$AAe?$AAp?$AAo?$AAr?$AAt?$AAs?$AA?$AA@
0x1C0003B30: "WERKERNELHOST: Component %ws: Th" ??_C@_0FN@LPAJGMI@WERKERNELHOST?3?5Component?5?$CFws?3?5Th@
0x1C00070E8: "__cdecl _imp_ZwQuerySystemInformation" __imp_ZwQuerySystemInformation
0x1C0002C98: "WERKERNELHOST: WerKernelCreateRe" ??_C@_0DK@HBNIHMMG@WERKERNELHOST?3?5WerKernelCreateRe@
0x1C0007048: "__cdecl _imp_PsProcessType" __imp_PsProcessType
0x1C0007110: "__cdecl _imp_RtlTimeToTimeFields" __imp_RtlTimeToTimeFields
0x1C00025E0: "WERKERNELHOST: WerSubmitUserCras" ??_C@_0GG@KFEKICJ@WERKERNELHOST?3?5WerSubmitUserCras@
0x1C0007160: "__cdecl _imp_ZwDeleteKey" __imp_ZwDeleteKey
0x1C0002AE0: "WERKERNELHOST: WerLiveKernelCrea" ??_C@_0EA@JOBFINDK@WERKERNELHOST?3?5WerLiveKernelCrea@
0x1C0005000: "__cdecl _security_cookie" __security_cookie
0x1C0002770: "WERKERNELHOST: WerSubmitUserCras" ??_C@_0GN@CODLEKMN@WERKERNELHOST?3?5WerSubmitUserCras@
0x1C0009434: WerpCreateDumpFile
0x1C0003D40: "WERKERNELHOST: ZwOpenKey failed " ??_C@_0DB@EHFBHEGI@WERKERNELHOST?3?5ZwOpenKey?5failed?5@
0x1C0003400: "WERKERNELHOST: WerpCheckPolicy: " ??_C@_0DJ@MLMAEFHA@WERKERNELHOST?3?5WerpCheckPolicy?3?5@
0x1C00023D0: "WERKERNELHOST: WerpSendWersvcMes" ??_C@_0GL@KHGDNBPA@WERKERNELHOST?3?5WerpSendWersvcMes@
0x1C0002240: "WERKERNELHOST: WerpSendWersvcMes" ??_C@_0FE@JEALDDCB@WERKERNELHOST?3?5WerpSendWersvcMes@
0x1C0007018: "__cdecl _imp_DbgPrintEx" __imp_DbgPrintEx
0x1C00032B0: "WERKERNELHOST: WerpCheckSpaceAva" ??_C@_0GE@OGIGMHGL@WERKERNELHOST?3?5WerpCheckSpaceAva@
0x1C0003440: "WERKERNELHOST: WerpCheckPolicy: " ??_C@_0FH@DLNNIBKH@WERKERNELHOST?3?5WerpCheckPolicy?3?5@
0x1C0007180: "__cdecl _imp_EtwWrite" __imp_EtwWrite
0x1C00070B0: "__cdecl _imp__vsnwprintf" __imp__vsnwprintf
0x1C0003020: "WERKERNELHOST: Failed to calcala" ??_C@_0DO@GIECKFDE@WERKERNELHOST?3?5Failed?5to?5calcala@
0x1C000D914: "__cdecl _security_init_cookie" __security_init_cookie
0x1C0002BC0: "WERKERNELHOST: CheckPolicy throt" ??_C@_0ED@MKOEFLKP@WERKERNELHOST?3?5CheckPolicy?5throt@
0x1C0002938: "WERKERNELHOST: WerpInitRootPath " ??_C@_0DJ@NNHCFHID@WERKERNELHOST?3?5WerpInitRootPath?5@
0x1C0003630: "WERKERNELHOST: WerpSetDumpFileNa" ??_C@_0EB@FPNCMBAF@WERKERNELHOST?3?5WerpSetDumpFileNa@
0x1C0002FA0: "WERKERNELHOST: Failed to retriev" ??_C@_0EA@MMEHLDEE@WERKERNELHOST?3?5Failed?5to?5retriev@
0x1C0007188: "__cdecl _imp_EtwRegister" __imp_EtwRegister
0x1C00030F8: "WERKERNELHOST: ZwDeleteKey faile" ??_C@_0CN@LHHKJGA@WERKERNELHOST?3?5ZwDeleteKey?5faile@
0x1C0007028: "__cdecl _imp_ZwDuplicateObject" __imp_ZwDuplicateObject
0x1C0009288: WerpCheckPolicy
0x1C00027E0: WNF_WER_SERVICE_START
0x1C0003E20: "WERKERNELHOST: WerStartSystemErr" ??_C@_0FE@DGEIDHGL@WERKERNELHOST?3?5WerStartSystemErr@
0x1C00045C0: "WERKERNELHOST: Could not open re" ??_C@_0EA@GHLCPNL@WERKERNELHOST?3?5Could?5not?5open?5re@
0x1C0002F08: "WERKERNELHOST: NtAllocateVirtual" ??_C@_0CP@FAKDHOH@WERKERNELHOST?3?5NtAllocateVirtual@
0x1C00034F0: "WERKERNELHOST: WerpCheckPolicy: " ??_C@_0DO@HOJMKHKB@WERKERNELHOST?3?5WerpCheckPolicy?3?5@
0x1C0003880: "FullLiveKernelReports" ??_C@_1CM@NLPDONBM@?$AAF?$AAu?$AAl?$AAl?$AAL?$AAi?$AAv?$AAe?$AAK?$AAe?$AAr?$AAn?$AAe?$AAl?$AAR?$AAe?$AAp?$AAo?$AAr?$AAt?$AAs?$AA?$AA@
0x1C0003840: "WERKERNELHOST: ZwCreateKey faile" ??_C@_0EA@KNAPHLHH@WERKERNELHOST?3?5ZwCreateKey?5faile@
0x1C0005290: WerHighestAllowedPolicy
0x1C0007128: "__cdecl _imp_RtlAddAccessAllowedAceEx" __imp_RtlAddAccessAllowedAceEx
0x1C0007138: "__cdecl _imp_RtlLengthSid" __imp_RtlLengthSid
0x1C0003900: "WERKERNELHOST: ZwCreateKey faile" ??_C@_0EH@GKGNKMFC@WERKERNELHOST?3?5ZwCreateKey?5faile@
0x1C000AA2C: WerpGetRegistryValueInfo
0x1C0002DB8: "WERKERNELHOST: WepCreateDumpFile" ??_C@_0DG@PJKNGIAA@WERKERNELHOST?3?5WepCreateDumpFile@
0x1C0001720: "__cdecl _report_gsfailure" __report_gsfailure
0x1C000A38C: WerpDeleteDumpFile
0x1C0007030: "__cdecl _imp_KeWaitForMultipleObjects" __imp_KeWaitForMultipleObjects
0x1C0007120: "__cdecl _imp_ZwCreateKey" __imp_ZwCreateKey
0x1C0007050: "__cdecl _imp_ObCloseHandle" __imp_ObCloseHandle
0x1C00086B0: WerLiveKernelCreateReportExt
0x1C00071E0: ntoskrnl_NULL_THUNK_DATA
0x1C0007088: "__cdecl _imp_ExFreePoolWithTag" __imp_ExFreePoolWithTag
0x1C00071A0: "__cdecl _imp_ZwOpenFile" __imp_ZwOpenFile
0x1C00044C0: "WERKERNELHOST: RtlStringCbPrintf" ??_C@_0EJ@GNECJOKL@WERKERNELHOST?3?5RtlStringCbPrintf@
0x1C00033C8: "WERKERNELHOST: WerpCheckPolicy: " ??_C@_0DD@NJJBLGBF@WERKERNELHOST?3?5WerpCheckPolicy?3?5@
0x1C00070C8: "__cdecl _imp_RtlInitializeSid" __imp_RtlInitializeSid
0x1C0002D78: "WERKERNELHOST: WerLiveKernelOpen" ??_C@_0DP@GAFABPKB@WERKERNELHOST?3?5WerLiveKernelOpen@
0x1C00070F8: "__cdecl _imp_RtlSetDaclSecurityDescriptor" __imp_RtlSetDaclSecurityDescriptor
0x1C00093B8: WerpCloseHandle
0x1C000D8C8: DriverEntry
0x1C000A02C: WerpCreateReportId
0x1C00043C0: "\Registry\Machine\System\Current" ??_C@_1KE@LPIPDNHI@?$AA?2?$AAR?$AAe?$AAg?$AAi?$AAs?$AAt?$AAr?$AAy?$AA?2?$AAM?$AAa?$AAc?$AAh?$AAi?$AAn?$AAe?$AA?2?$AAS?$AAy?$AAs?$AAt?$AAe?$AAm?$AA?2?$AAC?$AAu?$AAr?$AAr?$AAe?$AAn?$AAt@
0x1C00037F0: "WERKERNELHOST: Failed to initial" ??_C@_0EO@NEOKALLL@WERKERNELHOST?3?5Failed?5to?5initial@
0x1C00071C0: "__cdecl _imp_ZwOpenKey" __imp_ZwOpenKey
0x1C0007040: "__cdecl _imp_ZwCreateSection" __imp_ZwCreateSection
0x1C00071C8: "__cdecl _imp_ExSystemTimeToLocalTime" __imp_ExSystemTimeToLocalTime
0x1C0002710: "WERKERNELHOST: WerSubmitUserCras" ??_C@_0FH@JOMAIBI@WERKERNELHOST?3?5WerSubmitUserCras@
0x1C0001B80: memset
0x1C0007220: "__cdecl _NULL_IMPORT_DESCRIPTOR" __NULL_IMPORT_DESCRIPTOR
0x1C00014D0: RtlStringCchPrintfW
0x1C00026B0: "WERKERNELHOST: WerSubmitUserCras" ??_C@_0FO@BLIMDPLE@WERKERNELHOST?3?5WerSubmitUserCras@

[JEB Decompiler by PNF Software]