VfDifThunks

It seems that in w10 build 19569 new verifier table has appeared - VfDifThunks along with new exported function DifRegisterPlugin (which is used only in VerifierExt.sys for now). List of intercepted functions:

[0] CcCopyWrite
[1] CcCopyWriteEx
[2] CcDeferWrite
[3] CcFastCopyWrite
[4] CcWaitForCurrentLazyWriterActivity
[5] CmRegisterCallback
[6] CmUnRegisterCallback
[7] CmRegisterCallbackEx
[8] DbgBreakPointWithStatus
[9] ExAcquireRundownProtection
[A] ExAcquireRundownProtectionCacheAware
[B] ExAcquireRundownProtectionCacheAwareEx
[C] ExAcquireRundownProtectionEx
[D] ExConvertExclusiveToSharedLite
[E] ExCreateCallback
[F] ExEnterCriticalRegionAndAcquireSharedWaitForExclusive
[10] ExGetExclusiveWaiterCount
[11] ExGetSharedWaiterCount
[12] ExInterlockedAddLargeInteger
[13] ExInterlockedInsertHeadList
[14] ExInterlockedInsertTailList
[15] ExInterlockedPopEntryList
[16] ExInterlockedPushEntryList
[17] ExInterlockedRemoveHeadList
[18] ExIsProcessorFeaturePresent
[19] ExIsResourceAcquiredExclusiveLite
[1A] ExIsResourceAcquiredSharedLite
[1B] ExpInterlockedFlushSList
[1C] ExpInterlockedPopEntrySList
[1D] ExpInterlockedPushEntrySList
[1E] ExRaiseAccessViolation
[1F] ExRaiseDatatypeMisalignment
[20] ExRaiseStatus
[21] ExRegisterCallback
[22] ExReinitializeResourceLite
[23] ExReleaseRundownProtection
[24] ExReleaseRundownProtectionCacheAware
[25] ExReleaseRundownProtectionEx
[26] ExSetResourceOwnerPointer
[27] ExSetResourceOwnerPointerEx
[28] ExSetTimerResolution
[29] ExUnregisterCallback
[2A] ExUuidCreate
[2B] ExWaitForRundownProtectionRelease
[2C] ExWaitForRundownProtectionReleaseCacheAware
[2D] FsRtlAllocateFileLock
[2E] FsRtlAreNamesEqual
[2F] FsRtlBalanceReads
[30] FsRtlCancellableWaitForMultipleObjects
[31] FsRtlCancellableWaitForSingleObject
[32] FsRtlCheckLockForReadAccess
[33] FsRtlCheckLockForWriteAccess
[34] FsRtlCopyWrite
[35] FsRtlDeregisterUncProvider
[36] FsRtlDissectName
[37] FsRtlDoesNameContainWildCards
[38] FsRtlFastCheckLockForRead
[39] FsRtlFastCheckLockForWrite
[3A] FsRtlFastUnlockAll
[3B] FsRtlFastUnlockAllByKey
[3C] FsRtlFastUnlockSingle
[3D] FsRtlFreeFileLock
[3E] FsRtlGetFileSize
[3F] FsRtlGetNextFileLock
[40] FsRtlIncrementCcFastReadNoWait
[41] FsRtlIncrementCcFastReadWait
[42] FsRtlInitializeFileLock
[43] FsRtlIsNameInExpression
[44] FsRtlMdlReadCompleteDev
[45] FsRtlMdlWriteCompleteDev
[46] FsRtlNotifyFilterChangeDirectory
[47] FsRtlNotifyFilterReportChange
[48] FsRtlNotifyFullChangeDirectory
[49] FsRtlNotifyFullReportChange
[4A] FsRtlPrivateLock
[4B] FsRtlProcessFileLock
[4C] FsRtlRegisterUncProvider
[4D] FsRtlRegisterUncProviderEx
[4E] FsRtlRemoveDotsFromPath
[4F] FsRtlUninitializeFileLock
[50] FsRtlValidateReparsePointBuffer
[51] HalExamineMBR
[52] IoAcquireCancelSpinLock
[53] IoAcquireVpbSpinLock
[54] IoAllocateController
[55] IoAttachDevice
[56] IoAttachDeviceToDeviceStack
[57] IoAttachDeviceToDeviceStackSafe
[58] IoCancelIrp
[59] IoCheckShareAccess
[5A] IoCreateController
[5B] IoCreateFile
[5C] IoCreateFileEx
[5D] IoCreateFileSpecifyDeviceObjectHint
[5E] IoCreateNotificationEvent
[5F] IoCreateSymbolicLink
[60] IoCreateSynchronizationEvent
[61] IoCreateUnprotectedSymbolicLink
[62] IoDeleteController
[63] IoDeleteDevice
[64] IoDeleteSymbolicLink
[65] IoDetachDevice
[66] IoFreeController
[67] IoGetAttachedDeviceReference
[68] IoGetConfigurationInformation
[69] IoGetDeviceDirectory
[6A] IoGetDriverDirectory
[6B] IoGetDeviceInterfaceAlias
[6C] IoGetDeviceInterfaces
[6D] IoGetDeviceNumaNode
[6E] IoGetDeviceObjectPointer
[6F] IoGetDeviceProperty
[70] IoGetDevicePropertyData
[71] IoGetDeviceToVerify
[72] IoSetDeviceToVerify
[73] IoGetFileObjectGenericMapping
[74] IoGetInitialStack
[75] IoInitializeIrp
[76] IoInvalidateDeviceRelations
[77] IoIsWdmVersionAvailable
[78] IoOpenDeviceInterfaceRegistryKey
[79] IoOpenDeviceRegistryKey
[7A] IoOpenDriverRegistryKey
[7B] IoRaiseHardError
[7C] IoRaiseInformationalHardError
[7D] IoReadPartitionTable
[7E] IoReadPartitionTableEx
[7F] IoRegisterBootDriverReinitialization
[80] IoRegisterDeviceInterface
[81] IoRegisterDriverReinitialization
[82] IoRegisterLastChanceShutdownNotification
[83] IoRegisterPlugPlayNotification
[84] IoRegisterShutdownNotification
[85] IoReleaseCancelSpinLock
[86] IoReleaseVpbSpinLock
[87] IoRemoveShareAccess
[88] IoReplacePartitionUnit
[89] IoReportDetectedDevice
[8A] IoReportTargetDeviceChange
[8B] IoReportTargetDeviceChangeAsynchronous
[8C] IoReuseIrp
[8D] IoSetDeviceInterfaceState
[8E] IoSetDevicePropertyData
[8F] IoSetPartitionInformation
[90] IoSetPartitionInformationEx
[91] IoSetShareAccess
[92] IoSetStartIoAttributes
[93] IoStartNextPacket
[94] IoUnregisterPlugPlayNotification
[95] IoUnregisterPlugPlayNotificationEx
[96] IoUnregisterShutdownNotification
[97] IoUpdateShareAccess
[98] IoWMIAllocateInstanceIds
[99] IoWritePartitionTable
[9A] IoWritePartitionTableEx
[9B] KeAcquireGuardedMutex
[9C] KeAcquireGuardedMutexUnsafe
[9D] KeAcquireInterruptSpinLock
[9E] KeAcquireQueuedSpinLock
[9F] KeAcquireSpinLockForDpc
[A0] KeAreAllApcsDisabled
[A1] KeAreApcsDisabled
[A2] KeCancelTimer
[A3] KeClearEvent
[A4] KeDeregisterNmiCallback
[A5] KeEnterGuardedRegion
[A6] KeFlushQueuedDpcs
[A7] KeInitializeDeviceQueue
[A8] KeInitializeGuardedMutex
[A9] KeInsertByKeyDeviceQueue
[AA] KeInsertDeviceQueue
[AB] KeInsertHeadQueue
[AC] KeInsertQueue
[AD] KeLeaveGuardedRegion
[AE] KePulseEvent
[AF] KeQueryPriorityThread
[B0] KeQueryRuntimeThread
[B1] KeReadStateEvent
[B2] KeReadStateMutex
[B3] KeReadStateSemaphore
[B4] KeReadStateTimer
[B5] KeRegisterNmiCallback
[B6] KeReleaseGuardedMutex
[B7] KeReleaseGuardedMutexUnsafe
[B8] KeReleaseInterruptSpinLock
[B9] KeReleaseQueuedSpinLock
[BA] KeReleaseSemaphore
[BB] KeReleaseSpinLockForDpc
[BC] KeRemoveByKeyDeviceQueue
[BD] KeRemoveDeviceQueue
[BE] KeRemoveEntryDeviceQueue
[BF] KeRemoveQueue
[C0] KeResetEvent
[C1] KeSetSystemGroupAffinityThread
[C2] KeSetTimer
[C3] KeSetTimerEx
[C4] KeTestSpinLock
[C5] KeTryToAcquireGuardedMutex
[C6] MmAddPhysicalMemory
[C7] MmCreateMirror
[C8] MmDoesFileHaveUserWritableReferences
[C9] MmGetPhysicalMemoryRanges
[CA] MmLockPagableDataSection
[CB] MmLockPagableSectionByHandle
[CC] MmMapLockedPagesWithReservedMapping
[CD] MmPageEntireDriver
[CE] MmPrefetchPages
[CF] MmRemovePhysicalMemory
[D0] MmResetDriverPaging
[D1] MmSecureVirtualMemory
[D2] MmUnlockPagableImageSection
[D3] MmUnsecureVirtualMemory
[D4] NtLockFile
[D5] NtSetInformationFile
[D6] NtUnlockFile
[D7] ObfDereferenceObject
[D8] ObfDereferenceObjectWithTag
[D9] ObfReferenceObjectWithTag
[DA] ObGetObjectSecurity
[DB] ObReferenceObjectByHandleWithTag
[DC] ObReferenceObjectByPointerWithTag
[DD] ObReleaseObjectSecurity
[DE] PoCallDriver
[DF] PoFxActivateComponent
[E0] PoFxCompleteDevicePowerNotRequired
[E1] PoFxCompleteIdleCondition
[E2] PoFxCompleteIdleState
[E3] PoFxIdleComponent
[E4] PoFxNotifySurprisePowerOn
[E5] PoFxPowerControl
[E6] PoFxRegisterDevice
[E7] PoFxReportDevicePoweredOn
[E8] PoFxSetComponentLatency
[E9] PoFxSetComponentResidency
[EA] PoFxSetComponentWake
[EB] PoFxSetDeviceIdleTimeout
[EC] PoFxStartDevicePowerManagement
[ED] PoFxUnregisterDevice
[EE] PoRequestPowerIrp
[EF] ProbeForRead
[F0] ProbeForWrite
[F1] PsAssignImpersonationToken
[F2] PsCreateSystemThread
[F3] PsDereferenceImpersonationToken
[F4] PsDereferencePrimaryToken
[F5] PsDisableImpersonation
[F6] PsGetVersion
[F7] PsImpersonateClient
[F8] PsReferenceImpersonationToken
[F9] PsReferencePrimaryToken
[FA] PsRemoveLoadImageNotifyRoutine
[FB] PsRestoreImpersonation
[FC] PsRevertToSelf
[FD] PsSetCreateProcessNotifyRoutine
[FE] PsSetCreateProcessNotifyRoutineEx
[FF] PsSetCreateThreadNotifyRoutine
[100] PsSetLoadImageNotifyRoutine
[101] PsTerminateSystemThread
[102] RtlCompareUnicodeString
[103] RtlDeleteRegistryValue
[104] RtlWriteRegistryValue
[105] RtlCheckRegistryKey
[106] RtlQueryRegistryValues
[107] RtlQueryRegistryValuesEx
[108] RtlQueryRegistryValueWithFallback
[109] RtlCreateRegistryKey
[10A] RtlCreateSystemVolumeInformationFolder
[10B] RtlDowncaseUnicodeChar
[10C] RtlEqualUnicodeString
[10D] RtlFreeUnicodeString
[10E] RtlGenerateClass5Guid
[10F] RtlGUIDFromString
[110] RtlHashUnicodeString
[111] RtlStringFromGUID
[112] RtlUnicodeToUTF8N
[113] RtlUpcaseUnicodeChar
[114] RtlUTF8ToUnicodeN
[115] RtlxAnsiStringToUnicodeSize
[116] RtlxUnicodeStringToAnsiSize
[117] SeAccessCheck
[118] SeAssignSecurity
[119] SeAssignSecurityEx
[11A] SeDeassignSecurity
[11B] SeLockSubjectContext
[11C] SeReleaseSubjectContext
[11D] SeSinglePrivilegeCheck
[11E] SeUnlockSubjectContext
[11F] SeValidSecurityDescriptor
[120] ZwAllocateLocallyUniqueId
[121] ZwClose
[122] ZwCommitComplete
[123] ZwCommitTransaction
[124] ZwCreateKeyTransacted
[125] ZwCreateResourceManager
[126] ZwDeleteKey
[127] ZwEnumerateTransactionObject
[128] ZwFlushBuffersFile
[129] ZwFlushBuffersFileEx
[12A] ZwFlushKey
[12B] ZwGetNotificationResourceManager
[12C] ZwLockFile
[12D] ZwMakeTemporaryObject
[12E] ZwOpenKeyEx
[12F] ZwOpenKeyTransacted
[130] ZwOpenKeyTransactedEx
[131] ZwOpenResourceManager
[132] ZwPrePrepareComplete
[133] ZwQueryInformationResourceManager
[134] ZwQueryQuotaInformationFile
[135] ZwReadOnlyEnlistment
[136] ZwRecoverEnlistment
[137] ZwRecoverTransactionManager
[138] ZwRenameKey
[139] ZwSetInformationKey
[13A] ZwRollbackComplete
[13B] ZwRollbackTransaction
[13C] ZwSetInformationResourceManager
[13D] ZwSetInformationToken
[13E] ZwSetQuotaInformationFile
[13F] ZwSetTimerEx
[140] ZwTerminateProcess
[141] ZwUnlockFile
[142] ZwUnmapViewOfSection