diff --git a/dll/ntdll/def/ntdll.spec b/dll/ntdll/def/ntdll.spec
index 38eaea47eb4..7609eb4d914 100644
--- a/dll/ntdll/def/ntdll.spec
+++ b/dll/ntdll/def/ntdll.spec
@@ -113,7 +113,7 @@
 @ stdcall LdrQueryImageFileExecutionOptionsEx(ptr ptr long ptr long ptr long)
 @ stdcall LdrQueryImageFileKeyOption(ptr ptr long ptr long ptr)
 @ stdcall LdrQueryProcessModuleInformation(ptr long ptr)
-# stdcall LdrSetAppCompatDllRedirectionCallback
+@ stdcall LdrSetAppCompatDllRedirectionCallback(long ptr ptr)
 @ stdcall LdrSetDllManifestProber(ptr)
 @ stdcall LdrShutdownProcess()
 @ stdcall LdrShutdownThread()
@@ -475,7 +475,7 @@
 @ stdcall RtlAreBitsClear(ptr long long)
 @ stdcall RtlAreBitsSet(ptr long long)
 @ stdcall RtlAssert(ptr ptr long ptr)
-# stdcall RtlCancelTimer
+@ stdcall RtlCancelTimer(ptr ptr)
 @ stdcall -register RtlCaptureContext(ptr)
 @ stdcall RtlCaptureStackBackTrace(long long ptr ptr)
 # stdcall RtlCaptureStackContext
@@ -525,6 +525,7 @@
 @ stdcall RtlCreateQueryDebugBuffer(long long)
 @ stdcall RtlCreateRegistryKey(long wstr)
 @ stdcall RtlCreateSecurityDescriptor(ptr long)
+@ stdcall RtlCreateServiceSid(ptr ptr ptr)
 @ stdcall RtlCreateSystemVolumeInformationFolder(ptr)
 @ stdcall RtlCreateTagHeap(ptr long str str)
 @ stdcall RtlCreateTimer(ptr ptr ptr ptr long long long)
@@ -812,13 +813,13 @@
 @ stdcall RtlQueryInterfaceMemoryStream(ptr ptr ptr)
 # stdcall RtlQueryProcessBackTraceInformation
 @ stdcall RtlQueryProcessDebugInformation(long long ptr)
-# stdcall RtlQueryProcessHeapInformation
+@ stdcall RtlQueryProcessHeapInformation(ptr)
 # stdcall RtlQueryProcessLockInformation
 @ stdcall RtlQueryRegistryValues(long ptr ptr ptr ptr)
 @ stdcall RtlQuerySecurityObject(ptr long ptr long ptr)
 @ stdcall RtlQueryTagHeap(ptr long long long ptr)
 @ stdcall RtlQueryTimeZoneInformation(ptr)
-# stdcall RtlQueueApcWow64Thread
+@ stdcall -arch=i386,x86_64 RtlQueueApcWow64Thread(ptr ptr ptr ptr ptr)
 @ stdcall RtlQueueWorkItem(ptr ptr long)
 @ stdcall -register RtlRaiseException(ptr)
 @ stdcall RtlRaiseStatus(long)
@@ -878,7 +879,7 @@
 @ cdecl RtlSetThreadIsCritical(long ptr long)
 @ stdcall RtlSetThreadPoolStartFunc(ptr ptr)
 @ stdcall RtlSetTimeZoneInformation(ptr)
-@ stdcall RtlSetTimer(ptr ptr ptr ptr long long long) RtlCreateTimer
+@ stdcall RtlSetTimer(ptr ptr ptr ptr long long long)
 @ stdcall RtlSetUnhandledExceptionFilter(ptr)
 # stdcall RtlSetUnicodeCallouts
 @ stdcall RtlSetUserFlagsHeap(ptr long ptr long long)
@@ -907,7 +908,7 @@
 @ stdcall RtlTraceDatabaseUnlock(ptr)
 @ stdcall RtlTraceDatabaseValidate(ptr)
 @ stdcall RtlTryEnterCriticalSection(ptr)
-# stdcall RtlUnhandledExceptionFilter2
+@ stdcall RtlUnhandledExceptionFilter2(ptr long)
 @ stdcall RtlUnhandledExceptionFilter(ptr)
 @ stdcall RtlUnicodeStringToAnsiSize(ptr) RtlxUnicodeStringToAnsiSize
 @ stdcall RtlUnicodeStringToAnsiString(ptr ptr long)
@@ -957,7 +958,7 @@
 @ stdcall RtlZombifyActivationContext(ptr)
 @ stdcall RtlpApplyLengthFunction(long long ptr ptr)
 @ stdcall RtlpEnsureBufferSize(long ptr long)
-# stdcall RtlpNotOwnerCriticalSection
+@ stdcall RtlpNotOwnerCriticalSection(ptr)
 @ stdcall RtlpNtCreateKey(ptr long ptr long ptr ptr)
 @ stdcall RtlpNtEnumerateSubKey(ptr ptr long long)
 @ stdcall RtlpNtMakeTemporaryKey(ptr)
diff --git a/dll/ntdll/include/ntdllp.h b/dll/ntdll/include/ntdllp.h
index 0f122a642d2..2fe0d778279 100644
--- a/dll/ntdll/include/ntdllp.h
+++ b/dll/ntdll/include/ntdllp.h
@@ -29,6 +29,16 @@ typedef struct _LDRP_TLS_DATA
     IMAGE_TLS_DIRECTORY TlsDirectory;
 } LDRP_TLS_DATA, *PLDRP_TLS_DATA;
 
+typedef
+NTSTATUS
+(NTAPI* PLDR_APP_COMPAT_DLL_REDIRECTION_CALLBACK_FUNCTION)(
+    _In_ ULONG Flags,
+    _In_ PCWSTR DllName,
+    _In_ PCWSTR DllPath OPTIONAL,
+    _Inout_opt_ PULONG DllCharacteristics,
+    _In_ PVOID CallbackData,
+    _Outptr_ PWSTR* EffectiveDllPath);
+
 /* Global data */
 extern RTL_CRITICAL_SECTION LdrpLoaderLock;
 extern BOOLEAN LdrpInLdrInit;
diff --git a/dll/ntdll/ldr/ldrapi.c b/dll/ntdll/ldr/ldrapi.c
index b151163dd40..e7fdfec0725 100644
--- a/dll/ntdll/ldr/ldrapi.c
+++ b/dll/ntdll/ldr/ldrapi.c
@@ -1658,4 +1658,19 @@ LdrFlushAlternateResourceModules(VOID)
     return FALSE;
 }
 
+/*
+ * @unimplemented
+ * See https://www.kernelmode.info/forum/viewtopic.php?t=991
+ */
+NTSTATUS
+NTAPI
+LdrSetAppCompatDllRedirectionCallback(
+    _In_ ULONG Flags,
+    _In_ PLDR_APP_COMPAT_DLL_REDIRECTION_CALLBACK_FUNCTION CallbackFunction,
+    _In_opt_ PVOID CallbackData)
+{
+    UNIMPLEMENTED;
+    return STATUS_NOT_IMPLEMENTED;
+}
+
 /* EOF */
diff --git a/sdk/lib/rtl/amd64/stubs.c b/sdk/lib/rtl/amd64/stubs.c
index cd9412db2a0..8a3bc4749d6 100644
--- a/sdk/lib/rtl/amd64/stubs.c
+++ b/sdk/lib/rtl/amd64/stubs.c
@@ -113,4 +113,16 @@ RtlRestoreContext(
     UNIMPLEMENTED;
 }
 
+NTSTATUS
+NTAPI
+RtlQueueApcWow64Thread(
+    _In_ HANDLE ThreadHandle,
+    _In_ PKNORMAL_ROUTINE ApcRoutine,
+    _In_opt_ PVOID NormalContext,
+    _In_opt_ PVOID SystemArgument1,
+    _In_opt_ PVOID SystemArgument2)
+{
+    UNIMPLEMENTED;
+    return STATUS_NOT_IMPLEMENTED;
+}
 
diff --git a/sdk/lib/rtl/critical.c b/sdk/lib/rtl/critical.c
index 1f247f53ebf..c9b9c68ff6d 100644
--- a/sdk/lib/rtl/critical.c
+++ b/sdk/lib/rtl/critical.c
@@ -801,4 +801,11 @@ RtlIsCriticalSectionLockedByThread(PRTL_CRITICAL_SECTION CriticalSection)
            CriticalSection->RecursionCount != 0;
 }
 
+VOID
+NTAPI
+RtlpNotOwnerCriticalSection(PRTL_CRITICAL_SECTION CriticalSection)
+{
+    RtlRaiseStatus(STATUS_RESOURCE_NOT_OWNED);
+}
+
 /* EOF */
diff --git a/sdk/lib/rtl/exception.c b/sdk/lib/rtl/exception.c
index d75f255fe87..0abbcc53055 100644
--- a/sdk/lib/rtl/exception.c
+++ b/sdk/lib/rtl/exception.c
@@ -311,6 +311,21 @@ RtlUnhandledExceptionFilter(IN struct _EXCEPTION_POINTERS* ExceptionInfo)
     return ERROR_CALL_NOT_IMPLEMENTED;
 }
 
+/*
+ * @unimplemented
+ */
+LONG
+NTAPI
+RtlUnhandledExceptionFilter2(
+    _In_ PEXCEPTION_POINTERS ExceptionInfo,
+    _In_ ULONG Flags)
+{
+    /* This is used by the security cookie checks, and also called externally */
+    UNIMPLEMENTED;
+    PrintStackTrace(ExceptionInfo);
+    return ERROR_CALL_NOT_IMPLEMENTED;
+}
+
 /*
  * @implemented
  */
diff --git a/sdk/lib/rtl/heap.c b/sdk/lib/rtl/heap.c
index 4c51053e651..ccdb7d1ef29 100644
--- a/sdk/lib/rtl/heap.c
+++ b/sdk/lib/rtl/heap.c
@@ -3995,4 +3995,20 @@ RtlMultipleFreeHeap(IN PVOID HeapHandle,
     return 0;
 }
 
+/*
+ * Info:
+ * - https://securityxploded.com/enumheaps.php
+ * - https://evilcodecave.wordpress.com/2009/04/14/rtlqueryprocessheapinformation-as-anti-dbg-trick/
+ */
+struct _DEBUG_BUFFER;
+
+NTSTATUS
+NTAPI
+RtlQueryProcessHeapInformation(
+    IN struct _DEBUG_BUFFER *DebugBuffer)
+{
+    UNIMPLEMENTED;
+    return STATUS_NOT_IMPLEMENTED;
+}
+
 /* EOF */
diff --git a/sdk/lib/rtl/i386/thread.c b/sdk/lib/rtl/i386/thread.c
index aa74d8b9f4b..48ebbf50623 100644
--- a/sdk/lib/rtl/i386/thread.c
+++ b/sdk/lib/rtl/i386/thread.c
@@ -77,4 +77,20 @@ RtlInitializeContext(IN HANDLE ProcessHandle,
     ThreadContext->Esp -= sizeof(PVOID);
 }
 
+NTSTATUS
+NTAPI
+RtlQueueApcWow64Thread(
+    _In_ HANDLE ThreadHandle,
+    _In_ PKNORMAL_ROUTINE ApcRoutine,
+    _In_opt_ PVOID NormalContext,
+    _In_opt_ PVOID SystemArgument1,
+    _In_opt_ PVOID SystemArgument2)
+{
+    return NtQueueApcThread(ThreadHandle,
+                            ApcRoutine,
+                            NormalContext,
+                            SystemArgument1,
+                            SystemArgument2);
+}
+
 /* EOF */
diff --git a/sdk/lib/rtl/sid.c b/sdk/lib/rtl/sid.c
index 093b96f9db4..7f2ee676e96 100644
--- a/sdk/lib/rtl/sid.c
+++ b/sdk/lib/rtl/sid.c
@@ -404,4 +404,18 @@ RtlConvertSidToUnicodeString(IN PUNICODE_STRING String,
     return STATUS_SUCCESS;
 }
 
+/*
+ * @unimplemented
+ */
+NTSTATUS
+NTAPI
+RtlCreateServiceSid(
+    _In_ PUNICODE_STRING ServiceName,
+    _Out_writes_bytes_opt_(*ServiceSidLength) PSID ServiceSid,
+    _Inout_ PULONG ServiceSidLength)
+{
+    UNIMPLEMENTED;
+    return STATUS_NOT_IMPLEMENTED;
+}
+
 /* EOF */
diff --git a/sdk/lib/rtl/timerqueue.c b/sdk/lib/rtl/timerqueue.c
index 25976278e1f..596588bdafd 100644
--- a/sdk/lib/rtl/timerqueue.c
+++ b/sdk/lib/rtl/timerqueue.c
@@ -463,6 +463,26 @@ NTSTATUS WINAPI RtlCreateTimer(HANDLE TimerQueue, PHANDLE NewTimer,
     return status;
 }
 
+NTSTATUS
+WINAPI
+RtlSetTimer(
+    HANDLE TimerQueue,
+    PHANDLE NewTimer,
+    WAITORTIMERCALLBACKFUNC Callback,
+    PVOID Parameter,
+    DWORD DueTime,
+    DWORD Period,
+    ULONG Flags)
+{
+    return RtlCreateTimer(TimerQueue,
+                          NewTimer,
+                          Callback,
+                          Parameter,
+                          DueTime,
+                          Period,
+                          Flags);
+}
+
 /***********************************************************************
  *              RtlUpdateTimer   (NTDLL.@)
  *
@@ -557,6 +577,16 @@ NTSTATUS WINAPI RtlDeleteTimer(HANDLE TimerQueue, HANDLE Timer,
     return status;
 }
 
+/*
+ * @implemented
+ */
+NTSTATUS
+NTAPI
+RtlCancelTimer(HANDLE TimerQueue, HANDLE Timer)
+{
+    return RtlDeleteTimer(TimerQueue, Timer, NULL);
+}
+
 /*
  * @implemented
  */