You can dump exports from user-mode system DLLs using dumpbin.exe
utility from Windows SDK/Visual Studio and look for forwarded functions:
dumpbin -exports kernel32.dll | find/I "forwarded" > fwd.txt
This will create fwd.txt
file containing a list of forwarded functions, something like this:
151 96 EnterCriticalSection (forwarded to NTDLL.RtlEnterCriticalSection)
361 168 GetLastError (forwarded to NTDLL.RtlGetLastWin32Error)
518 205 HeapAlloc (forwarded to NTDLL.RtlAllocateHeap)
524 20B HeapFree (forwarded to NTDLL.RtlFreeHeap)
528 20F HeapReAlloc (forwarded to NTDLL.RtlReAllocateHeap)
530 211 HeapSize (forwarded to NTDLL.RtlSizeHeap)
etc.