wevtfwd.dll

Description: WS-Management Event Forwarding Plug-in

Version: 10.0.19041.5794

Architecture: 32-bit

Operating System: Windows NT

SHA256: e660838ff5b6aefee78404b8cebaac35

File Size: 96.0 KB

Uploaded At: Dec. 1, 2025, 8:06 a.m.

Views: 13

Exported Functions

WSManPluginShutdown (Ordinal: 1, Address: 0x46d0)
WSManPluginStartup (Ordinal: 2, Address: 0x4560)
WSManProvPullEvents (Ordinal: 3, Address: 0x4950)
WSManProvSubscribe (Ordinal: 4, Address: 0x4720)
WSManProvUnsubscribe (Ordinal: 5, Address: 0x48a0)

Imported DLLs & Functions

ADVAPI32.dll

EventRegister (Address: 0x10016030)
EventUnregister (Address: 0x10016034)
EventWrite (Address: 0x1001602c)
GetTraceEnableFlags (Address: 0x10016018)
GetTraceEnableLevel (Address: 0x1001603c)
GetTraceLoggerHandle (Address: 0x10016040)
OpenThreadToken (Address: 0x1001600c)
RegCloseKey (Address: 0x10016004)
RegEnumKeyExW (Address: 0x10016024)
RegEnumValueW (Address: 0x10016038)
RegisterTraceGuidsW (Address: 0x10016014)
RegNotifyChangeKeyValue (Address: 0x1001601c)
RegOpenKeyExW (Address: 0x10016000)
RegQueryInfoKeyW (Address: 0x10016020)
RegQueryValueExW (Address: 0x10016028)
SetThreadToken (Address: 0x10016008)
TraceMessage (Address: 0x10016044)
UnregisterTraceGuids (Address: 0x10016010)

KERNEL32.dll

AcquireSRWLockExclusive (Address: 0x100160cc)
AcquireSRWLockShared (Address: 0x10016124)
CloseHandle (Address: 0x10016068)
CloseThreadpoolTimer (Address: 0x100160c4)
CreateEventW (Address: 0x10016088)
CreateMutexExW (Address: 0x10016128)
CreateSemaphoreExW (Address: 0x10016130)
CreateThread (Address: 0x10016054)
CreateThreadpoolTimer (Address: 0x100160e0)
DebugBreak (Address: 0x10016118)
DeleteCriticalSection (Address: 0x10016070)
DisableThreadLibraryCalls (Address: 0x100160e4)
EnterCriticalSection (Address: 0x10016074)
FormatMessageW (Address: 0x100160f4)
GetComputerNameExW (Address: 0x10016050)
GetComputerNameW (Address: 0x1001604c)
GetCurrentProcess (Address: 0x100160bc)
GetCurrentProcessId (Address: 0x100160a8)
GetCurrentThread (Address: 0x10016064)
GetCurrentThreadId (Address: 0x100160ac)
GetLastError (Address: 0x1001607c)
GetModuleFileNameA (Address: 0x1001612c)
GetModuleHandleExW (Address: 0x10016108)
GetModuleHandleW (Address: 0x10016120)
GetProcAddress (Address: 0x100160b8)
GetProcessHeap (Address: 0x1001605c)
GetSystemTime (Address: 0x1001611c)
GetSystemTimeAsFileTime (Address: 0x100160b0)
GetThreadLocale (Address: 0x10016104)
GetThreadPriority (Address: 0x1001608c)
GetTickCount (Address: 0x10016080)
HeapAlloc (Address: 0x10016058)
HeapFree (Address: 0x10016060)
InitializeCriticalSectionEx (Address: 0x1001606c)
IsDebuggerPresent (Address: 0x10016114)
LeaveCriticalSection (Address: 0x10016078)
LocaleNameToLCID (Address: 0x100160c8)
OpenSemaphoreW (Address: 0x100160d4)
OutputDebugStringW (Address: 0x100160ec)
QueryPerformanceCounter (Address: 0x100160a4)
RegisterWaitForSingleObject (Address: 0x10016098)
ReleaseMutex (Address: 0x100160f8)
ReleaseSemaphore (Address: 0x1001610c)
ReleaseSRWLockExclusive (Address: 0x100160f0)
ReleaseSRWLockShared (Address: 0x100160dc)
SetEvent (Address: 0x1001609c)
SetLastError (Address: 0x10016110)
SetThreadpoolTimer (Address: 0x100160d8)
SetThreadPriority (Address: 0x10016090)
SetUnhandledExceptionFilter (Address: 0x100160e8)
Sleep (Address: 0x10016084)
TerminateProcess (Address: 0x100160c0)
UnhandledExceptionFilter (Address: 0x100160b4)
UnregisterWaitEx (Address: 0x100160a0)
WaitForMultipleObjects (Address: 0x10016094)
WaitForSingleObject (Address: 0x100160fc)
WaitForSingleObjectEx (Address: 0x100160d0)
WaitForThreadpoolTimerCallbacks (Address: 0x10016100)

msvcrt.dll

__CxxFrameHandler3 (Address: 0x10016194)
__dllonexit (Address: 0x100161ac)
_amsg_exit (Address: 0x100161bc)
_CxxThrowException (Address: 0x100161cc)
_except_handler4_common (Address: 0x1001619c)
_initterm (Address: 0x100161b8)
_lock (Address: 0x100161b4)
_onexit (Address: 0x100161a8)
_purecall (Address: 0x10016200)
_unlock (Address: 0x100161b0)
_vsnprintf_s (Address: 0x10016188)
_vsnwprintf (Address: 0x10016190)
_wcsicmp (Address: 0x100161f4)
_wcsnicmp (Address: 0x100161ec)
_wcstoui64 (Address: 0x10016180)
_XcptFilter (Address: 0x100161c0)
??0exception@@QAE@ABQBD@Z (Address: 0x100161e0)
??0exception@@QAE@ABQBDH@Z (Address: 0x100161dc)
??0exception@@QAE@ABV0@@Z (Address: 0x100161d8)
??0exception@@QAE@XZ (Address: 0x100161e4)
??1exception@@UAE@XZ (Address: 0x100161d4)
??1type_info@@UAE@XZ (Address: 0x100161a0)
?terminate@@YAXXZ (Address: 0x100161a4)
?what@exception@@UBEPBDXZ (Address: 0x100161d0)
free (Address: 0x100161fc)
iswspace (Address: 0x100161f0)
malloc (Address: 0x100161f8)
memcmp (Address: 0x10016198)
memcpy (Address: 0x100161c8)
memcpy_s (Address: 0x1001618c)
memmove (Address: 0x100161c4)
memmove_s (Address: 0x10016184)
memset (Address: 0x10016208)
swprintf_s (Address: 0x10016204)
wcsncpy_s (Address: 0x100161e8)

RPCRT4.dll

RpcStringFreeW (Address: 0x10016140)
UuidCreate (Address: 0x10016138)
UuidToStringW (Address: 0x1001613c)

USERENV.dll

RegisterGPNotification (Address: 0x1001614c)
UnregisterGPNotification (Address: 0x10016148)

wevtapi.dll

EvtClose (Address: 0x10016230)
EvtCreateBookmark (Address: 0x1001621c)
EvtCreateRenderContext (Address: 0x10016234)
EvtFormatMessage (Address: 0x1001622c)
EvtGetQueryInfo (Address: 0x10016228)
EvtNext (Address: 0x10016218)
EvtOpenPublisherMetadata (Address: 0x10016214)
EvtQuery (Address: 0x10016210)
EvtRender (Address: 0x10016224)
EvtSeek (Address: 0x1001623c)
EvtSubscribe (Address: 0x10016238)
EvtUpdateBookmark (Address: 0x10016220)

WsmSvc.DLL

WSManAddSubscriptionManagerInternal (Address: 0x10016154)
WSManCloseObjectHandle (Address: 0x10016168)
WSManClosePublisherHandle (Address: 0x10016158)
WSManConstructError (Address: 0x10016164)
WSManDecodeObject (Address: 0x10016174)
WSManDeliverEndSubscriptionNotification (Address: 0x10016170)
WSManDeliverEvent (Address: 0x10016178)
WSManEncodeObject (Address: 0x1001616c)
WSManEnumeratorAddEvent (Address: 0x1001615c)
WSManRemoveSubscriptionManagerInternal (Address: 0x10016160)