grouptrusteeai.dll

Description: CSI GroupTrustee plug-in

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.6449

Architecture: 64-bit

Operating System: Windows NT

SHA256: e20e25b871162eed94b39eee92c8cd07

File Size: 45.9 KB

Uploaded At: Dec. 1, 2025, 8:17 a.m.

Views: 13

Exported Functions

  • DllCanUnloadNow (Ordinal: 1, Address: 0x42f0)
  • DllCsiGetHandler (Ordinal: 2, Address: 0x4310)

Imported DLLs & Functions

api-ms-win-core-errorhandling-l1-1-0.dll
  • GetLastError (Address: 0x1800072c0)
  • RaiseException (Address: 0x1800072c8)
  • SetUnhandledExceptionFilter (Address: 0x1800072b8)
  • UnhandledExceptionFilter (Address: 0x1800072b0)
api-ms-win-core-heap-l1-1-0.dll
  • GetProcessHeap (Address: 0x1800072e0)
  • HeapAlloc (Address: 0x1800072d8)
  • HeapDestroy (Address: 0x1800072e8)
api-ms-win-core-heap-obsolete-l1-1-0.dll
  • LocalFree (Address: 0x1800072f8)
api-ms-win-core-libraryloader-l1-1-0.dll
  • DisableThreadLibraryCalls (Address: 0x180007320)
  • FreeLibrary (Address: 0x180007310)
  • GetProcAddress (Address: 0x180007318)
  • LoadLibraryExA (Address: 0x180007308)
api-ms-win-core-memory-l1-1-0.dll
  • VirtualProtect (Address: 0x180007338)
  • VirtualQuery (Address: 0x180007330)
api-ms-win-core-processthreads-l1-1-0.dll
  • GetCurrentProcess (Address: 0x180007348)
  • GetCurrentProcessId (Address: 0x180007358)
  • GetCurrentThreadId (Address: 0x180007360)
  • TerminateProcess (Address: 0x180007350)
api-ms-win-core-profile-l1-1-0.dll
  • QueryPerformanceCounter (Address: 0x180007370)
api-ms-win-core-rtlsupport-l1-1-0.dll
  • RtlCaptureContext (Address: 0x180007388)
  • RtlLookupFunctionEntry (Address: 0x180007390)
  • RtlVirtualUnwind (Address: 0x180007380)
api-ms-win-core-synch-l1-1-0.dll
  • AcquireSRWLockExclusive (Address: 0x1800073a8)
  • DeleteCriticalSection (Address: 0x1800073b8)
  • InitializeCriticalSection (Address: 0x1800073b0)
  • ReleaseSRWLockExclusive (Address: 0x1800073a0)
api-ms-win-core-synch-l1-2-0.dll
  • Sleep (Address: 0x1800073c8)
api-ms-win-core-sysinfo-l1-1-0.dll
  • GetSystemInfo (Address: 0x1800073e0)
  • GetSystemTimeAsFileTime (Address: 0x1800073d8)
  • GetTickCount (Address: 0x1800073e8)
api-ms-win-security-base-l1-1-0.dll
  • CreateWellKnownSid (Address: 0x1800073f8)
api-ms-win-security-lsapolicy-l1-1-0.dll
  • LsaAddAccountRights (Address: 0x180007410)
  • LsaClose (Address: 0x180007420)
  • LsaFreeMemory (Address: 0x180007418)
  • LsaOpenPolicy (Address: 0x180007430)
  • LsaQueryInformationPolicy (Address: 0x180007428)
  • LsaRemoveAccountRights (Address: 0x180007408)
api-ms-win-security-sddl-l1-1-0.dll
  • ConvertSidToStringSidW (Address: 0x180007440)
msvcrt.dll
  • __C_specific_handler (Address: 0x180007480)
  • _amsg_exit (Address: 0x180007458)
  • _callnewh (Address: 0x180007498)
  • _initterm (Address: 0x180007450)
  • _itow_s (Address: 0x180007478)
  • _purecall (Address: 0x180007488)
  • _XcptFilter (Address: 0x180007460)
  • free (Address: 0x180007470)
  • malloc (Address: 0x180007468)
  • memcmp (Address: 0x180007490)
  • memcpy (Address: 0x1800074a0)
  • memset (Address: 0x1800074a8)
ntdll.dll
  • RtlCompareUnicodeString (Address: 0x1800074c0)
  • RtlCopySid (Address: 0x1800074d8)
  • RtlCreateServiceSid (Address: 0x1800074c8)
  • RtlEqualUnicodeString (Address: 0x1800074e0)
  • RtlInitUnicodeString (Address: 0x1800074d0)
  • RtlSubAuthorityCountSid (Address: 0x1800074b8)
  • RtlSubAuthoritySid (Address: 0x1800074e8)
WCP.dll
  • ?RtlGetFacilityTracingFlags@Rtl@WCP@Windows@@YAKPEAU_RTL_TRACING_FACILITY@123@@Z (Address: 0x180007288)
  • ?RtlTraceFormat_PCLUNICODE_STRING_AsLiteralString@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z (Address: 0x180007210)
  • ?RtlTraceFormat_PCULONG_AsDecimalOnly@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z (Address: 0x180007250)
  • ?RtlTraceFormat_PCUNICODE_STRING@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z (Address: 0x180007260)
  • ?RtlTraceVa@Rtl@WCP@Windows@@YAXKKPEAU_RTL_TRACING_FACILITY@123@QEBD_KPEAD@Z (Address: 0x180007268)
  • AddTrusteeCapabilities (Address: 0x180007248)
  • ConvertHResultToNtStatus (Address: 0x180007228)
  • ConvertNtStatusToHResult (Address: 0x180007218)
  • DeleteTrusteeCapabilities (Address: 0x180007278)
  • DeleteTrusteeData (Address: 0x180007258)
  • GetGroupTrusteeDataCountFromManifest (Address: 0x180007280)
  • GetGroupTrusteeDataFromManifest (Address: 0x180007270)
  • MapToPrivilegeName (Address: 0x180007238)
  • MapToWellKnownSidType (Address: 0x180007240)
  • RtlCompareLUnicodeStrings (Address: 0x180007230)
  • RtlDowncaseUCSCharacter (Address: 0x180007208)
  • RtlFreeLUnicodeString (Address: 0x180007200)
  • RtlHashLUnicodeString (Address: 0x1800072a0)
  • RtlInitLUnicodeStringFromNullTerminatedString (Address: 0x180007290)
  • RtlInitLUnicodeStringFromUnicodeString (Address: 0x180007298)
  • RtlReallocateLUnicodeString (Address: 0x1800071f8)
  • RtlReportErrorOrigination (Address: 0x180007220)