efsadu.dll
Description: File Encryption Utility
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.4355
Architecture: 64-bit
Operating System: Windows NT
SHA256: d42e0eab514b7d5749161bf549ce6d4e
File Size: 130.0 KB
Uploaded At: Dec. 1, 2025, 7:27 a.m.
Views: 7
Exported Functions
- AddUserToObjectW (Ordinal: 1, Address: 0xc320)
- BackCurrentEfsCert (Ordinal: 2, Address: 0xc0f0)
- EfsDetail (Ordinal: 3, Address: 0x8d70)
- EfsUIUtilCheckScardStatus (Ordinal: 4, Address: 0x8770)
- EfsUIUtilCreateSelfSignedCertificate (Ordinal: 5, Address: 0x86d0)
- EfsUIUtilEncryptMyDocuments (Ordinal: 6, Address: 0x88f0)
- EfsUIUtilEnrollEfsCertificate (Ordinal: 7, Address: 0x88d0)
- EfsUIUtilEnrollEfsCertificateEx (Ordinal: 8, Address: 0x8870)
- EfsUIUtilInstallDra (Ordinal: 9, Address: 0x7b00)
- EfsUIUtilKeyBackup (Ordinal: 10, Address: 0x7e30)
- EfsUIUtilPromptForPin (Ordinal: 11, Address: 0x80d0)
- EfsUIUtilPromptForPinDialog (Ordinal: 12, Address: 0x7e10)
- EfsUIUtilSelectCard (Ordinal: 13, Address: 0x8110)
- EfsUIUtilShowBalloonAndWait (Ordinal: 14, Address: 0x7dd0)
Imported DLLs & Functions
ADVAPI32.dll
- AddUsersToEncryptedFile (Address: 0x180012938)
- ConvertStringSidToSidW (Address: 0x180012920)
- CryptSetProvParam (Address: 0x1800128e0)
- EncryptFileW (Address: 0x180012950)
- EventWriteTransfer (Address: 0x180012918)
- FreeEncryptionCertificateHashList (Address: 0x180012930)
- LsaClose (Address: 0x180012900)
- LsaFreeMemory (Address: 0x180012908)
- LsaLookupSids (Address: 0x180012910)
- LsaOpenPolicy (Address: 0x180012948)
- QueryRecoveryAgentsOnEncryptedFile (Address: 0x180012928)
- QueryUsersOnEncryptedFile (Address: 0x1800128e8)
- RegGetValueW (Address: 0x1800128f8)
- RemoveUsersFromEncryptedFile (Address: 0x180012940)
- SetUserFileEncryptionKeyEx (Address: 0x1800128d8)
- UsePinForEncryptedFilesW (Address: 0x1800128f0)
api-ms-win-core-com-l1-1-0.dll
- CoCreateInstance (Address: 0x1800130e8)
- CoInitializeEx (Address: 0x1800130f0)
- CoTaskMemAlloc (Address: 0x1800130f8)
- CoTaskMemFree (Address: 0x1800130d8)
- CoUninitialize (Address: 0x1800130e0)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x180013108)
- IsDebuggerPresent (Address: 0x180013110)
- OutputDebugStringA (Address: 0x180013120)
- OutputDebugStringW (Address: 0x180013118)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x180013130)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x180013140)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x180013150)
- SetLastError (Address: 0x180013168)
- SetUnhandledExceptionFilter (Address: 0x180013158)
- UnhandledExceptionFilter (Address: 0x180013160)
api-ms-win-core-file-l1-1-0.dll
- FindClose (Address: 0x180013178)
- FindFirstFileExW (Address: 0x180013190)
- FindNextFileW (Address: 0x180013180)
- GetFileAttributesW (Address: 0x180013198)
- GetFullPathNameW (Address: 0x180013188)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x1800131a8)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x1800131c8)
- HeapAlloc (Address: 0x1800131b8)
- HeapFree (Address: 0x1800131c0)
api-ms-win-core-heap-l2-1-0.dll
- LocalAlloc (Address: 0x1800131d8)
- LocalFree (Address: 0x1800131e0)
api-ms-win-core-libraryloader-l1-2-0.dll
- GetModuleFileNameA (Address: 0x180013218)
- GetModuleFileNameW (Address: 0x1800131f0)
- GetModuleHandleExW (Address: 0x180013200)
- GetModuleHandleW (Address: 0x180013208)
- GetProcAddress (Address: 0x180013210)
- LoadStringW (Address: 0x1800131f8)
api-ms-win-core-libraryloader-l1-2-1.dll
- LoadLibraryW (Address: 0x180013228)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x180013248)
- GetLocaleInfoEx (Address: 0x180013238)
- GetUserPreferredUILanguages (Address: 0x180013250)
- IdnToAscii (Address: 0x180013240)
api-ms-win-core-processenvironment-l1-1-0.dll
- GetCurrentDirectoryW (Address: 0x180013268)
- SetCurrentDirectoryW (Address: 0x180013260)
api-ms-win-core-processthreads-l1-1-0.dll
- CreateThread (Address: 0x180013280)
- GetCurrentProcess (Address: 0x180013288)
- GetCurrentProcessId (Address: 0x180013278)
- GetCurrentThread (Address: 0x1800132b0)
- GetCurrentThreadId (Address: 0x1800132a0)
- OpenProcessToken (Address: 0x180013290)
- OpenThreadToken (Address: 0x1800132a8)
- TerminateProcess (Address: 0x180013298)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x1800132c0)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x1800132f0)
- RegCreateKeyExW (Address: 0x1800132d8)
- RegOpenKeyExW (Address: 0x1800132e0)
- RegQueryValueExW (Address: 0x1800132e8)
- RegSetValueExW (Address: 0x1800132d0)
api-ms-win-core-rtlsupport-l1-1-0.dll
- RtlCaptureContext (Address: 0x180013300)
- RtlLookupFunctionEntry (Address: 0x180013310)
- RtlVirtualUnwind (Address: 0x180013308)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x180013340)
- CreateMutexExW (Address: 0x180013328)
- CreateSemaphoreExW (Address: 0x180013338)
- OpenEventW (Address: 0x180013358)
- OpenSemaphoreW (Address: 0x180013350)
- ReleaseMutex (Address: 0x180013320)
- ReleaseSemaphore (Address: 0x180013330)
- ReleaseSRWLockExclusive (Address: 0x180013360)
- WaitForSingleObject (Address: 0x180013348)
- WaitForSingleObjectEx (Address: 0x180013368)
api-ms-win-core-synch-l1-2-0.dll
- Sleep (Address: 0x180013378)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetSystemTimeAsFileTime (Address: 0x180013390)
- GetTickCount (Address: 0x180013388)
api-ms-win-eventing-provider-l1-1-0.dll
- EventEnabled (Address: 0x1800133c8)
- EventProviderEnabled (Address: 0x1800133a8)
- EventRegister (Address: 0x1800133b0)
- EventSetInformation (Address: 0x1800133a0)
- EventUnregister (Address: 0x1800133b8)
- EventWrite (Address: 0x1800133c0)
api-ms-win-security-base-l1-1-0.dll
- CheckTokenMembership (Address: 0x1800133e0)
- CopySid (Address: 0x1800133f0)
- EqualSid (Address: 0x1800133f8)
- GetLengthSid (Address: 0x1800133e8)
- GetTokenInformation (Address: 0x1800133d8)
api-ms-win-security-credentials-l1-1-0.dll
- CredFree (Address: 0x180013410)
- CredMarshalCredentialW (Address: 0x180013408)
api-ms-win-service-management-l1-1-0.dll
- CloseServiceHandle (Address: 0x180013428)
- OpenSCManagerW (Address: 0x180013420)
- OpenServiceW (Address: 0x180013430)
api-ms-win-service-management-l2-1-0.dll
- ChangeServiceConfigW (Address: 0x180013440)
credui.dll
- CredPackAuthenticationBufferW (Address: 0x180013460)
- CredUIPromptForWindowsCredentialsW (Address: 0x180013450)
- CredUnPackAuthenticationBufferW (Address: 0x180013458)
CRYPT32.dll
- CertAddCertificateContextToStore (Address: 0x1800129d0)
- CertAddCertificateLinkToStore (Address: 0x180012970)
- CertCloseStore (Address: 0x180012a00)
- CertCreateCertificateContext (Address: 0x1800129e0)
- CertEnumCertificatesInStore (Address: 0x1800129f8)
- CertFindCertificateInStore (Address: 0x1800129f0)
- CertFindExtension (Address: 0x180012968)
- CertFreeCertificateChain (Address: 0x180012990)
- CertFreeCertificateContext (Address: 0x1800129b8)
- CertGetCertificateChain (Address: 0x180012980)
- CertGetCertificateContextProperty (Address: 0x1800129c8)
- CertGetEnhancedKeyUsage (Address: 0x1800129a0)
- CertGetNameStringW (Address: 0x180012960)
- CertOpenStore (Address: 0x1800129e8)
- CertSetCertificateContextProperty (Address: 0x1800129b0)
- CertVerifyCertificateChainPolicy (Address: 0x180012988)
- CertVerifyTimeValidity (Address: 0x1800129a8)
- CryptBinaryToStringW (Address: 0x1800129c0)
- CryptDecodeObject (Address: 0x1800129d8)
- CryptEncodeObjectEx (Address: 0x180012978)
- CryptStringToBinaryW (Address: 0x180012998)
CRYPTUI.dll
- CryptUIDlgSelectCertificateW (Address: 0x180012a10)
- CryptUIWizExport (Address: 0x180012a18)
DSROLE.dll
- DsRoleFreeMemory (Address: 0x180012a30)
- DsRoleGetPrimaryDomainInformation (Address: 0x180012a28)
EFSUTIL.dll
- EfsUtilApplyGroupPolicy (Address: 0x180012a58)
- EfsUtilCheckCurrentKeyCapabilities (Address: 0x180012a70)
- EfsUtilCreateSelfSignedCertificate (Address: 0x180012a60)
- EfsUtilGetCertContextFromCertHash (Address: 0x180012a48)
- EfsUtilGetCurrentKey (Address: 0x180012a90)
- EfsUtilGetCurrentUserInformation (Address: 0x180012a68)
- EfsUtilGetSmartcardProviderName (Address: 0x180012a80)
- EfsUtilGetUserKey (Address: 0x180012a40)
- EfsUtilReleaseUserKey (Address: 0x180012a88)
- EfsUtilSetSmartcardPin (Address: 0x180012a50)
- EfsUtilSmartcardCredsNeededError (Address: 0x180012a78)
FeClient.dll
- EfsClientFreeKeyInfo (Address: 0x180012aa8)
- EfsClientFreeProtectorList (Address: 0x180012ab0)
- EfsClientGetKeyInfo (Address: 0x180012aa0)
- EfsClientQueryProtectors (Address: 0x180012ab8)
KERNEL32.dll
- ActivateActCtx (Address: 0x180012ad0)
- CreateActCtxW (Address: 0x180012b28)
- DeactivateActCtx (Address: 0x180012ac8)
- DeleteCriticalSection (Address: 0x180012af0)
- EnterCriticalSection (Address: 0x180012b08)
- FindActCtxSectionStringW (Address: 0x180012ad8)
- FreeLibrary (Address: 0x180012ae8)
- GetComputerNameW (Address: 0x180012b18)
- InitializeCriticalSection (Address: 0x180012af8)
- LeaveCriticalSection (Address: 0x180012b00)
- LoadLibraryExW (Address: 0x180012ae0)
- lstrlenW (Address: 0x180012b10)
- QueryActCtxW (Address: 0x180012b20)
logoncli.dll
- DsGetDcNameW (Address: 0x180013470)
MFC42u.dll
- (Address: 0x180012b38)
- (Address: 0x180012b40)
- (Address: 0x180012b48)
- (Address: 0x180012b50)
- (Address: 0x180012b58)
- (Address: 0x180012b60)
- (Address: 0x180012b68)
- (Address: 0x180012b70)
- (Address: 0x180012b78)
- (Address: 0x180012b80)
- (Address: 0x180012b88)
- (Address: 0x180012b90)
- (Address: 0x180012b98)
- (Address: 0x180012ba0)
- (Address: 0x180012ba8)
- (Address: 0x180012bb0)
- (Address: 0x180012bb8)
- (Address: 0x180012bc0)
- (Address: 0x180012bc8)
- (Address: 0x180012bd0)
- (Address: 0x180012bd8)
- (Address: 0x180012be0)
- (Address: 0x180012be8)
- (Address: 0x180012bf0)
- (Address: 0x180012bf8)
- (Address: 0x180012c00)
- (Address: 0x180012c08)
- (Address: 0x180012c10)
- (Address: 0x180012c18)
- (Address: 0x180012c20)
- (Address: 0x180012c28)
- (Address: 0x180012c30)
- (Address: 0x180012c38)
- (Address: 0x180012c40)
- (Address: 0x180012c48)
- (Address: 0x180012c50)
- (Address: 0x180012c58)
- (Address: 0x180012c60)
- (Address: 0x180012c68)
- (Address: 0x180012c70)
- (Address: 0x180012c78)
- (Address: 0x180012c80)
- (Address: 0x180012c88)
- (Address: 0x180012c90)
- (Address: 0x180012c98)
- (Address: 0x180012ca0)
- (Address: 0x180012ca8)
- (Address: 0x180012cb0)
- (Address: 0x180012cb8)
- (Address: 0x180012cc0)
- (Address: 0x180012cc8)
- (Address: 0x180012cd0)
- (Address: 0x180012cd8)
- (Address: 0x180012ce0)
- (Address: 0x180012ce8)
- (Address: 0x180012cf0)
- (Address: 0x180012cf8)
- (Address: 0x180012d00)
- (Address: 0x180012d08)
- (Address: 0x180012d10)
- (Address: 0x180012d18)
- (Address: 0x180012d20)
- (Address: 0x180012d28)
- (Address: 0x180012d30)
- (Address: 0x180012d38)
- (Address: 0x180012d40)
- (Address: 0x180012d48)
- (Address: 0x180012d50)
- (Address: 0x180012d58)
- (Address: 0x180012d60)
- (Address: 0x180012d68)
- (Address: 0x180012d70)
- (Address: 0x180012d78)
- (Address: 0x180012d80)
- (Address: 0x180012d88)
- (Address: 0x180012d90)
- (Address: 0x180012d98)
- (Address: 0x180012da0)
- (Address: 0x180012da8)
- (Address: 0x180012db0)
- (Address: 0x180012db8)
- (Address: 0x180012dc0)
- (Address: 0x180012dc8)
- (Address: 0x180012dd0)
- (Address: 0x180012dd8)
- (Address: 0x180012de0)
- (Address: 0x180012de8)
- (Address: 0x180012df0)
- (Address: 0x180012df8)
- (Address: 0x180012e00)
- (Address: 0x180012e08)
- (Address: 0x180012e10)
- (Address: 0x180012e18)
- (Address: 0x180012e20)
- (Address: 0x180012e28)
- (Address: 0x180012e30)
- (Address: 0x180012e38)
- (Address: 0x180012e40)
- (Address: 0x180012e48)
- (Address: 0x180012e50)
- (Address: 0x180012e58)
- (Address: 0x180012e60)
- (Address: 0x180012e68)
- (Address: 0x180012e70)
- (Address: 0x180012e78)
- (Address: 0x180012e80)
- (Address: 0x180012e88)
- (Address: 0x180012e90)
- (Address: 0x180012e98)
- (Address: 0x180012ea0)
- (Address: 0x180012ea8)
- (Address: 0x180012eb0)
- (Address: 0x180012eb8)
- (Address: 0x180012ec0)
- (Address: 0x180012ec8)
- (Address: 0x180012ed0)
- (Address: 0x180012ed8)
- (Address: 0x180012ee0)
- (Address: 0x180012ee8)
- (Address: 0x180012ef0)
- (Address: 0x180012ef8)
- (Address: 0x180012f00)
- (Address: 0x180012f08)
- (Address: 0x180012f10)
- (Address: 0x180012f18)
- (Address: 0x180012f20)
msvcrt.dll
- __C_specific_handler (Address: 0x180013518)
- __CxxFrameHandler3 (Address: 0x180013568)
- __dllonexit (Address: 0x1800134c8)
- _amsg_exit (Address: 0x1800134e8)
- _CxxThrowException (Address: 0x1800134d8)
- _initterm (Address: 0x1800134e0)
- _lock (Address: 0x180013538)
- _ltow_s (Address: 0x180013500)
- _onexit (Address: 0x1800134c0)
- _unlock (Address: 0x1800134d0)
- _vsnprintf_s (Address: 0x180013520)
- _vsnwprintf (Address: 0x180013490)
- _wcsicmp (Address: 0x1800134f8)
- _wcsnicmp (Address: 0x180013540)
- _XcptFilter (Address: 0x1800134f0)
- ??_V@YAXPEAX@Z (Address: 0x180013488)
- ??0exception@@QEAA@AEBV0@@Z (Address: 0x180013528)
- ??0exception@@QEAA@XZ (Address: 0x180013558)
- ??1exception@@UEAA@XZ (Address: 0x1800134a0)
- ??1type_info@@UEAA@XZ (Address: 0x1800134a8)
- free (Address: 0x180013508)
- malloc (Address: 0x180013510)
- memcmp (Address: 0x180013530)
- memcpy (Address: 0x180013560)
- memcpy_s (Address: 0x180013498)
- memmove (Address: 0x180013480)
- memset (Address: 0x1800134b8)
- strcmp (Address: 0x1800134b0)
- toupper (Address: 0x180013550)
- wcsncmp (Address: 0x180013548)
netutils.dll
- NetApiBufferFree (Address: 0x180013578)
ntdll.dll
- NtQueryInformationToken (Address: 0x1800135a0)
- RtlAllocateAndInitializeSid (Address: 0x180013590)
- RtlFreeSid (Address: 0x180013598)
- RtlNtStatusToDosError (Address: 0x180013588)
ole32.dll
- CoInitialize (Address: 0x1800135b0)
OLEAUT32.dll
- SysAllocString (Address: 0x180012f30)
- SysFreeString (Address: 0x180012f40)
- SysStringByteLen (Address: 0x180012f38)
RPCRT4.dll
- RpcStringFreeW (Address: 0x180012f50)
- UuidCreate (Address: 0x180012f68)
- UuidCreateNil (Address: 0x180012f58)
- UuidFromStringW (Address: 0x180012f70)
- UuidToStringW (Address: 0x180012f60)
SHELL32.dll
- (Address: 0x180012f88)
- (Address: 0x180012f98)
- SHChangeNotifySuspendResume (Address: 0x180012f80)
- SHCreateItemFromParsingName (Address: 0x180012fa0)
- Shell_NotifyIconW (Address: 0x180012f90)
- SHGetFolderPathW (Address: 0x180012fa8)
SHLWAPI.dll
- (Address: 0x180012fb8)
- StrDupW (Address: 0x180012fc0)
urlmon.dll
- CreateUri (Address: 0x1800135c0)
USER32.dll
- DefWindowProcW (Address: 0x180012ff0)
- DestroyWindow (Address: 0x180013020)
- DispatchMessageW (Address: 0x180012fd8)
- EnableWindow (Address: 0x180012fd0)
- GetClientRect (Address: 0x180013008)
- GetMessageW (Address: 0x180013030)
- KillTimer (Address: 0x180013038)
- LoadIconW (Address: 0x180012fe8)
- MessageBoxW (Address: 0x180013000)
- PostMessageW (Address: 0x180013018)
- PostQuitMessage (Address: 0x180012ff8)
- SendMessageW (Address: 0x180013010)
- SetTimer (Address: 0x180012fe0)
- TranslateMessage (Address: 0x180013028)
USERENV.dll
- RefreshPolicy (Address: 0x180013048)
VAULTCLI.dll
- VaultCloseVault (Address: 0x180013070)
- VaultFree (Address: 0x180013058)
- VaultGetItem (Address: 0x180013068)
- VaultOpenVault (Address: 0x180013060)
WLDAP32.dll
- (Address: 0x180013080)
- (Address: 0x180013088)
- (Address: 0x180013090)
- (Address: 0x180013098)
- (Address: 0x1800130a0)
- (Address: 0x1800130a8)
- (Address: 0x1800130b0)
- (Address: 0x1800130b8)
- (Address: 0x1800130c0)
- (Address: 0x1800130c8)