efssvc.dll

Description: EFS Service

Version: 10.0.19041.6328

Architecture: 64-bit

Operating System: Windows NT

SHA256: 88732fb0734f9eaa2c20038a69ae7bdb

File Size: 89.5 KB

Uploaded At: Dec. 1, 2025, 7:27 a.m.

Views: 9

Exported Functions

EfsServiceMain (Ordinal: 1, Address: 0x2370)

Imported DLLs & Functions

api-ms-win-core-debug-l1-1-0.dll

DebugBreak (Address: 0x18000fe28)
IsDebuggerPresent (Address: 0x18000fe20)
OutputDebugStringW (Address: 0x18000fe18)

api-ms-win-core-errorhandling-l1-1-0.dll

GetLastError (Address: 0x18000fe40)
RaiseException (Address: 0x18000fe38)
SetLastError (Address: 0x18000fe50)
SetUnhandledExceptionFilter (Address: 0x18000fe48)
UnhandledExceptionFilter (Address: 0x18000fe58)

api-ms-win-core-featurestaging-l1-1-0.dll

RecordFeatureUsage (Address: 0x18000fe78)
SubscribeFeatureStateChangeNotification (Address: 0x18000fe70)
UnsubscribeFeatureStateChangeNotification (Address: 0x18000fe68)

api-ms-win-core-file-l1-1-0.dll

CreateFileW (Address: 0x18000fe88)
GetFileAttributesW (Address: 0x18000fe90)

api-ms-win-core-handle-l1-1-0.dll

CloseHandle (Address: 0x18000fea0)

api-ms-win-core-heap-l1-1-0.dll

GetProcessHeap (Address: 0x18000feb8)
HeapAlloc (Address: 0x18000feb0)
HeapFree (Address: 0x18000fec0)

api-ms-win-core-heap-l2-1-0.dll

LocalFree (Address: 0x18000fed0)

api-ms-win-core-libraryloader-l1-2-0.dll

FreeLibrary (Address: 0x18000fee8)
GetModuleFileNameA (Address: 0x18000fee0)
GetModuleHandleExW (Address: 0x18000ff00)
GetModuleHandleW (Address: 0x18000fef8)
GetProcAddress (Address: 0x18000ff08)
LoadLibraryExA (Address: 0x18000fef0)

api-ms-win-core-localization-l1-2-0.dll

FormatMessageW (Address: 0x18000ff18)

api-ms-win-core-memory-l1-1-0.dll

VirtualProtect (Address: 0x18000ff28)
VirtualQuery (Address: 0x18000ff30)

api-ms-win-core-processthreads-l1-1-0.dll

GetCurrentProcess (Address: 0x18000ff40)
GetCurrentProcessId (Address: 0x18000ff60)
GetCurrentThreadId (Address: 0x18000ff48)
OpenProcessToken (Address: 0x18000ff58)
TerminateProcess (Address: 0x18000ff50)

api-ms-win-core-profile-l1-1-0.dll

QueryPerformanceCounter (Address: 0x18000ff70)

api-ms-win-core-registry-l1-1-0.dll

RegGetValueW (Address: 0x18000ff80)

api-ms-win-core-rtlsupport-l1-1-0.dll

RtlCaptureContext (Address: 0x18000ffa0)
RtlLookupFunctionEntry (Address: 0x18000ff98)
RtlVirtualUnwind (Address: 0x18000ff90)

api-ms-win-core-synch-l1-1-0.dll

AcquireSRWLockExclusive (Address: 0x18000ffd8)
CreateEventW (Address: 0x18000ffd0)
CreateMutexExW (Address: 0x180010000)
CreateSemaphoreExW (Address: 0x18000ffb0)
OpenSemaphoreW (Address: 0x18000fff8)
ReleaseMutex (Address: 0x18000fff0)
ReleaseSemaphore (Address: 0x18000ffe8)
ReleaseSRWLockExclusive (Address: 0x18000ffc0)
SetEvent (Address: 0x18000ffc8)
WaitForSingleObject (Address: 0x18000ffe0)
WaitForSingleObjectEx (Address: 0x18000ffb8)

api-ms-win-core-synch-l1-2-0.dll

InitOnceBeginInitialize (Address: 0x180010020)
InitOnceComplete (Address: 0x180010018)
Sleep (Address: 0x180010010)

api-ms-win-core-sysinfo-l1-1-0.dll

GetSystemInfo (Address: 0x180010030)
GetSystemTimeAsFileTime (Address: 0x180010040)
GetTickCount (Address: 0x180010038)

api-ms-win-eventing-provider-l1-1-0.dll

EventRegister (Address: 0x180010060)
EventSetInformation (Address: 0x180010050)
EventUnregister (Address: 0x180010068)
EventWriteTransfer (Address: 0x180010058)

api-ms-win-security-base-l1-1-0.dll

CheckTokenMembership (Address: 0x180010098)
CreateWellKnownSid (Address: 0x180010078)
GetSidSubAuthority (Address: 0x180010090)
GetSidSubAuthorityCount (Address: 0x1800100a0)
GetTokenInformation (Address: 0x180010080)
IsWellKnownSid (Address: 0x180010088)

api-ms-win-security-sddl-l1-1-0.dll

ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x1800100b0)

api-ms-win-service-core-l1-1-0.dll

RegisterServiceCtrlHandlerExW (Address: 0x1800100c0)
SetServiceStatus (Address: 0x1800100c8)

msvcrt.dll

__C_specific_handler (Address: 0x180010120)
__dllonexit (Address: 0x180010108)
_amsg_exit (Address: 0x180010130)
_callnewh (Address: 0x180010148)
_initterm (Address: 0x180010128)
_lock (Address: 0x180010118)
_onexit (Address: 0x180010100)
_unlock (Address: 0x180010110)
_vsnwprintf (Address: 0x1800100e0)
_wcsicmp (Address: 0x1800100e8)
_XcptFilter (Address: 0x180010138)
free (Address: 0x180010140)
malloc (Address: 0x180010150)
memcpy (Address: 0x1800100f8)
memcpy_s (Address: 0x1800100f0)
memset (Address: 0x1800100d8)

ntdll.dll

EtwEventEnabled (Address: 0x180010190)
EtwEventRegister (Address: 0x1800101a0)
EtwEventUnregister (Address: 0x180010198)
EtwEventWrite (Address: 0x180010188)
NtClearEvent (Address: 0x1800101d8)
NtClose (Address: 0x1800101e0)
NtCreateEvent (Address: 0x1800101b8)
NtOpenEvent (Address: 0x1800101b0)
NtOpenThreadToken (Address: 0x180010170)
NtQueryInformationToken (Address: 0x180010160)
NtQueryVolumeInformationFile (Address: 0x1800101c0)
NtSetEvent (Address: 0x1800101a8)
RtlAllocateHeap (Address: 0x180010168)
RtlFreeHeap (Address: 0x1800101e8)
RtlInitUnicodeString (Address: 0x1800101c8)
RtlNtStatusToDosError (Address: 0x1800101d0)
RtlValidRelativeSecurityDescriptor (Address: 0x180010178)
RtlValidSid (Address: 0x180010180)

RPCRT4.dll

I_RpcBindingIsClientLocal (Address: 0x18000fdc0)
I_RpcOpenClientProcess (Address: 0x18000fdd8)
NdrServerCall2 (Address: 0x18000fd90)
NdrServerCallAll (Address: 0x18000fde8)
RpcBindingInqAuthClientW (Address: 0x18000fd98)
RpcBindingToStringBindingW (Address: 0x18000fdc8)
RpcImpersonateClient (Address: 0x18000fda8)
RpcRaiseException (Address: 0x18000fdd0)
RpcRevertToSelf (Address: 0x18000fda0)
RpcServerInqCallAttributesW (Address: 0x18000fde0)
RpcServerInterfaceGroupActivate (Address: 0x18000fdf0)
RpcServerInterfaceGroupClose (Address: 0x18000fe08)
RpcServerInterfaceGroupCreateW (Address: 0x18000fdf8)
RpcServerRegisterAuthInfoW (Address: 0x18000fe00)
RpcStringBindingParseW (Address: 0x18000fdb0)
RpcStringFreeW (Address: 0x18000fdb8)