reseteng.dll

Description: Microsoft Windows Reset Engine

Version: 10.0.19041.6456

Architecture: 64-bit

Operating System: Windows NT

SHA256: 1428a41f7131f23967f49bb6c072e76f

File Size: 1.2 MB

Uploaded At: Dec. 1, 2025, 7:37 a.m.

Views: 5

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

RjvApplyData (Ordinal: 1, Address: 0x5ad0)
RjvApplyDataEntryPoint (Ordinal: 2, Address: 0xa110)
RjvBareMetalResetAvailable (Ordinal: 3, Address: 0x39c0)
RjvBasicReset (Ordinal: 4, Address: 0x5440)
RjvBasicResetChecks (Ordinal: 5, Address: 0x41f0)
RjvCheckBattery (Ordinal: 6, Address: 0x7f00)
RjvCheckBitLocker (Ordinal: 7, Address: 0x8070)
RjvCheckDiskSpace (Ordinal: 8, Address: 0x81b0)
RjvCheckOsHealth (Ordinal: 9, Address: 0x8460)
RjvCheckWinRE (Ordinal: 10, Address: 0x7710)
RjvCleanup (Ordinal: 11, Address: 0x6090)
RjvCommitReset (Ordinal: 12, Address: 0x9c60)
RjvCreateSuccessTaskEntryPoint (Ordinal: 13, Address: 0x9dd0)
RjvDelayedCleanup (Ordinal: 14, Address: 0x6440)
RjvDelayedCleanupEntryPoint (Ordinal: 15, Address: 0x9e30)
RjvFactoryImageAvailable (Ordinal: 16, Address: 0x36c0)
RjvFactoryReset (Ordinal: 17, Address: 0x56b0)
RjvFactoryResetChecks (Ordinal: 18, Address: 0x45e0)
RjvFinalize (Ordinal: 19, Address: 0x9d80)
RjvGenerateImageBasedBMRConfigData (Ordinal: 20, Address: 0x76d0)
RjvGenerateReconstructionBMRConfigData (Ordinal: 21, Address: 0x76f0)
RjvGetCloudRecInfo (Ordinal: 22, Address: 0xd150)
RjvGetVolumeInfo (Ordinal: 23, Address: 0x8a30)
RjvInitializeEngine (Ordinal: 24, Address: 0x23d0)
RjvInitializeSystemPartitionInfo (Ordinal: 25, Address: 0xd380)
RjvIsCloudRec (Ordinal: 26, Address: 0xd0e0)
RjvLoadState (Ordinal: 27, Address: 0x8f50)
RjvLogFailureEntryPoint (Ordinal: 28, Address: 0xa050)
RjvLogSuccessEntryPoint (Ordinal: 29, Address: 0x9e40)
RjvOfflineCleanup (Ordinal: 30, Address: 0x94b0)
RjvPDeleteFilesFromVolumeBeforeWimApply (Ordinal: 31, Address: 0x228a0)
RjvPEraseVolume (Ordinal: 32, Address: 0x239b0)
RjvPolicyAllowsReset (Ordinal: 33, Address: 0x3dd0)
RjvPostApplyDataEntryPoint (Ordinal: 34, Address: 0xa450)
RjvPreApplyDataEntryPoint (Ordinal: 35, Address: 0xa1c0)
RjvPrepareForReset (Ordinal: 36, Address: 0x4db0)
RjvReInitializeEngine (Ordinal: 37, Address: 0x2a60)
RjvRePartitionSystemDisk (Ordinal: 38, Address: 0xd1b0)
RjvRePartitionSystemDiskEx (Ordinal: 39, Address: 0xd500)
RjvRollBack (Ordinal: 40, Address: 0x62d0)
RjvSaveState (Ordinal: 41, Address: 0x92d0)
RjvSendCancelEvent (Ordinal: 42, Address: 0x35c0)
RjvSetCloudRecInfo (Ordinal: 43, Address: 0xd0f0)
RjvStageBasicReset (Ordinal: 44, Address: 0x9a30)
RjvStartLogging (Ordinal: 45, Address: 0x21c0)
RjvStopLogging (Ordinal: 46, Address: 0x2370)
RjvSysResetErrBasicEntryPoint (Ordinal: 47, Address: 0xa5f0)
RjvSysResetErrFactoryEntryPoint (Ordinal: 48, Address: 0xa570)
RjvTestFunction (Ordinal: 49, Address: 0xd080)
RjvUndoPrepareForReset (Ordinal: 50, Address: 0x5340)
RjvUninitializeEngine (Ordinal: 51, Address: 0x34f0)
RjvVerifySystemDiskInfo (Ordinal: 52, Address: 0x4a80)

Imported DLLs & Functions

ADVAPI32.dll

AdjustTokenPrivileges (Address: 0x1800e4fa0)
CloseEncryptedFileRaw (Address: 0x1800e4ff0)
CloseTrace (Address: 0x1800e50f8)
ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x1800e5080)
CryptAcquireContextW (Address: 0x1800e50c0)
CryptGenRandom (Address: 0x1800e50b8)
EnableTraceEx (Address: 0x1800e5100)
EventProviderEnabled (Address: 0x1800e50e8)
EventRegister (Address: 0x1800e4fa8)
EventSetInformation (Address: 0x1800e4fb0)
EventUnregister (Address: 0x1800e5120)
EventWrite (Address: 0x1800e5030)
EventWriteTransfer (Address: 0x1800e4fb8)
GetAclInformation (Address: 0x1800e5018)
GetFileSecurityW (Address: 0x1800e50b0)
GetSecurityDescriptorControl (Address: 0x1800e5028)
GetSecurityDescriptorDacl (Address: 0x1800e5068)
GetSecurityDescriptorGroup (Address: 0x1800e5070)
GetSecurityDescriptorLength (Address: 0x1800e5020)
GetSecurityDescriptorOwner (Address: 0x1800e5078)
GetSecurityDescriptorSacl (Address: 0x1800e5060)
GetSecurityInfo (Address: 0x1800e5040)
InitiateSystemShutdownExW (Address: 0x1800e5090)
LookupPrivilegeValueW (Address: 0x1800e5098)
OpenEncryptedFileRawW (Address: 0x1800e5000)
OpenProcessToken (Address: 0x1800e50a0)
RegCloseKey (Address: 0x1800e4fe0)
RegCopyTreeW (Address: 0x1800e5048)
RegCreateKeyExW (Address: 0x1800e50c8)
RegDeleteTreeW (Address: 0x1800e5050)
RegDeleteValueW (Address: 0x1800e5010)
RegEnumKeyExW (Address: 0x1800e50d0)
RegFlushKey (Address: 0x1800e5008)
RegGetValueW (Address: 0x1800e4fc8)
RegLoadKeyW (Address: 0x1800e4fc0)
RegOpenKeyExW (Address: 0x1800e4fd8)
RegQueryInfoKeyW (Address: 0x1800e50d8)
RegQueryValueExW (Address: 0x1800e50e0)
RegSetKeyValueW (Address: 0x1800e4fd0)
RegSetValueExW (Address: 0x1800e5110)
RegUnLoadKeyW (Address: 0x1800e5118)
RevertToSelf (Address: 0x1800e4fe8)
SetFileSecurityW (Address: 0x1800e50a8)
SetNamedSecurityInfoW (Address: 0x1800e5058)
SetSecurityInfo (Address: 0x1800e5038)
StartTraceW (Address: 0x1800e5108)
StopTraceW (Address: 0x1800e50f0)
TraceMessage (Address: 0x1800e5088)
WriteEncryptedFileRaw (Address: 0x1800e4ff8)

bcrypt.dll

BCryptCloseAlgorithmProvider (Address: 0x1800e58b8)
BCryptCreateHash (Address: 0x1800e58a0)
BCryptDestroyHash (Address: 0x1800e5888)
BCryptFinishHash (Address: 0x1800e5890)
BCryptGetProperty (Address: 0x1800e58a8)
BCryptHashData (Address: 0x1800e5898)
BCryptOpenAlgorithmProvider (Address: 0x1800e58b0)

Cabinet.dll

(Address: 0x1800e5130)
(Address: 0x1800e5138)
(Address: 0x1800e5140)

dbghelp.dll

ImageNtHeader (Address: 0x1800e58c8)

DismApi.DLL

_DismAddDriverEx (Address: 0x1800e5168)
_DismGetCurrentEdition (Address: 0x1800e5180)
_DismGetOsInfo (Address: 0x1800e5188)
_DismSetProductKey (Address: 0x1800e5160)
DismCloseSession (Address: 0x1800e5170)
DismDelete (Address: 0x1800e5178)
DismInitialize (Address: 0x1800e5198)
DismMountImage (Address: 0x1800e5158)
DismOpenSession (Address: 0x1800e5190)
DismShutdown (Address: 0x1800e51a0)
DismUnmountImage (Address: 0x1800e5150)

FLTLIB.DLL

FilterAttach (Address: 0x1800e51b8)
FilterLoad (Address: 0x1800e51b0)

imagehlp.dll

ImageLoad (Address: 0x1800e58e0)
ImageUnload (Address: 0x1800e58d8)

KERNEL32.dll

AcquireSRWLockExclusive (Address: 0x1800e55b8)
AcquireSRWLockShared (Address: 0x1800e55a8)
AddDllDirectory (Address: 0x1800e52a0)
CloseHandle (Address: 0x1800e54d0)
CloseThreadpoolTimer (Address: 0x1800e5578)
CompareStringW (Address: 0x1800e53e8)
CopyFile2 (Address: 0x1800e52e8)
CopyFileExW (Address: 0x1800e5378)
CopyFileW (Address: 0x1800e54c0)
CreateDirectoryW (Address: 0x1800e5260)
CreateEventW (Address: 0x1800e5390)
CreateFileMappingW (Address: 0x1800e5280)
CreateFileW (Address: 0x1800e5490)
CreateHardLinkW (Address: 0x1800e5600)
CreateMutexExW (Address: 0x1800e5530)
CreatePipe (Address: 0x1800e5270)
CreateProcessW (Address: 0x1800e5278)
CreateSemaphoreExW (Address: 0x1800e5520)
CreateSemaphoreW (Address: 0x1800e53b0)
CreateThread (Address: 0x1800e52a8)
CreateThreadpoolTimer (Address: 0x1800e5548)
DebugBreak (Address: 0x1800e55d8)
DeleteCriticalSection (Address: 0x1800e5558)
DeleteFileW (Address: 0x1800e54a8)
DeviceIoControl (Address: 0x1800e51f8)
DosDateTimeToFileTime (Address: 0x1800e5418)
DuplicateHandle (Address: 0x1800e5380)
EnterCriticalSection (Address: 0x1800e5568)
ExpandEnvironmentStringsW (Address: 0x1800e5690)
FindClose (Address: 0x1800e5250)
FindFirstFileExW (Address: 0x1800e5448)
FindFirstFileW (Address: 0x1800e5240)
FindFirstVolumeW (Address: 0x1800e5660)
FindNextFileW (Address: 0x1800e5248)
FindNextVolumeW (Address: 0x1800e5650)
FindVolumeClose (Address: 0x1800e5648)
FlushFileBuffers (Address: 0x1800e55f8)
FormatMessageW (Address: 0x1800e55f0)
FreeLibrary (Address: 0x1800e52b8)
GetCurrentDirectoryW (Address: 0x1800e5298)
GetCurrentProcess (Address: 0x1800e5300)
GetCurrentProcessId (Address: 0x1800e5328)
GetCurrentThread (Address: 0x1800e5510)
GetCurrentThreadId (Address: 0x1800e5330)
GetDiskFreeSpaceExW (Address: 0x1800e5680)
GetDiskFreeSpaceW (Address: 0x1800e5228)
GetDriveTypeW (Address: 0x1800e5658)
GetEnvironmentVariableW (Address: 0x1800e5640)
GetExitCodeProcess (Address: 0x1800e5398)
GetFileAttributesW (Address: 0x1800e5478)
GetFileInformationByHandle (Address: 0x1800e54e8)
GetFileInformationByHandleEx (Address: 0x1800e5428)
GetFileSize (Address: 0x1800e5210)
GetFileSizeEx (Address: 0x1800e5480)
GetFileTime (Address: 0x1800e52f0)
GetFinalPathNameByHandleW (Address: 0x1800e53f0)
GetFirmwareEnvironmentVariableW (Address: 0x1800e5218)
GetFullPathNameW (Address: 0x1800e5348)
GetHandleInformation (Address: 0x1800e5500)
GetLastError (Address: 0x1800e54c8)
GetLocalTime (Address: 0x1800e5368)
GetLongPathNameW (Address: 0x1800e5430)
GetModuleFileNameA (Address: 0x1800e55e0)
GetModuleFileNameW (Address: 0x1800e51e0)
GetModuleHandleExW (Address: 0x1800e55e8)
GetModuleHandleW (Address: 0x1800e55d0)
GetOverlappedResult (Address: 0x1800e5508)
GetPrivateProfileSectionW (Address: 0x1800e5388)
GetProcAddress (Address: 0x1800e52b0)
GetProcessHeap (Address: 0x1800e5238)
GetSystemDirectoryW (Address: 0x1800e53f8)
GetSystemInfo (Address: 0x1800e51f0)
GetSystemPowerStatus (Address: 0x1800e5688)
GetSystemTimeAsFileTime (Address: 0x1800e5678)
GetSystemWindowsDirectoryW (Address: 0x1800e54b8)
GetTempPathW (Address: 0x1800e5618)
GetThreadPreferredUILanguages (Address: 0x1800e5608)
GetTickCount (Address: 0x1800e5338)
GetTickCount64 (Address: 0x1800e5470)
GetVersionExA (Address: 0x1800e5450)
GetVersionExW (Address: 0x1800e51d8)
GetVolumeInformationByHandleW (Address: 0x1800e53b8)
GetVolumeInformationW (Address: 0x1800e5540)
GetVolumeNameForVolumeMountPointW (Address: 0x1800e5208)
GetVolumePathNamesForVolumeNameW (Address: 0x1800e5220)
GetVolumePathNameW (Address: 0x1800e5200)
GetWindowsDirectoryW (Address: 0x1800e5628)
GlobalMemoryStatusEx (Address: 0x1800e53c0)
HeapAlloc (Address: 0x1800e5230)
HeapDestroy (Address: 0x1800e5458)
HeapFree (Address: 0x1800e5258)
HeapReAlloc (Address: 0x1800e54d8)
HeapSize (Address: 0x1800e5438)
InitializeCriticalSection (Address: 0x1800e5518)
InitializeCriticalSectionAndSpinCount (Address: 0x1800e5350)
InitializeCriticalSectionEx (Address: 0x1800e5560)
IsDebuggerPresent (Address: 0x1800e55c8)
LeaveCriticalSection (Address: 0x1800e5528)
LoadLibraryExW (Address: 0x1800e53a0)
LoadLibraryW (Address: 0x1800e5620)
LocalAlloc (Address: 0x1800e52d0)
LocalFileTimeToFileTime (Address: 0x1800e5420)
LocalFree (Address: 0x1800e52d8)
LockFileEx (Address: 0x1800e5358)
lstrcmpiW (Address: 0x1800e51e8)
MapViewOfFile (Address: 0x1800e5288)
MoveFileExW (Address: 0x1800e5538)
MultiByteToWideChar (Address: 0x1800e5630)
OpenEventW (Address: 0x1800e53c8)
OpenProcess (Address: 0x1800e5370)
OpenSemaphoreW (Address: 0x1800e5550)
OutputDebugStringW (Address: 0x1800e55c0)
PowerCreateRequest (Address: 0x1800e56a0)
PowerSetRequest (Address: 0x1800e5698)
QueryPerformanceCounter (Address: 0x1800e5320)
RaiseException (Address: 0x1800e5440)
ReadFile (Address: 0x1800e5488)
ReleaseMutex (Address: 0x1800e5590)
ReleaseSemaphore (Address: 0x1800e5598)
ReleaseSRWLockExclusive (Address: 0x1800e55b0)
ReleaseSRWLockShared (Address: 0x1800e55a0)
RemoveDirectoryW (Address: 0x1800e5308)
ResetEvent (Address: 0x1800e5410)
SetCurrentDirectoryW (Address: 0x1800e54b0)
SetEndOfFile (Address: 0x1800e54f0)
SetErrorMode (Address: 0x1800e5668)
SetEvent (Address: 0x1800e51c8)
SetFileAttributesW (Address: 0x1800e5268)
SetFileInformationByHandle (Address: 0x1800e5340)
SetFilePointer (Address: 0x1800e5498)
SetFilePointerEx (Address: 0x1800e54f8)
SetFileTime (Address: 0x1800e52e0)
SetFirmwareEnvironmentVariableW (Address: 0x1800e52f8)
SetLastError (Address: 0x1800e5638)
SetThreadIdealProcessor (Address: 0x1800e54e0)
SetThreadpoolTimer (Address: 0x1800e5588)
SetUnhandledExceptionFilter (Address: 0x1800e5318)
SetVolumeMountPointW (Address: 0x1800e52c8)
Sleep (Address: 0x1800e5670)
SleepConditionVariableSRW (Address: 0x1800e5468)
SystemTimeToFileTime (Address: 0x1800e56a8)
TerminateProcess (Address: 0x1800e53a8)
TlsAlloc (Address: 0x1800e53d0)
TlsFree (Address: 0x1800e53d8)
TlsGetValue (Address: 0x1800e53e0)
TlsSetValue (Address: 0x1800e5400)
UnhandledExceptionFilter (Address: 0x1800e5310)
UnlockFileEx (Address: 0x1800e5360)
UnmapViewOfFile (Address: 0x1800e5290)
WaitForMultipleObjects (Address: 0x1800e52c0)
WaitForMultipleObjectsEx (Address: 0x1800e5408)
WaitForSingleObject (Address: 0x1800e51d0)
WaitForSingleObjectEx (Address: 0x1800e5570)
WaitForThreadpoolTimerCallbacks (Address: 0x1800e5580)
WakeAllConditionVariable (Address: 0x1800e5460)
WideCharToMultiByte (Address: 0x1800e5610)
WriteFile (Address: 0x1800e54a0)

msvcrt.dll

__C_specific_handler (Address: 0x1800e5a38)
__CxxFrameHandler3 (Address: 0x1800e5b08)
__dllonexit (Address: 0x1800e59a0)
_amsg_exit (Address: 0x1800e59d0)
_atoi64 (Address: 0x1800e5a18)
_callnewh (Address: 0x1800e59e8)
_CxxThrowException (Address: 0x1800e59e0)
_errno (Address: 0x1800e5ab0)
_initterm (Address: 0x1800e59c8)
_lock (Address: 0x1800e59b0)
_onexit (Address: 0x1800e5998)
_purecall (Address: 0x1800e5a40)
_set_errno (Address: 0x1800e5aa0)
_snwprintf_s (Address: 0x1800e5a80)
_snwscanf_s (Address: 0x1800e5960)
_ultow_s (Address: 0x1800e5948)
_unlock (Address: 0x1800e59a8)
_vscwprintf (Address: 0x1800e5ad0)
_vsnprintf (Address: 0x1800e5a90)
_vsnprintf_s (Address: 0x1800e5930)
_vsnwprintf (Address: 0x1800e5b18)
_vsnwprintf_s (Address: 0x1800e5950)
_wcsdup (Address: 0x1800e5a58)
_wcsicmp (Address: 0x1800e5b30)
_wcslwr (Address: 0x1800e5900)
_wcslwr_s (Address: 0x1800e5a30)
_wcsnicmp (Address: 0x1800e5ac8)
_wcstoi64 (Address: 0x1800e58f8)
_wcsupr (Address: 0x1800e5968)
_wfopen_s (Address: 0x1800e5b10)
_wtoi (Address: 0x1800e5b00)
_XcptFilter (Address: 0x1800e59d8)
??0exception@@QEAA@AEBQEBDH@Z (Address: 0x1800e5a08)
??0exception@@QEAA@AEBV0@@Z (Address: 0x1800e5a00)
??0exception@@QEAA@XZ (Address: 0x1800e5928)
??1exception@@UEAA@XZ (Address: 0x1800e59f8)
??1type_info@@UEAA@XZ (Address: 0x1800e59b8)
?terminate@@YAXXZ (Address: 0x1800e59c0)
?what@exception@@UEBAPEBDXZ (Address: 0x1800e59f0)
atol (Address: 0x1800e5a20)
fclose (Address: 0x1800e5ae8)
fflush (Address: 0x1800e5ad8)
fread (Address: 0x1800e5af0)
free (Address: 0x1800e5b28)
fwprintf_s (Address: 0x1800e5a78)
fwrite (Address: 0x1800e5ae0)
iswalpha (Address: 0x1800e5a88)
iswspace (Address: 0x1800e5ac0)
malloc (Address: 0x1800e5b20)
memcmp (Address: 0x1800e5980)
memcpy (Address: 0x1800e5988)
memcpy_s (Address: 0x1800e5938)
memmove (Address: 0x1800e5b38)
memmove_s (Address: 0x1800e5920)
memset (Address: 0x1800e5990)
qsort (Address: 0x1800e5908)
sprintf_s (Address: 0x1800e5a48)
strcpy_s (Address: 0x1800e5910)
strncmp (Address: 0x1800e5970)
swprintf_s (Address: 0x1800e5a60)
swscanf_s (Address: 0x1800e5a28)
toupper (Address: 0x1800e5978)
towupper (Address: 0x1800e5af8)
wcscat_s (Address: 0x1800e5a68)
wcschr (Address: 0x1800e5ab8)
wcscmp (Address: 0x1800e5b40)
wcscpy_s (Address: 0x1800e5a70)
wcsncmp (Address: 0x1800e58f0)
wcsncpy_s (Address: 0x1800e5958)
wcsnlen (Address: 0x1800e5a50)
wcsrchr (Address: 0x1800e5a98)
wcsstr (Address: 0x1800e5a10)
wcstol (Address: 0x1800e5aa8)
wcstoul (Address: 0x1800e5940)
wprintf (Address: 0x1800e5918)

ntdll.dll

DbgPrintEx (Address: 0x1800e5d50)
LdrGetDllHandle (Address: 0x1800e5c30)
LdrGetProcedureAddress (Address: 0x1800e5c40)
NtAdjustPrivilegesToken (Address: 0x1800e5bd8)
NtClose (Address: 0x1800e5da8)
NtCreateFile (Address: 0x1800e5db0)
NtDeviceIoControlFile (Address: 0x1800e5b98)
NtEnumerateBootEntries (Address: 0x1800e5b60)
NtOpenDirectoryObject (Address: 0x1800e5b70)
NtOpenFile (Address: 0x1800e5da0)
NtOpenKey (Address: 0x1800e5ba8)
NtOpenProcessTokenEx (Address: 0x1800e5bd0)
NtOpenSymbolicLinkObject (Address: 0x1800e5bb0)
NtOpenThreadTokenEx (Address: 0x1800e5bc0)
NtPrivilegeCheck (Address: 0x1800e5bb8)
NtQueryBootEntryOrder (Address: 0x1800e5b88)
NtQueryBootOptions (Address: 0x1800e5b80)
NtQueryDirectoryFile (Address: 0x1800e5e20)
NtQueryDirectoryObject (Address: 0x1800e5b68)
NtQueryInformationFile (Address: 0x1800e5dd0)
NtQueryInformationProcess (Address: 0x1800e5dc0)
NtQuerySymbolicLinkObject (Address: 0x1800e5ba0)
NtQuerySystemInformation (Address: 0x1800e5e10)
NtQueryValueKey (Address: 0x1800e5b90)
NtQueryVolumeInformationFile (Address: 0x1800e5dc8)
NtSetEaFile (Address: 0x1800e5d98)
NtSetInformationFile (Address: 0x1800e5db8)
NtSetInformationThread (Address: 0x1800e5bc8)
NtSetSecurityObject (Address: 0x1800e5dd8)
NtTranslateFilePath (Address: 0x1800e5b78)
NtYieldExecution (Address: 0x1800e5d40)
RtlAcquireResourceExclusive (Address: 0x1800e5d80)
RtlAcquireResourceShared (Address: 0x1800e5d78)
RtlAddAccessAllowedAceEx (Address: 0x1800e5cb8)
RtlAdjustPrivilege (Address: 0x1800e5e18)
RtlAllocateAndInitializeSid (Address: 0x1800e5cb0)
RtlAllocateHeap (Address: 0x1800e5e08)
RtlAppendUnicodeStringToString (Address: 0x1800e5ea0)
RtlAppendUnicodeToString (Address: 0x1800e5cf8)
RtlCaptureContext (Address: 0x1800e5e88)
RtlCheckPortableOperatingSystem (Address: 0x1800e5b50)
RtlCompareMemory (Address: 0x1800e5b58)
RtlCreateAcl (Address: 0x1800e5c70)
RtlCreateSecurityDescriptor (Address: 0x1800e5c58)
RtlDeleteResource (Address: 0x1800e5d68)
RtlDosPathNameToNtPathName_U (Address: 0x1800e5e58)
RtlFindAceByType (Address: 0x1800e5de0)
RtlFreeHeap (Address: 0x1800e5e70)
RtlFreeSid (Address: 0x1800e5c90)
RtlFreeUnicodeString (Address: 0x1800e5e00)
RtlGetLastNtStatus (Address: 0x1800e5df0)
RtlGetVersion (Address: 0x1800e5e60)
RtlGUIDFromString (Address: 0x1800e5d00)
RtlImpersonateSelf (Address: 0x1800e5d90)
RtlInitAnsiString (Address: 0x1800e5df8)
RtlInitializeCriticalSection (Address: 0x1800e5d60)
RtlInitializeResource (Address: 0x1800e5d88)
RtlInitUnicodeString (Address: 0x1800e5e68)
RtlLengthSecurityDescriptor (Address: 0x1800e5ce8)
RtlLengthSid (Address: 0x1800e5ca8)
RtlLookupFunctionEntry (Address: 0x1800e5e90)
RtlNtStatusToDosError (Address: 0x1800e5e80)
RtlNtStatusToDosErrorNoTeb (Address: 0x1800e5e78)
RtlRaiseStatus (Address: 0x1800e5d58)
RtlReAllocateHeap (Address: 0x1800e5d48)
RtlReleaseResource (Address: 0x1800e5d70)
RtlSetControlSecurityDescriptor (Address: 0x1800e5de8)
RtlSetDaclSecurityDescriptor (Address: 0x1800e5cd8)
RtlSetOwnerSecurityDescriptor (Address: 0x1800e5ce0)
RtlStringFromGUID (Address: 0x1800e5d38)
RtlVirtualUnwind (Address: 0x1800e5e98)
WinSqmEndSession (Address: 0x1800e5e30)
WinSqmSetDWORD (Address: 0x1800e5e48)
WinSqmSetDWORD64 (Address: 0x1800e5e40)
WinSqmSetString (Address: 0x1800e5e38)
WinSqmStartSession (Address: 0x1800e5e50)
ZwAllocateUuids (Address: 0x1800e5c08)
ZwClose (Address: 0x1800e5d28)
ZwCreateFile (Address: 0x1800e5cd0)
ZwCreateKey (Address: 0x1800e5cc8)
ZwDeleteFile (Address: 0x1800e5c20)
ZwDeleteKey (Address: 0x1800e5c88)
ZwDeleteValueKey (Address: 0x1800e5ca0)
ZwDeviceIoControlFile (Address: 0x1800e5bf8)
ZwEnumerateKey (Address: 0x1800e5c80)
ZwLoadKey (Address: 0x1800e5cc0)
ZwOpenDirectoryObject (Address: 0x1800e5be0)
ZwOpenFile (Address: 0x1800e5d30)
ZwOpenKey (Address: 0x1800e5c48)
ZwOpenMutant (Address: 0x1800e5d08)
ZwOpenProcess (Address: 0x1800e5c10)
ZwOpenSymbolicLinkObject (Address: 0x1800e5be8)
ZwQueryAttributesFile (Address: 0x1800e5cf0)
ZwQueryDirectoryObject (Address: 0x1800e5bf0)
ZwQueryInformationFile (Address: 0x1800e5c18)
ZwQueryInformationProcess (Address: 0x1800e5c28)
ZwQueryKey (Address: 0x1800e5d18)
ZwQuerySymbolicLinkObject (Address: 0x1800e5c00)
ZwQuerySystemInformation (Address: 0x1800e5e28)
ZwQueryValueKey (Address: 0x1800e5c78)
ZwQueryVolumeInformationFile (Address: 0x1800e5c38)
ZwReleaseMutant (Address: 0x1800e5d10)
ZwSaveKey (Address: 0x1800e5c98)
ZwSetSecurityObject (Address: 0x1800e5c68)
ZwSetValueKey (Address: 0x1800e5c50)
ZwUnloadKey (Address: 0x1800e5c60)
ZwWaitForSingleObject (Address: 0x1800e5d20)

ole32.dll

CoCreateGuid (Address: 0x1800e5ec0)
CoCreateInstance (Address: 0x1800e5ed0)
CoInitializeEx (Address: 0x1800e5eb8)
CoInitializeSecurity (Address: 0x1800e5eb0)
CoSetProxyBlanket (Address: 0x1800e5ed8)
CoTaskMemFree (Address: 0x1800e5ee0)
CoUninitialize (Address: 0x1800e5ec8)

OLEAUT32.dll

SafeArrayAccessData (Address: 0x1800e56f0)
SafeArrayUnaccessData (Address: 0x1800e56e0)
SysAllocString (Address: 0x1800e56c8)
SysAllocStringLen (Address: 0x1800e56f8)
SysFreeString (Address: 0x1800e56e8)
SysStringByteLen (Address: 0x1800e56d0)
SysStringLen (Address: 0x1800e56d8)
VariantClear (Address: 0x1800e56c0)
VariantCopy (Address: 0x1800e5700)
VariantInit (Address: 0x1800e56b8)

ReAgent.dll

WinReDeleteLogFiles (Address: 0x1800e5750)
WinReGetConfig (Address: 0x1800e5768)
WinReInstallOnTargetOS (Address: 0x1800e5740)
WinReIsWimBootEnabled (Address: 0x1800e5758)
WinReRestoreLogFiles (Address: 0x1800e5760)
WinReSetRecoveryAction (Address: 0x1800e5748)

RPCRT4.dll

I_RpcMapWin32Status (Address: 0x1800e5730)
RpcStringFreeW (Address: 0x1800e5718)
UuidCompare (Address: 0x1800e5710)
UuidCreate (Address: 0x1800e5728)
UuidToStringW (Address: 0x1800e5720)

SETUPAPI.dll

SetupDiDestroyDeviceInfoList (Address: 0x1800e5798)
SetupDiEnumDeviceInterfaces (Address: 0x1800e57a0)
SetupDiGetClassDevsW (Address: 0x1800e57a8)
SetupDiGetDeviceInterfaceDetailW (Address: 0x1800e5778)
SetupDiGetDeviceInterfacePropertyW (Address: 0x1800e5790)
SetupDiGetDevicePropertyW (Address: 0x1800e5788)
SetupDiOpenDeviceInfoW (Address: 0x1800e5780)

SHELL32.dll

ShellExecuteExW (Address: 0x1800e57b8)

SHLWAPI.dll

StrCmpIW (Address: 0x1800e57c8)

tbs.dll

Tbsi_Context_Create (Address: 0x1800e5f00)
Tbsi_GetDeviceInfo (Address: 0x1800e5ef8)
Tbsi_Physical_Presence_Command (Address: 0x1800e5ef0)
Tbsip_Context_Close (Address: 0x1800e5f08)

USER32.dll

CharUpperW (Address: 0x1800e57e0)
LoadStringW (Address: 0x1800e57d8)
UnregisterClassA (Address: 0x1800e57e8)

VERSION.dll

GetFileVersionInfoExW (Address: 0x1800e5808)
GetFileVersionInfoSizeExW (Address: 0x1800e5800)
VerQueryValueW (Address: 0x1800e57f8)

VirtDisk.dll

GetStorageDependencyInformation (Address: 0x1800e5830)

VSSAPI.DLL

CreateVssBackupComponentsInternal (Address: 0x1800e5818)
VssFreeSnapshotPropertiesInternal (Address: 0x1800e5820)

WDSCORE.dll

ConstructPartialMsgVA (Address: 0x1800e5870)
ConstructPartialMsgVW (Address: 0x1800e5848)
CurrentIP (Address: 0x1800e5840)
WdsGenericSetupLogInit (Address: 0x1800e5850)
WdsGetSetupLog (Address: 0x1800e5868)
WdsSetupLogDestroy (Address: 0x1800e5858)
WdsSetupLogMessageA (Address: 0x1800e5860)
WdsSetupLogMessageW (Address: 0x1800e5878)