sechost.dll
Description: Host for SCM/SDDL/LSA Lookup APIs
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.6328
Architecture: 64-bit
Operating System: Windows NT
SHA256: 54756c8bc96e3baf57ee58e4f73ca101
File Size: 627.6 KB
Uploaded At: Dec. 1, 2025, 7:38 a.m.
Views: 15
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: VirtualAllocEx
Exported Functions
- I_ScSetServiceBitsA (Ordinal: 1, Address: 0x47380)
- I_ScSetServiceBitsW (Ordinal: 2, Address: 0x1c9e0)
- AuditComputeEffectivePolicyBySid (Ordinal: 3, Address: 0x1bf80)
- AuditEnumerateCategories (Ordinal: 4, Address: 0x518e0)
- AuditEnumeratePerUserPolicy (Ordinal: 5, Address: 0x51a30)
- AuditEnumerateSubCategories (Ordinal: 6, Address: 0x51ac0)
- AuditFree (Ordinal: 7, Address: 0xea10)
- AuditLookupCategoryNameW (Ordinal: 8, Address: 0x51c30)
- AuditLookupSubCategoryNameW (Ordinal: 9, Address: 0x51db0)
- AuditQueryGlobalSaclW (Ordinal: 10, Address: 0x51f30)
- AuditQueryPerUserPolicy (Ordinal: 11, Address: 0x1a430)
- AuditQuerySecurity (Ordinal: 12, Address: 0x51fa0)
- AuditQuerySystemPolicy (Ordinal: 13, Address: 0x1a580)
- AuditSetGlobalSaclW (Ordinal: 14, Address: 0x52070)
- AuditSetPerUserPolicy (Ordinal: 15, Address: 0x520e0)
- AuditSetSecurity (Ordinal: 16, Address: 0x52190)
- AuditSetSystemPolicy (Ordinal: 17, Address: 0x522f0)
- BuildSecurityDescriptorForSharingAccess (Ordinal: 18, Address: 0x19850)
- BuildSecurityDescriptorForSharingAccessEx (Ordinal: 19, Address: 0x191c0)
- CapabilityCheck (Ordinal: 20, Address: 0xd710)
- CapabilityCheckForSingleSessionSku (Ordinal: 21, Address: 0x46c60)
- ChangeServiceConfig2A (Ordinal: 22, Address: 0x47530)
- ChangeServiceConfig2W (Ordinal: 23, Address: 0x1c950)
- ChangeServiceConfigA (Ordinal: 24, Address: 0x476e0)
- ChangeServiceConfigW (Ordinal: 25, Address: 0xe630)
- CloseServiceHandle (Ordinal: 26, Address: 0x84e0)
- CloseTrace (Ordinal: 27, Address: 0xbac0)
- ControlService (Ordinal: 28, Address: 0xe940)
- ControlServiceExA (Ordinal: 29, Address: 0x479c0)
- ControlServiceExW (Ordinal: 30, Address: 0xe370)
- ControlTraceA (Ordinal: 31, Address: 0x4d000)
- ControlTraceW (Ordinal: 32, Address: 0x9300)
- ConvertSDToStringSDRootDomainW (Ordinal: 33, Address: 0x2e3d0)
- ConvertSecurityDescriptorToStringSecurityDescriptorW (Ordinal: 34, Address: 0x11010)
- ConvertSidToStringSidW (Ordinal: 35, Address: 0xf0c0)
- ConvertStringSDToSDDomainA (Ordinal: 36, Address: 0x2e450)
- ConvertStringSDToSDDomainW (Ordinal: 37, Address: 0x2e590)
- ConvertStringSDToSDRootDomainW (Ordinal: 38, Address: 0x2e660)
- ConvertStringSecurityDescriptorToSecurityDescriptorW (Ordinal: 39, Address: 0x110b0)
- ConvertStringSidToSidW (Ordinal: 40, Address: 0x11ae0)
- CreateIsolatedProcess (Ordinal: 41, Address: 0x62e20)
- CreateIsolationContainer (Ordinal: 42, Address: 0x62eb0)
- CreateServiceA (Ordinal: 43, Address: 0x47b20)
- CreateServiceEx (Ordinal: 44, Address: 0x48280)
- CreateServiceW (Ordinal: 45, Address: 0x48780)
- CredBackupCredentials (Ordinal: 46, Address: 0x525f0)
- CredDeleteA (Ordinal: 47, Address: 0x52790)
- CredDeleteW (Ordinal: 48, Address: 0x52880)
- CredEncryptAndMarshalBinaryBlob (Ordinal: 49, Address: 0x53c30)
- CredEnumerateA (Ordinal: 50, Address: 0x52970)
- CredEnumerateW (Ordinal: 51, Address: 0xf200)
- CredFindBestCredentialA (Ordinal: 52, Address: 0x52ad0)
- CredFindBestCredentialW (Ordinal: 53, Address: 0x52c10)
- CredFree (Ordinal: 54, Address: 0xea10)
- CredGetSessionTypes (Ordinal: 55, Address: 0x52d50)
- CredGetTargetInfoA (Ordinal: 56, Address: 0x52de0)
- CredGetTargetInfoW (Ordinal: 57, Address: 0x52f20)
- CredIsMarshaledCredentialW (Ordinal: 58, Address: 0x53c60)
- CredIsProtectedA (Ordinal: 59, Address: 0x53ca0)
- CredIsProtectedW (Ordinal: 60, Address: 0x19a80)
- CredMarshalCredentialA (Ordinal: 61, Address: 0x53d40)
- CredMarshalCredentialW (Ordinal: 62, Address: 0x1b040)
- CredParseUserNameWithType (Ordinal: 63, Address: 0x19970)
- CredProfileLoaded (Ordinal: 64, Address: 0x53060)
- CredProfileLoadedEx (Ordinal: 65, Address: 0xf060)
- CredProfileUnloaded (Ordinal: 66, Address: 0x1a260)
- CredProtectA (Ordinal: 67, Address: 0x53db0)
- CredProtectEx (Ordinal: 68, Address: 0x1adb0)
- CredProtectW (Ordinal: 69, Address: 0x1ad90)
- CredReadA (Ordinal: 70, Address: 0x530e0)
- CredReadByTokenHandle (Ordinal: 71, Address: 0x53220)
- CredReadDomainCredentialsA (Ordinal: 72, Address: 0x53370)
- CredReadDomainCredentialsW (Ordinal: 73, Address: 0x534d0)
- CredReadW (Ordinal: 74, Address: 0x53640)
- CredRestoreCredentials (Ordinal: 75, Address: 0x53780)
- CredUnmarshalCredentialA (Ordinal: 76, Address: 0x53f30)
- CredUnmarshalCredentialW (Ordinal: 77, Address: 0x19b60)
- CredUnprotectA (Ordinal: 78, Address: 0x53fe0)
- CredUnprotectEx (Ordinal: 79, Address: 0x1b700)
- CredUnprotectW (Ordinal: 80, Address: 0x54180)
- CredWriteA (Ordinal: 81, Address: 0x53900)
- CredWriteDomainCredentialsA (Ordinal: 82, Address: 0x539e0)
- CredWriteDomainCredentialsW (Ordinal: 83, Address: 0x53b10)
- CredWriteW (Ordinal: 84, Address: 0xedb0)
- CredpConvertCredential (Ordinal: 85, Address: 0xee60)
- CredpConvertOneCredentialSize (Ordinal: 86, Address: 0x10a80)
- CredpConvertTargetInfo (Ordinal: 87, Address: 0x541a0)
- CredpDecodeCredential (Ordinal: 88, Address: 0x54400)
- CredpEncodeCredential (Ordinal: 89, Address: 0x54450)
- CredpEncodeSecret (Ordinal: 90, Address: 0x544d0)
- DeleteIsolationContainer (Ordinal: 91, Address: 0x62f10)
- DeleteService (Ordinal: 92, Address: 0x48c40)
- EnableTraceEx2 (Ordinal: 93, Address: 0x9990)
- EnumDependentServicesW (Ordinal: 94, Address: 0x1a300)
- EnumServicesStatusExW (Ordinal: 95, Address: 0x7e90)
- EnumerateIdentityProviders (Ordinal: 96, Address: 0xcad0)
- EnumerateTraceGuidsEx (Ordinal: 97, Address: 0xe820)
- EtwQueryRealtimeConsumer (Ordinal: 98, Address: 0x4c750)
- EventAccessControl (Ordinal: 99, Address: 0x4d670)
- EventAccessQuery (Ordinal: 100, Address: 0x4d6c0)
- EventAccessRemove (Ordinal: 101, Address: 0x4d910)
- FreeContainer (Ordinal: 102, Address: 0x55000)
- FreeTransientObjectSecurityDescriptor (Ordinal: 103, Address: 0x18480)
- GetDefaultIdentityProvider (Ordinal: 104, Address: 0x1be00)
- GetEmbeddedContainerIsolationPolicy (Ordinal: 105, Address: 0x55050)
- GetEmbeddedImageMitigationPolicy (Ordinal: 106, Address: 0xd890)
- GetIdentityProviderInfoByGUID (Ordinal: 107, Address: 0x1bc70)
- GetIdentityProviderInfoByName (Ordinal: 108, Address: 0x2b9e0)
- GetServiceDirectory (Ordinal: 109, Address: 0xe230)
- GetServiceDisplayNameW (Ordinal: 110, Address: 0x19e20)
- GetServiceKeyNameW (Ordinal: 111, Address: 0x19ee0)
- GetServiceProcessToken (Ordinal: 112, Address: 0x48cc0)
- GetServiceRegistryStateKey (Ordinal: 113, Address: 0xe7b0)
- I_QueryTagInformation (Ordinal: 114, Address: 0x7520)
- I_RegisterSvchostNotificationCallback (Ordinal: 115, Address: 0xe920)
- I_ScBroadcastServiceControlMessage (Ordinal: 116, Address: 0x1bd40)
- I_ScIsSecurityProcess (Ordinal: 117, Address: 0x1caa0)
- I_ScPnPGetServiceName (Ordinal: 118, Address: 0xac00)
- I_ScQueryServiceConfig (Ordinal: 119, Address: 0x7400)
- I_ScRegisterDeviceNotification (Ordinal: 120, Address: 0xbae0)
- I_ScRegisterPreshutdownRestart (Ordinal: 121, Address: 0x48d50)
- I_ScReparseServiceDatabase (Ordinal: 122, Address: 0x48e20)
- I_ScRpcBindA (Ordinal: 123, Address: 0x4a920)
- I_ScRpcBindW (Ordinal: 124, Address: 0x1bf10)
- I_ScSendPnPMessage (Ordinal: 125, Address: 0x7790)
- I_ScSendTSMessage (Ordinal: 126, Address: 0x1bd40)
- I_ScUnregisterDeviceNotification (Ordinal: 127, Address: 0xe580)
- I_ScValidatePnPService (Ordinal: 128, Address: 0xac50)
- LocalGetConditionForString (Ordinal: 129, Address: 0x10360)
- LocalGetReferencedTokenTypesForCondition (Ordinal: 130, Address: 0x2ff00)
- LocalGetStringForCondition (Ordinal: 131, Address: 0x30d80)
- LocalRpcBindingCreateWithSecurity (Ordinal: 132, Address: 0x46e70)
- LocalRpcBindingSetAuthInfoEx (Ordinal: 133, Address: 0x47020)
- LookupAccountNameLocalA (Ordinal: 134, Address: 0x2bae0)
- LookupAccountNameLocalW (Ordinal: 135, Address: 0x14f10)
- LookupAccountSidLocalA (Ordinal: 136, Address: 0x2bc60)
- LookupAccountSidLocalW (Ordinal: 137, Address: 0x153a0)
- LsaAddAccountRights (Ordinal: 138, Address: 0x4fd80)
- LsaClose (Ordinal: 139, Address: 0xfc60)
- LsaCreateSecret (Ordinal: 140, Address: 0x50900)
- LsaDelete (Ordinal: 141, Address: 0x4ffb0)
- LsaEnumerateAccountRights (Ordinal: 142, Address: 0x1a4c0)
- LsaEnumerateAccountsWithUserRight (Ordinal: 143, Address: 0x4fe20)
- LsaFreeMemory (Ordinal: 144, Address: 0xd870)
- LsaICLookupNames (Ordinal: 145, Address: 0xf3b0)
- LsaICLookupNamesWithCreds (Ordinal: 146, Address: 0x50050)
- LsaICLookupSids (Ordinal: 147, Address: 0xfa20)
- LsaICLookupSidsWithCreds (Ordinal: 148, Address: 0x50260)
- LsaLookupClose (Ordinal: 149, Address: 0x158b0)
- LsaLookupFreeMemory (Ordinal: 150, Address: 0xd870)
- LsaLookupGetDomainInfo (Ordinal: 151, Address: 0x14e70)
- LsaLookupManageSidNameMapping (Ordinal: 152, Address: 0xe120)
- LsaLookupNames2 (Ordinal: 153, Address: 0xf340)
- LsaLookupOpenLocalPolicy (Ordinal: 154, Address: 0x15920)
- LsaLookupSids (Ordinal: 155, Address: 0xf870)
- LsaLookupSids2 (Ordinal: 156, Address: 0x504b0)
- LsaLookupTranslateNames (Ordinal: 157, Address: 0x1c140)
- LsaLookupTranslateSids (Ordinal: 158, Address: 0xd940)
- LsaLookupUserAccountType (Ordinal: 159, Address: 0xdaa0)
- LsaOpenPolicy (Ordinal: 160, Address: 0xea30)
- LsaOpenSecret (Ordinal: 161, Address: 0x50a90)
- LsaQueryInformationPolicy (Ordinal: 162, Address: 0xf730)
- LsaQuerySecret (Ordinal: 163, Address: 0x50c20)
- LsaRemoveAccountRights (Ordinal: 164, Address: 0x4ff00)
- LsaRetrievePrivateData (Ordinal: 165, Address: 0x1a600)
- LsaSetInformationPolicy (Ordinal: 166, Address: 0x504c0)
- LsaSetSecret (Ordinal: 167, Address: 0x510d0)
- LsaStorePrivateData (Ordinal: 168, Address: 0x51330)
- NotifyServiceStatusChange (Ordinal: 169, Address: 0x6af0)
- NotifyServiceStatusChangeA (Ordinal: 170, Address: 0x1a240)
- NotifyServiceStatusChangeW (Ordinal: 171, Address: 0x6af0)
- OpenSCManagerA (Ordinal: 172, Address: 0x8230)
- OpenSCManagerW (Ordinal: 173, Address: 0x83e0)
- OpenServiceA (Ordinal: 174, Address: 0x1a170)
- OpenServiceW (Ordinal: 175, Address: 0x8360)
- OpenTraceW (Ordinal: 176, Address: 0xb090)
- ProcessTrace (Ordinal: 177, Address: 0xb760)
- QueryAllTracesA (Ordinal: 178, Address: 0x4db30)
- QueryAllTracesW (Ordinal: 179, Address: 0x13f0)
- QueryLocalUserServiceName (Ordinal: 180, Address: 0x48ee0)
- QueryServiceConfig2A (Ordinal: 181, Address: 0x49260)
- QueryServiceConfig2W (Ordinal: 182, Address: 0x78d0)
- QueryServiceConfigA (Ordinal: 183, Address: 0x496d0)
- QueryServiceConfigW (Ordinal: 184, Address: 0x8110)
- QueryServiceDynamicInformation (Ordinal: 185, Address: 0x49d00)
- QueryServiceObjectSecurity (Ordinal: 186, Address: 0x49860)
- QueryServiceStatus (Ordinal: 187, Address: 0x7bb0)
- QueryServiceStatusEx (Ordinal: 188, Address: 0x82c0)
- QueryTraceProcessingHandle (Ordinal: 189, Address: 0x4c7d0)
- QueryTransientObjectSecurityDescriptor (Ordinal: 190, Address: 0x181d0)
- QueryUserServiceName (Ordinal: 191, Address: 0x7d10)
- QueryUserServiceNameForContext (Ordinal: 192, Address: 0x49940)
- RegisterServiceCtrlHandlerA (Ordinal: 193, Address: 0x49da0)
- RegisterServiceCtrlHandlerExA (Ordinal: 194, Address: 0x1a030)
- RegisterServiceCtrlHandlerExW (Ordinal: 195, Address: 0x5570)
- RegisterServiceCtrlHandlerW (Ordinal: 196, Address: 0xe9f0)
- RegisterTraceGuidsA (Ordinal: 197, Address: 0x8d949)
- ReleaseIdentityProviderEnumContext (Ordinal: 198, Address: 0xd4d0)
- RemoveTraceCallback (Ordinal: 199, Address: 0x4c9f0)
- RpcClientCapabilityCheck (Ordinal: 200, Address: 0xd630)
- SetLocalRpcServerInterfaceSecurity (Ordinal: 201, Address: 0x47130)
- SetLocalRpcServerProtseqSecurity (Ordinal: 202, Address: 0x47210)
- SetServiceObjectSecurity (Ordinal: 203, Address: 0x1c840)
- SetServiceStatus (Ordinal: 204, Address: 0x7c10)
- SetTraceCallback (Ordinal: 205, Address: 0x4cae0)
- StartServiceA (Ordinal: 206, Address: 0x1a1e0)
- StartServiceCtrlDispatcherA (Ordinal: 207, Address: 0x49e10)
- StartServiceCtrlDispatcherW (Ordinal: 208, Address: 0x5ae0)
- StartServiceW (Ordinal: 209, Address: 0x5500)
- StartTraceA (Ordinal: 210, Address: 0x4db40)
- StartTraceW (Ordinal: 211, Address: 0xa430)
- StopTraceW (Ordinal: 212, Address: 0x1bef0)
- SubscribeServiceChangeNotifications (Ordinal: 213, Address: 0xe020)
- TraceQueryInformation (Ordinal: 214, Address: 0x4e070)
- TraceSetInformation (Ordinal: 215, Address: 0x4e420)
- UnsubscribeServiceChangeNotifications (Ordinal: 216, Address: 0xe9b0)
- WaitServiceState (Ordinal: 217, Address: 0xdcb0)
Imported DLLs & Functions
api-ms-win-core-apiquery-l1-1-0.dll
- ApiSetQueryApiSetPresence (Address: 0x1800747b8)
api-ms-win-core-crt-l1-1-0.dll
- _errno (Address: 0x180074810)
- _i64tow_s (Address: 0x180074820)
- _stricmp (Address: 0x180074848)
- _ui64tow_s (Address: 0x180074818)
- _ultow (Address: 0x180074800)
- _ultow_s (Address: 0x1800747e0)
- _vsnwprintf_s (Address: 0x1800748e0)
- _wcsicmp (Address: 0x1800747f0)
- _wcsnicmp (Address: 0x180074898)
- _wcstoi64 (Address: 0x1800747f8)
- _wcstoui64 (Address: 0x1800748d0)
- iswctype (Address: 0x1800747d8)
- memcmp (Address: 0x1800748a8)
- memcpy (Address: 0x1800748b0)
- memcpy_s (Address: 0x180074880)
- memmove (Address: 0x1800748b8)
- memmove_s (Address: 0x180074890)
- memset (Address: 0x1800748c0)
- qsort_s (Address: 0x180074838)
- strchr (Address: 0x180074850)
- strnlen (Address: 0x180074870)
- strrchr (Address: 0x180074858)
- strstr (Address: 0x180074860)
- swprintf_s (Address: 0x1800747c8)
- towlower (Address: 0x180074888)
- wcscat_s (Address: 0x1800748a0)
- wcschr (Address: 0x1800748d8)
- wcscmp (Address: 0x1800748c8)
- wcscpy_s (Address: 0x1800747e8)
- wcsncmp (Address: 0x180074878)
- wcsncpy_s (Address: 0x180074828)
- wcsnlen (Address: 0x180074840)
- wcsrchr (Address: 0x180074868)
- wcsstr (Address: 0x180074830)
- wcstok_s (Address: 0x180074808)
- wcstoul (Address: 0x1800747d0)
api-ms-win-core-crt-l2-1-0.dll
- __dllonexit3 (Address: 0x180074900)
- _initterm (Address: 0x1800748f8)
- _initterm_e (Address: 0x1800748f0)
- _onexit (Address: 0x180074910)
- _purecall (Address: 0x180074908)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x180074930)
- IsDebuggerPresent (Address: 0x180074920)
- OutputDebugStringW (Address: 0x180074928)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x180074940)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x180074950)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x180074968)
- RaiseException (Address: 0x180074970)
- SetLastError (Address: 0x180074960)
api-ms-win-core-file-l1-1-0.dll
- CreateFileW (Address: 0x180074988)
- GetDiskFreeSpaceExW (Address: 0x180074998)
- GetFileAttributesExW (Address: 0x1800749a0)
- GetFullPathNameA (Address: 0x1800749a8)
- GetFullPathNameW (Address: 0x180074990)
- ReadFile (Address: 0x180074980)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x1800749b8)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x1800749d0)
- HeapAlloc (Address: 0x1800749c8)
- HeapFree (Address: 0x1800749d8)
- HeapReAlloc (Address: 0x1800749e0)
api-ms-win-core-heap-l2-1-0.dll
- LocalAlloc (Address: 0x1800749f0)
- LocalFree (Address: 0x1800749f8)
- LocalReAlloc (Address: 0x180074a00)
api-ms-win-core-io-l1-1-0.dll
- DeviceIoControl (Address: 0x180074a18)
- GetOverlappedResult (Address: 0x180074a10)
api-ms-win-core-libraryloader-l1-2-0.dll
- DisableThreadLibraryCalls (Address: 0x180074a48)
- FreeLibrary (Address: 0x180074a60)
- GetModuleFileNameA (Address: 0x180074a38)
- GetModuleFileNameW (Address: 0x180074a28)
- GetModuleHandleExW (Address: 0x180074a58)
- GetModuleHandleW (Address: 0x180074a50)
- GetProcAddress (Address: 0x180074a30)
- LoadLibraryExW (Address: 0x180074a40)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x180074a70)
api-ms-win-core-memory-l1-1-0.dll
- VirtualAllocEx (Address: 0x180074a90)
- VirtualFree (Address: 0x180074a88)
- VirtualFreeEx (Address: 0x180074a80)
api-ms-win-core-processthreads-l1-1-0.dll
- CreateProcessAsUserW (Address: 0x180074b18)
- CreateProcessW (Address: 0x180074b08)
- CreateThread (Address: 0x180074b30)
- GetCurrentProcess (Address: 0x180074aa0)
- GetCurrentProcessId (Address: 0x180074b38)
- GetCurrentThread (Address: 0x180074ac8)
- GetCurrentThreadId (Address: 0x180074ab8)
- GetProcessTimes (Address: 0x180074ae0)
- GetThreadPriority (Address: 0x180074b28)
- InitializeProcThreadAttributeList (Address: 0x180074b20)
- OpenProcessToken (Address: 0x180074ad0)
- OpenThread (Address: 0x180074ae8)
- OpenThreadToken (Address: 0x180074ad8)
- ResumeThread (Address: 0x180074af8)
- SetThreadPriority (Address: 0x180074af0)
- TerminateThread (Address: 0x180074b00)
- TlsAlloc (Address: 0x180074ab0)
- TlsGetValue (Address: 0x180074ac0)
- TlsSetValue (Address: 0x180074aa8)
- UpdateProcThreadAttribute (Address: 0x180074b10)
api-ms-win-core-processthreads-l1-1-1.dll
- GetProcessMitigationPolicy (Address: 0x180074b48)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x180074b90)
- RegDeleteValueW (Address: 0x180074b70)
- RegEnumKeyExW (Address: 0x180074b98)
- RegNotifyChangeKeyValue (Address: 0x180074b88)
- RegOpenKeyExA (Address: 0x180074b68)
- RegOpenKeyExW (Address: 0x180074b80)
- RegQueryValueExA (Address: 0x180074b60)
- RegQueryValueExW (Address: 0x180074b58)
- RegSetValueExW (Address: 0x180074b78)
api-ms-win-core-rtlsupport-l1-1-0.dll
- RtlCompareMemory (Address: 0x180074ba8)
api-ms-win-core-string-l1-1-0.dll
- CompareStringOrdinal (Address: 0x180074bb8)
- CompareStringW (Address: 0x180074bc0)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x180074bd8)
- AcquireSRWLockShared (Address: 0x180074c28)
- CreateEventA (Address: 0x180074c50)
- CreateEventExW (Address: 0x180074c30)
- CreateEventW (Address: 0x180074c10)
- CreateMutexExW (Address: 0x180074c08)
- CreateSemaphoreExW (Address: 0x180074bf0)
- EnterCriticalSection (Address: 0x180074c38)
- InitializeSRWLock (Address: 0x180074c20)
- LeaveCriticalSection (Address: 0x180074c40)
- OpenEventW (Address: 0x180074c48)
- OpenSemaphoreW (Address: 0x180074c00)
- ReleaseMutex (Address: 0x180074c60)
- ReleaseSemaphore (Address: 0x180074bf8)
- ReleaseSRWLockExclusive (Address: 0x180074be0)
- ReleaseSRWLockShared (Address: 0x180074c70)
- ResetEvent (Address: 0x180074be8)
- SetEvent (Address: 0x180074bd0)
- SleepEx (Address: 0x180074c78)
- WaitForMultipleObjectsEx (Address: 0x180074c58)
- WaitForSingleObject (Address: 0x180074c18)
- WaitForSingleObjectEx (Address: 0x180074c68)
api-ms-win-core-synch-l1-2-0.dll
- Sleep (Address: 0x180074c88)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetComputerNameExW (Address: 0x180074ca0)
- GetSystemDirectoryW (Address: 0x180074c98)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpoolWork (Address: 0x180074cb8)
- CreateThreadpoolWork (Address: 0x180074cc0)
- SubmitThreadpoolWork (Address: 0x180074cb0)
api-ms-win-core-util-l1-1-0.dll
- DecodePointer (Address: 0x180074cd8)
- EncodePointer (Address: 0x180074cd0)
api-ms-win-core-wow64-l1-1-1.dll
- IsWow64Process2 (Address: 0x180074ce8)
api-ms-win-eventing-provider-l1-1-0.dll
- EventRegister (Address: 0x180074d10)
- EventSetInformation (Address: 0x180074d08)
- EventUnregister (Address: 0x180074cf8)
- EventWriteTransfer (Address: 0x180074d00)
api-ms-win-security-base-l1-1-0.dll
- AddAccessAllowedAce (Address: 0x180074d60)
- AddAccessDeniedAce (Address: 0x180074d30)
- AdjustTokenGroups (Address: 0x180074d20)
- AdjustTokenPrivileges (Address: 0x180074d68)
- AllocateAndInitializeSid (Address: 0x180074db0)
- CreateRestrictedToken (Address: 0x180074d40)
- EqualDomainSid (Address: 0x180074d70)
- EqualSid (Address: 0x180074d28)
- FreeSid (Address: 0x180074db8)
- GetAclInformation (Address: 0x180074dc8)
- GetLengthSid (Address: 0x180074d98)
- GetSecurityDescriptorDacl (Address: 0x180074d90)
- GetSecurityDescriptorSacl (Address: 0x180074d50)
- GetSidSubAuthority (Address: 0x180074d80)
- GetSidSubAuthorityCount (Address: 0x180074d78)
- GetTokenInformation (Address: 0x180074d58)
- InitializeSecurityDescriptor (Address: 0x180074da8)
- IsValidSecurityDescriptor (Address: 0x180074d48)
- IsValidSid (Address: 0x180074d38)
- SetKernelObjectSecurity (Address: 0x180074dc0)
- SetSecurityDescriptorDacl (Address: 0x180074da0)
- SetSecurityDescriptorSacl (Address: 0x180074d88)
bcrypt.dll
- BCryptCloseAlgorithmProvider (Address: 0x180074e20)
- BCryptCreateHash (Address: 0x180074e00)
- BCryptDecrypt (Address: 0x180074df0)
- BCryptDestroyHash (Address: 0x180074e18)
- BCryptDestroyKey (Address: 0x180074de0)
- BCryptEncrypt (Address: 0x180074e38)
- BCryptFinishHash (Address: 0x180074e28)
- BCryptGenerateSymmetricKey (Address: 0x180074df8)
- BCryptGenRandom (Address: 0x180074dd8)
- BCryptGetProperty (Address: 0x180074de8)
- BCryptHashData (Address: 0x180074e10)
- BCryptOpenAlgorithmProvider (Address: 0x180074e30)
- BCryptSetProperty (Address: 0x180074e08)
ntdll.dll
- __C_specific_handler (Address: 0x1800751f0)
- _vsnwprintf (Address: 0x180075140)
- DbgPrintEx (Address: 0x180074fb0)
- EtwDeliverDataBlock (Address: 0x180075070)
- EtwEnumerateProcessRegGuids (Address: 0x180075080)
- EtwpGetCpuSpeed (Address: 0x1800750b0)
- EtwProcessPrivateLoggerRequest (Address: 0x180075100)
- EtwSendNotification (Address: 0x180075078)
- LdrQueryModuleServiceTags (Address: 0x180074fc8)
- LdrResSearchResource (Address: 0x180075128)
- NtCancelIoFile (Address: 0x180075040)
- NtClose (Address: 0x1800751c0)
- NtOpenKey (Address: 0x180074f60)
- NtOpenProcessToken (Address: 0x1800751d0)
- NtOpenProcessTokenEx (Address: 0x180074f20)
- NtOpenThreadToken (Address: 0x1800751b8)
- NtQueryInformationFile (Address: 0x180075038)
- NtQueryInformationThread (Address: 0x180074fd0)
- NtQueryInformationToken (Address: 0x1800751c8)
- NtQueryIntervalProfile (Address: 0x1800750a0)
- NtQueryPerformanceCounter (Address: 0x1800750d8)
- NtQuerySystemInformation (Address: 0x180075098)
- NtQueryValueKey (Address: 0x180074f70)
- NtQueueApcThread (Address: 0x180075018)
- NtSetEvent (Address: 0x180075108)
- NtSetInformationThread (Address: 0x180074fb8)
- NtSetIntervalProfile (Address: 0x180075090)
- NtSetSystemInformation (Address: 0x180075088)
- NtTerminateProcess (Address: 0x180075160)
- NtTraceControl (Address: 0x180075048)
- NtWaitForMultipleObjects (Address: 0x1800750c0)
- RtlAbsoluteToSelfRelativeSD (Address: 0x180074ec8)
- RtlAcquireSRWLockExclusive (Address: 0x180074fe8)
- RtlAcquireSRWLockShared (Address: 0x180074ff0)
- RtlAddAccessAllowedAce (Address: 0x180074f38)
- RtlAddAccessAllowedAceEx (Address: 0x180074ea0)
- RtlAddAccessAllowedObjectAce (Address: 0x180074ee0)
- RtlAddAccessDeniedAceEx (Address: 0x180074ed8)
- RtlAddAccessDeniedObjectAce (Address: 0x180075230)
- RtlAddAce (Address: 0x180074eb8)
- RtlAddAuditAccessAceEx (Address: 0x180074e90)
- RtlAddAuditAccessObjectAce (Address: 0x180074e60)
- RtlAddMandatoryAce (Address: 0x180074f40)
- RtlAllocateAndInitializeSid (Address: 0x180075130)
- RtlAllocateHeap (Address: 0x180074f50)
- RtlAnsiStringToUnicodeString (Address: 0x180075168)
- RtlCapabilityCheck (Address: 0x180074f90)
- RtlCapabilityCheckForSingleSessionSku (Address: 0x180074f78)
- RtlCaptureContext (Address: 0x180075158)
- RtlCheckTokenCapability (Address: 0x180074f98)
- RtlCheckTokenMembership (Address: 0x180074f80)
- RtlCheckTokenMembershipEx (Address: 0x180074f88)
- RtlCompareUnicodeString (Address: 0x1800751a8)
- RtlConvertSidToUnicodeString (Address: 0x180074e80)
- RtlCopySecurityDescriptor (Address: 0x180074f58)
- RtlCopySid (Address: 0x1800751e8)
- RtlCopyUnicodeString (Address: 0x180075228)
- RtlCreateAcl (Address: 0x180074f48)
- RtlCreateSecurityDescriptor (Address: 0x180074f00)
- RtlCreateServiceSid (Address: 0x180074fc0)
- RtlDecompressBufferEx (Address: 0x1800750f0)
- RtlDeleteCriticalSection (Address: 0x180074f10)
- RtlDeriveCapabilitySidsFromName (Address: 0x180075138)
- RtlDllShutdownInProgress (Address: 0x1800751f8)
- RtlEqualPrefixSid (Address: 0x1800751a0)
- RtlEqualSid (Address: 0x180075190)
- RtlEqualUnicodeString (Address: 0x180075198)
- RtlFirstFreeAce (Address: 0x180074ef0)
- RtlFreeAnsiString (Address: 0x180075050)
- RtlFreeHeap (Address: 0x180074f68)
- RtlFreeUnicodeString (Address: 0x180074ee8)
- RtlGetAce (Address: 0x180074e88)
- RtlGetCompressionWorkSpaceSize (Address: 0x1800750e8)
- RtlGetControlSecurityDescriptor (Address: 0x180074e58)
- RtlGetCurrentServiceSessionId (Address: 0x1800750f8)
- RtlGetDaclSecurityDescriptor (Address: 0x180074f08)
- RtlGetGroupSecurityDescriptor (Address: 0x180074ec0)
- RtlGetNativeSystemInformation (Address: 0x1800750c8)
- RtlGetNtProductType (Address: 0x180075110)
- RtlGetOwnerSecurityDescriptor (Address: 0x180074ea8)
- RtlGetPersistedStateLocation (Address: 0x180075058)
- RtlGetSaclSecurityDescriptor (Address: 0x180074e78)
- RtlGUIDFromString (Address: 0x180075178)
- RtlInitAnsiString (Address: 0x180075208)
- RtlInitializeBitMap (Address: 0x1800750d0)
- RtlInitializeCriticalSectionEx (Address: 0x180074f18)
- RtlInitializeSid (Address: 0x180074e50)
- RtlInitializeSRWLock (Address: 0x180074fd8)
- RtlInitUnicodeString (Address: 0x180075170)
- RtlInitUnicodeStringEx (Address: 0x180075120)
- RtlInterlockedClearBitRun (Address: 0x1800750e0)
- RtlLengthRequiredSid (Address: 0x180074f30)
- RtlLengthSecurityDescriptor (Address: 0x180074f28)
- RtlLengthSid (Address: 0x180075218)
- RtlLookupFunctionEntry (Address: 0x180075150)
- RtlMakeSelfRelativeSD (Address: 0x180074fa0)
- RtlMultiByteToUnicodeN (Address: 0x180074ed0)
- RtlNtStatusToDosError (Address: 0x1800751d8)
- RtlNtStatusToDosErrorNoTeb (Address: 0x180075200)
- RtlQueryPerformanceFrequency (Address: 0x1800750b8)
- RtlQueryRegistryValueWithFallback (Address: 0x180075060)
- RtlQueryTimeZoneInformation (Address: 0x1800750a8)
- RtlQueryWnfStateData (Address: 0x180075020)
- RtlReleaseSRWLockExclusive (Address: 0x180074fe0)
- RtlReleaseSRWLockShared (Address: 0x180074ff8)
- RtlRunOnceExecuteOnce (Address: 0x180075220)
- RtlSetDaclSecurityDescriptor (Address: 0x180074e70)
- RtlSetGroupSecurityDescriptor (Address: 0x180074ef8)
- RtlSetLastWin32Error (Address: 0x180075030)
- RtlSetOwnerSecurityDescriptor (Address: 0x180074e48)
- RtlSetSaclSecurityDescriptor (Address: 0x180075000)
- RtlSetThreadSubProcessTag (Address: 0x180074fa8)
- RtlSubAuthorityCountSid (Address: 0x180074eb0)
- RtlSubAuthoritySid (Address: 0x180074e68)
- RtlSubscribeWnfStateChangeNotification (Address: 0x180075010)
- RtlUnhandledExceptionFilter (Address: 0x180075180)
- RtlUnicodeStringToAnsiString (Address: 0x180075210)
- RtlUnicodeToMultiByteSize (Address: 0x1800751e0)
- RtlUnsubscribeWnfNotificationWaitForCompletion (Address: 0x180075028)
- RtlUnsubscribeWnfStateChangeNotification (Address: 0x180075008)
- RtlValidAcl (Address: 0x180075188)
- RtlValidRelativeSecurityDescriptor (Address: 0x180075068)
- RtlValidSid (Address: 0x1800751b0)
- RtlVirtualUnwind (Address: 0x180075148)
- RtlxAnsiStringToUnicodeSize (Address: 0x180074e98)
- RtlxUnicodeStringToAnsiSize (Address: 0x180075118)
RPCRT4.dll
- I_RpcExceptionFilter (Address: 0x180074798)
- I_RpcMapWin32Status (Address: 0x1800747a0)
- NdrAsyncClientCall (Address: 0x1800746a8)
- NdrClientCall2 (Address: 0x1800746b0)
- NdrClientCall3 (Address: 0x180074790)
- RpcAsyncCancelCall (Address: 0x1800746d8)
- RpcAsyncCompleteCall (Address: 0x1800746e0)
- RpcAsyncInitializeHandle (Address: 0x180074710)
- RpcBindingBind (Address: 0x180074750)
- RpcBindingCreateW (Address: 0x180074758)
- RpcBindingFree (Address: 0x180074770)
- RpcBindingFromStringBindingW (Address: 0x180074788)
- RpcBindingServerFromClient (Address: 0x1800746f8)
- RpcBindingSetAuthInfoExW (Address: 0x180074738)
- RpcBindingSetAuthInfoW (Address: 0x1800746a0)
- RpcBindingSetOption (Address: 0x180074720)
- RpcBindingToStringBindingW (Address: 0x180074708)
- RpcImpersonateClient (Address: 0x180074728)
- RpcRevertToSelf (Address: 0x180074718)
- RpcRevertToSelfEx (Address: 0x180074730)
- RpcServerInqCallAttributesA (Address: 0x1800746f0)
- RpcServerRegisterIf3 (Address: 0x180074740)
- RpcServerUseProtseqW (Address: 0x180074748)
- RpcSmDestroyClientContext (Address: 0x1800746c0)
- RpcSsDestroyClientContext (Address: 0x1800747a8)
- RpcSsGetContextBinding (Address: 0x1800746e8)
- RpcStringBindingComposeW (Address: 0x180074780)
- RpcStringBindingParseW (Address: 0x180074700)
- RpcStringFreeW (Address: 0x180074778)
- UuidCreate (Address: 0x1800746b8)
- UuidEqual (Address: 0x1800746d0)
- UuidFromStringW (Address: 0x180074768)
- UuidIsNil (Address: 0x1800746c8)
- UuidToStringW (Address: 0x180074760)