SessEnv.dll

Description: Remote Desktop Configuration service

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.6456

Architecture: 64-bit

Operating System: Windows NT

SHA256: 4f3a0ac47a7982c6ab0ae7edc0607dfd

File Size: 530.5 KB

Uploaded At: Dec. 1, 2025, 7:38 a.m.

Views: 4

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • ServiceMain (Ordinal: 1, Address: 0x8d50)
  • SvchostPushServiceGlobals (Ordinal: 2, Address: 0xba40)

Imported DLLs & Functions

api-ms-win-core-apiquery-l1-1-0.dll
  • ApiSetQueryApiSetPresence (Address: 0x18005eb90)
api-ms-win-core-com-l1-1-0.dll
  • CoCreateGuid (Address: 0x18005ebc8)
  • CoCreateInstance (Address: 0x18005ebc0)
  • CoCreateInstanceEx (Address: 0x18005eba8)
  • CoInitializeEx (Address: 0x18005ebd0)
  • CoSetProxyBlanket (Address: 0x18005ebe0)
  • CoTaskMemAlloc (Address: 0x18005ebb0)
  • CoTaskMemFree (Address: 0x18005ebe8)
  • CoUninitialize (Address: 0x18005eba0)
  • CoWaitForMultipleHandles (Address: 0x18005ebd8)
  • StringFromCLSID (Address: 0x18005ebb8)
api-ms-win-core-debug-l1-1-0.dll
  • DebugBreak (Address: 0x18005ebf8)
  • IsDebuggerPresent (Address: 0x18005ec08)
  • OutputDebugStringA (Address: 0x18005ec10)
  • OutputDebugStringW (Address: 0x18005ec00)
api-ms-win-core-delayload-l1-1-0.dll
  • DelayLoadFailureHook (Address: 0x18005ec20)
api-ms-win-core-delayload-l1-1-1.dll
  • ResolveDelayLoadedAPI (Address: 0x18005ec30)
api-ms-win-core-errorhandling-l1-1-0.dll
  • GetLastError (Address: 0x18005ec48)
  • SetLastError (Address: 0x18005ec40)
  • SetUnhandledExceptionFilter (Address: 0x18005ec50)
  • UnhandledExceptionFilter (Address: 0x18005ec58)
api-ms-win-core-file-l1-1-0.dll
  • CompareFileTime (Address: 0x18005ecf0)
  • CreateDirectoryW (Address: 0x18005ecf8)
  • CreateFileW (Address: 0x18005ec90)
  • DeleteFileW (Address: 0x18005ecc8)
  • DeleteVolumeMountPointW (Address: 0x18005ec88)
  • FileTimeToLocalFileTime (Address: 0x18005ece0)
  • FindClose (Address: 0x18005ecb0)
  • FindFirstFileW (Address: 0x18005ecd0)
  • FindFirstVolumeW (Address: 0x18005ecb8)
  • FindNextFileW (Address: 0x18005ecd8)
  • FindNextVolumeW (Address: 0x18005ec98)
  • FindVolumeClose (Address: 0x18005ed00)
  • GetFileAttributesW (Address: 0x18005ec68)
  • GetFileSizeEx (Address: 0x18005ec70)
  • GetFileTime (Address: 0x18005eca0)
  • ReadFile (Address: 0x18005ec78)
  • RemoveDirectoryW (Address: 0x18005ecc0)
  • SetFileAttributesW (Address: 0x18005ec80)
  • SetFilePointer (Address: 0x18005ece8)
  • WriteFile (Address: 0x18005eca8)
api-ms-win-core-file-l1-2-0.dll
  • GetTempPathW (Address: 0x18005ed10)
  • GetVolumeNameForVolumeMountPointW (Address: 0x18005ed18)
  • GetVolumePathNamesForVolumeNameW (Address: 0x18005ed20)
api-ms-win-core-file-l2-1-0.dll
  • CopyFileExW (Address: 0x18005ed40)
  • CreateSymbolicLinkW (Address: 0x18005ed48)
  • GetFileInformationByHandleEx (Address: 0x18005ed38)
  • MoveFileWithProgressW (Address: 0x18005ed30)
api-ms-win-core-handle-l1-1-0.dll
  • CloseHandle (Address: 0x18005ed58)
  • DuplicateHandle (Address: 0x18005ed60)
api-ms-win-core-heap-l1-1-0.dll
  • GetProcessHeap (Address: 0x18005ed78)
  • HeapAlloc (Address: 0x18005ed70)
  • HeapFree (Address: 0x18005ed80)
  • HeapReAlloc (Address: 0x18005ed88)
api-ms-win-core-heap-l2-1-0.dll
  • LocalAlloc (Address: 0x18005ed98)
  • LocalFree (Address: 0x18005eda0)
api-ms-win-core-heap-obsolete-l1-1-0.dll
  • LocalSize (Address: 0x18005edb0)
api-ms-win-core-io-l1-1-0.dll
  • DeviceIoControl (Address: 0x18005edc0)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
  • GetComputerNameW (Address: 0x18005ede0)
  • MoveFileW (Address: 0x18005edd8)
  • WTSGetActiveConsoleSessionId (Address: 0x18005edd0)
api-ms-win-core-kernel32-legacy-l1-1-1.dll
  • SetVolumeMountPointW (Address: 0x18005edf8)
  • VerifyVersionInfoW (Address: 0x18005edf0)
api-ms-win-core-libraryloader-l1-2-0.dll
  • DisableThreadLibraryCalls (Address: 0x18005ee28)
  • FreeLibrary (Address: 0x18005ee08)
  • GetModuleFileNameA (Address: 0x18005ee48)
  • GetModuleFileNameW (Address: 0x18005ee38)
  • GetModuleHandleExW (Address: 0x18005ee18)
  • GetModuleHandleW (Address: 0x18005ee30)
  • GetProcAddress (Address: 0x18005ee20)
  • LoadLibraryExW (Address: 0x18005ee40)
  • LoadStringW (Address: 0x18005ee10)
api-ms-win-core-libraryloader-l1-2-1.dll
  • LoadLibraryW (Address: 0x18005ee58)
api-ms-win-core-localization-l1-2-0.dll
  • FormatMessageW (Address: 0x18005ee68)
api-ms-win-core-path-l1-1-0.dll
  • PathCchCombine (Address: 0x18005ee78)
api-ms-win-core-processenvironment-l1-1-0.dll
  • ExpandEnvironmentStringsW (Address: 0x18005ee88)
api-ms-win-core-processthreads-l1-1-0.dll
  • CreateProcessAsUserW (Address: 0x18005ee98)
  • CreateProcessW (Address: 0x18005eef0)
  • CreateThread (Address: 0x18005eec0)
  • GetCurrentProcess (Address: 0x18005eee0)
  • GetCurrentProcessId (Address: 0x18005eef8)
  • GetCurrentThread (Address: 0x18005eec8)
  • GetCurrentThreadId (Address: 0x18005eeb8)
  • GetThreadId (Address: 0x18005eea0)
  • OpenProcessToken (Address: 0x18005eed0)
  • OpenThreadToken (Address: 0x18005eed8)
  • ProcessIdToSessionId (Address: 0x18005eeb0)
  • TerminateProcess (Address: 0x18005eee8)
  • TerminateThread (Address: 0x18005eea8)
api-ms-win-core-processthreads-l1-1-1.dll
  • GetProcessMitigationPolicy (Address: 0x18005ef08)
  • OpenProcess (Address: 0x18005ef10)
api-ms-win-core-profile-l1-1-0.dll
  • QueryPerformanceCounter (Address: 0x18005ef20)
  • QueryPerformanceFrequency (Address: 0x18005ef28)
api-ms-win-core-psapi-l1-1-0.dll
  • QueryFullProcessImageNameW (Address: 0x18005ef38)
api-ms-win-core-registry-l1-1-0.dll
  • RegCloseKey (Address: 0x18005ef50)
  • RegCreateKeyExW (Address: 0x18005ef90)
  • RegDeleteTreeW (Address: 0x18005efa0)
  • RegDeleteValueW (Address: 0x18005ef70)
  • RegEnumKeyExW (Address: 0x18005ef60)
  • RegEnumValueW (Address: 0x18005ef78)
  • RegGetValueW (Address: 0x18005ef48)
  • RegLoadKeyW (Address: 0x18005ef98)
  • RegNotifyChangeKeyValue (Address: 0x18005ef68)
  • RegOpenCurrentUser (Address: 0x18005efb8)
  • RegOpenKeyExW (Address: 0x18005efb0)
  • RegQueryInfoKeyW (Address: 0x18005ef80)
  • RegQueryValueExW (Address: 0x18005efa8)
  • RegSetValueExW (Address: 0x18005ef58)
  • RegUnLoadKeyW (Address: 0x18005ef88)
api-ms-win-core-registry-l2-1-0.dll
  • RegDeleteKeyW (Address: 0x18005efc8)
  • RegEnumKeyW (Address: 0x18005efd0)
api-ms-win-core-shlwapi-obsolete-l1-1-0.dll
  • StrToIntExW (Address: 0x18005efe0)
api-ms-win-core-shutdown-l1-1-0.dll
  • InitiateSystemShutdownExW (Address: 0x18005eff0)
api-ms-win-core-string-l1-1-0.dll
  • MultiByteToWideChar (Address: 0x18005f008)
  • WideCharToMultiByte (Address: 0x18005f000)
api-ms-win-core-string-obsolete-l1-1-0.dll
  • lstrcmpiW (Address: 0x18005f018)
api-ms-win-core-synch-l1-1-0.dll
  • AcquireSRWLockExclusive (Address: 0x18005f048)
  • AcquireSRWLockShared (Address: 0x18005f080)
  • CreateEventW (Address: 0x18005f060)
  • CreateMutexExW (Address: 0x18005f0a8)
  • CreateSemaphoreExW (Address: 0x18005f070)
  • DeleteCriticalSection (Address: 0x18005f028)
  • EnterCriticalSection (Address: 0x18005f058)
  • InitializeCriticalSection (Address: 0x18005f030)
  • InitializeCriticalSectionAndSpinCount (Address: 0x18005f088)
  • InitializeCriticalSectionEx (Address: 0x18005f090)
  • LeaveCriticalSection (Address: 0x18005f040)
  • OpenSemaphoreW (Address: 0x18005f0a0)
  • ReleaseMutex (Address: 0x18005f0c8)
  • ReleaseSemaphore (Address: 0x18005f050)
  • ReleaseSRWLockExclusive (Address: 0x18005f038)
  • ReleaseSRWLockShared (Address: 0x18005f078)
  • ResetEvent (Address: 0x18005f0c0)
  • SetEvent (Address: 0x18005f068)
  • WaitForMultipleObjectsEx (Address: 0x18005f0b0)
  • WaitForSingleObject (Address: 0x18005f098)
  • WaitForSingleObjectEx (Address: 0x18005f0b8)
api-ms-win-core-synch-l1-2-0.dll
  • InitOnceExecuteOnce (Address: 0x18005f0d8)
  • Sleep (Address: 0x18005f0e0)
api-ms-win-core-synch-l1-2-1.dll
  • WaitForMultipleObjects (Address: 0x18005f0f0)
api-ms-win-core-sysinfo-l1-1-0.dll
  • GetComputerNameExW (Address: 0x18005f110)
  • GetLocalTime (Address: 0x18005f130)
  • GetSystemDirectoryW (Address: 0x18005f100)
  • GetSystemTime (Address: 0x18005f120)
  • GetSystemTimeAsFileTime (Address: 0x18005f128)
  • GetTickCount (Address: 0x18005f108)
  • GetVersionExW (Address: 0x18005f118)
api-ms-win-core-threadpool-l1-2-0.dll
  • CloseThreadpoolTimer (Address: 0x18005f148)
  • CreateThreadpoolTimer (Address: 0x18005f150)
  • SetThreadpoolTimer (Address: 0x18005f158)
  • WaitForThreadpoolTimerCallbacks (Address: 0x18005f140)
api-ms-win-core-threadpool-legacy-l1-1-0.dll
  • CreateTimerQueue (Address: 0x18005f168)
  • CreateTimerQueueTimer (Address: 0x18005f178)
  • DeleteTimerQueueEx (Address: 0x18005f170)
  • DeleteTimerQueueTimer (Address: 0x18005f188)
  • UnregisterWaitEx (Address: 0x18005f180)
api-ms-win-core-timezone-l1-1-0.dll
  • FileTimeToSystemTime (Address: 0x18005f1a0)
  • SystemTimeToFileTime (Address: 0x18005f198)
api-ms-win-eventing-classicprovider-l1-1-0.dll
  • TraceMessage (Address: 0x18005f1b0)
api-ms-win-eventing-controller-l1-1-0.dll
  • ControlTraceW (Address: 0x18005f1c0)
  • EnableTraceEx2 (Address: 0x18005f1c8)
  • StartTraceW (Address: 0x18005f1d0)
api-ms-win-eventing-provider-l1-1-0.dll
  • EventActivityIdControl (Address: 0x18005f1f0)
  • EventProviderEnabled (Address: 0x18005f208)
  • EventRegister (Address: 0x18005f1e8)
  • EventSetInformation (Address: 0x18005f1f8)
  • EventUnregister (Address: 0x18005f200)
  • EventWriteTransfer (Address: 0x18005f1e0)
api-ms-win-eventlog-legacy-l1-1-0.dll
  • DeregisterEventSource (Address: 0x18005f218)
  • RegisterEventSourceW (Address: 0x18005f228)
  • ReportEventW (Address: 0x18005f220)
api-ms-win-security-base-l1-1-0.dll
  • AdjustTokenPrivileges (Address: 0x18005f2f8)
  • AllocateAndInitializeSid (Address: 0x18005f2c0)
  • CheckTokenMembership (Address: 0x18005f258)
  • CopySid (Address: 0x18005f240)
  • CreateWellKnownSid (Address: 0x18005f2b8)
  • DeleteAce (Address: 0x18005f2a8)
  • DuplicateToken (Address: 0x18005f280)
  • DuplicateTokenEx (Address: 0x18005f300)
  • EqualSid (Address: 0x18005f250)
  • FreeSid (Address: 0x18005f268)
  • GetAce (Address: 0x18005f248)
  • GetAclInformation (Address: 0x18005f260)
  • GetFileSecurityW (Address: 0x18005f238)
  • GetLengthSid (Address: 0x18005f2c8)
  • GetSecurityDescriptorControl (Address: 0x18005f2b0)
  • GetSecurityDescriptorDacl (Address: 0x18005f270)
  • GetSecurityDescriptorLength (Address: 0x18005f288)
  • GetTokenInformation (Address: 0x18005f2d8)
  • ImpersonateLoggedOnUser (Address: 0x18005f2e0)
  • InitializeSecurityDescriptor (Address: 0x18005f298)
  • IsValidSid (Address: 0x18005f2a0)
  • MakeAbsoluteSD (Address: 0x18005f308)
  • RevertToSelf (Address: 0x18005f2d0)
  • SetFileSecurityW (Address: 0x18005f2f0)
  • SetSecurityDescriptorControl (Address: 0x18005f290)
  • SetSecurityDescriptorDacl (Address: 0x18005f278)
  • SetTokenInformation (Address: 0x18005f2e8)
api-ms-win-security-credentials-l1-1-0.dll
  • CredUnprotectW (Address: 0x18005f318)
api-ms-win-security-lsalookup-l1-1-0.dll
  • LookupAccountSidLocalW (Address: 0x18005f328)
api-ms-win-security-lsapolicy-l1-1-0.dll
  • LsaFreeMemory (Address: 0x18005f338)
api-ms-win-security-provider-l1-1-0.dll
  • SetEntriesInAclW (Address: 0x18005f348)
api-ms-win-security-sddl-l1-1-0.dll
  • ConvertSidToStringSidW (Address: 0x18005f358)
  • ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x18005f360)
  • ConvertStringSidToSidW (Address: 0x18005f368)
api-ms-win-service-core-l1-1-0.dll
  • RegisterServiceCtrlHandlerExW (Address: 0x18005f380)
  • SetServiceStatus (Address: 0x18005f378)
DismApi.DLL
  • DismDisableFeature (Address: 0x18005ea20)
  • DismEnableFeature (Address: 0x18005ea30)
  • DismInitialize (Address: 0x18005ea40)
  • DismOpenSession (Address: 0x18005ea28)
  • DismShutdown (Address: 0x18005ea38)
msvcrt.dll
  • __C_specific_handler (Address: 0x18005f4a0)
  • __CxxFrameHandler3 (Address: 0x18005f498)
  • __dllonexit (Address: 0x18005f460)
  • _amsg_exit (Address: 0x18005f4c0)
  • _callnewh (Address: 0x18005f458)
  • _CxxThrowException (Address: 0x18005f398)
  • _initterm (Address: 0x18005f4a8)
  • _lock (Address: 0x18005f490)
  • _onexit (Address: 0x18005f3b0)
  • _purecall (Address: 0x18005f4d0)
  • _unlock (Address: 0x18005f468)
  • _vsnprintf (Address: 0x18005f428)
  • _vsnwprintf (Address: 0x18005f430)
  • _wcsicmp (Address: 0x18005f410)
  • _wcsnicmp (Address: 0x18005f470)
  • _wtol (Address: 0x18005f400)
  • _XcptFilter (Address: 0x18005f4c8)
  • ??_V@YAXPEAX@Z (Address: 0x18005f3f0)
  • ??0exception@@QEAA@AEBQEBD@Z (Address: 0x18005f450)
  • ??0exception@@QEAA@AEBQEBDH@Z (Address: 0x18005f448)
  • ??0exception@@QEAA@AEBV0@@Z (Address: 0x18005f408)
  • ??1exception@@UEAA@XZ (Address: 0x18005f3e0)
  • ??1type_info@@UEAA@XZ (Address: 0x18005f3d0)
  • ??3@YAXPEAX@Z (Address: 0x18005f4d8)
  • ?terminate@@YAXXZ (Address: 0x18005f3c8)
  • ?what@exception@@UEBAPEBDXZ (Address: 0x18005f3a0)
  • free (Address: 0x18005f4b8)
  • iswalpha (Address: 0x18005f488)
  • malloc (Address: 0x18005f4b0)
  • memcmp (Address: 0x18005f438)
  • memcpy (Address: 0x18005f3b8)
  • memcpy_s (Address: 0x18005f420)
  • memmove (Address: 0x18005f3c0)
  • memmove_s (Address: 0x18005f3f8)
  • memset (Address: 0x18005f390)
  • strcmp (Address: 0x18005f3a8)
  • swprintf_s (Address: 0x18005f418)
  • toupper (Address: 0x18005f440)
  • wcscat_s (Address: 0x18005f3d8)
  • wcschr (Address: 0x18005f3e8)
  • wcscmp (Address: 0x18005f4e8)
  • wcscpy_s (Address: 0x18005f4e0)
  • wcsncmp (Address: 0x18005f478)
  • wcsrchr (Address: 0x18005f480)
ntdll.dll
  • DbgPrint (Address: 0x18005f5e0)
  • EtwEventRegister (Address: 0x18005f560)
  • EtwEventUnregister (Address: 0x18005f568)
  • EtwEventWriteFull (Address: 0x18005f558)
  • NtDuplicateToken (Address: 0x18005f500)
  • NtQueryInformationProcess (Address: 0x18005f4f8)
  • NtQuerySystemInformation (Address: 0x18005f628)
  • NtQueryWnfStateData (Address: 0x18005f580)
  • RtlAcquireResourceExclusive (Address: 0x18005f5c8)
  • RtlAcquireResourceShared (Address: 0x18005f5d8)
  • RtlAllocateAndInitializeSid (Address: 0x18005f5c0)
  • RtlAllocateHeap (Address: 0x18005f510)
  • RtlCaptureContext (Address: 0x18005f520)
  • RtlCaptureStackBackTrace (Address: 0x18005f618)
  • RtlDeleteElementGenericTable (Address: 0x18005f5b0)
  • RtlDeleteResource (Address: 0x18005f620)
  • RtlEnumerateGenericTable (Address: 0x18005f5b8)
  • RtlEqualSid (Address: 0x18005f5e8)
  • RtlFreeHeap (Address: 0x18005f508)
  • RtlFreeSid (Address: 0x18005f5f8)
  • RtlGetActiveConsoleId (Address: 0x18005f550)
  • RtlInitializeGenericTable (Address: 0x18005f5a8)
  • RtlInitializeResource (Address: 0x18005f608)
  • RtlInitUnicodeStringEx (Address: 0x18005f5a0)
  • RtlInsertElementGenericTable (Address: 0x18005f588)
  • RtlLengthSid (Address: 0x18005f638)
  • RtlLookupElementGenericTable (Address: 0x18005f590)
  • RtlLookupFunctionEntry (Address: 0x18005f600)
  • RtlNtStatusToDosError (Address: 0x18005f518)
  • RtlQueryEnvironmentVariable_U (Address: 0x18005f598)
  • RtlReleaseResource (Address: 0x18005f5d0)
  • RtlSubscribeWnfStateChangeNotification (Address: 0x18005f578)
  • RtlUnsubscribeWnfStateChangeNotification (Address: 0x18005f570)
  • RtlVerifyVersionInfo (Address: 0x18005f610)
  • RtlVirtualUnwind (Address: 0x18005f630)
  • VerSetConditionMask (Address: 0x18005f5f0)
  • WinSqmAddToStream (Address: 0x18005f538)
  • WinSqmEndSession (Address: 0x18005f540)
  • WinSqmIsOptedIn (Address: 0x18005f548)
  • WinSqmSetDWORD (Address: 0x18005f528)
  • WinSqmStartSession (Address: 0x18005f530)
RPCRT4.dll
  • I_RpcBindingInqLocalClientPID (Address: 0x18005ea70)
  • I_RpcExceptionFilter (Address: 0x18005ea78)
  • Ndr64AsyncClientCall (Address: 0x18005ea60)
  • NdrServerCall2 (Address: 0x18005ea90)
  • NdrServerCallAll (Address: 0x18005ea98)
  • RpcAsyncCompleteCall (Address: 0x18005eac0)
  • RpcAsyncInitializeHandle (Address: 0x18005eae0)
  • RpcBindingBind (Address: 0x18005eac8)
  • RpcBindingCopy (Address: 0x18005ea50)
  • RpcBindingCreateW (Address: 0x18005ead0)
  • RpcBindingFree (Address: 0x18005eb08)
  • RpcBindingInqAuthClientW (Address: 0x18005eb10)
  • RpcBindingServerFromClient (Address: 0x18005eb18)
  • RpcBindingToStringBindingW (Address: 0x18005eb28)
  • RpcBindingUnbind (Address: 0x18005ea58)
  • RpcBindingVectorFree (Address: 0x18005eae8)
  • RpcEpRegisterW (Address: 0x18005eaf0)
  • RpcFreeAuthorizationContext (Address: 0x18005eb48)
  • RpcGetAuthorizationContextForClient (Address: 0x18005eb40)
  • RpcImpersonateClient (Address: 0x18005eb50)
  • RpcRevertToSelf (Address: 0x18005eb58)
  • RpcServerInqBindings (Address: 0x18005eaf8)
  • RpcServerInqCallAttributesW (Address: 0x18005eb38)
  • RpcServerInqDefaultPrincNameW (Address: 0x18005eaa0)
  • RpcServerRegisterAuthInfoW (Address: 0x18005eaa8)
  • RpcServerRegisterIfEx (Address: 0x18005eab8)
  • RpcServerUnregisterIfEx (Address: 0x18005eb20)
  • RpcServerUseProtseqEpW (Address: 0x18005eab0)
  • RpcServerUseProtseqExW (Address: 0x18005eb00)
  • RpcStringBindingParseW (Address: 0x18005eb30)
  • RpcStringFreeW (Address: 0x18005ea88)
  • UuidCreate (Address: 0x18005ea68)
  • UuidFromStringW (Address: 0x18005ead8)
  • UuidToStringW (Address: 0x18005ea80)
samcli.dll
  • NetLocalGroupAddMembers (Address: 0x18005f650)
  • NetLocalGroupDelMembers (Address: 0x18005f648)
  • NetUserGetInfo (Address: 0x18005f658)
SCECLI.dll
  • SceSetupSystemByInfName (Address: 0x18005eb68)
SYSNTFY.dll
  • SysNotifyStartServer (Address: 0x18005eb78)
  • SysNotifyStopServer (Address: 0x18005eb80)