wecsvc.dll

Description: Event Collector Service

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.5794

Architecture: 64-bit

Operating System: Windows NT

SHA256: 7845bea73a6edbfcf9775e7a85c3bda5

File Size: 239.5 KB

Uploaded At: Dec. 1, 2025, 7:42 a.m.

Views: 4

Exported Functions

  • ServiceMain (Ordinal: 1, Address: 0x25b0)
  • SvchostPushServiceGlobals (Ordinal: 2, Address: 0x2510)
  • DllRegisterServer (Ordinal: 3, Address: 0x2c00)
  • DllUnregisterServer (Ordinal: 4, Address: 0x2c00)

Imported DLLs & Functions

ADVAPI32.dll
  • CredDeleteW (Address: 0x18002c828)
  • CredEnumerateW (Address: 0x18002c820)
  • CredFree (Address: 0x18002c810)
  • CredReadW (Address: 0x18002c830)
  • CredWriteW (Address: 0x18002c838)
  • EventRegister (Address: 0x18002c800)
  • EventUnregister (Address: 0x18002c7f8)
  • EventWrite (Address: 0x18002c7d8)
  • RegDeleteKeyExW (Address: 0x18002c7f0)
  • RegDeleteKeyW (Address: 0x18002c808)
  • RegEnumKeyExW (Address: 0x18002c7e0)
  • RegQueryInfoKeyW (Address: 0x18002c7e8)
  • RegQueryValueExW (Address: 0x18002c840)
  • RevertToSelf (Address: 0x18002c818)
api-ms-win-core-debug-l1-1-0.dll
  • DebugBreak (Address: 0x18002c930)
  • IsDebuggerPresent (Address: 0x18002c940)
  • OutputDebugStringW (Address: 0x18002c938)
api-ms-win-core-errorhandling-l1-1-0.dll
  • GetLastError (Address: 0x18002c968)
  • SetLastError (Address: 0x18002c950)
  • SetUnhandledExceptionFilter (Address: 0x18002c958)
  • UnhandledExceptionFilter (Address: 0x18002c960)
api-ms-win-core-file-l1-1-0.dll
  • CompareFileTime (Address: 0x18002c978)
api-ms-win-core-handle-l1-1-0.dll
  • CloseHandle (Address: 0x18002c988)
api-ms-win-core-heap-l1-1-0.dll
  • GetProcessHeap (Address: 0x18002c9a8)
  • HeapAlloc (Address: 0x18002c9a0)
  • HeapFree (Address: 0x18002c998)
api-ms-win-core-heap-l2-1-0.dll
  • LocalFree (Address: 0x18002c9b8)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
  • GetComputerNameW (Address: 0x18002c9d0)
  • RegisterWaitForSingleObject (Address: 0x18002c9c8)
api-ms-win-core-libraryloader-l1-2-0.dll
  • GetModuleFileNameA (Address: 0x18002c9f0)
  • GetModuleHandleExW (Address: 0x18002c9e8)
  • GetModuleHandleW (Address: 0x18002c9f8)
  • GetProcAddress (Address: 0x18002c9e0)
api-ms-win-core-localization-l1-2-0.dll
  • FormatMessageW (Address: 0x18002ca18)
  • GetThreadLocale (Address: 0x18002ca08)
  • LocaleNameToLCID (Address: 0x18002ca10)
api-ms-win-core-localization-l1-2-2.dll
  • LCIDToLocaleName (Address: 0x18002ca28)
api-ms-win-core-processthreads-l1-1-0.dll
  • GetCurrentProcess (Address: 0x18002ca60)
  • GetCurrentProcessId (Address: 0x18002ca48)
  • GetCurrentThread (Address: 0x18002ca68)
  • GetCurrentThreadId (Address: 0x18002ca50)
  • OpenThreadToken (Address: 0x18002ca38)
  • SetThreadToken (Address: 0x18002ca40)
  • TerminateProcess (Address: 0x18002ca58)
api-ms-win-core-profile-l1-1-0.dll
  • QueryPerformanceCounter (Address: 0x18002ca78)
api-ms-win-core-registry-l1-1-0.dll
  • RegCloseKey (Address: 0x18002ca90)
  • RegCreateKeyExW (Address: 0x18002caa8)
  • RegDeleteValueW (Address: 0x18002ca88)
  • RegOpenKeyExW (Address: 0x18002ca98)
  • RegSetValueExW (Address: 0x18002caa0)
api-ms-win-core-rtlsupport-l1-1-0.dll
  • RtlCaptureContext (Address: 0x18002cab8)
  • RtlLookupFunctionEntry (Address: 0x18002cac0)
  • RtlVirtualUnwind (Address: 0x18002cac8)
api-ms-win-core-synch-l1-1-0.dll
  • AcquireSRWLockExclusive (Address: 0x18002cb30)
  • AcquireSRWLockShared (Address: 0x18002cb60)
  • CreateEventW (Address: 0x18002cae8)
  • CreateMutexExW (Address: 0x18002cad8)
  • CreateSemaphoreExW (Address: 0x18002cae0)
  • DeleteCriticalSection (Address: 0x18002caf8)
  • EnterCriticalSection (Address: 0x18002cb00)
  • InitializeCriticalSectionEx (Address: 0x18002cb28)
  • LeaveCriticalSection (Address: 0x18002cb18)
  • OpenSemaphoreW (Address: 0x18002cb08)
  • ReleaseMutex (Address: 0x18002cb38)
  • ReleaseSemaphore (Address: 0x18002cb40)
  • ReleaseSRWLockExclusive (Address: 0x18002cb58)
  • ReleaseSRWLockShared (Address: 0x18002cb50)
  • ResetEvent (Address: 0x18002cb48)
  • SetEvent (Address: 0x18002caf0)
  • WaitForSingleObject (Address: 0x18002cb20)
  • WaitForSingleObjectEx (Address: 0x18002cb10)
api-ms-win-core-synch-l1-2-0.dll
  • Sleep (Address: 0x18002cb70)
api-ms-win-core-sysinfo-l1-1-0.dll
  • GetComputerNameExW (Address: 0x18002cb98)
  • GetSystemTime (Address: 0x18002cb80)
  • GetSystemTimeAsFileTime (Address: 0x18002cb88)
  • GetTickCount (Address: 0x18002cb90)
api-ms-win-core-threadpool-l1-2-0.dll
  • CloseThreadpoolTimer (Address: 0x18002cbc0)
  • CreateThreadpoolTimer (Address: 0x18002cba8)
  • SetThreadpoolTimer (Address: 0x18002cbb0)
  • WaitForThreadpoolTimerCallbacks (Address: 0x18002cbb8)
api-ms-win-core-threadpool-legacy-l1-1-0.dll
  • CreateTimerQueueTimer (Address: 0x18002cbe0)
  • DeleteTimerQueueTimer (Address: 0x18002cbd8)
  • UnregisterWaitEx (Address: 0x18002cbd0)
api-ms-win-core-timezone-l1-1-0.dll
  • FileTimeToSystemTime (Address: 0x18002cbf0)
  • SystemTimeToFileTime (Address: 0x18002cbf8)
api-ms-win-eventing-classicprovider-l1-1-0.dll
  • GetTraceEnableFlags (Address: 0x18002cc20)
  • GetTraceEnableLevel (Address: 0x18002cc10)
  • GetTraceLoggerHandle (Address: 0x18002cc30)
  • RegisterTraceGuidsW (Address: 0x18002cc18)
  • TraceMessage (Address: 0x18002cc28)
  • UnregisterTraceGuids (Address: 0x18002cc08)
api-ms-win-security-base-l1-1-0.dll
  • AllocateAndInitializeSid (Address: 0x18002cc40)
  • CheckTokenMembership (Address: 0x18002cc50)
  • FreeSid (Address: 0x18002cc48)
api-ms-win-security-sddl-l1-1-0.dll
  • ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x18002cc60)
api-ms-win-service-core-l1-1-0.dll
  • RegisterServiceCtrlHandlerExW (Address: 0x18002cc70)
  • SetServiceStatus (Address: 0x18002cc78)
msvcrt.dll
  • __C_specific_handler (Address: 0x18002ccc8)
  • __CxxFrameHandler3 (Address: 0x18002cc98)
  • __dllonexit (Address: 0x18002cca8)
  • _amsg_exit (Address: 0x18002ccd8)
  • _CxxThrowException (Address: 0x18002ccf8)
  • _initterm (Address: 0x18002ccd0)
  • _lock (Address: 0x18002ccc0)
  • _onexit (Address: 0x18002cca0)
  • _purecall (Address: 0x18002cda0)
  • _ultow (Address: 0x18002cd18)
  • _unlock (Address: 0x18002cda8)
  • _vsnprintf_s (Address: 0x18002cd40)
  • _vsnwprintf (Address: 0x18002cd50)
  • _wcsicmp (Address: 0x18002cd90)
  • _wcsnicmp (Address: 0x18002cd78)
  • _XcptFilter (Address: 0x18002cce0)
  • ??0exception@@QEAA@AEBQEBD@Z (Address: 0x18002cd10)
  • ??0exception@@QEAA@AEBQEBDH@Z (Address: 0x18002cd08)
  • ??0exception@@QEAA@AEBV0@@Z (Address: 0x18002cd38)
  • ??0exception@@QEAA@XZ (Address: 0x18002cd60)
  • ??1exception@@UEAA@XZ (Address: 0x18002cd58)
  • ??1type_info@@UEAA@XZ (Address: 0x18002ccb8)
  • ?terminate@@YAXXZ (Address: 0x18002cc88)
  • ?what@exception@@UEBAPEBDXZ (Address: 0x18002cd00)
  • abort (Address: 0x18002cd88)
  • free (Address: 0x18002cd98)
  • iswspace (Address: 0x18002cd68)
  • malloc (Address: 0x18002cd80)
  • memcmp (Address: 0x18002ccb0)
  • memcpy (Address: 0x18002ccf0)
  • memcpy_s (Address: 0x18002cd48)
  • memmove (Address: 0x18002cce8)
  • memmove_s (Address: 0x18002cd20)
  • memset (Address: 0x18002cc90)
  • swprintf_s (Address: 0x18002cd28)
  • swscanf_s (Address: 0x18002cd30)
  • wcscmp (Address: 0x18002cdb0)
  • wcsncpy_s (Address: 0x18002cd70)
ntdll.dll
  • EtwEventWriteFull (Address: 0x18002cdc0)
RPCRT4.dll
  • NdrServerCall2 (Address: 0x18002c878)
  • NdrServerCallAll (Address: 0x18002c868)
  • RpcBindingToStringBindingW (Address: 0x18002c898)
  • RpcImpersonateClient (Address: 0x18002c890)
  • RpcRevertToSelf (Address: 0x18002c888)
  • RpcServerRegisterAuthInfoW (Address: 0x18002c858)
  • RpcServerRegisterIfEx (Address: 0x18002c860)
  • RpcServerUnregisterIfEx (Address: 0x18002c870)
  • RpcServerUseProtseqEpW (Address: 0x18002c850)
  • RpcStringBindingParseW (Address: 0x18002c8b0)
  • RpcStringFreeW (Address: 0x18002c8a0)
  • UuidCreate (Address: 0x18002c8a8)
  • UuidToStringW (Address: 0x18002c880)
wevtapi.dll
  • EvtClose (Address: 0x18002cdd8)
  • EvtGetChannelConfigProperty (Address: 0x18002cdf8)
  • EvtGetObjectArrayProperty (Address: 0x18002cdf0)
  • EvtGetObjectArraySize (Address: 0x18002ce00)
  • EvtGetPublisherMetadataProperty (Address: 0x18002cde0)
  • EvtOpenChannelConfig (Address: 0x18002cde8)
  • EvtOpenPublisherMetadata (Address: 0x18002cdd0)
WsmSvc.DLL
  • WSManAckEvents (Address: 0x18002c900)
  • WSManCloseEnumeratorHandle (Address: 0x18002c8c0)
  • WSManCloseObjectHandle (Address: 0x18002c8d0)
  • WSManCloseSessionHandle (Address: 0x18002c920)
  • WSManCloseSubscriptionHandle (Address: 0x18002c918)
  • WSManCreatePullSubscription (Address: 0x18002c8e0)
  • WSManCreatePushSubscription (Address: 0x18002c8e8)
  • WSManCreateSessionInternal (Address: 0x18002c910)
  • WSManDecodeObject (Address: 0x18002c8f8)
  • WSManEncodeObject (Address: 0x18002c8f0)
  • WSManEnumeratorNextObject (Address: 0x18002c8c8)
  • WSManPullEvents (Address: 0x18002c8d8)
  • WSManSetSessionOption (Address: 0x18002c908)