wevtapi.dll
Description: Eventing Consumption and Configuration API
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.6280
Architecture: 64-bit
Operating System: Windows NT
SHA256: 3ea8637a2709c2102280eca38767a531
File Size: 395.5 KB
Uploaded At: Dec. 1, 2025, 7:42 a.m.
Views: 12
Exported Functions
- EvtIntSysprepCleanup (Ordinal: 1, Address: 0x2e370)
- EvtArchiveExportedLog (Ordinal: 2, Address: 0x2c280)
- EvtCancel (Ordinal: 3, Address: 0x2c4e0)
- EvtClearLog (Ordinal: 4, Address: 0x2c660)
- EvtClose (Ordinal: 5, Address: 0x68b0)
- EvtCreateBookmark (Ordinal: 6, Address: 0xc350)
- EvtCreateRenderContext (Ordinal: 7, Address: 0x5620)
- EvtExportLog (Ordinal: 8, Address: 0x2c8d0)
- EvtFormatMessage (Ordinal: 9, Address: 0xf250)
- EvtGetChannelConfigProperty (Ordinal: 10, Address: 0xca50)
- EvtGetEventInfo (Ordinal: 11, Address: 0x2cc80)
- EvtGetEventMetadataProperty (Ordinal: 12, Address: 0x2cd90)
- EvtGetExtendedStatus (Ordinal: 13, Address: 0x2cf40)
- EvtGetLogInfo (Ordinal: 14, Address: 0xfa90)
- EvtGetObjectArrayProperty (Ordinal: 15, Address: 0x10cb0)
- EvtGetObjectArraySize (Ordinal: 16, Address: 0x12c40)
- EvtGetPublisherMetadataProperty (Ordinal: 17, Address: 0xe720)
- EvtGetQueryInfo (Ordinal: 18, Address: 0x2cf60)
- EvtIntAssertConfig (Ordinal: 19, Address: 0xd9a0)
- EvtIntCreateBinXMLFromCustomXML (Ordinal: 20, Address: 0x2ed80)
- EvtIntCreateLocalLogfile (Ordinal: 21, Address: 0x2edd0)
- EvtIntGetClassicLogDisplayName (Ordinal: 22, Address: 0x13310)
- EvtIntRenderResourceEventTemplate (Ordinal: 23, Address: 0x2ef80)
- EvtIntReportAuthzEventAndSourceAsync (Ordinal: 24, Address: 0x59154)
- EvtIntReportEventAndSourceAsync (Ordinal: 25, Address: 0x5919f)
- EvtIntRetractConfig (Ordinal: 26, Address: 0x2130)
- EvtIntWriteXmlEventToLocalLogfile (Ordinal: 27, Address: 0x2f530)
- EvtNext (Ordinal: 28, Address: 0x4b90)
- EvtNextChannelPath (Ordinal: 29, Address: 0x12000)
- EvtNextEventMetadata (Ordinal: 30, Address: 0x2d520)
- EvtNextPublisherId (Ordinal: 31, Address: 0x11f30)
- EvtOpenChannelConfig (Ordinal: 32, Address: 0x65c0)
- EvtOpenChannelEnum (Ordinal: 33, Address: 0x11740)
- EvtOpenEventMetadataEnum (Ordinal: 34, Address: 0x2d6f0)
- EvtOpenLog (Ordinal: 35, Address: 0x107e0)
- EvtOpenPublisherEnum (Ordinal: 36, Address: 0x118a0)
- EvtOpenPublisherMetadata (Ordinal: 37, Address: 0xa7c0)
- EvtOpenSession (Ordinal: 38, Address: 0x1880)
- EvtQuery (Ordinal: 39, Address: 0xab50)
- EvtRender (Ordinal: 40, Address: 0x2270)
- EvtSaveChannelConfig (Ordinal: 41, Address: 0x2d8b0)
- EvtSeek (Ordinal: 42, Address: 0xc210)
- EvtSetChannelConfigProperty (Ordinal: 43, Address: 0x2da10)
- EvtSubscribe (Ordinal: 44, Address: 0xaf40)
- EvtUpdateBookmark (Ordinal: 45, Address: 0x2840)
Imported DLLs & Functions
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x18004c460)
- IsDebuggerPresent (Address: 0x18004c458)
- OutputDebugStringW (Address: 0x18004c468)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x18004c478)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x18004c488)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x18004c4b0)
- SetLastError (Address: 0x18004c4a8)
- SetUnhandledExceptionFilter (Address: 0x18004c498)
- UnhandledExceptionFilter (Address: 0x18004c4a0)
api-ms-win-core-file-l1-1-0.dll
- CreateFileW (Address: 0x18004c4d8)
- DeleteFileW (Address: 0x18004c510)
- FlushFileBuffers (Address: 0x18004c508)
- GetDiskFreeSpaceExW (Address: 0x18004c4e0)
- GetFileAttributesW (Address: 0x18004c4c0)
- GetFileInformationByHandle (Address: 0x18004c4f8)
- GetFileSizeEx (Address: 0x18004c4f0)
- GetFullPathNameW (Address: 0x18004c4c8)
- GetTempFileNameW (Address: 0x18004c518)
- ReadFile (Address: 0x18004c4d0)
- SetEndOfFile (Address: 0x18004c500)
- SetFilePointerEx (Address: 0x18004c4e8)
api-ms-win-core-file-l2-1-0.dll
- MoveFileExW (Address: 0x18004c528)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x18004c538)
- DuplicateHandle (Address: 0x18004c540)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x18004c560)
- HeapAlloc (Address: 0x18004c558)
- HeapFree (Address: 0x18004c550)
api-ms-win-core-heap-l2-1-0.dll
- LocalAlloc (Address: 0x18004c570)
- LocalFree (Address: 0x18004c578)
api-ms-win-core-interlocked-l1-1-0.dll
- InitializeSListHead (Address: 0x18004c588)
api-ms-win-core-libraryloader-l1-2-0.dll
- FreeLibrary (Address: 0x18004c5b0)
- GetModuleFileNameA (Address: 0x18004c598)
- GetModuleHandleExW (Address: 0x18004c5a8)
- GetModuleHandleW (Address: 0x18004c5b8)
- GetProcAddress (Address: 0x18004c5a0)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x18004c5d8)
- GetLocaleInfoW (Address: 0x18004c5c8)
- GetThreadLocale (Address: 0x18004c5e0)
- GetThreadUILanguage (Address: 0x18004c5d0)
api-ms-win-core-processenvironment-l1-1-0.dll
- ExpandEnvironmentStringsW (Address: 0x18004c5f0)
api-ms-win-core-processthreads-l1-1-0.dll
- GetCurrentProcess (Address: 0x18004c638)
- GetCurrentProcessId (Address: 0x18004c600)
- GetCurrentThreadId (Address: 0x18004c608)
- TerminateProcess (Address: 0x18004c618)
- TlsAlloc (Address: 0x18004c610)
- TlsFree (Address: 0x18004c620)
- TlsGetValue (Address: 0x18004c630)
- TlsSetValue (Address: 0x18004c628)
api-ms-win-core-processthreads-l1-1-1.dll
- IsProcessorFeaturePresent (Address: 0x18004c648)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x18004c658)
api-ms-win-core-string-l1-1-0.dll
- MultiByteToWideChar (Address: 0x18004c668)
- WideCharToMultiByte (Address: 0x18004c670)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x18004c700)
- AcquireSRWLockShared (Address: 0x18004c6f8)
- CreateEventW (Address: 0x18004c698)
- CreateMutexExW (Address: 0x18004c688)
- CreateSemaphoreExW (Address: 0x18004c6b0)
- DeleteCriticalSection (Address: 0x18004c6c0)
- EnterCriticalSection (Address: 0x18004c6d8)
- InitializeCriticalSectionEx (Address: 0x18004c6c8)
- LeaveCriticalSection (Address: 0x18004c6d0)
- OpenSemaphoreW (Address: 0x18004c6e0)
- ReleaseMutex (Address: 0x18004c6a0)
- ReleaseSemaphore (Address: 0x18004c708)
- ReleaseSRWLockExclusive (Address: 0x18004c6a8)
- ReleaseSRWLockShared (Address: 0x18004c690)
- ResetEvent (Address: 0x18004c680)
- SetEvent (Address: 0x18004c6e8)
- WaitForSingleObject (Address: 0x18004c6f0)
- WaitForSingleObjectEx (Address: 0x18004c6b8)
api-ms-win-core-synch-l1-2-0.dll
- InitializeConditionVariable (Address: 0x18004c718)
- InitOnceBeginInitialize (Address: 0x18004c728)
- InitOnceComplete (Address: 0x18004c738)
- Sleep (Address: 0x18004c730)
- SleepConditionVariableCS (Address: 0x18004c720)
- WakeAllConditionVariable (Address: 0x18004c740)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetSystemTimeAsFileTime (Address: 0x18004c750)
- GetTickCount (Address: 0x18004c758)
- GetTickCount64 (Address: 0x18004c760)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpoolCleanupGroup (Address: 0x18004c770)
- CloseThreadpoolTimer (Address: 0x18004c778)
- CloseThreadpoolWait (Address: 0x18004c7b0)
- CloseThreadpoolWork (Address: 0x18004c7d8)
- CreateThreadpoolCleanupGroup (Address: 0x18004c788)
- CreateThreadpoolTimer (Address: 0x18004c7c0)
- CreateThreadpoolWait (Address: 0x18004c7a0)
- CreateThreadpoolWork (Address: 0x18004c790)
- FreeLibraryWhenCallbackReturns (Address: 0x18004c7d0)
- SetThreadpoolTimer (Address: 0x18004c7b8)
- SetThreadpoolWait (Address: 0x18004c798)
- SubmitThreadpoolWork (Address: 0x18004c7c8)
- WaitForThreadpoolTimerCallbacks (Address: 0x18004c780)
- WaitForThreadpoolWaitCallbacks (Address: 0x18004c7a8)
api-ms-win-core-timezone-l1-1-0.dll
- FileTimeToSystemTime (Address: 0x18004c7e8)
- SystemTimeToFileTime (Address: 0x18004c7f0)
api-ms-win-crt-private-l1-1-0.dll
- __C_specific_handler (Address: 0x18004c900)
- __CxxFrameHandler4 (Address: 0x18004c968)
- __std_terminate (Address: 0x18004c960)
- _CxxThrowException (Address: 0x18004c970)
- _o___std_exception_copy (Address: 0x18004c948)
- _o___std_exception_destroy (Address: 0x18004c940)
- _o___std_type_info_destroy_list (Address: 0x18004c938)
- _o___stdio_common_vsnprintf_s (Address: 0x18004c930)
- _o___stdio_common_vsnwprintf_s (Address: 0x18004c928)
- _o___stdio_common_vsprintf_s (Address: 0x18004c920)
- _o___stdio_common_vswprintf (Address: 0x18004c918)
- _o__cexit (Address: 0x18004c910)
- _o__configure_narrow_argv (Address: 0x18004c908)
- _o__crt_atexit (Address: 0x18004c958)
- _o__errno (Address: 0x18004c800)
- _o__execute_onexit_table (Address: 0x18004c808)
- _o__i64tow_s (Address: 0x18004c810)
- _o__initialize_narrow_environment (Address: 0x18004c818)
- _o__initialize_onexit_table (Address: 0x18004c820)
- _o__invalid_parameter_noinfo (Address: 0x18004c828)
- _o__invalid_parameter_noinfo_noreturn (Address: 0x18004c830)
- _o__itow_s (Address: 0x18004c838)
- _o__purecall (Address: 0x18004c840)
- _o__register_onexit_function (Address: 0x18004c848)
- _o__seh_filter_dll (Address: 0x18004c850)
- _o__ui64tow_s (Address: 0x18004c860)
- _o__ultow_s (Address: 0x18004c868)
- _o__wcsicmp (Address: 0x18004c870)
- _o__wcsnicmp (Address: 0x18004c878)
- _o__wcstoi64 (Address: 0x18004c880)
- _o__wcstoui64 (Address: 0x18004c888)
- _o__wtof (Address: 0x18004c890)
- _o__wtoi (Address: 0x18004c898)
- _o__wtoi64 (Address: 0x18004c8a0)
- _o__wtol (Address: 0x18004c8a8)
- _o_free (Address: 0x18004c8b0)
- _o_iswalnum (Address: 0x18004c8b8)
- _o_iswalpha (Address: 0x18004c8c0)
- _o_iswdigit (Address: 0x18004c8c8)
- _o_iswspace (Address: 0x18004c8d0)
- _o_strncpy_s (Address: 0x18004c8d8)
- _o_terminate (Address: 0x18004c8e0)
- _o_toupper (Address: 0x18004c8e8)
- _o_wcscpy_s (Address: 0x18004c8f0)
- _o_wcsncpy_s (Address: 0x18004c8f8)
- memcmp (Address: 0x18004c978)
- memcpy (Address: 0x18004c980)
- memmove (Address: 0x18004c858)
- wcschr (Address: 0x18004c950)
api-ms-win-crt-runtime-l1-1-0.dll
- _initterm (Address: 0x18004c990)
- _initterm_e (Address: 0x18004c998)
api-ms-win-crt-string-l1-1-0.dll
- memset (Address: 0x18004c9c0)
- strnlen (Address: 0x18004c9b0)
- wcscmp (Address: 0x18004c9a8)
- wcsnlen (Address: 0x18004c9b8)
api-ms-win-eventing-classicprovider-l1-1-0.dll
- TraceMessage (Address: 0x18004c9d0)
api-ms-win-eventing-provider-l1-1-0.dll
- EventActivityIdControl (Address: 0x18004c9f0)
- EventProviderEnabled (Address: 0x18004ca08)
- EventRegister (Address: 0x18004ca00)
- EventSetInformation (Address: 0x18004c9f8)
- EventUnregister (Address: 0x18004c9e8)
- EventWriteTransfer (Address: 0x18004c9e0)
api-ms-win-security-base-l1-1-0.dll
- GetLengthSid (Address: 0x18004ca20)
- IsValidSid (Address: 0x18004ca18)
msvcp_win.dll
- ?_Xlength_error@std@@YAXPEBD@Z (Address: 0x18004ca30)
- ?_Xout_of_range@std@@YAXPEBD@Z (Address: 0x18004ca38)
ntdll.dll
- EtwGetTraceEnableFlags (Address: 0x18004cab8)
- EtwGetTraceEnableLevel (Address: 0x18004ca58)
- EtwGetTraceLoggerHandle (Address: 0x18004ca50)
- EtwRegisterTraceGuidsW (Address: 0x18004ca60)
- EtwTraceMessage (Address: 0x18004ca68)
- EtwUnregisterTraceGuids (Address: 0x18004ca48)
- NtReadFile (Address: 0x18004cab0)
- NtSetInformationFile (Address: 0x18004ca90)
- NtWriteFile (Address: 0x18004caa8)
- RtlCaptureContext (Address: 0x18004ca70)
- RtlComputeCrc32 (Address: 0x18004caa0)
- RtlLookupFunctionEntry (Address: 0x18004ca78)
- RtlNtStatusToDosError (Address: 0x18004ca88)
- RtlSetLastWin32Error (Address: 0x18004ca80)
- RtlSetLastWin32ErrorAndNtStatusFromNtStatus (Address: 0x18004ca98)
- RtlVirtualUnwind (Address: 0x18004cac0)