wevtfwd.dll

Description: WS-Management Event Forwarding Plug-in

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.5794

Architecture: 64-bit

Operating System: Windows NT

SHA256: 80c9c5696a50a70e52a6f047791f677b

File Size: 134.0 KB

Uploaded At: Dec. 1, 2025, 7:42 a.m.

Views: 4

Exported Functions

  • WSManPluginShutdown (Ordinal: 1, Address: 0x2240)
  • WSManPluginStartup (Ordinal: 2, Address: 0x1ff0)
  • WSManProvPullEvents (Ordinal: 3, Address: 0x2660)
  • WSManProvSubscribe (Ordinal: 4, Address: 0x22d0)
  • WSManProvUnsubscribe (Ordinal: 5, Address: 0x24b0)

Imported DLLs & Functions

ADVAPI32.dll
  • EventRegister (Address: 0x180017e38)
  • EventUnregister (Address: 0x180017e40)
  • EventWrite (Address: 0x180017e30)
  • GetTraceEnableFlags (Address: 0x180017e68)
  • GetTraceEnableLevel (Address: 0x180017e70)
  • GetTraceLoggerHandle (Address: 0x180017e78)
  • OpenThreadToken (Address: 0x180017e50)
  • RegCloseKey (Address: 0x180017e00)
  • RegEnumKeyExW (Address: 0x180017e20)
  • RegEnumValueW (Address: 0x180017e48)
  • RegisterTraceGuidsW (Address: 0x180017e60)
  • RegNotifyChangeKeyValue (Address: 0x180017e10)
  • RegOpenKeyExW (Address: 0x180017df8)
  • RegQueryInfoKeyW (Address: 0x180017e18)
  • RegQueryValueExW (Address: 0x180017e28)
  • SetThreadToken (Address: 0x180017e08)
  • TraceMessage (Address: 0x180017e80)
  • UnregisterTraceGuids (Address: 0x180017e58)
KERNEL32.dll
  • AcquireSRWLockExclusive (Address: 0x180018010)
  • AcquireSRWLockShared (Address: 0x180017eb8)
  • CloseHandle (Address: 0x180017ee8)
  • CloseThreadpoolTimer (Address: 0x180018018)
  • CreateEventW (Address: 0x180017f30)
  • CreateMutexExW (Address: 0x180017ec0)
  • CreateSemaphoreExW (Address: 0x180018058)
  • CreateThread (Address: 0x180017e90)
  • CreateThreadpoolTimer (Address: 0x180017fe8)
  • DebugBreak (Address: 0x180017ea0)
  • DeleteCriticalSection (Address: 0x180017f00)
  • DisableThreadLibraryCalls (Address: 0x180017ef0)
  • EnterCriticalSection (Address: 0x180017f08)
  • FormatMessageW (Address: 0x180018030)
  • GetComputerNameExW (Address: 0x180017ee0)
  • GetComputerNameW (Address: 0x180017fb0)
  • GetCurrentProcess (Address: 0x180017f98)
  • GetCurrentProcessId (Address: 0x180017f70)
  • GetCurrentThread (Address: 0x180017fd0)
  • GetCurrentThreadId (Address: 0x180017f78)
  • GetLastError (Address: 0x180017f18)
  • GetModuleFileNameA (Address: 0x180017fc8)
  • GetModuleHandleExW (Address: 0x180017fd8)
  • GetModuleHandleW (Address: 0x180017eb0)
  • GetProcAddress (Address: 0x180017fe0)
  • GetProcessHeap (Address: 0x180017ed0)
  • GetSystemTime (Address: 0x180017ea8)
  • GetSystemTimeAsFileTime (Address: 0x180017f80)
  • GetThreadLocale (Address: 0x180018050)
  • GetThreadPriority (Address: 0x180017f38)
  • GetTickCount (Address: 0x180017f20)
  • HeapAlloc (Address: 0x180017ec8)
  • HeapFree (Address: 0x180017ed8)
  • InitializeCriticalSectionEx (Address: 0x180017ef8)
  • IsDebuggerPresent (Address: 0x180017e98)
  • LeaveCriticalSection (Address: 0x180017f10)
  • LocaleNameToLCID (Address: 0x180017fb8)
  • OpenSemaphoreW (Address: 0x180018000)
  • OutputDebugStringW (Address: 0x180018020)
  • QueryPerformanceCounter (Address: 0x180017f68)
  • RegisterWaitForSingleObject (Address: 0x180017f50)
  • ReleaseMutex (Address: 0x180018038)
  • ReleaseSemaphore (Address: 0x180017fa8)
  • ReleaseSRWLockExclusive (Address: 0x180018028)
  • ReleaseSRWLockShared (Address: 0x180017ff0)
  • SetEvent (Address: 0x180017f58)
  • SetLastError (Address: 0x180017fc0)
  • SetThreadpoolTimer (Address: 0x180017ff8)
  • SetThreadPriority (Address: 0x180017f40)
  • SetUnhandledExceptionFilter (Address: 0x180017f90)
  • Sleep (Address: 0x180017f28)
  • TerminateProcess (Address: 0x180017fa0)
  • UnhandledExceptionFilter (Address: 0x180017f88)
  • UnregisterWaitEx (Address: 0x180017f60)
  • WaitForMultipleObjects (Address: 0x180017f48)
  • WaitForSingleObject (Address: 0x180018040)
  • WaitForSingleObjectEx (Address: 0x180018008)
  • WaitForThreadpoolTimerCallbacks (Address: 0x180018048)
msvcrt.dll
  • __C_specific_handler (Address: 0x180018160)
  • __CxxFrameHandler3 (Address: 0x1800180f8)
  • __dllonexit (Address: 0x180018148)
  • _amsg_exit (Address: 0x180018170)
  • _CxxThrowException (Address: 0x180018190)
  • _initterm (Address: 0x180018168)
  • _lock (Address: 0x180018158)
  • _onexit (Address: 0x180018140)
  • _purecall (Address: 0x180018200)
  • _unlock (Address: 0x180018150)
  • _vsnprintf_s (Address: 0x180018110)
  • _vsnwprintf (Address: 0x180018100)
  • _wcsicmp (Address: 0x1800181e0)
  • _wcsnicmp (Address: 0x1800181d0)
  • _wcstoui64 (Address: 0x180018120)
  • _XcptFilter (Address: 0x180018178)
  • ??0exception@@QEAA@AEBQEBD@Z (Address: 0x1800181b8)
  • ??0exception@@QEAA@AEBQEBDH@Z (Address: 0x1800181b0)
  • ??0exception@@QEAA@AEBV0@@Z (Address: 0x1800181a8)
  • ??0exception@@QEAA@XZ (Address: 0x1800181c0)
  • ??1exception@@UEAA@XZ (Address: 0x1800181a0)
  • ??1type_info@@UEAA@XZ (Address: 0x180018138)
  • ?terminate@@YAXXZ (Address: 0x1800181f0)
  • ?what@exception@@UEBAPEBDXZ (Address: 0x180018198)
  • free (Address: 0x1800181f8)
  • iswspace (Address: 0x1800181d8)
  • malloc (Address: 0x1800181e8)
  • memcmp (Address: 0x180018128)
  • memcpy (Address: 0x180018188)
  • memcpy_s (Address: 0x180018108)
  • memmove (Address: 0x180018180)
  • memmove_s (Address: 0x180018118)
  • memset (Address: 0x180018130)
  • swprintf_s (Address: 0x180018208)
  • wcscmp (Address: 0x180018210)
  • wcsncpy_s (Address: 0x1800181c8)
ntdll.dll
  • RtlCaptureContext (Address: 0x180018220)
  • RtlLookupFunctionEntry (Address: 0x180018230)
  • RtlVirtualUnwind (Address: 0x180018228)
RPCRT4.dll
  • RpcStringFreeW (Address: 0x180018068)
  • UuidCreate (Address: 0x180018070)
  • UuidToStringW (Address: 0x180018078)
USERENV.dll
  • RegisterGPNotification (Address: 0x180018090)
  • UnregisterGPNotification (Address: 0x180018088)
wevtapi.dll
  • EvtClose (Address: 0x180018260)
  • EvtCreateBookmark (Address: 0x180018258)
  • EvtCreateRenderContext (Address: 0x180018268)
  • EvtFormatMessage (Address: 0x180018288)
  • EvtGetQueryInfo (Address: 0x180018298)
  • EvtNext (Address: 0x180018278)
  • EvtOpenPublisherMetadata (Address: 0x180018248)
  • EvtQuery (Address: 0x180018240)
  • EvtRender (Address: 0x180018250)
  • EvtSeek (Address: 0x180018280)
  • EvtSubscribe (Address: 0x180018270)
  • EvtUpdateBookmark (Address: 0x180018290)
WsmSvc.DLL
  • WSManAddSubscriptionManagerInternal (Address: 0x1800180c0)
  • WSManCloseObjectHandle (Address: 0x1800180b8)
  • WSManClosePublisherHandle (Address: 0x1800180d0)
  • WSManConstructError (Address: 0x1800180a8)
  • WSManDecodeObject (Address: 0x1800180b0)
  • WSManDeliverEndSubscriptionNotification (Address: 0x1800180c8)
  • WSManDeliverEvent (Address: 0x1800180a0)
  • WSManEncodeObject (Address: 0x1800180e0)
  • WSManEnumeratorAddEvent (Address: 0x1800180d8)
  • WSManRemoveSubscriptionManagerInternal (Address: 0x1800180e8)