ntevt.dll
Description: WMI Event Log Provider
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.5794
Architecture: 64-bit
Operating System: Windows NT
SHA256: d545db03b014e4d24491a0ba53f5d74b
File Size: 280.5 KB
Uploaded At: Dec. 1, 2025, 7:51 a.m.
Views: 5
Exported Functions
- DllCanUnloadNow (Ordinal: 1, Address: 0x89e0)
- DllGetClassObject (Ordinal: 2, Address: 0x63f0)
- DllRegisterServer (Ordinal: 3, Address: 0x16aa0)
- DllUnregisterServer (Ordinal: 4, Address: 0x17aa0)
Imported DLLs & Functions
api-ms-win-core-com-l1-1-0.dll
- CoGetCallContext (Address: 0x180030320)
- StringFromGUID2 (Address: 0x180030318)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x180030340)
- IsDebuggerPresent (Address: 0x180030338)
- OutputDebugStringW (Address: 0x180030330)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x180030350)
- SetLastError (Address: 0x180030358)
- SetUnhandledExceptionFilter (Address: 0x180030360)
- UnhandledExceptionFilter (Address: 0x180030368)
api-ms-win-core-file-l1-1-0.dll
- CompareFileTime (Address: 0x180030378)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x180030388)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x1800303a8)
- HeapAlloc (Address: 0x1800303a0)
- HeapFree (Address: 0x1800303b0)
- HeapReAlloc (Address: 0x180030398)
api-ms-win-core-heap-l2-1-0.dll
- LocalFree (Address: 0x1800303c0)
api-ms-win-core-libraryloader-l1-2-0.dll
- DisableThreadLibraryCalls (Address: 0x1800303e8)
- GetModuleFileNameA (Address: 0x1800303f0)
- GetModuleFileNameW (Address: 0x1800303f8)
- GetModuleHandleExW (Address: 0x1800303d0)
- GetModuleHandleW (Address: 0x1800303e0)
- GetProcAddress (Address: 0x1800303d8)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x180030408)
- LCMapStringW (Address: 0x180030410)
api-ms-win-core-processenvironment-l1-1-0.dll
- ExpandEnvironmentStringsW (Address: 0x180030420)
api-ms-win-core-processthreads-l1-1-0.dll
- GetCurrentProcess (Address: 0x180030458)
- GetCurrentProcessId (Address: 0x180030448)
- GetCurrentThread (Address: 0x180030440)
- GetCurrentThreadId (Address: 0x180030430)
- OpenThreadToken (Address: 0x180030438)
- TerminateProcess (Address: 0x180030450)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x180030468)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x180030490)
- RegCreateKeyExW (Address: 0x180030480)
- RegEnumKeyExW (Address: 0x180030478)
- RegOpenKeyExW (Address: 0x180030498)
- RegSetValueExW (Address: 0x180030488)
api-ms-win-core-registry-l2-1-0.dll
- RegDeleteKeyW (Address: 0x1800304a8)
api-ms-win-core-rtlsupport-l1-1-0.dll
- RtlCaptureContext (Address: 0x1800304c0)
- RtlLookupFunctionEntry (Address: 0x1800304b8)
- RtlVirtualUnwind (Address: 0x1800304c8)
api-ms-win-core-string-l1-1-0.dll
- MultiByteToWideChar (Address: 0x1800304d8)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x180030508)
- AcquireSRWLockShared (Address: 0x1800304f8)
- CreateMutexExW (Address: 0x1800304f0)
- CreateSemaphoreExW (Address: 0x180030560)
- DeleteCriticalSection (Address: 0x180030550)
- EnterCriticalSection (Address: 0x180030548)
- InitializeCriticalSectionAndSpinCount (Address: 0x180030558)
- InitializeCriticalSectionEx (Address: 0x180030510)
- LeaveCriticalSection (Address: 0x180030540)
- OpenSemaphoreW (Address: 0x180030530)
- ReleaseMutex (Address: 0x180030500)
- ReleaseSemaphore (Address: 0x1800304e8)
- ReleaseSRWLockExclusive (Address: 0x180030528)
- ReleaseSRWLockShared (Address: 0x180030538)
- WaitForSingleObject (Address: 0x180030520)
- WaitForSingleObjectEx (Address: 0x180030518)
api-ms-win-core-synch-l1-2-0.dll
- Sleep (Address: 0x180030570)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetSystemTimeAsFileTime (Address: 0x180030588)
- GetTickCount (Address: 0x180030580)
- GetTickCount64 (Address: 0x180030590)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpoolTimer (Address: 0x1800305a8)
- CreateThreadpoolTimer (Address: 0x1800305a0)
- SetThreadpoolTimer (Address: 0x1800305b8)
- WaitForThreadpoolTimerCallbacks (Address: 0x1800305b0)
api-ms-win-core-timezone-l1-1-0.dll
- FileTimeToSystemTime (Address: 0x1800305d8)
- GetTimeZoneInformation (Address: 0x1800305d0)
- SystemTimeToFileTime (Address: 0x1800305c8)
api-ms-win-eventing-classicprovider-l1-1-0.dll
- GetTraceEnableFlags (Address: 0x1800305e8)
- GetTraceEnableLevel (Address: 0x180030610)
- GetTraceLoggerHandle (Address: 0x180030608)
- RegisterTraceGuidsW (Address: 0x180030600)
- TraceMessage (Address: 0x1800305f0)
- UnregisterTraceGuids (Address: 0x1800305f8)
api-ms-win-security-base-l1-1-0.dll
- GetLengthSid (Address: 0x180030630)
- GetSecurityDescriptorDacl (Address: 0x180030628)
- GetTokenInformation (Address: 0x180030638)
- ImpersonateSelf (Address: 0x180030620)
- RevertToSelf (Address: 0x180030640)
api-ms-win-security-lsalookup-l1-1-0.dll
- LookupAccountSidLocalW (Address: 0x180030650)
api-ms-win-security-provider-l1-1-0.dll
- GetExplicitEntriesFromAclW (Address: 0x180030660)
api-ms-win-security-sddl-l1-1-0.dll
- ConvertSidToStringSidW (Address: 0x180030670)
- ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x180030678)
api-ms-win-security-trustee-l1-1-0.dll
- BuildSecurityDescriptorW (Address: 0x180030688)
msvcrt.dll
- __C_specific_handler (Address: 0x180030720)
- __CxxFrameHandler3 (Address: 0x180030768)
- __dllonexit (Address: 0x180030748)
- __RTtypeid (Address: 0x180030718)
- _amsg_exit (Address: 0x180030770)
- _CxxThrowException (Address: 0x1800306a0)
- _i64tow_s (Address: 0x180030760)
- _initterm (Address: 0x180030798)
- _lock (Address: 0x180030750)
- _onexit (Address: 0x1800306f0)
- _purecall (Address: 0x1800307c0)
- _ui64tow_s (Address: 0x180030788)
- _ultow_s (Address: 0x1800307b8)
- _unlock (Address: 0x180030778)
- _vsnprintf (Address: 0x1800307e8)
- _vsnprintf_s (Address: 0x180030830)
- _vsnwprintf (Address: 0x180030810)
- _vsnwprintf_s (Address: 0x180030730)
- _wcsicmp (Address: 0x1800307b0)
- _wtol (Address: 0x1800307d0)
- _XcptFilter (Address: 0x180030740)
- ??0exception@@QEAA@AEBQEBD@Z (Address: 0x1800306c8)
- ??0exception@@QEAA@AEBQEBDH@Z (Address: 0x1800306c0)
- ??0exception@@QEAA@AEBV0@@Z (Address: 0x1800306b8)
- ??0exception@@QEAA@XZ (Address: 0x1800306d8)
- ??1exception@@UEAA@XZ (Address: 0x180030780)
- ??1type_info@@UEAA@XZ (Address: 0x1800306d0)
- ??8type_info@@QEBAHAEBV0@@Z (Address: 0x180030728)
- ?terminate@@YAXXZ (Address: 0x1800306b0)
- ?what@exception@@UEBAPEBDXZ (Address: 0x1800306a8)
- atol (Address: 0x1800307e0)
- free (Address: 0x180030758)
- iswalnum (Address: 0x1800307f0)
- iswalpha (Address: 0x1800307f8)
- iswdigit (Address: 0x180030818)
- iswspace (Address: 0x180030820)
- iswxdigit (Address: 0x180030800)
- malloc (Address: 0x1800306e0)
- memcmp (Address: 0x1800307a8)
- memcpy (Address: 0x180030698)
- memcpy_s (Address: 0x180030790)
- memmove (Address: 0x1800306e8)
- memmove_s (Address: 0x180030808)
- memset (Address: 0x1800307c8)
- realloc (Address: 0x1800306f8)
- sscanf_s (Address: 0x1800307d8)
- swprintf_s (Address: 0x180030738)
- swscanf_s (Address: 0x180030700)
- towlower (Address: 0x180030708)
- towupper (Address: 0x180030710)
- wcscmp (Address: 0x180030838)
- wcstol (Address: 0x180030828)
- wcstoul (Address: 0x1800307a0)
OLEAUT32.dll
- SafeArrayAccessData (Address: 0x180030128)
- SafeArrayCreate (Address: 0x180030140)
- SafeArrayDestroy (Address: 0x180030150)
- SafeArrayGetDim (Address: 0x180030158)
- SafeArrayUnaccessData (Address: 0x180030130)
- SysAllocString (Address: 0x180030138)
- SysAllocStringLen (Address: 0x180030160)
- SysFreeString (Address: 0x180030148)
- SysStringLen (Address: 0x180030178)
- VariantChangeTypeEx (Address: 0x180030168)
- VariantClear (Address: 0x180030118)
- VariantCopy (Address: 0x180030170)
- VariantInit (Address: 0x180030120)
PROVTHRD.dll
- ??0QueryPreprocessor@@QEAA@XZ (Address: 0x180030260)
- ??0WmiSignedIntegerNode@@QEAA@PEAGJKPEAVWmiTreeNode@@@Z (Address: 0x180030248)
- ??0WmiSignedIntegerRangeNode@@QEAA@PEAGKHHHHJJPEAVWmiTreeNode@@1@Z (Address: 0x180030228)
- ??0WmiStringNode@@QEAA@PEAG0W4WmiValueFunction@WmiValueNode@@1KPEAVWmiTreeNode@@@Z (Address: 0x180030250)
- ??0WmiStringRangeNode@@QEAA@PEAGKHHHH00PEAVWmiTreeNode@@1@Z (Address: 0x180030218)
- ??0WmiUnsignedIntegerNode@@QEAA@PEAGKKPEAVWmiTreeNode@@@Z (Address: 0x180030240)
- ??0WmiUnsignedIntegerRangeNode@@QEAA@PEAGKHHHHKKPEAVWmiTreeNode@@1@Z (Address: 0x180030220)
- ??1QueryPreprocessor@@UEAA@XZ (Address: 0x180030268)
- ??1WmiSignedIntegerNode@@UEAA@XZ (Address: 0x180030210)
- ??1WmiSignedIntegerRangeNode@@UEAA@XZ (Address: 0x1800301b0)
- ??1WmiStringNode@@UEAA@XZ (Address: 0x180030238)
- ??1WmiStringRangeNode@@UEAA@XZ (Address: 0x180030198)
- ??1WmiUnsignedIntegerNode@@UEAA@XZ (Address: 0x1800301f0)
- ??1WmiUnsignedIntegerRangeNode@@UEAA@XZ (Address: 0x1800301c8)
- ?ClosedLowerBound@WmiRangeNode@@QEAAHXZ (Address: 0x180030258)
- ?ClosedUpperBound@WmiRangeNode@@QEAAHXZ (Address: 0x1800302b8)
- ?Copy@WmiSignedIntegerNode@@UEAAPEAVWmiTreeNode@@XZ (Address: 0x180030208)
- ?Copy@WmiSignedIntegerRangeNode@@UEAAPEAVWmiTreeNode@@XZ (Address: 0x1800301a8)
- ?Copy@WmiStringNode@@UEAAPEAVWmiTreeNode@@XZ (Address: 0x1800301d8)
- ?Copy@WmiStringRangeNode@@UEAAPEAVWmiTreeNode@@XZ (Address: 0x180030190)
- ?Copy@WmiUnsignedIntegerNode@@UEAAPEAVWmiTreeNode@@XZ (Address: 0x1800301e8)
- ?Copy@WmiUnsignedIntegerRangeNode@@UEAAPEAVWmiTreeNode@@XZ (Address: 0x1800301c0)
- ?CopyNode@WmiTreeNode@@UEAAPEAV1@XZ (Address: 0x180030200)
- ?GetConstantFunction@WmiValueNode@@QEAA?AW4WmiValueFunction@1@XZ (Address: 0x1800302e8)
- ?GetPartition@PartitionSet@@QEAAPEAV1@K@Z (Address: 0x180030290)
- ?GetPartitionCount@PartitionSet@@QEAAKXZ (Address: 0x180030288)
- ?GetPropertyFunction@WmiValueNode@@QEAA?AW4WmiValueFunction@1@XZ (Address: 0x1800302f0)
- ?GetPropertyName@WmiValueNode@@QEAAPEAGXZ (Address: 0x180030230)
- ?GetRange@PartitionSet@@QEAAPEAVWmiRangeNode@@XZ (Address: 0x180030298)
- ?GetValue@WmiSignedIntegerNode@@QEAAJXZ (Address: 0x1800302b0)
- ?GetValue@WmiStringNode@@QEAAPEAGXZ (Address: 0x1800302e0)
- ?InfiniteLowerBound@WmiRangeNode@@QEAAHXZ (Address: 0x1800302a0)
- ?InfiniteUpperBound@WmiRangeNode@@QEAAHXZ (Address: 0x1800302a8)
- ?LowerBound@WmiStringRangeNode@@QEAAPEAGXZ (Address: 0x1800302c8)
- ?LowerBound@WmiUnsignedIntegerRangeNode@@QEAAKXZ (Address: 0x1800302d0)
- ?PreProcess@QueryPreprocessor@@QEAA?AW4QuadState@1@PEAXPEAUSQL_LEVEL_1_RPN_EXPRESSION@@AEAPEAVWmiTreeNode@@@Z (Address: 0x180030278)
- ?PreProcess@QueryPreprocessor@@QEAA?AW4QuadState@1@PEAXPEAUSQL_LEVEL_1_RPN_EXPRESSION@@PEAVWmiTreeNode@@KPEAPEAGAEAPEAVPartitionSet@@@Z (Address: 0x180030280)
- ?Print@WmiSignedIntegerNode@@UEAAXXZ (Address: 0x1800301f8)
- ?Print@WmiSignedIntegerRangeNode@@UEAAXXZ (Address: 0x1800301a0)
- ?Print@WmiStringNode@@UEAAXXZ (Address: 0x1800301d0)
- ?Print@WmiStringRangeNode@@UEAAXXZ (Address: 0x180030188)
- ?Print@WmiUnsignedIntegerNode@@UEAAXXZ (Address: 0x1800301e0)
- ?Print@WmiUnsignedIntegerRangeNode@@UEAAXXZ (Address: 0x1800301b8)
- ?Query@QueryPreprocessor@@QEAA?AW4QuadState@1@PEAGAEAPEAUSQL_LEVEL_1_RPN_EXPRESSION@@@Z (Address: 0x180030270)
- ?UpperBound@WmiStringRangeNode@@QEAAPEAGXZ (Address: 0x1800302c0)
- ?UpperBound@WmiUnsignedIntegerRangeNode@@QEAAKXZ (Address: 0x1800302d8)
RPCRT4.dll
- RpcStringFreeW (Address: 0x180030308)
- UuidToStringW (Address: 0x180030300)
wevtapi.dll
- EvtClearLog (Address: 0x1800308b0)
- EvtClose (Address: 0x1800308a0)
- EvtCreateRenderContext (Address: 0x180030858)
- EvtExportLog (Address: 0x1800308b8)
- EvtFormatMessage (Address: 0x180030848)
- EvtGetChannelConfigProperty (Address: 0x180030898)
- EvtGetLogInfo (Address: 0x180030878)
- EvtNext (Address: 0x180030868)
- EvtOpenChannelConfig (Address: 0x1800308a8)
- EvtOpenLog (Address: 0x1800308c0)
- EvtOpenPublisherMetadata (Address: 0x180030860)
- EvtQuery (Address: 0x180030870)
- EvtRender (Address: 0x180030850)
- EvtSaveChannelConfig (Address: 0x180030888)
- EvtSetChannelConfigProperty (Address: 0x180030890)
- EvtSubscribe (Address: 0x180030880)