AppVEntSubsystems32.dll

Description: Client Virtualization Subsystems

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.5794

Architecture: 32-bit

Operating System: Windows NT

SHA256: 213ff7b83cf6548738d2839f6ed70e9b

File Size: 1.4 MB

Uploaded At: Dec. 1, 2025, 7:53 a.m.

Views: 6

Exported Functions

  • APIExportForDetours (Ordinal: 1, Address: 0x4f320)
  • RequestUnhookedFunctionList (Ordinal: 2, Address: 0x4e490)
  • VirtualizeCurrentThread (Ordinal: 3, Address: 0x50280)
  • CurrentThreadIsVirtualized (Ordinal: 4, Address: 0x50260)
  • VirtualizeCurrentProcess (Ordinal: 5, Address: 0x502e0)
  • _IsProcessHooked@0 (Ordinal: 6, Address: 0x50250)

Imported DLLs & Functions

ADVAPI32.dll
  • EventRegister (Address: 0x10158000)
  • EventSetInformation (Address: 0x10158018)
  • EventUnregister (Address: 0x10158004)
  • EventWriteTransfer (Address: 0x10158010)
  • RegCloseKey (Address: 0x1015800c)
  • RegOpenKeyExW (Address: 0x10158008)
  • RegQueryValueExW (Address: 0x10158014)
api-ms-win-core-com-l1-1-0.dll
  • CLSIDFromString (Address: 0x10158270)
  • CoCreateGuid (Address: 0x1015825c)
  • CoCreateInstance (Address: 0x10158248)
  • CoGetTreatAsClass (Address: 0x10158250)
  • CoInitializeEx (Address: 0x1015826c)
  • CoMarshalInterface (Address: 0x1015827c)
  • CoTaskMemAlloc (Address: 0x10158278)
  • CoTaskMemFree (Address: 0x10158260)
  • CoUninitialize (Address: 0x10158264)
  • CoUnmarshalInterface (Address: 0x10158254)
  • CreateStreamOnHGlobal (Address: 0x10158268)
  • PropVariantClear (Address: 0x1015824c)
  • StringFromCLSID (Address: 0x10158274)
  • StringFromGUID2 (Address: 0x10158258)
api-ms-win-core-console-l3-2-0.dll
  • GetConsoleWindow (Address: 0x10158284)
api-ms-win-core-errorhandling-l1-1-2.dll
  • RaiseFailFastException (Address: 0x1015828c)
api-ms-win-core-file-l1-1-0.dll
  • FindClose (Address: 0x101582ac)
  • FindFirstFileW (Address: 0x101582a8)
  • FindFirstVolumeW (Address: 0x101582a4)
  • FindNextFileW (Address: 0x101582b0)
  • FindNextVolumeW (Address: 0x10158294)
  • FindVolumeClose (Address: 0x1015829c)
  • GetFileAttributesW (Address: 0x101582bc)
  • GetFinalPathNameByHandleW (Address: 0x101582b8)
  • GetLogicalDriveStringsW (Address: 0x101582c0)
  • GetShortPathNameW (Address: 0x101582b4)
  • GetVolumePathNameW (Address: 0x10158298)
  • QueryDosDeviceW (Address: 0x101582a0)
api-ms-win-core-file-l1-2-0.dll
  • GetVolumePathNamesForVolumeNameW (Address: 0x101582c8)
api-ms-win-core-file-l1-2-2.dll
  • FindFirstFileNameW (Address: 0x101582d4)
  • FindNextFileNameW (Address: 0x101582d0)
api-ms-win-core-handle-l1-1-0.dll
  • DuplicateHandle (Address: 0x101582dc)
api-ms-win-core-heap-l2-1-0.dll
  • LocalFree (Address: 0x101582e4)
api-ms-win-core-io-l1-1-0.dll
  • DeviceIoControl (Address: 0x101582f0)
  • GetOverlappedResult (Address: 0x101582ec)
api-ms-win-core-libraryloader-l1-2-0.dll
  • LoadLibraryExA (Address: 0x101582f8)
api-ms-win-core-libraryloader-l1-2-1.dll
  • LoadLibraryA (Address: 0x10158300)
api-ms-win-core-localization-l1-2-0.dll
  • GetUserDefaultLangID (Address: 0x10158308)
api-ms-win-core-memory-l1-1-0.dll
  • CreateFileMappingW (Address: 0x1015831c)
  • MapViewOfFile (Address: 0x10158318)
  • UnmapViewOfFile (Address: 0x10158314)
  • VirtualFree (Address: 0x10158310)
  • VirtualProtect (Address: 0x10158324)
  • VirtualQuery (Address: 0x10158320)
api-ms-win-core-memory-l1-1-4.dll
  • QueryVirtualMemoryInformation (Address: 0x1015832c)
api-ms-win-core-namedpipe-l1-1-0.dll
  • ConnectNamedPipe (Address: 0x10158340)
  • CreateNamedPipeW (Address: 0x10158338)
  • DisconnectNamedPipe (Address: 0x1015833c)
  • PeekNamedPipe (Address: 0x10158334)
api-ms-win-core-processenvironment-l1-1-0.dll
  • ExpandEnvironmentStringsW (Address: 0x10158354)
  • GetCurrentDirectoryW (Address: 0x10158348)
  • GetEnvironmentVariableW (Address: 0x10158358)
  • SearchPathW (Address: 0x1015834c)
  • SetCurrentDirectoryW (Address: 0x10158350)
api-ms-win-core-processthreads-l1-1-0.dll
  • CreateProcessAsUserW (Address: 0x10158370)
  • CreateProcessW (Address: 0x1015836c)
  • GetProcessId (Address: 0x10158374)
  • OpenProcessToken (Address: 0x10158378)
  • OpenThreadToken (Address: 0x10158360)
  • ResumeThread (Address: 0x1015837c)
  • SetThreadToken (Address: 0x10158364)
  • SuspendThread (Address: 0x10158368)
api-ms-win-core-processthreads-l1-1-1.dll
  • FlushInstructionCache (Address: 0x1015838c)
  • GetProcessMitigationPolicy (Address: 0x10158384)
  • GetThreadContext (Address: 0x10158390)
  • SetThreadContext (Address: 0x10158388)
api-ms-win-core-psapi-l1-1-0.dll
  • K32GetMappedFileNameW (Address: 0x10158398)
api-ms-win-core-registry-l1-1-0.dll
  • RegCreateKeyExW (Address: 0x101583ac)
  • RegEnumKeyExW (Address: 0x101583a8)
  • RegEnumValueW (Address: 0x101583a0)
  • RegSetValueExW (Address: 0x101583a4)
api-ms-win-core-registry-l2-1-0.dll
  • RegDeleteKeyW (Address: 0x101583b4)
api-ms-win-core-synch-l1-1-0.dll
  • AcquireSRWLockExclusive (Address: 0x101583cc)
  • AcquireSRWLockShared (Address: 0x101583e0)
  • CreateMutexExW (Address: 0x101583dc)
  • CreateSemaphoreExW (Address: 0x101583c0)
  • InitializeSRWLock (Address: 0x101583bc)
  • OpenEventW (Address: 0x101583d8)
  • OpenSemaphoreW (Address: 0x101583d0)
  • ReleaseSemaphore (Address: 0x101583c4)
  • ReleaseSRWLockExclusive (Address: 0x101583c8)
  • ReleaseSRWLockShared (Address: 0x101583d4)
api-ms-win-core-synch-l1-2-0.dll
  • Sleep (Address: 0x101583e8)
api-ms-win-core-synch-l1-2-1.dll
  • WaitForMultipleObjects (Address: 0x101583f0)
api-ms-win-core-sysinfo-l1-1-0.dll
  • GetSystemDirectoryW (Address: 0x101583f8)
  • GetVersion (Address: 0x10158404)
  • GetVersionExW (Address: 0x101583fc)
  • GetWindowsDirectoryW (Address: 0x10158400)
api-ms-win-core-sysinfo-l1-2-0.dll
  • GetNativeSystemInfo (Address: 0x1015840c)
api-ms-win-core-threadpool-l1-2-0.dll
  • CloseThreadpoolTimer (Address: 0x10158420)
  • CreateThreadpoolTimer (Address: 0x1015841c)
  • SetThreadpoolTimer (Address: 0x10158414)
  • WaitForThreadpoolTimerCallbacks (Address: 0x10158418)
api-ms-win-core-threadpool-legacy-l1-1-0.dll
  • QueueUserWorkItem (Address: 0x10158428)
api-ms-win-core-url-l1-1-0.dll
  • PathCreateFromUrlW (Address: 0x10158430)
  • UrlCreateFromPathW (Address: 0x10158434)
api-ms-win-core-version-l1-1-0.dll
  • VerQueryValueW (Address: 0x1015843c)
api-ms-win-core-version-l1-1-1.dll
  • GetFileVersionInfoSizeW (Address: 0x10158444)
  • GetFileVersionInfoW (Address: 0x10158448)
api-ms-win-core-wow64-l1-1-0.dll
  • IsWow64Process (Address: 0x10158450)
api-ms-win-core-wow64-l1-1-1.dll
  • GetSystemWow64DirectoryW (Address: 0x10158458)
api-ms-win-security-base-l1-1-0.dll
  • AddAce (Address: 0x101584b0)
  • CopySid (Address: 0x101584b8)
  • DuplicateToken (Address: 0x10158490)
  • DuplicateTokenEx (Address: 0x10158494)
  • EqualSid (Address: 0x1015847c)
  • GetAclInformation (Address: 0x1015849c)
  • GetLengthSid (Address: 0x101584a4)
  • GetSecurityDescriptorControl (Address: 0x10158474)
  • GetSecurityDescriptorDacl (Address: 0x101584c0)
  • GetSecurityDescriptorGroup (Address: 0x10158484)
  • GetSecurityDescriptorLength (Address: 0x1015846c)
  • GetSecurityDescriptorOwner (Address: 0x10158470)
  • GetSecurityDescriptorSacl (Address: 0x10158488)
  • GetSidLengthRequired (Address: 0x10158464)
  • GetSidSubAuthority (Address: 0x10158460)
  • GetTokenInformation (Address: 0x101584b4)
  • InitializeAcl (Address: 0x101584ac)
  • InitializeSecurityDescriptor (Address: 0x101584bc)
  • InitializeSid (Address: 0x10158480)
  • IsValidSid (Address: 0x10158468)
  • MakeAbsoluteSD (Address: 0x10158478)
  • MakeSelfRelativeSD (Address: 0x1015848c)
  • SetSecurityDescriptorDacl (Address: 0x10158498)
  • SetSecurityDescriptorGroup (Address: 0x101584a8)
  • SetSecurityDescriptorOwner (Address: 0x101584a0)
api-ms-win-security-lsalookup-l2-1-0.dll
  • LookupAccountSidW (Address: 0x101584c8)
api-ms-win-security-sddl-l1-1-0.dll
  • ConvertSidToStringSidW (Address: 0x101584d4)
  • ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x101584d0)
api-ms-win-shcore-sysinfo-l1-1-0.dll
  • GetCurrentProcessExplicitAppUserModelID (Address: 0x101584dc)
GDI32.dll
  • AddFontResourceExW (Address: 0x10158020)
  • CreateScalableFontResourceW (Address: 0x10158024)
KERNEL32.dll
  • CheckRemoteDebuggerPresent (Address: 0x10158070)
  • CloseHandle (Address: 0x10158068)
  • CompareStringEx (Address: 0x101580a0)
  • CreateEventW (Address: 0x10158158)
  • CreateFileW (Address: 0x10158144)
  • CreateMutexW (Address: 0x10158058)
  • CreateThread (Address: 0x10158078)
  • DebugBreak (Address: 0x10158050)
  • DecodePointer (Address: 0x10158094)
  • DeleteCriticalSection (Address: 0x10158040)
  • DisableThreadLibraryCalls (Address: 0x10158064)
  • EncodePointer (Address: 0x10158090)
  • EnterCriticalSection (Address: 0x10158190)
  • EnumSystemLocalesW (Address: 0x101580f8)
  • ExitProcess (Address: 0x101580fc)
  • ExitThread (Address: 0x101581a4)
  • FindFirstFileExW (Address: 0x1015817c)
  • FlsAlloc (Address: 0x1015816c)
  • FlsFree (Address: 0x10158178)
  • FlsGetValue (Address: 0x10158170)
  • FlsSetValue (Address: 0x10158174)
  • FlushFileBuffers (Address: 0x10158124)
  • FormatMessageW (Address: 0x1015802c)
  • FreeEnvironmentStringsW (Address: 0x1015813c)
  • FreeLibrary (Address: 0x1015804c)
  • FreeLibraryAndExitThread (Address: 0x101581a0)
  • GetACP (Address: 0x10158104)
  • GetCommandLineA (Address: 0x101581b0)
  • GetCommandLineW (Address: 0x10158130)
  • GetConsoleMode (Address: 0x10158120)
  • GetConsoleOutputCP (Address: 0x1015811c)
  • GetCPInfo (Address: 0x1015809c)
  • GetCurrentProcess (Address: 0x1015818c)
  • GetCurrentProcessId (Address: 0x10158160)
  • GetCurrentThread (Address: 0x101580b8)
  • GetCurrentThreadId (Address: 0x101580e8)
  • GetEnvironmentStringsW (Address: 0x10158138)
  • GetFileSizeEx (Address: 0x1015810c)
  • GetFileType (Address: 0x101580c0)
  • GetLastError (Address: 0x10158030)
  • GetLocaleInfoW (Address: 0x101580ec)
  • GetModuleFileNameA (Address: 0x1015819c)
  • GetModuleFileNameW (Address: 0x10158054)
  • GetModuleHandleExW (Address: 0x10158188)
  • GetModuleHandleW (Address: 0x10158048)
  • GetOEMCP (Address: 0x10158108)
  • GetProcAddress (Address: 0x1015803c)
  • GetProcessHeap (Address: 0x10158044)
  • GetStartupInfoW (Address: 0x101580c4)
  • GetStdHandle (Address: 0x101580bc)
  • GetStringTypeW (Address: 0x10158088)
  • GetSystemInfo (Address: 0x101581ac)
  • GetSystemTimeAsFileTime (Address: 0x101580e0)
  • GetUserDefaultLCID (Address: 0x101580f4)
  • HeapAlloc (Address: 0x10158038)
  • HeapDestroy (Address: 0x101581b4)
  • HeapFree (Address: 0x10158198)
  • HeapReAlloc (Address: 0x101580b4)
  • HeapSize (Address: 0x10158134)
  • InitializeCriticalSection (Address: 0x10158180)
  • InitializeCriticalSectionAndSpinCount (Address: 0x101580cc)
  • InitializeCriticalSectionEx (Address: 0x1015808c)
  • InitializeSListHead (Address: 0x10158164)
  • InitOnceExecuteOnce (Address: 0x10158080)
  • InterlockedFlushSList (Address: 0x10158168)
  • IsDebuggerPresent (Address: 0x1015806c)
  • IsProcessorFeaturePresent (Address: 0x101580b0)
  • IsValidCodePage (Address: 0x10158100)
  • IsValidLocale (Address: 0x101580f0)
  • K32GetModuleInformation (Address: 0x10158034)
  • LCMapStringEx (Address: 0x10158098)
  • LCMapStringW (Address: 0x101581b8)
  • LeaveCriticalSection (Address: 0x10158184)
  • LoadLibraryExW (Address: 0x101580e4)
  • LoadLibraryW (Address: 0x10158074)
  • MultiByteToWideChar (Address: 0x1015807c)
  • OutputDebugStringW (Address: 0x101581bc)
  • QueryPerformanceCounter (Address: 0x1015815c)
  • RaiseException (Address: 0x101580c8)
  • ReadConsoleW (Address: 0x1015812c)
  • ReadFile (Address: 0x10158128)
  • ReleaseMutex (Address: 0x10158060)
  • ResetEvent (Address: 0x10158150)
  • SetEnvironmentVariableW (Address: 0x10158140)
  • SetEvent (Address: 0x1015814c)
  • SetFilePointerEx (Address: 0x10158110)
  • SetLastError (Address: 0x10158194)
  • SetStdHandle (Address: 0x10158114)
  • SetUnhandledExceptionFilter (Address: 0x101580a8)
  • TerminateProcess (Address: 0x101580ac)
  • TlsAlloc (Address: 0x101580d0)
  • TlsFree (Address: 0x101580dc)
  • TlsGetValue (Address: 0x101580d4)
  • TlsSetValue (Address: 0x101580d8)
  • UnhandledExceptionFilter (Address: 0x101580a4)
  • VirtualAlloc (Address: 0x101581a8)
  • WaitForSingleObject (Address: 0x1015805c)
  • WaitForSingleObjectEx (Address: 0x10158154)
  • WideCharToMultiByte (Address: 0x10158084)
  • WriteConsoleW (Address: 0x10158148)
  • WriteFile (Address: 0x10158118)
ntdll.dll
  • NtClose (Address: 0x1015855c)
  • NtCreateKey (Address: 0x1015851c)
  • NtDeleteKey (Address: 0x1015856c)
  • NtDeleteValueKey (Address: 0x10158568)
  • NtDuplicateObject (Address: 0x1015850c)
  • NtEnumerateKey (Address: 0x10158570)
  • NtEnumerateValueKey (Address: 0x10158574)
  • NtFlushKey (Address: 0x10158580)
  • NtNotifyChangeMultipleKeys (Address: 0x1015857c)
  • NtOpenKey (Address: 0x10158578)
  • NtQueryInformationProcess (Address: 0x10158550)
  • NtQueryKey (Address: 0x101584f8)
  • NtQueryObject (Address: 0x101584e4)
  • NtQuerySecurityObject (Address: 0x101584f0)
  • NtQueryValueKey (Address: 0x10158584)
  • NtReadFile (Address: 0x101584e8)
  • NtRenameKey (Address: 0x10158518)
  • NtSetEvent (Address: 0x10158558)
  • NtSetInformationThread (Address: 0x101584ec)
  • NtSetSecurityObject (Address: 0x101584f4)
  • NtSetValueKey (Address: 0x10158564)
  • NtWriteFile (Address: 0x101584fc)
  • RtlAllocateHeap (Address: 0x10158548)
  • RtlCompareUnicodeString (Address: 0x10158500)
  • RtlCopyUnicodeString (Address: 0x1015852c)
  • RtlDeleteElementGenericTableAvl (Address: 0x10158524)
  • RtlEnumerateGenericTableAvl (Address: 0x10158534)
  • RtlEnumerateGenericTableWithoutSplayingAvl (Address: 0x1015853c)
  • RtlEqualUnicodeString (Address: 0x10158504)
  • RtlFreeHeap (Address: 0x1015854c)
  • RtlInitAnsiString (Address: 0x10158560)
  • RtlInitializeGenericTableAvl (Address: 0x10158520)
  • RtlInitUnicodeString (Address: 0x10158508)
  • RtlInsertElementGenericTableAvl (Address: 0x10158530)
  • RtlIntegerToUnicodeString (Address: 0x10158554)
  • RtlIsGenericTableEmptyAvl (Address: 0x10158538)
  • RtlIsNameInExpression (Address: 0x10158540)
  • RtlLookupElementGenericTableAvl (Address: 0x10158528)
  • RtlNtStatusToDosError (Address: 0x10158510)
  • RtlPrefixUnicodeString (Address: 0x10158544)
  • RtlUnwind (Address: 0x10158514)
ole32.dll
  • CreateFileMoniker (Address: 0x10158590)
  • GetClassFile (Address: 0x1015858c)
  • GetRunningObjectTable (Address: 0x10158594)
RPCRT4.dll
  • NdrClientCall2 (Address: 0x101581f4)
  • NdrClientCall4 (Address: 0x101581fc)
  • NdrServerCall2 (Address: 0x101581e8)
  • RpcBindingFree (Address: 0x10158204)
  • RpcBindingFromStringBindingW (Address: 0x101581e4)
  • RpcBindingInqAuthClientW (Address: 0x101581ec)
  • RpcBindingSetAuthInfoExW (Address: 0x101581d0)
  • RpcImpersonateClient (Address: 0x10158200)
  • RpcRevertToSelf (Address: 0x101581d8)
  • RpcServerListen (Address: 0x101581dc)
  • RpcServerRegisterAuthInfoW (Address: 0x101581e0)
  • RpcServerRegisterIf2 (Address: 0x101581cc)
  • RpcServerUnregisterIf (Address: 0x101581c8)
  • RpcServerUseProtseqEpW (Address: 0x101581d4)
  • RpcStringBindingComposeW (Address: 0x101581c4)
  • RpcStringFreeW (Address: 0x101581f0)
  • UuidCreate (Address: 0x101581f8)
SHELL32.dll
  • SHCreateItemFromParsingName (Address: 0x10158210)
  • SHGetPathFromIDListW (Address: 0x1015820c)
  • SHParseDisplayName (Address: 0x10158214)
USER32.dll
  • CallWindowProcW (Address: 0x10158234)
  • DispatchMessageW (Address: 0x10158230)
  • FindWindowW (Address: 0x1015821c)
  • GetParent (Address: 0x10158228)
  • GetWindowLongW (Address: 0x10158220)
  • IsWindowVisible (Address: 0x10158224)
  • PeekMessageW (Address: 0x1015822c)
  • WaitForInputIdle (Address: 0x10158238)
USERENV.dll
  • UnloadUserProfile (Address: 0x10158240)