efsext.dll

Description: EFSEXT.DLL

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.4355

Architecture: 32-bit

Operating System: Windows NT

SHA256: 794527871454cbcfedc494e2303ebdd1

File Size: 54.5 KB

Uploaded At: Dec. 1, 2025, 7:56 a.m.

Views: 5

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • EdpPlatform_QueryUserSessionState (Ordinal: 1, Address: 0x4cc0)
  • EdpPlatform_RegisterUserSessionNotification (Ordinal: 2, Address: 0x4c80)
  • EdpPlatform_ShowDialog (Ordinal: 3, Address: 0x4aa0)
  • EdpPlatform_ShowUI (Ordinal: 4, Address: 0x4c50)
  • EdpPlatform_UnregisterUserSessionNotification (Ordinal: 5, Address: 0x4370)
  • EfsPlatform_GetCallerID (Ordinal: 6, Address: 0x4600)
  • EfsPlatform_IsCallerAutomaticallyDelegated (Ordinal: 7, Address: 0x4680)
  • EfsPlatform_LaunchPromptUI (Ordinal: 8, Address: 0x4740)
  • EfsPlatform_SuspendNotificationsAndEncryptFile (Ordinal: 9, Address: 0x4590)
  • EfsPlatform_UnpackSecurePin (Ordinal: 10, Address: 0x48d0)
  • FVE_LaunchConsentPromptUI (Ordinal: 11, Address: 0x4f20)
  • FVE_LaunchSDCardUI (Ordinal: 12, Address: 0x5070)

Imported DLLs & Functions

api-ms-win-appmodel-runtime-l1-1-0.dll
  • ClosePackageInfo (Address: 0x1000c0bc)
  • GetCurrentPackageInfo (Address: 0x1000c0b0)
  • GetPackageFamilyName (Address: 0x1000c0ac)
  • GetPackageFullName (Address: 0x1000c0a8)
  • GetPackageInfo (Address: 0x1000c0b4)
  • OpenPackageInfoByFullName (Address: 0x1000c0b8)
api-ms-win-core-com-l1-1-0.dll
  • CoCreateFreeThreadedMarshaler (Address: 0x1000c0c4)
  • CoCreateInstance (Address: 0x1000c0e0)
  • CoGetMalloc (Address: 0x1000c0d4)
  • CoInitializeEx (Address: 0x1000c0cc)
  • CoTaskMemAlloc (Address: 0x1000c0d0)
  • CoTaskMemFree (Address: 0x1000c0c8)
  • CoTaskMemRealloc (Address: 0x1000c0dc)
  • CoUninitialize (Address: 0x1000c0d8)
api-ms-win-core-debug-l1-1-0.dll
  • DebugBreak (Address: 0x1000c0ec)
  • IsDebuggerPresent (Address: 0x1000c0f0)
  • OutputDebugStringW (Address: 0x1000c0e8)
api-ms-win-core-delayload-l1-1-0.dll
  • DelayLoadFailureHook (Address: 0x1000c0f8)
api-ms-win-core-delayload-l1-1-1.dll
  • ResolveDelayLoadedAPI (Address: 0x1000c100)
api-ms-win-core-errorhandling-l1-1-0.dll
  • GetLastError (Address: 0x1000c10c)
  • SetLastError (Address: 0x1000c110)
  • SetUnhandledExceptionFilter (Address: 0x1000c114)
  • UnhandledExceptionFilter (Address: 0x1000c108)
api-ms-win-core-handle-l1-1-0.dll
  • CloseHandle (Address: 0x1000c11c)
api-ms-win-core-heap-l1-1-0.dll
  • GetProcessHeap (Address: 0x1000c12c)
  • HeapAlloc (Address: 0x1000c124)
  • HeapFree (Address: 0x1000c128)
api-ms-win-core-heap-l2-1-0.dll
  • LocalAlloc (Address: 0x1000c138)
  • LocalFree (Address: 0x1000c134)
api-ms-win-core-libraryloader-l1-2-0.dll
  • FindResourceExW (Address: 0x1000c158)
  • GetModuleFileNameA (Address: 0x1000c148)
  • GetModuleHandleExW (Address: 0x1000c154)
  • GetModuleHandleW (Address: 0x1000c144)
  • GetProcAddress (Address: 0x1000c14c)
  • LoadResource (Address: 0x1000c150)
  • LoadStringW (Address: 0x1000c140)
  • LockResource (Address: 0x1000c15c)
api-ms-win-core-localization-l1-2-0.dll
  • FormatMessageW (Address: 0x1000c164)
api-ms-win-core-processthreads-l1-1-0.dll
  • CreateProcessAsUserW (Address: 0x1000c16c)
  • GetCurrentProcess (Address: 0x1000c188)
  • GetCurrentProcessId (Address: 0x1000c180)
  • GetCurrentThread (Address: 0x1000c170)
  • GetCurrentThreadId (Address: 0x1000c17c)
  • OpenProcessToken (Address: 0x1000c178)
  • OpenThreadToken (Address: 0x1000c174)
  • TerminateProcess (Address: 0x1000c184)
api-ms-win-core-processthreads-l1-1-1.dll
  • OpenProcess (Address: 0x1000c190)
api-ms-win-core-profile-l1-1-0.dll
  • QueryPerformanceCounter (Address: 0x1000c198)
api-ms-win-core-psapi-l1-1-0.dll
  • QueryFullProcessImageNameW (Address: 0x1000c1a0)
api-ms-win-core-registry-l1-1-0.dll
  • RegCloseKey (Address: 0x1000c1b8)
  • RegCreateKeyExW (Address: 0x1000c1ac)
  • RegOpenCurrentUser (Address: 0x1000c1a8)
  • RegOpenKeyExW (Address: 0x1000c1b0)
  • RegQueryValueExW (Address: 0x1000c1b4)
api-ms-win-core-registry-l1-1-1.dll
  • RegDeleteKeyValueW (Address: 0x1000c1c0)
  • RegSetKeyValueW (Address: 0x1000c1c4)
api-ms-win-core-string-l1-1-0.dll
  • CompareStringOrdinal (Address: 0x1000c1cc)
api-ms-win-core-synch-l1-1-0.dll
  • CreateEventW (Address: 0x1000c1f0)
  • CreateMutexExW (Address: 0x1000c1e8)
  • CreateSemaphoreExW (Address: 0x1000c1ec)
  • OpenSemaphoreW (Address: 0x1000c1e0)
  • ReleaseMutex (Address: 0x1000c1d4)
  • ReleaseSemaphore (Address: 0x1000c1d8)
  • SetEvent (Address: 0x1000c1dc)
  • WaitForSingleObject (Address: 0x1000c1e4)
  • WaitForSingleObjectEx (Address: 0x1000c1f4)
api-ms-win-core-synch-l1-2-0.dll
  • Sleep (Address: 0x1000c1fc)
api-ms-win-core-sysinfo-l1-1-0.dll
  • GetSystemTimeAsFileTime (Address: 0x1000c208)
  • GetSystemWindowsDirectoryW (Address: 0x1000c204)
  • GetTickCount (Address: 0x1000c20c)
api-ms-win-eventing-classicprovider-l1-1-0.dll
  • TraceMessage (Address: 0x1000c214)
api-ms-win-eventing-provider-l1-1-0.dll
  • EventRegister (Address: 0x1000c220)
  • EventSetInformation (Address: 0x1000c228)
  • EventUnregister (Address: 0x1000c224)
  • EventWriteTransfer (Address: 0x1000c21c)
api-ms-win-security-base-l1-1-0.dll
  • AllocateAndInitializeSid (Address: 0x1000c23c)
  • DuplicateTokenEx (Address: 0x1000c238)
  • EqualSid (Address: 0x1000c230)
  • FreeSid (Address: 0x1000c240)
  • GetTokenInformation (Address: 0x1000c234)
api-ms-win-security-credentials-l1-1-0.dll
  • CredUnprotectW (Address: 0x1000c248)
api-ms-win-security-sddl-l1-1-0.dll
  • ConvertStringSidToSidW (Address: 0x1000c250)
api-ms-win-service-management-l1-1-0.dll
  • CloseServiceHandle (Address: 0x1000c25c)
  • OpenSCManagerW (Address: 0x1000c260)
  • OpenServiceW (Address: 0x1000c258)
  • StartServiceW (Address: 0x1000c264)
api-ms-win-service-winsvc-l1-1-0.dll
  • QueryServiceStatus (Address: 0x1000c26c)
api-ms-win-shcore-taskpool-l1-1-0.dll
  • SHTaskPoolQueueTask (Address: 0x1000c274)
CRYPT32.dll
  • CryptBinaryToStringW (Address: 0x1000c004)
  • CryptStringToBinaryA (Address: 0x1000c000)
DUI70.dll
  • ?_ZeroRelease@Value@DirectUI@@AAEXXZ (Address: 0x1000c028)
  • ?AddListener@Element@DirectUI@@QAEJPAUIElementListener@2@@Z (Address: 0x1000c03c)
  • ?Click@TouchButton@DirectUI@@SG?AVUID@@XZ (Address: 0x1000c038)
  • ?Create@DUIXmlParser@DirectUI@@SGJPAPAV12@P6GPAVValue@2@PBGPAX@Z2P6GX11H2@Z2@Z (Address: 0x1000c048)
  • ?CreateBool@Value@DirectUI@@SGPAV12@_N@Z (Address: 0x1000c024)
  • ?CreateElement@DUIXmlParser@DirectUI@@QAEJPBGPAVElement@2@1PAKPAPAV32@@Z (Address: 0x1000c040)
  • ?Destroy@DUIXmlParser@DirectUI@@QAEXXZ (Address: 0x1000c04c)
  • ?FindDescendent@Element@DirectUI@@QAEPAV12@G@Z (Address: 0x1000c058)
  • ?GetCheckedState@TouchCheckBox@DirectUI@@QAE?AW4CheckedStateFlags@2@XZ (Address: 0x1000c030)
  • ?GetClassInfoPtr@TouchCheckBox@DirectUI@@SGPAUIClassInfo@2@XZ (Address: 0x1000c00c)
  • ?GetClassInfoPtr@TouchHyperLink@DirectUI@@SGPAUIClassInfo@2@XZ (Address: 0x1000c010)
  • ?MultipleClick@TouchButton@DirectUI@@SG?AVUID@@XZ (Address: 0x1000c034)
  • ?SetValue@Element@DirectUI@@QAEJP6GPBUPropertyInfo@2@XZHPAVValue@2@@Z (Address: 0x1000c020)
  • ?SetXMLFromResource@DUIXmlParser@DirectUI@@QAEJIPAUHINSTANCE__@@0@Z (Address: 0x1000c044)
  • ?VisibleProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ (Address: 0x1000c01c)
  • InitProcessPriv (Address: 0x1000c018)
  • InitThread (Address: 0x1000c050)
  • StrToID (Address: 0x1000c02c)
  • UnInitProcessPriv (Address: 0x1000c014)
  • UnInitThread (Address: 0x1000c054)
msvcrt.dll
  • __CxxFrameHandler3 (Address: 0x1000c290)
  • __dllonexit (Address: 0x1000c28c)
  • _amsg_exit (Address: 0x1000c2a0)
  • _callnewh (Address: 0x1000c2cc)
  • _CxxThrowException (Address: 0x1000c2b4)
  • _except_handler4_common (Address: 0x1000c280)
  • _initterm (Address: 0x1000c298)
  • _lock (Address: 0x1000c294)
  • _onexit (Address: 0x1000c288)
  • _purecall (Address: 0x1000c2ac)
  • _unlock (Address: 0x1000c2d8)
  • _vsnprintf_s (Address: 0x1000c2b8)
  • _vsnwprintf (Address: 0x1000c2c0)
  • _XcptFilter (Address: 0x1000c2a4)
  • ??0exception@@QAE@ABV0@@Z (Address: 0x1000c2c8)
  • ??0exception@@QAE@XZ (Address: 0x1000c2c4)
  • ??1exception@@UAE@XZ (Address: 0x1000c2d4)
  • ??1type_info@@UAE@XZ (Address: 0x1000c284)
  • free (Address: 0x1000c2a8)
  • malloc (Address: 0x1000c29c)
  • memcpy (Address: 0x1000c27c)
  • memcpy_s (Address: 0x1000c2bc)
  • memset (Address: 0x1000c2dc)
  • wcschr (Address: 0x1000c2d0)
  • wcsncmp (Address: 0x1000c2b0)
ntdll.dll
  • NtQueryInformationToken (Address: 0x1000c2e8)
  • RtlAllocateHeap (Address: 0x1000c2f0)
  • RtlCompareUnicodeString (Address: 0x1000c2f8)
  • RtlFreeHeap (Address: 0x1000c2e4)
  • RtlInitUnicodeString (Address: 0x1000c2ec)
  • RtlNtStatusToDosErrorNoTeb (Address: 0x1000c2f4)
RPCRT4.dll
  • NdrClientCall4 (Address: 0x1000c078)
  • RpcBindingFree (Address: 0x1000c07c)
  • RpcBindingFromStringBindingW (Address: 0x1000c068)
  • RpcBindingSetAuthInfoExW (Address: 0x1000c070)
  • RpcImpersonateClient (Address: 0x1000c064)
  • RpcRevertToSelf (Address: 0x1000c060)
  • RpcStringBindingComposeW (Address: 0x1000c06c)
  • RpcStringFreeW (Address: 0x1000c074)
SHELL32.dll
  • (Address: 0x1000c084)
  • (Address: 0x1000c08c)
  • (Address: 0x1000c094)
  • SHChangeNotifySuspendResume (Address: 0x1000c090)
  • ShellExecuteExW (Address: 0x1000c088)
  • ShellExecuteW (Address: 0x1000c098)
USER32.dll
  • MsgWaitForMultipleObjects (Address: 0x1000c0a0)