EtwRundown.dll
Description: Etw Rundown Helper Library
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.1
Architecture: 32-bit
Operating System: Windows NT
SHA256: 7614e95cdb37e74d181603ab09b12f4d
File Size: 39.5 KB
Uploaded At: Dec. 1, 2025, 7:56 a.m.
Views: 4
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- EtwLogHeapRundown (Ordinal: 1, Address: 0x3e10)
- EtwLogSysConfigRundown (Ordinal: 2, Address: 0x2570)
Imported DLLs & Functions
api-ms-win-core-apiquery-l1-1-0.dll
- ApiSetQueryApiSetPresence (Address: 0x1000a054)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x1000a05c)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x1000a064)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x1000a074)
- SetUnhandledExceptionFilter (Address: 0x1000a070)
- UnhandledExceptionFilter (Address: 0x1000a06c)
api-ms-win-core-file-l1-1-0.dll
- CreateFileW (Address: 0x1000a08c)
- GetDriveTypeW (Address: 0x1000a07c)
- GetLogicalDriveStringsW (Address: 0x1000a080)
- GetVolumeInformationW (Address: 0x1000a088)
- LocalFileTimeToFileTime (Address: 0x1000a084)
api-ms-win-core-file-l1-2-0.dll
- GetVolumePathNamesForVolumeNameW (Address: 0x1000a094)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x1000a09c)
api-ms-win-core-heap-l2-1-0.dll
- LocalFree (Address: 0x1000a0a4)
api-ms-win-core-io-l1-1-0.dll
- DeviceIoControl (Address: 0x1000a0b0)
- GetOverlappedResult (Address: 0x1000a0ac)
api-ms-win-core-libraryloader-l1-2-0.dll
- DisableThreadLibraryCalls (Address: 0x1000a0b8)
api-ms-win-core-processthreads-l1-1-0.dll
- GetCurrentProcess (Address: 0x1000a0cc)
- GetCurrentProcessId (Address: 0x1000a0c4)
- GetCurrentThreadId (Address: 0x1000a0c0)
- TerminateProcess (Address: 0x1000a0c8)
api-ms-win-core-processthreads-l1-1-1.dll
- IsProcessorFeaturePresent (Address: 0x1000a0d4)
- OpenProcess (Address: 0x1000a0d8)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x1000a0e0)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x1000a0fc)
- RegEnumKeyExW (Address: 0x1000a0e8)
- RegEnumValueW (Address: 0x1000a0f4)
- RegOpenKeyExW (Address: 0x1000a0ec)
- RegQueryInfoKeyW (Address: 0x1000a0f8)
- RegQueryValueExW (Address: 0x1000a0f0)
api-ms-win-core-synch-l1-1-0.dll
- CreateEventW (Address: 0x1000a104)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetComputerNameExW (Address: 0x1000a110)
- GetSystemTimeAsFileTime (Address: 0x1000a118)
- GetSystemWindowsDirectoryW (Address: 0x1000a10c)
- GetTickCount (Address: 0x1000a114)
- GlobalMemoryStatusEx (Address: 0x1000a11c)
api-ms-win-core-sysinfo-l1-2-0.dll
- GetNativeSystemInfo (Address: 0x1000a128)
- GetSystemFirmwareTable (Address: 0x1000a124)
api-ms-win-core-timezone-l1-1-0.dll
- SystemTimeToFileTime (Address: 0x1000a130)
api-ms-win-service-core-l1-1-1.dll
- EnumServicesStatusExW (Address: 0x1000a138)
api-ms-win-service-management-l1-1-0.dll
- CloseServiceHandle (Address: 0x1000a140)
- OpenSCManagerW (Address: 0x1000a144)
api-ms-win-service-private-l1-1-0.dll
- I_QueryTagInformation (Address: 0x1000a14c)
CFGMGR32.dll
- CM_Free_Log_Conf_Handle (Address: 0x1000a010)
- CM_Free_Res_Des_Handle (Address: 0x1000a000)
- CM_Get_DevNode_Status_Ex (Address: 0x1000a018)
- CM_Get_First_Log_Conf_Ex (Address: 0x1000a008)
- CM_Get_Next_Res_Des_Ex (Address: 0x1000a014)
- CM_Get_Res_Des_Data_Ex (Address: 0x1000a004)
- CM_Get_Res_Des_Data_Size_Ex (Address: 0x1000a00c)
DEVOBJ.dll
- DevObjCreateDeviceInfoList (Address: 0x1000a044)
- DevObjDestroyDeviceInfoList (Address: 0x1000a030)
- DevObjEnumDeviceInfo (Address: 0x1000a03c)
- DevObjEnumDeviceInterfaces (Address: 0x1000a024)
- DevObjGetClassDevs (Address: 0x1000a028)
- DevObjGetDeviceInfoListDetail (Address: 0x1000a034)
- DevObjGetDeviceInstanceId (Address: 0x1000a020)
- DevObjGetDeviceInterfaceDetail (Address: 0x1000a02c)
- DevObjGetDeviceRegistryProperty (Address: 0x1000a038)
- DevObjOpenDevRegKey (Address: 0x1000a040)
IPHLPAPI.DLL
- GetAdaptersAddresses (Address: 0x1000a04c)
ntdll.dll
- _vsnwprintf (Address: 0x1000a19c)
- _wcsicmp (Address: 0x1000a1b4)
- EtwpGetCpuSpeed (Address: 0x1000a160)
- memcpy (Address: 0x1000a194)
- memset (Address: 0x1000a1dc)
- NtClose (Address: 0x1000a1a4)
- NtEnumerateKey (Address: 0x1000a15c)
- NtOpenFile (Address: 0x1000a164)
- NtOpenKey (Address: 0x1000a198)
- NtPowerInformation (Address: 0x1000a1b8)
- NtQueryInformationProcess (Address: 0x1000a158)
- NtQuerySystemInformation (Address: 0x1000a1a0)
- NtQueryValueKey (Address: 0x1000a1c8)
- NtQueryVolumeInformationFile (Address: 0x1000a1ac)
- NtSetInformationThread (Address: 0x1000a188)
- NtTraceEvent (Address: 0x1000a1c4)
- RtlAdjustPrivilege (Address: 0x1000a184)
- RtlAllocateHeap (Address: 0x1000a1d0)
- RtlCreateQueryDebugBuffer (Address: 0x1000a180)
- RtlDestroyQueryDebugBuffer (Address: 0x1000a190)
- RtlFreeHeap (Address: 0x1000a1cc)
- RtlGetDeviceFamilyInfoEnum (Address: 0x1000a1d8)
- RtlGetNativeSystemInformation (Address: 0x1000a170)
- RtlGUIDFromString (Address: 0x1000a168)
- RtlImpersonateSelf (Address: 0x1000a178)
- RtlInitUnicodeString (Address: 0x1000a1d4)
- RtlIpv4AddressToStringW (Address: 0x1000a174)
- RtlIpv6AddressToStringW (Address: 0x1000a16c)
- RtlNtStatusToDosError (Address: 0x1000a1b0)
- RtlQueryHeapInformation (Address: 0x1000a17c)
- RtlQueryProcessDebugInformation (Address: 0x1000a18c)
- RtlReAllocateHeap (Address: 0x1000a1c0)
- wcsncmp (Address: 0x1000a1a8)
- wcsrchr (Address: 0x1000a154)
- wcsstr (Address: 0x1000a1bc)