fveapi.dll
Description: Windows BitLocker Drive Encryption API
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.6456
Architecture: 32-bit
Operating System: Windows NT
SHA256: 6086c07af2d76425aa01b8411b9198a1
File Size: 750.5 KB
Uploaded At: Dec. 1, 2025, 7:56 a.m.
Views: 8
Exported Functions
- InternalFveIsVolumeEncrypted (Ordinal: 1, Address: 0x54ce0)
- NgscbCheckDmaSecurity (Ordinal: 2, Address: 0x7e980)
- NgscbCheckDmaSecurityEx (Ordinal: 3, Address: 0x7e9a0)
- NgscbCheckHSTIPrerequisitesVerified (Ordinal: 4, Address: 0x7ea50)
- NgscbCheckIsAOACDevice (Ordinal: 5, Address: 0x353c0)
- NgscbCheckIsHSTIVerified (Ordinal: 6, Address: 0x352d0)
- NgscbCheckPreventDeviceEncryption (Ordinal: 7, Address: 0x7fa70)
- NgscbCheckPreventDeviceEncryptionForAad (Ordinal: 8, Address: 0x7fb00)
- NgscbGetWinReConfiguration (Ordinal: 9, Address: 0x810c0)
- NgscbIsHostOsOnRoamableDrive (Ordinal: 10, Address: 0x35460)
- FveAddAuthMethodInformation (Ordinal: 11, Address: 0x2fec0)
- FveAddAuthMethodSid (Ordinal: 12, Address: 0x56480)
- FveAddPredictiveTpmProtector (Ordinal: 13, Address: 0x39380)
- FveApplyGroupPolicy (Ordinal: 14, Address: 0x2aae0)
- FveApplyNkpCertChanges (Ordinal: 15, Address: 0x306f0)
- FveAttemptAutoUnlock (Ordinal: 16, Address: 0x56590)
- FveAuthElementFromPassPhraseW (Ordinal: 17, Address: 0x54dd0)
- FveAuthElementFromPinW (Ordinal: 18, Address: 0x54e90)
- FveAuthElementFromRecoveryPasswordW (Ordinal: 19, Address: 0x1d8e0)
- FveAuthElementGetKeyFileNameW (Ordinal: 20, Address: 0x54f60)
- FveAuthElementReadExternalKeyW (Ordinal: 21, Address: 0x55020)
- FveAuthElementToRecoveryPasswordW (Ordinal: 22, Address: 0x1db60)
- FveAuthElementWriteExternalKeyW (Ordinal: 23, Address: 0x550f0)
- FveBackupRecoveryInformationToAD (Ordinal: 24, Address: 0x56670)
- FveBackupRecoveryInformationToADEx (Ordinal: 25, Address: 0x56740)
- FveBindDataVolume (Ordinal: 26, Address: 0x56840)
- FveCanPinExceptionPolicyBeApplied (Ordinal: 27, Address: 0x551b0)
- FveCanStandardUsersChangePassphraseByProxy (Ordinal: 28, Address: 0x30f20)
- FveCanStandardUsersChangePin (Ordinal: 29, Address: 0x30ea0)
- FveCheckADRecoveryInfoBackupPolicy (Ordinal: 30, Address: 0x56940)
- FveCheckADRecoveryInfoBackupPolicyEx (Ordinal: 31, Address: 0x56a10)
- FveCheckPassphrasePolicy (Ordinal: 32, Address: 0x56ad0)
- FveCheckTpmCapability (Ordinal: 33, Address: 0x56b90)
- FveClearUserFlags (Ordinal: 34, Address: 0x551d0)
- FveCloseHandle (Ordinal: 35, Address: 0x32700)
- FveCloseVolume (Ordinal: 36, Address: 0x32690)
- FveCommitChanges (Ordinal: 37, Address: 0x1ecb0)
- FveCommitChangesEx (Ordinal: 38, Address: 0x38d00)
- FveControl (Ordinal: 39, Address: 0x392b0)
- FveConversionDecrypt (Ordinal: 40, Address: 0x551e0)
- FveConversionDecryptEx (Ordinal: 41, Address: 0x55200)
- FveConversionEncrypt (Ordinal: 42, Address: 0x56c70)
- FveConversionEncryptEx (Ordinal: 43, Address: 0x30ac0)
- FveConversionEncryptPendingReboot (Ordinal: 44, Address: 0x56ce0)
- FveConversionEncryptPendingRebootEx (Ordinal: 45, Address: 0x56d00)
- FveConversionPause (Ordinal: 46, Address: 0x552e0)
- FveConversionResume (Ordinal: 47, Address: 0x553c0)
- FveConversionStop (Ordinal: 48, Address: 0x554a0)
- FveConversionStopEx (Ordinal: 49, Address: 0x554c0)
- FveDecrementClearKeyCounter (Ordinal: 50, Address: 0x56dc0)
- FveDeleteAuthMethod (Ordinal: 51, Address: 0x56e80)
- FveDeleteDeviceEncryptionOptOutForVolumeW (Ordinal: 52, Address: 0x56f70)
- FveDisableDeviceLockoutState (Ordinal: 53, Address: 0x57080)
- FveDiscardChanges (Ordinal: 54, Address: 0x555a0)
- FveDraCertPresentInRegistry (Ordinal: 55, Address: 0x57150)
- FveEnableRawAccess (Ordinal: 56, Address: 0x55670)
- FveEnableRawAccessEx (Ordinal: 57, Address: 0x55690)
- FveEnableRawAccessW (Ordinal: 58, Address: 0x55760)
- FveEraseDrive (Ordinal: 59, Address: 0x2c400)
- FveEscrowEncryptedRecoveryKeyForRetailUnlock (Ordinal: 60, Address: 0x57200)
- FveExternalDataCreateEntry (Ordinal: 61, Address: 0x38de0)
- FveExternalDataDeleteEntries (Ordinal: 62, Address: 0x38eb0)
- FveExternalDataGetEntryInfo (Ordinal: 63, Address: 0x38f70)
- FveExternalDataGetEntryRawData (Ordinal: 64, Address: 0x39040)
- FveFindFirstVolume (Ordinal: 65, Address: 0x1f0d0)
- FveFindNextVolume (Ordinal: 66, Address: 0x1f560)
- FveFlagsToProtectorType (Ordinal: 67, Address: 0x29b70)
- FveGenerateNbp (Ordinal: 68, Address: 0x572b0)
- FveGenerateNkpSessionKeys (Ordinal: 69, Address: 0x30830)
- FveGetAllowKeyExport (Ordinal: 70, Address: 0x1bf40)
- FveGetAuthMethodGuids (Ordinal: 71, Address: 0x28610)
- FveGetAuthMethodInformation (Ordinal: 72, Address: 0x23390)
- FveGetAuthMethodSid (Ordinal: 73, Address: 0x57380)
- FveGetAuthMethodSidInformation (Ordinal: 74, Address: 0x57450)
- FveGetClearKeyCounter (Ordinal: 75, Address: 0x1e720)
- FveGetDataSet (Ordinal: 76, Address: 0x55830)
- FveGetDescriptionW (Ordinal: 77, Address: 0x575b0)
- FveGetDeviceLockoutData (Ordinal: 78, Address: 0x57690)
- FveGetExternalKeyBlob (Ordinal: 79, Address: 0x57750)
- FveGetFipsAllowDisabled (Ordinal: 80, Address: 0x55910)
- FveGetFveMethod (Ordinal: 81, Address: 0x231b0)
- FveGetFveMethodEDrv (Ordinal: 82, Address: 0x559c0)
- FveGetFveMethodEx (Ordinal: 83, Address: 0x23670)
- FveGetIdentificationFieldW (Ordinal: 84, Address: 0x1e660)
- FveGetIdentity (Ordinal: 85, Address: 0x23450)
- FveGetKeyPackage (Ordinal: 86, Address: 0x55a90)
- FveGetRecoveryPasswordBackupInformation (Ordinal: 87, Address: 0x55b80)
- FveGetSecureBootBindingState (Ordinal: 88, Address: 0x367d0)
- FveGetStatus (Ordinal: 89, Address: 0x327c0)
- FveGetStatusW (Ordinal: 90, Address: 0x55c40)
- FveGetUserFlags (Ordinal: 91, Address: 0x551d0)
- FveGetVolumeNameW (Ordinal: 92, Address: 0x1f940)
- FveInitVolume (Ordinal: 93, Address: 0x57800)
- FveInitVolumeEx (Ordinal: 94, Address: 0x1ee80)
- FveInitializeDeviceEncryption2 (Ordinal: 95, Address: 0x57870)
- FveInitializeDeviceEncryption (Ordinal: 96, Address: 0x579e0)
- FveIsAnyDataVolumeBoundToOSVolume (Ordinal: 97, Address: 0x57bf0)
- FveIsBoundDataVolume (Ordinal: 98, Address: 0x21db0)
- FveIsBoundDataVolumeToOSVolume (Ordinal: 99, Address: 0x57cc0)
- FveIsDeviceLockable (Ordinal: 100, Address: 0x57db0)
- FveIsDeviceLockedOut (Ordinal: 101, Address: 0x57ea0)
- FveIsHardwareReadyForConversion (Ordinal: 102, Address: 0x55d40)
- FveIsHybridVolume (Ordinal: 103, Address: 0x57f60)
- FveIsHybridVolumeW (Ordinal: 104, Address: 0x58040)
- FveIsPassphraseCompatibleW (Ordinal: 105, Address: 0x55dd0)
- FveIsRecoveryPasswordGroupValidW (Ordinal: 106, Address: 0x55e90)
- FveIsRecoveryPasswordValidW (Ordinal: 107, Address: 0x1d800)
- FveIsSchemaExtInstalled (Ordinal: 108, Address: 0x58130)
- FveIsVolumeEncryptable (Ordinal: 109, Address: 0x31ee0)
- FveKeyManagement (Ordinal: 110, Address: 0x581f0)
- FveLockDevice (Ordinal: 111, Address: 0x58310)
- FveLockVolume (Ordinal: 112, Address: 0x2c1b0)
- FveLogRecoveryReason (Ordinal: 113, Address: 0x583d0)
- FveNeedsDiscoveryVolumeUpdate (Ordinal: 114, Address: 0x584a0)
- FveNotifyVolumeAfterFormat (Ordinal: 115, Address: 0x2c990)
- FveOpenVolumeByHandle (Ordinal: 116, Address: 0x1fb10)
- FveOpenVolumeExW (Ordinal: 117, Address: 0x323c0)
- FveOpenVolumeW (Ordinal: 118, Address: 0x32390)
- FveProtectorTypeToFlags (Ordinal: 119, Address: 0x1e1f0)
- FveQuery (Ordinal: 120, Address: 0x58580)
- FveQueryDeviceEncryptionSupport (Ordinal: 121, Address: 0x34e90)
- FveRecalculateOffsetsAndMoveMetadata (Ordinal: 122, Address: 0x58600)
- FveRegenerateNbpSessionKey (Ordinal: 123, Address: 0x289c0)
- FveResetTpmDictionaryAttackParameters (Ordinal: 124, Address: 0x586e0)
- FveRevertVolume (Ordinal: 125, Address: 0x55f50)
- FveSaveRecoveryPasswordBackupFlag (Ordinal: 126, Address: 0x56010)
- FveSelectBestRecoveryPasswordByBackupInformation (Ordinal: 127, Address: 0x560d0)
- FveServiceDiscoveryVolume (Ordinal: 128, Address: 0x58810)
- FveSetAllowKeyExport (Ordinal: 129, Address: 0x1be80)
- FveSetDescriptionW (Ordinal: 130, Address: 0x588d0)
- FveSetFipsAllowDisabled (Ordinal: 131, Address: 0x367b0)
- FveSetFveMethod (Ordinal: 132, Address: 0x1e840)
- FveSetIdentificationFieldW (Ordinal: 133, Address: 0x589b0)
- FveSetRecoveryPasswordBackupInformation (Ordinal: 134, Address: 0x56190)
- FveSetUserFlags (Ordinal: 135, Address: 0x551d0)
- FveSetupTpmCallback (Ordinal: 136, Address: 0x39790)
- FveSysClearUserFlags (Ordinal: 137, Address: 0x1e020)
- FveSysCloseVolume (Ordinal: 138, Address: 0x1e5b0)
- FveSysGetUserFlags (Ordinal: 139, Address: 0x1dd70)
- FveSysOpenVolumeW (Ordinal: 140, Address: 0x58aa0)
- FveSysSetUserFlags (Ordinal: 141, Address: 0x1e0c0)
- FveUnbindAllDataVolumeFromOSVolume (Ordinal: 142, Address: 0x58b20)
- FveUnbindDataVolume (Ordinal: 143, Address: 0x58ed0)
- FveUnlockVolume (Ordinal: 144, Address: 0x1ecd0)
- FveUnlockVolumeAuthMethodSid (Ordinal: 145, Address: 0x58fa0)
- FveUnlockVolumeWithAccessMode (Ordinal: 146, Address: 0x59070)
- FveUpdateBandIdBcd (Ordinal: 147, Address: 0x1e400)
- FveUpdateDeviceLockoutState (Ordinal: 148, Address: 0x59170)
- FveUpdateDeviceLockoutStateEx (Ordinal: 149, Address: 0x591f0)
- FveUpdatePinW (Ordinal: 150, Address: 0x592d0)
- FveUpgradeVolume (Ordinal: 151, Address: 0x56260)
- FveValidateDeviceLockoutState (Ordinal: 152, Address: 0x593c0)
- FveValidateExistingPassphraseW (Ordinal: 153, Address: 0x59480)
- FveValidateExistingPinW (Ordinal: 154, Address: 0x59560)
Imported DLLs & Functions
api-ms-win-core-apiquery-l1-1-0.dll
- ApiSetQueryApiSetPresence (Address: 0x100ae000)
api-ms-win-core-com-l1-1-0.dll
- CLSIDFromString (Address: 0x100ae010)
- CoCreateGuid (Address: 0x100ae00c)
- CoGetCallContext (Address: 0x100ae018)
- CoInitializeEx (Address: 0x100ae01c)
- CoUninitialize (Address: 0x100ae014)
- StringFromGUID2 (Address: 0x100ae008)
api-ms-win-core-datetime-l1-1-0.dll
- GetDateFormatW (Address: 0x100ae024)
- GetTimeFormatW (Address: 0x100ae028)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x100ae034)
- IsDebuggerPresent (Address: 0x100ae030)
- OutputDebugStringW (Address: 0x100ae038)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x100ae040)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x100ae048)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x100ae054)
- SetLastError (Address: 0x100ae050)
- SetUnhandledExceptionFilter (Address: 0x100ae05c)
- UnhandledExceptionFilter (Address: 0x100ae058)
api-ms-win-core-file-l1-1-0.dll
- CreateDirectoryW (Address: 0x100ae09c)
- CreateFileW (Address: 0x100ae0ac)
- DeleteFileW (Address: 0x100ae0b4)
- FileTimeToLocalFileTime (Address: 0x100ae084)
- FindClose (Address: 0x100ae0a0)
- FindFirstFileW (Address: 0x100ae08c)
- FindFirstVolumeW (Address: 0x100ae0c8)
- FindNextFileW (Address: 0x100ae06c)
- FindNextVolumeW (Address: 0x100ae0c4)
- FindVolumeClose (Address: 0x100ae0b0)
- FlushFileBuffers (Address: 0x100ae07c)
- GetDiskFreeSpaceW (Address: 0x100ae0bc)
- GetDriveTypeW (Address: 0x100ae0a8)
- GetFileAttributesW (Address: 0x100ae080)
- GetFileInformationByHandle (Address: 0x100ae0b8)
- GetFileSize (Address: 0x100ae094)
- GetFileSizeEx (Address: 0x100ae064)
- GetLogicalDrives (Address: 0x100ae0a4)
- GetVolumeInformationW (Address: 0x100ae098)
- GetVolumePathNameW (Address: 0x100ae078)
- ReadFile (Address: 0x100ae0c0)
- RemoveDirectoryW (Address: 0x100ae070)
- SetEndOfFile (Address: 0x100ae088)
- SetFileAttributesW (Address: 0x100ae068)
- SetFilePointer (Address: 0x100ae090)
- SetFilePointerEx (Address: 0x100ae0cc)
- WriteFile (Address: 0x100ae074)
api-ms-win-core-file-l1-2-0.dll
- GetTempPathW (Address: 0x100ae0dc)
- GetVolumeNameForVolumeMountPointW (Address: 0x100ae0d8)
- GetVolumePathNamesForVolumeNameW (Address: 0x100ae0d4)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x100ae0e4)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x100ae0f4)
- HeapAlloc (Address: 0x100ae0f0)
- HeapFree (Address: 0x100ae0f8)
- HeapSize (Address: 0x100ae0ec)
api-ms-win-core-heap-l2-1-0.dll
- LocalAlloc (Address: 0x100ae104)
- LocalFree (Address: 0x100ae100)
api-ms-win-core-io-l1-1-0.dll
- DeviceIoControl (Address: 0x100ae10c)
api-ms-win-core-libraryloader-l1-2-0.dll
- FreeLibrary (Address: 0x100ae124)
- GetModuleFileNameA (Address: 0x100ae118)
- GetModuleFileNameW (Address: 0x100ae128)
- GetModuleHandleExW (Address: 0x100ae11c)
- GetModuleHandleW (Address: 0x100ae12c)
- GetProcAddress (Address: 0x100ae130)
- LoadLibraryExW (Address: 0x100ae114)
- LoadStringW (Address: 0x100ae120)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x100ae13c)
- IsDBCSLeadByte (Address: 0x100ae138)
api-ms-win-core-memory-l1-1-0.dll
- CreateFileMappingW (Address: 0x100ae154)
- MapViewOfFile (Address: 0x100ae144)
- UnmapViewOfFile (Address: 0x100ae148)
- VirtualAlloc (Address: 0x100ae150)
- VirtualFree (Address: 0x100ae14c)
api-ms-win-core-path-l1-1-0.dll
- PathCchCombine (Address: 0x100ae15c)
api-ms-win-core-processthreads-l1-1-0.dll
- GetCurrentProcess (Address: 0x100ae188)
- GetCurrentProcessId (Address: 0x100ae190)
- GetCurrentThread (Address: 0x100ae164)
- GetCurrentThreadId (Address: 0x100ae168)
- OpenProcessToken (Address: 0x100ae178)
- OpenThreadToken (Address: 0x100ae180)
- SetThreadToken (Address: 0x100ae174)
- TerminateProcess (Address: 0x100ae18c)
- TlsAlloc (Address: 0x100ae184)
- TlsFree (Address: 0x100ae17c)
- TlsGetValue (Address: 0x100ae16c)
- TlsSetValue (Address: 0x100ae170)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x100ae198)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x100ae1c8)
- RegCreateKeyExW (Address: 0x100ae1c0)
- RegDeleteKeyExW (Address: 0x100ae1b8)
- RegDeleteValueW (Address: 0x100ae1a4)
- RegEnumKeyExW (Address: 0x100ae1b0)
- RegEnumValueW (Address: 0x100ae1d4)
- RegFlushKey (Address: 0x100ae1cc)
- RegGetValueA (Address: 0x100ae1b4)
- RegGetValueW (Address: 0x100ae1a0)
- RegLoadKeyW (Address: 0x100ae1c4)
- RegOpenKeyExW (Address: 0x100ae1d0)
- RegQueryInfoKeyW (Address: 0x100ae1ac)
- RegQueryValueExW (Address: 0x100ae1d8)
- RegSetValueExW (Address: 0x100ae1a8)
- RegUnLoadKeyW (Address: 0x100ae1bc)
api-ms-win-core-registry-l1-1-1.dll
- RegSetKeyValueW (Address: 0x100ae1e0)
api-ms-win-core-string-l1-1-0.dll
- CompareStringOrdinal (Address: 0x100ae1f4)
- CompareStringW (Address: 0x100ae1f0)
- MultiByteToWideChar (Address: 0x100ae1ec)
- WideCharToMultiByte (Address: 0x100ae1e8)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x100ae210)
- AcquireSRWLockShared (Address: 0x100ae204)
- CreateEventW (Address: 0x100ae208)
- CreateMutexExW (Address: 0x100ae234)
- CreateSemaphoreExW (Address: 0x100ae240)
- DeleteCriticalSection (Address: 0x100ae228)
- EnterCriticalSection (Address: 0x100ae21c)
- InitializeCriticalSection (Address: 0x100ae224)
- InitializeCriticalSectionEx (Address: 0x100ae220)
- InitializeSRWLock (Address: 0x100ae23c)
- LeaveCriticalSection (Address: 0x100ae238)
- OpenSemaphoreW (Address: 0x100ae230)
- ReleaseMutex (Address: 0x100ae214)
- ReleaseSemaphore (Address: 0x100ae244)
- ReleaseSRWLockExclusive (Address: 0x100ae20c)
- ReleaseSRWLockShared (Address: 0x100ae1fc)
- SetEvent (Address: 0x100ae200)
- WaitForSingleObject (Address: 0x100ae22c)
- WaitForSingleObjectEx (Address: 0x100ae218)
api-ms-win-core-synch-l1-2-0.dll
- InitOnceExecuteOnce (Address: 0x100ae250)
- Sleep (Address: 0x100ae24c)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetComputerNameExW (Address: 0x100ae268)
- GetLocalTime (Address: 0x100ae264)
- GetSystemTime (Address: 0x100ae258)
- GetSystemTimeAsFileTime (Address: 0x100ae270)
- GetSystemWindowsDirectoryW (Address: 0x100ae274)
- GetTickCount (Address: 0x100ae26c)
- GetTickCount64 (Address: 0x100ae25c)
- GetVersionExW (Address: 0x100ae260)
api-ms-win-core-sysinfo-l1-2-0.dll
- GetProductInfo (Address: 0x100ae27c)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpoolTimer (Address: 0x100ae28c)
- CreateThreadpoolTimer (Address: 0x100ae290)
- SetThreadpoolTimer (Address: 0x100ae284)
- WaitForThreadpoolTimerCallbacks (Address: 0x100ae288)
api-ms-win-core-timezone-l1-1-0.dll
- FileTimeToSystemTime (Address: 0x100ae29c)
- GetTimeZoneInformation (Address: 0x100ae2a0)
- SystemTimeToFileTime (Address: 0x100ae298)
api-ms-win-devices-config-l1-1-1.dll
- CM_Register_Notification (Address: 0x100ae2a8)
- CM_Unregister_Notification (Address: 0x100ae2ac)
api-ms-win-eventing-classicprovider-l1-1-0.dll
- GetTraceEnableFlags (Address: 0x100ae2b8)
- GetTraceEnableLevel (Address: 0x100ae2b4)
- GetTraceLoggerHandle (Address: 0x100ae2c4)
- RegisterTraceGuidsW (Address: 0x100ae2bc)
- TraceMessage (Address: 0x100ae2c0)
- UnregisterTraceGuids (Address: 0x100ae2c8)
api-ms-win-eventing-controller-l1-1-0.dll
- ControlTraceW (Address: 0x100ae2d0)
- EnableTraceEx2 (Address: 0x100ae2d4)
- StartTraceW (Address: 0x100ae2d8)
api-ms-win-eventing-provider-l1-1-0.dll
- EventProviderEnabled (Address: 0x100ae2ec)
- EventRegister (Address: 0x100ae2f0)
- EventSetInformation (Address: 0x100ae2e0)
- EventUnregister (Address: 0x100ae2e4)
- EventWriteTransfer (Address: 0x100ae2e8)
api-ms-win-security-base-l1-1-0.dll
- AdjustTokenPrivileges (Address: 0x100ae300)
- AllocateAndInitializeSid (Address: 0x100ae304)
- CheckTokenMembership (Address: 0x100ae310)
- CopySid (Address: 0x100ae2fc)
- DuplicateTokenEx (Address: 0x100ae31c)
- FreeSid (Address: 0x100ae314)
- GetLengthSid (Address: 0x100ae2f8)
- GetTokenInformation (Address: 0x100ae308)
- ImpersonateSelf (Address: 0x100ae30c)
- RevertToSelf (Address: 0x100ae318)
api-ms-win-security-lsapolicy-l1-1-0.dll
- LsaClose (Address: 0x100ae324)
- LsaFreeMemory (Address: 0x100ae330)
- LsaOpenPolicy (Address: 0x100ae328)
- LsaQueryInformationPolicy (Address: 0x100ae32c)
api-ms-win-security-sddl-l1-1-0.dll
- ConvertSidToStringSidW (Address: 0x100ae33c)
- ConvertStringSidToSidW (Address: 0x100ae338)
api-ms-win-service-private-l1-1-0.dll
- I_QueryTagInformation (Address: 0x100ae344)
bcrypt.dll
- BCryptCloseAlgorithmProvider (Address: 0x100ae364)
- BCryptCreateHash (Address: 0x100ae384)
- BCryptDecrypt (Address: 0x100ae37c)
- BCryptDeriveKey (Address: 0x100ae38c)
- BCryptDeriveKeyPBKDF2 (Address: 0x100ae368)
- BCryptDestroyHash (Address: 0x100ae39c)
- BCryptDestroyKey (Address: 0x100ae358)
- BCryptDestroySecret (Address: 0x100ae388)
- BCryptEncrypt (Address: 0x100ae360)
- BCryptExportKey (Address: 0x100ae378)
- BCryptFinalizeKeyPair (Address: 0x100ae394)
- BCryptFinishHash (Address: 0x100ae36c)
- BCryptGenerateKeyPair (Address: 0x100ae398)
- BCryptGenerateSymmetricKey (Address: 0x100ae370)
- BCryptGenRandom (Address: 0x100ae350)
- BCryptGetFipsAlgorithmMode (Address: 0x100ae34c)
- BCryptGetProperty (Address: 0x100ae380)
- BCryptHashData (Address: 0x100ae35c)
- BCryptImportKeyPair (Address: 0x100ae354)
- BCryptOpenAlgorithmProvider (Address: 0x100ae3a0)
- BCryptSecretAgreement (Address: 0x100ae390)
- BCryptSetProperty (Address: 0x100ae374)
msvcrt.dll
- __CxxFrameHandler3 (Address: 0x100ae434)
- __dllonexit (Address: 0x100ae3c8)
- _amsg_exit (Address: 0x100ae410)
- _callnewh (Address: 0x100ae460)
- _CxxThrowException (Address: 0x100ae438)
- _errno (Address: 0x100ae3d4)
- _except_handler4_common (Address: 0x100ae3ec)
- _ftol2 (Address: 0x100ae3b0)
- _initterm (Address: 0x100ae3f4)
- _lock (Address: 0x100ae3dc)
- _onexit (Address: 0x100ae3c4)
- _purecall (Address: 0x100ae45c)
- _scwprintf (Address: 0x100ae3a8)
- _stricmp (Address: 0x100ae3e4)
- _strnicmp (Address: 0x100ae404)
- _unlock (Address: 0x100ae3d8)
- _vsnwprintf (Address: 0x100ae430)
- _wcsicmp (Address: 0x100ae414)
- _wcsupr (Address: 0x100ae3c0)
- _wtempnam (Address: 0x100ae400)
- _XcptFilter (Address: 0x100ae41c)
- ??_V@YAXPAX@Z (Address: 0x100ae3b4)
- ??0exception@@QAE@ABQBD@Z (Address: 0x100ae454)
- ??0exception@@QAE@ABQBDH@Z (Address: 0x100ae44c)
- ??0exception@@QAE@ABV0@@Z (Address: 0x100ae448)
- ??1exception@@UAE@XZ (Address: 0x100ae444)
- ??1type_info@@UAE@XZ (Address: 0x100ae3bc)
- ??3@YAXPAX@Z (Address: 0x100ae458)
- ?what@exception@@UBEPBDXZ (Address: 0x100ae43c)
- ceil (Address: 0x100ae3ac)
- free (Address: 0x100ae3f8)
- iswascii (Address: 0x100ae440)
- iswdigit (Address: 0x100ae40c)
- malloc (Address: 0x100ae450)
- memcmp (Address: 0x100ae3b8)
- memcpy (Address: 0x100ae424)
- memcpy_s (Address: 0x100ae42c)
- memmove (Address: 0x100ae420)
- memmove_s (Address: 0x100ae428)
- memset (Address: 0x100ae464)
- sprintf_s (Address: 0x100ae3d0)
- time (Address: 0x100ae3cc)
- toupper (Address: 0x100ae418)
- wcschr (Address: 0x100ae3e0)
- wcscpy_s (Address: 0x100ae3fc)
- wcsncat_s (Address: 0x100ae3e8)
- wcsncpy_s (Address: 0x100ae3f0)
- wcstoul (Address: 0x100ae408)
ntdll.dll
- EtwEventRegister (Address: 0x100ae4c4)
- EtwEventUnregister (Address: 0x100ae4c0)
- EtwEventWrite (Address: 0x100ae4bc)
- NtClose (Address: 0x100ae4b0)
- NtOpenFile (Address: 0x100ae49c)
- NtOpenKey (Address: 0x100ae4b8)
- NtPowerInformation (Address: 0x100ae484)
- NtQueryInformationFile (Address: 0x100ae4ec)
- NtQuerySystemEnvironmentValueEx (Address: 0x100ae48c)
- NtQuerySystemInformation (Address: 0x100ae4d4)
- NtQueryValueKey (Address: 0x100ae4b4)
- NtQueryVolumeInformationFile (Address: 0x100ae4d0)
- NtQueryWnfStateData (Address: 0x100ae4cc)
- RtlCheckPortableOperatingSystem (Address: 0x100ae488)
- RtlCompareMemory (Address: 0x100ae494)
- RtlCreateSystemVolumeInformationFolder (Address: 0x100ae47c)
- RtlDosPathNameToNtPathName_U_WithStatus (Address: 0x100ae480)
- RtlFreeUnicodeString (Address: 0x100ae4a8)
- RtlGenerate8dot3Name (Address: 0x100ae478)
- RtlInitUnicodeString (Address: 0x100ae490)
- RtlIsMultiSessionSku (Address: 0x100ae4e4)
- RtlLengthSid (Address: 0x100ae4e8)
- RtlNtStatusToDosError (Address: 0x100ae4dc)
- RtlPublishWnfStateData (Address: 0x100ae4c8)
- RtlSetThreadErrorMode (Address: 0x100ae4d8)
- RtlStringFromGUID (Address: 0x100ae4ac)
- RtlSubscribeWnfStateChangeNotification (Address: 0x100ae4e0)
- RtlSystemTimeToLocalTime (Address: 0x100ae46c)
- RtlTimeToTimeFields (Address: 0x100ae470)
- RtlUnicodeStringToCountedOemString (Address: 0x100ae474)
- RtlUnsubscribeWnfStateChangeNotification (Address: 0x100ae498)
- WinSqmAddToStreamEx (Address: 0x100ae4a4)
- WinSqmSetDWORD (Address: 0x100ae4a0)