wevtapi.dll
Description: Eventing Consumption and Configuration API
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.6280
Architecture: 32-bit
Operating System: Windows NT
SHA256: 5e3c5129ad4f80ae32f71189a196a6c1
File Size: 288.0 KB
Uploaded At: Dec. 1, 2025, 8:06 a.m.
Views: 8
Exported Functions
- EvtIntSysprepCleanup (Ordinal: 1, Address: 0x2b210)
- EvtArchiveExportedLog (Ordinal: 2, Address: 0x29400)
- EvtCancel (Ordinal: 3, Address: 0x29550)
- EvtClearLog (Ordinal: 4, Address: 0x29660)
- EvtClose (Ordinal: 5, Address: 0xedd0)
- EvtCreateBookmark (Ordinal: 6, Address: 0x102c0)
- EvtCreateRenderContext (Ordinal: 7, Address: 0xef10)
- EvtExportLog (Ordinal: 8, Address: 0x297f0)
- EvtFormatMessage (Ordinal: 9, Address: 0x10b30)
- EvtGetChannelConfigProperty (Ordinal: 10, Address: 0x13df0)
- EvtGetEventInfo (Ordinal: 11, Address: 0x29a40)
- EvtGetEventMetadataProperty (Ordinal: 12, Address: 0x29af0)
- EvtGetExtendedStatus (Ordinal: 13, Address: 0x29bf0)
- EvtGetLogInfo (Ordinal: 14, Address: 0x29c10)
- EvtGetObjectArrayProperty (Ordinal: 15, Address: 0x29cc0)
- EvtGetObjectArraySize (Ordinal: 16, Address: 0x29db0)
- EvtGetPublisherMetadataProperty (Ordinal: 17, Address: 0x29e50)
- EvtGetQueryInfo (Ordinal: 18, Address: 0x29f50)
- EvtIntAssertConfig (Ordinal: 19, Address: 0x10320)
- EvtIntCreateBinXMLFromCustomXML (Ordinal: 20, Address: 0x2ba40)
- EvtIntCreateLocalLogfile (Ordinal: 21, Address: 0x2ba70)
- EvtIntGetClassicLogDisplayName (Ordinal: 22, Address: 0x2bb80)
- EvtIntRenderResourceEventTemplate (Ordinal: 23, Address: 0x2bf10)
- EvtIntReportAuthzEventAndSourceAsync (Ordinal: 24, Address: 0x3ebe4)
- EvtIntReportEventAndSourceAsync (Ordinal: 25, Address: 0x3ec2f)
- EvtIntRetractConfig (Ordinal: 26, Address: 0x2c440)
- EvtIntWriteXmlEventToLocalLogfile (Ordinal: 27, Address: 0x2c590)
- EvtNext (Ordinal: 28, Address: 0xa630)
- EvtNextChannelPath (Ordinal: 29, Address: 0x2a320)
- EvtNextEventMetadata (Ordinal: 30, Address: 0x2a3d0)
- EvtNextPublisherId (Ordinal: 31, Address: 0x2a4f0)
- EvtOpenChannelConfig (Ordinal: 32, Address: 0x13880)
- EvtOpenChannelEnum (Ordinal: 33, Address: 0x2a5a0)
- EvtOpenEventMetadataEnum (Ordinal: 34, Address: 0x2a710)
- EvtOpenLog (Ordinal: 35, Address: 0x2a820)
- EvtOpenPublisherEnum (Ordinal: 36, Address: 0x2a9b0)
- EvtOpenPublisherMetadata (Ordinal: 37, Address: 0x10580)
- EvtOpenSession (Ordinal: 38, Address: 0x13c00)
- EvtQuery (Ordinal: 39, Address: 0x8c30)
- EvtRender (Ordinal: 40, Address: 0xabc0)
- EvtSaveChannelConfig (Ordinal: 41, Address: 0x2ab20)
- EvtSeek (Ordinal: 42, Address: 0x8020)
- EvtSetChannelConfigProperty (Ordinal: 43, Address: 0x2ac00)
- EvtSubscribe (Ordinal: 44, Address: 0x9740)
- EvtUpdateBookmark (Ordinal: 45, Address: 0x8810)
Imported DLLs & Functions
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x10040008)
- IsDebuggerPresent (Address: 0x10040004)
- OutputDebugStringW (Address: 0x10040000)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x10040010)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x10040018)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x1004002c)
- SetLastError (Address: 0x10040028)
- SetUnhandledExceptionFilter (Address: 0x10040020)
- UnhandledExceptionFilter (Address: 0x10040024)
api-ms-win-core-file-l1-1-0.dll
- CreateFileW (Address: 0x10040048)
- DeleteFileW (Address: 0x10040058)
- FlushFileBuffers (Address: 0x10040038)
- GetDiskFreeSpaceExW (Address: 0x10040060)
- GetFileAttributesW (Address: 0x1004004c)
- GetFileInformationByHandle (Address: 0x10040040)
- GetFileSizeEx (Address: 0x10040034)
- GetFullPathNameW (Address: 0x10040050)
- GetTempFileNameW (Address: 0x1004005c)
- ReadFile (Address: 0x10040044)
- SetEndOfFile (Address: 0x1004003c)
- SetFilePointerEx (Address: 0x10040054)
api-ms-win-core-file-l2-1-0.dll
- MoveFileExW (Address: 0x10040068)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x10040074)
- DuplicateHandle (Address: 0x10040070)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x10040084)
- HeapAlloc (Address: 0x10040080)
- HeapFree (Address: 0x1004007c)
api-ms-win-core-heap-l2-1-0.dll
- LocalAlloc (Address: 0x1004008c)
- LocalFree (Address: 0x10040090)
api-ms-win-core-interlocked-l1-1-0.dll
- InitializeSListHead (Address: 0x10040098)
api-ms-win-core-libraryloader-l1-2-0.dll
- FreeLibrary (Address: 0x100400a8)
- GetModuleFileNameA (Address: 0x100400a4)
- GetModuleHandleExW (Address: 0x100400a0)
- GetModuleHandleW (Address: 0x100400b0)
- GetProcAddress (Address: 0x100400ac)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x100400c0)
- GetLocaleInfoW (Address: 0x100400bc)
- GetThreadLocale (Address: 0x100400b8)
- GetThreadUILanguage (Address: 0x100400c4)
api-ms-win-core-processenvironment-l1-1-0.dll
- ExpandEnvironmentStringsW (Address: 0x100400cc)
api-ms-win-core-processthreads-l1-1-0.dll
- GetCurrentProcess (Address: 0x100400f0)
- GetCurrentProcessId (Address: 0x100400d8)
- GetCurrentThreadId (Address: 0x100400dc)
- TerminateProcess (Address: 0x100400d4)
- TlsAlloc (Address: 0x100400e0)
- TlsFree (Address: 0x100400e4)
- TlsGetValue (Address: 0x100400ec)
- TlsSetValue (Address: 0x100400e8)
api-ms-win-core-processthreads-l1-1-1.dll
- IsProcessorFeaturePresent (Address: 0x100400f8)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x10040100)
api-ms-win-core-string-l1-1-0.dll
- MultiByteToWideChar (Address: 0x1004010c)
- WideCharToMultiByte (Address: 0x10040108)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x10040114)
- AcquireSRWLockShared (Address: 0x10040120)
- CreateEventW (Address: 0x10040134)
- CreateMutexExW (Address: 0x1004012c)
- CreateSemaphoreExW (Address: 0x10040130)
- DeleteCriticalSection (Address: 0x10040140)
- EnterCriticalSection (Address: 0x1004014c)
- InitializeCriticalSectionEx (Address: 0x10040144)
- LeaveCriticalSection (Address: 0x10040148)
- OpenSemaphoreW (Address: 0x10040128)
- ReleaseMutex (Address: 0x10040124)
- ReleaseSemaphore (Address: 0x1004013c)
- ReleaseSRWLockExclusive (Address: 0x1004011c)
- ReleaseSRWLockShared (Address: 0x10040154)
- ResetEvent (Address: 0x10040118)
- SetEvent (Address: 0x10040150)
- WaitForSingleObject (Address: 0x10040138)
- WaitForSingleObjectEx (Address: 0x10040158)
api-ms-win-core-synch-l1-2-0.dll
- InitializeConditionVariable (Address: 0x10040174)
- InitOnceBeginInitialize (Address: 0x1004016c)
- InitOnceComplete (Address: 0x10040164)
- Sleep (Address: 0x10040160)
- SleepConditionVariableCS (Address: 0x10040170)
- WakeAllConditionVariable (Address: 0x10040168)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetSystemTimeAsFileTime (Address: 0x1004017c)
- GetTickCount (Address: 0x10040180)
- GetTickCount64 (Address: 0x10040184)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpoolCleanupGroup (Address: 0x1004018c)
- CloseThreadpoolTimer (Address: 0x10040190)
- CloseThreadpoolWait (Address: 0x100401b0)
- CloseThreadpoolWork (Address: 0x100401c0)
- CreateThreadpoolCleanupGroup (Address: 0x10040198)
- CreateThreadpoolTimer (Address: 0x100401b4)
- CreateThreadpoolWait (Address: 0x100401a8)
- CreateThreadpoolWork (Address: 0x100401a0)
- FreeLibraryWhenCallbackReturns (Address: 0x100401bc)
- SetThreadpoolTimer (Address: 0x1004019c)
- SetThreadpoolWait (Address: 0x100401a4)
- SubmitThreadpoolWork (Address: 0x100401b8)
- WaitForThreadpoolTimerCallbacks (Address: 0x10040194)
- WaitForThreadpoolWaitCallbacks (Address: 0x100401ac)
api-ms-win-core-timezone-l1-1-0.dll
- FileTimeToSystemTime (Address: 0x100401c8)
- SystemTimeToFileTime (Address: 0x100401cc)
api-ms-win-crt-private-l1-1-0.dll
- __CxxFrameHandler3 (Address: 0x10040288)
- __std_terminate (Address: 0x10040284)
- _CxxThrowException (Address: 0x1004028c)
- _except_handler4_common (Address: 0x1004025c)
- _o___std_exception_copy (Address: 0x10040278)
- _o___std_exception_destroy (Address: 0x10040274)
- _o___std_type_info_destroy_list (Address: 0x10040270)
- _o___stdio_common_vsnprintf_s (Address: 0x1004026c)
- _o___stdio_common_vsnwprintf_s (Address: 0x10040268)
- _o___stdio_common_vsprintf_s (Address: 0x10040264)
- _o___stdio_common_vswprintf (Address: 0x10040260)
- _o__cexit (Address: 0x10040280)
- _o__configure_narrow_argv (Address: 0x100401d4)
- _o__crt_atexit (Address: 0x100401d8)
- _o__errno (Address: 0x100401dc)
- _o__execute_onexit_table (Address: 0x100401e0)
- _o__i64tow_s (Address: 0x100401e4)
- _o__initialize_narrow_environment (Address: 0x100401e8)
- _o__initialize_onexit_table (Address: 0x100401ec)
- _o__invalid_parameter_noinfo (Address: 0x100401f0)
- _o__invalid_parameter_noinfo_noreturn (Address: 0x100401f4)
- _o__itow_s (Address: 0x100401f8)
- _o__purecall (Address: 0x100401fc)
- _o__register_onexit_function (Address: 0x10040200)
- _o__seh_filter_dll (Address: 0x10040204)
- _o__ui64tow_s (Address: 0x1004020c)
- _o__ultow_s (Address: 0x10040210)
- _o__wcsicmp (Address: 0x10040214)
- _o__wcsnicmp (Address: 0x10040218)
- _o__wcstoi64 (Address: 0x1004021c)
- _o__wcstoui64 (Address: 0x10040220)
- _o__wtof (Address: 0x10040224)
- _o__wtoi (Address: 0x10040228)
- _o__wtoi64 (Address: 0x1004022c)
- _o__wtol (Address: 0x10040230)
- _o_free (Address: 0x10040234)
- _o_iswalnum (Address: 0x10040238)
- _o_iswalpha (Address: 0x1004023c)
- _o_iswdigit (Address: 0x10040240)
- _o_iswspace (Address: 0x10040244)
- _o_strncpy_s (Address: 0x10040248)
- _o_terminate (Address: 0x1004024c)
- _o_toupper (Address: 0x10040250)
- _o_wcscpy_s (Address: 0x10040254)
- _o_wcsncpy_s (Address: 0x10040258)
- memcmp (Address: 0x10040290)
- memcpy (Address: 0x10040294)
- memmove (Address: 0x10040208)
- wcschr (Address: 0x1004027c)
api-ms-win-crt-runtime-l1-1-0.dll
- _initterm (Address: 0x1004029c)
- _initterm_e (Address: 0x100402a0)
api-ms-win-crt-string-l1-1-0.dll
- memset (Address: 0x100402b0)
- strnlen (Address: 0x100402ac)
- wcsnlen (Address: 0x100402a8)
api-ms-win-eventing-classicprovider-l1-1-0.dll
- TraceMessage (Address: 0x100402b8)
api-ms-win-eventing-provider-l1-1-0.dll
- EventActivityIdControl (Address: 0x100402cc)
- EventProviderEnabled (Address: 0x100402d4)
- EventRegister (Address: 0x100402d0)
- EventSetInformation (Address: 0x100402c8)
- EventUnregister (Address: 0x100402c0)
- EventWriteTransfer (Address: 0x100402c4)
api-ms-win-security-base-l1-1-0.dll
- GetLengthSid (Address: 0x100402e0)
- IsValidSid (Address: 0x100402dc)
msvcp_win.dll
- ?_Xlength_error@std@@YAXPBD@Z (Address: 0x100402e8)
- ?_Xout_of_range@std@@YAXPBD@Z (Address: 0x100402ec)
ntdll.dll
- EtwGetTraceEnableFlags (Address: 0x10040304)
- EtwGetTraceEnableLevel (Address: 0x100402f4)
- EtwGetTraceLoggerHandle (Address: 0x10040300)
- EtwRegisterTraceGuidsW (Address: 0x100402f8)
- EtwTraceMessage (Address: 0x100402fc)
- EtwUnregisterTraceGuids (Address: 0x10040324)
- NtReadFile (Address: 0x10040318)
- NtSetInformationFile (Address: 0x10040308)
- NtWriteFile (Address: 0x10040314)
- RtlComputeCrc32 (Address: 0x10040310)
- RtlNtStatusToDosError (Address: 0x10040320)
- RtlSetLastWin32Error (Address: 0x1004031c)
- RtlSetLastWin32ErrorAndNtStatusFromNtStatus (Address: 0x1004030c)