AdmTmpl.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
x64~x32~installer___.zip
Resource
win10v2004-20240709-en
windows10-2004-x64
14 signatures
1200 seconds
General
-
Target
x64~x32~installer___.zip
-
Size
32.1MB
-
MD5
896ef3d59b328f519adf15a9180cfc39
-
SHA1
12bc78a4ccb881c54d6440f01529654df1f5cb12
-
SHA256
33f7cb8efccaf9a1f1fcd9669bf3a91ce42171d7f8defe88dd08766a10966aad
-
SHA512
5e467d0c9206d660ff3a1fbddba20605de93f558e61e7b3225ac69a15bf13d2b4782aa8d44da019de745edcb249471044b56db29ed9e70b4d9a294d46074cf08
-
SSDEEP
786432:rizgoljL179bEerHXeSsgHOM4gi90roTTXqCwv0MVyC3U4:r85X9j4kronXNkbb3U4
Score
3/10
Malware Config
Signatures
-
Unsigned PE 11 IoCs
Checks for missing Authenticode signature.
resource unpack001/AppVManifest/AdmTmpl.dll unpack001/AppVManifest/gamemode.dll unpack001/kd_02_10ec/KBDROPR.DLL unpack001/kd_02_10ec/MFWMAAEC.DLL unpack001/mtxclu/imapi.dll unpack001/mtxclu/itircl.dll unpack001/mtxclu/mtxclu.dll unpack001/mtxclu/nlhtml.dll unpack001/systemcpl/pnrpsvc.dll unpack001/systemcpl/provthrd.dll unpack001/systemcpl/systemcpl.dll
Files
-
x64~x32~installer___.zip.zip
-
AppVManifest/AdmTmpl.dll.dll windows:10 windows x64 arch:x64
8e9ebc56a81add3ad5dd49789500f3a1
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
msvcrt
wcstoul
__CxxFrameHandler3
__RTDynamicCast
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
??0exception@@QEAA@AEBQEBD@Z
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
malloc
free
_callnewh
wcsrchr
_itow
wcschr
__C_specific_handler
_vsnwprintf
_purecall
wcsnlen
_wtoi
_wtoi64
memset
api-ms-win-core-errorhandling-l1-1-0
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
api-ms-win-core-heap-l2-1-0
GlobalAlloc
LocalReAlloc
GlobalFree
LocalAlloc
LocalFree
api-ms-win-core-file-l1-1-0
FindClose
GetFileAttributesW
WriteFile
GetFileAttributesExW
FindFirstFileW
CreateDirectoryW
CompareFileTime
FileTimeToLocalFileTime
ReadFile
FindNextFileW
GetFileSize
SetFilePointer
CreateFileW
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-string-l1-1-0
CompareStringW
MultiByteToWideChar
api-ms-win-core-localization-l1-2-0
GetUserDefaultLangID
GetFileMUIPath
GetThreadPreferredUILanguages
FormatMessageW
api-ms-win-core-libraryloader-l1-2-0
GetProcAddress
FreeLibraryAndExitThread
FindResourceExW
LoadStringW
LoadResource
GetModuleHandleExW
DisableThreadLibraryCalls
FreeLibrary
GetModuleFileNameW
LoadLibraryExW
LockResource
api-ms-win-core-synch-l1-1-0
ResetEvent
EnterCriticalSection
SetEvent
InitializeCriticalSectionEx
CreateEventW
InitializeCriticalSection
WaitForSingleObject
LeaveCriticalSection
DeleteCriticalSection
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
api-ms-win-core-debug-l1-1-0
OutputDebugStringW
OutputDebugStringA
DebugBreak
oleaut32
SysStringLen
SysFreeString
SysAllocString
api-ms-win-security-base-l1-1-0
GetLengthSid
AddAccessAllowedAce
GetAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
InitializeAcl
AllocateAndInitializeSid
FreeSid
api-ms-win-core-registry-l1-1-0
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExA
RegQueryInfoKeyW
RegOpenKeyExA
RegSetValueExW
RegEnumValueW
api-ms-win-core-sysinfo-l1-1-0
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetLocalTime
GetTickCount
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
SetThreadPriority
TerminateProcess
CreateThread
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
api-ms-win-core-com-l1-1-0
StringFromGUID2
CoInitializeEx
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
CLSIDFromString
CoTaskMemAlloc
api-ms-win-core-string-l2-1-0
CharLowerBuffW
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-timezone-l1-1-0
FileTimeToSystemTime
api-ms-win-core-datetime-l1-1-0
GetTimeFormatW
GetDateFormatW
api-ms-win-core-rtlsupport-l1-1-0
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
advapi32
RegCreateKeyW
IsTextUnicode
RegDeleteKeyW
gdi32
DeleteObject
kernel32
GlobalLock
LoadLibraryExA
ExpandEnvironmentStringsA
QueryActCtxW
GlobalUnlock
GlobalReAlloc
lstrcmpiW
DeactivateActCtx
ActivateActCtx
FindActCtxSectionStringW
CreateActCtxW
ole32
OleRun
shell32
SHFileOperationW
user32
GetWindowLongPtrW
PeekMessageW
SendMessageW
GetDlgItem
DispatchMessageW
IsDlgButtonChecked
SetWindowLongPtrW
DialogBoxParamW
MessageBoxW
EndDialog
EnableWindow
GetMessagePos
DefWindowProcW
DestroyWindow
ScreenToClient
CheckDlgButton
LoadImageW
CreateWindowExW
GetWindowLongW
SetWindowLongW
GetKeyboardLayout
PostMessageW
MessageBeep
SetFocus
GetClientRect
DestroyIcon
RegisterClipboardFormatW
SetCursor
RegisterClassW
RegisterWindowMessageW
LoadCursorW
MsgWaitForMultipleObjects
TranslateMessage
xmllite
CreateXmlWriter
Exports
Exports
CreateCmtStoreObject
CreateParserObject
DllCanUnloadNow
DllGetClassObject
Sections
.text Size: 242KB - Virtual size: 241KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 140KB - Virtual size: 139KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 120KB - Virtual size: 120KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
AppVManifest/AppVManifest.dll.dll windows:10 windows x64 arch:x64
1c7db189c5ec95de0a9fb2d861751869
Code Sign
33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02/09/2021, 18:23Not After01/09/2022, 18:23SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19/10/2011, 18:41Not After19/10/2026, 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
64:ba:83:d4:06:73:b3:13:09:36:ea:8e:f4:3b:79:b9:2f:80:55:99:10:83:35:40:76:be:68:db:2f:0c:ec:08Signer
Actual PE Digest64:ba:83:d4:06:73:b3:13:09:36:ea:8e:f4:3b:79:b9:2f:80:55:99:10:83:35:40:76:be:68:db:2f:0c:ec:08Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
AppVManifest.pdb
Imports
msvcp_win
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
??Bid@locale@std@@QEAA_KXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?id@?$numpunct@_W@std@@2V0locale@2@A
?classic@locale@std@@SAAEBV12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
_Mbrtowc
api-ms-win-crt-runtime-l1-1-0
_initterm_e
_initterm
api-ms-win-crt-private-l1-1-0
_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__stricmp
_o__wcsicmp
_o__wcsupr_s
_o__wtoi
_o_calloc
_o_free
_o_iswalpha
_o_iswdigit
_o_malloc
_o_terminate
_o_wcscpy_s
__CxxFrameHandler3
__C_specific_handler
_CxxThrowException
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__RTDynamicCast
memcmp
memcpy
strrchr
__std_terminate
__CxxFrameHandler4
wcschr
api-ms-win-crt-string-l1-1-0
memset
wcsncmp
kernel32
MoveFileExW
FindClose
GetTempPathW
DeleteFileW
LoadLibraryW
FreeLibrary
DebugBreak
WideCharToMultiByte
lstrcmpiW
QueryPerformanceCounter
GetCurrentProcessId
CreateEventW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcAddress
FindResourceW
LoadResource
LockResource
GetModuleHandleExW
SizeofResource
CopyFileExW
GetTempFileNameW
CloseHandle
GetLastError
SetFileAttributesW
GetCurrentThreadId
FindFirstFileW
SetLastError
FindNextFileW
GetSystemTimeAsFileTime
InitializeSListHead
RemoveDirectoryW
RtlCaptureContext
TerminateProcess
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
advapi32
RegGetValueW
EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister
ole32
CoCreateInstance
CreateStreamOnHGlobal
CLSIDFromString
oleaut32
VariantClear
VariantCopy
SysAllocString
SysFreeString
VariantInit
GetErrorInfo
VariantChangeType
Exports
Exports
CreateManifestDocumentFromDocument
CreateManifestDocumentFromFile
CreateManifestDocumentFromXML
GetManifestSelectionNamespaces
Sections
.text Size: 315KB - Virtual size: 315KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 222KB - Virtual size: 222KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 93KB - Virtual size: 95KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 204KB - Virtual size: 204KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
AppVManifest/gamemode.dll.dll windows:10 windows x64 arch:x64
3594f0015a7f1df25922cb8d956a56e9
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
gamemode.pdb
Imports
msvcrt
_unlock
malloc
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_lock
_amsg_exit
_XcptFilter
__C_specific_handler
_CxxThrowException
_vsnprintf_s
_initterm
free
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
__CxxFrameHandler3
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
memset
api-ms-win-core-libraryloader-l1-2-0
GetProcAddress
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW
DisableThreadLibraryCalls
api-ms-win-core-synch-l1-1-0
WaitForSingleObject
CreateMutexExW
ReleaseSemaphore
OpenSemaphoreW
CreateSemaphoreExW
ReleaseMutex
WaitForSingleObjectEx
api-ms-win-core-heap-l1-1-0
HeapFree
HeapAlloc
GetProcessHeap
api-ms-win-core-errorhandling-l1-1-0
SetLastError
GetLastError
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter
api-ms-win-core-processthreads-l1-1-0
OpenProcessToken
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-debug-l1-1-0
IsDebuggerPresent
DebugBreak
OutputDebugStringW
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-eventing-provider-l1-1-0
EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer
api-ms-win-core-winrt-string-l1-1-0
WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateStringReference
api-ms-win-core-winrt-l1-1-0
RoActivateInstance
RoGetActivationFactory
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-rtlsupport-l1-1-0
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetTickCount
GetSystemTimeAsFileTime
ntdll
NtQueryInformationToken
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlInitUnicodeString
RtlGetDeviceFamilyInfoEnum
NtQueryWnfStateData
RtlFreeHeap
api-ms-win-core-registry-l1-1-0
RegGetValueW
api-ms-win-core-processthreads-l1-1-1
OpenProcess
api-ms-win-appmodel-unlock-l1-1-0
IsDeveloperModeEnabled
api-ms-win-security-base-l1-1-0
DuplicateTokenEx
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
GetExpandedResourceExclusiveCpuCount
HasExpandedResources
MsixvcAddGameToGCS
MsixvcAddPackageAsync
MsixvcRemediateMutablePackagesForVolumeAsync
MsixvcUpdatePolicyString
MsixvcUpdatePolicyUInt64
ReleaseExclusiveCpuSets
Sections
.text Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 104B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 92B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
AppVManifest/gdi32.dll.dll windows:10 windows x64 arch:x64
8aee58126035547b5e6ff8c7c20c5705
Code Sign
33:00:00:03:8c:38:5d:5c:2e:74:83:cc:fb:00:00:00:00:03:8cCertificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before05/05/2022, 19:23Not After04/05/2023, 19:23SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19/10/2011, 18:41Not After19/10/2026, 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
6e:f3:c8:67:21:6f:ff:c0:00:7a:73:58:21:f9:ba:21:21:03:ea:bb:a9:7b:31:b7:ce:93:8e:a9:30:bc:83:29Signer
Actual PE Digest6e:f3:c8:67:21:6f:ff:c0:00:7a:73:58:21:f9:ba:21:21:03:ea:bb:a9:7b:31:b7:ce:93:8e:a9:30:bc:83:29Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
gdi32.pdb
Imports
ntdll
toupper
memcpy
memmove
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlDecodePointer
RtlInitUnicodeString
_wcsicmp
_wcsnicmp
wcsncpy_s
RtlUnsubscribeWnfStateChangeNotification
RtlFreeHeap
RtlSubscribeWnfStateChangeNotification
RtlAllocateHeap
RtlLeaveCriticalSection
RtlEnterCriticalSection
memset
api-ms-win-core-heap-l2-1-0
LocalFree
LocalAlloc
api-ms-win-core-libraryloader-l1-2-0
DisableThreadLibraryCalls
GetProcAddress
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleA
api-ms-win-core-processthreads-l1-1-1
GetProcessMitigationPolicy
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
api-ms-win-core-synch-l1-2-0
InitOnceExecuteOnce
Sleep
api-ms-win-core-synch-l1-1-0
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetTickCount
GetSystemTimeAsFileTime
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
UnhandledExceptionFilter
win32u
NtGdiEngPaint
NtGdiEngPlgBlt
NtGdiEngStretchBlt
NtGdiEngStretchBltROP
NtGdiEngStrokeAndFillPath
NtGdiEngStrokePath
NtGdiEngTextOut
NtGdiEngTransparentBlt
NtGdiEngUnlockSurface
NtGdiFONTOBJ_cGetAllGlyphHandles
NtGdiFONTOBJ_cGetGlyphs
NtGdiFONTOBJ_pQueryGlyphAttrs
NtGdiFONTOBJ_pfdg
NtGdiFONTOBJ_pifi
NtGdiFONTOBJ_pvTrueTypeFontFile
NtGdiFONTOBJ_pxoGetXform
NtGdiFONTOBJ_vGetInfo
NtGdiFullscreenControl
NtGdiGetSpoolMessage
NtGdiEngLockSurface
NtGdiQueryFonts
NtGdiGetBitmapDpiScaleValue
NtGdiGetCOPPCompatibleOPMInformation
NtGdiGetCertificate
NtGdiGetCertificateByHandle
NtGdiGetCertificateSize
NtGdiGetCertificateSizeByHandle
NtGdiGetCharWidthInfo
NtGdiGetFontUnicodeRanges
NtGdiGetNumberOfPhysicalMonitors
NtGdiGetOPMInformation
NtGdiGetOPMRandomNumber
NtGdiGetPhysicalMonitorDescription
NtGdiGetPhysicalMonitors
NtGdiGetStringBitmapW
NtGdiGetSuggestedOPMProtectedOutputArraySize
NtGdiGetTextCharsetInfo
NtGdiHT_Get8BPPFormatPalette
NtGdiHT_Get8BPPMaskPalette
NtGdiPATHOBJ_bEnum
NtGdiPATHOBJ_bEnumClipLines
NtGdiPATHOBJ_vEnumStart
NtGdiPATHOBJ_vEnumStartClipLines
NtGdiPATHOBJ_vGetBounds
NtGdiSTROBJ_bEnum
NtGdiSTROBJ_bEnumPositionsOnly
NtGdiSTROBJ_bGetAdvanceWidths
NtGdiSTROBJ_dwGetCodePage
NtGdiSTROBJ_vEnumStart
NtGdiScaleRgn
NtGdiScaleValues
NtGdiSetMagicColors
NtGdiSetOPMSigningKeyAndSequenceNumbers
NtGdiXFORMOBJ_bApplyXform
NtGdiXFORMOBJ_iGetXform
NtGdiXLATEOBJ_cGetPalette
NtGdiXLATEOBJ_hGetColorTransform
NtGdiXLATEOBJ_iXlate
NtGdiGetDeviceCapsAll
NtGdiGetDeviceCaps
NtGdiGetCurrentDpiInfo
NtGdiDdDDIOpenAdapterFromHdc
NtGdiDdDDICreateAllocation
NtGdiDdDDIOpenResource
NtGdiDdDDICreateSynchronizationObject
NtGdiDdDDIWaitForSynchronizationObject
NtGdiDdDDISignalSynchronizationObject
NtGdiDdDDINetDispStartMiracastDisplayDevice
NtGdiDdDDISetVidPnSourceOwner
NtDxgkPinResources
NtDxgkUnpinResources
NtGdiGetEntry
NtGdiDeleteObjectApp
NtGdiFlush
NtGdiEqualRgn
NtGdiExtCreateRegion
NtGdiCreateHalftonePalette
NtGdiPolyPolyDraw
NtGdiCreateRectRgn
NtGdiRectInRegion
NtGdiCombineRgn
NtGdiOffsetRgn
NtGdiGetRgnBox
NtGdiSetRectRgn
NtGdiGetRegionData
NtGdiEngMarkBandingSurface
NtGdiEngLineTo
NtGdiEngGradientFill
NtGdiEngFillPath
NtGdiEngEraseSurface
NtGdiEngDeleteSurface
NtGdiEngDeletePath
NtGdiEngDeletePalette
NtGdiEngDeleteClip
NtGdiEngCreatePalette
NtGdiEngCreateDeviceSurface
NtGdiEngCreateDeviceBitmap
NtGdiEngCreateClip
NtGdiEngCreateBitmap
NtGdiEngCopyBits
NtGdiEngCheckAbort
NtGdiEngBitBlt
NtGdiEngAssociateSurface
NtGdiEngAlphaBlend
NtGdiEndGdiRendering
NtGdiEnableEudc
NtGdiDestroyPhysicalMonitor
NtGdiDestroyOPMProtectedOutput
NtGdiDdQueryVisRgnUniqueness
NtGdiDdNotifyFullscreenSpriteUpdate
NtGdiDdDestroyFullscreenSprite
NtGdiDdCreateFullscreenSprite
NtGdiDDCCISetVCPFeature
NtGdiDDCCISaveCurrentSettings
NtGdiDDCCIGetVCPFeature
NtGdiDDCCIGetTimingReport
NtGdiDDCCIGetCapabilitiesStringLength
NtGdiDDCCIGetCapabilitiesString
NtGdiCreateOPMProtectedOutputs
NtGdiCreateOPMProtectedOutput
NtGdiCreateBitmapFromDxSurface2
NtGdiCreateBitmapFromDxSurface
NtGdiConfigureOPMProtectedOutput
NtGdiCLIPOBJ_ppoGetPath
NtGdiCLIPOBJ_cEnumStart
NtGdiCLIPOBJ_bEnum
NtGdiBeginGdiRendering
NtGdiBRUSHOBJ_ulGetBrushColor
NtGdiBRUSHOBJ_pvGetRbrush
NtGdiBRUSHOBJ_pvAllocRbrush
NtGdiBRUSHOBJ_hGetColorTransform
NtGdiInitSpool
api-ms-win-gdi-internal-uap-l1-1-0
SetMetaRgn
PtInRegion
ModerncoreGdiInit
MF16_DeleteObject
GetRandomRgn
GdiSupportsFontChangeEvent
GdiDllInitialize
UnloadUserModePrinterDriver
DeleteColorSpace
IcmDeleteLocalDC
plinkGet
MF_DeleteObject
vFreeUFIHashTable
DeleteEMFSpoolData
DocumentEventEx
hdcCreateDCW
vDeleteLOCALFONT
IcmReleaseCachedColorSpace
FillRgn
CreateRoundRectRgn
SetPolyFillModeImpl
SelectObjectImpl
SelectClipRgnImpl
IntersectClipRectImpl
AbortDocImpl
api-ms-win-eventing-provider-l1-1-0
EventRegister
EventProviderEnabled
EventUnregister
EventWriteTransfer
EventSetInformation
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
Exports
Exports
AbortDoc
AbortPath
AddFontMemResourceEx
AddFontResourceA
AddFontResourceExA
AddFontResourceExW
AddFontResourceTracking
AddFontResourceW
AngleArc
AnimatePalette
AnyLinkedFonts
Arc
ArcTo
BRUSHOBJ_hGetColorTransform
BRUSHOBJ_pvAllocRbrush
BRUSHOBJ_pvGetRbrush
BRUSHOBJ_ulGetBrushColor
BeginGdiRendering
BeginPath
BitBlt
CLIPOBJ_bEnum
CLIPOBJ_cEnumStart
CLIPOBJ_ppoGetPath
CancelDC
CheckColorsInGamut
ChoosePixelFormat
Chord
ClearBitmapAttributes
ClearBrushAttributes
CloseEnhMetaFile
CloseFigure
CloseMetaFile
ColorCorrectPalette
ColorMatchToTarget
CombineRgn
CombineTransform
ConfigureOPMProtectedOutput
CopyEnhMetaFileA
CopyEnhMetaFileW
CopyMetaFileA
CopyMetaFileW
CreateBitmap
CreateBitmapFromDxSurface
CreateBitmapFromDxSurface2
CreateBitmapIndirect
CreateBrushIndirect
CreateColorSpaceA
CreateColorSpaceW
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDCExW
CreateDCW
CreateDIBPatternBrush
CreateDIBPatternBrushPt
CreateDIBSection
CreateDIBitmap
CreateDPIScaledDIBSection
CreateDiscardableBitmap
CreateEllipticRgn
CreateEllipticRgnIndirect
CreateEnhMetaFileA
CreateEnhMetaFileW
CreateFontA
CreateFontIndirectA
CreateFontIndirectExA
CreateFontIndirectExW
CreateFontIndirectW
CreateFontW
CreateHalftonePalette
CreateHatchBrush
CreateICA
CreateICW
CreateMetaFileA
CreateMetaFileW
CreateOPMProtectedOutput
CreateOPMProtectedOutputs
CreatePalette
CreatePatternBrush
CreatePen
CreatePenIndirect
CreatePolyPolygonRgn
CreatePolygonRgn
CreateRectRgn
CreateRectRgnIndirect
CreateRoundRectRgn
CreateScalableFontResourceA
CreateScalableFontResourceW
CreateScaledCompatibleBitmap
CreateSessionMappedDIBSection
CreateSolidBrush
D3DKMTAbandonSwapChain
D3DKMTAcquireKeyedMutex
D3DKMTAcquireKeyedMutex2
D3DKMTAcquireSwapChain
D3DKMTAddSurfaceToSwapChain
D3DKMTAdjustFullscreenGamma
D3DKMTCacheHybridQueryValue
D3DKMTChangeVideoMemoryReservation
D3DKMTCheckExclusiveOwnership
D3DKMTCheckMonitorPowerState
D3DKMTCheckMultiPlaneOverlaySupport
D3DKMTCheckMultiPlaneOverlaySupport2
D3DKMTCheckMultiPlaneOverlaySupport3
D3DKMTCheckOcclusion
D3DKMTCheckSharedResourceAccess
D3DKMTCheckVidPnExclusiveOwnership
D3DKMTCloseAdapter
D3DKMTConfigureSharedResource
D3DKMTCreateAllocation
D3DKMTCreateAllocation2
D3DKMTCreateBundleObject
D3DKMTCreateContext
D3DKMTCreateContextVirtual
D3DKMTCreateDCFromMemory
D3DKMTCreateDevice
D3DKMTCreateHwContext
D3DKMTCreateHwQueue
D3DKMTCreateKeyedMutex
D3DKMTCreateKeyedMutex2
D3DKMTCreateOutputDupl
D3DKMTCreateOverlay
D3DKMTCreatePagingQueue
D3DKMTCreateProtectedSession
D3DKMTCreateSwapChain
D3DKMTCreateSynchronizationObject
D3DKMTCreateSynchronizationObject2
D3DKMTCreateTrackedWorkload
D3DKMTDDisplayEnum
D3DKMTDestroyAllocation
D3DKMTDestroyAllocation2
D3DKMTDestroyContext
D3DKMTDestroyDCFromMemory
D3DKMTDestroyDevice
D3DKMTDestroyHwContext
D3DKMTDestroyHwQueue
D3DKMTDestroyKeyedMutex
D3DKMTDestroyOutputDupl
D3DKMTDestroyOverlay
D3DKMTDestroyPagingQueue
D3DKMTDestroyProtectedSession
D3DKMTDestroySynchronizationObject
D3DKMTDestroyTrackedWorkload
D3DKMTDispMgrCreate
D3DKMTDispMgrOperation
D3DKMTDispMgrSourceOperation
D3DKMTDispMgrTargetOperation
D3DKMTDisplayPortOperation
D3DKMTDuplicateHandle
D3DKMTEnumAdapters
D3DKMTEnumAdapters2
D3DKMTEnumAdapters3
D3DKMTEscape
D3DKMTEvict
D3DKMTExtractBundleObject
D3DKMTFlipOverlay
D3DKMTFlushHeapTransitions
D3DKMTFreeGpuVirtualAddress
D3DKMTGetAllocationPriority
D3DKMTGetAvailableTrackedWorkloadIndex
D3DKMTGetCachedHybridQueryValue
D3DKMTGetContextInProcessSchedulingPriority
D3DKMTGetContextSchedulingPriority
D3DKMTGetDWMVerticalBlankEvent
D3DKMTGetDeviceState
D3DKMTGetDisplayModeList
D3DKMTGetMemoryBudgetTarget
D3DKMTGetMultiPlaneOverlayCaps
D3DKMTGetMultisampleMethodList
D3DKMTGetOverlayState
D3DKMTGetPostCompositionCaps
D3DKMTGetPresentHistory
D3DKMTGetPresentQueueEvent
D3DKMTGetProcessDeviceRemovalSupport
D3DKMTGetProcessList
D3DKMTGetProcessSchedulingPriorityBand
D3DKMTGetProcessSchedulingPriorityClass
D3DKMTGetResourcePresentPrivateDriverData
D3DKMTGetRuntimeData
D3DKMTGetScanLine
D3DKMTGetSetSwapChainMetadata
D3DKMTGetSharedPrimaryHandle
D3DKMTGetSharedResourceAdapterLuid
D3DKMTGetTrackedWorkloadStatistics
D3DKMTGetYieldPercentage
D3DKMTInvalidateActiveVidPn
D3DKMTInvalidateCache
D3DKMTLock
D3DKMTLock2
D3DKMTMakeResident
D3DKMTMapGpuVirtualAddress
D3DKMTMarkDeviceAsError
D3DKMTNetDispGetNextChunkInfo
D3DKMTNetDispQueryMiracastDisplayDeviceStatus
D3DKMTNetDispQueryMiracastDisplayDeviceSupport
D3DKMTNetDispStartMiracastDisplayDevice
D3DKMTNetDispStartMiracastDisplayDevice2
D3DKMTNetDispStartMiracastDisplayDeviceEx
D3DKMTNetDispStopMiracastDisplayDevice
D3DKMTOfferAllocations
D3DKMTOpenAdapterFromDeviceName
D3DKMTOpenAdapterFromGdiDisplayName
D3DKMTOpenAdapterFromHdc
D3DKMTOpenAdapterFromLuid
D3DKMTOpenBundleObjectNtHandleFromName
D3DKMTOpenKeyedMutex
D3DKMTOpenKeyedMutex2
D3DKMTOpenKeyedMutexFromNtHandle
D3DKMTOpenNtHandleFromName
D3DKMTOpenProtectedSessionFromNtHandle
D3DKMTOpenResource
D3DKMTOpenResource2
D3DKMTOpenResourceFromNtHandle
D3DKMTOpenSwapChain
D3DKMTOpenSyncObjectFromNtHandle
D3DKMTOpenSyncObjectFromNtHandle2
D3DKMTOpenSyncObjectNtHandleFromName
D3DKMTOpenSynchronizationObject
D3DKMTOutputDuplGetFrameInfo
D3DKMTOutputDuplGetMetaData
D3DKMTOutputDuplGetPointerShapeData
D3DKMTOutputDuplPresent
D3DKMTOutputDuplPresentToHwQueue
D3DKMTOutputDuplReleaseFrame
D3DKMTPinDirectFlipResources
D3DKMTPinResources
D3DKMTPollDisplayChildren
D3DKMTPresent
D3DKMTPresentMultiPlaneOverlay
D3DKMTPresentMultiPlaneOverlay2
D3DKMTPresentMultiPlaneOverlay3
D3DKMTPresentRedirected
D3DKMTQueryAdapterInfo
D3DKMTQueryAllocationResidency
D3DKMTQueryClockCalibration
D3DKMTQueryFSEBlock
D3DKMTQueryProcessOfferInfo
D3DKMTQueryProtectedSessionInfoFromNtHandle
D3DKMTQueryProtectedSessionStatus
D3DKMTQueryRemoteVidPnSourceFromGdiDisplayName
D3DKMTQueryResourceInfo
D3DKMTQueryResourceInfoFromNtHandle
D3DKMTQueryStatistics
D3DKMTQueryVidPnExclusiveOwnership
D3DKMTQueryVideoMemoryInfo
D3DKMTReclaimAllocations
D3DKMTReclaimAllocations2
D3DKMTRegisterTrimNotification
D3DKMTRegisterVailProcess
D3DKMTReleaseKeyedMutex
D3DKMTReleaseKeyedMutex2
D3DKMTReleaseProcessVidPnSourceOwners
D3DKMTReleaseSwapChain
D3DKMTRemoveSurfaceFromSwapChain
D3DKMTRender
D3DKMTReserveGpuVirtualAddress
D3DKMTResetTrackedWorkloadStatistics
D3DKMTSetAllocationPriority
D3DKMTSetContextInProcessSchedulingPriority
D3DKMTSetContextSchedulingPriority
D3DKMTSetDisplayMode
D3DKMTSetDisplayPrivateDriverFormat
D3DKMTSetDodIndirectSwapchain
D3DKMTSetFSEBlock
D3DKMTSetGammaRamp
D3DKMTSetHwProtectionTeardownRecovery
D3DKMTSetMemoryBudgetTarget
D3DKMTSetMonitorColorSpaceTransform
D3DKMTSetProcessDeviceRemovalSupport
D3DKMTSetProcessSchedulingPriorityBand
D3DKMTSetProcessSchedulingPriorityClass
D3DKMTSetQueuedLimit
D3DKMTSetStablePowerState
D3DKMTSetStereoEnabled
D3DKMTSetSyncRefreshCountWaitTarget
D3DKMTSetVidPnSourceHwProtection
D3DKMTSetVidPnSourceOwner
D3DKMTSetVidPnSourceOwner1
D3DKMTSetVidPnSourceOwner2
D3DKMTSetYieldPercentage
D3DKMTShareObjects
D3DKMTSharedPrimaryLockNotification
D3DKMTSharedPrimaryUnLockNotification
D3DKMTSignalSynchronizationObject
D3DKMTSignalSynchronizationObject2
D3DKMTSignalSynchronizationObjectFromCpu
D3DKMTSignalSynchronizationObjectFromGpu
D3DKMTSignalSynchronizationObjectFromGpu2
D3DKMTSubmitCommand
D3DKMTSubmitCommandToHwQueue
D3DKMTSubmitPresentBltToHwQueue
D3DKMTSubmitPresentToHwQueue
D3DKMTSubmitSignalSyncObjectsToHwQueue
D3DKMTSubmitWaitForSyncObjectsToHwQueue
D3DKMTTrimProcessCommitment
D3DKMTUnOrderedPresentSwapChain
D3DKMTUnlock
D3DKMTUnlock2
D3DKMTUnpinDirectFlipResources
D3DKMTUnpinResources
D3DKMTUnregisterTrimNotification
D3DKMTUpdateAllocationProperty
D3DKMTUpdateGpuVirtualAddress
D3DKMTUpdateOverlay
D3DKMTUpdateTrackedWorkload
D3DKMTVailConnect
D3DKMTVailDisconnect
D3DKMTVailPromoteCompositionSurface
D3DKMTWaitForIdle
D3DKMTWaitForSynchronizationObject
D3DKMTWaitForSynchronizationObject2
D3DKMTWaitForSynchronizationObjectFromCpu
D3DKMTWaitForSynchronizationObjectFromGpu
D3DKMTWaitForVerticalBlankEvent
D3DKMTWaitForVerticalBlankEvent2
DDCCIGetCapabilitiesString
DDCCIGetCapabilitiesStringLength
DDCCIGetTimingReport
DDCCIGetVCPFeature
DDCCISaveCurrentSettings
DDCCISetVCPFeature
DPtoLP
DdCreateFullscreenSprite
DdDestroyFullscreenSprite
DdEntry0
DdEntry1
DdEntry10
DdEntry11
DdEntry12
DdEntry13
DdEntry14
DdEntry15
DdEntry16
DdEntry17
DdEntry18
DdEntry19
DdEntry2
DdEntry20
DdEntry21
DdEntry22
DdEntry23
DdEntry24
DdEntry25
DdEntry26
DdEntry27
DdEntry28
DdEntry29
DdEntry3
DdEntry30
DdEntry31
DdEntry32
DdEntry33
DdEntry34
DdEntry35
DdEntry36
DdEntry37
DdEntry38
DdEntry39
DdEntry4
DdEntry40
DdEntry41
DdEntry42
DdEntry43
DdEntry44
DdEntry45
DdEntry46
DdEntry47
DdEntry48
DdEntry49
DdEntry5
DdEntry50
DdEntry51
DdEntry52
DdEntry53
DdEntry54
DdEntry55
DdEntry56
DdEntry6
DdEntry7
DdEntry8
DdEntry9
DdNotifyFullscreenSpriteUpdate
DdQueryVisRgnUniqueness
DeleteColorSpace
DeleteDC
DeleteEnhMetaFile
DeleteMetaFile
DeleteObject
DescribePixelFormat
DestroyOPMProtectedOutput
DestroyPhysicalMonitorInternal
DeviceCapabilitiesExA
DeviceCapabilitiesExW
DrawEscape
DwmCreatedBitmapRemotingOutput
DxTrimNotificationListHead
Ellipse
EnableEUDC
EndDoc
EndFormPage
EndGdiRendering
EndPage
EndPath
EngAcquireSemaphore
EngAlphaBlend
EngAssociateSurface
EngBitBlt
EngCheckAbort
EngComputeGlyphSet
EngCopyBits
EngCreateBitmap
EngCreateClip
EngCreateDeviceBitmap
EngCreateDeviceSurface
EngCreatePalette
EngCreateSemaphore
EngDeleteClip
EngDeletePalette
EngDeletePath
EngDeleteSemaphore
EngDeleteSurface
EngEraseSurface
EngFillPath
EngFindResource
EngFreeModule
EngGetCurrentCodePage
EngGetDriverName
EngGetPrinterDataFileName
EngGradientFill
EngLineTo
EngLoadModule
EngLockSurface
EngMarkBandingSurface
EngMultiByteToUnicodeN
EngMultiByteToWideChar
EngPaint
EngPlgBlt
EngQueryEMFInfo
EngQueryLocalTime
EngReleaseSemaphore
EngStretchBlt
EngStretchBltROP
EngStrokeAndFillPath
EngStrokePath
EngTextOut
EngTransparentBlt
EngUnicodeToMultiByteN
EngUnlockSurface
EngWideCharToMultiByte
EnumEnhMetaFile
EnumFontFamiliesA
EnumFontFamiliesExA
EnumFontFamiliesExW
EnumFontFamiliesW
EnumFontsA
EnumFontsW
EnumICMProfilesA
EnumICMProfilesW
EnumMetaFile
EnumObjects
EqualRgn
Escape
EudcLoadLinkW
EudcUnloadLinkW
ExcludeClipRect
ExtCreatePen
ExtCreateRegion
ExtEscape
ExtFloodFill
ExtSelectClipRgn
ExtTextOutA
ExtTextOutW
FONTOBJ_cGetAllGlyphHandles
FONTOBJ_cGetGlyphs
FONTOBJ_pQueryGlyphAttrs
FONTOBJ_pfdg
FONTOBJ_pifi
FONTOBJ_pvTrueTypeFontFile
FONTOBJ_pxoGetXform
FONTOBJ_vGetInfo
FillPath
FillRgn
FixBrushOrgEx
FlattenPath
FloodFill
FontIsLinked
FrameRgn
Gdi32DllInitialize
GdiAddFontResourceW
GdiAddGlsBounds
GdiAddGlsRecord
GdiAddInitialFonts
GdiAlphaBlend
GdiArtificialDecrementDriver
GdiBatchLimit
GdiCleanCacheDC
GdiComment
GdiConsoleTextOut
GdiConvertAndCheckDC
GdiConvertBitmap
Sections
.text Size: 57KB - Virtual size: 57KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 79KB - Virtual size: 78KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 984B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
kd_02_10ec/KBDROPR.DLL.dll windows:10 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
kbdropr.pdb
Exports
Exports
KbdLayerDescriptor
Sections
.text Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 216B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
kd_02_10ec/MFWMAAEC.DLL.dll regsvr32 windows:10 windows x64 arch:x64
9940b576bb8728c139dbcb218a545077
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
MFWMAAEC.pdb
Imports
msvcrt
fflush
rand
srand
strcpy_s
ferror
_wfopen
_isnan
_purecall
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
free
_callnewh
malloc
fclose
fseek
sin
swprintf_s
wcscat_s
fwrite
atan2
atan2f
cos
cosf
expf
floor
log10
log10f
logf
memcmp
memcpy
memset
pow
powf
sinf
api-ms-win-core-libraryloader-l1-2-0
GetProcAddress
GetModuleFileNameW
LoadLibraryExA
api-ms-win-core-registry-l2-1-0
RegCreateKeyW
api-ms-win-core-registry-l1-1-0
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
QueryPerformanceFrequency
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
TerminateProcess
api-ms-win-core-sysinfo-l1-1-0
GetTickCount
GetSystemTimeAsFileTime
api-ms-win-core-rtlsupport-l1-1-0
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
UnhandledExceptionFilter
api-ms-win-eventing-provider-l1-1-0
EventUnregister
EventRegister
EventWriteTransfer
api-ms-win-core-synch-l1-1-0
DeleteCriticalSection
SetEvent
InitializeCriticalSection
LeaveCriticalSection
WaitForSingleObject
EnterCriticalSection
api-ms-win-core-com-l1-1-0
CoTaskMemFree
PropVariantClear
CoTaskMemAlloc
CoCreateInstance
api-ms-win-core-sysinfo-l1-2-0
VerSetConditionMask
api-ms-win-core-kernel32-legacy-l1-1-1
VerifyVersionInfoW
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
msdmo
MoFreeMediaType
MoInitMediaType
DMORegister
MoCopyMediaType
DMOUnregister
api-ms-win-core-handle-l1-1-0
CloseHandle
oleaut32
SysFreeString
SysAllocString
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 222KB - Virtual size: 222KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 168KB - Virtual size: 167KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 51KB - Virtual size: 52KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
kd_02_10ec/kd_02_10ec.dll.dll windows:10 windows x64 arch:x64
Code Sign
33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8dCertificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before05/05/2022, 19:23Not After04/05/2023, 19:23SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19/10/2011, 18:41Not After19/10/2026, 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
9b:e3:ac:69:b1:5e:fc:dc:0e:a2:f9:6f:fb:8b:81:5c:6e:77:4a:07:64:c6:b6:a0:a2:3a:69:62:70:03:87:beSigner
Actual PE Digest9b:e3:ac:69:b1:5e:fc:dc:0e:a2:f9:6f:fb:8b:81:5c:6e:77:4a:07:64:c6:b6:a0:a2:3a:69:62:70:03:87:beDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
kd_02_10ec.pdb
Exports
Exports
KdInitializeLibrary
Sections
.text Size: 351KB - Virtual size: 350KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 168B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.00cfg Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.edata Size: 512B - Virtual size: 85B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 512B - Virtual size: 54B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
GFIDS Size: 512B - Virtual size: 60B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
kd_02_10ec/kd_02_14e4.dll.dll windows:10 windows x64 arch:x64
Code Sign
33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8dCertificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before05/05/2022, 19:23Not After04/05/2023, 19:23SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19/10/2011, 18:41Not After19/10/2026, 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
99:7c:42:19:bb:b3:eb:76:b4:b2:e4:41:30:18:a6:75:6e:21:d2:47:2f:1f:10:32:8f:f2:3c:d4:a3:54:11:30Signer
Actual PE Digest99:7c:42:19:bb:b3:eb:76:b4:b2:e4:41:30:18:a6:75:6e:21:d2:47:2f:1f:10:32:8f:f2:3c:d4:a3:54:11:30Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
kd_02_14e4.pdb
Exports
Exports
KdInitializeLibrary
Sections
.text Size: 152KB - Virtual size: 152KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 40KB - Virtual size: 746KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.00cfg Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.edata Size: 512B - Virtual size: 85B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 512B - Virtual size: 54B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
GFIDS Size: 512B - Virtual size: 500B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 580B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
mtxclu/imapi.dll.dll regsvr32 windows:10 windows x64 arch:x64
9def3e189009b6ddc4ab75d0e8190ac6
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
imapi.pdb
Imports
msvcrt
_CxxThrowException
__RTDynamicCast
memcmp
memcpy
memset
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
realloc
_errno
_initterm
_amsg_exit
_XcptFilter
_callnewh
_wremove
_vsnwprintf
wcscat_s
wcscpy_s
wcsstr
wcsncpy_s
malloc
free
_purecall
memcpy_s
__CxxFrameHandler3
__C_specific_handler
wcscmp
ntdll
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
user32
UnregisterClassA
CharNextW
advapi32
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegQueryValueExW
TraceMessage
RegCloseKey
RegQueryInfoKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
ole32
CoTaskMemFree
CoTaskMemAlloc
PropVariantClear
StringFromGUID2
CreateStreamOnHGlobal
CoTaskMemRealloc
CoCreateInstance
oleaut32
LoadRegTypeLi
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
VarBstrCat
SysAllocStringByteLen
SysStringByteLen
GetErrorInfo
DispCallFunc
VariantClear
LoadTypeLi
SafeArrayDestroy
SysAllocStringLen
SysStringLen
SysAllocString
SysFreeString
VarUI4FromStr
SystemTimeToVariantTime
VariantInit
shlwapi
SHCreateStreamOnFileEx
kernel32
GetTempFileNameW
GetVolumeInformationW
CreateMutexW
SetEvent
LocalFree
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
ResetEvent
ReleaseMutex
SizeofResource
FileTimeToSystemTime
GlobalFree
GlobalAlloc
GetDateFormatW
InitializeCriticalSectionAndSpinCount
CreateEventW
CloseHandle
DisableThreadLibraryCalls
WaitForSingleObject
LoadLibraryExW
lstrcmpiW
FreeLibrary
GetModuleHandleW
DeleteCriticalSection
GetProcAddress
LoadResource
FindResourceExW
RaiseException
GetLastError
MultiByteToWideChar
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
EnterCriticalSection
GetTempPathW
LocalAlloc
WideCharToMultiByte
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 98KB - Virtual size: 98KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 948B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
mtxclu/itircl.dll.dll regsvr32 windows:10 windows x64 arch:x64
380ae0a373c6ac6b63d2802c179548cd
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
itircl.pdb
Imports
msvcrt
memmove
_initterm
_amsg_exit
__CxxFrameHandler3
memcpy
memcmp
_XcptFilter
_callnewh
malloc
_vsnprintf
strncmp
free
_purecall
__C_specific_handler
?terminate@@YAXXZ
memset
kernel32
DeleteFileA
UnmapViewOfFile
VirtualFree
GlobalSize
GetCurrentDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleFileNameA
VirtualProtect
VirtualAlloc
LoadLibraryExA
GetModuleHandleA
MultiByteToWideChar
GetLastError
DisableThreadLibraryCalls
GetSystemInfo
HeapDestroy
WideCharToMultiByte
lstrcmpiA
VirtualQuery
GlobalReAlloc
CompareStringW
GetACP
CompareStringA
GetUserDefaultLCID
GetVersionExA
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
lstrlenA
GetFullPathNameA
LocalLock
LocalAlloc
LocalFree
LocalUnlock
GetProcAddress
GetTempFileNameA
GetTempPathA
OpenFile
SetFilePointer
OutputDebugStringA
WriteFile
ReadFile
MapViewOfFile
GlobalFlags
CreateFileA
CloseHandle
GlobalHandle
CreateFileMappingA
GetFileSize
user32
CharUpperA
CharNextA
LoadStringA
advapi32
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
ole32
ReadClassStm
WriteClassStm
CoTaskMemFree
StringFromCLSID
CoCreateInstance
CoGetClassObject
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 157KB - Virtual size: 157KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 25KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
mtxclu/mtxclu.dll.dll windows:10 windows x64 arch:x64
d21ac5e21e55f5b9ee93d732d6cbb672
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
mtxclu.pdb
Imports
ntdll
RtlFreeHeap
RtlImageNtHeader
RtlAllocateHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCreateServiceSid
RtlReportException
RtlCaptureContext
RtlNtStatusToDosError
RtlInitUnicodeString
api-ms-win-core-registry-l1-1-0
RegSetValueExW
RegFlushKey
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueW
api-ms-win-core-string-l1-1-0
WideCharToMultiByte
CompareStringW
MultiByteToWideChar
api-ms-win-core-com-l1-1-0
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CoGetObjectContext
api-ms-win-service-management-l1-1-0
DeleteService
CreateServiceW
OpenSCManagerW
CloseServiceHandle
OpenServiceW
api-ms-win-security-sddl-l1-1-0
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
ConvertSidToStringSidW
rpcrt4
UuidFromStringW
UuidToStringW
RpcStringFreeW
UuidCreate
UuidFromStringA
UuidToStringA
RpcStringFreeA
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter
api-ms-win-core-heap-l2-1-0
LocalAlloc
LocalFree
api-ms-win-service-winsvc-l1-1-0
StartServiceA
ControlService
QueryServiceStatus
OpenSCManagerA
api-ms-win-core-file-l1-1-0
RemoveDirectoryW
FindFirstFileW
CreateFileW
FindClose
SetFileAttributesW
GetFullPathNameW
FindNextFileW
DeleteFileW
CreateDirectoryW
GetFileAttributesW
api-ms-win-security-base-l1-1-0
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
MakeSelfRelativeSD
AdjustTokenPrivileges
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetTokenInformation
MakeAbsoluteSD
DuplicateTokenEx
GetSecurityDescriptorLength
GetLengthSid
AddAccessAllowedAceEx
InitializeAcl
InitializeSecurityDescriptor
FreeSid
AddAce
IsWellKnownSid
SetSecurityDescriptorDacl
CopySid
GetAclInformation
GetSidLengthRequired
AllocateAndInitializeSid
EqualSid
GetAce
GetSecurityDescriptorDacl
api-ms-win-service-management-l2-1-0
ChangeServiceConfigW
ChangeServiceConfig2W
QueryServiceStatusEx
QueryServiceConfigW
api-ms-win-service-core-l1-1-1
EnumServicesStatusExW
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
GetEnvironmentVariableW
GetCommandLineA
api-ms-win-core-sysinfo-l1-1-0
GetLocalTime
GetComputerNameExW
GetSystemWindowsDirectoryA
GetSystemInfo
GetTickCount
GetSystemDirectoryW
GetSystemTimeAsFileTime
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-libraryloader-l1-2-0
LoadResource
GetModuleFileNameW
DisableThreadLibraryCalls
LoadStringW
LockResource
GetModuleHandleW
LoadLibraryExA
GetProcAddress
GetModuleHandleExA
FindResourceExW
FreeLibrary
LoadLibraryExW
api-ms-win-core-processthreads-l1-1-0
SetThreadStackGuarantee
CreateProcessW
TerminateProcess
TlsFree
GetCurrentProcess
SetThreadToken
GetExitCodeProcess
GetCurrentThreadId
TlsSetValue
OpenThreadToken
GetCurrentThread
OpenProcessToken
GetCurrentProcessId
TlsAlloc
TlsGetValue
api-ms-win-security-lsalookup-l2-1-0
LookupAccountNameW
api-ms-win-core-synch-l1-1-0
ReleaseSemaphore
CreateSemaphoreExW
CreateEventW
DeleteCriticalSection
WaitForSingleObject
CreateEventA
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
ResetEvent
InitializeCriticalSection
WaitForSingleObjectEx
EnterCriticalSection
SetEvent
ws2_32
WSAGetLastError
FreeAddrInfoW
GetAddrInfoW
api-ms-win-core-debug-l1-1-0
DebugBreak
OutputDebugStringW
IsDebuggerPresent
api-ms-win-core-psapi-l1-1-0
QueryFullProcessImageNameW
bcrypt
BCryptGenerateSymmetricKey
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptExportKey
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptDestroyKey
api-ms-win-core-string-obsolete-l1-1-0
lstrcmpiW
lstrcmpW
cryptsp
CryptGenKey
CryptReleaseContext
CryptGetUserKey
CryptDecrypt
CryptImportKey
CryptExportKey
CryptDestroyKey
CryptEncrypt
CryptAcquireContextW
CryptSetProvParam
api-ms-win-security-lsapolicy-l1-1-0
LsaClose
advapi32
DeregisterEventSource
LookupPrivilegeValueA
RegEnumKeyA
RegEnumKeyW
RegDeleteKeyA
RegDeleteKeyW
RegisterEventSourceW
ReportEventW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
EnumServicesStatusExA
RegConnectRegistryW
kernel32
UnregisterWaitEx
QueueUserWorkItem
msvcrt
_initterm
_callnewh
malloc
_waccess
_wfopen
strchr
fopen
fflush
fclose
fprintf
fwprintf
_vsnprintf
wcsrchr
mbstowcs
_purecall
_stricmp
_wcsnicmp
wcstombs
_ltoa
_ltow
atol
_wtol
iswalpha
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memmove
_XcptFilter
_amsg_exit
wcscpy_s
??1type_info@@UEAA@XZ
_wcsicmp
_onexit
_ultow
_local_unwind
memcmp
memset
__dllonexit
__CxxFrameHandler3
_vsnwprintf
_unlock
_lock
_wcsdup
?terminate@@YAXXZ
wcschr
__C_specific_handler
free
wcscmp
clusapi
ClusterResourceTypeEnum
GetClusterResourceKey
CloseCluster
CloseClusterResource
ClusterRegOpenKey
GetClusterResourceNetworkName
ClusterRegCloseKey
GetClusterResourceState
ClusterRegDeleteValue
OpenClusterResourceEx
ClusterRegEnumKey
ClusterRegQueryValue
OfflineClusterResource
ClusterRegSetValue
ClusterRegCreateKey
ClusterRegDeleteKey
ClusterGroupEnum
ClusterControl
OpenClusterGroupEx
OnlineClusterResource
ClusterResourceControl
ClusterResourceTypeControl
ClusterRegQueryInfoKey
ClusterResourceTypeGetEnumCount
GetClusterKey
ClusterGroupOpenEnum
ClusterRegEnumValue
ClusterResourceTypeOpenEnum
CloseClusterGroup
ClusterResourceTypeCloseEnum
OpenClusterEx
CreateClusterNotifyPort
GetClusterNotify
GetClusterResourceTypeKey
ClusterGroupCloseEnum
ClusterGetEnumCount
GetNodeClusterState
ClusterOpenEnum
ClusterEnum
ClusterCloseEnum
resutils
ResUtilEnumResourcesEx
ResUtilGetResourceDependencyByName
ResUtilPropertyListFromParameterBlock
ResUtilSetPropertyTable
ResUtilGetProperties
ResUtilGetResourceDependencyByClass
ResUtilDupParameterBlock
ResUtilSetPropertyParameterBlock
ClusWorkerTerminate
ResUtilVerifyPropertyTable
ResUtilEnumProperties
ResUtilFindSzProperty
ResUtilTerminateServiceProcessFromResDll
ClusWorkerCheckTerminate
ResUtilFindBinaryProperty
ResUtilGetPropertiesToParameterBlock
ClusWorkerCreate
msdtcprx
CreateLegacyTmInstance
CreateTmInstanceForRemoteAdmin
CreateLocalTmInstance
CreateRemoteProxyTmInstance
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-version-l1-1-0
VerQueryValueW
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-memory-l1-1-0
VirtualAlloc
VirtualQuery
VirtualProtect
Exports
Exports
FailedClusterAPIToEventLog
MtxCluBringOnlineDTCW
MtxCluClearClusterTmMappings
MtxCluCreateClusterProxyTmInstance
MtxCluCreateClusterTmInstance
MtxCluCreateTmInstanceForVirtualServer
MtxCluEnumerateClusterTmMappings
MtxCluEnumerateDtcResources
MtxCluEnumerateDtcResourcesEx
MtxCluGetActiveClusterNode
MtxCluGetClusterResourceIdFromName
MtxCluGetComputerNameW
MtxCluGetDTCResourceForResource
MtxCluGetDTCStatusW
MtxCluGetDTCVirtualServerNameW
MtxCluGetDefaultClusterResource
MtxCluGetDefaultClusterResourceNonAdmin
MtxCluGetDtcDiskResourceDrive
MtxCluGetNameFromResourceIdString
MtxCluGetNameFromResourceIdStringNonAdmin
MtxCluGetResourceId
MtxCluGetResourceIdStringFromName
MtxCluGetSecurityRegValue
MtxCluGetTmResource
MtxCluGetVirtualServerToken
MtxCluIsClusterPresent
MtxCluIsClusterPresentExW
MtxCluIsNetworkNameInLocalClusterW
MtxCluIsSameClusterW
MtxCluIsSameNodeW
MtxCluRemoveClusterTmMappingByName
MtxCluSetClusterTmMapping
MtxCluSetDefaultClusterResource
MtxCluSetSecurityRegValue
MtxCluTakeOfflineDTCW
MtxCluVerifyLogPathInDependantDiskResource
MtxCluVerifyLogPathIsValidCSV
Startup
Sections
.text Size: 201KB - Virtual size: 200KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 210KB - Virtual size: 209KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
mtxclu/nlhtml.dll.dll regsvr32 windows:10 windows x64 arch:x64
c8e3f082cd2a7e37deae3dec52d0a7da
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
nlhtml.pdb
Imports
msvcrt
wcsncmp
_wtoi
wcsrchr
_XcptFilter
_amsg_exit
_initterm
__C_specific_handler
_lock
_unlock
__dllonexit
_onexit
malloc
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
memset
iswalpha
_wcsupr
memmove
memcpy
_wtol
_CxxThrowException
iswdigit
wcschr
_wcsicmp
towupper
wcstoul
bsearch
_wcsnicmp
_purecall
free
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
_wcslwr_s
iswspace
??0exception@@QEAA@XZ
realloc
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
__CxxFrameHandler3
wcscmp
api-ms-win-core-libraryloader-l1-2-0
LoadStringW
FindResourceExW
LoadResource
GetProcAddress
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameA
DisableThreadLibraryCalls
GetModuleHandleExW
FreeLibrary
api-ms-win-core-synch-l1-1-0
CreateMutexExW
AcquireSRWLockExclusive
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
OpenSemaphoreW
ReleaseSRWLockExclusive
ReleaseSemaphore
CreateSemaphoreExW
api-ms-win-core-heap-l1-1-0
HeapFree
HeapAlloc
GetProcessHeap
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError
api-ms-win-core-heap-l2-1-0
GlobalFree
GlobalAlloc
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
api-ms-win-core-localization-l1-2-0
GetLocaleInfoW
GetSystemDefaultLCID
IsDBCSLeadByteEx
GetCPInfo
IsValidCodePage
FormatMessageW
api-ms-win-core-debug-l1-1-0
DebugBreak
OutputDebugStringW
IsDebuggerPresent
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-string-l1-1-0
MultiByteToWideChar
CompareStringW
GetStringTypeW
WideCharToMultiByte
api-ms-win-core-com-l1-1-0
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
oleaut32
SysAllocStringLen
SysFreeString
SysAllocString
VarR8FromStr
api-ms-win-core-localization-l1-2-2
LCIDToLocaleName
api-ms-win-core-string-obsolete-l1-1-0
lstrcmpiW
api-ms-win-core-registry-l1-1-0
RegOpenKeyExW
RegCloseKey
RegEnumKeyExW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
api-ms-win-core-sysinfo-l1-1-0
GetTickCount
GetVersionExW
GetSystemTime
GetSystemTimeAsFileTime
GetVersionExA
api-ms-win-core-memory-l1-1-0
CreateFileMappingW
FlushViewOfFile
UnmapViewOfFile
MapViewOfFile
api-ms-win-core-file-l1-1-0
SetEndOfFile
CreateFileW
GetFileSize
SetFilePointer
api-ms-win-core-timezone-l1-1-0
SystemTimeToFileTime
api-ms-win-core-synch-l1-2-0
Sleep
WakeAllConditionVariable
SleepConditionVariableSRW
api-ms-win-core-rtlsupport-l1-1-0
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
api-ms-win-core-processenvironment-l1-1-0
SearchPathW
api-ms-win-core-localization-obsolete-l1-2-0
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 95KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 80KB - Virtual size: 79KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
setup.msi.msi
-
systemcpl/pnrpsvc.dll.dll windows:10 windows x64 arch:x64
37f774d87f855a0f404a69308f3151da
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
pnrpsvc.pdb
Imports
msvcrt
_lock
wcsncmp
swscanf_s
_wcsnicmp
_unlock
wcschr
_onexit
strcmp
_purecall
memmove
_initterm
memcmp
iswdigit
__dllonexit
_stricmp
free
_vsnwprintf
iswalpha
towlower
printf
_wcsicmp
qsort_s
?terminate@@YAXXZ
memset
_vsnprintf
__C_specific_handler
wcscat_s
memcpy
malloc
_amsg_exit
_XcptFilter
__CxxFrameHandler3
wcscmp
ntdll
RtlIpv4AddressToStringExW
RtlFreeUnicodeString
EtwTraceMessage
RtlStringFromGUID
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
RtlIpv6AddressToStringExW
api-ms-win-core-libraryloader-l1-2-0
GetModuleHandleExW
FreeLibrary
GetProcAddress
LoadLibraryExW
DisableThreadLibraryCalls
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
OpenThreadToken
SetThreadToken
OpenProcessToken
GetCurrentThreadId
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetTickCount
api-ms-win-core-errorhandling-l1-1-0
UnhandledExceptionFilter
SetUnhandledExceptionFilter
kernel32
DuplicateHandle
SwitchToThread
GetFileAttributesW
CreateDirectoryW
DebugBreak
DeleteTimerQueueTimer
CreateTimerQueueTimer
DeviceIoControl
CreateThread
WaitForMultipleObjectsEx
SystemTimeToFileTime
FileTimeToSystemTime
ExitProcess
GetVersionExW
LocalFree
GetCurrentThread
SetLastError
CopyFileExW
DeleteFileW
MultiByteToWideChar
WideCharToMultiByte
WaitForSingleObject
ResetEvent
UnregisterWaitEx
SetEvent
RegisterWaitForSingleObjectEx
CreateEventW
CompareStringA
CompareFileTime
WriteFile
CloseHandle
ReadFile
GetFileSize
CreateFileW
GetLastError
GetProcessHeap
HeapAlloc
HeapReAlloc
HeapFree
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
api-ms-win-core-registry-l1-1-0
RegNotifyChangeKeyValue
RegSetValueExW
RegEnumValueW
RegDeleteKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
RegQueryValueExW
rpcrt4
RpcServerUseProtseqW
I_RpcBindingInqTransportType
UuidCreate
NdrServerCallAll
NdrServerCall2
RpcBindingVectorFree
RpcServerRegisterAuthInfoW
RpcBindingInqAuthClientW
RpcStringFreeW
RpcStringBindingParseW
I_RpcExceptionFilter
RpcImpersonateClient
RpcServerRegisterIfEx
RpcBindingToStringBindingW
RpcEpRegisterW
RpcServerUnregisterIfEx
RpcStringBindingComposeW
RpcSsContextLockExclusive
NdrClientCall3
RpcBindingFromStringBindingW
RpcBindingSetAuthInfoExW
RpcBindingFree
RpcErrorStartEnumeration
RpcRevertToSelf
RpcErrorGetNextRecord
RpcRaiseException
RpcErrorEndEnumeration
RpcServerInqBindings
UuidToStringW
api-ms-win-security-base-l1-1-0
CopySid
GetTokenInformation
EqualSid
GetWindowsAccountDomainSid
CheckTokenMembership
CreateWellKnownSid
RevertToSelf
api-ms-win-service-core-l1-1-0
SetServiceStatus
RegisterServiceCtrlHandlerExW
api-ms-win-core-heap-l2-1-0
LocalAlloc
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-security-grouppolicy-l1-1-0
UnregisterGPNotificationInternal
RegisterGPNotificationInternal
api-ms-win-service-management-l1-1-0
OpenServiceW
StartServiceW
CloseServiceHandle
OpenSCManagerW
api-ms-win-service-winsvc-l1-1-0
QueryServiceStatus
Exports
Exports
IMServiceMain
SVCServiceMain
SvchostPushServiceGlobals
Sections
.text Size: 285KB - Virtual size: 284KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 44KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 1024B - Virtual size: 848B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
systemcpl/provthrd.dll.dll windows:10 windows x64 arch:x64
664f98a16e717d758a9217e003bc7587
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
provthrd.pdb
Imports
msvcrt
_unlock
_lock
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
__C_specific_handler
_initterm
_amsg_exit
__dllonexit
_onexit
_XcptFilter
realloc
memset
strnlen
_purecall
_itoa_s
malloc
_itow_s
_ui64tow_s
_ultow_s
_ltow_s
__RTtypeid
memcpy
??8type_info@@QEBAHAEBV0@@Z
iswalnum
iswalpha
iswspace
_CxxThrowException
iswxdigit
iswdigit
wcstombs
isdigit
mbstowcs
_wtol
_wcsicmp
towlower
free
__CxxFrameHandler3
_vsnwprintf
_vsnprintf
wcscmp
wbemcomn
GetLoggingLevelEnabled
DebugTrace
api-ms-win-core-heap-l1-1-0
HeapAlloc
HeapDestroy
GetProcessHeap
HeapReAlloc
HeapFree
api-ms-win-core-errorhandling-l1-1-0
SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
api-ms-win-core-synch-l1-1-0
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
EnterCriticalSection
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-libraryloader-l1-2-0
DisableThreadLibraryCalls
oleaut32
SysAllocString
SysFreeString
SysAllocStringLen
VariantChangeTypeEx
VariantCopy
VariantClear
VariantInit
ws2_32
ntohs
htons
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-rtlsupport-l1-1-0
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetTickCount
GetSystemTimeAsFileTime
api-ms-win-core-localization-l1-2-0
LCMapStringW
Exports
Exports
??$CompareElements@PEAGPEAG@@YAHPEBQEAG0@Z
??$HashKey@PEAG@@YAIPEAG@Z
??0CBString@@QEAA@H@Z
??0CBString@@QEAA@PEBG@Z
??0CBString@@QEAA@XZ
??0Conjunctions@@QEAA@K@Z
??0Disjunctions@@QEAA@KK@Z
??0PartitionSet@@QEAA@AEBV0@@Z
??0PartitionSet@@QEAA@XZ
??0ProvAnalyser@@QEAA@AEBV0@@Z
??0ProvAnalyser@@QEAA@PEBG@Z
??0ProvBitStringType@@QEAA@AEBV0@@Z
??0ProvBitStringType@@QEAA@PEBG@Z
??0ProvBitStringType@@QEAA@PEBGAEBVProvOctetString@@@Z
??0ProvBitStringType@@QEAA@PEBGPEAPEBGAEBK@Z
??0ProvCounter64@@QEAA@AEBV0@@Z
??0ProvCounter64@@QEAA@KK@Z
??0ProvCounter64Type@@QEAA@AEBV0@@Z
??0ProvCounter64Type@@QEAA@AEBVProvCounter64@@@Z
??0ProvCounter64Type@@QEAA@KK@Z
??0ProvCounter64Type@@QEAA@PEBG@Z
??0ProvCounter64Type@@QEAA@XZ
??0ProvCounter@@QEAA@AEBV0@@Z
??0ProvCounter@@QEAA@K@Z
??0ProvCounterType@@QEAA@AEBV0@@Z
??0ProvCounterType@@QEAA@AEBVProvCounter@@@Z
??0ProvCounterType@@QEAA@K@Z
??0ProvCounterType@@QEAA@PEBG@Z
??0ProvCounterType@@QEAA@XZ
??0ProvDateTimeType@@QEAA@AEBV0@@Z
??0ProvDateTimeType@@QEAA@AEBVProvOctetString@@@Z
??0ProvDateTimeType@@QEAA@PEBG@Z
??0ProvDateTimeType@@QEAA@XZ
??0ProvDebugLog@@QEAA@D@Z
??0ProvDisplayStringType@@QEAA@AEBV0@@Z
??0ProvDisplayStringType@@QEAA@AEBVProvOctetString@@PEBG@Z
??0ProvDisplayStringType@@QEAA@PEBG0@Z
??0ProvDisplayStringType@@QEAA@PEBG@Z
??0ProvEnumeratedType@@QEAA@AEBV0@@Z
??0ProvEnumeratedType@@QEAA@PEBG0@Z
??0ProvEnumeratedType@@QEAA@PEBG@Z
??0ProvEnumeratedType@@QEAA@PEBGAEBJ@Z
??0ProvEnumeratedType@@QEAA@PEBGAEBVProvInteger@@@Z
??0ProvEventObject@@QEAA@AEBV0@@Z
??0ProvEventObject@@QEAA@PEBG@Z
??0ProvFixedLengthDisplayStringType@@QEAA@AEBK@Z
??0ProvFixedLengthDisplayStringType@@QEAA@AEBKAEBVProvOctetString@@@Z
??0ProvFixedLengthDisplayStringType@@QEAA@AEBKPEBG@Z
??0ProvFixedLengthDisplayStringType@@QEAA@AEBV0@@Z
??0ProvFixedLengthOctetStringType@@QEAA@AEBK@Z
??0ProvFixedLengthOctetStringType@@QEAA@AEBKAEBVProvOctetString@@@Z
??0ProvFixedLengthOctetStringType@@QEAA@AEBKPEBE@Z
??0ProvFixedLengthOctetStringType@@QEAA@AEBKPEBG@Z
??0ProvFixedLengthOctetStringType@@QEAA@AEBV0@@Z
??0ProvFixedLengthOpaqueType@@QEAA@AEBK@Z
??0ProvFixedLengthOpaqueType@@QEAA@AEBKAEBVProvOpaque@@@Z
??0ProvFixedLengthOpaqueType@@QEAA@AEBKPEBEK@Z
??0ProvFixedLengthOpaqueType@@QEAA@AEBKPEBG@Z
??0ProvFixedLengthOpaqueType@@QEAA@AEBV0@@Z
??0ProvFixedLengthPhysAddressType@@QEAA@AEBK@Z
??0ProvFixedLengthPhysAddressType@@QEAA@AEBKAEBVProvOctetString@@@Z
??0ProvFixedLengthPhysAddressType@@QEAA@AEBKPEBG@Z
??0ProvFixedLengthPhysAddressType@@QEAA@AEBV0@@Z
??0ProvFixedType@@QEAA@AEBV0@@Z
??0ProvFixedType@@QEAA@K@Z
??0ProvGauge@@QEAA@AEBV0@@Z
??0ProvGauge@@QEAA@J@Z
??0ProvGaugeType@@QEAA@AEBV0@@Z
??0ProvGaugeType@@QEAA@AEBVProvGauge@@PEBG@Z
??0ProvGaugeType@@QEAA@KPEBG@Z
??0ProvGaugeType@@QEAA@PEBG0@Z
??0ProvGaugeType@@QEAA@PEBG@Z
??0ProvInstanceType@@IEAA@AEBV0@@Z
??0ProvInstanceType@@IEAA@HH@Z
??0ProvInteger@@QEAA@AEBV0@@Z
??0ProvInteger@@QEAA@J@Z
??0ProvIntegerType@@QEAA@AEBV0@@Z
??0ProvIntegerType@@QEAA@AEBVProvInteger@@PEBG@Z
??0ProvIntegerType@@QEAA@JPEBG@Z
??0ProvIntegerType@@QEAA@PEBG0@Z
??0ProvIntegerType@@QEAA@PEBG@Z
??0ProvIpAddress@@QEAA@AEBV0@@Z
??0ProvIpAddress@@QEAA@K@Z
??0ProvIpAddress@@QEAA@PEBD@Z
??0ProvIpAddressType@@QEAA@AEBV0@@Z
??0ProvIpAddressType@@QEAA@AEBVProvIpAddress@@@Z
??0ProvIpAddressType@@QEAA@K@Z
??0ProvIpAddressType@@QEAA@PEBG@Z
??0ProvIpAddressType@@QEAA@XZ
??0ProvLexicon@@QEAA@XZ
??0ProvMacAddressType@@QEAA@AEBV0@@Z
??0ProvMacAddressType@@QEAA@AEBVProvOctetString@@@Z
??0ProvMacAddressType@@QEAA@PEBE@Z
??0ProvMacAddressType@@QEAA@PEBG@Z
??0ProvMacAddressType@@QEAA@XZ
??0ProvNegativeRangeType@@QEAA@AEBV0@@Z
??0ProvNegativeRangeType@@QEAA@JJ@Z
??0ProvNegativeRangeType@@QEAA@XZ
??0ProvNetworkAddressType@@QEAA@AEBV0@@Z
??0ProvNetworkAddressType@@QEAA@AEBVProvIpAddress@@@Z
??0ProvNetworkAddressType@@QEAA@K@Z
??0ProvNetworkAddressType@@QEAA@PEBG@Z
??0ProvNetworkAddressType@@QEAA@XZ
??0ProvNull@@QEAA@XZ
??0ProvNullType@@QEAA@AEBV0@@Z
??0ProvNullType@@QEAA@AEBVProvNull@@@Z
??0ProvNullType@@QEAA@XZ
??0ProvOSIAddressType@@QEAA@AEBV0@@Z
??0ProvOSIAddressType@@QEAA@AEBVProvOctetString@@@Z
??0ProvOSIAddressType@@QEAA@PEBEK@Z
??0ProvOSIAddressType@@QEAA@PEBG@Z
??0ProvOSIAddressType@@QEAA@XZ
??0ProvObjectIdentifier@@QEAA@AEBV0@@Z
??0ProvObjectIdentifier@@QEAA@PEBD@Z
??0ProvObjectIdentifier@@QEAA@PEBKK@Z
??0ProvObjectIdentifierType@@QEAA@AEBV0@@Z
??0ProvObjectIdentifierType@@QEAA@AEBVProvObjectIdentifier@@@Z
??0ProvObjectIdentifierType@@QEAA@PEBG@Z
??0ProvObjectIdentifierType@@QEAA@PEBKK@Z
??0ProvObjectIdentifierType@@QEAA@XZ
??0ProvOctetString@@QEAA@AEBV0@@Z
??0ProvOctetString@@QEAA@PEBEK@Z
??0ProvOctetStringType@@QEAA@AEBV0@@Z
??0ProvOctetStringType@@QEAA@AEBVProvOctetString@@PEBG@Z
??0ProvOctetStringType@@QEAA@PEBEKPEBG@Z
??0ProvOctetStringType@@QEAA@PEBG0@Z
??0ProvOctetStringType@@QEAA@PEBG@Z
??0ProvOpaque@@QEAA@AEBV0@@Z
??0ProvOpaque@@QEAA@PEBEK@Z
??0ProvOpaqueType@@QEAA@AEBV0@@Z
??0ProvOpaqueType@@QEAA@AEBVProvOpaque@@PEBG@Z
??0ProvOpaqueType@@QEAA@PEBEKPEBG@Z
??0ProvOpaqueType@@QEAA@PEBG0@Z
??0ProvOpaqueType@@QEAA@PEBG@Z
??0ProvPhysAddressType@@QEAA@AEBV0@@Z
??0ProvPhysAddressType@@QEAA@AEBVProvOctetString@@PEBG@Z
??0ProvPhysAddressType@@QEAA@PEBEKPEBG@Z
??0ProvPhysAddressType@@QEAA@PEBG0@Z
??0ProvPhysAddressType@@QEAA@PEBG@Z
??0ProvPositiveRangeType@@QEAA@AEBV0@@Z
??0ProvPositiveRangeType@@QEAA@KJ@Z
??0ProvPositiveRangeType@@QEAA@XZ
??0ProvPositiveRangedType@@QEAA@AEBV0@@Z
??0ProvPositiveRangedType@@QEAA@PEBG@Z
??0ProvRowStatusType@@QEAA@AEBJ@Z
??0ProvRowStatusType@@QEAA@AEBV0@@Z
??0ProvRowStatusType@@QEAA@AEBVProvInteger@@@Z
??0ProvRowStatusType@@QEAA@AEBW4ProvRowStatusEnum@0@@Z
??0ProvRowStatusType@@QEAA@PEBG@Z
??0ProvRowStatusType@@QEAA@XZ
??0ProvTimeTicks@@QEAA@AEBV0@@Z
??0ProvTimeTicks@@QEAA@K@Z
??0ProvTimeTicksType@@QEAA@AEBV0@@Z
??0ProvTimeTicksType@@QEAA@AEBVProvTimeTicks@@@Z
??0ProvTimeTicksType@@QEAA@K@Z
??0ProvTimeTicksType@@QEAA@PEBG@Z
??0ProvTimeTicksType@@QEAA@XZ
??0ProvUDPAddressType@@QEAA@AEBV0@@Z
??0ProvUDPAddressType@@QEAA@AEBVProvOctetString@@@Z
??0ProvUDPAddressType@@QEAA@PEBE@Z
??0ProvUDPAddressType@@QEAA@PEBG@Z
??0ProvUDPAddressType@@QEAA@XZ
??0ProvUInteger32@@QEAA@AEBV0@@Z
??0ProvUInteger32@@QEAA@J@Z
??0ProvValue@@AEAA@AEBV0@@Z
??0ProvValue@@IEAA@XZ
??0QueryPreprocessor@@QEAA@AEBV0@@Z
??0QueryPreprocessor@@QEAA@XZ
??0WmiAndNode@@QEAA@AEBV0@@Z
??0WmiAndNode@@QEAA@PEAVWmiTreeNode@@00@Z
??0WmiNotNode@@QEAA@AEBV0@@Z
??0WmiNotNode@@QEAA@PEAVWmiTreeNode@@0@Z
??0WmiNullNode@@QEAA@$$QEAV0@@Z
??0WmiNullNode@@QEAA@AEBV0@@Z
??0WmiNullNode@@QEAA@PEAGKPEAVWmiTreeNode@@@Z
??0WmiNullRangeNode@@QEAA@AEBV0@@Z
??0WmiNullRangeNode@@QEAA@PEAGKPEAVWmiTreeNode@@1@Z
??0WmiOperatorEqualNode@@QEAA@AEBV0@@Z
??0WmiOperatorEqualNode@@QEAA@PEAVWmiTreeNode@@0@Z
??0WmiOperatorEqualOrGreaterNode@@QEAA@AEBV0@@Z
??0WmiOperatorEqualOrGreaterNode@@QEAA@PEAVWmiTreeNode@@0@Z
??0WmiOperatorEqualOrLessNode@@QEAA@AEBV0@@Z
??0WmiOperatorEqualOrLessNode@@QEAA@PEAVWmiTreeNode@@0@Z
??0WmiOperatorGreaterNode@@QEAA@AEBV0@@Z
??0WmiOperatorGreaterNode@@QEAA@PEAVWmiTreeNode@@0@Z
??0WmiOperatorIsANode@@QEAA@AEBV0@@Z
??0WmiOperatorIsANode@@QEAA@PEAVWmiTreeNode@@0@Z
??0WmiOperatorLessNode@@QEAA@AEBV0@@Z
??0WmiOperatorLessNode@@QEAA@PEAVWmiTreeNode@@0@Z
??0WmiOperatorLikeNode@@QEAA@AEBV0@@Z
??0WmiOperatorLikeNode@@QEAA@PEAVWmiTreeNode@@0@Z
??0WmiOperatorNode@@QEAA@AEBV0@@Z
??0WmiOperatorNode@@QEAA@KPEAVWmiTreeNode@@0@Z
??0WmiOperatorNotEqualNode@@QEAA@AEBV0@@Z
??0WmiOperatorNotEqualNode@@QEAA@PEAVWmiTreeNode@@0@Z
??0WmiOperatorNotIsANode@@QEAA@AEBV0@@Z
??0WmiOperatorNotIsANode@@QEAA@PEAVWmiTreeNode@@0@Z
??0WmiOperatorNotLikeNode@@QEAA@AEBV0@@Z
??0WmiOperatorNotLikeNode@@QEAA@PEAVWmiTreeNode@@0@Z
??0WmiOrNode@@QEAA@AEBV0@@Z
??0WmiOrNode@@QEAA@PEAVWmiTreeNode@@00@Z
??0WmiRangeNode@@QEAA@AEBV0@@Z
??0WmiRangeNode@@QEAA@KPEAGKHHHHPEAVWmiTreeNode@@1@Z
??0WmiSignedIntegerNode@@QEAA@$$QEAV0@@Z
??0WmiSignedIntegerNode@@QEAA@AEBV0@@Z
??0WmiSignedIntegerNode@@QEAA@PEAGJKPEAVWmiTreeNode@@@Z
??0WmiSignedIntegerRangeNode@@QEAA@$$QEAV0@@Z
??0WmiSignedIntegerRangeNode@@QEAA@AEBV0@@Z
??0WmiSignedIntegerRangeNode@@QEAA@PEAGKHHHHJJPEAVWmiTreeNode@@1@Z
??0WmiStringNode@@QEAA@AEBV0@@Z
??0WmiStringNode@@QEAA@PEAG0W4WmiValueFunction@WmiValueNode@@1KPEAVWmiTreeNode@@@Z
??0WmiStringRangeNode@@QEAA@AEBV0@@Z
??0WmiStringRangeNode@@QEAA@PEAGKHHHH00PEAVWmiTreeNode@@1@Z
??0WmiTreeNode@@QEAA@AEBV0@@Z
??0WmiTreeNode@@QEAA@KPEAXPEAV0@11@Z
??0WmiTreeNode@@QEAA@PEAV0@@Z
??0WmiTreeNodeIterator@@QEAA@AEBV0@@Z
??0WmiTreeNodeIterator@@QEAA@PEAV0@@Z
??0WmiTreeNodeIterator@@QEAA@PEAVWmiTreeNode@@@Z
??0WmiUnsignedIntegerNode@@QEAA@$$QEAV0@@Z
??0WmiUnsignedIntegerNode@@QEAA@AEBV0@@Z
??0WmiUnsignedIntegerNode@@QEAA@PEAGKKPEAVWmiTreeNode@@@Z
??0WmiUnsignedIntegerRangeNode@@QEAA@$$QEAV0@@Z
??0WmiUnsignedIntegerRangeNode@@QEAA@AEBV0@@Z
??0WmiUnsignedIntegerRangeNode@@QEAA@PEAGKHHHHKKPEAVWmiTreeNode@@1@Z
??0WmiValueNode@@QEAA@AEBV0@@Z
??0WmiValueNode@@QEAA@KPEAGW4WmiValueFunction@0@1KPEAVWmiTreeNode@@@Z
??1CBString@@QEAA@XZ
??1Conjunctions@@QEAA@XZ
??1Disjunctions@@QEAA@XZ
??1PartitionSet@@UEAA@XZ
??1ProvAnalyser@@UEAA@XZ
??1ProvBitStringType@@UEAA@XZ
??1ProvCounter64@@UEAA@XZ
??1ProvCounter64Type@@UEAA@XZ
??1ProvCounter@@UEAA@XZ
??1ProvCounterType@@UEAA@XZ
??1ProvDateTimeType@@UEAA@XZ
??1ProvDisplayStringType@@UEAA@XZ
??1ProvEnumeratedType@@UEAA@XZ
??1ProvEventObject@@UEAA@XZ
??1ProvFixedLengthDisplayStringType@@UEAA@XZ
??1ProvFixedLengthOctetStringType@@UEAA@XZ
??1ProvFixedLengthOpaqueType@@UEAA@XZ
??1ProvFixedLengthPhysAddressType@@UEAA@XZ
??1ProvFixedType@@UEAA@XZ
??1ProvGauge@@UEAA@XZ
??1ProvGaugeType@@UEAA@XZ
??1ProvInstanceType@@UEAA@XZ
??1ProvInteger@@UEAA@XZ
??1ProvIntegerType@@UEAA@XZ
??1ProvIpAddress@@UEAA@XZ
??1ProvIpAddressType@@UEAA@XZ
??1ProvLexicon@@QEAA@XZ
??1ProvMacAddressType@@UEAA@XZ
??1ProvNegativeRangeType@@UEAA@XZ
??1ProvNetworkAddressType@@UEAA@XZ
??1ProvNull@@UEAA@XZ
??1ProvNullType@@UEAA@XZ
??1ProvOSIAddressType@@UEAA@XZ
??1ProvObjectIdentifier@@UEAA@XZ
??1ProvObjectIdentifierType@@UEAA@XZ
??1ProvOctetString@@UEAA@XZ
??1ProvOctetStringType@@UEAA@XZ
??1ProvOpaque@@UEAA@XZ
??1ProvOpaqueType@@UEAA@XZ
??1ProvPhysAddressType@@UEAA@XZ
??1ProvPositiveRangeType@@UEAA@XZ
??1ProvPositiveRangedType@@UEAA@XZ
??1ProvRowStatusType@@UEAA@XZ
??1ProvTimeTicks@@UEAA@XZ
??1ProvTimeTicksType@@UEAA@XZ
??1ProvUDPAddressType@@UEAA@XZ
??1ProvUInteger32@@UEAA@XZ
??1ProvValue@@UEAA@XZ
??1QueryPreprocessor@@UEAA@XZ
??1WmiAndNode@@UEAA@XZ
??1WmiNotNode@@UEAA@XZ
??1WmiNullNode@@UEAA@XZ
??1WmiNullRangeNode@@UEAA@XZ
??1WmiOperatorEqualNode@@UEAA@XZ
??1WmiOperatorEqualOrGreaterNode@@UEAA@XZ
??1WmiOperatorEqualOrLessNode@@UEAA@XZ
??1WmiOperatorGreaterNode@@UEAA@XZ
??1WmiOperatorIsANode@@UEAA@XZ
??1WmiOperatorLessNode@@UEAA@XZ
??1WmiOperatorLikeNode@@UEAA@XZ
??1WmiOperatorNode@@UEAA@XZ
??1WmiOperatorNotEqualNode@@UEAA@XZ
??1WmiOperatorNotIsANode@@UEAA@XZ
??1WmiOperatorNotLikeNode@@UEAA@XZ
??1WmiOrNode@@UEAA@XZ
??1WmiRangeNode@@UEAA@XZ
??1WmiSignedIntegerNode@@UEAA@XZ
??1WmiSignedIntegerRangeNode@@UEAA@XZ
??1WmiStringNode@@UEAA@XZ
??1WmiStringRangeNode@@UEAA@XZ
??1WmiTreeNode@@UEAA@XZ
??1WmiTreeNodeIterator@@UEAA@XZ
??1WmiUnsignedIntegerNode@@UEAA@XZ
??1WmiUnsignedIntegerRangeNode@@UEAA@XZ
??1WmiValueNode@@UEAA@XZ
??4CBString@@QEAAAEAV0@AEBV0@@Z
??4CBString@@QEAAAEBV0@PEBG@Z
??4Conjunctions@@QEAAAEAV0@AEBV0@@Z
??4Disjunctions@@QEAAAEAV0@AEBV0@@Z
??4PartitionSet@@QEAAAEAV0@AEBV0@@Z
??4ProvAnalyser@@QEAAAEAV0@AEBV0@@Z
??4ProvBitStringType@@QEAAAEAV0@AEBV0@@Z
??4ProvCounter64@@QEAAAEAVProvValue@@AEBV0@@Z
??4ProvCounter64Type@@QEAAAEAV0@AEBV0@@Z
??4ProvCounter@@QEAAAEAVProvValue@@AEBV0@@Z
??4ProvCounterType@@QEAAAEAV0@AEBV0@@Z
??4ProvDateTimeType@@QEAAAEAV0@AEBV0@@Z
??4ProvDebugLog@@QEAAAEAV0@$$QEAV0@@Z
??4ProvDebugLog@@QEAAAEAV0@AEBV0@@Z
??4ProvDisplayStringType@@QEAAAEAV0@AEBV0@@Z
??4ProvEnumeratedType@@QEAAAEAV0@AEBV0@@Z
??4ProvEventObject@@QEAAAEAV0@AEBV0@@Z
??4ProvFixedLengthDisplayStringType@@QEAAAEAV0@AEBV0@@Z
??4ProvFixedLengthOctetStringType@@QEAAAEAV0@AEBV0@@Z
??4ProvFixedLengthOpaqueType@@QEAAAEAV0@AEBV0@@Z
??4ProvFixedLengthPhysAddressType@@QEAAAEAV0@AEBV0@@Z
??4ProvFixedType@@QEAAAEAV0@AEBV0@@Z
??4ProvGauge@@QEAAAEAVProvValue@@AEBV0@@Z
??4ProvGaugeType@@QEAAAEAV0@AEBV0@@Z
??4ProvInstanceType@@QEAAAEAV0@AEBV0@@Z
??4ProvInteger@@QEAAAEAVProvValue@@AEBV0@@Z
??4ProvIntegerType@@QEAAAEAV0@AEBV0@@Z
??4ProvIpAddress@@QEAAAEAVProvValue@@AEBV0@@Z
??4ProvIpAddressType@@QEAAAEAV0@AEBV0@@Z
??4ProvLexicon@@QEAAAEAV0@AEBV0@@Z
??4ProvMacAddressType@@QEAAAEAV0@AEBV0@@Z
??4ProvNegativeRangeType@@QEAAAEAV0@AEBV0@@Z
??4ProvNetworkAddressType@@QEAAAEAV0@AEBV0@@Z
??4ProvNull@@QEAAAEAVProvValue@@AEBV0@@Z
??4ProvNullType@@QEAAAEAV0@AEBV0@@Z
??4ProvOSIAddressType@@QEAAAEAV0@AEBV0@@Z
??4ProvObjectIdentifier@@QEAAAEAVProvValue@@AEBV0@@Z
??4ProvObjectIdentifierType@@QEAAAEAV0@AEBV0@@Z
??4ProvOctetString@@QEAAAEAVProvValue@@AEBV0@@Z
??4ProvOctetStringType@@QEAAAEAV0@AEBV0@@Z
??4ProvOpaque@@QEAAAEAVProvValue@@AEBV0@@Z
??4ProvOpaqueType@@QEAAAEAV0@AEBV0@@Z
??4ProvPhysAddressType@@QEAAAEAV0@AEBV0@@Z
??4ProvPositiveRangeType@@QEAAAEAV0@AEBV0@@Z
??4ProvPositiveRangedType@@QEAAAEAV0@AEBV0@@Z
??4ProvRowStatusType@@QEAAAEAV0@AEBV0@@Z
??4ProvTimeTicks@@QEAAAEAVProvValue@@AEBV0@@Z
??4ProvTimeTicksType@@QEAAAEAV0@AEBV0@@Z
??4ProvUDPAddressType@@QEAAAEAV0@AEBV0@@Z
??4ProvUInteger32@@QEAAAEAVProvValue@@AEBV0@@Z
??4ProvValue@@AEAAAEAV0@AEBV0@@Z
??4QueryPreprocessor@@QEAAAEAV0@AEBV0@@Z
??4WmiAndNode@@QEAAAEAV0@AEBV0@@Z
??4WmiNotNode@@QEAAAEAV0@AEBV0@@Z
??4WmiNullNode@@QEAAAEAV0@$$QEAV0@@Z
??4WmiNullNode@@QEAAAEAV0@AEBV0@@Z
??4WmiNullRangeNode@@QEAAAEAV0@AEBV0@@Z
??4WmiOperatorEqualNode@@QEAAAEAV0@AEBV0@@Z
??4WmiOperatorEqualOrGreaterNode@@QEAAAEAV0@AEBV0@@Z
??4WmiOperatorEqualOrLessNode@@QEAAAEAV0@AEBV0@@Z
??4WmiOperatorGreaterNode@@QEAAAEAV0@AEBV0@@Z
??4WmiOperatorIsANode@@QEAAAEAV0@AEBV0@@Z
??4WmiOperatorLessNode@@QEAAAEAV0@AEBV0@@Z
??4WmiOperatorLikeNode@@QEAAAEAV0@AEBV0@@Z
??4WmiOperatorNode@@QEAAAEAV0@AEBV0@@Z
??4WmiOperatorNotEqualNode@@QEAAAEAV0@AEBV0@@Z
??4WmiOperatorNotIsANode@@QEAAAEAV0@AEBV0@@Z
??4WmiOperatorNotLikeNode@@QEAAAEAV0@AEBV0@@Z
??4WmiOrNode@@QEAAAEAV0@AEBV0@@Z
??4WmiRangeNode@@QEAAAEAV0@AEBV0@@Z
??4WmiSignedIntegerNode@@QEAAAEAV0@$$QEAV0@@Z
??4WmiSignedIntegerNode@@QEAAAEAV0@AEBV0@@Z
??4WmiSignedIntegerRangeNode@@QEAAAEAV0@$$QEAV0@@Z
??4WmiSignedIntegerRangeNode@@QEAAAEAV0@AEBV0@@Z
??4WmiStringNode@@QEAAAEAV0@AEBV0@@Z
??4WmiStringRangeNode@@QEAAAEAV0@AEBV0@@Z
??4WmiTreeNode@@QEAAAEAV0@AEBV0@@Z
??4WmiTreeNodeIterator@@QEAAAEAV0@AEBV0@@Z
??4WmiUnsignedIntegerNode@@QEAAAEAV0@$$QEAV0@@Z
??4WmiUnsignedIntegerNode@@QEAAAEAV0@AEBV0@@Z
??4WmiUnsignedIntegerRangeNode@@QEAAAEAV0@$$QEAV0@@Z
??4WmiUnsignedIntegerRangeNode@@QEAAAEAV0@AEBV0@@Z
??4WmiValueNode@@QEAAAEAV0@AEBV0@@Z
??8ProvInstanceType@@QEBAHAEBV0@@Z
??8ProvObjectIdentifier@@QEBAHAEBV0@@Z
??8ProvValue@@QEBAHAEBV0@@Z
??9ProvInstanceType@@QEBAHAEBV0@@Z
??9ProvObjectIdentifier@@QEBAHAEBV0@@Z
??9ProvValue@@QEBAHAEBV0@@Z
??AProvObjectIdentifier@@QEBAAEAKK@Z
??BProvAnalyser@@UEAAPEAXXZ
??BProvInstanceType@@UEAAPEAXXZ
??BProvPositiveRangedType@@UEAAPEAXXZ
??HProvObjectIdentifier@@QEBA?AV0@AEBV0@@Z
??MProvObjectIdentifier@@QEBAHAEBV0@@Z
??NProvObjectIdentifier@@QEBAHAEBV0@@Z
??OProvObjectIdentifier@@QEBAHAEBV0@@Z
??PProvObjectIdentifier@@QEBAHAEBV0@@Z
??RProvIpAddress@@QEBAPEAXXZ
??RProvObjectIdentifier@@QEBAPEAXXZ
??RProvOctetString@@QEBAPEAXXZ
??RProvOpaque@@QEBAPEAXXZ
??_7PartitionSet@@6B@
??_7ProvAnalyser@@6B@
??_7ProvBitStringType@@6BProvInstanceType@@@
??_7ProvBitStringType@@6BProvPositiveRangedType@@@
??_7ProvCounter64@@6B@
??_7ProvCounter64Type@@6B@
??_7ProvCounter@@6B@
??_7ProvCounterType@@6B@
??_7ProvDateTimeType@@6BProvInstanceType@@@
??_7ProvDateTimeType@@6BProvPositiveRangedType@@@
??_7ProvDisplayStringType@@6BProvInstanceType@@@
??_7ProvDisplayStringType@@6BProvPositiveRangedType@@@
??_7ProvEnumeratedType@@6BProvInstanceType@@@
??_7ProvEnumeratedType@@6BProvNegativeRangedType@@@
??_7ProvEventObject@@6B@
??_7ProvFixedLengthDisplayStringType@@6B@
??_7ProvFixedLengthDisplayStringType@@6BProvInstanceType@@@
??_7ProvFixedLengthDisplayStringType@@6BProvPositiveRangedType@@@
??_7ProvFixedLengthOctetStringType@@6B@
??_7ProvFixedLengthOctetStringType@@6BProvInstanceType@@@
??_7ProvFixedLengthOctetStringType@@6BProvPositiveRangedType@@@
??_7ProvFixedLengthOpaqueType@@6B@
??_7ProvFixedLengthOpaqueType@@6BProvInstanceType@@@
??_7ProvFixedLengthOpaqueType@@6BProvPositiveRangedType@@@
??_7ProvFixedLengthPhysAddressType@@6B@
??_7ProvFixedLengthPhysAddressType@@6BProvInstanceType@@@
??_7ProvFixedLengthPhysAddressType@@6BProvPositiveRangedType@@@
??_7ProvFixedType@@6B@
??_7ProvGauge@@6B@
??_7ProvGaugeType@@6BProvInstanceType@@@
??_7ProvGaugeType@@6BProvPositiveRangedType@@@
??_7ProvInstanceType@@6B@
??_7ProvInteger@@6B@
??_7ProvIntegerType@@6BProvInstanceType@@@
??_7ProvIntegerType@@6BProvNegativeRangedType@@@
??_7ProvIpAddress@@6B@
??_7ProvIpAddressType@@6B@
??_7ProvMacAddressType@@6B@
??_7ProvMacAddressType@@6BProvInstanceType@@@
??_7ProvMacAddressType@@6BProvPositiveRangedType@@@
??_7ProvNegativeRangeType@@6B@
??_7ProvNetworkAddressType@@6B@
??_7ProvNull@@6B@
??_7ProvNullType@@6B@
??_7ProvOSIAddressType@@6BProvInstanceType@@@
??_7ProvOSIAddressType@@6BProvPositiveRangedType@@@
??_7ProvObjectIdentifier@@6B@
??_7ProvObjectIdentifierType@@6B@
??_7ProvOctetString@@6B@
??_7ProvOctetStringType@@6BProvInstanceType@@@
??_7ProvOctetStringType@@6BProvPositiveRangedType@@@
??_7ProvOpaque@@6B@
??_7ProvOpaqueType@@6BProvInstanceType@@@
??_7ProvOpaqueType@@6BProvPositiveRangedType@@@
??_7ProvPhysAddressType@@6BProvInstanceType@@@
??_7ProvPhysAddressType@@6BProvPositiveRangedType@@@
??_7ProvPositiveRangeType@@6B@
??_7ProvPositiveRangedType@@6B@
??_7ProvRowStatusType@@6BProvInstanceType@@@
??_7ProvRowStatusType@@6BProvNegativeRangedType@@@
??_7ProvTimeTicks@@6B@
??_7ProvTimeTicksType@@6B@
??_7ProvUDPAddressType@@6B@
??_7ProvUDPAddressType@@6BProvInstanceType@@@
??_7ProvUDPAddressType@@6BProvPositiveRangedType@@@
??_7ProvUInteger32@@6B@
??_7ProvValue@@6B@
??_7QueryPreprocessor@@6B@
??_7WmiAndNode@@6B@
??_7WmiNotNode@@6B@
??_7WmiNullNode@@6B@
??_7WmiNullRangeNode@@6B@
??_7WmiOperatorEqualNode@@6B@
??_7WmiOperatorEqualOrGreaterNode@@6B@
??_7WmiOperatorEqualOrLessNode@@6B@
??_7WmiOperatorGreaterNode@@6B@
??_7WmiOperatorIsANode@@6B@
??_7WmiOperatorLessNode@@6B@
??_7WmiOperatorLikeNode@@6B@
??_7WmiOperatorNode@@6B@
??_7WmiOperatorNotEqualNode@@6B@
??_7WmiOperatorNotIsANode@@6B@
??_7WmiOperatorNotLikeNode@@6B@
??_7WmiOrNode@@6B@
??_7WmiRangeNode@@6B@
??_7WmiSignedIntegerNode@@6B@
??_7WmiSignedIntegerRangeNode@@6B@
??_7WmiStringNode@@6B@
??_7WmiStringRangeNode@@6B@
??_7WmiTreeNode@@6B@
??_7WmiTreeNodeIterator@@6B@
??_7WmiUnsignedIntegerNode@@6B@
??_7WmiUnsignedIntegerRangeNode@@6B@
??_7WmiValueNode@@6B@
??_FProvAnalyser@@QEAAXXZ
??_FProvDisplayStringType@@QEAAXXZ
Sections
.text Size: 162KB - Virtual size: 161KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 131KB - Virtual size: 130KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
systemcpl/spwizeng.dll.dll windows:10 windows x64 arch:x64
b9b5a59046cfc37a3a8e7318584d3e5d
Code Sign
33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66Certificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/03/2020, 18:30Not After03/03/2021, 18:30SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19/10/2011, 18:41Not After19/10/2026, 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
35:96:e9:d0:56:ca:ad:96:bd:7a:93:03:de:5f:1c:ad:14:c2:6c:58:e8:ab:69:19:1b:a6:1e:96:1b:09:3a:6aSigner
Actual PE Digest35:96:e9:d0:56:ca:ad:96:bd:7a:93:03:de:5f:1c:ad:14:c2:6c:58:e8:ab:69:19:1b:a6:1e:96:1b:09:3a:6aDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
spwizeng.pdb
Imports
msvcrt
__CxxFrameHandler3
__RTDynamicCast
memcmp
_wcsnicmp
wcsncmp
bsearch
_vsnwprintf
memmove
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
realloc
_errno
_initterm
_amsg_exit
_XcptFilter
wcscpy_s
_callnewh
wcsncpy_s
swprintf_s
__C_specific_handler
wcscspn
malloc
memmove_s
wcsrchr
memcpy
_wcsicoll
wcscoll
free
_wcslwr_s
wcsspn
_wcsupr_s
wcsstr
wcschr
_vscwprintf
wcspbrk
_purecall
vswprintf_s
iswspace
_wcsrev
_wcsicmp
memcpy_s
calloc
?terminate@@YAXXZ
memset
wdscore
ConstructPartialMsgVW
WdsSetupLogMessageW
CurrentIP
user32
GetMessageW
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
TranslateMessage
SetForegroundWindow
GetKeyState
IsWindowEnabled
LoadBitmapW
CreateDialogIndirectParamW
GetNextDlgTabItem
SetWindowRgn
CreateDialogParamW
PostMessageW
UnregisterClassW
GetClassInfoW
DefFrameProcW
IsDialogMessageW
RegisterClassW
DefMDIChildProcW
SetLayeredWindowAttributes
DialogBoxParamW
IsWindowVisible
EnableWindow
MonitorFromWindow
GetSystemMetrics
GetMonitorInfoW
PostQuitMessage
SystemParametersInfoW
EnumChildWindows
GetIconInfo
ShowWindow
SetTimer
GetWindowDC
DrawIconEx
LoadImageW
GetDlgCtrlID
GetWindowTextLengthW
GetWindow
DestroyWindow
FillRect
GetDlgItem
GetClientRect
CreateWindowExW
ScreenToClient
EndDialog
RegisterClassExW
LoadStringW
IsWindow
InvalidateRgn
RedrawWindow
ClientToScreen
DestroyAcceleratorTable
IsChild
SendDlgItemMessageW
DialogBoxIndirectParamW
MoveWindow
CreateAcceleratorTableW
SetFocus
CharNextW
SetPropW
SetWindowContextHelpId
GetClassNameW
SetCapture
UnregisterClassA
GetCursor
CreateIconIndirect
SetWindowLongPtrW
SetWindowPos
GetDC
GetFocus
GetWindowRect
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetCursor
LoadCursorW
TrackMouseEvent
EndPaint
BeginPaint
GetParent
GetWindowTextW
ReleaseCapture
RegisterWindowMessageW
GetClassInfoExW
GetDesktopWindow
SetWindowLongW
MapDialogRect
FindWindowExW
GetPropW
SetClassLongPtrW
NotifyWinEvent
SetThreadDesktop
ReleaseDC
InvalidateRect
UpdateWindow
DrawTextW
GetSysColor
FrameRect
MapWindowPoints
CopyRect
GetWindowLongPtrW
SetWindowTextW
KillTimer
SendMessageW
gdi32
Rectangle
CreateRoundRectRgn
CreatePen
RoundRect
AddFontResourceExW
RemoveFontResourceExW
CreatePatternBrush
GetStockObject
GetDeviceCaps
CreateDIBSection
GetLayout
StretchBlt
SetLayout
GetPixel
SetBkColor
CreateBitmap
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetTextMetricsW
DeleteDC
GetTextExtentPoint32W
SetTextColor
SetBkMode
GetObjectW
DeleteObject
CreateSolidBrush
CreateFontIndirectW
SetTextAlign
SetTextCharacterExtra
RemoveFontMemResourceEx
SetStretchBltMode
SetBrushOrgEx
GdiAlphaBlend
AddFontMemResourceEx
CreateDIBitmap
SetGraphicsMode
GetTextAlign
TextOutW
SetMapMode
SetWorldTransform
comctl32
InitCommonControlsEx
comdlg32
GetSaveFileNameW
oleaut32
LoadRegTypeLi
LoadTypeLi
OleCreateFontIndirect
SysStringByteLen
SysAllocString
VarBstrCmp
VarUI4FromStr
VariantInit
SysFreeString
SysReAllocStringLen
SysAllocStringLen
VariantChangeType
VariantClear
SysStringLen
kernel32
GetLocaleInfoW
SetThreadPreferredUILanguages
GetFullPathNameW
OutputDebugStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
DecodePointer
EncodePointer
LoadLibraryExA
VirtualAlloc
GetCurrentProcess
VirtualFree
HeapDestroy
HeapSize
GetTickCount
WaitForSingleObject
CreateMutexW
SetThreadPriority
GetProcessHeap
HeapAlloc
HeapReAlloc
HeapFree
GetTempFileNameW
CloseHandle
DeleteFileW
SetFileAttributesW
CreateFileW
GetTempPathW
WriteFile
CompareStringW
GetFileSizeEx
ReadFile
WideCharToMultiByte
GetVersionExW
VerSetConditionMask
LocalAlloc
GetSystemDirectoryW
GetModuleHandleExW
GetSystemDefaultUILanguage
GetLocaleInfoEx
ReleaseMutex
CreateEventW
GetExitCodeThread
SetEvent
SearchPathW
GetUserDefaultUILanguage
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetFileAttributesW
CreateThread
GetWindowsDirectoryW
LoadLibraryW
GetPrivateProfileStringW
ExpandEnvironmentStringsW
LoadLibraryExW
lstrcmpiW
FreeLibrary
GetModuleHandleW
GetProcAddress
DisableThreadLibraryCalls
MulDiv
lstrcmpW
GlobalUnlock
CopyFileW
GlobalLock
SizeofResource
GetEnvironmentVariableW
MultiByteToWideChar
FormatMessageW
LockResource
RaiseException
FindResourceExW
LoadResource
LocalFree
FindResourceW
Sleep
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GlobalHandle
SetLastError
GetModuleFileNameW
GetCurrentThreadId
GlobalAlloc
GlobalFree
ole32
CoTaskMemRealloc
CoUninitialize
CoInitializeEx
OleLockRunning
CLSIDFromString
OleInitialize
CreateStreamOnHGlobal
CLSIDFromProgID
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
CoGetClassObject
CoTaskMemFree
advapi32
RegQueryInfoKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegSetValueExW
RegEnumKeyExW
shell32
ShellExecuteW
rpcrt4
RpcStringFreeW
UuidToStringW
UuidCreate
uxlib
?GetLocaleName@CLocale@@QEAA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@XZ
??1CLayeredDriver@@QEAA@XZ
?GetName@CLayeredDriver@@QEAA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@XZ
?GetID@CLayeredDriver@@QEAA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@XZ
?GetAbbrevName@CLocale@@QEAA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@XZ
??1CLayeredDrivers@@QEAA@XZ
??1CKeyboardLayout@@QEAA@XZ
?GetLayoutID@CKeyboardLayout@@QEAA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@XZ
?GetLayoutName@CKeyboardLayout@@QEAA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@XZ
??0CLayeredDrivers@@QEAA@XZ
??1CLocales@@QEAA@XZ
?GetLocalizedName@CLanguage@@QEAA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@XZ
??0CKeyboardLayouts@@QEAA@XZ
??1CKeyboardLayouts@@QEAA@XZ
?GetDefaultLayout@CKeyboardLayouts@@QEAA?AVCKeyboardLayout@@XZ
?IsLanguageEnabled@CInternationalUtils@@SAHV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@0@Z
??1CLanguage@@QEAA@XZ
?GetAbbrevName@CLanguage@@QEAA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@XZ
?GetNativeDisplayName@CLanguage@@QEAA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@XZ
??0CLanguages@@QEAA@XZ
??1CLanguages@@QEAA@XZ
?GetLanguageNativeDisplayNameCount@CLanguages@@QEAAHXZ
??0CInternationalUtils@@QEAA@XZ
??1CInternationalUtils@@QEAA@XZ
??1CLocale@@QEAA@XZ
??0CLocales@@QEAA@XZ
ntdll
RtlFreeHeap
RtlAllocateHeap
RtlVerifyVersionInfo
NtQuerySystemInformation
Exports
Exports
??0?$CSimpleArray@PEAGV?$CSimpleArrayEqualHelper@PEAG@ATL@@@ATL@@QEAA@AEBV01@@Z
??0?$CSimpleArray@PEAGV?$CSimpleArrayEqualHelper@PEAG@ATL@@@ATL@@QEAA@XZ
??0?$CSimpleArray@PEAUIResourceModuleEvent@@V?$CSimpleArrayEqualHelper@PEAUIResourceModuleEvent@@@ATL@@@ATL@@QEAA@AEBV01@@Z
??0?$CSimpleArray@PEAUIResourceModuleEvent@@V?$CSimpleArrayEqualHelper@PEAUIResourceModuleEvent@@@ATL@@@ATL@@QEAA@XZ
??0?$CSimpleArray@PEAUKEYBOARD@@V?$CSimpleArrayEqualHelper@PEAUKEYBOARD@@@ATL@@@ATL@@QEAA@AEBV01@@Z
??0?$CSimpleArray@PEAUKEYBOARD@@V?$CSimpleArrayEqualHelper@PEAUKEYBOARD@@@ATL@@@ATL@@QEAA@XZ
??0?$CSimpleArray@PEAULANGUAGE@@V?$CSimpleArrayEqualHelper@PEAULANGUAGE@@@ATL@@@ATL@@QEAA@AEBV01@@Z
??0?$CSimpleArray@PEAULANGUAGE@@V?$CSimpleArrayEqualHelper@PEAULANGUAGE@@@ATL@@@ATL@@QEAA@XZ
??0?$CSimpleArray@PEAULOCALE@@V?$CSimpleArrayEqualHelper@PEAULOCALE@@@ATL@@@ATL@@QEAA@AEBV01@@Z
??0?$CSimpleArray@PEAULOCALE@@V?$CSimpleArrayEqualHelper@PEAULOCALE@@@ATL@@@ATL@@QEAA@XZ
??0?$CSimpleStringT@G$0A@@ATL@@QEAA@AEBV01@@Z
??0?$CSimpleStringT@G$0A@@ATL@@QEAA@AEBV?$CSimpleStringT@G$00@1@@Z
??0?$CSimpleStringT@G$0A@@ATL@@QEAA@PEAUIAtlStringMgr@1@@Z
??0?$CSimpleStringT@G$0A@@ATL@@QEAA@PEBGHPEAUIAtlStringMgr@1@@Z
??0?$CSimpleStringT@G$0A@@ATL@@QEAA@PEBGPEAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@AEBUtagVARIANT@@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@AEBUtagVARIANT@@PEAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@AEBV01@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@DH@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@GH@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBD@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBDH@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBDHPEAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBDPEAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBE@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBEPEAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBG@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBGH@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBGHPEAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBGPEAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@XZ
??0AppWindow@@QEAA@AEBV0@@Z
??0AppWindow@@QEAA@PEAVWizardUI@@I@Z
??0BranchWizStrategy@@QEAA@$$QEAV0@@Z
??0BranchWizStrategy@@QEAA@AEBV0@@Z
??0BranchWizStrategy@@QEAA@PEAVWizardEx@@@Z
??0CAnimation@@QEAA@AEBV0@@Z
??0CAnimation@@QEAA@XZ
??0CAnimationControl@@QEAA@AEBV0@@Z
??0CAnimationControl@@QEAA@XZ
??0CAttachDataDlg@@QEAA@AEBV0@@Z
??0CAttachDataDlg@@QEAA@PEAUHINSTANCE__@@0@Z
??0CCritSec@@QEAA@AEBV0@@Z
??0CCritSec@@QEAA@XZ
??0CCtlText@@QEAA@AEBV0@@Z
??0CCtlText@@QEAA@XZ
??0CCursor@@AEAA@XZ
??0CCursor@@QEAA@AEBV0@@Z
??0CCustomButtonEx@@AEAA@XZ
??0CCustomButtonEx@@QEAA@AEBV0@@Z
??0CCustomGraphicEx@@QEAA@AEBV0@@Z
??0CCustomGraphicEx@@QEAA@XZ
??0CDIB@@QEAA@XZ
??0CDrawBackground@@QEAA@AEBV0@@Z
??0CDrawBackground@@QEAA@XZ
??0CDrawItem@@QEAA@AEBV0@@Z
??0CDrawItem@@QEAA@XZ
??0CDrawItemComposite@@QEAA@AEBV0@@Z
??0CDrawItemComposite@@QEAA@XZ
??0CGenericNavWindow@@QEAA@AEBV0@@Z
??0CGenericNavWindow@@QEAA@PEAVAppWindow@@@Z
??0CHighContrast@@AEAA@XZ
??0CHighContrast@@QEAA@AEBV0@@Z
??0CResourceModule@@QEAA@AEBV0@@Z
??0CResourceModule@@QEAA@PEAUHINSTANCE__@@@Z
??0CResourceModule@@QEAA@PEAUHINSTANCE__@@PEBG@Z
??0CResourceModule@@QEAA@PEBG@Z
??0CRichEditControl@@QEAA@XZ
??0CScreenDIB@@QEAA@$$QEAV0@@Z
??0CScreenDIB@@QEAA@AEBV0@@Z
??0CScreenDIB@@QEAA@XZ
??0CScreenText@@QEAA@AEBV0@@Z
??0CScreenText@@QEAA@XZ
??0CWndObj@@QEAA@AEBV0@@Z
??0CWndObj@@QEAA@XZ
??0ChoiceWizStrategy@@QEAA@$$QEAV0@@Z
??0ChoiceWizStrategy@@QEAA@AEBV0@@Z
??0ChoiceWizStrategy@@QEAA@PEAVWizardEx@@@Z
??0ICreateNavbarWnd@@QEAA@AEBV0@@Z
??0ICreateNavbarWnd@@QEAA@XZ
??0ICreateProgressWnd@@QEAA@AEBV0@@Z
??0ICreateProgressWnd@@QEAA@XZ
??0IResourceModuleEvent@@QEAA@$$QEAU0@@Z
??0IResourceModuleEvent@@QEAA@AEBU0@@Z
??0IResourceModuleEvent@@QEAA@XZ
??0LanguageNeutralSelectionDialogBase@@QEAA@AEBV0@@Z
??0LanguageNeutralSelectionDialogBase@@QEAA@XZ
??0LanguageSelectionDialogBase@@QEAA@AEBV0@@Z
??0LanguageSelectionDialogBase@@QEAA@XZ
??0MyString@@QEAA@XZ
??0NavWindow@@QEAA@AEBV0@@Z
??0NavWindow@@QEAA@PEAVAppWindow@@@Z
??0NavigationStack@@QEAA@AEBV0@@Z
??0NavigationStack@@QEAA@XZ
??0Navigator@@AEAA@XZ
??0Navigator@@QEAA@AEBV0@@Z
??0PIDStringView@@QEAA@AEBV0@@Z
??0PIDStringView@@QEAA@XZ
??0PageContainer@@QEAA@AEBV0@@Z
??0PageContainer@@QEAA@XZ
??0ProtoPageDimensions@@QEAA@USimpleRect@@USimpleSize@@HH11MM@Z
??0ProtoPageDimensions@@QEAA@XZ
??0ProtoPageList@@QEAA@AEBV0@@Z
??0ProtoPageList@@QEAA@PEAVWizardDesciption@@KKKHPEAVICreateProgressWnd@@HPEAUtagSIZE@@PEAVICreateNavbarWnd@@UProtoPageDimensions@@KKH@Z
??0ProtoPageList@@QEAA@XZ
??0ScrWindow@@QEAA@AEBV0@@Z
??0ScrWindow@@QEAA@PEAVWizardUI@@I@Z
??0SimpleDialogBase@@QEAA@$$QEAV0@@Z
??0SimpleDialogBase@@QEAA@AEBV0@@Z
??0SimpleDialogBase@@QEAA@XZ
??0SimpleRect@@QEAA@HHHH@Z
??0SimpleRect@@QEAA@XZ
??0SimpleSize@@QEAA@HH@Z
??0SimpleSize@@QEAA@XZ
??0SimpleWizStrategy@@QEAA@$$QEAV0@@Z
??0SimpleWizStrategy@@QEAA@AEBV0@@Z
??0SimpleWizStrategy@@QEAA@PEAVWizardEx@@@Z
??0SummaryWizStrategy@@QEAA@$$QEAV0@@Z
??0SummaryWizStrategy@@QEAA@AEBV0@@Z
??0SummaryWizStrategy@@QEAA@PEAVWizardEx@@@Z
??0VariationWizStrategy@@QEAA@$$QEAV0@@Z
??0VariationWizStrategy@@QEAA@AEBV0@@Z
??0VariationWizStrategy@@QEAA@PEAVWizardEx@@AEBV?$CSimpleMap@HHV?$CSimpleMapEqualHelper@HH@ATL@@@ATL@@H@Z
??0Win32Navigator@@AEAA@XZ
??0Win32Navigator@@QEAA@AEBV0@@Z
??0Wiz_Node@@QEAA@AEBV0@@Z
??0Wiz_Node@@QEAA@I@Z
??0WizardBranch@@QEAA@$$QEAV0@@Z
??0WizardBranch@@QEAA@AEBV0@@Z
??0WizardBranch@@QEAA@IPEAPEAVWiz_Node@@@Z
??0WizardCollection@@QEAA@$$QEAV0@@Z
??0WizardCollection@@QEAA@AEBV0@@Z
??0WizardCollection@@QEAA@IIPEAPEAVWiz_Node@@@Z
??0WizardDesciption@@QEAA@$$QEAV0@@Z
??0WizardDesciption@@QEAA@AEBV0@@Z
??0WizardDesciption@@QEAA@IPEAPEAVWiz_Node@@@Z
??0WizardDialogPost@@QEAA@$$QEAV0@@Z
??0WizardDialogPost@@QEAA@AEBV0@@Z
??0WizardDialogPost@@QEAA@XZ
??0WizardDialogPre@@QEAA@$$QEAV0@@Z
??0WizardDialogPre@@QEAA@AEBV0@@Z
??0WizardDialogPre@@QEAA@XZ
??0WizardEx@@QEAA@AEBV0@@Z
??0WizardEx@@QEAA@XZ
??0WizardHandler@@QEAA@$$QEAV0@@Z
??0WizardHandler@@QEAA@AEBV0@@Z
??0WizardHandler@@QEAA@XZ
??0WizardNode@@QEAA@AEBV0@@Z
??0WizardNode@@QEAA@IIPEAVWizardEx@@PEAVWizardUI@@@Z
??0WizardNode@@QEAA@XZ
??0WizardPage@@QEAA@AEBV0@@Z
??0WizardPage@@QEAA@IIPEAVWizardEx@@PEAVWizardUI@@@Z
??0WizardRoot@@QEAA@AEBV0@@Z
??0WizardRoot@@QEAA@XZ
??0WizardStrategy@@QEAA@AEBV0@@Z
??0WizardStrategy@@QEAA@PEAVWizardEx@@@Z
??0WizardSummary@@QEAA@$$QEAV0@@Z
??0WizardSummary@@QEAA@AEBV0@@Z
??0WizardSummary@@QEAA@IPEAPEAVWiz_Node@@@Z
??0WizardUI@@QEAA@XZ
??0WizardVariation@@QEAA@AEBV0@@Z
??0WizardVariation@@QEAA@IPEAPEAVWiz_Node@@AEBV?$CSimpleMap@HHV?$CSimpleMapEqualHelper@HH@ATL@@@ATL@@PEBG@Z
??0Wizard_PageDesciption@@QEAA@AEBV0@@Z
??0Wizard_PageDesciption@@QEAA@KPEBG0KP6APEAVWizardRoot@@PEAVWizardPage@@@ZK@Z
??1?$CSimpleArray@PEAGV?$CSimpleArrayEqualHelper@PEAG@ATL@@@ATL@@QEAA@XZ
??1?$CSimpleArray@PEAUIResourceModuleEvent@@V?$CSimpleArrayEqualHelper@PEAUIResourceModuleEvent@@@ATL@@@ATL@@QEAA@XZ
??1?$CSimpleArray@PEAUKEYBOARD@@V?$CSimpleArrayEqualHelper@PEAUKEYBOARD@@@ATL@@@ATL@@QEAA@XZ
??1?$CSimpleArray@PEAULANGUAGE@@V?$CSimpleArrayEqualHelper@PEAULANGUAGE@@@ATL@@@ATL@@QEAA@XZ
??1?$CSimpleArray@PEAULOCALE@@V?$CSimpleArrayEqualHelper@PEAULOCALE@@@ATL@@@ATL@@QEAA@XZ
??1?$CSimpleStringT@G$0A@@ATL@@QEAA@XZ
??1?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@XZ
??1AppWindow@@UEAA@XZ
??1BranchWizStrategy@@UEAA@XZ
??1CAnimation@@UEAA@XZ
??1CAnimationControl@@UEAA@XZ
??1CAttachDataDlg@@QEAA@XZ
??1CCritSec@@UEAA@XZ
??1CCtlText@@UEAA@XZ
??1CCursor@@EEAA@XZ
??1CCustomButtonEx@@EEAA@XZ
??1CCustomGraphicEx@@UEAA@XZ
??1CDIB@@QEAA@XZ
??1CDrawBackground@@UEAA@XZ
??1CDrawItem@@UEAA@XZ
??1CDrawItemComposite@@UEAA@XZ
??1CGenericNavWindow@@UEAA@XZ
??1CHighContrast@@EEAA@XZ
??1CResourceModule@@QEAA@XZ
??1CScreenDIB@@UEAA@XZ
??1CScreenText@@UEAA@XZ
??1CWndObj@@UEAA@XZ
??1ChoiceWizStrategy@@UEAA@XZ
??1ICreateNavbarWnd@@UEAA@XZ
??1ICreateProgressWnd@@UEAA@XZ
??1LanguageNeutralSelectionDialogBase@@QEAA@XZ
??1LanguageSelectionDialogBase@@QEAA@XZ
??1NavWindow@@UEAA@XZ
??1NavigationStack@@UEAA@XZ
??1Navigator@@EEAA@XZ
??1PIDStringView@@UEAA@XZ
??1PageContainer@@UEAA@XZ
??1ScrWindow@@UEAA@XZ
??1SimpleWizStrategy@@UEAA@XZ
??1SummaryWizStrategy@@UEAA@XZ
??1VariationWizStrategy@@UEAA@XZ
??1Win32Navigator@@EEAA@XZ
??1Wiz_Node@@UEAA@XZ
??1WizardBranch@@UEAA@XZ
??1WizardCollection@@UEAA@XZ
??1WizardDesciption@@UEAA@XZ
??1WizardEx@@UEAA@XZ
??1WizardNode@@UEAA@XZ
??1WizardPage@@UEAA@XZ
??1WizardRoot@@UEAA@XZ
??1WizardStrategy@@UEAA@XZ
??1WizardSummary@@UEAA@XZ
??1WizardUI@@QEAA@XZ
??1WizardVariation@@UEAA@XZ
??1Wizard_PageDesciption@@UEAA@XZ
??4?$CSimpleArray@PEAGV?$CSimpleArrayEqualHelper@PEAG@ATL@@@ATL@@QEAAAEAV01@AEBV01@@Z
??4?$CSimpleArray@PEAUIResourceModuleEvent@@V?$CSimpleArrayEqualHelper@PEAUIResourceModuleEvent@@@ATL@@@ATL@@QEAAAEAV01@AEBV01@@Z
??4?$CSimpleArray@PEAUKEYBOARD@@V?$CSimpleArrayEqualHelper@PEAUKEYBOARD@@@ATL@@@ATL@@QEAAAEAV01@AEBV01@@Z
??4?$CSimpleArray@PEAULANGUAGE@@V?$CSimpleArrayEqualHelper@PEAULANGUAGE@@@ATL@@@ATL@@QEAAAEAV01@AEBV01@@Z
??4?$CSimpleArray@PEAULOCALE@@V?$CSimpleArrayEqualHelper@PEAULOCALE@@@ATL@@@ATL@@QEAAAEAV01@AEBV01@@Z
??4?$CSimpleStringT@G$0A@@ATL@@QEAAAEAV01@AEBV01@@Z
??4?$CSimpleStringT@G$0A@@ATL@@QEAAAEAV01@AEBV?$CSimpleStringT@G$00@1@@Z
??4?$CSimpleStringT@G$0A@@ATL@@QEAAAEAV01@PEBG@Z
??4?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@AEBUtagVARIANT@@@Z
??4?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@AEBV01@@Z
??4?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@D@Z
??4?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@G@Z
??4?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@PEBD@Z
??4?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@PEBE@Z
??4?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@PEBG@Z
??4AppWindow@@QEAAAEAV0@AEBV0@@Z
??4BranchWizStrategy@@QEAAAEAV0@$$QEAV0@@Z
??4BranchWizStrategy@@QEAAAEAV0@AEBV0@@Z
??4CAnimation@@QEAAAEAV0@AEBV0@@Z
??4CAnimationControl@@QEAAAEAV0@AEBV0@@Z
??4CAttachDataDlg@@QEAAAEAV0@AEBV0@@Z
??4CCritSec@@QEAAAEAV0@AEBV0@@Z
??4CCtlText@@QEAAAEAV0@AEBV0@@Z
??4CCursor@@QEAAAEAV0@AEBV0@@Z
??4CCustomButtonEx@@QEAAAEAV0@AEBV0@@Z
??4CCustomGraphicEx@@QEAAAEAV0@AEBV0@@Z
??4CDIB@@QEAAAEAV0@AEBV0@@Z
??4CDrawBackground@@QEAAAEAV0@AEBV0@@Z
??4CDrawItem@@QEAAAEAV0@AEBV0@@Z
??4CDrawItemComposite@@QEAAAEAV0@AEBV0@@Z
??4CGenericNavWindow@@QEAAAEAV0@AEBV0@@Z
??4CHighContrast@@QEAAAEAV0@AEBV0@@Z
??4CResourceModule@@QEAAAEAV0@AEBV0@@Z
??4CResourceModuleFactory@@QEAAAEAV0@$$QEAV0@@Z
??4CResourceModuleFactory@@QEAAAEAV0@AEBV0@@Z
??4CRichEditControl@@QEAAAEAV0@$$QEAV0@@Z
??4CRichEditControl@@QEAAAEAV0@AEBV0@@Z
??4CScreenDIB@@QEAAAEAV0@$$QEAV0@@Z
??4CScreenDIB@@QEAAAEAV0@AEBV0@@Z
??4CScreenText@@QEAAAEAV0@AEBV0@@Z
??4CWndObj@@QEAAAEAV0@AEBV0@@Z
??4ChoiceWizStrategy@@QEAAAEAV0@$$QEAV0@@Z
??4ChoiceWizStrategy@@QEAAAEAV0@AEBV0@@Z
??4ICreateNavbarWnd@@QEAAAEAV0@AEBV0@@Z
??4ICreateProgressWnd@@QEAAAEAV0@AEBV0@@Z
??4IResourceModuleEvent@@QEAAAEAU0@$$QEAU0@@Z
??4IResourceModuleEvent@@QEAAAEAU0@AEBU0@@Z
??4LanguageNeutralSelectionDialogBase@@QEAAAEAV0@AEBV0@@Z
??4LanguageSelectionDialogBase@@QEAAAEAV0@AEBV0@@Z
??4MyString@@QEAAAEAV0@$$QEAV0@@Z
??4MyString@@QEAAAEAV0@AEBV0@@Z
??4NavWindow@@QEAAAEAV0@AEBV0@@Z
??4NavigationStack@@QEAAAEAV0@AEBV0@@Z
??4Navigator@@QEAAAEAV0@AEBV0@@Z
??4PIDStringView@@QEAAAEAV0@AEBV0@@Z
??4PageContainer@@QEAAAEAV0@AEBV0@@Z
??4PageDef@@QEAAAEAU0@$$QEAU0@@Z
??4PageDef@@QEAAAEAU0@AEBU0@@Z
??4ProgressCreateStruct@@QEAAAEAU0@$$QEAU0@@Z
??4ProgressCreateStruct@@QEAAAEAU0@AEBU0@@Z
??4ProtoPageDimensions@@QEAAAEAU0@$$QEAU0@@Z
??4ProtoPageDimensions@@QEAAAEAU0@AEBU0@@Z
??4ProtoPageList@@QEAAAEAV0@AEBV0@@Z
??4ScrWindow@@QEAAAEAV0@AEBV0@@Z
??4SimpleDialogBase@@QEAAAEAV0@$$QEAV0@@Z
??4SimpleDialogBase@@QEAAAEAV0@AEBV0@@Z
??4SimpleRect@@QEAAAEAU0@$$QEAU0@@Z
??4SimpleRect@@QEAAAEAU0@AEBU0@@Z
??4SimpleSize@@QEAAAEAU0@$$QEAU0@@Z
??4SimpleSize@@QEAAAEAU0@AEBU0@@Z
??4SimpleWizStrategy@@QEAAAEAV0@$$QEAV0@@Z
??4SimpleWizStrategy@@QEAAAEAV0@AEBV0@@Z
??4SummaryWizStrategy@@QEAAAEAV0@$$QEAV0@@Z
??4SummaryWizStrategy@@QEAAAEAV0@AEBV0@@Z
??4Win32Navigator@@QEAAAEAV0@AEBV0@@Z
??4Wiz_Node@@QEAAAEAV0@AEBV0@@Z
??4WizardBranch@@QEAAAEAV0@$$QEAV0@@Z
??4WizardBranch@@QEAAAEAV0@AEBV0@@Z
??4WizardCollection@@QEAAAEAV0@$$QEAV0@@Z
??4WizardCollection@@QEAAAEAV0@AEBV0@@Z
??4WizardDesciption@@QEAAAEAV0@$$QEAV0@@Z
??4WizardDesciption@@QEAAAEAV0@AEBV0@@Z
??4WizardDialogPost@@QEAAAEAV0@$$QEAV0@@Z
??4WizardDialogPost@@QEAAAEAV0@AEBV0@@Z
??4WizardDialogPre@@QEAAAEAV0@$$QEAV0@@Z
??4WizardDialogPre@@QEAAAEAV0@AEBV0@@Z
??4WizardEx@@QEAAAEAV0@AEBV0@@Z
??4WizardHandler@@QEAAAEAV0@$$QEAV0@@Z
??4WizardHandler@@QEAAAEAV0@AEBV0@@Z
??4WizardNode@@QEAAAEAV0@AEBV0@@Z
??4WizardPage@@QEAAAEAV0@AEBV0@@Z
??4WizardRoot@@QEAAAEAV0@AEBV0@@Z
??4WizardStrategy@@QEAAAEAV0@AEBV0@@Z
??4WizardSummary@@QEAAAEAV0@$$QEAV0@@Z
??4WizardSummary@@QEAAAEAV0@AEBV0@@Z
??4WizardUI@@QEAAAEAV0@AEBV0@@Z
??4Wizard_PageDesciption@@QEAAAEAV0@AEBV0@@Z
??A?$CSimpleArray@PEAGV?$CSimpleArrayEqualHelper@PEAG@ATL@@@ATL@@QEAAAEAPEAGH@Z
??A?$CSimpleArray@PEAGV?$CSimpleArrayEqualHelper@PEAG@ATL@@@ATL@@QEBAAEBQEAGH@Z
??A?$CSimpleArray@PEAUIResourceModuleEvent@@V?$CSimpleArrayEqualHelper@PEAUIResourceModuleEvent@@@ATL@@@ATL@@QEAAAEAPEAUIResourceModuleEvent@@H@Z
??A?$CSimpleArray@PEAUIResourceModuleEvent@@V?$CSimpleArrayEqualHelper@PEAUIResourceModuleEvent@@@ATL@@@ATL@@QEBAAEBQEAUIResourceModuleEvent@@H@Z
??A?$CSimpleArray@PEAUKEYBOARD@@V?$CSimpleArrayEqualHelper@PEAUKEYBOARD@@@ATL@@@ATL@@QEAAAEAPEAUKEYBOARD@@H@Z
??A?$CSimpleArray@PEAUKEYBOARD@@V?$CSimpleArrayEqualHelper@PEAUKEYBOARD@@@ATL@@@ATL@@QEBAAEBQEAUKEYBOARD@@H@Z
??A?$CSimpleArray@PEAULANGUAGE@@V?$CSimpleArrayEqualHelper@PEAULANGUAGE@@@ATL@@@ATL@@QEAAAEAPEAULANGUAGE@@H@Z
??A?$CSimpleArray@PEAULANGUAGE@@V?$CSimpleArrayEqualHelper@PEAULANGUAGE@@@ATL@@@ATL@@QEBAAEBQEAULANGUAGE@@H@Z
??A?$CSimpleArray@PEAULOCALE@@V?$CSimpleArrayEqualHelper@PEAULOCALE@@@ATL@@@ATL@@QEAAAEAPEAULOCALE@@H@Z
??A?$CSimpleArray@PEAULOCALE@@V?$CSimpleArrayEqualHelper@PEAULOCALE@@@ATL@@@ATL@@QEBAAEBQEAULOCALE@@H@Z
??A?$CSimpleStringT@G$0A@@ATL@@QEBAGH@Z
??B?$CSimpleStringT@G$0A@@ATL@@QEAAAEAV?$CSimpleStringT@G$00@1@XZ
??B?$CSimpleStringT@G$0A@@ATL@@QEBAPEBGXZ
??B?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV?$CSimpleStringT@G$00@1@XZ
??Y?$CSimpleStringT@G$0A@@ATL@@QEAAAEAV01@AEBV01@@Z
??Y?$CSimpleStringT@G$0A@@ATL@@QEAAAEAV01@D@Z
??Y?$CSimpleStringT@G$0A@@ATL@@QEAAAEAV01@E@Z
??Y?$CSimpleStringT@G$0A@@ATL@@QEAAAEAV01@G@Z
??Y?$CSimpleStringT@G$0A@@ATL@@QEAAAEAV01@PEBG@Z
??Y?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@AEBUtagVARIANT@@@Z
??Y?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@AEBV?$CSimpleStringT@G$0A@@1@@Z
??Y?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@D@Z
??Y?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@E@Z
??Y?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@G@Z
??Y?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@PEBD@Z
??Y?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@PEBG@Z
??_7AppWindow@@6BIWndObj@@@
??_7AppWindow@@6BIWndProp@@@
??_7BranchWizStrategy@@6B@
??_7CAnimation@@6B@
??_7CAnimationControl@@6B@
??_7CAttachDataDlg@@6B@
??_7CCritSec@@6B@
??_7CCtlText@@6B@
??_7CCursor@@6B@
??_7CCustomButtonEx@@6B@
??_7CCustomGraphicEx@@6B@
??_7CDrawBackground@@6B@
??_7CDrawItem@@6B@
??_7CDrawItemComposite@@6B@
??_7CGenericNavWindow@@6B@
??_7CHighContrast@@6B@
??_7CScreenDIB@@6B@
??_7CScreenText@@6B@
??_7CWndObj@@6BIWndObj@@@
??_7CWndObj@@6BIWndProp@@@
??_7ChoiceWizStrategy@@6B@
??_7ICreateNavbarWnd@@6B@
??_7ICreateProgressWnd@@6B@
??_7IResourceModuleEvent@@6B@
??_7LanguageNeutralSelectionDialogBase@@6B@
??_7LanguageSelectionDialogBase@@6B@
??_7NavWindow@@6B@
??_7NavigationStack@@6B@
??_7Navigator@@6B@
??_7PIDStringView@@6B@
??_7PageContainer@@6B@
??_7ScrWindow@@6BIWndObj@@@
??_7ScrWindow@@6BIWndProp@@@
??_7SimpleDialogBase@@6B@
??_7SimpleWizStrategy@@6B@
??_7SummaryWizStrategy@@6B@
??_7VariationWizStrategy@@6B@
??_7Win32Navigator@@6B@
??_7Wiz_Node@@6B@
??_7WizardBranch@@6B@
??_7WizardCollection@@6B@
??_7WizardDesciption@@6B@
??_7WizardDialogPost@@6B@
??_7WizardDialogPre@@6B@
??_7WizardEx@@6BINavigationNode@@@
??_7WizardEx@@6BWizardNode@@@
??_7WizardHandler@@6B@
??_7WizardNode@@6B@
??_7WizardPage@@6B@
??_7WizardRoot@@6B@
??_7WizardStrategy@@6B@
??_7WizardSummary@@6B@
??_7WizardVariation@@6B@
??_7Wizard_PageDesciption@@6B@
?Add@?$CSimpleArray@PEAGV?$CSimpleArrayEqualHelper@PEAG@ATL@@@ATL@@QEAAHAEBQEAG@Z
?Add@?$CSimpleArray@PEAUIResourceModuleEvent@@V?$CSimpleArrayEqualHelper@PEAUIResourceModuleEvent@@@ATL@@@ATL@@QEAAHAEBQEAUIResourceModuleEvent@@@Z
?Add@?$CSimpleArray@PEAUKEYBOARD@@V?$CSimpleArrayEqualHelper@PEAUKEYBOARD@@@ATL@@@ATL@@QEAAHAEBQEAUKEYBOARD@@@Z
?Add@?$CSimpleArray@PEAULANGUAGE@@V?$CSimpleArrayEqualHelper@PEAULANGUAGE@@@ATL@@@ATL@@QEAAHAEBQEAULANGUAGE@@@Z
?Add@?$CSimpleArray@PEAULOCALE@@V?$CSimpleArrayEqualHelper@PEAULOCALE@@@ATL@@@ATL@@QEAAHAEBQEAULOCALE@@@Z
?AddItem@CDrawItemComposite@@QEAAXPEAVCDrawItem@@@Z
?AddPage@PageContainer@@QEAAXPEAVWizardPage@@@Z
?AddPage@WizardUI@@QEAAHPEAVWizardPage@@@Z
?AddRef@CWndObj@@UEAAKXZ
?AllocSysString@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEBAPEAGXZ
?Append@?$CSimpleStringT@G$0A@@ATL@@QEAAXAEBV12@@Z
?Append@?$CSimpleStringT@G$0A@@ATL@@QEAAXPEBG@Z
?Append@?$CSimpleStringT@G$0A@@ATL@@QEAAXPEBGH@Z
?AppendChar@?$CSimpleStringT@G$0A@@ATL@@QEAAXG@Z
?AppendFormat@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAXIZZ
?AppendFormat@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAXPEBGZZ
?AppendFormatV@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAXPEBGPEAD@Z
?Attach@?$CSimpleStringT@G$0A@@ATL@@AEAAXPEAUCStringData@2@@Z
?Back@Navigator@@UEAAPEAVWizardPage@@PEAVWizardNode@@@Z
?Back@WizardEx@@UEAAPEAVWizardPage@@PEAVWizardNode@@@Z
?BlendNormal32@CDIB@@CAXPEAV1@0@Z
?ButtonContinue@WizardHandler@@QEAAPEAVCCustomButtonEx@@XZ
?ButtonContinue@WizardRoot@@QEAAAEAPEAVCCustomButtonEx@@XZ
?ButtonFinish@WizardHandler@@QEAAPEAVCCustomButtonEx@@XZ
?ButtonFinish@WizardRoot@@QEAAAEAPEAVCCustomButtonEx@@XZ
?CStringExpandEnvironmentStrings@@YA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@V12@@Z
?CStringGetModuleFileName@@YA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@PEAUHINSTANCE__@@@Z
?CStringGetPrivateProfileString@@YA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@PEBG000@Z
?CStringGetWindowText@@YA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@PEAUHWND__@@@Z
?CStringGetWindowsDirectory@@YA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@XZ
?CalcAppSize@WizardUI@@AEAAXXZ
?CanPageBeActivated@LanguageNeutralSelectionDialogBase@@UEAAHW4Direction@@PEAH@Z
?CanPageBeActivated@LanguageSelectionDialogBase@@UEAAHW4Direction@@PEAH@Z
?CanPageBeActivated@WizardHandler@@EEAAHW4Direction@@PEAH@Z
?CanPageBeActivated@WizardRoot@@UEAAHW4Direction@@PEAH@Z
?CanPageBeActivatedWrapper@WizardHandler@@QEAAHW4Direction@@PEAH@Z
?Cancel@Navigator@@UEAAPEAVWizardPage@@XZ
?CenterApp@WizardUI@@AEAAXPEAUHWND__@@UtagRECT@@@Z
?ChangeUiLanguage@CResourceModule@@SAHPEBG@Z
?CharToOemA@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAXXZ
?CheckImplicitLoad@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@AEAA_NPEBX@Z
?ClearCursorWait@CCursor@@QEAAXXZ
?ClearString@MyString@@QEAAXXZ
?ClearString@PIDStringView@@QEAAXXZ
?CloneData@?$CSimpleStringT@G$0A@@ATL@@CAPEAUCStringData@2@PEAU32@@Z
?Collate@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEBAHPEBG@Z
?CollateNoCase@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEBAHPEBG@Z
?CommandHandled@WizardRoot@@QEAAAEAHXZ
?Compare@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEBAHPEBG@Z
?CompareNoCase@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEBAHPEBG@Z
?ComposeOffscreen@CDrawItem@@UEAAXPEAUHWND__@@@Z
?ComposeOffscreen@CDrawItemComposite@@UEAAXPEAUHWND__@@@Z
?ComposeOffscreen@CScreenText@@UEAAXPEAUHWND__@@@Z
?Concatenate@?$CSimpleStringT@G$0A@@ATL@@KAXAEAV12@PEBGH1H@Z
?Construct@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@SAXPEAV12@@Z
?ConvertColorKeyToAlpha@CDIB@@QEAAXXZ
?CopyChars@?$CSimpleStringT@G$0A@@ATL@@SAXPEAGPEBGH@Z
?CopyChars@?$CSimpleStringT@G$0A@@ATL@@SAXPEAG_KPEBGH@Z
?CopyCharsOverlapped@?$CSimpleStringT@G$0A@@ATL@@SAXPEAGPEBGH@Z
?CopyCharsOverlapped@?$CSimpleStringT@G$0A@@ATL@@SAXPEAG_KPEBGH@Z
?Create@CCustomButtonEx@@SAPEAV1@PEAUHINSTANCE__@@0PEAUHWND__@@@Z
?Create@CCustomButtonEx@@SAPEAV1@PEAUHINSTANCE__@@0PEAUHWND__@@I@Z
?Create@CCustomButtonEx@@SAPEAV1@PEAUHINSTANCE__@@0PEAUHWND__@@IPEAUHDC__@@1@Z
?Create@CCustomButtonEx@@SAPEAV1@PEAUHINSTANCE__@@0PEAUHWND__@@PEAUHDC__@@1@Z
?CreateAppWindow@WizardUI@@AEAAXXZ
?CreateEx@CCustomButtonEx@@SAPEAV1@PEAUHINSTANCE__@@0PEAUHWND__@@IQEAU_Button_Data@@PEAUHDC__@@1@Z
?CreateEx@CCustomButtonEx@@SAPEAV1@PEAUHINSTANCE__@@0PEAUHWND__@@QEAU_Button_Data@@PEAUHDC__@@1@Z
?CreateFromHwnd@CDIB@@QEAAHPEAUHWND__@@@Z
?CreateIndirect@CCustomButtonEx@@SAPEAV1@PEAUHINSTANCE__@@0PEAUHWND__@@IQEAU_Button_Data@@@Z
?CreateIndirect@CCustomButtonEx@@SAPEAV1@PEAUHINSTANCE__@@0PEAUHWND__@@QEAU_Button_Data@@@Z
?CreateNavWindow@WizardUI@@AEAAHXZ
?CreateNode@WizardBranch@@UEAAPEAVWizardNode@@IPEAVWizardEx@@PEAVWizardUI@@@Z
?CreateNode@WizardDesciption@@UEAAPEAVWizardNode@@IPEAVWizardEx@@PEAVWizardUI@@@Z
?CreateNode@WizardSummary@@UEAAPEAVWizardNode@@IPEAVWizardEx@@PEAVWizardUI@@@Z
?CreateNode@WizardVariation@@UEAAPEAVWizardNode@@IPEAVWizardEx@@PEAVWizardUI@@@Z
?CreateNode@Wizard_PageDesciption@@UEAAPEAVWizardNode@@IPEAVWizardEx@@PEAVWizardUI@@@Z
?CreateNodeHelper@WizardCollection@@QEAAPEAVWizardEx@@IPEAV2@PEAVWizardUI@@@Z
?CreateProgressWindow@WizardUI@@AEAAHXZ
?CreatePropertySheet@WizardUI@@AEAAXXZ
?CreateScrWindow@WizardUI@@AEAAXXZ
?CreateWindows@WizardUI@@AEAAXXZ
?Delete@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAHHH@Z
?DeleteBackground@WizardUI@@CAXXZ
?Destroy@CCustomButtonEx@@SAXPEAV1@@Z
?DestroyAllStandardButtons@WizardRoot@@QEAAXXZ
?DestroyAppWindow@WizardUI@@AEAAXXZ
?DestroyDialog@CAttachDataDlg@@QEAAXI_K_J@Z
?DestroyDialog@CGenericNavWindow@@AEAAXXZ
?DestroyNavWindow@WizardUI@@AEAAXXZ
?DestroyProgressWindow@WizardUI@@AEAAXXZ
?DestroyPropertySheet@WizardUI@@AEAAXXZ
?DestroyScrWindow@WizardUI@@AEAAXXZ
?DestroyStandardButton@WizardRoot@@QEAAXPEAVCCustomButtonEx@@@Z
?DestroyWindows@WizardUI@@AEAAXXZ
?DibHeight@CDIB@@QEBAJXZ
?DibWidth@CDIB@@QEBAJXZ
?DoCancel@Win32Navigator@@UEAAXXZ
?DoGoToPageIndex@Win32Navigator@@UEAAXH@Z
?Draw@CAnimation@@UEAAHPEAUHDC__@@@Z
?Draw@CDIB@@QEAAHPEAUHDC__@@HH@Z
?Draw@CDIB@@QEAAHPEAUHDC__@@HHUtagRECT@@@Z
?Draw@CDrawBackground@@UEAAHPEAUHDC__@@@Z
?Draw@CDrawItem@@QEAAHPEAUHWND__@@@Z
Sections
.text Size: 301KB - Virtual size: 300KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 178KB - Virtual size: 178KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 140KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
systemcpl/systemcpl.dll.dll windows:10 windows x64 arch:x64
a7529c8263e5fbe018ddc35610af7ee9
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
systemcpl.pdb
Imports
msvcrt
memcpy
memcmp
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
memmove_s
_vsnprintf_s
_purecall
wcsstr
memcpy_s
_vsnwprintf
memset
shell32
SHCreateItemInKnownFolder
SHGetIDListFromObject
ShellExecuteExW
SHParseDisplayName
ord155
SHGetStockIconInfo
ord25
SHBindToObject
ord18
ShellExecuteW
shlwapi
ord456
PathRemoveBlanksW
StrFormatByteSizeEx
ord199
ord172
PathFileExistsW
ord460
ord618
ord256
ord437
SHRegGetValueW
ord176
ord16
ord219
PathIsUNCW
PathSkipRootW
ord156
ord24
ord514
ord168
SHStrDupW
PathFindFileNameW
ord174
ord204
ord158
api-ms-win-core-libraryloader-l1-2-0
DisableThreadLibraryCalls
GetModuleFileNameW
GetModuleHandleW
GetModuleHandleExW
LoadLibraryExW
GetModuleFileNameA
FreeLibrary
LoadStringW
GetProcAddress
api-ms-win-core-synch-l1-1-0
CreateEventW
WaitForSingleObjectEx
InitializeCriticalSection
OpenSemaphoreW
SetEvent
CreateSemaphoreExW
DeleteCriticalSection
ReleaseSRWLockShared
AcquireSRWLockShared
EnterCriticalSection
LeaveCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
ReleaseMutex
ResetEvent
WaitForSingleObject
CreateMutexExW
ReleaseSemaphore
api-ms-win-core-heap-l1-1-0
GetProcessHeap
HeapAlloc
HeapFree
api-ms-win-core-errorhandling-l1-1-0
UnhandledExceptionFilter
GetLastError
SetLastError
SetUnhandledExceptionFilter
api-ms-win-core-processthreads-l1-1-0
TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-debug-l1-1-0
DebugBreak
IsDebuggerPresent
OutputDebugStringW
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-com-l1-1-0
CoCreateInstance
CoTaskMemFree
CoSetProxyBlanket
CoUninitialize
CoInitializeEx
api-ms-win-core-synch-l1-2-1
WaitForMultipleObjects
api-ms-win-eventing-provider-l1-1-0
EventRegister
EventUnregister
EventWriteTransfer
EventSetInformation
api-ms-win-core-registry-l1-1-0
RegGetValueW
RegOpenKeyExW
RegCloseKey
api-ms-win-core-heap-l2-1-0
LocalFree
LocalAlloc
oleaut32
SysFreeString
SysAllocString
VariantClear
api-ms-win-core-threadpool-l1-2-0
CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
api-ms-win-core-sysinfo-l1-1-0
GetVersionExW
GetComputerNameExW
GetTickCount
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
api-ms-win-core-string-l1-1-0
CompareStringW
CompareStringOrdinal
api-ms-win-core-file-l1-1-0
CreateFileW
ReadFile
GetFileSizeEx
api-ms-win-core-synch-l1-2-0
Sleep
InitOnceComplete
InitOnceBeginInitialize
srvcli
NetServerGetInfo
netutils
NetApiBufferFree
dsrole
DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory
api-ms-win-core-sysinfo-l1-2-1
GetPhysicallyInstalledSystemMemory
api-ms-win-core-rtlsupport-l1-1-0
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
winbrand
GetEULAInCurrentUILanguage
BrandingLoadString
BrandingLoadBitmap
BrandingLoadImage
EulaFreeBuffer
kernel32
UnregisterWaitEx
lstrlenW
RegisterWaitForSingleObject
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
lstrcmpiW
ntdll
WinSqmAddToStream
EtwLogTraceEvent
slc
SLGetWindowsInformationDWORD
SLUnregisterEvent
SLRegisterEvent
SLClose
SLGetPKeyInformation
SLGetSLIDList
SLGetLicensingStatusInformation
SLOpen
SLGetProductSkuInformation
SLGetWindowsInformation
SLIsWindowsGenuineLocal
dui70
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z
?CreateGraphic@Value@DirectUI@@SAPEAV12@PEAUHBITMAP__@@EI_N11@Z
StrToID
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
?EndDefer@Element@DirectUI@@QEAAXK@Z
?StartDefer@Element@DirectUI@@QEAAXPEAK@Z
?ContentProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?SetValue@Element@DirectUI@@QEAAJP6APEBUPropertyInfo@2@XZHPEAVValue@2@@Z
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
?Click@Button@DirectUI@@SA?AVUID@@XZ
?SetEnabled@Element@DirectUI@@QEAAJ_N@Z
?SetAccValue@Element@DirectUI@@QEAAJPEBG@Z
?SetAccName@Element@DirectUI@@QEAAJPEBG@Z
?SetContentString@Element@DirectUI@@QEAAJPEBG@Z
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?GetID@Element@DirectUI@@QEAAGXZ
?Release@Value@DirectUI@@QEAAXXZ
?Initialize@Element@DirectUI@@QEAAJIPEAV12@PEAK@Z
??0Element@DirectUI@@QEAA@XZ
??1Element@DirectUI@@UEAA@XZ
?OnDestroy@Element@DirectUI@@UEAAXXZ
?OnEvent@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?GetFactoryLock@Element@DirectUI@@SAPEAU_RTL_CRITICAL_SECTION@@XZ
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?ClassExist@ClassInfoBase@DirectUI@@SA_NPEAPEAUIClassInfo@2@PEBQEBUPropertyInfo@2@IPEAU32@PEAUHINSTANCE__@@PEBG_N@Z
?Register@ClassInfoBase@DirectUI@@QEAAJXZ
?Initialize@ClassInfoBase@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG_NPEBQEBUPropertyInfo@2@I@Z
??0ClassInfoBase@DirectUI@@QEAA@XZ
??1ClassInfoBase@DirectUI@@UEAA@XZ
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnGroupChanged@Element@DirectUI@@UEAAXH_N@Z
?OnInput@Element@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?Paint@Element@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?SetKeyFocus@Element@DirectUI@@UEAAXXZ
?AddBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?RemoveBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?Add@Element@DirectUI@@QEAAJPEAV12@@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UEAAXPEAUtagRECT@@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?OnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?OnUnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?GetAccessibleImpl@Element@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?GetUIAElementProvider@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?GetUiaFocusDelegate@Element@DirectUI@@UEAAPEAV12@XZ
?AddRef@ClassInfoBase@DirectUI@@UEAAXXZ
?Release@ClassInfoBase@DirectUI@@UEAAHXZ
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?GetByClassIndex@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?GetPICount@ClassInfoBase@DirectUI@@UEBAIXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UEBAIXZ
?GetName@ClassInfoBase@DirectUI@@UEBAPEBGXZ
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?GetAtomZero@Value@DirectUI@@SAPEAV12@XZ
?GetUnset@Value@DirectUI@@SAPEAV12@XZ
?SetActive@Element@DirectUI@@QEAAJH@Z
?GetStringNull@Value@DirectUI@@SAPEAV12@XZ
?Register@Element@DirectUI@@SAJXZ
?GetString@Value@DirectUI@@QEAAPEBGXZ
?GetClassInfoPtr@Element@DirectUI@@SAPEAUIClassInfo@2@XZ
?CreateXBaby@XProvider@DirectUI@@UEAAJPEAVIXElementCP@2@PEAUHWND__@@PEAVElement@2@PEAKPEAPEAUIXBaby@2@@Z
?SetButtonClassAcceptsEnterKey@XProvider@DirectUI@@UEAAJ_N@Z
?SetRegisteredDefaultButton@XProvider@DirectUI@@UEAAJPEAVElement@2@@Z
?ClickDefaultButton@XProvider@DirectUI@@UEAAHXZ
?ForceThemeChange@XProvider@DirectUI@@UEAAJ_K_J@Z
?GetHostedElementID@XProvider@DirectUI@@UEAAJPEAG@Z
?FindElementWithShortcutAndDoDefaultAction@XProvider@DirectUI@@UEAAHGH@Z
?CanSetFocus@XProvider@DirectUI@@UEAAJPEA_N@Z
?Navigate@XProvider@DirectUI@@UEAAJHPEA_N@Z
?SetFocus@XProvider@DirectUI@@UEAAJPEAVElement@2@@Z
?IsDescendent@XProvider@DirectUI@@UEAAJPEAVElement@2@PEA_N@Z
?GetDesiredSize@XProvider@DirectUI@@UEAAJHHPEAUtagSIZE@@@Z
?SetParameter@XProvider@DirectUI@@UEAAJAEBU_GUID@@PEAX@Z
?AddRef@XProvider@DirectUI@@UEAAKXZ
?GetClassInfoPtr@HWNDElement@DirectUI@@SAPEAUIClassInfo@2@XZ
?SetDefaultButtonTracking@XProvider@DirectUI@@UEAAJ_N@Z
?SetHandleEnterKey@XProvider@DirectUI@@IEAAX_N@Z
?CreateDUI@XProvider@DirectUI@@UEAAJPEAVIXElementCP@2@PEAPEAUHWND__@@@Z
?GetRoot@XProvider@DirectUI@@IEAAPEAVElement@2@XZ
?IsValidProperty@ClassInfoBase@DirectUI@@UEBA_NPEBUPropertyInfo@2@@Z
?MessageCallback@Element@DirectUI@@UEAAIPEAUtagGMSG@@@Z
??0CritSecLock@DirectUI@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
?Initialize@XProvider@DirectUI@@QEAAJPEAVElement@2@PEAVIXProviderCP@2@@Z
?Create@XResourceProvider@DirectUI@@SAJPEAUHINSTANCE__@@PEBG11PEAPEAV12@@Z
?QueryInterface@XProvider@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
??1XProvider@DirectUI@@UEAA@XZ
??0XProvider@DirectUI@@QEAA@XZ
?GetChildren@Element@DirectUI@@QEAAPEAV?$DynamicArray@PEAVElement@DirectUI@@$0A@@2@PEAPEAVValue@2@@Z
?Init@NavReference@DirectUI@@QEAAXPEAVElement@2@PEAUtagRECT@@@Z
?GetAtom@Value@DirectUI@@QEAAGXZ
?GetValue@Element@DirectUI@@QEAAPEAVValue@2@PEBUPropertyInfo@2@HPEAUUpdateCache@2@@Z
UnInitThread
UnInitProcessPriv
InitThread
InitProcessPriv
?Destroy@Element@DirectUI@@QEAAJ_N@Z
??1CritSecLock@DirectUI@@QEAA@XZ
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
?UpdateTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?ActivateTooltip@Element@DirectUI@@MEAAXPEAV12@K@Z
?RemoveTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?GetKeyFocused@Element@DirectUI@@UEAA_NXZ
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UEBAXXZ
?GetChildren@ClassInfoBase@DirectUI@@UEBAHXZ
?RemoveChild@ClassInfoBase@DirectUI@@UEAAXXZ
?AddChild@ClassInfoBase@DirectUI@@UEAAXXZ
?IsGlobal@ClassInfoBase@DirectUI@@UEBA_NXZ
?GetModule@ClassInfoBase@DirectUI@@UEBAPEAUHINSTANCE__@@XZ
?IsSubclassOf@ClassInfoBase@DirectUI@@UEBA_NPEAUIClassInfo@2@@Z
gdi32
GetDeviceCaps
DeleteObject
GetObjectW
user32
GetDC
EndDialog
SetWindowTextW
GetDlgItem
ord2517
PostMessageW
SendMessageW
DialogBoxParamW
GetSystemMetrics
LoadImageW
ReleaseDC
SetCursor
LoadCursorW
DestroyIcon
GetFocus
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
DllCanUnloadNow
DllGetClassObject
Sections
.text Size: 85KB - Virtual size: 84KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 38KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ