Windows 10 DLL File Information - tdh.dll |
The following DLL report was generated by automatic DLL script that scanned and loaded all DLL files in the system32 directory of Windows 10, extracted the information from them, and then saved it into HTML reports. If you want to view a report of another DLL, go to the main page of this Web site.
General Information
File Description: | Event Trace Helper Library |
File Version: | 10.0.10130.0 (fbl_impressive.150522-2224) |
Company: | Microsoft Corporation |
Product Name: | Microsoft® Windows® Operating System |
DLL popularity | Low - 13 other DLL files in system32 directory are statically linked to this file. |
File Size: | 758 KB |
Total Number of Exported Functions: | 33 |
Total Number of Exported Functions With Names: | 33 |
Section Headers
Name | Virtual Address | Raw Data Size | % of File | Characteristics | Section Contains... |
---|---|---|---|---|---|
.text | 0x00001000 | 641,024 Bytes | 82.5% | Read, Execute | Code |
.data | 0x0009e000 | 91,136 Bytes | 11.7% | Write, Read | Initialized Data |
.idata | 0x000b8000 | 7,168 Bytes | 0.9% | Read | Initialized Data |
.didat | 0x000ba000 | 512 Bytes | 0.1% | Write, Read | Initialized Data |
.rsrc | 0x000bb000 | 1,536 Bytes | 0.2% | Read | Initialized Data |
.reloc | 0x000bc000 | 34,304 Bytes | 4.4% | Read, Discardable | Initialized Data |
Static Linking
tdh.dll is statically linked to the following files:msvcrt.dll
ntdll.dll
api-ms-win-core-heap-l1-2-0.dll
api-ms-win-core-synch-l1-2-0.dll
api-ms-win-core-heap-l2-1-0.dll
api-ms-win-core-libraryloader-l1-2-0.dll
api-ms-win-core-processthreads-l1-1-2.dll
api-ms-win-core-registry-l1-1-0.dll
api-ms-win-core-wow64-l1-1-0.dll
api-ms-win-core-localization-l1-2-1.dll
api-ms-win-core-errorhandling-l1-1-1.dll
api-ms-win-core-processenvironment-l1-2-0.dll
api-ms-win-core-file-l1-2-1.dll
api-ms-win-core-memory-l1-1-2.dll
api-ms-win-core-debug-l1-1-1.dll
api-ms-win-core-profile-l1-1-0.dll
api-ms-win-core-sysinfo-l1-2-1.dll
SECHOST.dll
api-ms-win-core-handle-l1-1-0.dll
api-ms-win-core-string-l1-1-0.dll
api-ms-win-core-timezone-l1-1-0.dll
api-ms-win-security-base-l1-2-0.dll
api-ms-win-core-datetime-l1-1-1.dll
api-ms-win-core-interlocked-l1-2-0.dll
api-ms-win-eventing-controller-l1-1-0.dll
api-ms-win-eventing-classicprovider-l1-1-0.dll
api-ms-win-eventing-consumer-l1-1-0.dll
api-ms-win-core-delayload-l1-1-1.dll
api-ms-win-security-lsalookup-l1-1-1.dll
This means that when tdh.dll is loaded, the above files are automatically loaded too. If one of these files is corrupted or missing, tdh.dll won't be loaded.
General Resources Information
Resource Type | Number of Items | Total Size | % of File |
---|---|---|---|
Icons | 0 | 0 Bytes | 0.0% |
Animated Icons | 0 | 0 Bytes | 0.0% |
Cursors | 0 | 0 Bytes | 0.0% |
Animated Cursors | 0 | 0 Bytes | 0.0% |
Bitmaps | 0 | 0 Bytes | 0.0% |
AVI Files | 0 | 0 Bytes | 0.0% |
Dialog-Boxes | 0 | 0 Bytes | 0.0% |
HTML Related Files | 3 | 75,525 Bytes | 9.7% |
Menus | 0 | 0 Bytes | 0.0% |
Strings | 153 | 29,582 Bytes | 3.8% |
Type Libraries | 0 | 0 Bytes | 0.0% |
Manifest | 0 | 0 Bytes | 0.0% |
All Others | 2 | 1,120 Bytes | 0.1% |
Total | 158 | 106,227 Bytes | 13.7% |
Icons in this file
No icons found in this file
Cursors in this file
No cursors found in this file
Dialog-boxes list (up to 1000 dialogs)
No dialog resources in this file.
String resources in this dll (up to 1000 strings)
String ID | String Text |
---|---|
61185 | Not found : '%1'. |
61186 | MessageId not found in string table : '%1'. |
61187 | Duplicate string Id specified : '%1'. |
61188 | For Provider '%1' attribute resourceFileName is required. |
61189 | For Provider '%1' attribute messageFileName is required. |
61190 | Provider '%1', parameter file name cannot be specified without a message file name. |
61191 | Duplicate provider name specified : '%1'. |
61192 | Duplicate provider GUID '%1' in provider : '%2'. |
61193 | Duplicate provider symbol specified : '%1'. |
61194 | Invalid value %1!u!(0x%1!x!) specified for level '%2'. Values 0 thru 15 are reserved. |
61195 | Duplicate level name used : '%1'. |
61196 | Duplicate level value %1!u!(0x%1!x!) used in level : '%2'. |
61197 | Duplicate level symbol used : '%1'. |
61198 | Invalid value %1!u!(0x%1!x!) specified for task '%2'. Value 0 is reserved. |
61199 | Duplicate task name used : '%1'. |
61200 | Duplicate task value %1!u!(0x%1!x!) used in task : '%2'. |
61201 | Duplicate task symbol used : '%1'. |
61202 | Duplicate event guid '%1' used for task '%2'. |
61203 | Invalid value %1!u!(0x%1!x!) specified for opcode '%2'. Opcode values should be between 10 and 239. |
61204 | Duplicate opcode name used : '%1'. |
61205 | Duplicate opcode value %1!u!(0x%1!x!) used in opcode : '%2'. |
61206 | Duplicate opcode symbol used : '%1'. |
61207 | Invalid value %1!u!(0x%1!x!) specified for channel '%2'. Values for user-defined channels should be between 16 and 255. |
61209 | Channel '%1' is the 9th channel for this provider. Only 8 channels allowed for one provider. |
61210 | Duplicate channel Id '%1' used in channel '%2'. |
61211 | Duplicate channel name used : '%1'. Channel names are case-insensitive. |
61212 | Duplicate channel value %1!u!(0x%1!x!) used in channel '%2'. |
61213 | Duplicate channel symbol '%1' used for channel '%2'. |
61216 | Duplicate property name : '%1' specified within template - '%2'. |
61217 | For property '%1', property '%2' referenced by attribute count was not found. |
61218 | For property '%1', property '%2' referenced by attribute length was not found.. |
61219 | For property '%1', property '%2' referenced by attribute count is a struct. |
61220 | For property '%1', property '%2' referenced by attribute length is a struct. |
61221 | For property '%1', with inType win:Binary, length must be specified. |
61222 | For property '%1', length is not allowed for the given inType. |
61224 | For event '%1', with Id %2!u!(0x%2!x!), too many keywords specified. Maximum keywords allowed is 48. |
61225 | For event '%1', Id %2!u!(0x%2!x!) was specified which is bigger than USHORT. |
61226 | Two events have the same Id %1!u!(0x%1!x!) and Version %2!u!(0x%2!x!). |
61227 | Duplicate event symbol used : '%1'. |
61228 | For event '%1', with Id %2!u!(0x%2!x!), win:EventlogClassic keyword is not allowed with any other keyword. |
61229 | For event '%1', with Id %2!u!(0x%2!x!), version attribute is not allowed. |
61231 | For event '%1', with Id %2!u!(0x%2!x!), channel attribute is not allowed. |
61233 | For event '%1', with Id %2!u!(0x%2!x!), opcode attribute is not allowed. |
61234 | For keyword '%1', 'mask' attribute is invalid. One and only one bit should be set. |
61235 | For keyword '%1', with mask 0x%2!I64x!, mask bit can only be one of the low 48 bits. |
61236 | Duplicate keyword name used: '%1'. |
61237 | Duplicate keyword mask 0x%1!I64x! used in keyword '%2'. |
61238 | Duplicate keyword symbol '%1' used in keyword '%2'. |
61239 | Duplicate template Id '%1' used. |
61241 | Failed to load msxml6.dll. Please ensure that MSXML 6.0 is installed on the system and try again. |
61242 | Failed to CoCreate Schema cache. |
61243 | Failed trying to add schema file to cache. |
61244 | Failed to add schema to schema collection. |
61245 | Failed to set async property on DOMDocument. |
61246 | Failed to query IXMLDOMDocument interface. |
61247 | MSXML Schema Validation Error 0x%1!x!. At Line=%2!d!, Column=%3!d!, %4 |
61248 | OutType : '%1' is invalid for InType : '%2'. |
61249 | InType : '%1' not found. |
61251 | Duplicate map name used: '%1'. |
61252 | Only one bit may be set in bit map : '%1' 0x%2!x!. |
61256 | Automatic string Id generation logic can only support 16 event providers. Beyond that, string Ids must be explicitly assigned using <message> entries. |
61257 | Duplicate message ID was specified - 0x%1!x!. This can happen when an auto-generated messageId conflicts with those explicitly specified using a <messageTable> or a .mc file. |
61259 | Duplicate Filter Symbol used : '%1'. |
61260 | Two Filters have the same Id:%1!u!(0x%1!x!) and Version:%2!u!(0x%2!x!). |
61261 | UserData not allowed for template with TId '%1', since it is a filter template. |
61262 | Struct not allowed for property '%1' of template with TId '%2', since it is a filter template. |
61263 | Array not allowed for property '%1' of template with TId '%2', since it is a filter template. |
61264 | Map not allowed for template with TId '%1', since it is a filter template. |
61265 | Attribute outType is required for property '%1' of template with TId '%2', since it is a filter template. |
61266 | Duplicate Filter Name used : '%1'. |
61267 | Required attribute 'chid' is missing for the channel element with name '%1'. |
61268 | For channel '%1', value of attribute 'access' is not a valid SDDL string: '%2'. |
61269 | A <message> element has reference to a non-existent <string> entry: '%1'. |
61270 | Two <message> entries are referring the same <string> entry: '%1'. |
61271 | For Template with TId '%1', only one <binary> element is allowed. |
61272 | Two <message> entries have the same MId: '%1'. |
61273 | For event '%1', with Id %2!u!(0x%2!x!), attribute 'message' is required, since it logged to an Admin Channel. |
61274 | For event '%1', with Id %2!u!(0x%2!x!), level must be specified and it should be one of Critical, Error, Warning, or Informational, since it is logged to an Admin Channel. |
61275 | Two <message> entries have the same symbol: '%1'. |
61276 | The instrumentation node is either missing or in the wrong namespace. |
61278 | For <data> element '%1', the prefix of '%2' is not in the winmeta namespace. |
61279 | For <counter> element with Id %1!u!(0x%1!x!), under <counterSet> '%2', attribute 'field' is not allowed, since provider is userMode. |
61280 | For <counter> element with Id %1!u!(0x%1!x!), under <counterSet> '%2', attribute 'struct' is required, since provider is kernelMode. |
61281 | For <counter> element with Id %1!u!(0x%1!x!), under <counterSet> '%2', attribute 'field' is required, since provider is kernelMode. |
61282 | For <counterSet> element '%1', under <provider> '%2', child element <structs> is required, since provider is kernelMode. |
61283 | For <counterSet> element '%1', under <provider> '%2', child element <structs> is not allowed, since provider is userMode. |
61284 | For <provider> element '%1', attribute symbol is required, since provider is userMode. |
61285 | For <provider> element '%1', attribute symbol is not allowed, since provider is kernelMode. |
61286 | For <counter> element with Id %1!u!(0x%1!x!), under <counterSet> '%2', 'id' cannot be greater than 63 since provider is kernelMode. |
61287 | For <counter> element with Id %1!u!(0x%1!x!), under <counterSet> '%2', attribute 'aggregate' is not allowed since the parent counterSet has either single or multiple instances. |
61288 | For <counter> element with Id %1!u!(0x%1!x!), under <counterSet> '%2', attribute 'baseID' is required. Here is the list of counter types that require a baseID and the required types of their base counters: perf_average_bulk perf_average_timer Base: perf_average_base perf_100nsec_multi_timer perf_100nsec_multi_timer_inv perf_counter_multi_timer perf_counter_multi_timer_inv Base: perf_counter_multi_base perf_raw_fraction Base: perf_raw_base perf_large_raw_fraction perf_precision_system_timer perf_precision_100ns_timer Base: perf_large_raw_base perf_sample_fraction Base: perf_sample_base |
61289 | String table references not allowed. Please inline the value of the string: '%1'. |
61290 | For Map '%1', duplicate value %2!u!(0x%2!x!) specified. |
61291 | For Pattern Map '%1', duplicate value '%2' specified. |
61292 | For template '%1', invalid Custom Xml specified. Custom Xml must have a top-level element and it should be in its own namespace. Also, the value of property inserts should not be greater than the number of top-level properties in the template : %2. |
61293 | The <events> node is either missing or in the wrong namespace. The <events> node must be present under <instrumentation> node and should be in the following namespace: 'http://schemas.microsoft.com/win/2004/08/events'. |
61295 | For property '%1', inType must be one of UInt8, UInt16, UInt32, or HexInt32, since map is specified. |
61296 | For property '%1', property '%2' referenced by attribute count must have inType UInt8, UInt16, UInt32, or HexInt32. |
61297 | For property '%1', property '%2' referenced by attribute count cannot have attribute count. |
61298 | For property '%1', property '%2' referenced by attribute length must have inType UInt8, UInt16, UInt32, or HexInt32. |
61299 | For property '%1', property '%2' referenced by attribute length cannot have attribute length. |
61300 | For event '%1', with Id %2!u!(0x%2!x!), a property insert in the event message is referencing a non-existent property. Event only has %3!u! properties: '%4'. |
61301 | For event '%1', with Id %2!u!(0x%2!x!), format specification fields are not allowed in property inserts: '%3'. |
61302 | Length of Channel Name must be between 1 and 256 characters: '%1'. |
61303 | Invalid Channel Name: %1. Following characters are not allowed in a channel name: ascii value <31, double quote, '>','<','&','|','\',''',':','*', and '?'. |
61304 | Length of Provider Name must be between 1 and 256 characters: '%1'. |
61305 | Invalid Provider Name: %1. Following characters are not allowed in a Provider name: ascii value <31, double quote, '>','<','&','|','\',''',':','*', and '?'. |
61306 | Failed to set selection language. |
61307 | Failed to set selection namespace. |
61308 | Failed trying to parse file %1, and failed to retrieve reason for failure. |
61309 | Unknown error 0x%1!x! received from msxml. |
61310 | This element is referenced by %1!u! other element(s). Please remove references before deleting. |
61311 | Specify a name for the map. |
61312 | For <counter> element with Id %1!u!(0x%1!x!), under <counterSet> '%2', attributes 'perfTimeID' and 'perfFreqID' are required, and the counters referenced by those attributes should be of type perf_counter_large_rawcount. This rule applies to counters of following types: perf_counter_obj_time_queuelen_type perf_obj_time_timer perf_elapsed_time perf_precision_object_timer |
61313 | For <counter> element with Id %1!u!(0x%1!x!), under <counterSet> '%2', attribute 'multiCounterID' is required, and the counter referenced by that attribute should be of type perf_counter_rawcount. This rule applies to following counter types: perf_counter_multi_timer perf_counter_multi_timer_inv perf_100nsec_multi_timer perf_100nsec_multi_timer_inv |
61314 | Two providers have defined a channel with duplicate name : '%1'. A given channel name can only be defined by one provider, other providers should use <importChannel> element to refer an existing channel. |
61315 | Two or more events logging to legacy 'System', 'Security' or 'Application' channels are referencing the same message string '%1'. Give each such event a unique message string. |
61316 | String '%1' is given Id %2!u!(0x%2!x!) in a .mc file. Change the Id of this string to be the same as that of the event referencing this string, since the event is logging to 'System', 'Security' or 'Application' channel. |
61317 | String '%1' is explicitly assigned Id %2!u!(0x%2!x!) using a <message> element. Change the Id of this string to be the same as that of the event referencing this string, since the event is logging to 'System', 'Security' or 'Application' channel. |
61318 | For event '%1', with Id %2!u!(0x%2!x!), since Opcode '%3' is local to Task '%4', event must reference the Task '%4'. |
61319 | For event '%1', with Id %2!u!(0x%2!x!), Opcode '%3' is local to Task '%4', but event is referencing Task '%5'. |
61320 | For event '%1', with Id %2!u!(0x%2!x!), Opcode '%3' is global, and its value collides with that of local Opcode '%4' of the Task '%5' that the event is referencing. |
61321 | Duplicate Id %1!u!(0x%1!x!) used in Counter : '%2'. |
61322 | Duplicate Uri '%1' used in Counter : '%2'. |
61323 | Duplicate Name '%1' used in Counter with Id %2!u!(0x%2!x!). |
61324 | Duplicate Symbol '%1' used in Counter : '%2'. |
61325 | Duplicate Guid '%1' used in CounterSet : '%2'. |
61326 | Duplicate Uri '%1' used in CounterSet : '%2'. |
61327 | Duplicate CounterSet Name used : '%1'. |
61328 | Duplicate Symbol '%1' used in CounterSet : '%2'. |
61331 | Map '%1' cannot be empty. |
61332 | Missing Attribute 'id' on one of the <string> elements. |
61333 | For String with Id '%1', attribute 'value' is missing. |
61334 | Duplicate Counter Struct Name used : '%1'. |
61335 | For <counter> element with Id %1!u!(0x%1!x!), under <counterSet> '%2', BaseId value refers to a non-existent counter. |
61336 | For <counter> element with Id %1!u!(0x%1!x!), under <counterSet> '%2', PerfTimeId value refers to a non-existent counter. |
61337 | For <counter> element with Id %1!u!(0x%1!x!), under <counterSet> '%2', PerfFreqId value refers to a non-existent counter. |
61338 | For <counter> element with Id %1!u!(0x%1!x!), under <counterSet> '%2', MultiCounterId value refers to a non-existent counter. |
61339 | For <counter> element with Id %1!u!(0x%1!x!), under <counterSet> '%2', BaseId is not allowed for this counter type. |
61340 | For <counter> element with Id %1!u!(0x%1!x!), under <counterSet> '%2', PerfTimeId is not allowed for this counter type. |
61341 | For <counter> element with Id %1!u!(0x%1!x!), under <counterSet> '%2', PerfFreqId is not allowed for this counter type. |
61342 | For <counter> element with Id %1!u!(0x%1!x!), under <counterSet> '%2', MultiCounterId is not allowed for this counter type. |
61343 | Failed to acquire Schema Version. This can be due to one of the following reasons: 1. The <counters> node is either missing or in the wrong namespace. 2. The <counters> node does not have the schemaVersion attribute. 3. The schemaVersion attribute value is a malformed floating point string. If this is a legacy manifest and the error was received from ctrpp.exe, run ctrpp.exe with -legacy switch. It is recommended to always use ECMangen.exe to create counter manifests to ensure validity. |
61345 | Unrecognized Counter manifest version. Highest major version supported is %1!u!. Try fixing the version or get the latest copy of the tool. |
61347 | Attribute 'resourceBase' is not allowed on <provider> element beginning schemaVersion 2.0. |
61348 | For CounterSet '%1', bad nameID %2!u!(0x%2!x!) was specified. nameID attribute is required, and must be globally unique. In addition, Resource Ids in the file must be either all odd or all even. |
61349 | For CounterSet '%1', bad descriptionID %2!u!(0x%2!x!) was specified. descriptionID attribute is required, and must be globally unique. In addition, Resource Ids in the file must be either all odd or all even. |
61350 | For Counter '%1', bad nameID %2!u!(0x%2!x!) was specified. nameID attribute is required, and must be globally unique. In addition, Resource Ids in the file must be either all odd or all even. |
61351 | For Counter '%1', bad descriptionID %2!u!(0x%2!x!) was specified. descriptionID attribute is required, and must be globally unique. In addition, Resource Ids in the file must be either all odd or all even. |
61352 | Invalid task message for task '%1'. Insertion strings are not allowed in task messages. |
61354 | Invalid opcode message for task '%1'. Insertion strings are not allowed in opcode messages. |
61355 | Invalid channel message for task '%1'. Insertion strings are not allowed in channel messages. |
61356 | Invalid keyword message for task '%1'. Insertion strings are not allowed in keyword messages. |
COM Classes/Interfaces
There is no type library in this file with COM classes/interfaces information
Exported Functions List
The following functions are exported by this dll:DllCanUnloadNow | DllGetClassObject |
TdhAggregatePayloadFilters | TdhApplyPayloadFilter |
TdhCleanupPayloadEventFilterDescriptor | TdhCloseDecodingHandle |
TdhCreatePayloadFilter | TdhDeletePayloadFilter |
TdhEnumerateManifestProviderEvents | TdhEnumerateProviderFieldInformation |
TdhEnumerateProviderFilters | TdhEnumerateProviders |
TdhEnumerateRemoteWBEMProviderFieldInformation | TdhEnumerateRemoteWBEMProviders |
TdhFormatProperty | TdhGetAllEventsInformation |
TdhGetDecodingParameter | TdhGetEventInformation |
TdhGetEventMapInformation | TdhGetManifestEventInformation |
TdhGetProperty | TdhGetPropertyOffsetAndSize |
TdhGetPropertySize | TdhGetWppMessage |
TdhGetWppProperty | TdhLoadManifest |
TdhLoadManifestFromBinary | TdhOpenDecodingHandle |
TdhQueryProviderFieldInformation | TdhQueryRemoteWBEMProviderFieldInformation |
TdhSetDecodingParameter | TdhUnloadManifest |
TdhValidatePayloadFilter |
Imported Functions List
The following functions are imported by this dll:- msvcrt.dll:
_CxxThrowException _XcptFilter __CxxFrameHandler __RTDynamicCast __RTtypeid __dllonexit __iob_func _amsg_exit _callnewh _errno _except_handler4_common _exit _ftol2 _initterm _lock _onexit _purecall _resetstkoflw _splitpath_s _strcmpi _unlock _vsnprintf _vsnwprintf _wcsicmp _wcsnicmp _wcstoi64 _wcstoui64 _wfopen _wtof _wtoi div fclose fgets fgetws floor fopen fprintf fputs free isdigit iswspace malloc memcmp memcpy memcpy_s memmove memmove_s memset printf public: __thiscall exception::exception(char const * const &) public: __thiscall exception::exception(class exception const &) public: __thiscall exception::exception(void) public: int __thiscall type_info::operator==(class type_info const &)const public: virtual __thiscall exception::~exception(void) public: virtual __thiscall type_info::~type_info(void) public: virtual char const * __thiscall exception::what(void)const sprintf_s strchr strcpy_s strncmp strncpy_s strnlen strrchr strstr swscanf tolower vfprintf vsprintf_s wcschr wcscpy_s wcsncmp wcsrchr wcsstr wcstok wcstok_s wcstol wcstoul - ntdll.dll:
EtwGetTraceEnableFlags EtwGetTraceEnableLevel EtwGetTraceLoggerHandle EtwRegisterTraceGuidsW EtwTraceMessage EtwUnregisterTraceGuids RtlAcquireSRWLockExclusive RtlAcquireSRWLockShared RtlEthernetAddressToStringW RtlGUIDFromString RtlInitializeConditionVariable RtlIpv4AddressToStringExW RtlIpv6AddressToStringExW RtlIpv6AddressToStringW RtlLengthRequiredSid RtlReleaseSRWLockExclusive RtlReleaseSRWLockShared RtlSubAuthorityCountSid - api-ms-win-core-heap-l1-2-0.dll:
KernelBase!GetProcessHeap ntdll!RtlAllocateHeap ntdll!RtlFreeHeap ntdll!RtlReAllocateHeap - api-ms-win-core-synch-l1-2-0.dll:
KernelBase!InitOnceExecuteOnce KernelBase!Sleep ntdll!RtlAcquireSRWLockExclusive ntdll!RtlAcquireSRWLockShared ntdll!RtlDeleteCriticalSection ntdll!RtlEnterCriticalSection ntdll!RtlInitializeCriticalSection ntdll!RtlLeaveCriticalSection ntdll!RtlReleaseSRWLockExclusive ntdll!RtlReleaseSRWLockShared - api-ms-win-core-heap-l2-1-0.dll:
KernelBase!LocalAlloc KernelBase!LocalFree - api-ms-win-core-libraryloader-l1-2-0.dll:
KernelBase!FindResourceExW KernelBase!FreeLibrary KernelBase!FreeResource KernelBase!GetModuleFileNameA KernelBase!GetModuleHandleExW KernelBase!GetProcAddress KernelBase!LoadLibraryExW KernelBase!LoadResource KernelBase!LoadStringW KernelBase!LockResource KernelBase!SizeofResource - api-ms-win-core-processthreads-l1-1-2.dll:
kernel32!GetCurrentProcess kernel32!GetCurrentProcessId kernel32!GetCurrentThreadId kernel32!TerminateProcess kernel32!TlsAlloc kernel32!TlsFree kernel32!TlsGetValue kernel32!TlsSetValue - api-ms-win-core-registry-l1-1-0.dll:
KernelBase!RegCloseKey KernelBase!RegEnumKeyExW KernelBase!RegOpenKeyExW KernelBase!RegQueryInfoKeyW KernelBase!RegQueryValueExW - api-ms-win-core-wow64-l1-1-0.dll:
KernelBase!IsWow64Process KernelBase!Wow64DisableWow64FsRedirection KernelBase!Wow64RevertWow64FsRedirection - api-ms-win-core-localization-l1-2-1.dll:
KernelBase!FormatMessageW - api-ms-win-core-errorhandling-l1-1-1.dll:
KernelBase!GetLastError KernelBase!SetUnhandledExceptionFilter KernelBase!UnhandledExceptionFilter ntdll!RtlRestoreLastWin32Error - api-ms-win-core-processenvironment-l1-2-0.dll:
KernelBase!ExpandEnvironmentStringsW KernelBase!GetCurrentDirectoryW KernelBase!GetEnvironmentVariableA KernelBase!GetEnvironmentVariableW KernelBase!SearchPathW - api-ms-win-core-file-l1-2-1.dll:
KernelBase!CreateFileA KernelBase!CreateFileW KernelBase!DeleteFileW KernelBase!FileTimeToLocalFileTime KernelBase!FindFirstVolumeW KernelBase!FindNextVolumeW KernelBase!FindVolumeClose KernelBase!GetFileSize KernelBase!GetFileTime KernelBase!GetTempPathW KernelBase!QueryDosDeviceW KernelBase!WriteFile - api-ms-win-core-memory-l1-1-2.dll:
KernelBase!CreateFileMappingW KernelBase!MapViewOfFile KernelBase!UnmapViewOfFile KernelBase!VirtualAllocEx KernelBase!VirtualFreeEx - api-ms-win-core-debug-l1-1-1.dll:
KernelBase!OutputDebugStringA - api-ms-win-core-profile-l1-1-0.dll:
ntdll!RtlQueryPerformanceCounter - api-ms-win-core-sysinfo-l1-2-1.dll:
KernelBase!GetSystemTimeAsFileTime KernelBase!GetTickCount KernelBase!GetVersionExW - SECHOST.dll:
EtwQueryRealtimeConsumer - api-ms-win-core-handle-l1-1-0.dll:
KernelBase!CloseHandle - api-ms-win-core-string-l1-1-0.dll:
KernelBase!MultiByteToWideChar KernelBase!WideCharToMultiByte - api-ms-win-core-timezone-l1-1-0.dll:
KernelBase!FileTimeToSystemTime - api-ms-win-security-base-l1-2-0.dll:
KernelBase!GetLengthSid - api-ms-win-core-datetime-l1-1-1.dll:
KernelBase!GetDateFormatW KernelBase!GetTimeFormatW - api-ms-win-core-interlocked-l1-2-0.dll:
ntdll!RtlInitializeSListHead ntdll!RtlInterlockedFlushSList ntdll!RtlInterlockedPopEntrySList ntdll!RtlInterlockedPushEntrySList - api-ms-win-eventing-controller-l1-1-0.dll:
sechost!StartTraceW sechost!StopTraceW - api-ms-win-eventing-classicprovider-l1-1-0.dll:
ntdll!EtwLogTraceEvent - api-ms-win-eventing-consumer-l1-1-0.dll:
sechost!CloseTrace sechost!OpenTraceW sechost!ProcessTrace - api-ms-win-core-delayload-l1-1-1.dll:
KernelBase!DelayLoadFailureHook KernelBase!ResolveDelayLoadedAPI - api-ms-win-security-lsalookup-l1-1-1.dll:
sechost!LookupAccountSidLocalW