Windows 10 DLL File Information

Windows 10 DLL File Information - wevtsvc.dll

The following DLL report was generated by automatic DLL script that scanned and loaded all DLL files in the system32 directory of Windows 10, extracted the information from them, and then saved it into HTML reports. If you want to view a report of another DLL, go to the main page of this Web site.

General Information

File Description:	Event Logging Service
File Version:	10.0.10130.0 (fbl_impressive.150522-2224)
Company:	Microsoft Corporation
Product Name:	Microsoft® Windows® Operating System
DLL popularity	Very Low - There is no any other DLL in system32 directory that is statically linked to this file.
File Size:	1,327 KB
Total Number of Exported Functions:	2
Total Number of Exported Functions With Names:	2

Section Headers

Name	Virtual Address	Raw Data Size	% of File	Characteristics	Section Contains...
.text	0x00001000	1,169,408 Bytes	86.0%	Read, Execute	Code
.data	0x0011f000	90,624 Bytes	6.7%	Write, Read	Initialized Data
.idata	0x00137000	13,824 Bytes	1.0%	Read	Initialized Data
.didat	0x0013b000	512 Bytes	0.0%	Write, Read	Initialized Data
.rsrc	0x0013c000	19,456 Bytes	1.4%	Read	Initialized Data
.reloc	0x00141000	64,512 Bytes	4.7%	Read, Discardable	Initialized Data

Static Linking

This means that when wevtsvc.dll is loaded, the above files are automatically loaded too. If one of these files is corrupted or missing, wevtsvc.dll won't be loaded.

General Resources Information

Resource Type	Number of Items	Total Size	% of File
Icons	0	0 Bytes	0.0%
Animated Icons	0	0 Bytes	0.0%
Cursors	0	0 Bytes	0.0%
Animated Cursors	0	0 Bytes	0.0%
Bitmaps	0	0 Bytes	0.0%
AVI Files	0	0 Bytes	0.0%
Dialog-Boxes	0	0 Bytes	0.0%
HTML Related Files	0	0 Bytes	0.0%
Menus	0	0 Bytes	0.0%
Strings	2	658 Bytes	0.0%
Type Libraries	0	0 Bytes	0.0%
Manifest	0	0 Bytes	0.0%
All Others	4	27,738 Bytes	2.0%
Total	6	28,396 Bytes	2.1%

Icons in this file

No icons found in this file

Cursors in this file

No cursors found in this file

Dialog-boxes list (up to 1000 dialogs)

No dialog resources in this file.

String resources in this dll (up to 1000 strings)

String ID	String Text
200	Windows Event Log
201	This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system.

COM Classes/Interfaces

There is no type library in this file with COM classes/interfaces information

Exported Functions List

The following functions are exported by this dll:

ServiceMain

SvchostPushServiceGlobals

Imported Functions List

The following functions are imported by this dll:

msvcrt.dll:

_CxxThrowException

_HUGE

_XcptFilter

__CxxFrameHandler

___lc_codepage_func

___lc_handle_func

___mb_cur_max_func

__crtGetStringTypeW

__crtLCMapStringW

__dllonexit

__mb_cur_max

__pctype_func

__uncaught_exception

_amsg_exit

_errno

_except_handler4_common

_ftol2

_i64tow

_i64tow_s

_initterm

_itow_s

_lock

_ltow

_onexit

_purecall

_strnicmp

_ui64tow_s

_ultow

_ultow_s

_unlock

_vscwprintf

_vsnprintf

_vsnwprintf

_wcsicmp

_wcsnicmp

_wcstoi64

_wcstoui64

_wfopen

_wsplitpath_s

_wtof

_wtoi

_wtoi64

_wtol

abort

bsearch

calloc

fclose

fgetws

floor

free

iswalnum

iswalpha

iswdigit

iswspace

localeconv

malloc

memchr

memcmp

memcpy

memcpy_s

memmove_s

memset

public: __thiscall bad_cast::bad_cast(class bad_cast const &)

public: __thiscall exception::exception(char const * const &)

public: __thiscall exception::exception(class exception const &)

public: __thiscall exception::exception(void)

public: virtual __thiscall bad_cast::~bad_cast(void)

public: virtual __thiscall exception::~exception(void)

public: virtual __thiscall type_info::~type_info(void)

public: virtual char const * __thiscall exception::what(void)const

qsort

setlocale

sprintf_s

strcspn

strncmp

strnlen

swprintf_s

swscanf

swscanf_s

towupper

void __cdecl terminate(void)

vswprintf_s

wcschr

wcscpy_s

wcsncmp

wcsncpy_s

wcspbrk

wcsrchr

wcsstr

wcstod

wcstok

wcstol

wcstoul

ntdll.dll:

EtwEventRegister	EtwEventUnregister
EtwEventWrite	EtwGetTraceEnableFlags
EtwGetTraceEnableLevel	EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW	EtwTraceMessage
EtwUnregisterTraceGuids	NtClose
NtCreateFile	NtDeleteFile
NtDuplicateObject	NtEnumerateKey
NtOpenKey	NtOpenProcess
NtQueryAttributesFile	NtQuerySystemInformation
NtQuerySystemTime	NtQueryVolumeInformationFile
NtReadFile	NtWriteFile
RtlAcquireResourceExclusive	RtlAcquireResourceShared
RtlAcquireSRWLockExclusive	RtlAcquireSRWLockShared
RtlAllocateHeap	RtlAnsiStringToUnicodeString
RtlCompareMemory	RtlComputeCrc32
RtlCopySecurityDescriptor	RtlCopyUnicodeString
RtlCreateHeap	RtlDeleteCriticalSection
RtlDeleteElementGenericTableAvl	RtlDeleteResource
RtlDeleteSecurityObject	RtlDosPathNameToNtPathName_U
RtlEnterCriticalSection	RtlEnumerateGenericTableAvl
RtlEthernetAddressToStringW	RtlFreeAnsiString
RtlFreeAnsiString	RtlFreeHeap
RtlGetLastNtStatus	RtlGetVersion
RtlInitUnicodeString	RtlInitializeCriticalSection
RtlInitializeGenericTableAvl	RtlInitializeResource
RtlInsertElementGenericTableAvl	RtlIpv4AddressToStringExW
RtlIpv6AddressToStringExW	RtlIpv6AddressToStringW
RtlLeaveCriticalSection	RtlLengthSid
RtlLookupElementGenericTableAvl	RtlNtStatusToDosError
RtlNtStatusToDosErrorNoTeb	RtlReleaseResource
RtlReleaseSRWLockExclusive	RtlReleaseSRWLockShared
RtlRestoreLastWin32Error	RtlSecondsSince1970ToTime
RtlSetLastWin32ErrorAndNtStatusFromNtStatus	RtlTimeToSecondsSince1970
RtlUnicodeStringToAnsiString

api-ms-win-core-errorhandling-l1-1-1.dll:

KernelBase!GetLastError KernelBase!SetUnhandledExceptionFilter KernelBase!UnhandledExceptionFilter
ntdll!RtlRestoreLastWin32Error

api-ms-win-core-registry-l1-1-0.dll:

KernelBase!RegCloseKey	KernelBase!RegCreateKeyExW	KernelBase!RegDeleteKeyExW
KernelBase!RegDeleteValueW	KernelBase!RegEnumKeyExW	KernelBase!RegGetKeySecurity
KernelBase!RegGetValueW	KernelBase!RegNotifyChangeKeyValue	KernelBase!RegOpenKeyExW
KernelBase!RegQueryInfoKeyW	KernelBase!RegQueryValueExW	KernelBase!RegSetValueExW

api-ms-win-core-synch-l1-2-0.dll:

KernelBase!CancelWaitableTimer	KernelBase!CreateEventW
KernelBase!CreateWaitableTimerExW	KernelBase!InitializeCriticalSectionAndSpinCount
KernelBase!OpenEventW	KernelBase!ResetEvent
KernelBase!SetEvent	KernelBase!SetWaitableTimer
KernelBase!Sleep	KernelBase!SleepConditionVariableCS
KernelBase!WaitForMultipleObjectsEx	KernelBase!WaitForSingleObject
ntdll!RtlAcquireSRWLockExclusive	ntdll!RtlAcquireSRWLockShared
ntdll!RtlDeleteCriticalSection	ntdll!RtlEnterCriticalSection
ntdll!RtlInitializeConditionVariable	ntdll!RtlInitializeConditionVariable
ntdll!RtlInitializeCriticalSection	ntdll!RtlLeaveCriticalSection
ntdll!RtlReleaseSRWLockExclusive	ntdll!RtlReleaseSRWLockShared
ntdll!RtlWakeAllConditionVariable

api-ms-win-core-handle-l1-1-0.dll:

KernelBase!CloseHandle

RPCRT4.dll:

I_RpcBindingInqLocalClientPID	I_RpcBindingIsClientLocal	I_RpcMapWin32Status
I_RpcSessionStrictContextHandle	NdrAsyncServerCall	NdrServerCall2
RpcAsyncCompleteCall	RpcBindingToStringBindingW	RpcBindingVectorFree
RpcEpRegisterW	RpcEpUnregister	RpcImpersonateClient
RpcRevertToSelf	RpcRevertToSelfEx	RpcServerInqBindings
RpcServerRegisterAuthInfoW	RpcServerRegisterIf3	RpcServerRegisterIfEx
RpcServerSubscribeForNotification	RpcServerUnregisterIfEx	RpcServerUnsubscribeForNotification
RpcServerUseProtseqEpW	RpcServerUseProtseqExW	RpcStringBindingParseW
RpcStringFreeW	UuidCreate	UuidFromStringW
UuidToStringW

api-ms-win-security-base-l1-2-0.dll:

KernelBase!AccessCheck	KernelBase!AccessCheckAndAuditAlarmW	KernelBase!AddAce
KernelBase!AdjustTokenPrivileges	KernelBase!AllocateAndInitializeSid	KernelBase!CheckTokenMembershipEx
KernelBase!CopySid	KernelBase!CreateWellKnownSid	KernelBase!FreeSid
KernelBase!GetAce	KernelBase!GetAclInformation	KernelBase!GetLengthSid
KernelBase!GetSecurityDescriptorControl	KernelBase!GetSecurityDescriptorDacl	KernelBase!GetSecurityDescriptorGroup
KernelBase!GetSecurityDescriptorLength	KernelBase!GetSecurityDescriptorOwner	KernelBase!GetSecurityDescriptorSacl
KernelBase!GetTokenInformation	KernelBase!InitializeAcl	KernelBase!InitializeSecurityDescriptor
KernelBase!IsValidAcl	KernelBase!IsValidSecurityDescriptor	KernelBase!IsValidSid
KernelBase!IsWellKnownSid	KernelBase!MakeSelfRelativeSD	KernelBase!MapGenericMask
KernelBase!PrivilegeCheck	KernelBase!SetSecurityDescriptorDacl	KernelBase!SetSecurityDescriptorGroup
KernelBase!SetSecurityDescriptorOwner	KernelBase!SetSecurityDescriptorSacl

api-ms-win-core-heap-l2-1-0.dll:

KernelBase!LocalAlloc KernelBase!LocalFree
api-ms-win-core-heap-l1-2-0.dll:

KernelBase!GetProcessHeap KernelBase!HeapDestroy ntdll!RtlAllocateHeap ntdll!RtlFreeHeap
ntdll!RtlReAllocateHeap ntdll!RtlSizeHeap

api-ms-win-core-libraryloader-l1-2-0.dll:

KernelBase!FindResourceExW	KernelBase!FreeLibrary	KernelBase!FreeResource	KernelBase!GetModuleFileNameA
KernelBase!GetModuleFileNameW	KernelBase!GetModuleHandleExW	KernelBase!GetModuleHandleW	KernelBase!GetProcAddress
KernelBase!LoadLibraryExW	KernelBase!LoadResource	KernelBase!LockResource	KernelBase!SizeofResource

api-ms-win-core-processthreads-l1-1-2.dll:

KernelBase!OpenProcessToken	KernelBase!OpenThreadToken	KernelBase!SetThreadToken	kernel32!CreateThread
kernel32!GetCurrentProcess	kernel32!GetCurrentProcessId	kernel32!GetCurrentThread	kernel32!GetCurrentThreadId
kernel32!TerminateProcess	kernel32!TlsAlloc	kernel32!TlsFree	kernel32!TlsGetValue
kernel32!TlsSetValue

api-ms-win-core-file-l2-1-1.dll:

KernelBase!MoveFileExW

api-ms-win-core-threadpool-l1-2-0.dll:

KernelBase!CreateThreadpoolCleanupGroup	KernelBase!CreateThreadpoolTimer	KernelBase!CreateThreadpoolWait
KernelBase!CreateThreadpoolWork	ntdll!TpCallbackUnloadDllOnCompletion	ntdll!TpPostWork
ntdll!TpReleaseCleanupGroup	ntdll!TpReleaseCleanupGroupMembers	ntdll!TpReleaseTimer
ntdll!TpReleaseWait	ntdll!TpReleaseWork	ntdll!TpSetTimer
ntdll!TpSetWait	ntdll!TpWaitForTimer	ntdll!TpWaitForWait

api-ms-win-core-sysinfo-l1-2-1.dll:

KernelBase!GetComputerNameExW	KernelBase!GetLocalTime	KernelBase!GetOsSafeBootMode
KernelBase!GetSystemInfo	KernelBase!GetSystemTime	KernelBase!GetSystemTimeAsFileTime
KernelBase!GetTickCount	KernelBase!GetTickCount64	KernelBase!GetVersionExW
KernelBase!GlobalMemoryStatusEx

api-ms-win-core-processenvironment-l1-2-0.dll:

KernelBase!ExpandEnvironmentStringsW KernelBase!GetCurrentDirectoryW KernelBase!GetEnvironmentVariableW
KernelBase!SearchPathW

api-ms-win-core-file-l1-2-1.dll:

KernelBase!CompareFileTime	KernelBase!CreateDirectoryW	KernelBase!CreateFileW
KernelBase!DeleteFileW	KernelBase!FileTimeToLocalFileTime	KernelBase!FlushFileBuffers
KernelBase!GetDiskFreeSpaceExW	KernelBase!GetFileAttributesExW	KernelBase!GetFileAttributesW
KernelBase!GetFileInformationByHandle	KernelBase!GetFileSize	KernelBase!GetFileSizeEx
KernelBase!GetTempFileNameW	KernelBase!GetTempPathW	KernelBase!LocalFileTimeToFileTime
KernelBase!ReadFile	KernelBase!SetEndOfFile	KernelBase!SetFilePointer
KernelBase!SetFilePointerEx	KernelBase!WriteFile

api-ms-win-core-memory-l1-1-2.dll:

KernelBase!CreateFileMappingW KernelBase!MapViewOfFile KernelBase!UnmapViewOfFile
api-ms-win-eventing-consumer-l1-1-0.dll:

sechost!CloseTrace sechost!OpenTraceW sechost!ProcessTrace

api-ms-win-core-localization-l1-2-1.dll:

KernelBase!FormatMessageW	KernelBase!GetSystemDefaultLangID
KernelBase!GetThreadLocale	KernelBase!GetThreadPreferredUILanguages
KernelBase!GetThreadUILanguage	KernelBase!SetThreadPreferredUILanguages
KernelBase!SetThreadUILanguage

api-ms-win-eventing-controller-l1-1-0.dll:

sechost!ControlTraceW sechost!EnableTraceEx2 sechost!StartTraceW
WS2_32.dll:

WSAAddressToStringW WSACleanup WSAStartup htonl
htons
api-ms-win-core-timezone-l1-1-0.dll:

KernelBase!FileTimeToSystemTime KernelBase!GetTimeZoneInformation
KernelBase!SystemTimeToFileTime KernelBase!SystemTimeToTzSpecificLocalTime
api-ms-win-core-string-l1-1-0.dll:

KernelBase!MultiByteToWideChar KernelBase!WideCharToMultiByte
api-ms-win-core-debug-l1-1-1.dll:

KernelBase!DebugBreak KernelBase!OutputDebugStringA
api-ms-win-core-profile-l1-1-0.dll:

ntdll!RtlQueryPerformanceCounter
bcrypt.dll:

BCryptCloseAlgorithmProvider BCryptCreateHash BCryptDestroyHash BCryptFinishHash
BCryptGetProperty BCryptHashData BCryptOpenAlgorithmProvider
api-ms-win-eventing-provider-l1-1-0.dll:

ntdll!EtwEventRegister ntdll!EtwEventSetInformation ntdll!EtwEventUnregister ntdll!EtwEventWrite
ntdll!EtwEventWriteTransfer
api-ms-win-core-version-l1-1-0.dll:

KernelBase!GetFileVersionInfoExW KernelBase!GetFileVersionInfoSizeExW KernelBase!VerQueryValueW
api-ms-win-core-datetime-l1-1-1.dll:

KernelBase!GetDateFormatW KernelBase!GetTimeFormatW
api-ms-win-core-atoms-l1-1-0.dll:

kernel32!AddAtomA kernel32!DeleteAtom kernel32!FindAtomA kernel32!InitAtomTable
api-ms-win-core-threadpool-legacy-l1-1-0.dll:

KernelBase!UnregisterWaitEx
api-ms-win-core-kernel32-legacy-l1-1-1.dll:

kernel32!GetComputerNameW kernel32!PulseEvent
api-ms-win-core-threadpool-private-l1-1-0.dll:

KernelBase!RegisterWaitForSingleObjectEx
api-ms-win-security-grouppolicy-l1-1-0.dll:

KernelBase!RegisterGPNotificationInternal KernelBase!UnregisterGPNotificationInternal
api-ms-win-core-delayload-l1-1-1.dll:

KernelBase!DelayLoadFailureHook KernelBase!ResolveDelayLoadedAPI

KernelBase!GetLastError	KernelBase!SetUnhandledExceptionFilter	KernelBase!UnhandledExceptionFilter
ntdll!RtlRestoreLastWin32Error

KernelBase!GetProcessHeap	KernelBase!HeapDestroy	ntdll!RtlAllocateHeap	ntdll!RtlFreeHeap
ntdll!RtlReAllocateHeap	ntdll!RtlSizeHeap

KernelBase!ExpandEnvironmentStringsW	KernelBase!GetCurrentDirectoryW	KernelBase!GetEnvironmentVariableW
KernelBase!SearchPathW

KernelBase!FileTimeToSystemTime	KernelBase!GetTimeZoneInformation
KernelBase!SystemTimeToFileTime	KernelBase!SystemTimeToTzSpecificLocalTime

BCryptCloseAlgorithmProvider	BCryptCreateHash	BCryptDestroyHash	BCryptFinishHash
BCryptGetProperty	BCryptHashData	BCryptOpenAlgorithmProvider

ntdll!EtwEventRegister	ntdll!EtwEventSetInformation	ntdll!EtwEventUnregister	ntdll!EtwEventWrite
ntdll!EtwEventWriteTransfer