Import table
advapi32.dll
StartServiceW, OpenServiceW, OpenSCManagerW, DeleteService, CloseServiceHandle, CreateServiceW, OpenProcessToken
kernel32.dll
TlsFree, GetCurrentThreadId, GetSystemInfo, GetLastError, GetCurrentProcess, GetProcAddress, GetModuleFileNameA, GetFullPathNameW, GetEnvironmentVariableW, SetEnvironmentVariableW, SetEvent, LoadLibraryW, GetModuleHandleA, CloseHandle, GetThreadContext, SetThreadContext, WaitForSingleObject, OpenProcess, Thread32First, ReadProcessMemory, Thread32Next, VirtualAllocEx, OpenThread, CreateEventW, CreateToolhelp32Snapshot, DuplicateHandle, WriteProcessMemory, SuspendThread, ResumeThread, TlsAlloc, CreateProcessW, CreateRemoteThread, TlsSetValue, TerminateProcess, SetLastError, GetExitCodeThread, WaitForMultipleObjects, GetCurrentProcessId, FatalAppExitW, GetModuleFileNameW, CreateFileW, HeapAlloc, InterlockedIncrement, HeapFree, IsBadReadPtr, InitializeCriticalSection, Sleep, LeaveCriticalSection, EnterCriticalSection, VirtualProtect, DeleteCriticalSection, GetModuleHandleW, GetVersionExW, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, UnhandledExceptionFilter, SetUnhandledExceptionFilter, LoadLibraryA, HeapCreate, HeapDestroy, FreeLibrary, TlsGetValue, InterlockedExchange, VirtualFree, VirtualAlloc, HeapReAlloc, IsDebuggerPresent, RtlUnwind, InterlockedDecrement, InitializeCriticalSectionAndSpinCount, ExitProcess, WriteFile, GetStdHandle, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, GetLocaleInfoA, GetStringTypeA, MultiByteToWideChar, GetStringTypeW, LCMapStringA, WideCharToMultiByte, LCMapStringW
psapi.dll
EnumProcessModules, GetModuleInformation
Export table
_DbgAttachDebugger@0
_DbgDetachDebugger@0
_DbgGetProcessIdByHandle@8
_DbgGetThreadIdByHandle@8
_DbgHandleToObjectName@16
_DbgIsAvailable@0
_DbgIsEnabled@0
_GacCreateContext@0
_GacInstallAssembly@16
_GacReleaseContext@4
_GacUninstallAssembly@16
_HookCompleteInjection@4
_LhBarrierBeginStackTrace@4
_LhBarrierCallStackTrace@12
_LhBarrierEndStackTrace@4
_LhBarrierGetAddressOfReturnAddress@4
_LhBarrierGetCallback@4
_LhBarrierGetCallingModule@4
_LhBarrierGetReturnAddress@4
_LhBarrierPointerToModule@8
_LhEnumModules@12
_LhInstallHook@16
_LhIsThreadIntercepted@12
_LhSetExclusiveACL@12
_LhSetGlobalExclusiveACL@8
_LhSetGlobalInclusiveACL@8
_LhSetInclusiveACL@12
_LhUninstallAllHooks@0
_LhUninstallHook@4
_LhUpdateModuleInformation@0
_LhWaitForPendingRemovals@0
_RhCreateAndInject@36
_RhCreateStealthRemoteThread@16
_RhGetProcessToken@8
_RhInjectLibrary@28
_RhInstallDriver@8
_RhInstallSupportDriver@0
_RhIsAdministrator@0
_RhIsX64Process@8
_RhIsX64System@0
_RhWakeUpProcess@0
_RtlCreateSuspendedProcess@20
_RtlGetLastError@0
_RtlGetLastErrorString@0
_RtlInstallService@12
