Import table
advapi32.dll
ReportEventA, RegQueryValueExW, RegOpenKeyExW, RegQueryValueExA, RegOpenKeyExA, DeregisterEventSource, ReportEventW, RegisterEventSourceW, RegSetValueExW, CopySid, GetLengthSid, FreeSid, ConvertStringSidToSidW, MakeAbsoluteSD, GetSecurityDescriptorLength, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, SetEntriesInAclA, AllocateAndInitializeSid, SetServiceStatus, RegisterServiceCtrlHandlerW, RegCloseKey, GetSecurityDescriptorDacl, GetAclInformation, GetAce, EqualSid, AddAce, AddAccessAllowedAceEx, InitializeAcl
clusapi.dll
GetNodeClusterState
kernel32.dll
CreateEventA, UnregisterWait, SetEvent, WaitForSingleObject, HeapDestroy, HeapCreate, HeapFree, HeapAlloc, DisableThreadLibraryCalls, InterlockedDecrement, InterlockedIncrement, LoadLibraryW, GetProcAddress, FreeLibrary, QueueUserWorkItem, Sleep, GetSystemInfo, CreateIoCompletionPort, CreateThread, GetQueuedCompletionStatus, PostQueuedCompletionStatus, WaitForMultipleObjects, CloseHandle, GetLastError, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, TlsGetValue, TlsFree, TlsAlloc, InitializeCriticalSection, GetCurrentThread, GetThreadContext, DebugBreak, ExpandEnvironmentStringsW, CreateDirectoryW, CreateProcessW, GetExitCodeProcess, FindFirstFileW, FindNextFileW, SetFileAttributesW, DeleteFileW, FindClose, GetModuleHandleW, FindResourceW, LoadResource, LockResource, FormatMessageW, InterlockedExchange, InterlockedCompareExchange, OutputDebugStringA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, RtlCaptureContext, OutputDebugStringW, LocalFree, LocalAlloc, GetSystemDirectoryW, IsDebuggerPresent, WideCharToMultiByte, GetCommandLineA, lstrcmpiW, GetSystemWindowsDirectoryA, GetLocalTime, InterlockedExchangeAdd, ResetEvent, InitializeCriticalSectionAndSpinCount, LoadLibraryExW, GetModuleFileNameW
ktmw32.dll
GetTransactionInformation, GetEnlistmentRecoveryInformation, RollbackEnlistment, IsLogWritableTransactionManager, OpenTransactionManager, CreateTransactionManager, RecoverTransactionManager, OpenTransaction, OpenTransactionManagerById, PropagationComplete, PropagationFailed, OpenResourceManager, CreateResourceManager, OpenEnlistment, SetResourceManagerCompletionPort, GetNotificationResourceManagerAsync, GetTransactionManagerId, RecoverEnlistment, SetEnlistmentRecoveryInformation, PrepareEnlistment, PrivCreateTransaction, CreateEnlistment, RollbackTransaction, CommitEnlistment, RecoverResourceManager, PrivRegisterProtocolAddressInformation, PrivPropagationComplete, PrivPropagationFailed, PrivIsLogWritableTransactionManager, PrePrepareEnlistment
msvcrt.dll
DllMain
netapi32.dll
NetAlertRaiseEx
ntdll.dll
RtlReportException, RtlNtStatusToDosError, RtlInitUnicodeString, RtlOemStringToUnicodeString, RtlInitAnsiString, NtQueryInformationTransaction
ole32.dll
CoGetObjectContext, StringFromGUID2, CoTaskMemFree, CoTaskMemAlloc, CoCreateInstance
rpcrt4.dll
UuidHash, UuidToStringW, RpcStringFreeW, UuidFromStringW
user32.dll
OpenDesktopW, SetThreadDesktop, GetDesktopWindow, SetProcessWindowStation, GetClientRect, MapWindowPoints, SetWindowPos, LoadStringW, OpenWindowStationW, GetThreadDesktop, GetProcessWindowStation, CloseDesktop, CloseWindowStation, SetDlgItemTextW, EndDialog, DialogBoxParamW, GetWindowRect
version.dll
VerQueryValueW
Export table
KtmRmServiceMain
SvchostPushServiceGlobals
