Import table
advapi32.dll
ControlService, SetTokenInformation, ImpersonateLoggedOnUser, CreateProcessAsUserW, StartServiceW, ConvertSidToStringSidW, QueryServiceStatus, DuplicateTokenEx, RegSetValueExW, LsaRetrievePrivateData, LookupAccountNameW, AccessCheck, GetSecurityDescriptorLength, RegCreateKeyExW, ConvertStringSecurityDescriptorToSecurityDescriptorW, QueryServiceStatusEx, SaferCreateLevel, SaferComputeTokenFromLevel, SaferCloseLevel, CommandLineFromMsiDescriptor, IsValidSecurityDescriptor, LookupAccountSidW, FreeSid, AllocateAndInitializeSid, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, AddAccessAllowedAce, InitializeAcl, GetLengthSid, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, CloseServiceHandle, OpenServiceW, OpenSCManagerW, AllocateLocallyUniqueId, SetServiceStatus, RegQueryValueA, RegisterServiceCtrlHandlerExW, RegisterEventSourceW, ReportEventW, DeregisterEventSource, IsValidSid, GetSidIdentifierAuthority, GetSidSubAuthorityCount, GetSidSubAuthority, GetSecurityDescriptorDacl, GetAce, RegOpenKeyW, RegQueryValueW, CryptAcquireContextW, CryptReleaseContext, SystemFunction036, CryptGenRandom, RegNotifyChangeKeyValue, RegQueryInfoKeyW, RegEnumValueW, ImpersonateAnonymousToken, OpenThreadToken, RevertToSelf, RegOpenUserClassesRoot, SaferiCompareTokenLevels, CheckTokenMembership, CopySid, SetThreadToken, CreateWellKnownSid, LsaOpenPolicy, LsaQueryInformationPolicy, LsaClose, EqualSid, GetTokenInformation, OpenProcessToken, ChangeServiceConfigW, LsaFreeMemory
kernel32.dll
DisableThreadLibraryCalls, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, LoadLibraryA, InterlockedCompareExchange, FreeLibrary, GetProcAddress, TlsAlloc, LocalAlloc, CreateEventA, LocalFree, Sleep, GetComputerNameA, QueryPerformanceCounter, GlobalMemoryStatus, GetDiskFreeSpaceA, InterlockedExchange, EnterCriticalSection, LeaveCriticalSection, GetComputerNameW, GetLastError, lstrcmpW, GetProcessHeap, HeapAlloc, HeapFree, GetDriveTypeW, lstrcpynW, MultiByteToWideChar, lstrlenA, GetExitCodeProcess, WaitForMultipleObjects, CreateMutexW, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, ResumeThread, OpenFileMappingW, CreateProcessW, ReadFile, ReleaseActCtx, WriteFile, WaitNamedPipeW, InitializeCriticalSectionAndSpinCount, lstrcmpiA, MapViewOfFileEx, VirtualAlloc, VirtualFree, GetSystemTimeAsFileTime, DelayLoadFailureHook, SetLastError, CloseHandle, DeviceIoControl, CreateFileW, SleepEx, InterlockedIncrement, InterlockedDecrement, CreateThread, GetSystemInfo, lstrcpyW, lstrlenW, RegisterWaitForSingleObject, CreateEventW, SetEvent, WaitForSingleObject, lstrcatW, TerminateJobObject, GetCurrentThread, InterlockedExchangeAdd, DeleteTimerQueueTimer, CreateTimerQueueTimer, DeleteCriticalSection, IsDebuggerPresent, DebugBreak, ResetEvent, TlsSetValue, TlsGetValue, GetModuleHandleW, LoadLibraryExA, ExpandEnvironmentStringsW, GetModuleFileNameW, ReleaseMutex, FindActCtxSectionGuid, FindActCtxSectionStringW, LoadLibraryW, GetSystemDirectoryW, GetSystemWow64DirectoryW, lstrcmpiW, SearchPathW, AddRefActCtx, OpenProcess, DuplicateHandle, InitializeCriticalSection, OpenEventW, LoadLibraryExW, FindClose, FindFirstFileW
msvcrt.dll
DllMain
ntdll.dll
RtlAllocateHeap, RtlFreeHeap, RtlImageNtHeader, RtlNtStatusToDosError, NtOpenFile, RtlInitString, RtlDeleteCriticalSection, RtlEqualSid, NtCompareTokens, NtQueryInformationToken, DbgPrint, NtQuerySystemInformation, NtOpenSection, NtFsControlFile, NtCreateFile, RtlAdjustPrivilege, NtSetInformationProcess, NtDuplicateToken, NtAllocateLocallyUniqueId, RtlInitUnicodeString, RtlEqualUnicodeString, NtSetUuidSeed, RtlSetSaclSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlSetGroupSecurityDescriptor, RtlSetOwnerSecurityDescriptor, RtlCreateSecurityDescriptor, RtlAddAce, RtlCreateAcl, RtlGetNtProductType, RtlInitializeCriticalSection, RtlLengthRequiredSid, RtlInitializeSid, RtlSubAuthoritySid, RtlAllocateAndInitializeSid, NtClose, NtOpenKey, RtlLengthSid, RtlCopySid
rpcrt4.dll
RpcServerRegisterIf2, RpcMgmtSetServerStackSize, UuidCreate, RpcServerListen, RpcMgmtIsServerListening, I_RpcAllocate, I_RpcFree, RpcServerUseProtseqEpExW, RpcBindingFree, RpcBindingSetAuthInfoW, RpcBindingSetAuthInfoExW, NdrAsyncServerCall, NdrAsyncClientCall, MesEncodeFixedBufferHandleCreate, MesHandleFree, MesDecodeBufferHandleCreate, NdrMesTypeAlignSize2, NdrMesTypeEncode2, NdrMesTypeDecode2, RpcRevertToSelfEx, RpcImpersonateClient, RpcRaiseException, I_RpcBindingInqTransportType, RpcAsyncCompleteCall, RpcBindingSetOption, I_RpcBindingInqWireIdForSnego, RpcServerUnregisterIf, I_RpcServerInqLocalConnAddress, I_RpcServerCheckClientRestriction, TowerExplode, I_RpcSystemFunction001, RpcServerRegisterIfEx, I_RpcServerRegisterForwardFunction, I_RpcServerSetAddressChangeFn, I_RpcExceptionFilter, NdrClientCall2, NdrServerCall2, RpcStringBindingComposeW, RpcMgmtEnableIdleCleanup, I_RpcBindingInqLocalClientPID, RpcRevertToSelf, RpcBindingReset, RpcAsyncCancelCall, RpcBindingFromStringBindingW, RpcBindingSetObject, RpcAsyncInitializeHandle, RpcBindingCopy, RpcServerInqBindings, RpcBindingVectorFree, RpcStringFreeW, RpcBindingToStringBindingW, RpcStringBindingParseW, RpcServerRegisterAuthInfoW
secur32.dll
FreeContextBuffer, LsaLogonUser, LsaLookupAuthenticationPackage, LsaRegisterLogonProcess, LsaFreeReturnBuffer, EnumerateSecurityPackagesW
user32.dll
wsprintfW, LoadStringW, CharUpperW
ws2_32.dll
WSAIoctl, WSASetServiceW
Export table
CoGetComCatalog
GetRPCSSInfo
ServiceMain
WhichService
