Import table
advapi32.dll
LsaEnumerateAccountRights, GetSidIdentifierAuthority, GetSidSubAuthorityCount, GetSidSubAuthority, WmiOpenBlock, WmiCloseBlock, WmiQueryAllDataW, AccessCheck, AddAce, OpenProcessToken, GetSecurityDescriptorDacl, GetSecurityInfo, SetEntriesInAclW, SetSecurityInfo, RegOpenKeyExA, GetUserNameW, LookupAccountSidW, LsaStorePrivateData, LsaRetrievePrivateData, CreateProcessAsUserW, ImpersonateLoggedOnUser, GetKernelObjectSecurity, RegisterEventSourceW, GetFileSecurityW, GetSecurityDescriptorOwner, DeregisterEventSource, RegConnectRegistryW, IsTokenRestricted, EqualSid, LogonUserW, LsaQueryInformationPolicy, CopySid, LookupAccountNameW, GetTokenInformation, CryptGetHashParam, CryptReleaseContext, CryptAcquireContextW, CryptGenKey, CryptDestroyKey, RegCloseKey, RegQueryValueExW, RegOpenKeyW, RegSetValueExW, RegCreateKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, FreeSid, SetKernelObjectSecurity, SetFileSecurityW, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, AddAccessAllowedAce, InitializeAcl, GetLengthSid, SetNamedSecurityInfoW, AllocateAndInitializeSid, RevertToSelf, OpenThreadToken, ImpersonateSelf, UnregisterIdleTask, CloseServiceHandle, QueryServiceStatus, QueryServiceConfigW, OpenServiceW, OpenSCManagerW, RegisterIdleTask, EnumServicesStatusExW, CheckTokenMembership, SetServiceStatus, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegisterServiceCtrlHandlerExW, RegOpenKeyExW, RegDeleteValueW, ReportEventW, LsaClose, LsaFreeMemory, CryptCreateHash, LsaOpenPolicy, LsaAddAccountRights, LsaNtStatusToWinError, LsaRemoveAccountRights, CryptDestroyHash, CryptSignHashW, CryptHashData, IsValidSid
imagehlp.dll
ImageDirectoryEntryToData, ImageNtHeader, ImageRvaToVa
kernel32.dll
FormatMessageW, TlsFree, TlsAlloc, FindNextChangeNotification, GetComputerNameW, LoadLibraryW, WTSGetActiveConsoleSessionId, InterlockedIncrement, InterlockedDecrement, SetThreadPriority, SetEnvironmentVariableW, GetEnvironmentVariableW, SetLastError, GetStartupInfoW, SearchPathW, SetCurrentDirectoryW, LocalReAlloc, GetFileInformationByHandle, GetFileType, lstrcpynW, GetVolumeInformationW, LoadLibraryExA, LoadLibraryExW, GetLocaleInfoW, GetUserDefaultUILanguage, GetUserDefaultLCID, IsBadWritePtr, TlsSetValue, TlsGetValue, GetComputerNameExW, ChangeTimerQueueTimer, DeleteTimerQueueTimer, OpenProcess, CreateTimerQueueTimer, DuplicateHandle, SetEndOfFile, DelayLoadFailureHook, GetDateFormatW, GetTimeFormatW, SetFilePointer, ReadFile, InitializeCriticalSectionAndSpinCount, ExitProcess, GetModuleFileNameW, lstrcmpiW, FindFirstChangeNotificationW, lstrlenW, CreateWaitableTimerW, GetCurrentDirectoryW, LocalFileTimeToFileTime, GetVersionExW, FindCloseChangeNotification, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, SetWaitableTimer, CancelWaitableTimer, InitializeCriticalSection, SetUnhandledExceptionFilter, UnhandledExceptionFilter, WaitForMultipleObjects, GetCurrentProcess, TerminateProcess, CloseHandle, VirtualFree, GetProcessHeap, HeapFree, GetLastError, GetWindowsDirectoryW, HeapAlloc, ReleaseMutex, WaitForSingleObject, FindClose, FindFirstFileW, FindNextFileW, MapViewOfFile, CreateFileMappingW, GetFileSize, CreateFileW, WriteFile, GetFileTime, MultiByteToWideChar, CompareFileTime, SystemTimeToFileTime, GetSystemTime, FileTimeToSystemTime, FileTimeToLocalFileTime, GetCurrentThread, GetFileAttributesW, GetSystemDirectoryW, GetFullPathNameW, ExpandEnvironmentStringsW, UnregisterWaitEx, SetEvent, InterlockedCompareExchange, ResetEvent, Sleep, RegisterWaitForSingleObject, GetTickCount, LocalFree, LocalAlloc, OpenEventW, GetCurrentThreadId, VirtualAlloc, CreateMutexW, CreateEventW, SetFileAttributesW, CreateDirectoryW, FlushFileBuffers, GetExitCodeProcess, CreateProcessW, GetCurrentProcessId, GetLocalTime, FindVolumeClose, FindNextVolumeW, QueryDosDeviceW, GetVolumePathNamesForVolumeNameW, FindFirstVolumeW, DeleteFileW, UnmapViewOfFile, GetDriveTypeW, GetSystemTimeAsFileTime, CreateThread, QueueUserWorkItem, DisableThreadLibraryCalls, GetSystemPowerStatus, InterlockedExchange, DeleteAtom, GetModuleHandleW, GetProcAddress, FreeLibrary, LoadLibraryA, QueryPerformanceCounter
msvcrt.dll
DllMain
netapi32.dll
NetApiBufferFree, DsGetDcNameW, DsRoleFreeMemory, DsRoleGetPrimaryDomainInformation, NetUserGetInfo
ntdll.dll
RtlNtStatusToDosError, NtSetSystemInformation, NtOpenProcessToken, RtlNewSecurityObject, RtlCreateAcl, RtlAddAce, RtlGetVersion, NtCreateFile, NtQueryInformationFile, NtQueryAttributesFile, RtlInitUnicodeString, RtlDosPathNameToNtPathName_U, NtOpenFile, NtQueryDirectoryFile, RtlFreeHeap, NtClose, NtQuerySystemInformation, RtlEqualUnicodeString, RtlInitString, NtSetInformationThread, NtDuplicateToken, NtDuplicateObject, RtlEqualSid, NtAccessCheck, NtOpenThreadToken, NtPowerInformation, RtlInitializeSid, RtlLengthRequiredSid, RtlSubAuthoritySid, RtlCopySid, RtlSubAuthorityCountSid, RtlDeleteSecurityObject, RtlLengthSid, RtlSetSaclSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlSetGroupSecurityDescriptor, RtlSetOwnerSecurityDescriptor, RtlCreateSecurityDescriptor
ntdsapi.dll
DsUnBindW, DsFreeNameResultW, DsBindW, DsCrackNamesW
ole32.dll
CoTaskMemAlloc, CoCreateInstance, CoUninitialize, CoInitializeEx, CoGetCallContext, CoTaskMemFree
rpcrt4.dll
RpcServerUseProtseqW, RpcEpUnregister, RpcServerUnregisterIf, RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcServerRegisterAuthInfoW, RpcBindingVectorFree, RpcImpersonateClient, RpcServerInqBindings, RpcEpRegisterW, RpcRevertToSelf, NdrServerCall2, UuidCreate, RpcServerUnregisterIfEx, RpcBindingToStringBindingW, RpcStringBindingParseW, RpcStringFreeW
secur32.dll
LsaFreeReturnBuffer, LsaDeregisterLogonProcess, LsaCallAuthenticationPackage, LsaLookupAuthenticationPackage, LsaConnectUntrusted, GetUserNameExW
shlwapi.dll
PathFindExtensionW
user32.dll
TranslateMessage, DispatchMessageW, UpdateWindow, GetMessageW, SystemParametersInfoW, GetProcessWindowStation, SetProcessWindowStation, SetUserObjectSecurity, CreateDesktopW, CreateWindowStationW, CloseDesktop, CloseWindowStation, LoadStringW, EnumWindows, EnumThreadWindows, IsWindow, GetWindowThreadProcessId, LoadStringA, MessageBoxA, UnregisterClassW, PostMessageW, SendMessageW, RegisterWindowMessageW, RegisterClassW, CreateWindowExW, ShowWindow, DestroyWindow, DefWindowProcW, PostQuitMessage
userenv.dll
LoadUserProfileW, UnloadUserProfile, DestroyEnvironmentBlock, CreateEnvironmentBlock
wtsapi32.dll
WTSQueryUserToken, WTSQuerySessionInformationW, WTSEnumerateSessionsW, WTSFreeMemory
Export table
CloseProc
SchedServiceMain
SPUninstall
SPUninstallCallback
SysPrepBackup
SysPrepCallback
SysPrepRestore
