Import table
advapi32.dll
CreateProcessAsUserW, ConvertSecurityDescriptorToStringSecurityDescriptorW, DuplicateTokenEx, RegisterServiceCtrlHandlerExW, SetServiceStatus, RegDeleteKeyExW, GetSecurityDescriptorDacl, GetExplicitEntriesFromAclW, GetSecurityDescriptorControl, CheckTokenMembership, GetTokenInformation, CopySid, RegGetKeySecurity, RegSetKeySecurity, RegQueryInfoKeyW, AllocateAndInitializeSid, IsValidSid, FreeSid, SetEntriesInAclW, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, SetSecurityDescriptorControl, MakeSelfRelativeSD, RegDeleteTreeW, IsValidSecurityDescriptor, GetSecurityDescriptorLength, ConvertStringSecurityDescriptorToSecurityDescriptorW, ImpersonateLoggedOnUser, RevertToSelf, I_ScValidatePnPService, GetTraceEnableFlags, TraceMessage, GetLengthSid, InitializeAcl, AddAccessAllowedAceEx, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegisterEventSourceW, ReportEventW, DeregisterEventSource, I_ScSendPnPMessage, RegEnumValueW, RegEnumKeyExW, RegDeleteKeyW, AdjustTokenPrivileges, ConvertStringSidToSidW, OpenThreadToken, PrivilegeCheck, PrivilegedServiceAuditAlarmW, MapGenericMask, AccessCheckAndAuditAlarmW, RegSetValueExW, RegDeleteValueW, RegQueryValueExW, RegCloseKey, RegOpenKeyExW, RegCreateKeyExW, UnregisterTraceGuids, RegisterTraceGuidsW, GetTraceLoggerHandle, GetTraceEnableLevel
api-ms-win-core-delayload-l1-1-1.dll
ResolveDelayLoadedAPI, DelayLoadFailureHook
api-ms-win-core-errorhandling-l1-1-0.dll
UnhandledExceptionFilter, SetUnhandledExceptionFilter, SetLastError, GetLastError, RaiseException, SetErrorMode
api-ms-win-core-errorhandling-l1-1-1.dll
RaiseException, SetLastError, GetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter
api-ms-win-core-file-l1-1-0.dll
FindFirstFileW, WriteFile, ReadFile, GetLogicalDrives, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, CreateFileW, FlushFileBuffers, SetFilePointer, GetFileSize, DeleteFileW, GetFileInformationByHandle, FindNextFileW, CompareFileTime, SetEndOfFile, CreateDirectoryW, GetFileAttributesW, GetFullPathNameW, SetFileAttributesW
api-ms-win-core-file-l1-1-1.dll
CreateDirectoryW, GetFileAttributesW, GetFullPathNameW, FindNextFileW, SetEndOfFile, FileTimeToSystemTime, FileTimeToLocalFileTime, CreateFileW, FindFirstFileW, FindClose, WriteFile, GetFileSize, FlushFileBuffers, SetFilePointer, GetFileInformationByHandle, DeleteFileW, SetFileAttributesW
api-ms-win-core-file-l1-2-0.dll
CreateFileW, FileTimeToLocalFileTime, SetEndOfFile, GetFullPathNameW, GetFileAttributesW, CreateDirectoryW, FlushFileBuffers, FindFirstFileW, FindClose, WriteFile, GetFileSize, FindNextFileW, SetFilePointer, GetFileInformationByHandle, DeleteFileW, SetFileAttributesW
api-ms-win-core-file-l1-2-1.dll
SetEndOfFile, CreateDirectoryW, FindFirstFileW, FindClose, FileTimeToLocalFileTime, WriteFile, GetFileSize, FlushFileBuffers, SetFilePointer, GetFileInformationByHandle, DeleteFileW, GetFileAttributesW, GetFullPathNameW, SetFileAttributesW, FindNextFileW, CreateFileW
api-ms-win-core-file-l2-1-1.dll
MoveFileExW, CreateHardLinkW
api-ms-win-core-handle-l1-1-0.dll
DuplicateHandle, CloseHandle
api-ms-win-core-heap-l1-1-0.dll
HeapAlloc, HeapReAlloc, HeapFree, GetProcessHeap
api-ms-win-core-heap-l1-2-0.dll
HeapAlloc, HeapReAlloc, HeapFree, GetProcessHeap
api-ms-win-core-interlocked-l1-1-0.dll
InterlockedCompareExchange, InterlockedExchange
api-ms-win-core-interlocked-l1-1-1.dll
InterlockedExchange, InterlockedCompareExchange
api-ms-win-core-interlocked-l1-2-0.dll
InterlockedCompareExchange, InterlockedExchange
api-ms-win-core-io-l1-1-0.dll
DeviceIoControl, GetOverlappedResult
api-ms-win-core-io-l1-1-1.dll
DeviceIoControl, GetOverlappedResult, CancelIo
api-ms-win-core-libraryloader-l1-1-0.dll
GetProcAddress, FreeLibrary, DisableThreadLibraryCalls, LoadLibraryExA, GetModuleFileNameA, LoadLibraryExW, LoadStringW
api-ms-win-core-libraryloader-l1-1-1.dll
GetProcAddress, GetModuleFileNameA, DisableThreadLibraryCalls
api-ms-win-core-libraryloader-l1-2-0.dll
GetModuleFileNameA, DisableThreadLibraryCalls
api-ms-win-core-localization-l1-1-0.dll
LCMapStringW
api-ms-win-core-localization-l1-1-1.dll
LCMapStringW
api-ms-win-core-localization-l1-2-0.dll
LCMapStringW
api-ms-win-core-localization-l1-2-1.dll
LCMapStringW
api-ms-win-core-localregistry-l1-1-0.dll
RegSetValueExW, RegDeleteTreeW, RegDeleteValueW, RegEnumKeyExW, RegEnumValueW, RegQueryInfoKeyW, RegSetKeySecurity, RegGetKeySecurity, RegCloseKey, RegQueryValueExW, RegCreateKeyExW, RegDeleteKeyExW, RegOpenKeyExW
api-ms-win-core-memory-l1-1-0.dll
MapViewOfFile, UnmapViewOfFile, CreateFileMappingW
api-ms-win-core-memory-l1-1-1.dll
CreateFileMappingW, MapViewOfFile, UnmapViewOfFile
api-ms-win-core-memory-l1-1-2.dll
UnmapViewOfFile, MapViewOfFile, CreateFileMappingW
api-ms-win-core-misc-l1-1-0.dll
lstrlenW, Sleep, LocalFree, lstrcmpiW, lstrlenA, lstrcmpW, FormatMessageW, LocalAlloc
api-ms-win-core-namedpipe-l1-1-0.dll
ConnectNamedPipe, PeekNamedPipe, CreateNamedPipeW, CreatePipe
api-ms-win-core-processenvironment-l1-1-0.dll
ExpandEnvironmentStringsW, GetCommandLineA
api-ms-win-core-processenvironment-l1-1-1.dll
GetCommandLineA
api-ms-win-core-processenvironment-l1-2-0.dll
GetCommandLineA
api-ms-win-core-processthreads-l1-1-0.dll
CreateProcessW, QueueUserAPC, GetCurrentProcess, GetCurrentThreadId, CreateProcessAsUserW, GetExitCodeProcess, CreateThread, OpenThreadToken, GetCurrentThread, ProcessIdToSessionId, SetThreadPriority, GetCurrentProcessId, TerminateProcess
api-ms-win-core-processthreads-l1-1-1.dll
TerminateProcess, GetCurrentThread, OpenThreadToken, ProcessIdToSessionId, QueueUserAPC, GetCurrentProcess, CreateThread, GetExitCodeProcess, GetCurrentThreadId, CreateProcessW, GetCurrentProcessId, IsProcessorFeaturePresent, CreateProcessAsUserW
api-ms-win-core-processthreads-l1-1-2.dll
GetCurrentThreadId, CreateProcessW, GetExitCodeProcess, TerminateProcess, GetCurrentProcessId, GetCurrentThread, OpenThreadToken, ProcessIdToSessionId, QueueUserAPC, CreateThread, GetCurrentProcess
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter
api-ms-win-core-registry-l1-1-0.dll
RegCloseKey, RegOpenKeyExW, RegSetValueExW, RegQueryValueExW, RegDeleteTreeW, RegCreateKeyExW, RegGetKeySecurity, RegSetKeySecurity, RegDeleteKeyExW, RegQueryInfoKeyW, RegEnumKeyExW, RegEnumValueW
api-ms-win-core-string-l1-1-0.dll
WideCharToMultiByte, CompareStringOrdinal, CompareStringW
api-ms-win-core-string-obsolete-l1-1-0.dll
lstrcmpW, lstrlenA, lstrlenW
api-ms-win-core-synch-l1-1-0.dll
InitializeCriticalSection, DeleteCriticalSection, WaitForSingleObjectEx, CreateEventW, InitializeSRWLock, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, ReleaseSRWLockShared, AcquireSRWLockShared, OpenEventW, SetEvent, WaitForMultipleObjectsEx, ReleaseMutex, ResetEvent, LeaveCriticalSection, EnterCriticalSection, OpenProcess, CreateMutexW
api-ms-win-core-synch-l1-1-1.dll
SetEvent, Sleep, WaitForSingleObjectEx, OpenEventW, CreateMutexW, CreateEventW, LeaveCriticalSection, EnterCriticalSection, ReleaseMutex, ResetEvent, WaitForMultipleObjectsEx, InitializeCriticalSection, DeleteCriticalSection, AcquireSRWLockExclusive, ReleaseSRWLockExclusive, InitializeSRWLock
api-ms-win-core-synch-l1-2-0.dll
EnterCriticalSection, CreateMutexW, OpenEventW, ResetEvent, Sleep, SetEvent, WaitForSingleObjectEx, CreateEventW, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, WaitForMultipleObjectsEx, ReleaseMutex, SleepEx
api-ms-win-core-sysinfo-l1-1-0.dll
GetSystemDirectoryW, GetSystemInfo, SystemTimeToFileTime, GetSystemTime, GetTickCount, GetSystemWindowsDirectoryW, GetVersionExW, GetLocalTime, GetSystemTimeAsFileTime
api-ms-win-core-sysinfo-l1-1-1.dll
GetTickCount, GetSystemTimeAsFileTime, GetLocalTime, GetVersionExW, GetSystemWindowsDirectoryW, SystemTimeToFileTime, GetSystemTime, GetSystemDirectoryW, GetSystemInfo
api-ms-win-core-sysinfo-l1-2-0.dll
GetSystemTimeAsFileTime, GetTickCount, GetLocalTime, GetVersionExW, GetSystemWindowsDirectoryW, GetSystemTime, GetSystemDirectoryW, GetSystemInfo
api-ms-win-core-sysinfo-l1-2-1.dll
GetSystemInfo, GetSystemDirectoryW, GetSystemTime, GetSystemWindowsDirectoryW, GetLocalTime, GetTickCount, GetSystemTimeAsFileTime
api-ms-win-core-threadpool-l1-1-0.dll
CreateTimerQueue, DeleteTimerQueueTimer, DeleteTimerQueueEx, CreateTimerQueueTimer, RegisterWaitForSingleObjectEx, UnregisterWaitEx
api-ms-win-core-threadpool-l1-1-1.dll
UnregisterWaitEx, CreateThreadpoolTimer, CloseThreadpoolTimer, WaitForThreadpoolTimerCallbacks, SetThreadpoolTimer, QueueUserWorkItem, RegisterWaitForSingleObjectEx
api-ms-win-core-threadpool-l1-2-0.dll
CloseThreadpoolTimer, WaitForThreadpoolTimerCallbacks, SetThreadpoolTimer, CreateThreadpoolTimer
api-ms-win-core-threadpool-legacy-l1-1-0.dll
UnregisterWaitEx, QueueUserWorkItem
api-ms-win-core-threadpool-private-l1-1-0.dll
RegisterWaitForSingleObjectEx
api-ms-win-core-timezone-l1-1-0.dll
SystemTimeToFileTime, FileTimeToSystemTime
api-ms-win-obsolete-kernelbase-l1-1-0.dll
lstrlenA, LocalFree, lstrlenW, lstrcmpW
api-ms-win-security-base-l1-1-0.dll
DuplicateTokenEx, CheckTokenMembership, AllocateAndInitializeSid, GetTokenInformation, CopySid, GetSecurityDescriptorControl, IsValidSid, MakeSelfRelativeSD, IsValidSecurityDescriptor, GetSecurityDescriptorLength, AdjustTokenPrivileges, PrivilegeCheck, PrivilegedServiceAuditAlarmW, MapGenericMask, AccessCheckAndAuditAlarmW, FreeSid, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, GetSecurityDescriptorDacl, SetSecurityDescriptorControl, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, AddAccessAllowedAceEx, InitializeAcl, GetLengthSid
api-ms-win-security-base-l1-2-0.dll
MapGenericMask, AccessCheckAndAuditAlarmW, GetTokenInformation, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, AddAccessAllowedAceEx, InitializeAcl, DuplicateTokenEx, GetLengthSid
api-ms-win-service-core-l1-1-0.dll
RegisterServiceCtrlHandlerExW, SetServiceStatus
api-ms-win-service-core-l1-1-1.dll
SetServiceStatus, RegisterServiceCtrlHandlerExW
api-ms-win-service-management-l1-1-0.dll
OpenServiceW, OpenSCManagerW, CloseServiceHandle
api-ms-win-service-management-l2-1-0.dll
QueryServiceStatusEx
api-ms-win-service-winsvc-l1-1-0.dll
I_ScSendPnPMessage, I_ScValidatePnPService
cfgmgr32.dll
CM_Locate_DevNodeW, CM_Register_Notification, CM_Unregister_Notification, CM_Get_DevNode_PropertyW, CM_Set_DevNode_PropertyW, CM_Get_DevNode_Registry_PropertyW, CM_Set_DevNode_Registry_PropertyW, CM_Get_Device_ID_ListW, CM_Get_Device_ID_List_SizeW, CM_Get_Depth, CM_Get_DevNode_Status, CM_Set_DevNode_Problem, CM_Get_Class_PropertyW, CM_Get_Device_Interface_PropertyW, CM_Get_Class_Property_Keys, CM_Get_Device_Interface_Property_KeysW, CM_Get_DevNode_Property_Keys, CM_Get_Log_Conf_Priority, CM_Get_Next_Log_Conf, CM_Get_First_Log_Conf, CM_Free_Log_Conf, CM_Free_Log_Conf_Handle, CM_Add_Empty_Log_Conf, CM_Get_Hardware_Profile_InfoW, CM_Set_HW_Prof_FlagsW, CM_Get_HW_Prof_FlagsW, CM_Request_Eject_PC, CM_Is_Dock_Station_Present, CM_Request_Device_EjectW, CM_Disable_DevNode, CM_Query_And_Remove_SubTreeW, CM_Register_Device_Driver, CM_Add_IDW, CM_Get_Device_IDW, CM_Create_DevNodeW, CM_Uninstall_DevNode, CM_Reenumerate_DevNode, CM_Enable_DevNode, CM_Set_Device_Interface_PropertyW, CM_Set_Class_PropertyW, CM_Enumerate_EnumeratorsW, CM_Enumerate_Classes, CM_Get_Device_ID_Size, CM_Get_Sibling, CM_Get_Child, CM_Get_Parent, CM_Modify_Res_Des, CM_Get_Res_Des_Data_Size, CM_Get_Res_Des_Data, CM_Get_Next_Res_Des, CM_Free_Res_Des, CM_Free_Res_Des_Handle, CM_Add_Res_Des, CM_Get_Device_Interface_List_SizeW, CM_Get_Device_Interface_ListW, CM_Get_Device_Interface_AliasW, CM_Delete_Class_Key, CM_Get_Class_NameW, CM_Get_DevNode_Custom_PropertyW, CM_Unregister_Device_InterfaceW, CM_Register_Device_InterfaceW, CM_Open_DevNode_Key, CM_Set_Class_Registry_PropertyW, CM_Get_Class_Registry_PropertyW, CM_Setup_DevNode
devrtl.dll
NdxTableClose, NdxTableSetTypeDefinition, NdxTableOpen, NdxTableGetPropertyValue, NdxTableSetPropertyValue, NdxTableAddObject, NdxTableObjectFromName, NdxTableRemoveObject, NdxTableNextObject, NdxTableGetObjectName, NdxTableFirstObject, DevRtlSetThreadLogToken, DevRtlWriteTextLog
kernel32.dll
MoveFileExW, CreateHardLinkW, DelayLoadFailureHook, WTSGetActiveConsoleSessionId, CancelIo, QueueUserWorkItem, VerifyVersionInfoW, WideCharToMultiByte, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcessId, QueryPerformanceCounter, InterlockedExchange, InitializeCriticalSection, DeleteCriticalSection, SetLastError, GetLastError, CloseHandle, UnregisterWaitEx, RegisterWaitForSingleObjectEx, CreateEventW, LeaveCriticalSection, EnterCriticalSection, lstrlenW, TerminateProcess, GetExitCodeProcess, CheckRemoteDebuggerPresent, WaitForSingleObject, CreateProcessW, FindClose, FindFirstFileW, GetSystemDirectoryW, Sleep, CreateTimerQueueTimer, DeleteTimerQueueTimer, CreateTimerQueue, DeleteTimerQueueEx, GetCurrentThread, LocalFree, CompareStringOrdinal, WaitForSingleObjectEx, QueueUserAPC, DuplicateHandle, GetCurrentProcess, GetCurrentThreadId, SetEvent, OpenEventW, WaitForMultipleObjectsEx, CreateNamedPipeW, GetLogicalDrives, WriteFile, GetOverlappedResult, ConnectNamedPipe, ResetEvent, GetTickCount, OpenProcess, CreateThread, CompareFileTime, ProcessIdToSessionId, SetThreadPriority, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, GetProcAddress, FreeLibrary, InterlockedCompareExchange, LoadLibraryA, lstrcmpiW, CreateMutexW, WaitForMultipleObjects, ReleaseMutex, FileTimeToSystemTime, InterlockedIncrement, GetSystemWindowsDirectoryW, RaiseException, GetModuleFileNameA, lstrlenA, CreateFileW, FlushFileBuffers, SetFilePointer, GetFileAttributesW, GetVersionExW, GetLocalTime, GetFileSize, GetCommandLineA, HeapAlloc, HeapReAlloc, HeapFree, GetProcessHeap, GetSystemTimeAsFileTime, SetEndOfFile, CreateDirectoryW, GetFullPathNameW, SystemTimeToFileTime, lstrcmpW, LoadLibraryExW, ResolveDelayLoadedAPI
msvcrt.dll
DllMain
ntdll.dll
NtSetInformationThread, RtlNtStatusToDosError, RtlDeleteSecurityObject, RtlDestroyHeap, RtlCreateHeap, RtlFreeHeap, RtlReAllocateHeap, RtlAllocateHeap, WinSqmStartSession, WinSqmEndSession, NtClose, WinSqmSetDWORD, RtlInitUnicodeString, RtlHashUnicodeString, VerSetConditionMask, RtlDeleteResource, RtlInitializeResource, EtwUnregisterTraceGuids, EtwRegisterTraceGuidsW, EtwGetTraceLoggerHandle, EtwGetTraceEnableLevel, EtwGetTraceEnableFlags, EtwTraceMessage, RtlNewSecurityObject, RtlCreateAndSetSD, NtOpenThreadToken, RtlImpersonateSelf, RtlAdjustPrivilege, NtPlugPlayControl, RtlUpcaseUnicodeString, EtwEventUnregister, EtwEventRegister, NtGetPlugPlayEvent, RtlUnicodeStringToInteger, RtlGUIDFromString, RtlCultureNameToLCID, RtlInitUnicodeStringEx, RtlReleaseResource, RtlAcquireResourceShared, RtlAcquireResourceExclusive, RtlCmEncodeMemIoResource, RtlIoEncodeMemIoResource, RtlCmDecodeMemIoResource, RtlIoDecodeMemIoResource, RtlPrefixUnicodeString, RtlRandomEx, RtlCompareUnicodeString, RtlFreeUnicodeString, RtlStringFromGUID, NtQuerySystemInformation, NtSetInformationFile, NtQueryInformationFile, EtwEventWrite, NtDuplicateToken, RtlMultiByteToUnicodeN, RtlUnicodeToMultiByteN, RtlNtStatusToDosErrorNoTeb, NtPowerInformation, WinSqmEventEnabled, WinSqmEventWrite, NtSetValueKey, NtQueryValueKey, NtCreateKey, NtOpenKey, RtlFormatCurrentUserKeyPath, RtlGetVersion, RtlPublishWnfStateData, DbgPrintEx, RtlFreeSid, RtlAllocateAndInitializeSid
rpcrt4.dll
UuidCreate, RpcAsyncCompleteCall, RpcRevertToSelf, RpcStringFreeW, UuidToStringW, UuidFromStringW, UuidEqual, I_RpcBindingIsClientLocal, I_RpcMapWin32Status, I_RpcBindingInqLocalClientPID, RpcStringBindingParseW, RpcBindingToStringBindingW, RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcServerUnregisterIfEx, NdrAsyncServerCall, NdrServerCall2, RpcImpersonateClient, I_RpcExceptionFilter, RpcServerInterfaceGroupDeactivate, RpcServerInterfaceGroupCreateW, RpcServerInterfaceGroupActivate, RpcServerInterfaceGroupClose, RpcServerUseProtseqW, RpcServerRegisterIf3, RpcServerInqBindings, RpcEpUnregister, RpcBindingVectorFree, RpcEpRegisterW
spinf.dll
SpInfIsIndirectString, SpInfGetIndirectString
user32.dll
CloseDesktop, DeviceEventWorker, BroadcastSystemMessageExW, CreateDesktopW, CharUpperW, BroadcastSystemMessageW, LoadStringW, CharNextW, CharPrevW
userenv.dll
CreateEnvironmentBlock, UnregisterGPNotification, DestroyEnvironmentBlock, RegisterGPNotification
Export table
PlugPlayServiceMain
ServiceMain
SvchostPushServiceGlobals