Windows 8 DLL File Information

Windows 8 DLL File Information - wevtsvc.dll

The following DLL report was generated by automatic DLL script that scanned and loaded all DLL files in the system32 directory of Windows 8, extracted the information from them, and then saved it into HTML reports. If you want to view a report of another DLL, go to the main page of this Web site.

General Information

File Description:	Event Logging Service
File Version:	6.2.9200.16384 (win8_rtm.120725-1247)
Company:	Microsoft Corporation
Product Name:	Microsoft® Windows® Operating System
DLL popularity	Very Low - There is no any other DLL in system32 directory that is statically linked to this file.
File Size:	1,340 KB
Total Number of Exported Functions:	2
Total Number of Exported Functions With Names:	2

Section Headers

Name	Virtual Address	Raw Data Size	% of File	Characteristics	Section Contains...
.text	0x00001000	1,187,840 Bytes	86.5%	Read, Execute	Code
.data	0x00123000	91,136 Bytes	6.6%	Write, Read	Initialized Data
.idata	0x0013b000	12,800 Bytes	0.9%	Read	Initialized Data
.rsrc	0x0013f000	15,360 Bytes	1.1%	Read	Initialized Data
.reloc	0x00143000	64,512 Bytes	4.7%	Read, Discardable	Initialized Data

Static Linking

This means that when wevtsvc.dll is loaded, the above files are automatically loaded too. If one of these files is corrupted or missing, wevtsvc.dll won't be loaded.

General Resources Information

Resource Type	Number of Items	Total Size	% of File
Icons	0	0 Bytes	0.0%
Animated Icons	0	0 Bytes	0.0%
Cursors	0	0 Bytes	0.0%
Animated Cursors	0	0 Bytes	0.0%
Bitmaps	0	0 Bytes	0.0%
AVI Files	0	0 Bytes	0.0%
Dialog-Boxes	0	0 Bytes	0.0%
HTML Related Files	0	0 Bytes	0.0%
Menus	0	0 Bytes	0.0%
Strings	2	658 Bytes	0.0%
Type Libraries	0	0 Bytes	0.0%
Manifest	0	0 Bytes	0.0%
All Others	4	22,846 Bytes	1.7%
Total	6	23,504 Bytes	1.7%

Icons in this file

No icons found in this file

Cursors in this file

No cursors found in this file

Dialog-boxes list (up to 200 dialogs)

No dialog resources in this file.

String resources in this dll (up to 200 strings)

String ID	String Text
200	Windows Event Log
201	This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system.

COM Classes/Interfaces

There is no type library in this file with COM classes/interfaces information

Exported Functions List

The following functions are exported by this dll:

ServiceMain

SvchostPushServiceGlobals

Imported Functions List

The following functions are imported by this dll:

msvcrt.dll:

_CxxThrowException

_HUGE

_XcptFilter

__CxxFrameHandler

__dllonexit

_amsg_exit

_errno

_except_handler4_common

_ftol2

_gcvt

_i64tow

_initterm

_itow

_itow_s

_lock

_ltow

_onexit

_purecall

_strnicmp

_ui64tow

_ultow

_unlock

_vsnprintf

_vsnwprintf

_wcsicmp

_wcsnicmp

_wcstoi64

_wcstoui64

_wfopen

_wsplitpath_s

_wtof

_wtoi

_wtoi64

_wtol

bsearch

fclose

fgetws

floor

free

iswalnum

iswalpha

iswdigit

iswspace

malloc

memcmp

memcpy

memcpy_s

memmove_s

memset

public: __thiscall exception::exception(char const * const &)

public: __thiscall exception::exception(class exception const &)

public: __thiscall exception::exception(void)

public: virtual __thiscall exception::~exception(void)

public: virtual __thiscall type_info::~type_info(void)

public: virtual char const * __thiscall exception::what(void)const

qsort

strncmp

swprintf_s

swscanf

swscanf_s

towupper

void __cdecl terminate(void)

wcschr

wcscpy_s

wcsncat_s

wcsncmp

wcsncpy_s

wcspbrk

wcsrchr

wcsstr

wcstod

wcstok

wcstol

wcstoul

ntdll.dll:

EtwEventRegister	EtwEventUnregister
EtwEventWrite	EtwGetTraceEnableFlags
EtwGetTraceEnableLevel	EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW	EtwTraceMessage
EtwUnregisterTraceGuids	NtClose
NtDeleteFile	NtDuplicateObject
NtEnumerateKey	NtOpenKey
NtOpenProcess	NtQueryAttributesFile
NtQuerySystemInformation	NtQuerySystemTime
NtQueryVolumeInformationFile	NtReadFile
NtWriteFile	RtlAcquireResourceExclusive
RtlAcquireResourceShared	RtlAcquireSRWLockExclusive
RtlAcquireSRWLockShared	RtlAllocateHeap
RtlAnsiStringToUnicodeString	RtlCompareMemory
RtlComputeCrc32	RtlCopySecurityDescriptor
RtlCopyUnicodeString	RtlCreateHeap
RtlDeleteCriticalSection	RtlDeleteElementGenericTableAvl
RtlDeleteResource	RtlDeleteSecurityObject
RtlDosPathNameToNtPathName_U	RtlEnterCriticalSection
RtlEnumerateGenericTableAvl	RtlEthernetAddressToStringW
RtlFreeAnsiString	RtlFreeAnsiString
RtlFreeHeap	RtlGetLastNtStatus
RtlGetVersion	RtlInitUnicodeString
RtlInitializeCriticalSection	RtlInitializeGenericTableAvl
RtlInitializeResource	RtlInsertElementGenericTableAvl
RtlIpv4AddressToStringExW	RtlIpv6AddressToStringExW
RtlIpv6AddressToStringW	RtlLeaveCriticalSection
RtlLengthSid	RtlLookupElementGenericTableAvl
RtlNtStatusToDosError	RtlNtStatusToDosErrorNoTeb
RtlReleaseResource	RtlReleaseSRWLockExclusive
RtlReleaseSRWLockShared	RtlRestoreLastWin32Error
RtlSecondsSince1970ToTime	RtlSetLastWin32ErrorAndNtStatusFromNtStatus
RtlTimeToSecondsSince1970	RtlUnicodeStringToAnsiString

api-ms-win-core-errorhandling-l1-1-1.dll:

KernelBase!GetLastError KernelBase!SetUnhandledExceptionFilter KernelBase!UnhandledExceptionFilter
ntdll!RtlRestoreLastWin32Error

api-ms-win-core-registry-l1-1-0.dll:

KernelBase!RegCloseKey	KernelBase!RegCreateKeyExW	KernelBase!RegDeleteKeyExW
KernelBase!RegDeleteValueW	KernelBase!RegEnumKeyExW	KernelBase!RegGetKeySecurity
KernelBase!RegGetValueW	KernelBase!RegNotifyChangeKeyValue	KernelBase!RegOpenKeyExW
KernelBase!RegQueryInfoKeyW	KernelBase!RegQueryValueExW	KernelBase!RegSetValueExW

api-ms-win-core-synch-l1-2-0.dll:

KernelBase!CancelWaitableTimer	KernelBase!CreateEventW
KernelBase!CreateWaitableTimerExW	KernelBase!InitializeCriticalSectionAndSpinCount
KernelBase!OpenEventW	KernelBase!ResetEvent
KernelBase!SetEvent	KernelBase!SetWaitableTimer
KernelBase!Sleep	KernelBase!SleepConditionVariableCS
KernelBase!WaitForMultipleObjectsEx	KernelBase!WaitForSingleObject
ntdll!RtlAcquireSRWLockExclusive	ntdll!RtlAcquireSRWLockShared
ntdll!RtlDeleteCriticalSection	ntdll!RtlEnterCriticalSection
ntdll!RtlInitializeConditionVariable	ntdll!RtlInitializeConditionVariable
ntdll!RtlInitializeCriticalSection	ntdll!RtlLeaveCriticalSection
ntdll!RtlReleaseSRWLockExclusive	ntdll!RtlReleaseSRWLockShared
ntdll!RtlWakeAllConditionVariable

api-ms-win-core-handle-l1-1-0.dll:

KernelBase!CloseHandle

RPCRT4.dll:

I_RpcBindingInqLocalClientPID	I_RpcBindingIsClientLocal	I_RpcMapWin32Status
I_RpcSessionStrictContextHandle	NdrAsyncServerCall	NdrServerCall2
RpcAsyncCompleteCall	RpcBindingToStringBindingW	RpcBindingVectorFree
RpcEpRegisterW	RpcEpUnregister	RpcImpersonateClient
RpcRevertToSelf	RpcRevertToSelfEx	RpcServerInqBindings
RpcServerRegisterAuthInfoW	RpcServerRegisterIf3	RpcServerRegisterIfEx
RpcServerSubscribeForNotification	RpcServerUnregisterIfEx	RpcServerUnsubscribeForNotification
RpcServerUseProtseqEpW	RpcServerUseProtseqExW	RpcStringBindingParseW
RpcStringFreeW	UuidCreate	UuidFromStringW
UuidToStringW

api-ms-win-security-base-l1-2-0.dll:

KernelBase!AccessCheck	KernelBase!AccessCheckAndAuditAlarmW	KernelBase!AddAce
KernelBase!AdjustTokenPrivileges	KernelBase!AllocateAndInitializeSid	KernelBase!CheckTokenMembershipEx
KernelBase!CopySid	KernelBase!CreateWellKnownSid	KernelBase!FreeSid
KernelBase!GetAce	KernelBase!GetAclInformation	KernelBase!GetLengthSid
KernelBase!GetSecurityDescriptorControl	KernelBase!GetSecurityDescriptorDacl	KernelBase!GetSecurityDescriptorGroup
KernelBase!GetSecurityDescriptorLength	KernelBase!GetSecurityDescriptorOwner	KernelBase!GetSecurityDescriptorSacl
KernelBase!GetTokenInformation	KernelBase!InitializeAcl	KernelBase!InitializeSecurityDescriptor
KernelBase!IsValidAcl	KernelBase!IsValidSecurityDescriptor	KernelBase!IsValidSid
KernelBase!IsWellKnownSid	KernelBase!MakeSelfRelativeSD	KernelBase!MapGenericMask
KernelBase!PrivilegeCheck	KernelBase!SetSecurityDescriptorDacl	KernelBase!SetSecurityDescriptorGroup
KernelBase!SetSecurityDescriptorOwner	KernelBase!SetSecurityDescriptorSacl

api-ms-win-core-heap-l1-2-0.dll:

KernelBase!GetProcessHeap ntdll!RtlAllocateHeap ntdll!RtlFreeHeap
api-ms-win-core-interlocked-l1-2-0.dll:

KernelBase!InterlockedCompareExchange KernelBase!InterlockedDecrement KernelBase!InterlockedExchange
KernelBase!InterlockedIncrement

api-ms-win-core-libraryloader-l1-1-1.dll:

KernelBase!FindResourceExW	KernelBase!FreeLibrary	KernelBase!FreeResource	KernelBase!GetModuleFileNameW
KernelBase!GetModuleHandleExW	KernelBase!GetProcAddress	KernelBase!LoadLibraryExW	KernelBase!LoadResource
KernelBase!LockResource	KernelBase!SizeofResource

api-ms-win-core-processthreads-l1-1-1.dll:

KernelBase!OpenProcessToken	KernelBase!OpenThreadToken	KernelBase!SetThreadToken	kernel32!CreateThread
kernel32!GetCurrentProcess	kernel32!GetCurrentProcessId	kernel32!GetCurrentThread	kernel32!GetCurrentThreadId
kernel32!TerminateProcess	kernel32!TlsAlloc	kernel32!TlsFree	kernel32!TlsGetValue
kernel32!TlsSetValue

api-ms-win-core-file-l2-1-0.dll:

KernelBase!MoveFileExW

api-ms-win-core-threadpool-l1-2-0.dll:

KernelBase!CreateThreadpoolCleanupGroup	KernelBase!CreateThreadpoolTimer	KernelBase!CreateThreadpoolWait
KernelBase!CreateThreadpoolWork	ntdll!TpCallbackUnloadDllOnCompletion	ntdll!TpPostWork
ntdll!TpReleaseCleanupGroup	ntdll!TpReleaseCleanupGroupMembers	ntdll!TpReleaseTimer
ntdll!TpReleaseWait	ntdll!TpReleaseWork	ntdll!TpSetTimer
ntdll!TpSetWait	ntdll!TpWaitForTimer	ntdll!TpWaitForWait

api-ms-win-core-sysinfo-l1-2-0.dll:

KernelBase!GetComputerNameExW	KernelBase!GetLocalTime	KernelBase!GetOsSafeBootMode
KernelBase!GetSystemInfo	KernelBase!GetSystemTime	KernelBase!GetSystemTimeAsFileTime
KernelBase!GetTickCount	KernelBase!GetTickCount64	KernelBase!GetVersionExW
KernelBase!GlobalMemoryStatusEx

api-ms-win-core-processenvironment-l1-2-0.dll:

KernelBase!ExpandEnvironmentStringsW KernelBase!GetCurrentDirectoryW KernelBase!GetEnvironmentVariableW
KernelBase!SearchPathW

api-ms-win-core-file-l1-2-0.dll:

KernelBase!CompareFileTime	KernelBase!CreateDirectoryW	KernelBase!CreateFileW
KernelBase!DeleteFileW	KernelBase!FileTimeToLocalFileTime	KernelBase!FlushFileBuffers
KernelBase!GetDiskFreeSpaceExW	KernelBase!GetFileAttributesExW	KernelBase!GetFileAttributesW
KernelBase!GetFileInformationByHandle	KernelBase!GetFileSize	KernelBase!GetFileSizeEx
KernelBase!GetTempFileNameW	KernelBase!GetTempPathW	KernelBase!LocalFileTimeToFileTime
KernelBase!ReadFile	KernelBase!SetEndOfFile	KernelBase!SetFilePointer
KernelBase!SetFilePointerEx	KernelBase!WriteFile

api-ms-win-core-memory-l1-1-1.dll:

KernelBase!CreateFileMappingW KernelBase!MapViewOfFile KernelBase!UnmapViewOfFile
api-ms-win-eventing-consumer-l1-1-0.dll:

KernelBase!CloseTrace KernelBase!OpenTraceW KernelBase!ProcessTrace

api-ms-win-core-localization-l1-2-0.dll:

KernelBase!FormatMessageW	KernelBase!GetSystemDefaultLangID
KernelBase!GetThreadLocale	KernelBase!GetThreadPreferredUILanguages
KernelBase!GetThreadUILanguage	KernelBase!SetThreadPreferredUILanguages
KernelBase!SetThreadUILanguage

api-ms-win-eventing-controller-l1-1-0.dll:

KernelBase!ControlTraceW KernelBase!EnableTraceEx2 KernelBase!StartTraceW
api-ms-win-core-debug-l1-1-1.dll:

KernelBase!DebugBreak KernelBase!OutputDebugStringA KernelBase!OutputDebugStringW
api-ms-win-core-profile-l1-1-0.dll:

ntdll!RtlQueryPerformanceCounter
api-ms-win-core-timezone-l1-1-0.dll:

KernelBase!FileTimeToSystemTime KernelBase!GetTimeZoneInformation
KernelBase!SystemTimeToFileTime KernelBase!SystemTimeToTzSpecificLocalTime
api-ms-win-core-string-l1-1-0.dll:

KernelBase!MultiByteToWideChar KernelBase!WideCharToMultiByte
api-ms-win-eventing-provider-l1-1-0.dll:

ntdll!EtwEventWrite
api-ms-win-core-version-l1-1-0.dll:

KernelBase!GetFileVersionInfoExW KernelBase!GetFileVersionInfoSizeExW KernelBase!VerQueryValueW
api-ms-win-core-datetime-l1-1-1.dll:

KernelBase!GetDateFormatW KernelBase!GetTimeFormatW
api-ms-win-core-heap-obsolete-l1-1-0.dll:

kernel32!LocalAlloc kernel32!LocalFree
api-ms-win-core-atoms-l1-1-0.dll:

kernel32!AddAtomA kernel32!DeleteAtom kernel32!FindAtomA kernel32!InitAtomTable
api-ms-win-core-threadpool-legacy-l1-1-0.dll:

KernelBase!UnregisterWaitEx
api-ms-win-core-kernel32-legacy-l1-1-0.dll:

kernel32!GetComputerNameW kernel32!PulseEvent
api-ms-win-core-threadpool-private-l1-1-0.dll:

KernelBase!RegisterWaitForSingleObjectEx
api-ms-win-security-grouppolicy-l1-1-0.dll:

KernelBase!RegisterGPNotificationInternal KernelBase!UnregisterGPNotificationInternal
api-ms-win-core-delayload-l1-1-1.dll:

kernel32!DelayLoadFailureHook ntdll!LdrResolveDelayLoadedAPI

KernelBase!GetLastError	KernelBase!SetUnhandledExceptionFilter	KernelBase!UnhandledExceptionFilter
ntdll!RtlRestoreLastWin32Error

KernelBase!InterlockedCompareExchange	KernelBase!InterlockedDecrement	KernelBase!InterlockedExchange
KernelBase!InterlockedIncrement

KernelBase!ExpandEnvironmentStringsW	KernelBase!GetCurrentDirectoryW	KernelBase!GetEnvironmentVariableW
KernelBase!SearchPathW

KernelBase!FileTimeToSystemTime	KernelBase!GetTimeZoneInformation
KernelBase!SystemTimeToFileTime	KernelBase!SystemTimeToTzSpecificLocalTime