LIBRARY ADVAPI32 EXPORTS ; ; Eventlog functions ; CloseEventLog DeregisterEventSource NotifyChangeEventLog GetNumberOfEventLogRecords GetOldestEventLogRecord GetEventLogInformation ClearEventLogW BackupEventLogW OpenEventLogW RegisterEventSourceW OpenBackupEventLogW ReadEventLogW ReportEventW ClearEventLogA BackupEventLogA OpenEventLogA RegisterEventSourceA OpenBackupEventLogA ReadEventLogA ReportEventA ; ; Security functions ; AccessCheck AccessCheckByType AccessCheckByTypeResultList OpenProcessToken OpenThreadToken GetTokenInformation SetTokenInformation AdjustTokenPrivileges AdjustTokenGroups PrivilegeCheck IsValidSid EqualSid GetLengthSid CopySid AreAllAccessesGranted AreAnyAccessesGranted MapGenericMask IsValidAcl InitializeAcl GetAclInformation SetAclInformation AddAce DeleteAce GetAce AddAccessAllowedAce AddAccessAllowedAceEx AddAccessAllowedObjectAce InitializeSecurityDescriptor IsValidSecurityDescriptor GetSecurityDescriptorLength SetSecurityDescriptorControl GetSecurityDescriptorControl SetSecurityDescriptorDacl GetSecurityDescriptorDacl SetSecurityDescriptorSacl GetSecurityDescriptorSacl SetSecurityDescriptorOwner GetSecurityDescriptorOwner SetSecurityDescriptorGroup GetSecurityDescriptorGroup SetSecurityDescriptorRMControl GetSecurityDescriptorRMControl CreatePrivateObjectSecurity CreatePrivateObjectSecurityEx CreatePrivateObjectSecurityWithMultipleInheritance SetPrivateObjectSecurity SetPrivateObjectSecurityEx GetPrivateObjectSecurity DestroyPrivateObjectSecurity ConvertToAutoInheritPrivateObjectSecurity MakeSelfRelativeSD MakeAbsoluteSD MakeAbsoluteSD2 GetSidIdentifierAuthority GetSidSubAuthority GetSidSubAuthorityCount GetKernelObjectSecurity SetKernelObjectSecurity GetFileSecurityA GetFileSecurityW SetFileSecurityA SetFileSecurityW ImpersonateNamedPipeClient ImpersonateSelf RevertToSelf SetThreadToken AccessCheckAndAuditAlarmA AccessCheckAndAuditAlarmW AccessCheckByTypeAndAuditAlarmA AccessCheckByTypeAndAuditAlarmW AccessCheckByTypeResultListAndAuditAlarmA AccessCheckByTypeResultListAndAuditAlarmW AccessCheckByTypeResultListAndAuditAlarmByHandleA AccessCheckByTypeResultListAndAuditAlarmByHandleW ObjectCloseAuditAlarmA ObjectCloseAuditAlarmW ObjectDeleteAuditAlarmA ObjectDeleteAuditAlarmW ObjectOpenAuditAlarmA ObjectOpenAuditAlarmW ObjectPrivilegeAuditAlarmA ObjectPrivilegeAuditAlarmW PrivilegedServiceAuditAlarmA PrivilegedServiceAuditAlarmW AddAccessDeniedAce AddAccessDeniedAceEx AddAccessDeniedObjectAce AddAuditAccessAce AddAuditAccessAceEx AddAuditAccessObjectAce EqualPrefixSid FindFirstFreeAce GetSidLengthRequired InitializeSid AllocateAndInitializeSid FreeSid LookupAccountNameA LookupAccountNameW LookupAccountSidA LookupAccountSidW LookupPrivilegeValueA LookupPrivilegeValueW LookupPrivilegeNameA LookupPrivilegeNameW LookupPrivilegeDisplayNameA LookupPrivilegeDisplayNameW AllocateLocallyUniqueId DuplicateToken DuplicateTokenEx CreateRestrictedToken IsTokenRestricted IsTokenUntrusted CheckTokenMembership GetUserNameW GetUserNameA ConvertSidToStringSidA ConvertSidToStringSidW ConvertStringSidToSidA ConvertStringSidToSidW ConvertStringSecurityDescriptorToSecurityDescriptorA ConvertStringSecurityDescriptorToSecurityDescriptorW ConvertSecurityDescriptorToStringSecurityDescriptorA ConvertSecurityDescriptorToStringSecurityDescriptorW ConvertStringSDToSDRootDomainW ConvertSDToStringSDRootDomainW ConvertStringSDToSDRootDomainA ConvertSDToStringSDRootDomainA ConvertStringSDToSDDomainA ConvertStringSDToSDDomainW ImpersonateAnonymousToken CreateWellKnownSid IsWellKnownSid EqualDomainSid GetWindowsAccountDomainSid MSChapSrvChangePassword MSChapSrvChangePassword2 ; ; Logon functions ; LogonUserA LogonUserW LogonUserExA LogonUserExW ImpersonateLoggedOnUser CreateProcessAsUserA CreateProcessAsUserW ; ; NT Eventlog functions ; ElfCloseEventLog ElfDeregisterEventSource ElfNumberOfRecords ElfOldestRecord ElfChangeNotify ElfClearEventLogFileW ElfClearEventLogFileA ElfBackupEventLogFileW ElfBackupEventLogFileA ElfOpenEventLogW ElfOpenEventLogA ElfRegisterEventSourceW ElfRegisterEventSourceA ElfOpenBackupEventLogW ElfOpenBackupEventLogA ElfReadEventLogW ElfReadEventLogA ElfReportEventW ElfReportEventA ElfFlushEventLog ; ; Service controller functions ; I_ScIsSecurityProcess PRIVATE I_ScPnPGetServiceName PRIVATE I_ScSendTSMessage PRIVATE I_ScSetServiceBitsA I_ScSetServiceBitsW I_ScGetCurrentGroupStateW SetServiceBits ChangeServiceConfigA ChangeServiceConfigW ChangeServiceConfig2A ChangeServiceConfig2W CloseServiceHandle ControlService CreateServiceA CreateServiceW DeleteService EnumDependentServicesA EnumDependentServicesW EnumServiceGroupW EnumServicesStatusA EnumServicesStatusW EnumServicesStatusExA EnumServicesStatusExW GetServiceDisplayNameA GetServiceDisplayNameW GetServiceKeyNameA GetServiceKeyNameW LockServiceDatabase NotifyBootConfigStatus OpenSCManagerA OpenSCManagerW OpenServiceA OpenServiceW QueryServiceConfigA QueryServiceConfigW QueryServiceConfig2A QueryServiceConfig2W QueryServiceLockStatusA QueryServiceLockStatusW QueryServiceObjectSecurity QueryServiceStatus QueryServiceStatusEx RegisterServiceCtrlHandlerA RegisterServiceCtrlHandlerW RegisterServiceCtrlHandlerExA RegisterServiceCtrlHandlerExW SetServiceObjectSecurity SetServiceStatus StartServiceA StartServiceW StartServiceCtrlDispatcherA StartServiceCtrlDispatcherW UnlockServiceDatabase ; ; Lsa functions ; ; ; Exported Public RPC Services ; LsaLookupNames LsaLookupNames2 LsaLookupSids LsaClose LsaDelete LsaFreeMemory LsaClearAuditLog LsaOpenPolicy LsaOpenPolicySce LsaQueryInformationPolicy LsaSetInformationPolicy LsaEnumeratePrivileges LsaLookupPrivilegeValue LsaLookupPrivilegeName LsaLookupPrivilegeDisplayName LsaCreateAccount LsaOpenAccount LsaEnumerateAccounts LsaEnumeratePrivilegesOfAccount LsaAddPrivilegesToAccount LsaRemovePrivilegesFromAccount LsaGetQuotasForAccount LsaSetQuotasForAccount LsaGetSystemAccessAccount LsaSetSystemAccessAccount LsaCreateTrustedDomain LsaOpenTrustedDomain LsaQueryInfoTrustedDomain LsaSetInformationTrustedDomain LsaEnumerateTrustedDomains LsaOpenTrustedDomainByName LsaCreateSecret LsaOpenSecret LsaSetSecret LsaQuerySecret LsaQuerySecurityObject LsaSetSecurityObject LsaEnumerateAccountsWithUserRight LsaEnumerateAccountRights LsaAddAccountRights LsaRemoveAccountRights LsaQueryTrustedDomainInfo LsaSetTrustedDomainInformation LsaDeleteTrustedDomain LsaStorePrivateData LsaRetrievePrivateData LsaNtStatusToWinError LsaGetUserName LsaGetRemoteUserName LsaSetTrustedDomainInfoByName LsaQueryTrustedDomainInfoByName LsaSetTrustedDomainInfoByName LsaEnumerateTrustedDomainsEx LsaCreateTrustedDomainEx LsaQueryDomainInformationPolicy LsaSetDomainInformationPolicy LsaQueryForestTrustInformation LsaSetForestTrustInformation CredWriteW CredReadW CredEnumerateW CredWriteDomainCredentialsW CredReadDomainCredentialsW CredDeleteW CredRenameW CredGetTargetInfoW CredMarshalCredentialW CredUnmarshalCredentialW CredIsMarshaledCredentialW CredWriteA CredReadA CredEnumerateA CredWriteDomainCredentialsA CredReadDomainCredentialsA CredDeleteA CredRenameA CredGetTargetInfoA CredMarshalCredentialA CredUnmarshalCredentialA CredIsMarshaledCredentialA CredFree CredGetSessionTypes CredProfileLoaded PRIVATE CredpConvertTargetInfo PRIVATE CredpConvertCredential PRIVATE CredpEncodeCredential PRIVATE CredpDecodeCredential PRIVATE ; ; Exported Internal RPC Services (used by LSA server acting as client) ; LsaICLookupNames LsaICLookupSids LsaICLookupNamesWithCreds LsaICLookupSidsWithCreds ; ; Encryption functions ; SystemFunction001 SystemFunction002 SystemFunction003 SystemFunction004 SystemFunction005 SystemFunction006 SystemFunction007 SystemFunction008 SystemFunction009 SystemFunction010 SystemFunction011 SystemFunction012 SystemFunction013 SystemFunction016 SystemFunction017 SystemFunction020 SystemFunction021 SystemFunction024 SystemFunction025 SystemFunction014 SystemFunction015 SystemFunction018 SystemFunction019 SystemFunction022 SystemFunction023 SystemFunction026 SystemFunction027 SystemFunction028 SystemFunction029 SystemFunction030 SystemFunction031 SystemFunction032 SystemFunction033 SystemFunction034 SystemFunction035=CheckSignatureInFile PRIVATE SystemFunction036 SystemFunction040 SystemFunction041 ; low level hash functions MD5Init PRIVATE MD5Update PRIVATE MD5Final PRIVATE MD4Init PRIVATE MD4Update PRIVATE MD4Final PRIVATE A_SHAInit PRIVATE A_SHAUpdate PRIVATE A_SHAFinal PRIVATE ; BSafeEncPublic PRIVATE ; BSafeDecPrivate PRIVATE ; deskey PRIVATE ; des PRIVATE ; ; Registry functions ; RegConnectRegistryA RegConnectRegistryW RegDeleteKeyA RegDeleteKeyW RegDeleteValueA RegDeleteValueW RegEnumKeyA RegEnumKeyW RegEnumKeyExA RegEnumKeyExW RegEnumValueA RegEnumValueW RegCreateKeyA RegCreateKeyW RegCreateKeyExA RegCreateKeyExW RegOverridePredefKey RegCloseKey RegFlushKey RegOpenCurrentUser RegOpenKeyA RegOpenKeyW RegOpenKeyExA RegOpenKeyExW RegDisablePredefinedCache RegOpenUserClassesRoot RegNotifyChangeKeyValue RegQueryInfoKeyA RegQueryInfoKeyW RegQueryMultipleValuesA RegQueryMultipleValuesW RegQueryValueA RegQueryValueW RegQueryValueExA RegQueryValueExW RegGetKeySecurity RegSetKeySecurity RegSaveKeyA RegSaveKeyW RegSaveKeyExA RegSaveKeyExW RegRestoreKeyA RegRestoreKeyW RegSetValueA RegSetValueW RegSetValueExA RegSetValueExW RegLoadKeyA RegLoadKeyW RegUnLoadKeyA RegUnLoadKeyW RegReplaceKeyA RegReplaceKeyW InitiateSystemShutdownA InitiateSystemShutdownW InitiateSystemShutdownExA InitiateSystemShutdownExW AbortSystemShutdownA AbortSystemShutdownW IsTextUnicode ; ; Plug-and-Play functions ; GetCurrentHwProfileA GetCurrentHwProfileW ; ; Cryptography APIs ; CryptAcquireContextW CryptAcquireContextA CryptReleaseContext CryptGenKey CryptDeriveKey CryptDestroyKey CryptSetKeyParam CryptGetKeyParam CryptExportKey CryptImportKey CryptEncrypt CryptDecrypt CryptCreateHash CryptHashSessionKey CryptHashData CryptDestroyHash CryptSignHashA CryptSignHashW CryptVerifySignatureA CryptVerifySignatureW CryptGenRandom CryptGetUserKey CryptSetProviderA CryptSetProviderW CryptGetHashParam CryptSetHashParam CryptGetProvParam CryptSetProvParam CryptSetProviderExA CryptSetProviderExW CryptGetDefaultProviderA CryptGetDefaultProviderW CryptEnumProviderTypesA CryptEnumProviderTypesW CryptEnumProvidersA CryptEnumProvidersW CryptContextAddRef CryptDuplicateKey CryptDuplicateHash ; ; Access Control APIs ; GetNamedSecurityInfoW GetNamedSecurityInfoA GetSecurityInfo SetNamedSecurityInfoW SetNamedSecurityInfoA SetSecurityInfo GetInheritanceSourceW GetInheritanceSourceA TreeResetNamedSecurityInfoW TreeResetNamedSecurityInfoA FreeInheritedFromArray SetEntriesInAclW SetEntriesInAclA GetExplicitEntriesFromAclW GetExplicitEntriesFromAclA GetEffectiveRightsFromAclW GetEffectiveRightsFromAclA GetAuditedPermissionsFromAclW GetAuditedPermissionsFromAclA BuildSecurityDescriptorW BuildSecurityDescriptorA LookupSecurityDescriptorPartsW LookupSecurityDescriptorPartsA BuildExplicitAccessWithNameW BuildExplicitAccessWithNameA BuildImpersonateExplicitAccessWithNameW BuildImpersonateExplicitAccessWithNameA BuildTrusteeWithNameW BuildTrusteeWithNameA BuildTrusteeWithObjectsAndNameW BuildTrusteeWithObjectsAndNameA BuildImpersonateTrusteeW BuildImpersonateTrusteeA BuildTrusteeWithObjectsAndSidW BuildTrusteeWithObjectsAndSidA BuildTrusteeWithSidW BuildTrusteeWithSidA GetMultipleTrusteeOperationW GetMultipleTrusteeOperationA GetMultipleTrusteeW GetMultipleTrusteeA GetTrusteeNameW GetTrusteeNameA GetTrusteeTypeW GetTrusteeTypeA GetTrusteeFormA GetTrusteeFormW GetNamedSecurityInfoExA GetNamedSecurityInfoExW SetNamedSecurityInfoExA SetNamedSecurityInfoExW GetSecurityInfoExA GetSecurityInfoExW SetSecurityInfoExA SetSecurityInfoExW ConvertAccessToSecurityDescriptorA ConvertAccessToSecurityDescriptorW ConvertSecurityDescriptorToAccessA ConvertSecurityDescriptorToAccessW ConvertSecurityDescriptorToAccessNamedA ConvertSecurityDescriptorToAccessNamedW SetEntriesInAccessListA SetEntriesInAccessListW SetEntriesInAuditListA SetEntriesInAuditListW TrusteeAccessToObjectA TrusteeAccessToObjectW GetOverlappedAccessResults CancelOverlappedAccess GetAccessPermissionsForObjectA GetAccessPermissionsForObjectW ; ; Encryption Functions ; EncryptFileA EncryptFileW DecryptFileA DecryptFileW FileEncryptionStatusA FileEncryptionStatusW OpenEncryptedFileRawA OpenEncryptedFileRawW ReadEncryptedFileRaw WriteEncryptedFileRaw CloseEncryptedFileRaw ; ; EFS Beta 2 API ; QueryUsersOnEncryptedFile QueryRecoveryAgentsOnEncryptedFile RemoveUsersFromEncryptedFile AddUsersToEncryptedFile SetUserFileEncryptionKey FreeEncryptionCertificateHashList DuplicateEncryptionInfoFile EncryptionDisable EncryptedFileKeyInfo FreeEncryptedFileKeyInfo ; ; Secondary Logon Service entrypoint ; CreateProcessWithLogonW CreateProcessWithTokenW ; ; IntelliMirror software management ; InstallApplication UninstallApplication GetLocalManagedApplications GetLocalManagedApplicationData GetManagedApplications GetManagedApplicationCategories CommandLineFromMsiDescriptor ; ; WMI functions ; WmiOpenBlock PRIVATE WmiCloseBlock PRIVATE WmiQueryAllDataA PRIVATE WmiQueryAllDataW PRIVATE WmiQueryAllDataMultipleA PRIVATE WmiQueryAllDataMultipleW PRIVATE WmiQuerySingleInstanceW PRIVATE WmiQuerySingleInstanceA PRIVATE WmiQuerySingleInstanceMultipleA PRIVATE WmiQuerySingleInstanceMultipleW PRIVATE WmiSetSingleInstanceW PRIVATE WmiSetSingleInstanceA PRIVATE WmiSetSingleItemW PRIVATE WmiSetSingleItemA PRIVATE WmiExecuteMethodA PRIVATE WmiExecuteMethodW PRIVATE WmiNotificationRegistrationA = ntdll.EtwNotificationRegistrationA PRIVATE WmiNotificationRegistrationW = ntdll.EtwNotificationRegistrationW PRIVATE WmiEnumerateGuids PRIVATE WmiReceiveNotificationsA = ntdll.EtwReceiveNotificationsA PRIVATE WmiReceiveNotificationsW = ntdll.EtwReceiveNotificationsW PRIVATE WmiFreeBuffer PRIVATE WmiMofEnumerateResourcesW PRIVATE WmiMofEnumerateResourcesA PRIVATE WmiFileHandleToInstanceNameW PRIVATE WmiFileHandleToInstanceNameA PRIVATE WmiDevInstToInstanceNameW PRIVATE WmiDevInstToInstanceNameA PRIVATE WmiQueryGuidInformation PRIVATE WmiGetFirstTraceOffset PRIVATE WmiGetTraceHeader PRIVATE WmiParseTraceEvent PRIVATE WdmWmiServiceMain PRIVATE WmiGetNextEvent PRIVATE WmiOpenTraceWithCursor PRIVATE WmiCloseTraceWithCursor PRIVATE WmiConvertTimestamp PRIVATE ; ; Tracelog functions ; StartTraceA = ntdll.EtwStartTraceA StartTraceW = ntdll.EtwStartTraceW StopTraceA = ntdll.EtwStopTraceA StopTraceW = ntdll.EtwStopTraceW QueryTraceA = ntdll.EtwQueryTraceA QueryTraceW = ntdll.EtwQueryTraceW UpdateTraceA = ntdll.EtwUpdateTraceA UpdateTraceW = ntdll.EtwUpdateTraceW FlushTraceA = ntdll.EtwFlushTraceA FlushTraceW = ntdll.EtwFlushTraceW ControlTraceA = ntdll.EtwControlTraceA ControlTraceW = ntdll.EtwControlTraceW EnableTrace = ntdll.EtwEnableTrace CreateTraceInstanceId = ntdll.EtwCreateTraceInstanceId TraceEvent = ntdll.EtwTraceEvent TraceEventInstance = ntdll.EtwTraceEventInstance RegisterTraceGuidsA = ntdll.EtwRegisterTraceGuidsA RegisterTraceGuidsW = ntdll.EtwRegisterTraceGuidsW UnregisterTraceGuids = ntdll.EtwUnregisterTraceGuids OpenTraceA OpenTraceW ProcessTrace CloseTrace SetTraceCallback RemoveTraceCallback QueryAllTracesA = ntdll.EtwQueryAllTracesA QueryAllTracesW = ntdll.EtwQueryAllTracesW GetTraceLoggerHandle = ntdll.EtwGetTraceLoggerHandle GetTraceEnableLevel = ntdll.EtwGetTraceEnableLevel GetTraceEnableFlags = ntdll.EtwGetTraceEnableFlags EnumerateTraceGuids = ntdll.EtwEnumerateTraceGuids TraceMessage = ntdll.EtwTraceMessage TraceMessageVa = ntdll.EtwTraceMessageVa ; ; WinSafer Sandboxing APIs ; SaferGetPolicyInformation GetInformationCodeAuthzPolicyW = SaferGetPolicyInformation SaferSetPolicyInformation SetInformationCodeAuthzPolicyW = SaferSetPolicyInformation SaferCreateLevel CreateCodeAuthzLevel = SaferCreateLevel SaferCloseLevel CloseCodeAuthzLevel = SaferCloseLevel SaferIdentifyLevel IdentifyCodeAuthzLevelW = SaferIdentifyLevel SaferComputeTokenFromLevel ComputeAccessTokenFromCodeAuthzLevel = SaferComputeTokenFromLevel SaferGetLevelInformation GetInformationCodeAuthzLevelW = SaferGetLevelInformation SaferSetLevelInformation SetInformationCodeAuthzLevelW = SaferSetLevelInformation SaferRecordEventLogEntry SaferiChangeRegistryScope PRIVATE SaferiSearchMatchingHashRules PRIVATE SaferiReplaceProcessThreadTokens PRIVATE SaferiIsExecutableFileType SaferiCompareTokenLevels PRIVATE SaferiRecordEventLogEntry = SaferRecordEventLogEntry PRIVATE SaferiPopulateDefaultsInRegistry PRIVATE ; ; IdleTask APIs ; RegisterIdleTask PRIVATE UnregisterIdleTask PRIVATE ProcessIdleTasks PRIVATE ; ; Generic Wow64 entry to control functionality. ; Wow64Win32ApiEntry