PDB Symbols - werdiagcontroller.dll (0x43BFEAB95FF95C64E5845CB18057DE6BDF3F3F00320B66715C29B12E061DC75F)

Generated by JEB on 2019/08/01

PE: C:\Windows\System32\werdiagcontroller.dll Base=0x180000000 SHA-256=43BFEAB95FF95C64E5845CB18057DE6BDF3F3F00320B66715C29B12E061DC75F
PDB: WerDiagController.pdb GUID={3A4BF0E6-D122-C0EC-7529229836387BFB} Age=1

400 located named symbols:
0x180006B80: "WERDIAG: Failed getting current " ??_C@_0EE@EEBPLNPL@WERDIAG?3?5Failed?5getting?5current?5@
0x180006C68: "WERDIAG: Handle to registry key " ??_C@_0CJ@FMOFOFDL@WERDIAG?3?5Handle?5to?5registry?5key?5@
0x180008B60: "WERDIAG: Failed creating event. " ??_C@_0DD@KOBKGCKE@WERDIAG?3?5Failed?5creating?5event?4?5@
0x18000565C: "__cdecl _raise_securityfailure" __raise_securityfailure
0x180006150: api-ms-win-core-file-l1-1-0_NULL_THUNK_DATA
0x1800012F4: "private: long __cdecl CAutoVerifierSettingsEngine::DisableHKCULookupForIFEO(void) __ptr64" ?DisableHKCULookupForIFEO@CAutoVerifierSettingsEngine@@AEAAJXZ
0x180008700: "WERDIAG: Session settings and/or" ??_C@_0FI@MPFOAJHE@WERDIAG?3?5Session?5settings?5and?1or@
0x180003378: "private: long __cdecl CFDRShim::GetNextToken(unsigned short * __ptr64 * __ptr64,unsigned short,unsigned short * __ptr64 * __ptr64) __ptr64" ?GetNextToken@CFDRShim@@AEAAJPEAPEAGG0@Z
0x180005470: "__cdecl FindPESection" _FindPESection
0x180007C70: "WERDIAG: GetTraceEnableLevel fai" ??_C@_0CF@NDMLEAEL@WERDIAG?3?5GetTraceEnableLevel?5fai@
0x180002840: "long __cdecl StringCchCatW(unsigned short * __ptr64,unsigned __int64,unsigned short const * __ptr64)" ?StringCchCatW@@YAJPEAG_KPEBG@Z
0x180006348: "__cdecl _imp_RtlFreeUnicodeString" __imp_RtlFreeUnicodeString
0x180008860: "WERDIAG: UtilRemoveAppCompatLaye" ??_C@_0EB@OMKLCPJ@WERDIAG?3?5UtilRemoveAppCompatLaye@
0x18000970C: "__cdecl _IMPORT_DESCRIPTOR_ntdll" __IMPORT_DESCRIPTOR_ntdll
0x180006B00: "WERDIAG: NtAlpcSendWaitReceivePo" ??_C@_0DL@IEPELCDM@WERDIAG?3?5NtAlpcSendWaitReceivePo@
0x1800074B0: "WERDIAG: AppRecorder: Failed to " ??_C@_0FB@FBPPELHC@WERDIAG?3?5AppRecorder?3?5Failed?5to?5@
0x18000B060: "__cdecl _security_cookie_complement" __security_cookie_complement
0x180007460: "WERDIAG: AppRecorder: Failed to " ??_C@_0EG@JFAKAIKK@WERDIAG?3?5AppRecorder?3?5Failed?5to?5@
0x180001008: "int __cdecl _DllMain(struct HINSTANCE__ * __ptr64,unsigned long,void * __ptr64)" ?_DllMain@@YAHPEAUHINSTANCE__@@KPEAX@Z
0x1800061A8: "__cdecl _imp_GetProcessId" __imp_GetProcessId
0x180004F2C: "__cdecl CRT_INIT" _CRT_INIT
0x180006810: "\Registry\Machine\Software\Micro" ??_C@_1IK@GAEPMIEL@?$AA?2?$AAR?$AAe?$AAg?$AAi?$AAs?$AAt?$AAr?$AAy?$AA?2?$AAM?$AAa?$AAc?$AAh?$AAi?$AAn?$AAe?$AA?2?$AAS?$AAo?$AAf?$AAt?$AAw?$AAa?$AAr?$AAe?$AA?2?$AAM?$AAi?$AAc?$AAr?$AAo@
0x180006198: "__cdecl _imp_GetCurrentThreadId" __imp_GetCurrentThreadId
0x180006350: "__cdecl _imp_RtlInitUnicodeString" __imp_RtlInitUnicodeString
0x1800058E0: "__cdecl guard_dispatch_icall_nop" _guard_dispatch_icall_nop
0x180006148: "__cdecl _imp_CreateFileW" __imp_CreateFileW
0x18000B604: "int g_bAppRecorderEnabled" ?g_bAppRecorderEnabled@@3HA
0x180006AB0: "WERDIAG: NtAlpcConnectPort timed" ??_C@_0EL@BKPJGBOM@WERDIAG?3?5NtAlpcConnectPort?5timed@
0x180006360: "__cdecl _imp_ZwUpdateWnfStateData" __imp_ZwUpdateWnfStateData
0x180003EF8: "private: long __cdecl CFDRShim::DeleteFDRSessionSettings(void) __ptr64" ?DeleteFDRSessionSettings@CFDRShim@@AEAAJXZ
0x1800063C8: "__cdecl _imp_LdrGetDllHandle" __imp_LdrGetDllHandle
0x180006188: "__cdecl _imp_ReadProcessMemory" __imp_ReadProcessMemory
0x1800062C0: "__cdecl _imp_isspace" __imp_isspace
0x1800062A8: "__cdecl _imp_EnableTrace" __imp_EnableTrace
0x180007C48: "WERDIAG: GetTraceLoggerHandle fa" ??_C@_0CG@GKFLHCIE@WERDIAG?3?5GetTraceLoggerHandle?5fa@
0x180009770: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-file-l1-2-0" __IMPORT_DESCRIPTOR_api-ms-win-core-file-l1-2-0
0x180009784: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-file-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-file-l1-1-0
0x180009798: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-eventing-classicprovider-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-eventing-classicprovider-l1-1-0
0x180008E08: "WERDIAG: Failed writing to value" ??_C@_0DE@GDLGFPMP@WERDIAG?3?5Failed?5writing?5to?5value@
0x180007AA0: "WERDIAG: AppRecorder: Failed to " ??_C@_0FC@LBGBNHPD@WERDIAG?3?5AppRecorder?3?5Failed?5to?5@
0x180006970: "WERDIAG: NtQuerySysInfo(ErrorPor" ??_C@_0ED@NOAKECLK@WERDIAG?3?5NtQuerySysInfo?$CIErrorPor@
0x1800062B8: "__cdecl _imp_wcschr" __imp_wcschr
0x180004AF4: "long __cdecl PluginsNtGetProcessExeName(unsigned short * __ptr64,unsigned long)" ?PluginsNtGetProcessExeName@@YAJPEAGK@Z
0x180006208: "__cdecl _imp_SetEvent" __imp_SetEvent
0x180006C98: "WERDIAG: Failed getting process " ??_C@_0DG@EDIPMNO@WERDIAG?3?5Failed?5getting?5process?5@
0x1800080C0: "WERDIAG: StartTrace failed for t" ??_C@_0EJ@COCJMGPN@WERDIAG?3?5StartTrace?5failed?5for?5t@
0x1800065A0: "WERDIAG: Stopping Autoverifier " ??_C@_0CA@HDFIHAHG@WERDIAG?3?5Stopping?5Autoverifier?6?$AA@
0x1800073D0: "WER" ??_C@_17PLKPIGLP@?$AAW?$AAE?$AAR?$AA?$AA@
0x180007150: "\KernelObjects\SystemErrorPortRe" ??_C@_1EI@MEPMEHFB@?$AA?2?$AAK?$AAe?$AAr?$AAn?$AAe?$AAl?$AAO?$AAb?$AAj?$AAe?$AAc?$AAt?$AAs?$AA?2?$AAS?$AAy?$AAs?$AAt?$AAe?$AAm?$AAE?$AAr?$AAr?$AAo?$AAr?$AAP?$AAo?$AAr?$AAt?$AAR?$AAe@
0x180007060: "VerifierForceNormalHeap" ??_C@_0BI@JKMNEFMD@VerifierForceNormalHeap?$AA@
0x180006448: "__cdecl _guard_dispatch_icall_fptr" __guard_dispatch_icall_fptr
0x1800065E0: "WERDIAG: AutoVerifier: Failed ge" ??_C@_0FC@MGDBDOEO@WERDIAG?3?5AutoVerifier?3?5Failed?5ge@
0x180006320: "__cdecl _imp__wcsnicmp" __imp__wcsnicmp
0x180006580: "WERDIAG: FDR will be enabled " ??_C@_0BO@IHAKIJFM@WERDIAG?3?5FDR?5will?5be?5enabled?6?$AA@
0x180008760: "Software\Microsoft\Windows\Windo" ??_C@_1JM@DIGPLEBL@?$AAS?$AAo?$AAf?$AAt?$AAw?$AAa?$AAr?$AAe?$AA?2?$AAM?$AAi?$AAc?$AAr?$AAo?$AAs?$AAo?$AAf?$AAt?$AA?2?$AAW?$AAi?$AAn?$AAd?$AAo?$AAw?$AAs?$AA?2?$AAW?$AAi?$AAn?$AAd?$AAo@
0x1800062A0: api-ms-win-eventing-controller-l1-1-0_NULL_THUNK_DATA
0x1800085C0: "WERDIAG: Log file size was not s" ??_C@_0EH@GPGCKOFJ@WERDIAG?3?5Log?5file?5size?5was?5not?5s@
0x180007BC0: "WERDIAG: Invalid params " ??_C@_0BJ@BLEGKAAL@WERDIAG?3?5Invalid?5params?6?$AA@
0x180005452: "__cdecl XcptFilter" _XcptFilter
0x180006450: "__cdecl _xc_a" __xc_a
0x180006790: "WERDIAG: AutoVerifier: could not" ??_C@_0EE@PMEAPLPJ@WERDIAG?3?5AutoVerifier?3?5could?5not@
0x1800061A0: "__cdecl _imp_CreateProcessW" __imp_CreateProcessW
0x1800068D8: "ErrorPort" ??_C@_1BE@HKHCPGCA@?$AAE?$AAr?$AAr?$AAo?$AAr?$AAP?$AAo?$AAr?$AAt?$AA?$AA@
0x1800067D8: "WERDIAG: AutoVerifier: Enabled f" ??_C@_0CJ@PBMPBOJO@WERDIAG?3?5AutoVerifier?3?5Enabled?5f@
0x1800081F0: "WERDIAG: Invalid args " ??_C@_0BH@MDKABLNN@WERDIAG?3?5Invalid?5args?6?$AA@
0x1800097C0: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-eventing-legacy-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-eventing-legacy-l1-1-0
0x180006930: "WERDIAG: SignalStartWerSvc faile" ??_C@_0DC@NKDLPANJ@WERDIAG?3?5SignalStartWerSvc?5faile@
0x18000BA28: "union _LARGE_INTEGER g_liActiveTimeMicroseconds" ?g_liActiveTimeMicroseconds@@3T_LARGE_INTEGER@@A
0x180008C60: "WERDIAG: Invalid parameters " ??_C@_0BN@CLKFJAOC@WERDIAG?3?5Invalid?5parameters?6?$AA@
0x180006428: "__cdecl _imp_LdrDisableThreadCalloutsForDll" __imp_LdrDisableThreadCalloutsForDll
0x180008470: "WERDIAG: Failed extracting next " ??_C@_0EL@IAAGAHKA@WERDIAG?3?5Failed?5extracting?5next?5@
0x180006418: "__cdecl _imp_NtSetValueKey" __imp_NtSetValueKey
0x1800075B0: "\psr.exe" ??_C@_1BC@LDDMEKAN@?$AA?2?$AAp?$AAs?$AAr?$AA?4?$AAe?$AAx?$AAe?$AA?$AA@
0x180008158: "WERDIAG: Invalid args: The pair " ??_C@_0DH@BHNNBGMJ@WERDIAG?3?5Invalid?5args?3?5The?5pair?5@
0x180006140: "__cdecl _imp_DeleteFileW" __imp_DeleteFileW
0x180002E44: "public: long __cdecl CFDRShim::EnableLogProviders(void) __ptr64" ?EnableLogProviders@CFDRShim@@QEAAJXZ
0x1800058AD: memcpy
0x180006E90: "\Registry\Machine\SYSTEM\Current" ??_C@_1IG@EPMAHCPK@?$AA?2?$AAR?$AAe?$AAg?$AAi?$AAs?$AAt?$AAr?$AAy?$AA?2?$AAM?$AAa?$AAc?$AAh?$AAi?$AAn?$AAe?$AA?2?$AAS?$AAY?$AAS?$AAT?$AAE?$AAM?$AA?2?$AAC?$AAu?$AAr?$AAr?$AAe?$AAn?$AAt@
0x180007198: "struct _GUID const `long __cdecl SignalStartWerSvc(void)'::`2'::WerSvcTriggerGuid" ?WerSvcTriggerGuid@?1??SignalStartWerSvc@@YAJXZ@4U_GUID@@B
0x180006138: "__cdecl _imp_GetTempFileNameW" __imp_GetTempFileNameW
0x180006328: "__cdecl _imp_memset" __imp_memset
0x180006210: "__cdecl _imp_CreateEventW" __imp_CreateEventW
0x180006160: api-ms-win-core-file-l1-2-0_NULL_THUNK_DATA
0x18000562F: "__cdecl initterm" _initterm
0x180006378: "__cdecl _imp_NtWaitForSingleObject" __imp_NtWaitForSingleObject
0x1800084C0: "WERDIAG: Failed extracting next " ??_C@_0EM@IOAADNLN@WERDIAG?3?5Failed?5extracting?5next?5@
0x1800096D0: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-sysinfo-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-sysinfo-l1-1-0
0x1800082C0: "WERDIAG: Invalid arguments: Stri" ??_C@_0DK@DHNKNCHI@WERDIAG?3?5Invalid?5arguments?3?5Stri@
0x18000BA80: "__cdecl _dyn_tls_init_callback" __dyn_tls_init_callback
0x180006228: "__cdecl _imp_Sleep" __imp_Sleep
0x180006470: "__cdecl _xi_z" __xi_z
0x180006128: "__cdecl _imp_UnhandledExceptionFilter" __imp_UnhandledExceptionFilter
0x18000563B: "__cdecl _C_specific_handler" __C_specific_handler
0x1800064D0: "Flags" ??_C@_1M@OAJFFPML@?$AAF?$AAl?$AAa?$AAg?$AAs?$AA?$AA@
0x180006FA0: "WERDIAG: Thread failed to wait f" ??_C@_0FP@NECKFPIA@WERDIAG?3?5Thread?5failed?5to?5wait?5f@
0x180006E20: "WERDIAG: Failed deleting autovef" ??_C@_0EC@JICBGDF@WERDIAG?3?5Failed?5deleting?5autovef@
0x1800040F0: "long __cdecl FDRThread(void)" ?FDRThread@@YAJXZ
0x1800058B9: memmove
0x1800011B8: "int __cdecl IsAutoverifierEnabled(void)" ?IsAutoverifierEnabled@@YAHXZ
0x1800063C0: "__cdecl _imp_NtDelayExecution" __imp_NtDelayExecution
0x1800063D8: "__cdecl _imp_LdrGetProcedureAddress" __imp_LdrGetProcedureAddress
0x1800068F0: "WERDIAG: PluginsNtGetRegStringVa" ??_C@_0DM@HHBLOFGP@WERDIAG?3?5PluginsNtGetRegStringVa@
0x1800072B0: "%d-AppRecorderEnabled" ??_C@_1CM@EHBAGMAE@?$AA?$CF?$AAd?$AA?9?$AAA?$AAp?$AAp?$AAR?$AAe?$AAc?$AAo?$AAr?$AAd?$AAe?$AAr?$AAE?$AAn?$AAa?$AAb?$AAl?$AAe?$AAd?$AA?$AA@
0x1800062E0: "__cdecl _imp__wtoi" __imp__wtoi
0x180006170: api-ms-win-core-handle-l1-1-0_NULL_THUNK_DATA
0x18000584C: "__cdecl _GSHandlerCheckCommon" __GSHandlerCheckCommon
0x180003C78: "public: long __cdecl CFDRShim::DeleteFDRLayer(void) __ptr64" ?DeleteFDRLayer@CFDRShim@@QEAAJXZ
0x180007EC0: "WERDIAG: Failed reading the sess" ??_C@_0FI@PBONEBGH@WERDIAG?3?5Failed?5reading?5the?5sess@
0x1800065C0: "WERDIAG: Stopping FDR " ??_C@_0BH@DBOHCMGB@WERDIAG?3?5Stopping?5FDR?6?$AA@
0x1800077E0: "Software\Microsoft\Windows\Windo" ??_C@_1IO@NOKLNFIA@?$AAS?$AAo?$AAf?$AAt?$AAw?$AAa?$AAr?$AAe?$AA?2?$AAM?$AAi?$AAc?$AAr?$AAo?$AAs?$AAo?$AAf?$AAt?$AA?2?$AAW?$AAi?$AAn?$AAd?$AAo?$AAw?$AAs?$AA?2?$AAW?$AAi?$AAn?$AAd?$AAo@
0x180007E50: "WERDIAG: Internal provider faile" ??_C@_0EF@FMJCEML@WERDIAG?3?5Internal?5provider?5faile@
0x1800063E8: "__cdecl _imp_RtlAllocateHeap" __imp_RtlAllocateHeap
0x180008AD0: "WERDIAG: StartFDR failed 0x%x " ??_C@_0BP@ICLKCCPM@WERDIAG?3?5StartFDR?5failed?50x?$CFx?6?$AA@
0x180001B30: "private: long __cdecl CAutoVerifierSettingsEngine::ResetAutoverifierEnabledFlag(void) __ptr64" ?ResetAutoverifierEnabledFlag@CAutoVerifierSettingsEngine@@AEAAJXZ
0x18000545E: "__cdecl amsg_exit" _amsg_exit
0x1800086C8: "WERDIAG: Failed deleting file. N" ??_C@_0CP@ICBMCMOD@WERDIAG?3?5Failed?5deleting?5file?4?5N@
0x180006BD0: "Software\Microsoft\Windows NT\Cu" ??_C@_1JE@FDFIOPDM@?$AAS?$AAo?$AAf?$AAt?$AAw?$AAa?$AAr?$AAe?$AA?2?$AAM?$AAi?$AAc?$AAr?$AAo?$AAs?$AAo?$AAf?$AAt?$AA?2?$AAW?$AAi?$AAn?$AAd?$AAo?$AAw?$AAs?$AA?5?$AAN?$AAT?$AA?2?$AAC?$AAu@
0x180008B28: "WERDIAG: Failed concatenating st" ??_C@_0DG@OGDKEA@WERDIAG?3?5Failed?5concatenating?5st@
0x180008EB0: "WERDIAG: Registry value %S is no" ??_C@_0DC@FPPFJLIG@WERDIAG?3?5Registry?5value?5?$CFS?5is?5no@
0x1800017B0: "public: long __cdecl CAutoVerifierSettingsEngine::ProcessStartupSettingsUpdate(void) __ptr64" ?ProcessStartupSettingsUpdate@CAutoVerifierSettingsEngine@@QEAAJXZ
0x1800068A0: "WERDIAG: Failed opening registry" ??_C@_0DG@HPEOKIBA@WERDIAG?3?5Failed?5opening?5registry@
0x180006268: "__cdecl _imp_GetTraceLoggerHandle" __imp_GetTraceLoggerHandle
0x180006130: api-ms-win-core-errorhandling-l1-1-0_NULL_THUNK_DATA
0x180006280: "__cdecl _imp_GetTraceEnableLevel" __imp_GetTraceEnableLevel
0x1800063E0: "__cdecl _imp_NtDeleteValueKey" __imp_NtDeleteValueKey
0x1800061C0: "__cdecl _imp_GetCurrentProcess" __imp_GetCurrentProcess
0x180008AF0: "FDR_FLUSH_MESSAGE" ??_C@_1CE@IMPEKBLH@?$AAF?$AAD?$AAR?$AA_?$AAF?$AAL?$AAU?$AAS?$AAH?$AA_?$AAM?$AAE?$AAS?$AAS?$AAA?$AAG?$AAE?$AA?$AA@
0x18000BA70: "__cdecl _native_startup_lock" __native_startup_lock
0x180001150: DllMain
0x1800081C8: "WERDIAG: Invalid format: expecte" ??_C@_0CI@IECAKDNA@WERDIAG?3?5Invalid?5format?3?5expecte@
0x180007DD8: "WERDIAG: Failed determining stri" ??_C@_0DK@BMGFLNB@WERDIAG?3?5Failed?5determining?5stri@
0x180008040: "WERDIAG: Unable to allocate %d b" ??_C@_0EA@FMMFHLIM@WERDIAG?3?5Unable?5to?5allocate?5?$CFd?5b@
0x1800062D0: "__cdecl _imp__wcsicmp" __imp__wcsicmp
0x1800079C0: "Software\Microsoft\Windows NT\Cu" ??_C@_1IG@FGFNFAKK@?$AAS?$AAo?$AAf?$AAt?$AAw?$AAa?$AAr?$AAe?$AA?2?$AAM?$AAi?$AAc?$AAr?$AAo?$AAs?$AAo?$AAf?$AAt?$AA?2?$AAW?$AAi?$AAn?$AAd?$AAo?$AAw?$AAs?$AA?5?$AAN?$AAT?$AA?2?$AAC?$AAu@
0x1800062F8: "__cdecl _imp___C_specific_handler" __imp___C_specific_handler
0x180008E40: "WERDIAG: NtQueryInformationProce" ??_C@_0DL@MBADNMMB@WERDIAG?3?5NtQueryInformationProce@
0x180008D10: "%s\%s" ??_C@_1M@DFKENGJN@?$AA?$CF?$AAs?$AA?2?$AA?$CF?$AAs?$AA?$AA@
0x1800061E0: "__cdecl _imp_RtlCaptureContext" __imp_RtlCaptureContext
0x180006180: api-ms-win-core-libraryloader-l1-2-0_NULL_THUNK_DATA
0x180006CF0: "AutoVerifierCount" ??_C@_1CE@OEBADDND@?$AAA?$AAu?$AAt?$AAo?$AAV?$AAe?$AAr?$AAi?$AAf?$AAi?$AAe?$AAr?$AAC?$AAo?$AAu?$AAn?$AAt?$AA?$AA@
0x1800064B0: "Guid" ??_C@_19BPBMCKGC@?$AAG?$AAu?$AAi?$AAd?$AA?$AA@
0x180006400: "__cdecl _imp_NtDeleteFile" __imp_NtDeleteFile
0x180006118: "__cdecl _imp_GetLastError" __imp_GetLastError
0x1800062B0: api-ms-win-eventing-legacy-l1-1-0_NULL_THUNK_DATA
0x18000B050: "__cdecl _native_dllmain_reason" __native_dllmain_reason
0x180005828: "__cdecl _GSHandlerCheck" __GSHandlerCheck
0x180006DE0: "WERDIAG: Failed creating timer t" ??_C@_0DH@EFGKKAEF@WERDIAG?3?5Failed?5creating?5timer?5t@
0x180007430: ".AppRecorderData.xml" ??_C@_1CK@OFHOMLIM@?$AA?4?$AAA?$AAp?$AAp?$AAR?$AAe?$AAc?$AAo?$AAr?$AAd?$AAe?$AAr?$AAD?$AAa?$AAt?$AAa?$AA?4?$AAx?$AAm?$AAl?$AA?$AA@
0x180008A00: "WERDIAG: Failed reading log file" ??_C@_0EL@ECHHEKCF@WERDIAG?3?5Failed?5reading?5log?5file@
0x180006F50: "WERDIAG: Not disabling HKCU IFEO" ??_C@_0EK@FNHKNOHL@WERDIAG?3?5Not?5disabling?5HKCU?5IFEO@
0x1800061B8: "__cdecl _imp_GetCurrentProcessId" __imp_GetCurrentProcessId
0x180006200: "__cdecl _imp_WaitForSingleObject" __imp_WaitForSingleObject
0x180006D88: "OriginalBucket" ??_C@_1BO@GCAECHHF@?$AAO?$AAr?$AAi?$AAg?$AAi?$AAn?$AAa?$AAl?$AAB?$AAu?$AAc?$AAk?$AAe?$AAt?$AA?$AA@
0x180007A50: "WERDIAG: AppRecorder: Failed to " ??_C@_0EN@KDOKGNMH@WERDIAG?3?5AppRecorder?3?5Failed?5to?5@
0x180002B70: StartFDR
0x180005520: "__cdecl ValidateImageBase" _ValidateImageBase
0x180004508: "long __cdecl StringCchCopyW(unsigned short * __ptr64,unsigned __int64,unsigned short const * __ptr64)" ?StringCchCopyW@@YAJPEAG_KPEBG@Z
0x180004470: "long __cdecl StringCchCopyNW(unsigned short * __ptr64,unsigned __int64,unsigned short const * __ptr64,unsigned __int64)" ?StringCchCopyNW@@YAJPEAG_KPEBG1@Z
0x180007C98: "WERDIAG: GetTraceEnableFlags fai" ??_C@_0CF@HACAPHOP@WERDIAG?3?5GetTraceEnableFlags?5fai@
0x180002998: "long __cdecl FDRRemoveAppCompatLayerFromList(unsigned short const * __ptr64,unsigned long,unsigned short const * __ptr64,unsigned short * __ptr64 * __ptr64)" ?FDRRemoveAppCompatLayerFromList@@YAJPEBGK0PEAPEAG@Z
0x180003708: "private: long __cdecl CFDRShim::ParseSettings(unsigned short * __ptr64 * __ptr64) __ptr64" ?ParseSettings@CFDRShim@@AEAAJPEAPEAG@Z
0x180008208: "WERDIAG: Failed getting string l" ??_C@_0DG@HFBDAGF@WERDIAG?3?5Failed?5getting?5string?5l@
0x1800063A0: "__cdecl _imp_RtlFreeHeap" __imp_RtlFreeHeap
0x180009694: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-libraryloader-l1-2-0" __IMPORT_DESCRIPTOR_api-ms-win-core-libraryloader-l1-2-0
0x1800066F0: "WERDIAG: AutoVerifier: Subkey is" ??_C@_0CG@FPIHLKCO@WERDIAG?3?5AutoVerifier?3?5Subkey?5is@
0x180008B18: "%s-%d" ??_C@_1M@JIJACILF@?$AA?$CF?$AAs?$AA?9?$AA?$CF?$AAd?$AA?$AA@
0x180006158: "__cdecl _imp_GetTempPathW" __imp_GetTempPathW
0x180008668: "%s_%d" ??_C@_1M@HGOFLOFI@?$AA?$CF?$AAs?$AA_?$AA?$CF?$AAd?$AA?$AA@
0x1800063F8: "__cdecl _imp_RtlDosPathNameToNtPathName_U" __imp_RtlDosPathNameToNtPathName_U
0x180007380: "WERDIAG: AppRecorder: Failed to " ??_C@_0EJ@HDBNNCAP@WERDIAG?3?5AppRecorder?3?5Failed?5to?5@
0x180005170: "__cdecl DllMainCRTStartup" _DllMainCRTStartup
0x180006300: "__cdecl _imp__initterm" __imp__initterm
0x180008810: "WERDIAG: Failed reading string v" ??_C@_0EE@LOLKKNAH@WERDIAG?3?5Failed?5reading?5string?5v@
0x180006B40: "WERDIAG: Service returned failur" ??_C@_0DK@FCJMLOPI@WERDIAG?3?5Service?5returned?5failur@
0x18000B610: "class CAutoVerifierSettingsEngine g_SettingsEngine" ?g_SettingsEngine@@3VCAutoVerifierSettingsEngine@@A
0x1800070D8: "WERDIAG: Failed switching to nor" ??_C@_0DP@CNGEPJBK@WERDIAG?3?5Failed?5switching?5to?5nor@
0x180002EEC: "private: long __cdecl CFDRShim::EnableFDR(unsigned short const * __ptr64) __ptr64" ?EnableFDR@CFDRShim@@AEAAJPEBG@Z
0x1800075D0: "WERDIAG: AppRecorder: Failed to " ??_C@_0FB@MDHJACEF@WERDIAG?3?5AppRecorder?3?5Failed?5to?5@
0x180006178: "__cdecl _imp_GetModuleFileNameW" __imp_GetModuleFileNameW
0x180007730: "WERDIAG: AppRecorder: Failed to " ??_C@_0EH@FELOMNPL@WERDIAG?3?5AppRecorder?3?5Failed?5to?5@
0x180007C10: "WERDIAG: Failed creating FDR thr" ??_C@_0DF@EPIJDCNA@WERDIAG?3?5Failed?5creating?5FDR?5thr@
0x180006D18: "WERDIAG: Failed reading key valu" ??_C@_0DD@PLCBNILC@WERDIAG?3?5Failed?5reading?5key?5valu@
0x18000BA38: "struct _RTL_VERIFIER_DLL_DESCRIPTOR * VfCoreHooks" ?VfCoreHooks@@3PAU_RTL_VERIFIER_DLL_DESCRIPTOR@@A
0x180002C00: "unsigned long __cdecl ControlCallback(enum WMIDPREQUESTCODE,void * __ptr64,unsigned long * __ptr64,void * __ptr64)" ?ControlCallback@@YAKW4WMIDPREQUESTCODE@@PEAXPEAK1@Z
0x180008A50: "WERDIAG: Get current process ID " ??_C@_0CI@MLAJFCG@WERDIAG?3?5Get?5current?5process?5ID?5@
0x18000BA60: "__cdecl _onexitend" __onexitend
0x180006440: "__cdecl _guard_check_icall_fptr" __guard_check_icall_fptr
0x180004978: "long __cdecl PluginsNtSetRegDwordValue(void * __ptr64,unsigned short const * __ptr64,unsigned long)" ?PluginsNtSetRegDwordValue@@YAJPEAXPEBGK@Z
0x1800061B0: "__cdecl _imp_TerminateProcess" __imp_TerminateProcess
0x18000B5F0: "__cdecl _@@_PchSym_@00@KxulyqvxgPillgKxulmvxlivUdrmwldhUuvvwyzxpUxlivUdviwrztUwooUlyquivUznwGEUkivxlnkOlyq@WerDiagController" __@@_PchSym_@00@KxulyqvxgPillgKxulmvxlivUdrmwldhUuvvwyzxpUxlivUdviwrztUwooUlyquivUznwGEUkivxlnkOlyq@WerDiagController
0x180008F38: "WERDIAG: Failed with integer ove" ??_C@_0CH@CPKEEKPE@WERDIAG?3?5Failed?5with?5integer?5ove@
0x180008350: "WERDIAG: Out of resources alloca" ??_C@_0DP@OKKBELMI@WERDIAG?3?5Out?5of?5resources?5alloca@
0x180002498: "long __cdecl AppRecorderUpdateSettings(void)" ?AppRecorderUpdateSettings@@YAJXZ
0x180006250: api-ms-win-core-sysinfo-l1-1-0_NULL_THUNK_DATA
0x180006460: "__cdecl _xi_a" __xi_a
0x180006238: "__cdecl _imp_GetTickCount" __imp_GetTickCount
0x180007000: "verifier.dll" ??_C@_1BK@GKAGNDBG@?$AAv?$AAe?$AAr?$AAi?$AAf?$AAi?$AAe?$AAr?$AA?4?$AAd?$AAl?$AAl?$AA?$AA@
0x180007940: "AppRecorderCount" ??_C@_1CC@MOEJHIBO@?$AAA?$AAp?$AAp?$AAR?$AAe?$AAc?$AAo?$AAr?$AAd?$AAe?$AAr?$AAC?$AAo?$AAu?$AAn?$AAt?$AA?$AA@
0x180001DB0: QueryOriginalBucket
0x180006768: "AutoverifierEnabled" ??_C@_1CI@FNEEMOOA@?$AAA?$AAu?$AAt?$AAo?$AAv?$AAe?$AAr?$AAi?$AAf?$AAi?$AAe?$AAr?$AAE?$AAn?$AAa?$AAb?$AAl?$AAe?$AAd?$AA?$AA@
0x180007020: "WERDIAG: Failed obtaining verifi" ??_C@_0DP@HMONGOEJ@WERDIAG?3?5Failed?5obtaining?5verifi@
0x180008BD0: "WERDIAG: Flushing done, done sig" ??_C@_0CK@GLAGIDOC@WERDIAG?3?5Flushing?5done?0?5done?5sig@
0x180008930: "WERDIAG: Invalid arguments; poin" ??_C@_0EF@DNEIJHCP@WERDIAG?3?5Invalid?5arguments?$DL?5poin@
0x180006398: "__cdecl _imp_NtAlpcSendWaitReceivePort" __imp_NtAlpcSendWaitReceivePort
0x1800096BC: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-processthreads-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-processthreads-l1-1-0
0x180006190: api-ms-win-core-memory-l1-1-0_NULL_THUNK_DATA
0x180008D20: "WERDIAG: Key: %S " ??_C@_0BC@NPAAOIDK@WERDIAG?3?5Key?3?5?$CFS?6?$AA@
0x18000BA88: "__cdecl pRawDllMain" _pRawDllMain
0x180007AF8: "AppRecorder" ??_C@_1BI@JIKJEJML@?$AAA?$AAp?$AAp?$AAR?$AAe?$AAc?$AAo?$AAr?$AAd?$AAe?$AAr?$AA?$AA@
0x1800083E0: "WERDIAG: Failed copying characte" ??_C@_0EC@LKFKDPKA@WERDIAG?3?5Failed?5copying?5characte@
0x1800063A8: "__cdecl _imp_RtlFreeSid" __imp_RtlFreeSid
0x180008610: "WERDIAG: Failed reading session " ??_C@_0FB@MJHDHHHO@WERDIAG?3?5Failed?5reading?5session?5@
0x180006508: "WERDIAG: Verifier.dll loaded. En" ??_C@_0DG@JNFDPLKN@WERDIAG?3?5Verifier?4dll?5loaded?4?5En@
0x1800072E0: "WERDIAG: AppRecorder: Failed cre" ??_C@_0FE@EIBILCPH@WERDIAG?3?5AppRecorder?3?5Failed?5cre@
0x180006410: "__cdecl _imp_NtQueryValueKey" __imp_NtQueryValueKey
0x180005410: "__cdecl _security_check_cookie" __security_check_cookie
0x180008DD0: "WERDIAG: Failed writing to value" ??_C@_0DF@HJGBFGIE@WERDIAG?3?5Failed?5writing?5to?5value@
0x180006458: "__cdecl _xc_z" __xc_z
0x1800061C8: api-ms-win-core-processthreads-l1-1-0_NULL_THUNK_DATA
0x1800089A0: "WERDIAG: Failed reading FDR sett" ??_C@_0EK@HLMFHBKP@WERDIAG?3?5Failed?5reading?5FDR?5sett@
0x180007D00: "WERDIAG: Tracing disabled for in" ??_C@_0DB@GGADJFBH@WERDIAG?3?5Tracing?5disabled?5for?5in@
0x180009720: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-windowserrorreporting-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-windowserrorreporting-l1-1-0
0x180008A78: "ProcID" ??_C@_1O@IDJHDOKF@?$AAP?$AAr?$AAo?$AAc?$AAI?$AAD?$AA?$AA@
0x180003F90: "private: long __cdecl CFDRShim::ReadAndUpdateSessionSettings(unsigned short * __ptr64 * __ptr64,unsigned short * __ptr64 * __ptr64) __ptr64" ?ReadAndUpdateSessionSettings@CFDRShim@@AEAAJPEAPEAG0@Z
0x180007D90: "WERDIAG: Internal provider: FDR " ??_C@_0EB@ILAPPFLN@WERDIAG?3?5Internal?5provider?3?5FDR?5@
0x180008C80: "WERDIAG: SizeTAdd failed. NTSTAT" ??_C@_0CK@NEMIOFOH@WERDIAG?3?5SizeTAdd?5failed?4?5NTSTAT@
0x180008EF0: "WERDIAG: Failed determining stri" ??_C@_0EB@FFIFOOCM@WERDIAG?3?5Failed?5determining?5stri@
0x180003A60: "public: long __cdecl CFDRShim::CleanupSessionSettings(int) __ptr64" ?CleanupSessionSettings@CFDRShim@@QEAAJH@Z
0x180006240: "__cdecl _imp_GetSystemTimeAsFileTime" __imp_GetSystemTimeAsFileTime
0x180008240: "WERDIAG: Failed copying string. " ??_C@_0CP@EAGFOOEO@WERDIAG?3?5Failed?5copying?5string?4?5@
0x180007970: "WERDIAG: AppRecorder: Failed to " ??_C@_0EN@HHAFJODF@WERDIAG?3?5AppRecorder?3?5Failed?5to?5@
0x180004C28: "long __cdecl PluginsNtGetRegStringValue(void * __ptr64,unsigned short const * __ptr64,unsigned short * __ptr64 * __ptr64)" ?PluginsNtGetRegStringValue@@YAJPEAXPEBGPEAPEAG@Z
0x180006340: "__cdecl _imp_RtlFormatCurrentUserKeyPath" __imp_RtlFormatCurrentUserKeyPath
0x180007C00: "WERDIAG: OOM " ??_C@_0O@GCCJBFDJ@WERDIAG?3?5OOM?6?$AA@
0x1800063D0: "__cdecl _imp_RtlInitAnsiString" __imp_RtlInitAnsiString
0x1800023B4: "int __cdecl IsAppRecorderEnabled(void)" ?IsAppRecorderEnabled@@YAHXZ
0x1800069B8: "WERDIAG: WaitForWerSvc failed. N" ??_C@_0CP@BFHGPDBL@WERDIAG?3?5WaitForWerSvc?5failed?4?5N@
0x180008E80: "WERDIAG: Invalid size returned. " ??_C@_0DA@CGLBNIOD@WERDIAG?3?5Invalid?5size?5returned?4?5@
0x1800061F8: api-ms-win-core-rtlsupport-l1-1-0_NULL_THUNK_DATA
0x180001FA0: "long __cdecl AppRecorderStartThread(void)" ?AppRecorderStartThread@@YAJXZ
0x180007E98: "WERDIAG: Internal log message " ??_C@_0BP@IPMPINJH@WERDIAG?3?5Internal?5log?5message?6?$AA@
0x180006E68: "WERDIAG: Failed writing key valu" ??_C@_0CD@LGFGEEN@WERDIAG?3?5Failed?5writing?5key?5valu@
0x1800071B0: "WERDIAG: AppRecorder: Failed cre" ??_C@_0EK@CNCEPFIE@WERDIAG?3?5AppRecorder?3?5Failed?5cre@
0x1800096E4: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-rtlsupport-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-rtlsupport-l1-1-0
0x1800061D8: api-ms-win-core-profile-l1-1-0_NULL_THUNK_DATA
0x180006478: "__cdecl _guard_fids_table" __guard_fids_table
0x180006330: msvcrt_NULL_THUNK_DATA
0x180006010: "__cdecl load_config_used" _load_config_used
0x180006368: "__cdecl _imp_ZwQueryWnfStateNameInformation" __imp_ZwQueryWnfStateNameInformation
0x18000BA30: "unsigned __int64 g_ProviderSessionHandle" ?g_ProviderSessionHandle@@3_KA
0x180007CC0: "WERDIAG: Internal provider enabl" ??_C@_0DM@IIMKLGCL@WERDIAG?3?5Internal?5provider?5enabl@
0x180008C00: "WERDIAG: Unexpected event respon" ??_C@_0EA@FBOCNLGG@WERDIAG?3?5Unexpected?5event?5respon@
0x180008110: "WERDIAG: Failed enabling interna" ??_C@_0EF@ODAOMNDD@WERDIAG?3?5Failed?5enabling?5interna@
0x180007630: "%s /start /output %s /gui 0 /rec" ??_C@_1KI@MBKALEBN@?$AA?$CF?$AAs?$AA?5?$AA?1?$AAs?$AAt?$AAa?$AAr?$AAt?$AA?5?$AA?1?$AAo?$AAu?$AAt?$AAp?$AAu?$AAt?$AA?5?$AA?$CF?$AAs?$AA?5?$AA?1?$AAg?$AAu?$AAi?$AA?5?$AA0?$AA?5?$AA?1?$AAr?$AAe?$AAc@
0x180006218: "__cdecl _imp_OpenEventW" __imp_OpenEventW
0x180008CB0: "WERDIAG: Arithmetic operation fa" ??_C@_0DG@FICCLPAD@WERDIAG?3?5Arithmetic?5operation?5fa@
0x180007780: "WERDIAG: AppRecorder: Failed get" ??_C@_0FB@MOLGJJMM@WERDIAG?3?5AppRecorder?3?5Failed?5get@
0x180007118: "WERDIAG: Verifier switched to li" ??_C@_0CK@FMNGAOIE@WERDIAG?3?5Verifier?5switched?5to?5li@
0x180002CB0: "private: long __cdecl CFDRShim::LogMessage(unsigned short const * __ptr64,unsigned long) __ptr64" ?LogMessage@CFDRShim@@AEAAJPEBGK@Z
0x180006318: "__cdecl _imp__amsg_exit" __imp__amsg_exit
0x180006430: "__cdecl _imp_RtlCreateUserThread" __imp_RtlCreateUserThread
0x180006420: "__cdecl _imp_NtQueryInformationProcess" __imp_NtQueryInformationProcess
0x1800078C0: "AppRecorderEnabled" ??_C@_1CG@CPNMGIAD@?$AAA?$AAp?$AAp?$AAR?$AAe?$AAc?$AAo?$AAr?$AAd?$AAe?$AAr?$AAE?$AAn?$AAa?$AAb?$AAl?$AAe?$AAd?$AA?$AA@
0x180006338: "__cdecl _imp_NtClose" __imp_NtClose
0x180002918: "long __cdecl StringCchPrintfW(unsigned short * __ptr64,unsigned __int64,unsigned short const * __ptr64,...)" ?StringCchPrintfW@@YAJPEAG_KPEBGZZ
0x180006F18: "ImageExecutionOptions" ??_C@_1CM@ECAHNNAO@?$AAI?$AAm?$AAa?$AAg?$AAe?$AAE?$AAx?$AAe?$AAc?$AAu?$AAt?$AAi?$AAo?$AAn?$AAO?$AAp?$AAt?$AAi?$AAo?$AAn?$AAs?$AA?$AA@
0x1800061F0: "__cdecl _imp_RtlLookupFunctionEntry" __imp_RtlLookupFunctionEntry
0x1800061D0: "__cdecl _imp_QueryPerformanceCounter" __imp_QueryPerformanceCounter
0x180008510: "WERDIAG: Error parsing current p" ??_C@_0FK@GCBFKDBA@WERDIAG?3?5Error?5parsing?5current?5p@
0x18000B820: "struct _AUTOVRF_CACHE g_AutoVerifierCache" ?g_AutoVerifierCache@@3U_AUTOVRF_CACHE@@A
0x18000BA58: "__cdecl _@@_PchSym_@00@KxulyqvxgPillgKxulmvxlivUdrmwldhUuvvwyzxpUxlivUdviwrztUoryUlyquivUznwGEUkivxlnkOlyq@WerDiag" __@@_PchSym_@00@KxulyqvxgPillgKxulmvxlivUdrmwldhUuvvwyzxpUxlivUdviwrztUoryUlyquivUznwGEUkivxlnkOlyq@WerDiag
0x180006390: "__cdecl _imp_NtAlpcConnectPort" __imp_NtAlpcConnectPort
0x180006380: "__cdecl _imp_NtOpenEvent" __imp_NtOpenEvent
0x1800061E8: "__cdecl _imp_RtlVirtualUnwind" __imp_RtlVirtualUnwind
0x180008B98: "WERDIAG: Failed setting event. W" ??_C@_0DC@BDLCOCFH@WERDIAG?3?5Failed?5setting?5event?4?5W@
0x1800073E0: "WERDIAG: AppRecorder: Failed to " ??_C@_0EH@JMIPCEIL@WERDIAG?3?5AppRecorder?3?5Failed?5to?5@
0x180005650: "__cdecl guard_check_icall_nop" _guard_check_icall_nop
0x180006248: "__cdecl _imp_GetSystemDirectoryW" __imp_GetSystemDirectoryW
0x180004590: "long __cdecl PluginsNtOpenKey(unsigned long,unsigned short const * __ptr64,unsigned short * __ptr64,void * __ptr64,void * __ptr64 * __ptr64)" ?PluginsNtOpenKey@@YAJKPEBGPEAGPEAXPEAPEAX@Z
0x180003630: "private: long __cdecl CFDRShim::UpdateGUIDSettings(unsigned short const * __ptr64,unsigned short const * __ptr64,struct GUID_SETTINGS * __ptr64,unsigned long * __ptr64) __ptr64" ?UpdateGUIDSettings@CFDRShim@@AEAAJPEBG0PEAUGUID_SETTINGS@@PEAK@Z
0x180004844: "long __cdecl PluginsNtGetRegDwordValue(void * __ptr64,unsigned short const * __ptr64,unsigned long * __ptr64)" ?PluginsNtGetRegDwordValue@@YAJPEAXPEBGPEAK@Z
0x1800063F0: "__cdecl _imp_RtlGUIDFromString" __imp_RtlGUIDFromString
0x1800078F0: "WERDIAG: AppRecorder: AppRecorde" ??_C@_0EP@FNALOPKC@WERDIAG?3?5AppRecorder?3?5AppRecorde@
0x180007080: "WERDIAG: Failed obtaining Verifi" ??_C@_0FE@EGHLFAJK@WERDIAG?3?5Failed?5obtaining?5Verifi@
0x180007560: "WERDIAG: AppRecorder: Failed to " ??_C@_0EL@PDOPAMD@WERDIAG?3?5AppRecorder?3?5Failed?5to?5@
0x180007F88: "FDR started" ??_C@_1BI@JOMHMHNC@?$AAF?$AAD?$AAR?$AA?5?$AAs?$AAt?$AAa?$AAr?$AAt?$AAe?$AAd?$AA?$AA@
0x180009734: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-handle-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-handle-l1-1-0
0x180006260: api-ms-win-core-windowserrorreporting-l1-1-0_NULL_THUNK_DATA
0x180006358: "__cdecl _imp_EtwEventWriteNoRegistration" __imp_EtwEventWriteNoRegistration
0x180006290: api-ms-win-eventing-classicprovider-l1-1-0_NULL_THUNK_DATA
0x1800062D8: "__cdecl _imp__XcptFilter" __imp__XcptFilter
0x180008858: "FDR" ??_C@_17IAOCGEKP@?$AAF?$AAD?$AAR?$AA?$AA@
0x180006438: ntdll_NULL_THUNK_DATA
0x1800062E8: "__cdecl _imp_memcpy" __imp_memcpy
0x180006A38: "WERDIAG: RtlAllocateAndInitializ" ??_C@_0DN@EMECCKCF@WERDIAG?3?5RtlAllocateAndInitializ@
0x1800069F0: "WERDIAG: WaitForWerSvc timed out" ??_C@_0EI@EHOFHIDF@WERDIAG?3?5WaitForWerSvc?5timed?5out@
0x1800064C0: "Level" ??_C@_1M@MFHLECJA@?$AAL?$AAe?$AAv?$AAe?$AAl?$AA?$AA@
0x18000B600: "int g_bProcessAttachDone" ?g_bProcessAttachDone@@3HA
0x180008D90: "WERDIAG: Failed extracting regis" ??_C@_0DO@ENCCDPMN@WERDIAG?3?5Failed?5extracting?5regis@
0x1800064E0: "CircularSize" ??_C@_1BK@PJPDGMML@?$AAC?$AAi?$AAr?$AAc?$AAu?$AAl?$AAa?$AAr?$AAS?$AAi?$AAz?$AAe?$AA?$AA@
0x180007F50: "WERDIAG: Failed to enable loggin" ??_C@_0DC@GIKPNDBC@WERDIAG?3?5Failed?5to?5enable?5loggin@
0x180006270: "__cdecl _imp_GetTraceEnableFlags" __imp_GetTraceEnableFlags
0x18000975C: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-synch-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-synch-l1-1-0
0x180006288: "__cdecl _imp_RegisterTraceGuidsW" __imp_RegisterTraceGuidsW
0x18000B058: "__cdecl _security_cookie" __security_cookie
0x180001CA0: "long __cdecl WaitingThread(void * __ptr64)" ?WaitingThread@@YAJPEAX@Z
0x180007FE0: "FDR Tracing Session" ??_C@_1CI@HOPEHBDK@?$AAF?$AAD?$AAR?$AA?5?$AAT?$AAr?$AAa?$AAc?$AAi?$AAn?$AAg?$AA?5?$AAS?$AAe?$AAs?$AAs?$AAi?$AAo?$AAn?$AA?$AA@
0x180008680: "WERDIAG: Failed appending proces" ??_C@_0EG@KBPHBGKJ@WERDIAG?3?5Failed?5appending?5proces@
0x180006660: "Software\Microsoft\Windows\Windo" ??_C@_1JA@ICBKIHFN@?$AAS?$AAo?$AAf?$AAt?$AAw?$AAa?$AAr?$AAe?$AA?2?$AAM?$AAi?$AAc?$AAr?$AAo?$AAs?$AAo?$AAf?$AAt?$AA?2?$AAW?$AAi?$AAn?$AAd?$AAo?$AAw?$AAs?$AA?2?$AAW?$AAi?$AAn?$AAd?$AAo@
0x180007510: "WERDIAG: AppRecorder: Failed to " ??_C@_0EP@DMEJJNMK@WERDIAG?3?5AppRecorder?3?5Failed?5to?5@
0x180006168: "__cdecl _imp_CloseHandle" __imp_CloseHandle
0x1800097AC: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-eventing-controller-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-eventing-controller-l1-1-0
0x180008300: "WERDIAG: Failed obtaining the le" ??_C@_0EJ@MNCPJLI@WERDIAG?3?5Failed?5obtaining?5the?5le@
0x180007B70: "WERDIAG: AppRecorder: Failed to " ??_C@_0EP@BNHBGCCL@WERDIAG?3?5AppRecorder?3?5Failed?5to?5@
0x1800063B8: "__cdecl _imp_NtDeleteKey" __imp_NtDeleteKey
0x1800096F8: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-errorhandling-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-errorhandling-l1-1-0
0x1800063B0: "__cdecl _imp_DbgPrintEx" __imp_DbgPrintEx
0x180007260: "WERDIAG: AppRecorder: ProcessSta" ??_C@_0EK@JOEENOND@WERDIAG?3?5AppRecorder?3?5ProcessSta@
0x180008A90: "WERDIAG: Failed writing process " ??_C@_0EA@NJGJMEJP@WERDIAG?3?5Failed?5writing?5process?5@
0x18000BA68: "__cdecl _onexitbegin" __onexitbegin
0x18000B608: "int g_bAutoverifierEnabled" ?g_bAutoverifierEnabled@@3HA
0x180006258: "__cdecl _imp_WerRegisterFile" __imp_WerRegisterFile
0x180008978: "SessionSettings" ??_C@_1CA@GMCFAAFF@?$AAS?$AAe?$AAs?$AAs?$AAi?$AAo?$AAn?$AAS?$AAe?$AAt?$AAt?$AAi?$AAn?$AAg?$AAs?$AA?$AA@
0x180006388: "__cdecl _imp_RtlAllocateAndInitializeSid" __imp_RtlAllocateAndInitializeSid
0x18000B000: "struct _RTL_VERIFIER_PROVIDER_DESCRIPTOR VfCoreProvider" ?VfCoreProvider@@3U_RTL_VERIFIER_PROVIDER_DESCRIPTOR@@A
0x180007870: "WERDIAG: AppRecorder: AppRecorde" ??_C@_0EP@KKCBNPNH@WERDIAG?3?5AppRecorder?3?5AppRecorde@
0x1800062C8: "__cdecl _imp__vsnwprintf" __imp__vsnwprintf
0x180008CE8: "WERDIAG: Insufficient resources " ??_C@_0CB@HCBFFHMA@WERDIAG?3?5Insufficient?5resources?6@
0x180006120: "__cdecl _imp_SetUnhandledExceptionFilter" __imp_SetUnhandledExceptionFilter
0x180008270: "WERDIAG: Invalid arguments: Buff" ??_C@_0EK@GNHEENKN@WERDIAG?3?5Invalid?5arguments?3?5Buff@
0x180005554: "__cdecl _security_init_cookie" __security_init_cookie
0x180001EF0: StartAppRecorder
0x180006370: "__cdecl _imp_NtQuerySystemInformation" __imp_NtQuerySystemInformation
0x180008428: "WERDIAG: Invalid argument: setti" ??_C@_0DK@KALCHMON@WERDIAG?3?5Invalid?5argument?3?5setti@
0x180008800: "AppPath" ??_C@_1BA@JGADFHCG@?$AAA?$AAp?$AAp?$AAP?$AAa?$AAt?$AAh?$AA?$AA@
0x180006540: "WERDIAG: ProcessStartupSettingsU" ??_C@_0DO@EBODDCEG@WERDIAG?3?5ProcessStartupSettingsU@
0x180007BE0: "WERDIAG: Arithmetic overflow " ??_C@_0BO@KLHGPCOP@WERDIAG?3?5Arithmetic?5overflow?6?$AA@
0x180006500: WNF_WER_SERVICE_START
0x18000966C: "__cdecl _IMPORT_DESCRIPTOR_msvcrt" __IMPORT_DESCRIPTOR_msvcrt
0x1800062F0: "__cdecl _imp_memmove" __imp_memmove
0x180003190: "private: long __cdecl CFDRShim::ParsePair(unsigned short * __ptr64,unsigned short * __ptr64,unsigned long,unsigned short * __ptr64,unsigned long) __ptr64" ?ParsePair@CFDRShim@@AEAAJPEAG0K0K@Z
0x180007D40: "WERDIAG: Provider not registered" ??_C@_0EF@CLIMICOI@WERDIAG?3?5Provider?5not?5registered@
0x180006408: "__cdecl _imp_NtOpenKey" __imp_NtOpenKey
0x180006308: "__cdecl _imp_malloc" __imp_malloc
0x180008080: "WERDIAG: Failed copying string b" ??_C@_0DG@BDFAJODP@WERDIAG?3?5Failed?5copying?5string?5b@
0x180007340: "WERDIAG: AppRecorder: Failed cre" ??_C@_0EA@CDFOGGFB@WERDIAG?3?5AppRecorder?3?5Failed?5cre@
0x180007F18: "WERDIAG: Failed parsing settings" ??_C@_0DI@OCIJNDPP@WERDIAG?3?5Failed?5parsing?5settings@
0x1800056A0: "__cdecl _report_gsfailure" __report_gsfailure
0x180006278: "__cdecl _imp_TraceEvent" __imp_TraceEvent
0x180008190: "WERDIAG: Failed obtaining string" ??_C@_0DI@EJMKNBDM@WERDIAG?3?5Failed?5obtaining?5string@
0x1800088E8: "WERDIAG: Failed opening session " ??_C@_0DO@OJDPACLH@WERDIAG?3?5Failed?5opening?5session?5@
0x180006CD0: "Autoverifier" ??_C@_1BK@GICOIIPO@?$AAA?$AAu?$AAt?$AAo?$AAv?$AAe?$AAr?$AAi?$AAf?$AAi?$AAe?$AAr?$AA?$AA@
0x180006298: "__cdecl _imp_StartTraceW" __imp_StartTraceW
0x18000BA78: "__cdecl _native_startup_state" __native_startup_state
0x180007E18: "WERDIAG: Memory allocation for e" ??_C@_0CO@KNAJAFHM@WERDIAG?3?5Memory?5allocation?5for?5e@
0x180008D40: "WERDIAG: Out of resources alloca" ??_C@_0EL@PGNCKMKA@WERDIAG?3?5Out?5of?5resources?5alloca@
0x180006638: "WERDIAG: AutoVerifier: Path is: " ??_C@_0CE@JEOLBFHC@WERDIAG?3?5AutoVerifier?3?5Path?5is?3?5@
0x1800088A8: "WERDIAG: PluginsNtSetRegStringVa" ??_C@_0DM@INFIJFHK@WERDIAG?3?5PluginsNtSetRegStringVa@
0x180008390: "WERDIAG: Failed making a copy of" ??_C@_0EO@FMPIBJIM@WERDIAG?3?5Failed?5making?5a?5copy?5of@
0x180006DA8: "AutoVerifierTimeDuration" ??_C@_1DC@GFEFEGMO@?$AAA?$AAu?$AAt?$AAo?$AAV?$AAe?$AAr?$AAi?$AAf?$AAi?$AAe?$AAr?$AAT?$AAi?$AAm?$AAe?$AAD?$AAu?$AAr?$AAa?$AAt?$AAi?$AAo?$AAn?$AA?$AA@
0x180009748: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-memory-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-memory-l1-1-0
0x180008570: "WERDIAG: Failed updating setting" ??_C@_0EF@KEFMCFIM@WERDIAG?3?5Failed?5updating?5setting@
0x180007FA0: "WERDIAG: Failed enabling trace p" ??_C@_0DM@KHIIDHKN@WERDIAG?3?5Failed?5enabling?5trace?5p@
0x180007200: "Local\{DF2B7FCA-C5B0-4638-A4AD-5" ??_C@_1FK@EIIIDNBJ@?$AAL?$AAo?$AAc?$AAa?$AAl?$AA?2?$AA?$HL?$AAD?$AAF?$AA2?$AAB?$AA7?$AAF?$AAC?$AAA?$AA?9?$AAC?$AA5?$AAB?$AA0?$AA?9?$AA4?$AA6?$AA3?$AA8?$AA?9?$AAA?$AA4?$AAA?$AAD?$AA?9?$AA5@
0x180006D50: "WERDIAG: Failed writing registry" ??_C@_0DI@NMNDIHOF@WERDIAG?3?5Failed?5writing?5registry@
0x180006A78: "WERDIAG: NtAlpcConnectPort faile" ??_C@_0DD@GMCCKPCH@WERDIAG?3?5NtAlpcConnectPort?5faile@
0x1800096A8: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-profile-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-profile-l1-1-0
0x180006310: "__cdecl _imp_free" __imp_free
0x1800054C0: "__cdecl IsNonwritableInCurrentImage" _IsNonwritableInCurrentImage
0x180006230: api-ms-win-core-synch-l1-2-0_NULL_THUNK_DATA
0x180008008: "WERDIAG: Invalid arguments: Log " ??_C@_0DF@FLFBLCMG@WERDIAG?3?5Invalid?5arguments?3?5Log?5@
0x180006220: api-ms-win-core-synch-l1-1-0_NULL_THUNK_DATA
0x180009680: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-synch-l1-2-0" __IMPORT_DESCRIPTOR_api-ms-win-core-synch-l1-2-0
0x180005434: "__cdecl DllMainCRTStartupForGS2" _DllMainCRTStartupForGS2
0x1800076E0: "WERDIAG: AppRecorder: Failed to " ??_C@_0FA@HPABPMEN@WERDIAG?3?5AppRecorder?3?5Failed?5to?5@
0x180004A20: "long __cdecl PluginsNtSetRegStringValue(void * __ptr64,unsigned short const * __ptr64,unsigned short const * __ptr64)" ?PluginsNtSetRegStringValue@@YAJPEAXPEBG1@Z
0x1800058C5: memset
0x1800097D4: "__cdecl _NULL_IMPORT_DESCRIPTOR" __NULL_IMPORT_DESCRIPTOR
0x1800089F0: "LogPath" ??_C@_1BA@NHOPJJJG@?$AAL?$AAo?$AAg?$AAP?$AAa?$AAt?$AAh?$AA?$AA@
0x180007B10: "WERDIAG: AppRecorder: Failed to " ??_C@_0FF@KIGEKJND@WERDIAG?3?5AppRecorder?3?5Failed?5to?5@
0x180006720: "WERDIAG: AutoVerifier: could not" ??_C@_0EE@EHBBPJNE@WERDIAG?3?5AutoVerifier?3?5could?5not@

[JEB Decompiler by PNF Software]