PDB Symbols - svchost.exe (0x7FD065BAC18C5278777AE44908101CDFED72D26FA741367F0AD4D02020787AB6)

Generated by JEB on 2019/08/01

PE: C:\Windows\System32\svchost.exe Base=0x140000000 SHA-256=7FD065BAC18C5278777AE44908101CDFED72D26FA741367F0AD4D02020787AB6
PDB: svchost.pdb GUID={89F17E89-9F93-2FD7-5623FF182B44B947} Age=1

405 located named symbols:
0x140007640: "__cdecl _imp_EventSetInformation" __imp_EventSetInformation
0x14000B648: LpacServicesManagementCapabilitySid
0x140007AA0: "System\CurrentControlSet\Control" ??_C@_1FG@IFLNGGCH@?$AAS?$AAy?$AAs?$AAt?$AAe?$AAm?$AA?2?$AAC?$AAu?$AAr?$AAr?$AAe?$AAn?$AAt?$AAC?$AAo?$AAn?$AAt?$AAr?$AAo?$AAl?$AAS?$AAe?$AAt?$AA?2?$AAC?$AAo?$AAn?$AAt?$AAr?$AAo?$AAl@
0x14000467C: "__cdecl _raise_securityfailure" __raise_securityfailure
0x140007638: "__cdecl _imp_EventRegister" __imp_EventRegister
0x14000D000: "__cdecl _imp_CoInitializeEx" __imp_CoInitializeEx
0x1400042C0: "__cdecl _delayLoadHelper2" __delayLoadHelper2
0x1400075A8: "__cdecl _imp_CompareStringOrdinal" __imp_CompareStringOrdinal
0x140009140: "__cdecl _IMPORT_DESCRIPTOR_ntdll" __IMPORT_DESCRIPTOR_ntdll
0x1400077D0: "__cdecl _imp_RtlDeriveCapabilitySidsFromName" __imp_RtlDeriveCapabilitySidsFromName
0x14000B710: WriteRestrictedSid
0x1400077E0: "__cdecl _imp_TpWaitForTimer" __imp_TpWaitForTimer
0x140004564: "__cdecl wsetargv" _wsetargv
0x14000D010: "__cdecl _imp_CoInitializeSecurity" __imp_CoInitializeSecurity
0x14000B048: "__cdecl _security_cookie_complement" __security_cookie_complement
0x1400048F8: "__cdecl _imp_load_CoInitializeSecurity" __imp_load_CoInitializeSecurity
0x1400073B0: "__cdecl _imp___wgetmainargs" __imp___wgetmainargs
0x1400059C0: SvcHostNotificationCallback
0x14000B788: AliasPrintOpsSid
0x140008FB0: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-service-private-l1-1-3" __IMPORT_DESCRIPTOR_api-ms-win-service-private-l1-1-3
0x140007EF0: "Parameters" ??_C@_1BG@PGIGMDPA@?$AAP?$AAa?$AAr?$AAa?$AAm?$AAe?$AAt?$AAe?$AAr?$AAs?$AA?$AA@
0x14000B760: NetworkSid
0x140007480: "__cdecl _imp_LCMapStringW" __imp_LCMapStringW
0x1400074B0: "__cdecl _imp_GetCurrentThreadId" __imp_GetCurrentThreadId
0x140007CB8: "COM_RoSettings" ??_C@_1BO@FCDPBALA@?$AAC?$AAO?$AAM?$AA_?$AAR?$AAo?$AAS?$AAe?$AAt?$AAt?$AAi?$AAn?$AAg?$AAs?$AA?$AA@
0x1400049D0: "__cdecl guard_dispatch_icall_nop" _guard_dispatch_icall_nop
0x14000B758: InteractiveSid
0x140005AB0: SvchostUnhandledExceptionFilter
0x1400080E0: "__cdecl TraceLoggingMetadata" _TraceLoggingMetadata
0x14000B5C8: g_pSvchostSharedGlobalsLock
0x140007A58: "EnableSvchostMitigationPolicy" ??_C@_1DM@GKKMDJDJ@?$AAE?$AAn?$AAa?$AAb?$AAl?$AAe?$AAS?$AAv?$AAc?$AAh?$AAo?$AAs?$AAt?$AAM?$AAi?$AAt?$AAi?$AAg?$AAa?$AAt?$AAi?$AAo?$AAn?$AAP?$AAo?$AAl?$AAi?$AAc?$AAy?$AA?$AA@
0x140007338: "__cdecl _imp_I_RpcServerDisableExceptionFilter" __imp_I_RpcServerDisableExceptionFilter
0x1400075C8: "__cdecl _imp_AcquireSRWLockShared" __imp_AcquireSRWLockShared
0x140008248: "__cdecl _pfnDliFailureHook2" __pfnDliFailureHook2
0x140007578: "__cdecl _imp_DeactivateActCtx" __imp_DeactivateActCtx
0x140007880: "Software\Microsoft\Windows NT\Cu" ??_C@_1GK@LONEEFGD@?$AAS?$AAo?$AAf?$AAt?$AAw?$AAa?$AAr?$AAe?$AA?2?$AAM?$AAi?$AAc?$AAr?$AAo?$AAs?$AAo?$AAf?$AAt?$AA?2?$AAW?$AAi?$AAn?$AAd?$AAo?$AAw?$AAs?$AA?5?$AAN?$AAT?$AA?2?$AAC?$AAu@
0x1400073A8: "__cdecl _imp__initterm_e" __imp__initterm_e
0x14000B7A8: AliasGuestsSid
0x140007458: api-ms-win-core-heap-l2-1-0_NULL_THUNK_DATA
0x140007320: "__cdecl _imp_RpcServerUnregisterIf" __imp_RpcServerUnregisterIf
0x140008040: Feature_SvchostMitigationPolicies_logged_traits
0x140007438: "__cdecl _imp_HeapSetInformation" __imp_HeapSetInformation
0x140006084: "__cdecl TlgWrite" _TlgWrite
0x140007800: "__cdecl _guard_dispatch_icall_fptr" __guard_dispatch_icall_fptr
0x140007590: api-ms-win-core-sidebyside-l1-1-0_NULL_THUNK_DATA
0x14000B718: OwnerSid
0x140001210: QueryMultipleServicesHeapInformation
0x14000B698: "unsigned char * LpacServicesManagementCapabilityGroupSidBuffer" ?LpacServicesManagementCapabilityGroupSidBuffer@@3PAEA
0x140009104: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-crt-utility-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-crt-utility-l1-1-0
0x140006380: RpcpStopRpcServerEx
0x140006290: RpcpStartRpcServer
0x140005A44: SvchostCharLowerW
0x140007808: "__cdecl _xc_a" __xc_a
0x1400076E8: "__cdecl _imp_TpAllocTimer" __imp_TpAllocTimer
0x14000605C: "__cdecl TlgKeywordOn" _TlgKeywordOn
0x140008E54: "__cdecl _DELAY_IMPORT_DESCRIPTOR_api_ms_win_core_com_l1_1_0_dll" __DELAY_IMPORT_DESCRIPTOR_api_ms_win_core_com_l1_1_0_dll
0x14000B658: PerfRegHandle
0x140007DA0: "AuthenticationLevel" ??_C@_1CI@KHFCENDM@?$AAA?$AAu?$AAt?$AAh?$AAe?$AAn?$AAt?$AAi?$AAc?$AAa?$AAt?$AAi?$AAo?$AAn?$AAL?$AAe?$AAv?$AAe?$AAl?$AA?$AA@
0x14000B640: TelemetryTimer
0x140007360: "__cdecl _imp_RpcMgmtWaitServerListen" __imp_RpcMgmtWaitServerListen
0x140002510: BuildCommandOptions
0x1400077C0: "__cdecl _imp_RtlAcquireSRWLockExclusive" __imp_RtlAcquireSRWLockExclusive
0x14000485B: "__cdecl _imp_load_CLSIDFromString" __imp_load_CLSIDFromString
0x14000B748: LocalSystemSid
0x140007440: api-ms-win-core-heap-l1-1-0_NULL_THUNK_DATA
0x140007690: "__cdecl _imp_SetSecurityDescriptorOwner" __imp_SetSecurityDescriptorOwner
0x140007630: api-ms-win-crt-utility-l1-1-0_NULL_THUNK_DATA
0x140007708: "__cdecl _imp_RtlNtStatusToDosErrorNoTeb" __imp_RtlNtStatusToDosErrorNoTeb
0x140004270: LoadWldpLibrary
0x140007878: "__cdecl _guard_iat_table" __guard_iat_table
0x1400074A0: api-ms-win-core-processenvironment-l1-1-0_NULL_THUNK_DATA
0x14000B730: BuiltinDomainSid
0x14000491C: memcpy
0x140007470: "__cdecl _imp_LoadLibraryExW" __imp_LoadLibraryExW
0x14000B750: ServiceLogonSid
0x14000D018: "__cdecl _imp_CLSIDFromString" __imp_CLSIDFromString
0x140007648: "__cdecl _imp_EventWriteTransfer" __imp_EventWriteTransfer
0x14000B738: NetworkServiceSid
0x140007388: "__cdecl _imp_memset" __imp_memset
0x140004593: "__cdecl initterm" _initterm
0x14000B5F0: "__cdecl _@@_PchSym_@00@KxulyqvxgPillgKxunrmpvimvoUhxivtUhxUhexslhgUoryUlyquivUznwGEUkxsOlyq@svchstlb" __@@_PchSym_@00@KxulyqvxgPillgKxunrmpvimvoUhxivtUhxUhexslhgUoryUlyquivUznwGEUkxsOlyq@svchstlb
0x140008F74: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-sysinfo-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-sysinfo-l1-1-0
0x14000B620: hmoduleWldp
0x1400077A0: "__cdecl _imp_RtlSubAuthoritySid" __imp_RtlSubAuthoritySid
0x140007820: "__cdecl _xi_z" __xi_z
0x14000B660: Feature_SvchostMitigationPolicies__private_propertyCache
0x140007400: "__cdecl _imp_UnhandledExceptionFilter" __imp_UnhandledExceptionFilter
0x14000B770: WorldSid
0x140007498: "__cdecl _imp_GetCommandLineW" __imp_GetCommandLineW
0x140003F80: OpenServiceParametersKey
0x1400075D8: "__cdecl _imp_ReleaseSRWLockExclusive" __imp_ReleaseSRWLockExclusive
0x140007670: "__cdecl _imp_AddAccessAllowedAce" __imp_AddAccessAllowedAce
0x140007420: "__cdecl _imp_HeapFree" __imp_HeapFree
0x140007BE0: "CoInitializeSecurityAllowInterac" ??_C@_1FE@CEMDFBNI@?$AAC?$AAo?$AAI?$AAn?$AAi?$AAt?$AAi?$AAa?$AAl?$AAi?$AAz?$AAe?$AAS?$AAe?$AAc?$AAu?$AAr?$AAi?$AAt?$AAy?$AAA?$AAl?$AAl?$AAo?$AAw?$AAI?$AAn?$AAt?$AAe?$AAr?$AAa?$AAc@
0x1400077C8: "__cdecl _imp_RtlLengthRequiredSid" __imp_RtlLengthRequiredSid
0x140002760: InitializeSecurity
0x14000B5E0: LastQueryHeapInfoTime
0x140007418: api-ms-win-core-handle-l1-1-0_NULL_THUNK_DATA
0x140007518: "__cdecl _imp_RegCloseKey" __imp_RegCloseKey
0x14000B720: AnonymousLogonSid
0x140004958: "__cdecl _GSHandlerCheckCommon" __GSHandlerCheckCommon
0x1400063DC: RtlStringCbCatW
0x1400073F0: "__cdecl _imp_SetErrorMode" __imp_SetErrorMode
0x140007540: "__cdecl _imp_RegEnumKeyExW" __imp_RegEnumKeyExW
0x1400077E8: "__cdecl _imp_RtlAllocateHeap" __imp_RtlAllocateHeap
0x1400076C8: api-ms-win-service-private-l1-1-3_NULL_THUNK_DATA
0x1400075B0: api-ms-win-core-string-l1-1-0_NULL_THUNK_DATA
0x14000B5D0: g_pSvchostSharedGlobals
0x1400090C8: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-security-base-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-security-base-l1-1-0
0x140007EB8: "ServiceManifest" ??_C@_1CA@BLPFNEGF@?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AAM?$AAa?$AAn?$AAi?$AAf?$AAe?$AAs?$AAt?$AA?$AA@
0x1400074D0: "__cdecl _imp_SetProcessAffinityUpdateMode" __imp_SetProcessAffinityUpdateMode
0x140004320: QueryHeapCallback
0x140007B30: "RpcExceptionFilterMode" ??_C@_1CO@HNKILGLP@?$AAR?$AAp?$AAc?$AAE?$AAx?$AAc?$AAe?$AAp?$AAt?$AAi?$AAo?$AAn?$AAF?$AAi?$AAl?$AAt?$AAe?$AAr?$AAM?$AAo?$AAd?$AAe?$AA?$AA@
0x1400074D8: "__cdecl _imp_ExitProcess" __imp_ExitProcess
0x140008244: "__cdecl _DefaultResolveDelayLoadedAPIFlags" __DefaultResolveDelayLoadedAPIFlags
0x1400077B0: "__cdecl _imp_RtlReleaseSRWLockExclusive" __imp_RtlReleaseSRWLockExclusive
0x140007900: "Software\Microsoft\Windows\Curre" ??_C@_1JK@KFBFBCBD@?$AAS?$AAo?$AAf?$AAt?$AAw?$AAa?$AAr?$AAe?$AA?2?$AAM?$AAi?$AAc?$AAr?$AAo?$AAs?$AAo?$AAf?$AAt?$AA?2?$AAW?$AAi?$AAn?$AAd?$AAo?$AAw?$AAs?$AA?2?$AAC?$AAu?$AAr?$AAr?$AAe@
0x14000B5C0: "__cdecl _hmod__api_ms_win_core_com_l1_1_0_dll" __hmod__api_ms_win_core_com_l1_1_0_dll
0x140004220: wil_details_SetPropertyFlagCallback
0x1400073B8: "__cdecl _imp_exit" __imp_exit
0x1400079D0: "ExtensionPointsPolicy" ??_C@_1CM@IMBFCIGH@?$AAE?$AAx?$AAt?$AAe?$AAn?$AAs?$AAi?$AAo?$AAn?$AAP?$AAo?$AAi?$AAn?$AAt?$AAs?$AAP?$AAo?$AAl?$AAi?$AAc?$AAy?$AA?$AA@
0x140008000: GUID_NULL
0x1400075A0: "__cdecl _imp_WideCharToMultiByte" __imp_WideCharToMultiByte
0x14000B728: AuthenticatedUserSid
0x14000B610: ServiceArray
0x140007790: "__cdecl _imp_RtlInitializeCriticalSection" __imp_RtlInitializeCriticalSection
0x1400076B8: api-ms-win-service-core-l1-1-0_NULL_THUNK_DATA
0x14000B628: pfIsAllowedEntryPoint
0x1400075E8: "__cdecl _imp_EnterCriticalSection" __imp_EnterCriticalSection
0x1400075C0: "__cdecl _imp_ReleaseSRWLockShared" __imp_ReleaseSRWLockShared
0x140007548: api-ms-win-core-registry-l1-1-0_NULL_THUNK_DATA
0x14000B7C0: g_wil_details_recordFeatureUsage
0x140007408: api-ms-win-core-errorhandling-l1-1-0_NULL_THUNK_DATA
0x1400074A8: "__cdecl _imp_GetCurrentProcess" __imp_GetCurrentProcess
0x140004300: DummySvchostCtrlHandler
0x1400077B8: "__cdecl _imp_RtlSubAuthorityCountSid" __imp_RtlSubAuthorityCountSid
0x14000903C: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-string-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-string-l1-1-0
0x140007390: "__cdecl _imp__wcsicmp" __imp__wcsicmp
0x140007368: "__cdecl _imp_RpcServerRegisterIf" __imp_RpcServerRegisterIf
0x140007350: "__cdecl _imp_RpcMgmtStopServerListening" __imp_RpcMgmtStopServerListening
0x140007558: "__cdecl _imp_RtlCaptureContext" __imp_RtlCaptureContext
0x140007478: api-ms-win-core-libraryloader-l1-2-0_NULL_THUNK_DATA
0x140007620: api-ms-win-core-threadpool-private-l1-1-0_NULL_THUNK_DATA
0x1400090F0: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-eventing-provider-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-eventing-provider-l1-1-0
0x140007AF8: "NoGuiAccess" ??_C@_1BI@EOBALBHN@?$AAN?$AAo?$AAG?$AAu?$AAi?$AAA?$AAc?$AAc?$AAe?$AAs?$AAs?$AA?$AA@
0x1400073E8: "__cdecl _imp_GetLastError" __imp_GetLastError
0x140007650: api-ms-win-eventing-provider-l1-1-0_NULL_THUNK_DATA
0x140004934: "__cdecl _GSHandlerCheck" __GSHandlerCheck
0x140007ED8: "ServiceDll" ??_C@_1BG@KAEKMFMF@?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AAD?$AAl?$AAl?$AA?$AA@
0x140007FE0: "__cdecl _sz_api_ms_win_core_com_l1_1_0_dll" __sz_api_ms_win_core_com_l1_1_0_dll
0x1400077A8: "__cdecl _imp_RtlGetDeviceFamilyInfoEnum" __imp_RtlGetDeviceFamilyInfoEnum
0x140007718: "__cdecl _imp_TpAllocWait" __imp_TpAllocWait
0x140007588: "__cdecl _imp_CreateActCtxW" __imp_CreateActCtxW
0x140004060: SvcDeprecatedRegisterStopCallback
0x140008EB8: api-ms-win-core-com-l1-1-0_NULL_THUNK_DATA_DLN
0x140008F18: api-ms-win-core-com-l1-1-0_NULL_THUNK_DATA_DLB
0x14000D020: api-ms-win-core-com-l1-1-0_NULL_THUNK_DATA_DLA
0x14000917C: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-delayload-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-delayload-l1-1-0
0x1400074B8: "__cdecl _imp_GetCurrentProcessId" __imp_GetCurrentProcessId
0x140007570: "__cdecl _imp_ActivateActCtx" __imp_ActivateActCtx
0x140007D40: "AuthenticationCapabilities" ??_C@_1DG@FEAFOAKM@?$AAA?$AAu?$AAt?$AAh?$AAe?$AAn?$AAt?$AAi?$AAc?$AAa?$AAt?$AAi?$AAo?$AAn?$AAC?$AAa?$AAp?$AAa?$AAb?$AAi?$AAl?$AAi?$AAt?$AAi?$AAe?$AAs?$AA?$AA@
0x140005A20: SvcUnregisterStopCallback
0x140007700: "__cdecl _imp_TpReleaseWait" __imp_TpReleaseWait
0x140007748: "__cdecl _imp_TpSetTimer" __imp_TpSetTimer
0x140008244: "__cdecl _ResolveDelayLoadedAPIFlags" __ResolveDelayLoadedAPIFlags
0x14000B740: LocalServiceSid
0x140007E90: "ServiceMain" ??_C@_1BI@LBKHJKOG@?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AAM?$AAa?$AAi?$AAn?$AA?$AA@
0x140007778: "__cdecl _imp_RtlFreeHeap" __imp_RtlFreeHeap
0x140007D08: "CoInitializeSecurityAppID" ??_C@_1DE@FJHNHGNN@?$AAC?$AAo?$AAI?$AAn?$AAi?$AAt?$AAi?$AAa?$AAl?$AAi?$AAz?$AAe?$AAS?$AAe?$AAc?$AAu?$AAr?$AAi?$AAt?$AAy?$AAA?$AAp?$AAp?$AAI?$AAD?$AA?$AA@
0x140008FD8: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-libraryloader-l1-2-0" __IMPORT_DESCRIPTOR_api-ms-win-core-libraryloader-l1-2-0
0x140007430: "__cdecl _imp_HeapAlloc" __imp_HeapAlloc
0x140007D78: "ImpersonationLevel" ??_C@_1CG@JDKOLIJK@?$AAI?$AAm?$AAp?$AAe?$AAr?$AAs?$AAo?$AAn?$AAa?$AAt?$AAi?$AAo?$AAn?$AAL?$AAe?$AAv?$AAe?$AAl?$AA?$AA@
0x140007468: "__cdecl _imp_FreeLibrary" __imp_FreeLibrary
0x1400075E0: "__cdecl _imp_AcquireSRWLockExclusive" __imp_AcquireSRWLockExclusive
0x140008E74: "__cdecl _NULL_DELAY_IMPORT_DESCRIPTOR" __NULL_DELAY_IMPORT_DESCRIPTOR
0x140005A90: SvchostTpStopCallback
0x1400073A0: "__cdecl _imp__initterm" __imp__initterm
0x140007B90: "CoInitializeSecurityAllowComCapa" ??_C@_1EO@CPNNCCDE@?$AAC?$AAo?$AAI?$AAn?$AAi?$AAt?$AAi?$AAa?$AAl?$AAi?$AAz?$AAe?$AAS?$AAe?$AAc?$AAu?$AAr?$AAi?$AAt?$AAy?$AAA?$AAl?$AAl?$AAo?$AAw?$AAC?$AAo?$AAm?$AAC?$AAa?$AAp?$AAa@
0x140009168: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-delayload-l1-1-1" __IMPORT_DESCRIPTOR_api-ms-win-core-delayload-l1-1-1
0x140006320: RpcpStopRpcServer
0x140007F98: SvchostEvt_ServiceMain_Stop
0x14000B7B8: AliasAdminsSid
0x140001870: ReadPerInstanceRegistryParameters
0x1400073C0: api-ms-win-core-crt-l2-1-0_NULL_THUNK_DATA
0x140009050: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-registry-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-registry-l1-1-0
0x140002490: StringCchPrintfW
0x140007698: "__cdecl _imp_InitializeSecurityDescriptor" __imp_InitializeSecurityDescriptor
0x140007F58: SvchostEvt_ServiceMain_Start
0x1400077F8: "__cdecl _guard_check_icall_fptr" __guard_check_icall_fptr
0x140007340: "__cdecl _imp_RpcServerUseProtseqEpW" __imp_RpcServerUseProtseqEpW
0x140007398: api-ms-win-core-crt-l1-1-0_NULL_THUNK_DATA
0x1400074C8: "__cdecl _imp_TerminateProcess" __imp_TerminateProcess
0x140004310: CompareHeapTags
0x14000B708: ServiceBaseSid
0x140007B60: "DefaultRpcStackSize" ??_C@_1CI@NKMOBPAI@?$AAD?$AAe?$AAf?$AAa?$AAu?$AAl?$AAt?$AAR?$AAp?$AAc?$AAS?$AAt?$AAa?$AAc?$AAk?$AAS?$AAi?$AAz?$AAe?$AA?$AA@
0x140007FC0: "WLDP.DLL" ??_C@_1BC@FFMNMDJM@?$AAW?$AAL?$AAD?$AAP?$AA?4?$AAD?$AAL?$AAL?$AA?$AA@
0x140007678: "__cdecl _imp_GetTokenInformation" __imp_GetTokenInformation
0x140007720: "__cdecl _imp_EtwEventRegister" __imp_EtwEventRegister
0x140007580: "__cdecl _imp_ReleaseActCtx" __imp_ReleaseActCtx
0x140007770: "__cdecl _imp_RtlNtStatusToDosError" __imp_RtlNtStatusToDosError
0x1400048E6: "__cdecl _imp_load_CoCreateInstance" __imp_load_CoCreateInstance
0x140007610: api-ms-win-core-sysinfo-l1-1-0_NULL_THUNK_DATA
0x140007818: "__cdecl _xi_a" __xi_a
0x1400074F0: api-ms-win-core-processthreads-l1-1-1_NULL_THUNK_DATA
0x140007608: "__cdecl _imp_GetTickCount" __imp_GetTickCount
0x1400073D8: "__cdecl _imp_ResolveDelayLoadedAPI" __imp_ResolveDelayLoadedAPI
0x140001480: wmain
0x140004330: "unsigned long __cdecl GetAbsoluteSd(void * __ptr64,void * __ptr64 * __ptr64)" ?GetAbsoluteSd@@YAKPEAXPEAPEAX@Z
0x140004480: "__cdecl _wmainCRTStartup" __wmainCRTStartup
0x1400076A0: api-ms-win-security-base-l1-1-0_NULL_THUNK_DATA
0x140007FA8: "WldpIsAllowedEntryPoint" ??_C@_0BI@JFMEFOEJ@WldpIsAllowedEntryPoint?$AA@
0x14000B790: AliasSystemOpsSid
0x140007768: "__cdecl _imp_RtlRunOnceExecuteOnce" __imp_RtlRunOnceExecuteOnce
0x1400076E0: "__cdecl _imp_RtlQueryHeapInformation" __imp_RtlQueryHeapInformation
0x140007528: "__cdecl _imp_RegDisablePredefinedCacheEx" __imp_RegDisablePredefinedCacheEx
0x14000908C: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-processthreads-l1-1-2" __IMPORT_DESCRIPTOR_api-ms-win-core-processthreads-l1-1-2
0x140008218: "" ??_C@_11LOCGONAA@?$AA?$AA@
0x140008F60: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-processthreads-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-processthreads-l1-1-0
0x140009078: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-processthreads-l1-1-1" __IMPORT_DESCRIPTOR_api-ms-win-core-processthreads-l1-1-1
0x140004837: RegOpenKeyExW
0x140001410: "__cdecl TlgEnableCallback" _TlgEnableCallback
0x1400076C0: "__cdecl _imp_I_RegisterSvchostNotificationCallback" __imp_I_RegisterSvchostNotificationCallback
0x140002E90: ServiceStarter
0x1400013C0: UpdateServiceHeapInformation
0x140009014: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-service-winsvc-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-service-winsvc-l1-1-0
0x140007618: "__cdecl _imp_RegisterWaitForSingleObjectEx" __imp_RegisterWaitForSingleObjectEx
0x14000B780: AliasBackupOpsSid
0x140007738: "__cdecl _imp_RtlSetProcessIsCritical" __imp_RtlSetProcessIsCritical
0x140008FEC: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-heap-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-heap-l1-1-0
0x140004540: "__cdecl _security_check_cookie" __security_check_cookie
0x140007810: "__cdecl _xc_z" __xc_z
0x14000490A: "__cdecl _imp_load_CoInitializeEx" __imp_load_CoInitializeEx
0x140009154: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-heap-l2-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-heap-l2-1-0
0x14000B668: "unsigned char * LpacServicesManagementCapabilitySidBuffer" ?LpacServicesManagementCapabilitySidBuffer@@3PAEA
0x1400074E0: api-ms-win-core-processthreads-l1-1-0_NULL_THUNK_DATA
0x140007460: "__cdecl _imp_GetProcAddress" __imp_GetProcAddress
0x140005BD4: ArmTheServiceMemoryTracingTimer
0x14000600C: "__cdecl TlgCreateWsz" _TlgCreateWsz
0x140008230: "ncacn_np" ??_C@_1BC@CCHMBIKG@?$AAn?$AAc?$AAa?$AAc?$AAn?$AA_?$AAn?$AAp?$AA?$AA@
0x14000912C: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-threadpool-private-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-threadpool-private-l1-1-0
0x140008203: "__cdecl TraceLoggingMetadataEnd" _TraceLoggingMetadataEnd
0x14000B7C8: g_wil_details_pfnFeatureLoggingHook
0x140007CD8: "COM_UnmarshalingPolicy" ??_C@_1CO@KABFPLDG@?$AAC?$AAO?$AAM?$AA_?$AAU?$AAn?$AAm?$AAa?$AAr?$AAs?$AAh?$AAa?$AAl?$AAi?$AAn?$AAg?$AAP?$AAo?$AAl?$AAi?$AAc?$AAy?$AA?$AA@
0x14000D008: "__cdecl _imp_CoCreateInstance" __imp_CoCreateInstance
0x1400075F8: "__cdecl _imp_GetSystemTimeAsFileTime" __imp_GetSystemTimeAsFileTime
0x140003270: GetServiceMainFunctions
0x140007448: "__cdecl _imp_LocalAlloc" __imp_LocalAlloc
0x1400073C8: "__cdecl _imp_DelayLoadFailureHook" __imp_DelayLoadFailureHook
0x140007428: "__cdecl _imp_GetProcessHeap" __imp_GetProcessHeap
0x140003AA0: SvchostBuildSharedGlobals
0x1400076A8: "__cdecl _imp_SetServiceStatus" __imp_SetServiceStatus
0x1400076D0: "__cdecl _imp_RegisterServiceCtrlHandlerW" __imp_RegisterServiceCtrlHandlerW
0x140007E18: "[%ws] [%ws]" ??_C@_1BI@LLEKAAKJ@?$AA?$FL?$AA?$CF?$AAw?$AAs?$AA?$FN?$AA?5?$AA?$FL?$AA?$CF?$AAw?$AAs?$AA?$FN?$AA?$AA@
0x1400074F8: "__cdecl _imp_SetProtectedPolicy" __imp_SetProtectedPolicy
0x140008220: "\PIPE\" ??_C@_1O@PGAGHCON@?$AA?2?$AAP?$AAI?$AAP?$AAE?$AA?2?$AA?$AA@
0x140001500: InitializeSvcHostLib
0x1400076F8: "__cdecl _imp_EtwEventEnabled" __imp_EtwEventEnabled
0x14000484F: RegQueryValueExW
0x140007568: api-ms-win-core-rtlsupport-l1-1-0_NULL_THUNK_DATA
0x14000B7A0: AliasPowerUsersSid
0x140002DA0: UnloadServiceDll
0x140007758: "__cdecl _imp_RtlValidSecurityDescriptor" __imp_RtlValidSecurityDescriptor
0x140002D10: SvchostStopCallback
0x140007598: "__cdecl _imp_MultiByteToWideChar" __imp_MultiByteToWideChar
0x14000B7B0: AliasUsersSid
0x140008F88: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-rtlsupport-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-rtlsupport-l1-1-0
0x140007510: api-ms-win-core-profile-l1-1-0_NULL_THUNK_DATA
0x140007828: "__cdecl _guard_fids_table" __guard_fids_table
0x140007190: "__cdecl load_config_used" _load_config_used
0x1400077D8: "__cdecl _imp_RtlCopySid" __imp_RtlCopySid
0x140005C24: DoSvchostHeapInfoTelemetry
0x1400073E0: api-ms-win-core-delayload-l1-1-1_NULL_THUNK_DATA
0x1400073D0: api-ms-win-core-delayload-l1-1-0_NULL_THUNK_DATA
0x140007E70: "SvchostPushServiceGlobalsEx" ??_C@_0BM@FAGGHCNH@SvchostPushServiceGlobalsEx?$AA@
0x140007730: "__cdecl _imp_NtSetInformationProcess" __imp_NtSetInformationProcess
0x140001010: SvchostTelemetryTimerCallback
0x140009064: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-processenvironment-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-processenvironment-l1-1-0
0x14000B5E8: g_hHeap
0x140007EA8: "ServiceMain" ??_C@_0M@CNALKNPF@ServiceMain?$AA@
0x140004090: SvcpRegisterStopCallback
0x140007788: "__cdecl _imp_TpReleaseTimer" __imp_TpReleaseTimer
0x140007710: "__cdecl _imp_TpSetWait" __imp_TpSetWait
0x140008208: "svchost" ??_C@_1BA@KJLELHN@?$AAs?$AAv?$AAc?$AAh?$AAo?$AAs?$AAt?$AA?$AA@
0x140007E40: "[%ws]" ??_C@_1M@HCPDDPJP@?$AA?$FL?$AA?$CF?$AAw?$AAs?$AA?$FN?$AA?$AA@
0x140008010: CLSID_GlobalOptions
0x140006124: RpcpAddInterface
0x140007500: api-ms-win-core-processthreads-l1-1-2_NULL_THUNK_DATA
0x140006050: "__cdecl TlgDefineProvider_annotation__TlgSvchostTelemetryProviderProv" _TlgDefineProvider_annotation__TlgSvchostTelemetryProviderProv
0x140007550: "__cdecl _imp_RtlLookupFunctionEntry" __imp_RtlLookupFunctionEntry
0x140007508: "__cdecl _imp_QueryPerformanceCounter" __imp_QueryPerformanceCounter
0x140007330: "__cdecl _imp_RpcMgmtSetServerStackSize" __imp_RpcMgmtSetServerStackSize
0x1400075D0: "__cdecl _imp_InitializeSRWLock" __imp_InitializeSRWLock
0x1400059F0: SvcRegisterStopCallback
0x140007F10: "System\CurrentControlSet\Service" ??_C@_1EE@ELHAEFGP@?$AAS?$AAy?$AAs?$AAt?$AAe?$AAm?$AA?2?$AAC?$AAu?$AAr?$AAr?$AAe?$AAn?$AAt?$AAC?$AAo?$AAn?$AAt?$AAr?$AAo?$AAl?$AAS?$AAe?$AAt?$AA?2?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe@
0x140007658: "__cdecl _imp_SetSecurityDescriptorGroup" __imp_SetSecurityDescriptorGroup
0x140007560: "__cdecl _imp_RtlVirtualUnwind" __imp_RtlVirtualUnwind
0x140007C80: "CoInitializeSecurityParam" ??_C@_1DE@HCEMFNAK@?$AAC?$AAo?$AAI?$AAn?$AAi?$AAt?$AAi?$AAa?$AAl?$AAi?$AAz?$AAe?$AAS?$AAe?$AAc?$AAu?$AAr?$AAi?$AAt?$AAy?$AAP?$AAa?$AAr?$AAa?$AAm?$AA?$AA@
0x140008248: "__cdecl _pfnDefaultDliFailureHook2" __pfnDefaultDliFailureHook2
0x140004300: "__cdecl guard_check_icall_nop" _guard_check_icall_nop
0x140007490: "__cdecl _imp_ExpandEnvironmentStringsW" __imp_ExpandEnvironmentStringsW
0x140007488: api-ms-win-core-localization-l1-2-0_NULL_THUNK_DATA
0x140004867: "__cdecl _tailMerge_api_ms_win_core_com_l1_1_0_dll" __tailMerge_api_ms_win_core_com_l1_1_0_dll
0x140007628: "__cdecl _imp_bsearch_s" __imp_bsearch_s
0x140007348: "__cdecl _imp_RpcServerUnregisterIfEx" __imp_RpcServerUnregisterIfEx
0x1400090DC: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-handle-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-handle-l1-1-0
0x140007358: "__cdecl _imp_RpcServerListen" __imp_RpcServerListen
0x14000B768: LocalSid
0x140007328: "__cdecl _imp_I_RpcMapWin32Status" __imp_I_RpcMapWin32Status
0x14000B6F8: AnyPackageSid
0x140004587: "__cdecl initterm_e" _initterm_e
0x140007750: "__cdecl _imp_RtlImageNtHeader" __imp_RtlImageNtHeader
0x1400029A0: "unsigned long __cdecl InitializeSdFromProcessToken(int,int,int,void * __ptr64 * __ptr64,struct _ACL * __ptr64 * __ptr64)" ?InitializeSdFromProcessToken@@YAKHHHPEAPEAXPEAPEAU_ACL@@@Z
0x140007728: "__cdecl _imp_RtlUnhandledExceptionFilter" __imp_RtlUnhandledExceptionFilter
0x1400077F0: ntdll_NULL_THUNK_DATA
0x140007380: "__cdecl _imp_memcpy" __imp_memcpy
0x140005F24: QueryServiceHeapInformation
0x140009000: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-synch-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-synch-l1-1-0
0x140005DA8: LowResourceNotificationCallback
0x140002400: BuildServiceTable
0x14000B040: "__cdecl _security_cookie" __security_cookie
0x14000B5D8: LastTelemetryUploadTime
0x140007520: "__cdecl _imp_RegQueryValueExW" __imp_RegQueryValueExW
0x1400074E8: "__cdecl _imp_SetProcessMitigationPolicy" __imp_SetProcessMitigationPolicy
0x14000B700: UserModeDriversSid
0x140007410: "__cdecl _imp_CloseHandle" __imp_CloseHandle
0x14000B630: ServiceCount
0x140007450: "__cdecl _imp_LocalFree" __imp_LocalFree
0x140007680: "__cdecl _imp_GetLengthSid" __imp_GetLengthSid
0x140008F9C: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-errorhandling-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-errorhandling-l1-1-0
0x140008F38: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-crt-l2-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-crt-l2-1-0
0x14000B778: NullSid
0x1400076F0: "__cdecl _imp__vsnwprintf" __imp__vsnwprintf
0x1400073F8: "__cdecl _imp_SetUnhandledExceptionFilter" __imp_SetUnhandledExceptionFilter
0x140007C40: "CoInitializeSecurityAllowLowBox" ??_C@_1EA@OEEDDCLE@?$AAC?$AAo?$AAI?$AAn?$AAi?$AAt?$AAi?$AAa?$AAl?$AAi?$AAz?$AAe?$AAS?$AAe?$AAc?$AAu?$AAr?$AAi?$AAt?$AAy?$AAA?$AAl?$AAl?$AAo?$AAw?$AAL?$AAo?$AAw?$AAB?$AAo?$AAx?$AA?$AA@
0x14000B63C: TelemetryState
0x140007530: "__cdecl _imp_RegOpenKeyExW" __imp_RegOpenKeyExW
0x1400079A0: "COMAccessPermissionsSD" ??_C@_1CO@EHCGLCIA@?$AAC?$AAO?$AAM?$AAA?$AAc?$AAc?$AAe?$AAs?$AAs?$AAP?$AAe?$AAr?$AAm?$AAi?$AAs?$AAs?$AAi?$AAo?$AAn?$AAs?$AAS?$AAD?$AA?$AA@
0x1400045A0: "__cdecl _security_init_cookie" __security_init_cookie
0x140005F70: QuerySingleServiceHeapInformation
0x140003C60: ScCreateWellKnownSids
0x1400078F0: MS_Services_Svchost_Provider
0x140009028: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-service-core-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-service-core-l1-1-0
0x140008020: IID_IGlobalOptions
0x140007760: "__cdecl _imp_NtQuerySystemInformation" __imp_NtQuerySystemInformation
0x140007538: "__cdecl _imp_RegGetValueW" __imp_RegGetValueW
0x140007660: "__cdecl _imp_SetSecurityDescriptorDacl" __imp_SetSecurityDescriptorDacl
0x140009118: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-sidebyside-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-sidebyside-l1-1-0
0x1400076B0: "__cdecl _imp_StartServiceCtrlDispatcherW" __imp_StartServiceCtrlDispatcherW
0x14000B618: ServiceNames
0x1400080B0: "lpacServicesManagement" ??_C@_1CO@GMCGHMFJ@?$AAl?$AAp?$AAa?$AAc?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AAs?$AAM?$AAa?$AAn?$AAa?$AAg?$AAe?$AAm?$AAe?$AAn?$AAt?$AA?$AA@
0x140004510: wmainCRTStartup
0x140008FC4: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-crt-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-crt-l1-1-0
0x1400090A0: "__cdecl _IMPORT_DESCRIPTOR_RPCRT4" __IMPORT_DESCRIPTOR_RPCRT4
0x140007600: "__cdecl _imp_GetTickCount64" __imp_GetTickCount64
0x14000B600: DllList
0x140007370: RPCRT4_NULL_THUNK_DATA
0x1400046C0: "__cdecl _report_gsfailure" __report_gsfailure
0x140007780: "__cdecl _imp_EtwEventWrite" __imp_EtwEventWrite
0x140007E50: "SvchostPushServiceGlobals" ??_C@_0BK@DDBBMHK@SvchostPushServiceGlobals?$AA@
0x140005AC0: RegQueryValueWithAlloc
0x140007B10: "SystemCritical" ??_C@_1BO@BOFGNHCL@?$AAS?$AAy?$AAs?$AAt?$AAe?$AAm?$AAC?$AAr?$AAi?$AAt?$AAi?$AAc?$AAa?$AAl?$AA?$AA@
0x1400075B8: "__cdecl _imp_LeaveCriticalSection" __imp_LeaveCriticalSection
0x140007A00: "BinarySignaturePolicy" ??_C@_1CM@MBKJHHIC@?$AAB?$AAi?$AAn?$AAa?$AAr?$AAy?$AAS?$AAi?$AAg?$AAn?$AAa?$AAt?$AAu?$AAr?$AAe?$AAP?$AAo?$AAl?$AAi?$AAc?$AAy?$AA?$AA@
0x140007740: "__cdecl _imp_TpSetTimerEx" __imp_TpSetTimerEx
0x140002220: CallPerInstanceInitFunctions
0x1400076D8: api-ms-win-service-winsvc-l1-1-0_NULL_THUNK_DATA
0x140007378: "__cdecl _imp_qsort_s" __imp_qsort_s
0x140007A30: "DynamicCodePolicy" ??_C@_1CE@FLPJGKJC@?$AAD?$AAy?$AAn?$AAa?$AAm?$AAi?$AAc?$AAC?$AAo?$AAd?$AAe?$AAP?$AAo?$AAl?$AAi?$AAc?$AAy?$AA?$AA@
0x14000B5F8: ListLock
0x140007668: "__cdecl _imp_MakeAbsoluteSD" __imp_MakeAbsoluteSD
0x140007798: "__cdecl _imp_RtlInitializeSid" __imp_RtlInitializeSid
0x140007688: "__cdecl _imp_InitializeAcl" __imp_InitializeAcl
0x140004843: RegCloseKey
0x140008F4C: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-profile-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-profile-l1-1-0
0x14000B798: AliasAccountOpsSid
0x140007F68: "ServiceDllUnloadOnStop" ??_C@_1CO@NIIBPOBF@?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AAD?$AAl?$AAl?$AAU?$AAn?$AAl?$AAo?$AAa?$AAd?$AAO?$AAn?$AAS?$AAt?$AAo?$AAp?$AA?$AA@
0x1400074C0: "__cdecl _imp_OpenProcessToken" __imp_OpenProcessToken
0x1400090B4: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-localization-l1-2-0" __IMPORT_DESCRIPTOR_api-ms-win-core-localization-l1-2-0
0x1400075F0: api-ms-win-core-synch-l1-1-0_NULL_THUNK_DATA
0x140004928: memset
0x140009190: "__cdecl _NULL_IMPORT_DESCRIPTOR" __NULL_IMPORT_DESCRIPTOR

[JEB Decompiler by PNF Software]