PDB Symbols - RdpSaUacHelper.exe (0xEB835AB51C25B6B42BBCF488E65B06ABAA4131CC1617579C89AC8C7F4A1B24EC)

Generated by JEB on 2019/08/01

PE: C:\Windows\System32\RdpSaUacHelper.exe Base=0x140000000 SHA-256=EB835AB51C25B6B42BBCF488E65B06ABAA4131CC1617579C89AC8C7F4A1B24EC
PDB: RdpSaUacHelper.pdb GUID={743C4186-3C6D-5DFA-6C102E2662805CFB} Age=1

294 located named symbols:
0x140005758: "__cdecl _imp_RegDeleteKeyValueW" __imp_RegDeleteKeyValueW
0x140005738: "__cdecl _imp_UnregisterTraceGuids" __imp_UnregisterTraceGuids
0x140002840: "long __cdecl InitSecurity(void)" ?InitSecurity@@YAJXZ
0x140003F18: "__cdecl _raise_securityfailure" __raise_securityfailure
0x140004210: "__cdecl FindPESection" _FindPESection
0x140005900: "__cdecl _imp_StringFromCLSID" __imp_StringFromCLSID
0x140005AD8: "__cdecl _imp_CoInitializeEx" __imp_CoInitializeEx
0x1400018B4: "long __cdecl SignalNamedEvent(unsigned short const * __ptr64,enum ESessionAgentEvents)" ?SignalNamedEvent@@YAJPEBGW4ESessionAgentEvents@@@Z
0x14000AEEC: "int RegisteredProvider" ?RegisteredProvider@@3HA
0x140006D68: "__cdecl _IMPORT_DESCRIPTOR_ntdll" __IMPORT_DESCRIPTOR_ntdll
0x140006E80: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-com-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-com-l1-1-0
0x140004200: "__cdecl wsetargv" _wsetargv
0x140005AE0: "__cdecl _imp_CoInitializeSecurity" __imp_CoInitializeSecurity
0x140008050: "__cdecl _security_cookie_complement" __security_cookie_complement
0x140005A40: "__cdecl _imp___wgetmainargs" __imp___wgetmainargs
0x140006130: "ncalrpc" ??_C@_1BA@EONDGCCM@?$AAn?$AAc?$AAa?$AAl?$AAr?$AAp?$AAc?$AA?$AA@
0x140005948: "__cdecl _imp_GetCurrentThreadId" __imp_GetCurrentThreadId
0x140001120: WppControlCallback
0x140003600: "public: static long __cdecl CRdpSaShellUtils::s_GetKnownFolderFilePath(struct _GUID const & __ptr64,unsigned short const * __ptr64,unsigned __int64,unsigned short * __ptr64)" ?s_GetKnownFolderFilePath@CRdpSaShellUtils@@SAJAEBU_GUID@@PEBG_KPEAG@Z
0x1400044D0: "__cdecl guard_dispatch_icall_nop" _guard_dispatch_icall_nop
0x1400058D8: SHELL32_NULL_THUNK_DATA
0x1400059B0: "__cdecl _imp_StartServiceW" __imp_StartServiceW
0x140006D7C: "__cdecl _IMPORT_DESCRIPTOR_OLEAUT32" __IMPORT_DESCRIPTOR_OLEAUT32
0x14000AEE8: "__cdecl _@@_PchSym_@00@KxulyqvxgPillgKxugvinhieUmvdhexUiwkhzUfgrohUlyquivUznwGEUkxsOlyq@RdpSaUtils" __@@_PchSym_@00@KxulyqvxgPillgKxugvinhieUmvdhexUiwkhzUfgrohUlyquivUznwGEUkxsOlyq@RdpSaUtils
0x140005D90: "NotifyInitializationComplete fai" ??_C@_0CF@HPFMHGOC@NotifyInitializationComplete?5fai@
0x140008600: "__cdecl commode" _commode
0x1400057D8: "__cdecl _imp_SetEvent" __imp_SetEvent
0x140005AF8: ole32_NULL_THUNK_DATA
0x140005828: "__cdecl _imp_HeapSetInformation" __imp_HeapSetInformation
0x140003360: "unsigned long __cdecl AicpStartAIS(unsigned long)" ?AicpStartAIS@@YAKK@Z
0x140005750: "__cdecl _imp_CryptReleaseContext" __imp_CryptReleaseContext
0x1400040E0: "long __cdecl __CxxUnhandledExceptionFilter(struct _EXCEPTION_POINTERS * __ptr64)" ?__CxxUnhandledExceptionFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z
0x140005B08: "__cdecl _guard_dispatch_icall_fptr" __guard_dispatch_icall_fptr
0x1400066C0: "CreateBindCtx" ??_C@_0O@BHKMJJJE@CreateBindCtx?$AA@
0x14000860C: "__cdecl fmode" _fmode
0x1400011A8: "long __cdecl EnumProcess(unsigned long,unsigned long,unsigned short const * __ptr64,void * __ptr64 * __ptr64)" ?EnumProcess@@YAJKKPEBGPEAPEAX@Z
0x140002E24: wWinMain
0x140006DA4: "__cdecl _IMPORT_DESCRIPTOR_WINSTA" __IMPORT_DESCRIPTOR_WINSTA
0x1400059D8: "__cdecl _imp_QueryServiceStatus" __imp_QueryServiceStatus
0x14000413E: "__cdecl XcptFilter" _XcptFilter
0x140005B10: "__cdecl _xc_a" __xc_a
0x140003708: "public: static long __cdecl CRdpSaComUtils::s_CoCreateInSession(unsigned long,struct _GUID const & __ptr64,unsigned long,struct _GUID const & __ptr64,void * __ptr64 * __ptr64)" ?s_CoCreateInSession@CRdpSaComUtils@@SAJKAEBU_GUID@@K0PEAPEAX@Z
0x140005D68: "FindRdpSessionAgentProxyProcess " ??_C@_0CI@NHNEFKKL@FindRdpSessionAgentProxyProcess?5@
0x140005950: "__cdecl _imp_GetStartupInfoW" __imp_GetStartupInfoW
0x140005748: "__cdecl _imp_CryptGenRandom" __imp_CryptGenRandom
0x1400058E0: "__cdecl _imp_WinStationGetAllProcesses" __imp_WinStationGetAllProcesses
0x140005DE8: "Global\RdpSaEventReady-%s" ??_C@_1DE@BGDDKBKA@?$AAG?$AAl?$AAo?$AAb?$AAa?$AAl?$AA?2?$AAR?$AAd?$AAp?$AAS?$AAa?$AAE?$AAv?$AAe?$AAn?$AAt?$AAR?$AAe?$AAa?$AAd?$AAy?$AA?9?$AA?$CF?$AAs?$AA?$AA@
0x140005788: "__cdecl _imp_SetSecurityDescriptorOwner" __imp_SetSecurityDescriptorOwner
0x1400043F9: "__cdecl lock" _lock
0x140005D50: "EnumProcess failed!" ??_C@_0BE@JNOIHPDL@EnumProcess?5failed?$CB?$AA@
0x140005B84: "__cdecl _guard_iat_table" __guard_iat_table
0x140005740: "__cdecl _imp_CryptAcquireContextW" __imp_CryptAcquireContextW
0x1400059F0: "__cdecl _imp_memset" __imp_memset
0x1400057F0: "__cdecl _imp_CreateEventW" __imp_CreateEventW
0x1400043CF: "__cdecl initterm" _initterm
0x140005710: "__cdecl _imp_TraceMessage" __imp_TraceMessage
0x140001C34: "int __cdecl HandleRdpSessionAgentProcess(unsigned short const * __ptr64,enum EDesktopPromptPolicyOption)" ?HandleRdpSessionAgentProcess@@YAHPEBGW4EDesktopPromptPolicyOption@@@Z
0x140006E1C: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-sysinfo-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-sysinfo-l1-1-0
0x14000AF10: "__cdecl _dyn_tls_init_callback" __dyn_tls_init_callback
0x140005978: "__cdecl _imp_Sleep" __imp_Sleep
0x140005B48: "__cdecl _xi_z" __xi_z
0x140005910: "__cdecl _imp_UnhandledExceptionFilter" __imp_UnhandledExceptionFilter
0x140005830: "__cdecl _imp_GetCommandLineW" __imp_GetCommandLineW
0x1400043DB: "__cdecl _C_specific_handler" __C_specific_handler
0x1400035F0: MIDL_user_free
0x140005A78: "__cdecl _imp__onexit" __imp__onexit
0x140008648: WPP_REGISTRATION_GUIDS
0x1400059C8: "__cdecl _imp_OpenServiceW" __imp_OpenServiceW
0x14000444C: "__cdecl _GSHandlerCheckCommon" __GSHandlerCheckCommon
0x140005860: "__cdecl _imp_QueryFullProcessImageNameW" __imp_QueryFullProcessImageNameW
0x140005AF0: "__cdecl _imp_CreateBindCtx" __imp_CreateBindCtx
0x140005840: "__cdecl _imp_GetModuleHandleExA" __imp_GetModuleHandleExA
0x140008620: WPP_MAIN_CB
0x140006E44: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-security-base-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-security-base-l1-1-0
0x1400041F3: "__cdecl amsg_exit" _amsg_exit
0x140006778: IID_IClassFactory
0x140005AC8: "__cdecl _imp_MkParseDisplayName" __imp_MkParseDisplayName
0x140005F48: "SignalNamedEvent failed!" ??_C@_0BJ@BPNCKABM@SignalNamedEvent?5failed?$CB?$AA@
0x140005CE0: TRACE_ENT
0x140005A30: "__cdecl _imp_exit" __imp_exit
0x1400059E8: "__cdecl _imp__lock" __imp__lock
0x140005888: OLEAUT32_NULL_THUNK_DATA
0x140006688: "SHGetKnownFolderPath" ??_C@_0BF@OMOLCJCE@SHGetKnownFolderPath?$AA@
0x140003EF8: atexit
0x140006078: "EventActivityIdControl" ??_C@_0BH@HMPLKEEO@EventActivityIdControl?$AA@
0x140005AD0: "__cdecl _imp_CoUninitialize" __imp_CoUninitialize
0x140005A00: "__cdecl _imp__wcmdln" __imp__wcmdln
0x140005718: "__cdecl _imp_GetTraceLoggerHandle" __imp_GetTraceLoggerHandle
0x140005920: api-ms-win-core-errorhandling-l1-1-0_NULL_THUNK_DATA
0x140005720: "__cdecl _imp_GetTraceEnableLevel" __imp_GetTraceEnableLevel
0x140005810: "__cdecl _imp_GetCurrentProcess" __imp_GetCurrentProcess
0x140005CF0: TRACE_INF
0x140004411: "__cdecl _dllonexit" __dllonexit
0x14000AEF0: "__cdecl _native_startup_lock" __native_startup_lock
0x140006768: WPP_494f14fc94c937043ddcfc799d7e9f4a_Traceguids
0x140004120: "__cdecl _CxxSetUnhandledExceptionFilter" __CxxSetUnhandledExceptionFilter
0x140001034: "__cdecl TlgDefineProvider_annotation__Tlgg_ProviderToUseProv" _TlgDefineProvider_annotation__Tlgg_ProviderToUseProv
0x140005A60: "__cdecl _imp__wcsicmp" __imp__wcsicmp
0x140005A08: "__cdecl _imp___C_specific_handler" __imp___C_specific_handler
0x140005E80: "%8.8x" ??_C@_1M@NFMCCKGD@?$AA?$CF?$AA8?$AA?4?$AA8?$AAx?$AA?$AA@
0x140005AA0: "__cdecl _imp_RtlCaptureContext" __imp_RtlCaptureContext
0x140005930: api-ms-win-core-libraryloader-l1-2-0_NULL_THUNK_DATA
0x140006718: "MkParseDisplayName" ??_C@_0BD@PMKLEDMH@MkParseDisplayName?$AA@
0x140005870: KERNEL32_NULL_THUNK_DATA
0x140005858: "__cdecl _imp_GetLastError" __imp_GetLastError
0x1400057C8: "__cdecl _imp_DuplicateHandle" __imp_DuplicateHandle
0x140004428: "__cdecl _GSHandlerCheck" __GSHandlerCheck
0x1400060C0: WPP_d86c1c1b2ed7377862a117518ed8c32b_Traceguids
0x140005CB0: WPP_ThisDir_CTLGUID_RdpSa
0x140005A80: "__cdecl _imp__commode" __imp__commode
0x140005A18: "__cdecl _imp___setusermatherr" __imp___setusermatherr
0x140006D18: "__cdecl _IMPORT_DESCRIPTOR_ADVAPI32" __IMPORT_DESCRIPTOR_ADVAPI32
0x1400057B8: "__cdecl _imp_GetCurrentProcessId" __imp_GetCurrentProcessId
0x140005808: "__cdecl _imp_WaitForSingleObject" __imp_WaitForSingleObject
0x140003E10: wWinMainCRTStartup
0x1400042C0: "__cdecl ValidateImageBase" _ValidateImageBase
0x140005CA0: TRACE_EXIT
0x140006DF4: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-libraryloader-l1-2-0" __IMPORT_DESCRIPTOR_api-ms-win-core-libraryloader-l1-2-0
0x140005DB8: "spProxy->GetSessionAgentProcessH" ??_C@_0CO@PNEJOAOC@spProxy?9?$DOGetSessionAgentProcessH@
0x140006D54: "__cdecl _IMPORT_DESCRIPTOR_ole32" __IMPORT_DESCRIPTOR_ole32
0x140005850: "__cdecl _imp_FreeLibrary" __imp_FreeLibrary
0x1400057C0: "__cdecl _imp_ProcessIdToSessionId" __imp_ProcessIdToSessionId
0x1400057E8: "__cdecl _imp_OpenProcess" __imp_OpenProcess
0x140008608: "__cdecl newmode" _newmode
0x140005890: "__cdecl _imp_RpcBindingFree" __imp_RpcBindingFree
0x140005A10: "__cdecl _imp__initterm" __imp__initterm
0x1400058A8: "__cdecl _imp_RpcStringBindingComposeW" __imp_RpcStringBindingComposeW
0x140005A38: "__cdecl _imp___set_app_type" __imp___set_app_type
0x140005F88: "CoInitializeEx failed!" ??_C@_0BH@LINEJBNA@CoInitializeEx?5failed?$CB?$AA@
0x140006678: FOLDERID_System
0x140006E6C: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-path-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-path-l1-1-0
0x140005F68: "CoInitializeSecurity failed!" ??_C@_0BN@BDHDCMEK@CoInitializeSecurity?5failed?$CB?$AA@
0x140005E20: "Global\RdpSaEventFail-%s" ??_C@_1DC@ICEHBJCL@?$AAG?$AAl?$AAo?$AAb?$AAa?$AAl?$AA?2?$AAR?$AAd?$AAp?$AAS?$AAa?$AAE?$AAv?$AAe?$AAn?$AAt?$AAF?$AAa?$AAi?$AAl?$AA?9?$AA?$CF?$AAs?$AA?$AA@
0x140005778: "__cdecl _imp_InitializeSecurityDescriptor" __imp_InitializeSecurityDescriptor
0x14000AF00: "__cdecl _onexitend" __onexitend
0x140005770: "__cdecl _imp_AdjustTokenPrivileges" __imp_AdjustTokenPrivileges
0x140005A28: "__cdecl _imp__exit" __imp__exit
0x140004405: "__cdecl unlock" _unlock
0x140005B00: "__cdecl _guard_check_icall_fptr" __guard_check_icall_fptr
0x140006120: "AppInfo" ??_C@_1BA@EHFBHEIB@?$AAA?$AAp?$AAp?$AAI?$AAn?$AAf?$AAo?$AA?$AA@
0x140005FB8: "HandleInteractiveUserProcess fai" ??_C@_0CF@HHIOMDDH@HandleInteractiveUserProcess?5fai@
0x140005D10: "NULL" ??_C@_04HIBGFPH@NULL?$AA@
0x140005958: "__cdecl _imp_TerminateProcess" __imp_TerminateProcess
0x14000861C: "__cdecl _@@_PchSym_@00@KxulyqvxgPillgKxugvinhieUmvdhexUiwkhzUfzxsvokviUlyquivUznwGEUkivxlnkrovwOlyq@RdpSaUacHelper" __@@_PchSym_@00@KxulyqvxgPillgKxugvinhieUmvdhexUiwkhzUfzxsvokviUlyquivUznwGEUkivxlnkrovwOlyq@RdpSaUacHelper
0x140005780: "__cdecl _imp_GetTokenInformation" __imp_GetTokenInformation
0x140005AA8: "__cdecl _imp_EtwEventRegister" __imp_EtwEventRegister
0x140005998: api-ms-win-core-sysinfo-l1-1-0_NULL_THUNK_DATA
0x140005B30: "__cdecl _xi_a" __xi_a
0x140006708: "StringCchPrintf" ??_C@_0BA@BNMIIKBA@StringCchPrintf?$AA@
0x140005988: "__cdecl _imp_GetTickCount" __imp_GetTickCount
0x140004200: "__cdecl matherr" _matherr
0x140005A68: "__cdecl _imp__unlock" __imp__unlock
0x1400059A8: api-ms-win-security-base-l1-1-0_NULL_THUNK_DATA
0x1400058F8: "__cdecl _imp_CoTaskMemFree" __imp_CoTaskMemFree
0x140001040: WPP_SF_DD
0x140001040: WPP_SF_Dd
0x140003478: "unsigned long __cdecl AicpCreateBindingHandle(unsigned short * __ptr64,int,void * __ptr64 * __ptr64)" ?AicpCreateBindingHandle@@YAKPEAGHPEAPEAX@Z
0x1400059C0: "__cdecl _imp_CloseServiceHandle" __imp_CloseServiceHandle
0x140005CD0: TRACE_ERR
0x140008000: WPP_GLOBAL_Control
0x140006DCC: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-processthreads-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-processthreads-l1-1-0
0x1400066A0: "PathCchCombine" ??_C@_0P@OACMJJFK@PathCchCombine?$AA@
0x140006E58: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-service-winsvc-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-service-winsvc-l1-1-0
0x140005BE0: "ext-ms-win-ntuser-windowstation-" ??_C@_1EO@OAMAPFNA@?$AAe?$AAx?$AAt?$AA?9?$AAm?$AAs?$AA?9?$AAw?$AAi?$AAn?$AA?9?$AAn?$AAt?$AAu?$AAs?$AAe?$AAr?$AA?9?$AAw?$AAi?$AAn?$AAd?$AAo?$AAw?$AAs?$AAt?$AAa?$AAt?$AAi?$AAo?$AAn?$AA?9@
0x1400058A0: "__cdecl _imp_I_RpcExceptionFilter" __imp_I_RpcExceptionFilter
0x140005EE0: "FindInteractiveUserProcess faile" ??_C@_0CD@OKIDDGPB@FindInteractiveUserProcess?5faile@
0x140005A20: "__cdecl _imp___dllonexit" __imp___dllonexit
0x140005F28: "WaitForMultipleObjects failed!" ??_C@_0BP@GLBOEFLB@WaitForMultipleObjects?5failed?$CB?$AA@
0x140006068: "Advapi32.dll" ??_C@_0N@DOHINHCI@Advapi32?4dll?$AA@
0x140003E40: "__cdecl _security_check_cookie" __security_check_cookie
0x140005B28: "__cdecl _xc_z" __xc_z
0x140005960: api-ms-win-core-processthreads-l1-1-0_NULL_THUNK_DATA
0x140005848: "__cdecl _imp_GetProcAddress" __imp_GetProcAddress
0x140005FE0: "__cdecl GUID_86118f98_8458_4ab1_9009_68a8eca65307" _GUID_86118f98_8458_4ab1_9009_68a8eca65307
0x140005A88: "__cdecl _imp_?terminate@@YAXXZ" __imp_?terminate@@YAXXZ
0x140005990: "__cdecl _imp_GetSystemTimeAsFileTime" __imp_GetSystemTimeAsFileTime
0x140005FA0: "InitSecurity failed!" ??_C@_0BF@PIBLMONN@InitSecurity?5failed?$CB?$AA@
0x140005818: "__cdecl _imp_LocalAlloc" __imp_LocalAlloc
0x140006E30: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-service-management-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-service-management-l1-1-0
0x1400057F8: "__cdecl _imp_UnmapViewOfFile" __imp_UnmapViewOfFile
0x140005938: "__cdecl _imp_PathCchCombine" __imp_PathCchCombine
0x1400059D0: api-ms-win-service-management-l1-1-0_NULL_THUNK_DATA
0x140005970: api-ms-win-core-profile-l1-1-0_NULL_THUNK_DATA
0x1400066D0: "StringFromCLSID" ??_C@_0BA@MMGMLOAO@StringFromCLSID?$AA@
0x140005B50: "__cdecl _guard_fids_table" __guard_fids_table
0x140005D00: TRACE_WRN
0x1400059A0: "__cdecl _imp_CreateWellKnownSid" __imp_CreateWellKnownSid
0x140005A90: msvcrt_NULL_THUNK_DATA
0x140005C90: S_TermService
0x140005040: "__cdecl load_config_used" _load_config_used
0x14000148C: "long __cdecl FindRdpSessionAgentProxyProcess(void * __ptr64 * __ptr64)" ?FindRdpSessionAgentProxyProcess@@YAJPEAPEAX@Z
0x1400058E8: "__cdecl _imp_WinStationFreeGAPMemory" __imp_WinStationFreeGAPMemory
0x140005C80: TRACE_FATAL
0x1400057D0: "__cdecl _imp_OpenEventW" __imp_OpenEventW
0x140005AE8: "__cdecl _imp_CoSetProxyBlanket" __imp_CoSetProxyBlanket
0x140005760: "__cdecl _imp_RegSetKeyValueW" __imp_RegSetKeyValueW
0x1400058C0: "__cdecl _imp_RpcBindingFromStringBindingW" __imp_RpcBindingFromStringBindingW
0x140005A48: "__cdecl _imp__amsg_exit" __imp__amsg_exit
0x14000167C: "long __cdecl GetRdpSessionAgentProcess(struct IRdpSessionAgentProxy * __ptr64,void * __ptr64,unsigned long,void * __ptr64 * __ptr64)" ?GetRdpSessionAgentProcess@@YAJPEAUIRdpSessionAgentProxy@@PEAXKPEAPEAX@Z
0x140005D18: "CRdpSaComUtils::s_GetKnownFolder" ??_C@_0DB@NPHGAGAG@CRdpSaComUtils?3?3s_GetKnownFolder@
0x140005E58: "m_InvitationManager.Initialize f" ??_C@_0CH@BIIMPABD@m_InvitationManager?4Initialize?5f@
0x140003194: "long __cdecl StringCchPrintfW(unsigned short * __ptr64,unsigned __int64,unsigned short const * __ptr64,...)" ?StringCchPrintfW@@YAJPEAG_KPEBGZZ
0x140005A98: "__cdecl _imp_RtlLookupFunctionEntry" __imp_RtlLookupFunctionEntry
0x140005968: "__cdecl _imp_QueryPerformanceCounter" __imp_QueryPerformanceCounter
0x140005800: "__cdecl _imp_WaitForMultipleObjects" __imp_WaitForMultipleObjects
0x140008604: "__cdecl dowildcard" _dowildcard
0x1400066E0: "Session:%d!clsid:%s" ??_C@_1CI@HADPOCEE@?$AAS?$AAe?$AAs?$AAs?$AAi?$AAo?$AAn?$AA?3?$AA?$CF?$AAd?$AA?$CB?$AAc?$AAl?$AAs?$AAi?$AAd?$AA?3?$AA?$CF?$AAs?$AA?$AA@
0x140005790: "__cdecl _imp_SetSecurityDescriptorGroup" __imp_SetSecurityDescriptorGroup
0x1400057E0: "__cdecl _imp_CreateFileMappingW" __imp_CreateFileMappingW
0x140003214: "unsigned int __cdecl RdpWppGetCurrentThreadActivityIdPrefix(void)" ?RdpWppGetCurrentThreadActivityIdPrefix@@YAIXZ
0x1400058B8: "__cdecl _imp_RpcStringFreeW" __imp_RpcStringFreeW
0x140005AB8: "__cdecl _imp_RtlVirtualUnwind" __imp_RtlVirtualUnwind
0x140001B00: "long __cdecl GenCryptoSecureKey(unsigned char * __ptr64,unsigned long)" ?GenCryptoSecureKey@@YAJPEAEK@Z
0x140006730: "pMoniker->BindToObject" ??_C@_0BH@HDKIOJBD@pMoniker?9?$DOBindToObject?$AA@
0x1400035D0: MIDL_user_allocate
0x1400043F0: "__cdecl guard_check_icall_nop" _guard_check_icall_nop
0x14000414C: RtlpImageNtHeader
0x140005928: "__cdecl _imp_GetModuleHandleW" __imp_GetModuleHandleW
0x1400060D0: "201ef99a-7fa0-444c-9399-19ba84f1" ??_C@_1EK@PNAIGACG@?$AA2?$AA0?$AA1?$AAe?$AAf?$AA9?$AA9?$AAa?$AA?9?$AA7?$AAf?$AAa?$AA0?$AA?9?$AA4?$AA4?$AA4?$AAc?$AA?9?$AA9?$AA3?$AA9?$AA9?$AA?9?$AA1?$AA9?$AAb?$AAa?$AA8?$AA4?$AAf?$AA1@
0x140005A50: "__cdecl _imp__XcptFilter" __imp__XcptFilter
0x140005B90: "ext-ms-win-ntuser-windowstation-" ??_C@_1EO@FIHMJCLF@?$AAe?$AAx?$AAt?$AA?9?$AAm?$AAs?$AA?9?$AAw?$AAi?$AAn?$AA?9?$AAn?$AAt?$AAu?$AAs?$AAe?$AAr?$AA?9?$AAw?$AAi?$AAn?$AAd?$AAo?$AAw?$AAs?$AAt?$AAa?$AAt?$AAi?$AAo?$AAn?$AA?9@
0x140005AC0: ntdll_NULL_THUNK_DATA
0x140001090: WPP_SF_DsD
0x140005AB0: "__cdecl _imp_EtwEventUnregister" __imp_EtwEventUnregister
0x140006748: "pClassFactory->CreateInstance" ??_C@_0BO@OGFNNGAK@pClassFactory?9?$DOCreateInstance?$AA@
0x140005728: "__cdecl _imp_GetTraceEnableFlags" __imp_GetTraceEnableFlags
0x140005730: "__cdecl _imp_RegisterTraceGuidsW" __imp_RegisterTraceGuidsW
0x140008048: "__cdecl _security_cookie" __security_cookie
0x140005E90: "CRdpSaComUtils::s_CoCreateInSess" ??_C@_0CM@DLFLINNG@CRdpSaComUtils?3?3s_CoCreateInSess@
0x140005838: "__cdecl _imp_CloseHandle" __imp_CloseHandle
0x140005820: "__cdecl _imp_LocalFree" __imp_LocalFree
0x1400032A0: "unsigned long __cdecl AicOverrideDesktopPromptPolicy(void)" ?AicOverrideDesktopPromptPolicy@@YAKXZ
0x140008040: "__cdecl _defaultmatherr" __defaultmatherr
0x140006DE0: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-errorhandling-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-errorhandling-l1-1-0
0x140005908: api-ms-win-core-com-l1-1-0_NULL_THUNK_DATA
0x140008680: "char (*)[80] g_DbgTrace" ?g_DbgTrace@@3PAY0FA@DA
0x14000AE80: "private: static class CrimsonHelper CrimsonHelper::s_instance" ?s_instance@CrimsonHelper@@0V1@A
0x14000AF08: "__cdecl _onexitbegin" __onexitbegin
0x140005EC0: "CoCreateInSession failed!" ??_C@_0BK@PGNHHHIN@CoCreateInSession?5failed?$CB?$AA@
0x1400060B0: CLSID_RdpSessionAgent
0x140005A58: "__cdecl _imp__vsnwprintf" __imp__vsnwprintf
0x140005918: "__cdecl _imp_SetUnhandledExceptionFilter" __imp_SetUnhandledExceptionFilter
0x140005F08: "GenCryptoSecureKey failed!" ??_C@_0BL@KFGFLGPE@GenCryptoSecureKey?5failed?$CB?$AA@
0x140006D2C: "__cdecl _IMPORT_DESCRIPTOR_KERNEL32" __IMPORT_DESCRIPTOR_KERNEL32
0x1400042F4: "__cdecl _security_init_cookie" __security_init_cookie
0x140005A70: "__cdecl _imp__cexit" __imp__cexit
0x1400041A8: "__cdecl get_image_app_type" _get_image_app_type
0x1400057A0: "__cdecl _imp_SetSecurityDescriptorDacl" __imp_SetSecurityDescriptorDacl
0x140006D40: "__cdecl _IMPORT_DESCRIPTOR_msvcrt" __IMPORT_DESCRIPTOR_msvcrt
0x1400057B0: ADVAPI32_NULL_THUNK_DATA
0x1400057A8: "__cdecl _imp_EventUnregister" __imp_EventUnregister
0x140006D90: "__cdecl _IMPORT_DESCRIPTOR_RPCRT4" __IMPORT_DESCRIPTOR_RPCRT4
0x1400058C8: RPCRT4_NULL_THUNK_DATA
0x140003F60: "__cdecl _report_gsfailure" __report_gsfailure
0x140003E64: "__cdecl onexit" _onexit
0x1400059E0: api-ms-win-service-winsvc-l1-1-0_NULL_THUNK_DATA
0x14000AEF8: "__cdecl _native_startup_state" __native_startup_state
0x140005878: "__cdecl _imp_SysAllocStringByteLen" __imp_SysAllocStringByteLen
0x1400058D0: "__cdecl _imp_SHGetKnownFolderPath" __imp_SHGetKnownFolderPath
0x1400066B0: WPP_b724107cf4f33ef055f82e55630bf5af_Traceguids
0x1400059B8: "__cdecl _imp_OpenSCManagerW" __imp_OpenSCManagerW
0x140005940: api-ms-win-core-path-l1-1-0_NULL_THUNK_DATA
0x140006E94: "__cdecl _IMPORT_DESCRIPTOR_SHELL32" __IMPORT_DESCRIPTOR_SHELL32
0x1400059F8: "__cdecl _imp__fmode" __imp__fmode
0x1400058B0: "__cdecl _imp_NdrClientCall3" __imp_NdrClientCall3
0x140005868: "__cdecl _imp_MapViewOfFile" __imp_MapViewOfFile
0x1400058F0: WINSTA_NULL_THUNK_DATA
0x140005798: "__cdecl _imp_InitializeAcl" __imp_InitializeAcl
0x140005880: "__cdecl _imp_SysFreeString" __imp_SysFreeString
0x140006E08: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-profile-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-profile-l1-1-0
0x140004260: "__cdecl IsNonwritableInCurrentImage" _IsNonwritableInCurrentImage
0x140005980: api-ms-win-core-synch-l1-2-0_NULL_THUNK_DATA
0x140005898: "__cdecl _imp_RpcBindingSetAuthInfoExW" __imp_RpcBindingSetAuthInfoExW
0x140005768: "__cdecl _imp_OpenProcessToken" __imp_OpenProcessToken
0x140005C30: "ext-ms-win-ntuser-windowstation-" ??_C@_1EO@PCHFFKDO@?$AAe?$AAx?$AAt?$AA?9?$AAm?$AAs?$AA?9?$AAw?$AAi?$AAn?$AA?9?$AAn?$AAt?$AAu?$AAs?$AAe?$AAr?$AA?9?$AAw?$AAi?$AAn?$AAd?$AAo?$AAw?$AAs?$AAt?$AAa?$AAt?$AAi?$AAo?$AAn?$AA?9@
0x140006DB8: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-synch-l1-2-0" __IMPORT_DESCRIPTOR_api-ms-win-core-synch-l1-2-0
0x1400044AD: memset
0x140006EA8: "__cdecl _NULL_IMPORT_DESCRIPTOR" __NULL_IMPORT_DESCRIPTOR
0x140005CC0: TRACE_DUMP

[JEB Decompiler by PNF Software]