Created
August 31, 2024 19:11
-
-
Save mez-0/833314d8e920a17aa3ca703eabbfa4a5 to your computer and use it in GitHub Desktop.
Common DLL's exports mapped to descriptions and categories via an LLM
We can't make this file beautiful and searchable because it's too large.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| title description category | |
| KERNEL32.DLL!TerminateJobObject This function terminates all processes associated with a job- managing processes and threads. Process and Thread Management | |
| RPCRT4.DLL!NdrServerCall2 Facilitates remote procedure calls (RPC) but is not user-invoked. Network Operations | |
| SHLWAPI.DLL!StrCSpnW Searches a string for specific characters- providing their index. Involves string manipulation rather than file or network processes. Memory Management | |
| GDI32FULL.DLL!UpdateColors Updates the client area of a device context by remapping current colors to the logical palette. System Information and Control | |
| RPCRT4.DLL!IUnknown_AddRef_Proxy Implements the AddRef method for interface proxies- managing reference counting in COM. Process and Thread Management | |
| ADVAPI32.DLL!RegEnumKeyW Enumerates subkeys of an open registry key- indicating direct registry manipulation. Registry Operations | |
| SECHOST.DLL!CredDeleteA Deletes a credential from the user's credential set- modifying stored authentication data. Registry Operations | |
| KERNEL32.DLL!VirtualQueryEx Retrieves information about page attributes in a specified process's virtual address space. Memory Management | |
| ADVAPI32.DLL!TreeResetNamedSecurityInfoW Resets security information in the security descriptor of a tree of objects- affecting DACL and SACL. Registry Operations | |
| WINMM.DLL!joyConfigChanged Reloads joystick configuration from the registry when it changes- involving registry interactions. Registry Operations | |
| GDI32FULL.DLL!ScriptGetCMap Retrieves glyph indexes for Unicode characters in a string- examining font support for character rendering. System Information and Control | |
| GDI32.DLL!PolyDraw This function draws line segments and Bézier curves using a device context and point arrays. System Information and Control | |
| KERNEL32.DLL!VirtualAllocEx Reserves and commits memory in a specified process's virtual address space- modifying memory states. Memory Management | |
| COMDLG32.DLL!PrintDlgA This function opens a dialog for print options- involving user interface interaction rather than direct file operations. System Information and Control | |
| OLE32.DLL!StgConvertVariantToProperty Converts PROPVARIANT data type to SERIALIZEDPROPERTYVALUE- managing data representation. Memory Management | |
| GDI32FULL.DLL!SetStretchBltMode Sets the bitmap stretching mode for a device context- influencing how bitmaps are rendered. System Information and Control | |
| USER32.DLL!EnumDisplaySettingsExA Retrieves information about graphics modes for a display device- including settings stored in the registry. System Information and Control | |
| OLEAUT32.DLL!VarI8FromStr Converts an OLECHAR string to an 8-byte integer value. Cryptographic Operations | |
| USER32.DLL!SetRectEmpty This function creates an empty rectangle- primarily used for graphical operations. System Information and Control | |
| KERNEL32.DLL!GetLogicalProcessorInformationEx Retrieves information about the relationships of logical processors and associated hardware. System Information and Control | |
| USER32.DLL!SendMessageTimeoutA Sends messages to windows while managing the timeout for processing. Process and Thread Management | |
| KERNEL32.DLL!SetCalendarInfoA Sets locale-specific calendar information for a calendar. Affects user settings- not system defaults. System Information and Control | |
| OLEAUT32.DLL!VarCyFromBool Converts a Boolean value to a currency value- manipulating data types for automation purposes. DLL Injection and Manipulation | |
| COMCTL32.DLL!DSA_Create Creates a dynamic structure array for managing various data types efficiently in memory. Memory Management | |
| SHCORE.DLL!IStream_Size Retrieves the size of a specified stream in bytes. File Operations | |
| SHLWAPI.DLL!SHRegCreateUSKeyW Creates or opens a registry subkey in user-specific areas of the Windows registry. Registry Operations | |
| OLE32.DLL!NdrProxyForwardingFunction27 Stub function for COM proxies involved in interface marshaling and communication between components. Network Operations | |
| SHELL32.DLL!ShellAboutA Displays a ShellAbout dialog box with application information. System Information and Control | |
| NTDLL.DLL!NtQuerySystemTime This function retrieves the current system time- providing system information relevant to system control. System Information and Control | |
| KERNEL32.DLL!HeapValidate Validates a specified heap or memory block for consistency- ensuring correct memory management during heap operations. Memory Management | |
| USER32.DLL!GetUserObjectSecurity Retrieves security information for a specified user object- relating to access control and permissions. Registry Operations | |
| KERNEL32.DLL!SetNamedPipeHandleState Configures read and blocking modes of named pipes- facilitating inter-process communication. Network Operations | |
| KERNEL32.DLL!IdnToNameprepUnicode Converts internationalized domain names to NamePrep form- relevant for network communication formatting. Network Operations | |
| OLEAUT32.DLL!SafeArrayGetUBound Retrieves the upper limit of a specified dimension of a safe array. Memory Management | |
| WINMMBASE.DLL!waveInReset Stops input on a waveform-audio input device and resets the position- managing audio device state. Process and Thread Management | |
| OLE32.DLL!ObjectStublessClient27 This function is a stub for COM proxies used in marshaling interfaces. DLL Injection and Manipulation | |
| USER32.DLL!GetClipboardOwner Retrieves the window handle that currently owns the clipboard data. System Information and Control | |
| USER32.DLL!TabbedTextOutW This function writes text to a specified location within a device context- handling tab expansion for formatting. File Operations | |
| USER32.DLL!LoadCursorFromFileA Creates a cursor using data from a file- thus performing file operations. File Operations | |
| USER32.DLL!TabbedTextOutA Writes a character string at a specified location- managing text formatting and tab settings. File Operations | |
| GDI32FULL.DLL!EngFreeModule Unmaps a memory-mapped file- indicating a function related to memory handling operations. Memory Management | |
| OLE32.DLL!OleDestroyMenuDescriptor Frees memory allocated for a shared menu descriptor- indicating memory management operations. Memory Management | |
| KERNEL32.DLL!RegDeleteValueW Removes a named value from a specified registry key- modifying the registry. Registry Operations | |
| OLE32.DLL!StgConvertPropertyToVariant Converts SERIALIZEDPROPERTYVALUE to PROPVARIANT- focusing on data type management within software applications. Memory Management | |
| OLEAUT32.DLL!VarR8FromR4 Converts a float value to a double value. Memory Management | |
| ADVAPI32.DLL!SaferiIsExecutableFileType Determines if a specified file has an executable extension for security assessments. File Operations | |
| SHLWAPI.DLL!GetMenuPosFromID Determines the position of a menu item given its ID- relating to UI menu interactions. System Information and Control | |
| ADVAPI32.DLL!SaferComputeTokenFromLevel This function restricts access tokens based on specified criteria- enhancing security measures for token management. Process and Thread Management | |
| GDI32.DLL!EngDeletePath Deletes a path allocated by EngCreatePath- indicating a manipulation of graphics paths for display devices. Memory Management | |
| KERNEL32.DLL!WerRegisterRuntimeExceptionModule Registers a custom runtime exception handler for Windows Error Reporting to manage crash events. Process and Thread Management | |
| COMDLG32.DLL!ReplaceTextA Facilitates user-driven find and replace operations via a dialog box interface. File Operations | |
| OLE32.DLL!PropStgNameToFmtId Converts property set names to format identifiers for structured storage management. System Information and Control | |
| WINMMBASE.DLL!midiInGetID Retrieves the device identifier for a MIDI input device. System Information and Control | |
| SECHOST.DLL!EnumServicesStatusExW Enumerates services in the service control manager database- providing service names and statuses. System Information and Control | |
| SHLWAPI.DLL!PathRemoveBlanksW This function removes spaces from strings- typically used in file path manipulations. File Operations | |
| KERNEL32.DLL!SetVolumeLabelA Sets the label of a file system volume- affecting file system operations. File Operations | |
| OLEAUT32.DLL!VarI8FromDec Converts a decimal value to an 8-byte integer- primarily handling data representation. Memory Management | |
| GDI32FULL.DLL!GdiComment Copies a comment from a buffer into an enhanced-format metafile- related to drawing operations. File Operations | |
| SHELL32.DLL!SHCreateProcessAsUserW Creates a new process in the security context of a specified user. Process and Thread Management | |
| SHLWAPI.DLL!StrNCatW Appends characters from one string to another- related to string manipulation. Memory Management | |
| SECHOST.DLL!ConvertStringSidToSidW Converts a string-format security identifier (SID) into a valid- functional SID for access control. Registry Operations | |
| SHCORE.DLL!IUnknown_QueryService Retrieves a service interface from a COM object- facilitating service communication. System Information and Control | |
| SECHOST.DLL!RegisterServiceCtrlHandlerExA Registers a control handler for a service to manage control requests. Process and Thread Management | |
| SHLWAPI.DLL!UrlApplySchemeW Determines a URL scheme and returns a modified URL with the appropriate prefix. Network Operations | |
| WINDOWS.STORAGE.DLL!ILAppendID This function modifies ITEMIDLIST structures by appending or prepending SHITEMID structures. File Operations | |
| IHolder::FreeResource Frees a previously allocated resource- returning it to the inventory for further use. Memory Management | |
| OLEAUT32.DLL!VarBoolFromR4 Converts a float to a Boolean value- focusing on value conversion rather than direct file or memory operations. System Information and Control | |
| KERNEL32.DLL!GetSystemDirectoryA Retrieves the path of the system directory- providing essential system information. System Information and Control | |
| RPCRT4.DLL!RpcServerUseProtseqEpExA Registers a protocol sequence and endpoint for remote procedure calls in the RPC runtime library. Network Operations | |
| WINDOWS.STORAGE.DLL!ILIsEqual Compares two ITEMIDLIST structures for equality based on binary data. System Information and Control | |
| USER32.DLL!CreateDialogParamW Creates a modeless dialog box from a template. It manages dialog box visibility and initializes controls. Process and Thread Management | |
| SHLWAPI.DLL!SHRegGetBoolValueFromHKCUHKLM Evaluates a registry key value to determine existence and state. Registry Operations | |
| MSIHND.DLL!DllUnregisterServer Instructs a server to remove registry entries created by DllRegisterServer. Registry Operations | |
| SHELL32.DLL!DAD_SetDragImage Sets a drag image for user interface operations during drag-and-drop actions. System Information and Control | |
| GDI32FULL.DLL!DrawEscape Provides drawing capabilities to video displays not available through GDI. System Information and Control | |
| SECHOST.DLL!ConvertSecurityDescriptorToStringSecurityDescriptorW This function converts a security descriptor to a string format for storage or transmission. System Information and Control | |
| GDI32FULL.DLL!ScriptBreak Retrieves information for determining line breaks in Unicode text. System Information and Control | |
| KERNEL32.DLL!SearchPathA Searches for a specified file in a specified path- optionally using system paths or registry settings. File Operations | |
| KERNELBASE.DLL!GetSecurityDescriptorOwner Retrieves owner information from a security descriptor- essential for managing access controls. Registry Operations | |
| WS2_32.DLL!FreeAddrInfoW Frees dynamically allocated address information from GetAddrInfoW- managing memory for network operations. Memory Management | |
| OLE32.DLL!CoCancelCall Cancels an outbound DCOM call on a specified thread- affecting process behavior. Process and Thread Management | |
| USER32.DLL!GetKeyNameTextA Retrieves the name of a key based on keyboard input- crucial for input processing. System Information and Control | |
| WS2_32.DLL!WSCInstallProviderAndChains64_32 Installs transport providers and their protocol chains in Winsock configuration databases for 32 and 64-bit systems. Network Operations | |
| WINMMBASE.DLL!CloseDriver Closes an installable driver- managing driver instances and resources. Process and Thread Management | |
| GDI32FULL.DLL!GetGlyphOutlineW Retrieves outlines or bitmaps of characters in a TrueType font- requiring a device context handle. System Information and Control | |
| GDI32FULL.DLL!ScriptString_pcOutChars The function returns a pointer to the length of a string- related to memory management. Memory Management | |
| USER32.DLL!EndPaint Marks the end of painting in a window; relates to GUI operations. System Information and Control | |
| GDI32.DLL!EngCreateClip Creates a CLIPOBJ structure for GDI to access frame buffers in graphics operations. System Information and Control | |
| SHLWAPI.DLL!SHFreeShared Frees shared memory allocated by any process- facilitating memory management across process boundaries. Memory Management | |
| OLE32.DLL!CStdStubBuffer2_CountRefs Counts the number of server objects connected to the RPC stub- indicating process management. Process and Thread Management | |
| OLEAUT32.DLL!VarI1FromUI1 Converts an unsigned char to a char- involving data type conversion. Memory Management | |
| USER32.DLL!LoadImageW Loads images like icons or bitmaps from files or resources in memory. File Operations | |
| COMCTL32.DLL!FlatSB_SetScrollRange Alters the range of a scroll bar- related to window interface control. System Information and Control | |
| ADVAPI32.DLL!QueryServiceLockStatusA Retrieves lock status of the service control manager database to manage service lock access. System Information and Control | |
| KERNEL32.DLL!FreeUserPhysicalPages Frees previously allocated physical memory pages- managing memory resources within processes. Memory Management | |
| RPCRT4.DLL!RpcMgmtSetAuthorizationFn Establishes an authorization function for managing remote calls- thus controlling access to server functions. System Information and Control | |
| KERNEL32.DLL!AppPolicyGetThreadInitializationType Retrieves initialization type for threads created in a process- affecting threading behavior. Process and Thread Management | |
| RPCRT4.DLL!NdrStubGetBuffer Retrieves a buffer from the RPC channel- facilitating remote procedure calls. Memory Management | |
| RPCRT4.DLL!NdrComplexStructUnmarshall This function unmarshals data from a network buffer into memory- involving network data handling. Network Operations | |
| OLEAUT32.DLL!VarUI8FromI2 Converts a short integer to an unsigned 8-byte integer for data type management. Memory Management | |
| COMCTL32.DLL!DPA_Create Creates a dynamic pointer array- managing memory allocation for pointers. Memory Management | |
| SECHOST.DLL!StartTraceA The StartTrace function initiates an event tracing session for logging events. System Information and Control | |
| VERTDLL.DLL!NtOpenFile Opens an existing file- device- directory- or volume- providing a handle for file operations. File Operations | |
| RPCRT4.DLL!RpcSmClientFree Frees memory allocated from a client stub- managing memory in RPC environments. Memory Management | |
| GDI32FULL.DLL!GetCharacterPlacementA Retrieves character string information such as widths and positioning in rendering glyphs. System Information and Control | |
| ADVAPI32.DLL!FileEncryptionStatusA Retrieves the encryption status of a specified file. File Operations | |
| USER32.DLL!AppendMenuW Appends a new item to a menu- adjusting content and behavior. System Information and Control | |
| GDI32FULL.DLL!ScriptXtoCP Converts an x offset to a character position in a logical character cluster. System Information and Control | |
| KERNEL32.DLL!RegCreateKeyExA Creates or opens a specified registry key- performing registry operations. Registry Operations | |
| SECHOST.DLL!CredFindBestCredentialA Searches for generic credentials associated with the current logon session in the Credential Management database. Registry Operations | |
| OLEAUT32.DLL!SafeArraySetIID Sets the GUID of the interface for a safe array- influencing how data is handled. System Information and Control | |
| USER32.DLL!MessageBoxIndirectA Creates and displays a message box for user interaction with defined text and buttons. System Information and Control | |
| KERNEL32.DLL!ReadFile Reads data from specified files or I/O devices- allowing synchronous and asynchronous operations. File Operations | |
| WINMMBASE.DLL!mixerGetLineControlsW This function retrieves controls associated with audio lines- categorizing it under System Information and Control. System Information and Control | |
| KERNEL32.DLL!GetNumaAvailableMemoryNode Retrieves the amount of available memory in a specified NUMA node. Memory Management | |
| USER32.DLL!CreateIconFromResource Generates an icon or cursor from resource bits- enabling graphical manipulation in applications. DLL Injection and Manipulation | |
| ADVAPI32.DLL!AbortSystemShutdownA Stops a system shutdown that has been initiated on the local or remote computer. System Information and Control | |
| OLE32.DLL!NdrProxyForwardingFunction17 This function serves as a stub for COM proxies- facilitating communication in distributed applications. System Information and Control | |
| OLE32.DLL!HBITMAP_UserMarshal64 Marshals HBITMAP objects into an RPC buffer for remote procedure calls. Memory Management | |
| USER32.DLL!DialogBoxParamW Creates a modal dialog box- managing user input and interface elements. Process and Thread Management | |
| KERNEL32.DLL!GetDurationFormatEx Formats a duration of time as a string for a specified locale. System Information and Control | |
| COMCTL32.DLL!FlatSB_SetScrollProp Sets properties for a flat scroll bar- affecting its visual representation and dimensions. System Information and Control | |
| RPCRT4.DLL!RpcServerUseProtseqExA Registers a protocol sequence for receiving RPC calls- specifically for network communication. Network Operations | |
| OLE32.DLL!OleLoad Loads objects into memory from a specified storage object- making it crucial for managing object state. Process and Thread Management | |
| RPCRT4.DLL!NdrServerCallAll Facilitates remote procedure calls (RPC) between clients and servers in a networked environment. Network Operations | |
| GDI32FULL.DLL!GetCharWidth32A Retrieves character widths from a font for display in logical coordinates. System Information and Control | |
| KERNEL32.DLL!CopyFileExW This function copies an existing file and allows monitoring its progress- thus handling file operations directly. File Operations | |
| RPCRT4.DLL!RpcServerUseProtseqIfExA Registers a protocol sequence for receiving remote procedure calls- enabling network communication. Network Operations | |
| OLEAUT32.DLL!VarBstrFromI8 Converts an 8-byte unsigned integer to a BSTR- focusing on data type conversion. Memory Management | |
| GDI32FULL.DLL!GetMetaFileBitsEx Retrieves contents of a Windows-format metafile and copies them to a specified buffer. File Operations | |
| USER32.DLL!CreateIconIndirect This function creates icons from an ICONINFO structure- manipulating graphical resources. DLL Injection and Manipulation | |
| RPCRT4.DLL!RpcServerInterfaceGroupCreateA Creates an RPC server interface group for managing server application interfaces and endpoints. Network Operations | |
| KERNEL32.DLL!GetSystemTimePreciseAsFileTime Retrieves the current system date and time with high precision in UTC format. System Information and Control | |
| OLEAUT32.DLL!VarBstrFromI2 Converts a short value to a BSTR value for use in automation. Memory Management | |
| USER32.DLL!BroadcastSystemMessageA Sends a message to specified system components or applications- enabling inter-process communication. Network Operations | |
| ADVAPI32.DLL!ConvertStringSecurityDescriptorToSecurityDescriptorA Converts string-format security descriptors into valid security descriptors for access controls. Registry Operations | |
| USER32.DLL!EnumDisplayDevicesA Retrieves information about display devices in the current session- related to hardware and system information. System Information and Control | |
| SECHOST.DLL!ControlServiceExW Sends control codes to manage the state of Windows services. Process and Thread Management | |
| OLEAUT32.DLL!VarI4FromUI4 Converts unsigned long values to long values- primarily for data type manipulation. Memory Management | |
| SHLWAPI.DLL!UrlGetPartA Extracts specific components from a URL (like hostname or port). Network Operations | |
| ADVAPI32.DLL!DuplicateEncryptionInfoFile Copies EFS metadata from one file or directory to another- requiring file operations for destination setup. File Operations | |
| KERNEL32.DLL!FindResourceExW Locates a specified resource within a module based on type- name- and language. File Operations | |
| GDI32FULL.DLL!GdiTransparentBlt Transfers pixel data between device contexts with transparency handling. File Operations | |
| RPCRT4.DLL!NdrConformantStringMarshall This function marshals data specifically for network communication in RPC. Network Operations | |
| KERNEL32.DLL!FindNextFileNameW Enumerates hard links to a file using a handle- related to file management operations. File Operations | |
| KERNEL32.DLL!CreateRemoteThreadEx Creates a thread within another process's address space- allowing for code execution and potential thread control. DLL Injection and Manipulation | |
| OLEAUT32.DLL!VarAbs Computes the absolute value of a variant- dealing with data types rather than system resources. System Information and Control | |
| COMCTL32.DLL!ImageList_Remove Removes an image from an image list- manipulating the collection of images in memory. Memory Management | |
| USER32.DLL!IsZoomed Checks if a specific window is maximized or not. System Information and Control | |
| USER32.DLL!SetWindowContextHelpId Associates a Help context identifier with a window- related to UI context management. System Information and Control | |
| OLE32.DLL!CoMarshalHresult Marshals an HRESULT to a stream for inter-process communication. Process and Thread Management | |
| KERNEL32.DLL!CreateIoCompletionPort Creates an I/O completion port for asynchronous I/O operation notifications. File Operations | |
| KERNEL32.DLL!WaitForThreadpoolWorkCallbacks Waits for work callbacks to complete- managing thread pool operations effectively. Process and Thread Management | |
| OLEAUT32.DLL!VarUI1FromI2 Converts a short value to an unsigned char value- affecting data representation. Memory Management | |
| SHELL32.DLL!SHSetInstanceExplorer Allows components to extend the lifetime of their host process- especially in shell environments. Process and Thread Management | |
| USER32.DLL!SoundSentry Triggers a visual signal for a sound playing- relating it to system notifications. System Information and Control | |
| KERNEL32.DLL!BackupRead Reads data from a file or directory- including security information- to facilitate backups. File Operations | |
| USER32.DLL!LookupIconIdFromDirectoryEx This function searches for and retrieves icon or cursor resource identifiers based on display device compatibility. System Information and Control | |
| KERNELBASE.DLL!EventWriteEx Writes an ETW event- providing metadata for tracing and monitoring system events. System Information and Control | |
| KERNEL32.DLL!FindFirstFileTransactedA This function searches for files in a directory as a transacted operation. File Operations | |
| KERNEL32.DLL!ReleaseSRWLockShared Releases a slim reader/writer lock that was acquired- managing access to shared data. Process and Thread Management | |
| KERNEL32.DLL!CompareStringEx Compares two Unicode strings with optional locale-specific settings- impacting how string equality is evaluated. System Information and Control | |
| RPCRT4.DLL!UuidToStringA Converts a UUID to an ANSI string- performing a string representation operation. Memory Management | |
| KERNEL32.DLL!lstrcpynA Copies characters from a source string to a buffer- potentially leading to buffer overflow risks. Memory Management | |
| KERNELBASE.DLL!AccessCheckByTypeResultList Determines if a security descriptor grants specific access rights to a client identified by an access token. Registry Operations | |
| WS2_32.DLL!WSAConnect Establishes a connection to another socket application- facilitating network communication. Network Operations | |
| OLE32.DLL!CoFreeUnusedLibraries Unloads DLLs not in use- related to managing DLLs and COM object resources. DLL Injection and Manipulation | |
| KERNEL32.DLL!SetThreadToken Assigns an impersonation token to a thread- impacting its security context. Process and Thread Management | |
| SECHOST.DLL!StartServiceW This function starts a specified service- managing system services. Process and Thread Management | |
| KERNELBASE.DLL!PrivilegedServiceAuditAlarmW Generates an audit message in the security event log related to privilege usage. System Information and Control | |
| OLE32.DLL!OleCreate This function creates an embedded object identified by a CLSID- indicating it manages file-like operations. File Operations | |
| KERNEL32.DLL!GetCurrencyFormatA Formats number strings as currency based on specified locale identifiers. System Information and Control | |
| KERNEL32.DLL!SetCachedSigningLevel Sets the cached signing level for source files- impacting file security operations. File Operations | |
| USER32.DLL!ShowScrollBar This function manages the visibility of scroll bars in a window or control. System Information and Control | |
| CRYPTSP.DLL!CryptEncrypt Encrypts data using a specified encryption algorithm with a provided key handle. Cryptographic Operations | |
| KERNELBASE.DLL!RegQueryMultipleValuesW Retrieves types and data for multiple value names associated with a registry key. Registry Operations | |
| GDI32.DLL!AddFontResourceW Adds a font resource to the system font table for use in applications. File Operations | |
| KERNEL32.DLL!GetUserDefaultLocaleName Retrieves the user default locale name for internationalization purposes. System Information and Control | |
| COMCTL32.DLL!DSA_DeleteAllItems Deletes all items from a dynamic structure array. Memory Management | |
| USER32.DLL!GetKeyState Retrieves the current status of a specific virtual key on the keyboard. System Information and Control | |
| WINDOWS.STORAGE.DLL!SHCreateItemFromParsingName This function creates a Shell item from a parsing name- relating to file system structure. File Operations | |
| SHELL32.DLL!SHGetDataFromIDListA Retrieves extended property data from a relative identifier list associated with objects in the filesystem. File Operations | |
| USER32.DLL!CallWindowProcA Passes messages to window procedures- facilitating window procedure management and subclassing. Hooking and Interception | |
| SHLWAPI.DLL!UrlCombineW Combines a base URL with a relative URL- processing them into a canonical form. Network Operations | |
| KERNELBASE.DLL!AddAccessDeniedAceEx Adds an access-denied ACE to a DACL for controlling access to objects. Registry Operations | |
| OLEAUT32.DLL!VarUI2FromDate Converts a date value to an unsigned short value. Memory Management | |
| KERNEL32.DLL!RegEnumValueW Enumerates values for a specified open registry key- essential for registry operations. Registry Operations | |
| RPCRT4.DLL!Ndr64AsyncServerCallAll This function is used in Remote Procedure Calls- involving network communication between applications. Network Operations | |
| OLE32.DLL!OleIsCurrentClipboard Checks if a specified data object is still on the clipboard. File Operations | |
| SHELL32.DLL!SHMapPIDLToSystemImageListIndex Retrieves the icon index from the system image list for a folder item. System Information and Control | |
| USER32.DLL!CreateDialogIndirectParamA This function creates a dialog box- managing visual components and interactions. Process and Thread Management | |
| KERNEL32.DLL!QueryDosDeviceA Retrieves information about MS-DOS device names- which involves querying file system structure. File Operations | |
| USER32.DLL!CharPrevExA Retrieves the pointer to the previous character in a string based on code-page settings. Memory Management | |
| GDI32FULL.DLL!GetGlyphIndicesW Converts a string to an array of glyph indices- used for font representation and manipulation. Memory Management | |
| USER32.DLL!GetTouchInputInfo Retrieves information about touch inputs from a handle- indicating operations related to input management. System Information and Control | |
| USER32.DLL!SwitchDesktop Activates a specified desktop to receive user input- involving interactions with the window station and desktop. System Information and Control | |
| SHLWAPI.DLL!SHRegSetUSValueW Sets a registry key value in user-specific HKCU or HKLM subtrees. Registry Operations | |
| OLEAUT32.DLL!SafeArrayCreateVectorEx Creates a one-dimensional safe array- managing memory for specified data types and bounds. Memory Management | |
| OLE32.DLL!HDC_UserFree Frees resources allocated on the server side during RPC calls. Memory Management | |
| WINMMBASE.DLL!mmTaskCreate The mmTaskCreate function is used for creating multimedia tasks. Process and Thread Management | |
| KERNEL32.DLL!IsValidLocale Determines if a specified locale is installed or supported on the operating system. System Information and Control | |
| SHELL32.DLL!DAD_DragMove Moves the drag image during drag-and-drop operations using specified coordinates. Process and Thread Management | |
| OLE32.DLL!CStdAsyncStubBuffer_AddRef Implements IRpcStubBuffer::AddRef for reference counting in RPC stubs. Process and Thread Management | |
| USER32.DLL!SetClipboardViewer This function manages clipboard viewer windows- facilitating communication on clipboard content changes. Hooking and Interception | |
| KERNEL32.DLL!DiscardVirtualMemory This function discards memory contents without decommitting it- impacting memory management. Memory Management | |
| KERNEL32.DLL!GetDurationFormat Formats time durations based on locale-specific identifiers- relating to internationalization. System Information and Control | |
| WS2_32.DLL!WSCWriteNameSpaceOrder Changes the order of Winsock namespace providers for name resolution priority. Registry Operations | |
| ADVAPI32.DLL!LsaLookupNames Retrieves security identifiers (SIDs) for specified user or group names- aiding in identity management and access control. System Information and Control | |
| OLE32.DLL!CoGetObject Converts a display name into a moniker and binds to the identified object. System Information and Control | |
| OLEAUT32.DLL!VarFormat Formats a variant into a string using a specified format- manipulating representation based on locale. System Information and Control | |
| WINMM.DLL!joyGetThreshold Queries the movement threshold of a joystick- measuring user input thresholds for device interaction. System Information and Control | |
| SHELL32.DLL!SHGetPropertyStoreFromParsingName Retrieves a property store for an item based on its path- facilitating data access. File Operations | |
| KERNEL32.DLL!GlobalGetAtomNameW Retrieves the character string associated with a specified global atom for inter-process communication. System Information and Control | |
| KERNEL32.DLL!SetProcessDefaultCpuSets Assigns default CPU Sets for process threads- impacting their execution on specific CPU cores. Process and Thread Management | |
| SHELL32.DLL!SHShellFolderView_Message Sends messages to the shell's default IFolderView implementation- influencing shell view behavior. Process and Thread Management | |
| OLEAUT32.DLL!BSTR_UserSize Calculates the wire size for the BSTR object- involving memory calculation for proper alignment during RPC. Memory Management | |
| KERNELBASE.DLL!AddMandatoryAce This function modifies a system access control list (SACL) by adding an access control entry (ACE). Registry Operations | |
| SHLWAPI.DLL!SHRegEnumUSKeyA Enumerates subkeys of a registry subkey in user-specific registry hives. Registry Operations | |
| OLE32.DLL!CLIPFORMAT_UserFree64 Frees resources on the server side during Remote Procedure Calls (RPC). Memory Management | |
| KERNEL32.DLL!GetModuleHandleExA Retrieves a module handle and modifies the reference count for loaded modules. DLL Injection and Manipulation | |
| ADVAPI32.DLL!IsTextUnicode Determines if a buffer is likely to contain Unicode text by analyzing its content. System Information and Control | |
| SHELL32.DLL!DragFinish Releases memory allocated for transferring file names during drag-and-drop operations. Memory Management | |
| USER32.DLL!CreateWindowExA Creates a window and manages its properties like styles and position. Process and Thread Management | |
| KERNEL32.DLL!Process32FirstW Retrieves information about the first process in a system snapshot. Process and Thread Management | |
| NTDLL.DLL!RtlIpv4StringToAddressW Converts a string-based IPv4 address to binary format for network operations. Network Operations | |
| COMCTL32.DLL!GetMUILanguage Retrieves the language currently used by common controls for the specified process. System Information and Control | |
| OLEAUT32.DLL!SafeArrayLock Increments a lock count for an array- managing access to shared data. Memory Management | |
| NTDLL.DLL!RtlIsNameLegalDOS8Dot3 Determines if a name can be used to create a valid FAT file. File Operations | |
| KERNEL32.DLL!GetThreadId Retrieves the identifier of a specified thread- essential for thread management in applications. Process and Thread Management | |
| USER32.DLL!RegisterPointerDeviceNotifications This function registers a window to receive notifications related to pointer device events. System Information and Control | |
| WS2_32.DLL!WSAEnumProtocolsA Retrieves information about available transport protocols installed on a local machine. Network Operations | |
| GDI32FULL.DLL!AddFontResourceExW This function adds a font resource to the system- enabling font management within applications. File Operations | |
| OLE32.DLL!StgOpenStorage Opens an existing root storage object in the file system for accessing structured storage. File Operations | |
| USER32.DLL!IsWindowArranged Determines if a specified window is in an arranged state (snapped). System Information and Control | |
| KERNEL32.DLL!CancelIoEx Cancels outstanding I/O operations for a specified file handle in the current process. File Operations | |
| OLE32.DLL!NdrProxyForwardingFunction4 Stub function for COM proxies that helps marshal interfaces in inter-process communication. Process and Thread Management | |
| KERNEL32.DLL!CreateUmsThreadContext Creates a user-mode scheduling thread context representing a UMS worker thread. Process and Thread Management | |
| OLE32.DLL!STGMEDIUM_UserSize Calculates the size of the STGMEDIUM object for remote procedure calls (RPC). Memory Management | |
| KERNEL32.DLL!SetProcessAffinityMask Sets a processor affinity mask for the threads of the specified process. Process and Thread Management | |
| RPCRT4.DLL!NdrInterfacePointerBufferSize Calculates buffer size needed for marshalling interface pointers- involved in RPC operations. Memory Management | |
| USER32.DLL!ChangeDisplaySettingsW Changes the graphics mode of the default display device- affecting graphical settings. System Information and Control | |
| KERNEL32.DLL!EnumResourceTypesW Enumerates resource types within a binary module- interacting with resource management. System Information and Control | |
| GDI32.DLL!GetCertificateSize Retrieves the size of a driver's certificate chain- crucial for maintaining secure communications. Cryptographic Operations | |
| ADVAPI32.DLL!EncryptionDisable Disables or enables encryption for specified directories and files- affecting file access permissions. File Operations | |
| WINMMBASE.DLL!mmioRenameW The mmioRenameW function renames a specified file. File Operations | |
| KERNEL32.DLL!GetThreadInformation Retrieves specified information about a thread- including memory priority and CPU priority. Process and Thread Management | |
| OLE32.DLL!HACCEL_UserSize This function calculates the size of the HACCEL object for RPC- indicating memory operations. Memory Management | |
| ITraceRelogger::ProcessTrace Delivers events from trace streams to the consumer. System Information and Control | |
| USER32.DLL!GetPointerPenInfoHistory Retrieves pen input history from coalesced pointer messages for a specified pen pointer. System Information and Control | |
| OLEAUT32.DLL!VarI1FromDisp Converts an IDispatch instance's property to a char value- affecting automation scripting. System Information and Control | |
| OLEAUT32.DLL!VarImp Performs bitwise implication on variants- focusing on their integer values. Memory Management | |
| USER32.DLL!GetPointerInfoHistory Retrieves information about individual input pointers coalesced into a message- reflecting input history. System Information and Control | |
| SHELL32.DLL!SHDefExtractIconA Extracts an icon from a specified file- primarily dealing with file-related operations. File Operations | |
| USER32.DLL!DlgDirSelectExW Retrieves the selection from a list box- indicating file or directory name selection. File Operations | |
| USER32.DLL!TranslateAcceleratorA Processes and translates accelerator keys- converting key messages to command messages for window procedures. System Information and Control | |
| OLE32.DLL!OleGetAutoConvert This function retrieves CLSID conversion information from the registry- indicating it involves registry interactions. Registry Operations | |
| OLE32.DLL!HBITMAP_UserFree Frees resources on the server side- primarily involved in memory management during RPC calls. Memory Management | |
| SHLWAPI.DLL!StrCSpnIA Searches for character occurrences in a string; related to string manipulation. System Information and Control | |
| USER32.DLL!PaintDesktop Fills the device context with the desktop wallpaper or pattern for display. System Information and Control | |
| GDI32FULL.DLL!SaveDC Saves the current state of a device context for later restoration- related to graphical operations. System Information and Control | |
| OLEAUT32.DLL!VarCyMulI8 Multiplies a currency value with a 64-bit integer- managing data types and basic computation. Memory Management | |
| OLEAUT32.DLL!LPSAFEARRAY_UserMarshal Marshals data from SAFEARRAY to RPC buffer- facilitating remote procedure call data management. Memory Management | |
| SHLWAPI.DLL!PathCompactPathExW Truncates file paths to fit within a specified character limit- impacting file operations. File Operations | |
| KERNEL32.DLL!LockFileEx Locks specified file for exclusive or shared access- managing concurrent file operations. File Operations | |
| OLEAUT32.DLL!VarUI8FromI8 Converts 8-byte integers between signed and unsigned formats- relating to data manipulation. Memory Management | |
| KERNEL32.DLL!SleepEx Suspends the thread until a specified condition is met- affecting thread scheduling. Process and Thread Management | |
| KERNEL32.DLL!CheckNameLegalDOS8Dot3A Validates if a name can create a file on a FAT file system. File Operations | |
| SHELL32.DLL!SHGetIconOverlayIndexA Retrieves the overlay icon index for a file in the system image list. File Operations | |
| SHCORE.DLL!SHCreateStreamOnFileW Opens or creates a file and retrieves a stream for reading or writing. File Operations | |
| GDI32FULL.DLL!ExtFloodFill This function fills an area on the display surface using a specified color and boundary type. Graphics Operations | |
| ADVAPI32.DLL!SetServiceBits Registers a service type with the service control manager- managing system service information. System Information and Control | |
| KERNEL32.DLL!GetFileAttributesTransactedW Retrieves file system attributes of files or directories within a transaction. File Operations | |
| KERNEL32.DLL!CreateFiber Allocates a fiber object and sets up execution- related to thread management. Process and Thread Management | |
| SHCORE.DLL!SHDeleteEmptyKeyW Deletes an empty registry key specified by the user. Registry Operations | |
| OLE32.DLL!OleCreateFromDataEx Creates objects in OLE containers with support for multiple caching formats. DLL Injection and Manipulation | |
| GDI32FULL.DLL!GetWinMetaFileBits Converts enhanced metafile records to Windows-format records and writes them to a specified buffer. File Operations | |
| KERNEL32.DLL!SetProcessPriorityBoost This function enables or disables the priority boosting of threads in a specified process. Process and Thread Management | |
| KERNEL32.DLL!CreateThreadpoolWork This function creates a work object for managing concurrent thread execution. Process and Thread Management | |
| KERNEL32.DLL!SetDefaultCommConfigA Sets configuration for a communications device- managing device properties. System Information and Control | |
| OLE32.DLL!HACCEL_UserSize64 Calculates the wire size of HACCEL objects for RPC communication. Memory Management | |
| GDI32FULL.DLL!SetDeviceGammaRamp Adjusts the gamma ramp for direct color display boards- impacting visual output. System Information and Control | |
| KERNELBASE.DLL!GetSidLengthRequired This function calculates the required buffer size for a Security Identifier (SID)- relating to system security. System Information and Control | |
| WS2_32.DLL!WSAGetServiceClassInfoA Retrieves service class information from a specified namespace provider using Windows Sockets API. Network Operations | |
| KERNEL32.DLL!GetFinalPathNameByHandleA Retrieves the final path of a specified file or directory identified by a handle. File Operations | |
| SHELL32.DLL!ShellAboutW This function displays a dialog box about an application- primarily for informational purposes. System Information and Control | |
| KERNELBASE.DLL!ImpersonateLoggedOnUser Allows a thread to impersonate the security context of a logged-on user via a token handle. Process and Thread Management | |
| GDI32FULL.DLL!GetTextExtentPoint32A Computes the width and height of a specified text string- related to rendering graphics. System Information and Control | |
| USER32.DLL!ScrollWindow The ScrollWindow function manages the viewing area of a window by scrolling its contents. System Information and Control | |
| ADVAPI32.DLL!LogonUserExW This function logs a user onto the local computer- managing user sessions and tokens. Process and Thread Management | |
| OLE32.DLL!CoInvalidateRemoteMachineBindings Flushing cached RPC binding handles for remote computers involves system-level operations and management. System Information and Control | |
| KERNEL32.DLL!MoveFileTransactedA Moves files or directories as a transacted operation- managing file locations and operations within transactions. File Operations | |
| USER32.DLL!RegisterClipboardFormatW Registers a new clipboard format for use in data exchange. System Information and Control | |
| OLEAUT32.DLL!UnRegisterTypeLib Removes type library information from the system registry for application uninstallation. Registry Operations | |
| RPCRT4.DLL!RpcEpRegisterNoReplaceW This function adds server-address information to the local endpoint-map database for RPC. Network Operations | |
| GDI32FULL.DLL!XLATEOBJ_piVector This function retrieves a translation vector for converting source indices- related to display device operations. System Information and Control | |
| OLEAUT32.DLL!OleTranslateColor Converts an OLE_COLOR to a COLORREF- primarily dealing with color conversion. Memory Management | |
| KERNEL32.DLL!lstrcatW Appends one string to another- manipulating string buffers. Memory Management | |
| KERNEL32.DLL!CreateThreadpoolIo Creates an I/O completion object for handling asynchronous file operations. Process and Thread Management | |
| KERNEL32.DLL!HeapUnlock Releases ownership of a critical section object associated with a heap. Matches the action of HeapLock. Memory Management | |
| GDI32.DLL!FONTOBJ_pvTrueTypeFontFile Retrieves a user-mode pointer to a view of a font file- indicating file access. File Operations | |
| ADVAPI32.DLL!RegConnectRegistryA Connects to a predefined registry key on a remote computer- requiring access to registry operations. Registry Operations | |
| RPCRT4.DLL!NdrSimpleTypeUnmarshall This function unmarshalls data from memory for RPC communication. Memory Management | |
| USER32.DLL!GetDialogDpiChangeBehavior Returns DPI change flags for a dialog- relating to its previous settings. System Information and Control | |
| OLE32.DLL!OleConvertOLESTREAMToIStorage Converts OLE 1 objects to OLE 2 structured storage objects. File Operations | |
| KERNEL32.DLL!RemoveDirectoryTransactedW Deletes an existing empty directory using a transaction mechanism for safe file operations. File Operations | |
| USER32.DLL!GetShellWindow Retrieves a handle to the Shell's desktop window- useful for window management in applications. System Information and Control | |
| USER32.DLL!LoadImageA Loads various types of images (icons- cursors- bitmaps) into memory- impacting how they are accessed. Memory Management | |
| WINDOWS.STORAGE.DLL!ILCloneFirst Clones SHITEMID structure from an ITEMIDLIST- focusing on shell object management. Memory Management | |
| ADVAPI32.DLL!FreeEncryptionCertificateHashList Frees a certificate hash list related to file encryption. File Operations | |
| KERNEL32.DLL!VirtualUnlock Unlocks pages in virtual memory to allow system page swapping. Memory Management | |
| USER32.DLL!WindowFromPhysicalPoint Retrieves a handle to the window at a specified physical point on the screen. System Information and Control | |
| WINMMBASE.DLL!mixerGetDevCapsW Queries a mixer device to determine its capabilities and configurations. System Information and Control | |
| KERNELBASE.DLL!GetKernelObjectSecurity Retrieves the security descriptor of a kernel object- detailing its access controls. Registry Operations | |
| COMCTL32.DLL!DrawInsert Draws an icon in a drag list box's parent window- facilitating user interface interaction. System Information and Control | |
| ADVAPI32.DLL!BuildTrusteeWithObjectsAndSidW Initializes a TRUSTEE structure for access control- relating to security identifiers. Registry Operations | |
| KERNEL32.DLL!NeedCurrentDirectoryForExePathW Determines if the current directory should be included in the executable's search path. System Information and Control | |
| KERNEL32.DLL!SetFirmwareEnvironmentVariableExA This function modifies firmware environment variables by setting attributes for storage and access. Registry Operations | |
| GDI32FULL.DLL!SetLayout Changes the layout of a device context for managing graphical output direction. System Information and Control | |
| SHLWAPI.DLL!HashData This function hashes an array of data- facilitating data integrity and security. Cryptographic Operations | |
| WINDOWS.STORAGE.DLL!SHGetStockIconInfo Retrieves information about system-defined Shell icons- including their handles and locations. System Information and Control | |
| OLE32.DLL!WriteFmtUserTypeStg This function writes a clipboard format and user type to a storage object- thus managing file data. File Operations | |
| SHLWAPI.DLL!StrCSpnA Searches a string for specified characters- focusing on character processing. Memory Management | |
| USER32.DLL!EnumDesktopWindows Enumerates top-level windows on a specified desktop using a callback function. System Information and Control | |
| KERNEL32.DLL!MultiByteToWideChar Converts a multibyte string to a UTF-16 string- affecting character encoding processes. Memory Management | |
| SHLWAPI.DLL!ParseURLA Parses a given URL into its components- providing structured output for URL analysis. System Information and Control | |
| CRYPTSP.DLL!CryptDuplicateHash Duplicates a hash handle and its state for cryptographic use. Cryptographic Operations | |
| IGPMGPO::GetSecurityInfo Retrieves permissions for Group Policy Objects (GPO)- focusing on security settings. Registry Operations | |
| USER32.DLL!BringWindowToTop Activates and manages the Z order of windows on the desktop. Process and Thread Management | |
| GDI32FULL.DLL!StretchDIBits This function manipulates pixel data in images- thereby performing graphics-related operations. DLL Injection and Manipulation | |
| OLE32.DLL!HMENU_UserMarshal Marshals a HMENU into the RPC buffer for remote procedure calls. DLL Injection and Manipulation | |
| KERNEL32.DLL!VerLanguageNameW Retrieves language description based on binary language identifier. System Information and Control | |
| KERNELBASE.DLL!PerfIncrementULongLongCounterValue Increments an 8-byte unsigned integer counter value utilized by performance providers. System Information and Control | |
| KERNEL32.DLL!LCMapStringEx Maps character strings to another format or generates sort keys based on locale-specific transformations. System Information and Control | |
| USER32.DLL!ModifyMenuA Changes properties of an existing menu item- including its appearance and behavior. Hooking and Interception | |
| KERNELBASE.DLL!GetAce Retrieves a pointer to an access control entry (ACE) from an access control list (ACL). Registry Operations | |
| OLEAUT32.DLL!VarDateFromUdate Converts MS-DOS formatted dates to variant format for use in applications. System Information and Control | |
| GDI32FULL.DLL!RectVisible Determines if part of a rectangle is within the clipping region of a device context. System Information and Control | |
| USER32.DLL!GetPointerDeviceProperties Retrieves properties of pointer devices not included in the standard structure. System Information and Control | |
| RPCRT4.DLL!RpcMgmtInqStats This function retrieves statistics about remote procedure calls- focusing on network interactions. Network Operations | |
| KERNEL32.DLL!CreateThreadpool Allocates a pool of threads for executing callbacks efficiently. Process and Thread Management | |
| KERNEL32.DLL!GetOEMCP Returns the OEM code page identifier- providing system information related to character encoding. System Information and Control | |
| OLEAUT32.DLL!LoadRegTypeLib Utilizes registry information to load a type library based on versioning. Registry Operations | |
| RPCRT4.DLL!RpcMgmtWaitServerListen This function performs waiting operations associated with remote procedure call (RPC) server listening. Network Operations | |
| USER32.DLL!IsHungAppWindow Determines if a specified application is not responding to input- indicating process state. Process and Thread Management | |
| SECHOST.DLL!AuditComputeEffectivePolicyBySid Computes the effective audit policy for security principals based on system and per-user settings. System Information and Control | |
| KERNEL32.DLL!HeapCreate Creates a private heap for memory allocation in the calling process- reserving virtual address space. Memory Management | |
| OLE32.DLL!CoRegisterMessageFilter Registers an IMessageFilter interface for handling message concurrency on threads. Process and Thread Management | |
| KERNEL32.DLL!VirtualQuery Retrieves information about a range of pages in the calling process's virtual address space. Memory Management | |
| OLE32.DLL!OleSaveToStream Saves an object to a specified stream using the IPersistStream interface. File Operations | |
| OLEAUT32.DLL!VarIdiv Converts two variants to integers and performs division- indicating numerical computation. Memory Management | |
| OLEAUT32.DLL!VarDateFromUI2 Converts an unsigned short value to a date value- focusing on data transformation rather than direct system manipulation. System Information and Control | |
| KERNEL32.DLL!PssWalkSnapshot Returns information on process snapshot data- advancing the walk marker for sequential access. Process and Thread Management | |
| KERNEL32.DLL!CreateEventExW Creates or opens an event object for synchronization. Process and Thread Management | |
| USER32.DLL!GetUserObjectInformationW Retrieves information about window stations or desktop objects- providing details like flags- names- and types. System Information and Control | |
| USER32.DLL!CloseClipboard Closes the clipboard for data exchange between applications. File Operations | |
| ADVAPI32.DLL!RegDeleteKeyTransactedA Deletes a registry subkey and its values as a transacted operation. Registry Operations | |
| WINMMBASE.DLL!waveOutGetPlaybackRate Retrieves the current playback rate for a waveform-audio output device. System Information and Control | |
| GDI32FULL.DLL!GetStockObject Retrieves a handle to stock graphics objects like pens and brushes for rendering. System Information and Control | |
| SECHOST.DLL!CredEnumerateW Enumerates user credentials from the credential set associated with the logon session. Registry Operations | |
| WINMMBASE.DLL!midiStreamProperty Sets or retrieves properties of a MIDI data stream tied to a MIDI output device. System Information and Control | |
| OLEAUT32.DLL!VarNumFromParseNum Converts parsed numerical results into a variant type- facilitating data type handling. Memory Management | |
| ADVAPI32.DLL!DecryptFileW This function is used to decrypt encrypted files or directories. File Operations | |
| OLEAUT32.DLL!VarCyMulI4 This function performs arithmetic multiplication on data types- related to variant operations. Memory Management | |
| USER32.DLL!OpenDesktopW Opens a specified desktop object for access and interaction. Process and Thread Management | |
| USER32.DLL!SetMessageExtraInfo Sets extra message information for the current thread's message queue. Process and Thread Management | |
| KERNEL32.DLL!RegRestoreKeyW Restores registry information from a file- overwriting specified key and subkeys- manipulating registry data. Registry Operations | |
| WINDOWS.STORAGE.DLL!SHHandleUpdateImage Handles the SHCNE_UPDATEIMAGE Shell change notification- indicating changes in the system image list. System Information and Control | |
| WINDOWS.STORAGE.DLL!ILFindLastID Retrieves the last SHITEMID in an ITEMIDLIST- facilitating shell item management. System Information and Control | |
| RPCRT4.DLL!NdrConformantStringBufferSize Calculates buffer size for marshaling conformant strings in RPC. Memory Management | |
| KERNEL32.DLL!CreateJobObjectW Creates or opens a job object for managing groups of processes. Process and Thread Management | |
| SHLWAPI.DLL!PathFindSuffixArrayA Determines if a filename has a specific suffix- thus involves file name validation. File Operations | |
| RPCRT4.DLL!RpcBindingReset Resets a binding handle for remote procedure calls- affecting server instance association. Network Operations | |
| OLEAUT32.DLL!SafeArrayGetRecordInfo Retrieves the IRecordInfo interface from a safe array for user-defined types (UDT). Memory Management | |
| COMCTL32.DLL!DrawStatusTextW Draws specified text with style in a status window. System Information and Control | |
| USER32.DLL!SetWindowsHookExA Installs an application-defined hook procedure to monitor system events- potentially involving DLL injection. DLL Injection and Manipulation | |
| IRichEditOleCallback::DeleteObject Notifies that an object is being deleted from rich edit control but may not be released. File Operations | |
| GDI32FULL.DLL!SetTextJustification Adjusts space added to break characters in text for justified output in graphics contexts. Process and Thread Management | |
| USER32.DLL!InternalGetWindowText Copies the text from a window's title bar into a buffer. System Information and Control | |
| KERNEL32.DLL!GetSystemFirmwareTable Retrieves firmware tables from the system for information on hardware configuration. System Information and Control | |
| RPCRT4.DLL!NdrProxyInitialize Initializes the proxy for an object method in RPC communications. Network Operations | |
| KERNEL32.DLL!SetDefaultDllDirectories This function specifies directories for searching DLLs when loaded- thus managing DLL loading behavior. DLL Injection and Manipulation | |
| OLEAUT32.DLL!HWND_UserMarshal64 This function is responsible for marshalling HWND structures during inter-process communication. DLL Injection and Manipulation | |
| WSOCK32.DLL!inet_addr Converts a string containing an IPv4 address to a format suitable for networking operations. Network Operations | |
| GDI32FULL.DLL!ScriptStringOut Displays a string with optional highlighting- related to rendering text on the screen. System Information and Control | |
| SECHOST.DLL!CredIsMarshaledCredentialW Determines if a username string is a marshaled credential- relating to security and credential management. Cryptographic Operations | |
| OLEAUT32.DLL!VarCat Concatenates two variants and returns the result. Memory Management | |
| KERNEL32.DLL!GetCPInfoExW Retrieves information about installed or available code pages for internationalization purposes. System Information and Control | |
| SHLWAPI.DLL!PathMatchSpecExA Matches file names against specified patterns in a given path. File Operations | |
| OLEAUT32.DLL!OleLoadPictureFile This function creates an IPictureDisp object from a picture file- indicating file operations. File Operations | |
| USER32.DLL!ExitWindowsEx Initiates system shutdown or logoff while managing running processes. System Information and Control | |
| USER32.DLL!GetClipCursor Retrieves the screen coordinates for the area confining the cursor- indicating its position. System Information and Control | |
| GDI32FULL.DLL!GetEnhMetaFileW Creates a handle for enhanced metafiles stored in a file- involving file operations. File Operations | |
| RPCRT4.DLL!RpcServerInqDefaultPrincNameA This function retrieves the default principal name for an authentication service used in RPC. Network Operations | |
| OLE32.DLL!FreePropVariantArray Frees memory used by an array of PROPVARIANT structures. Memory Management | |
| KERNELBASE.DLL!FreeSid Frees a previously allocated security identifier- managing security-related memory allocations. Memory Management | |
| OLE32.DLL!HPALETTE_UserUnmarshal Unmarshals HPALETTE from RPC buffer- handling data for remote procedure calls. System Information and Control | |
| SHLWAPI.DLL!StrRChrA This function searches a string for a specified character- indicating its involvement in string manipulation. Memory Management | |
| KERNEL32.DLL!EnumDateFormatsExEx This function enumerates date formats based on locale- affecting system information and formatting. System Information and Control | |
| ADVAPI32.DLL!RegOverridePredefKey Maps a predefined registry key to a new registry key- affecting only the calling process. Registry Operations | |
| OLE32.DLL!OleQueryLinkFromData Determines if an OLE linked object can be created from clipboard data. System Information and Control | |
| SHLWAPI.DLL!PathSetDlgItemPathW This function sets the text of a dialog control using a specified path- related to UI operations. System Information and Control | |
| OLEAUT32.DLL!VarBoolFromI1 This function converts a char value to a Boolean output- focusing on value handling. System Information and Control | |
| WS2_32.DLL!WSASetServiceW Registers or removes a service instance from the registry in various namespaces. Registry Operations | |
| USER32.DLL!GetThreadDpiHostingBehavior Retrieves the DPI hosting behavior of the current thread for display scaling. System Information and Control | |
| OLEAUT32.DLL!LPSAFEARRAY_UserSize Calculates the wire size of the SAFEARRAY object for RPC data transfer. Memory Management | |
| WSOCK32.DLL!getpeername Retrieves the address of the peer connected to a socket. Network Operations | |
| KERNEL32.DLL!QueueUserAPC Queues an asynchronous procedure call to a specified thread- enabling deferred execution of functions. Process and Thread Management | |
| WINMMBASE.DLL!waveOutPrepareHeader Prepares waveform-audio data for playback by handling audio device and data structure. Process and Thread Management | |
| GDI32FULL.DLL!TextOutA Writes a character string to a specified location using the currently selected font and colors. System Information and Control | |
| SHCORE.DLL!IUnknown_Set Manages COM interface pointers by releasing- assigning- and reference counting interfaces. DLL Injection and Manipulation | |
| SECHOST.DLL!ChangeServiceConfigW Changes configuration parameters of a service in the service control manager. System Information and Control | |
| IOleInPlaceSiteWindowless::InvalidateRect Invalidates a rectangle of an object's in-place image- affecting the visual representation on the screen. System Information and Control | |
| KERNEL32.DLL!TerminateThread This function forcibly terminates a thread- directly managing thread execution and state. Process and Thread Management | |
| ADVAPI32.DLL!GetOldestEventLogRecord Retrieves the oldest record number from an event log. System Information and Control | |
| OLEAUT32.DLL!VarDateFromI4 Converts a long integer into a date value- involving type conversion. Memory Management | |
| USER32.DLL!SkipPointerFrameMessages Discards unprocessed pointer input messages from the same frame- managing user input efficiently. Process and Thread Management | |
| WINMMBASE.DLL!auxOutMessage Sends messages to auxiliary output devices- performing error checking on device identifiers. Network Operations | |
| WINDOWS.STORAGE.DLL!ShellExecuteExW Executes a specified file or command. File Operations | |
| GDI32FULL.DLL!SetSystemPaletteUse Specifies the usage of system palette in response to graphical display requirements. System Information and Control | |
| OLE32.DLL!CoDisconnectContext Disconnects proxy connections for interface pointers in the current context- managing object disconnections. Process and Thread Management | |
| USER32.DLL!EnumPropsExW Enumerates properties of a window by invoking a callback function for each property found. System Information and Control | |
| OLE32.DLL!CoTreatAsClass Establishes or removes an emulation for COM objects- modifying registry entries. Registry Operations | |
| KERNELBASE.DLL!GetSecurityDescriptorGroup Retrieves primary group information from a security descriptor- essential for access control management. Registry Operations | |
| USER32.DLL!DestroyIcon Frees memory occupied by an icon- categorized under memory management. Memory Management | |
| GDI32.DLL!PATHOBJ_bEnumClipLines This function enumerates line segments- involving graphics device interface (GDI) operations related to rendering. System Information and Control | |
| KERNEL32.DLL!SetFileBandwidthReservation Reserves bandwidth for file stream I/O requests- managing file operations efficiently. File Operations | |
| OLE32.DLL!CoFreeUnusedLibrariesEx Unloads DLLs no longer in use- managing memory for components in a thread-safe manner. Memory Management | |
| USER32.DLL!GetKeyboardType Retrieves information about the current keyboard's type and subtype. System Information and Control | |
| GDI32FULL.DLL!StrokeAndFillPath This function performs operations on graphical paths- specifically stroking and filling- which relate to memory and device context handling. Memory Management | |
| SHLWAPI.DLL!PathRemoveBackslashW This function modifies a path string by removing its trailing backslash- classifying it under file operations. File Operations | |
| OLEAUT32.DLL!VarUI1FromStr Converts an OLECHAR string to an unsigned char string- manipulating data types. Memory Management | |
| RPCRT4.DLL!NdrCStdStubBuffer_Release This function implements reference counting for RPC stubs- influencing process and thread management. Process and Thread Management | |
| OLEAUT32.DLL!SafeArrayPtrOfIndex Retrieves a pointer to an element of a SafeArray- a memory management operation for arrays. Memory Management | |
| OLEAUT32.DLL!VarUI1FromI4 Converts a long value to an unsigned char value- performing data type transformation. Memory Management | |
| GDI32FULL.DLL!StartDocW Starts a print job by preparing the printing device context and defining document information. File Operations | |
| NTDLL.DLL!RtlIpv4AddressToStringExA Converts an IPv4 address and port number to a string in standard Internet format. Network Operations | |
| GDI32.DLL!EngBitBlt EngBitBlt performs bit-block transfers between surfaces; it manages graphical output operations. Process and Thread Management | |
| KERNEL32.DLL!GetSystemDefaultLangID Retrieves the language identifier for the system locale affecting language settings across applications. System Information and Control | |
| RPCRT4.DLL!NdrDllGetClassObject Retrieves class objects related to RPC proxies or stubs. DLL Injection and Manipulation | |
| SHELL32.DLL!SHObjectProperties Invokes Properties context menu command on Shell objects- accessing file or printer properties. File Operations | |
| GDI32FULL.DLL!GdiGradientFill Fills rectangle and triangle structures in a device context using gradient colors. Memory Management | |
| SHELL32.DLL!ExtractIconExW Extracts icon handles from executable files- DLLs- or icon files. File Operations | |
| NTDLL.DLL!RtlInitString Initializes a counted string to prepare for string operations- essential for memory management. Memory Management | |
| KERNEL32.DLL!RegUnLoadKeyA Unloads a specified registry key and its subkeys from the registry. Registry Operations | |
| USER32.DLL!GetWindowModuleFileNameW Retrieves the full path and file name of the module for a specific window handle. System Information and Control | |
| GDI32.DLL!EngCheckAbort Determines if a print job should be terminated based on input from a printer graphics DLL. System Information and Control | |
| SHLWAPI.DLL!PathRemoveArgsA Removes arguments from a given path- simplifying the file path for further operations. File Operations | |
| WS2_32.DLL!InetPtonW Converts IPv4 or IPv6 addresses from text to numeric binary form. Network Operations | |
| ADVAPI32.DLL!PrivilegedServiceAuditAlarmA Generates an audit message in the security event log for privilege usage attempts. System Information and Control | |
| OLE32.DLL!NdrProxyForwardingFunction19 This function acts as a stub for COM proxies facilitating remote procedure calls. DLL Injection and Manipulation | |
| GDI32FULL.DLL!GetCharABCWidthsFloatA Retrieves widths of characters from a specified font- manipulating displayed text information. System Information and Control | |
| WINMMBASE.DLL!midiDisconnect Disconnects a MIDI input device from an output device- modifying device connections. File Operations | |
| IDCompositionTexture::SetColorSpace Informs the system of the color space for texture mapping. System Information and Control | |
| IDirect3DDevice9::SetPaletteEntries This function modifies the palette entries for a Direct3D device. System Information and Control | |
| KERNEL32.DLL!CreateNamedPipeA Creates a named pipe for inter-process communication- enabling data exchange between server and client processes. File Operations | |
| OLE32.DLL!ObjectStublessClient32 Stub function facilitating the use of COM proxies for interface marshaling. DLL Injection and Manipulation | |
| OLE32.DLL!CoCreateFreeThreadedMarshaler Creates an object for context-dependent marshaling between threads within the same process. Process and Thread Management | |
| OLE32.DLL!WriteClassStg This function writes a class identifier (CLSID) to a storage object. File Operations | |
| OLEAUT32.DLL!BSTR_UserMarshal64 Marshals a BSTR object into the RPC buffer for remote procedure calls. Memory Management | |
| KERNEL32.DLL!FindActCtxSectionStringA Retrieves information on a string in the current activation context. System Information and Control | |
| WS2_32.DLL!WSAEnumNetworkEvents This function detects network events associated with a specific socket. Network Operations | |
| OLEAUT32.DLL!VarUI4FromUI1 Converts an unsigned char to an unsigned long- primarily dealing with data type conversions. Memory Management | |
| USER32.DLL!RegisterDeviceNotificationW Registers device notifications for a window or service to receive device-related events. System Information and Control | |
| KERNEL32.DLL!AcquireSRWLockShared Acquires a slim reader/writer lock- controlling access to shared resources among threads. Process and Thread Management | |
| USER32.DLL!DdeGetLastError Retrieves the last error code from DDEML functions- indicating failure in data exchange operations. System Information and Control | |
| SHLWAPI.DLL!PathFindNextComponentA Parses a file path- extracting segments based on backslashes- relevant to file handling. File Operations | |
| WS2_32.DLL!WSCWriteProviderOrder This function reorders transport providers- influencing network protocol selection and prioritization. Network Operations | |
| KERNEL32.DLL!WriteProfileStringW Copies a string into the Win.ini file- tying it to application settings. Registry Operations | |
| WSOCK32.DLL!listen The listen function prepares a socket to accept incoming connections- establishing network communication capability. Network Operations | |
| USER32.DLL!CharUpperBuffW Converts characters in a buffer to uppercase- operating directly on memory. Memory Management | |
| WINDOWS.STORAGE.DLL!SHCreateStdEnumFmtEtc This function creates an enumeration of clipboard format objects- related to file operations for data exchange. File Operations | |
| SHCORE.DLL!SHUnicodeToUnicode Copies a Unicode string while ensuring buffer overflow precautions are taken. Memory Management | |
| SHCORE.DLL!SHRegGetValueA Retrieves a registry value from specified keys and subkeys in the Windows registry. Registry Operations | |
| ADVAPI32.DLL!LsaSetTrustedDomainInformation Modifies Policy object information regarding trusted domains- including domain names and passwords. Registry Operations | |
| KERNEL32.DLL!GetThreadPreferredUILanguages Retrieves preferred UI languages for the current thread- related to user interface language management. System Information and Control | |
| KERNEL32.DLL!RegGetKeySecurity Retrieves the security descriptor for a specified registry key- providing information about its access permissions. Registry Operations | |
| SHCORE.DLL!SHAnsiToUnicode Converts strings from ANSI to Unicode- affecting data representation in memory. Memory Management | |
| KERNEL32.DLL!GetVolumeNameForVolumeMountPointW Retrieves a volume GUID path for a specified volume mount point. File Operations | |
| SHLWAPI.DLL!PathGetArgsA Extracts command line arguments from a given path string. File Operations | |
| SHELL32.DLL!SHFileOperationA Handles copying- moving- renaming- or deleting file system objects. File Operations | |
| USER32.DLL!SetWinEventHook Registers a callback function to receive notifications for specified events on specific processes or threads. Hooking and Interception | |
| USER32.DLL!GetProcessDefaultLayout Retrieves the default layout for window creation- affecting how windows display text and graphics. System Information and Control | |
| OLE32.DLL!HACCEL_UserFree64 This function frees resources managed on the server side- indicating memory resource management. Memory Management | |
| USER32.DLL!FlashWindow Flashes the specified window to get user attention without changing its active state. System Information and Control | |
| SHLWAPI.DLL!PathFindFileNameA This function searches for a file name within a given path. File Operations | |
| OLE32.DLL!OleGetClipboardWithEnterpriseInfo Retrieves an IDataObject from the OLE Clipboard with enterprise info- facilitating policy application for clipboard data. System Information and Control | |
| OLE32.DLL!CoTaskMemRealloc Changes the size of a previously allocated block of task memory- managing memory allocation. Memory Management | |
| KERNEL32.DLL!VirtualAlloc Reserves and commits memory in the virtual address space of a process. Memory Management | |
| NTDLL.DLL!RtlIpv6StringToAddressExA Converts IPv6 address string to binary format- facilitating network communication. Network Operations | |
| KERNEL32.DLL!GetUserDefaultLangID Returns the language identifier for the current user's Region Format setting. System Information and Control | |
| USER32.DLL!DestroyWindow Destroys the specified window and its associated resources. Process and Thread Management | |
| COMCTL32.DLL!DSA_InsertItem Inserts an item into a dynamic structure array- which involves memory allocation and manipulation. Memory Management | |
| COMCTL32.DLL!FlatSB_GetScrollPos Retrieves the current thumb position in a flat scroll bar- focusing on UI controls. System Information and Control | |
| SECHOST.DLL!CredEnumerateA Enumerates user credentials associated with a logon session- allowing access to stored credentials. Registry Operations | |
| NTDLL.DLL!NtSetInformationKey This function sets information for a specific registry key in the Windows registry. Registry Operations | |
| OLE32.DLL!HDC_UserMarshal Marshals a graphical device context (HDC) for Remote Procedure Call (RPC) operations. DLL Injection and Manipulation | |
| SHLWAPI.DLL!WhichPlatform Retrieves the type of Shell32.dll indicating platform specifics. System Information and Control | |
| ADVAPI32.DLL!AuditLookupCategoryGuidFromCategoryId Retrieves a GUID structure representing an audit-policy category. System Information and Control | |
| WINDOWS.STORAGE.DLL!SHFlushSFCache Flushes the special folder cache to ensure updated paths are used instead of cached values. Registry Operations | |
| KERNEL32.DLL!MapUserPhysicalPages Maps physical memory pages for a specified address in an AWE region. Memory Management | |
| OLE32.DLL!CoAllowSetForegroundWindow This function transfers foreground privilege between processes- affecting window focus behavior. Hooking and Interception | |
| KERNEL32.DLL!SetThreadpoolThreadMinimum Configures minimum threads in a thread pool for processing callbacks. Process and Thread Management | |
| SHLWAPI.DLL!wnsprintfA Formats a string using variable-length arguments; can lead to potential buffer overruns. Memory Management | |
| WS2_32.DLL!FreeAddrInfoExW Frees dynamically allocated address information structures from GetAddrInfoEx- releasing resources. Network Operations | |
| NTDLL.DLL!RtlTimeToSecondsSince1970 Converts system time to seconds since January 1- 1970. System Information and Control | |
| USER32.DLL!MessageBeep Plays a waveform sound based on registry entries or defaults to a simple beep. System Information and Control | |
| KERNEL32.DLL!AllocateUserPhysicalPagesNuma Allocates physical memory pages for a process in a specified NUMA node. Memory Management | |
| WINDOWS.STORAGE.DLL!SHCreateShellItemArray Creates a Shell item array object for managing collections of Shell items. File Operations | |
| KERNEL32.DLL!CreateThreadpoolTimer Creates a timer object that manages callback execution on expiration. Process and Thread Management | |
| KERNEL32.DLL!RegDisablePredefinedCacheEx Disables handle caching for predefined registry handles to ensure updated access is performed. Registry Operations | |
| GDI32.DLL!STROBJ_vEnumStart This function defines the data structure for GDI output during subsequent enumerations. System Information and Control | |
| KERNEL32.DLL!CreateProcessAsUserW This function creates a new process with a specified user's security context. Process and Thread Management | |
| ADVAPI32.DLL!SaferRecordEventLogEntry This function saves messages related to security violations to the event log. System Information and Control | |
| SHELL32.DLL!SHInvokePrinterCommandA Executes specific commands on printer objects- handling tasks like opening- modifying properties- or installing printers. File Operations | |
| NTDLL.DLL!RtlInterlockedPopEntrySList Removes an item from a singly linked list while ensuring thread safety on a multiprocessor system. Process and Thread Management | |
| KERNEL32.DLL!RegQueryInfoKeyW Retrieves information about a specified registry key- including subkeys and value names. Registry Operations | |
| KERNEL32.DLL!EnterCriticalSection Manages thread access to shared resources by enforcing mutual exclusion through critical sections. Process and Thread Management | |
| KERNEL32.DLL!GetBinaryTypeA Determines if a file is an executable and identifies its subsystem type. File Operations | |
| SHLWAPI.DLL!StrToIntExA Converts a string representation of numbers to an integer- dealing with decimal and hexadecimal formats. System Information and Control | |
| RPCRT4.DLL!RpcServerInqDefaultPrincNameW This function retrieves the default principal name for an authentication service during RPC calls. Network Operations | |
| SHELL32.DLL!PifMgr_SetProperties This function assigns values to data in a .pif file- modifying application properties. File Operations | |
| KERNEL32.DLL!SetSystemPowerState Shuts down system power- suspending operations based on provided parameters. System Information and Control | |
| KERNELBASE.DLL!AreAnyAccessesGranted Tests if requested access rights are granted based on an access mask. System Information and Control | |
| KERNEL32.DLL!LocalReAlloc Changes the size or attributes of a specified local memory object- impacting memory management. Memory Management | |
| COMCTL32.DLL!ImageList_Draw Draws images from an image list to a specified device context- primarily for graphical operations. File Operations | |
| SHLWAPI.DLL!UrlGetPartW Parses a URL string and retrieves specified components- facilitating URL handling in network applications. Network Operations | |
| RPCRT4.DLL!RpcBindingUnbind Unbinds a binding handle from an RPC server- affecting network connectivity. Network Operations | |
| KERNEL32.DLL!Module32Next Retrieves information about the next module associated with a specific process or thread. System Information and Control | |
| SHCORE.DLL!SHReleaseThreadRef This function releases a thread reference- indicating it manages threads. Process and Thread Management | |
| WS2_32.DLL!SetAddrInfoExW Registers or deregisters names and addresses with a namespace provider- enabling networking configurations. Network Operations | |
| RPCRT4.DLL!RpcImpersonateClient This function allows a server thread to impersonate a client for processing remote procedure calls. Process and Thread Management | |
| KERNEL32.DLL!WerRegisterExcludedMemoryBlock Excludes specified memory blocks from Windows Error Reporting- preventing unnecessary data from being included in error reports. Memory Management | |
| ADVAPI32.DLL!CloseEventLog Closes an event log identified by a handle- managing log resource usage. File Operations | |
| SHCORE.DLL!SHEnumKeyExW This function enumerates subkeys of an open registry key. Registry Operations | |
| ADVAPI32.DLL!AccessCheckByTypeResultListAndAuditAlarmByHandleA This function checks access rights against a security descriptor and generates audit messages accordingly. Security Operations | |
| ADVAPI32.DLL!SetNamedSecurityInfoW Sets security information in the descriptor of a specified object- affecting its access controls. Registry Operations | |
| USER32.DLL!InsertMenuItemA Inserts a new menu item at a specified position within a menu- controlling menu structure. System Information and Control | |
| KERNEL32.DLL!PackageFamilyNameFromFullName Retrieves the package family name from a full package name for application management. System Information and Control | |
| USER32.DLL!GetClassInfoExW Retrieves information about a window class and its associated icon handle. System Information and Control | |
| WSOCK32.DLL!WSAUnhookBlockingHook The function involves managing network calls for GUI applications- hence related to network operations. Network Operations | |
| KERNEL32.DLL!GetNumaNodeProcessorMaskEx Retrieves the processor mask for a NUMA node- indicating processor allocation. System Information and Control | |
| GDI32FULL.DLL!GetGlyphIndicesA This function translates a string into glyph indices- related to font and graphic operations. System Information and Control | |
| GDI32.DLL!RemoveFontResourceW Removes specified fonts from the system font table. File Operations | |
| WINMMBASE.DLL!midiOutGetVolume Retrieves the current volume setting of a MIDI output device. System Information and Control | |
| OLEAUT32.DLL!VarCyAbs Retrieves the absolute value of a currency variant- manipulating data types. Memory Management | |
| OLE32.DLL!CStdAsyncStubBuffer_QueryInterface Implements the IRpcStubBuffer::QueryInterface for COM- handling interface queries for RPC stubs. Process and Thread Management | |
| KERNEL32.DLL!SetThreadPriority This function modifies the priority value of a thread- impacting its CPU scheduling behavior. Process and Thread Management | |
| USER32.DLL!wsprintfW Formats and writes data to a buffer- making it a file operation related to text output. File Operations | |
| OLEAUT32.DLL!VarUI4FromI2 Converts short values to unsigned long- primarily handling data type transformations. System Information and Control | |
| GDI32.DLL!SetICMMode Controls image color management state for a device context- enabling or disabling color corrections. System Information and Control | |
| SHLWAPI.DLL!StrChrNW Searches for a character in a string- returning the first occurrence. Primarily involved in string manipulation. Memory Management | |
| KERNEL32.DLL!WaitForDebugEvent Waits for debugging events in a process; crucial for process management during debugging. Process and Thread Management | |
| COMCTL32.DLL!DefSubclassProc This function manages window messages and calls original procedures- fitting process and thread management. Process and Thread Management | |
| KERNEL32.DLL!IsDebuggerPresent This function checks if the current process is under a debugger's control- affecting application behavior. System Information and Control | |
| GraphicsPathIterator::Rewind Resets the iterator to the start of the associated path- allowing for re-traversal of geometric figures. Memory Management | |
| KERNEL32.DLL!Module32FirstW Retrieves information about the first module of a specific process- utilizing process management capabilities. Process and Thread Management | |
| ADVAPI32.DLL!SaferSetPolicyInformation This function sets global security policy controls- affecting system-wide or user-specific settings. System Information and Control | |
| KERNEL32.DLL!InitializeCriticalSection Initializes a critical section object for thread synchronization within a process. Process and Thread Management | |
| WINDOWS.STORAGE.DLL!SHGetPathFromIDListW Converts an item identifier list to a filesystem path. File Operations | |
| WS2_32.DLL!WSCUnInstallNameSpace This function uninstalls a name-space provider in Winsock- influencing network configurations. Network Operations | |
| USER32.DLL!PostMessageA Posts a message to the message queue for a specified window- facilitating inter-thread communication. Hooking and Interception | |
| KERNELBASE.DLL!DeleteAce Deletes an access control entry (ACE) from an access control list (ACL)- managing security permissions. Registry Operations | |
| OLE32.DLL!CoUnmarshalHresult Unmarshals an HRESULT type from a specified stream- facilitating data retrieval. Memory Management | |
| RPCRT4.DLL!RpcNetworkInqProtseqsA Returns supported protocol sequences for RPC communication- ensuring proper network operations. Network Operations | |
| SHLWAPI.DLL!StrCmpNCW Compares characters of two strings with case sensitivity. It is primarily used for string comparison. System Information and Control | |
| ADVAPI32.DLL!CreateProcessWithTokenW Creates a new process under a specified security token- allowing process management in different user contexts. Process and Thread Management | |
| SHLWAPI.DLL!SHRegGetUSValueW Retrieves a value from a user-specific registry subtree- requiring access to the registry data. Registry Operations | |
| OLEAUT32.DLL!VarCyFromI2 Converts a short integer to a currency type value. Cryptographic Operations | |
| COMCTL32.DLL!DSA_EnumCallback Iterates through a dynamic structure array and calls a callback function on each item. System Information and Control | |
| WS2_32.DLL!WSCDeinstallProvider32 This function removes a specified 32-bit transport provider from the system registry. Registry Operations | |
| ADVAPI32.DLL!LsaDeleteTrustedDomain This function removes a trusted domain from the system's list- interacting with Policy and TrustedDomain objects. Registry Operations | |
| WINMMBASE.DLL!waveInStart This function initiates input from a waveform-audio input device- categorizing it under multimedia operations. File Operations | |
| USER32.DLL!CreateMDIWindowA Creates an MDI child window as part of a multiple-document interface. System Information and Control | |
| SHCORE.DLL!SHRegSetPathW Sets a file path value in the registry- utilizing environment variable strings. Registry Operations | |
| ADVAPI32.DLL!GetInheritanceSourceW Retrieves source information about inherited access control entries in an access control list. Registry Operations | |
| KERNELBASE.DLL!SetSecurityDescriptorControl Modifies control bits of a security descriptor- relating to access control and permissions. Registry Operations | |
| GDI32FULL.DLL!PlgBlt Transfers bitmap data from a source rectangle to a destination parallelogram in device contexts. File Operations | |
| USER32.DLL!OpenClipboard Opens and locks the clipboard for access by a specific application. System Information and Control | |
| GDI32FULL.DLL!GetMetaFileW Creates a handle for metafiles; involves file operations for accessing metafile data. File Operations | |
| USER32.DLL!UnregisterClassW Unregisters a window class and frees associated memory. Process and Thread Management | |
| SHLWAPI.DLL!PathCompactPathExA Truncates a file path to fit a character limit- modifying the output string representation. File Operations | |
| OLE32.DLL!OleSetClipboard Places a pointer to a data object onto the clipboard for access by other applications. System Information and Control | |
| KERNEL32.DLL!RtlRaiseException Raises a software exception and captures the machine state of the current thread. System Information and Control | |
| SECHOST.DLL!CredIsProtectedW Checks if specified credentials are encrypted using the CredProtect function. Cryptographic Operations | |
| RTMPAL.DLL!EventRegister Registers an ETW event provider- creating a handle for writing ETW events. System Information and Control | |
| KERNELBASE.DLL!PerfSetULongLongCounterValue Updates an 8-byte unsigned integer counter for performance monitoring. System Information and Control | |
| SHLWAPI.DLL!StrFromTimeIntervalA Converts a time interval from milliseconds to a string representation. System Information and Control | |
| KERNEL32.DLL!EnumResourceTypesExW Enumerates resource types in binary modules; aids in managing and accessing module resources. System Information and Control | |
| WS2_32.DLL!WSAWaitForMultipleEvents This function waits for the specified event handles- which involves network operations for asynchronous I/O. Network Operations | |
| GDI32FULL.DLL!DPtoLP Converts device coordinates to logical coordinates based on device context- viewport- and transformations. System Information and Control | |
| WS2_32.DLL!WSASetServiceA Registers or removes a networking service instance in specified namespaces. Network Operations | |
| SHLWAPI.DLL!StrFormatKBSizeW Converts numeric values to kilobyte size strings for display purposes. System Information and Control | |
| COMCTL32.DLL!ImageList_Replace Replaces an image in an image list- manipulating UI resources in memory. DLL Injection and Manipulation | |
| ADVAPI32.DLL!ReportEventW Logs an entry to the event log associated with a specific source handle. System Information and Control | |
| WINDOWS.STORAGE.DLL!SHTestTokenMembership Tests if a given token belongs to a local group by checking membership. System Information and Control | |
| GDI32FULL.DLL!Rectangle Draws a rectangle using device contexts; related to graphics rendering rather than file or network operations. System Information and Control | |
| SECHOST.DLL!CredMarshalCredentialW This function transforms credentials into a marshaled text string for API usage. Cryptographic Operations | |
| OLE32.DLL!HGLOBAL_UserUnmarshal Unmarshals a HGLOBAL object from an RPC buffer for inter-process communication. Memory Management | |
| KERNEL32.DLL!DeleteFileTransactedW Deletes a file as part of a transaction. It directly manipulates file systems. File Operations | |
| KERNEL32.DLL!GetBinaryTypeW Determines if a file is an executable and identifies its subsystem type. File Operations | |
| NTDLL.DLL!RtlIpv4AddressToStringA Converts an IPv4 address to a string in dotted-decimal format- related to network operations. Network Operations | |
| GDI32FULL.DLL!GdiSetBatchLimit Sets the maximum number of GDI function calls to be accumulated in a thread's current batch. System Information and Control | |
| KERNEL32.DLL!TransactNamedPipe Combines reading and writing operations on a named pipe into a single function call. Network Operations | |
| SHLWAPI.DLL!SHRegEnumUSKeyW This function enumerates subkeys in a user-specific registry subtree. Registry Operations | |
| KERNELBASE.DLL!ObjectCloseAuditAlarmW Generates an audit message for security events when private object handles are deleted. System Information and Control | |
| GDI32FULL.DLL!SetDCPenColor Sets the pen color in a device context- related to graphical operations. System Information and Control | |
| KERNEL32.DLL!EnumSystemGeoNames Enumerates geographical location codes for international standards- interacting with system resources for location identification. System Information and Control | |
| KERNEL32.DLL!SetEnvironmentStringsW Sets the environment strings for the current process- managing process-specific environment variables. Process and Thread Management | |
| IWiaLogEx::Log This method logs information- potentially related to system events or operations. System Information and Control | |
| SHLWAPI.DLL!PathIsRootW Determines if a given path string refers to the volume's root. File Operations | |
| RPCRT4.DLL!RpcServerUseProtseqIfExW This function registers a protocol sequence for remote procedure calls- involving network communication endpoints. Network Operations | |
| RPCRT4.DLL!RpcSsDestroyClientContext Destroys a context handle associated with RPC without contacting the server- freeing client resources. Memory Management | |
| KERNEL32.DLL!SwitchToFiber Schedules a different fiber for execution- managing execution context. Process and Thread Management | |
| WINDOWS.STORAGE.DLL!SHChangeNotify Notifies the system of changes that may affect the Shell- such as file operations. File Operations | |
| OLEAUT32.DLL!BSTR_UserSize64 Determines the memory size required for a BSTR object in RPC operations. Memory Management | |
| KERNEL32.DLL!TryAcquireSRWLockExclusive Acquires a slim reader/writer lock- managing thread synchronization. Process and Thread Management | |
| SECHOST.DLL!ControlTraceW This function controls event tracing sessions- including stopping- flushing- and querying information. System Information and Control | |
| KERNEL32.DLL!WriteFileGather Retrieves data from multiple buffers and asynchronously writes it to a specified file. File Operations | |
| WS2_32.DLL!WSCInstallNameSpace Installs a namespace provider for Winsock supporting DLLs. Requires administrative privileges for operation. DLL Injection and Manipulation | |
| SHLWAPI.DLL!UrlApplySchemeA Determines and applies a scheme prefix to a URL string. Network Operations | |
| KERNEL32.DLL!RegOpenKeyExW Opens a specified registry key- allowing access to its values and settings. Registry Operations | |
| USER32.DLL!GetMouseMovePointsEx Retrieves previous mouse coordinates history for processing user input. System Information and Control | |
| KERNEL32.DLL!ReOpenFile Reopens a file with new access rights and sharing modes. File Operations | |
| WINMMBASE.DLL!auxGetDevCapsW Retrieves capabilities of an auxiliary output device- indicating device functionality. System Information and Control | |
| SHLWAPI.DLL!PathCommonPrefixW Compares two file paths to find a shared common prefix- thus dealing with file system operations. File Operations | |
| KERNEL32.DLL!CloseThreadpoolWork Releases and cleans up resources associated with a thread pool work object. Process and Thread Management | |
| ADVAPI32.DLL!OpenEncryptedFileRawA Opens an encrypted file for backup or restoration- managing file access to encrypted content. File Operations | |
| WINMMBASE.DLL!waveOutGetVolume Retrieves the volume level of a waveform-audio output device. System Information and Control | |
| KERNEL32.DLL!VirtualFree Releases or decommits memory within a process's virtual address space. Memory Management | |
| KERNEL32.DLL!GetUserDefaultGeoName Returns the default geographical location code of the user- pertinent for localization and internationalization. System Information and Control | |
| GDI32FULL.DLL!GetNearestPaletteIndex This function retrieves the index of a color from a logical palette- relating to graphical color operations. File Operations | |
| NTDLL.DLL!RtlGrowFunctionTable Reports an increase in size of a dynamic function table- related to process and memory management. Memory Management | |
| RPCRT4.DLL!RpcExceptionFilter Determines if an exception during RPC calls is fatal or non-fatal to manage error handling. Process and Thread Management | |
| KERNEL32.DLL!SetUmsThreadInformation Sets context information for a user-mode scheduling worker thread specific to the application. Process and Thread Management | |
| WINMMBASE.DLL!mmioAscend This function ascends out of a chunk in a RIFF file- involving file manipulation. File Operations | |
| SHELL32.DLL!SHDefExtractIconW Extracts an icon from a specified file for use in applications. File Operations | |
| WMI.DLL!GetTraceEnableFlags Retrieves enable flags for event tracing- indicating which event categories to trace. System Information and Control | |
| KERNEL32.DLL!DisassociateCurrentThreadFromCallback This function manages thread associations for callback execution- affecting thread management in thread pools. Process and Thread Management | |
| WINMMBASE.DLL!midiStreamPosition Retrieves the current position in a MIDI stream- relevant for media control operations. System Information and Control | |
| KERNEL32.DLL!GetDiskFreeSpaceExA Retrieves information about available disk space on a volume. File Operations | |
| KERNEL32.DLL!GetFileMUIPath Retrieves the path to language-specific resource files for a given file. File Operations | |
| USER32.DLL!ClipCursor Confines the cursor's movement to a specified screen area- affecting user input control. System Information and Control | |
| WINMMBASE.DLL!waveOutWrite The function sends audio data to a waveform output device- indicating a multimedia-related operation. File Operations | |
| KERNEL32.DLL!GetTempPath2A Retrieves the path for temporary files based on process privileges. File Operations | |
| USER32.DLL!SetThreadDesktop Assigns a specified desktop to the calling thread affecting desktop operations and access rights. Process and Thread Management | |
| USER32.DLL!GetDisplayAutoRotationPreferences Retrieves screen auto-rotation preferences for the current process- affecting display behavior based on user settings. System Information and Control | |
| RPCRT4.DLL!RpcAsyncGetCallStatus Determines the status of an asynchronous remote procedure call. Network Operations | |
| KERNEL32.DLL!VirtualProtectEx Changes memory protection for pages in the virtual address space of a specified process. Memory Management | |
| GDI32FULL.DLL!GetLayout Retrieves the layout of a device context to determine text and graphics order. System Information and Control | |
| KERNELBASE.DLL!CopySid Copies a security identifier (SID) to a buffer- which is part of security management. Registry Operations | |
| USER32.DLL!SetCursorPos Moves the screen cursor to specified coordinates on the desktop. System Information and Control | |
| USER32.DLL!EnableMouseInPointer Enables the mouse to function as a pointer device- impacting input handling. System Information and Control | |
| OLE32.DLL!OleCreateFromFile Creates an embedded object from a specified file- involving file operations for initialization. File Operations | |
| SHLWAPI.DLL!PathRemoveArgsW This function removes command-line arguments from a specified file path- strictly related to file handling. File Operations | |
| KERNEL32.DLL!RtlDeleteFunctionTable Removes a dynamic function table from the list used for stack unwinding. Process and Thread Management | |
| KERNEL32.DLL!CloseThreadpoolTimer Releases a timer object in a thread pool- managing resources associated with asynchronous callbacks. Process and Thread Management | |
| GDI32FULL.DLL!GdiFlush GdiFlush flushes the batch of GDI drawing functions for the current thread. Process and Thread Management | |
| KERNEL32.DLL!GetProfileIntA Retrieves an integer from a key in the Win.ini file- accessing configuration settings. Registry Operations | |
| KERNEL32.DLL!FileTimeToDosDateTime Converts file time to MS-DOS date and time values. File Operations | |
| GDI32FULL.DLL!SetMetaRgn Intersects and saves the combined clipping region for a device context. System Information and Control | |
| ID2D1ColorContext::GetColorSpace Retrieves the color space of the color context's ICC profile. System Information and Control | |
| OLEAUT32.DLL!VarUI4FromDisp Converts an IDispatch instance's default property to an unsigned long- focusing on data handling. Memory Management | |
| OLEAUT32.DLL!VarUI2FromStr Converts an OLECHAR string to an unsigned short- relevant for data type management. Memory Management | |
| OLEAUT32.DLL!VarR4FromI4 Converts a long integer to a float value for use in applications. Memory Management | |
| KERNEL32.DLL!RegLoadKeyW Loads registry hive data into a specified subkey under HKEY_USERS or HKEY_LOCAL_MACHINE. Registry Operations | |
| OLE32.DLL!OleCreateLinkEx Extends OLE functionality for creating links to objects within storage containers. Process and Thread Management | |
| KERNEL32.DLL!GetDllDirectoryW Retrieves the DLL search path specific to the application- aiding in dynamic linking. DLL Injection and Manipulation | |
| KERNEL32.DLL!RegSetValueExA This function sets a specified value's data under a registry key. Registry Operations | |
| WINDOWS.STORAGE.DLL!SHILCreateFromPath Converts a file path to an item identifier list (PIDL) for use in the Windows shell. File Operations | |
| GDI32FULL.DLL!GetPolyFillMode Retrieves the current polygon fill mode for rendering graphics. System Information and Control | |
| KERNEL32.DLL!CompareStringOrdinal Compares two Unicode strings for binary equivalence. System Information and Control | |
| KERNEL32.DLL!SetDllDirectoryA Modifies the DLL search path for applications- impacting subsequent DLL loading operations. DLL Injection and Manipulation | |
| WINDOWS.STORAGE.DLL!ILCombine Combines two ITEMIDLIST structures to form a single identifier list. File Operations | |
| COMCTL32.DLL!ImageList_SetIconSize Sets dimensions for images in an image list- affecting how images are displayed. Memory Management | |
| SHCORE.DLL!IStream_Write This function writes data to a specified stream- indicating file operations. File Operations | |
| USER32.DLL!GetWindowRgn This function retrieves the window region- which affects drawing within a window. System Information and Control | |
| KERNEL32.DLL!InstallELAMCertificateInfo Installs certificate information for anti-malware services- focusing on security and access control. Registry Operations | |
| USER32.DLL!RegisterTouchHitTestingWindow Registers a window to process touch input notifications related to hit testing. System Information and Control | |
| SHLWAPI.DLL!PathRemoveExtensionW Removes the file extension from a specified path- relating to file management operations. File Operations | |
| USER32.DLL!UnpackDDElParam Unpacks lParam from a DDE message- facilitating data exchange between applications. Network Operations | |
| GDI32.DLL!CLIPOBJ_cEnumStart Sets parameters for enumerating rectangles in a clip region- primarily related to drawing operations. System Information and Control | |
| OLEAUT32.DLL!VarI2FromDisp Converts IDispatch instance property to short value- involving type conversion. Memory Management | |
| KERNEL32.DLL!MapViewOfFile Maps a view of a file into the calling process's address space- involving memory operations. Memory Management | |
| KERNEL32.DLL!FoldStringA Transforms one Unicode string to another using specified flags- dealing with string mapping. Cryptographic Operations | |
| WSOCK32.DLL!WSAAsyncGetProtoByName Asynchronously retrieves protocol info based on a protocol name- facilitating network operations. Network Operations | |
| SHELL32.DLL!SHGetFileInfoA Retrieves information about a file system object- primarily used for file metadata and attributes retrieval. File Operations | |
| ADVAPI32.DLL!ReportEventA Logs an event to the specified event log- recording information such as type and category. System Information and Control | |
| USER32.DLL!GetClipboardSequenceNumber Retrieves clipboard sequence number- indicating clipboard activity for the current window station. System Information and Control | |
| OLE32.DLL!CreateClassMoniker This function creates a class moniker that binds to a specific class- facilitating object instantiation. DLL Injection and Manipulation | |
| WS2_32.DLL!WSCSetProviderInfo32 This function sets information for a layered service provider- influencing network behavior and categorization. Network Operations | |
| GDI32FULL.DLL!GetOutlineTextMetricsA Retrieves text metrics for TrueType fonts- focusing on graphical device interface details. System Information and Control | |
| OLEAUT32.DLL!OleSavePictureFile Saves a picture object to a specified file on disk. File Operations | |
| USER32.DLL!CharPrevW Retrieves a pointer to the preceding character in a string- essential for string manipulation. Memory Management | |
| USER32.DLL!CountClipboardFormats Retrieves the number of different data formats currently on the clipboard. System Information and Control | |
| KERNEL32.DLL!NormalizeString Normalizes text strings according to Unicode standards- focusing on character representation and format. Memory Management | |
| WINDOWS.STORAGE.DLL!SHCreateItemFromRelativeName Initializes a Shell item from a relative name- involving file system item creation. File Operations | |
| KERNEL32.DLL!ProcessIdToSessionId Retrieves the session associated with a specified process- indicating a management function for process sessions. Process and Thread Management | |
| OLEAUT32.DLL!VarCyFromUI4 Converts an unsigned long value to a currency value- impacting data type conversion. Memory Management | |
| OLEAUT32.DLL!VariantCopyInd Copies a source variant to a destination variant- managing memory. Memory Management | |
| GDI32FULL.DLL!MaskBlt Combines color data from source and destination bitmaps using masks- primarily for graphics operations. File Operations | |
| GDI32FULL.DLL!EngCreatePalette Creates an RGB palette by requesting GDI to do so. System Information and Control | |
| GDI32FULL.DLL!ResizePalette This function alters the size of a logical palette for graphical operations. Memory Management | |
| WINDOWS.STORAGE.DLL!SHOpenFolderAndSelectItems This function opens a folder in Explorer and pre-selects specified items. File Operations | |
| USER32.DLL!GetClassWord Retrieves a value from extra class memory for a specified window class. System Information and Control | |
| COMCTL32.DLL!ImageList_DragShowNolock This function shows or hides images during a drag-and-drop operation in the UI. System Information and Control | |
| KERNEL32.DLL!GlobalUnlock Decrements the lock count for a movable memory object- indicating memory management operation. Memory Management | |
| OLEAUT32.DLL!RevokeActiveObject Ends an object's active status- managing its lifecycle in automation. Process and Thread Management | |
| OLEAUT32.DLL!SafeArrayGetLBound Retrieves the lower bound index for a specified dimension of a safe array. Memory Management | |
| KERNEL32.DLL!EnumLanguageGroupLocalesA Enumerates locales in a specific language group using a callback function. System Information and Control | |
| OLEAUT32.DLL!VarCyFromI4 Converts a long value to a currency value- involved in data type conversion. Memory Management | |
| WS2_32.DLL!ProcessSocketNotifications Enables retrieval of socket state notifications via an I/O completion port. Network Operations | |
| WINMMBASE.DLL!mmioClose Closes a file opened by mmioOpen- managing file operations. File Operations | |
| KERNEL32.DLL!GetSystemCpuSetInformation Queries available CPU Sets on the system and their current state. System Information and Control | |
| GDI32FULL.DLL!Polyline Draws line segments connecting specified points in a device context. System Information and Control | |
| GDI32FULL.DLL!ExtCreatePen Creates a logical cosmetic or geometric pen with specified style and attributes. DLL Injection and Manipulation | |
| CHOOSECOLORW Structure for initializing the color dialog box and retrieving user-selected colors. System Information and Control | |
| USER32.DLL!SetUserObjectInformationW Sets information about window station or desktop objects- influencing their behavior and properties. System Information and Control | |
| OLEAUT32.DLL!VarBstrFromI4 Converts a long value to a BSTR value. Memory Management | |
| VERTDLL.DLL!RtlNtStatusToDosError Converts NTSTATUS to system error codes for handling Windows errors. System Information and Control | |
| RPCRT4.DLL!CStdStubBuffer_AddRef Implements the IRpcStubBuffer::AddRef method for reference counting operations in RPC. Process and Thread Management | |
| WINMMBASE.DLL!waveOutReset Stops playback on a waveform-audio output device and resets playback position- managing audio processes. Process and Thread Management | |
| USER32.DLL!GetPointerFrameInfoHistory Retrieves a history of pointer input frames for specified pointers in the context of user input messages. System Information and Control | |
| GDI32FULL.DLL!PathToRegion Converts a closed path into a region in a device context for graphical operations. Memory Management | |
| KERNEL32.DLL!CreateSymbolicLinkTransactedW Creates a symbolic link as part of a transaction- affecting file system management. File Operations | |
| GDI32FULL.DLL!SelectObject Selects an object into a device context- affecting how graphics are rendered. System Information and Control | |
| SHELL32.DLL!SHCreateShellFolderViewEx Creates a Shell folder view object- pertinent to the user interface. System Information and Control | |
| KERNEL32.DLL!RegisterBadMemoryNotification This function registers a callback for notifications about bad memory pages- indicating memory management functions. Memory Management | |
| SHLWAPI.DLL!StrCmpNA Compares two strings for equality- used for string manipulation in software. System Information and Control | |
| ADVAPI32.DLL!ReadEventLogA Reads specified entries from an event log in chronological or reverse order. System Information and Control | |
| RPCRT4.DLL!MesDecodeIncrementalHandleCreate Creates a decoding handle for incremental serialization- managing memory for data processing. Memory Management | |
| KERNEL32.DLL!LocalFlags Retrieves information about a local memory object- including allocation values and lock counts. Memory Management | |
| OLEAUT32.DLL!SafeArraySetRecordInfo Sets record information within a safe array- affecting in-memory data structures. Memory Management | |
| WSOCK32.DLL!WSAAsyncGetProtoByNumber Asynchronously retrieves protocol information using a protocol number- involving network communication. Network Operations | |
| OLEAUT32.DLL!VarMod This function handles and manipulates data types- specifically variants in calculation. Memory Management | |
| OLEAUT32.DLL!VarUI1FromUI8 Converts an 8-byte unsigned integer to a byte value- affecting data representation. Memory Management | |
| OLE32.DLL!OleCreateStaticFromData Creates a static OLE object from a data transfer object without native data. DLL Injection and Manipulation | |
| USER32.DLL!IsGUIThread Checks if the calling thread is a GUI thread- can convert it if necessary. Process and Thread Management | |
| OLEAUT32.DLL!OleLoadPictureEx Initializes a picture object from a stream- related to graphics handling in COM. Memory Management | |
| USER32.DLL!CallWindowProcW Passes messages to window procedures- facilitating message handling and window subclassing processes. Hooking and Interception | |
| USER32.DLL!DdeAccessData Provides access to data within a DDE object for read and write operations. Memory Management | |
| WINDOWS.STORAGE.DLL!SHCreateShellItemArrayFromIDLists Creates a Shell item array from ITEMIDLIST structures- essential for file system management. File Operations | |
| ITargetInfo::LoadModule This function loads a module from a specified offline location. Process and Thread Management | |
| OLEAUT32.DLL!VarUI2FromI8 Converts an 8-byte integer to an unsigned short- relating to type conversion rather than direct data manipulation. Memory Management | |
| KERNEL32.DLL!SetSystemFileCacheSize Limits the size of the working set for the file system cache- affecting memory usage. Memory Management | |
| IMDSPDevice3::DeviceIoControl This method calls device I/O control- allowing communication with device drivers. System Information and Control | |
| GDI32FULL.DLL!GetCharABCWidthsI Retrieves widths of glyphs from the current TrueType font for display purposes. System Information and Control | |
| RPCRT4.DLL!I_RpcExceptionFilter This function determines if an exception is fatal- relating to process exception handling. Process and Thread Management | |
| GDI32.DLL!XLATEOBJ_cGetPalette This function retrieves RGB colors or bitfields from a specific palette- relating to color information retrieval. System Information and Control | |
| OLEAUT32.DLL!VarBoolFromUI2 Converts an unsigned short to a Boolean value- involved in data type handling. Memory Management | |
| OLEAUT32.DLL!GetRecordInfoFromTypeInfo Retrieves a pointer to IRecordInfo from type information- indicating control and information handling. System Information and Control | |
| ADVAPI32.DLL!LookupSecurityDescriptorPartsA Retrieves security information from a self-relative security descriptor including owner and group details. Registry Operations | |
| OLEAUT32.DLL!HWND_UserUnmarshal This function is likely involved in the marshaling of HWND handles across process boundaries. Process and Thread Management | |
| KERNEL32.DLL!GetCommTimeouts Retrieves time-out parameters for read and write operations on communications devices. File Operations | |
| KERNEL32.DLL!SetComputerNameExW Changes the local computer's NetBIOS or DNS name. Requires administrator privileges. System Information and Control | |
| OLEAUT32.DLL!VarI4FromDec Converts a decimal value to a long value primarily for data type manipulation. Memory Management | |
| SHLWAPI.DLL!PathGetCharTypeA Determines the type of character in a file path- assisting in file-related operations. File Operations | |
| OLE32.DLL!NdrProxyForwardingFunction3 Stub function facilitating COM proxy operations for interface marshaling. DLL Injection and Manipulation | |
| KERNEL32.DLL!GetStartupInfoW Retrieves startup information for the calling process- related to process creation. Process and Thread Management | |
| ADVAPI32.DLL!RegQueryValueW Retrieves data from a specified registry key- which is essential for accessing system configuration settings. Registry Operations | |
| GDI32FULL.DLL!SetWinMetaFileBits Converts a Windows metafile to an enhanced format and stores it in memory. Memory Management | |
| KERNEL32.DLL!GetDiskFreeSpaceW Retrieves information about free disk space- including clusters and sectors. File Operations | |
| OLEAUT32.DLL!SysReAllocString Reallocates memory for strings- managing memory for dynamic allocation tasks. Memory Management | |
| KERNEL32.DLL!PowerClearRequest Decrements power request counts for specified types- managing system power states. System Information and Control | |
| SHELL32.DLL!DoEnvironmentSubstA Parses an input string for environment variable references and expands them to their values. System Information and Control | |
| KERNELBASE.DLL!PerfCreateInstance Creates an instance of a counter set for performance monitoring. System Information and Control | |
| KERNEL32.DLL!lstrcmpiW Compares two Unicode character strings in a case-insensitive manner. System Information and Control | |
| KERNEL32.DLL!ExecuteUmsThread This function runs a specified user-mode scheduling worker thread- managing its execution context. Process and Thread Management | |
| OLEAUT32.DLL!VarR8FromI4 Converts a long value to a double value- involving type coercion. Memory Management | |
| SECHOST.DLL!CredWriteW Creates or modifies user credentials in the credential set. Registry Operations | |
| OLE32.DLL!CoRegisterInitializeSpy Registers an IInitializeSpy implementation for handling COM apartment initialization and cleanup. Process and Thread Management | |
| KERNEL32.DLL!CreateMemoryResourceNotification Creates a memory resource notification object to manage memory usage based on system conditions. Memory Management | |
| KERNEL32.DLL!GetLocalTime Retrieves the current local date and time. System Information and Control | |
| WSOCK32.DLL!sendto This function is used to send data to a specified network address via a socket. Network Operations | |
| USER32.DLL!EnumThreadWindows Enumerates all nonchild windows associated with a thread- requiring a callback function for processing. Process and Thread Management | |
| KERNELBASE.DLL!GetSecurityDescriptorLength Returns the length of a valid security descriptor structure. System Information and Control | |
| SECHOST.DLL!CredIsProtectedA Determines if specified credentials are encrypted by previous security function calls. Cryptographic Operations | |
| ADVAPI32.DLL!RegDeleteKeyA Deletes a specified subkey and its values from the Windows Registry. Registry Operations | |
| USER32.DLL!CreateAcceleratorTableW Creates an accelerator table for keyboard shortcuts. System Information and Control | |
| KERNEL32.DLL!GetCurrencyFormatW Formats a number string as a currency string based on the specified locale identifier. System Information and Control | |
| KERNEL32.DLL!GetApplicationRecoveryCallback Retrieves a callback routine for process recovery- indicating process management. Process and Thread Management | |
| OLEAUT32.DLL!VarI8FromR4 Converts a float to an 8-byte integer- involving type conversion and memory usage. Memory Management | |
| SHLWAPI.DLL!PathRemoveBackslashA Removes a trailing backslash from a specified file path. File Operations | |
| OLEAUT32.DLL!VarI4FromDate Converts a date to a long value- relating to data manipulation. Memory Management | |
| KERNEL32.DLL!FindNextStreamW Continues searching for streams in a file- complementing FindFirstStreamW to handle file streams. File Operations | |
| WINDOWS.STORAGE.DLL!SHGetSetSettings This function sets or retrieves Shell state settings related to user interface configuration. System Information and Control | |
| OLEAUT32.DLL!VarCyFromDisp Converts IDispatch instance properties to currency values- relating to data manipulation. Memory Management | |
| KERNEL32.DLL!GetDiskFreeSpaceA Retrieves disk information- including free space data for the specified disk. File Operations | |
| USER32.DLL!SetCoalescableTimer Creates and manages a timer for specific time-out value with coalescing option. Process and Thread Management | |
| USER32.DLL!ToAsciiEx Translates virtual-key codes to characters based on keyboard state and layout. System Information and Control | |
| SHLWAPI.DLL!SHRegDeleteUSValueW This function deletes a registry subkey value- indicating operations on the Windows registry. Registry Operations | |
| USER32.DLL!GetWindowLongW Retrieves information about a specific window- including styles and associated data. System Information and Control | |
| KERNEL32.DLL!SetEndOfFile This function changes a file's size to the current position of the file pointer. File Operations | |
| KERNEL32.DLL!TzSpecificLocalTimeToSystemTime Converts local time to UTC- affecting system time calculations. System Information and Control | |
| SECHOST.DLL!OpenSCManagerW Establishes a connection to the service control manager for managing services. System Information and Control | |
| GDI32FULL.DLL!PlayEnhMetaFileRecord Plays enhanced metafile records by executing GDI functions- facilitating graphics operations. File Operations | |
| USER32.DLL!GetClassNameA Retrieves the class name of a specified window- related to window management. System Information and Control | |
| COMCTL32.DLL!DPA_SetPtr Assigns a value to an item in a dynamic pointer array- managing memory allocation as needed. Memory Management | |
| USER32.DLL!GetSysColorBrush Retrieves a logical brush handle for painting with system colors. System Information and Control | |
| KERNEL32.DLL!SetHandleCount This function modifies the number of file handles a process can use- thus categorized under File Operations. File Operations | |
| ADVAPI32.DLL!SaferGetLevelInformation Retrieves information about a policy level- including identifiers and descriptions. System Information and Control | |
| WINMMBASE.DLL!midiOutGetNumDevs This function retrieves the number of MIDI output devices- providing system information about multimedia devices. System Information and Control | |
| KERNEL32.DLL!GetVersionExA Retrieves the version of the operating system; determines system information for compatibility. System Information and Control | |
| OLE32.DLL!CoSetMessageDispatcher Registers/unregisters a thread-specific message dispatcher for dealing with window messages in COM APIs. Hooking and Interception | |
| GDI32FULL.DLL!CreateDCA Creates a device context for a specific output device- facilitating graphic operations. System Information and Control | |
| IDXGIObject::GetParent Retrieves the parent object of the current DXGI object. System Information and Control | |
| OLEAUT32.DLL!VarFormatDateTime Formats a variant containing date and time information into a string representation. System Information and Control | |
| OLEAUT32.DLL!VarFormatPercent Formats a variant containing percentage values into a string format using specified parameters. System Information and Control | |
| USER32.DLL!EqualRect Compares two rectangle coordinates to determine equality. System Information and Control | |
| OLEAUT32.DLL!VarCyFromI1 Converts a char value to a currency value- performing a type conversion operation. Cryptographic Operations | |
| COMCTL32.DLL!DSA_DeleteItem Deletes an item from a dynamic structure array in memory. Memory Management | |
| ADVAPI32.DLL!RegCopyTreeA Copies a registry key and its subkeys to a destination- affecting registry structure. Registry Operations | |
| KERNEL32.DLL!TerminateProcess This function unconditionally terminates a specified process and its threads. Process and Thread Management | |
| KERNEL32.DLL!VirtualAllocExNuma Allocates or reserves memory in a specified process's virtual address space- with NUMA node support. Memory Management | |
| KERNEL32.DLL!GetActiveProcessorGroupCount Returns the number of active processor groups in the system. System Information and Control | |
| NTDLL.DLL!RtlInitializeSListHead Initializes the head of a singly linked list for system use- related to memory management structures. Memory Management | |
| OLEAUT32.DLL!VarPow Computes the power of two variant values and returns the result. System Information and Control | |
| WSOCK32.DLL!WSAAsyncGetHostByName Asynchronously retrieves host information corresponding to a host name- involving network queries. Network Operations | |
| OLEAUT32.DLL!SafeArrayAllocDescriptor Allocates memory for a safe array descriptor- requiring memory management for array structures. Memory Management | |
| OLEAUT32.DLL!VarI2FromI4 Converts long values to short values; primarily related to data type conversion. Memory Management | |
| KERNEL32.DLL!GetThreadEnabledXStateFeatures This function retrieves XState features enabled for the current thread. Process and Thread Management | |
| USER32.DLL!GetKeyboardLayoutNameA Retrieves the name of the active keyboard layout for the calling thread. System Information and Control | |
| OLEAUT32.DLL!VarBoolFromUI4 Converts an unsigned long value to a Boolean- which involves type conversion. Memory Management | |
| RPCRT4.DLL!RpcProtseqVectorFreeA Frees memory allocated for a vector of protocol sequences used in RPC communication. Memory Management | |
| OLEAUT32.DLL!VarR4FromUI1 Converts an unsigned char to a float- handling data types. Memory Management | |
| USER32.DLL!GetWindowTextA Retrieves text from a specified window's title bar or control into a buffer. System Information and Control | |
| COMDLG32.DLL!GetOpenFileNameW Creates an Open dialog box for users to select files. File Operations | |
| USER32.DLL!LoadIconW Loads an icon resource from an executable file or DLL- returning a handle to the icon. File Operations | |
| OLEAUT32.DLL!VarEqv Performs bitwise equivalence on two variants- involved in data comparison and manipulation. DLL Injection and Manipulation | |
| SHLWAPI.DLL!UrlEscapeW Converts unsafe characters in a URL into escape sequences for safe transport across the Internet. Network Operations | |
| KERNEL32.DLL!GetWindowsDirectoryW Retrieves the path of the Windows directory for system information purposes. System Information and Control | |
| KERNEL32.DLL!GetEnvironmentStrings This function retrieves environment variables specific to the current process. System Information and Control | |
| WINMMBASE.DLL!mixerClose Closes the specified mixer device- invalidating its handle. System Information and Control | |
| SHCORE.DLL!SHDeleteKeyA Deletes a registry subkey and its values- affecting system settings. Registry Operations | |
| WINDOWS.STORAGE.DLL!SHGetKnownFolderIDList Retrieves the path of known folders as an ITEMIDLIST structure- accessing folder locations based on user context. File Operations | |
| KERNEL32.DLL!GetFileInformationByHandleEx Retrieves detailed information about a specified file using its handle. File Operations | |
| RPCRT4.DLL!RpcNsBindingInqEntryNameW Returns the entry name associated with a binding handle from the RPC name service database. Network Operations | |
| USER32.DLL!SetClassLongPtrA Replaces values in extra class memory or WNDCLASSEX structure- affecting window procedures. DLL Injection and Manipulation | |
| KERNEL32.DLL!CreateDirectoryW This function creates a new directory in the file system. File Operations | |
| USER32.DLL!GetAltTabInfoW Retrieves status information for the application-switching window- reflecting system user interface states. System Information and Control | |
| KERNEL32.DLL!CreatePrivateNamespaceA This function creates a private namespace that isolates objects for protection and management. System Information and Control | |
| SECHOST.DLL!LsaFreeMemory Frees memory allocated by LSA functions- thus managing memory resources effectively. Memory Management | |
| KERNEL32.DLL!VirtualLock Locks a region of virtual memory into physical memory to prevent page faults. Memory Management | |
| OLEAUT32.DLL!VarBstrCmp Compares two BSTR string variants for equality or order. System Information and Control | |
| KERNEL32.DLL!FindFirstFileExW Searches for files or subdirectories in a directory based on specified attributes. File Operations | |
| OLEAUT32.DLL!SysAllocStringLen Allocates memory for a string and handles string manipulation. Memory Management | |
| RPCRT4.DLL!RpcNetworkInqProtseqsW Returns supported protocol sequences for RPC- essential in managing network communication. Network Operations | |
| WS2_32.DLL!WSASend Sends data on a connected socket- allowing for multiple buffer operations and overlapped I/O. Network Operations | |
| KERNEL32.DLL!GetThreadErrorMode Retrieves the error mode of the calling thread- affecting its error handling behavior. System Information and Control | |
| COMDLG32.DLL!GetSaveFileNameW Creates a Save dialog for user to specify a file’s name and location. File Operations | |
| USER32.DLL!GetKBCodePage Retrieves the current OEM code page identifier for the system. System Information and Control | |
| RPCRT4.DLL!RpcSsDisableAllocate Frees resources and memory within the RPC stub memory management environment. Memory Management | |
| SHLWAPI.DLL!PathStripToRootA This function removes all elements in a file path except for the root information- dealing with file manipulation. File Operations | |
| SHELL32.DLL!CDefFolderMenu_Create2 Creates a context menu for file folder objects- impacting file operation functionalities. File Operations | |
| WS2_32.DLL!WSALookupServiceBeginA Initiates a client query for network service name resolution using Winsock. Network Operations | |
| KERNEL32.DLL!CompareStringA Compares two character strings based on locale- affecting application security via string validation issues. System Information and Control | |
| WINDOWS.STORAGE.DLL!ILSaveToStream Saves ITEMIDLIST structure data to a stream- involving input/output operations. File Operations | |
| ADVAPI32.DLL!RegEnableReflectionKey Restores registry reflection for a specified disabled key- impacting registry operations. Registry Operations | |
| COMCTL32.DLL!ImageList_GetDragImage Retrieves a temporary image list for drag operations along with drag position information. System Information and Control | |
| WS2_32.DLL!WSASetEvent Sets the state of an event object to signaled for managing asynchronous network operations. Network Operations | |
| SECHOST.DLL!CredWriteDomainCredentialsW This function writes domain credentials to the user's credential set. Registry Operations | |
| SHLWAPI.DLL!PathFindExtensionW Searches a given file path for its extension. File Operations | |
| GDI32FULL.DLL!SetGraphicsMode Sets the graphics mode for a specified device context- impacting drawing and text behavior. System Information and Control | |
| IImageList::GetBkColor Retrieves the background color for an image list used in UI controls. System Information and Control | |
| SHELL32.DLL!DragQueryPoint Retrieves mouse pointer position during file drop- relevant to drag-and-drop file operations. File Operations | |
| KERNELBASE.DLL!IsValidSid Validates a security identifier (SID) to ensure it meets certain criteria for security purposes. System Information and Control | |
| USER32.DLL!InjectSyntheticPointerInput Simulates pointer input for touch or pen devices in user interface. Process and Thread Management | |
| OLE32.DLL!OleRegEnumVerbs Enumerates registered verbs for a specified class- primarily interacting with the COM object registry. Registry Operations | |
| KERNEL32.DLL!BuildCommDCBAndTimeoutsW Translates device-definition strings into device-control block codes for communication devices. System Information and Control | |
| KERNEL32.DLL!GlobalFree Frees global memory objects and invalidates their handles- managing memory allocation. Memory Management | |
| OLEAUT32.DLL!VarUI1FromI1 Converts a char to an unsigned char- focusing on type conversion within data processing. Memory Management | |
| KERNEL32.DLL!GetDateFormatA Formats a date string based on locale identifiers. It deals with date string representation rather than file or system manipulation. System Information and Control | |
| KERNEL32.DLL!timeBeginPeriod Requests a minimum resolution for periodic timers- affecting timer accuracy and system performance. System Information and Control | |
| WINDOWS.STORAGE.DLL!SHUpdateImageW Notifies Shell of an updated image in the system image list. File Operations | |
| WINMMBASE.DLL!waveOutBreakLoop This function controls playback of audio- managing the output loop for audio devices. Process and Thread Management | |
| USER32.DLL!SetSystemCursor Customizes the system cursors by replacing them with new cursor content. System Information and Control | |
| RPCRT4.DLL!NdrSimpleStructBufferSize This function calculates buffer sizes for data marshaling in RPC- which is related to memory management. Memory Management | |
| USER32.DLL!TranslateMDISysAccel Translates keystrokes into system commands for MDI windows- focusing on user input processing. Process and Thread Management | |
| USER32.DLL!ShutdownBlockReasonCreate Blocks system shutdown and provides a reason for the block to the user. System Information and Control | |
| COMCTL32.DLL!CreatePropertySheetPageW This function creates a property sheet page for user interface management. System Information and Control | |
| OLEAUT32.DLL!VarR4CmpR8 Compares two numerical variants to determine their relative values. System Information and Control | |
| KERNEL32.DLL!SetFileShortNameA Sets a short name for a specified file on NTFS volumes. File Operations | |
| ADVAPI32.DLL!RegCreateKeyTransactedW Creates or opens a specified registry key and associates it with a transaction. Registry Operations | |
| KERNEL32.DLL!QueryIoRateControlInformationJobObject Retrieves I/O rate control information for a job object- related to resource management. System Information and Control | |
| NTDLL.DLL!NtQuerySystemInformation Retrieves various types of information about system performance- processes- and system integrity. System Information and Control | |
| KERNEL32.DLL!SetThreadpoolTimerEx Configures a thread pool timer object- managing thread execution timing. Process and Thread Management | |
| COMCTL32.DLL!PropertySheetW Creates a property sheet and adds defined pages- managing user interaction within GUI applications. System Information and Control | |
| SHELL32.DLL!SHFind_InitMenuPopup Retrieves the IContextMenu instance for the submenu options in the Start menu. System Information and Control | |
| COMDLG32.DLL!GetSaveFileNameA Creates a dialog for users to specify files to save- involving file selection operations. File Operations | |
| GDI32FULL.DLL!ScriptGetFontProperties Retrieves font cache information related to glyphs- affecting text rendering in applications. System Information and Control | |
| GDI32.DLL!EngMarkBandingSurface This function marks a surface for banding- relating to display and graphics management. System Information and Control | |
| KERNEL32.DLL!GetPhysicallyInstalledSystemMemory Retrieves the physical RAM installed on the system from SMBIOS firmware tables. System Information and Control | |
| RPCRT4.DLL!RpcBindingSetAuthInfoA This function sets authentication and authorization information for RPC binding handles. Network Operations | |
| KERNEL32.DLL!_lcreat Creates or opens a specified file- or truncates it if it already exists. File Operations | |
| OLE32.DLL!ObjectStublessClient14 This is a stub function designed for COM proxies within the RPC infrastructure. DLL Injection and Manipulation | |
| OLE32.DLL!STGMEDIUM_UserFree64 Frees server-side resources during an RPC call- managing memory effectively. Memory Management | |
| KERNEL32.DLL!RegisterWaitForSingleObject Waits on an object until it is signaled or a timeout elapses. Process and Thread Management | |
| ADVAPI32.DLL!MSChapSrvChangePassword This function changes the password for a user account. Registry Operations | |
| KERNEL32.DLL!MulDiv Multiplies and divides integers- primarily for calculations and value manipulation in memory. Memory Management | |
| KERNELBASE.DLL!PerfIncrementULongCounterValue Increments a performance counter value- linked to system performance metrics. System Information and Control | |
| SECHOST.DLL!DeleteService Marks a service for deletion from the service control manager database and affects registry entries. Registry Operations | |
| USER32.DLL!IsWow64Message Determines if a message is from a WOW64 process- aiding 64-bit app development. System Information and Control | |
| ADVAPI32.DLL!ReadEncryptedFileRaw This function backs up encrypted files without decrypting them- facilitating secure file operations. File Operations | |
| WINMMBASE.DLL!waveOutClose Closes an audio output device handle- ensuring all buffers are finished. Process and Thread Management | |
| GDI32FULL.DLL!CreateColorSpaceA Creates a logical color space handle for managing color profiles. System Information and Control | |
| USER32.DLL!PackDDElParam This function packs a DDE lParam for process communication- categorizing it under networking operations via DDE. Network Operations | |
| ADVAPI32.DLL!NotifyChangeEventLog Notifies when an event is logged- utilizing event handling within the system. System Information and Control | |
| SHELL32.DLL!SHBrowseForFolderA Allows user selection of a Shell folder through a dialog box interface. File Operations | |
| KERNEL32.DLL!SetSystemTime Sets the system's date and time- affecting system clock settings. System Information and Control | |
| WSOCK32.DLL!setsockopt The setsockopt function modifies socket options for network operations. Network Operations | |
| SHLWAPI.DLL!PathAddExtensionW Appends a file name extension to a specified path string. File Operations | |
| ADVAPI32.DLL!SetEntriesInAclA Creates or modifies an access control list (ACL) to manage permissions for user access. Registry Operations | |
| USER32.DLL!GetWindowLongA Retrieves information about a specified window's properties or processes- including handle and style. Process and Thread Management | |
| OLEAUT32.DLL!SysFreeString Deallocates a previously allocated string- managing memory effectively. Memory Management | |
| USER32.DLL!OemToCharW Translates OEM-defined characters to ANSI or wide-character string. Involves string manipulation- hence categorized under File Operations. File Operations | |
| USER32.DLL!CheckMenuItem Sets the check-mark state of a menu item. System Information and Control | |
| SHLWAPI.DLL!PathAddBackslashW Modifies a file path string by adding a trailing backslash to ensure correct path syntax. File Operations | |
| USER32.DLL!CharLowerBuffA Converts uppercase characters in a buffer to lowercase in-place. Memory Management | |
| KERNEL32.DLL!GetGeoInfoA Retrieves geographical information based on specified location and type. System Information and Control | |
| NTDLL.DLL!NtCreateFile This function facilitates creating or opening files and directories. File Operations | |
| KERNEL32.DLL!Wow64EnableWow64FsRedirection Enables or disables file system redirection for the calling thread- affecting file operations performed. File Operations | |
| OLEAUT32.DLL!VarR4FromDisp Converts an IDispatch instance property to a float value which involves type conversion. Memory Management | |
| OLEAUT32.DLL!VarCyAdd This function performs arithmetic operations on currency data types- hence it involves mathematical operations. Memory Management | |
| GDI32FULL.DLL!FlattenPath Transforms curves in a path into lines within a device context. System Information and Control | |
| RPCRT4.DLL!RpcSsEnableAllocate Establishes the stub memory-management environment necessary for RPC operations. Memory Management | |
| OLEAUT32.DLL!SafeArrayDestroy Destroys an array descriptor and its data- managing memory allocation and deallocation. Memory Management | |
| OLEAUT32.DLL!VarI2FromI8 Converts an 8-byte integer to a short value- involving data type management. Memory Management | |
| USER32.DLL!GetThreadDpiAwarenessContext Retrieves the DPI_AWARENESS_CONTEXT for the current thread- relevant for managing display DPI settings. Process and Thread Management | |
| CRYPTSP.DLL!CryptGetUserKey Retrieves a handle for a user's public/private key pairs- essential for cryptographic operations. Cryptographic Operations | |
| ADVAPI32.DLL!GetTrusteeFormA Retrieves trustee name indicating its form (name string or SID) from the TRUSTEE structure. Registry Operations | |
| ID2D1StrokeStyle::GetMiterLimit Retrieves the limit on miter length ratio in stroke styles- relating to drawing operations. System Information and Control | |
| WINDOWS.STORAGE.DLL!SHGetInstanceExplorer Retrieves an interface to prevent host processes from closing prematurely- supporting Shell extensions and other components. Process and Thread Management | |
| OLEAUT32.DLL!VarBoolFromUI8 Converts an 8-byte integer to a Boolean value- linking to memory handling. Memory Management | |
| COMCTL32.DLL!ImageList_SetDragCursorImage Creates a new drag image for UI operations involving drag-and-drop functionality. System Information and Control | |
| KERNEL32.DLL!GetMachineTypeAttributes Checks support for a specified architecture on the system regarding compatibility and emulation layers. System Information and Control | |
| USER32.DLL!SendDlgItemMessageA Sends a message to a specific control in a dialog box interface. Process and Thread Management | |
| USER32.DLL!CallNextHookEx Passes hook information to the next hook in the chain- commonly used for monitoring input events. Hooking and Interception | |
| USER32.DLL!IsCharAlphaW Determines whether a character is alphabetical- based on user language settings. System Information and Control | |
| SHELL32.DLL!SHEmptyRecycleBinA Empties the Recycle Bin- performing file deletion operations on specified drives. File Operations | |
| KERNEL32.DLL!GetProfileStringA Retrieves strings associated with keys from the Win.ini file for applications. Registry Operations | |
| COMDLG32.DLL!GetFileTitleA Retrieves the name of the specified file- indicating operations related to file handling. File Operations | |
| SHLWAPI.DLL!SHRegGetBoolUSValueA Retrieves Boolean values from user-specific registry subkeys. Registry Operations | |
| OLEAUT32.DLL!VarI4FromUI8 Converts an unsigned 64-bit integer to a long- handling data type variations. Memory Management | |
| WINMMBASE.DLL!mixerGetLineInfoW Retrieves information about a specific line of a mixer device. System Information and Control | |
| WS2_32.DLL!WSAProviderCompleteAsyncCall Notifies completion status of an asynchronous call to a namespace provider in the Winsock API. Network Operations | |
| WS2_32.DLL!WSCEnumNameSpaceProvidersEx32 Retrieves information about available 32-bit namespace providers- essential for network operations. Network Operations | |
| OLE32.DLL!ObjectStublessClient30 This function acts as a stub for COM proxy infrastructure- facilitating communication between client and server components. System Information and Control | |
| KERNEL32.DLL!GetActiveProcessorCount Retrieves the count of active processors- providing system information about CPU availability. System Information and Control | |
| SHLWAPI.DLL!PathFindNextComponentW Parses a path string and retrieves the subsequent path component after the first backslash. File Operations | |
| USER32.DLL!DdeDisconnectList Terminates all conversations associated with a conversation list- impacting inter-process communication. Process and Thread Management | |
| GDI32FULL.DLL!PolyTextOutA Draws multiple strings in a specified device context using selected font and colors. System Information and Control | |
| WINMMBASE.DLL!waveInGetID This function retrieves the device identifier for a waveform-audio input device. System Information and Control | |
| KERNEL32.DLL!CopyFileTransactedW This function copies files as a transacted operation- allowing for both progress notifications and cancellation. File Operations | |
| OLEAUT32.DLL!VarMonthName Returns a localized month name based on input parameters. System Information and Control | |
| USER32.DLL!GetClassInfoW Retrieves information about a window class in a Windows application. System Information and Control | |
| USER32.DLL!CopyAcceleratorTableW Copies accelerator-table data based on a handle- manipulating menu operations. DLL Injection and Manipulation | |
| USER32.DLL!GetRawInputDeviceList Enumerates raw input devices- such as mice and keyboards- attached to the system. System Information and Control | |
| KERNEL32.DLL!GetPackagePathByFullName Retrieves the file path of a specified package- involving memory allocation and data handling for paths. File Operations | |
| KERNEL32.DLL!GetAtomNameA Retrieves the character string associated with a local atom- pertinent to data exchange between applications. System Information and Control | |
| COMCTL32.DLL!DSA_DestroyCallback This function iterates and frees elements in a dynamic structure array- managing memory usage. Memory Management | |
| KERNELBASE.DLL!IsValidSecurityDescriptor This function validates the components of a security descriptor for access control management. System Information and Control | |
| OLE32.DLL!NdrProxyForwardingFunction20 Stub function supporting COM proxy infrastructure for marshaling interfaces. DLL Injection and Manipulation | |
| COMCTL32.DLL!UninitializeFlatSB This function uninitializes scroll bars for a window- affecting UI controls in the application. System Information and Control | |
| OLEAUT32.DLL!SafeArrayGetIID Retrieves the GUID of the interface within a safe array- related to automation. System Information and Control | |
| KERNEL32.DLL!AppPolicyGetWindowingModel Retrieves windowing model details for a process- impacting notification registrations. System Information and Control | |
| USER32.DLL!RegisterHotKey Defines a system-wide hot key and associates it with a window or thread for input management. Hooking and Interception | |
| OLEAUT32.DLL!BSTR_UserMarshal Marshals BSTR objects into RPC buffers for communication between applications. Memory Management | |
| RPCRT4.DLL!UuidIsNil This function checks if a UUID is nil-valued- indicating it relates to managing system identifiers. System Information and Control | |
| WSOCK32.DLL!closesocket Closes an existing socket- releasing the associated resources and terminating network communication. Network Operations | |
| KERNEL32.DLL!GetNamedPipeClientComputerNameW Retrieves the client computer name for a specified named pipe- indicating communication over IPC. Network Operations | |
| OLE32.DLL!StgGetIFillLockBytesOnFile Opens a wrapper object on a temporary file for asynchronous data management. File Operations | |
| ADVAPI32.DLL!RegSetValueW Sets the data for a specified registry key value- manipulating the Windows registry directly. Registry Operations | |
| USER32.DLL!GetTitleBarInfo Retrieves information about a window's title bar- specifically related to its graphical properties and state. System Information and Control | |
| WINMM.DLL!joyReleaseCapture This function manages joystick capture by releasing a specified joystick- hence categorized under Process and Thread Management. Process and Thread Management | |
| OLEAUT32.DLL!VarParseNumFromStr Parses a string to create a number description- involving data manipulation. Memory Management | |
| OLEAUT32.DLL!VarUI8FromCy Converts a currency value to an unsigned integer- involving type conversion operations. Memory Management | |
| USER32.DLL!RegisterWindowMessageA Registers a unique window message to be used for inter-application communication. Hooking and Interception | |
| USER32.DLL!SendMessageA Sends messages to windows and processes them- allowing inter-thread communication. Hooking and Interception | |
| KERNEL32.DLL!CreateJobObjectA Creates or opens a job object for process management. Process and Thread Management | |
| CRYPTSP.DLL!CryptGetHashParam Retrieves data governing operations of a hash object- including hash values and sizes. Cryptographic Operations | |
| WS2_32.DLL!WSCWriteProviderOrder32 This function reorders 32-bit transport providers affecting protocol selection. Network Operations | |
| WINDOWS.STORAGE.DLL!SHCreateDataObject Creates a data object intended for clipboard operations related to file management. File Operations | |
| OLEAUT32.DLL!VariantTimeToDosDateTime Converts variant time to MS-DOS date and time values- indicating relationship with date/time formatting. System Information and Control | |
| USER32.DLL!SetProcessDpiAwarenessContext This function sets the DPI awareness context for the current process. System Information and Control | |
| RPCRT4.DLL!RpcGetAuthorizationContextForClient This function retrieves the authorization context for an RPC client- used in authentication. System Information and Control | |
| ADVAPI32.DLL!ConvertStringSidToSidA Converts a string-format security identifier (SID) into a functional SID for security management. Registry Operations | |
| KERNELBASE.DLL!EqualSid Compares two security identifiers (SIDs) for equality. System Information and Control | |
| KERNEL32.DLL!GetPrivateProfileSectionNamesW This function retrieves section names from an initialization file- which involves reading file-related data. File Operations | |
| OLEAUT32.DLL!VarUI1FromCy Converts a currency value to an unsigned char value- indicating a value transformation process. Memory Management | |
| SHCORE.DLL!IUnknown_SetSite Sets an object's site by invoking its IObjectWithSite::SetSite method- controlling object hosting. System Information and Control | |
| OLEAUT32.DLL!SysReAllocStringLen Allocates and reinitializes BSTR- managing memory for string operations. Memory Management | |
| SHLWAPI.DLL!PathCommonPrefixA Compares two file paths to find a common prefix- facilitating file operations and management. File Operations | |
| KERNEL32.DLL!lstrcpyA Copies a string to a buffer- potentially causing buffer overruns. Memory Management | |
| KERNEL32.DLL!GlobalHandle Retrieves a handle for a global memory block pointer- associating it with memory management operations. Memory Management | |
| SHLWAPI.DLL!GetAcceptLanguagesW Retrieves user language preferences for websites- influencing HTTP request headers. Network Operations | |
| KERNEL32.DLL!AddIntegrityLabelToBoundaryDescriptor Adds a security identifier (SID) to a boundary descriptor- controlling access levels and security. System Information and Control | |
| GDI32FULL.DLL!UnrealizeObject Resets the origin of graphics objects; related to graphical interface management. System Information and Control | |
| WINMMBASE.DLL!midiInPrepareHeader Prepares a buffer for MIDI input data before sending it to a device driver. Memory Management | |
| ADVAPI32.DLL!RegSetValueA Sets the data for a specific registry key value- indicating modification of registry data. Registry Operations | |
| OLEAUT32.DLL!VarUI1FromDisp Converts IDispatch instance property to an unsigned char value. Memory Management | |
| KERNEL32.DLL!SetSystemTimeAdjustment Enables or disables periodic adjustments to the system's time-of-day clock for synchronization with external sources. System Information and Control | |
| SHCORE.DLL!SHEnumValueA Enumerates values of a specified open registry key. Registry Operations | |
| KERNEL32.DLL!GetComputerNameA Retrieves the NetBIOS name of the local computer from system settings at startup. System Information and Control | |
| OLE32.DLL!FmtIdToPropStgName Converts a property set format identifier to its corresponding storage or stream name. Registry Operations | |
| IStreamAsync::CancelIo This function cancels all pending I/O operations- categorizing it under file operations. File Operations | |
| RPCRT4.DLL!RpcObjectInqType Returns the type UUID of an object for RPC operations. System Information and Control | |
| KERNEL32.DLL!GetVersionExW Retrieves the version of the operating system- which is a system information function. System Information and Control | |
| OLE32.DLL!ObjectStublessClient15 Stub function for COM proxies- facilitating marshaling in proxy DLLs. DLL Injection and Manipulation | |
| SHELL32.DLL!SHAddToRecentDocs Notifies the system about accessed items for recent usage tracking. File Operations | |
| OLEAUT32.DLL!VarUI2FromI2 Converts a short value to an unsigned short value- involved in data type conversion. Memory Management | |
| GDI32.DLL!EngAssociateSurface This function associates a surface with a specific device- enabling proper handling of graphics operations. DLL Injection and Manipulation | |
| SHLWAPI.DLL!AssocCreate Retrieves a pointer to an IQueryAssociations object for file association queries. System Information and Control | |
| OLEAUT32.DLL!VarDateFromUI8 Converts an unsigned 8-byte value to a date- which involves data transformation. System Information and Control | |
| USER32.DLL!GetNextDlgTabItem Retrieves the handle of the next or previous control in a dialog box. System Information and Control | |
| USER32.DLL!LoadBitmapA Loads a bitmap resource from an executable file- related to GDI operations. File Operations | |
| OLEAUT32.DLL!VarFix Converts a variant to its integer portion- manipulating data types. System Information and Control | |
| GDI32FULL.DLL!ScriptApplyLogicalWidth Adjusts glyph widths for text rendering in applications- focusing on logical typography principles. Memory Management | |
| OLE32.DLL!StgIsStorageILockBytes This function checks if a byte array contains a storage object- indicating file operation behavior. File Operations | |
| KERNEL32.DLL!Heap32ListNext Retrieves information about heap allocations from a process- facilitating memory management. Memory Management | |
| RPCRT4.DLL!RpcServerInterfaceGroupCreateW Creates an RPC server interface group which allows for managing service interfaces and endpoints. Network Operations | |
| USER32.DLL!RegisterPointerInputTargetEx This function deals with registering input targets for pointer events- related to user input management. System Information and Control | |
| KERNEL32.DLL!EnumCalendarInfoExW Enumerates calendar information for a specified locale- relying on locale identifier and calendar type. System Information and Control | |
| GDI32FULL.DLL!SetMapperFlags Alters the font mapping algorithm in GDI for logical and physical fonts. System Information and Control | |
| KERNEL32.DLL!RegQueryValueExA Retrieves data and type for a specified registry value- accessing registry keys. Registry Operations | |
| OLE32.DLL!CoFileTimeNow Returns the current time as a FILETIME structure for compatibility with 16-bit Windows. System Information and Control | |
| OLE32.DLL!CoGetCallContext Retrieves contextual information about the current call on the thread- primarily for security purposes. System Information and Control | |
| USER32.DLL!ReuseDDElParam Reuses a packed DDE lParam parameter to optimize memory allocation during Dynamic Data Exchange operations. Memory Management | |
| OLE32.DLL!HDC_UserUnmarshal64 Unmarshals a HDC object from the RPC buffer- indicating data processing. Memory Management | |
| KERNEL32.DLL!QueryInformationJobObject Retrieves limit and job state information from a job object- helping manage process resources. Process and Thread Management | |
| OLE32.DLL!STGMEDIUM_UserMarshal This function marshals data for remote procedure calls (RPC) involving COM objects- indicating network operation. Network Operations | |
| SHELL32.DLL!RestartDialog Displays a dialog prompting user to restart Windows- calling ExitWindowsEx for shutdown operations. System Information and Control | |
| KERNEL32.DLL!RegGetValueW Retrieves type and data from a specified registry value- involving registry access operations. Registry Operations | |
| USER32.DLL!FindWindowA Retrieves a handle to a top-level window based on its class and name. System Information and Control | |
| KERNEL32.DLL!DeleteUmsThreadContext Deletes a UMS thread context for terminated threads- managing thread lifecycle. Process and Thread Management | |
| OLEAUT32.DLL!VarCyFromR4 Converts float values to currency- involving data type conversion. Memory Management | |
| SECHOST.DLL!GetServiceKeyNameW Retrieves the service name from the service control manager- used in registry operations. Registry Operations | |
| SHLWAPI.DLL!StrCatBuffA Appends characters from one string to another- primarily used for string manipulation. Memory Management | |
| RPCRT4.DLL!CStdStubBuffer_Invoke Implements the IRpcStubBuffer::Invoke method for RPC- managing communication between client and server. Network Operations | |
| WS2_32.DLL!WSARecvFrom Receives a datagram from a socket and retrieves its source address- involved in network operations. Network Operations | |
| SHELL32.DLL!SHRemoveLocalizedName This function removes localized names- directly interacting with file properties in Shell folders. File Operations | |
| KERNEL32.DLL!PackageFamilyNameFromId Retrieves the package family name using a specified package identifier for application management. System Information and Control | |
| OLE32.DLL!CoIsOle1Class Determines if the specified CLSID is an OLE 1 object- related to OLE compatibility. System Information and Control | |
| KERNEL32.DLL!FindNLSStringEx This function locates a Unicode string within another string- emphasizing locale-specific searching. System Information and Control | |
| KERNELBASE.DLL!ImpersonateNamedPipeClient Allows server to impersonate a named pipe client- affecting security context. Process and Thread Management | |
| WS2_32.DLL!WSCSetApplicationCategory This function sets categories for Layered Service Providers associated with an application- influencing network behavior. Network Operations | |
| USER32.DLL!GetSubMenu This function retrieves a handle to menus in the user interface- related to user interaction with menus. System Information and Control | |
| OLEAUT32.DLL!VarI4FromDisp Converts an IDispatch instance's property to a long- hence relating to data manipulation. Memory Management | |
| COMCTL32.DLL!ImageList_Merge Combines two images into a new image list- focusing on image manipulation operations. DLL Injection and Manipulation | |
| COMCTL32.DLL!ImageList_GetImageInfo Retrieves information about an image- allowing for manipulation of image bitmaps. Memory Management | |
| ADVAPI32.DLL!LsaSetForestTrustInformation This function sets forest trust details for a TrustedDomain object in the Local Security Authority. Registry Operations | |
| SECHOST.DLL!OpenSCManagerA Establishes a connection to the service control manager- enabling access to service-related databases. System Information and Control | |
| KERNEL32.DLL!GetFileType Retrieves and categorizes the file type for specified file handles. File Operations | |
| KERNEL32.DLL!SubmitIoRing Submits entries to the kernel’s I/O queue and manages operation completion. File Operations | |
| GDI32FULL.DLL!SetMetaFileBitsEx Creates a memory-based Windows-format metafile from supplied data. Memory Management | |
| KERNEL32.DLL!Wow64GetThreadContext Retrieves the context of a specified WOW64 thread- essential for debugging and thread analysis. Process and Thread Management | |
| OLEAUT32.DLL!VarDateFromUI1 Converts an unsigned char to a date value- primarily for data type manipulation in applications. Memory Management | |
| ADVAPI32.DLL!GetExplicitEntriesFromAclW Retrieves access control entries from an access control list. Registry Operations | |
| SHLWAPI.DLL!ParseURLW Parses a URL string and extracts components like protocol and suffix. Network Operations | |
| COMDLG32.DLL!CommDlgExtendedError Returns error codes related to common dialog box functions. Indicates issues such as dialog initialization failures. System Information and Control | |
| OLE32.DLL!HPALETTE_UserFree This function frees resources used by RPC- indicating involvement in memory management. Memory Management | |
| OLE32.DLL!NdrProxyForwardingFunction8 Stub function for COM proxies- facilitating marshaling of interfaces in distributed applications. Process and Thread Management | |
| KERNEL32.DLL!WriteProfileStringA This function writes a string to a section of the Win.ini file. Registry Operations | |
| OLEAUT32.DLL!VarSub Subtracts two variants- primarily numerical or string-based. Memory Management | |
| KERNEL32.DLL!FreeEnvironmentStringsA Frees allocated environment strings obtained from GetEnvironmentStrings- managing memory for environment variables. Memory Management | |
| KERNEL32.DLL!LocalAlloc Allocates bytes from the heap for memory management purposes. Memory Management | |
| USER32.DLL!EnumClipboardFormats Enumerates data formats available on the clipboard- requiring clipboard access for enumeration. File Operations | |
| OLE32.DLL!CoGetStandardMarshal Creates a marshaling object for interfaces- enabling communication between processes. Process and Thread Management | |
| KERNEL32.DLL!Sleep Suspends the execution of the current thread for a specified time interval. Process and Thread Management | |
| SHLWAPI.DLL!PathUndecorateW This function modifies and cleans up a file path by removing decorations- related to file manipulations. File Operations | |
| OLEAUT32.DLL!ClearCustData Releases memory used for custom data- indicating a focus on managing memory allocation. Memory Management | |
| USER32.DLL!GetWindowTextLengthA Retrieves the length of a window's title bar text- indicating operations related to window properties. System Information and Control | |
| KERNELBASE.DLL!IsTokenRestricted Validates if an access token has restricted security identifiers (SIDs)- impacting process permissions. Security Information and Control | |
| WINMMBASE.DLL!OpenDriver Opens and initializes an installable driver instance- interacting with the system's multimedia capabilities. Process and Thread Management | |
| SHFOLDER.DLL!SHGetFolderPathW Retrieves the path of a folder based on its CSIDL value- indicating file location operations. File Operations | |
| WINDOWS.STORAGE.DLL!PathYetAnotherMakeUniqueName Creates a unique filename based on an existing filename- managing file-related operations. File Operations | |
| WINMMBASE.DLL!midiStreamOpen Opens a MIDI stream for output- managing device interaction and callback mechanisms. Process and Thread Management | |
| KERNEL32.DLL!RegSetValueExW Sets data and type for a specified value under a registry key. Registry Operations | |
| KERNEL32.DLL!RegDeleteValueA Removes a named value from the specified registry key. Registry Operations | |
| CRYPTSP.DLL!CryptGenRandom This function generates cryptographically random bytes for secure applications. Cryptographic Operations | |
| USER32.DLL!RegisterRawInputDevices Registers devices for raw input data- enabling applications to process input events. System Information and Control | |
| GDI32FULL.DLL!SetViewportOrgEx Maps a device point to the graphical window origin for drawing contexts- affecting visual representation. System Information and Control | |
| RPCRT4.DLL!MesEncodeFixedBufferHandleCreate This function creates and initializes an encoding handle for buffer serialization operations. System Information and Control | |
| NTDLL.DLL!RtlEthernetAddressToStringW Converts binary Ethernet addresses to string representation- specifically for MAC addresses. Network Operations | |
| USER32.DLL!GetMenuContextHelpId Retrieves Help context identifier for a specified menu. System Information and Control | |
| KERNEL32.DLL!FindNextVolumeMountPointA Continues a search for mounted folders- highlighting file system operations. File Operations | |
| USER32.DLL!GetCurrentInputMessageSource Retrieves the source of the input message- indicating device type and ID for input management. System Information and Control | |
| USER32.DLL!ToAscii Translates virtual-key codes to characters based on keyboard state and layout. System Information and Control | |
| GDI32FULL.DLL!RestoreDC Restores a device context to a previous state- managing graphical context settings. System Information and Control | |
| USER32.DLL!RegisterForTooltipDismissNotification Registers or unregisters windows for tooltip dismissal notifications via system messages. System Information and Control | |
| USER32.DLL!DdePostAdvise Sends an XTYP_ADVREQ transaction to a DDE callback for active clients. System Information and Control | |
| WER.DLL!GetThreadWaitChain This function retrieves the wait chain for specified threads- indicating thread management and synchronization. Process and Thread Management | |
| USER32.DLL!SetDlgItemInt Updates a control's text in a dialog box with an integer- manipulating UI elements. System Information and Control | |
| USER32.DLL!GetWindowPlacement Retrieves show state and positioning of a specified window. System Information and Control | |
| RPCRT4.DLL!NdrConformantArrayBufferSize This function calculates buffer sizes needed for RPC conformant arrays- relating to memory layout. Memory Management | |
| RPCRT4.DLL!RpcMgmtStatsVectorFree Frees a statistics vector- managing allocated memory resources. Memory Management | |
| KERNEL32.DLL!GetSystemWindowsDirectoryA Retrieves the path of the shared Windows directory on a multi-user system. System Information and Control | |
| OLE32.DLL!NdrProxyForwardingFunction18 Stub function for COM proxies enabling interfacing. Involves marshaling which relates to process management. Process and Thread Management | |
| GDI32.DLL!EngGradientFill This function shades specified primitives- indicating surface operations rather than direct file or network management. System Information and Control | |
| ADVAPI32.DLL!PerfEnumerateCounterSetInstances Retrieves names and identifiers of active instances of a counter set on a system. System Information and Control | |
| WS2_32.DLL!WSCGetProviderInfo32 Retrieves information about a 32-bit layered service provider through Winsock- indicating network-related operations. Network Operations | |
| KERNEL32.DLL!CreateDirectoryExA Creates a new directory with specified attributes- inheriting from a template directory. File Operations | |
| KERNEL32.DLL!FoldStringW Maps a Unicode string to another based on specified transformations. Memory Management | |
| USER32.DLL!TileWindows Arranges child windows of a parent window in a tiled format. Process and Thread Management | |
| KERNEL32.DLL!EnumSystemGeoID Enumerates geographical location identifiers available on the operating system. System Information and Control | |
| USER32.DLL!CreateIcon Creates an icon from specified parameters- managing graphical resources. DLL Injection and Manipulation | |
| SHLWAPI.DLL!StrPBrkA Searches for a character in a string- primarily dealing with string operations. File Operations | |
| KERNEL32.DLL!GetStagedPackagePathByFullName Retrieves the path of a staged package using its full name. File Operations | |
| WINDOWS.STORAGE.DLL!SHCreateDirectory Creates a new file system folder at the specified path. File Operations | |
| USER32.DLL!EvaluateProximityToRect Evaluates rectangle proximity for touch input to determine likely target control. System Information and Control | |
| GDI32FULL.DLL!PolyBezierTo This function draws Bézier curves- involving graphical output operations using the Windows GDI. File Operations | |
| WINDOWS.STORAGE.DLL!SHChangeNotifyRegisterThread Registers or deregisters a thread for asynchronous notifications about changes in the shell. System Information and Control | |
| SECHOST.DLL!EventAccessQuery Retrieves permissions for controllers or providers- accessing security descriptors from the registry. Registry Operations | |
| KERNEL32.DLL!CreateThreadpoolCleanupGroup Creates a cleanup group for managing thread pool callbacks. Primarily involves process and thread management. Process and Thread Management | |
| KERNEL32.DLL!RegDeleteKeyExW Deletes a subkey and its values from the registry- altering system configuration. Registry Operations | |
| KERNEL32.DLL!GetUmsSystemThreadInformation Queries thread types related to user-mode scheduling (UMS) for thread management purposes. Process and Thread Management | |
| OLE32.DLL!ObjectStublessClient18 Stub function for COM proxies used in marshaling interfaces. DLL Injection and Manipulation | |
| SHELL32.DLL!SHFormatDrive Opens the Shell's Format dialog box to format a specified drive. File Operations | |
| KERNELBASE.DLL!GetFileSecurityW Obtains security information about a file or directory- including descriptors- permissions- and access rights. Registry Operations | |
| RPCRT4.DLL!NdrAsyncServerCall Facilitates asynchronous server calls in RPC- focusing on communication between processes. Network Operations | |
| KERNELBASE.DLL!AccessCheckByTypeResultListAndAuditAlarmW Checks security descriptors to determine access rights for impersonated clients and generates audit messages. Registry Operations | |
| KERNEL32.DLL!EnumLanguageGroupLocalesW Enumerates locales in a specified language group and uses a callback for processing. System Information and Control | |
| RPCRT4.DLL!RpcStringBindingComposeA Creates a string binding handle for RPC communications using object UUIDs and network parameters. Network Operations | |
| GDI32FULL.DLL!DeleteEnhMetaFile Deletes an enhanced-format metafile or its handle- indicating file deletion operation. File Operations | |
| SHLWAPI.DLL!SHRegQueryInfoUSKeyW Retrieves information about a specified registry subkey in a user-specific subtree. Registry Operations | |
| SHCORE.DLL!SHDeleteValueW Deletes a named value from the specified registry key. Registry Operations | |
| RPCRT4.DLL!NdrOleAllocate Allocates memory for an object interface- functioning as a wrapper for CoTaskMemAlloc. Memory Management | |
| OLE32.DLL!OleQueryCreateFromData Checks data object formats for embedding or static object creation in OLE. System Information and Control | |
| KERNEL32.DLL!UnlockFileEx Unlocks a region in a specified file- managing file access regions. File Operations | |
| GDI32.DLL!EngDeleteClip Deletes a CLIPOBJ structure- managing graphic object resources. Memory Management | |
| KERNEL32.DLL!LocalFree Frees local memory objects and invalidates their handles- managing memory resources. Memory Management | |
| WS2_32.DLL!GetAddrInfoExOverlappedResult This function retrieves the result of an asynchronous network operation- specifically for address information resolution. Network Operations | |
| COMDLG32.DLL!PrintDlgExW A function that displays the print dialog box for printing operations. File Operations | |
| WINMMBASE.DLL!mmioWrite This function writes bytes to an open file- indicating it performs file operations. File Operations | |
| WSOCK32.DLL!select The select function checks the status of one or more sockets for read- write- or error conditions. Network Operations | |
| KERNEL32.DLL!GetVolumeNameForVolumeMountPointA Retrieves a volume GUID path associated with a specified volume mount point. File Operations | |
| OLEAUT32.DLL!LPSAFEARRAY_UserUnmarshal64 Unmarshals a SAFEARRAY object from an RPC buffer- involving memory manipulation for data structure integrity. Memory Management | |
| USER32.DLL!FindWindowW Retrieves a handle to a top-level window based on class and window name. System Information and Control | |
| USER32.DLL!SetMenuContextHelpId Associates a Help context identifier with a menu for user assistance. System Information and Control | |
| WINDOWS.STORAGE.DLL!SHSetLocalizedName This function sets a localized name for a file- affecting how it is displayed in the Shell. File Operations | |
| RPCRT4.DLL!RpcMgmtInqIfIds Retrieves interface identifiers from a server to facilitate remote procedure calls. Network Operations | |
| GDI32FULL.DLL!CheckColorsInGamut This function checks if RGB triples fit within a device's color gamut. System Information and Control | |
| KERNEL32.DLL!Thread32Next Retrieves information about threads in a process from a system memory snapshot. Process and Thread Management | |
| SHLWAPI.DLL!SHAutoComplete Configures AutoComplete for edit controls to assist in URL and file path input. File Operations | |
| GDI32FULL.DLL!PaintRgn This function fills a specified region using the device context's current brush- related to graphical operations. System Information and Control | |
| KERNEL32.DLL!DisableThreadProfiling This function disables thread profiling- indicating it manages the performance profiling of threads. Process and Thread Management | |
| OLEAUT32.DLL!VarBoolFromDec Converts a decimal value to a Boolean value- handling input and output parameters. System Information and Control | |
| OLE32.DLL!CoReleaseServerProcess Decrements the per-process reference count- managing server process lifecycle. Process and Thread Management | |
| WS2_32.DLL!WSCGetProviderPath32 Retrieves the DLL path for a 32-bit network provider- facilitating provider management in network operations. Network Operations | |
| WINMMBASE.DLL!mmGetCurrentTask This function is related to multimedia- but is deprecated and does not perform valid operations. System Information and Control | |
| OLE32.DLL!CoGetMalloc Retrieves a pointer to the default OLE task memory allocator for managing memory allocation. Memory Management | |
| KERNEL32.DLL!GetLocaleInfoW Retrieves locale information based on a specified identifier- primarily for internationalization purposes. System Information and Control | |
| GDI32FULL.DLL!GetDIBColorTable Retrieves RGB color values from a DIB section bitmap's color table- primarily for graphical operations. File Operations | |
| OLEAUT32.DLL!VarBoolFromStr Converts an OLECHAR string to a Boolean value- primarily focusing on data type conversion. Memory Management | |
| SHLWAPI.DLL!PathQuoteSpacesA This function modifies file paths to ensure they can be handled correctly by applications. File Operations | |
| SHLWAPI.DLL!QISearch Implements the COM IUnknown::QueryInterface method to retrieve interface pointers. DLL Injection and Manipulation | |
| ADVAPI32.DLL!LsaQueryTrustedDomainInfo This function retrieves information about a trusted domain from the Local Security Authority (LSA). System Information and Control | |
| KERNEL32.DLL!DeleteFiber Deletes an existing fiber and its associated data- affecting thread termination. Process and Thread Management | |
| OLE32.DLL!HMENU_UserUnmarshal64 This function unmarshals a HMENU object from an RPC buffer- indicating data transfer and object manipulation. DLL Injection and Manipulation | |
| ADVAPI32.DLL!GetServiceKeyNameA Retrieves the service name associated with a specified service display name. Registry Operations | |
| GDI32FULL.DLL!ScriptRecordDigitSubstitution Records National Language Support digit substitution settings in a structure for later use. System Information and Control | |
| KERNEL32.DLL!GlobalSize Retrieves the size of a specified global memory object in bytes- indicating memory management function. Memory Management | |
| USER32.DLL!GetSystemDpiForProcess Retrieves the system DPI for a specified process to manage DPI compatibility issues. System Information and Control | |
| OLEAUT32.DLL!VarDecCmpR8 Compares decimal and double types to determine their relational stance. System Information and Control | |
| GDI32FULL.DLL!GetEnhMetaFileBits Retrieves enhanced-format metafile contents into a buffer- involving memory manipulation. Memory Management | |
| SECHOST.DLL!CreateServiceA This function creates a service object in the service control manager database. Process and Thread Management | |
| OLE32.DLL!OleCreateEx Extends object creation functionality- managing multiple presentation formats and caching data efficiently. Process and Thread Management | |
| RPCRT4.DLL!RpcServerListen Signals the RPC runtime to listen for remote procedure calls- indicating network operation. Network Operations | |
| KERNEL32.DLL!Process32First Retrieves information about the first process from a system snapshot- related to process management. Process and Thread Management | |
| KERNEL32.DLL!RegisterApplicationRecoveryCallback Registers an application instance for recovery upon failure- allowing callback execution to handle errors. Process and Thread Management | |
| USER32.DLL!GetCursorInfo Retrieves information about the global cursor- providing details necessary for UI management. System Information and Control | |
| KERNEL32.DLL!FindFirstVolumeMountPointW Retrieves names of mounted folders on volumes- facilitating file system operations. File Operations | |
| COMCTL32.DLL!ImageList_Duplicate Creates a duplicate of an image list- managing graphic resources for UI elements. Memory Management | |
| RPCRT4.DLL!NdrPointerFree This function frees previously allocated memory- categorizing it under Memory Management. Memory Management | |
| SHCORE.DLL!IUnknown_AtomicRelease Releases a COM pointer and sets it to NULL- managing object lifetimes. Memory Management | |
| SHELL32.DLL!SHEmptyRecycleBinW Empties the Recycle Bin on specified drives- managing file deletion operations. File Operations | |
| KERNEL32.DLL!GetUILanguageInfo Retrieves information about an installed UI language including attributes like installation and licensing status. System Information and Control | |
| WSOCK32.DLL!socket Creates a socket bound to a specific transport service provider for network communication. Network Operations | |
| KERNEL32.DLL!WerUnregisterExcludedMemoryBlock This function manages memory block registration status for Windows Error Reporting. Memory Management | |
| OLE32.DLL!CoInitializeSecurity This function registers security and sets default values for process-level security in COM. System Information and Control | |
| KERNEL32.DLL!RegSaveKeyExW Saves a registry key and all subkeys to a file- modifying registry data. Registry Operations | |
| GDI32FULL.DLL!LineDDA This function calculates the pixels for drawing a line- involving graphical data manipulation. System Information and Control | |
| ADVAPI32.DLL!GetFileSecurityA Retrieves security information about a file or directory- related to access rights and privileges. File Operations | |
| KERNEL32.DLL!QueryFullProcessImageNameW Retrieves the full executable name of a specified process. System Information and Control | |
| GDI32FULL.DLL!CreateFontA This function creates a logical font for drawing text- categorized under system information and control. System Information and Control | |
| RPCRT4.DLL!RpcBindingSetAuthInfoW Sets authentication and authorization info for remote procedure calls using a binding handle. Network Operations | |
| USER32.DLL!DlgDirSelectExA Retrieves the current selection from a single-selection list box related to directory or filename. File Operations | |
| ADVAPI32.DLL!LogonUserW Attempts to log a user onto the local computer and returns a user token for impersonation. Process and Thread Management | |
| KERNEL32.DLL!HeapFree Frees a memory block allocated from a heap using HeapAlloc or HeapReAlloc. Memory Management | |
| SECHOST.DLL!QueryServiceObjectSecurity Retrieves the security descriptor for a service object- involving access permissions and control. Registry Operations | |
| OLEAUT32.DLL!RegisterActiveObject Registers an object as the active object for its class- impacting object lifecycle management. Process and Thread Management | |
| SECHOST.DLL!LsaLookupSids2 Looks up names corresponding to security identifiers (SIDs) for access control purposes. System Information and Control | |
| KERNEL32.DLL!GetCurrentActCtx Returns the handle to the active activation context of the calling thread. Process and Thread Management | |
| USER32.DLL!DdeAbandonTransaction Releases resources from an asynchronous transaction in DDE communication. Process and Thread Management | |
| USER32.DLL!DdeInitializeA Registers an application with DDEML- enabling it to handle DDE transactions. System Information and Control | |
| KERNEL32.DLL!CreateBoundaryDescriptorW This function creates a boundary descriptor for managing security contexts and isolation. System Information and Control | |
| GDI32.DLL!PATHOBJ_bEnum Retrieves the next PATHDATA record- enumerating curves in a specified path. System Information and Control | |
| USER32.DLL!MessageBoxExW Displays a message box with application-defined message and title- allowing user interactions for decision-making. System Information and Control | |
| KERNEL32.DLL!IsProcessInJob Determines if a process is part of a job- relating to process management. Process and Thread Management | |
| KERNELBASE.DLL!InitializeAcl This function initializes an Access Control List (ACL) structure- needed for security and permissions. Registry Operations | |
| ADVAPI32.DLL!RegRenameKey Changes the name of a specified registry key. Registry Operations | |
| SHELL32.DLL!SHPropStgWriteMultiple This function writes multiple properties to a property store- indicating file operation capabilities. File Operations | |
| KERNEL32.DLL!SetFileAttributesTransactedA Sets file or directory attributes as part of a transaction. File Operations | |
| KERNEL32.DLL!SubmitThreadpoolWork Posts a work object to the thread pool for asynchronous processing. Process and Thread Management | |
| GDI32FULL.DLL!SetDCBrushColor Sets the brush color in a device context for drawing operations. System Information and Control | |
| OLEAUT32.DLL!VarMul Multiplies two variant data types and returns the result. Memory Management | |
| KERNEL32.DLL!InitializeContext Initializes a CONTEXT structure with necessary size and alignment for later use in thread management. Process and Thread Management | |
| OLEAUT32.DLL!VarUI2FromCy Converts currency values to unsigned short values for use in COM automation. System Information and Control | |
| OLE32.DLL!HDC_UserUnmarshal Unmarshals a HDC object from the RPC buffer- indicative of inter-process communication. Process and Thread Management | |
| KERNEL32.DLL!RemoveDirectoryW Deletes an existing empty directory specified by the path. File Operations | |
| USER32.DLL!SwapMouseButton Reverses mouse button functions- manipulating system input settings affecting mouse behavior. System Information and Control | |
| WINMMBASE.DLL!mixerMessage Sends a custom message directly to a mixer driver for multimedia processing. System Information and Control | |
| OLE32.DLL!HACCEL_UserMarshal Marshals a HACCEL for Remote Procedure Call (RPC) purposes. DLL Injection and Manipulation | |
| KERNEL32.DLL!FindVolumeClose Closes a volume search handle used for locating volumes in the file system. File Operations | |
| RPCRT4.DLL!CStdStubBuffer_Connect Connects server objects to COM stubs for remote procedure calls (RPC). Network Operations | |
| USER32.DLL!CopyIcon Copies an icon from another module to the current module- manipulating graphical resources. DLL Injection and Manipulation | |
| WINDOWS.STORAGE.DLL!SHCreateItemInKnownFolder This function creates a Shell item for a file in a known folder- performing file system operations. File Operations | |
| USER32.DLL!SendMessageCallbackA Sends a message to a window and processes response through a callback function. Network Operations | |
| GDI32FULL.DLL!CreatePen Creates a logical pen for drawing operations; categorized under graphic functions using Device Context. File Operations | |
| WS2_32.DLL!WSAHtonl Converts a u_long from host byte order to network byte order for socket communications. Network Operations | |
| KERNEL32.DLL!IsBadWritePtr Checks if a process can write to specified memory- assessing memory access rights. Memory Management | |
| USER32.DLL!IsWindowEnabled Checks if a window can receive mouse and keyboard input- impacting user interaction with the interface. System Information and Control | |
| USER32.DLL!InsertMenuA Inserts a new menu item into a menu- affecting the layout of existing items. System Information and Control | |
| OLE32.DLL!CoGetCurrentLogicalThreadId Returns the logical thread identifier of the current physical thread in a COM application. Process and Thread Management | |
| COMCTL32.DLL!DPA_GetPtr Retrieves an item from a dynamic pointer array- handling data structures. Memory Management | |
| USER32.DLL!GetClassLongPtrA Retrieves values from the WNDCLASSEX structure for specific windows. System Information and Control | |
| KERNEL32.DLL!CreateActCtxA Creates an activation context for managing side-by-side assemblies. System Information and Control | |
| GDI32FULL.DLL!ExcludeClipRect Creates a new clipping region by excluding a specified rectangle from the current clipping region. System Information and Control | |
| OLE32.DLL!CoImpersonateClient Enables server to impersonate client for current call duration- enhancing security and access control. Process and Thread Management | |
| WINDOWS.STORAGE.DLL!SHUpdateImageA Notifies the Shell of changes to an image in the system image list. System Information and Control | |
| KERNEL32.DLL!InitializeEnclave Initializes an enclave with specific data for secure execution in a specified process. Memory Management | |
| ADVAPI32.DLL!SaferCreateLevel Opens a SAFER_LEVEL_HANDLE- managing software execution permissions based on specified security levels. System Information and Control | |
| RPCRT4.DLL!RpcServerInqBindingHandle Obtains binding handles for RPC calls- indicating it manages network operations for request handling. Network Operations | |
| SHLWAPI.DLL!PathIsLFNFileSpecA Determines if a file name is in long format- used for file specification validation. File Operations | |
| OLEAUT32.DLL!LPSAFEARRAY_UserSize64 Calculates the size of a SAFEARRAY for remote procedure calls- handling its data and alignment. Memory Management | |
| KERNEL32.DLL!AppPolicyGetClrCompat Retrieves application type of a process for reflection and object agility decisions. System Information and Control | |
| GDI32FULL.DLL!GetObjectType Returns the type of a cluster object- providing information for system control and management. System Information and Control | |
| KERNEL32.DLL!GetDefaultCommConfigW Retrieves default configuration for communications devices- facilitating file and device management. File Operations | |
| KERNEL32.DLL!FileTimeToSystemTime Converts file time to system time format- facilitating time management operations. System Information and Control | |
| KERNEL32.DLL!AddDllDirectory Adds a directory to the process DLL search path- affecting DLL loading behavior. DLL Injection and Manipulation | |
| RPCRT4.DLL!RpcBindingSetAuthInfoExA This function sets authentication and authorization details for remote procedure calls. Network Operations | |
| WSOCK32.DLL!htonl Converts a u_long from host to TCP/IP network byte order (big-endian). Network Operations | |
| KERNEL32.DLL!GetCalendarInfoW Retrieves calendar information based on locale identifier for localization purposes. System Information and Control | |
| SHLWAPI.DLL!SHRegQueryInfoUSKeyA Retrieves information about a registry subkey in user-specific subtrees. Registry Operations | |
| KERNEL32.DLL!GetWindowsDirectoryA Retrieves the path of the Windows directory- providing information about system file locations. System Information and Control | |
| OLEAUT32.DLL!VariantChangeType Converts one variant data type to another- handling coercions between fundamental types. Memory Management | |
| USER32.DLL!MessageBoxIndirectW Creates and manages a modal message box for user interaction. System Information and Control | |
| OLEAUT32.DLL!GetAltMonthNames Retrieves alternate month names based on locale- assisting localization. System Information and Control | |
| KERNEL32.DLL!AddResourceAttributeAce Adds an access control entry to a system access control list for resource management. Registry Operations | |
| USER32.DLL!RegisterWindowMessageW Allows the registration of a unique window message identifier for inter-application communication. System Information and Control | |
| USER32.DLL!LoadMenuW Loads a menu resource from an executable file associated with an application instance. System Information and Control | |
| KERNEL32.DLL!PeekNamedPipe Reads data from a named or anonymous pipe without removing it- providing information about available data. Network Operations | |
| RPCRT4.DLL!RpcServerUseProtseqIfW Configures the RPC runtime to use specified protocol sequences for receiving remote procedure calls. Network Operations | |
| KERNEL32.DLL!GlobalMemoryStatusEx Retrieves information on physical and virtual memory usage in the system. Memory Management | |
| KERNEL32.DLL!GetSystemTimeAdjustment Determines periodic time adjustments for the system clock- enabling synchronization with external time sources. System Information and Control | |
| RPCRT4.DLL!RpcServerUseProtseqEpA This function registers a protocol sequence and endpoint for remote procedure calls. Network Operations | |
| SHLWAPI.DLL!PathFindOnPathA Searches for a specified file in standard directories and specified paths. File Operations | |
| KERNEL32.DLL!FindAtomW Searches the atom table for a string and retrieves the corresponding atom- facilitating data exchange. System Information and Control | |
| USER32.DLL!GetScrollRange Retrieves the minimum and maximum scroll box positions for a specified scroll bar. System Information and Control | |
| KERNEL32.DLL!GetHandleInformation This function retrieves properties related to handles of system objects- impacting process and thread management. Process and Thread Management | |
| RPCRT4.DLL!NdrDllUnregisterProxy This function removes registry entries related to proxy interfaces- thus modifying registry data. Registry Operations | |
| SHLWAPI.DLL!PathIsSameRootA Compares two paths to check for a common root component. File Operations | |
| USER32.DLL!GetAltTabInfoA Retrieves information about the application-switching window- affecting user interface visibility and interaction. System Information and Control | |
| KERNELBASE.DLL!AccessCheckByTypeResultListAndAuditAlarmByHandleW This function checks access permissions based on security descriptors and client impersonation. System Information and Control | |
| KERNEL32.DLL!WTSGetActiveConsoleSessionId Retrieves session identifier for the active console- pertains to system session management. System Information and Control | |
| KERNEL32.DLL!DeleteFileW Deletes an existing file from the file system. File Operations | |
| KERNEL32.DLL!EnumCalendarInfoExA Enumerates calendar information based on locale identifiers- categorizing it under System Information and Control. System Information and Control | |
| GDI32FULL.DLL!ScriptGetProperties Retrieves information about current scripts for internationalization. System Information and Control | |
| USER32.DLL!DrawCaption Draws a window caption based on provided parameters; involves rendering graphical elements. System Information and Control | |
| GDI32FULL.DLL!SetDIBits Sets pixel colors for a compatible bitmap using data from a device-independent bitmap (DIB). File Operations | |
| KERNEL32.DLL!FlsSetValue Stores a value in fiber local storage specific to the calling fiber- pertaining to thread management. Process and Thread Management | |
| SHELL32.DLL!Shell_NotifyIconGetRect Retrieves screen coordinates for a notification icon's bounding rectangle. System Information and Control | |
| USER32.DLL!IsCharAlphaNumericW Checks if a character is alphanumeric based on the user's language settings. System Information and Control | |
| WMI.DLL!EnableTrace Configures how an ETW event provider logs events to a trace session. System Information and Control | |
| KERNELBASE.DLL!PerfDecrementULongCounterValue Decrements a performance counter value- managing system performance metrics. System Information and Control | |
| WSOCK32.DLL!gethostbyaddr Retrieves host information from a network address- indicating network operation. Network Operations | |
| NTDLL.DLL!RtlIpv6StringToAddressExW Converts IPv6 address strings to their binary form for network operations. Network Operations | |
| GDI32FULL.DLL!CreateDIBPatternBrushPt This function creates a logical brush associated with a device-independent bitmap pattern. Memory Management | |
| OLEAUT32.DLL!OleCreatePropertyFrameIndirect Creates a property frame dialog box for editing properties- but does not directly manipulate files- processes- or memory. System Information and Control | |
| OLEAUT32.DLL!LPSAFEARRAY_UserFree Frees resources associated with RPC calls- managing memory cleanup for safe arrays. Memory Management | |
| RPCRT4.DLL!NdrClientCall3 This function is related to Remote Procedure Calls (RPC)- facilitating communication across networked systems. Network Operations | |
| SHFOLDER.DLL!SHGetFolderPathA Retrieves a path for a specified folder based on a CSIDL value. File Operations | |
| USER32.DLL!MessageBoxA Displays a modal dialog box for user interaction- indicating system status or errors. System Information and Control | |
| SHLWAPI.DLL!SHFormatDateTimeA Converts a FILETIME structure to a string representation of date and time. System Information and Control | |
| KERNEL32.DLL!ExpandEnvironmentStringsW Expands environment variable strings based on current user values- used for system configuration. System Information and Control | |
| NTDLL.DLL!RtlAddGrowableFunctionTable Manages dynamic function tables for memory- facilitating exception handling and stack backtracing. Memory Management | |
| KERNEL32.DLL!GetPackagePath Retrieves the file path of a specified package in the system. File Operations | |
| SHLWAPI.DLL!StrSpnA Computes the substring length that matches specified characters in a buffer. System Information and Control | |
| COMCTL32.DLL!ImageList_SetImageCount Resizes an existing image list- affecting its contents and operational limits. Memory Management | |
| GDI32FULL.DLL!GetWindowExtEx Retrieves the x-extent and y-extent of a window for the specified device context. System Information and Control | |
| KERNEL32.DLL!GlobalReAlloc Changes the size or attributes of a global memory object. Memory Management | |
| ADVAPI32.DLL!LsaOpenTrustedDomainByName Opens the LSA policy handle of a remote trusted domain for querying or managing its policy. System Information and Control | |
| USER32.DLL!DefDlgProcA Processes window messages for dialog boxes; handles default message processing. System Information and Control | |
| USER32.DLL!OemToCharA Translates OEM-defined character set strings to ANSI or wide-character strings. System Information and Control | |
| SHLWAPI.DLL!PathIsRootA Determines if a provided path string points to the volume's root. File Operations | |
| OLE32.DLL!CreateAntiMoniker Creates and returns a new anti-moniker- used in the context of COM moniker manipulation. DLL Injection and Manipulation | |
| OLEAUT32.DLL!LHashValOfNameSysA Computes a hash value for a given name- useful for identifying and validating data. Cryptographic Operations | |
| OLEAUT32.DLL!SafeArrayRedim Changes the dimensions of a safe array- affecting memory allocation and deallocation. Memory Management | |
| WMI.DLL!TraceEvent Sends structured events to an event tracing session- primarily for system logging and monitoring purposes. System Information and Control | |
| USER32.DLL!GetKeyboardLayoutList Retrieves input locale identifiers- providing information about keyboard layouts and input methods. System Information and Control | |
| SHLWAPI.DLL!IsInternetESCEnabled Checks if Internet Explorer runs in Enhanced Security Configuration- impacting browsing behavior. System Information and Control | |
| WS2_32.DLL!getnameinfo Resolves a network address into a host name and service name- performing name resolution. Network Operations | |
| OLEAUT32.DLL!VarBoolFromR8 Converts a double value to a Boolean value- focusing on type management. Memory Management | |
| USER32.DLL!GetMonitorInfoW Retrieves information about a display monitor's characteristics. System Information and Control | |
| SHCORE.DLL!SHEnumValueW This function enumerates values from a specified registry key. Registry Operations | |
| OLE32.DLL!CoGetInstanceFromFile Initializes a new object from a file by loading it using IPersistFile::Load. File Operations | |
| USER32.DLL!IsWindowVisible Determines the visibility state of a specified window by checking its WS_VISIBLE style bit. System Information and Control | |
| KERNEL32.DLL!GetComputerNameExW Retrieves the NetBIOS or DNS names associated with the local computer. System Information and Control | |
| OLE32.DLL!NdrProxyForwardingFunction21 Stub function for implementing COM proxies- essential for interface marshaling in RPC communication. Network Operations | |
| RPCRT4.DLL!RpcBindingCreateW Creates a new RPC binding handle based on a provided template- essential for network communication. Network Operations | |
| USER32.DLL!GetClipboardFormatNameA Retrieves the name of a clipboard format- indicating data handling from the clipboard. File Operations | |
| ADVAPI32.DLL!LookupPrivilegeValueA Retrieves a locally unique identifier (LUID) for specified privilege names for access control. System Information and Control | |
| WINDOWS.STORAGE.DLL!SHCreateDirectoryExW Creates a new file system folder- specifying path and optional security attributes. File Operations | |
| WS2_32.DLL!WSCGetProviderInfo Retrieves data associated with a layered service provider for Winsock. Network Operations | |
| OLEAUT32.DLL!VarI4FromR4 Converts float to long; manages type conversion and variable structures. Memory Management | |
| USER32.DLL!GetMenuBarInfo Retrieves information about a specified menu bar in a window. System Information and Control | |
| OLEAUT32.DLL!HWND_UserMarshal This function is related to marshalling window handles- which implies manipulations of windows in the system. DLL Injection and Manipulation | |
| GDI32FULL.DLL!SetDIBColorTable Sets RGB color values in a DIB's color table within a device context. Memory Management | |
| KERNEL32.DLL!CreateFileMappingW Creates or opens a file mapping object for a specified file- involving memory management operations. Memory Management | |
| SHELL32.DLL!SHBrowseForFolderW Displays a dialog for the user to select a folder- dealing directly with file system navigation. File Operations | |
| CRYPTSP.DLL!CryptSetHashParam Customizes hash object operations- adjusting its contents and selecting hashing algorithms. Cryptographic Operations | |
| USER32.DLL!SetDisplayConfig Modifies display topology and modes- indicating control over display settings and configurations. System Information and Control | |
| OLE32.DLL!NdrProxyForwardingFunction25 Stub function for COM proxies; facilitates communication between client and server in COM infrastructure. Network Operations | |
| SHLWAPI.DLL!StrChrIA Searches for the first occurrence of a character in a string; involves string manipulation. File Operations | |
| KERNEL32.DLL!FindNextFileA Continues a file search initiated by FindFirstFile- providing the next file's data. File Operations | |
| KERNEL32.DLL!CreateMutexExA Creates or opens a mutex object for synchronization between threads or processes. Process and Thread Management | |
| KERNEL32.DLL!MoveFileExW Moves files or directories with various options- especially managing file state during reboot. File Operations | |
| KERNEL32.DLL!PackageFullNameFromId Retrieves the full name of a package using its identifier to manage app identities. System Information and Control | |
| KERNEL32.DLL!ReplaceFileW Replaces one file with another- supporting backup creation- falling under file manipulation operations. File Operations | |
| GDI32FULL.DLL!EnumFontFamiliesExA Enumerates uniquely-named fonts based on specified characteristics in the LOGFONT structure. System Information and Control | |
| ADVAPI32.DLL!DecryptFileA This function decrypts an encrypted file or directory- requiring specific file access rights. File Operations | |
| CRYPTSP.DLL!CryptGetKeyParam Retrieves parameters related to cryptographic key operations like length and algorithm identifier. Cryptographic Operations | |
| USER32.DLL!SetScrollRange Modifies the minimum and maximum positions of a scroll bar- affecting user interface control. System Information and Control | |
| KERNEL32.DLL!GetThreadSelectorEntry Retrieves a descriptor table entry for a specified selector and thread- related to thread management. Process and Thread Management | |
| USER32.DLL!GetClipboardViewer Retrieves the handle to the clipboard viewer chain's first window- impacting data exchange operations. Hooking and Interception | |
| SHELL32.DLL!SHShowManageLibraryUI This function shows a management dialog for libraries- enabling organization of library folders and settings. System Information and Control | |
| GDI32FULL.DLL!GetLogColorSpaceW Retrieves color space definition from a specified handle. Related to graphical output management. System Information and Control | |
| OLEAUT32.DLL!VarUI4FromUI8 Converts an 8-byte unsigned integer to an unsigned long value. Memory Management | |
| USER32.DLL!GetPointerTouchInfoHistory Retrieves coalesced touch input information for a specified pointer- indicating input handling. System Information and Control | |
| OLEAUT32.DLL!VarUI4FromUI2 Converts an unsigned short value to an unsigned long value- involving data type conversion. Memory Management | |
| SHELL32.DLL!SHLoadNonloadedIconOverlayIdentifiers Signals the Shell to load icon overlay identifiers during subsequent operations. Registry Operations | |
| WS2_32.DLL!WSAStringToAddressW Converts a network address from text to numeric format for socket functions. Network Operations | |
| KERNEL32.DLL!GetThreadDescription Retrieves the description assigned to a thread- relevant for managing threads. Process and Thread Management | |
| OLE32.DLL!SetConvertStg This function indicates if an object should convert to a new class when opened. Memory Management | |
| OLEAUT32.DLL!VarUI4FromDate Converts a date to an unsigned long- indicating operations on data types. Memory Management | |
| ISettingsItem::GetPath Retrieves the path for a settings item- useful for file-related operations. File Operations | |
| USER32.DLL!DdeQueryConvInfo Retrieves information about a DDE transaction and conversation details. Network Operations | |
| SHLWAPI.DLL!PathIsFileSpecW This function checks for path-delimiting characters in a provided path string. File Operations | |
| KERNEL32.DLL!ExitProcess Ends the calling process and all its threads- managing process termination. Process and Thread Management | |
| ADVAPI32.DLL!RegOpenKeyTransactedA Opens a registry key and associates it with a transaction- thus altering registry operations. Registry Operations | |
| USER32.DLL!DialogBoxIndirectParamA Creates a modal dialog box from a template in memory and manages its lifecycle. Process and Thread Management | |
| COMCTL32.DLL!ImageList_EndDrag Ends a drag operation- signaling the end of a user-initiated action involving UI elements. System Information and Control | |
| KERNEL32.DLL!IsEnclaveTypeSupported Checks if the specified enclave type is supported by the system. System Information and Control | |
| WINMMBASE.DLL!waveOutUnprepareHeader Cleans up preparation of audio data buffers after device driver usage- facilitating proper resource management. Memory Management | |
| ADVAPI32.DLL!RegisterEventSourceW Retrieves a handle to a specified event log- enabling event logging functions. Registry Operations | |
| IShellMenu::GetMenu Retrieves menu information previously set- allowing interaction with the user interface. System Information and Control | |
| KERNEL32.DLL!GetSystemInfo Retrieves information about the current system- such as processor architecture and number of processors. System Information and Control | |
| USER32.DLL!wvsprintfW Writes formatted data to a specified buffer from a list of arguments- affecting memory handling. Memory Management | |
| KERNEL32.DLL!SetThreadContext Sets the execution context of a specified thread- controlling its behavior and state. Process and Thread Management | |
| SHLWAPI.DLL!UrlIsA Tests if a specified URL is of a certain type- including file URLs. Network Operations | |
| KERNEL32.DLL!GetFileSize Retrieves the size of a file in bytes. File Operations | |
| SHCORE.DLL!SHCreateThreadRef This function creates a reference to a COM object for the current thread- managing threading operations. Process and Thread Management | |
| ADVAPI32.DLL!LsaEnumerateTrustedDomains Retrieves names and SIDs of trusted domains for authentication. System Information and Control | |
| SHLWAPI.DLL!PathIsRelativeA Determines if a given path is relative or absolute. File Operations | |
| OLE32.DLL!HDC_UserMarshal64 Marshals a HDC object into an RPC buffer for remote procedure calls. DLL Injection and Manipulation | |
| USER32.DLL!GetUserObjectInformationA Retrieves information about window station or desktop objects- including security and attributes. System Information and Control | |
| USER32.DLL!SetThreadDpiAwarenessContext This function sets the DPI awareness for the current thread. System Information and Control | |
| SHELL32.DLL!SHAddDefaultPropertiesByExt Adds default properties to a file's property store based on its extension. Registry Operations | |
| IOleDocumentView::SetRect Adjusts viewport dimensions for a document view- influencing window layout. System Information and Control | |
| KERNEL32.DLL!GetProcessShutdownParameters Retrieves shutdown parameters for the currently calling process- including priority level and flags. Process and Thread Management | |
| USER32.DLL!CharToOemBuffW Translates characters in a string to the OEM character set- affecting string data representation. File Operations | |
| KERNEL32.DLL!GetProcessGroupAffinity Retrieves processor group affinity for a specified process- related to managing process execution on multi-processor systems. Process and Thread Management | |
| NTDLL.DLL!RtlFreeUnicodeString Frees memory allocated for a Unicode string buffer- indicating memory management operations. Memory Management | |
| OLEAUT32.DLL!SafeArrayAllocDescriptorEx Creates a safe array descriptor for variant types without memory allocation for data. Memory Management | |
| KERNEL32.DLL!GetTapeParameters Retrieves information regarding tape devices and media- involving device handles and buffer management. File Operations | |
| USER32.DLL!IsCharAlphaNumericA Checks if a character is alphanumeric- categorized under System Information and Control for language-based character verification. System Information and Control | |
| SHLWAPI.DLL!StrCpyW Copies strings- with potential for buffer overruns leading to vulnerabilities. Memory Management | |
| KERNEL32.DLL!CompareStringW Compares two character strings for specified locales- affecting how strings are evaluated for security. System Information and Control | |
| GDI32FULL.DLL!CreateDiscardableBitmap Creates a compatible bitmap for use in graphics operations. Memory Management | |
| ADVAPI32.DLL!TreeSetNamedSecurityInfoW Sets security information in the security descriptor for a tree of objects- modifying access control settings. Registry Operations | |
| WINMMBASE.DLL!mixerGetLineControlsA Retrieves controls associated with an audio line for configuration or management. System Information and Control | |
| WINMMBASE.DLL!mmioRenameA The mmioRename function renames a specified file- performing file operations. File Operations | |
| KERNEL32.DLL!PackageNameAndPublisherIdFromFamilyName Retrieves package name and publisher ID for a specific package family- addressing app management. System Information and Control | |
| RPCRT4.DLL!RpcServerSubscribeForNotification This function subscribes the server to receive notifications from RPC- facilitating communication regarding call status. Network Operations | |
| SHLWAPI.DLL!StrStrA Searches for a substring in a string- relevant for string manipulation in file names. File Operations | |
| KERNEL32.DLL!CreateThread Creates a thread to execute within the virtual address space of the calling process. Process and Thread Management | |
| KERNEL32.DLL!VirtualProtect Changes memory protection settings in the virtual address space of the process. Memory Management | |
| KERNEL32.DLL!SuspendThread Suspends the specified thread- halting its execution until resumed- indicating its role in thread management. Process and Thread Management | |
| OLE32.DLL!STGMEDIUM_UserFree Frees resources on the server side for RPC calls- managing memory allocation. Memory Management | |
| GDI32FULL.DLL!PtVisible This function checks if a point is within a clipping region of a device context- relating to graphical operations. System Information and Control | |
| RPCRT4.DLL!RpcBindingFromStringBindingA Creates a server binding handle from a string- facilitating network communication in RPC. Network Operations | |
| COMCTL32.DLL!ImageList_Write Writes an image list to a stream- manipulating image data storage. File Operations | |
| KERNEL32.DLL!GetNextUmsListItem Returns the next user-mode scheduling thread context in a specified list of thread contexts. Process and Thread Management | |
| KERNEL32.DLL!WerGetFlags Retrieves fault reporting settings for a specified process- affecting how errors are reported. System Information and Control | |
| RPCRT4.DLL!MesInqProcEncodingId This function retrieves the identity of an encoding or decoding operation for data serialization. System Information and Control | |
| USER32.DLL!GetIconInfoExA Retrieves information about icons or cursors and their bitmap representations. System Information and Control | |
| CRYPTSP.DLL!CryptAcquireContextW Acquires a handle to a key container for cryptographic operations. Cryptographic Operations | |
| OLE32.DLL!MkParseDisplayName Converts a string into a moniker for identifying an object- related to binding operations. System Information and Control | |
| OLEAUT32.DLL!VarDateFromI2 Converts a short value to a date value- focusing on data type transformation and manipulation. Memory Management | |
| USER32.DLL!ScrollWindowEx This function modifies the display of a window's contents- influencing visual representation rather than direct file or system changes. System Information and Control | |
| WS2_32.DLL!WSAInstallServiceClassA Registers a service class schema within a namespace for Windows Sockets. Network Operations | |
| SECHOST.DLL!CredFree This function frees a memory buffer used by credential management- involving memory allocation management. Memory Management | |
| USER32.DLL!IsIconic Checks if a specified window is minimized. System Information and Control | |
| GDI32.DLL!BRUSHOBJ_pvGetRbrush Retrieves a pointer to a driver's brush realization for drawing operations. Memory Management | |
| USER32.DLL!PrintWindow Copies a visual window to a device context- typically for output to a printer. File Operations | |
| RPCRT4.DLL!RpcStringBindingParseW Parses a string binding to extract components including protocol sequence and network address. Network Operations | |
| RPCRT4.DLL!RpcProtseqVectorFreeW Frees memory allocated for protocol sequence vector in RPC context. Memory Management | |
| NTDLL.DLL!RtlFirstEntrySList Retrieves the first entry in a synchronized singly linked list. Memory Management | |
| GDI32FULL.DLL!ScriptApplyDigitSubstitution Updates structures for digit substitution policies in scripts without performing actual substitutions. System Information and Control | |
| GDI32FULL.DLL!BeginPath Opens a path bracket in a specified device context for drawing operations. System Information and Control | |
| KERNEL32.DLL!CreateSymbolicLinkTransactedA Creates a symbolic link as a transacted operation- allowing for file and directory management. File Operations | |
| USER32.DLL!SetMenuItemBitmaps Associates bitmaps with menu items to visually indicate their state. System Information and Control | |
| SHLWAPI.DLL!StrFormatByteSize64A Converts numeric values to string representations of size in bytes- kilobytes- megabytes- or gigabytes. System Information and Control | |
| WINMMBASE.DLL!mmioStringToFOURCCW Converts a null-terminated string to a four-character code for multimedia. System Information and Control | |
| GDI32FULL.DLL!IntersectClipRect Creates a clipping region based on the intersection of the current region and a specified rectangle. System Information and Control | |
| SHLWAPI.DLL!StrRStrIA Searches for a substring within a string- returning the position of its last occurrence. System Information and Control | |
| OLEAUT32.DLL!VarBoolFromCy Converts a currency value to a Boolean value for data transformation. System Information and Control | |
| ADVAPI32.DLL!LsaSetTrustedDomainInfoByName Sets values for a TrustedDomain object- managing security policy configurations. Registry Operations | |
| WINMMBASE.DLL!waveOutSetVolume Sets the volume level of a waveform-audio output device- affecting audio file operations. File Operations | |
| KERNEL32.DLL!LeaveCriticalSection Releases ownership of a critical section for synchronization among threads. Process and Thread Management | |
| OLE32.DLL!CoCreateGuid Creates a globally unique identifier (GUID) for CLSIDs and interface identifiers. System Information and Control | |
| GDI32FULL.DLL!ScriptPlace Generates glyph advance width and offsets- related to text rendering and layout. Process and Thread Management | |
| OLE32.DLL!WriteClassStm Writes a CLSID to a stream for storage- representing a file operation in the structured storage context. File Operations | |
| OLE32.DLL!OleDuplicateData Duplicates specified data from one handle to another- typically for data transfer operations. Memory Management | |
| OLE32.DLL!CLSIDFromProgIDEx Retrieves CLSID from ProgID; triggers installations affecting registry and COM management. Registry Operations | |
| GDI32FULL.DLL!EnumFontFamiliesW This function enumerates available fonts on a specified device- involving font retrieval and processing. System Information and Control | |
| USER32.DLL!RemoveMenu Deletes a menu item from a specified menu without destroying the menu handle. System Information and Control | |
| USER32.DLL!CreateWindowStationW Creates a window station object related to the calling process within the current session. Process and Thread Management | |
| SHCORE.DLL!SHGetThreadRef Retrieves per-thread object reference- indicating thread management. Process and Thread Management | |
| USER32.DLL!EndDeferWindowPos Updates the position and size of multiple windows in a screen-refresh cycle. Process and Thread Management | |
| KERNEL32.DLL!CopyFileExA Copies an existing file to a new location with progress reporting through a callback function. File Operations | |
| CRYPTSP.DLL!CryptSetProvParam Customizes cryptographic service provider operations- including setting security descriptors for access control to key containers. Cryptographic Operations | |
| SECHOST.DLL!AuditEnumerateSubCategories This function enumerates audit-policy subcategories for security monitoring. System Information and Control | |
| SECHOST.DLL!SetTraceCallback Specifies a function to process events for a specified event trace class. System Information and Control | |
| WINMMBASE.DLL!DriverCallback Sends a message to a window or calls a callback function- crucial for driver communications. Process and Thread Management | |
| USER32.DLL!GetLastActivePopup Determines the most recently active pop-up window owned by a specified window. System Information and Control | |
| OLE32.DLL!BindMoniker Retrieves a pointer to an interface on an object using its moniker- initiating object activation if necessary. DLL Injection and Manipulation | |
| ADVAPI32.DLL!BuildExplicitAccessWithNameW Initializes an EXPLICIT_ACCESS structure for setting access permissions for a specified trustee. Registry Operations | |
| USER32.DLL!GetWindowLongPtrA Retrieves information and values from a specified window's attributes- useful for UI management. System Information and Control | |
| GDI32FULL.DLL!SetTextAlign Sets text alignment flags for a device context influencing text positioning. System Information and Control | |
| OLEAUT32.DLL!VarDecRound This function rounds a decimal variant- focusing on numerical manipulation rather than file or system operations. Memory Management | |
| ADVAPI32.DLL!RegCreateKeyW Creates or opens a specified Windows registry key. Registry Operations | |
| GDI32FULL.DLL!BitBlt Transfers pixel data between device contexts- manipulating graphic content. File Operations | |
| SHCORE.DLL!SHSetValueW This function sets the value of a specified registry key. Registry Operations | |
| RPCRT4.DLL!RpcNetworkIsProtseqValidA Checks if a protocol sequence is supported for remote procedure calls. Network Operations | |
| SHELL32.DLL!ReadCabinetState Retrieves configuration data from the registry and populates a CABINETSTATE structure. Registry Operations | |
| RPCRT4.DLL!NdrInterfacePointerMarshall Marshals interface pointers into a network buffer for RPC communication. Network Operations | |
| KERNEL32.DLL!TlsAlloc Allocates a TLS index for threads to store values specific to each thread's context. Process and Thread Management | |
| KERNEL32.DLL!CreateDirectoryExW Creates a new directory with attributes from a specified template directory. File Operations | |
| KERNEL32.DLL!GetProcessVersion Retrieves version numbers for processes- indicating system compatibility. System Information and Control | |
| KERNEL32.DLL!WaitForSingleObject Waits for a specified object to be signaled- affecting synchronization of processes and threads. Process and Thread Management | |
| RPCRT4.DLL!RpcRevertContainerImpersonation Reverts to the original security context- relevant for controlling access and permissions in RPC. System Information and Control | |
| KERNEL32.DLL!WriteFileEx Asynchronously writes data to a file or I/O device- allowing for completion routine callbacks. File Operations | |
| COMCTL32.DLL!FlatSB_GetScrollInfo Retrieves information for a flat scroll bar- part of UI control management. System Information and Control | |
| USER32.DLL!PostThreadMessageW Posts a message to a specified thread's message queue- facilitating inter-thread communication. Process and Thread Management | |
| IADsAccessControlList::AddAce Adds an access control entry to a security descriptor's access control list for permissions management. Registry Operations | |
| KERNEL32.DLL!WaitForDebugEventEx This function waits for debugging events- crucial in managing and controlling process debugging. Process and Thread Management | |
| WS2_32.DLL!GetAddrInfoExA Resolves host names to addresses using specified namespace- involving network protocol operations. Network Operations | |
| GDI32.DLL!StrokePath Renders a specified path using the current pen in a device context. System Information and Control | |
| GDI32FULL.DLL!GetBitmapDimensionEx Retrieves dimensions of a compatible bitmap set by the SetBitmapDimensionEx function. File Operations | |
| USER32.DLL!DdeInitializeW Registers applications with the DDEML- enabling Dynamic Data Exchange functionality. Process and Thread Management | |
| WINDOWS.STORAGE.DLL!SHGetFileInfoW Retrieves various information about an object in the file system- focusing on file attributes and metadata. File Operations | |
| SHLWAPI.DLL!StrStrW Finds a substring within a string- encoding-aware for Unicode and ANSI. System Information and Control | |
| KERNEL32.DLL!SetProcessWorkingSetSize Sets minimum and maximum working set sizes for a specified process- affecting its memory management. Memory Management | |
| OLEAUT32.DLL!VarUI1FromDec Converts a decimal value to an unsigned char- indicative of data manipulation. Memory Management | |
| USER32.DLL!GetDpiForSystem Returns the system DPI value- providing information about the display context. System Information and Control | |
| OLE32.DLL!STGMEDIUM_UserUnmarshal64 This function unmarshals a STGMEDIUM object from an RPC buffer- relating to inter-process communication. Process and Thread Management | |
| KERNEL32.DLL!PrepareTape Prepares a tape for access- including loading- locking- and unloading operations. File Operations | |
| SHELL32.DLL!SHSetUnreadMailCountW Updates the unread message count in the user's registry for a specified email account. Registry Operations | |
| KERNEL32.DLL!CreateEventExA Creates or opens an event object for synchronization between threads or processes. Process and Thread Management | |
| OLE32.DLL!CStdStubBuffer2_QueryInterface Implements a method for querying COM interfaces- mainly used in Remote Procedure Calls (RPC). System Information and Control | |
| KERNEL32.DLL!UpdateResourceA Adds- deletes- or modifies resources like icons or menus in PE files. File Operations | |
| GDI32FULL.DLL!GetBitmapBits This function copies bitmap data into a buffer- handling file-type data within memory. Memory Management | |
| RPCRT4.DLL!RpcBindingToStringBindingA Converts a binding handle to its string representation- indicating network-related function. Network Operations | |
| GDI32FULL.DLL!CreateFontIndirectA This function creates a logical font- categorizing it under system graphic operations. System Information and Control | |
| USER32.DLL!GetMenuCheckMarkDimensions Retrieves dimensions for the default check-mark bitmap used in menus in Windows applications. System Information and Control | |
| RPCRT4.DLL!RpcBindingCopy Copies binding information to create a new binding handle- essential for reliable inter-thread communication. Network Operations | |
| USER32.DLL!GrayStringA Renders gray text on the screen using GDI- manipulating the device context and bitmap. System Information and Control | |
| RPCRT4.DLL!RpcSsDontSerializeContext This function controls serialization behavior for RPC calls- impacting process context management. Process and Thread Management | |
| WS2_32.DLL!WSARecv This function receives data from a connected socket- involving network communication operations. Network Operations | |
| WINMMBASE.DLL!mmioSetInfo Updates information about a file accessed via buffered I/O- thus managing file-related data. File Operations | |
| GDI32FULL.DLL!CreateFontIndirectExW Creates a logical font for use in a device context based on specified characteristics. System Information and Control | |
| ADVAPI32.DLL!OpenEncryptedFileRawW Opens an encrypted file for backup or restore- maintaining file encryption during the process. File Operations | |
| SHLWAPI.DLL!IUnknown_GetWindow Retrieves a window handle from a COM object- involving querying various interfaces. System Information and Control | |
| KERNEL32.DLL!EnumTimeFormatsEx This function enumerates time formats based on locale- interacting with system localization settings. System Information and Control | |
| KERNEL32.DLL!AddAtomA Adds a string to the local atom table- managing string identifiers. Memory Management | |
| OLEAUT32.DLL!VariantChangeTypeEx Converts a variant from one type to another- using a locale identifier (LCID). Memory Management | |
| KERNELBASE.DLL!TraceMessageVa Sends message-based events to an event tracing session using variable arguments. System Information and Control | |
| KERNEL32.DLL!DeleteTimerQueue Deletes a timer queue- canceling and removing any pending timers. Process and Thread Management | |
| OLEAUT32.DLL!SafeArrayCopy Creates a copy of a safe array- managing memory references of data types within. Memory Management | |
| KERNEL32.DLL!WriteProcessMemory Writes data to memory in a specified process- requiring write access. Memory Management | |
| KERNEL32.DLL!LZCopy Copies a source file to a destination file- handling both compressed and uncompressed formats. File Operations | |
| KERNEL32.DLL!CallNamedPipeW Connects to and communicates with a named message pipe for sending and receiving data. Network Operations | |
| USER32.DLL!DeferWindowPos Updates the position and size of multiple windows through a position structure. Process and Thread Management | |
| KERNELBASE.DLL!SetSecurityDescriptorSacl Modifies a system access control list (SACL) within a security descriptor. Registry Operations | |
| WS2_32.DLL!WSAIoctl This function controls the mode of a socket- managing input and output settings for network communication. Network Operations | |
| WSOCK32.DLL!WSACleanup Terminates the use of the Winsock DLL- cleaning up resources related to network operations. Network Operations | |
| USER32.DLL!DlgDirListW Replaces contents of a list box with names of subdirectories and files in a specified directory. File Operations | |
| KERNEL32.DLL!FormatMessageW Formats a message string from message definitions and outputs a formatted message. System Information and Control | |
| WSOCK32.DLL!WSAAsyncGetServByName Asynchronously retrieves service information corresponding to a service name and port number. Network Operations | |
| OLEAUT32.DLL!VarAdd This function sums two variants- focusing on data operations rather than file- network- or hardware management. System Information and Control | |
| KERNEL32.DLL!CreateNamedPipeW Creates a named pipe instance for process communication and returns a handle for ongoing operations. Network Operations | |
| GDI32.DLL!CLIPOBJ_bEnum This function enumerates rectangles from a clip region- involving operations on drawing and display. System Information and Control | |
| GDI32FULL.DLL!CreateHatchBrush This function creates a logical brush with a specified hatch pattern for graphical rendering. System Information and Control | |
| OLE32.DLL!CoRegisterChannelHook This function registers a channel hook- allowing interception of events. Hooking and Interception | |
| USER32.DLL!CreateDesktopW Creates a new desktop associated with the current window station for the calling process- thus managing desktop resources. Process and Thread Management | |
| OLE32.DLL!NdrProxyForwardingFunction13 A stub function for COM proxies facilitating interface marshaling in RPC. DLL Injection and Manipulation | |
| KERNEL32.DLL!Thread32First Retrieves information about the first thread from a process snapshot- managing threads. Process and Thread Management | |
| SHELL32.DLL!SHSetDefaultProperties This function applies default properties to a Shell item- indicating it modifies file item attributes. File Operations | |
| ADVAPI32.DLL!QueryTraceA Retrieves property settings and statistics for a specified event tracing session. System Information and Control | |
| GDI32FULL.DLL!SetPolyFillMode Sets the polygon fill mode for filling polygons in graphics device interface operations. System Information and Control | |
| OLE32.DLL!HBITMAP_UserSize64 Calculates wire size of HBITMAP for RPC- managing data marshaling. Memory Management | |
| GDI32FULL.DLL!ScriptStringValidate Validates a SCRIPT_STRING_ANALYSIS structure for invalid sequences in strings. System Information and Control | |
| NTDLL.DLL!RtlIpv6AddressToStringW Converts an IPv6 address to its standard string representation. Network Operations | |
| RPCRT4.DLL!NdrConvert Converts network buffer representations between sender and receiver- facilitating data interoperability in RPC. Network Operations | |
| WINMMBASE.DLL!waveOutMessage Sends messages to waveform-audio output device drivers to control audio playback. Network Operations | |
| USER32.DLL!SetClassWord Modifies a 16-bit value in window class extra memory- associated with specific window. Process and Thread Management | |
| GDI32FULL.DLL!ScriptTextOut Displays text in specified script shape- involving drawing operations on a device context. Process and Thread Management | |
| USER32.DLL!DrawTextExW Draws formatted text in a specified rectangle using different alignment and formatting options. System Information and Control | |
| KERNEL32.DLL!SetThreadpoolWait Sets wait objects for callbacks after handles become signaled- managing threading efficiently. Process and Thread Management | |
| SECHOST.DLL!AuditQuerySystemPolicy Retrieves system audit policy for specified subcategories- impacting system security controls. System Information and Control | |
| OLEAUT32.DLL!VarR4FromI1 Converts a char value to a float value- involving data type conversion. Memory Management | |
| KERNEL32.DLL!InitializeCriticalSectionAndSpinCount Initializes a critical section object for synchronizing access among threads. Process and Thread Management | |
| SHLWAPI.DLL!PathIsDirectoryW Verifies if a given path points to a valid directory. File Operations | |
| OLEAUT32.DLL!VarI1FromR4 Converts a float to a char- involving type conversion processes. Memory Management | |
| WS2_32.DLL!WSCUnInstallNameSpace32 Uninstalls a specific 32-bit namespace provider in network settings. Network Operations | |
| CRYPTSP.DLL!CryptDecrypt Decrypts data previously encrypted using CryptEncrypt- requiring cryptographic operations on data. Cryptographic Operations | |
| ADVAPI32.DLL!InitiateShutdownA Initiates a shutdown of the specified computer and manages application restarts. System Information and Control | |
| USER32.DLL!GetSystemMetrics Retrieves system metrics or configuration settings- such as window size and screen dimensions. System Information and Control | |
| KERNEL32.DLL!OpenJobObjectW This function opens an existing job object- managing access to processes grouped within a job. Process and Thread Management | |
| KERNEL32.DLL!MoveFileExA Moves an existing file or directory with various options- handling both immediate and delayed operations. File Operations | |
| OLEAUT32.DLL!VarI4FromR8 Converts double values to long- involving memory and data type operations. Memory Management | |
| WS2_32.DLL!WSCEnumProtocols Retrieves information about installed transport protocols on local computer- defining network-related operations. Network Operations | |
| GDI32FULL.DLL!ScriptGetFontAlternateGlyphs Retrieves alternate glyphs for a character based on OpenType features; does not manipulate files or processes. System Information and Control | |
| USER32.DLL!GetComboBoxInfo Retrieves information about a combo box by its handle- providing structural details. System Information and Control | |
| KERNEL32.DLL!FindActCtxSectionStringW Retrieves string information from the current activation context for side-by-side assemblies. System Information and Control | |
| SHELL32.DLL!DAD_ShowDragImage This function controls the visibility of a drag-and-drop image- affecting UI behavior. System Information and Control | |
| CRYPTSP.DLL!CryptCreateHash This function initiates hashing and creates a handle for a cryptographic hash object. Cryptographic Operations | |
| KERNEL32.DLL!PssQuerySnapshot Queries a snapshot of processes- retrieving specific information about them. System Information and Control | |
| KERNEL32.DLL!GetTapeStatus This function checks the readiness of a tape device for processing commands. System Information and Control | |
| OLE32.DLL!HPALETTE_UserSize64 Calculates wire size and handles data for HPALETTE object- related to memory/serialization operations. Memory Management | |
| OLE32.DLL!IIDFromString Converts a string representation of an interface identifier (IID) back into the original IID format. System Information and Control | |
| KERNEL32.DLL!EnumTimeFormatsW Lists available time formats for a specified locale- crucial for localization tasks. System Information and Control | |
| KERNELBASE.DLL!PerfStartProviderEx Registers a performance provider- facilitating performance monitoring capabilities. System Information and Control | |
| KERNEL32.DLL!HeapSetInformation This function enables various features for heaps- significantly affecting memory management. Memory Management | |
| SHLWAPI.DLL!PathCombineW Concatenates two path strings into one valid path. This is categorized as File Operations. File Operations | |
| OLEAUT32.DLL!VarR4FromDec Converts a decimal value to a float- facilitating type conversion operations in applications. Memory Management | |
| USER32.DLL!GetMenuItemRect Retrieves the bounding rectangle for a specified menu item in a window. System Information and Control | |
| USER32.DLL!CheckRadioButton Checks a specified radio button in a group and updates the UI. System Information and Control | |
| NTDLL.DLL!RtlIpv4StringToAddressExW Converts string representation of IPv4 address and port to binary format- facilitating network operations. Network Operations | |
| USER32.DLL!TrackPopupMenu Displays and tracks a shortcut menu based on user selection. System Information and Control | |
| SHCORE.DLL!SHSetThreadRef This function stores a reference for a COM object to manage the thread's lifetime effectively. Process and Thread Management | |
| SECHOST.DLL!ControlService Sends control commands to a service for management purposes. Process and Thread Management | |
| OLE32.DLL!CLSIDFromString Converts a string representation of a CLSID back to the CLSID format. System Information and Control | |
| WS2_32.DLL!WSAResetEvent Resets the state of a specified event object to nonsignaled in the Winsock API. Process and Thread Management | |
| KERNEL32.DLL!SetFileAttributesTransactedW Sets attributes for a file or directory in a transacted manner- indicating file operations. File Operations | |
| GDI32FULL.DLL!SelectClipPath This function selects a path as a clipping region- focusing on graphical operations within device contexts. System Information and Control | |
| SHLWAPI.DLL!UrlIsW Tests whether a URL conforms to a specific type- such as file or directory. Network Operations | |
| KERNEL32.DLL!WritePrivateProfileStructW Writes data to a specified key in an initialization file- modifying file contents directly. File Operations | |
| NTDLL.DLL!RtlEthernetStringToAddressW Converts a string representation of a MAC address to binary format. Network Operations | |
| WINDOWS.STORAGE.DLL!SHGetSpecialFolderPathA Retrieves the path of a special folder based on CSIDL- allowing file system access. File Operations | |
| KERNEL32.DLL!GetTempFileNameA Generates a name for a temporary file and optionally creates an empty file. File Operations | |
| USER32.DLL!TrackPopupMenuEx Displays a shortcut menu and tracks selection at a specified location on the screen. Process and Thread Management | |
| USER32.DLL!RemovePropA Removes an entry from a window's property list- affecting window management. Process and Thread Management | |
| OLEAUT32.DLL!VarDecFromCy Converts a currency value to a decimal value- relating to numerical data manipulation. Memory Management | |
| IShellMenu::SetMenu Appends a static menu to the menu band- modifying UI elements. System Information and Control | |
| GDI32FULL.DLL!ScriptIsComplex Determines if a Unicode string needs complex script processing for display. System Information and Control | |
| SECHOST.DLL!AuditQuerySecurity Retrieves a security descriptor that controls access to audit policy- confirming access privileges. Registry Operations | |
| WINDOWS.STORAGE.DLL!SHCreateShellItemArrayFromDataObject This function creates a Shell item array for use in Shell extensions- primarily handling file operations. File Operations | |
| USER32.DLL!OpenWindowStationA Opens a specified window station and handles access rights. System Information and Control | |
| KERNEL32.DLL!ResolveLocaleName Resolves locale names for language and region- related to system settings and internationalization. System Information and Control | |
| KERNEL32.DLL!DeleteProcThreadAttributeList This function deletes attributes for process and thread creation- impacting thread management. Process and Thread Management | |
| KERNEL32.DLL!LockResource Retrieves a pointer to a resource in memory without locking- just access. Memory Management | |
| KERNEL32.DLL!lstrcpyW Copies a string to a buffer- potentially leading to buffer overflows if mishandled. Memory Management | |
| KERNEL32.DLL!GetPrivateProfileStructA Retrieves data from an initialization file or registry based on specified section and key. Registry Operations | |
| KERNELBASE.DLL!AccessCheckAndAuditAlarmW This function checks access rights against a security descriptor for the impersonated client. System Information and Control | |
| WSOCK32.DLL!recvfrom Receives a datagram and stores the source address- enabling network communication. Network Operations | |
| SHLWAPI.DLL!SHRegCloseUSKey Closes a handle to a user-specific registry subkey- managing registry operations. Registry Operations | |
| OLEAUT32.DLL!VarI2FromUI1 Converts an unsigned char to a short- facilitating data type manipulation. Memory Management | |
| WINMMBASE.DLL!mixerGetID Retrieves device identifier for a specified audio mixer device- thus involving system resource identification. System Information and Control | |
| KERNEL32.DLL!GetProcessIdOfThread Retrieves the identifier of the process associated with a specified thread. Process and Thread Management | |
| KERNEL32.DLL!WaitCommEvent Monitors specified events for a communications device and waits for their occurrence. Network Operations | |
| KERNEL32.DLL!DnsHostnameToComputerNameA Converts DNS-style host names to NetBIOS names- facilitating network identification of computers. Network Operations | |
| KERNEL32.DLL!HeapQueryInformation Retrieves information about the specified heap- including features like low-fragmentation heap support. Memory Management | |
| IOleInPlaceSiteWindowless::SetCapture Captures mouse messages for an in-place windowless object by dispatching inputs regardless of cursor position. Hooking and Interception | |
| KERNEL32.DLL!EnumUILanguagesA Enumerates available user interface languages and calls a callback function for each- related to localization tools. System Information and Control | |
| USER32.DLL!SetClassLongPtrW Modifies properties of a window class like styles and procedures in class memory. DLL Injection and Manipulation | |
| KERNEL32.DLL!BackupWrite Restores a file or directory from backup- involving reading and writing operations. File Operations | |
| KERNEL32.DLL!MapViewOfFileEx Maps a view of a file mapping into the calling process's address space- managing memory regions. Memory Management | |
| SHELL32.DLL!RestartDialogEx Displays a dialog prompting for system restart- invoking shutdown operations. System Information and Control | |
| ADVAPI32.DLL!ObjectOpenAuditAlarmA Generates audit messages for access attempts to objects- indicating access permissions and creation. System Information and Control | |
| GDI32FULL.DLL!Ellipse Creates a D2D1_ELLIPSE structure for graphical representations. System Information and Control | |
| GDI32.DLL!EngFillPath This function fills a graphical path on a device surface- which pertains to rendering operations. System Information and Control | |
| KERNEL32.DLL!GetFirmwareEnvironmentVariableExW Retrieves firmware environment variable values- involving system-level control and interaction with UEFI. System Information and Control | |
| CRYPTSP.DLL!CryptDestroyKey Releases a cryptographic key handle- managing memory used by the key. Cryptographic Operations | |
| KERNEL32.DLL!RtlIsEcCode Determines if code is compatible with ARM emulation- essential for system compatibility checks. System Information and Control | |
| USER32.DLL!GetScrollPos Retrieves the current position of a scroll box in a scroll bar- relating to GUI elements. System Information and Control | |
| KERNEL32.DLL!RtlCaptureStackBackTrace Captures stack back trace information for debugging. System Information and Control | |
| RPCRT4.DLL!NdrSimpleStructMarshall Marshals a structure into a network buffer for remote procedure calls (RPC). Network Operations | |
| SECHOST.DLL!StartServiceCtrlDispatcherA Connects the main thread to the service control manager for processing service requests. Process and Thread Management | |
| WS2_32.DLL!WSAEnumNameSpaceProvidersA Retrieves information on available namespace providers for network operations. Network Operations | |
| GDI32FULL.DLL!GetCharWidth32W Retrieves widths of consecutive characters in the current font- managing graphical data representation. Memory Management | |
| KERNEL32.DLL!RtlCaptureContext This function retrieves a context record- capturing the state of the caller's execution. Process and Thread Management | |
| USER32.DLL!GetUpdateRect Retrieves coordinates of the update region of a window- primarily for graphical updates. System Information and Control | |
| ADVAPI32.DLL!WriteEncryptedFileRaw Restores encrypted files- maintaining their encrypted state through callback functions. File Operations | |
| GDI32FULL.DLL!CreateDIBitmap This function creates a bitmap from a DIB- managing graphic data for display. File Operations | |
| USER32.DLL!DrawStateW DrawStateW is used to display images with visual effects- primarily for rendering UI states. System Information and Control | |
| KERNEL32.DLL!CloseThreadpoolCleanupGroup Closes a specified cleanup group- managing thread pool resources effectively. Process and Thread Management | |
| OLEAUT32.DLL!SysStringByteLen Returns the length of a BSTR in bytes- aiding in memory management and string operations. Memory Management | |
| OLEAUT32.DLL!CreateErrorInfo Creates a generic error object for reporting errors in COM automation. System Information and Control | |
| USER32.DLL!LookupIconIdFromDirectory Searches for the best fitting icon or cursor based on display- dealing with resource data. System Information and Control | |
| OLE32.DLL!CoGetCallerTID Retrieves the caller's thread ID indicating which thread in COM is active. Process and Thread Management | |
| COMCTL32.DLL!ImageList_Create Creates a new image list for managing image resources in applications. System Information and Control | |
| GDI32FULL.DLL!EnumFontsW This function enumerates available fonts on a specified device context. System Information and Control | |
| SECHOST.DLL!QueryServiceStatusEx Retrieves the current status of a specified service from the service control manager. System Information and Control | |
| WINMMBASE.DLL!midiOutMessage This function sends messages to MIDI device drivers- categorizing it under Network Operations for driver communication. Network Operations | |
| USER32.DLL!ChildWindowFromPointEx Identifies child windows under a point in a parent window- dealing with UI elements. System Information and Control | |
| KERNEL32.DLL!MapViewOfFileFromApp Maps a file mapping into the app's address space- facilitating controlled file memory access. Memory Management | |
| WINMMBASE.DLL!midiOutShortMsg Sends a short MIDI message to a MIDI output device. Network Operations | |
| KERNEL32.DLL!GetPrivateProfileStringW Retrieves a string from an initialization file- performing read operations necessary for file configurations. File Operations | |
| OLE32.DLL!ObjectStublessClient23 Stub function for COM proxies used in marshalling interfaces and processing remote procedure calls. DLL Injection and Manipulation | |
| WS2_32.DLL!SetAddrInfoExA Registers or deregisters names and addresses with namespace providers- facilitating network communication. Network Operations | |
| SHELL32.DLL!SHQueryUserNotificationState This function checks user notification conditions to decide on sending notifications. System Information and Control | |
| SECHOST.DLL!EventAccessRemove Removes permissions for a specified provider/session in the registry. Registry Operations | |
| SHLWAPI.DLL!SHSkipJunction Checks if a bind context is safe for component binding to prevent recursive loops. System Information and Control | |
| OLEAUT32.DLL!VarR4FromR8 Converts a double to a float- indicating type conversion within memory operations. Memory Management | |
| USER32.DLL!ScrollDC Scrolls a rectangle of bits in a device context- impacting graphical output. System Information and Control | |
| COMCTL32.DLL!DPA_Grow Changes the number of pointers in a dynamic pointer array- which involves managing memory allocation. Memory Management | |
| SHLWAPI.DLL!SHAllocShared Allocates a handle for sharing a memory block between processes. Memory Management | |
| KERNEL32.DLL!WideCharToMultiByte Converts UTF-16 strings to multibyte character strings for encoding compatibility. Cryptographic Operations | |
| WS2_32.DLL!WSCEnumProtocols32 This function retrieves information about installed transport protocols- indicating network-related functionality. Network Operations | |
| SHLWAPI.DLL!SHSendMessageBroadcastA Sends messages to all top-level windows across the system for communication. System Information and Control | |
| GDI32FULL.DLL!GetTextFaceA Retrieves the typeface name of the selected font in a device context. System Information and Control | |
| WINDOWS.STORAGE.DLL!ILClone This function clones an ITEMIDLIST structure. It manipulates identifier data for file operations. File Operations | |
| WS2_32.DLL!GetAddrInfoW Resolves a host name to an address responding to DNS queries making it a key Network Operation. Network Operations | |
| SHLWAPI.DLL!StrFromTimeIntervalW Converts a time interval in milliseconds to a string format. System Information and Control | |
| ADVAPI32.DLL!SetNamedSecurityInfoA Modifies security information in the security descriptor of specified objects- like files or registry keys. Registry Operations | |
| RPCRT4.DLL!UuidToStringW Converts a UUID to a null-terminated string and allocates memory for it. Memory Management | |
| RPCRT4.DLL!RpcSmAllocate Allocates memory within the RPC environment- managing dynamic memory allocation. Memory Management | |
| WINMMBASE.DLL!waveOutSetPitch Sets the pitch for a waveform-audio output device- adjusting audio playback without affecting sample rates. Process and Thread Management | |
| KERNELBASE.DLL!ImpersonateSelf Obtains an access token for impersonating the calling process's security context- enabling privilege management. Process and Thread Management | |
| SHCORE.DLL!SHOpenRegStream2W Opens a registry value and provides a stream for reading or writing. Registry Operations | |
| KERNEL32.DLL!FindPackagesByPackageFamily Retrieves package information based on family name- focusing on app management. System Information and Control | |
| KERNEL32.DLL!IsValidLocaleName Validates if a specified locale name is supported on the operating system. System Information and Control | |
| GDI32FULL.DLL!ScriptItemizeOpenType Breaks a Unicode string into shapeable items for OpenType processing. System Information and Control | |
| SHLWAPI.DLL!SHRegWriteUSValueA This function writes a value to a user-specific registry subkey in HKEY_CURRENT_USER or HKEY_LOCAL_MACHINE. Registry Operations | |
| ITfMessagePump::PeekMessageA Retrieves messages from the message queue for the current thread's window- managing event handling. Process and Thread Management | |
| KERNEL32.DLL!GetNLSVersion Retrieves NLS capability version information for a specified locale- affecting locale-based operations. System Information and Control | |
| OLE32.DLL!ObjectStublessClient13 A stub function for COM proxies facilitating interface marshaling. DLL Injection and Manipulation | |
| OLEAUT32.DLL!VarUI1FromR4 Converts a float to an unsigned char- involving data type manipulation. Memory Management | |
| KERNEL32.DLL!TryAcquireSRWLockShared Acquires a slim reader/writer lock in shared mode for synchronization among threads. Process and Thread Management | |
| KERNEL32.DLL!EnumSystemLocalesA This function enumerates locale identifiers supported by the OS- related to internationalization. System Information and Control | |
| KERNEL32.DLL!SetProcessDynamicEnforcedCetCompatibleRanges Sets dynamic enforced CETCOMPAT ranges which affects how the process operates. Process and Thread Management | |
| SHELL32.DLL!SHPathPrepareForWriteA This function checks if a specified path exists and prepares it for writing operations. File Operations | |
| KERNEL32.DLL!EnumDateFormatsA Enumerates date formats for a specified locale- focusing on internationalization. System Information and Control | |
| SHLWAPI.DLL!PathIsSystemFolderA Determines if a folder has attributes that qualify it as a system folder. File Operations | |
| KERNEL32.DLL!AddAtomW Adds a string to the local atom table- returning a unique identifier. System Information and Control | |
| KERNEL32.DLL!UnregisterWait Cancels a registered wait operation- managing the lifecycle of wait objects. Process and Thread Management | |
| OLE32.DLL!NdrProxyForwardingFunction11 Stub function for COM proxies- facilitating communication between interfaces in a proxy DLL context. DLL Injection and Manipulation | |
| WS2_32.DLL!WSAGetQOSByName Initializes a QOS structure based on a named template or retrieves available template names. Network Operations | |
| USER32.DLL!WaitMessage Suspends the thread until a new message arrives in the message queue. Process and Thread Management | |
| KERNELBASE.DLL!AdjustTokenGroups Enables or disables groups in an access token- requiring specific permissions. System Information and Control | |
| GDI32FULL.DLL!AddFontResourceExA This function adds a font resource from a file to the system for local use. File Operations | |
| RPCRT4.DLL!RpcServerUseAllProtseqs This function enables the use of all supported protocols for remote procedure calls. Network Operations | |
| ADVAPI32.DLL!RegDeleteKeyTransactedW Deletes a registry subkey and its values as a transacted operation. Registry Operations | |
| SHCORE.DLL!SHSetValueA This function sets the value of a registry key. Registry Operations | |
| USER32.DLL!GetPointerDeviceCursors Retrieves information about cursor IDs mapped to pointers- related to input devices. System Information and Control | |
| KERNEL32.DLL!CheckRemoteDebuggerPresent Determines if a process is being debugged- indicating active process control. Process and Thread Management | |
| ADVAPI32.DLL!PerfCloseQueryHandle Closes a performance query handle opened by PerfOpenQueryHandle. System Information and Control | |
| WS2_32.DLL!WSCSetProviderInfo Sets information class data for a layered service provider- affecting its behavior in network operations. Network Operations | |
| SHCORE.DLL!SHRegGetPathW This function retrieves file paths from the registry- indicating registry access for file operations. Registry Operations | |
| OLE32.DLL!OleCreateDefaultHandler Creates a new instance of the default embedding handler for local server initialization. DLL Injection and Manipulation | |
| OLEAUT32.DLL!VarUI2FromUI1 Converts an unsigned char to an unsigned short- related to data type conversion. Memory Management | |
| KERNEL32.DLL!RegEnumKeyExA Enumerates subkeys of a specified open registry key- thus interacting with the Windows registry. Registry Operations | |
| RPCRT4.DLL!NdrComplexStructBufferSize This function calculates buffer sizes for complex structures used in RPC- indicating usage in memory manipulation. Memory Management | |
| KERNEL32.DLL!LCMapStringW Maps input character strings or generates sort keys for specified locales. System Information and Control | |
| KERNEL32.DLL!RemoveDirectoryA Deletes an existing empty directory- requiring delete access for the specified directory path. File Operations | |
| KERNEL32.DLL!GetVolumePathNameA Retrieves the volume mount point for a specified file path. File Operations | |
| OLEAUT32.DLL!VarI8FromUI4 Converts an unsigned long to an 8-byte integer- related to data type manipulation. Memory Management | |
| RPCRT4.DLL!RpcMgmtEpEltInqNextW This function retrieves elements from an endpoint map- facilitating remote procedure call (RPC) management. Network Operations | |
| KERNEL32.DLL!BeginUpdateResourceA Retrieves a handle for updating resources in a binary module. File Operations | |
| KERNEL32.DLL!UnregisterApplicationRecoveryCallback Removes an application's instance from the recovery list- affecting recovery mechanisms. System Information and Control | |
| USER32.DLL!MapDialogRect Converts dialog box units to screen pixels- affecting layout and positioning within dialog boxes. System Information and Control | |
| SHLWAPI.DLL!StrRetToStrW Converts a STRRET structure to an allocated string containing the display name. Memory Management | |
| KERNEL32.DLL!GetFileAttributesA Retrieves file system attributes for a specified file or directory. File Operations | |
| ADVAPI32.DLL!GetManagedApplications Retrieves a list of applications for Add/Remove Programs in a user context. System Information and Control | |
| OLE32.DLL!CoRevokeInitializeSpy Revokes a registered implementation of the IInitializeSpy interface for COM object initialization tracking. Process and Thread Management | |
| KERNELBASE.DLL!InitializeSecurityDescriptor Initializes a new security descriptor for access control in Windows security management. Registry Operations | |
| RPCRT4.DLL!RpcErrorStartEnumeration Initiates enumeration of extended error information related to RPC errors. System Information and Control | |
| ADVAPI32.DLL!AuditSetGlobalSaclA Sets a global System Access Control List (SACL) for audit messages- impacting security and access control. Registry Operations | |
| GDI32FULL.DLL!FloodFill Fills an area of the display surface with the current brush based on color parameters. System Information and Control | |
| OLEAUT32.DLL!BSTR_UserUnmarshal Unmarshals a BSTR object from an RPC buffer- involving memory handling for data transmission. Memory Management | |
| KERNEL32.DLL!WriteProfileSectionA Replaces contents in Win.ini with specified keys/values- effectively modifying file data. File Operations | |
| GDI32FULL.DLL!SetMapMode Configures the mapping mode of a device context- affecting graphical rendering units. System Information and Control | |
| USER32.DLL!SetMenuItemInfoA Modifies properties of a specified menu item in a menu. System Information and Control | |
| KERNEL32.DLL!WaitForThreadpoolIoCallbacks Waits for I/O completion callbacks- relevant in managing I/O operations in multithreaded environments. Process and Thread Management | |
| KERNEL32.DLL!SetProcessShutdownParameters Sets shutdown order and parameters for the calling process during system shutdown sequences. Process and Thread Management | |
| KERNELBASE.DLL!GetSecurityDescriptorRMControl Retrieves resource manager control bits from a SECURITY_DESCRIPTOR structure. Registry Operations | |
| OLE32.DLL!CoGetInterfaceAndReleaseStream Unmarshals a buffer containing an interface pointer and manages its release between threads. Process and Thread Management | |
| KERNEL32.DLL!OOBEComplete This function checks if the Windows Out-Of-Box Experience (OOBE) is completed- relating to system state. System Information and Control | |
| USER32.DLL!DefMDIChildProcA This function processes window messages for MDI child windows- handling specific message types. System Information and Control | |
| SHLWAPI.DLL!StrRChrW Searches for the last occurrence of a character in a string. System Information and Control | |
| KERNEL32.DLL!GetExitCodeProcess Retrieves the termination status of a specified process- indicating process management oversight. Process and Thread Management | |
| KERNEL32.DLL!AddRefActCtx Increments the reference count of an activation context to manage access by multiple clients. System Information and Control | |
| USER32.DLL!DrawFocusRect Draws a rectangle to indicate focus- related to user interface graphics. System Information and Control | |
| RPCRT4.DLL!NdrContextHandleSize This function determines the size of an RPC context handle- related to memory management in RPC. Memory Management | |
| SECHOST.DLL!LsaEnumerateAccountsWithUserRight Enumerates accounts with a specific privilege in the LSA database- accessing security policy information. System Information and Control | |
| USER32.DLL!CharPrevA Retrieves the pointer to the preceding character in a string- managing character encoding. Memory Management | |
| OLE32.DLL!NdrProxyForwardingFunction26 This function serves COM proxies for interface marshaling in RPC- related to system communication processes. Process and Thread Management | |
| KERNELBASE.DLL!CreatePrivateObjectSecurityEx Allocates and initializes a security descriptor for a new object- related to object access control. Registry Operations | |
| USER32.DLL!InitializeTouchInjection Configures touch injection context for an application to control touch input simulation. Process and Thread Management | |
| SHLWAPI.DLL!wvnsprintfA Formats a string using a list of arguments; related to output management rather than direct file or memory operations. System Information and Control | |
| USER32.DLL!CloseWindow Minimizes the specified window without destroying it. Process and Thread Management | |
| SHELL32.DLL!PathResolve Converts a relative path to a fully qualified path name- involving file path resolution. File Operations | |
| OLEAUT32.DLL!VarI8FromUI2 Converts an unsigned short to an 8-byte integer. Memory Management | |
| KERNEL32.DLL!GlobalAddAtomExW Adds a string to the global atom table- returns a unique identifier. System Information and Control | |
| KERNEL32.DLL!VerLanguageNameA Retrieves a language description string based on a binary language identifier- relevant to system localization efforts. System Information and Control | |
| SHLWAPI.DLL!PathIsUNCServerShareW Validates if a string conforms to a UNC share path format. File Operations | |
| KERNEL32.DLL!ZombifyActCtx Deactivates a specified activation context without deallocating it- relevant for managing program contexts. Process and Thread Management | |
| SHELL32.DLL!SHDoDragDrop Executes drag-and-drop operations- handling data transfer and effects between different sources. File Operations | |
| OLEAUT32.DLL!VarI1FromUI8 Converts an 8-byte unsigned integer to a char value- but does not involve file or network operations. Memory Management | |
| SHELL32.DLL!DragQueryFileA Retrieves names of files from a drop operation- indicating file operation capabilities. File Operations | |
| GDI32FULL.DLL!DescribePixelFormat This function retrieves pixel format information for a device context- setting its descriptor structure. System Information and Control | |
| KERNEL32.DLL!Module32NextW Retrieves information about the next module associated with a process or thread. Process and Thread Management | |
| KERNEL32.DLL!SetWaitableTimerEx Activates a waitable timer- allowing for scheduled execution in a thread as per specified timing parameters. Process and Thread Management | |
| SHELL32.DLL!ILCreateFromPathA Retrieves the ITEMIDLIST structure associated with a specified file path. File Operations | |
| KERNEL32.DLL!ExitThread Ends the calling thread- ensuring proper termination of thread resources. Process and Thread Management | |
| SHLWAPI.DLL!StrToIntW Converts a string representation of a decimal value to an integer. System Information and Control | |
| KERNEL32.DLL!TlsFree Releases a thread local storage (TLS) index for reuse- impacting thread management. Process and Thread Management | |
| KERNEL32.DLL!GetDateFormatW Formats a date string based on a specified locale identifier. System Information and Control | |
| KERNELBASE.DLL!PerfDeleteInstance This function deletes performance counter instances- managing system performance data effectively. System Information and Control | |
| KERNEL32.DLL!GlobalFindAtomW Retrieves a global atom associated with a specified character string from the global atom table. System Information and Control | |
| KERNEL32.DLL!SetThreadDescription This function assigns a description to a thread- impacting management of thread-related information. Process and Thread Management | |
| USER32.DLL!RegisterClassW Registers a window class to be used in window creation functions. Process and Thread Management | |
| OLEAUT32.DLL!VarCyFromStr Converts an OLECHAR string to a currency value- involving data manipulation and conversion. Memory Management | |
| USER32.DLL!RegisterClassExA Registers a window class for user interface elements which is crucial for creating windows. System Information and Control | |
| KERNEL32.DLL!GetNumaProximityNodeEx Retrieves the NUMA node number for a given proximity identifier- relating to system memory management. System Information and Control | |
| RPCRT4.DLL!RpcBindingInqAuthClientW Retrieves authenticated client's principal name and authorization attributes in remote procedure calls. Network Operations | |
| KERNEL32.DLL!CreateIoRing Creates an I/O ring for submission/completion queues- handling I/O operations efficiently. File Operations | |
| OLEAUT32.DLL!VarR8Round This function rounds a variant double to specified decimal places- dealing primarily with data processing. Memory Management | |
| KERNELBASE.DLL!CreatePrivateObjectSecurityWithMultipleInheritance Allocates and initializes a security descriptor for a private object- controlling access and inheritance. Registry Operations | |
| KERNEL32.DLL!CopyContext Copies data from one context structure to another- managing processor context details. Process and Thread Management | |
| GDI32FULL.DLL!GetTextFaceW Retrieves the typeface name from a device context for font rendering purposes. System Information and Control | |
| GDI32FULL.DLL!EnumFontsA Enumerates fonts available on a specified device- retrieving information for each font. System Information and Control | |
| USER32.DLL!GetRegisteredRawInputDevices Retrieves information about raw input devices- thus managing device inputs for the current application. System Information and Control | |
| OLEAUT32.DLL!VarUI4FromI1 Converts a char to an unsigned long- relates to variable type conversion. Memory Management | |
| SHELL32.DLL!Shell_GetImageLists Retrieves system image lists for large and small icons- impacting the display of files. System Information and Control | |
| KERNEL32.DLL!SetThreadIdealProcessorEx Sets the ideal processor for a specified thread- influencing how threads are scheduled. Process and Thread Management | |
| SHELL32.DLL!SHCloneSpecialIDList Retrieves a pointer to an ITEMIDLIST structure for a special folder- optionally creating it. File Operations | |
| KERNEL32.DLL!GetDriveTypeA Determines the type of disk drive (removable- fixed- etc.) based on its path. File Operations | |
| SECHOST.DLL!RegisterServiceCtrlHandlerW Registers a control handler for a service to respond to control requests. Process and Thread Management | |
| KERNELBASE.DLL!GetWindowsAccountDomainSid This function retrieves a domain SID from a given security identifier (SID). Registry Operations | |
| KERNEL32.DLL!GetSystemPowerStatus Retrieves the system's power status including battery details and AC/DC status. System Information and Control | |
| USER32.DLL!CharLowerBuffW Converts uppercase characters to lowercase in a specified buffer- modifying content in place. Memory Management | |
| GDI32.DLL!ExtCreateRegion This function creates a graphical region using specified transformation and region data- relating to graphics handling. System Information and Control | |
| RPCRT4.DLL!RpcErrorLoadErrorInfo Converts a BLOB from RpcErrorSaveErrorInfo into extended error information. System Information and Control | |
| OLEAUT32.DLL!VarUI4FromR8 Converts a double to an unsigned long value during data manipulation. Memory Management | |
| OLEAUT32.DLL!SystemTimeToVariantTime Converts a system time structure into a VARIANT time representation for easier manipulation. System Information and Control | |
| USER32.DLL!DdeAddData This function adds data to a DDE object- manipulating its content directly. Memory Management | |
| KERNEL32.DLL!Beep Generates sound tones using system speaker; performs an alertable wait and does not return until the sound finishes. System Information and Control | |
| KERNEL32.DLL!GetPriorityClass Retrieves the priority class of a specified process- influencing thread scheduling. Process and Thread Management | |
| USER32.DLL!RegisterClassA Registers a window class for creating windows- pivotal for GUI operations. Process and Thread Management | |
| USER32.DLL!GetSystemMenu Accesses and modifies the window's system menu- enabling GUI menu operations. System Information and Control | |
| ADVAPI32.DLL!ConvertSecurityDescriptorToStringSecurityDescriptorA Converts a security descriptor into a string format for storage or transmission. System Information and Control | |
| WINMMBASE.DLL!mixerGetDevCapsA Queries a specified mixer device to determine its capabilities. System Information and Control | |
| OLEAUT32.DLL!VarBstrFromUI2 Converts an unsigned short value to a BSTR value for data manipulation. Memory Management | |
| RPCRT4.DLL!NdrComplexArrayUnmarshall Unmarshals data from a network buffer into memory- indicating network communication and memory manipulation. Memory Management | |
| KERNEL32.DLL!DeleteFileTransactedA Deletes an existing file within a transaction- allowing for controlled file operations. File Operations | |
| COMCTL32.DLL!ImageList_AddIcon Adds an icon or cursor to an image list for UI management. System Information and Control | |
| RPCRT4.DLL!RpcBindingInqAuthClientExW Retrieves information about the client of a remote procedure call- including authentication details. Network Operations | |
| SHCORE.DLL!GetCurrentProcessExplicitAppUserModelID Retrieves the explicit Application User Model ID for the current process to manage application identity. System Information and Control | |
| KERNEL32.DLL!EnumResourceNamesExA Enumerates resources of a specified type associated with a binary module. System Information and Control | |
| GDI32FULL.DLL!ScriptStringGetOrder Maps character positions to glyph positions- relevant for text rendering. System Information and Control | |
| SHLWAPI.DLL!PathQuoteSpacesW Encloses a path in quotes if it contains spaces for proper path handling. File Operations | |
| SHLWAPI.DLL!wnsprintfW Formats a string using a variable-length argument list- primarily for generating output strings. Memory Management | |
| SECHOST.DLL!AuditFree This function frees memory allocated for audit functions- thus categorized under Memory Management. Memory Management | |
| SHCORE.DLL!SHGetValueA This function retrieves a value from the Windows registry. Registry Operations | |
| KERNELBASE.DLL!CreatePrivateObjectSecurity Initializes a security descriptor for a new private object. Relates to access control and security. Registry Operations | |
| COMCTL32.DLL!FlatSB_SetScrollPos Adjusts the position of a flat scroll bar- affecting user interface behavior. System Information and Control | |
| WINMMBASE.DLL!mixerGetNumDevs Retrieves the number of audio mixer devices in the system. System Information and Control | |
| USER32.DLL!CreateMenu Creates an empty menu that can be populated- involving resource management. System Information and Control | |
| OLE32.DLL!HACCEL_UserFree Frees resources associated with RPC calls- managing memory allocation and deallocation. Memory Management | |
| KERNELBASE.DLL!ObjectDeleteAuditAlarmW Generates audit messages upon object deletion; related to security operations. System Information and Control | |
| SHLWAPI.DLL!PathUnmakeSystemFolderA Removes system folder attributes from an existing folder in the file system. File Operations | |
| GDI32FULL.DLL!GetSystemPaletteEntries Retrieves entries from the system palette associated with a specified device context. System Information and Control | |
| USER32.DLL!IsCharUpperA Determines if a character is uppercase based on user language settings. System Information and Control | |
| NTDLL.DLL!RtlEthernetStringToAddressA Converts a string representation of an Ethernet MAC address to binary format. Network Operations | |
| NTDLL.DLL!RtlIpv6AddressToStringA Converts an IPv6 address to a string format for networking. Network Operations | |
| WMI.DLL!UnregisterTraceGuids Unregisters an ETW event trace provider- managing event tracing registrations. System Information and Control | |
| KERNEL32.DLL!DisconnectNamedPipe Disconnects the server end of a named pipe instance from a client process- managing inter-process communication. Network Operations | |
| KERNEL32.DLL!RegCreateKeyExW Creates or opens a specified registry key- allowing for registry modifications. Registry Operations | |
| SHLWAPI.DLL!wvnsprintfW Formats a string using a list of arguments- returning the result as a formatted string. Memory Management | |
| COMCTL32.DLL!DPA_Sort Sorts items in a Dynamic Pointer Array- manipulating data structure organization. Memory Management | |
| RPCRT4.DLL!RpcBindingInqObject This function retrieves the UUID associated with a binding handle- facilitating remote procedure calls. Network Operations | |
| KERNEL32.DLL!ReleaseSemaphore Increases the count of a semaphore object- managing access to shared resources among threads. Process and Thread Management | |
| USER32.DLL!ValidateRgn Validates the client area of a window by modifying its update region. System Information and Control | |
| OLEAUT32.DLL!VarI1FromStr Converts OLECHAR strings to char values- involving type conversion and locale handling. Cryptographic Operations | |
| KERNEL32.DLL!WaitForMultipleObjectsEx Waits for multiple objects to be signaled; involved in thread synchronization efforts. Process and Thread Management | |
| KERNEL32.DLL!InterlockedFlushSList Removes items from a singly linked list with synchronized access in a multiprocessor system. Memory Management | |
| KERNEL32.DLL!SetInformationJobObject Adjusts attributes and limitations for a job object in process management. Process and Thread Management | |
| KERNEL32.DLL!BeginUpdateResourceW Retrieves a handle for adding- deleting- or replacing resources in a binary module. File Operations | |
| USER32.DLL!GetClassLongA Retrieves a 32-bit value from the WNDCLASSEX structure for a specified window handle. System Information and Control | |
| USER32.DLL!MsgWaitForMultipleObjectsEx Waits for specified objects to be signaled or input events to occur. Process and Thread Management | |
| KERNEL32.DLL!AcquireSRWLockExclusive Acquires a slim reader/writer lock in exclusive mode- facilitating synchronization in multi-threaded applications. Process and Thread Management | |
| KERNEL32.DLL!GetFileMUIInfo Retrieves resource-related information about a file- including type and language of resources. File Operations | |
| WS2_32.DLL!WSAGetServiceClassInfoW Retrieves service class information from a specified namespace provider for network service classification and management. Network Operations | |
| KERNEL32.DLL!VerifyVersionInfoA Compares OS version requirements with the current system version- thus providing system information and control. System Information and Control | |
| WINMMBASE.DLL!mmioRead This function reads bytes from an opened file- indicating it performs file operations. File Operations | |
| OLE32.DLL!CoGetInstanceFromIStorage Initializes a COM object from a storage object- requiring file access for loading. File Operations | |
| OLE32.DLL!HGLOBAL_UserSize Calculates the size and data of an HGLOBAL object for wire transfer in RPC. Memory Management | |
| OLE32.DLL!HDC_UserSize This function calculates the size of the HDC object for remote procedure calls (RPC)- focusing on serialization. Memory Management | |
| SHLWAPI.DLL!PathIsFileSpecA Checks for path-delimiting characters in a string- confirming it as a file specification. File Operations | |
| WS2_32.DLL!WSCWriteNameSpaceOrder32 Changes the order of Winsock 2 namespace providers in a catalog- impacting name resolution priority. Registry Operations | |
| KERNEL32.DLL!ReadDirectoryChangesExW Monitors directory changes and retrieves notifications about file and directory modifications. File Operations | |
| USER32.DLL!MoveWindow Changes the position and dimensions of a specified window on the screen. Process and Thread Management | |
| SHCORE.DLL!SHQueryValueExW Queries a specific value in a registry key. Registry Operations | |
| OLEAUT32.DLL!VarDateFromI1 Converts a char value to a date value- not directly involved in file or network operations. Memory Management | |
| SHLWAPI.DLL!UrlGetLocationA Retrieves a location segment from a URL- indicating it handles data from network resources. Network Operations | |
| KERNEL32.DLL!CreateTimerQueueTimer This function creates a timer-queue timer that calls a specified callback function upon expiration. Process and Thread Management | |
| RPCRT4.DLL!RpcServerUseAllProtseqsEx Registers all supported protocol sequences for receiving remote procedure calls via RPC runtime library. Network Operations | |
| KERNEL32.DLL!IsProcessCritical Determines if a process is critical- affecting process and thread management. Process and Thread Management | |
| KERNELBASE.DLL!SHCoCreateInstance Creates COM objects implemented in Shell32.dll- facilitating component interaction. DLL Injection and Manipulation | |
| KERNEL32.DLL!FindFirstChangeNotificationA Creates a notification handle for tracking changes in a specified directory. File Operations | |
| OLEAUT32.DLL!VarXor Performs logical exclusion on two variants- facilitating variant data operations. Memory Management | |
| GDI32FULL.DLL!GetArcDirection Retrieves the current arc direction for a device context; used in graphical operations. System Information and Control | |
| KERNEL32.DLL!RegLoadKeyA Loads a registry hive into a subkey under HKEY_USERS or HKEY_LOCAL_MACHINE. Registry Operations | |
| WS2_32.DLL!WSASendMsg Sends data and control information through connected or unconnected sockets. Involves network operations for data transmission. Network Operations | |
| OLE32.DLL!CoSetCancelObject Registers or unregisters a cancel object for managing cancel operations in the current thread. Process and Thread Management | |
| ADVAPI32.DLL!TreeSetNamedSecurityInfoA Updates security information for a specified tree of objects- affecting files and registry keys. Registry Operations | |
| KERNEL32.DLL!LZInit Allocates memory for decompressing files and initializes data structures. It works with file handles. Memory Management | |
| ADVAPI32.DLL!OperationStart Notifies the system of an upcoming operation- primarily related to file access tracking for optimization. File Operations | |
| KERNEL32.DLL!EnumSystemCodePagesW This function enumerates code pages installed or supported by the OS- handling locale-specific data. System Information and Control | |
| COMCTL32.DLL!InitCommonControlsEx Loads common control classes from a dynamic-link library for user interface elements. DLL Injection and Manipulation | |
| WINDOWS.STORAGE.DLL!SHChangeNotification_Lock Locks shared memory for Shell change notifications- allowing controlled access to data changes. Memory Management | |
| RPCRT4.DLL!NdrStubForwardingFunction This function forwards calls to server-side object methods in DCOM interfaces- facilitating remote procedure calls. Network Operations | |
| KERNEL32.DLL!WriteTapemark Writes filemarks and setmarks to a tape device- managing tape partitions. File Operations | |
| OLEAUT32.DLL!HWND_UserSize64 This function manages the size of window handles- relating to memory allocation and management. Memory Management | |
| USER32.DLL!CopyAcceleratorTableA Copies accelerator table data or determines its size based on a handle. Memory Management | |
| USER32.DLL!GetForegroundWindow Retrieves a handle to the active window being used by the user. System Information and Control | |
| KERNEL32.DLL!SetStdHandleEx Sets the handle for input- output- or error streams- controlling process I/O behavior. Process and Thread Management | |
| USER32.DLL!UnregisterPowerSettingNotification This function unregisters a power setting notification- indicating it deals with system settings. System Information and Control | |
| KERNEL32.DLL!IsThreadAFiber This function checks if the current thread is a fiber- thus it categorizes under Thread Management. Process and Thread Management | |
| KERNEL32.DLL!lstrlenA This function measures the length of a string- indicating string manipulation capabilities. Memory Management | |
| OLE32.DLL!NdrProxyForwardingFunction23 This function is used for COM proxy implementation- primarily related to marshaling data across process boundaries. Process and Thread Management | |
| CRYPTSP.DLL!CryptEnumProviderTypesA Enumerates cryptographic service provider types available on the computer. Cryptographic Operations | |
| GDI32FULL.DLL!LineTo This function draws a line in a device context- which involves graphical rendering. System Information and Control | |
| KERNELBASE.DLL!ObjectOpenAuditAlarmW Generates audit messages for access attempts to objects- relevant for security monitoring. System Information and Control | |
| KERNELBASE.DLL!GetPrivateObjectSecurity Retrieves information from a private object's security descriptor- influencing access control. Registry Operations | |
| RPCRT4.DLL!NdrUserMarshalMarshall This function marshals data for RPC- indicating its role in data communication rather than direct file or memory handling. Network Operations | |
| USER32.DLL!ArrangeIconicWindows Arranges minimized child windows of a specified parent window. System Information and Control | |
| SHCORE.DLL!SHCreateThread This function creates a new thread in the calling process. Process and Thread Management | |
| SECHOST.DLL!CredReadA Reads a credential from the user's credential set associated with the logon session. Registry Operations | |
| KERNEL32.DLL!SetThreadIdealProcessor This function sets a preferred processor for scheduling threads. Process and Thread Management | |
| RPCRT4.DLL!RpcServerUseAllProtseqsIf Configures RPC to use multiple protocol sequences for handling remote procedure calls. Network Operations | |
| WS2_32.DLL!WSCInstallNameSpace32 Installs a 32-bit Winsock namespace provider for network operations compatibility on 64-bit systems. Network Operations | |
| RPCRT4.DLL!RpcServerRegisterIf2 Registers an interface with the RPC run-time library- enabling network communication. Network Operations | |
| USER32.DLL!SetForegroundWindow Activates a specified window and brings its thread to the foreground for user interaction. Process and Thread Management | |
| SECHOST.DLL!QueryServiceConfigW Retrieves configuration parameters of a specified service- which can include information stored in the registry. Registry Operations | |
| GDI32FULL.DLL!ChoosePixelFormat Matches pixel format specifications to those supported by a device context for graphics rendering. System Information and Control | |
| RPCRT4.DLL!NdrAsyncClientCall This function facilitates remote procedure calls asynchronously- indicating network communication is involved. Network Operations | |
| KERNEL32.DLL!FindAtomA Searches for a string in the local atom table and retrieves the associated atom identifier. System Information and Control | |
| ADVAPI32.DLL!MSChapSrvChangePassword2 Changes a user's password while supporting mutual encryption for security. Cryptographic Operations | |
| GDI32FULL.DLL!EngCreateBitmap This function creates and manages a bitmap for graphical display. Memory Management | |
| OLE32.DLL!CoCreateInstanceEx Creates an instance of a specific COM class on a local or remote computer. Process and Thread Management | |
| SECHOST.DLL!NotifyServiceStatusChangeA Receives notifications about service status changes or actions- categorizing it under system information and control. System Information and Control | |
| SHLWAPI.DLL!SHRegDeleteEmptyUSKeyW This function deletes an empty user-specific registry subkey. Registry Operations | |
| SECHOST.DLL!EnumDependentServicesW Retrieves dependent service names and statuses based on specified service state. System Information and Control | |
| KERNELBASE.DLL!GetSecurityDescriptorSacl Retrieves a pointer to the system access control list (SACL) in a specified security descriptor. Security Operations | |
| WKSPBROKERAX.DLL!DllInstall Manages DLL installation and setup- potentially modifying the registry. Registry Operations | |
| OLEAUT32.DLL!OaEnablePerUserTLibRegistration Enables the RegisterTypeLib function to override registry mappings- affecting per-user registry access. Registry Operations | |
| USER32.DLL!LogicalToPhysicalPointForPerMonitorDPI Converts logical coordinates to physical ones considering DPI awareness for accurate window positioning. System Information and Control | |
| OLEAUT32.DLL!VarCySub This function performs arithmetic on currency variants- indicating it handles data types rather than file or network tasks. Memory Management | |
| SECHOST.DLL!SetServiceObjectSecurity Sets security descriptor for a service object- adjusting access controls and privileges. Registry Operations | |
| ADVAPI32.DLL!RegSaveKeyW Saves a specified registry key and its subkeys to a file- thus performing registry backup. Registry Operations | |
| GDI32.DLL!EngPlgBlt EngPlgBlt performs a rotate bit-block transfer in graphics operations. File Operations | |
| WSOCK32.DLL!getservbyname Retrieves service information based on a service name and protocol- essential for network operations. Network Operations | |
| KERNEL32.DLL!GetProcessPreferredUILanguages Retrieves the preferred UI languages for the current process- related to internationalization. System Information and Control | |
| OLEAUT32.DLL!VarR8FromI2 Converts short values to double- facilitating type conversion operations. Memory Management | |
| OLE32.DLL!CoRegisterSurrogate Registers a surrogate process via ISurrogate interface- involved in process management. Process and Thread Management | |
| KERNELBASE.DLL!RegSetKeyValueA Sets data for a specified value in a registry key and subkey. Registry Operations | |
| GDI32FULL.DLL!CreateBitmapIndirect Creates a bitmap with specified dimensions; relates to graphical asset management. Memory Management | |
| USER32.DLL!RegisterShellHookWindow Registers a window to receive shell-related messages for event notifications. Hooking and Interception | |
| KERNEL32.DLL!OpenProcessToken Opens the access token associated with a specified process for permission management. Process and Thread Management | |
| KERNELBASE.DLL!ObjectPrivilegeAuditAlarmW Logs audit messages for privilege access attempts in the security event log. System Information and Control | |
| USER32.DLL!WaitForInputIdle Blocks until a process is idle or a timeout occurs. Process and Thread Management | |
| KERNEL32.DLL!IsProcessorFeaturePresent Checks if a specific processor feature is supported on the current computer. System Information and Control | |
| KERNEL32.DLL!WerRegisterMemoryBlock Registers a memory block for Windows Error Reporting to include in crash dump files. Memory Management | |
| KERNEL32.DLL!GetVolumeInformationA Retrieves file system and volume information for the specified root directory- indicating file and volume properties. File Operations | |
| USER32.DLL!GetWindowInfo Retrieves information about a specified window- enabling interactions with window properties. System Information and Control | |
| OLE32.DLL!StgOpenAsyncDocfileOnIFillLockBytes Opens an asynchronous storage object using a byte-array wrapper for file storage operations. File Operations | |
| MSIHND.DLL!DllRegisterServer Instructs the server to create registry entries for supported classes- affecting registry settings. Registry Operations | |
| WINMMBASE.DLL!mixerOpen Opens a specified mixer device- ensuring it remains active until the handle is closed. DLL Injection and Manipulation | |
| KERNEL32.DLL!BuildIoRingRegisterFileHandles Registers file handles for I/O ring operations- facilitating efficient I/O completion management. File Operations | |
| WS2_32.DLL!WSAHtons Converts a 16-bit number from host byte order to network byte order for socket communication. Network Operations | |
| USER32.DLL!DdeKeepStringHandle This function manages the usage count of string handles in Dynamic Data Exchange. Memory Management | |
| KERNEL32.DLL!QueryPerformanceFrequency Retrieves the frequency of the performance counter for timing operations. System Information and Control | |
| WS2_32.DLL!WSASocketW Creates a socket bound to a specific transport-service provider for network communication. Network Operations | |
| KERNEL32.DLL!CloseThreadpoolWait Releases a specified wait object associated with thread pool management. Process and Thread Management | |
| GDI32.DLL!EngTextOut Renders glyphs on a surface using specific parameters for positions and pixel operations. Process and Thread Management | |
| USER32.DLL!CharToOemBuffA Converts characters from a standard string to an OEM-defined set- related to string handling. File Operations | |
| USER32.DLL!OemKeyScan Maps OEMASCII codes to OEM scan codes; simulates keyboard input for OEM text. Hooking and Interception | |
| USER32.DLL!SetClassLongW Modifies properties of a window class- affecting its behavior and characteristics. DLL Injection and Manipulation | |
| WINMMBASE.DLL!midiInUnprepareHeader Cleans up MIDI header preparation for audio data buffers. Memory Management | |
| KERNELBASE.DLL!DestroyPrivateObjectSecurity Deletes a private object's security descriptor- impacting access control settings. System Information and Control | |
| OLE32.DLL!StgOpenStorageOnILockBytes This function opens a storage object using a byte array instead of a disk file. File Operations | |
| GDI32FULL.DLL!EngCreateSemaphore Creates a semaphore object used for synchronizing access to resources. Process and Thread Management | |
| USER32.DLL!PostQuitMessage Signals a thread to terminate by posting a WM_QUIT message- managing process behavior. Process and Thread Management | |
| SHLWAPI.DLL!StrRChrIA Searches for the last occurrence of a character in a string- demonstrating string handling. File Operations | |
| USER32.DLL!GetPointerCursorId Retrieves the cursor identifier for a specified pointer- dealing with input devices. System Information and Control | |
| ADVAPI32.DLL!RegisterEventSourceA This function retrieves a handle for event log registration- making it related to system event management. System Information and Control | |
| KERNELBASE.DLL!SetSecurityDescriptorDacl Modifies a discretionary access control list (DACL) within a security descriptor- impacting access permissions. Registry Operations | |
| NTDLL.DLL!RtlIpv6StringToAddressW Converts a string representation of an IPv6 address to a binary IPv6 address. Network Operations | |
| GDI32FULL.DLL!GetColorAdjustment Retrieves color adjustment values for a specified device context- manipulating graphical display settings. System Information and Control | |
| KERNEL32.DLL!GetModuleHandleA Retrieves a handle for a loaded module- facilitating DLL operations. DLL Injection and Manipulation | |
| USER32.DLL!VkKeyScanA Translates a character to a virtual-key code for the current keyboard- affecting input handling. Hooking and Interception | |
| GDI32.DLL!OffsetRgn Moves a graphical region by specified offsets- manipulating its position. DLL Injection and Manipulation | |
| USER32.DLL!SetProcessDefaultLayout Changes the default window layout for the current process specializing in text directions. System Information and Control | |
| SECHOST.DLL!LsaQueryInformationPolicy Retrieves information about a Policy object- including domain and auditing data. System Information and Control | |
| USER32.DLL!CreatePopupMenu This function creates a menu for user interface operations but does not manage files- threads- or memory. System Information and Control | |
| ADVAPI32.DLL!RegOpenKeyA Opens a specified registry key in the Windows registry. Registry Operations | |
| SHLWAPI.DLL!StrPBrkW Searches a string for a character in a specified buffer- focusing on string manipulation. File Operations | |
| KERNEL32.DLL!SetProcessDynamicEHContinuationTargets Sets dynamic exception handling targets for process execution context management. Process and Thread Management | |
| OLE32.DLL!OleCreateEmbeddingHelper Creates an OLE embedding helper object to manage OLE object interactions. Process and Thread Management | |
| GDI32FULL.DLL!GetEnhMetaFilePixelFormat This function retrieves pixel format information for an enhanced metafile- relating to graphical data representations. System Information and Control | |
| RPCRT4.DLL!NdrPointerBufferSize Computes needed buffer size for pointers- essential for managing memory in RPC operations. Memory Management | |
| KERNELBASE.DLL!CheckTokenMembership Determines if a specified SID is enabled in an access token for security checks. System Information and Control | |
| KERNEL32.DLL!CreateDirectoryTransactedW Creates a new directory as part of a transaction- involving file operations. File Operations | |
| WINMMBASE.DLL!mmTaskSignal The function is deprecated and pertains to multimedia task signaling. Process and Thread Management | |
| SHLWAPI.DLL!StrIsIntlEqualW Compares two strings for equality- determining if they match based on specified character count. System Information and Control | |
| KERNEL32.DLL!HeapDestroy Releases and invalidates a heap object- managing memory allocation. Memory Management | |
| GDI32FULL.DLL!ScriptGetFontFeatureTags Retrieves typographic feature tags from a font in a device context for OpenType processing. System Information and Control | |
| USER32.DLL!EvaluateProximityToPolygon Evaluates the touch target of polygons based on input parameters and returns an adjusted point. System Information and Control | |
| GDI32.DLL!ExtEscape Allows applications to access printer capabilities- enabling advanced printing operations. System Information and Control | |
| SHCORE.DLL!IStream_Read Reads bytes from a specified stream- indicating successful read operations. File Operations | |
| OLE32.DLL!CLIPFORMAT_UserSize64 Calculates wire size- handle- and data for CLIPFORMAT object; involves data manipulation for remote procedure calls. Memory Management | |
| USER32.DLL!GetWindowDisplayAffinity Retrieves display affinity setting for a window from any process- related to window content protection. System Information and Control | |
| OLEAUT32.DLL!VarBstrFromBool Converts a Boolean value to a BSTR value- relating to data type manipulation. Memory Management | |
| RPCRT4.DLL!RpcServerInterfaceGroupDeactivate Used to unregister interfaces and endpoints from RPC- managing client activity during shutdown. System Information and Control | |
| GDI32FULL.DLL!CreateRoundRectRgn Creates a rectangular region with rounded corners- which is a graphical operation. System Information and Control | |
| USER32.DLL!SetWindowLongA Changes attributes of a window- including subclassing or messaging- affecting window properties. DLL Injection and Manipulation | |
| WINMMBASE.DLL!waveInUnprepareHeader Cleans up preparation of buffers used for audio input from hardware. Memory Management | |
| OLE32.DLL!PropVariantCopy This function creates a copy of a PROPVARIANT structure- dealing with structured data operations. Memory Management | |
| KERNEL32.DLL!FindStringOrdinal This function performs a non-linguistic comparison to locate one Unicode string in another. System Information and Control | |
| OLE32.DLL!CoGetCancelObject Retrieves a call control interface related to pending COM method calls- enabling cancellation of those calls. Process and Thread Management | |
| COMCTL32.DLL!ShowHideMenuCtl Modifies menu item attributes and controls visibility in a GUI context. System Information and Control | |
| ADVAPI32.DLL!ObjectCloseAuditAlarmA Generates an audit message when a private object handle is deleted- hence involved with security control. System Information and Control | |
| PRINTDLGW Represents user selections in the Print Dialog Box and controls its initialization. System Information and Control | |
| OLEAUT32.DLL!VARIANT_UserMarshal Marshals a VARIANT object into an RPC buffer for remote procedure calls. Network Operations | |
| KERNEL32.DLL!GetStringTypeExW Retrieves character type information for a given string- affecting Unicode handling and internationalization. System Information and Control | |
| RPCRT4.DLL!RpcErrorClearInformation This function clears extended error information on the current thread to manage RPC error states. System Information and Control | |
| KERNEL32.DLL!DeleteSynchronizationBarrier This function releases a synchronization barrier when it is no longer needed. Process and Thread Management | |
| SHLWAPI.DLL!PathIsUNCServerShareA Validates if a string is a valid UNC share path format. System Information and Control | |
| KERNEL32.DLL!GetUmsCompletionListEvent Retrieves a handle to an event associated with a user-mode scheduling completion list. Process and Thread Management | |
| IClockVectorElement::GetTickCount Retrieves the upper bound on tick counts in a clock vector element. System Information and Control | |
| OLE32.DLL!ObjectStublessClient24 Stub function supporting COM proxy operations for marshaling interfaces. DLL Injection and Manipulation | |
| SECHOST.DLL!ChangeServiceConfig2W Changes configuration parameters of a service in the service control manager database. System Information and Control | |
| SHELL32.DLL!SHFileOperationW This function performs operations like copying- moving- renaming- or deleting file system objects. File Operations | |
| KERNEL32.DLL!GetSystemDefaultUILanguage Retrieves system default UI language identifier; categorized under System Information for its role in language management. System Information and Control | |
| COMCTL32.DLL!FlatSB_GetScrollRange Retrieves the scroll range values of a flat scroll bar associated with a window. System Information and Control | |
| WINMMBASE.DLL!midiInReset This function stops input on a MIDI input device and handles MIDI data processing. Process and Thread Management | |
| RPCRT4.DLL!RpcIfInqId This function queries interface identification from specifications- indicating it involves system information related to RPC interfaces. System Information and Control | |
| SECHOST.DLL!OpenServiceA Opens an existing service and retrieves a handle for further operations. Process and Thread Management | |
| GDI32.DLL!CreateScalableFontResourceW Creates a font resource file for a scalable font- managing font resources. File Operations | |
| WINMMBASE.DLL!mmioOpenW Opens a file for buffered or unbuffered I/O- creating or deleting files. File Operations | |
| KERNEL32.DLL!SetThreadUILanguage Changes the user interface language for the current thread- affecting how the application displays text. System Information and Control | |
| WINMMBASE.DLL!midiConnect Connects MIDI input devices to output or thru devices for data transfer. Network Operations | |
| COMCTL32.DLL!CreateMappedBitmap Creates a bitmap for UI components like toolbars using specified resources and color mapping. File Operations | |
| USER32.DLL!RegisterSuspendResumeNotification Registers for notifications about system suspend or resume events- impacting process state management. System Information and Control | |
| KERNEL32.DLL!PssWalkMarkerSeekToBeginning Resets a walk marker for iterating over process snapshots. Process and Thread Management | |
| USER32.DLL!GetWindowFeedbackSetting Retrieves window feedback configuration- indicating user interaction and visual feedback settings. System Information and Control | |
| KERNEL32.DLL!CreateEnclave Creates an isolated region for code and data within an application’s address space. Memory Management | |
| SECHOST.DLL!ChangeServiceConfigA Changes service configuration parameters in the service control manager database. System Information and Control | |
| COMDLG32.DLL!ChooseColorA Initializes a dialog box for selecting colors- not related to file or network operations. System Information and Control | |
| GDI32FULL.DLL!AddFontMemResourceEx Adds a font resource from memory to the system for use in applications. Memory Management | |
| OLE32.DLL!OleCreateLink Creates a linked OLE compound-document object- integrating multiple data sources. File Operations | |
| ADVAPI32.DLL!GetInheritanceSourceA Retrieves the source of inherited access control entries in an ACL. Registry Operations | |
| ADVAPI32.DLL!PerfQueryCounterData Retrieves performance counter values based on query specifications- involving system performance monitoring. System Information and Control | |
| OLEAUT32.DLL!VarBoolFromDate Converts a date value to a Boolean- involves data type operations. Memory Management | |
| KERNELBASE.DLL!InitializeSid Initializes a security identifier (SID)- which is crucial for access control. Registry Operations | |
| GDI32FULL.DLL!ScriptLayout Converts embedding levels to visual/logical positions for text rendering. System Information and Control | |
| USER32.DLL!VkKeyScanExW Translates characters to virtual-key codes based on the keyboard layout and input locale. Hooking and Interception | |
| KERNEL32.DLL!SwitchToThread Causes the calling thread to yield execution to another ready thread on the current processor. Process and Thread Management | |
| USER32.DLL!UnhookWindowsHookEx Removes a previously set hook procedure in order to stop intercepting events. Hooking and Interception | |
| WS2_32.DLL!WSALookupServiceBeginW Initiates a client query for network services using parameters defined in a WSAQUERYSET structure. Network Operations | |
| KERNELBASE.DLL!RegLoadAppKeyW Loads a registry hive as an application hive- providing access rights for registry manipulation. Registry Operations | |
| Bitmap::SetPixel Sets the color of a specific pixel in a bitmap image. File Operations | |
| USER32.DLL!OpenIcon Restores a minimized window to its original state and activates it. Process and Thread Management | |
| KERNEL32.DLL!CreateActCtxW Creates an activation context for managing side-by-side assemblies. System Information and Control | |
| OLE32.DLL!CoFileTimeToDosDateTime Converts FILETIME to MS-DOS date and time values for compatibility with older Windows systems. File Operations | |
| USER32.DLL!GetPointerDeviceRects Retrieves physical range data for pointer devices and displays- focusing on input device configurations. System Information and Control | |
| ADVAPI32.DLL!StopTraceA Stops a specified event tracing session using a handle or instance name. System Information and Control | |
| KERNEL32.DLL!BackupSeek Seeks forward in a data stream for backup operations- modifying file cursor position. File Operations | |
| KERNEL32.DLL!FatalAppExitW Terminates the application and displays a message box- indicating it's related to process termination. Process and Thread Management | |
| WINDOWS.STORAGE.DLL!SHSetFolderPathA Assigns a new path to a system folder identified by its CSIDL. Registry Operations | |
| GDI32.DLL!CombineRgn Combines two regions into a third- specifying the mode of combination. System Information and Control | |
| USER32.DLL!WindowFromPoint Retrieves a handle to the window that contains a specified point on the screen. System Information and Control | |
| RPCRT4.DLL!RpcServerRegisterIf3 Registers an interface with the RPC run-time library for communication between processes. Network Operations | |
| RPCRT4.DLL!RpcMgmtSetCancelTimeout Sets the timeout duration for cancel commands in RPC calls. System Information and Control | |
| ADVAPI32.DLL!EnumServicesStatusExA Enumerates services and their statuses in the service control manager database. System Information and Control | |
| KERNEL32.DLL!GetPrivateProfileStringA Retrieves a string from an initialization file section- accessing file content. File Operations | |
| GDI32.DLL!STROBJ_dwGetCodePage Retrieves the code page for a STROBJ structure- related to graphical output and text rendering. System Information and Control | |
| KERNEL32.DLL!IsNativeVhdBoot This function checks if the operating system was booted from a VHD container. System Information and Control | |
| SHLWAPI.DLL!SHGetInverseCMAP Retrieves a color mapping table for the halftone palette- indicating color approximation. System Information and Control | |
| WINDOWS.STORAGE.DLL!SHBindToFolderIDListParentEx Binds to a Shell folder- allowing specification of a context for file operations. File Operations | |
| COMCTL32.DLL!ImageList_GetImageCount This function retrieves the number of images in an image list- thus related to UI management rather than security. System Information and Control | |
| USER32.DLL!IsMenu This function checks if a provided handle is associated with a menu. System Information and Control | |
| WS2_32.DLL!GetHostNameW This function retrieves the local computer's hostname- which involves network-related information retrieval. Network Operations | |
| USER32.DLL!DisableProcessWindowsGhosting Disables window ghosting for a GUI process- enhancing control over unresponsive applications. Process and Thread Management | |
| USER32.DLL!NotifyWinEvent Signals system of predefined events and triggers registered client hook functions. Hooking and Interception | |
| WINDOWS.STORAGE.DLL!SHSetFolderPathW Updates the path of a system folder identified by its CSIDL- affecting file management aspects. File Operations | |
| USER32.DLL!DrawTextA The function is used for rendering formatted text within a specified rectangle on a device context. System Information and Control | |
| OLE32.DLL!ObjectStublessClient28 Stub function for COM proxies aiding in interface marshaling between client and server. DLL Injection and Manipulation | |
| KERNEL32.DLL!CreateFileA Creates or opens files- devices- or communications resources- enabling various I/O operations. File Operations | |
| OLEAUT32.DLL!HWND_UserSize Computes the required size of a HWND object for serialization. Memory Management | |
| USER32.DLL!IsClipboardFormatAvailable Checks if the clipboard has data in a specific format- enabling interactions like Paste. System Information and Control | |
| KERNEL32.DLL!GetCompressedFileSizeW Retrieves the disk storage size of a specified file- accounting for compression. File Operations | |
| KERNEL32.DLL!DeleteTimerQueueEx This function deletes a timer queue and cancels pending timers- thus managing thread pool resources. Process and Thread Management | |
| ADVAPI32.DLL!GetLocalManagedApplications Retrieves a list of managed applications on a computer or for a specific user. System Information and Control | |
| USER32.DLL!GetRawInputData Retrieves raw input data from specified devices like keyboard and mouse. System Information and Control | |
| KERNEL32.DLL!SystemTimeToTzSpecificLocalTime Converts UTC time to local time based on specified time zone- involving system time management. System Information and Control | |
| ADVAPI32.DLL!GetTrusteeTypeW Retrieves the type of trustee from a TRUSTEE structure- related to access control and permissions. System Information and Control | |
| KERNEL32.DLL!AddScopedPolicyIDAce This function modifies an access control list- affecting resource access permissions. Registry Operations | |
| KERNEL32.DLL!GetLongPathNameW Converts specified file paths to their long form- aiding in file operations. File Operations | |
| OLEAUT32.DLL!VarDateFromDec Converts a decimal value to a date value- involving data type transformation. Cryptographic Operations | |
| SHELL32.DLL!SHGetPathFromIDListA Converts an item identifier list to a file system path- indicating a file operation. File Operations | |
| OLEAUT32.DLL!VarDecFromUI1 Converts an unsigned char to a decimal value- indicating value transformation. Memory Management | |
| OLEAUT32.DLL!SafeArrayUnaccessData This function decrements the lock count for a SafeArray- managing memory access. Memory Management | |
| GDI32.DLL!EngLockSurface This function creates a user object for a surface- enabling driver access to graphics resources. Memory Management | |
| KERNEL32.DLL!DisableThreadLibraryCalls Disables DLL_THREAD_ATTACH and DLL_THREAD_DETACH notifications- optimizing thread management in DLLs. DLL Injection and Manipulation | |
| SHLWAPI.DLL!AssocQueryStringA Retrieves file or protocol association-related strings from the registry. Registry Operations | |
| OLEAUT32.DLL!VarDecFromUI2 Converts an unsigned short value to a decimal value- dealing primarily with data formatting. Memory Management | |
| SHLWAPI.DLL!PathAddExtensionA Adds a file name extension to a path string- making it a file operation. File Operations | |
| USER32.DLL!HiliteMenuItem Adds or removes highlighting from a menu item in a window's menu bar. System Information and Control | |
| GDI32FULL.DLL!RemoveFontResourceExA This function removes font resources from the system font table- directly altering system file resources. File Operations | |
| GDI32FULL.DLL!ScriptPositionSingleGlyph Positions individual glyphs and adjusts their widths and offsets in text rendering for visual alignment. Memory Management | |
| KERNEL32.DLL!_lwrite Writes data to a specified file handle- facilitating file operations. File Operations | |
| KERNEL32.DLL!GetFileTime Retrieves creation- last accessed- and last modified dates of a file. File Operations | |
| OLE32.DLL!RoGetAgileReference Creates an agile reference for a specified object interface- allowing inter-apartment communication. Process and Thread Management | |
| GDI32FULL.DLL!EngUnicodeToMultiByteN Converts a Unicode string to an ANSI string using the current code page. Memory Management | |
| OLEAUT32.DLL!VarUI1FromBool Converts a Boolean value to an unsigned char value- focusing on data type transformation. Memory Management | |
| KERNELBASE.DLL!PerfSetULongCounterValue Updates a performance counter value; it manages performance-related data metrics. System Information and Control | |
| KERNEL32.DLL!FlushInstructionCache This function flushes the instruction cache of a specified process- relevant for managing process execution. Process and Thread Management | |
| USER32.DLL!SetDisplayAutoRotationPreferences Sets screen auto-rotation preferences for the current process. Affects display settings rather than file or network operations. System Information and Control | |
| OLE32.DLL!GetConvertStg Retrieves the convert bit for a specified storage object- indicating conversion support. File Operations | |
| KERNEL32.DLL!RemoveSecureMemoryCacheCallback Unregisters a callback function related to secure memory caching operations. Memory Management | |
| KERNEL32.DLL!FindFirstStreamTransactedW Opens a search handle for enumerating streams in a file- categorized under file operations. File Operations | |
| USER32.DLL!LoadIconA Loads an icon resource from an executable- relating to GUI and resource management. System Information and Control | |
| SHLWAPI.DLL!PathRenameExtensionA This function modifies a file name by changing its extension- hence it involves file manipulation. File Operations | |
| GDI32FULL.DLL!UpdateICMRegKeyA Manages color profiles and Color Management Modules in the system- affecting system registry settings. Registry Operations | |
| USER32.DLL!GetDCEx Retrieves a handle to a device context for a window or the entire screen. System Information and Control | |
| KERNEL32.DLL!GetLongPathNameA Converts a short file path to its long format- facilitating file operations. File Operations | |
| GDI32FULL.DLL!StretchBlt This function copies and modifies bitmap data between device contexts- involving graphical operations. DLL Injection and Manipulation | |
| KERNEL32.DLL!QueryThreadProfiling Checks if thread profiling is enabled- relating to thread performance monitoring. Process and Thread Management | |
| USER32.DLL!SetLastErrorEx This function sets the last-error code- which is part of system error handling. System Information and Control | |
| USER32.DLL!SetKeyboardState Alters the keyboard input state for the calling thread's keyboard state table. Process and Thread Management | |
| KERNEL32.DLL!CopyFile2 This function copies an existing file to a new file- indicating progress- thus related to file operations. File Operations | |
| ADVAPI32.DLL!LsaGetAppliedCAPIDs Retrieves identifiers for central access policies applied on a specific computer- reflecting security controls. System Information and Control | |
| SHELL32.DLL!DAD_DragLeave Unlocks a specified window during drag-and-drop operations in the Windows Shell. Process and Thread Management | |
| OLEAUT32.DLL!VarI4FromUI1 Converts unsigned char to long; primarily handles type conversion in automation. Memory Management | |
| CRYPTSP.DLL!CryptAcquireContextA Acquires a handle to a key container in a cryptographic service provider- facilitating encryption operations. Cryptographic Operations | |
| SHELL32.DLL!PifMgr_CloseProperties Closes application properties previously opened- managing their state and resources. Process and Thread Management | |
| KERNEL32.DLL!GetProcessIoCounters Retrieves information about I/O operations performed by a specified process. System Information and Control | |
| KERNEL32.DLL!GetProfileIntW Retrieves an integer from the Win.ini file or the registry based on app and key names. Registry Operations | |
| OLEAUT32.DLL!VarBstrCat Concatenates BSTR strings- manipulating memory representations of these strings in the process. Memory Management | |
| SHLWAPI.DLL!PathFindExtensionA Searches a file path to find the file extension. File Operations | |
| KERNEL32.DLL!BuildIoRingRegisterBuffers Registers buffers for future I/O ring operations- facilitating efficient file-related I/O tasks. File Operations | |
| COMCTL32.DLL!DPA_EnumCallback Iterates over a Dynamic Pointer Array and applies a callback function to each element. Memory Management | |
| GDI32FULL.DLL!SetWorldTransform Used to apply transformations to graphical output in device contexts. Graphics Operations | |
| ADVAPI32.DLL!OpenEventLogW Opens a handle to the specified event log for reading or writing events. File Operations | |
| RPCRT4.DLL!RpcServerUseAllProtseqsIfEx This function registers protocol sequences for remote procedure calls- involving network configurations. Network Operations | |
| SHLWAPI.DLL!PathFindOnPathW Searches for a specified file in standard directories and those provided. File Operations | |
| WS2_32.DLL!WSALookupServiceNextW Retrieves service information from a previously initiated service inquiry- enhancing network operations functionality. Network Operations | |
| ADVAPI32.DLL!GetEffectiveRightsFromAclA Retrieves effective access rights from an ACL structure for a specified trustee- managing security settings. Registry Operations | |
| KERNELBASE.DLL!SetSecurityAccessMask This function creates an access mask for object security- influencing permissions and security settings. Registry Operations | |
| USER32.DLL!GetNextDlgGroupItem Retrieves a handle to controls in a dialog box- managing user interface elements. Process and Thread Management | |
| OLE32.DLL!CoInstall Installs COM server applications- managing component registrations in the system. System Information and Control | |
| GDI32.DLL!EngCopyBits Translates between raster surfaces and bitmaps- performing graphical data operations. File Operations | |
| KERNEL32.DLL!DebugActiveProcess Attaches a debugger to an active process- facilitating process inspection and manipulation. Process and Thread Management | |
| USER32.DLL!DispatchMessageA Dispatches messages to a window procedure- crucial for message handling in GUI applications. Process and Thread Management | |
| USER32.DLL!UpdateLayeredWindow Updates the appearance and properties of a layered window on the screen- affecting its visual attributes. System Information and Control | |
| COMCTL32.DLL!ImageList_LoadImageA Loads an image from a specified file or resource into an image list. File Operations | |
| OLEAUT32.DLL!VarDecFromBool Converts a Boolean value to a decimal value. Memory Management | |
| KERNEL32.DLL!RegRestoreKeyA Restores registry information from a specified file to a specific key- manipulating registry data. Registry Operations | |
| USER32.DLL!GetKeyboardLayout Retrieves the active input locale identifier for keyboard layout management. System Information and Control | |
| KERNEL32.DLL!WaitForThreadpoolTimerCallbacks Waits for timer callback completions and can cancel pending callbacks- relating to multitasking execution control. Process and Thread Management | |
| OLEAUT32.DLL!VarDiv This function performs arithmetic operations on variants- classifying it under Memory Management for variant handling. Memory Management | |
| WSOCK32.DLL!accept Accepts incoming connection requests on a socket- establishing a network connection. Network Operations | |
| GDI32FULL.DLL!GetROP2 Retrieves the foreground mix mode of a device context for color combination in GDI operations. System Information and Control | |
| KERNEL32.DLL!HeapCompact Returns the size of the largest committed free block in the memory heap and coalesces adjacent free blocks. Memory Management | |
| SECHOST.DLL!LsaStorePrivateData Stores private data securely by encrypting it- primarily for LSA secrets management. Cryptographic Operations | |
| KERNEL32.DLL!GetNamedPipeHandleStateW Retrieves information about a specified named pipe- helping manage communication between processes. Process and Thread Management | |
| OLEAUT32.DLL!VARIANT_UserUnmarshal64 Unmarshals a VARIANT object from an RPC buffer- manipulating data representation. DLL Injection and Manipulation | |
| SHLWAPI.DLL!PathRemoveFileSpecW This function modifies file paths by removing file names- classifying it under File Operations. File Operations | |
| ADVAPI32.DLL!BuildTrusteeWithObjectsAndNameW Initializes a TRUSTEE structure for access control with specified object and trustee names. Registry Operations | |
| SHLWAPI.DLL!StrCmpICA Compares two strings while ignoring case- focusing on collating rules. System Information and Control | |
| SHLWAPI.DLL!PathIsContentTypeA Compares a file's content type with a specified type to determine file characteristics. File Operations | |
| OLEAUT32.DLL!SafeArrayGetVartype Retrieves the VARTYPE from a safe array- indicating data type management. Memory Management | |
| GDI32FULL.DLL!EngDeletePalette This function requests the deletion of a palette- a graphical resource used for color management. File Operations | |
| GDI32FULL.DLL!EngCreateDeviceBitmap Creates a handle for a device bitmap for graphical device interface (GDI) operations. Memory Management | |
| IWMReaderStreamClock::SetTimer Sets a timer on the clock to notify callbacks at specified intervals. Process and Thread Management | |
| GDI32FULL.DLL!OffsetViewportOrgEx Modifies the viewport origin in a device context by applying specified horizontal and vertical offsets. System Information and Control | |
| WS2_32.DLL!WSAConnectByList Establishes a connection to a list of endpoint addresses using the Winsock interface. Network Operations | |
| OLE32.DLL!HDC_UserSize64 This function calculates the size of the HDC object for RPC operations. Memory Management | |
| KERNEL32.DLL!FileTimeToLocalFileTime Converts UTC-based file time to local time format for accurate time representation. File Operations | |
| KERNEL32.DLL!GetVolumePathNameW Retrieves the volume mount point where the specified path is mounted. File Operations | |
| USER32.DLL!LoadMenuIndirectA Loads a specified menu template into memory- facilitating menu management within applications. Memory Management | |
| SHLWAPI.DLL!SHUnlockShared Unlocks memory that was previously locked- facilitating memory management operations. Memory Management | |
| RPCRT4.DLL!RpcStringBindingComposeW This function creates a string binding handle for remote procedure calls. Network Operations | |
| GDI32FULL.DLL!GetFontData Retrieves font metric data for TrueType fonts- primarily involving file operations related to font data retrieval. File Operations | |
| RPCRT4.DLL!NdrStubInitialize Sets up message fields for RPC before unmarshalling- involved in network communication. Network Operations | |
| SECHOST.DLL!LsaAddAccountRights This function assigns privileges to an account- impacting security policies and user permissions. System Information and Control | |
| OLEAUT32.DLL!VarUI4FromI8 Converts an 8-byte integer to an unsigned long. Relevant to data type manipulation. Memory Management | |
| USER32.DLL!DestroyCaret Destroys the caret and removes it from the screen- managing UI resources. System Information and Control | |
| KERNEL32.DLL!GetFullPathNameW This function retrieves the full path and file name of a specified file. File Operations | |
| USER32.DLL!GetUnpredictedMessagePos Retrieves pointer data prior to touch prediction processing for input handling. System Information and Control | |
| WINDOWS.STORAGE.DLL!PathMakeUniqueName Creates a unique file name based on provided templates to avoid name collisions. File Operations | |
| WINDOWS.STORAGE.DLL!SHBindToFolderIDListParent Binds to a parent folder in the Shell namespace- manipulating folder structures. DLL Injection and Manipulation | |
| OLEAUT32.DLL!SafeArrayCreateEx Creates a safe array descriptor for specified data types and dimensions. Memory Management | |
| KERNEL32.DLL!FreeLibraryWhenCallbackReturns Unloads a specified DLL upon completion of a callback- involved in DLL management. DLL Injection and Manipulation | |
| USER32.DLL!LoadMenuIndirectW Loads a menu template into memory- allowing the creation of menu handles. Process and Thread Management | |
| NTDLL.DLL!RtlCharToInteger Converts a character string to an integer- facilitating data manipulation. System Information and Control | |
| SHLWAPI.DLL!StrCmpNICW Compares characters of two strings for equality- useful for determining matches in file names or paths. File Operations | |
| RPCRT4.DLL!RpcMgmtStopServerListening Directs a server to halt listening for remote procedure calls- managing remote server communications. Network Operations | |
| KERNEL32.DLL!CompareFileTime Compares two file times to determine chronological order. File Operations | |
| SHLWAPI.DLL!SHRegOpenUSKeyA This function opens a registry subkey specific to a user- indicating direct interactions with the Windows registry. Registry Operations | |
| USER32.DLL!GetDpiAwarenessContextForProcess Retrieves a DPI awareness context for a specified process- affecting its display settings. System Information and Control | |
| KERNEL32.DLL!WritePrivateProfileSectionA Writes key names and values to a specified section in an initialization file- involving file operations. File Operations | |
| GDI32FULL.DLL!EnumFontFamiliesExW This function enumerates uniquely-named fonts based on specified characteristics in the LOGFONT structure. System Information and Control | |
| COMCTL32.DLL!ImageList_DragLeave Unlocks a window and hides the drag image during file operations. File Operations | |
| GDI32.DLL!CLIPOBJ_ppoGetPath Creates a PATHOBJ structure outlining a clip region for graphical operations. System Information and Control | |
| OLEAUT32.DLL!CreateTypeLib2 It creates a type library file- indicating file creation operations. File Operations | |
| OLE32.DLL!CoWaitForMultipleObjects Waits for multiple kernel objects to be signaled; related to process synchronization. Process and Thread Management | |
| KERNEL32.DLL!ParseApplicationUserModelId Deconstructs application user model ID into its component parts for application identification. System Information and Control | |
| SHLWAPI.DLL!PathMatchSpecA This function checks if a file path matches a specified wildcard pattern. File Operations | |
| KERNEL32.DLL!lstrcmpiA Compares two strings in a case-insensitive manner. System Information and Control | |
| RPCRT4.DLL!DceErrorInqTextA Retrieves the message text corresponding to a given RPC status code. System Information and Control | |
| OLEAUT32.DLL!SafeArrayCopyData Copies data between safe arrays- managing resources in the target array. Memory Management | |
| GDI32FULL.DLL!ScriptPlaceOpenType Generates glyphs and visual attributes for Unicode text- leveraging OpenType information and equivalents for text placement. Memory Management | |
| OLE32.DLL!OleIsRunning Checks if a COM object is currently running- indicating process management status. Process and Thread Management | |
| WINMMBASE.DLL!midiOutGetErrorTextW Retrieves a textual description for a specified error code related to MIDI output. System Information and Control | |
| SHELL32.DLL!SHEnumerateUnreadMailAccountsW Enumerates user accounts with unread email- accessing user-specific data via registry keys. Registry Operations | |
| KERNEL32.DLL!LoadLibraryExA Loads a specified module into the calling process's address space- allowing for DLL manipulation and management. DLL Injection and Manipulation | |
| KERNEL32.DLL!GetProcAddress Retrieves the address of an exported function or variable from a DLL module- enabling dynamic linking. DLL Injection and Manipulation | |
| KERNELBASE.DLL!PerfDecrementULongLongCounterValue Decrements an 8-byte unsigned integer counter for performance monitoring. System Information and Control | |
| KERNEL32.DLL!CreateFileMappingFromApp Creates or opens a file mapping object for a specified file- enabling memory management through mapped views. Memory Management | |
| SHLWAPI.DLL!PathIsLFNFileSpecW Determines if a file name exceeds the 8.3 character limit- assessing file naming conventions. File Operations | |
| KERNEL32.DLL!EnumUILanguagesW Enumerates available user interface languages and calls a callback function for each. System Information and Control | |
| KERNEL32.DLL!GetProcessHeaps Retrieves handles to active heaps in the calling process- aiding in memory management and tracking. Memory Management | |
| SHCORE.DLL!SHRegGetIntW Reads a numeric string from the registry and converts it to an integer. Registry Operations | |
| OLE32.DLL!OleCreateFromFileEx This function initializes objects from files- managing multiple presentation formats- thus involving file operations. File Operations | |
| RPCRT4.DLL!RpcServerInterfaceGroupInqBindings Returns binding handles for remote procedure calls- facilitating network communication for server applications. Network Operations | |
| ADVAPI32.DLL!CredRenameA Renames a credential in the user's credential set associated with the current logon session. Registry Operations | |
| OLE32.DLL!StgCreateStorageEx Creates a new storage object- managing access modes- and file permissions. File Operations | |
| OLEAUT32.DLL!VarBstrFromI1 Converts a char value to a BSTR value for use in automation. Memory Management | |
| USER32.DLL!AppendMenuA Appends a new item to menus in Windows- controlling their content and behavior. System Information and Control | |
| OLEAUT32.DLL!OleIconToCursor Converts an icon to a cursor and manages cursor resources. Memory Management | |
| KERNEL32.DLL!OpenPrivateNamespaceW Opens a private namespace for resource isolation in Windows. System Information and Control | |
| USER32.DLL!GetCaretPos Retrieves the position of the caret in the client area of a window. System Information and Control | |
| COMDLG32.DLL!GetOpenFileNameA Creates an Open dialog for user to specify files to open. File Operations | |
| KERNEL32.DLL!DebugBreak Triggers a breakpoint exception in the current process to aid in debugging. Process and Thread Management | |
| USER32.DLL!RemovePropW Removes an entry from a window's property list- indicating modifications to window properties. Registry Operations | |
| KERNEL32.DLL!RegNotifyChangeKeyValue Notifies the caller of changes to a specified registry key's attributes or contents. Registry Operations | |
| OLEAUT32.DLL!VarR8FromI8 Converts an 8-byte integer to a double value- involved in data manipulation. Memory Management | |
| OLEAUT32.DLL!VarR8FromUI2 Converts an unsigned short to a double- involved in data type handling. Memory Management | |
| USER32.DLL!LoadAcceleratorsA Loads an accelerator table from a specified executable module. System Information and Control | |
| WINDOWS.STORAGE.DLL!SHParseDisplayName Converts a display name into an identifier list for Shell namespace objects. File Operations | |
| SECHOST.DLL!StartServiceA This function starts a service by interacting with the service control manager. Process and Thread Management | |
| KERNEL32.DLL!GetCurrentPackageId Retrieves the package identifier for the calling process- providing identification for running applications. System Information and Control | |
| ADVAPI32.DLL!RemoveUsersFromEncryptedFile This function removes specified certificate hashes from a file- indicating operations on file security. File Operations | |
| WMI.DLL!GetTraceEnableLevel Retrieves the event tracing level specified by the trace controller for event generation. System Information and Control | |
| KERNEL32.DLL!EnumResourceNamesA Enumerates resource names of a specified type within a binary module- accessing these resources. File Operations | |
| OLE32.DLL!ObjectStublessClient22 This function is for COM proxies- enabling communication between software components. DLL Injection and Manipulation | |
| OLEAUT32.DLL!SysReleaseString Decreases reference count for a string- facilitating memory management. Memory Management | |
| USER32.DLL!FreeDDElParam Frees memory used by lParam from a posted DDE message- indicating memory management. Memory Management | |
| COMCTL32.DLL!DrawStatusTextA This function is used to draw text in a status window- primarily for UI operations. System Information and Control | |
| KERNEL32.DLL!AppPolicyGetProcessTerminationMethod This function retrieves the method used to end a process- indicating control over process management. Process and Thread Management | |
| KERNEL32.DLL!FindFirstFileNameW Enumerates hard links to a specified file- requiring file system access. File Operations | |
| GDI32FULL.DLL!SetBitmapDimensionEx This function sets dimensions for a bitmap- affecting its properties within applications. System Information and Control | |
| RPCRT4.DLL!MesEncodeIncrementalHandleCreate Creates and initializes an encoding handle for incremental serialization. Memory Management | |
| KERNEL32.DLL!DeleteBoundaryDescriptor Deletes a specified boundary descriptor- managing namespace boundaries for processes. Process and Thread Management | |
| USER32.DLL!GetClassNameW Retrieves the class name of a specified window- allowing identification of window types. System Information and Control | |
| GDI32FULL.DLL!EngGetCurrentCodePage Returns the system's default code pages for character translation. System Information and Control | |
| SHCORE.DLL!SHAnsiToAnsi Converts an ANSI string to Unicode while managing memory buffers. Memory Management | |
| ADVAPI32.DLL!FlushTraceA This function flushes buffered events in an event tracing session ensuring timely delivery. System Information and Control | |
| Graphics::FillPath Fills the interior of a path using a brush- related to graphical operations. Memory Management | |
| OLE32.DLL!CoDecrementMTAUsage Releases increment in Multi-Threaded Apartment usage- managing resources as threads are utilized. Process and Thread Management | |
| USER32.DLL!CreateDesktopExA Creates a new desktop associated with the current window station of the calling process. Process and Thread Management | |
| COMCTL32.DLL!CreateUpDownControl Creates an up-down control- which involves manipulating GUI elements. System Information and Control | |
| OLE32.DLL!CoCreateInstance Creates a single- default-initialized object of a specified class using a CLSID. Process and Thread Management | |
| KERNEL32.DLL!RemoveVectoredContinueHandler Unregisters a vectored continue handler for error handling. System Information and Control | |
| USER32.DLL!SetWindowFeedbackSetting Configures feedback settings for a window- influencing user input responses. System Information and Control | |
| OLEAUT32.DLL!SysAllocString Allocates a new string and copies a given string into a BSTR. Memory Management | |
| OLEAUT32.DLL!VarR4FromStr Converts a string to a float value- requiring locale settings and flags for operation. System Information and Control | |
| KERNEL32.DLL!SetThreadPreferredUILanguages Sets thread-specific UI language preferences- facilitating multilingual user interface management. System Information and Control | |
| OLE32.DLL!CreateObjrefMoniker This function creates an OBJREF moniker- facilitating object reference management across client-server interactions. DLL Injection and Manipulation | |
| COMCTL32.DLL!DPA_Destroy Frees memory allocated for a Dynamic Pointer Array- managing memory resources. Memory Management | |
| KERNELBASE.DLL!SetTokenInformation Sets various types of information for a specified access token- altering security attributes. Registry Operations | |
| CRYPTSP.DLL!CryptReleaseContext Releases a cryptographic service provider (CSP) handle- managing cryptographic resources. Cryptographic Operations | |
| ADVAPI32.DLL!LockServiceDatabase Requests ownership of the service control manager database lock to serialize access to services. System Information and Control | |
| KERNEL32.DLL!GetFullPathNameTransactedW Retrieves the full path and file name of a specified file using a transaction. File Operations | |
| USER32.DLL!GetDlgItem Retrieves a handle to a control in a dialog box- managing UI elements within the window hierarchy. Process and Thread Management | |
| KERNELBASE.DLL!GetSidSubAuthorityCount Retrieves a pointer to the subauthority count in a SID structure. System Information and Control | |
| USER32.DLL!ImpersonateDdeClientWindow Allows a DDE server to adopt a client's security context- crucial for protecting sensitive data. System Information and Control | |
| ADVAPI32.DLL!GetNamedSecurityInfoW Retrieves a security descriptor for a specified object- which involves accessing security settings. Registry Operations | |
| KERNEL32.DLL!GlobalFlags This function retrieves information about global memory objects- indicating memory management operations. Memory Management | |
| OLEAUT32.DLL!VarAnd Performs a bitwise And operation on variants- utilizing data transformation rather than direct memory manipulation. Memory Management | |
| KERNEL32.DLL!CreateSymbolicLinkA Creates a symbolic link to a file or directory- modifying filesystem structure. File Operations | |
| KERNEL32.DLL!RegOpenKeyExA Opens the specified registry key- allowing access to registry-based configuration. Registry Operations | |
| USER32.DLL!RegisterClassExW Registers a window class for use in creating and managing windows. Process and Thread Management | |
| ADVAPI32.DLL!AuditLookupCategoryNameA Retrieves the display name for a specified audit-policy category based on a GUID. System Information and Control | |
| KERNELBASE.DLL!GetSecurityDescriptorControl Retrieves control and revision information of a security descriptor for access control. Registry Operations | |
| SHLWAPI.DLL!UrlUnescapeW Converts escape sequences in URLs to ordinaru characters- facilitating safer URL handling. Network Operations | |
| KERNEL32.DLL!WaitNamedPipeA Waits for a named pipe to be available for connection- managing inter-process communication. Network Operations | |
| KERNEL32.DLL!GetLogicalDrives Retrieves a bitmask of currently available disk drives- allowing file operations to determine drive accessibility. File Operations | |
| KERNEL32.DLL!GetFirmwareEnvironmentVariableA Retrieves the value of firmware environment variables- reading system state information. System Information and Control | |
| SHELL32.DLL!SHCreateDefaultContextMenu Creates a default context menu for the Windows Shell- merging context menu handlers. System Information and Control | |
| KERNEL32.DLL!InitAtomTable Initializes the atom table and its hash buckets- impacting memory usage directly. Memory Management | |
| KERNEL32.DLL!CallNamedPipeA Connects to a message-type pipe- waits for availability- and handles reading and writing operations. Network Operations | |
| SHELL32.DLL!SHGetDataFromIDListW This function retrieves extended property data from a relative identifier list- involving file system operations. File Operations | |
| ADVAPI32.DLL!BuildTrusteeWithSidW Initializes a TRUSTEE structure with a given security identifier (SID). Registry Operations | |
| OLE32.DLL!NdrProxyForwardingFunction22 Stub function used in COM proxies for marshaling interfaces. DLL Injection and Manipulation | |
| WINMMBASE.DLL!midiOutGetDevCapsW Queries capabilities of a specific MIDI output device using its identifier. System Information and Control | |
| WINDOWS.STORAGE.DLL!SHCreateItemFromIDList Initializes a Shell item object from a PIDL for interfacing with the Windows shell. System Information and Control | |
| KERNEL32.DLL!GetSystemTimes Retrieves system timing information- including user and kernel mode times across all processors. System Information and Control | |
| GDI32.DLL!EngLineTo Draws a line on a rendering surface using specified coordinates- involving graphic operations. System Information and Control | |
| ADVAPI32.DLL!ClearEventLogW Clears specified event log and optionally saves a backup- manipulating event log data. Registry Operations | |
| SHLWAPI.DLL!IntlStrEqWorkerW Compares characters in two localized strings for equality- considering locale-specific rules. System Information and Control | |
| RPCRT4.DLL!RpcMgmtInqServerPrincNameA Retrieves a server's principal name for a specified authentication service. Network Operations | |
| SHELL32.DLL!SHPathPrepareForWriteW Verifies if a path exists and prepares it for writing- prompting user interactions. File Operations | |
| KERNELBASE.DLL!SetPrivateObjectSecurity This function modifies a private object's security descriptor- managing its access control policies. Registry Operations | |
| KERNEL32.DLL!GlobalAddAtomA Adds a string to the global atom table- identifying it with a unique atom value. Memory Management | |
| WINDOWS.STORAGE.DLL!PathIsExe This function checks if a file is an executable based on the file extension. File Operations | |
| SECHOST.DLL!EventAccessControl Adds or modifies permissions for event tracing providers or sessions based on security identifiers. Registry Operations | |
| IMalloc::Realloc Changes the size of a previously allocated block of memory- modifying its allocation. Memory Management | |
| SHELL32.DLL!ExtractAssociatedIconA Retrieves an icon handle from a file or associated executable resource. File Operations | |
| KERNEL32.DLL!OpenPackageInfoByFullName Opens and retrieves information about a specified software package by its full name. System Information and Control | |
| KERNEL32.DLL!FormatMessageA Formats a message string with options for source and arguments; relates to message handling. System Information and Control | |
| RPCRT4.DLL!RpcErrorResetEnumeration Resets an enumeration cursor for RPC extended error information retrieval. System Information and Control | |
| GDI32.DLL!RectInRegion Determines if a rectangle intersects with a specified region- relating to graphical interface operations. System Information and Control | |
| KERNEL32.DLL!CreateFiberEx Allocates a fiber object and assigns it a stack- configuring execution for multi-thread management. Process and Thread Management | |
| GDI32FULL.DLL!GetTextExtentPointI Computes dimensions of glyph indices- primarily related to graphics and rendering. System Information and Control | |
| USER32.DLL!DdeGetData Copies data from a DDE object to a designated local buffer. Memory Management | |
| KERNEL32.DLL!GetThreadContext Retrieves the context of a specified thread for debugging or inspection purposes. Process and Thread Management | |
| KERNEL32.DLL!GetLocaleInfoA Retrieves locale information based on an identifier for internationalization. System Information and Control | |
| SHLWAPI.DLL!IsCharSpaceW Determines if a character is a space- mainly for string handling. System Information and Control | |
| KERNEL32.DLL!DeleteTimerQueueTimer Removes a timer from the queue- managing timer callback execution and lifecycle. Process and Thread Management | |
| OLE32.DLL!OleGetIconOfFile Retrieves a handle to a metafile containing an icon for a specified file. File Operations | |
| COMDLG32.DLL!ReplaceTextW Creates a dialog for user input on find and replace operations. File Operations | |
| USER32.DLL!ValidateRect Validates a rectangle within a window by modifying its update region. System Information and Control | |
| OLE32.DLL!NdrProxyForwardingFunction14 Stub function used in COM proxies for interface marshaling. System Information and Control | |
| USER32.DLL!MsgWaitForMultipleObjects Waits for multiple objects to be signaled or a timeout. Manages process synchronization and input events. Process and Thread Management | |
| RPCRT4.DLL!UuidFromStringA Converts a string representation of a UUID into its binary form. Cryptographic Operations | |
| GDI32FULL.DLL!CreateRectRgn Creates a rectangular region for graphical context in GDI. Memory Management | |
| GDI32FULL.DLL!RemoveFontMemResourceEx Removes fonts added from memory- typically related to font management operations in applications. Memory Management | |
| WS2_32.DLL!WSALookupServiceEnd Frees the handle after service lookup; essential for maintaining network operations. Network Operations | |
| WINDOWS.STORAGE.DLL!SHGetFolderLocation Retrieves the path of a folder based on CSIDL values- hence it involves file operations. File Operations | |
| OLEAUT32.DLL!VarDateFromUdateEx Converts MS-DOS date format to a variant format- closely related to memory handling for date structures. Memory Management | |
| KERNEL32.DLL!GetCurrentProcessorNumberEx Retrieves the processor group and number for the running thread. Process and Thread Management | |
| SHELL32.DLL!ExtractIconA Retrieves a handle to an icon from a specified executable- DLL- or icon file. File Operations | |
| WS2_32.DLL!WSCInstallNameSpaceEx Installs a namespace provider- managing its identifiers and loading paths for network operations. Network Operations | |
| KERNEL32.DLL!ConvertThreadToFiber Converts a thread into a fiber for scheduling other fibers. Process and Thread Management | |
| SHELL32.DLL!SHAddFromPropSheetExtArray This function adds pages to property sheet extensions- categorizing it under system operations for UI management. System Information and Control | |
| USER32.DLL!GetWindowModuleFileNameA Retrieves the full path of the module associated with a window handle. System Information and Control | |
| OLE32.DLL!CoGetApartmentType Retrieves the current apartment type which is crucial for thread management in COM. Process and Thread Management | |
| OLE32.DLL!HPALETTE_UserMarshal64 Marshals an HPALETTE object into an RPC buffer for inter-process communication. DLL Injection and Manipulation | |
| WINDOWS.STORAGE.DLL!SHGetSpecialFolderLocation Retrieves the location of special folders in the shell namespace. File Operations | |
| NTDLL.DLL!RtlUnicodeStringToAnsiString Converts Unicode strings to ANSI format- involving buffer manipulation and memory allocation. Memory Management | |
| OLE32.DLL!CoMarshalInterThreadInterfaceInStream Marshals an interface pointer between threads- managing inter-thread communication within the same process. Process and Thread Management | |
| USER32.DLL!GetPointerInfo Retrieves information for a pointer associated with the current message. System Information and Control | |
| USER32.DLL!GetGuiResources Retrieves count of GUI object handles used by a process- relevant for monitoring system resources. System Information and Control | |
| USER32.DLL!EnableScrollBar This function enables or disables scroll bar arrows in a specified window. System Information and Control | |
| SECHOST.DLL!AuditSetSecurity Modifies a security descriptor specifying access to audit policy elements. Registry Operations | |
| OLEAUT32.DLL!VarUI2FromDec Converts a decimal value to an unsigned short type for automation tasks. Memory Management | |
| KERNEL32.DLL!CreateSemaphoreExW Creates or opens a semaphore for thread synchronization and interprocess communication. Process and Thread Management | |
| OLEAUT32.DLL!LPSAFEARRAY_UserFree64 Frees resources on the server side during RPC calls. Memory Management | |
| KERNEL32.DLL!PulseEvent Sets an event object's state and releases waiting threads- used for synchronization purposes. Process and Thread Management | |
| KERNEL32.DLL!SystemTimeToFileTime Converts system time based on UTC to file time format for file operations. File Operations | |
| GDI32FULL.DLL!SetArcDirection Sets the drawing direction for graphical functions but does not perform file or network operations. System Information and Control | |
| RPCRT4.DLL!UuidCreateSequential This function creates a new UUID- ensuring it's unique to the system or globally unique if possible. Cryptographic Operations | |
| USER32.DLL!EnumDisplayDevicesW Retrieves information about display devices in the current session- used for system display management. System Information and Control | |
| GDI32FULL.DLL!SetAbortProc Allows an application to define a function for canceling print jobs during spooling. Process and Thread Management | |
| GDI32.DLL!EngStrokePath Requests GDI to stroke a specified path- relating to graphics operations on a device surface. Process and Thread Management | |
| KERNEL32.DLL!UmsThreadYield Yields control to the UMS scheduler thread running with the calling worker thread. Process and Thread Management | |
| ADVAPI32.DLL!NotifyBootConfigStatus Reports boot status and manages last-known good configuration. System Information and Control | |
| KERNEL32.DLL!DeleteFileA Deletes an existing file specified by the path. File Operations | |
| SECHOST.DLL!AuditQueryGlobalSaclW Retrieves a global system access control list for audit messages- requiring specific security privileges. Registry Operations | |
| KERNEL32.DLL!FlushFileBuffers Flushes and writes buffered data to a specified file- ensuring all data is updated. File Operations | |
| KERNEL32.DLL!HeapSummary Summarizes the specified heap's status- providing insights into memory usage and fragmentation. Memory Management | |
| KERNEL32.DLL!CloseIoRing Closes an **HIORING** handle- releasing resources associated with I/O operations. Process and Thread Management | |
| NTDLL.DLL!RtlConvertDeviceFamilyInfoToString This function retrieves information about the device family- providing system information. System Information and Control | |
| USER32.DLL!GetTabbedTextExtentA Computes the width and height of a character string with tab stops based on the selected font. System Information and Control | |
| WINMMBASE.DLL!mmioCreateChunk This function creates chunks in RIFF files- manipulating file structure and position. File Operations | |
| KERNEL32.DLL!GetSystemDefaultLocaleName Retrieves the system default locale name for localization purposes. System Information and Control | |
| RPCRT4.DLL!RpcSmGetThreadHandle This function returns a thread handle for managing memory within a stub environment. Process and Thread Management | |
| KERNEL32.DLL!BuildCommDCBAndTimeoutsA Translates device strings into control block codes for communication devices. Involves managing communication settings. System Information and Control | |
| OLEAUT32.DLL!VarR4FromUI4 Converts an unsigned long value to a float- involving data type manipulation. Memory Management | |
| GDI32FULL.DLL!GetTextCharacterExtra This function retrieves intercharacter spacing for a device context- related to text rendering operations. System Information and Control | |
| KERNELBASE.DLL!ConvertToAutoInheritPrivateObjectSecurity Converts a security descriptor and its ACLs for automatic propagation of inheritable ACEs. Registry Operations | |
| USER32.DLL!GetPointerFramePenInfoHistory Retrieves pen-based input frame information for specified pointers associated with the current message. System Information and Control | |
| KERNEL32.DLL!CreateFileMappingNumaW Creates or opens a file mapping object potentially relating to memory management and NUMA nodes. Memory Management | |
| KERNEL32.DLL!AllocateUserPhysicalPages Allocates physical memory pages for mapping within a process's AWE region. Memory Management | |
| OLE32.DLL!HMENU_UserUnmarshal This function unmarshals a HMENU object from an RPC buffer- facilitating inter-process communication. Process and Thread Management | |
| OLE32.DLL!NdrProxyForwardingFunction6 This function is a stub for COM proxies and is involved in marshaling interfaces. Process and Thread Management | |
| OLE32.DLL!ObjectStublessClient11 Stub function facilitating communication between COM proxies for marshaling interfaces. DLL Injection and Manipulation | |
| RPCRT4.DLL!RpcServerInqCallAttributesA Obtains client security context attributes during RPC server calls. System Information and Control | |
| OLE32.DLL!StgSetTimes Sets creation- access- and modification times of a file- aligning with file handling operations. File Operations | |
| COMDLG32.DLL!PrintDlgExA Initializes the Print property sheet and returns user selections from the printing dialog. System Information and Control | |
| USER32.DLL!UnregisterDeviceNotification Closes a device notification handle- managing device notifications. System Information and Control | |
| GDI32FULL.DLL!PolyPolyline This function is primarily concerned with drawing graphics- categorizing it under process and thread management for rendering operations. Process and Thread Management | |
| USER32.DLL!SystemParametersInfoA Retrieves or sets system-wide parameters affecting user interface behaviors. System Information and Control | |
| KERNEL32.DLL!ReplaceFileA Replaces one file with another- optionally creating a backup- focusing on file management. File Operations | |
| KERNEL32.DLL!GlobalMemoryStatus Retrieves information about current physical and virtual memory usage of the system. Memory Management | |
| WSOCK32.DLL!WSASetLastError This function sets the error code for the current thread in Winsock operations. Network Operations | |
| USER32.DLL!IntersectRect Calculates the intersection of two rectangles and modifies the destination rectangle accordingly. System Information and Control | |
| KERNEL32.DLL!GetFileAttributesExW Retrieves attributes for a specified file or directory- essential for file management operations. File Operations | |
| WINDOWS.STORAGE.DLL!ShellExecuteW Executes specified operations on files- such as open or print- therefore involving file interactions. File Operations | |
| KERNEL32.DLL!AppPolicyGetMediaFoundationCodecLoading Determines if a process can load third-party plugins- affecting its operational policy. System Information and Control | |
| KERNEL32.DLL!RemoveDllDirectory This function removes a directory from the DLL search path- affecting how DLLs are loaded. DLL Injection and Manipulation | |
| OLE32.DLL!OleRegGetUserType Retrieves the user type of a specified CLSID from the registry. Registry Operations | |
| IShellFolder::EnumObjects Returns an enumerator for the contents of a folder- allowing traversal of folder items. File Operations | |
| SHELL32.DLL!PifMgr_GetProperties Retrieves data blocks from a .pif file- interfacing with application properties. File Operations | |
| USER32.DLL!LoadMenuA Loads menu resources from executable files- dealing with application-specific UI elements. File Operations | |
| KERNEL32.DLL!LCIDToLocaleName Converts a locale identifier to a locale name for internationalization purposes. System Information and Control | |
| SECHOST.DLL!ConvertStringSecurityDescriptorToSecurityDescriptorW Converts a string-format security descriptor to a valid security descriptor- managing access control settings. System Information and Control | |
| OLE32.DLL!NdrProxyForwardingFunction32 This function serves as a stub for COM proxies- facilitating inter-process communication. Process and Thread Management | |
| KERNEL32.DLL!FlsGetValue Retrieves value from a fiber's local storage slot- related to thread management. Process and Thread Management | |
| SHCORE.DLL!SHCreateThreadWithHandle Creates a new thread and returns its handle for management. Process and Thread Management | |
| OLEAUT32.DLL!VarUI2FromUI8 Converts an 8-byte unsigned integer to an unsigned short value. Memory Management | |
| RTMPAL.DLL!EventUnregister This function unregisters an ETW event provider- managing event tracking subscriptions within a system. System Information and Control | |
| USER32.DLL!AreDpiAwarenessContextsEqual Compares DPI_AWARENESS_CONTEXT values for identity- indirectly related to user interface management. System Information and Control | |
| USER32.DLL!GetTopWindow Retrieves a handle to the top child window in the Z order of a specified parent window. Process and Thread Management | |
| KERNEL32.DLL!Module32First Retrieves information about the first module associated with a process for module enumeration. Process and Thread Management | |
| USER32.DLL!LoadCursorFromFileW Creates a cursor from a file- indicating file operation for cursor data. File Operations | |
| USER32.DLL!DisplayConfigGetDeviceInfo Retrieves display configuration information about a device- including names and preferred modes. System Information and Control | |
| SHLWAPI.DLL!StrDupW Duplicates a string and allocates memory for it. Memory Management | |
| OLE32.DLL!StringFromCLSID Converts CLSIDs into strings- aiding in COM object identification and management. System Information and Control | |
| KERNEL32.DLL!LoadResource Retrieves a handle to access resource data in memory. Memory Management | |
| KERNEL32.DLL!RegLoadMUIStringW Loads specified strings from the registry key- accessing configuration data. Registry Operations | |
| KERNEL32.DLL!FindNextFileW Continues a file search from a previous FindFirstFile call- handling file enumeration. File Operations | |
| ADVAPI32.DLL!CreateProcessWithLogonW Creates a new process in a specified security context- controlling execution parameters. Process and Thread Management | |
| USER32.DLL!SetClipboardData Places data on the clipboard in specified format- enabling interaction with clipboard operations. File Operations | |
| NTDLL.DLL!RtlIpv4StringToAddressA Converts string representation of IPv4 to binary format suitable for network operations. Network Operations | |
| WER.DLL!CloseThreadWaitChainSession Closes a Wait Chain Traversal session and cancels outstanding operations. Process and Thread Management | |
| GDI32FULL.DLL!GetDeviceGammaRamp Retrieves the current gamma ramp values from a display device's driver. System Information and Control | |
| OLE32.DLL!CoRevokeClassObject Revokes a class object registration- primarily used in COM to manage object lifecycle. DLL Injection and Manipulation | |
| RPCRT4.DLL!RpcServerUseProtseqIfA Registers a protocol sequence for receiving remote procedure calls over a specified interface. Network Operations | |
| GDI32FULL.DLL!PlayMetaFile Displays a Windows-format metafile picture on a specified device context. System Information and Control | |
| KERNEL32.DLL!FormatApplicationUserModelId Constructs an application user model ID using package family name and app ID. System Information and Control | |
| KERNEL32.DLL!FindNextChangeNotification Signals when a change notification handle detects a file system change. File Operations | |
| KERNEL32.DLL!WaitNamedPipeW Waits for an instance of a named pipe to become available for connection. Network Operations | |
| KERNEL32.DLL!IdnToUnicode Converts Punycode-encoded internationalized domain names to Unicode UTF-16. Network Operations | |
| USER32.DLL!IsWindowUnicode Determines if a window is Unicode or ANSI for message translation. System Information and Control | |
| SHLWAPI.DLL!SHIsLowMemoryMachine Determines if the system has low memory resources based on machine type. System Information and Control | |
| USER32.DLL!DdeQueryStringA Copies text associated with a string handle into a buffer- primarily for data exchange. Memory Management | |
| OLE32.DLL!StgCreatePropSetStg Creates a property set storage object- managing structured storage rather than direct file handling. File Operations | |
| KERNEL32.DLL!QueryActCtxSettingsW This function queries the activation context attributes- relevant to system settings and configuration. System Information and Control | |
| COMCTL32.DLL!InitializeFlatSB Initializes flat scroll bars for a window- affecting UI controls and their representation. System Information and Control | |
| COMCTL32.DLL!DPA_CreateEx Creates a dynamic pointer array- allocating memory- hence related to memory management. Memory Management | |
| SHCORE.DLL!SHDeleteEmptyKeyA Deletes an empty registry key- thus performing an operation on the Windows registry. Registry Operations | |
| WSOCK32.DLL!htons Converts a 16-bit number from host byte order to TCP/IP network byte order (big-endian). Network Operations | |
| USER32.DLL!CharToOemA Converts a string to the OEM-defined character set for proper text representation. Memory Management | |
| OLE32.DLL!IsAccelerator Determines if a keystroke matches an accelerator in the accelerator table. System Information and Control | |
| USER32.DLL!DdeUninitialize Frees resources from the Dynamic Data Exchange Management Library- halting communications related to the application instance. Process and Thread Management | |
| KERNEL32.DLL!GetStringTypeW Retrieves character type information for a specified Unicode string- analyzing character attributes. System Information and Control | |
| GDI32FULL.DLL!ScriptStringXtoCP Converts x coordinates to character positions- focusing on string analysis and rendering in applications. System Information and Control | |
| SECHOST.DLL!ControlServiceExA Sends control codes to manipulate the state of a Windows Service. Process and Thread Management | |
| GDI32FULL.DLL!ExtTextOutA The function draws text in a device context- handling character positioning and clipping options. System Information and Control | |
| IAzClientContext::AccessCheck Checks if the current client can perform specified operations- related to permission management. System Information and Control | |
| GDI32FULL.DLL!GetTextMetricsW Fills a buffer with metrics for the currently selected font from a device context. System Information and Control | |
| WS2_32.DLL!GetAddrInfoExW Provides protocol-independent name resolution and optional namespace provider handling for network queries. Network Operations | |
| OLE32.DLL!CStdAsyncStubBuffer2_Connect Connects the server object to the stub- facilitating RPC communication. Network Operations | |
| USER32.DLL!SetDialogControlDpiChangeBehavior Modifies DPI scaling behavior of a dialog's child window- affecting its display properties. System Information and Control | |
| SHELL32.DLL!SHOpenWithDialog Displays the Open With dialog box for selecting programs to open files. File Operations | |
| SHLWAPI.DLL!StrRChrIW Searches for the last occurrence of a character in a string. System Information and Control | |
| SHCORE.DLL!SHEnumKeyExA This function enumerates the subkeys of an open registry key- thus interacting with Windows Registry. Registry Operations | |
| ADVAPI32.DLL!LsaQueryTrustedDomainInfoByName This function retrieves information about a trusted domain- requiring a policy handle and domain name. System Information and Control | |
| SHLWAPI.DLL!StrCmpNICA Compares a specified number of characters from two strings- focusing on collation rules. System Information and Control | |
| GDI32FULL.DLL!EnumEnhMetaFile Enumerates records in an enhanced metafile- handling graphical data and context. System Information and Control | |
| OLE32.DLL!CoReleaseMarshalData Destroys a previously marshaled data packet by releasing its reference- ensuring proper COM object management. Memory Management | |
| RPCRT4.DLL!NdrConformantArrayUnmarshall Unmarshals a conformant array and may allocate memory during RPC processes. Memory Management | |
| FLIGHTSETTINGS.DLL!DllGetClassObject Retrieves the class object for COM objects from a DLL- facilitating object creation and interaction. DLL Injection and Manipulation | |
| RPCRT4.DLL!RpcCancelThread Cancels a thread associated with RPC- managing its execution and control. Process and Thread Management | |
| USER32.DLL!GetGestureConfig Retrieves gesture configuration for a window- controlling user interaction features. System Information and Control | |
| GDI32FULL.DLL!GetCharWidthA Retrieves character widths from a font in a specified range using a device context. System Information and Control | |
| KERNEL32.DLL!EnumResourceNamesExW This function enumerates resources in a binary module- manipulating resources rather than files or threads. DLL Injection and Manipulation | |
| CRYPTSP.DLL!CryptContextAddRef Increases reference count for a cryptographic service provider handle- managing its lifecycle in memory. Cryptographic Operations | |
| OLE32.DLL!CoTaskMemAlloc Allocates a block of memory similar to IMalloc::Alloc. Memory Management | |
| GDI32.DLL!FONTOBJ_pifi Retrieves the pointer to the IFIMETRICS structure for a specified font. System Information and Control | |
| KERNEL32.DLL!InitializeSListHead Initializes the head of a singly linked list for system use. Memory Management | |
| KERNEL32.DLL!CreateMutexA Creates or opens a mutex- used for synchronization between threads or processes. Process and Thread Management | |
| OLEAUT32.DLL!VarI1FromBool Converts a Boolean value to a char value- which is related to data type conversion. Memory Management | |
| KERNEL32.DLL!EnumSystemLanguageGroupsA Enumerates installed or supported language groups on the OS- related to system localization. System Information and Control | |
| USER32.DLL!SetScrollPos Sets the position of the scroll box in a scroll bar- managing visual aspects of application controls. System Information and Control | |
| KERNEL32.DLL!GetProcessTimes Retrieves timing information for a specified process- including creation- exit- kernel- and user execution times. Process and Thread Management | |
| SHLWAPI.DLL!StrRetToStrA Converts STRRET structures to allocated strings for display names. Utilizes memory allocation functions. Memory Management | |
| KERNEL32.DLL!InitOnceBeginInitialize Starts a one-time initialization process- enabling synchronization and execution management between threads. Process and Thread Management | |
| GDI32FULL.DLL!SetEnhMetaFileBits This function creates memory-based enhanced metafiles- involving storage and manipulation of graphical data. File Operations | |
| SHELL32.DLL!SHLimitInputEdit Restricts valid characters for an edit control to improve input validation. System Information and Control | |
| USER32.DLL!GetLayeredWindowAttributes Retrieves opacity- transparency color key- and layering flags of a layered window. System Information and Control | |
| IWMDMStorageControl::Rename This method renames current storage- representing an operation on file names. File Operations | |
| GDI32.DLL!FONTOBJ_pfdg Retrieves a pointer to the FD_GLYPHSET structure for a specified font. System Information and Control | |
| KERNEL32.DLL!FindFirstVolumeMountPointA Retrieves the name of a mounted folder on the specified volume and begins scanning. File Operations | |
| KERNEL32.DLL!LockFile This function locks a specified file for exclusive access- allowing controlled file operations. File Operations | |
| SHLWAPI.DLL!PathIsRelativeW This function checks if a given path is relative to the current directory. File Operations | |
| SECHOST.DLL!StartServiceCtrlDispatcherW Connects a service process to the service control manager for handling control requests. Process and Thread Management | |
| OLEAUT32.DLL!VarDateFromR4 Converts a float value to a date value- relating to data manipulation. Memory Management | |
| ID3D12CommandQueue::Signal Updates a fence value from the GPU side to manage synchronization in command queues. Process and Thread Management | |
| ADVAPI32.DLL!BackupEventLogA Saves the specified event log to a backup file without clearing it. File Operations | |
| GDI32FULL.DLL!ScriptItemize Breaks a Unicode string into shapeable items for text rendering. System Information and Control | |
| KERNEL32.DLL!CreateMutexExW Creates or opens a mutex for synchronization between threads or processes. Process and Thread Management | |
| ADVAPI32.DLL!PerfQueryCounterInfo Retrieves specifications for performance counters in a query; involves interaction with performance data. System Information and Control | |
| USER32.DLL!UnregisterPointerInputTarget Unregisters a target window for pointer input redirection- affecting input handling behavior. System Information and Control | |
| SHCORE.DLL!CommandLineToArgvW Parses a command line string into an array of arguments- handling Unicode input. Process and Thread Management | |
| KERNEL32.DLL!GetNumberFormatW Formats a number string based on locale-specific conventions- not performing file or registry operations. System Information and Control | |
| OLE32.DLL!STGMEDIUM_UserMarshal64 Marshals a STGMEDIUM object into an RPC buffer- facilitating data transfer for remote procedure calls. Network Operations | |
| WS2_32.DLL!WSASendTo Sends data to a specific destination using sockets- managing network communication. Network Operations | |
| KERNEL32.DLL!CreateEventW This function creates or opens an event object for synchronization between threads and processes. Process and Thread Management | |
| KERNEL32.DLL!CreateFileTransactedW Creates or opens a file as a transacted operation- allowing for transactional file operations. File Operations | |
| WS2_32.DLL!WSCInstallProvider Installs a transport provider into the system configuration- affecting network protocol management. Network Operations | |
| OLEAUT32.DLL!UnRegisterTypeLibForUser This function removes registered type library information- affecting system registrations. Registry Operations | |
| KERNEL32.DLL!GetTickCount64 Retrieves elapsed milliseconds since system start- providing time-related system information. System Information and Control | |
| KERNEL32.DLL!SetHandleInformation Changes properties of object handles- affecting inheritance and closure behavior in process management. Process and Thread Management | |
| KERNEL32.DLL!GetCurrentProcessorNumber Retrieves the processor number for the current thread- providing system performance information. System Information and Control | |
| WINMMBASE.DLL!DefDriverProc Processes unhandled messages in installable drivers- facilitating driver message handling. Process and Thread Management | |
| GDI32FULL.DLL!ResetDCA The function updates a printer or plotter device context- affecting output settings. System Information and Control | |
| USER32.DLL!DlgDirListComboBoxW Populates a combo box with files and directories from a specified path. File Operations | |
| RPCRT4.DLL!NdrProxyFreeBuffer Frees an RPC buffer- managing memory allocated for remote procedure calls. Memory Management | |
| USER32.DLL!PrivateExtractIconsW Extracts icon handles from files such as .exe and .dll- focusing on file resource management. File Operations | |
| OLEAUT32.DLL!VarDecDiv Divides two decimal variants- which involves mathematical operations on memory-stored data. Memory Management | |
| SHCORE.DLL!SHRegGetValueFromHKCUHKLM Retrieves specified information from registry keys under HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE. Registry Operations | |
| KERNEL32.DLL!GetProductInfo Retrieves the product type of the operating system- indicating its version and functionality. System Information and Control | |
| OLEAUT32.DLL!VarI2FromUI8 Converts an 8-byte unsigned integer to a short value- related to data type manipulation. Memory Management | |
| USER32.DLL!OemToCharBuffA Translates characters from the OEM character set into ANSI or wide-character strings. Memory Management | |
| SHLWAPI.DLL!PathUnExpandEnvStringsA Replaces folder names with their corresponding environment strings in a file path. File Operations | |
| CRYPTSP.DLL!CryptEnumProvidersA Retrieves all available cryptographic service providers on a computer. Cryptographic Operations | |
| GDI32FULL.DLL!GetDCOrgEx Retrieves the final translation origin for a specified device context used in graphical operations. System Information and Control | |
| KERNEL32.DLL!GetDynamicTimeZoneInformation Retrieves current time zone and daylight saving time settings for UTC to local time translations. System Information and Control | |
| ADVAPI32.DLL!AddConditionalAce This function modifies an Access Control List (ACL) by adding an access control entry (ACE). Registry Operations | |
| SHELL32.DLL!DragAcceptFiles This function registers a window's ability to accept dropped files- indicating file operations capability. File Operations | |
| KERNEL32.DLL!IsBadReadPtr Verifies read access to a memory range- determining if it can be safely accessed. Memory Management | |
| SECHOST.DLL!RegisterServiceCtrlHandlerA Registers a function to manage service control requests in Windows services. Process and Thread Management | |
| USER32.DLL!DefFrameProcW Processes window messages for MDI frame windows not handled by the application's window procedure. System Information and Control | |
| OLEAUT32.DLL!SetErrorInfo Sets error information for the current thread- handling error reporting in COM. System Information and Control | |
| USER32.DLL!GetPropA Retrieves a data handle from a window's property list. System Information and Control | |
| OLEAUT32.DLL!DispGetIDsOfNames This function assists with method invocation and parameter handling- falling under system information management. System Information and Control | |
| KERNEL32.DLL!EnumSystemLocalesW Enumerates installed or supported locales in the operating system- facilitating locale management. System Information and Control | |
| WINMMBASE.DLL!midiOutReset Resets all notes on all MIDI channels for a specified MIDI output device. System Information and Control | |
| GDI32FULL.DLL!CreateEllipticRgn This function creates an elliptical region based on specified coordinates. System Information and Control | |
| OLEAUT32.DLL!VarR4FromI8 Converts 8-byte integer to float- focusing on numeric data types. Memory Management | |
| ITDirectory::Connect Establishes a connection to a directory server using TAPI 2.2. Network Operations | |
| OLEAUT32.DLL!VarDecFromR4 Converts a float to a decimal value for automation purposes. Memory Management | |
| SHLWAPI.DLL!SHRegWriteUSValueW This function writes a value to a specified registry subkey- thus modifying registry settings. Registry Operations | |
| USER32.DLL!GetAwarenessFromDpiAwarenessContext Retrieves DPI_AWARENESS value from a DPI_AWARENESS_CONTEXT- indicating application awareness of display settings. System Information and Control | |
| KERNEL32.DLL!EnumSystemLocalesEx Enumerates installed or supported locales on an operating system- influencing system internationalization settings. System Information and Control | |
| USER32.DLL!DdeQueryNextServer Retrieves the next conversation handle from a conversation list for DDE communication. Process and Thread Management | |
| COMCTL32.DLL!DSA_Destroy Frees dynamic structure arrays- releasing allocated memory resources. Memory Management | |
| RPCRT4.DLL!RpcBindingInqAuthInfoW Retrieves authentication and authorization information associated with a server binding handle in RPC. Network Operations | |
| IMFSourceBuffer::Remove Removes media segments from the buffer based on a specified time range. File Operations | |
| KERNEL32.DLL!LocalFileTimeToFileTime Converts local file time to UTC file time for accurate timing representation. File Operations | |
| KERNEL32.DLL!GetNamedPipeHandleStateA Retrieves information about a named pipe's state and properties- essential for managing inter-process communication. Network Operations | |
| ADVAPI32.DLL!LookupPrivilegeDisplayNameW Retrieves the display name that represents a specified privilege. System Information and Control | |
| IFaxDoc::Send The Send method transmits a document via fax to a specified fax number. Network Operations | |
| OLE32.DLL!CoCopyProxy This function creates a private copy of a proxy to manage security settings without affecting shared instances. DLL Injection and Manipulation | |
| RPCRT4.DLL!NdrMesProcEncodeDecode2 This function is part of the Remote Procedure Call (RPC) framework for message processing. System Information and Control | |
| GDI32FULL.DLL!GetCurrentObject Retrieves a handle to graphic objects in a device context. System Information and Control | |
| KERNEL32.DLL!GetProcessWorkingSetSizeEx Retrieves minimum and maximum working set sizes of a specified process- affecting its memory usage. Memory Management | |
| RPCRT4.DLL!RpcServerRegisterIf Registers an interface with the RPC run-time library for remote procedure calls. Network Operations | |
| SHLWAPI.DLL!SHRegCreateUSKeyA Creates or opens a user-specific registry subkey in HKEY_CURRENT_USER or HKEY_LOCAL_MACHINE. Registry Operations | |
| SHLWAPI.DLL!StrTrimA Trims specified characters from a string- manipulating data formats rather than file or memory directly. Memory Management | |
| KERNEL32.DLL!UpdateProcThreadAttribute Updates attributes for creating processes and threads- affecting scheduling and execution. Process and Thread Management | |
| USER32.DLL!BroadcastSystemMessageW Sends messages to specified system components- handling system-level communication across applications and drivers. System Information and Control | |
| KERNEL32.DLL!OpenPrivateNamespaceA Opens a private namespace- isolating objects for organized management. System Information and Control | |
| GDI32FULL.DLL!ScriptShapeOpenType Generates glyphs and visual attributes based on Unicode and OpenType data. System Information and Control | |
| OLEAUT32.DLL!LHashValOfNameSys Computes a hash value for a name based on system kind and locale ID. Cryptographic Operations | |
| KERNEL32.DLL!GetSystemDirectoryW Retrieves the path of the system directory containing system files like DLLs and drivers. System Information and Control | |
| SHELL32.DLL!DAD_DragEnterEx Manages window updates during drag operations- displaying drag images- indicating user interaction with file operations. File Operations | |
| SHLWAPI.DLL!StrCmpICW Compares two strings for equality using C run-time collation rules. System Information and Control | |
| COMCTL32.DLL!ImageList_ReplaceIcon Replaces an image with an icon- modifying an image list. DLL Injection and Manipulation | |
| USER32.DLL!DestroyMenu Destroys a specified menu and frees associated memory. Memory Management | |
| SHELL32.DLL!SHInvokePrinterCommandW Executes various commands related to printer objects in a Windows environment. File Operations | |
| SHCORE.DLL!IStream_Copy This function copies data from one stream to another- involving file-like operations. File Operations | |
| OLEAUT32.DLL!VarCyFromUI1 Converts an unsigned char value to a currency value. Cryptographic Operations | |
| SHCORE.DLL!SHCreateMemStream Creates a memory stream for storing data in memory using an optional initial buffer. Memory Management | |
| OLEAUT32.DLL!VarI2FromUI4 Converts an unsigned long to a short value- focusing on data type conversion. Memory Management | |
| OLE32.DLL!CoGetContextToken Retrieves a pointer to the current COM context- enabling context-aware operations. System Information and Control | |
| KERNEL32.DLL!AreShortNamesEnabled This function checks if short filename creation is enabled on a specified volume. File Operations | |
| GDI32FULL.DLL!RemoveFontResourceExW This function removes fonts from the system font table- which involves file operations related to font resources. File Operations | |
| USER32.DLL!RealGetWindowClassA Retrieves a string specifying a window's type using its handle. System Information and Control | |
| USER32.DLL!LoadCursorW Loads cursor resource from executable- related to user interface resource management. System Information and Control | |
| WER.DLL!OpenThreadWaitChainSession This function creates a new Wait Chain Traversal session to monitor thread waits. Process and Thread Management | |
| Bitmap::GetPixel Retrieves the color of a specific pixel in a bitmap image. File Operations | |
| KERNEL32.DLL!InitializeContext2 Initializes a CONTEXT structure for managing execution context- crucial for process management. Process and Thread Management | |
| SECHOST.DLL!CreateServiceW This function creates a service object within the service control manager database. Registry Operations | |
| RPCRT4.DLL!CStdStubBuffer_QueryInterface Implements IRpcStubBuffer::QueryInterface for interface querying in RPC mechanisms. System Information and Control | |
| WINMMBASE.DLL!mmioStringToFOURCCA Converts a null-terminated string to a four-character code- related to multimedia data representation. DLL Injection and Manipulation | |
| GDI32FULL.DLL!EngLoadModule Loads a specified data module into system memory for reading- facilitating access to resources. Memory Management | |
| OLE32.DLL!HGLOBAL_UserMarshal64 Marshals a HGLOBAL object into an RPC buffer- which is used for remote procedure calls. Memory Management | |
| USER32.DLL!SetUserObjectSecurity Configures the security settings of a user object- impacting access controls. Registry Operations | |
| USER32.DLL!IsDialogMessageA Processes messages intended for dialog boxes by translating keyboard messages into control selections. Hooking and Interception | |
| WINMMBASE.DLL!midiInStop Stops MIDI input on a specified device- managing audio device operation. Process and Thread Management | |
| KERNEL32.DLL!SetFileCompletionNotificationModes Modifies notification behavior for file operations- affecting how completed I/O operations are signaled. File Operations | |
| KERNEL32.DLL!RegLoadMUIStringA Loads a string from the Windows registry specified by a key and subkey. Registry Operations | |
| KERNEL32.DLL!CreateSemaphoreW Function creates or opens a semaphore for synchronization between threads or processes. Process and Thread Management | |
| ADVAPI32.DLL!LsaEnumerateTrustedDomainsEx Retrieves information about domains trusted by the local system. System Information and Control | |
| CRYPTSP.DLL!CryptEnumProvidersW Enumerates available cryptographic service providers (CSPs) on the system. Cryptographic Operations | |
| KERNEL32.DLL!GetCompressedFileSizeA Retrieves the size of stored file data on compressed volumes- indicating file size management. File Operations | |
| NTDLL.DLL!RtlInterlockedFlushSList Removes all items from a synchronized singly linked list in a multiprocessor environment. Memory Management | |
| SHELL32.DLL!ExtractIconW Retrieves a handle to an icon from an executable- DLL- or icon file. File Operations | |
| KERNEL32.DLL!CopyFileA Copies an existing file to a new file- indicating file system operations. File Operations | |
| OLE32.DLL!HGLOBAL_UserMarshal Marshals data into an RPC buffer- relevant for remote procedure calls. Memory Management | |
| SHELL32.DLL!SHCreatePropSheetExtArray Loads property sheet extension handlers from the registry for Windows Shell. Registry Operations | |
| ADVAPI32.DLL!SaferGetPolicyInformation Retrieves policy information based on specified criteria- relevant for security policy evaluations. System Information and Control | |
| USER32.DLL!GetRawInputDeviceInfoA Retrieves information about a raw input device- including its name and device info. System Information and Control | |
| RPCRT4.DLL!RpcIfIdVectorFree This function frees memory allocated for an interface-identification vector- indicating memory management operations. Memory Management | |
| RPCRT4.DLL!RpcAsyncInitializeHandle Initializes the RPC_ASYNC_STATE structure for asynchronous remote procedure calls. Network Operations | |
| KERNEL32.DLL!SetupComm Initializes communication parameters for a device and sets its input/output buffer sizes. File Operations | |
| GDI32FULL.DLL!GetWorldTransform This function retrieves the transformation between world space and page space in graphics drawing. System Information and Control | |
| SHLWAPI.DLL!AssocQueryKeyA Retrieves a registry key related to file or protocol associations. Registry Operations | |
| OLE32.DLL!NdrProxyForwardingFunction16 Stub function for COM proxies- facilitating interface marshaling in proxy DLLs. System Information and Control | |
| OLE32.DLL!HACCEL_UserUnmarshal This function unmarshals data to a HACCEL object from RPC- indicating involvement in memory operations. Memory Management | |
| SECHOST.DLL!CredUnprotectA Decrypts credentials previously encrypted- involving security context manipulation. Cryptographic Operations | |
| KERNEL32.DLL!QueryProcessCycleTime Retrieves CPU cycle time for all threads of a specified process. Process and Thread Management | |
| SHELL32.DLL!SHGetDiskFreeSpaceExA Retrieves disk space information- including available and total bytes on a disk volume. File Operations | |
| FINDTEXTA Contains information for a search operation in a rich edit control. File Operations | |
| SHLWAPI.DLL!PathCreateFromUrlW Converts a file URL to an MS-DOS path- manipulating file paths based on URLs. File Operations | |
| GDI32FULL.DLL!SetColorAdjustment Sets color adjustment values for a device context- impacting graphic display output. System Information and Control | |
| KERNELBASE.DLL!EventActivityIdControl Manages activity identifiers for ETW events- enabling tracking and organization of events. System Information and Control | |
| RPCRT4.DLL!RpcErrorSaveErrorInfo This function handles error information related to RPC calls- categorizing it under system information. System Information and Control | |
| OLEAUT32.DLL!CreateStdDispatch Creates an implementation of IDispatch- facilitating object exposure through Automation. DLL Injection and Manipulation | |
| RPCRT4.DLL!NdrConformantStringUnmarshall Unmarshals a conformant string from a network buffer into memory- dealing with network operations. Network Operations | |
| WINDOWS.STORAGE.DLL!AssocCreateForClasses Retrieves an object implementing IQueryAssociations interface for file association queries. File Operations | |
| SHLWAPI.DLL!PathRemoveExtensionA Removes the file name extension from a specified file path. File Operations | |
| USER32.DLL!CharNextExA Retrieves a pointer to the next character in a string based on specified code pages. Memory Management | |
| KERNEL32.DLL!FindClose Closes a file search handle opened by various file search functions. File Operations | |
| WINMMBASE.DLL!midiInGetDevCapsA Determines capabilities of a specified MIDI input device- focusing on input device characteristics. System Information and Control | |
| OLEAUT32.DLL!VarI1FromCy Converts currency to a char value- manipulating data types. Memory Management | |
| GDI32FULL.DLL!GetCharABCWidthsFloatW Retrieves widths of characters in a specified range from the current font- focusing on font metrics. System Information and Control | |
| USER32.DLL!SetCaretBlinkTime This function sets the caret blink time for user interfaces in milliseconds- influencing text input visibility settings. System Information and Control | |
| KERNEL32.DLL!FindResourceW This function locates resources in a module- indicating operations related to resource management. File Operations | |
| GDI32FULL.DLL!CreateHalftonePalette Creates a halftone palette for a device context to manage color rendering. Memory Management | |
| ADVAPI32.DLL!FileEncryptionStatusW Retrieves the encryption status of a specified file- determining if it is encrypted or can be encrypted. File Operations | |
| SHELL32.DLL!SHAppBarMessage Sends messages to manage appbars related to the system's taskbar. System Information and Control | |
| OLEAUT32.DLL!SysAllocStringByteLen Allocates BSTR from an ANSI string- performing memory operations without translation. Memory Management | |
| USER32.DLL!DialogBoxParamA Creates a modal dialog box and initializes it with application-defined values. Process and Thread Management | |
| KERNEL32.DLL!GetACP Retrieves the current Windows ANSI code page identifier- related to system localization. System Information and Control | |
| GDI32FULL.DLL!EndDoc Ends a print job by signaling completion to the printer. File Operations | |
| COMCTL32.DLL!InitCommonControls Initializes and registers common control window classes for GUI applications. System Information and Control | |
| CRYPTSP.DLL!CryptSetProviderW Sets the default cryptographic service provider for the user- managing cryptographic operations. Cryptographic Operations | |
| KERNELBASE.DLL!PerfStartProvider Registers a performance provider and manages counters through callbacks. System Information and Control | |
| IOleInPlaceSiteWindowless::SetFocus This function sets or removes keyboard focus for windowless UI objects. System Information and Control | |
| KERNEL32.DLL!LoadLibraryExW Loads specified module into process's address space; may load additional related modules. DLL Injection and Manipulation | |
| KERNEL32.DLL!GetUserPreferredUILanguages Retrieves the user's preferred UI languages for internationalization purposes. System Information and Control | |
| KERNEL32.DLL!GetStringTypeA Retrieves character type information from a specified string- categorizing characters like letters or digits. System Information and Control | |
| ADVAPI32.DLL!GetEffectiveRightsFromAclW Retrieves the effective access rights of a specified trustee from an ACL structure- indicating rights management. Registry Operations | |
| ADVAPI32.DLL!EnumServicesStatusW This function enumerates services and their statuses in the service control manager database. System Information and Control | |
| OLEAUT32.DLL!VarFormatNumber Formats numeric variants into strings- primarily for output display purposes. System Information and Control | |
| GDI32FULL.DLL!OffsetWindowOrgEx Modifies the window origin for a device context- impacting graphical operations. System Information and Control | |
| SECHOST.DLL!EnumerateTraceGuidsEx Retrieves information about event trace providers currently running on the computer. System Information and Control | |
| USER32.DLL!InSendMessageEx Determines if the current window procedure is processing a message from another thread. Process and Thread Management | |
| CRYPTSP.DLL!CryptSignHashW Signs data by generating a digital signature after hashing the data. Cryptographic Operations | |
| USER32.DLL!SetPropA Modifies or adds properties to a window's property list. System Information and Control | |
| KERNEL32.DLL!GetProcessDefaultCpuSets Retrieves CPU Sets for a specified process- aiding in process management and resource allocation. Process and Thread Management | |
| RPCRT4.DLL!RpcAsyncCompleteCall Completes an asynchronous remote procedure call- finalizing communication between client and server. Network Operations | |
| GDI32FULL.DLL!MoveToEx Updates the drawing position in a device context for graphical operations. System Information and Control | |
| GDI32FULL.DLL!SetICMProfileW Sets a specified color profile for a device context in the Windows Color System. System Information and Control | |
| COMCTL32.DLL!InitMUILanguage Specifies a language for common controls- overriding system language for internationalization. System Information and Control | |
| KERNEL32.DLL!GetModuleFileNameW Retrieves the path of a loaded module- indicating file operations. File Operations | |
| RPCRT4.DLL!RpcServerUseProtseqEpW This function registers a protocol sequence and endpoint for remote procedure calls in RPC. Network Operations | |
| SHLWAPI.DLL!PathGetDriveNumberA Searches a path for a drive letter and returns the corresponding drive number. File Operations | |
| KERNEL32.DLL!GetFinalPathNameByHandleW Retrieves the final path of a specified file or directory based on the file handle. File Operations | |
| WINDOWS.STORAGE.DLL!SHBindToParent Returns an interface pointer on the parent object based on a PIDL. File Operations | |
| KERNEL32.DLL!lstrcatA Appends one string to another and modifies existing memory buffers. Memory Management | |
| WINDOWS.STORAGE.DLL!SHChangeNotifyDeregister Unregisters a process from receiving notifications about changes in the shell environment. System Information and Control | |
| RPCRT4.DLL!RpcServerRegisterAuthInfoW Registers authentication information for RPC- determining how authentication keys are acquired. Network Operations | |
| SHLWAPI.DLL!StrRetToBufW Converts an STRRET structure to a string for display purposes- primarily related to shell operations. File Operations | |
| USER32.DLL!RealGetWindowClassW Retrieves the type of a window by its handle. System Information and Control | |
| KERNEL32.DLL!GetSystemDEPPolicy Retrieves the Data Execution Prevention (DEP) policy setting for the system- impacting memory usage. Memory Management | |
| USER32.DLL!IsWinEventHookInstalled Determines if a WinEvent hook is installed for specified events- allowing for event notification management. Hooking and Interception | |
| USER32.DLL!GetMenuStringA Copies the text of a specified menu item into a buffer- relating to user interface operations. File Operations | |
| SHLWAPI.DLL!GetAcceptLanguagesA Retrieves user language preferences for web content negotiation. System Information and Control | |
| USER32.DLL!TranslateAcceleratorW Translates accelerator keys to commands- affecting user input processing directly. System Information and Control | |
| SHLWAPI.DLL!SHSendMessageBroadcastW Sends a message to all top-level windows in the system. System Information and Control | |
| ADVAPI32.DLL!RegCreateKeyA Creates or opens a specified registry key in the Windows registry. Registry Operations | |
| KERNEL32.DLL!ConnectNamedPipe This function allows a server process to wait for client connections on named pipes. Network Operations | |
| WINMMBASE.DLL!midiOutGetDevCapsA Queries MIDI output device capabilities based on device ID and fills MIDIOUTCAPS structure. System Information and Control | |
| SHELL32.DLL!SHGetLocalizedName Retrieves the localized name of a file in a Shell folder. File Operations | |
| WINDOWS.STORAGE.DLL!ILFindChild Determines if one ITEMIDLIST is a child of another- dealing with shell structures. System Information and Control | |
| ADVAPI32.DLL!OpenBackupEventLogA Opens a handle to a backup event log- accessing file-based log storage operations. File Operations | |
| KERNEL32.DLL!AppPolicyGetShowDeveloperDiagnostic Retrieves the method for a process to show developer information to the user. System Information and Control | |
| USER32.DLL!UnhookWinEvent Removes an event hook created by SetWinEventHook- preventing further notifications to the callback function. Hooking and Interception | |
| SHCORE.DLL!SHStrDupW Copies a string to newly allocated memory- utilizing memory allocation functions. Memory Management | |
| SECHOST.DLL!LsaSetInformationPolicy Modifies information in a Policy object regarding system auditing and domain settings. Registry Operations | |
| KERNEL32.DLL!SetFileIoOverlappedRange Associates a virtual address range with a file handle to optimize asynchronous I/O operations. File Operations | |
| USER32.DLL!GetIconInfoExW Retrieves information about icon/cursor using ICONINFOEX structure for graphical interface management. System Information and Control | |
| WS2_32.DLL!WSAEnumNameSpaceProvidersW Retrieves information about available namespace providers in the network context. Network Operations | |
| USER32.DLL!IsCharUpperW Determines if a character is uppercase- relevant to user language settings. System Information and Control | |
| OLEAUT32.DLL!OleCreateFontIndirect Creates and initializes a font object- manipulating COM interfaces and invoking memory allocation. Memory Management | |
| WINDOWS.STORAGE.DLL!SHGetFolderPathAndSubDirA Retrieves the path of a folder and appends a specified subfolder path. File Operations | |
| SECHOST.DLL!CredUnprotectW Decrypts previously encrypted credentials- requiring secure context management. Cryptographic Operations | |
| SHLWAPI.DLL!UrlCompareA Compares two URL strings to check their equality- focusing on string operations. System Information and Control | |
| SHELL32.DLL!ExtractAssociatedIconExA Retrieves a handle to an icon from a file or its associated executable. File Operations | |
| GDI32FULL.DLL!AddFontResourceA Adds a font resource from a file to the system font table for application use. File Operations | |
| KERNEL32.DLL!FindFirstFileW Searches for files or directories matching a name- enabling file operations in a specified directory. File Operations | |
| KERNEL32.DLL!OfferVirtualMemory Indicates that specified memory pages can be discarded- managing application memory usage efficiently. Memory Management | |
| USER32.DLL!MapVirtualKeyW Translates virtual-key codes and scan codes for keyboard input. System Information and Control | |
| USER32.DLL!DdeCreateStringHandleW Creates a handle for a specified string in DDE applications- facilitating inter-process communication. Process and Thread Management | |
| SHLWAPI.DLL!PathCombineA Combines filepath strings efficiently for file manipulation. File Operations | |
| OLEAUT32.DLL!VarUI2FromR8 Converts a double to an unsigned short- related to data type variation. Memory Management | |
| OLEAUT32.DLL!VarBstrFromCy Converts currency values to a string format (BSTR); primarily focuses on data manipulation. Memory Management | |
| SHLWAPI.DLL!StrCmpNIA This function compares strings for equality in a case-insensitive manner. System Information and Control | |
| RPCRT4.DLL!NdrClearOutParameters Frees resources of out parameters and clears memory related to failed RPC calls. Memory Management | |
| GDI32FULL.DLL!EnumICMProfilesA This function enumerates output color profiles based on device context characteristics. System Information and Control | |
| SHLWAPI.DLL!AssocQueryStringByKeyW Retrieves file association strings from the registry based on a specified key- controlling access through registry operations. Registry Operations | |
| USER32.DLL!DdeNameService Registers or unregisters service names for DDE servers- facilitating communication between applications. Network Operations | |
| KERNEL32.DLL!InitializeConditionVariable Initializes a condition variable for thread synchronization. Process and Thread Management | |
| KERNEL32.DLL!InterlockedPushListSListEx This function synchronizes access and manipulates singly-linked lists- categorize as Process and Thread Management. Process and Thread Management | |
| KERNEL32.DLL!RegFlushKey Writes attributes of a specified registry key to the disk- ensuring data persistence. Registry Operations | |
| GDI32FULL.DLL!CreatePenIndirect Creates a logical cosmetic pen for drawing operations within a device context. Memory Management | |
| NTDLL.DLL!NtQueryMultipleValueKey Retrieves values from a specified multiple-value registry key. Registry Operations | |
| KERNEL32.DLL!AssignProcessToJobObject This function associates a process with an existing job object for control and resource management. Process and Thread Management | |
| USER32.DLL!SetDlgItemTextW Sets the text of a control in a dialog box. System Information and Control | |
| SHELL32.DLL!SHGetRealIDL Converts a simple pointer to an item identifier list (PIDL) into a full PIDL for shell folder operations. System Information and Control | |
| KERNEL32.DLL!Wow64DisableWow64FsRedirection Disables file system redirection for the calling thread- crucial for specific file operations in 32-bit applications. File Operations | |
| SHLWAPI.DLL!StrIsIntlEqualA Compares two strings for equality- potentially influencing decision-making during program execution. System Information and Control | |
| WINMM.DLL!joySetThreshold Sets the movement threshold for joystick input- adjusting how responsive the joystick is. System Information and Control | |
| USER32.DLL!PackTouchHitTestingProximityEvaluation Evaluates touch proximity and returns coordinates- relevant to user input processing. System Information and Control | |
| NTDLL.DLL!NtNotifyChangeMultipleKeys Notifies changes to a registry key or its subkeys- indicating registry operations. Registry Operations | |
| OLEAUT32.DLL!VarDecFromDisp Converts an IDispatch instance's property to a decimal value- involving data conversion operations. Memory Management | |
| SHLWAPI.DLL!StrFormatKBSizeA Converts numeric values to string representations of sizes in kilobytes. System Information and Control | |
| KERNELBASE.DLL!GetSidSubAuthority Returns a pointer to a specified subauthority in a security identifier (SID) for access control. System Information and Control | |
| OLEAUT32.DLL!SysAddRefString Increases reference count for a string to prevent memory from being freed- aiding memory management. Memory Management | |
| USER32.DLL!GetLastInputInfo Retrieves the time of the last input event for idle detection. System Information and Control | |
| SHLWAPI.DLL!ConnectToConnectionPoint Establishes or terminates connections between client and connection point container- facilitating inter-object communication. Network Operations | |
| USER32.DLL!CreateDialogIndirectParamW Creates a modeless dialog box using a template; involves window creation and management. Process and Thread Management | |
| KERNELBASE.DLL!GetSecurityDescriptorDacl Retrieves a pointer to the DACL in a specified security descriptor for access control. Registry Operations | |
| SHLWAPI.DLL!PathParseIconLocationW Parses a file location and icon index string- extracting the file path. File Operations | |
| USER32.DLL!OemToCharBuffW Converts characters from OEM-defined character set to ANSI or wide-character string. Memory Management | |
| SHCORE.DLL!SHRegDuplicateHKey This function duplicates a registry key's HKEY handle- interacting directly with the Windows Registry. Registry Operations | |
| KERNEL32.DLL!LZOpenFileA This function creates- opens- or deletes specified files- performing various file operations based on parameters. File Operations | |
| KERNEL32.DLL!IsWow64GuestMachineSupported Determines supported architectures for WOW64- assessing system compatibility and functionality of applications. System Information and Control | |
| ADVAPI32.DLL!ObjectPrivilegeAuditAlarmA Generates an audit message regarding client privilege access attempts- logging security events. System Information and Control | |
| KERNEL32.DLL!GetPrivateProfileSectionNamesA Retrieves section names from an initialization file or the registry. Registry Operations | |
| SHCORE.DLL!SHCreateStreamOnFileA Opens or creates a file and retrieves a stream for reading or writing. File Operations | |
| COMCTL32.DLL!ImageList_Copy This function handles copying images between image lists- classifying it under File Operations. File Operations | |
| KERNEL32.DLL!GetPrivateProfileSectionW Retrieves keys and values from an initialization file section for configuration settings. Registry Operations | |
| WS2_32.DLL!WSCInstallNameSpaceEx32 Installs a 32-bit namespace provider in the Winsock catalog. DLL Injection and Manipulation | |
| KERNEL32.DLL!GetDiskSpaceInformationW Retrieves disk space information for a specified volume- involving file system resource management. File Operations | |
| USER32.DLL!GetWindow Retrieves a window handle- which identifies an active window. System Information and Control | |
| WINMMBASE.DLL!midiStreamClose Closes an open MIDI stream- managing the lifecycle of multimedia resources. Process and Thread Management | |
| WSOCK32.DLL!__WSAFDIsSet Checks if a socket is in a set of descriptors for network operations. Network Operations | |
| KERNEL32.DLL!UnmapViewOfFileEx Unmaps a mapped view of a file- affecting memory usage. Memory Management | |
| USER32.DLL!RegisterPowerSettingNotification This function registers an application to receive power setting notifications. System Information and Control | |
| OLEAUT32.DLL!SafeArrayReleaseData Decreases memory pinning reference- allowing for memory to be freed. Memory Management | |
| OLEAUT32.DLL!RegisterTypeLibForUser Registers a type library for use by the calling user- impacting how COM components are accessed. Registry Operations | |
| WSOCK32.DLL!WSAAsyncGetServByPort This function retrieves service information asynchronously based on the specified port and protocol. Network Operations | |
| KERNEL32.DLL!GetCurrentApplicationUserModelId Retrieves the application user model ID relevant to the current process- indicating system control over applications. System Information and Control | |
| USER32.DLL!DdeSetQualityOfService This function sets quality of service parameters for DDE conversations- influencing the way data is exchanged. System Information and Control | |
| IInkTransform::GetTransform Retrieves transformation data for ink input- returning matrix elements for processing visual transformations. System Information and Control | |
| USER32.DLL!GetCaretBlinkTime Retrieves the time interval for the caret's blink; relates to user interface management. System Information and Control | |
| SHLWAPI.DLL!SHRegDeleteEmptyUSKeyA Deletes an empty registry subkey for user-specific settings. Registry Operations | |
| WINMMBASE.DLL!mmioAdvance Advances the I/O buffer of a file for read/write operations- influencing file input/output. File Operations | |
| USER32.DLL!ChangeDisplaySettingsExW Changes display device settings to a specified graphics mode- affecting visual output settings. System Information and Control | |
| GDI32FULL.DLL!SetBkMode Sets background mix mode for a device context affecting graphics output. System Information and Control | |
| KERNEL32.DLL!FindNLSString Searches for a Unicode string in another Unicode string based on a specified locale identifier. System Information and Control | |
| COMCTL32.DLL!DSA_GetItem Retrieves an element from a dynamic structure array (DSA)- involving memory access for data manipulation. Memory Management | |
| USER32.DLL!SendMessageCallbackW Sends a message to a window and invokes a callback upon processing the message. Process and Thread Management | |
| GDI32FULL.DLL!PolyTextOutW Draws multiple strings within a specified device context. System Information and Control | |
| COMCTL32.DLL!DPA_DestroyCallback Frees DPA after calling a specified callback on its elements. Memory Management | |
| ADVAPI32.DLL!LsaNtStatusToWinError This function converts NTSTATUS codes to Windows error codes- relating to system error management. System Information and Control | |
| GDI32FULL.DLL!EndPage Notifies the device that printing to a page has completed- facilitating print job management. Process and Thread Management | |
| OLEAUT32.DLL!VarI1FromDate Converts a date to a char value- involving data transformation. Cryptographic Operations | |
| NTDLL.DLL!RtlDeleteGrowableFunctionTable Removes a dynamic function table previously registered- managing system resources effectively. System Information and Control | |
| OLEAUT32.DLL!VarFormatCurrency This function formats a currency value into a string- involving data manipulation rather than operations on files or networks. System Information and Control | |
| SHELL32.DLL!SHQueryRecycleBinW Retrieves information about the Recycle Bin's size and item count for a specified drive. File Operations | |
| KERNEL32.DLL!WriteFile This function writes data to a specified file or I/O device. File Operations | |
| SHELL32.DLL!InitNetworkAddressControl Initializes a control for network address verification in a user interface. Network Operations | |
| RPCRT4.DLL!CStdStubBuffer_DebugServerRelease This function releases an interface pointer- typically used in RPC proxy operations. Process and Thread Management | |
| CRYPTSP.DLL!CryptGetDefaultProviderA Retrieves the default cryptographic service provider for a specified provider type. Cryptographic Operations | |
| SHLWAPI.DLL!StrCmpLogicalW Compares two Unicode strings with numerical consideration for digits. It is primarily for string comparison operations. System Information and Control | |
| USER32.DLL!FrameRect Draws a border around a rectangle using a specified brush in a device context. System Information and Control | |
| KERNEL32.DLL!RegQueryInfoKeyA Retrieves information about a specified registry key and its associated values. Registry Operations | |
| KERNEL32.DLL!timeGetSystemTime Retrieves the system time- measured in milliseconds since Windows started. System Information and Control | |
| KERNEL32.DLL!PssWalkMarkerSetPosition Updates the location of a marker during process snapshot walks. Process and Thread Management | |
| USER32.DLL!InsertMenuW Inserts a new menu item into a menu and manages item arrangement. System Information and Control | |
| KERNEL32.DLL!GetLogicalDriveStringsW Retrieves valid drive names in the system- indicating file system information. File Operations | |
| ADVAPI32.DLL!GetTrusteeNameA Retrieves the trustee name from a specified TRUSTEE structure- concerning access control. Registry Operations | |
| WSOCK32.DLL!getservbyport Retrieves service information for a specified port and protocol in network applications. Network Operations | |
| USER32.DLL!MonitorFromPoint Retrieves a handle to the display monitor at a specified screen point. System Information and Control | |
| GDI32FULL.DLL!GetLogColorSpaceA Retrieves the color space definition using a specified handle- involving graphical data manipulation. System Information and Control | |
| USER32.DLL!CloseDesktop Closes an open handle to a desktop object- managing the lifecycle of desktop resources. Process and Thread Management | |
| KERNEL32.DLL!GetTimeFormatEx Formats time as a string based on locale specifications. System Information and Control | |
| KERNEL32.DLL!EnumCalendarInfoW Enumerates calendar information for a specified locale- managing locale-specific data. System Information and Control | |
| KERNEL32.DLL!SetIoRateControlInformationJobObject Sets I/O limits for a job object- controlling its input/output operations. File Operations | |
| KERNEL32.DLL!EnterSynchronizationBarrier Causes threads to wait at a synchronization barrier until a specified number have entered. Process and Thread Management | |
| WS2_32.DLL!WSASocketA Creates a socket for network communication with specified transport-service provider. Network Operations | |
| COMCTL32.DLL!MakeDragList Converts a list box into a drag-and-drop interface for items. System Information and Control | |
| SHLWAPI.DLL!PathMakePrettyA Converts uppercase paths to lowercase for consistency in appearance. File Operations | |
| RTMPAL.DLL!RegDeleteKeyW Deletes a registry subkey and its values from the Windows Registry. Registry Operations | |
| USER32.DLL!DdeUnaccessData It unaccesses a DDE object- relevant to data exchange operations. File Operations | |
| GDI32FULL.DLL!GetMetaRgn Retrieves the current metaregion for a device context- relates to graphical region management. System Information and Control | |
| USER32.DLL!GetMenuItemID Retrieves the identifier of a menu item in a menu based on its position. System Information and Control | |
| SHLWAPI.DLL!PathBuildRootA Creates a root path based on a drive number- manipulating file paths. File Operations | |
| WINMMBASE.DLL!auxSetVolume This function adjusts the volume of an auxiliary output device. System Information and Control | |
| OLE32.DLL!CreatePointerMoniker This function creates a moniker based on an object pointer- facilitating object identification in COM. DLL Injection and Manipulation | |
| GDI32.DLL!EngStretchBltROP Performs stretching bit-block transfer operations for graphics- manipulating pixel data between surfaces. DLL Injection and Manipulation | |
| KERNEL32.DLL!GetVolumeInformationByHandleW Retrieves information about the file system and associated volume- including serial numbers and file system properties. File Operations | |
| KERNEL32.DLL!RemoveDirectoryTransactedA Deletes an existing empty directory as part of a transaction. File Operations | |
| KERNEL32.DLL!GetFirmwareEnvironmentVariableW Retrieves the value of a firmware environment variable- facilitating system configuration access. System Information and Control | |
| WINMMBASE.DLL!midiStreamPause This function pauses a specified MIDI stream during playback. Process and Thread Management | |
| SHELL32.DLL!DoEnvironmentSubstW Replaces environment variable references in a string with their expanded values. System Information and Control | |
| ADVAPI32.DLL!BuildTrusteeWithSidA Initializes a TRUSTEE structure with the specified security identifier (SID). System Information and Control | |
| USER32.DLL!GetDialogControlDpiChangeBehavior Retrieves DPI scaling behavior for a dialog's child window- affecting UI management. System Information and Control | |
| WS2_32.DLL!WSCEnableNSProvider Changes the activation state of a namespace provider- affecting network operations. Network Operations | |
| OLE32.DLL!CoDisableCallCancellation Disables cancellation of synchronous calls on the thread- affecting process and thread management. Process and Thread Management | |
| RPCRT4.DLL!NdrInterfacePointerUnmarshall This function unmarshalls data from a network buffer to memory- indicating network operation function. Network Operations | |
| RTMPAL.DLL!EventWrite Writes an event to ETW for monitoring and diagnostics- utilizing current thread's activity ID. System Information and Control | |
| USER32.DLL!GetWindowContextHelpId Retrieves the Help context identifier for a specified window- aiding in user interface management. System Information and Control | |
| COMCTL32.DLL!ImageList_DrawEx Draws images in a device context- primarily used in visual presentation and UI elements. DLL Injection and Manipulation | |
| GDI32FULL.DLL!GetTextExtentPointW Computes the dimensions of a string of text using a device context and font settings. System Information and Control | |
| SHLWAPI.DLL!PathIsDirectoryA Verifies if a specified path is a valid directory. File Operations | |
| OLE32.DLL!CoUnmarshalInterface Initializes a proxy interface from a marshaled stream- often used in COM operations. DLL Injection and Manipulation | |
| OLE32.DLL!HPALETTE_UserMarshal Marshals an HPALETTE object into the RPC buffer for remote procedure calls. Memory Management | |
| GDI32FULL.DLL!UpdateICMRegKeyW Manages color profiles within the system- including adding- deleting- and querying profiles. Registry Operations | |
| KERNEL32.DLL!OpenProcess Opens an existing local process object- allowing access to process-level operations. Process and Thread Management | |
| KERNEL32.DLL!GetTempFileNameW Generates a unique name for a temporary file and can create the file. File Operations | |
| GDI32.DLL!EngPaint EngPaint causes GDI to render a specified region on a graphics surface. System Information and Control | |
| KERNEL32.DLL!IsUserCetAvailableInEnvironment Queries availability of Hardware-enforced Stack Protection for specific user-mode environments. System Information and Control | |
| KERNELBASE.DLL!SetPrivateObjectSecurityEx Modifies the security descriptor of a private object- impacting access control mechanisms. Registry Operations | |
| SECHOST.DLL!AuditLookupSubCategoryNameW Retrieves the display name of an audit-policy subcategory based on its GUID. System Information and Control | |
| KERNEL32.DLL!MoveFileW Moves or renames files or directories- affecting their location in the filesystem. File Operations | |
| KERNEL32.DLL!QueryIdleProcessorCycleTime Retrieves cycle time for idle threads on processors- indicating system performance and resource usage. System Information and Control | |
| SECHOST.DLL!AuditSetPerUserPolicy Sets per-user audit policies for specified users- impacting system security audits. System Information and Control | |
| KERNELBASE.DLL!EventWriteString Writes an ETW event with a string payload for debugging and diagnostics. System Information and Control | |
| OLE32.DLL!OleGetClipboard Retrieves a data object for accessing clipboard contents- facilitating data operations between applications. File Operations | |
| SHELL32.DLL!SHValidateUNC Validates a UNC path for remote network access- ensuring proper connectivity to network resources. Network Operations | |
| OLEAUT32.DLL!VarUI1FromUI4 Converts an unsigned long to an unsigned char value- impacting data type operations. Memory Management | |
| GDI32FULL.DLL!PtInRegion Determines if a point lies within a specified region- involving graphical region analysis. System Information and Control | |
| WINMMBASE.DLL!SendDriverMessage This method sends a driver-specific message- related to direct communication with device drivers. Network Operations | |
| USER32.DLL!LogicalToPhysicalPoint Converts logical coordinates of a point to physical coordinates within a window context. System Information and Control | |
| OLEAUT32.DLL!VarI2FromR8 Converts a double value to a short value- involving data type transformation. Memory Management | |
| SHLWAPI.DLL!StrFormatByteSizeW Converts numeric values to human-readable size formats (bytes- KB- MB- GB). System Information and Control | |
| GDI32FULL.DLL!GdiGetBatchLimit It manages the accumulation of function calls in GDI batches hence related to system performance. System Information and Control | |
| OLEAUT32.DLL!VarUI4FromDec Converts decimal to unsigned long- primarily involving data type manipulation. Memory Management | |
| OLEAUT32.DLL!LPSAFEARRAY_UserUnmarshal Unmarshals a SAFEARRAY object from an RPC buffer- handling memory alignment and data marshaling. Memory Management | |
| WINMMBASE.DLL!mmioFlush This function writes the I/O buffer of a file to disk- ensuring data integrity. File Operations | |
| RPCRT4.DLL!MesBufferHandleReset Resets a handle for buffer serialization- essential for memory management during encoding/decoding operations. Memory Management | |
| ADVAPI32.DLL!PerfAddCounters Adds performance counter specifications to the specified query. System Information and Control | |
| GDI32FULL.DLL!GetViewportExtEx This function retrieves viewport dimensions from a device context- related to graphic rendering. System Information and Control | |
| SHLWAPI.DLL!ColorHLSToRGB Converts color values from HLS format to RGB- related to color representation in graphics. System Information and Control | |
| GDI32FULL.DLL!ScriptSubstituteSingleGlyph Enables glyph substitution for OpenType- involved in text processing and rendering operations. System Information and Control | |
| OLEAUT32.DLL!VarR8FromUI4 Converts an unsigned long to a double value- primarily for data type manipulation. Memory Management | |
| GDI32.DLL!PATHOBJ_vEnumStartClipLines This function handles graphical line clipping against a defined region. System Information and Control | |
| USER32.DLL!GetCIMSSM Retrieves the source of input messages- interacting with user input events. System Information and Control | |
| KERNEL32.DLL!IsSystemResumeAutomatic Checks if the system resumed automatically without user activity- indicating power management state. System Information and Control | |
| Pen::SetMiterLimit This function adjusts the miter limit of a Pen object used in graphics operations. System Information and Control | |
| OLE32.DLL!HMENU_UserSize This function calculates the size of the HMENU object for RPC data serialization. Memory Management | |
| SHCORE.DLL!SHCopyKeyA Copies subkeys and values between registry keys- thus managing registry entries. Registry Operations | |
| OLEAUT32.DLL!VarI2FromDec Converts a decimal value to a short value for use in automation. Memory Management | |
| OLEAUT32.DLL!VarDateFromStr Converts an OLECHAR string to a date value. System Information and Control | |
| USER32.DLL!GetQueueStatus Retrieves types of messages in the current thread's message queue. Process and Thread Management | |
| SHELL32.DLL!SHGetMalloc Retrieves a pointer to the Shell's IMalloc interface for memory management. Memory Management | |
| KERNEL32.DLL!AppPolicyGetLifecycleManagement Determines if a process can be managed by the Process Lifecycle Manager for suspend/resume operations. Process and Thread Management | |
| KERNEL32.DLL!WaitForSingleObjectEx Waits for the specified object to become signaled or for the timeout to elapse. Process and Thread Management | |
| SECHOST.DLL!ConvertSidToStringSidW Converts a security identifier (SID) to a string format for display or storage. System Information and Control | |
| GDI32FULL.DLL!GetFontLanguageInfo Returns information about the currently selected font in a display context. System Information and Control | |
| USER32.DLL!GetKeyboardState Retrieves the current status of all virtual keys on the keyboard. System Information and Control | |
| KERNELBASE.DLL!RegSetKeyValueW This function sets data for a specific value in a registry key- thus modifying the Windows registry. Registry Operations | |
| SHLWAPI.DLL!SHRegDeleteUSValueA Deletes a registry subkey value in a user-specific subtree- altering registry data. Registry Operations | |
| USER32.DLL!SendNotifyMessageA This function sends messages to windows- involving inter-thread communication and message processing. Hooking and Interception | |
| KERNEL32.DLL!DefineDosDeviceW Defines- redefines- or deletes MS-DOS device names in the object namespace. File Operations | |
| KERNELBASE.DLL!SetKernelObjectSecurity This function sets the security information of kernel objects- impacting system security settings. System Information and Control | |
| GDI32FULL.DLL!SetICMProfileA Sets a color profile for a specified device context. System Information and Control | |
| OLEAUT32.DLL!VarI4FromBool Converts a Boolean value to a long value- primarily used in type conversions. Memory Management | |
| WINDOWS.STORAGE.DLL!SHRestricted Determines compliance with specified administrator policies affecting application behavior. System Information and Control | |
| IMFMediaEngine::Shutdown This function shuts down the Media Engine and releases its resources- indicating process termination. Process and Thread Management | |
| CRYPTSP.DLL!CryptDuplicateKey This function creates an exact copy of a cryptographic key- related to cryptographic operations. Cryptographic Operations | |
| SHCORE.DLL!SHCreateStreamOnFileEx Opens or creates a file and retrieves a stream for reading or writing. File Operations | |
| KERNEL32.DLL!GetPackageId This function retrieves the identity of an optional bundle- relating to package management. System Information and Control | |
| KERNEL32.DLL!SetComputerNameExA Changes the NetBIOS or DNS name of the local computer- affecting system identification. System Information and Control | |
| OLE32.DLL!OleMetafilePictFromIconAndLabel Creates a metafile from an icon and label- potentially involving file operations for the icon source. File Operations | |
| RPCRT4.DLL!RpcMgmtEpEltInqDone Deletes an inquiry context for local endpoint-map elements- related to RPC management. System Information and Control | |
| KERNEL32.DLL!GetFileAttributesExA Retrieves attributes for a specified file or directory- indicating operations on files. File Operations | |
| USER32.DLL!AdjustWindowRectExForDpi Calculates window size based on DPI for client area requirements. System Information and Control | |
| WS2_32.DLL!WSACreateEvent This function creates a new event object used for managing event signaling in network operations. Network Operations | |
| SHLWAPI.DLL!StrToIntExW Converts strings to integers; deals with hexadecimal and decimal representations. System Information and Control | |
| COMCTL32.DLL!ImageList_AddMasked Adds images to an image list- manipulating bitmap data for graphical controls. DLL Injection and Manipulation | |
| RPCRT4.DLL!RpcRaiseException Raises an exception for error handling in RPC calls- facilitating control over execution flow. System Information and Control | |
| KERNEL32.DLL!SetDllDirectoryW Modifies the directory used by the system to locate DLLs for applications. DLL Injection and Manipulation | |
| USER32.DLL!OffsetRect Moves a rectangle by specified x and y offsets- manipulating graphical coordinate data. Memory Management | |
| SECHOST.DLL!CredMarshalCredentialA Marshals a credential into a text string for use in API calls. Cryptographic Operations | |
| SECHOST.DLL!CredUnmarshalCredentialA This function transforms a marshaled credential back to its original form- relating to credential management. Cryptographic Operations | |
| OLEAUT32.DLL!VarUI1FromUI2 Converts an unsigned short to an unsigned char- primarily dealing with data type conversion. Memory Management | |
| USER32.DLL!SetClassLongA Replaces a value in the extra class memory associated with a window class. DLL Injection and Manipulation | |
| OLEAUT32.DLL!OleLoadPicture Creates a picture object from a stream- involving stream reading and object manipulation. DLL Injection and Manipulation | |
| KERNEL32.DLL!GetNamedPipeServerSessionId Retrieves the server session identifier for a named pipe- linking processes. Process and Thread Management | |
| RPCRT4.DLL!RpcServerInterfaceGroupActivate Registers interface group interfaces and endpoints- beginning to listen for RPC calls. Network Operations | |
| USER32.DLL!GetCursor This function retrieves a handle to the current cursor- relating it to user interface resource management. System Information and Control | |
| KERNELBASE.DLL!AllocateLocallyUniqueId Allocates a Locally Unique Identifier (LUID)- primarily used for security and access control purposes. System Information and Control | |
| COMCTL32.DLL!RemoveWindowSubclass Removes a subclass callback from a window- affecting message processing. Hooking and Interception | |
| SHLWAPI.DLL!SHRegQueryUSValueA Retrieves data associated with a registry subkey in user-specific trees- specifically interacting with registry entries. Registry Operations | |
| USER32.DLL!LockSetForegroundWindow Disables other processes from calling SetForegroundWindow- affecting window focus management. Process and Thread Management | |
| NTDLL.DLL!RtlIpv6StringToAddressA Converts string representations of IPv6 addresses to binary format- enabling network communication. Network Operations | |
| RPCRT4.DLL!CStdStubBuffer_DebugServerQueryInterface Implements the IRpcStubBuffer::DebugServerQueryInterface method for RPC proxies. System Information and Control | |
| OLEAUT32.DLL!VarBoolFromI4 Converts a long value to a Boolean- indicative of type handling. Memory Management | |
| SHLWAPI.DLL!UrlCanonicalizeW Converts URLs into canonical form- addressing unsafe characters and simplification. Network Operations | |
| WS2_32.DLL!WSAAddressToStringW Converts sockaddr structure components into a human-readable string representation of an address. Network Operations | |
| KERNEL32.DLL!ResumeThread Resumes execution of a suspended thread by decrementing its suspend count. Process and Thread Management | |
| KERNEL32.DLL!GetCommandLineA Retrieves the command-line string for the current process. Process and Thread Management | |
| USER32.DLL!GetProcessWindowStation Retrieves a handle to the current window station for the calling process. System Information and Control | |
| WSOCK32.DLL!WSAStartup Initializes the Winsock DLL for a process- enabling network communication through sockets. Network Operations | |
| OLE32.DLL!STGMEDIUM_UserSize64 Calculates wire size of STGMEDIUM object for marshalling. Memory Management | |
| KERNEL32.DLL!RegisterApplicationRestart Registers an application for restart using specified command line arguments. Process and Thread Management | |
| OLEAUT32.DLL!VARIANT_UserSize64 This function determines the size of a VARIANT object for Remote Procedure Call (RPC). Memory Management | |
| GDI32FULL.DLL!FillRgn Fills a specified region using a brush- involving graphical device interface operations. System Information and Control | |
| KERNEL32.DLL!ExpandEnvironmentStringsA Expands environment-variable strings with user-defined values for current environment settings. System Information and Control | |
| KERNEL32.DLL!GetVolumePathNamesForVolumeNameW Retrieves drive letters and mounted folder paths for a specified volume. File Operations | |
| OLE32.DLL!CoDecodeProxy Locates the implementation of a COM interface in a server process- implying interaction with process components. Process and Thread Management | |
| COMCTL32.DLL!ImageList_GetIconSize Retrieves image dimensions from an image list- crucial for UI element management. System Information and Control | |
| SHLWAPI.DLL!PathCreateFromUrlA Converts a file URL to an MS-DOS path- indicating file location processing. File Operations | |
| OLE32.DLL!NdrProxyForwardingFunction24 Stub function for COM proxies- facilitating interaction between client and server components in Windows. Process and Thread Management | |
| OLE32.DLL!ObjectStublessClient10 Stub function that facilitates communication in COM proxies- handling marshaling for interface interactions. DLL Injection and Manipulation | |
| ADVAPI32.DLL!RegCreateKeyTransactedA Creates or opens a registry key and associates it with a transaction. Registry Operations | |
| RPCRT4.DLL!RpcBindingServerFromClient Converts a client binding handle to a server binding handle- involving network address identification. Network Operations | |
| KERNEL32.DLL!LZSeek Moves the file pointer within a file based on specified offsets. File Operations | |
| GDI32FULL.DLL!GetClipRgn Retrieves a handle for the current clipping region in a device context. System Information and Control | |
| ADVAPI32.DLL!LsaSetDomainInformationPolicy Sets domain information related to security policies in the system. Registry Operations | |
| WINDOWS.STORAGE.DLL!SHCreateShellItemArrayFromShellItem Creates an array from a single Shell item- managing Shell items in Windows. File Operations | |
| KERNEL32.DLL!RaiseFailFastException Raises an immediate exception- terminating the process and potentially invoking Windows Error Reporting. System Information and Control | |
| OLE32.DLL!StgPropertyLengthAsVariant Examines a serialized property value and returns memory size for a PROPVARIANT. Memory Management | |
| ADVAPI32.DLL!LogonUserA This function authenticates a user and retrieves a user token for impersonation. Process and Thread Management | |
| SHELL32.DLL!DAD_DragEnterEx2 Facilitates the drag-and-drop operation by locking the target window and displaying the drag image. System Information and Control | |
| SHLWAPI.DLL!PathUnquoteSpacesA This function removes quotes from file paths- which is related to file handling operations. File Operations | |
| IGPMGPO::SetSecurityInfo Modifies permissions on a group policy object by applying new security information. Registry Operations | |
| KERNEL32.DLL!GetCommMask Retrieves the event mask for a communications device- indicating which events can be monitored. Network Operations | |
| GDI32FULL.DLL!StartPage Prepares the printer driver for data- indicating readiness for printing operations. File Operations | |
| KERNEL32.DLL!OpenEventW Opens an existing named event object- allowing multiple processes to synchronize events. Process and Thread Management | |
| GDI32FULL.DLL!SetPixelV Sets a pixel's color at specified coordinates on a device context. System Information and Control | |
| WINDOWS.STORAGE.DLL!SHCreateDefaultExtractIcon Creates an icon extractor for the shell- focusing on icons which are a part of file operations. File Operations | |
| KERNEL32.DLL!WerUnregisterAdditionalProcess Removes a process from Windows Error Reporting additional processes list. Process and Thread Management | |
| USER32.DLL!BlockInput Blocks keyboard and mouse input events preventing interaction with applications. Hooking and Interception | |
| GDI32FULL.DLL!CreateMetaFileA This function creates a device context for a metafile- involving file creation for graphics data. File Operations | |
| USER32.DLL!GetClipboardFormatNameW Retrieves the name of a specified clipboard format- interacting with system clipboard data. File Operations | |
| RPCRT4.DLL!NdrSimpleStructUnmarshall This function transfers data from a network buffer to allocated memory structures during RPC. Network Operations | |
| SHELL32.DLL!Shell_GetCachedImageIndex Retrieves the cache index of a cached icon from a specified image file path. File Operations | |
| GDI32FULL.DLL!GetFontUnicodeRanges This function retrieves Unicode character information supported by a font- related to graphical data handling. System Information and Control | |
| USER32.DLL!IsWindow This function checks if a specified window handle corresponds to an existing window. System Information and Control | |
| RPCRT4.DLL!RpcMgmtInqComTimeout This function retrieves the binding-communications time-out value for client-server communication duration. Network Operations | |
| KERNEL32.DLL!_lopen Opens an existing file and sets the file pointer- facilitating file access operations. File Operations | |
| USER32.DLL!GetWindowDC Retrieves a device context for painting in a window- affecting graphical operations on screen. Hooking and Interception | |
| KERNEL32.DLL!OpenFileMappingA Opens a named file mapping object for shared memory access. Memory Management | |
| OLE32.DLL!HMENU_UserFree Frees resources on the server side in RPC calls. Memory Management | |
| OLEAUT32.DLL!VarUI4FromR4 Converts a float value to an unsigned long- managing data types. Memory Management | |
| KERNEL32.DLL!GetCurrentPackageInfo Retrieves package information for the calling process- aiding in app management and security controls. System Information and Control | |
| WINDOWS.STORAGE.DLL!SHSetKnownFolderPath Redirects a known folder to a new location- manipulating file paths. File Operations | |
| KERNEL32.DLL!ReleaseMutex Releases ownership of a mutex object- allowing other threads to acquire it for synchronization. Process and Thread Management | |
| RPCRT4.DLL!RpcSsSetClientAllocFree This function sets custom memory allocation and freeing methods for client stubs in remote procedure calls. Memory Management | |
| OLE32.DLL!OleConvertIStorageToOLESTREAMEx Converts OLE 2 structured storage to OLE 1 format with presentation data included. File Operations | |
| GDI32FULL.DLL!CloseEnhMetaFile This function closes an enhanced-metafile device context related to graphics- managing resources. File Operations | |
| KERNELBASE.DLL!RegDeleteKeyValueA Removes a specified value from a registry key. Registry Operations | |
| OLEAUT32.DLL!SafeArrayDestroyDescriptor Destroys the descriptor of a safe array but does not affect the array elements. Memory Management | |
| KERNEL32.DLL!CloseThreadpoolIo Releases an I/O completion object to manage and clean up ongoing I/O operations. Process and Thread Management | |
| OLEAUT32.DLL!VarI4FromI1 Converts a char value to a long value- involving data type transformation. Memory Management | |
| KERNEL32.DLL!TlsGetValue Retrieves the value in the calling thread's local storage slot based on an index. Process and Thread Management | |
| KERNEL32.DLL!RegCopyTreeW Copies a specified registry key- including its values and subkeys- to a destination key. Registry Operations | |
| KERNEL32.DLL!QueryIoRingCapabilities Queries operating system for I/O ring capabilities- indicating system-level operations regarding I/O management. System Information and Control | |
| OLE32.DLL!OleTranslateAccelerator This function translates keystrokes according to the container's accelerator table. Hooking and Interception | |
| SHLWAPI.DLL!AssocIsDangerous Determines if a file type is a potential security risk based on its extension or progid. File Operations | |
| OLE32.DLL!CoGetClassObject Provides access to class objects associated with CLSIDs- allowing for object creation- including remote instantiation. DLL Injection and Manipulation | |
| OLE32.DLL!CreateDataAdviseHolder Retrieves a pointer to the OLE implementation of IDataAdviseHolder. DLL Injection and Manipulation | |
| GDI32FULL.DLL!EngQueryLocalTime This function retrieves the local time based on the system locale. System Information and Control | |
| KERNEL32.DLL!LocalSize Retrieves the size of a local memory object- thus it's categorized under Memory Management. Memory Management | |
| KERNEL32.DLL!SetUserGeoID This function writes the geographical location identifier to the registry- affecting user-level settings. Registry Operations | |
| KERNEL32.DLL!SetVolumeLabelW Sets the label of a file system volume- altering its identifiable name. File Operations | |
| USER32.DLL!EnumDisplaySettingsExW This function retrieves graphics mode information for display devices- interacting with system display settings. System Information and Control | |
| USER32.DLL!DialogBoxIndirectParamW Creates a modal dialog box from a template- involving GUI operations and message handling. Process and Thread Management | |
| SHELL32.DLL!ShellExecuteExA Executes operations on specified files using Shell extensions. File Operations | |
| USER32.DLL!SetThreadDpiHostingBehavior Modifies the thread's behavior for hosting child windows with varying DPI awareness contexts. Process and Thread Management | |
| KERNELBASE.DLL!EqualPrefixSid Tests equality of two security-identifier prefixes for domain logon attempts. System Information and Control | |
| ADVAPI32.DLL!AuditComputeEffectivePolicyByToken Computes effective audit policy for security principals associated with specified tokens. System Information and Control | |
| RPCRT4.DLL!RpcServerUnregisterIf This function removes an interface from the RPC run-time library registry- affecting how remote procedure calls are handled. System Information and Control | |
| KERNEL32.DLL!SetFirmwareEnvironmentVariableA Sets the value of a firmware environment variable- affecting system boot settings. System Information and Control | |
| KERNEL32.DLL!GetCalendarInfoA Retrieves calendar information for a specified locale identifier. System Information and Control | |
| WINMMBASE.DLL!waveOutGetNumDevs Retrieves the number of waveform-audio output devices in the system. System Information and Control | |
| ADVAPI32.DLL!QueryRecoveryAgentsOnEncryptedFile Retrieves recovery agents for a specified file- indicating it involves file operations. File Operations | |
| KERNEL32.DLL!GetLastError Retrieves the last-error code value for the calling thread- critical in error handling. System Information and Control | |
| WINMMBASE.DLL!mmioInstallIOProcW Installs- removes- or locates a custom I/O procedure for multimedia input/output operations. DLL Injection and Manipulation | |
| KERNELBASE.DLL!CveEventWrite Publishes events related to detected security vulnerabilities in user-mode applications. System Information and Control | |
| RPCRT4.DLL!RpcServerUseProtseqExW Registers a protocol sequence for receiving remote procedure calls over the network. Network Operations | |
| KERNEL32.DLL!GetCurrentPackagePath This function retrieves the package path associated with the calling process- facilitating app management. System Information and Control | |
| SHLWAPI.DLL!PathCompactPathW This function modifies a file path string to fit within a specified pixel width- affecting file representation. File Operations | |
| ADVAPI32.DLL!GetAuditedPermissionsFromAclW Retrieves audited access rights for a specified trustee from an access control list (ACL). Registry Operations | |
| OLE32.DLL!CoRegisterMallocSpy Registers an IMallocSpy implementation to wrap memory allocation calls- facilitating memory management tracking. Memory Management | |
| KERNEL32.DLL!GetProcessHandleCount Retrieves the count of open handles for a specified process- indicating process management capability. Process and Thread Management | |
| KERNEL32.DLL!GetDiskFreeSpaceExW Retrieves information about disk space availability and total bytes- essential for file operations. File Operations | |
| WINDOWS.STORAGE.DLL!SHGetPathFromIDListEx Converts an item identifier list to a file system path- indicating file operations are involved. File Operations | |
| SHLWAPI.DLL!SHFormatDateTimeW Converts a FILETIME structure to a formatted date/time string for display purposes. System Information and Control | |
| ADVAPI32.DLL!LookupAccountSidA Retrieves the account name for a given security identifier (SID) and domain information if available. System Information and Control | |
| SHLWAPI.DLL!IntlStrEqWorkerA Compares two localized strings for equality based on specified characters. System Information and Control | |
| KERNEL32.DLL!CreatePrivateNamespaceW This function creates a private namespace for isolating system objects- thus managing their environment. System Information and Control | |
| SHLWAPI.DLL!PathCompactPathA Modifies a file path to fit within a specified pixel width by truncating. File Operations | |
| OLE32.DLL!ReadClassStm Reads a CLSID from a stream- indicating data retrieval operations. File Operations | |
| IOleInPlaceSiteWindowless::GetFocus Determines if a windowless object has keyboard focus- relating to user interface interactions. System Information and Control | |
| GDI32.DLL!XFORMOBJ_bApplyXform Applies a mathematical transform to an array of points- which affects how they are rendered on display devices. System Information and Control | |
| GDI32FULL.DLL!EngDeleteSurface Deletes a specified surface which is related to display operations. System Information and Control | |
| PAGESETUPDLGW Structures user-defined page parameters for the Page Setup dialog- including device modes and measurements. System Information and Control | |
| OLEAUT32.DLL!VarI2FromBool Converts a Boolean value to a short value- dealing primarily with data types. Memory Management | |
| USER32.DLL!CreateDesktopA Creates a new desktop associated with the current window station for the calling thread. Process and Thread Management | |
| RPCRT4.DLL!RpcSmSwapClientAllocFree This function swaps memory allocation and freeing functions used by the RPC client. Memory Management | |
| GDI32FULL.DLL!ScriptStringCPtoX Retrieves the x coordinate of a character's position in a string for rendering purposes. System Information and Control | |
| OLE32.DLL!ObjectStublessClient20 This function supports COM proxies by facilitating marshaling of interfaces- linking to system-level operations. DLL Injection and Manipulation | |
| USER32.DLL!LoadKeyboardLayoutA Loads a specified keyboard layout or input locale identifier into the system. System Information and Control | |
| WS2_32.DLL!freeaddrinfo Frees dynamically allocated address information from getaddrinfo function- managing memory resources effectively. Memory Management | |
| KERNEL32.DLL!Heap32ListFirst Retrieves information about the first heap allocated by a specified process- involving memory management. Memory Management | |
| KERNEL32.DLL!RtlInstallFunctionTableCallback This function installs a dynamic callback for managing function tables- crucial for stack unwinding during process execution. Process and Thread Management | |
| OLE32.DLL!OleCreateLinkFromDataEx Creates a linked object in OLE using multiple formats for caching data and presentations. Process and Thread Management | |
| ADVAPI32.DLL!LookupPrivilegeNameW Retrieves the privilege name corresponding to a specified locally unique identifier (LUID). System Information and Control | |
| SHELL32.DLL!Shell_GetCachedImageIndexW Retrieves the cache index of a cached icon based on the specified image file path. File Operations | |
| RPCRT4.DLL!RpcServerUseProtseqEpExW This function registers a protocol sequence and endpoint for remote procedure calls- impacting network operations. Network Operations | |
| OLEAUT32.DLL!VarI8FromR8 Converts a double to an 8-byte integer value- involving type manipulation. Memory Management | |
| SHELL32.DLL!Win32DeleteFile This function deletes a specified file from the filesystem. File Operations | |
| USER32.DLL!CallMsgFilterA Passes messages to hook procedures for processing dialog interactions- controlling message flow. Hooking and Interception | |
| USER32.DLL!UnregisterSuspendResumeNotification Cancels notifications for system suspension or resumption events- managing power-aware notifications. System Information and Control | |
| KERNEL32.DLL!FindFirstStreamW Opens a search handle for the first $DATA stream in a specified file or directory. File Operations | |
| SHLWAPI.DLL!PathAppendW Appends one file path to another- manipulating file system paths. File Operations | |
| KERNEL32.DLL!UnregisterWaitUntilOOBECompleted This function unregisters a callback- thus managing operational flow in applications. Process and Thread Management | |
| KERNEL32.DLL!GetCommConfig Retrieves the configuration settings of a communications device. System Information and Control | |
| KERNEL32.DLL!FindNextVolumeA Continues a search for volumes initiated by FindFirstVolume function. File Operations | |
| OLEAUT32.DLL!VarI4FromUI2 Converts an unsigned short to a long value- facilitating data type manipulation. Memory Management | |
| SHCORE.DLL!SHRegSetPathA Replaces folder names with environment strings and stores the result in the registry. Registry Operations | |
| USER32.DLL!GetPointerDevice Retrieves information about the pointer device hardware. System Information and Control | |
| RTMPAL.DLL!TraceMessage Sends a message-based event to an event tracing session for logging. System Information and Control | |
| OLEAUT32.DLL!HWND_UserFree64 This function is related to handling window handles- likely managing memory allocation. Memory Management | |
| SHLWAPI.DLL!SHRegSetUSValueA Sets user-specific registry values in HKEY_CURRENT_USER or HKEY_LOCAL_MACHINE. Registry Operations | |
| WINMMBASE.DLL!mmioGetInfo Retrieves information about a file opened with mmioOpen- allowing direct access to I/O buffer. File Operations | |
| SHLWAPI.DLL!UrlGetLocationW Retrieves the location part from a given URL- making it relevant for network-related operations. Network Operations | |
| USER32.DLL!GetSystemMetricsForDpi Retrieves system metrics using specified DPI for scaling purposes. System Information and Control | |
| KERNEL32.DLL!GetTimeZoneInformationForYear Retrieves time zone settings for a specific year and time zone affecting UTC and local time translations. System Information and Control | |
| USER32.DLL!DdeCreateStringHandleA Creates a handle for a string to be used in DDE operations. System Information and Control | |
| SHLWAPI.DLL!SHRegEnumUSValueA Enumerates registry values in user-specific subtree- accessing HKEY_CURRENT_USER or HKEY_LOCAL_MACHINE. Registry Operations | |
| WINDOWS.STORAGE.DLL!SHChangeNotifyRegister Registers a window to receive file system change notifications. File Operations | |
| ADVAPI32.DLL!UninstallApplication Uninstalls a group policy application using Windows Installer- managing application lifecycle and status. File Operations | |
| ITDirectory::Bind This method binds to a server- requiring user authentication for directory operations. Network Operations | |
| RPCRT4.DLL!RpcBindingInqAuthInfoA Retrieves authentication and authorization information for a remote procedure call binding handle. Network Operations | |
| USER32.DLL!BeginPaint Prepares a window for painting; involves device context management. Process and Thread Management | |
| KERNEL32.DLL!GetCommState Retrieves control settings for a communications device using a handle to the device. File Operations | |
| OLE32.DLL!ObjectStublessClient16 Stub function used in COM proxies for interface marshaling. DLL Injection and Manipulation | |
| USER32.DLL!DefDlgProcW Processes window messages for dialog boxes- providing default handling for unprocessed messages. System Information and Control | |
| USER32.DLL!SetDlgItemTextA Sets the text of a control in a dialog box- affecting user interface components. System Information and Control | |
| SHLWAPI.DLL!UrlIsOpaqueW Determines if a given URL is opaque- indicating its structure and accessibility. Network Operations | |
| WS2_32.DLL!GetAddrInfoExCancel Cancels an asynchronous networking operation initiated by GetAddrInfoEx function. Network Operations | |
| KERNEL32.DLL!GlobalFindAtomA Searches the global atom table for a specified string and retrieves its associated global atom. System Information and Control | |
| USER32.DLL!DrawMenuBar Redraws the menu bar of a specified window after changes. System Information and Control | |
| KERNEL32.DLL!FindFirstFileNameTransactedW Enumerates hard links to a specified file using transactional operations. File Operations | |
| USER32.DLL!LoadStringA Loads a string resource and copies it into a buffer from a specified module's executable. File Operations | |
| ADVAPI32.DLL!EnableTraceEx Configures how ETW providers log events- focusing on trace sessions. System Information and Control | |
| OLEAUT32.DLL!VarUI4FromI4 Converts a long value to an unsigned long value. Memory Management | |
| KERNEL32.DLL!GetCurrencyFormatEx Formats a number string into a currency string for a specified locale- emphasizing localization. System Information and Control | |
| SECHOST.DLL!AuditLookupCategoryNameW Retrieves the display name of a specified audit-policy category- related to security auditing. System Information and Control | |
| KERNEL32.DLL!GetModuleHandleW Retrieves a handle for a specified loaded module in the calling process. DLL Injection and Manipulation | |
| WMI.DLL!OpenTraceA Opens an ETW trace processing handle for event consumption from real-time sessions or log files. System Information and Control | |
| SHCORE.DLL!SHOpenRegStream2A Opens a registry value for reading or writing using a stream interface. Registry Operations | |
| OLEAUT32.DLL!VarUI8FromBool Converts a boolean value to an unsigned integer- involving type conversion operations. Memory Management | |
| SHLWAPI.DLL!StrStrIA This function locates a substring within a string- essential for text manipulation and searches. File Operations | |
| WS2_32.DLL!WSARemoveServiceClass Removes the service class schema from the registry- interacting directly with system configuration. Registry Operations | |
| WS2_32.DLL!WSALookupServiceNextA Retrieves service information after initiating a service lookup with WSALookupServiceBegin. Network Operations | |
| KERNEL32.DLL!Wow64RevertWow64FsRedirection This function restores file system redirection for the calling thread- affecting file operations. File Operations | |
| KERNEL32.DLL!RegUnLoadKeyW Unloads a specified registry key and its subkeys from the registry. Registry Operations | |
| GDI32.DLL!PATHOBJ_vEnumStart Notifies a PATHOBJ structure for line/curve enumeration in a path by the driver. System Information and Control | |
| ADVAPI32.DLL!BuildTrusteeWithObjectsAndNameA Initializes a TRUSTEE structure for access control entry management. Registry Operations | |
| GDI32FULL.DLL!GetKerningPairsA Retrieves kerning pairs for the selected font in the specified device context. System Information and Control | |
| KERNEL32.DLL!EnumResourceTypesExA Enumerates resource types in a specified module- involving interaction with binary resource management. System Information and Control | |
| OLEAUT32.DLL!VarI8FromUI1 Converts an unsigned byte to an 8-byte integer. Memory Management | |
| KERNEL32.DLL!GetNumaProcessorNodeEx Retrieves the node number for a logical processor- providing system information related to processor affinity. System Information and Control | |
| WS2_32.DLL!inet_pton Converts IPv4 or IPv6 network addresses from text to numeric binary form. Network Operations | |
| ADVAPI32.DLL!RegQueryValueA Retrieves data from the registry- specifically fetching the value of a specified registry key. Registry Operations | |
| KERNEL32.DLL!GetCurrentPackageFamilyName Retrieves the package family name for the calling process- identifying its application context. System Information and Control | |
| SHLWAPI.DLL!UrlCanonicalizeA Converts a URL string into canonical form- adjusting unsafe characters and simplifying paths. Network Operations | |
| OLEAUT32.DLL!CreateDispTypeInfo Creates type information for IDispatch automation- focusing on managing interface data runtime. System Information and Control | |
| USER32.DLL!GetRawPointerDeviceData Retrieves raw input data from a pointer device based on the specified identifier and properties count. System Information and Control | |
| SHELL32.DLL!SHCreateFileExtractIconW Creates an icon extractor for file system objects- involving file attributes and handler creation. File Operations | |
| RPCRT4.DLL!NdrComplexArrayBufferSize This function calculates buffer size for marshaling complex arrays- involving memory allocation. Memory Management | |
| KERNELBASE.DLL!AdjustTokenPrivileges Modifies privileges in an access token- allowing privilege state adjustments. System Information and Control | |
| SHLWAPI.DLL!ShellMessageBoxW Displays a message box with a specified title and message. It does not perform file or network operations. System Information and Control | |
| USER32.DLL!SetScrollInfo Configures parameters for scroll bars- including positions and sizes- requiring interaction with user interface components. System Information and Control | |
| USER32.DLL!DdeEnableCallback Enables or disables transactions for established DDE conversations in an application. System Information and Control | |
| USER32.DLL!ModifyMenuW This function modifies existing menu items- affecting their appearance and behavior within UI menus. Hooking and Interception | |
| OLEAUT32.DLL!DosDateTimeToVariantTime Converts MS-DOS date and time to VARIANT format- involving time data manipulation. Memory Management | |
| OLE32.DLL!GetHGlobalFromStream Retrieves a global memory handle for a stream created by CreateStreamOnHGlobal. Memory Management | |
| OLE32.DLL!CoFreeAllLibraries Unloads DLLs previously loaded- managing dynamic library dependencies in COM applications. DLL Injection and Manipulation | |
| USER32.DLL!UnregisterPointerInputTargetEx This function unregisters a pointer input target- managing user input. Process and Thread Management | |
| ADVAPI32.DLL!RegDisablePredefinedCache Disables caching of the HKEY_CURRENT_USER registry handle for the current process. Registry Operations | |
| COMCTL32.DLL!LBItemFromPt Retrieves the index of an item in a list box based on screen coordinates. System Information and Control | |
| GDI32FULL.DLL!ScriptStringFree Frees memory allocated for SCRIPT_STRING_ANALYSIS structure- handling memory management. Memory Management | |
| ADVAPI32.DLL!LookupPrivilegeDisplayNameA Retrieves the display name representing a specified privilege. System Information and Control | |
| KERNEL32.DLL!PopIoRingCompletion Pops an entry from an I/O completion queue indicating completion of asynchronous I/O operations. Process and Thread Management | |
| SHELL32.DLL!SHLoadInProc Creates an object instance within the Shell process context- involving object management via COM. Process and Thread Management | |
| KERNELBASE.DLL!MapGenericMask Maps generic access rights to specific access rights- dealing with access control in security contexts. Registry Operations | |
| RPCRT4.DLL!NdrProxyErrorHandler Maps an exception into an HRESULT for RPC error handling. System Information and Control | |
| USER32.DLL!GetDlgCtrlID Retrieves the identifier of a specified control in a dialog box. System Information and Control | |
| KERNEL32.DLL!GetNumberFormatA Formats number strings according to locale-specific settings- useful in internationalization scenarios. System Information and Control | |
| KERNEL32.DLL!RequestWakeupLatency Returns a wake-up latency request for the system- affecting sleep state selection. System Information and Control | |
| KERNEL32.DLL!GetVolumeInformationW Retrieves file system and volume information for a specified directory- aiding in file operations. File Operations | |
| OLEAUT32.DLL!VarDecNeg Negates a decimal variant- affecting its value. System Information and Control | |
| KERNEL32.DLL!FlsFree Releases a fiber local storage index- allowing its reuse in the current process. Memory Management | |
| GDI32FULL.DLL!GetEnhMetaFileA Creates a handle for enhanced-format metafiles- indicating file operations. File Operations | |
| OLE32.DLL!CoLockObjectExternal Locks an object in memory to prevent it from being released until specifically unlocked. Memory Management | |
| ADVAPI32.DLL!AuditLookupSubCategoryNameA Retrieves the display name for an audit-policy subcategory using a GUID. System Information and Control | |
| KERNEL32.DLL!GetMaximumProcessorCount Returns maximum logical processors for a system- providing system information and control capabilities. System Information and Control | |
| KERNEL32.DLL!HeapReAlloc This function reallocates a block of memory from a heap- modifying its size and properties. Memory Management | |
| ADVAPI32.DLL!InitiateSystemShutdownExA Initiates a shutdown or restart of a specified computer- allowing for display messages and reason codes. System Information and Control | |
| KERNEL32.DLL!SetUnhandledExceptionFilter Replaces the existing top-level exception handler for all threads in a process- managing unhandled exceptions. Process and Thread Management | |
| OLE32.DLL!CStdAsyncStubBuffer2_Release Implements the IRpcStubBuffer::Release method to manage reference counts for COM objects. Process and Thread Management | |
| WINDOWS.STORAGE.DLL!ShellExecuteA Executes an operation on a specified file- such as open- print- or explore. File Operations | |
| RPCRT4.DLL!NdrPointerUnmarshall Unmarshalls pointers in RPC- managing data transfer between applications. Memory Management | |
| RPCRT4.DLL!RpcErrorEndEnumeration Ends enumeration of RPC extended error information- freeing resources associated with the enumeration. System Information and Control | |
| SHCORE.DLL!IStream_WriteStr This function writes a string into a stream- performing data handling tasks. File Operations | |
| SHELL32.DLL!SHGetAttributesFromDataObject Retrieves information from a system data object based on specified attributes. File Operations | |
| WS2_32.DLL!WSAUnadvertiseProvider This function makes a namespace provider unavailable to clients- impacting network service interactions. Network Operations | |
| ADVAPI32.DLL!BuildTrusteeWithNameW Initializes a TRUSTEE structure for access control. It sets default values for security management. Registry Operations | |
| OLEAUT32.DLL!VarUI2FromR4 Converts float values to unsigned short types- dealing with data representation. Memory Management | |
| USER32.DLL!GetWindowLongPtrW Retrieves values from window properties and extra memory- useful for managing window behaviors. System Information and Control | |
| GDI32FULL.DLL!SetDIBitsToDevice This function sets pixels on a device context using color data from images- managing visual output. System Information and Control | |
| SHELL32.DLL!DuplicateIcon Creates a duplicate of an icon- involving manipulation of icon resources in memory. Memory Management | |
| KERNEL32.DLL!SetProcessDEPPolicy Changes Data Execution Prevention settings for a process- affecting how executable code is managed. Process and Thread Management | |
| WINDOWS.STORAGE.DLL!SHCreateAssociationRegistration Creates an interface for application association registration- relevant for managing file type associations. File Operations | |
| KERNEL32.DLL!SetThreadSelectedCpuSets This function assigns CPU Sets for a specific thread- impacting thread scheduling and resource management. Process and Thread Management | |
| KERNEL32.DLL!FindFirstChangeNotificationW Creates a handle to monitor changes in a directory- thus dealing with file system events. File Operations | |
| OLEAUT32.DLL!VarUI2FromI1 This function converts data types from char to unsigned short- relating to memory and data manipulation. Memory Management | |
| KERNEL32.DLL!GetPrivateProfileStructW Retrieves data from an initialization file- which includes reading from the registry when necessary. Registry Operations | |
| KERNEL32.DLL!Process32Next Retrieves information about the next process in a system snapshot. Process and Thread Management | |
| GDI32FULL.DLL!GetTextMetricsA Retrieves metrics for the currently selected font in a device context. System Information and Control | |
| SECHOST.DLL!QueryAllTracesA Retrieves properties and statistics for all event tracing sessions that the caller can query. System Information and Control | |
| OLE32.DLL!OleRun Puts an OLE object into a running state by querying an interface and running the object. Process and Thread Management | |
| SECHOST.DLL!CredGetSessionTypes Retrieves maximum persistence values for credentials associated with the current logon session. System Information and Control | |
| OLEAUT32.DLL!VariantTimeToSystemTime Converts variant time format to system time values- dealing with date representation. System Information and Control | |
| SHLWAPI.DLL!UrlEscapeA This function converts unsafe characters in a URL to escape sequences for safe transmission. Network Operations | |
| KERNEL32.DLL!PssWalkMarkerGetPosition Retrieves the current position of a walk marker in a process snapshot. Process and Thread Management | |
| USER32.DLL!SetWindowTextW Modifies the text of a window's title bar or control- affecting user interface elements. System Information and Control | |
| KERNEL32.DLL!RegQueryValueExW Retrieves the type and data for a specified registry value associated with an open key. Registry Operations | |
| SECHOST.DLL!CredReadDomainCredentialsW Reads domain credentials associated with the current user's logon session. Registry Operations | |
| ADVAPI32.DLL!AccessCheckAndAuditAlarmA Checks access rights against a security descriptor and logs audit messages. Registry Operations | |
| KERNEL32.DLL!QueryFullProcessImageNameA Retrieves the full name of the executable image for a specified process. System Information and Control | |
| USER32.DLL!BeginDeferWindowPos Allocates memory for a structure to manage multiple window positions. Memory Management | |
| OLE32.DLL!CoWaitForMultipleHandles Waits for multiple handles- blocking the thread until one is signaled or timeout elapses. Process and Thread Management | |
| KERNEL32.DLL!GetNumaNodeProcessorMask2 Retrieves the processor mask for a specified NUMA node- related to system processor management. System Information and Control | |
| RPCRT4.DLL!RpcImpersonateClientContainer This function allows a server to impersonate a client’s security context for secure remote procedure calls. Process and Thread Management | |
| SHLWAPI.DLL!UrlCompareW Compares two URL strings for equality- focusing on string operations related to URL manipulation. System Information and Control | |
| IAppxManifestPackageId::GetPackageFullName Retrieves the full name of a package- uniquely identifying it. System Information and Control | |
| SHELL32.DLL!SHGetNewLinkInfoA This function creates a name for a new shortcut based on a target without creating the shortcut itself. File Operations | |
| GDI32.DLL!EqualRgn Checks if two graphical regions are identical in size and shape. System Information and Control | |
| KERNEL32.DLL!CloseHandle Closes an open object handle- managing resource cleanup to prevent leaks. Process and Thread Management | |
| USER32.DLL!EnumDesktopsW Enumerates desktops associated with a window station- facilitating management of desktop interfaces. System Information and Control | |
| OLE32.DLL!OleInitialize Initializes the COM library for single-threaded applications- facilitating OLE and other related functionalities. Process and Thread Management | |
| USER32.DLL!SetDialogDpiChangeBehavior This function modifies the DPI change behavior of a specified dialog interface. System Information and Control | |
| GDI32FULL.DLL!ScaleWindowExtEx Modifies window dimensions for a device context based on specified multiplicands and divisors. System Information and Control | |
| USER32.DLL!GetDialogBaseUnits Retrieves the average width and height of characters in the system font for dialog boxes. System Information and Control | |
| SHLWAPI.DLL!SHRegGetUSValueA Retrieves a value from user-specific registry subkeys (HKEY_CURRENT_USER or HKEY_LOCAL_MACHINE). Registry Operations | |
| USER32.DLL!FindWindowExW Retrieves a handle to a specified window based on class and window name. System Information and Control | |
| ADVAPI32.DLL!GetNamedSecurityInfoA Retrieves the security descriptor of an object- crucial for managing access controls. Registry Operations | |
| SHLWAPI.DLL!StrCmpNW This function compares characters of two strings to determine equality- facilitating string handling in applications. System Information and Control | |
| WINDOWS.STORAGE.DLL!SHBindToObject Binds to a specified object in the Shell namespace- involving interaction between shell objects. File Operations | |
| KERNEL32.DLL!ReclaimVirtualMemory Reclaims memory pages previously offered to the system- managing memory allocation and deallocation. Memory Management | |
| WINMM.DLL!joyGetDevCapsW This function queries joystick capabilities- assessing device features. System Information and Control | |
| KERNEL32.DLL!FreeLibrary Frees a loaded DLL and decrements its reference count- managing DLLs in memory. DLL Injection and Manipulation | |
| GDI32FULL.DLL!ScriptJustify Adjusts widths for glyphs to achieve justified text layout. Memory Management | |
| NTDLL.DLL!RtlFreeAnsiString Frees memory allocated for an ANSI string buffer- indicating its role in memory management. Memory Management | |
| SHLWAPI.DLL!PathMakePrettyW Converts uppercase paths to lowercase for a consistent format. File Operations | |
| SECHOST.DLL!QueryServiceConfig2A Retrieves configuration parameters for a specified service- querying the service management database. System Information and Control | |
| KERNEL32.DLL!VerSetConditionMask Sets bits in a 64-bit value for OS version comparison conditions- aiding in information verification. System Information and Control | |
| SHELL32.DLL!SHCreateShellFolderView This function creates a Shell folder view object for displaying file system content. File Operations | |
| RPCRT4.DLL!NdrClientCall2 This function initiates remote procedure calls- sending data to a server and receiving responses. Network Operations | |
| OLE32.DLL!ObjectStublessClient21 A stub function for COM proxies- facilitating interface marshaling in proxy DLLs. DLL Injection and Manipulation | |
| KERNEL32.DLL!GetNamedPipeInfo Retrieves information about a named pipe- including its type and instance count. Network Operations | |
| ADVAPI32.DLL!LogonUserExA Logs a user onto the local computer and provides a handle to the user's token for impersonation. Process and Thread Management | |
| SECHOST.DLL!CredDeleteW Deletes a specific credential from the user's credential set- managing user credentials. Registry Operations | |
| USER32.DLL!GetKeyNameTextW Retrieves the name of a key from its input- handling keyboard input data. System Information and Control | |
| SHLWAPI.DLL!StrCatChainW Concatenates two Unicode strings- potentially leading to buffer overflow if misused. Memory Management | |
| SECHOST.DLL!NotifyServiceStatusChangeW This function allows applications to receive notifications about service state changes. System Information and Control | |
| OLE32.DLL!HACCEL_UserMarshal64 This function marshals a HACCEL object for remote procedure calls- facilitating object serialization across networks. Network Operations | |
| KERNEL32.DLL!PssCaptureSnapshot Captures a snapshot of a target process- including its threads and context. Process and Thread Management | |
| GDI32FULL.DLL!EngAcquireSemaphore Acquires semaphore for exclusive access by a thread- managing resource locking. Process and Thread Management | |
| KERNEL32.DLL!timeGetTime Retrieves system time in milliseconds since Windows started. Used for timing and measurements. System Information and Control | |
| NTDLL.DLL!NtRenameKey This function changes the name of a specified registry key. Registry Operations | |
| KERNEL32.DLL!LCMapStringA Maps input character strings for the specified locale- transforming strings or generating sort keys. System Information and Control | |
| OLE32.DLL!OleDoAutoConvert Converts an object to a new class based on registry settings. Registry Operations | |
| RPCRT4.DLL!RpcBindingSetAuthInfoExW Sets authentication and authorization info for RPC- impacting security and quality of service. Network Operations | |
| GDI32FULL.DLL!ScriptCacheGetHeight Retrieves the height of the currently cached font for rendering purposes. Memory Management | |
| KERNEL32.DLL!GetCompressedFileSizeTransactedW Retrieves the actual disk storage used by a specified file as a transacted operation. File Operations | |
| SECHOST.DLL!LsaOpenPolicy Opens a handle to the LSA Policy object- enabling security policy management on local/remote systems. System Information and Control | |
| KERNELBASE.DLL!RegLoadAppKeyA Loads a specified registry hive as an application hive- allowing controlled access to registry keys. Registry Operations | |
| OLE32.DLL!CStdAsyncStubBuffer_Connect Connects a server object to its RPC stub- facilitating remote procedure calls. Process and Thread Management | |
| OLE32.DLL!OleCreateLinkFromData Creates linked objects from data transfer objects- primarily for OLE operations. DLL Injection and Manipulation | |
| KERNEL32.DLL!SignalObjectAndWait Signals one synchronization object and waits on another- managing thread synchronization efficiently. Process and Thread Management | |
| OLE32.DLL!NdrProxyForwardingFunction15 Stub function for COM proxies facilitating interface marshaling. DLL Injection and Manipulation | |
| KERNEL32.DLL!UnlockFile Releases a lock on a section of an open file to allow other processes access. File Operations | |
| RPCRT4.DLL!RpcAsyncAbortCall Aborts an asynchronous RPC call on the server side. Process and Thread Management | |
| KERNEL32.DLL!SetThreadpoolWaitEx Configures a wait object and its timeout for worker thread callbacks. Process and Thread Management | |
| USER32.DLL!LoadStringW Loads string resources from a specified module's executable file into a buffer. File Operations | |
| KERNEL32.DLL!OpenFile Creates- opens- reopens- or deletes a file- managing file handles for I/O operations. File Operations | |
| GDI32FULL.DLL!EngMultiByteToUnicodeN Converts ANSI strings to Unicode- handling character encoding conversions. Memory Management | |
| OLEAUT32.DLL!VarDecFromI8 Converts an 8-byte integer to a decimal value for data manipulation. Memory Management | |
| CHOOSEFONTW Initializes the Font dialog box and returns user-selected font information. Process and Thread Management | |
| OLE32.DLL!HBITMAP_UserUnmarshal64 This function unmarshals HBITMAP- which deals with graphic objects- involving memory operations related to RPC. Memory Management | |
| OLEAUT32.DLL!SafeArrayCreateVector Creates a fixed-size one-dimensional safe array for data storage. Memory Management | |
| KERNEL32.DLL!QueryUmsThreadInformation Retrieves details about user-mode scheduling threads- including status and execution context. Process and Thread Management | |
| KERNEL32.DLL!CancelThreadpoolIo Cancels notifications for asynchronous I/O operations to prevent memory leaks. Process and Thread Management | |
| KERNEL32.DLL!GetLogicalProcessorInformation Retrieves information about logical processors for performance optimization and hardware configuration. System Information and Control | |
| OLEAUT32.DLL!VarUI4FromBool Converts a Boolean value to an unsigned long value for automation purposes. System Information and Control | |
| OLEAUT32.DLL!VarDateFromUI4 Converts an unsigned long to a date value- related to data manipulation rather than file or memory management. System Information and Control | |
| KERNEL32.DLL!SleepConditionVariableCS This function manages thread sleep states and critical section releases- relating to Process and Thread Management. Process and Thread Management | |
| RPCRT4.DLL!RpcSsSetThreadHandle Sets a thread handle for managing memory in the stub memory-management environment. Memory Management | |
| RPCRT4.DLL!CStdStubBuffer_Disconnect This function disconnects the server object from the stub in RPC communication. System Information and Control | |
| SHLWAPI.DLL!SHRegOpenUSKeyW Opens a registry subkey in user-specific subtree for access control. Registry Operations | |
| GDI32FULL.DLL!CopyMetaFileA Copies the content of a Windows-format metafile to a specified file or memory. File Operations | |
| USER32.DLL!RemoveClipboardFormatListener This function removes a window from the clipboard format listener list- controlling clipboard event notifications. System Information and Control | |
| RPCRT4.DLL!UuidCompare Compares two UUIDs to determine their order. System Information and Control | |
| RPCRT4.DLL!RpcAsyncCancelCall Cancels an asynchronous RPC call- either immediately or after waiting for server completion. Process and Thread Management | |
| WINMM.DLL!joySetCapture Captures joystick input and directs messages to a specified window via callbacks. System Information and Control | |
| USER32.DLL!CloseGestureInfoHandle Closes a handle related to gesture information- preventing memory leaks. Memory Management | |
| KERNEL32.DLL!FlushProcessWriteBuffers This function flushes write operations for the current process- affecting process and thread performance. Process and Thread Management | |
| GDI32FULL.DLL!GetEnhMetaFileDescriptionA Retrieves a text description from an enhanced metafile- handling metafile data. File Operations | |
| ADVAPI32.DLL!LsaCreateTrustedDomainEx Establishes a new trusted domain by creating a TrustedDomain object. System Information and Control | |
| COMCTL32.DLL!_TrackMouseEvent Tracks mouse events and posts messages based on mouse pointer's position relative to a window. Hooking and Interception | |
| KERNEL32.DLL!FindCloseChangeNotification Stops monitoring for changes on a notification handle- relating to file system changes. File Operations | |
| USER32.DLL!CharToOemW Translates a string into the OEM-defined character set- related to character operations. System Information and Control | |
| KERNEL32.DLL!GetPrivateProfileSectionA Retrieves keys and values from an initialization file section- involving file access. File Operations | |
| USER32.DLL!GetTabbedTextExtentW Computes the width and height of a character string- considering tab stops and font. File Operations | |
| SHLWAPI.DLL!PathUnquoteSpacesW This function removes quotes from the beginning and end of a file path. File Operations | |
| OLEAUT32.DLL!VarBstrFromR4 Converts a float value to a BSTR value- involving data type transformation. Memory Management | |
| USER32.DLL!InflateRect Adjusts rectangle dimensions by increasing or decreasing its width and height- relevant to graphical operations. Memory Management | |
| USER32.DLL!ToUnicode Translates virtual-key codes and keyboard state to corresponding Unicode characters. System Information and Control | |
| KERNEL32.DLL!SystemTimeToTzSpecificLocalTimeEx Converts UTC time to local time considering specified time zone and daylight saving settings. System Information and Control | |
| ADVAPI32.DLL!ConvertSidToStringSidA Converts a security identifier (SID) to a string format for display- storage- or transmission. System Information and Control | |
| SHELL32.DLL!SignalFileOpen Notifies the Shell that a specified file has been opened- facilitating file operation notifications. File Operations | |
| USER32.DLL!GetAutoRotationState Retrieves the state of screen auto-rotation- affecting how apps respond to orientation changes. System Information and Control | |
| SHLWAPI.DLL!StrStrNIW This function searches for a substring in a string- performing string operations. File Operations | |
| VERTDLL.DLL!EventSetInformation Configures an ETW event provider- managing event registration details. System Information and Control | |
| WSOCK32.DLL!ntohl Converts a 32-bit number from TCP/IP network order to host byte order- facilitating network operations. Network Operations | |
| RPCRT4.DLL!NdrUserMarshalFree This function frees a user marshal object in RPC- handling memory allocation. Memory Management | |
| COMCTL32.DLL!ImageList_DrawIndirect Draws images from image lists; involves graphic operations rather than file manipulation. System Information and Control | |
| KERNEL32.DLL!GlobalAlloc Allocates a specified number of bytes from the heap memory. Memory Management | |
| ADVAPI32.DLL!PerfDeleteCounters Removes performance counter specifications from a query- affecting system performance monitoring. System Information and Control | |
| OLE32.DLL!RevokeDragDrop Revokes a window's registration for OLE drag-and-drop operations- relevant to inter-process interaction. Network Operations | |
| SHLWAPI.DLL!StrStrIW Searches for a substring within a string- returning its position; relevant for string manipulation in memory. Memory Management | |
| KERNEL32.DLL!GetSystemWow64DirectoryA Retrieves the path of the WOW64 system directory- indicating system information management. System Information and Control | |
| RPCRT4.DLL!RpcErrorGetNextRecord Retrieves the next extended error information record from an enumeration handle. System Information and Control | |
| WER.DLL!RegisterWaitChainCOMCallback Registers COM callback functions to manage thread blocking in Wait Chain Traversal. Process and Thread Management | |
| USER32.DLL!SetDoubleClickTime Adjusts the maximum interval between mouse clicks regarded as a double-click. System Information and Control | |
| USER32.DLL!DlgDirListComboBoxA Fills a combo box with directory and file names from a specified path. File Operations | |
| KERNEL32.DLL!QueryProcessAffinityUpdateMode Retrieves the affinity update mode for a process- affecting process management and affinity settings. Process and Thread Management | |
| IDirect3DDevice9::ShowCursor Displays or hides the cursor based on the input parameter. System Information and Control | |
| ADVAPI32.DLL!SaferCloseLevel Closes a SAFER_LEVEL_HANDLE to manage security levels. System Information and Control | |
| COMCTL32.DLL!ImageList_GetIcon Creates an icon from an image and mask in an image list. Memory Management | |
| KERNEL32.DLL!GetSystemRegistryQuota Retrieves the size and limit of the registry- controlling system information and resource management. Registry Operations | |
| SHELL32.DLL!SHGetImageList Retrieves an image list used in UI elements like icons. System Information and Control | |
| OLE32.DLL!CoLoadLibrary Loads a specific DLL into the caller's process- impacting DLL lifespan. DLL Injection and Manipulation | |
| ADVAPI32.DLL!QueryServiceLockStatusW Retrieves the lock status of the service control manager database- indicating service control management interactions. System Information and Control | |
| RPCRT4.DLL!RpcRevertToSelfEx Allows server to revert client impersonation in multithreaded operations. Process and Thread Management | |
| GDI32FULL.DLL!GetBrushOrgEx Retrieves the brush origin for a specified device context- related to drawing operations. System Information and Control | |
| WINMMBASE.DLL!midiInGetDevCapsW This function retrieves capabilities of MIDI input devices. Hence- it falls under System Information and Control. System Information and Control | |
| USER32.DLL!SetWindowLongW Modifies properties of a specified window- changing its characteristics or window procedure. Hooking and Interception | |
| WSOCK32.DLL!getprotobynumber Retrieves protocol information for a specified protocol number- facilitating network communication operations. Network Operations | |
| USER32.DLL!UnregisterClassA This function unregisters a window class- freeing associated memory and managing class resources. Process and Thread Management | |
| USER32.DLL!DdeQueryStringW Copies text associated with a string handle into a buffer using Dynamic Data Exchange. File Operations | |
| SHELL32.DLL!ExtractIconExA This function extracts icons from executable files- DLLs- or icon files- categorizing it under File Operations. File Operations | |
| SHLWAPI.DLL!UrlCreateFromPathA Converts MS-DOS paths to canonicalized URLs- involving file path manipulation. File Operations | |
| OLE32.DLL!ObjectStublessClient9 Stub function for COM proxies- aiding in marshalling interfaces. DLL Injection and Manipulation | |
| USER32.DLL!EndTask Forcibly closes the specified window- indicating control over process termination. Process and Thread Management | |
| KERNEL32.DLL!GetThreadIdealProcessorEx Retrieves the ideal processor number for a specified thread. Process and Thread Management | |
| GDI32FULL.DLL!StartDocA Starts a print job by interfacing with device context- hence related to printing operations. System Information and Control | |
| KERNEL32.DLL!SetComputerNameA Changes the local computer's NetBIOS name- stored in the registry; administrator rights required. Registry Operations | |
| KERNELBASE.DLL!EnumDynamicTimeZoneInformation Enumerates time zone settings stored in the registry related to daylight saving time adjustments. Registry Operations | |
| VERTDLL.DLL!NtQueryInformationProcess Retrieves various information about a specified process in the system. System Information and Control | |
| ADVAPI32.DLL!CloseEncryptedFileRaw Closes an encrypted file and frees related resources- primarily related to file handling. File Operations | |
| KERNEL32.DLL!CheckNameLegalDOS8Dot3W Determines if a name can be used for file creation on FAT file systems. File Operations | |
| KERNEL32.DLL!GetProcessDefaultCpuSetMasks Retrieves the CPU Sets for a specific process- focusing on process management. Process and Thread Management | |
| KERNEL32.DLL!LoadPackagedLibrary Loads a packaged module and its dependencies into the process's address space. DLL Injection and Manipulation | |
| ADVAPI32.DLL!EncryptFileA Encrypts a file or directory- requiring exclusive access to the specified file. File Operations | |
| NTDLL.DLL!RtlUniform Generates a uniform random number using D.H. Lehmer's algorithm for randomness. Cryptographic Operations | |
| USER32.DLL!SetWindowPlacement Adjusts the show state and position of a window based on the specified parameters. System Information and Control | |
| OLEAUT32.DLL!VarDecSub This function performs subtraction on decimal variants- handling data type manipulation rather than direct file or network actions. Memory Management | |
| RPCRT4.DLL!RpcSmEnableAllocate This function establishes the memory management environment necessary for RPC calls. Memory Management | |
| KERNEL32.DLL!IsWow64Process Determines if a process runs under WOW64 or Intel64/x64. System Information and Control | |
| KERNELBASE.DLL!SetSecurityDescriptorOwner This function sets the owner information in a security descriptor- relevant to access control. Registry Operations | |
| NTDLL.DLL!RtlEthernetAddressToStringA Converts a binary Ethernet address to a string representation of the MAC address. Network Operations | |
| USER32.DLL!RegisterTouchWindow Registers a window for touch input- modifying its behavior for touch events. System Information and Control | |
| KERNELBASE.DLL!AreAllAccessesGranted Checks if requested access rights have been granted using access masks. System Information and Control | |
| KERNEL32.DLL!CreateSymbolicLinkW This function creates a symbolic link to a file or directory. File Operations | |
| USER32.DLL!EnumDesktopsA Enumerates all desktops associated with a window station- requiring specific access rights for desktop enumeration. System Information and Control | |
| OLE32.DLL!CoInitializeEx Initializes the COM library- setting concurrency and apartment model- essential for COM operations. System Information and Control | |
| IAMDevMemoryAllocator::Free Frees previously allocated memory- indicating management of system memory resources. Memory Management | |
| ADVAPI32.DLL!InitiateShutdownW Initiates a shutdown operation on a specified or local computer- affecting system processes and applications. Process and Thread Management | |
| WINMMBASE.DLL!waveInGetPosition Retrieves the current input position of a waveform-audio input device. System Information and Control | |
| SHELL32.DLL!SHGetNewLinkInfoW This function creates a name for a shortcut based on its target; it focuses on managing files. File Operations | |
| GDI32FULL.DLL!CreateBitmap Creates a bitmap with specified dimensions and color format for graphical representation. Memory Management | |
| KERNEL32.DLL!GetDefaultCommConfigA Retrieves default configuration settings for specified communication devices- applicable to file and network operations. File Operations | |
| KERNEL32.DLL!GetComputerNameExA Retrieves local computer's NetBIOS or DNS name- relying on system configuration and registry data. System Information and Control | |
| WS2_32.DLL!WSAPoll The WSAPoll function checks the status of multiple sockets- involving network communication. Network Operations | |
| KERNEL32.DLL!UnmapViewOfFile Unmaps a mapped view of a file from the process's address space. Memory Management | |
| SHCORE.DLL!SHRegGetValueW Retrieves a registry value using a specified handle- subkey- and value name. Registry Operations | |
| KERNEL32.DLL!GetProcessInformation Retrieves various types of information about a specified process for monitoring and management purposes. System Information and Control | |
| KERNEL32.DLL!WerRegisterAdditionalProcess Registers a secondary process for inclusion in Windows Error Reporting for additional diagnostics. System Information and Control | |
| GDI32.DLL!FONTOBJ_cGetAllGlyphHandles This function retrieves all glyph handles for a GDI font- relating to font management. System Information and Control | |
| GDI32FULL.DLL!GetKerningPairsW Retrieves character-kerning pairs for the selected font in a specified device context. System Information and Control | |
| SHLWAPI.DLL!PathStripToRootW This function removes all file and directory elements from a path- focusing solely on the root. File Operations | |
| KERNEL32.DLL!GetUserGeoID Retrieves the geographical location identifier for the user based on previously set values. System Information and Control | |
| KERNEL32.DLL!GetModuleHandleExW Retrieves a module handle for a loaded module- impacting reference count management. DLL Injection and Manipulation | |
| NTDLL.DLL!RtlAnsiStringToUnicodeString Converts ANSI strings to Unicode- influencing how strings are handled in memory. Memory Management | |
| RPCRT4.DLL!RpcErrorAddRecord Adds extended error information to a chain of records. System Information and Control | |
| SHLWAPI.DLL!StrToIntA Converts a string representing a decimal value to an integer. System Information and Control | |
| OLEAUT32.DLL!BSTR_UserFree64 Frees resources used by RPC- indicating server-side memory management. Memory Management | |
| USER32.DLL!ChangeDisplaySettingsExA Changes the settings of the specified display device to the graphics mode. System Information and Control | |
| COMCTL32.DLL!DSA_GetItemPtr Retrieves a pointer to an element from a dynamic structure array. Memory Management | |
| USER32.DLL!SetWindowTextA Changes the text of a specified window's title bar or control text. System Information and Control | |
| SHLWAPI.DLL!SHRegEnumUSValueW This function enumerates values in a registry subkey- categorizing it as a Registry Operations. Registry Operations | |
| WINMMBASE.DLL!midiInOpen This function opens a MIDI input device and manages its callback mechanism. Process and Thread Management | |
| GDI32FULL.DLL!EngFindResource This function locates a resource in a module- requiring resource identification. File Operations | |
| ADVAPI32.DLL!BuildTrusteeWithNameA Initializes a TRUSTEE structure for access control. Registry Operations | |
| OLEAUT32.DLL!VarDateFromBool Converts a Boolean value to a date value- involving data manipulation but not directly linked to memory or files. System Information and Control | |
| KERNEL32.DLL!IsValidCodePage Validates whether a specified code page identifier is installed on the operating system. System Information and Control | |
| IWiaItemExtras::Escape This method sends vendor-specific I/O requests to still image devices- involving direct interaction with hardware. Network Operations | |
| KERNEL32.DLL!MoveFileTransactedW This function moves files or directories as a transacted operation- impacting file locations. File Operations | |
| SHLWAPI.DLL!StrTrimW Trims leading and trailing characters from a string- manipulating string data directly. Memory Management | |
| USER32.DLL!DrawFrameControl Draws a frame control in a specified type and style on a device context. System Information and Control | |
| WINMMBASE.DLL!auxGetVolume Retrieves the volume setting for an auxiliary output device- related to audio control. System Information and Control | |
| COMCTL32.DLL!ImageList_Read Reads an image list from a stream- implying interaction with data storage. File Operations | |
| KERNEL32.DLL!RtlUnwindEx Initiates an unwind of procedure call frames- managing control flow in exception handling. Process and Thread Management | |
| USER32.DLL!VkKeyScanW Translates characters to virtual-key codes for keyboard input processing. Hooking and Interception | |
| COMCTL32.DLL!DestroyPropertySheetPage This function destroys a property sheet page- managing UI components in memory. Memory Management | |
| KERNEL32.DLL!GetCurrentProcessId Retrieves the unique process identifier of the calling process. Process and Thread Management | |
| ADVAPI32.DLL!AbortSystemShutdownW Stops a system shutdown that has been initiated- affecting process control. System Information and Control | |
| KERNEL32.DLL!GetGeoInfoEx Retrieves geographic location information based on ISO or UN codes- related to system information. System Information and Control | |
| KERNEL32.DLL!SizeofResource Retrieves the size of a specified resource in bytes from a module. File Operations | |
| USER32.DLL!GetCursorPos Retrieves the position of the mouse cursor in screen coordinates. System Information and Control | |
| WS2_32.DLL!WSAGetServiceClassNameByClassIdW Retrieves the service name associated with a given service class ID for network services. Network Operations | |
| KERNEL32.DLL!SetCriticalSectionSpinCount Adjusts spin count for a critical section to optimize thread synchronization. Process and Thread Management | |
| WINMM.DLL!joyGetNumDevs Queries the joystick driver for the number of supported joysticks. System Information and Control | |
| KERNEL32.DLL!GetQueuedCompletionStatus Dequeues an I/O completion packet from a specified I/O completion port. Process and Thread Management | |
| SHELL32.DLL!SHQueryRecycleBinA Retrieves data about the Recycle Bin- including size and item count- impacting file management. File Operations | |
| KERNEL32.DLL!AddSecureMemoryCacheCallback Registers a callback for when secured memory protections change- relating to memory handling. Memory Management | |
| WINDOWS.STORAGE.DLL!SHCreateDirectoryExA Creates a new file system folder- allowing specification of security attributes. File Operations | |
| ADVAPI32.DLL!UpdateTraceW Updates the property settings of an event tracing session. Relates to system monitoring. System Information and Control | |
| KERNEL32.DLL!CopyFileW This function copies an existing file to a new file- directly involving file manipulation. File Operations | |
| KERNEL32.DLL!Wow64SuspendThread This function suspends a specified WOW64 thread- affecting process and thread management. Process and Thread Management | |
| WINDOWS.STORAGE.DLL!ILFree Frees an ITEMIDLIST structure allocated by the Shell- managing memory resources. Memory Management | |
| USER32.DLL!SetProcessWindowStation Assigns a window station to the calling process- enabling access to window station objects. System Information and Control | |
| RPCRT4.DLL!RpcTestCancel This function checks for cancel indications in remote procedure calls. System Information and Control | |
| OLE32.DLL!CLIPFORMAT_UserUnmarshal64 Unmarshals a CLIPFORMAT object from the RPC buffer indicating inter-process communication usage. Process and Thread Management | |
| OLEAUT32.DLL!DispGetParam Retrieves parameters from DISPPARAMS- checking types and positions- significant for automation and type management. Memory Management | |
| USER32.DLL!ShowOwnedPopups This function manages pop-up windows associated with a specified window- indicating a focus on window management. Process and Thread Management | |
| OLEAUT32.DLL!VarCyCmp Compares two currency variants- indicating their relational size. System Information and Control | |
| NTDLL.DLL!RtlConvertSidToUnicodeString Converts a security identifier to its Unicode representation. System Information and Control | |
| ADVAPI32.DLL!RegDisableReflectionKey Disables registry reflection for specified keys- affecting their behavior in the registry. Registry Operations | |
| KERNEL32.DLL!lstrcpynW Copies characters from a source string into a specified buffer- essential for string manipulation. File Operations | |
| ADVAPI32.DLL!QueryUsersOnEncryptedFile Retrieves a list of users with access to a specified encrypted file. File Operations | |
| WINDOWS.STORAGE.DLL!SHCreateItemWithParent This function creates a Shell item in a specified parent folder. File Operations | |
| USER32.DLL!IsChild Determines if a window is a child or descendant of a specified parent window. Process and Thread Management | |
| USER32.DLL!wsprintfA Formats and writes data to a specified buffer- processing format specifications for various argument types. Memory Management | |
| KERNEL32.DLL!GetStringScripts Analyzes Unicode strings and retrieves a list of associated scripts- impacting internationalization. System Information and Control | |
| SHLWAPI.DLL!SHRegGetBoolUSValueW Retrieves a Boolean value from a user-specific registry subkey. Registry Operations | |
| SECHOST.DLL!QueryServiceStatus Retrieves the current status of a specified service from the service control manager. System Information and Control | |
| GDI32FULL.DLL!GetSystemPaletteUse Retrieves the current state of the system palette for a specified device context. System Information and Control | |
| KERNEL32.DLL!FindResourceA This function locates a resource in a specified module's executable file. System Information and Control | |
| USER32.DLL!UnloadKeyboardLayout Unloads an input locale identifier- managing keyboard layout settings. Process and Thread Management | |
| KERNEL32.DLL!EndUpdateResourceW Commits or discards changes to resources in a module after updating. File Operations | |
| WINDOWS.STORAGE.DLL!PathCleanupSpec Cleans file or directory names by removing illegal characters and ensuring compliance with filename formats. File Operations | |
| USER32.DLL!CharNextW Retrieves a pointer to the next character in a string- handling multi-byte characters. Memory Management | |
| USER32.DLL!GetUpdateRgn Retrieves the update region of a window- related to window management and its visual updates. Process and Thread Management | |
| KERNEL32.DLL!SetLocaleInfoA Modifies user locale information affecting application behavior- which involves writing to the registry. Registry Operations | |
| KERNEL32.DLL!TrySubmitThreadpoolCallback Requests a thread pool worker to execute a specified callback function. Process and Thread Management | |
| KERNEL32.DLL!ConvertThreadToFiberEx Converts a thread into a fiber- allowing execution of other fibers. Process and Thread Management | |
| RPCRT4.DLL!RpcServerInterfaceGroupClose This function frees an interface group- managing RPC interface lifecycle. Process and Thread Management | |
| KERNEL32.DLL!AddVectoredContinueHandler Registers a vectored continue handler for continuation after an exception. Process and Thread Management | |
| KERNEL32.DLL!IsDBCSLeadByteEx Determines if a character is a lead byte in a double-byte character set (DBCS). System Information and Control | |
| GDI32FULL.DLL!CopyMetaFileW This function copies a metafile's content to a file- involving file manipulation. File Operations | |
| SHLWAPI.DLL!PathSetDlgItemPathA Sets text in a dialog control using a specified path. System Information and Control | |
| USER32.DLL!CallMsgFilterW Passes messages to hook procedures for filtering- modifying messages for UI elements. Hooking and Interception | |
| KERNEL32.DLL!DeleteAtom Removes a string associated with an atom when its reference count reaches zero. Memory Management | |
| SHCORE.DLL!SHRegGetPathA Retrieves a file path from the registry- expanding environment variables as needed. Registry Operations | |
| KERNEL32.DLL!GetMaximumProcessorGroupCount Retrieves the count of processor groups available in the system. System Information and Control | |
| USER32.DLL!GetUpdatedClipboardFormats Retrieves currently supported clipboard formats for the system clipboard. System Information and Control | |
| OLEAUT32.DLL!VarI8FromCy Converts a currency value to an 8-byte integer- handling data formatting and type conversions. Memory Management | |
| ADVAPI32.DLL!FreeInheritedFromArray Frees memory allocated by the GetInheritanceSource function- managing memory resources. Memory Management | |
| KERNEL32.DLL!_lclose Closes a specified file- thus managing file access and ensuring it’s no longer available for operations. File Operations | |
| WINMMBASE.DLL!waveOutGetID Retrieves the device identifier for a waveform-audio output device. System Information and Control | |
| USER32.DLL!GetAncestor Retrieves the handle to the ancestor window of a specified window in the window hierarchy. System Information and Control | |
| KERNEL32.DLL!GetThreadSelectedCpuSetMasks Retrieves the explicit CPU Set assignment for a specified thread- related to thread management. Process and Thread Management | |
| KERNEL32.DLL!GetProcessorSystemCycleTime Retrieves processor cycle time spent on executing DPCs and ISRs for system performance monitoring. System Information and Control | |
| WSOCK32.DLL!getprotobyname Retrieves protocol information based on the specified protocol name. Network Operations | |
| KERNEL32.DLL!WerRegisterAppLocalDump Registers a path for saving diagnostic memory dumps collected by Windows Error Reporting. Memory Management | |
| FLIGHTSETTINGS.DLL!DllCanUnloadNow Determines if a DLL can be safely unloaded from memory based on its usage and reference counts. Process and Thread Management | |
| USER32.DLL!CharUpperBuffA Converts lowercase characters in a buffer to uppercase characters- modifying the buffer in place. Memory Management | |
| SHELL32.DLL!ExtractAssociatedIconW Retrieves a handle to an icon from a file or its associated executable file. File Operations | |
| USER32.DLL!LoadKeyboardLayoutW Loads a new input locale identifier into the system- affecting keyboard input layout. System Information and Control | |
| ADVAPI32.DLL!UpdateTraceA Updates properties of an event tracing session- impacting system event monitoring. System Information and Control | |
| GDI32FULL.DLL!CombineTransform This function concatenates transformations for rendering graphics- related to coordinate spaces and transformations. System Information and Control | |
| GDI32FULL.DLL!ScriptString_pSize Returns a pointer to a SIZE structure for an analyzed string- related to string measurement. System Information and Control | |
| USER32.DLL!IsMouseInPointerEnabled Determines if the mouse is enabled to act as a pointer device. System Information and Control | |
| GDI32.DLL!EngAlphaBlend Provides bit-block transfer with alpha blending- modifying pixel colors based on transparency values. Memory Management | |
| WINDOWS.STORAGE.DLL!SHGetSpecialFolderPathW Retrieves the path of a special folder identified by its CSIDL. File Operations | |
| GDI32FULL.DLL!Chord The Chord function draws a graphical chord using specified coordinates within a device context. System Information and Control | |
| SHLWAPI.DLL!IStream_ReadPidl Reads PIDL from an IStream object- involving data retrieval operations. File Operations | |
| KERNEL32.DLL!PrefetchVirtualMemory This function optimizes memory access by preloading specified virtual address ranges into physical memory. Memory Management | |
| USER32.DLL!GetScrollBarInfo Retrieves information about a scroll bar associated with a window- focusing on UI controls. System Information and Control | |
| KERNEL32.DLL!OpenJobObjectA Opens an existing job object- allowing access and management of associated processes. Process and Thread Management | |
| OLEAUT32.DLL!VarBstrFromDate Converts a date value to a BSTR value- involved in handling date representations. Memory Management | |
| KERNEL32.DLL!QueryMemoryResourceNotification Retrieves the state of a memory resource object without blocking the calling thread. Memory Management | |
| WINMMBASE.DLL!mmioSendMessage Sends a message to an I/O procedure associated with a specified file. File Operations | |
| CRYPTSP.DLL!CryptHashData Adds data to a specified hash object- essential for cryptographic operations. Cryptographic Operations | |
| ADVAPI32.DLL!PerfOpenQueryHandle Creates a handle for querying performance counters on the system. System Information and Control | |
| KERNEL32.DLL!RegGetValueA Retrieves the type and data for a specified registry value- involving direct access to the Windows registry. Registry Operations | |
| KERNEL32.DLL!GetFileSizeEx Retrieves the size of a specified file by accessing its attributes. File Operations | |
| COMCTL32.DLL!DPA_SaveStream This function saves a dynamic pointer array to a stream- involving data writing operations. File Operations | |
| ADVAPI32.DLL!GetManagedApplicationCategories Retrieves a list of application categories for a domain- related to domain policy management. System Information and Control | |
| OLEAUT32.DLL!VarDateFromCy This function converts currency values to date values- primarily dealing with data type conversions. Memory Management | |
| RPCRT4.DLL!NdrPointerMarshall Marshalls pointers for RPC complex data types- facilitating communication between processes. Memory Management | |
| OLEAUT32.DLL!VarR4FromUI2 Converts an unsigned short to a float value- related to data type conversion. Memory Management | |
| KERNEL32.DLL!EnableProcessOptionalXStateFeatures Enables optional XState features for the current process- affecting thread behavior. Process and Thread Management | |
| SHLWAPI.DLL!StrRetToBufA Converts an STRRET structure to a string- placing it in a buffer. Memory Management | |
| OLE32.DLL!OleLockRunning Locks or unlocks an object in its running state- affecting its lifecycle management. Process and Thread Management | |
| USER32.DLL!IsDlgButtonChecked Determines the check state of button controls in dialog boxes. System Information and Control | |
| OLE32.DLL!CoGetObjectContext Retrieves the context for the current object in COM applications- facilitating object management. Process and Thread Management | |
| KERNEL32.DLL!MoveFileWithProgressW This function moves a file or directory and can track progress. File Operations | |
| ADVAPI32.DLL!SaferIdentifyLevel The function retrieves security level information related to a code file for access control. System Information and Control | |
| KERNEL32.DLL!PowerCreateRequest Creates a new power request object to manage power settings and notifications. System Information and Control | |
| WINMMBASE.DLL!waveOutPause Pauses playback on a waveform-audio output device- affecting audio processing operations. Process and Thread Management | |
| OLEAUT32.DLL!VarI8FromDisp Converts the IDispatch instance's property to an 8-byte integer- indicating type conversion operations. Memory Management | |
| KERNEL32.DLL!CreateProcessW Creates a new process and its primary thread- involved in process management. Process and Thread Management | |
| KERNEL32.DLL!GetUserDefaultLCID Retrieves the locale identifier for the user default locale- related to system information. System Information and Control | |
| SECHOST.DLL!CredReadW Reads a credential from the user's credential set associated with the current logon session. Registry Operations | |
| GDI32FULL.DLL!GetICMProfileW Retrieves the filename of the current output color profile for a specified device context. File Operations | |
| USER32.DLL!GetWindowDpiHostingBehavior Examines the DPI hosting behavior of a specified window by its handle. System Information and Control | |
| GDI32FULL.DLL!EngCreateDeviceSurface Creates and returns a handle for device surfaces managed by a driver. Memory Management | |
| OLE32.DLL!MonikerRelativePathTo Generates a relative moniker from two absolute monikers for COM operations. System Information and Control | |
| USER32.DLL!SetMenuItemInfoW Changes information about a menu item in a user interface. System Information and Control | |
| OLE32.DLL!PropVariantChangeType Converts a PROPVARIANT value to a different type- manipulating data types. Memory Management | |
| KERNEL32.DLL!SetCalendarInfoW Sets locale information for calendars- affecting user settings and calendar configurations. System Information and Control | |
| OLE32.DLL!GetRunningObjectTable Retrieves a pointer to the interface for managing running objects locally. System Information and Control | |
| USER32.DLL!OpenWindowStationW Opens a specified window station handle for use by processes. Process and Thread Management | |
| SHLWAPI.DLL!SHStripMneumonicA Removes mnemonic markers from strings- aiding in user interface text management. System Information and Control | |
| RPCRT4.DLL!UuidFromStringW Converts a string representation of a UUID into binary format. Cryptographic Operations | |
| KERNELBASE.DLL!AddAccessAllowedAceEx This function modifies a DACL by adding an access-allowed ACE for security management. Registry Operations | |
| USER32.DLL!EnableWindow Allows enabling or disabling input to a window or control- affecting user interaction. Process and Thread Management | |
| OLEAUT32.DLL!VarI8FromI1 Converts a char to an 8-byte integer- related to data transformation operations. System Information and Control | |
| OLEAUT32.DLL!VarDateFromR8 Converts a double value to a date value- useful for data manipulation. Memory Management | |
| SHLWAPI.DLL!AssocGetPerceivedType Retrieves a file's perceived type based on its extension- involving registry associations. File Operations | |
| GDI32FULL.DLL!RealizePalette Maps logical palette entries to the system palette- affecting display context colors. System Information and Control | |
| WS2_32.DLL!WSASendDisconnect Initiates termination of a socket connection and sends disconnect data. Network Operations | |
| USER32.DLL!SubtractRect Determines rectangle coordinates by subtracting one rectangle from another based on intersection. System Information and Control | |
| RPCRT4.DLL!RpcMgmtSetComTimeout Sets the binding-communications time-out value in a binding handle for RPC communication. Network Operations | |
| WMI.DLL!CreateTraceInstanceId Creates a unique transaction identifier for trace events in an event tracing context. System Information and Control | |
| ADVAPI32.DLL!LsaLookupPrivilegeValue Retrieves the LUID for a specified privilege name from the Local Security Authority. System Information and Control | |
| OLE32.DLL!OleCreateLinkToFileEx Extends functionality for linking files in OLE applications- involves data and presentation format caching. File Operations | |
| USER32.DLL!GetWindowRgnBox Retrieves dimensions of a window's region for drawing. It's related to window management. System Information and Control | |
| SHCORE.DLL!SHCopyKeyW Copies subkeys and values from one registry key to another- categorizing it as Registry Operations. Registry Operations | |
| KERNEL32.DLL!EnumDateFormatsExA Enumerates date formats for a specified locale- allowing applications to retrieve internationalization settings. System Information and Control | |
| USER32.DLL!CopyImage Creates and copies image attributes (icon- cursor- bitmap) to a new image. Memory Management | |
| KERNEL32.DLL!PurgeComm Discards characters from input/output buffers of communication resources and terminates pending operations. File Operations | |
| WSOCK32.DLL!inet_ntoa Converts an IPv4 network address into an ASCII string in dotted-decimal format. Network Operations | |
| GDI32.DLL!PATHOBJ_vGetBounds This function retrieves the bounding rectangle for a given path- categorizing it under system information retrieval. System Information and Control | |
| KERNELBASE.DLL!AddAuditAccessAceEx This function adds an audit access control entry to a security access control list- affecting system security settings. Registry Operations | |
| OLEAUT32.DLL!VarDecFromUI4 This function converts an unsigned long to a decimal type- categorizing it under memory management. Memory Management | |
| USER32.DLL!SetLayeredWindowAttributes Sets opacity and transparency for a layered window- affecting its visual properties on the screen. System Information and Control | |
| SHLWAPI.DLL!PathGetDriveNumberW Searches a path for a drive letter and returns its corresponding number. System Information and Control | |
| KERNEL32.DLL!GetFileInformationByHandle Retrieves information about a specified file using its handle. File Operations | |
| KERNEL32.DLL!LoadEnclaveData Loads data into a specified enclave's memory address. Memory Management | |
| OLEAUT32.DLL!BstrFromVector Converts a vector to a BSTR- handling memory allocation. Memory Management | |
| KERNEL32.DLL!_llseek Moves the file pointer for a specified file handle based on the provided offset and origin. File Operations | |
| GDI32.DLL!BRUSHOBJ_pvAllocRbrush This function allocates memory specifically for a driver's brush realization- which is a memory management task. Memory Management | |
| ADVAPI32.DLL!GetUserNameA Retrieves the name of the user associated with the current thread- providing user identification. System Information and Control | |
| USER32.DLL!InsertMenuItemW Inserts a new item into a menu at a specified position- related to user interface operations. System Information and Control | |
| KERNEL32.DLL!OpenWaitableTimerW Opens existing named waitable timer objects allowing multiple processes to synchronize on timers. Process and Thread Management | |
| OLEAUT32.DLL!VarBoolFromI2 Converts a short integer to a Boolean value- focusing on type conversion operations. Memory Management | |
| WINDOWS.STORAGE.DLL!SHFindFiles Displays the Search window UI- allowing users to find files in specified directories. File Operations | |
| SHLWAPI.DLL!PathAppendA Appends one path to another- modifying the original string. File Operations | |
| USER32.DLL!SetProcessDPIAware Sets the default DPI awareness for a process to adjust for system-DPI settings. System Information and Control | |
| CRYPTSP.DLL!CryptSetProviderExA Specifies the default cryptographic service provider for the local computer or user. Cryptographic Operations | |
| SHELL32.DLL!SHReplaceFromPropSheetExtArray Replaces property sheet pages within a property sheet extension array- facilitating UI adjustments. DLL Injection and Manipulation | |
| OLEAUT32.DLL!VarUI8FromUI1 Converts a byte to an 8-byte unsigned integer- which involves data type transformation. Memory Management | |
| NTDLL.DLL!RtlIpv6AddressToStringExA Converts an IPv6 address- scope ID- and port number to a string representation. Network Operations | |
| ADVAPI32.DLL!FlushTraceW FlushTraceW delivers buffered events for a specified event tracing session immediately. System Information and Control | |
| USER32.DLL!GetClassLongW Retrieves a value from the WNDCLASSEX structure- primarily related to window class properties. System Information and Control | |
| OLEAUT32.DLL!SafeArrayReleaseDescriptor Decreases the reference count for a safe array descriptor- managing memory allocation and freeing. Memory Management | |
| KERNEL32.DLL!GetLocaleInfoEx Retrieves information about a specified locale- pertinent to system localization settings. System Information and Control | |
| KERNEL32.DLL!LocateXStateFeature Retrieves a pointer to processor state for an XState feature within a CONTEXT structure- managing state information. System Information and Control | |
| KERNELBASE.DLL!ImpersonateAnonymousToken Enables a thread to impersonate the system's anonymous logon token for controlled access. Process and Thread Management | |
| OLEAUT32.DLL!VarDecFromDate Converts a date to a decimal value- which involves data type manipulation. Memory Management | |
| KERNEL32.DLL!SetDefaultCommConfigW This function configures the default settings for a communications device- indicating file operations with device settings. File Operations | |
| WINMMBASE.DLL!midiStreamRestart This function restarts a paused MIDI stream- managing multimedia processes. Process and Thread Management | |
| GDI32FULL.DLL!GetEnhMetaFilePaletteEntries This function retrieves palette entries from an enhanced metafile- relating to graphical data management. Memory Management | |
| COMCTL32.DLL!ImageList_DragMove Moves a drag image during a drag-and-drop operation based on mouse movement. System Information and Control | |
| GDI32FULL.DLL!GetRandomRgn Copies the clipping region of a specified device context- dealing with graphical rendering. Memory Management | |
| OLEAUT32.DLL!VarR4FromCy Converts a currency value to a float value- thus performing data manipulation. Memory Management | |
| KERNEL32.DLL!GlobalAddAtomExA This function adds a string to the global atom table- affecting system-wide string management. System Information and Control | |
| GDI32FULL.DLL!CreateFontIndirectExA This function creates a logical font based on specified characteristics for graphical device interfaces. DLL Injection and Manipulation | |
| RPCRT4.DLL!MesEncodeDynBufferHandleCreate Creates and initializes an encoding handle for dynamic buffer serialization- which involves memory management. Memory Management | |
| USER32.DLL!EnumDisplayMonitors This function enumerates display monitors relevant to a specified region- involving system-level graphics information. System Information and Control | |
| OLEAUT32.DLL!SafeArrayDestroyData Destroys all data in a safe array- releasing associated resources and managing memory cleanup. Memory Management | |
| SHLWAPI.DLL!PathIsDirectoryEmptyW Determines if a specified directory path is empty. File Operations | |
| OLE32.DLL!CoResumeClassObjects Allows servers to activate registered class objects and manage activation requests from the Service Control Manager (SCM). Process and Thread Management | |
| KERNEL32.DLL!NotifyUILanguageChange Function intended to notify UI language changes- relates to user interface internationalization. System Information and Control | |
| SHLWAPI.DLL!PathFileExistsW Determines if a specified file or folder path exists in the file system. File Operations | |
| RPCRT4.DLL!NdrGetUserMarshalInfo Provides information to helper functions regarding marshaling- often used for checking buffer sizes. Memory Management | |
| OLEAUT32.DLL!VarBoolFromDisp Converts IDispatch instance properties to Boolean values. System Information and Control | |
| ADVAPI32.DLL!AccessCheckByTypeResultListAndAuditAlarmA Evaluates access rights and generates audit messages based on a security descriptor for the impersonated client. Registry Operations | |
| RPCRT4.DLL!RpcServerUseProtseqA Registers a protocol sequence for receiving remote procedure calls. Network Operations | |
| USER32.DLL!SetWindowDisplayAffinity This function specifies the display affinity settings for a window- managing how and where its content is shown. System Information and Control | |
| ADVAPI32.DLL!LsaQueryCAPs This function queries Central Access Policies- retrieving policies based on specified IDs. System Information and Control | |
| WINMMBASE.DLL!GetDriverModuleHandle Retrieves the handle of a module that contains an installable driver- indicating driver management functionality. Process and Thread Management | |
| KERNEL32.DLL!GetCurrentThreadStackLimits Retrieves the stack boundaries allocated for the current thread- indicating process and thread stack management. Process and Thread Management | |
| KERNELBASE.DLL!SetSecurityDescriptorGroup This function sets primary group information in a security descriptor- controlling access permissions. Registry Operations | |
| RPCRT4.DLL!NdrDllRegisterProxy This function creates a registry entry for proxy DLL interfaces- indicating registry operations. Registry Operations | |
| GDI32FULL.DLL!GetStretchBltMode Retrieves the current stretching mode for bitmaps when stretched or compressed. System Information and Control | |
| KERNEL32.DLL!UnregisterWaitEx Cancels a wait operation registered previously- managing thread execution flow. Process and Thread Management | |
| USER32.DLL!CreateSyntheticPointerDevice Initializes a pointer injection device for applications to simulate pointer input. System Information and Control | |
| USER32.DLL!ChangeWindowMessageFilterEx Modifies UIPI message filter for a specific window- allowing or blocking messages from lower privileged processes. Hooking and Interception | |
| SHELL32.DLL!PickIconDlg Displays a dialog for selecting an icon from resources in executables or DLLs. File Operations | |
| WINMM.DLL!joyGetPosEx Queries joystick position and button status- enabling multimedia input operations. System Information and Control | |
| KERNEL32.DLL!GetComputerNameW Retrieves the NetBIOS name of the local computer from system information. System Information and Control | |
| USER32.DLL!CharUpperW Converts strings or characters to uppercase- affecting in-place modification. Memory Management | |
| TRACKMOUSEEVENT Tracks mouse pointer movements and generates notifications for hover and leave events related to window interaction. System Information and Control | |
| VERTDLL.DLL!NtClose Closes the specified handle- managing system resources by releasing handles to various objects. Process and Thread Management | |
| USER32.DLL!UnregisterTouchWindow This function deregisters a window's touch capability- relating to window interactions. System Information and Control | |
| WS2_32.DLL!WSAEnumNameSpaceProvidersExW Retrieves information on available namespace providers- useful for network operations. Network Operations | |
| SHELL32.DLL!DriveType Determines the type of a drive based on its number- related to file and volume management. File Operations | |
| SHCORE.DLL!IUnknown_GetSite Retrieves the site for a COM object through the IObjectWithSite interface. System Information and Control | |
| KERNEL32.DLL!GetExitCodeThread Retrieves the termination status of a specified thread- indicating its exit state. Process and Thread Management | |
| WSOCK32.DLL!WSASetBlockingHook Function intended for blocking network operations; now deprecated- relates to network operation control. Network Operations | |
| WINMMBASE.DLL!waveInGetNumDevs This function retrieves the count of audio input devices on the system. System Information and Control | |
| KERNEL32.DLL!SetErrorMode Controls error handling for the process- affecting how critical errors are managed. System Information and Control | |
| SHLWAPI.DLL!SHLoadIndirectString Extracts text resources using indirect strings for various resource formats. File Operations | |
| IMFSourceBuffer::Abort This function stops the ongoing processing of a media segment in a buffer. Process and Thread Management | |
| SHLWAPI.DLL!UrlHashW This function hashes a URL string- manipulating the data for secure storage or comparison. Cryptographic Operations | |
| USER32.DLL!GetPriorityClipboardFormat Retrieves the first available clipboard format from a specified priority list- indicating clipboard data management. File Operations | |
| OLEAUT32.DLL!LoadTypeLib Loads and registers a type library from a specified file. File Operations | |
| KERNEL32.DLL!GetThreadIOPendingFlag This function determines the I/O status of a specified thread- involving process state management. Process and Thread Management | |
| OLEAUT32.DLL!VarBstrFromDec Converts a decimal value to a BSTR value- manipulating data formats. Memory Management | |
| RPCRT4.DLL!RpcEpResolveBinding Resolves a partially-bound server binding handle to a fully-bound handle for RPC communication. Network Operations | |
| GDI32FULL.DLL!GetDeviceCaps Retrieves rendering device capabilities. System Information and Control | |
| KERNEL32.DLL!GetNumaNodeNumberFromHandle Retrieves the NUMA node associated with a file or I/O device handle. System Information and Control | |
| OLE32.DLL!CoGetInterceptor Creates an interceptor for COM interfaces- allowing function calls to be intercepted. Hooking and Interception | |
| OLEAUT32.DLL!VarR4FromBool Converts Boolean values to float- indicating a data type transformation. Memory Management | |
| KERNEL32.DLL!GetWriteWatch Retrieves written page addresses in a virtual memory region- indicating memory usage. Memory Management | |
| OLE32.DLL!HMENU_UserSize64 This function calculates the wire size of the HMENU object for proper alignment during RPC marshaling. Memory Management | |
| SHELL32.DLL!SHIsFileAvailableOffline Checks if a file is accessible offline- determining its source (network or local cache). File Operations | |
| OLEAUT32.DLL!VarUI1FromR8 This function converts a double value to an unsigned char- impacting data manipulation. Memory Management | |
| USER32.DLL!UnregisterHotKey Frees a hot key associated with the calling thread- impacting keyboard input management. Hooking and Interception | |
| GDI32FULL.DLL!GetTextExtentExPointA This function retrieves text extents- crucial for layout operations in graphical applications. File Operations | |
| OLEAUT32.DLL!VarBstrFromUI1 Converts an unsigned char to a BSTR value for automation processing. System Information and Control | |
| COMCTL32.DLL!DPA_InsertPtr This function inserts an item in a dynamic pointer array- thus managing memory allocations. Memory Management | |
| GDI32FULL.DLL!GetCharABCWidthsA Retrieves character widths from a TrueType font- relevant for graphical rendering and display. System Information and Control | |
| SECHOST.DLL!CredReadDomainCredentialsA This function reads specific domain credentials from the user's credential set associated with the logon session. Registry Operations | |
| RPCRT4.DLL!RpcObjectSetInqFn Registers an object-inquiry function for RPC- managing how object types are identified. Process and Thread Management | |
| KERNEL32.DLL!DeleteCriticalSection Releases resources from a critical section object- managing synchronization between threads. Process and Thread Management | |
| USER32.DLL!SetThreadCursorCreationScaling Adjusts DPI scaling for cursors created on a specific thread. System Information and Control | |
| OLEAUT32.DLL!VarI4FromCy Converts a currency value to a long value- indicating a form of data manipulation. Memory Management | |
| ADVAPI32.DLL!RegEnumKeyA Enumerates subkeys of a specified open registry key- facilitating registry operations. Registry Operations | |
| GDI32FULL.DLL!PolyBezier Draws Bézier curves using specified points and control points in a device context. System Information and Control | |
| OLEAUT32.DLL!VarDecMul Multiplies decimal variants indicating arithmetic operations. File Operations | |
| SHLWAPI.DLL!PathIsSameRootW Compares two file paths to check for a common root component- indicating file operations. File Operations | |
| KERNEL32.DLL!GetThreadLocale Retrieves the current locale identifier for the calling thread- affecting locale-based operations. System Information and Control | |
| KERNEL32.DLL!FindFirstFileExA Searches a directory for files matching specified attributes. File Operations | |
| GDI32FULL.DLL!CreateDCW Creates a device context for a specified output device- enabling graphics operations. System Information and Control | |
| ADVAPI32.DLL!BackupEventLogW Saves the specified event log to a backup file without clearing it. File Operations | |
| USER32.DLL!OpenDesktopA Opens a desktop object- involves access rights and handle management for desktop processes. Process and Thread Management | |
| RPCRT4.DLL!RpcErrorGetNumberOfRecords This function retrieves the count of error records in RPC- related to handling extended error information. System Information and Control | |
| USER32.DLL!CreateWindowExW Creates a window with specified styles- enabling interaction with graphical user interface. Process and Thread Management | |
| KERNEL32.DLL!WritePrivateProfileStructA Copies data into an initialization file and manages its keys and sections. File Operations | |
| GDI32.DLL!BRUSHOBJ_ulGetBrushColor This function retrieves the RGB color of a solid brush- relevant for graphical rendering. System Information and Control | |
| SHLWAPI.DLL!StrRetToBSTR Converts a STRRET structure to a BSTR string- related to file identifiers in shell operations. File Operations | |
| OLE32.DLL!HPALETTE_UserFree64 Frees resources associated with an RPC call- managing memory allocation. Memory Management | |
| USER32.DLL!GetGUIThreadInfo Retrieves information about the active window or a specified GUI thread- indicative of process and thread interaction. Process and Thread Management | |
| ADVAPI32.DLL!LookupAccountNameW Retrieves a security identifier (SID) and domain name for a specified account name. System Information and Control | |
| USER32.DLL!WINNLSEnableIME Enables or disables an Input Method Editor (IME) and controls its window display. Process and Thread Management | |
| OLE32.DLL!CreateStreamOnHGlobal Creates a stream object that uses a memory handle for storing stream contents. Memory Management | |
| SHCORE.DLL!SHOpenRegStreamA This function opens a registry value stream for reading or writing data. Registry Operations | |
| KERNEL32.DLL!SetFirmwareEnvironmentVariableExW Modifies firmware environment variables- indicating their storage and maintenance attributes. Registry Operations | |
| OLE32.DLL!OleDraw The OleDraw function facilitates the drawing of objects on a device context. Process and Thread Management | |
| OLE32.DLL!ObjectStublessClient6 Stub function for COM proxies in RPC- facilitating communication between client and server components. DLL Injection and Manipulation | |
| KERNEL32.DLL!HeapLock Acquires a lock on a specified heap- preventing other threads from allocating or releasing memory. Memory Management | |
| SHLWAPI.DLL!ChrCmpIA Compares two characters in a case-insensitive manner. System Information and Control | |
| GDI32FULL.DLL!ModifyWorldTransform This function changes the world transformation for a device context- affecting how graphics are drawn. System Information and Control | |
| GDI32FULL.DLL!AbortPath Closes and discards paths in a device context- related to graphical operations. Memory Management | |
| KERNEL32.DLL!FindFirstFileTransactedW Searches for a file in a directory as a transacted operation. File Operations | |
| KERNEL32.DLL!SetThreadAffinityMask Configures which processor a thread can run on within its process. Process and Thread Management | |
| SECHOST.DLL!AuditSetSystemPolicy This function sets system audit policy for various audit subcategories- which involves controlling system behavior and security. System Information and Control | |
| GDI32FULL.DLL!GetDCBrushColor Retrieves the current brush color for a specified device context- relevant in graphic operations. System Information and Control | |
| WMI.DLL!RegisterTraceGuidsW This function registers an event trace provider for ETW- facilitating event logging and management. System Information and Control | |
| GDI32.DLL!AbortDoc This function stops a print job and erases the drawing data- related to file output operations. File Operations | |
| KERNEL32.DLL!CreateSemaphoreExA Creates or opens a semaphore for process synchronization- enabling management of concurrent operations. Process and Thread Management | |
| ADVAPI32.DLL!LsaQueryDomainInformationPolicy Retrieves information from the Policy object regarding domain settings. System Information and Control | |
| WINMMBASE.DLL!auxGetNumDevs Retrieves the number of auxiliary output devices in the system. System Information and Control | |
| GDI32FULL.DLL!CreateFontW Creates a logical font which can subsequently be used for text rendering on a device. System Information and Control | |
| GDI32FULL.DLL!SelectPalette Selects a logical palette into a device context for color management. System Information and Control | |
| COMCTL32.DLL!CreateStatusWindowA Creates a status window for displaying application status- involving GUI control creation. System Information and Control | |
| SHCORE.DLL!SHGetValueW Retrieves a value from the Windows registry using a specific key and subkey. Registry Operations | |
| SHELL32.DLL!Shell_GetCachedImageIndexA Retrieves the cache index of an icon from a file path. File Operations | |
| KERNEL32.DLL!QueryDepthSList Retrieves the number of entries in a singly linked list for system management purposes. System Information and Control | |
| GDI32FULL.DLL!AnimatePalette Replaces entries in a logical palette which affects how colors are rendered in graphics. System Information and Control | |
| USER32.DLL!ChangeClipboardChain This function modifies the clipboard viewer chain by removing a specified window. System Information and Control | |
| KERNEL32.DLL!IsNormalizedString Verifies if a string conforms to Unicode normalization standards. System Information and Control | |
| SHLWAPI.DLL!PathStripPathW Removes the path portion from a full folder and file name- focusing on file manipulation. File Operations | |
| WS2_32.DLL!GetNameInfoW Resolves protocol-independent names from socket addresses- crucial for network operations. Network Operations | |
| KERNEL32.DLL!CallbackMayRunLong Indicates the potential duration of a callback- affecting thread management. Process and Thread Management | |
| GDI32FULL.DLL!GetTextExtentExPointI This function retrieves text extents for characters in a string- related to graphical output. System Information and Control | |
| OLE32.DLL!StgOpenPropStg This function opens a property set in a storage or stream object- managing file properties. File Operations | |
| KERNEL32.DLL!IsWow64Process2 Determines if a process runs under WOW64 and retrieves architectural information. System Information and Control | |
| KERNEL32.DLL!GetExpandedNameA Retrieves the original name of a compressed file- indicating file manipulation. File Operations | |
| WSOCK32.DLL!WSACancelBlockingCall This function deals with network operations by canceling blocking calls in Winsock. Network Operations | |
| OLEAUT32.DLL!VarUI8FromDate Converts a date to an unsigned integer- dealing with data types. Memory Management | |
| KERNEL32.DLL!SetThreadpoolThreadMaximum Specifies the maximum threads for a thread pool to manage callback processing efficiently. Process and Thread Management | |
| SHELL32.DLL!SHDestroyPropSheetExtArray Frees property sheet handlers- managing memory for created arrays. Memory Management | |
| VERTDLL.DLL!RtlInitUnicodeString Initializes a counted Unicode string for further operations in the system. Memory Management | |
| OLE32.DLL!CoRegisterActivationFilter Registers a process-wide filter for handling activation requests in COM applications. System Information and Control | |
| KERNEL32.DLL!ResetEvent This function sets an event object to the nonsignaled state- managing thread synchronization. Process and Thread Management | |
| KERNEL32.DLL!WerSetFlags Configures Windows Error Reporting settings for error handling in the current process. System Information and Control | |
| KERNEL32.DLL!CommConfigDialogA Displays a configuration dialog box for drivers related to communication devices. System Information and Control | |
| OLEAUT32.DLL!DispInvoke This function invokes member functions of an interface using type information- automating dispatch operations. System Information and Control | |
| OLEAUT32.DLL!VarI8FromDate Converts a date value to an 8-byte integer value. Memory Management | |
| RPCRT4.DLL!RpcBindingToStringBindingW Converts a binding handle to its string representation- enabling network communication. Network Operations | |
| KERNELBASE.DLL!GetLengthSid Returns the length of a valid security identifier (SID) structure. Registry Operations | |
| KERNELBASE.DLL!SetFileSecurityW This function sets security attributes for a file or directory- thus involving file security management. File Operations | |
| USER32.DLL!GetSysColor Retrieves the current color of specified display elements for UI rendering purposes. System Information and Control | |
| OLEAUT32.DLL!VarTokenizeFormatString Parses format strings into tokens for variants- facilitating formatted output. System Information and Control | |
| OLEAUT32.DLL!VARIANT_UserMarshal64 Marshals a VARIANT object into the RPC buffer for communication. Network Operations | |
| WINMM.DLL!joyGetPos Queries joystick position and button status. Interacts with device input for game control. System Information and Control | |
| KERNEL32.DLL!GetThreadSelectedCpuSets Queries the CPU Set assignment of a specified thread for threading management. Process and Thread Management | |
| KERNEL32.DLL!OpenSemaphoreW Opens an existing named semaphore object- facilitating inter-process synchronization. Process and Thread Management | |
| USER32.DLL!GetMenuState Retrieves menu flags for specified menu items- indicating item status and submenu information. System Information and Control | |
| OLEAUT32.DLL!VarI8FromBool Converts a Boolean value to an 8-byte integer- focusing on data type conversion. System Information and Control | |
| KERNELBASE.DLL!PerfQueryInstance Retrieves a pointer to a performance counter set instance for monitoring resources. System Information and Control | |
| WINMMBASE.DLL!waveOutSetPlaybackRate Adjusts playback rate for a waveform-audio output device. System Information and Control | |
| WINDOWS.STORAGE.DLL!SHGetDesktopFolder Retrieves the IShellFolder interface for the desktop folder- providing access to shell namespace operations. System Information and Control | |
| WS2_32.DLL!WSAEnumProtocolsW Retrieves information about available transport protocols in the local system. Network Operations | |
| KERNEL32.DLL!GetFileBandwidthReservation Retrieves bandwidth reservation properties for a specified file- relating to file operations. File Operations | |
| WINMMBASE.DLL!midiInGetErrorTextW This function retrieves textual descriptions for error codes related to MIDI input operations. System Information and Control | |
| OLE32.DLL!HDC_UserFree64 Frees server-side resources used by RPC stub files. Memory Management | |
| SHELL32.DLL!SHGetUnreadMailCountW Retrieves unread message counts from user email accounts- requiring access to user-specific data. Registry Operations | |
| WINMMBASE.DLL!midiOutUnprepareHeader Cleans up preparation for a MIDI output header- ensuring proper buffer management. Process and Thread Management | |
| USER32.DLL!keybd_event Synthesizes a keystroke- influencing keyboard input at the system level. Hooking and Interception | |
| KERNEL32.DLL!GetErrorMode Retrieves the error mode for the current process- indicating how it handles serious errors. System Information and Control | |
| OLE32.DLL!OleCreateLinkToFile Creates an OLE object linked to a file- facilitating file operations in a COM context. File Operations | |
| USER32.DLL!ScreenToClient Converts screen coordinates to client-area coordinates using a specified window's handle. System Information and Control | |
| WS2_32.DLL!getaddrinfo Translates host names to addresses- facilitating network operations. Network Operations | |
| OLE32.DLL!ObjectStublessClient4 Stub function for COM proxies used in marshaling interfaces. DLL Injection and Manipulation | |
| KERNEL32.DLL!CreateRemoteThread Creates a thread in the address space of another process- allowing manipulation and control over that process. Process and Thread Management | |
| COMCTL32.DLL!MenuHelp Processes menu messages and displays Help text in a status window. System Information and Control | |
| GDI32FULL.DLL!GetTextExtentPointA Computes the dimensions of a specified string of text in logical units. System Information and Control | |
| WINMMBASE.DLL!midiOutCachePatches This function caches and manages MIDI patches for internal synthesizers- affecting how audio data is preloaded. System Information and Control | |
| USER32.DLL!BroadcastSystemMessage Sends messages to specified recipients in the system- allowing communication between different system components. Network Operations | |
| RPCRT4.DLL!RpcSmSetClientAllocFree This function sets custom memory allocation and release functions for RPC client stubs. Memory Management | |
| GDI32FULL.DLL!ScriptCPtoX Computes the x offset of a character in a text run for caret positioning. System Information and Control | |
| KERNEL32.DLL!InitOnceExecuteOnce Manages one-time initialization for a function- ensuring single-thread execution and synchronization. Process and Thread Management | |
| KERNEL32.DLL!SetWaitableTimer Activates a timer for signaling at a specified time- managing thread sleep and wake cycles. Process and Thread Management | |
| ADVAPI32.DLL!GetUserNameW Retrieves the name of the user associated with the current thread. System Information and Control | |
| GDI32FULL.DLL!TextOutW This function outputs a string of text to a specified location using graphics device interface (GDI). System Information and Control | |
| KERNELBASE.DLL!CreateRestrictedToken Creates a restricted access token to limit privileges and SIDs for better security controls. Process and Thread Management | |
| OLEAUT32.DLL!VariantClear Clears the contents of a variant type- releasing associated resources when clearing. Memory Management | |
| USER32.DLL!SetWindowPos Changes the size- position- and Z order of a window on the desktop. System Information and Control | |
| KERNEL32.DLL!WakeConditionVariable This function manages threads by waking a single one waiting on a condition variable. Process and Thread Management | |
| KERNEL32.DLL!SetIoRingCompletionEvent Registers a completion event for an I/O ring- facilitating tracking of I/O operations. File Operations | |
| SHLWAPI.DLL!PathCanonicalizeW This function simplifies file paths by removing navigation elements- making it part of File Operations. File Operations | |
| WINMMBASE.DLL!auxGetDevCapsA Retrieves capabilities of an auxiliary output device- indicating system information about audio devices. System Information and Control | |
| WS2_32.DLL!WSANtohl Converts a u_long from network byte order to host byte order for socket communications. Network Operations | |
| OLEAUT32.DLL!VarI1FromDec Converts a decimal value to a char value. Memory Management | |
| WS2_32.DLL!WSANtohs Converts network byte order to host byte order for socket communication. Network Operations | |
| WINDOWS.STORAGE.DLL!SHResolveLibrary Resolves locations in a library- handling moved or renamed entries. File Operations | |
| USER32.DLL!MapWindowPoints Converts points between coordinate spaces of two windows. Essential for GUI operations. System Information and Control | |
| GDI32FULL.DLL!EngDeleteSemaphore This function removes a semaphore from the system's resource list- managing synchronization objects. Process and Thread Management | |
| USER32.DLL!CreateCursor Creates a cursor based on specified parameters- affecting graphical resource management. System Information and Control | |
| KERNEL32.DLL!LocalLock Locks a local memory object and manages its memory usage. Memory Management | |
| GDI32FULL.DLL!CreateBrushIndirect Creates a logical brush for drawing graphics within a device context. Memory Management | |
| SHLWAPI.DLL!AssocQueryStringByKeyA Retrieves file association strings from the registry starting at a specified key. Registry Operations | |
| USER32.DLL!GetDlgItemTextW Retrieves text from a dialog control- involving UI element interaction. System Information and Control | |
| WS2_32.DLL!WSCGetProviderPath This function retrieves the DLL path for a specified provider- indicating network-related operation. Network Operations | |
| OLE32.DLL!CLSIDFromProgID This function retrieves a CLSID from the registry based on a ProgID. Registry Operations | |
| SHELL32.DLL!SHPropStgReadMultiple Wraps IPropertyStorage::ReadMultiple for reading multiple properties from a property store. Registry Operations | |
| WS2_32.DLL!WSAAccept Accepts a connection based on conditions and transfers connection data. Network Operations | |
| USER32.DLL!SetSysColors This function changes the color settings for display elements- impacting their visual representation. System Information and Control | |
| WS2_32.DLL!WSADuplicateSocketW Enables sharing of socket descriptors between processes by duplicating their protocol information. Network Operations | |
| KERNEL32.DLL!GetMemoryErrorHandlingCapabilities Retrieves the system's memory error handling features- indicating capabilities related to memory management. Memory Management | |
| USER32.DLL!SetWindowRgn Sets the window region- controlling the drawable area of a window for visual representation. System Information and Control | |
| USER32.DLL!GetWindowRect Retrieves bounding rectangle dimensions of a specified window in screen coordinates. System Information and Control | |
| KERNEL32.DLL!GetExpandedNameW Retrieves the original name of a Lempel-Ziv compressed file- involving file metadata manipulation. File Operations | |
| GDI32FULL.DLL!CreatePalette Creates a logical palette for color management in graphics applications. System Information and Control | |
| WS2_32.DLL!FreeAddrInfoEx Frees dynamically allocated address information structures created by GetAddrInfoEx. Memory Management | |
| OLEAUT32.DLL!VARIANT_UserUnmarshal Unmarshals a VARIANT object from the RPC buffer- handling data transfer in remote procedure calls. Memory Management | |
| COMCTL32.DLL!DPA_DeleteAllPtrs This function manages dynamic pointer arrays- removing items and resizing them. Memory Management | |
| GDI32.DLL!EngUnlockSurface This function unlocks a GDI surface- indicating it was previously locked for access. Memory Management | |
| CRYPTSP.DLL!CryptSetKeyParam This function customizes key parameters impacting cryptographic operations- facilitating session key management. Cryptographic Operations | |
| USER32.DLL!ChangeWindowMessageFilter Modifies the UIPI message filter- allowing or blocking specific messages in the UI communication. Hooking and Interception | |
| OLE32.DLL!CoMarshalInterface Marshals data to initialize a proxy object in a client process stream. Network Operations | |
| USER32.DLL!SetProcessRestrictionExemption Exempts a process from restrictions- allowing interaction with Windows Store apps and affecting UI privileges. Hooking and Interception | |
| USER32.DLL!FillRect Fills a rectangle using a specified brush in a device context- involving graphic operations. System Information and Control | |
| USER32.DLL!DefRawInputProc Checks the size of the RAWINPUTHEADER structure; does not perform any further operations. System Information and Control | |
| KERNEL32.DLL!EnumResourceLanguagesA Enumerates language-specific resources from a binary module's types and names- facilitating resource management. System Information and Control | |
| NTDLL.DLL!RtlUnicodeToMultiByteSize Determines byte size for a Unicode string to ANSI conversion. Memory Management | |
| SECHOST.DLL!CredProtectW Encrypts specified credentials for security- only decryptable by the current security context. Cryptographic Operations | |
| USER32.DLL!InjectTouchInput Simulates touch input for user interface interactions. Hooking and Interception | |
| OLEAUT32.DLL!VarCyCmpR8 Compares currency variant with double type value. Primarily involved in data comparison operations. System Information and Control | |
| OLE32.DLL!NdrProxyForwardingFunction9 A stub function for COM proxies related to interface marshalling. DLL Injection and Manipulation | |
| KERNEL32.DLL!GetProcessAffinityMask Retrieves the process and system affinity masks- indicating processor allocation for a process. Process and Thread Management | |
| KERNEL32.DLL!QueryThreadCycleTime Retrieves CPU clock cycles used by a specified thread to measure performance. Process and Thread Management | |
| OLE32.DLL!GetHGlobalFromILockBytes Retrieves a global memory handle to a byte array created on global memory. Memory Management | |
| USER32.DLL!FindWindowExA Retrieves a handle to a window based on class name and window name criteria. System Information and Control | |
| GDI32FULL.DLL!GetAspectRatioFilterEx Retrieves the current aspect-ratio filter setting for a device context. System Information and Control | |
| GDI32FULL.DLL!GetGraphicsMode Retrieves the current graphics mode for a specified device context. System Information and Control | |
| SHLWAPI.DLL!PathIsURLW Validates whether a string conforms to a valid URL format without checking if it exists. Network Operations | |
| OLEAUT32.DLL!VarI2FromStr Converts a string to a short value- handling locale identifiers and flags. Memory Management | |
| GDI32FULL.DLL!GetCurrentPositionEx Retrieves the current position in logical coordinates from a device context. System Information and Control | |
| SECHOST.DLL!CredUnmarshalCredentialW Converts a marshaled credential back to its original form for security management. Cryptographic Operations | |
| CRYPTSP.DLL!CryptGetDefaultProviderW Retrieves the name of the default cryptographic service provider (CSP) for a specific type. Cryptographic Operations | |
| GDI32FULL.DLL!CopyEnhMetaFileA This function copies contents from an enhanced metafile to a file- involving file operations. File Operations | |
| FINDTEXTW Retrieves information about a search operation in a rich edit control. System Information and Control | |
| OLEAUT32.DLL!VarDecCmp Compares two decimal variants- indicating relational value. System Information and Control | |
| USER32.DLL!GetMenuItemCount This function counts items in a menu- related to user interface operations. System Information and Control | |
| USER32.DLL!CharNextA Advances a pointer to the next character in a string- managing multi-byte characters. Memory Management | |
| ADVAPI32.DLL!BuildSecurityDescriptorW Allocates and initializes a new security descriptor for managing access and auditing. Registry Operations | |
| SHLWAPI.DLL!UrlIsNoHistoryA Determines if a URL is excluded from browser navigation history. System Information and Control | |
| OLE32.DLL!NdrProxyForwardingFunction12 Stub function for COM proxies- facilitating communication between client and server components. Process and Thread Management | |
| USER32.DLL!ReleaseCapture Releases mouse capture from a window- restoring normal input processing. Process and Thread Management | |
| KERNEL32.DLL!PowerSetRequest Increments power request count for system behavior management based on specific power states. System Information and Control | |
| OLE32.DLL!ObjectStublessClient3 Stub function for COM proxies; essential for proxy DLL generation and interface marshaling. DLL Injection and Manipulation | |
| USER32.DLL!DdeConnectList Establishes conversations with server applications for data exchange based on service and topic names. Network Operations | |
| OLE32.DLL!StgOpenStorageEx Opens a root storage object in the file system- allowing file access operations. File Operations | |
| RPCRT4.DLL!RpcBindingInqAuthInfoExW Retrieves authentication- authorization- and security quality-of-service information from a specified binding handle. Network Operations | |
| CRYPTSP.DLL!CryptVerifySignatureW Verifies the signature of a hash object- ensuring integrity and authenticity of the data. Cryptographic Operations | |
| SHLWAPI.DLL!PathMakeSystemFolderW Sets attributes for an existing folder to designate it as a system folder. File Operations | |
| KERNEL32.DLL!IdnToAscii Converts internationalized domain names to ASCII using Punycode encoding. Network Operations | |
| WINMMBASE.DLL!mixerGetControlDetailsA Retrieves details about an audio control associated with a mixer device. System Information and Control | |
| WSOCK32.DLL!ioctlsocket Controls I/O mode of a socket- enabling or disabling blocking mode. Network Operations | |
| KERNEL32.DLL!EnumSystemCodePagesA Enumerates installed or supported code pages- providing system information related to character encoding. System Information and Control | |
| KERNEL32.DLL!CreateProcessA Creates a new process and primary thread- managing its execution within the calling process's context. Process and Thread Management | |
| OLE32.DLL!StringFromIID Converts interface identifiers to strings- involving memory allocation for the string result. Memory Management | |
| OLEAUT32.DLL!VarCyFromUI2 Converts an unsigned short to a currency value- focusing on data type conversion. Memory Management | |
| KERNEL32.DLL!EnterUmsSchedulingMode Converts the calling thread into a UMS scheduler thread for managing worker threads. Process and Thread Management | |
| SHLWAPI.DLL!PathParseIconLocationA Parses a file location string to extract a file path and an icon index. File Operations | |
| OLEAUT32.DLL!VarR8FromI1 Converts a char to a double- manipulating data types in memory. Memory Management | |
| SHLWAPI.DLL!StrCmpNCA Compares strings to determine their order based on ASCII values- not manipulating files or processes. System Information and Control | |
| WBEMTime::GetSYSTEMTIME Retrieves the current system time as a structured format. System Information and Control | |
| GDI32.DLL!EngStrokeAndFillPath This function fills and strokes a GDI path on a drawing surface. System Information and Control | |
| KERNEL32.DLL!AppPolicyGetCreateFileAccess Checks if a process has full or restricted IO device access- relating to file operations. File Operations | |
| KERNELBASE.DLL!EqualDomainSid Compares two SIDs to check if they belong to the same domain. System Information and Control | |
| KERNEL32.DLL!SetCommConfig Configures a communications device's settings via a handle- directly related to device operations. File Operations | |
| ITextRange::GetChar Retrieves the character at a specified position in the text range. System Information and Control | |
| WINDOWS.STORAGE.DLL!SHGetIDListFromObject Retrieves a pointer to an item identifier list (PIDL) of an object. System Information and Control | |
| GDI32FULL.DLL!ColorCorrectPalette This function corrects palette entries in a device context- relevant to graphical operations. System Information and Control | |
| GDI32FULL.DLL!GetClipBox Retrieves dimensions of the current visible area based on the device context. System Information and Control | |
| OLEAUT32.DLL!DispCallFunc This function aids in invoking methods- relevant to process and thread operations. Process and Thread Management | |
| SHLWAPI.DLL!PathMatchSpecExW Matches file names against specified patterns- indicating file operation capabilities. File Operations | |
| KERNEL32.DLL!GetDateFormatEx Formats a date string based on specified locale and options- related to getting localized date information. System Information and Control | |
| SHCORE.DLL!IStream_Reset Resets the seek position in a stream to the beginning- affecting how data is read from the stream. File Operations | |
| KERNEL32.DLL!SetCommState Configures a communications device using a DCB structure- managing hardware settings. System Information and Control | |
| SHCORE.DLL!SetCurrentProcessExplicitAppUserModelID Assigns a unique AppUserModelID to the process for taskbar identification. System Information and Control | |
| KERNEL32.DLL!_lread This function reads data from a specified file- categorizing it under file operations. File Operations | |
| OLE32.DLL!NdrProxyForwardingFunction31 This function is a stub for COM proxies- facilitating interface marshaling. System Information and Control | |
| KERNEL32.DLL!WakeAllConditionVariable This function wakes all threads waiting on a condition variable- indicating its role in thread management. Process and Thread Management | |
| KERNEL32.DLL!PssWalkMarkerCreate Creates a walk marker to manage the state of a walk through process snapshots. Process and Thread Management | |
| SECHOST.DLL!EnableTraceEx2 Configures how an ETW provider logs events to a trace session- controlling event enabling and filter parameters. System Information and Control | |
| KERNEL32.DLL!ReleaseMutexWhenCallbackReturns Releases a mutex once the associated thread pool callback function completes. Process and Thread Management | |
| USER32.DLL!AdjustWindowRectEx Adjusts the size of a window rectangle based on the client rectangle size for UI display. Process and Thread Management | |
| KERNEL32.DLL!SetTapePosition Adjusts the position of a tape device for data access based on various positioning methods. File Operations | |
| KERNEL32.DLL!Process32NextW Retrieves information about the next process in a snapshot- enabling process enumeration. Process and Thread Management | |
| KERNEL32.DLL!ActivateActCtx Activates an activation context- impacting how DLLs and other resources are bound during execution. DLL Injection and Manipulation | |
| SECHOST.DLL!QueryTraceProcessingHandle Retrieves information about an ETW trace processing session- thus managing trace handles. System Information and Control | |
| SHLWAPI.DLL!StrNCatA Appends characters from one string to another- potentially leading to buffer overruns if misused. Memory Management | |
| RPCRT4.DLL!NdrDcomAsyncClientCall This function facilitates asynchronous DCOM calls- managing communication between processes. Network Operations | |
| WSOCK32.DLL!WSAAsyncGetHostByAddr Asynchronously retrieves host information from a network address- indicating network operations. Network Operations | |
| OLE32.DLL!CoAddRefServerProcess Increments a global reference count for process management across multiple threads in COM servers. Process and Thread Management | |
| GDI32FULL.DLL!CreateEnhMetaFileA Creates a device context for an enhanced metafile- facilitating graphics storage. File Operations | |
| ITfMessagePump::GetMessageA Retrieves messages from the message queue of a specified window. Process and Thread Management | |
| SHELL32.DLL!SHPropStgCreate Manages property set operations by allowing creation- opening- and handling of property storage. File Operations | |
| USER32.DLL!AnyPopup Determines the presence of visible top-level or pop-up windows on the screen. System Information and Control | |
| RPCRT4.DLL!CStdStubBuffer_CountRefs Counts references to server objects connected to the RPC stub. System Information and Control | |
| KERNEL32.DLL!GetNumaNodeProcessorMask Retrieves the processor mask for the specified NUMA node to manage processor assignments. System Information and Control | |
| GDI32.DLL!XLATEOBJ_hGetColorTransform Retrieves the color transform for a specific translation object. System Information and Control | |
| SHLWAPI.DLL!StrFormatByteSizeEx Converts numeric values into string representations of data sizes- impacting how files are represented. File Operations | |
| SHLWAPI.DLL!PathRenameExtensionW Replaces a file's extension with a new one; modifies file names directly. File Operations | |
| KERNEL32.DLL!SetThreadpoolStackInformation This function sets stack sizes for threads in a thread pool- relating to thread and process management. Process and Thread Management | |
| OLE32.DLL!CreateDataCache Creates an instance of an OLE data cache interface- managing data states and lifecycle. DLL Injection and Manipulation | |
| COMCTL32.DLL!PropertySheetA Creates a property sheet with defined pages- managing window properties and behaviors. Process and Thread Management | |
| ADVAPI32.DLL!EnumDependentServicesA Retrieves names and statuses of services depending on a specified service. System Information and Control | |
| WS2_32.DLL!WSAEnumNameSpaceProvidersExA Retrieves information about available namespace providers- focusing on network functionalities. Network Operations | |
| WS2_32.DLL!WSAConnectByNameA Establishes a connection to a specified host and port- utilizing network resources. Network Operations | |
| OLEAUT32.DLL!VarBstrFromUI4 Converts an unsigned long to a BSTR value- affecting data representation. Memory Management | |
| GDI32FULL.DLL!GetMapMode Retrieves the current mapping mode of a device context for graphical operations. System Information and Control | |
| CRYPTSP.DLL!CryptDestroyHash Destroys the hash object- ensuring secure memory management for cryptographic operations. Cryptographic Operations | |
| KERNEL32.DLL!GetSystemWindowsDirectoryW Retrieves the path of the system Windows directory usable by all users on the system. System Information and Control | |
| SHELL32.DLL!SHGetItemFromDataObject Creates an IShellItem based on IDataObject- involving item manipulation and access to items. File Operations | |
| KERNEL32.DLL!WerRegisterFile Registers a file for Windows Error Reporting- involving file management in error handling. File Operations | |
| RPCRT4.DLL!RpcCancelThreadEx This function cancels the execution of a specified thread- directly managing process control. Process and Thread Management | |
| KERNELBASE.DLL!AddAccessAllowedObjectAce Adds an access control entry (ACE) to a discretionary access control list (DACL). Registry Operations | |
| KERNEL32.DLL!CreateFileMappingA Creates or opens a file mapping object for shared access between processes. Memory Management | |
| KERNEL32.DLL!ReadFileEx Reads data from files or devices asynchronously- reporting its status and calling a completion routine when done. File Operations | |
| RPCRT4.DLL!RpcMgmtInqServerPrincNameW Returns a server's principal name for a specified authentication service. Network Operations | |
| IWSDEndpointProxy::GetErrorInfo Retrieves information on the last error encountered by the endpoint proxy. System Information and Control | |
| GDI32FULL.DLL!GetRasterizerCaps Retrieves flags indicating the availability and status of TrueType fonts installed on the system. System Information and Control | |
| KERNEL32.DLL!FindFirstVolumeW Retrieves the name of a volume on a computer- used for volume management. File Operations | |
| GDI32FULL.DLL!ScriptStringAnalyse Analyzes plain text strings for rendering- utilizing glyphs and text layout handling. System Information and Control | |
| WSOCK32.DLL!getsockopt Retrieves the current value for a socket option associated with a socket. Network Operations | |
| KERNEL32.DLL!FindNextVolumeMountPointW Continues a search for mounted folders initiated by FindFirstVolumeMountPoint. File Operations | |
| KERNEL32.DLL!GetTimeFormatW Formats a time string based on locale settings- involving system time retrieval. System Information and Control | |
| COMCTL32.DLL!DPA_Search Finds an item in a dynamic pointer array to manage data more effectively. Memory Management | |
| NTDLL.DLL!RtlIpv4AddressToStringW Converts an IPv4 address to a string in dotted-decimal format. Network Operations | |
| USER32.DLL!IsDialogMessageW Processes messages intended for dialog boxes- managing keyboard interactions. Process and Thread Management | |
| ADVAPI32.DLL!GetTrusteeFormW Retrieves the trustee name to identify access permissions in security context. System Information and Control | |
| RPCRT4.DLL!NdrCStdStubBuffer2_Release Implements the IRpcStubBuffer::Release to manage RPC object reference counts. Process and Thread Management | |
| KERNEL32.DLL!LocaleNameToLCID Converts a locale name to a locale identifier- facilitating internationalization in applications. System Information and Control | |
| GDI32.DLL!BRUSHOBJ_hGetColorTransform This function retrieves the color transform for a brush which is a graphic display operation. System Information and Control | |
| GDI32FULL.DLL!SwapBuffers Exchanges front and back buffers for a device context window in graphical applications. System Information and Control | |
| KERNEL32.DLL!GetFullPathNameA Retrieves the full path and file name of a specified file. File Operations | |
| GDI32FULL.DLL!PlayEnhMetaFile Displays a picture from an enhanced-format metafile to a specified device context. System Information and Control | |
| OLE32.DLL!HGLOBAL_UserSize64 This function calculates the wire size of the HGLOBAL object for marshaling data. Memory Management | |
| CRYPTSP.DLL!CryptSetProviderA Specifies the current user's default cryptographic service provider (CSP) for cryptographic operations. Cryptographic Operations | |
| KERNEL32.DLL!SetUserGeoName Sets the user's geographic location by updating registry settings. Registry Operations | |
| USER32.DLL!SetParent Changes the parent window of a specified child window- modifying window hierarchy. Process and Thread Management | |
| USER32.DLL!UserHandleGrantAccess This function grants or denies access to a User object handle based on job interface restrictions. Process and Thread Management | |
| SHLWAPI.DLL!StrCmpCA Compares strings in a case-sensitive manner using ASCII collation rules. System Information and Control | |
| KERNEL32.DLL!OpenFileById Opens a file by its identifier on a volume or share- facilitating file operations. File Operations | |
| KERNEL32.DLL!QueryThreadpoolStackInformation Retrieves stack reserve and commit sizes for threads- impacting process and thread management. Process and Thread Management | |
| KERNEL32.DLL!FlushViewOfFile This function writes changes from a mapped file view to disk- relating to memory management operations. Memory Management | |
| SECHOST.DLL!CloseTrace Closes a trace processing session- managing the lifecycle of trace handles. Process and Thread Management | |
| OLEAUT32.DLL!VarUI8FromUI2 Converts data types between unsigned short and unsigned 8-byte integer- related to data manipulation. Memory Management | |
| WINMMBASE.DLL!midiInStart This function starts MIDI input on a specified MIDI device- managing input processes. Process and Thread Management | |
| SECHOST.DLL!LsaRetrievePrivateData Retrieves private data associated with the LSA- utilizing policy object handles for access control. Registry Operations | |
| RPCRT4.DLL!RpcBindingSetOption Configures message-queuing options for RPC bindings- affecting remote call delivery and performance. Network Operations | |
| KERNEL32.DLL!SetThreadStackGuarantee Sets the minimum stack size for the calling thread- managing stack overflow during exceptions. Process and Thread Management | |
| WINDOWS.STORAGE.DLL!SHGetFolderPathAndSubDirW Retrieves a folder path and appends a user-specified subfolder. File Operations | |
| KERNEL32.DLL!GetThreadTimes Retrieves timing information for a specified thread- including user and kernel execution times. Process and Thread Management | |
| GDI32FULL.DLL!SetBitmapBits This function sets color data for a bitmap- involving file operation on bitmap images. File Operations | |
| SHLWAPI.DLL!PathSkipRootA Retrieves a pointer to the portion of a file path post the drive letter/UNC path elements. File Operations | |
| KERNEL32.DLL!GetXStateFeaturesMask Returns a mask of XState features from a specified CONTEXT structure- related to process and thread state information. System Information and Control | |
| WSOCK32.DLL!ntohs Converts a TCP/IP network byte order short to host byte order for network communication. Network Operations | |
| OLEAUT32.DLL!SafeArrayAllocData Allocates memory for a safe array based on a descriptor- indicating memory management. Memory Management | |
| PAGESETUPDLGA Contains parameters for the Page Setup dialog- including handles to memory objects and configuration flags. System Information and Control | |
| SHLWAPI.DLL!UrlCombineA Combines a base URL with a relative URL- normalizing it into a canonical form. Network Operations | |
| KERNEL32.DLL!GetPackageApplicationIds Retrieves application IDs from a specified package- related to application management. System Information and Control | |
| GDI32FULL.DLL!SelectClipRgn Selects a clipping region for a specified device context. System Information and Control | |
| USER32.DLL!GetDpiFromDpiAwarenessContext This function retrieves DPI information for a given DPI_AWARENESS_CONTEXT handle. System Information and Control | |
| SECHOST.DLL!OpenServiceW Opens an existing service in the service control manager database. Process and Thread Management | |
| USER32.DLL!EnumWindowStationsW Enumerates window stations and invokes callback for each- indicating system-level management of user interfaces. System Information and Control | |
| SECHOST.DLL!LsaClose Closes a handle to a Policy or TrustedDomain object. Process and Thread Management | |
| GDI32.DLL!FONTOBJ_pxoGetXform Retrieves the notional-to-device transform for a specified font- related to graphics processing. System Information and Control | |
| OLE32.DLL!OleSave Saves an object in transacted mode to a specified storage object using OLE methods. File Operations | |
| SHELL32.DLL!RealDriveType Determines the type of drive based on its number- providing information about drive characteristics. System Information and Control | |
| GDI32FULL.DLL!GetCharWidthFloatW Retrieves fractional widths of consecutive characters from the current font in a specified device context. System Information and Control | |
| KERNEL32.DLL!OpenMutexW Opens an existing named mutex object to synchronize processes. Process and Thread Management | |
| KERNEL32.DLL!ClearCommBreak Restores character transmission on a communications device- affecting how data is sent. Network Operations | |
| KERNEL32.DLL!WaitForThreadpoolWaitCallbacks This function waits for wait callbacks to complete and manages their execution status. Process and Thread Management | |
| USER32.DLL!MapVirtualKeyA Translates virtual-key codes and scan codes to character values or vice versa. System Information and Control | |
| USER32.DLL!GetMenuDefaultItem Identifies the default item of a specified menu by retrieving its identifier or position. System Information and Control | |
| USER32.DLL!CloseWindowStation Closes an open window station handle- managing the state of user interface components. Process and Thread Management | |
| GDI32FULL.DLL!ExtTextOutW This function is used to draw text on a device context. System Information and Control | |
| OLE32.DLL!CoGetDefaultContext Retrieves the default context for COM apartments- managing threading and object context. System Information and Control | |
| OLE32.DLL!CoInitialize Initializes the COM library for the current thread- establishing the threading model. System Information and Control | |
| WINMMBASE.DLL!midiOutGetErrorTextA Retrieves a textual description of a specified error code related to MIDI output. System Information and Control | |
| GDI32FULL.DLL!ScriptGetFontLanguageTags Retrieves language tags for OpenType processing from a specified font. System Information and Control | |
| RPCRT4.DLL!IUnknown_Release_Proxy Implements the Release method for interface proxies- managing reference counts. Process and Thread Management | |
| SHLWAPI.DLL!PathCanonicalizeA Simplifies file paths by removing navigation elements- manipulating file path representations. File Operations | |
| RPCRT4.DLL!RpcSmDestroyClientContext Reclaims client memory resources for a context handle- setting it to NULL- crucial for memory management. Memory Management | |
| WINDOWS.STORAGE.DLL!ILLoadFromStreamEx Loads ITEMIDLIST from IStream- indicating interaction with file system objects. File Operations | |
| COMCTL32.DLL!FlatSB_ShowScrollBar Manages the visibility of flat scroll bars in a window- controlling UI element display. System Information and Control | |
| WSOCK32.DLL!getsockname Retrieves the local name for a specified socket descriptor. Network Operations | |
| ADVAPI32.DLL!InstallApplication Installs applications for domain users based on Group Policy- facilitating software deployment. File Operations | |
| OLEAUT32.DLL!VarUI8FromI1 Converts a char to an 8-byte unsigned integer- affecting data type conversion. Memory Management | |
| WS2_32.DLL!WSCEnumNameSpaceProviders32 Returns information on available 32-bit namespace providers for Windows Sockets API. Network Operations | |
| WINMMBASE.DLL!DrvGetModuleHandle Retrieves the instance handle of a module containing an installable driver for compatibility. DLL Injection and Manipulation | |
| COMCTL32.DLL!ImageList_GetBkColor Retrieves the background color for an image list- related to UI components. System Information and Control | |
| GDI32FULL.DLL!EngMultiByteToWideChar This function converts ANSI strings to wide character strings- relating to textual data handling. Memory Management | |
| KERNEL32.DLL!GetCommandLineW Retrieves the command-line string for the current process- indicating control over process execution. Process and Thread Management | |
| USER32.DLL!DrawAnimatedRects Animates window captions to visually indicate state changes like minimizing/maximizing. System Information and Control | |
| RPCRT4.DLL!RpcBindingInqAuthClientA Obtains client's authentication details and privilege attributes during remote procedure calls. Network Operations | |
| USER32.DLL!InSendMessage Determines if the current window procedure is processing a message from another thread via SendMessage. Hooking and Interception | |
| KERNEL32.DLL!LZOpenFileW This function creates- opens- reopens- or deletes files. It manages file access modes. File Operations | |
| KERNEL32.DLL!RegEnumValueA Enumerates values for a specified registry key by retrieving indexed key-value pairs. Registry Operations | |
| SHELL32.DLL!FindExecutableW Retrieves the executable file associated with a specific document- indicating file operation. File Operations | |
| OLE32.DLL!OleSetMenuDescriptor Installs or removes OLE dispatching code from the container's frame window- managing UI interaction. Process and Thread Management | |
| SHLWAPI.DLL!PathMakeSystemFolderA Modifies folder attributes to classify it as a system folder. File Operations | |
| KERNEL32.DLL!StartThreadpoolIo Notifies the thread pool about potential I/O operations for an I/O completion object. File Operations | |
| USER32.DLL!CascadeWindows Arranges child windows of a parent window in a cascading manner based on specified parameters. Process and Thread Management | |
| KERNEL32.DLL!timeEndPeriod This function resets the minimum timer resolution set by timeBeginPeriod. System Information and Control | |
| ADVAPI32.DLL!SaferSetLevelInformation This function sets the information about a policy level related to security. System Information and Control | |
| WINMMBASE.DLL!waveInOpen Opens a waveform-audio input device for recording audio data. File Operations | |
| RPCRT4.DLL!DceErrorInqTextW Returns a message text for a specific status code. System Information and Control | |
| USER32.DLL!IsValidDpiAwarenessContext Validates a DPI_AWARENESS_CONTEXT in relation to current system support. System Information and Control | |
| OLE32.DLL!OleNoteObjectVisible Increments or decrements an external reference to keep an OLE object alive based on visibility. Process and Thread Management | |
| OLE32.DLL!CreateGenericComposite Combines two monikers into one- enabling management of object references in a generic manner. DLL Injection and Manipulation | |
| GDI32FULL.DLL!EngReleaseSemaphore Releases the specified semaphore- managing resource locks in drivers. Process and Thread Management | |
| OLEAUT32.DLL!SafeArrayAccessData Retrieves a pointer to the array data- manipulating memory access to the SafeArray. Memory Management | |
| KERNEL32.DLL!RegSetKeySecurity Sets the security descriptor for an open registry key- defining access controls. Registry Operations | |
| OLE32.DLL!StgCreateDocfile Creates a new compound file storage object compatible with the IStorage interface. File Operations | |
| ADVAPI32.DLL!EncryptFileW This function encrypts files or directories- categorizing it under file operations. File Operations | |
| KERNEL32.DLL!DeleteUmsCompletionList Deletes a user-mode scheduling completion list- indicating management of threads in user-mode scheduling. Process and Thread Management | |
| OLE32.DLL!HPALETTE_UserUnmarshal64 Unmarshals HPALETTE object data from a Remote Procedure Call (RPC) buffer. Memory Management | |
| USER32.DLL!SendIMEMessageExW This function interacts with the Input Method Editor- facilitating specific actions in input processing. System Information and Control | |
| ADVAPI32.DLL!ObjectDeleteAuditAlarmA Generates audit messages when an object is deleted- indicating a security-related action. System Information and Control | |
| WINMMBASE.DLL!midiOutGetID Retrieves the device identifier for a MIDI output device- which involves accessing multimedia device information. System Information and Control | |
| SECHOST.DLL!StopTraceW The StopTraceW function stops an event tracing session. It’s related to system control operations. System Information and Control | |
| KERNEL32.DLL!CreatePipe Creates an anonymous pipe for inter-process communication- providing handles for reading and writing operations. File Operations | |
| USER32.DLL!GetPhysicalCursorPos Retrieves the cursor position in physical coordinates- interacting with the user interface. System Information and Control | |
| WINMMBASE.DLL!mixerSetControlDetails This function sets properties for an audio control- involving device object manipulation. System Information and Control | |
| USER32.DLL!LockWorkStation Locks the workstation's display to prevent unauthorized access- thus managing user session security. System Information and Control | |
| OLE32.DLL!OleCreateMenuDescriptor Creates an OLE menu descriptor for managing menu commands and messages. System Information and Control | |
| WMI.DLL!TraceEventInstance Sends a structured event to an event tracing session with an instance identifier- tracking hierarchical relations. System Information and Control | |
| WINMMBASE.DLL!waveInClose Closes a waveform-audio input device- freeing associated resources. Process and Thread Management | |
| KERNEL32.DLL!GetNLSVersionEx Retrieves the current version of NLS capability for specified locale- affecting internationalization. System Information and Control | |
| GDI32FULL.DLL!CreateDIBSection This function creates a DIB allowing direct memory access for bitmap manipulation. Memory Management | |
| USER32.DLL!SetActiveWindow Activates a specified window attached to the calling thread's message queue. Process and Thread Management | |
| USER32.DLL!GetWindowDpiAwarenessContext Retrieves the DPI_AWARENESS_CONTEXT associated with a specified window- relevant for managing display settings. System Information and Control | |
| KERNEL32.DLL!SetProtectedPolicy Configures process-wide settings for protection against corruption. System Information and Control | |
| USER32.DLL!DdeClientTransaction Initiates data transactions with a server in Dynamic Data Exchange- involving communication between applications. Network Operations | |
| KERNEL32.DLL!MoveFileA Moves an existing file or directory to a new location or name on the local computer. File Operations | |
| WINDOWS.STORAGE.DLL!SHGetKnownFolderItem Retrieves an IShellItem object representing a known folder- involving access to filesystem locations. File Operations | |
| SHLWAPI.DLL!SHGetViewStatePropertyBag Retrieves view state information for folders- allowing management of user preferences. Registry Operations | |
| USER32.DLL!GetPointerInputTransform Retrieves transforms for pointer coordinate information related to the current input message. System Information and Control | |
| GDI32.DLL!STROBJ_bEnumPositionsOnly This function enumerates glyph identities and positions- focusing on text string rendering in graphics. System Information and Control | |
| KERNEL32.DLL!EnumResourceLanguagesExA Enumerates language-specific resources from a binary module- focusing on resource type and localization. DLL Injection and Manipulation | |
| OLEAUT32.DLL!VarI1FromI4 Converts a long value to a char value- affecting data types. Memory Management | |
| ADVAPI32.DLL!AddUsersToEncryptedFile This function adds user keys to an encrypted file- indicating file operations. File Operations | |
| KERNEL32.DLL!GetApplicationUserModelId This function retrieves the application user model ID for a specified process- indicating system information. System Information and Control | |
| OLEAUT32.DLL!VarCyFix Retrieves the integer portion of a currency variant- involving data manipulation. Memory Management | |
| KERNELBASE.DLL!RegQueryMultipleValuesA Retrieves data for multiple registry values associated with a key- enabling registry management. Registry Operations | |
| KERNEL32.DLL!PssWalkMarkerFree Frees a handle to a walk marker- managing memory used during process snapshotting. Memory Management | |
| GDI32FULL.DLL!EndPath Closes a path bracket and updates the device context- related to graphical operations. Hooking and Interception | |
| KERNEL32.DLL!SetComputerNameW Changes the local computer's NetBIOS name and updates the registry for future use. Registry Operations | |
| KERNEL32.DLL!EnumResourceLanguagesW Enumerates language-specific resources for a binary module- involving resource management. System Information and Control | |
| OLE32.DLL!MonikerCommonPrefixWith Creates a new moniker based on common prefixes between two monikers- related to object manipulation. DLL Injection and Manipulation | |
| WINMM.DLL!joyGetDevCapsA This function queries a joystick's capabilities- interacting with input devices for system functionality. System Information and Control | |
| COMCTL32.DLL!DPA_Clone Duplicates a dynamic pointer array- managing memory for the array elements. Memory Management | |
| GDI32FULL.DLL!ScaleViewportExtEx Modifies the viewport for a device context using specified multiplicands and divisors. System Information and Control | |
| NTDLL.DLL!NtQueryInformationThread Retrieves information about a specified thread- including I/O operations and subsystem type. Process and Thread Management | |
| KERNEL32.DLL!RestoreLastError This function restores the last-error code for the calling thread- facilitating error handling and debugging. System Information and Control | |
| RPCRT4.DLL!NdrContextHandleInitialize Initializes a new RPC context handle for remote procedure calls. System Information and Control | |
| WSOCK32.DLL!recv Receives data from a connected socket- enabling communication over a network. Network Operations | |
| KERNEL32.DLL!GetDllDirectoryA Retrieves the search path used to locate DLLs for the application. DLL Injection and Manipulation | |
| OLEAUT32.DLL!VarNot Performs bitwise NOT operation on a variant- primarily manipulating data types. Memory Management | |
| KERNEL32.DLL!GlobalDeleteAtom Decrements reference count of a global string atom- managing resource cleanup in global atom tables. Memory Management | |
| USER32.DLL!DrawStateA Draws images with visual effects- indicating states- facilitating user interface operations. System Information and Control | |
| KERNEL32.DLL!GetOverlappedResult Retrieves results from an overlapped operation on a file or device- indicating file operations. File Operations | |
| OLEAUT32.DLL!VarCyFromR8 Converts a double to a currency value- manipulating data types in memory. Memory Management | |
| RPCRT4.DLL!RpcServerInqIf Retrieves the manager entry-point vector for a registered RPC interface. Network Operations | |
| KERNEL32.DLL!FreeEnvironmentStringsW Frees a block of environment strings allocated by GetEnvironmentStrings. Memory Management | |
| SHLWAPI.DLL!PathIsUNCServerW Validates if a string represents a valid UNC server path. Network Operations | |
| KERNEL32.DLL!GlobalAddAtomW Adds a string to the global atom table returning a unique identifier. System Information and Control | |
| ADVAPI32.DLL!BuildExplicitAccessWithNameA Initializes an EXPLICIT_ACCESS structure identifying access rights for a trustee by name. Registry Operations | |
| ADVAPI32.DLL!SetEntriesInAclW Creates or modifies an access control list (ACL) by merging control information into an ACL structure. Registry Operations | |
| RPCRT4.DLL!RpcBindingBind This function binds to an RPC server- establishing communication for remote procedure calls. Network Operations | |
| RPCRT4.DLL!RpcServerInqCallAttributesW Obtains client security context attributes for an RPC server call. System Information and Control | |
| CRYPTSP.DLL!CryptSignHashA Signs data by creating a digital signature after a hash has been computed. Cryptographic Operations | |
| KERNEL32.DLL!LZRead Reads bytes from a compressed file and writes them into a buffer. File Operations | |
| ADVAPI32.DLL!GetCurrentHwProfileW Retrieves the current hardware profile information of the local computer. System Information and Control | |
| USER32.DLL!DlgDirListA Lists subdirectories and files in a specified directory and updates a list box control in a dialog. File Operations | |
| RPCRT4.DLL!RpcServerRegisterIfEx Registers an interface with the RPC run-time library for remote procedure calls- managing connection handling. Network Operations | |
| OLE32.DLL!NdrProxyForwardingFunction30 This function acts as a stub for COM proxies to marshal interfaces in distributed applications. System Information and Control | |
| RPCRT4.DLL!RpcSsContextLockShared This function is used to manage context handles in shared mode for RPC. Process and Thread Management | |
| CHOOSEFONTA Initializes the Font dialog box and handles user selections for font configuration. System Information and Control | |
| WINMMBASE.DLL!midiInAddBuffer This function sends input buffers to a MIDI input device- facilitating communication with external MIDI devices. System Information and Control | |
| KERNEL32.DLL!GetNamedPipeClientProcessId Retrieves the process identifier for the client of a named pipe. Process and Thread Management | |
| KERNEL32.DLL!GetTapePosition Retrieves the current address of the tape in logical or absolute blocks. File Operations | |
| SHLWAPI.DLL!StrChrA Searches for a character in a string- involved in string manipulation. File Operations | |
| USER32.DLL!DlgDirSelectComboBoxExW Retrieves selected path from combo box in dialog- indicating file or directory. File Operations | |
| USER32.DLL!GetPointerPenInfo Retrieves pen-specific information for a pointer- related to pointer device handling and messages. System Information and Control | |
| KERNEL32.DLL!GetSystemPreferredUILanguages Retrieves the system preferred UI languages- used for managing user interface language settings. System Information and Control | |
| KERNEL32.DLL!SetFileValidData Sets the valid data length of a file for performance optimization without zero-filling- impacting file privacy. File Operations | |
| OLE32.DLL!CoSetProxyBlanket Sets authentication information for proxy calls. Essential for configuring security in remote communications. Network Operations | |
| GDI32.DLL!EngEraseSurface This function interacts with GDI to manipulate the display surface- hence it's related to system graphics management. System Information and Control | |
| COMCTL32.DLL!DSA_SetItem Modifies an element within a dynamic structure array- which involves memory operations on data structures. Memory Management | |
| KERNEL32.DLL!ApplicationRecoveryInProgress Indicates ongoing data recovery for an application- tied to error handling mechanisms. System Information and Control | |
| ADVAPI32.DLL!AuditLookupCategoryIdFromCategoryGuid Retrieves audit-policy category information based on a GUID for security auditing. System Information and Control | |
| KERNEL32.DLL!ReadFileScatter Reads data from a file and stores it in an array of buffers- performing file operations. File Operations | |
| KERNEL32.DLL!GetMailslotInfo Retrieves information about a mailslot- indicating message size and count. Network Operations | |
| KERNEL32.DLL!RtlUnwind Initiates an unwind of procedure call frames- managing execution flow and exception handling. Process and Thread Management | |
| OLEAUT32.DLL!VarI1FromI8 Converts an 8-byte integer to a char value- handling data types. Memory Management | |
| GraphicsPath::CloseFigure Closes the current figure of a graphics path- relating to graphical operations in GDI+. System Information and Control | |
| OLEAUT32.DLL!OleLoadPicturePath Initializes a picture object from a file or URL- involving file access. File Operations | |
| USER32.DLL!MonitorFromRect Retrieves a handle to the display monitor intersecting with a specified rectangle. System Information and Control | |
| USER32.DLL!WinHelpA Launches Windows Help and facilitates context-sensitive help requests for applications. System Information and Control | |
| GDI32FULL.DLL!Arc The Arc function is used for drawing on a device context- relating to graphical representation. System Information and Control | |
| RPCRT4.DLL!RpcEpUnregister Removes server-address information from the local endpoint-map database for RPC. Network Operations | |
| GDI32FULL.DLL!Pie The Pie function draws pie-shaped wedges in a graphical context- focusing on rendering operations. System Information and Control | |
| OLEAUT32.DLL!VarI2FromCy Converts a currency value to a short value- involving type conversion. Memory Management | |
| NTDLL.DLL!RtlIpv4StringToAddressExA Converts a string representation of an IPv4 address and port to binary format. Network Operations | |
| RPCRT4.DLL!NdrComplexStructMarshall This function marshals complex structures into a network buffer for remote procedure calls (RPC). Network Operations | |
| OLE32.DLL!ObjectStublessClient31 Stub function for COM proxies facilitating communication between client and server in distributed applications. DLL Injection and Manipulation | |
| COMCTL32.DLL!FlatSB_GetScrollPropPtr Retrieves properties for flat scroll bars including size and visual styles. System Information and Control | |
| Image::GetPixelFormat This method retrieves the pixel format of an Image object. System Information and Control | |
| KERNEL32.DLL!GetEnvironmentVariableA Retrieves specified environment variable contents from the calling process's environment block. System Information and Control | |
| USER32.DLL!GetRawInputDeviceInfoW Retrieves information about raw input devices- including device name and device info structures. System Information and Control | |
| KERNEL32.DLL!CreateFileMappingNumaA This function creates a file mapping object which involves memory addresses. Memory Management | |
| KERNEL32.DLL!QueryUnbiasedInterruptTime Retrieves the unbiased interrupt-time count for tracking system uptime without sleep or hibernation influence. System Information and Control | |
| SECHOST.DLL!AuditQueryPerUserPolicy Retrieves per-user audit policy for specified principals- accessing security audit information. System Information and Control | |
| KERNEL32.DLL!IsIoRingOpSupported Queries the support of specified I/O operations- relevant for file and I/O management. File Operations | |
| GDI32FULL.DLL!GetWindowOrgEx Retrieves coordinates of the window origin for a specified device context. System Information and Control | |
| OLE32.DLL!ProgIDFromCLSID Converts CLSID to its corresponding ProgID using registry entries- facilitating application data identification. Registry Operations | |
| KERNEL32.DLL!SetFileInformationByHandle This function changes file information for a specified file- like renaming or deleting it. File Operations | |
| SHLWAPI.DLL!ColorRGBToHLS Converts colors from RGB to HLS format- primarily for graphics processing. System Information and Control | |
| OLE32.DLL!NdrProxyForwardingFunction7 Stub function for COM proxies to handle interface marshaling in a proxy DLL. DLL Injection and Manipulation | |
| WS2_32.DLL!WSAInstallServiceClassW Registers a service class schema within a namespace- which is a network-related operation. Network Operations | |
| OLE32.DLL!CoEnableCallCancellation Allows cancellation of synchronous calls on a thread- influencing its operation. Process and Thread Management | |
| RPCRT4.DLL!RpcBindingInqAuthInfoExA Retrieves authentication- authorization- and security quality-of-service information from a remote procedure binding handle. Network Operations | |
| OLE32.DLL!OleUninitialize Closes the COM library- releasing resources and disabling RPC- indicating resource management. Memory Management | |
| USER32.DLL!UnionRect Creates the smallest rectangle that contains two source rectangles. It's a graphical operation. System Information and Control | |
| IDirect3DDevice9::GetPaletteEntries Retrieves palette entries related to graphic resources in Direct3D. Memory Management | |
| IWMReaderStreamClock::KillTimer Cancels a timer that was previously set on the clock. Process and Thread Management | |
| KERNEL32.DLL!SetEnvironmentVariableA Modifies environment variables for the current process- affecting its operational parameters without impacting other processes. System Information and Control | |
| KERNEL32.DLL!CloseThreadpoolCleanupGroupMembers Manages thread pool callback cleanup- indicating process and thread management functions. Process and Thread Management | |
| KERNEL32.DLL!DosDateTimeToFileTime Converts MS-DOS date and time values to a file time format. File Operations | |
| KERNEL32.DLL!WerUnregisterCustomMetadata Removes app-specific metadata from Windows Error Reporting for an application. System Information and Control | |
| KERNEL32.DLL!RegOpenCurrentUser Retrieves a handle to the HKEY_CURRENT_USER key- allowing access to user-specific registry entries. Registry Operations | |
| WS2_32.DLL!WSAStringToAddressA Converts a network address from text to numeric binary form for socket communication. Network Operations | |
| OLEAUT32.DLL!OleCreatePropertyFrame Creates a modal property sheet dialog box for displaying properties of COM objects. System Information and Control | |
| KERNEL32.DLL!GetNumaProcessorNode Retrieves the node number for a specified processor in a NUMA architecture. System Information and Control | |
| KERNEL32.DLL!IsDBCSLeadByte Determines if a character is a lead byte for DBCS in Windows ANSI code page. System Information and Control | |
| SHLWAPI.DLL!PathIsSystemFolderW Determines if a directory qualifies as a system folder based on its attributes. File Operations | |
| KERNEL32.DLL!CreateUmsCompletionList This function creates a UMS completion list- used in user-mode scheduling. Process and Thread Management | |
| KERNEL32.DLL!BuildIoRingReadFile Performs asynchronous file reads using an I/O ring- interacting with file operations. File Operations | |
| KERNEL32.DLL!GetTimeZoneInformation Retrieves current time zone settings for local time translations from UTC. System Information and Control | |
| ADVAPI32.DLL!EnumServicesStatusA Enumerates services in the service control manager database- providing their names and statuses. System Information and Control | |
| KERNEL32.DLL!IsBadCodePtr Checks if the process can read memory at a specified address- indicating memory management. Memory Management | |
| KERNEL32.DLL!QueryDosDeviceW Retrieves information about MS-DOS device names and their mappings. File Operations | |
| KERNEL32.DLL!RtlRestoreContext Restores the execution context of a thread using a specified context record. Process and Thread Management | |
| RPCRT4.DLL!RpcBindingVectorFree Frees server binding handles and memory used by the binding vector- managing resource allocation. Memory Management | |
| RPCRT4.DLL!RpcStringFreeW Frees character strings allocated by the RPC runtime- managing memory usage. Memory Management | |
| WINMMBASE.DLL!midiOutClose Closes a specified MIDI output device- invalidating the device handle. Process and Thread Management | |
| USER32.DLL!RegisterPointerInputTarget Registers a window to receive redirected pointer input- managing how input is processed and directed. Process and Thread Management | |
| ADVAPI32.DLL!OpenEventLogA This function opens a handle to a specified event log- allowing access to log data. System Information and Control | |
| KERNEL32.DLL!GetFileAttributesTransactedA Retrieves file attributes for a file or directory in a transaction- indicating file operation capabilities. File Operations | |
| OLE32.DLL!CreateBindCtx Creates a bind context for handling moniker-binding operations in COM. System Information and Control | |
| COMDLG32.DLL!GetFileTitleW Retrieves the name of the specified file from the file system. File Operations | |
| SHELL32.DLL!SHEvaluateSystemCommandTemplate Validates parameters for process creation functions to prevent command-line exploits. Process and Thread Management | |
| WS2_32.DLL!WSCEnableNSProvider32 This function enables or disables a namespace provider- affecting network service operations. Network Operations | |
| KERNEL32.DLL!GetModuleFileNameA Retrieves the path of a module loaded in the current process. System Information and Control | |
| IOleInPlaceSiteWindowless::GetCapture Determines if a windowless object has mouse capture- relating to user input handling. System Information and Control | |
| USER32.DLL!DdeFreeDataHandle Frees a DDE object and deletes the associated data handle. Memory Management | |
| OLE32.DLL!HGLOBAL_UserFree Frees resources used by RPC- indicating it manages memory cleanup. Memory Management | |
| KERNEL32.DLL!ChangeTimerQueueTimer Updates a timer-queue timer for scheduled execution and timing. Process and Thread Management | |
| ADVAPI32.DLL!CredIsMarshaledCredentialA Validates if a username is a previously marshaled credential using security functions. Cryptographic Operations | |
| RPCRT4.DLL!RpcSsAllocate Allocates memory within the RPC stub memory-management function- indicating memory management role. Memory Management | |
| GDI32FULL.DLL!CreateEnhMetaFileW Creates a device context for an enhanced-format metafile to store graphics. File Operations | |
| USER32.DLL!AddClipboardFormatListener Adds a window to the clipboard format listener list- monitoring clipboard changes. System Information and Control | |
| COMCTL32.DLL!FlatSB_EnableScrollBar Enables or disables direction buttons on flat scroll bars for window controls. System Information and Control | |
| RPCRT4.DLL!RpcSsSwapClientAllocFree Exchanges memory allocation and release mechanisms used by client stubs. Memory Management | |
| KERNEL32.DLL!GetLongPathNameTransactedA Converts a short file path to its long form as part of a transaction. File Operations | |
| OLEAUT32.DLL!VarI1FromI2 Converts a short value to a char value- influencing data types and conversions. Memory Management | |
| OLEAUT32.DLL!VarCyInt Converts a currency variant to its integer portion- focusing on data manipulation. Memory Management | |
| KERNEL32.DLL!SetTimeZoneInformation Sets the current time zone settings affecting time translation between UTC and local time. System Information and Control | |
| SHELL32.DLL!DAD_AutoScroll Scrolls a window during image drag operations- managing user interface behavior. System Information and Control | |
| USER32.DLL!GetPointerFramePenInfo Retrieves information about pen input in response to pointer messages for PT_PEN type pointers. System Information and Control | |
| GDI32FULL.DLL!EngWideCharToMultiByte Converts wide character strings to ANSI using a specified code page- relating to string manipulation. File Operations | |
| SHELL32.DLL!FindExecutableA Retrieves the executable file associated with a document- primarily involving file interaction. File Operations | |
| USER32.DLL!CheckMenuRadioItem Modifies menu item states in a UI- indicating a selection through radio grouping. System Information and Control | |
| KERNEL32.DLL!GetGeoInfoW Retrieves geographical location information based on specified parameters. System Information and Control | |
| KERNEL32.DLL!GetCurrentThread Retrieves a pseudo handle for the calling thread- facilitating process and thread management. Process and Thread Management | |
| GDI32FULL.DLL!SetROP2 Sets the foreground mix mode for graphics operations. System Information and Control | |
| SHLWAPI.DLL!PathSkipRootW Retrieves a pointer to the path after the drive letter or UNC path. File Operations | |
| USER32.DLL!EnumDisplaySettingsW Retrieves graphics mode information for a display device- accessing system settings and definitions. System Information and Control | |
| WS2_32.DLL!WSCInstallProvider64_32 Installs transport service provider into the system configuration databases on a 64-bit computer. Registry Operations | |
| USER32.DLL!GetThreadDesktop Retrieves a handle to the desktop of a specified thread for managing desktop-specific operations. Process and Thread Management | |
| KERNEL32.DLL!GetAtomNameW Retrieves a character string associated with a specified local atom. System Information and Control | |
| KERNEL32.DLL!OutputDebugStringA Sends a string to the debugger for display- primarily aiding in debugging applications. System Information and Control | |
| USER32.DLL!ShowWindow Sets the specified window's show state- affecting its visibility and position. Process and Thread Management | |
| USER32.DLL!EndMenu This function ends the active menu for the calling thread- controlling user interface behavior. System Information and Control | |
| OLE32.DLL!CoQueryProxyBlanket Retrieves authentication information for proxy calls- which involves security and communication mechanics. Network Operations | |
| GDI32FULL.DLL!GetViewportOrgEx This function retrieves the coordinates of the viewport origin for a specified device context. System Information and Control | |
| USER32.DLL!DdeFreeStringHandle Frees a string handle created in DDE communication. Memory Management | |
| OLE32.DLL!CoIncrementMTAUsage This function manages the state of Multi-Threaded Apartments (MTAs) for COM- ensuring resources stay allocated. Process and Thread Management | |
| KERNELBASE.DLL!DuplicateToken Creates a new access token that duplicates an existing one for impersonation. Process and Thread Management | |
| OLEAUT32.DLL!SysStringLen Returns the length of a BSTR without altering the string- hence related to memory management. Memory Management | |
| USER32.DLL!GetPropW Retrieves a data handle from a window's property list- indicating interaction with window properties. Registry Operations | |
| ADVAPI32.DLL!DeregisterEventSource Closes a specified event log by using a provided handle- managing event log resources. System Information and Control | |
| KERNEL32.DLL!FatalAppExitA Terminates the application after displaying a message- primarily for error handling. Process and Thread Management | |
| COMCTL32.DLL!CreateStatusWindowW Creates a status window for displaying application status; related to GUI operations. System Information and Control | |
| KERNELBASE.DLL!IsWellKnownSid Compares a Security Identifier (SID) to a well-known SID for security verification. System Information and Control | |
| USER32.DLL!GetDesktopWindow Retrieves a handle to the desktop window- essential for window management operations. System Information and Control | |
| USER32.DLL!BroadcastSystemMessageExW Sends messages to specified recipients- such as applications and drivers. Network Operations | |
| KERNEL32.DLL!GetProfileSectionA Retrieves keys and values from the Win.ini file or registry. Registry Operations | |
| OLE32.DLL!CreateOleAdviseHolder Creates an advise holder for managing notifications in OLE compound documents. System Information and Control | |
| KERNEL32.DLL!LoadLibraryA Loads a specified module into the calling process's address space- influencing DLL management. DLL Injection and Manipulation | |
| OLE32.DLL!ObjectStublessClient7 A stub function for COM proxies that aids in marshaling interfaces. DLL Injection and Manipulation | |
| USER32.DLL!SetCursor Sets the cursor shape on the screen based on provided parameters- impacting user interface behavior. System Information and Control | |
| OLEAUT32.DLL!BSTR_UserUnmarshal64 Unmarshals a BSTR object from the RPC buffer- relating to data retrieval in memory. Memory Management | |
| OLE32.DLL!GetClassFile Retrieves the CLSID associated with a specified file name- interacting with the file system and registry. File Operations | |
| OLE32.DLL!OleConvertOLESTREAMToIStorageEx Converts OLE 1 storage objects to OLE 2 structured storage- affecting file management processes. File Operations | |
| OLEAUT32.DLL!VectorFromBstr Converts a BSTR to a vector- involving dynamic memory allocation. Memory Management | |
| SHELL32.DLL!ILCreateFromPath This function returns an ITEMIDLIST structure for a given file path- essential for file operations. File Operations | |
| SECHOST.DLL!TraceSetInformation Configures event tracing session settings for monitoring system events. System Information and Control | |
| USER32.DLL!SetWindowLongPtrW Adjusts window attributes and sets values in extra memory associated with a specified window. DLL Injection and Manipulation | |
| OLEAUT32.DLL!VarCyFromDec Converts decimal values to currency values- involving type conversion and numerical representation. Cryptographic Operations | |
| OLE32.DLL!CLIPFORMAT_UserMarshal Marshals a CLIPFORMAT object for Remote Procedure Call (RPC) transmission. Memory Management | |
| KERNEL32.DLL!GetSystemDefaultLCID Retrieves the system's locale identifier for internationalization. System Information and Control | |
| KERNELBASE.DLL!RegDeleteKeyValueW Removes a specified value from a registry key- impacting system configuration. Registry Operations | |
| SECHOST.DLL!TraceQueryInformation Provides details about an event tracing session- querying event tracing session settings and information. System Information and Control | |
| ADVAPI32.DLL!LookupPrivilegeNameA Retrieves the name of a specified privilege using its locally unique identifier (LUID). System Information and Control | |
| WS2_32.DLL!WSCUpdateProvider32 Modifies system configuration database for a 32-bit transport provider- affecting network protocols. Network Operations | |
| OLE32.DLL!HGLOBAL_UserUnmarshal64 This function unmarshals a HGLOBAL object from an RPC buffer- relating to memory object handling. Memory Management | |
| SHELL32.DLL!SHCreateShellItem Creates an IShellItem object- which represents a Shell namespace item for file management. File Operations | |
| SHLWAPI.DLL!SHStripMneumonicW This function modifies a string by removing mnemonic markers- primarily dealing with string manipulation. File Operations | |
| SHCORE.DLL!IsOS Checks for specific Windows operating systems and features based on provided values. System Information and Control | |
| GDI32FULL.DLL!ScriptString_pLogAttr Returns a pointer to a buffer with logical attributes for an analyzed string. Memory Management | |
| OLEAUT32.DLL!VarCyNeg Negates a currency variant- performing an operation on type currency for automation tasks. Memory Management | |
| OLE32.DLL!HPALETTE_UserSize Calculates the wire size of an HPALETTE object and its handle for marshaling. Memory Management | |
| RPCRT4.DLL!RpcFreeAuthorizationContext Frees an authorization context obtained from a previous RPC call- managing system resources. Memory Management | |
| COMCTL32.DLL!FlatSB_SetScrollInfo Configures properties for a flat scroll bar in a window- adjusting its visual representation. System Information and Control | |
| WINMMBASE.DLL!waveInPrepareHeader Prepares a buffer for waveform-audio input. Memory Management | |
| KERNEL32.DLL!SetEnvironmentVariableW This function sets the contents of an environment variable for the current process. System Information and Control | |
| USER32.DLL!GetDlgItemInt This function retrieves and converts text from a dialog control into an integer value. System Information and Control | |
| KERNEL32.DLL!GetTempPath2W Retrieves the path for temporary files based on process privileges- facilitating file operations. File Operations | |
| GDI32FULL.DLL!SetPixelFormat Sets the pixel format of a specified device context; relates to graphic rendering. System Information and Control | |
| KERNEL32.DLL!ReadProcessMemory Reads data from a specified process's memory address- requiring access to that process's memory. Memory Management | |
| ADVAPI32.DLL!InitiateSystemShutdownW Initiates a shutdown and optional restart of a specified computer. System Information and Control | |
| ADVAPI32.DLL!RegReplaceKeyA Replaces a registry key and its subkeys with values from a specified file. Registry Operations | |
| OLE32.DLL!ObjectStublessClient12 This function facilitates the operation of COM proxies by marshaling interfaces- relating to system interaction. System Information and Control | |
| ADVAPI32.DLL!AuditQueryGlobalSaclA Retrieves a global system access control list (SACL) for managing audit message access. Registry Operations | |
| USER32.DLL!ChangeDisplaySettingsA Changes the display device's settings to a specified graphics mode. System Information and Control | |
| KERNEL32.DLL!NeedCurrentDirectoryForExePathA Determines inclusion of the current directory in the executable's search path. File Operations | |
| RPCRT4.DLL!NdrProxySendReceive Sends a message to the server and waits for a reply in RPC communication. Network Operations | |
| USER32.DLL!EnumDisplaySettingsA Retrieves information about graphics modes for a display device. System Information and Control | |
| USER32.DLL!SendNotifyMessageW Sends a specified message to a window- facilitating communication between threads or applications. Hooking and Interception | |
| KERNEL32.DLL!lstrcmpW Compares two Unicode strings in a case-sensitive manner. System Information and Control | |
| GDI32FULL.DLL!GetGlyphOutlineA Retrieves outlines or bitmaps for characters in selected TrueType fonts within a device context. File Operations | |
| USER32.DLL!GetClassLongPtrW Retrieves values from WNDCLASSEX structure of a window- relevant to window class configurations. System Information and Control | |
| USER32.DLL!GetAsyncKeyState Checks the state of a specified key at the time of the call. Hooking and Interception | |
| SECHOST.DLL!CredProtectA Encrypts specified credentials for secure handling within the current security context. Cryptographic Operations | |
| SHLWAPI.DLL!SHCreateShellPalette Creates a halftone palette for a device context- manipulating graphical data representation. Memory Management | |
| KERNELBASE.DLL!EventEnabled Checks if a specific event from a provider should be generated based on its descriptor. System Information and Control | |
| NTDLL.DLL!RtlLocalTimeToSystemTime Converts local time to system time- relevant for time management operations within system processes. System Information and Control | |
| USER32.DLL!MessageBoxW Displays a modal dialog box for user interaction- indicating application-specific messages or status. System Information and Control | |
| OLEAUT32.DLL!VARIANT_UserSize Calculates the size of a VARIANT object for remote procedure calls (RPC). Memory Management | |
| KERNELBASE.DLL!AddAuditAccessAce This function adds an access control entry for auditing security identifiers in access control lists. Registry Operations | |
| GDI32FULL.DLL!GetEnhMetaFileDescriptionW Retrieves an optional text description from an enhanced metafile for further usage. File Operations | |
| KERNEL32.DLL!EnumSystemLanguageGroupsW Enumerates language groups supported by the OS- helping with localization management. System Information and Control | |
| RPCRT4.DLL!NdrUserMarshalBufferSize This function calculates buffer size for marshalling user objects in RPC- indicating Memory Management. Memory Management | |
| OLE32.DLL!STGMEDIUM_UserUnmarshal Unmarshals a STGMEDIUM object from an RPC buffer- involved in object retrieval during remote procedure calls. Process and Thread Management | |
| USER32.DLL!DdeImpersonateClient This function impersonates a DDE client to manage security contexts during data exchange. Process and Thread Management | |
| OLE32.DLL!CoCreateInstanceFromApp Creates an object instance within an app container- depending on class registration. Process and Thread Management | |
| KERNEL32.DLL!CreateEventA Creates or opens an event object for synchronization between threads/processes. Process and Thread Management | |
| SHLWAPI.DLL!IsCharSpaceA Determines if a character is a space- focusing on character handling for applications. System Information and Control | |
| KERNEL32.DLL!CopyFileTransactedA Copies a file as a transactional operation- notifying progress via a callback. File Operations | |
| RPCRT4.DLL!UuidCreate This function generates a unique identifier (UUID)- crucial for secure identification purposes. Cryptographic Operations | |
| KERNEL32.DLL!SetLastError Sets the last-error code for the calling thread- affecting error handling operations. System Information and Control | |
| OLE32.DLL!CoGetTreatAsClass Returns the CLSID of an object that can emulate another- manipulating object class behavior. DLL Injection and Manipulation | |
| SHLWAPI.DLL!SHLockShared Maps a block of memory from a specified process into the calling process. Memory Management | |
| KERNEL32.DLL!BuildCommDCBW Fills a DCB structure with values from a device-control string for serial port configuration. System Information and Control | |
| GDI32FULL.DLL!CreateSolidBrush This function creates a logical brush used to fill shapes with a specified solid color. System Information and Control | |
| KERNEL32.DLL!GetProfileStringW Retrieves a string from the Win.ini file- demonstrating registry access if mapped. Registry Operations | |
| SECHOST.DLL!SetServiceStatus Updates the status of a service in the service control manager. System Information and Control | |
| OLEAUT32.DLL!VarI8FromI2 Converts a short integer to an 8-byte integer value for automation tasks. Memory Management | |
| USER32.DLL!GetGestureExtraArgs Retrieves additional information about gesture events from a GESTUREINFO handle- related to input processing. Process and Thread Management | |
| KERNEL32.DLL!DefineDosDeviceA Defines- redefines- or deletes MS-DOS device names- impacting how file paths are handled. File Operations | |
| USER32.DLL!IsImmersiveProcess Checks if a process is a Windows Store app- related to system control and process categorization. System Information and Control | |
| KERNEL32.DLL!WerUnregisterAppLocalDump Cancels registration for diagnostic memory dump collection by Windows Error Reporting when a process stops responding. System Information and Control | |
| OLEAUT32.DLL!VarI1FromR8 Converts a double to a char value- thus it is engaged in data type conversion. Memory Management | |
| KERNEL32.DLL!MoveFileWithProgressA Moves files/directories with options for progress notifications and flags for various move behaviors. File Operations | |
| OLE32.DLL!CoRegisterPSClsid Registers custom interfaces for a DLL within its process without accessing the registry. DLL Injection and Manipulation | |
| COMCTL32.DLL!Str_SetPtrW Copies a new string to a pointer- freeing the previous value if necessary. Memory Management | |
| SECHOST.DLL!LsaEnumerateAccountRights This function enumerates privileges assigned to an account- related to security policies. System Information and Control | |
| RPCRT4.DLL!RpcBindingInqOption This function queries the binding options of a specified RPC binding handle. Network Operations | |
| WINDOWS.STORAGE.DLL!ILGetSize Returns the size of an ITEMIDLIST structure- which involves managing memory allocation and layout. Memory Management | |
| KERNEL32.DLL!WerUnregisterFile Removes a file from Windows Error Reporting- impacting how error data is gathered. File Operations | |
| OLE32.DLL!HACCEL_UserUnmarshal64 Unmarshals HACCEL objects from RPC buffer- indicating it operates on remote data structures. Memory Management | |
| USER32.DLL!GetScrollInfo Retrieves parameters of a scroll bar including positions and sizes. System Information and Control | |
| KERNEL32.DLL!GetProcessMitigationPolicy Retrieves mitigation policy settings for a specified process- controlling various aspects of process security. System Information and Control | |
| SHLWAPI.DLL!StrCmpIW Compares two strings for equality in a case-insensitive manner. System Information and Control | |
| KERNELBASE.DLL!MakeAbsoluteSD Converts a self-relative security descriptor into an absolute format. Registry Operations | |
| KERNEL32.DLL!GetThreadUILanguage Returns language identifier for current thread's UI language- important for internationalization. System Information and Control | |
| SHLWAPI.DLL!UrlCreateFromPathW Converts an MS-DOS path to a canonicalized URL- operating on files. File Operations | |
| SHLWAPI.DLL!PathIsDirectoryEmptyA Determines if a specified path is an empty directory. File Operations | |
| KERNEL32.DLL!SearchPathW Searches for a specified file in a specified path- supporting file operations. File Operations | |
| SHLWAPI.DLL!StrCatBuffW Appends characters from one string to another- primarily manipulating string data in memory. Memory Management | |
| RPCRT4.DLL!RpcMgmtEpEltInqBegin Creates an inquiry context for accessing elements in an endpoint map of RPC services. Network Operations | |
| KERNEL32.DLL!SetProcessPreferredUILanguages Configures preferred UI languages for the application process- impacting user interface localization. System Information and Control | |
| OLE32.DLL!CoSuspendClassObjects This function suspends new activation requests for class objects- impacting process control. Process and Thread Management | |
| KERNEL32.DLL!WritePrivateProfileSectionW Replaces keys and values in an initialization file- primarily dealing with file data operations. File Operations | |
| USER32.DLL!QueryDisplayConfig Retrieves information about display paths and devices in the current setting. System Information and Control | |
| USER32.DLL!SendIMEMessageExA Specifies actions for the Input Method Editor- affecting input processing and interactions. Process and Thread Management | |
| WSOCK32.DLL!gethostbyname Retrieves host information for a given host name from the host database. Network Operations | |
| KERNELBASE.DLL!AllocateAndInitializeSid Allocates and initializes a security identifier (SID) to manage access control and permissions. System Information and Control | |
| OLE32.DLL!CStdAsyncStubBuffer_Invoke Implements IRpcStubBuffer::Invoke for RPC communication between client and server. Network Operations | |
| SHLWAPI.DLL!StrToInt64ExW Converts a string to a 64-bit integer- parsing decimal or hexadecimal formats. System Information and Control | |
| SHLWAPI.DLL!PathGetCharTypeW Determines the type of a character concerning file paths- aiding in file operations. File Operations | |
| USER32.DLL!OpenInputDesktop Opens the desktop that receives user input- facilitating interaction between processes and user sessions. System Information and Control | |
| RPCRT4.DLL!RpcBindingSetObject Sets the object UUID value in a binding handle for remote procedure calls. Network Operations | |
| OLEAUT32.DLL!VarUI2FromUI4 Converts an unsigned long to an unsigned short- primarily involved in data type management. Memory Management | |
| OLEAUT32.DLL!SafeArrayGetElement Retrieves a single element from a SafeArray- involving memory allocation for data retrieval. Memory Management | |
| USER32.DLL!EnableMenuItem Enables- disables- or grays a specified menu item in an application interface. System Information and Control | |
| USER32.DLL!EndDialog Ends and destroys a modal dialog box- controlling dialog processing. Process and Thread Management | |
| KERNELBASE.DLL!IsValidAcl Validates an access control list (ACL) to ensure proper security management. Registry Operations | |
| SHLWAPI.DLL!StrRStrIW This function searches for substrings within a string- focusing on text processing. File Operations | |
| SHLWAPI.DLL!PathCreateFromUrlAlloc Converts a file URL into a file path- indicating interaction with file systems. File Operations | |
| WS2_32.DLL!WSCDeinstallProvider Removes the specified transport provider from the system configuration database. Registry Operations | |
| GDI32FULL.DLL!SetTextColor This function adjusts the text color in a preview handler- primarily related to UI operations. System Information and Control | |
| OLEAUT32.DLL!VarDecAdd This function performs arithmetic operations on decimal variants- categorizing it under Memory Management due to operations on data. Memory Management | |
| SHELL32.DLL!PathGetShortPath Retrieves the short path form of a specified input path- relating to file management. File Operations | |
| KERNEL32.DLL!GetLongPathNameTransactedW Converts a file path to its long form within a transaction. File Operations | |
| KERNEL32.DLL!DeleteVolumeMountPointW Deletes a drive letter or mounted folder in the file system. File Operations | |
| USER32.DLL!CharLowerA Converts a character string to lowercase- manipulating string data in memory. Memory Management | |
| ADVAPI32.DLL!ClearEventLogA Clears a specific event log and optionally backs it up- modifying system log data. Registry Operations | |
| OLE32.DLL!OleSetContainedObject Notifies an OLE object of its embedding status within a container for reference counting. System Information and Control | |
| CRYPTSP.DLL!CryptHashSessionKey Computes the cryptographic hash of a session key object- relating to data encryption and integrity. Cryptographic Operations | |
| USER32.DLL!LoadAcceleratorsW Loads an accelerator table from an executable's resources- facilitating keyboard shortcuts in applications. DLL Injection and Manipulation | |
| USER32.DLL!EnumPropsA Enumerates properties associated with a window by invoking a callback function for each property. System Information and Control | |
| OLE32.DLL!CLIPFORMAT_UserFree Frees resources on server side during RPC operations- indicating management of memory allocated for data exchange. Memory Management | |
| OLE32.DLL!CoQueryClientBlanket Retrieves security information about the client invoking the current method. System Information and Control | |
| KERNEL32.DLL!EnumSystemFirmwareTables Enumerates system firmware tables- providing information about system hardware configurations and details. System Information and Control | |
| KERNEL32.DLL!DequeueUmsCompletionListItems Retrieves UMS worker threads from a completion list- managing thread scheduling. Process and Thread Management | |
| GDI32.DLL!FONTOBJ_cGetGlyphs Translates glyph handles into pointers to glyph data- which are memory structures. Memory Management | |
| KERNEL32.DLL!InitOnceComplete Completes one-time initialization- relevant for process synchronization. Process and Thread Management | |
| USER32.DLL!DefWindowProcA Handles default processing of window messages not processed by an application. Process and Thread Management | |
| SHELL32.DLL!SHGetIconOverlayIndexW Retrieves the index of overlay icons used in system image lists- related to file operation indicators. File Operations | |
| WINDOWS.STORAGE.DLL!IsUserAnAdmin Checks if the current user is an Administrator- controlling access permissions. System Information and Control | |
| WINMMBASE.DLL!midiStreamOut Sends a stream of MIDI data to a MIDI output device for playback. Process and Thread Management | |
| GDI32FULL.DLL!CreateICA This function creates an information context for a specified device- related to graphical device interface operations. System Information and Control | |
| GDI32FULL.DLL!CreateColorSpaceW Creates a logical color space- handling graphics context for display operations. System Information and Control | |
| KERNEL32.DLL!GetNumaProximityNode Retrieves the NUMA node number corresponding to a specified proximity domain identifier. System Information and Control | |
| KERNEL32.DLL!CreateFileTransactedA Creates or opens a file- directory- or file stream as a transacted operation for file I/O. File Operations | |
| SHLWAPI.DLL!PathMatchSpecW Searches a string using wildcard match types- particularly for file paths. File Operations | |
| RPCRT4.DLL!RpcMgmtEpEltInqNextA This function retrieves elements from an endpoint map- effectively managing network endpoints. Network Operations | |
| WSOCK32.DLL!WSAGetLastError Retrieves the error code for the last failed Windows Sockets operation- indicating issues in network operations. Network Operations | |
| GDI32FULL.DLL!TranslateCharsetInfo Translates character set information for fonts- updating a structure with relevant charset details. System Information and Control | |
| KERNEL32.DLL!GetSystemWow64DirectoryW Retrieves the path of the WOW64 system directory on 64-bit Windows. System Information and Control | |
| SHELL32.DLL!WriteCabinetState This function writes a CABINETSTATE structure to the registry- indicating registry modification. Registry Operations | |
| WINMMBASE.DLL!mmioInstallIOProcA Installs or removes a custom I/O procedure for multimedia operations. Process and Thread Management | |
| GDI32FULL.DLL!CopyEnhMetaFileW This function copies an enhanced-format metafile to a specified file. File Operations | |
| OLE32.DLL!CoGetPSClsid Retrieves the CLSID for proxy/stub DLL based on the specified interface. Registry Operations | |
| ADVAPI32.DLL!RegQueryReflectionKey This function checks if registry reflection is enabled for a specified registry key- impacting registry operations. Registry Operations | |
| OLEAUT32.DLL!VarUI1FromI8 Converts an 8-byte integer to a byte value- involving data type manipulation. Memory Management | |
| SECHOST.DLL!CredWriteA Creates or modifies user credentials in the credential store- tracking user authentication details. Registry Operations | |
| GDI32FULL.DLL!GetTextCharset Retrieves a character set identifier for the selected font in a device context. System Information and Control | |
| WINMMBASE.DLL!midiStreamStop This function stops all notes on a MIDI output device- controlling MIDI operations. Process and Thread Management | |
| OLEAUT32.DLL!LoadTypeLibEx Loads a type library and optionally registers it in the system registry. Registry Operations | |
| GDI32FULL.DLL!CreateMetaFileW Creates a device context for a Windows-format metafile- involving file creation mechanisms. File Operations | |
| KERNEL32.DLL!RtlPcToFileHeader Retrieves the base address of an image using a program counter value- relating to process management. Process and Thread Management | |
| OLEAUT32.DLL!OaBuildVersion Retrieves the build version of OLE Automation- which provides system information. System Information and Control | |
| KERNEL32.DLL!SetCommMask Monitors events for a communications device- linking directly to file I/O operations. File Operations | |
| KERNEL32.DLL!AddVectoredExceptionHandler Registers a vectored exception handler for managing exceptions in a prioritized order. Process and Thread Management | |
| KERNEL32.DLL!uaw_wcslen Retrieves size of a null-terminated Unicode string- focusing on character count. System Information and Control | |
| USER32.DLL!SendMessageW Sends a message to a specified window- involving inter-thread communication. Process and Thread Management | |
| OLEAUT32.DLL!SafeArrayAddRef Increases reference count for safe array descriptor- preventing memory from being freed prematurely. Memory Management | |
| KERNEL32.DLL!IsValidNLSVersion This function verifies the validity of a specified NLS version for internationalization purposes. System Information and Control | |
| OLEAUT32.DLL!VarDecFromI2 Converts a short value to a decimal value indicating data type manipulation. Memory Management | |
| KERNEL32.DLL!CheckTokenCapability This function checks capabilities of an access token to ensure proper permissions. System Information and Control | |
| RPCRT4.DLL!UuidHash Generates a hash value for a specified UUID. Cryptographic Operations | |
| KERNEL32.DLL!GetSystemTimeAsFileTime Retrieves current system date and time in UTC format. System Information and Control | |
| ADVAPI32.DLL!PerfEnumerateCounterSet Retrieves GUIDs for counter sets registered on the system- related to system performance metrics. System Information and Control | |
| SHELL32.DLL!OpenRegStream Opens a registry value and provides an IStream interface for reading or writing. Registry Operations | |
| KERNEL32.DLL!InterlockedPopEntrySList Removes an item from a synchronized singly linked list. Process and Thread Management | |
| OLE32.DLL!RegisterDragDrop Registers a window as a target for OLE drag-and-drop operations- involving communication with the IDropTarget interface. System Information and Control | |
| GDI32.DLL!CreatePolygonRgn This function creates a polygonal region for graphical rendering in Windows GDI. System Information and Control | |
| SHLWAPI.DLL!PathIsNetworkPathW Determines if a given path is a network resource by evaluating its format. Network Operations | |
| USER32.DLL!RealChildWindowFromPoint Retrieves a handle to the child window at a specified point. System Information and Control | |
| KERNEL32.DLL!GetCalendarInfoEx Retrieves calendar information based on locale names and identifiers. System Information and Control | |
| KERNEL32.DLL!GetProcessDEPPolicy Retrieves DEP settings for a specified process to control execution prevention. Process and Thread Management | |
| USER32.DLL!DlgDirSelectComboBoxExA Retrieves the user-selected file or directory from a combo box in a dialog. File Operations | |
| KERNEL32.DLL!GetEnvironmentStringsW Retrieves environment variables for the current process- indicating how the system manages process-level data. System Information and Control | |
| OLE32.DLL!OleConvertIStorageToOLESTREAM Converts OLE 2 structured storage to OLE 1 storage object model- managing data representation. File Operations | |
| KERNEL32.DLL!SetEvent Sets an event object to the signaled state for thread synchronization. Process and Thread Management | |
| ADVAPI32.DLL!QueryTraceW Retrieves property settings and session statistics for event tracing sessions. System Information and Control | |
| WINMMBASE.DLL!midiInGetErrorTextA Retrieves a textual description for a specified MIDI error code. System Information and Control | |
| GDI32FULL.DLL!ScriptGetGlyphABCWidth Retrieves the ABC width of a glyph- related to text rendering operations. System Information and Control | |
| USER32.DLL!EnumWindows Enumerates all top-level windows on the screen- requiring interaction with window handles. System Information and Control | |
| KERNEL32.DLL!OutputDebugStringW Sends a string to the debugger for display- handling Unicode input. System Information and Control | |
| KERNEL32.DLL!ClearCommError Retrieves communication error info and status for devices- resetting error flags for I/O operations. System Information and Control | |
| WINMMBASE.DLL!mmioSetBuffer Configures buffered I/O for files- enabling internal or user-defined buffers. File Operations | |
| SHELL32.DLL!SHFree This function releases memory previously allocated- which is crucial for memory management. Memory Management | |
| RPCRT4.DLL!RpcSmSetThreadHandle This function sets a thread handle for memory management in RPC environments. Process and Thread Management | |
| USER32.DLL!DispatchMessageW Dispatches messages to window procedures- facilitating message handling in Windows applications. System Information and Control | |
| KERNEL32.DLL!GetPackageInfo Retrieves package information for specified apps- facilitating app management. System Information and Control | |
| KERNEL32.DLL!SetMailslotInfo Sets time-out for reading from a mailslot- affecting inter-process communication timing. Network Operations | |
| OLEAUT32.DLL!SafeArrayGetElemsize Retrieves the size of an element in a safe array. Memory Management | |
| COMCTL32.DLL!DPA_DeletePtr This function removes an item from a dynamic pointer array- thus managing memory automatically. Memory Management | |
| SHELL32.DLL!ExtractAssociatedIconExW Retrieves a handle to an icon from a file or associated executable. File Operations | |
| GDI32FULL.DLL!GetCharWidthFloatA Retrieves fractional widths of characters from the current font in a specified range. System Information and Control | |
| CRYPTSP.DLL!CryptVerifySignatureA Verifies the signature of a hash object using a public key- ensuring data integrity. Cryptographic Operations | |
| SHLWAPI.DLL!StrCmpCW Compares two strings using collation rules- determining their order. System Information and Control | |
| KERNEL32.DLL!AddSIDToBoundaryDescriptor This function adds a security identifier (SID) to a boundary descriptor- impacting security contexts. Registry Operations | |
| KERNEL32.DLL!OpenEventA This function opens an existing named event object for inter-process synchronization. Process and Thread Management | |
| KERNEL32.DLL!CreateHardLinkTransactedA Establishes a hard link between an existing file and a new file as a transacted operation. File Operations | |
| KERNEL32.DLL!SetFileShortNameW Sets or removes the short name for a specified file on an NTFS volume. File Operations | |
| USER32.DLL!CreateMDIWindowW Creates an MDI child window- facilitating user interface management like opening multiple documents in a single window. Process and Thread Management | |
| NTDLL.DLL!NtWaitForSingleObject Waits for an object to be signaled- managing thread synchronization. Process and Thread Management | |
| SHLWAPI.DLL!StrSpnW This function analyzes a string for characters- relating to memory operations involving substring length. Memory Management | |
| KERNEL32.DLL!ApplicationRecoveryFinished Indicates that an application has completed data recovery; relates to process control during recovery. System Information and Control | |
| KERNEL32.DLL!DeleteVolumeMountPointA Deletes a drive letter or mounted folder- impacting file system structure. File Operations | |
| KERNEL32.DLL!GetProfileSectionW Retrieves keys and values from the Win.ini file- involving file reading operations. File Operations | |
| KERNEL32.DLL!TlsSetValue Stores a value in the calling thread's thread local storage slot for the specified TLS index. Process and Thread Management | |
| ADVAPI32.DLL!AccessCheckByTypeAndAuditAlarmA This function checks access rights against a security descriptor for the impersonated client. Registry Operations | |
| USER32.DLL!GetMenuItemInfoA Retrieves information about a menu item- providing a way to interact with user interface elements. System Information and Control | |
| KERNEL32.DLL!EnumCalendarInfoExEx Enumerates calendar information for a specified locale using a callback function. System Information and Control | |
| GDI32FULL.DLL!CreateDIBPatternBrush Creates a logical brush from a device-independent bitmap for graphical operations. File Operations | |
| OLEAUT32.DLL!VarI4FromI8 Converts an 8-byte integer value to a long value. Memory Management | |
| SHLWAPI.DLL!IStream_WritePidl Writes a PIDL to an IStream object- relating to file and item identifier management. File Operations | |
| OLEAUT32.DLL!LPSAFEARRAY_UserMarshal64 Marshals data from SAFEARRAY objects to RPC buffers for client-server communication. Memory Management | |
| KERNEL32.DLL!GetProcessWorkingSetSize Retrieves minimum and maximum working set sizes for a specified process- affecting its memory management. Memory Management | |
| GDI32FULL.DLL!EnumICMProfilesW Enumerates different output color profiles for a device context- returning matching profiles. System Information and Control | |
| KERNEL32.DLL!GetProcessHeap Retrieves a handle to the default heap of the calling process for memory allocation. Memory Management | |
| GDI32FULL.DLL!Polygon The function draws a polygon using device context and vertex points- primarily for graphical output. System Information and Control | |
| KERNEL32.DLL!SetDynamicTimeZoneInformation Updates current time zone and daylight saving settings affecting system time translation. System Information and Control | |
| KERNEL32.DLL!EnumCalendarInfoA This function enumerates calendar information based on locale identifiers- providing system calendar data. System Information and Control | |
| SHLWAPI.DLL!PathIsUNCW Determines if a path string is a valid UNC path format rather than a drive-based path. File Operations | |
| USER32.DLL!GetPointerType Retrieves the type of a specified pointer used in input processing. System Information and Control | |
| USER32.DLL!GetDoubleClickTime Retrieves the current double-click time for mouse input. System Information and Control | |
| OLE32.DLL!CoGetCurrentProcess Returns a unique identifier for the current thread- aiding in thread management and identification. Process and Thread Management | |
| USER32.DLL!GetWindowTextLengthW Retrieves the length of the title bar text of a specified window or control. System Information and Control | |
| KERNEL32.DLL!GetEnvironmentVariableW Retrieves the specified environment variable's value from the calling process's environment block. System Information and Control | |
| NTDLL.DLL!NtQueryObject Retrieves various kinds of information about Windows objects- indicating the object's type and attributes. System Information and Control | |
| SHLWAPI.DLL!StrStrNW This function searches for a substring within a string- indicating manipulation of string data. Memory Management | |
| ADVAPI32.DLL!LookupAccountNameA Retrieves a security identifier (SID) for a specified account name on the local system or domain. System Information and Control | |
| WINMMBASE.DLL!mmioOpenA Opens- creates- deletes- or checks for the existence of a file. File Operations | |
| OLEAUT32.DLL!RegisterTypeLib This function adds type library information to the system registry. Registry Operations | |
| USER32.DLL!DestroyAcceleratorTable Destroys an accelerator table by handle- managing keyboard accelerators within a user interface. Process and Thread Management | |
| SHELL32.DLL!SHGetDriveMedia Determines the media type present in a specified drive. System Information and Control | |
| KERNEL32.DLL!GlobalLock This function locks a global memory object- indicating it falls under memory management. Memory Management | |
| WINDOWS.STORAGE.DLL!SHSetTemporaryPropertyForItem Sets a temporary property for an IShellItem without modifying the item permanently. Registry Operations | |
| KERNEL32.DLL!FindVolumeMountPointClose Closes a handle used for searching mounted folders on a volume. File Operations | |
| SHLWAPI.DLL!PathIsPrefixA This function checks if a given path starts with a specified prefix. File Operations | |
| USER32.DLL!SendDlgItemMessageW Sends messages to a specified control in a dialog box for user interaction. Process and Thread Management | |
| USER32.DLL!DdeCmpStringHandles Compares two string handle values in a case-insensitive manner for Data Exchange. System Information and Control | |
| USER32.DLL!GetRawInputBuffer Reads raw input messages from the message queue- providing data about keyboard and mouse activity. System Information and Control | |
| SHLWAPI.DLL!PathUnExpandEnvStringsW Replaces folder names in a path with their environment strings- affecting how paths are interpreted. File Operations | |
| KERNEL32.DLL!QueueUserWorkItem Queues a work item to a worker thread in the thread pool. Process and Thread Management | |
| SHLWAPI.DLL!PathRelativePathToW Creates a relative path between two file paths in the filesystem. File Operations | |
| KERNEL32.DLL!GetVersion Retrieves the SDK version number for Windows Media Format profiles. System Information and Control | |
| KERNEL32.DLL!IsValidLanguageGroup Determines if a specified language group is installed or supported in the operating system. System Information and Control | |
| SHCORE.DLL!SHUnicodeToAnsi Converts Unicode strings to ANSI- involving character encoding operations. Memory Management | |
| USER32.DLL!PrivateExtractIconsA Extracts handles to icons from specified files- managing icon resources efficiently. File Operations | |
| SECHOST.DLL!QueryServiceConfig2W Retrieves the configuration parameters of a specified service from the service control manager. System Information and Control | |
| OLEAUT32.DLL!VarDecFromI4 Converts a long value to a decimal value- involving data type manipulation. Memory Management | |
| KERNEL32.DLL!RtlLookupFunctionEntry Searches function tables for entries based on PC value- aiding in debugging and control flow analysis. System Information and Control | |
| OLEAUT32.DLL!VarR8Pow This function performs mathematical operations on double variants- categorizing as Memory Management due to variable handling. Memory Management | |
| RPCRT4.DLL!RpcBindingCreateA Creates a binding handle for RPC- facilitating remote communication setup. Network Operations | |
| ITfMessagePump::GetMessageW Obtains messages from the message queue related to window events. Process and Thread Management | |
| KERNEL32.DLL!RegDeleteKeyExA Deletes a subkey and its values from the Windows registry. Registry Operations | |
| KERNEL32.DLL!ReleaseSemaphoreWhenCallbackReturns Manages semaphore signaling in thread pool callbacks upon completion. Process and Thread Management | |
| GDI32.DLL!HT_Get8BPPMaskPalette This function retrieves a palette for an 8-bits-per-pixel device type- related to display management. System Information and Control | |
| IShellMenu::GetMenuInfo Retrieves information about a shell menu initialized by IShellMenu::Initialize- concerning menu properties. System Information and Control | |
| KERNEL32.DLL!Wow64SetThreadContext Sets the context of a specified WOW64 thread- managing its execution state. Process and Thread Management | |
| KERNELBASE.DLL!AddAccessDeniedAce Adds an access-denied ACE to an ACL- controlling access to security identifiers. Registry Operations | |
| GDI32FULL.DLL!ScriptGetFontScriptTags Retrieves font script information for OpenType processing- managing font data access. File Operations | |
| KERNEL32.DLL!SetFileApisToANSI Configures file I/O functions to use the ANSI code page in the current process. File Operations | |
| USER32.DLL!IsCharLowerW This function checks if a character is lowercase- influencing how strings are processed. System Information and Control | |
| WS2_32.DLL!WSAAdvertiseProvider Makes a namespace version-2 provider available to clients- facilitating network communication. Network Operations | |
| GDI32FULL.DLL!LPtoDP Converts logical coordinates to device coordinates based on device context settings. System Information and Control | |
| USER32.DLL!PtInRect This function checks if a point is inside a specified rectangle- related to graphical user interface tasks. System Information and Control | |
| KERNELBASE.DLL!AccessCheckByTypeAndAuditAlarmW Validates access rights against a security descriptor- with potential audit log generation. Registry Operations | |
| RPCRT4.DLL!MesIncrementalHandleReset This function re-initializes a handle for serialization operations. Memory Management | |
| USER32.DLL!DdeReconnect Reestablishes communication with a service after termination of a conversation in DDEML. Process and Thread Management | |
| OLE32.DLL!OleFlushClipboard Finalizes clipboard operations and releases IDataObject pointer- allowing data persistence post-application closure. Registry Operations | |
| OLE32.DLL!CoDisconnectObject Disconnects remote process connections for specified interface pointers- managing client-server communication. Process and Thread Management | |
| KERNEL32.DLL!HeapSize Retrieves the size of a memory block allocated from a heap- used in memory management. Memory Management | |
| USER32.DLL!SystemParametersInfoW Retrieves or sets the system-wide parameters- affecting system settings like appearance and accessibility. System Information and Control | |
| SHLWAPI.DLL!PathIsURLA Validates if a string follows a proper URL format. Network Operations | |
| KERNEL32.DLL!CreateThreadpoolWait This function creates a wait object for thread pool callbacks- managing thread execution. Process and Thread Management | |
| RPCRT4.DLL!RpcEpRegisterA Registers or updates server address information in the endpoint-map database for RPC. Network Operations | |
| WINMMBASE.DLL!midiInGetNumDevs Retrieves the number of MIDI input devices in the system. System Information and Control | |
| ADVAPI32.DLL!GetCurrentHwProfileA Retrieves current hardware profile information including GUID and docking state. System Information and Control | |
| KERNEL32.DLL!SetSearchPathMode Sets how the SearchPath function locates files based on defined per-process modes. File Operations | |
| SHLWAPI.DLL!StrCatW Appends one string to another- potentially leading to buffer overruns. Memory Management | |
| IOleInPlaceSiteWindowless::ReleaseDC Releases a device context obtained for drawing operations- indicating it is part of memory management. Memory Management | |
| USER32.DLL!EnumChildWindows This function enumerates child windows of a specified parent window- impacting process and thread management. Process and Thread Management | |
| GDI32.DLL!STROBJ_bEnum This function enumerates glyph identities and positions- which relates to graphical display operations. System Information and Control | |
| CRYPTSP.DLL!CryptSetProviderExW Configures the default cryptographic service provider for a specified user or machine context. Cryptographic Operations | |
| ADVAPI32.DLL!LookupSecurityDescriptorPartsW Retrieves security information from a self-relative security descriptor- including ownership and access control entries. Registry Operations | |
| OLE32.DLL!ReadFmtUserTypeStg Reads clipboard format and user type from a storage object- related to structured storage operations. File Operations | |
| KERNEL32.DLL!QueryActCtxW Queries activation context- providing detailed information about assemblies and their compatibility. System Information and Control | |
| KERNEL32.DLL!GetTempPathA Retrieves the path to the temporary files directory. File Operations | |
| KERNEL32.DLL!GetAppContainerNamedObjectPath Retrieves the named object path used for app containers- related to access control and security context. Registry Operations | |
| RPCRT4.DLL!MesDecodeBufferHandleCreate Creates a decoding handle for a buffer style of serialization- managing buffer initialization. Memory Management | |
| OLE32.DLL!PropVariantClear This function clears a PROPVARIANT structure- managing the memory associated with it. Memory Management | |
| OLEAUT32.DLL!VarUI8FromDec Converts a decimal value to an 8-byte unsigned integer- related to data type manipulation. Memory Management | |
| USER32.DLL!GetMessagePos Retrieves cursor position for the last message fetched- indicating system interaction. System Information and Control | |
| KERNEL32.DLL!SetCommTimeouts Sets time-out parameters for read/write operations on a communications device. File Operations | |
| NTDLL.DLL!RtlInterlockedPushEntrySList Inserts an item in a synchronized singly linked list- ensuring safe access in multiprocessor environments. Process and Thread Management | |
| KERNEL32.DLL!UnhandledExceptionFilter Manages unhandled exceptions- interacting with the debugger- and controls error handling. Process and Thread Management | |
| COMCTL32.DLL!DPA_Merge Combines two dynamic pointer arrays- involving operations on data structures. Memory Management | |
| OLEAUT32.DLL!VarUI8FromR8 Converts a double to an 8-byte unsigned integer. Memory Management | |
| WINMMBASE.DLL!waveOutGetPosition Retrieves the current playback position of a waveform-audio output device. System Information and Control | |
| KERNEL32.DLL!GetCurrentProcess Retrieves a pseudo handle for the current process- essential for process management operations. Process and Thread Management | |
| KERNEL32.DLL!GetApplicationRestartSettings This function retrieves restart information for a specified process- pertaining to process management. Process and Thread Management | |
| KERNEL32.DLL!LocalHandle Retrieves a handle for a local memory object using a pointer- involving memory management processes. Memory Management | |
| KERNEL32.DLL!SetThreadSelectedCpuSetMasks Assigns specific CPU sets to a thread- affecting process and thread scheduling. Process and Thread Management | |
| USER32.DLL!DrawTextExA Draws formatted text within a specified rectangle using specified formatting options. File Operations | |
| GDI32FULL.DLL!GetBoundsRect This function retrieves the accumulated bounding rectangle for a device context- relating to graphical representation and operations. System Information and Control | |
| GDI32.DLL!CreateRectRgnIndirect This function creates a rectangular region for graphical operations- hence related to memory and graphical resource management. Memory Management | |
| SHELL32.DLL!Shell_NotifyIconW Sends messages to manage taskbar notification icons- handling addition- modification- and deletion of icons. Process and Thread Management | |
| SECHOST.DLL!QueryServiceDynamicInformation Retrieves dynamic information about a service's start- indicating system service management. System Information and Control | |
| KERNEL32.DLL!FindNextVolumeW Continues a volume search initiated by FindFirstVolume- retrieving the next volume's GUID path. File Operations | |
| SHELL32.DLL!SHGetPropertyStoreFromIDList Retrieves an object from a PIDL- interacting with property storage interfaces. System Information and Control | |
| USER32.DLL!SetGestureConfig Configures window messages for touch gestures- affecting how gestures are interpreted by the system. System Information and Control | |
| WINMMBASE.DLL!mixerGetControlDetailsW Retrieves details about audio control associated with a mixer device. System Information and Control | |
| SHLWAPI.DLL!SHRegQueryUSValueW Retrieves type and data for a registry value under user-specific registry keys. Registry Operations | |
| OLEAUT32.DLL!VarR8FromDate Converts date values to double- focusing on type conversion rather than data storage or retrieval. System Information and Control | |
| KERNEL32.DLL!GetPackagesByPackageFamily Retrieves package information based on the family name for the current user. System Information and Control | |
| ADVAPI32.DLL!RegConnectRegistryW Connects to a registry key on a remote or local computer- useful for registry operations. Registry Operations | |
| SECHOST.DLL!RemoveTraceCallback Stops an EventCallback from receiving events- affecting trace event management. System Information and Control | |
| RPCRT4.DLL!RpcServerUseProtseqW Registers a protocol sequence for receiving remote procedure calls- facilitating network communication. Network Operations | |
| USER32.DLL!HideCaret Hides the caret from the screen without destroying it- managing UI elements. System Information and Control | |
| RPCRT4.DLL!MesHandleFree Freeing memory allocated by a serialization handle indicates memory management functions. Memory Management | |
| RPCRT4.DLL!NdrDllCanUnloadNow Determines if the proxy and stub DLL can be unloaded from memory. DLL Injection and Manipulation | |
| RPCRT4.DLL!RpcStringFreeA This function frees memory allocated for a character string by the RPC runtime library. Memory Management | |
| WINMMBASE.DLL!midiInMessage Sends a message to the MIDI device driver for communication. Network Operations | |
| KERNEL32.DLL!InitializeCriticalSectionEx Initializes a critical section for thread synchronization within a process. Process and Thread Management | |
| KERNELBASE.DLL!AccessCheckByType Checks if a security descriptor allows specified access rights to a client using an access token. System Information and Control | |
| RPCRT4.DLL!NdrSimpleTypeMarshall The function marshalls data types for Remote Procedure Calls (RPC)- affecting data handling and transmission. Network Operations | |
| GDI32FULL.DLL!EngGetDriverName Returns the name of the driver's DLL using a GDI handle associated with a device. System Information and Control | |
| ITextDocument2::GetClientRect Retrieves the client rectangle coordinates of the rich edit control. System Information and Control | |
| SHELL32.DLL!SHGetSettings Retrieves the current Shell option settings related to desktop behavior and user preferences. System Information and Control | |
| KERNEL32.DLL!RegDeleteTreeW Deletes registry subkeys and values recursively- requiring access rights. Registry Operations | |
| WS2_32.DLL!WPUCompleteOverlappedRequest Notifies the completion of overlapped I/O operations on service provider sockets- highlighting network I/O interactions. Network Operations | |
| USER32.DLL!GetDC Provides a device context handle for drawing on a screen or compatible device. System Information and Control | |
| GDI32.DLL!EngStretchBlt Performs a stretching bit-block transfer for image rendering- involving various surface operations. File Operations | |
| USER32.DLL!GetIconInfo Retrieves information about an icon or cursor- managing bitmap resources associated with it. System Information and Control | |
| SHLWAPI.DLL!UrlHashA Hashes a URL string into a byte array for security purposes. Cryptographic Operations | |
| OLE32.DLL!CoHandlePriorityEventsFromMessagePump Facilitates high-priority COM calls between Windows message dispatching- improving responsiveness. Process and Thread Management | |
| SHELL32.DLL!SHGetDiskFreeSpaceExW Retrieves disk space information for a specified volume- including free and total bytes. File Operations | |
| KERNEL32.DLL!GetPrivateProfileIntW Retrieves an integer from a specified section of an initialization file- representing file operation. File Operations | |
| ADVAPI32.DLL!GetNumberOfEventLogRecords Retrieves the number of records from a specified event log- thus involving system log management. System Information and Control | |
| USER32.DLL!LoadBitmapW Loads specified bitmap resource from a module's executable file for graphical display. File Operations | |
| SHLWAPI.DLL!StrChrIW Searches for a character in a string- primarily focused on string manipulation. System Information and Control | |
| KERNEL32.DLL!SetPriorityClass Sets the priority class of a specified process- affecting thread scheduling. Process and Thread Management | |
| KERNEL32.DLL!CreateMailslotW Creates a mailslot for inter-process communication and returns a handle for operations on it. Network Operations | |
| USER32.DLL!wvsprintfA Writes formatted data to a buffer using argument list and format specifications. Memory Management | |
| OLEAUT32.DLL!SafeArrayGetDim This function retrieves the dimension count of a safe array- relevant for memory management. Memory Management | |
| ADVAPI32.DLL!ReadEventLogW Reads entries from the specified event log- adjusting read position after completion. System Information and Control | |
| SHCORE.DLL!SHQueryValueExA Opens a registry key and queries it for a specific value. Registry Operations | |
| OLE32.DLL!HGLOBAL_UserFree64 Frees resources allocated for RPC operations- indicating management of memory resources. Memory Management | |
| USER32.DLL!GetWindowWord Retrieves a specified DWORD value from the extra memory of a window structure. System Information and Control | |
| RPCRT4.DLL!UuidCreateNil The UuidCreateNil function generates a nil UUID for use in RPC contexts. Cryptographic Operations | |
| GDI32.DLL!FONTOBJ_vGetInfo Retrieves information about an associated font- related to display device management. System Information and Control | |
| KERNEL32.DLL!ClosePrivateNamespace Closes an open namespace handle- potentially affecting resource allocation and access control. System Information and Control | |
| GDI32FULL.DLL!GetDCPenColor Retrieves the current pen color for a device context. System Information and Control | |
| OLE32.DLL!OleSetAutoConvert This function modifies registry entries to enable automatic conversion of object classes. Registry Operations | |
| SHLWAPI.DLL!UrlFixupW Corrects a malformed URL by altering its protocol identifier for proper format. Network Operations | |
| KERNEL32.DLL!IsBadStringPtrW Verifies read access to a specified memory range- indicative of memory management operations. Memory Management | |
| OLE32.DLL!CreateFileMoniker Creates a moniker for file-based objects for identification and management in COM. File Operations | |
| GDI32FULL.DLL!DeleteMetaFile Deletes a Windows-format metafile or handle- affecting file resources stored in memory or on disk. File Operations | |
| RPCRT4.DLL!RpcSsFree Releases memory allocated by RpcSsAllocate function. Memory Management | |
| USER32.DLL!SetPropW Modifies a window's property list- allowing for data association with a specific window. System Information and Control | |
| USER32.DLL!CopyRect Copies the coordinates of one rectangle to another- involved with graphical rendering. System Information and Control | |
| USER32.DLL!EnumPropsExA Enumerates properties associated with a window- invoking a callback for each entry. System Information and Control | |
| OLEAUT32.DLL!VarR4FromUI8 Converts an 8-byte unsigned integer to a float. Memory Management | |
| KERNEL32.DLL!CreateProcessAsUserA Creates a new process in the security context of a specified user token. Process and Thread Management | |
| KERNEL32.DLL!GetDevicePowerState Retrieves the power state of a device- impacting how the system operates with energy efficiency. System Information and Control | |
| USER32.DLL!SendInput Synthesizes user input such as keystrokes and mouse actions to simulate user actions programmatically. Hooking and Interception | |
| OLEAUT32.DLL!VarI2FromDate Converts a date value to a short value- primarily dealing with data conversion. Memory Management | |
| OLE32.DLL!ObjectStublessClient17 A stub function related to COM proxies- supporting interface marshaling. DLL Injection and Manipulation | |
| OLE32.DLL!CoQueryAuthenticationServices Retrieves registered authentication services- allowing applications to understand available security mechanisms. System Information and Control | |
| OLEAUT32.DLL!SafeArrayUnlock Decrements the lock count for arrays- allowing for memory management on the allocated array. Memory Management | |
| KERNEL32.DLL!ConvertFiberToThread Converts the current fiber into a thread- managing execution contexts. Process and Thread Management | |
| GDI32FULL.DLL!GetCharacterPlacementW Retrieves detailed character string information such as widths and positioning- mainly focused on text rendering. System Information and Control | |
| USER32.DLL!IsRectEmpty This function checks if a rectangle has no area- primarily dealing with graphical object dimensions. System Information and Control | |
| COMCTL32.DLL!SetWindowSubclass Installs or updates a window subclass callback to manage window messages. Hooking and Interception | |
| KERNEL32.DLL!WerRegisterCustomMetadata Registers app-specific metadata for Windows Error Reporting- integrating telemetry with crash reports. System Information and Control | |
| USER32.DLL!GetPointerFrameTouchInfo Retrieves frame of touch input data for specified pointers related to pointer messages. Input Operations | |
| KERNEL32.DLL!SetFileApisToOEM Adjusts file I/O functions to use the OEM character set code page for compatibility. File Operations | |
| KERNEL32.DLL!GetDiskSpaceInformationA Retrieves disk space details for a specified volume path. File Operations | |
| USER32.DLL!InvertRect Inverts colors of a rectangle in a window using a logical NOT operation on pixel values. System Information and Control | |
| KERNEL32.DLL!CheckTokenMembershipEx Determines if a SID is enabled in an access token for security verification. System Information and Control | |
| OLEAUT32.DLL!VarCyFromDate Converts a date to a currency value- indicating data type conversion. Memory Management | |
| KERNEL32.DLL!InitializeSRWLock Initializes a slim reader/writer lock for synchronization in multi-threaded applications. Process and Thread Management | |
| RPCRT4.DLL!RpcServerTestCancel Tests for cancel requests from clients for an ongoing RPC call. Process and Thread Management | |
| USER32.DLL!GetPointerFrameInfo Retrieves an entire frame of pointer input information associated with a specified pointer message. System Information and Control | |
| OLEAUT32.DLL!VarUI1FromDate Converts a date value to an unsigned char value. Memory Management | |
| KERNEL32.DLL!ClosePackageInfo Closes a reference to package information- indicating management of application packaging resources. Process and Thread Management | |
| KERNEL32.DLL!IsThreadpoolTimerSet This function checks if a timer in the thread pool is set- relating to Process and Thread Management. Process and Thread Management | |
| USER32.DLL!GetMonitorInfoA Retrieves information about a display monitor- helping in system information retrieval. System Information and Control | |
| SHELL32.DLL!PifMgr_OpenProperties Opens a .pif file and returns a handle to application properties- focusing on file management. File Operations | |
| GDI32FULL.DLL!FrameRgn Draws a border around a specified region using a brush in a device context- related to graphical operations. System Information and Control | |
| KERNEL32.DLL!GetUserDefaultUILanguage Returns the language identifier for the user UI language for the current user- relating to system localization. System Information and Control | |
| OLEAUT32.DLL!VarI2FromI1 Converts a char value to a short value; primarily deals with data type manipulation. Memory Management | |
| WINMMBASE.DLL!waveOutRestart Resumes playback on a paused waveform-audio output device- involving control over audio output processes. Process and Thread Management | |
| SECHOST.DLL!CloseServiceHandle Closes a handle to a service control manager or service object- impacting service management. Process and Thread Management | |
| USER32.DLL!GetPointerDevices Retrieves information about the pointer devices connected to the system. System Information and Control | |
| KERNEL32.DLL!PssDuplicateSnapshot This function duplicates a snapshot handle between processes- indicating process and thread management functions. Process and Thread Management | |
| USER32.DLL!GetGestureInfo Retrieves gesture information using a handle to the gesture- operating within the system. System Information and Control | |
| OLEAUT32.DLL!VariantInit Initializes a VARIANT variable- preparing it for use without manipulating any existing data. Memory Management | |
| USER32.DLL!LoadCursorA Loads a cursor resource from an application executable- manipulating user interface elements. DLL Injection and Manipulation | |
| OLEAUT32.DLL!VarI4FromStr Converts an OLECHAR string to a long value indicating data type conversion. Memory Management | |
| OLE32.DLL!ReadClassStg Reads CLSID from a storage object- categorizing it under File Operations. File Operations | |
| KERNELBASE.DLL!AddAccessDeniedObjectAce Adds an access control entry to deny access to a specific object or property in a DACL. Registry Operations | |
| SHELL32.DLL!PathIsSlowW Determines if a file path is on a high-latency network connection. Network Operations | |
| KERNEL32.DLL!SetFirmwareEnvironmentVariableW Sets the value of a firmware environment variable- directly interacting with system firmware settings. Registry Operations | |
| SHLWAPI.DLL!StrToInt64ExA Converts a string representation of decimal or hexadecimal values to a 64-bit integer. Memory Management | |
| ADVAPI32.DLL!RegReplaceKeyW Replaces the file backing a registry key and all its subkeys- manipulating registry data. Registry Operations | |
| USER32.DLL!AdjustWindowRect Calculates window rectangle size based on client area size for window creation. System Information and Control | |
| GDI32FULL.DLL!ArcTo Draws an elliptical arc in the specified device context. System Information and Control | |
| USER32.DLL!GetActiveWindow Retrieves the handle of the active window for the calling thread's message queue. System Information and Control | |
| SHELL32.DLL!SHSimpleIDListFromPath Converts a file path to an ITEMIDLIST structure pointer. File Operations | |
| OLEAUT32.DLL!VarI1FromUI4 Converts an unsigned long to a char value- demonstrating data type manipulation. Memory Management | |
| ITfMessagePump::PeekMessageW Retrieves messages from the message queue for the designated window- crucial for message handling. Process and Thread Management | |
| KERNEL32.DLL!DeactivateActCtx Deactivates an activation context identified by a cookie- manipulating the context stack. DLL Injection and Manipulation | |
| KERNEL32.DLL!CreateTapePartition This function reformats a tape by creating partitions on it. File Operations | |
| OLEAUT32.DLL!VarCyMul Multiplies currency variants- dealing with data types rather than operations on files or systems. Memory Management | |
| KERNEL32.DLL!GetFirmwareEnvironmentVariableExA Retrieves values of specified firmware environment variables and attributes. System Information and Control | |
| WS2_32.DLL!WSCUpdateProvider Modifies transport provider settings in the configuration database for Winsock. Registry Operations | |
| IImageList::SetBkColor Sets the background color for an image list. System Information and Control | |
| VERTDLL.DLL!PrivilegeCheck Checks if specified privileges are enabled in an access token. System Information and Control | |
| USER32.DLL!DestroySyntheticPointerDevice This function destroys a pointer injection device- managing input devices directly. Process and Thread Management | |
| WS2_32.DLL!WSADuplicateSocketA Duplicates a socket for shared use between processes. Enables inter-process communication via socket descriptors. Network Operations | |
| KERNEL32.DLL!GetThreadGroupAffinity Retrieves processor group affinity of a specified thread based on its handle. Process and Thread Management | |
| GDI32FULL.DLL!EngComputeGlyphSet Computes the glyph set supported on a device based on character codes and code pages. Memory Management | |
| WMI.DLL!GetTraceLoggerHandle Retrieves the handle of an event tracing session for writing events. System Information and Control | |
| KERNEL32.DLL!CeipIsOptedIn Checks user participation in data collection for Customer Experience Improvement Program. System Information and Control | |
| RPCRT4.DLL!RpcNetworkIsProtseqValidW This function checks if a protocol sequence is supported for remote procedure calls. Network Operations | |
| COMCTL32.DLL!ImageList_DragEnter Displays a drag-and-drop image at a specified position within a window. System Information and Control | |
| KERNEL32.DLL!Heap32First Retrieves information about the first block of a heap allocated by a process. Memory Management | |
| RPCRT4.DLL!NdrUserMarshalUnmarshall This function unmarshals user data for RPC- aiding data conversion and interpretation. Memory Management | |
| RPCRT4.DLL!RpcMgmtSetServerStackSize Specifies the stack size for threads in RPC server applications. Process and Thread Management | |
| COMCTL32.DLL!DPA_GetPtrIndex Retrieves the index of an item in a dynamic pointer array- managing memory references. Memory Management | |
| SHLWAPI.DLL!SHMessageBoxCheckA Displays a message box with options for user suppression; records responses in the registry. Registry Operations | |
| CInstance::GetWCHAR Retrieves a WCHAR string property from the CInstance class. Memory Management | |
| RPCRT4.DLL!UuidEqual Compares two UUIDs to check for equality- related to managing identifiers in RPC. System Information and Control | |
| USER32.DLL!MapVirtualKeyExW This function maps virtual-key codes- enabling keyboard input translation based on locale and input language. System Information and Control | |
| OLE32.DLL!DoDragDrop Executes an OLE drag and drop action between a data source and a target. Process and Thread Management | |
| USER32.DLL!IsCharLowerA Determines if a character is lowercase based on language settings. System Information and Control | |
| WS2_32.DLL!WSAGetServiceClassNameByClassIdA Retrieves the service name associated with a specified service type handling socket information. Network Operations | |
| KERNEL32.DLL!CancelWaitableTimer Activates the inactive state of a waitable timer object to manage synchronization. Process and Thread Management | |
| OLE32.DLL!ObjectStublessClient5 This function is a stub for COM proxies- related to marshaling interfaces in RPC. DLL Injection and Manipulation | |
| WINMMBASE.DLL!midiOutCacheDrumPatches Requests that an internal MIDI synthesizer device preload and cache percussion patches. System Information and Control | |
| OLEAUT32.DLL!VarI8FromUI8 Converts an unsigned 8-byte integer to an 8-byte integer- involving data manipulation. Memory Management | |
| OLE32.DLL!CoGetMarshalSizeMax Determines size for marshaling interface pointers- querying required sizes for inter-process communication. Memory Management | |
| OLE32.DLL!OleRegGetMiscStatus Retrieves miscellaneous behavior information about a class identified by its CLSID from the registry. Registry Operations | |
| SHELL32.DLL!Shell_NotifyIconA Sends messages to manage taskbar icons including adding- modifying- and deleting icons. System Information and Control | |
| NTDLL.DLL!RtlUnicodeStringToOemString Converts a Unicode string to an OEM string- indicating string manipulation and character encoding. Memory Management | |
| KERNEL32.DLL!GetLogicalDriveStringsA Retrieves valid drive names in the system- allowing interaction with file systems. File Operations | |
| RPCRT4.DLL!RpcRevertToSelf Ends client impersonation and reestablishes the server's security identity. System Information and Control | |
| RPCRT4.DLL!NdrComplexArrayMarshall This function marshals data into a network buffer- facilitating communication in RPC. Network Operations | |
| KERNEL32.DLL!SetVolumeMountPointA This function associates a volume with a drive letter or directory- managing file storage locations. File Operations | |
| WINDOWS.STORAGE.DLL!AssocGetDetailsOfPropKey Retrieves property values related to file associations. Registry Operations | |
| RPCRT4.DLL!NdrStubCall3 NdrStubCall3 facilitates RPC communication between client and server applications. Process and Thread Management | |
| KERNELBASE.DLL!AddAccessAllowedAce Adds an access-allowed access control entry to an access control list for security management. Registry Operations | |
| WINMMBASE.DLL!waveOutOpen Opens a waveform-audio output device for playback- involving device access and configuration. System Information and Control | |
| KERNEL32.DLL!CreateFile2 Creates or opens a file or I/O device- allowing for various types of I/O operations. File Operations | |
| OLE32.DLL!OleRegEnumFormatEtc Enumerates data formats registered by an OLE object server- interacting with the system registry. Registry Operations | |
| KERNEL32.DLL!OpenThread Opens an existing thread object- allowing manipulation and access to the thread's properties. Process and Thread Management | |
| KERNELBASE.DLL!CreateWellKnownSid Creates a Security Identifier (SID) for predefined aliases- impacting system security management. System Information and Control | |
| USER32.DLL!MessageBoxExA Creates and displays a message box- managing user interactions. System Information and Control | |
| NTDLL.DLL!RtlFreeOemString Frees memory allocated for an OEM string- indicating a memory management function. Memory Management | |
| OLE32.DLL!OleBuildVersion This function retrieves the build version information- typically used for system information purposes. System Information and Control | |
| OLE32.DLL!CLIPFORMAT_UserUnmarshal Unmarshals a CLIPFORMAT object from the RPC buffer- handling data transfer between processes. Process and Thread Management | |
| KERNEL32.DLL!LoadLibraryW Loads a specified module into the process's address space- affecting executing processes. DLL Injection and Manipulation | |
| SHELL32.DLL!SHFreeNameMappings Frees a file name mapping object from SHFileOperation- managing file name memory cleanup. Memory Management | |
| COMCTL32.DLL!GetEffectiveClientRect Calculates client area dimensions for specified controls- focusing on visual rectangle management. System Information and Control | |
| GDI32FULL.DLL!SetBoundsRect Manages the accumulation of bounding rectangles in device contexts for graphics operations. System Information and Control | |
| USER32.DLL!ReplyMessage Allows a thread to respond to messages sent via SendMessage- affecting message processing flow. Process and Thread Management | |
| IUserNotification::PlaySound Plays a sound associated with notifications using a specified sound file or system default. System Information and Control | |
| OLEAUT32.DLL!HWND_UserUnmarshal64 This function is related to marshaling window handle data- indicating it handles operation on windows graphics. Process and Thread Management | |
| OLEAUT32.DLL!VarUI2FromI4 Converts a long integer to an unsigned short value- impacting data representation in memory. Memory Management | |
| KERNEL32.DLL!SetThreadLocale Sets the locale for the calling thread- influencing how culturally specific data is processed. System Information and Control | |
| GDI32FULL.DLL!EnumFontFamiliesA Enumerates available fonts based on specified family name in a device context. System Information and Control | |
| USER32.DLL!DdeSetUserHandle Associates a user-defined value with a conversation handle to manage asynchronous transactions. System Information and Control | |
| SECHOST.DLL!AuditEnumerateCategories This function retrieves available audit-policy categories- providing system security information. System Information and Control | |
| KERNEL32.DLL!LeaveCriticalSectionWhenCallbackReturns This function manages thread synchronization by specifying critical sections to release after callback completion. Process and Thread Management | |
| KERNEL32.DLL!SetProcessDefaultCpuSetMasks Establishes CPU Sets assignment for threads in a specified process- managing process-level thread allocation. Process and Thread Management | |
| COMCTL32.DLL!ImageList_Add This function adds images to an image list- related to UI elements rather than security. File Operations | |
| SECHOST.DLL!StartTraceW Starts an event tracing session for logging system events. System Information and Control | |
| KERNEL32.DLL!FatalExit Transfers control to the debugger- primarily for debugging purposes. System Information and Control | |
| KERNEL32.DLL!DuplicateHandle Duplicates an object handle between processes- allowing interprocess handle management. Process and Thread Management | |
| GDI32FULL.DLL!AngleArc Draws a line segment and an arc using a device context- manipulating graphics rather than system resources. System Information and Control | |
| KERNEL32.DLL!UnregisterApplicationRestart Removes an application's instance from the restart list- indicating process management. Process and Thread Management | |
| GDI32FULL.DLL!InvertRgn Inverts colors in a specified region of a device context on the screen. System Information and Control | |
| OLE32.DLL!CoRegisterClassObject Registers an EXE class object to allow inter-application communication via OLE. Process and Thread Management | |
| KERNEL32.DLL!GetIoRingInfo Retrieves API version and queue sizes of an I/O ring- relating to I/O operations. File Operations | |
| WINMMBASE.DLL!midiOutSetVolume Sets the volume of a MIDI output device through specified parameters. File Operations | |
| USER32.DLL!GetClassInfoA Retrieves information about a window class- including its properties and associated functions. System Information and Control | |
| USER32.DLL!TranslateMessage Translates virtual-key messages into character messages for the thread's message queue. Process and Thread Management | |
| GDI32FULL.DLL!GetRegionData This function retrieves data about a GDI region- including dimensions- hence related to System Information. System Information and Control | |
| GDI32FULL.DLL!GetEnhMetaFileHeader Retrieves the header record for an enhanced metafile- which includes size and dimensions data. File Operations | |
| KERNEL32.DLL!CreateMailslotA Creates a mailslot for interprocess communication and returns a handle for future operations. Network Operations | |
| SECHOST.DLL!OpenTraceW Opens an ETW trace processing handle for consuming events from real-time sessions or log files. System Information and Control | |
| KERNEL32.DLL!EnumResourceNamesW Enumerates resource names from binary modules- indicating operations related to resource management. System Information and Control | |
| KERNEL32.DLL!VirtualFreeEx Releases or decommits memory within a specified process's virtual address space. Memory Management | |
| CRYPTSP.DLL!CryptDeriveKey Generates cryptographic session keys from a base data value- ensuring secure key creation. Cryptographic Operations | |
| KERNEL32.DLL!DebugSetProcessKillOnExit This function sets actions for a thread when it exits- impacting debugging operations. Process and Thread Management | |
| USER32.DLL!DrawIconEx Draws an icon or cursor to a device context- performing raster operations. System Information and Control | |
| ADVAPI32.DLL!EnumerateTraceGuids Retrieves information about event trace providers currently running on the computer. System Information and Control | |
| KERNEL32.DLL!FindResourceExA This function locates resources in executable modules- aiding in resource manipulation. DLL Injection and Manipulation | |
| USER32.DLL!PhysicalToLogicalPoint Converts physical coordinates of a point in a window to logical coordinates. System Information and Control | |
| KERNEL32.DLL!TzSpecificLocalTimeToSystemTimeEx Converts local time to UTC considering daylight saving time settings. System Information and Control | |
| OLE32.DLL!ObjectStublessClient19 This function is part of the COM proxy infrastructure- enabling remote procedure calls. Process and Thread Management | |
| OLE32.DLL!CoUninitialize Closes the COM library- unloads DLLs- and frees resources on the current thread. Process and Thread Management | |
| KERNEL32.DLL!EnumTimeFormatsA Enumerates available time formats for a specified locale- reflecting system information for date/time settings. System Information and Control | |
| USER32.DLL!SendMessageTimeoutW Sends specified messages to windows- potentially blocking or timing out based on conditions. Process and Thread Management | |
| RPCRT4.DLL!NdrConformantArrayMarshall Marshals a conformant array into a network buffer for remote procedure calls. Network Operations | |
| KERNEL32.DLL!WinExec Runs a specified application- impacting process creation and management. Process and Thread Management | |
| SHLWAPI.DLL!PathUndecorateA This function modifies a path string by removing decorations- typically related to file naming conventions. File Operations | |
| SHELL32.DLL!StgMakeUniqueName This function creates a unique name for storage objects- indicating it handles file system-related operations. File Operations | |
| USER32.DLL!CharLowerW Converts strings or characters to lowercase- modifying the original data in memory. Memory Management | |
| OLEAUT32.DLL!VarR8FromUI1 This function converts data types- which is related to memory handling. Memory Management | |
| KERNEL32.DLL!FindFirstFileA Searches a directory for a file or subdirectory based on a specified name or pattern. File Operations | |
| OLEAUT32.DLL!VarDecFromI1 Converts a char value to a decimal value- dealing with data types and conversion processes. Memory Management | |
| IPropertyPageSite::TranslateAccelerator Processes keystrokes by passing them to a property frame. Hooking and Interception | |
| KERNELBASE.DLL!MakeSelfRelativeSD Converts an absolute security descriptor to self-relative format for easier management and transmission. System Information and Control | |
| KERNEL32.DLL!GetNativeSystemInfo Retrieves system information for applications running under WOW64. System Information and Control | |
| USER32.DLL!SystemParametersInfoForDpi Retrieves system-wide parameters adjusted for DPI- modifying display metrics based on user settings. System Information and Control | |
| OLE32.DLL!CLIPFORMAT_UserSize This function calculates the wire size and data for the CLIPFORMAT object- involved in data marshaling. Memory Management | |
| WSOCK32.DLL!WSAAsyncSelect The function requests notification of network events for a socket- signaling through messages. Network Operations | |
| WS2_32.DLL!WSCGetApplicationCategory This function retrieves LSP categories for applications- interacting with network protocols. Network Operations | |
| GDI32FULL.DLL!WidenPath Redefines the current path for painting in a device context. Memory Management | |
| OLEAUT32.DLL!SafeArrayPutElement Stores a data element at a specific index in a SafeArray; involves memory management operations. Memory Management | |
| OLE32.DLL!ObjectStublessClient26 Stub function for COM proxies used in marshalling interfaces. DLL Injection and Manipulation | |
| RPCRT4.DLL!RpcNsBindingInqEntryNameA Retrieves the entry name from which a binding handle was obtained from the name-service database. Network Operations | |
| KERNEL32.DLL!CreateHardLinkTransactedW Establishes a hard link between an existing and a new file- involving file-based operations. File Operations | |
| OLE32.DLL!HMENU_UserMarshal64 This function marshals a HMENU into the RPC buffer for remote procedure calls. DLL Injection and Manipulation | |
| KERNEL32.DLL!RemoveVectoredExceptionHandler This function unregisters an exception handler- impacting how exceptions are handled in process execution. Process and Thread Management | |
| ADVAPI32.DLL!PerfQueryCounterSetRegistrationInfo Retrieves information about performance counter sets- including their identifiers and types. System Information and Control | |
| SHLWAPI.DLL!StrCpyNW Copies a number of characters from one string to another- potentially causing security issues if used incorrectly. Memory Management | |
| KERNEL32.DLL!CreateHardLinkW Establishes a hard link between an existing file and a new file using the NTFS file system. File Operations | |
| USER32.DLL!GetDlgItemTextA Retrieves the title or text from a dialog box control- interacting with window elements. System Information and Control | |
| RPCRT4.DLL!RpcBindingInqAuthClientExA This function retrieves authentication details and privileges of a client making an RPC call. Network Operations | |
| ADVAPI32.DLL!InitiateSystemShutdownExW Initiates a system shutdown and optionally reboots the computer or forcibly closes applications. System Information and Control | |
| RPCRT4.DLL!RpcMgmtInqDefaultProtectLevel This function retrieves the default authentication level for an authentication service. System Information and Control | |
| USER32.DLL!DdeCreateDataHandle Creates and manages a DDE object for data exchange between applications- involving memory allocation. Memory Management | |
| WINDOWS.STORAGE.DLL!SHGetTemporaryPropertyForItem Retrieves temporary properties for a specified IShellItem- which are not permanently stored. File Operations | |
| ADVAPI32.DLL!UnlockServiceDatabase Releases a lock on a service control manager database- related to service management. System Information and Control | |
| SHLWAPI.DLL!AssocQueryKeyW Retrieves a key from the registry related to file/protocol associations. Registry Operations | |
| KERNEL32.DLL!RegisterWaitUntilOOBECompleted Registers a callback to be executed once the OOBE process completes- managing the waiting state. Process and Thread Management | |
| operator/ Performs division on components of XMVECTOR instances- resulting in a new XMVECTOR. Memory Management | |
| WINMMBASE.DLL!waveInAddBuffer Sends an input buffer to a waveform-audio input device and notifies when filled. File Operations | |
| SECHOST.DLL!GetServiceDisplayNameW Retrieves the display name of a specified Windows service using its service name. Registry Operations | |
| OLE32.DLL!CoTestCancel Detects if a server call has been canceled by the client- managing pending operations. Process and Thread Management | |
| RPCRT4.DLL!NdrInterfacePointerFree This function releases an interface pointer associated with RPC- managing memory effectively. Memory Management | |
| WINDOWS.STORAGE.DLL!DragQueryFileW Retrieves names of files from drag-and-drop operations- facilitating file management tasks. File Operations | |
| USER32.DLL!BroadcastSystemMessageExA Sends messages to specified recipients- including applications and drivers in the system. Network Operations | |
| GDI32FULL.DLL!GetTextExtentPoint32W Computes dimensions of a text string in logical units. System Information and Control | |
| SHELL32.DLL!SHStartNetConnectionDialogW Displays a dialog for connecting to network resources- involving network operations. Network Operations | |
| SHLWAPI.DLL!PathIsPrefixW Determines if a given path starts with a specified prefix. File Operations | |
| SHCORE.DLL!IStream_ReadStr This function reads data from a stream and outputs it into a string- involving file interaction. File Operations | |
| SHLWAPI.DLL!PathStripPathA This function removes the path from a full file path- indicating file manipulation. File Operations | |
| KERNEL32.DLL!EndUpdateResourceA Commits or discards updates to resources- thus handling file modifications related to resources. File Operations | |
| KERNEL32.DLL!RegEnumKeyExW This function enumerates subkeys of a specified open registry key. Registry Operations | |
| KERNEL32.DLL!FreeMemoryJobObject This function frees memory allocated for job objects- relating to memory management tasks. Memory Management | |
| ADVAPI32.DLL!OpenBackupEventLogW Opens a handle to a backup event log- which involves file access operations. File Operations | |
| OLEAUT32.DLL!OleLoadPictureFileEx Loads a picture from a file- requiring the file path as a parameter. File Operations | |
| KERNEL32.DLL!SetThreadInformation This function modifies attributes of a specific thread- including memory priority and power throttling settings. Process and Thread Management | |
| SECHOST.DLL!CredFindBestCredentialW Searches for the best matching generic credentials in the Credentials Management database. Registry Operations | |
| GDI32FULL.DLL!PlayMetaFileRecord Plays a Windows-format metafile record by executing GDI functions- involving device contexts. System Information and Control | |
| OLEAUT32.DLL!VarBstrFromUI8 Converts an unsigned integer to a BSTR value for use in automation. Memory Management | |
| MANAGECI.DLL!GetTokenInformation Retrieves information about an access token- related to user permissions and security context. System Information and Control | |
| OLE32.DLL!StgCreatePropStg Creates and opens a property set in storage or stream- managing data related to properties. File Operations | |
| GDI32FULL.DLL!CreateCompatibleBitmap This function creates a bitmap compatible with a device context- involving graphics memory operations. Memory Management | |
| USER32.DLL!GetInputState Checks the presence of mouse or keyboard messages in the current thread's queue. System Information and Control | |
| KERNEL32.DLL!MapUserPhysicalPagesScatter Maps physical memory pages in an AWE region- managing virtual memory address translations. Memory Management | |
| OLEAUT32.DLL!OleCreatePictureIndirect Creates a picture object based on a PICTDESC structure- initializing graphics resources. Memory Management | |
| KERNEL32.DLL!PackageIdFromFullName Retrieves the ID for a specified package's full name- managing app identity information. System Information and Control | |
| KERNEL32.DLL!TryEnterCriticalSection Attempts to enter a critical section for thread synchronization without blocking other threads. Process and Thread Management | |
| USER32.DLL!SetUserObjectInformationA Modifies properties of desktop or window station objects- affecting their behavior and settings. System Information and Control | |
| KERNEL32.DLL!GetOverlappedResultEx Retrieves results of an overlapped I/O operation on files or devices with a timeout option. File Operations | |
| KERNEL32.DLL!QueueUserAPC2 Adds a user-mode asynchronous procedure call to a thread's APC queue for control over thread execution. Process and Thread Management | |
| ADVAPI32.DLL!GetTrusteeNameW Retrieves the trustee name from a TRUSTEE structure for access control. System Information and Control | |
| COMCTL32.DLL!ImageList_SetBkColor Changes the background color of an image list used in GUI applications. System Information and Control | |
| USER32.DLL!GetListBoxInfo This function retrieves information about a list box control- relevant to its display and item organization. System Information and Control | |
| USER32.DLL!GetWindowTextW Retrieves the text from a specified window's title bar or control- allowing interaction with window contents. System Information and Control | |
| ADVAPI32.DLL!LookupPrivilegeValueW Retrieves a locally unique identifier (LUID) for a privilege name on a specified system. System Information and Control | |
| WS2_32.DLL!WSANSPIoctl This function is used to make I/O control calls related to the Winsock namespace provider. Network Operations | |
| OLEAUT32.DLL!VARIANT_UserFree Frees resources on the server side when invoked by RPC- indicating memory cleanup. Memory Management | |
| OLE32.DLL!CStdStubBuffer2_Connect Connects server objects to stubs- facilitating remote procedure calls. Network Operations | |
| KERNEL32.DLL!ReadThreadProfilingData This function reads performance data associated with a thread- related to profiling operations. Process and Thread Management | |
| RPCRT4.DLL!CStdStubBuffer_IsIIDSupported It checks support for a specific Interface Identifier (IID) in RPC stub buffers. System Information and Control | |
| KERNEL32.DLL!SetThreadErrorMode Controls how error handling is managed for a thread- affecting process behavior on critical errors. System Information and Control | |
| KERNEL32.DLL!CreateDirectoryA Creates a new directory- applying specified security attributes if the file system supports it. File Operations | |
| ADVAPI32.DLL!RegSaveKeyA Saves a specified registry key and its subkeys/values to a file. Registry Operations | |
| KERNEL32.DLL!QueryIdleProcessorCycleTimeEx Retrieves cycle time for idle threads on logical processors- relating to processor performance. System Information and Control | |
| OLE32.DLL!CoGetStdMarshalEx This function creates a standard marshaler for COM objects- facilitating inter-process communication. Process and Thread Management | |
| KERNEL32.DLL!GetFileAttributesW Retrieves file system attributes for a specified file or directory. File Operations | |
| SHLWAPI.DLL!AssocQueryStringW Retrieves file or protocol association strings from the registry based on input parameters. Registry Operations | |
| GDI32FULL.DLL!CreateEllipticRgnIndirect Creates an elliptical region based on a defined bounding rectangle. System Information and Control | |
| KERNELBASE.DLL!PerfStopProvider Frees resources and deregisters performance counter providers from the system. System Information and Control | |
| USER32.DLL!LockWindowUpdate Disables or enables drawing in a specified window- ensuring controlled visual feedback. System Information and Control | |
| SECHOST.DLL!LsaRemoveAccountRights Removes privileges from an account- influencing security permissions. System Information and Control | |
| KERNELBASE.DLL!EventProviderEnabled Determines if an event provider should generate a specific event based on its level and keyword. System Information and Control | |
| KERNEL32.DLL!CreateMutexW Creates or opens a mutex object that manages access between threads or processes. Process and Thread Management | |
| KERNEL32.DLL!InitializeSynchronizationBarrier Initializes a synchronization barrier for thread management in concurrent programming. Process and Thread Management | |
| GDI32FULL.DLL!GetCharWidthW Retrieves widths of characters in a specified range from the current font- primarily related to graphical display. System Information and Control | |
| GDI32FULL.DLL!ScriptShape Generates glyphs and visual attributes for a Unicode run- related to text shaping operations. System Information and Control | |
| SHELL32.DLL!GetFileNameFromBrowse Creates an Open dialog box for users to select a file to open. File Operations | |
| SECHOST.DLL!CredGetTargetInfoW Retrieves known target name information for a specified target computer- aiding authentication processes. System Information and Control | |
| KERNEL32.DLL!SetFileAttributesW Sets file or directory attributes in the file system. File Operations | |
| OLE32.DLL!ObjectStublessClient29 This function serves as a stub for COM proxies- facilitating marshalling via RPC. System Information and Control | |
| SHLWAPI.DLL!PathBuildRootW Constructs a root path from a specified drive number- focusing on file location management. File Operations | |
| GDI32.DLL!FONTOBJ_pQueryGlyphAttrs Returns information about font glyphs- specifically for rotation in vertical fonts. System Information and Control | |
| KERNEL32.DLL!Wow64GetThreadSelectorEntry Retrieves a descriptor table entry for a specified selector in a WOW64 thread. System Information and Control | |
| USER32.DLL!DragDetect Tracks mouse movement while dragging- capturing user input actions. Hooking and Interception | |
| KERNEL32.DLL!GetCommProperties Retrieves configuration settings for a communications device- indicating interaction with device properties. System Information and Control | |
| USER32.DLL!AttachThreadInput Attaches input processing of one thread to another- allowing shared input state management. Process and Thread Management | |
| ADVAPI32.DLL!GetExplicitEntriesFromAclA Retrieves access control entries (ACEs) from an access control list (ACL). Registry Operations | |
| GDI32.DLL!ResetDCW Updates a printer context based on new device information- primarily related to device graphics settings. System Information and Control | |
| WINMMBASE.DLL!midiOutPrepareHeader Prepares a MIDI buffer for output- interacting with system hardware. Process and Thread Management | |
| OLEAUT32.DLL!VarI4FromI2 Converts a short value to a long value- involving type conversion operations. Memory Management | |
| USER32.DLL!PhysicalToLogicalPointForPerMonitorDPI Converts physical coordinates in a window to logical coordinates based on DPI awareness. System Information and Control | |
| OLEAUT32.DLL!VarDecFromUI8 Converts an 8-byte unsigned integer to a decimal value- involving type conversion operations. System Information and Control | |
| SECHOST.DLL!RegisterServiceCtrlHandlerExW Registers a function to handle extended service control requests- connecting services with the control dispatcher. Process and Thread Management | |
| KERNEL32.DLL!AreFileApisANSI Determines the character set code page for file I/O functions in a process. File Operations | |
| SHLWAPI.DLL!PathUnmakeSystemFolderW Removes system folder attributes from an existing folder in the file system. File Operations | |
| USER32.DLL!GetMenuStringW Copies menu item text to a buffer based on menu handle and identifier. File Operations | |
| KERNEL32.DLL!BuildCommDCBA Fills a DCB structure with values from a device-control string for serial port configuration. System Information and Control | |
| KERNEL32.DLL!GetTimeFormatA Formats time as a string based on locale- utilizing system time settings. System Information and Control | |
| WSOCK32.DLL!WSACancelAsyncRequest Cancels an incomplete asynchronous operation in network communication. Network Operations | |
| OLE32.DLL!HMENU_UserFree64 Frees server-side resources utilized by Remote Procedure Calls (RPC). Memory Management | |
| OLEAUT32.DLL!VarUI8FromStr Converts a string to an unsigned integer value- involving data type transformation. Memory Management | |
| RPCRT4.DLL!RpcEpRegisterNoReplaceA Registers server-address information with the local endpoint-map database for remote procedure calls. Network Operations | |
| SHLWAPI.DLL!StrCSpnIW Searches for the first occurrence of specified characters in a string- a utility for string manipulation. System Information and Control | |
| ADVAPI32.DLL!BuildSecurityDescriptorA Allocates and initializes a security descriptor- managing access control information. Registry Operations | |
| COMCTL32.DLL!DPA_LoadStream Loads a dynamic pointer array from a stream- involving stream operations and callback interactions. File Operations | |
| RPCRT4.DLL!NdrProxyGetBuffer This function obtains a network buffer- involved in network operations via RPC. Network Operations | |
| USER32.DLL!GetMenuItemInfoW Retrieves properties of a menu item- impacting how menus operate in applications. System Information and Control | |
| KERNEL32.DLL!RtlAddFunctionTable This function adds a dynamic function table for stack unwinding in applications. Process and Thread Management | |
| OLE32.DLL!IsEqualGUID Determines if two GUIDs are equal- essential for object and interface identification in COM. System Information and Control | |
| OLE32.DLL!CoIsHandlerConnected Determines connection status of a remote object to an in-process object. Network Operations | |
| KERNEL32.DLL!GetThreadPriorityBoost Retrieves the priority boost control state for a specified thread- indicating thread management behavior. Process and Thread Management | |
| RPCRT4.DLL!RpcUserFree Responsible for freeing resources allocated by RPC calls- influencing memory management. Memory Management | |
| USER32.DLL!CalculatePopupWindowPosition Determines the position of a pop-up window based on specified parameters. System Information and Control | |
| GDI32FULL.DLL!GetCharABCWidthsW Retrieves character widths from the current TrueType font in logical units. System Information and Control | |
| COMCTL32.DLL!ImageList_BeginDrag Begins a drag operation for an image from an image list. Process and Thread Management | |
| SECHOST.DLL!AuditEnumeratePerUserPolicy This function retrieves user auditing policy details- relating to system security management. System Information and Control | |
| CRYPTSP.DLL!CryptGetProvParam Retrieves parameters from a cryptographic service provider. Cryptographic Operations | |
| GDI32FULL.DLL!DeleteColorSpace Removes and destroys a specified color space based on the provided handle. Memory Management | |
| KERNEL32.DLL!RegCloseKey Closes a handle to a specified registry key- thus managing registry resources. Registry Operations | |
| CRYPTSP.DLL!CryptEnumProviderTypesW Retrieves types of cryptographic service providers (CSP) on the computer- facilitating cryptographic operations. Cryptographic Operations | |
| SHELL32.DLL!SHAlloc Allocates memory from the Shell's heap for application use. Memory Management | |
| GDI32FULL.DLL!GetICMProfileA Retrieves the file name of the current output color profile for a specified device context. System Information and Control | |
| KERNEL32.DLL!FindFirstVolumeA Retrieves the name of a volume on a computer to begin scanning volumes. File Operations | |
| USER32.DLL!WinHelpW Launches Windows Help with specified commands and additional data for the help requested by the application. System Information and Control | |
| GDI32FULL.DLL!GetOutlineTextMetricsW Retrieves metrics for TrueType fonts- focusing on font characteristics rather than file or memory management. System Information and Control | |
| KERNEL32.DLL!GetCurrentPackageFullName Retrieves the full name of the calling process's package- providing identity information. System Information and Control | |
| KERNEL32.DLL!InitOnceInitialize Initializes a structure for one-time initialization- ensuring safe execution in multi-threading contexts. Process and Thread Management | |
| RPCRT4.DLL!RpcServerCompleteSecurityCallback Completes an asynchronous security callback related to RPC- affecting access permissions of server calls. System Information and Control | |
| VERTDLL.DLL!NtDeviceIoControlFile Manages device I/O operations and communication with device drivers associated with open file handles. File Operations | |
| KERNEL32.DLL!ReadDirectoryChangesW Monitors specified directories for changes to files and subdirectories. File Operations | |
| KERNEL32.DLL!SetProcessAffinityUpdateMode This function sets whether a process can dynamically update its processor affinity. Process and Thread Management | |
| KERNEL32.DLL!EnumDateFormatsExW Enumerates date formats for specific locales- focusing on internationalization rather than file or network functions. System Information and Control | |
| USER32.DLL!WindowFromDC Retrieves a handle to the window associated with a specified display device context. System Information and Control | |
| ADVAPI32.DLL!TreeResetNamedSecurityInfoA Resets security information for specified objects- indicating management of file and registry security. Registry Operations | |
| GDI32FULL.DLL!GetTextExtentExPointW Retrieves character fit and extents within a specified string- focusing on graphics operations. System Information and Control | |
| SHCORE.DLL!SHOpenRegStreamW Opens a registry value and provides a stream for reading/writing- involving registry operations. Registry Operations | |
| SHLWAPI.DLL!UrlUnescapeA Converts escape sequences back into ordinary characters from a URL. Network Operations | |
| KERNEL32.DLL!ContinueDebugEvent It enables a debugger to continue a thread that reported a debugging event- impacting process execution. Process and Thread Management | |
| SHLWAPI.DLL!PathRemoveFileSpecA Removes the trailing file name from a path. File Operations | |
| RPCRT4.DLL!RpcSsGetThreadHandle This function returns a thread handle for managing memory in the stub environment. Process and Thread Management | |
| GDI32.DLL!EngTransparentBlt Provides bit-block transfer capabilities with transparency for graphics operations. File Operations | |
| COMCTL32.DLL!CreatePropertySheetPageA Creates a new page for a property sheet- impacting UI controls and display. System Information and Control | |
| KERNELBASE.DLL!DuplicateTokenEx Creates a new access token that duplicates an existing token for impersonation or primary use. Process and Thread Management | |
| USER32.DLL!ShowWindowAsync Sets the visibility state of a window asynchronously- affecting user interface operations. Process and Thread Management | |
| OLEAUT32.DLL!VarDecAbs Retrieves the absolute value of a decimal variant- focusing on value manipulation rather than file or network operations. Memory Management | |
| SHLWAPI.DLL!PathSearchAndQualifyA Verifies if a given path is formatted correctly and fully qualified. File Operations | |
| USER32.DLL!CheckDlgButton Changes the check state of a button control- modifying dialog box interface elements. System Information and Control | |
| Graphics::GetNearestColor Retrieves the nearest color from a palette- involving graphical color management. System Information and Control | |
| OLE32.DLL!CoRevokeMallocSpy Revokes a registered IMallocSpy object- managing memory allocation tracking. Memory Management | |
| KERNEL32.DLL!GetAppContainerAce Retrieves a value indicating the presence of an AppContainer capability SID. Security Information and Control | |
| OLE32.DLL!CoAllowUnmarshalerCLSID This function adds an unmarshaler CLSID to a process's allowed list- impacting unmarshaling policy control. DLL Injection and Manipulation | |
| RPCRT4.DLL!RpcServerRegisterAuthInfoA Registers authentication information for remote procedure calls with the RPC runtime library. Network Operations | |
| KERNEL32.DLL!CreateFileW Creates or opens files or I/O devices- returning a handle for reading/writing operations. File Operations | |
| KERNEL32.DLL!CreateToolhelp32Snapshot Takes a snapshot of processes- heaps- modules- and threads in the system. System Information and Control | |
| OLEAUT32.DLL!VarDecFix Retrieves the integer portion from a decimal variant- manipulating data within a variant structure. Memory Management | |
| USER32.DLL!ShutdownBlockReasonDestroy Frees the reason string for blocking shutdown- indicating system control operations. System Information and Control | |
| KERNEL32.DLL!GetCompressedFileSizeTransactedA Retrieves disk storage size of a specified file during a transacted operation. File Operations | |
| KERNEL32.DLL!WerUnregisterMemoryBlock This function unregisters a memory block for Windows Error Reporting- managing memory associated with error data. Memory Management | |
| KERNEL32.DLL!CreateWaitableTimerExW Creates or opens a waitable timer object for synchronization among processes. Process and Thread Management | |
| KERNEL32.DLL!WriteProfileSectionW Writes specified keys and values to the Win.ini file- replacing existing ones. Registry Operations | |
| OLEAUT32.DLL!VarCyRound Rounds currency variants; involved in data manipulation. Memory Management | |
| USER32.DLL!SetAdditionalForegroundBoostProcesses Boosts priority of multiple processes in relation to a top-level window's foreground status. Process and Thread Management | |
| WINDOWS.STORAGE.DLL!SHAssocEnumHandlersForProtocolByApplication Retrieves handlers associated with a specified protocol- enabling interaction with protocol interfaces. System Information and Control | |
| KERNEL32.DLL!SetLocalTime Sets the current local time and date on the system. System Information and Control | |
| SHELL32.DLL!ILCreateFromPathW Creates an ITEMIDLIST structure from a file path- indicating file operations. File Operations | |
| KERNEL32.DLL!Heap32Next Retrieves information about the next block of a heap allocated by a process. Memory Management | |
| GDI32.DLL!XLATEOBJ_iXlate Translates a color index from source to destination palettes- which involves graphic resource management. Memory Management | |
| KERNEL32.DLL!IsBadStringPtrA This function checks read access to a specified memory range in the calling process. Memory Management | |
| KERNEL32.DLL!MapViewOfFileExNuma Maps a view of a file mapping into the address space of a calling process. Memory Management | |
| OLE32.DLL!NdrProxyForwardingFunction5 Stub function for COM proxies- facilitating interface marshaling in proxy DLLs. System Information and Control | |
| KERNEL32.DLL!GetNamedPipeServerProcessId Retrieves a server process identifier for a named pipe- indicating network or IPC communication. Network Operations | |
| ADVAPI32.DLL!InitiateSystemShutdownA Initiates shutdown or restart of specified computer- requiring necessary privileges to execute. System Information and Control | |
| COMCTL32.DLL!FlatSB_GetScrollProp Retrieves properties of a flat scroll bar for a specific window. System Information and Control | |
| OLEAUT32.DLL!HWND_UserFree This function pertains to user interface elements- specifically freeing window handles. Process and Thread Management | |
| SHLWAPI.DLL!PathSearchAndQualifyW This function checks if a file path is properly formatted and fully qualified. File Operations | |
| OLEAUT32.DLL!VarR4FromI2 Converts a short value to a float value- indicating data manipulation. Memory Management | |
| KERNEL32.DLL!RaiseException This function raises an exception in the current thread- thus managing error handling. Process and Thread Management | |
| USER32.DLL!CreateIconFromResourceEx Creates icons or cursors from resource bits- primarily for UI representation. System Information and Control | |
| KERNEL32.DLL!WaitForMultipleObjects Waits for multiple synchronization objects to change state- managing their signaling efficiently. Process and Thread Management | |
| OLEAUT32.DLL!VarDecFromR8 Converts a double value to a decimal value- indicating data type manipulation. Memory Management | |
| USER32.DLL!EmptyClipboard Empties the clipboard and frees handles to clipboard data. It manages clipboard ownership. System Information and Control | |
| GDI32FULL.DLL!GetDIBits Retrieves bitmap data and copies it into a buffer in a specific format. File Operations | |
| SHLWAPI.DLL!StrChrNIW Searches a string for a specified character with case insensitivity. System Information and Control | |
| KERNEL32.DLL!SetThreadGroupAffinity Adjusts which processor group a thread can execute on- managing thread affinities. Process and Thread Management | |
| OLE32.DLL!HBITMAP_UserSize Calculates the size and handles of HBITMAP objects for RPC marshaling- related to memory handling. Memory Management | |
| KERNEL32.DLL!HeapAlloc Allocates a block of memory from a specified heap- managing memory allocation. Memory Management | |
| KERNEL32.DLL!HeapWalk Enumerates memory blocks within a heap- providing insight into memory usage. Memory Management | |
| OLE32.DLL!StgIsStorageFile This function checks if a disk file contains a storage object- linking to file system operations. File Operations | |
| USER32.DLL!GetMessageExtraInfo Retrieves extra message information for the current thread- associated with its message queue. System Information and Control | |
| SECHOST.DLL!ControlTraceA Manages event tracing sessions by flushing- querying- stopping- or updating trace properties. System Information and Control | |
| SHLWAPI.DLL!PathGetArgsW Extracts command line arguments from a specified path- useful for analyzing input parameters. File Operations | |
| KERNEL32.DLL!RtlVirtualUnwind Retrieves the invocation context for managing stack unwinding during function calls. Process and Thread Management | |
| KERNEL32.DLL!GetQueuedCompletionStatusEx Retrieves multiple I/O completion entries from a completion port- managing asynchronous file I/O operations. File Operations | |
| OLEAUT32.DLL!VarI1FromUI2 Converts an unsigned short value to a char value- managing type conversion. Memory Management | |
| GDI32FULL.DLL!GetBkMode Retrieves the background mix mode of a device context- related to drawing operations. System Information and Control | |
| SHLWAPI.DLL!StrCmpW Compares two strings case-sensitively to determine equality. Utilizes string manipulation for comparison. System Information and Control | |
| GDI32FULL.DLL!PolyPolygon The function draws polygons- involving graphic output management in device contexts. System Information and Control | |
| USER32.DLL!MapVirtualKeyExA Translates virtual-key codes to scan codes or character values- using locale identifiers for input language. System Information and Control | |
| KERNEL32.DLL!SetFilePointer Moves the file pointer within a specified file- enabling file read/write operations. File Operations | |
| KERNEL32.DLL!CreateHardLinkA Establishes a hard link between an existing file and a new file- managing files within the file system. File Operations | |
| OLEAUT32.DLL!SafeArrayCreate Allocates and initializes array data- crucial for managing memory resources in applications. Memory Management | |
| KERNEL32.DLL!CancelSynchronousIo Cancels pending synchronous I/O operations for a specified thread- impacting file operations. File Operations | |
| USER32.DLL!VkKeyScanExA Translates characters to virtual-key codes based on keyboard layout and input locale. System Information and Control | |
| KERNEL32.DLL!lstrcmpA Compares two null-terminated character strings in a case-sensitive manner. System Information and Control | |
| WSOCK32.DLL!gethostname Retrieves the standard host name for the local computer- essential for network identification. Network Operations | |
| KERNEL32.DLL!SetEventWhenCallbackReturns This function sets an event when a thread pool callback completes- relating to process/thread management. Process and Thread Management | |
| WINDOWS.STORAGE.DLL!SHGetKnownFolderPath Retrieves the full path of a known folder based on its identifier. File Operations | |
| OLEAUT32.DLL!VarBstrFromR8 Converts a double value to a BSTR value- handling locale and flags. Memory Management | |
| SHLWAPI.DLL!PathFindFileNameW This function searches and retrieves the file name from a given path. File Operations | |
| KERNEL32.DLL!InitializeProcThreadAttributeList Initializes an attribute list for creating processes and threads. Process and Thread Management | |
| OLEAUT32.DLL!BSTR_UserFree Frees resources allocated during RPC calls- managing server-side memory cleanup. Memory Management | |
| RPCRT4.DLL!RpcStringBindingParseA Parses a string representation of a binding handle into its component fields and UUID. Network Operations | |
| GDI32FULL.DLL!CreatePolyPolygonRgn This function creates a region with polygons- which falls under graphics-related operations. System Information and Control | |
| SHLWAPI.DLL!PathIsNetworkPathA Determines if a given path string is a network resource. Network Operations | |
| KERNEL32.DLL!LocalUnlock Decrements the lock count for a movable memory object- managing memory resources. Memory Management | |
| WINDOWS.STORAGE.DLL!ILGetNext Retrieves the next SHITEMID structure in an ITEMIDLIST- facilitating file management operations. File Operations | |
| RPCRT4.DLL!RpcEpRegisterW This function registers or updates server address information in the local endpoint-map database for RPC operations. Network Operations | |
| KERNEL32.DLL!GetNumaHighestNodeNumber Retrieves the node with the highest number in a NUMA topology. System Information and Control | |
| GDI32FULL.DLL!PatBlt Paints a rectangle in a device context using selected brush colors and raster operations. System Information and Control | |
| ICertRequest::GetCertificate This function retrieves a certificate- indicating it handles cryptographic operations. Cryptographic Operations | |
| KERNEL32.DLL!EscapeCommFunction Directs a communications device to perform specific extended functions- influencing transmission states. Network Operations | |
| ADVAPI32.DLL!RegOpenKeyW Opens a specified registry key- allowing access to configuration settings. Registry Operations | |
| KERNEL32.DLL!CreateSemaphoreA Creates or opens a semaphore object for synchronization control among threads and processes. Process and Thread Management | |
| SHELL32.DLL!SHGetPropertyStoreForWindow Retrieves a collection of properties for a specific window- allowing property querying and setting. System Information and Control | |
| KERNELBASE.DLL!SetAclInformation This function sets information about an access control list (ACL)- modifying security permissions. Registry Operations | |
| IRichEditOleCallback::GetClipboardData Allows specification of a custom clipboard object for copy/cut operations. File Operations | |
| GDI32FULL.DLL!SetWindowExtEx Sets the horizontal and vertical extents of a window for a device context- relating to graphical operations. System Information and Control | |
| ADVAPI32.DLL!GetTrusteeTypeA Retrieves the trustee type from a TRUSTEE structure- essential for access control in security management. System Information and Control | |
| OLE32.DLL!OleCreateFromData Creates an embedded object from clipboard or OLE drag-and-drop- indicating interface management. Process and Thread Management | |
| USER32.DLL!GetPointerTouchInfo Retrieves touch-based information for the specified pointer associated with the current pointer message. System Information and Control | |
| KERNEL32.DLL!GetLargePageMinimum Retrieves the minimum size of a large memory page- aiding in memory allocation optimizations. Memory Management | |
| USER32.DLL!SetWindowsHookExW Installs a hook procedure for monitoring events in the system- allowing DLL injection for processes. DLL Injection and Manipulation | |
| KERNEL32.DLL!ReleaseActCtx This function decrements the reference count of an activation context used in application assemblies. System Information and Control | |
| OLEAUT32.DLL!VarR8FromStr Converts an OLECHAR string to a double value based on locale settings. Cryptographic Operations | |
| KERNEL32.DLL!TransmitCommChar Sends a specified character to a communications device- manipulating device output. Network Operations | |
| KERNEL32.DLL!GetEnabledXStateFeatures Retrieves a bitmask of enabled processor features related to XState on x86/x64 systems. System Information and Control | |
| RPCRT4.DLL!RpcAsyncRegisterInfo This function is related to RPC (Remote Procedure Call) operations for asynchronous communication. Network Operations | |
| KERNEL32.DLL!timeGetDevCaps This function queries timer device capabilities- specifically its resolution for multimedia operations. System Information and Control | |
| RPCRT4.DLL!Ndr64AsyncClientCall This function relates to Remote Procedure Call (RPC) mechanisms. Network Operations | |
| OLE32.DLL!CStdStubBuffer2_Disconnect Disconnects a server object from the stub in RPC operations. Process and Thread Management | |
| SECHOST.DLL!QueryServiceConfigA Retrieves the configuration parameters for a specified service- accessing system service information. System Information and Control | |
| RPCRT4.DLL!IUnknown_QueryInterface_Proxy Implements the QueryInterface method for interface proxies- facilitating object interface retrieval. DLL Injection and Manipulation | |
| GDI32FULL.DLL!GetMetaFileA This function retrieves a handle to a metafile- emphasizing file manipulation. File Operations | |
| KERNEL32.DLL!GetProcessId Retrieves the process ID of the current connection in RemoteApp and Desktop Connection. Process and Thread Management | |
| OLE32.DLL!HBITMAP_UserUnmarshal Unmarshals an HBITMAP object from the RPC buffer- manipulating memory for object retrieval. Memory Management | |
| GDI32FULL.DLL!GetObjectA Retrieves information for the specified graphics object- such as fonts and bitmaps. System Information and Control | |
| KERNEL32.DLL!SetProcessWorkingSetSizeEx Adjusts the working set sizes for a specified process- influencing memory management behavior. Memory Management | |
| GDI32FULL.DLL!GetTextCharsetInfo Retrieves character set information from a specified device context related to font usage. System Information and Control | |
| KERNEL32.DLL!SetTapeParameters Configures block size or settings for a tape device. File Operations | |
| GDI32FULL.DLL!GetRgnBox Retrieves the bounding rectangle for a region- important in graphical operations. System Information and Control | |
| SHLWAPI.DLL!PathRelativePathToA Creates a relative path from one file or folder to another. File Operations | |
| OLE32.DLL!ObjectStublessClient25 This function is used in the implementation of COM proxies for managing object stubs. System Information and Control | |
| KERNEL32.DLL!CommConfigDialogW Displays a configuration dialog box for communication devices- allowing user input for device settings. User Interface Operations | |
| USER32.DLL!MonitorFromWindow Retrieves a handle to the display monitor intersecting with a specified window's rectangle. System Information and Control | |
| OLEAUT32.DLL!VarI2FromUI2 This function converts an unsigned short to a short value- relevant for memory and variable type management. Memory Management | |
| OLEAUT32.DLL!VariantCopy Copies the content of one variant to another- managing memory allocation and deallocation. Memory Management | |
| KERNEL32.DLL!DnsHostnameToComputerNameW Converts DNS host names to NetBIOS-style names for network identification. Network Operations | |
| OLEAUT32.DLL!VarR8FromCy Converts a currency value to a double value. Cryptographic Operations | |
| SHCORE.DLL!SHDeleteKeyW Deletes a subkey and all its descendants from the registry. Registry Operations | |
| KERNEL32.DLL!SetFileTime Modifies file creation- access- or modification timestamps- directly altering file metadata. File Operations | |
| OLEAUT32.DLL!VarR8FromBool Converts a Boolean value to a double- managing data types and conversions. Memory Management | |
| WINMMBASE.DLL!mmioDescend This function operates on chunks of a RIFF file- hence it manages file data operations. File Operations | |
| OLE32.DLL!CoGetSystemSecurityPermissions Retrieves machine-wide security permissions and descriptors for COM access and launch controls. System Information and Control | |
| OLE32.DLL!StgCreateDocfileOnILockBytes Creates and opens a compound file storage object using a byte-array object. File Operations | |
| CRYPTSP.DLL!CryptImportKey Transfers a cryptographic key from a key BLOB to a cryptographic service provider (CSP). Cryptographic Operations | |
| KERNEL32.DLL!GetPrivateProfileIntA Retrieves an integer value from an initialization file based on specified keys. Registry Operations | |
| OLE32.DLL!OleGetIconOfClass This function retrieves a metafile handle for an icon and label based on a specified CLSID. System Information and Control | |
| ITextDocument2::UpdateWindow Updates the client view when the underlying text object model changes. System Information and Control | |
| KERNEL32.DLL!FlsAlloc Allocates an index for fiber local storage used by threads within a process. Memory Management | |
| SHELL32.DLL!SHOpenPropSheetW Creates and opens a property sheet based on registry keys containing CLSIDs. Registry Operations | |
| CRYPTSP.DLL!CryptGenKey Generates a cryptographic session key or a key pair for encryption purposes. Cryptographic Operations | |
| USER32.DLL!SetCaretPos Moves the caret to specified screen coordinates for text input. System Information and Control | |
| USER32.DLL!RegisterClipboardFormatA Registers a new clipboard format for use- allowing applications to identify and use specific clipboard data types. System Information and Control | |
| WINDOWS.STORAGE.DLL!SHGetNameFromIDList This function retrieves the display name of an item identified by its IDList. File Operations | |
| KERNEL32.DLL!SetVolumeMountPointW Associates a volume with a drive letter or directory- indicating a file operation. File Operations | |
| RPCRT4.DLL!RpcSsContextLockExclusive This function allows exclusive access to a context handle- affecting thread management for RPC operations. Process and Thread Management | |
| KERNEL32.DLL!RegDeleteTreeA Deletes specified registry keys and their subkeys recursively. Registry Operations | |
| SHELL32.DLL!IsNetDrive Tests if a specified drive letter is a network drive. File Operations | |
| GDI32FULL.DLL!GetTextAlign Retrieves the text-alignment setting for a device context- related to GDI and rendering processes. Process and Thread Management | |
| SHLWAPI.DLL!StrDupA Duplicates a string and allocates memory for it. Memory Management | |
| RPCRT4.DLL!RpcBindingFree Releases binding-handle resources in RPC- managing memory used by connection handles. Memory Management | |
| ADVAPI32.DLL!CredRenameW This function renames a credential in the user's credential set- impacting credentials stored in the registry. Registry Operations | |
| OLE32.DLL!CoFreeLibrary Frees a specified library- managing DLL memory manually. DLL Injection and Manipulation | |
| KERNEL32.DLL!UpdateResourceW Updates resources in a PE file- involving additions- deletions- or replacements of resource data. File Operations | |
| SHLWAPI.DLL!StrCmpNIW Compares specified characters of two strings in a case-insensitive manner. System Information and Control | |
| OLEAUT32.DLL!VarFormatFromTokens Formats a variant value into a string based on a tokenized format- influencing how data is presented. Cryptographic Operations | |
| USER32.DLL!GetWindowThreadProcessId Retrieves the thread and process identifiers associated with a specified window handle. Process and Thread Management | |
| WINMMBASE.DLL!midiOutOpen Opens a MIDI output device for playback- establishing sound output operations. File Operations | |
| OLEAUT32.DLL!VarUI4FromStr Converts an OLECHAR string to an unsigned long- involving data transformation. Cryptographic Operations | |
| GDI32.DLL!STROBJ_bGetAdvanceWidths Retrieves widths of glyphs in a string for rendering purposes. System Information and Control | |
| KERNELBASE.DLL!GetSidIdentifierAuthority Retrieves a pointer to the SID_IDENTIFIER_AUTHORITY structure associated with a specified SID. System Information and Control | |
| WS2_32.DLL!WSAGetOverlappedResult Retrieves results of overlapping operations on sockets- determining the completion status. Network Operations | |
| USER32.DLL!ToUnicodeEx Translates virtual-key code and keyboard state to Unicode characters- involving keyboard input. System Information and Control | |
| KERNEL32.DLL!CreateBoundaryDescriptorA Creates a boundary descriptor for isolation purposes- often used in appcontainer processes. System Information and Control | |
| USER32.DLL!GetMessageTime Retrieves the timestamp of the last message retrieved- related to message queue operations. System Information and Control | |
| USER32.DLL!GetPointerFrameTouchInfoHistory Retrieves touch-based input frames associated with pointers- providing historical input data. Input Operations | |
| USER32.DLL!DrawEdge Draws edges of a rectangle- involving graphical operations on the display context. System Information and Control | |
| GDI32FULL.DLL!OffsetClipRgn Moves the clipping region of a device context using specified logical unit offsets. System Information and Control | |
| USER32.DLL!DdeConnect Establishes a conversation with a specified server for data exchange. Network Operations | |
| KERNEL32.DLL!GetCurrentThreadId Retrieves the thread identifier of the calling thread- essential for managing threads. Process and Thread Management | |
| OLE32.DLL!CoDosDateTimeToFileTime Converts MS-DOS time and date to Windows FILETIME structure- related to file timestamps. File Operations | |
| USER32.DLL!GrayStringW The GrayStringW function is used for rendering gray text in a specified area of a device context. System Information and Control | |
| USER32.DLL!FlashWindowEx Flashes a specified window to indicate it requires attention without changing its active state. System Information and Control | |
| GDI32FULL.DLL!CreateCompatibleDC This function creates a memory device context for graphic operations on devices. Memory Management | |
| SHCORE.DLL!SHQueryInfoKeyW Retrieves information about a specified registry key- including subkeys and value names. Registry Operations | |
| OLEAUT32.DLL!GetActiveObject This function retrieves a pointer to a running OLE object- involving object manipulation. DLL Injection and Manipulation | |
| KERNEL32.DLL!CreateDirectoryTransactedA Creates a new directory with specified attributes in a transactional context. File Operations | |
| WINMMBASE.DLL!mmTaskBlock The mmTaskBlock function is for multimedia task management- categorized under system control operations. System Information and Control | |
| OLEAUT32.DLL!VarUI2FromDisp Converts IDispatch instance property to unsigned short value- handling data types and memory usage. Memory Management | |
| OLE32.DLL!CLIPFORMAT_UserMarshal64 This function marshals a CLIPFORMAT object for remote procedure calls- facilitating data transfer. Memory Management | |
| GDI32FULL.DLL!RoundRect Draws a rectangle with rounded corners using GDI- primarily for graphical output. System Information and Control | |
| USER32.DLL!CreateDialogParamA Creates a modeless dialog box- involving window management operations for user interface. Process and Thread Management | |
| KERNEL32.DLL!InterlockedPushEntrySList Inserts an item into a linked list with synchronized access for multiple processors. Process and Thread Management | |
| OLEAUT32.DLL!VarBoolFromI8 Converts an 8-byte integer to a Boolean value- indicating data type manipulation. Memory Management | |
| WS2_32.DLL!InetNtopW Converts IPv4 or IPv6 addresses to string format- facilitating network-related operations. Network Operations | |
| USER32.DLL!DestroyCursor This function frees memory occupied by a specific cursor. Memory Management | |
| KERNEL32.DLL!EraseTape This function erases data on a tape device- performing file operation on tape storage. File Operations | |
| GDI32FULL.DLL!GdiAlphaBlend The GdiAlphaBlend function displays bitmaps with transparency- manipulating graphical output in device contexts. DLL Injection and Manipulation | |
| RPCRT4.DLL!RpcSmDisableAllocate This function frees resources and memory in the RPC memory-management environment. Memory Management | |
| COMCTL32.DLL!CreateToolbarEx Creates a toolbar window and manages its button configurations. Process and Thread Management | |
| OLEAUT32.DLL!VarUI8FromR4 Converts a float to an 8-byte unsigned integer- indicating data manipulation. Memory Management | |
| OLEAUT32.DLL!GetRecordInfoFromGuids This function retrieves interface info using GUIDs- related to type data management. System Information and Control | |
| ADVAPI32.DLL!BuildTrusteeWithObjectsAndSidA Initializes a TRUSTEE structure with ACL information for security management. Registry Operations | |
| KERNEL32.DLL!GetNumberFormatEx Formats a number string according to locale- ensuring proper representation of numeric data. System Information and Control | |
| KERNEL32.DLL!OpenThreadToken Opens the access token associated with a thread for security checks and management. Process and Thread Management | |
| GDI32FULL.DLL!GetCharWidthI Retrieves the widths of glyph indices from the current font- related to graphical device interface operations. System Information and Control | |
| RPCRT4.DLL!RpcSmFree Releases memory allocated by RpcSmAllocate. It manages memory cleaning in RPC applications. Memory Management | |
| RPCRT4.DLL!NdrOleFree NdrOleFree is a wrapper function for memory deallocation- specifically aimed at freeing allocated memory. Memory Management | |
| OLE32.DLL!StgGetIFillLockBytesOnILockBytes Creates a wrapper object on a byte array- involving file-like operations. File Operations | |
| ADVAPI32.DLL!GetAuditedPermissionsFromAclA Retrieves audited access rights for a trustee based on access control entries in an ACL. Registry Operations | |
| GDI32FULL.DLL!ColorMatchToTarget Previews colors as they appear on a target device; involves color management transformations. Memory Management | |
| USER32.DLL!DdeDisconnect Terminates DDE conversations and manages handles related to them- effectively controlling inter-process communication. Process and Thread Management | |
| KERNEL32.DLL!DebugActiveProcessStop Stops the debugger from debugging a specified process. Process and Thread Management | |
| KERNEL32.DLL!GetNumaAvailableMemoryNodeEx Retrieves the amount of available memory for a specified NUMA node. Memory Management | |
| SHLWAPI.DLL!SHMessageBoxCheckW Displays a message box with user options- saving preferences to the registry. Registry Operations | |
| OLE32.DLL!CoSwitchCallContext Switches call context objects for COM calls- enabling context management during inter-process communication. Process and Thread Management | |
| OLE32.DLL!HBITMAP_UserFree64 This function frees resources associated with RPC objects- indicating it involves memory management. Memory Management | |
| WS2_32.DLL!WSAAddressToStringA Converts sockaddr structure components to a human-readable address string- involving network address translation. Network Operations | |
| USER32.DLL!ShowCaret This function makes the caret visible on the screen- affecting user interface elements. System Information and Control | |
| WINMMBASE.DLL!mmTaskYield This function allows the thread to yield execution to other threads- managing the process and thread lifecycle. Process and Thread Management | |
| USER32.DLL!SetMenuDefaultItem Modifies the default menu item in the specified menu- relevant to user interface operations. System Information and Control | |
| RPCRT4.DLL!RpcMgmtEpUnregister This function removes server address information from an endpoint map. Network Operations | |
| WINDOWS.STORAGE.DLL!ILIsParent Determines if one ITEMIDLIST is the parent of another within the Windows Shell. System Information and Control | |
| OLEAUT32.DLL!VARIANT_UserFree64 Frees resources used by RPC- managing server-side data cleanup. Memory Management | |
| SHLWAPI.DLL!PathIsUNCA Validates if a given path string is a Universal Naming Convention (UNC) path. File Operations | |
| WINMMBASE.DLL!waveOutGetPitch Retrieves the current pitch setting for a waveform-audio output device- affecting audio playback characteristics. System Information and Control | |
| KERNEL32.DLL!SetThreadpoolTimer Sets a timer object for thread pool callbacks based on a specified timeout. Process and Thread Management | |
| WINDOWS.STORAGE.DLL!SHCLSIDFromString Converts a string representation of a CLSID to the actual CLSID format. System Information and Control | |
| SHLWAPI.DLL!StrChrW Searches a string for a character- categorizing as Memory Management due to string manipulation. Memory Management | |
| SHELL32.DLL!SHCreateDefaultPropertiesOp Sets default properties on Shell items- facilitating file operations in the Windows environment. File Operations | |
| RPCRT4.DLL!RpcObjectSetType This function assigns a type UUID to an object UUID for remote procedure calls. System Information and Control | |
| OLEAUT32.DLL!VarNeg Performs logical negation on a variant type- manipulating data values in memory. Memory Management | |
| KERNEL32.DLL!RegOpenUserClassesRoot Retrieves a handle to the HKEY_CLASSES_ROOT key for a specified user- accessing registry keys. Registry Operations | |
| OLEAUT32.DLL!VarCyFromUI8 Converts an unsigned integer to a currency value; involves data type manipulation. Cryptographic Operations | |
| USER32.DLL!PostMessageW Posts a message to a thread's message queue- facilitating inter-thread communication. System Information and Control | |
| NTDLL.DLL!RtlQueryDepthSList Retrieves the number of entries in a singly linked list. Memory Management | |
| USER32.DLL!DrawIcon Draws an icon into a specified device context for visual representation in the user interface. System Information and Control | |
| OLE32.DLL!CoRevertToSelf Restores thread authentication information after impersonation- crucial for security in thread management. Process and Thread Management | |
| CRYPTSP.DLL!CryptExportKey Exports cryptographic keys securely from a CSP- facilitating secure data exchange. Cryptographic Operations | |
| KERNEL32.DLL!SetProcessMitigationPolicy Configures security policies to protect the process from attacks- managing its behavior against vulnerabilities. System Information and Control | |
| WS2_32.DLL!inet_ntop Converts IPv4 or IPv6 addresses into string format for network communication. Network Operations | |
| KERNEL32.DLL!LZClose Closes a file opened with LZOpenFile- releasing associated resources. File Operations | |
| SHLWAPI.DLL!PathFindSuffixArrayW This function checks if a file name ends with specific suffixes. File Operations | |
| KERNEL32.DLL!GetPackageFamilyName Retrieves the package family name from AppxManifest.xml for package dependency analysis. System Information and Control | |
| KERNEL32.DLL!GetCurrentUmsThread Retrieves the user-mode scheduling context of the calling UMS thread for management purposes. Process and Thread Management | |
| GDI32FULL.DLL!CreatePatternBrush This function creates a logical brush using a specified bitmap pattern for drawing operations. File Operations | |
| RPCRT4.DLL!RpcServerUnregisterIfEx This function removes an interface from the RPC registry- managing context handles and registration. System Information and Control | |
| USER32.DLL!ChildWindowFromPoint This function determines which child window contains the specified point within a parent window. System Information and Control | |
| SHELL32.DLL!PathIsSlowA Determines whether a file path connects via a high-latency network- affecting file operation performance. Network Operations | |
| OLEAUT32.DLL!VarWeekdayName Returns a localized string of a weekday- primarily dealing with data representation. System Information and Control | |
| USER32.DLL!CreateAcceleratorTableA Creates an accelerator table for keyboard shortcuts in a Windows application. System Information and Control | |
| KERNEL32.DLL!DebugBreakProcess Triggers a breakpoint exception in the specified process to facilitate debugging. Process and Thread Management | |
| USER32.DLL!DefMDIChildProcW Processes window messages for MDI child windows not handled by the window procedure. Process and Thread Management | |
| WS2_32.DLL!WSACloseEvent Closes an open event object handle- releasing associated resources for network operations. Network Operations | |
| KERNEL32.DLL!WritePrivateProfileStringA This function writes a string to a specified section in an initialization file. File Operations | |
| GDI32FULL.DLL!GetObjectW Retrieves information for specified graphics objects- essential for graphic manipulation. System Information and Control | |
| ADVAPI32.DLL!LsaQueryForestTrustInformation Retrieves forest trust information from a TrustedDomain object within the Local Security Authority. System Information and Control | |
| OLEAUT32.DLL!VarUI8FromUI4 Converts an unsigned long to an 8-byte unsigned integer. Memory Management | |
| KERNEL32.DLL!GlobalGetAtomNameA Retrieves the character string associated with a global atom- affecting data representation. System Information and Control | |
| GDI32FULL.DLL!CreateFontIndirectW Creates a logical font using specified characteristics to be used in a device context. System Information and Control | |
| GDI32FULL.DLL!SetWindowOrgEx Sets the window origin for mapping logical coordinates to device coordinates. System Information and Control | |
| KERNEL32.DLL!SetXStateFeaturesMask Modifies context structure for managing XState features in CPU. Process and Thread Management | |
| KERNEL32.DLL!WritePrivateProfileStringW This function copies a string into a specified section of an initialization file- modifying file data. File Operations | |
| OLEAUT32.DLL!VarR4FromDate Converts a date value to a float value for automation tasks. Memory Management | |
| OLEAUT32.DLL!VarInt This function retrieves the integer value from a variant- implicating memory handling of variable data types. Memory Management | |
| KERNEL32.DLL!SetThreadPriorityBoost This function enables or disables thread priority boosting- affecting thread scheduling. Process and Thread Management | |
| KERNEL32.DLL!GetDriveTypeW Determines the type of disk drive (removable- fixed- etc.) based on specified parameters. File Operations | |
| SHELL32.DLL!SHMultiFileProperties Displays a property sheet for a set of files- showing common and differing attributes. File Operations | |
| SHLWAPI.DLL!PathIsContentTypeW This function determines and compares a file's registered content type against a specified content type. File Operations | |
| USER32.DLL!DeleteMenu Deletes an item from a menu- manipulating menu handles and freeing associated memory. DLL Injection and Manipulation | |
| USER32.DLL!ShutdownBlockReasonQuery Retrieves a reason string for shutdown blocking- indicating system information. System Information and Control | |
| USER32.DLL!DrawTextW Draws formatted text within a specified rectangle based on various formatting parameters. System Information and Control | |
| RPCRT4.DLL!I_RpcBindingInqLocalClientPID This function retrieves the process ID of the client- relating to process management. Process and Thread Management | |
| KERNEL32.DLL!SetProcessInformation Modifies attributes and settings associated with a process- affecting performance and resource management. Process and Thread Management | |
| GDI32FULL.DLL!RemoveFontResourceA This function removes fonts from the system font table- impacting file management of font resources. File Operations | |
| KERNEL32.DLL!GetCPInfoExA Retrieves information about installed or available code pages- relevant for internationalization. System Information and Control | |
| USER32.DLL!MenuItemFromPoint Determines if a menu item exists at a specified screen location. System Information and Control | |
| IServerSecurity::RevertToSelf Restores thread's authentication information post-impersonation- affecting security context management. Process and Thread Management | |
| SHLWAPI.DLL!UrlIsOpaqueA Determines if a given URL is opaque- which relates to URL handling and parsing. Network Operations | |
| GDI32FULL.DLL!CreateICW Creates an information context for a device- facilitating device information retrieval without creating a full device context. System Information and Control | |
| USER32.DLL!RedrawWindow Updates specific regions of a window's client area for repainting. Process and Thread Management | |
| SHLWAPI.DLL!UrlIsNoHistoryW Determines if a URL is excluded from browser navigation history. Network Operations | |
| KERNEL32.DLL!EnumDateFormatsW This function retrieves available date format information for a specified locale. System Information and Control | |
| USER32.DLL!ClientToScreen Converts client-area coordinates to screen coordinates for a specified window. System Information and Control | |
| USER32.DLL!SetWindowLongPtrA Changes an attribute or memory of a specified window- impacting its behavior. Hooking and Interception | |
| ADVAPI32.DLL!GetServiceDisplayNameA Retrieves the display name of a specified service using service control manager. Registry Operations | |
| USER32.DLL!SetPhysicalCursorPos Sets the cursor's position in physical coordinates on the screen. System Information and Control | |
| KERNEL32.DLL!PssFreeSnapshot This function frees a snapshot handle- which pertains to memory management of process snapshots. Memory Management | |
| WINMMBASE.DLL!mixerGetLineInfoA This function retrieves information about a specific line of a mixer device- related to audio device functionality. System Information and Control | |
| USER32.DLL!SetMenuInfo Modifies properties of a specified menu- affecting its appearance and behavior. System Information and Control | |
| KERNEL32.DLL!GetNamedPipeClientSessionId Retrieves the client session identifier for a named pipe instance- indicating process-level interaction. Process and Thread Management | |
| ADVAPI32.DLL!LookupAccountSidW Retrieves the account name and domain for a given security identifier (SID). System Information and Control | |
| SHLWAPI.DLL!StrFormatByteSizeA Converts numeric values into human-readable size strings for bytes and larger units. System Information and Control | |
| KERNELBASE.DLL!GetDynamicTimeZoneInformationEffectiveYears Gets a range of effective years for dynamic time zone information purposes. System Information and Control | |
| ADVAPI32.DLL!SetFileSecurityA Sets the security of a file or directory object- modifying access permissions. File Operations | |
| RPCRT4.DLL!RpcServerUnsubscribeForNotification This function unsubscribes the server from RPC notifications regarding specific server events. Network Operations | |
| RPCRT4.DLL!RpcMgmtEnableIdleCleanup This function enables closing idle resources like network connections in RPC- impacting network resource management. Network Operations | |
| OLE32.DLL!ObjectStublessClient8 Stub function for COM proxies allowing interfaces to be marshaled in proxy DLLs. DLL Injection and Manipulation | |
| WINMMBASE.DLL!midiInClose Closes the specified MIDI input device- releasing the handle to it. Process and Thread Management | |
| GDI32.DLL!ExtSelectClipRgn Combines specified region with current clipping region using modes like RGN_AND and RGN_OR. System Information and Control | |
| WINMMBASE.DLL!mmioSeek Changes the current file position in a file opened using mmioOpen. File Operations | |
| USER32.DLL!RegisterDeviceNotificationA Registers devices for notifications that will be sent to a specified window or service handle. System Information and Control | |
| KERNEL32.DLL!GetFullPathNameTransactedA Retrieves the full path and file name of a specified file using a transaction. File Operations | |
| USER32.DLL!IsCharAlphaA Determines if a character is alphabetical based on user's language settings. System Information and Control | |
| USER32.DLL!EnableNonClientDpiScaling Enables automatic scaling of non-client areas of a top-level window for high-DPI displays. System Information and Control | |
| KERNEL32.DLL!RegSaveKeyExA Saves a registry key and its subkeys to a file- involving operations with the Windows Registry. Registry Operations | |
| OLEAUT32.DLL!VarDecFromStr Converts a string to a decimal value based on specified locale settings. Cryptographic Operations | |
| KERNEL32.DLL!PostQueuedCompletionStatus This function posts I/O completion packets to an I/O completion port- primarily used for managing asynchronous I/O operations. Process and Thread Management | |
| KERNEL32.DLL!EnumResourceLanguagesExW Enumerates language-specific resources in binaries- enhancing resource accessibility and management. System Information and Control | |
| SHLWAPI.DLL!ColorAdjustLuma This function modifies the luminance of an RGB value but does not perform any file or network operations. System Information and Control | |
| USER32.DLL!SwitchToThisWindow Changes focus to a designated window- thus managing window display and order. Process and Thread Management | |
| OLEAUT32.DLL!VarR8FromDisp Converts a property's representation in memory to a double value- related to memory management. Memory Management | |
| WS2_32.DLL!WSARecvDisconnect Terminates socket reception while retrieving disconnect data- categorizing it under Network Operations due to socket handling. Network Operations | |
| KERNEL32.DLL!GetShortPathNameA Retrieves the short path form of a specified long path. File Operations | |
| WINMMBASE.DLL!waveInMessage Sends messages to waveform-audio input device drivers- facilitating audio input operations. Network Operations | |
| USER32.DLL!CreateCaret Creates a caret shape for a window- affecting its display context. System Information and Control | |
| SHLWAPI.DLL!ShellMessageBoxA Displays a message box with a specific title and message- allowing user interaction. System Information and Control | |
| GDI32FULL.DLL!CreateScalableFontResourceA Creates a font resource file for scalable fonts- involving file and directory handling. File Operations | |
| SECHOST.DLL!QueryAllTracesW Retrieves properties and statistics for all event tracing sessions available to the caller. System Information and Control | |
| GDI32FULL.DLL!ScriptGetLogicalWidths Converts glyph advance widths for fonts into logical widths for rendering purposes. Memory Management | |
| GDI32FULL.DLL!EngGetPrinterDataFileName Retrieves the string name of the printer's data file. File Operations | |
| WS2_32.DLL!WSAProviderConfigChange Notifies the application of changes in network provider configuration. Network Operations | |
| KERNEL32.DLL!GetCPInfo Retrieves information about installed or available code pages for character encoding. System Information and Control | |
| OLE32.DLL!HBITMAP_UserMarshal Marshals an HBITMAP object into the RPC buffer for inter-process communication. Process and Thread Management | |
| KERNEL32.DLL!QueryPerformanceCounter Retrieves high-resolution time stamps for time-interval measurements. System Information and Control | |
| SHELL32.DLL!SHGetSetFolderCustomSettings This function sets or retrieves custom folder settings- reading from and writing to Desktop.ini files. File Operations | |
| KERNEL32.DLL!GetVolumePathNamesForVolumeNameA Retrieves drive letters and paths for a specified volume- indicating file system operations. File Operations | |
| OLEAUT32.DLL!CreateTypeLib Creates a new type library file and provides access to the ICreateTypeLib interface. File Operations | |
| OLEAUT32.DLL!VarOr Performs logical operations on variants; involves no direct interaction with files or processes. System Information and Control | |
| OLE32.DLL!StringFromGUID2 Converts a GUID into a string format- useful for identifying components in COM applications. System Information and Control | |
| RPCRT4.DLL!RpcServerInqBindings This function retrieves binding handles for remote procedure calls- categorizing it under network operations. Network Operations | |
| OLE32.DLL!ReleaseStgMedium Frees memory associated with specified storage medium- primarily used in data transfer operations. Memory Management | |
| GDI32.DLL!XFORMOBJ_iGetXform This function downloads a transform to the driver- indicating it operates on display devices. System Information and Control | |
| ADVAPI32.DLL!SetUserFileEncryptionKey Sets the user's encryption key using a specified certificate for file encryption. Cryptographic Operations | |
| KERNEL32.DLL!GetThreadPriority Retrieves the priority value of a specified thread- affecting CPU scheduling. Process and Thread Management | |
| GDI32FULL.DLL!EnumMetaFile Enumerates records within a Windows-format metafile and processes them via a callback function. File Operations | |
| KERNEL32.DLL!QueryProtectedPolicy Queries the value associated with a protected policy for process-wide settings. System Information and Control | |
| OLEAUT32.DLL!VarR8FromUI8 Converts an unsigned integer to a double value for automation purposes. Memory Management | |
| KERNEL32.DLL!SetCommBreak This function suspends character transmission on a communications device- indicating file operation on device communication. File Operations | |
| GDI32FULL.DLL!GetTextColor Retrieves the current text color for the specified device context- relating to graphical interface operations. System Information and Control | |
| USER32.DLL!GetKeyboardLayoutNameW Retrieves the name of the active input locale identifier for the calling thread. System Information and Control | |
| KERNEL32.DLL!GetTempPathW Retrieves the path for temporary files- facilitating file operations. File Operations | |
| USER32.DLL!PostThreadMessageA Posts a message to the message queue of a specified thread- thus managing inter-thread communication. Process and Thread Management | |
| WSOCK32.DLL!WSAIsBlocking This function pertains to socket operations- specifically blocking behavior in network connections. Network Operations | |
| KERNEL32.DLL!SetFilePointerEx This function moves the file pointer of a specified file- impacting file read/write operations. File Operations | |
| OLEAUT32.DLL!VarUI8FromDisp Converts a property's value from an IDispatch instance to a numeric format. Memory Management | |
| KERNEL32.DLL!SetFileAttributesA Modifies a file or directory's attributes like read-only or hidden. File Operations | |
| GDI32FULL.DLL!CloseMetaFile Closes a metafile device context- managing graphical file resources. File Operations | |
| WINDOWS.STORAGE.DLL!SHGetItemFromObject Retrieves an IShellItem interface pointer for the specified object- facilitating file operations in the Windows Shell. File Operations | |
| KERNEL32.DLL!GetShortPathNameW Retrieves the short path form of a specified long path- involving file name manipulation. File Operations | |
| ADVAPI32.DLL!RegOpenKeyTransactedW Opens a specified registry key with transaction support- allowing safe operations on registry data. Registry Operations | |
| WINMMBASE.DLL!waveInStop The waveInStop function halts waveform-audio input operations. Process and Thread Management | |
| KERNEL32.DLL!SetLocaleInfoW Modifies locale settings that affect behavior of applications- thus interacting with system registry values. Registry Operations | |
| USER32.DLL!CloseTouchInputHandle Closes a touch input handle and frees associated memory- ensuring proper resource management. Memory Management | |
| OLE32.DLL!NdrProxyForwardingFunction28 Implements COM proxies facilitating interface marshaling in remote procedure calls. System Information and Control | |
| RPCRT4.DLL!RpcMgmtIsServerListening This function checks if a server is listening for remote procedure calls- determining RPC availability. Network Operations | |
| SECHOST.DLL!CredWriteDomainCredentialsA Writes domain credentials to the user's credential set associated with the current logon session. Registry Operations | |
| KERNEL32.DLL!CreateWaitableTimerW Creates or opens a waitable timer object for synchronization purposes. Process and Thread Management | |
| KERNEL32.DLL!VerifyScripts Compares two lists of scripts to verify locale compatibility and mitigate internationalized domain names issues. System Information and Control | |
| SECHOST.DLL!CredGetTargetInfoA This function retrieves information about a target computer- which relates to authentication processes. System Information and Control | |
| GDI32FULL.DLL!DeleteDC Deletes a specified device context (DC) which is related to graphical output. System Information and Control | |
| USER32.DLL!CreateWindowStationA Creates a window station associated with the calling process- managing session-specific resources. Process and Thread Management | |
| KERNEL32.DLL!GetCachedSigningLevel Retrieves the cached signing level of a file- indicating its validation status. System Information and Control | |
| SECHOST.DLL!RegisterTraceGuidsA Registers an ETW event trace provider to manage event tracing sessions. System Information and Control | |
| RPCRT4.DLL!RpcCertGeneratePrincipalNameW Generates principal names for security certificates used in server programs. Cryptographic Operations | |
| OLEAUT32.DLL!VarUdateFromDate Converts dates from variant format to MS-DOS format. System Information and Control | |
| KERNEL32.DLL!CloseThreadpool Closes a specified thread pool- managing threads for concurrent operations. Process and Thread Management | |
| OLEAUT32.DLL!VarDateFromDisp Converts IDispatch instance property to a date value. Memory Management | |
| GDI32FULL.DLL!ScriptFreeCache Frees a script cache- managing memory associated with fonts and shapes in applications. Memory Management | |
| KERNELBASE.DLL!PerfSetCounterRefValue Updates counter values by referencing actual data pointers- indicating performance monitoring. System Information and Control | |
| KERNEL32.DLL!FreeLibraryAndExitThread Decrements a DLL's reference count and terminates the calling thread without returning. DLL Injection and Manipulation | |
| OLEAUT32.DLL!VarDecInt Retrieves the integer portion of a decimal variant- involving memory manipulation of data types. Memory Management | |
| KERNELBASE.DLL!SetSecurityDescriptorRMControl This function sets control bits in a SECURITY_DESCRIPTOR- which is part of access control. Registry Operations | |
| OLE32.DLL!OleLoadFromStream Loads an object from a stream; involves reading and interpreting data from a specific resource. File Operations | |
| WINMMBASE.DLL!midiOutLongMsg Sends a MIDI message to a specified output device. Network Operations | |
| COMCTL32.DLL!ImageList_SetOverlayImage This function manages images in an image list- specifically adding overlay masks to images. DLL Injection and Manipulation | |
| ADVAPI32.DLL!GetEventLogInformation Retrieves information about a specified event log- including status and content details. System Information and Control | |
| SHCORE.DLL!SHQueryInfoKeyA Retrieves information about a specified registry key and its subkeys and values. Registry Operations | |
| USER32.DLL!GetDpiForWindow This function retrieves the DPI value for a specified window. System Information and Control | |
| SECHOST.DLL!LsaLookupSids Translates security identifiers (SIDs) into corresponding names- involving access to policy objects. System Information and Control | |
| USER32.DLL!GetDisplayConfigBufferSizes Retrieves sizes of buffers needed for display configuration queries. System Information and Control | |
| KERNEL32.DLL!ConvertDefaultLocale Converts a default locale value to a locale identifier- related to internationalization functions. System Information and Control | |
| SECHOST.DLL!ChangeServiceConfig2A Modifies configuration parameters of a specified service in the service control manager. System Information and Control | |
| SHCORE.DLL!SHDeleteValueA Deletes a named value from a specified registry key- impacting system configuration. Registry Operations | |
| WS2_32.DLL!WSAJoinLeaf This function manages network connections by joining a leaf node into a multipoint session. Network Operations | |
| RPCRT4.DLL!RpcBindingFromStringBindingW Creates a server binding handle from a string representation for RPC communication. Network Operations | |
| KERNEL32.DLL!VerifyVersionInfoW Compares operating system version requirements to the current system's version. System Information and Control | |
| KERNEL32.DLL!ResetWriteWatch Resets the write-tracking state for a region of virtual memory- impacting memory management operations. Memory Management | |
| SHLWAPI.DLL!PathAddBackslashA Adds a backslash to a path string for correct syntax. File Operations | |
| VERTDLL.DLL!EventWriteTransfer This function writes an ETW event- used for logging and monitoring system activity. System Information and Control | |
| WS2_32.DLL!WSAEventSelect Associates an event object with specified network events- indicating readiness for network operations. Network Operations | |
| USER32.DLL!AnimateWindow Produces effects for showing/hiding windows. Involves animation control- thus it's categorized under Process and Thread Management. Process and Thread Management | |
| KERNELBASE.DLL!AddAuditAccessObjectAce This function adds an audit access control entry to a system access control list for auditing purposes. Registry Operations | |
| USER32.DLL!DeregisterShellHookWindow Unregisters a Shell window from receiving hook messages- involves window management. Hooking and Interception | |
| KERNEL32.DLL!GetNamedPipeClientComputerNameA Retrieves the client computer name for a specified named pipe connection. Network Operations | |
| OLE32.DLL!NdrProxyForwardingFunction29 This is a stub function for COM proxies- involved in marshaling interfaces. DLL Injection and Manipulation | |
| USER32.DLL!CharUpperA Converts a character string or a character to uppercase in place. Memory Management | |
| USER32.DLL!IsProcessDPIAware Determines if the process adjusts UI elements based on DPI settings. System Information and Control | |
| SHLWAPI.DLL!ChrCmpIW Compares two characters in a case-insensitive manner. System Information and Control | |
| OLEAUT32.DLL!VarBstrFromDisp Converts properties of IDispatch to BSTR value- related to data manipulation. Memory Management | |
| KERNEL32.DLL!FindActCtxSectionGuid Retrieves information on a specific GUID within the activation context for various redirection data. System Information and Control | |
| USER32.DLL!mouse_event This function synthesizes mouse motion and button clicks- representing direct interaction with input devices. Hooking and Interception | |
| USER32.DLL!CreateDesktopExW Creates a new desktop and associates it with the current window station- managing GUI desktop environments. Process and Thread Management | |
| OLEAUT32.DLL!VarCyFromI8 This function converts an integer to a currency value but does not perform file or network operations. System Information and Control | |
| WS2_32.DLL!WSAConnectByNameW Establishes a connection to a specified host and port using a socket. Network Operations | |
| OLE32.DLL!CStdAsyncStubBuffer2_Disconnect Disconnects the server object from the stub in Remote Procedure Call context. Process and Thread Management | |
| KERNEL32.DLL!CreateTimerQueue Creates a queue for timers- allowing specified callback functions to be executed at scheduled times. Process and Thread Management | |
| USER32.DLL!GetOpenClipboardWindow Retrieves the handle to the clipboard owner's window- relating to clipboard data exchange. System Information and Control | |
| SHELL32.DLL!CIDLData_CreateFromIDArray Creates a data object with a specified PIDL for clipboard operations. File Operations | |
| OLEAUT32.DLL!VarDateFromI8 Converts an 8-byte unsigned integer to a date value. System Information and Control | |
| KERNEL32.DLL!SleepConditionVariableSRW Sleeps on a condition variable and atomically releases a lock- essential for thread synchronization. Process and Thread Management | |
| RPCRT4.DLL!RpcCertGeneratePrincipalNameA Generates principal names for security certificates- involving cryptographic operations for secure identity management. Cryptographic Operations | |
| GDI32FULL.DLL!SetTextCharacterExtra Sets intercharacter spacing for text output in a device context. System Information and Control | |
| GDI32FULL.DLL!ScriptStringGetLogicalWidths Converts visual widths into logical widths for string processing. System Information and Control | |
| OLEAUT32.DLL!VarUI2FromBool Converts a Boolean to an unsigned short; involves data type manipulation. Memory Management | |
| KERNELBASE.DLL!QuerySecurityAccessMask Creates an access mask for querying object security information- indicating access permissions required. System Information and Control | |
| OLE32.DLL!CreateItemMoniker Creates an item moniker for identifying objects in a composite document structure. System Information and Control | |
| USER32.DLL!EnumPropsW Enumerates properties of a window- invoking a callback for each entry in the property list. System Information and Control | |
| KERNEL32.DLL!IsNLSDefinedString Determines if a string's characters have defined results for specified NLS capabilities- affecting string processing. System Information and Control | |
| OLEAUT32.DLL!QueryPathOfRegTypeLib This function retrieves the path of a registered type library from the registry. Registry Operations | |
| WINDOWS.STORAGE.DLL!SHAssocEnumHandlers Enumerates handlers for specified file name extensions- categorizing them based on user preferences or defaults. File Operations | |
| KERNEL32.DLL!OpenFileMappingW Opens a named file mapping object for accessing shared memory. Memory Management | |
| OLEAUT32.DLL!VarCmp Compares two variants for equality or order ignoring locale-specific formatting options. System Information and Control | |
| GDI32.DLL!SetRectRgn Sets a rectangular region in a graphics device interface- altering the region's coordinates. System Information and Control | |
| NTDLL.DLL!RtlIpv4AddressToStringExW Converts an IPv4 address and port number to a string in standard Internet format. Network Operations | |
| WINDOWS.STORAGE.DLL!SHChangeNotification_Unlock Unlocks shared memory used for change notifications in the Windows Shell. Memory Management | |
| KERNEL32.DLL!WerUnregisterRuntimeExceptionModule This function removes a previously registered Windows Error Reporting exception handler- affecting error reporting behavior. System Information and Control | |
| GDI32.DLL!PolylineTo Draws one or more straight lines in a device context- manipulating graphical output. System Information and Control | |
| SHLWAPI.DLL!PathRemoveBlanksA This function removes spaces from a string- involved in managing file paths. File Operations | |
| KERNEL32.DLL!EnableThreadProfiling Enables thread profiling on a specified thread- collecting performance data and counters. Process and Thread Management | |
| USER32.DLL!EnumWindowStationsA Enumerates window stations for the current session- allowing for observation of system resources. System Information and Control | |
| KERNEL32.DLL!ReleaseSRWLockExclusive Releases an SRW lock in exclusive mode to manage concurrency in threads. Process and Thread Management | |
| GDI32FULL.DLL!SetViewportExtEx Sets horizontal and vertical extents of a viewport in device coordinates for a device context. System Information and Control | |
| OLEAUT32.DLL!VarRound Rounds numbers within a variant type- relevant for mathematical operations. Memory Management | |
| COMCTL32.DLL!ImageList_Destroy This function destroys an image list- managing resources associated with graphical objects. Memory Management | |
| IOleInPlaceSiteWindowless::InvalidateRgn Invalidates a specified region of an object's image displayed on the screen. System Information and Control | |
| RPCRT4.DLL!NdrStubCall2 Invokes server manager routines for remote procedure calls (RPC)- indicating network operations in DCOM interfaces. Network Operations | |
| USER32.DLL!AllowSetForegroundWindow Enables a specified process to set the foreground window- affecting window management. Process and Thread Management | |
| GDI32FULL.DLL!SetBrushOrgEx This function sets the brush origin within a device context for GDI operations. System Information and Control | |
| KERNEL32.DLL!Toolhelp32ReadProcessMemory Copies memory from a specified process into a local buffer- indicating access to another process's memory. Memory Management | |
| WINDOWS.STORAGE.DLL!ILRemoveLastID This function manipulates ITEMIDLIST structures- removing the last SHITEMID. DLL Injection and Manipulation | |
| OLE32.DLL!NdrProxyForwardingFunction10 Stub function for COM proxies- facilitating communication between processes. Process and Thread Management | |
| KERNEL32.DLL!BuildIoRingCancelRequest Cancels a submitted I/O ring operation- indicating it involves file I/O operations. File Operations | |
| OLE32.DLL!CStdAsyncStubBuffer_Disconnect Disconnects the server object from the stub- involved in inter-process communication. Process and Thread Management | |
| KERNEL32.DLL!EnumResourceTypesA Enumerates resource types within a binary module- managing resource information access. System Information and Control | |
| KERNELBASE.DLL!FindFirstFreeAce Retrieves a pointer to the first free byte in an access control list- managing security data. Memory Management | |
| SECHOST.DLL!AuditSetGlobalSaclW Sets a global system access control list for audit messages- requiring security privileges. Registry Operations | |
| USER32.DLL!ExcludeUpdateRgn This function manages drawing areas within a window by manipulating clipping regions. Process and Thread Management | |
| KERNEL32.DLL!GetFirmwareType Retrieves the firmware type of the local computer- providing system information. System Information and Control | |
| NTDLL.DLL!RtlIpv6AddressToStringExW Converts an IPv6 address with optional scope ID and port to a string representation. Network Operations | |
| KERNELBASE.DLL!PerfSetCounterSetInfo Specifies the layout of a specific counter set for performance monitoring. System Information and Control | |
| OLEAUT32.DLL!VarI2FromR4 Converts a float value to a short- facilitating data type management. Memory Management | |
| OLEAUT32.DLL!VarBoolFromUI1 Converts an unsigned char to a Boolean value. Memory Management | |
| ADVAPI32.DLL!OperationEnd Notifies the system that an operation has concluded- affecting operation tracking and file access patterns. System Information and Control | |
| USER32.DLL!InheritWindowMonitor Allows a window to inherit the monitor settings from another window. System Information and Control | |
| USER32.DLL!GetClassInfoExA Retrieves information about a window class and its associated icon- which affects GUI display. System Information and Control | |
| KERNEL32.DLL!UnregisterBadMemoryNotification Closes a handle for memory notifications- managing bad memory issues. Memory Management | |
| SHLWAPI.DLL!PathIsUNCServerA Validates a string as a proper UNC format for server paths only. File Operations | |
| USER32.DLL!ActivateKeyboardLayout Sets the input locale for the current thread or process- affecting keyboard layout management. System Information and Control | |
| SHELL32.DLL!Shell_MergeMenus Merges two menus by adding items from one to another. DLL Injection and Manipulation | |
| USER32.DLL!DefFrameProcA Processes window messages for MDI frame windows; manages message handling rather than modifying system resources. Process and Thread Management | |
| OLE32.DLL!CreateILockBytesOnHGlobal Creates a byte array using an HGLOBAL memory handle for in-memory storage of a compound file. Memory Management | |
| SECHOST.DLL!LsaLookupNames2 This function retrieves security identifiers (SIDs) for account names- involving system security management. System Information and Control | |
| OLEAUT32.DLL!VarUI4FromCy Converts a currency value to an unsigned long value for use in applications. Cryptographic Operations | |
| KERNEL32.DLL!lstrlenW Determines the length of a string excluding the null terminator. Memory Management | |
| OLE32.DLL!CStdAsyncStubBuffer_Release Implements reference counting for RPC stub buffers- managing resources associated with asynchronous calls. Process and Thread Management | |
| GDI32FULL.DLL!CancelDC Cancels pending operations on a device context- affecting drawing actions in multi-threaded applications. Process and Thread Management | |
| KERNEL32.DLL!GetSystemFileCacheSize Retrieves current limits for the working set of the system cache. Memory Management | |
| KERNEL32.DLL!GetProcessPriorityBoost Retrieves the priority boost control state of a specified process- affecting its scheduling priority. Process and Thread Management | |
| OLEAUT32.DLL!VarR8FromDec Converts a decimal value to a double in automation- involving type conversion. Memory Management | |
| KERNEL32.DLL!BindIoCompletionCallback Associates I/O completion ports with file handles to execute callbacks upon I/O completion. File Operations | |
| OLE32.DLL!CoTaskMemFree This function frees memory allocated by COM's memory allocation functions. Memory Management | |
| USER32.DLL!DefWindowProcW Processes default window messages for applications- ensuring every message is handled appropriately. System Information and Control | |
| USER32.DLL!IsTouchWindow Checks if a window supports touch input and retrieves its modifier flags. System Information and Control | |
| GDI32.DLL!HT_Get8BPPFormatPalette Returns a halftone palette for 8-bits per pixel device types- involving memory allocation for palette data. Memory Management | |
| SHLWAPI.DLL!PathFileExistsA This function verifies if a specified file path exists in the file system. File Operations | |
| USER32.DLL!DisplayConfigSetDeviceInfo This function sets properties of a display device- manipulating device configuration. System Information and Control | |
| SHELL32.DLL!SHCreateQueryCancelAutoPlayMoniker This function creates a moniker for handling auto-play queries and registers it for use. DLL Injection and Manipulation | |
| KERNEL32.DLL!GetCommModemStatus Retrieves modem control-register values- checking the status of communication signals. System Information and Control | |
| KERNEL32.DLL!SetThreadExecutionState Prevents system sleep or display turn-off while an application is active. System Information and Control |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment