Windows 7 DLL File Information - BFE.DLL |
The following DLL report was generated by automatic DLL script that scanned and loaded all DLL files in the system32 directory of Windows 7, extracted the information from them, and then saved it into HTML reports. If you want to view a report of another DLL, go to the main page of this Web site.
General Information
File Description: | Base Filtering Engine |
File Version: | 6.1.7100.0 (winmain_win7rc.090421-1700) |
Company: | Microsoft Corporation |
Product Name: | Microsoft Windows Operating System |
DLL popularity | Very Low - There is no any other DLL in system32 directory that is statically linked to this file. |
File Size: | 483 KB |
Total Number of Exported Functions: | 4 |
Total Number of Exported Functions With Names: | 4 |
Section Headers
Name | Virtual Address | Raw Data Size | % of File | Characteristics | Section Contains... |
---|---|---|---|---|---|
.text | 0x00001000 | 406,016 Bytes | 82.1% | Read, Execute | Code |
.data | 0x00065000 | 7,680 Bytes | 1.6% | Write, Read | Initialized Data |
.rsrc | 0x00069000 | 62,976 Bytes | 12.7% | Read | Initialized Data |
.reloc | 0x00079000 | 16,896 Bytes | 3.4% | Read, Discardable | Initialized Data |
Static Linking
BFE.DLL is statically linked to the following files:msvcrt.dll
ntdll.dll
API-MS-Win-Core-LibraryLoader-L1-1-0.dll
API-MS-Win-Security-Base-L1-1-0.dll
AUTHZ.dll
RPCRT4.dll
slc.dll
KERNEL32.dll
This means that when BFE.DLL is loaded, the above files are automatically loaded too. If one of these files is corrupted or missing, BFE.DLL won't be loaded.
General Resources Information
Resource Type | Number of Items | Total Size | % of File |
---|---|---|---|
Icons | 0 | 0 Bytes | 0.0% |
Animated Icons | 0 | 0 Bytes | 0.0% |
Cursors | 0 | 0 Bytes | 0.0% |
Animated Cursors | 0 | 0 Bytes | 0.0% |
Bitmaps | 0 | 0 Bytes | 0.0% |
AVI Files | 0 | 0 Bytes | 0.0% |
Dialog-Boxes | 0 | 0 Bytes | 0.0% |
HTML Related Files | 0 | 0 Bytes | 0.0% |
Menus | 0 | 0 Bytes | 0.0% |
Strings | 187 | 19,072 Bytes | 3.9% |
Type Libraries | 0 | 0 Bytes | 0.0% |
Manifest | 0 | 0 Bytes | 0.0% |
All Others | 4 | 65,278 Bytes | 13.2% |
Total | 191 | 84,350 Bytes | 17.1% |
Icons in this file
No icons found in this file
Cursors in this file
No cursors found in this file
Dialog-boxes list (up to 200 dialogs)
No dialog resources in this file.
String resources in this dll (up to 200 strings)
String ID | String Text |
---|---|
301 | Inbound IP Packet v4 Layer |
303 | Inbound IP Packet v4 Discard Layer |
305 | Inbound IP Packet v6 Layer |
307 | Inbound IP Packet v6 Discard Layer |
309 | Outbound IP Packet v4 Layer |
311 | Outbound IP Packet v4 Discard Layer |
313 | Outbound IP Packet v6 Layer |
315 | Outbound IP Packet v6 Discard Layer |
317 | IP Forward v4 Layer |
319 | IP Forward v4 Discard Layer |
321 | Inbound Transport v4 Layer |
323 | Inbound Transport v4 Discard Layer |
325 | Inbound Transport v6 Layer |
327 | Inbound Transport v6 Discard Layer |
329 | Outbound Transport v4 Layer |
331 | Outbound Transport v4 Discard Layer |
333 | Outbound Transport v6 Layer |
335 | Outbound Transport v6 Discard Layer |
337 | Stream v4 Layer |
339 | Stream v4 Discard Layer |
341 | Stream v6 Layer |
343 | Stream v6 Discard Layer |
345 | Datagram Data v4 Layer |
347 | Datagram Data v4 Discard Layer |
349 | Datagram Data v6 Layer |
351 | Datagram Data v6 Discard Layer |
353 | Inbound ICMP Error v4 Layer |
355 | Inbound ICMP Error v4 Discard Layer |
357 | Inbound ICMP Error v6 Layer |
359 | Inbound ICMP Error v6 Discard Layer |
361 | ALE Resource Assignment v4 Layer |
363 | ALE Resource Assignment v4 Discard Layer |
365 | ALE Resource Assignment v6 Layer |
367 | ALE Resource Assignment v6 Discard Layer |
369 | ALE Listen v4 Layer |
371 | ALE Listen v4 Discard Layer |
373 | ALE Listen v6 Layer |
375 | ALE Listen v6 Discard Layer |
377 | ALE Receive/Accept v4 Layer |
379 | ALE Receive/Accept v4 Discard Layer |
381 | ALE Receive/Accept v6 Layer |
383 | ALE Receive/Accept v6 Discard Layer |
385 | ALE Connect v4 Layer |
387 | ALE Connect v4 Discard Layer |
389 | ALE Connect v6 Layer |
391 | ALE Connect v6 Discard Layer |
393 | ALE Flow Established v4 Layer |
395 | ALE Flow Established v4 Discard Layer |
397 | ALE Flow Established v6 Layer |
399 | ALE Flow Established v6 Discard Layer |
401 | Inbound MAC 802.3 Layer |
403 | Outbound MAC 802.3 Layer |
405 | IPsec KM Demux v4 Layer |
407 | IPsec KM Demux v6 Layer |
409 | IPsec v4 Layer |
411 | IPsec v6 Layer |
413 | IKE v4 Layer |
415 | IKE v6 Layer |
417 | RPC UM Layer |
419 | RPC EPMAP Layer |
421 | Outbound ICMP Error v4 Layer |
423 | Outbound ICMP Error v4 Discard Layer |
425 | Outbound ICMP Error v6 Layer |
427 | Outbound ICMP Error v6 Discard Layer |
429 | RPC EP ADD Layer |
431 | RPC Proxy Connect Layer |
433 | RPC Proxy Interface Layer |
435 | IP Forward v6 Layer |
437 | IP Forward v6 Discard Layer |
439 | ALE Route v4 Layer |
441 | ALE Route v6 Layer |
445 | Keying Module Authorization Layer |
447 | Name Resolution Cache v4 Layer |
449 | Name Resolution Cache v6 Layer |
451 | ALE Resource Release v4 Layer |
453 | ALE Resource Release v6 Layer |
455 | ALE Endpoint Closure v4 Layer |
457 | ALE Endpoint Closure v6 Layer |
459 | ALE Connect Redirect v4 Layer |
461 | ALE Connect Redirect v6 Layer |
463 | ALE Bind Redirect v4 Layer |
465 | ALE Bind Redirect v6 Layer |
467 | Stream Packet v4 Layer |
469 | Stream Packet v6 Layer |
501 | WFP Built-in Universal Sublayer |
503 | WFP Built-in Legacy IPsec Sublayer |
505 | WFP Built-in Secure Socket Sublayer |
507 | WFP Built-in TCP Chimney Offload Sublayer |
509 | WFP Built-in Inspection Sublayer |
511 | RPC Built-in Audit Sublayer |
513 | WFP Built-in IPsec Tunnel Sublayer |
515 | WFP Built-in Edge Traversal Sublayer |
517 | WFP Built-in IPsec Forward Outbound Tunnel Sublayer |
519 | WFP Built-in IPsec DoS Protection Sublayer |
601 | Condition ID: %ls Match value: %ls Condition value: %ls |
602 | Equal to |
603 | Greater than |
604 | Less than |
605 | Greater than or equal to |
606 | Less than or equal to |
607 | In range |
608 | All flags set |
609 | Any flags set |
610 | No flags set |
611 | Equal to (case insensitive) |
613 | Not equal to |
701 | WFP Built-in Default Secure Socket AuthIP Policy Provider Context |
702 | Authenticated Internet Protocol (AuthIP) main mode default policy for secure sockets. |
703 | WFP Built-in Default Secure Socket IPsec Policy Provider Context |
704 | Internet Protocol Security (IPsec) quick mode default policy for secure sockets. |
801 | WFP Built-in IPsec Inbound Transport v4 Layer Callout |
802 | Verifies that each received packet that is supposed to arrive over a transport mode security association arrives securely. |
803 | WFP Built-in IPsec Inbound Transport v6 Layer Callout |
804 | Verifies that each received packet that is supposed to arrive over a transport mode security association arrives securely. |
805 | WFP Built-in IPsec Outbound Transport v4 Layer Callout |
806 | Indicates to IPsec the outbound traffic that must be secured over transport mode security associations. |
807 | WFP Built-in IPsec Outbound Transport v6 Layer Callout |
808 | Indicates to IPsec the outbound traffic that must be secured over transport mode security associations. |
809 | WFP Built-in IPsec Inbound Tunnel v4 Layer Callout |
810 | Verifies that each received packet that is supposed to arrive over a tunnel mode security association arrives securely. |
811 | WFP Built-in IPsec Inbound Tunnel v6 Layer Callout |
812 | Verifies that each received packet that is supposed to arrive over a tunnel mode security association arrives securely. |
813 | WFP Built-in IPsec Outbound Tunnel v4 Layer Callout |
814 | Indicates to IPsec the outbound traffic that must be secured over tunnel mode security associations. |
815 | WFP Built-in IPsec Outbound Tunnel v6 Layer Callout |
816 | Indicates to IPsec the outbound traffic that must be secured over tunnel mode security associations. |
817 | WFP Built-in IPsec Forward Inbound Tunnel v4 Layer Callout |
818 | Verifies that each received packet that is supposed to arrive over a tunnel mode security association arrives securely. |
819 | WFP Built-in IPsec Forward Inbound Tunnel v6 Layer Callout |
820 | Verifies that each received packet that is supposed to arrive over a tunnel mode security association arrives securely. |
821 | WFP Built-in IPsec Forward Outbound Tunnel v4 Layer Callout |
822 | Indicates to IPsec the outbound traffic that must be secured over a tunnel mode security association. |
823 | WFP Built-in IPsec Forward Outbound Tunnel v6 Layer Callout |
824 | Indicates to IPsec the outbound traffic that must be secured over a tunnel mode security association. |
825 | WFP Built-in IPsec Inbound Initiate Secure v4 Layer Callout |
826 | Verifies that each incoming connection that is supposed to arrive secure arrives securely. |
827 | WFP Built-in IPsec Inbound Initiate Secure v6 Layer Callout |
828 | Verifies that each incoming connection that is supposed to arrive secure arrives securely. |
829 | WFP Built-in IPsec ALE Connect v4 Layer Callout |
830 | Applies IPsec policy modifiers to client applications. |
831 | WFP Built-in IPsec ALE Connect v6 Layer Callout |
832 | Applies IPsec policy modifiers to client applications. |
833 | WFP Built-in Silent Drop Transport v4 Discard Layer Callout |
834 | Implements stealth-mode filtering by silently dropping all incoming packets for which TCP does not have a listening endpoint. |
835 | WFP Built-in Silent Drop Transport v6 Discard Layer Callout |
836 | Implements stealth-mode filtering by silently dropping all incoming packets for which TCP does not have a listening endpoint. |
837 | WFP Built-in TCP Chimney Offload ALE Connect v4 Layer Callout |
838 | Enables or disables TCP Chimney Offload for each outgoing connection. |
839 | WFP Built-in TCP Chimney Offload ALE Connect v6 Layer Callout |
840 | Enables or disables TCP Chimney Offload for each outgoing connection. |
841 | WFP Built-in TCP Chimney Offload ALE Receive/Accept v4 Layer Callout |
842 | Enables or disables TCP Chimney Offload for each incoming connection. |
843 | WFP Built-in TCP Chimney Offload ALE Receive/Accept v6 Layer Callout |
844 | Enables or disables TCP Chimney Offload for each incoming connection. |
845 | WFP Built-in Set Option ALE Connect v4 Layer Callout |
846 | Sets classify options on outbound flows. |
847 | WFP Built-in Set Option ALE Connect v6 Layer Callout |
848 | Sets classify options on outbound flows. |
849 | WFP Built-in IPsec Inbound Tunnel ALE Receive/Accept v4 Layer Callout |
850 | Permits IPsec tunnel mode IP-in-IP packets when they get classified at the ALE receive/accept layer. |
851 | WFP Built-in IPsec Inbound Tunnel ALE Receive/Accept v6 Layer Callout |
852 | Permits IPsec tunnel mode IP-in-IP packets when they get classified at the ALE receive/accept layer. |
853 | WFP Built-in Edge Traversal ALE Resource Assignment v4 Layer Callout |
854 | Signals Windows when an application is attempting to bind to an interface and has opted in for edge traversing traffic. |
855 | WFP Built-in Edge Traversal ALE Resource Assignment v6 Layer Callout |
856 | Signals Windows when an application is attempting to bind to an interface and has opted in for edge traversing traffic. |
857 | WFP Built-in Edge Traversal ALE Listen v4 Layer Callout |
858 | Signals Windows when an application is attempting to listen on an interface and has opted in for edge traversing traffic. |
859 | WFP Built-in Edge Traversal ALE Listen v6 Layer Callout |
860 | Signals Windows when an application is attempting to listen on an interface and has opted in for edge traversing traffic. |
861 | WFP Built-in IPsec DoS Protection Forward v4 Layer Callout |
862 | Inspection point for IPsec Denial of Service Protection at the forward layer to create state and prevent DoS. |
863 | WFP Built-in IPsec DoS Protection Forward v6 Layer Callout |
864 | Inspection point for IPsec Denial of Service Protection at the forward layer to create state and prevent DoS. |
901 | WFP Built-in IKE Exemption Filter |
902 | Default exemption filter for IKE traffic. |
1001 | Base Filtering Engine |
1002 | The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications. |
1101 | Default WinPE Policy |
1201 | Microsoft Corporation |
1202 | Microsoft Windows WFP Built-in IKEEXT provider used to identify filters added by IKE/AuthIP. |
1203 | Microsoft Corporation |
1204 | Microsoft Windows WFP Built-in TCP Chimney Offload provider used to identify filters added by TCP Chimney Offload. |
1205 | Microsoft Corporation |
1206 | Microsoft Windows WFP Built-in IPsec DoS Protection configuration provider used to identify filters added by IPsec Denial of Service Protection. |
2001 | Microsoft Corporation |
2002 | This task adjusts the start type for firewall-triggered services when the start type of the Base Filtering Engine (BFE) is disabled. |
COM Classes/Interfaces
There is no type library in this file with COM classes/interfaces information
Exported Functions List
The following functions are exported by this dll:BfeGetDirectDispatchTable | BfeOnServiceStartTypeChange | BfeServiceMain | SvchostPushServiceGlobals |
Imported Functions List
The following functions are imported by this dll:- msvcrt.dll:
_CIlog _XcptFilter _amsg_exit _except_handler4_common _ftol2 _i64toa_s _initterm _ltoa_s _ui64toa_s _ultoa_s _ultow _vsnwprintf _wcsicmp _wcslwr _wcsnicmp bsearch free isprint iswctype malloc memcpy memmove memset qsort sprintf_s strpbrk strstr tolower wcschr wcsnlen wcstol wcstoul - ntdll.dll:
EtwEventActivityIdControl EtwEventEnabled EtwEventRegister EtwEventUnregister EtwEventWrite EtwGetTraceEnableFlags EtwGetTraceEnableLevel EtwGetTraceLoggerHandle EtwRegisterTraceGuidsW EtwTraceMessage EtwUnregisterTraceGuids NtDeviceIoControlFile NtQueryObject RtlAbsoluteToSelfRelativeSD RtlAdjustPrivilege RtlAllocateHeap RtlContractHashTable RtlCreateHashTable RtlCreateServiceSid RtlDeleteHashTable RtlEndEnumerationHashTable RtlEnumerateEntryHashTable RtlEqualSid RtlEthernetAddressToStringA RtlExpandHashTable RtlGetNextEntryHashTable RtlGetOwnerSecurityDescriptor RtlGetSaclSecurityDescriptor RtlInitEnumerationHashTable RtlInitUnicodeString RtlInitializeBitMap RtlInsertEntryHashTable RtlIntegerToUnicodeString RtlIpv4AddressToStringA RtlIpv4AddressToStringW RtlIpv6AddressToStringA RtlIpv6AddressToStringW RtlLengthSecurityDescriptor RtlLengthSid RtlLookupEntryHashTable RtlNtStatusToDosError RtlNumberOfSetBits RtlRemoveEntryHashTable RtlSelfRelativeToAbsoluteSD2 RtlSetOwnerSecurityDescriptor RtlSetThreadPreferredUILanguages RtlValidRelativeSecurityDescriptor RtlValidSid TpAllocTimer TpIsTimerSet TpReleaseTimer TpSetTimer TpWaitForTimer WinSqmAddToStream WinSqmIsOptedIn WinSqmSetDWORD - API-MS-Win-Core-LibraryLoader-L1-1-0.dll:
KernelBase!DisableThreadLibraryCalls KernelBase!FreeLibrary KernelBase!GetModuleHandleExW KernelBase!GetProcAddress KernelBase!LoadLibraryExA KernelBase!LoadStringW - API-MS-Win-Security-Base-L1-1-0.dll:
KernelBase!AddAccessAllowedAce KernelBase!CopySid KernelBase!CreatePrivateObjectSecurityEx KernelBase!DestroyPrivateObjectSecurity KernelBase!EqualSid KernelBase!GetLengthSid KernelBase!GetPrivateObjectSecurity KernelBase!GetSecurityDescriptorControl KernelBase!GetSecurityDescriptorLength KernelBase!InitializeAcl KernelBase!InitializeSecurityDescriptor KernelBase!MapGenericMask KernelBase!PrivilegeCheck KernelBase!SetPrivateObjectSecurityEx KernelBase!SetSecurityDescriptorControl KernelBase!SetSecurityDescriptorDacl - AUTHZ.dll:
AuthzAccessCheck AuthzFreeAuditEvent AuthzFreeContext AuthzFreeResourceManager AuthzGetInformationFromContext AuthzInitializeContextFromSid AuthzInitializeResourceManager AuthziFreeAuditEventType AuthziInitializeAuditEvent AuthziInitializeAuditEventType AuthziInitializeAuditParamsFromArray AuthziLogAuditEvent - RPCRT4.dll:
I_RpcExceptionFilter MesDecodeBufferHandleCreate MesEncodeDynBufferHandleCreate MesHandleFree NdrMesTypeDecode2 NdrMesTypeEncode2 NdrServerCall2 RpcBindingVectorFree RpcEpRegisterW RpcEpUnregister RpcFreeAuthorizationContext RpcGetAuthorizationContextForClient RpcImpersonateClient RpcRaiseException RpcRevertToSelf RpcServerInqBindings RpcServerInqCallAttributesW RpcServerRegisterIfEx RpcServerUnregisterIfEx RpcServerUseProtseqW UuidCreate UuidFromStringW - slc.dll:
SLGetWindowsInformationDWORD - KERNEL32.dll:
CloseHandle CompareStringW CreateEventW CreateFileW CreateSemaphoreW CreateThread CreateTimerQueue CreateTimerQueueTimer DelayLoadFailureHook DeleteTimerQueueEx DeleteTimerQueueTimer ExpandEnvironmentStringsW GetCurrentProcess GetCurrentProcessId GetCurrentThread GetCurrentThreadId GetLastError GetProcessId GetSystemTimeAsFileTime GetTickCount HeapCreate HeapDestroy HeapFree InitializeCriticalSectionAndSpinCount InterlockedCompareExchange InterlockedDecrement InterlockedExchange InterlockedExchangeAdd InterlockedIncrement LocalAlloc LocalFree MultiByteToWideChar QueryPerformanceCounter RegCloseKey RegCreateKeyExW RegDeleteValueW RegEnumValueW RegOpenKeyExW RegQueryInfoKeyW RegQueryValueExW RegSetValueExW RegisterWaitForSingleObject ReleaseSemaphore SetEvent SetUnhandledExceptionFilter Sleep TerminateProcess TlsAlloc TlsFree TlsGetValue TlsSetValue UnhandledExceptionFilter UnregisterWait UnregisterWaitEx WaitForSingleObject WideCharToMultiByte ntdll!RtlAllocateHeap ntdll!RtlDecodePointer ntdll!RtlDeleteCriticalSection ntdll!RtlEncodePointer ntdll!RtlEnterCriticalSection ntdll!RtlInterlockedCompareExchange64 ntdll!RtlLeaveCriticalSection ntdll!RtlReAllocateHeap