| Windows 7 DLL File Information - wevtsvc.dll |
The following DLL report was generated by automatic DLL script that scanned and loaded all DLL files in the system32 directory of Windows 7, extracted the information from them, and then saved it into HTML reports. If you want to view a report of another DLL, go to the main page of this Web site.
General Information
| File Description: | Event Logging Service |
| File Version: | 6.1.7100.0 (winmain_win7rc.090421-1700) |
| Company: | Microsoft Corporation |
| Product Name: | Microsoft Windows Operating System |
| DLL popularity | Very Low - There is no any other DLL in system32 directory that is statically linked to this file. |
| File Size: | 1,061 KB |
| Total Number of Exported Functions: | 2 |
| Total Number of Exported Functions With Names: | 2 |
Section Headers
| Name | Virtual Address | Raw Data Size | % of File | Characteristics | Section Contains... |
|---|---|---|---|---|---|
| .text | 0x00001000 | 936,448 Bytes | 86.2% | Read, Execute | Code |
| .data | 0x000e6000 | 81,408 Bytes | 7.5% | Write, Read | Initialized Data |
| .rsrc | 0x000fb000 | 18,944 Bytes | 1.7% | Read | Initialized Data |
| .reloc | 0x00100000 | 49,152 Bytes | 4.5% | Read, Discardable | Initialized Data |
Static Linking
wevtsvc.dll is statically linked to the following files:msvcrt.dll
RPCRT4.dll
ntdll.dll
API-MS-WIN-Service-Core-L1-1-0.dll
ADVAPI32.dll
KERNEL32.dll
This means that when wevtsvc.dll is loaded, the above files are automatically loaded too. If one of these files is corrupted or missing, wevtsvc.dll won't be loaded.
General Resources Information
| Resource Type | Number of Items | Total Size | % of File |
|---|---|---|---|
| Icons | 0 | 0 Bytes | 0.0% |
| Animated Icons | 0 | 0 Bytes | 0.0% |
| Cursors | 0 | 0 Bytes | 0.0% |
| Animated Cursors | 0 | 0 Bytes | 0.0% |
| Bitmaps | 0 | 0 Bytes | 0.0% |
| AVI Files | 0 | 0 Bytes | 0.0% |
| Dialog-Boxes | 0 | 0 Bytes | 0.0% |
| HTML Related Files | 0 | 0 Bytes | 0.0% |
| Menus | 0 | 0 Bytes | 0.0% |
| Strings | 2 | 658 Bytes | 0.1% |
| Type Libraries | 0 | 0 Bytes | 0.0% |
| Manifest | 0 | 0 Bytes | 0.0% |
| All Others | 4 | 26,306 Bytes | 2.4% |
| Total | 6 | 26,964 Bytes | 2.5% |
Icons in this file
No icons found in this file
Cursors in this file
No cursors found in this file
Dialog-boxes list (up to 200 dialogs)
No dialog resources in this file.
String resources in this dll (up to 200 strings)
| String ID | String Text |
|---|---|
| 200 | Windows Event Log |
| 201 | This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system. |
COM Classes/Interfaces
There is no type library in this file with COM classes/interfaces information
Exported Functions List
The following functions are exported by this dll:| ServiceMain | SvchostPushServiceGlobals |
Imported Functions List
The following functions are imported by this dll:- msvcrt.dll:
_CxxThrowException _HUGE _XcptFilter __CxxFrameHandler __dllonexit _amsg_exit _errno _except_handler4_common _ftol2 _gcvt _i64tow _initterm _itow _itow_s _lock _ltow _onexit _purecall _strnicmp _ui64tow _ultow _unlock _vsnprintf _vsnwprintf _wcsicmp _wcsnicmp _wcstoi64 _wcstoui64 _wfopen _wsplitpath_s _wtof _wtoi _wtoi64 _wtol abort bsearch fclose fgetws floor free iswalnum iswalpha iswdigit iswspace malloc memcpy memcpy_s memmove memmove_s memset public: __thiscall exception::exception(char const * const &) public: __thiscall exception::exception(class exception const &) public: __thiscall exception::exception(void) public: virtual __thiscall exception::~exception(void) public: virtual __thiscall type_info::~type_info(void) public: virtual char const * __thiscall exception::what(void)const qsort strncmp swprintf_s swscanf swscanf_s towupper void __cdecl terminate(void) wcschr wcsncat_s wcsncmp wcsncpy_s wcspbrk wcsrchr wcsstr wcstod wcstok wcstol wcstoul - RPCRT4.dll:
I_RpcBindingInqLocalClientPID I_RpcBindingIsClientLocal I_RpcMapWin32Status I_RpcSessionStrictContextHandle NdrAsyncServerCall NdrServerCall2 RpcAsyncCompleteCall RpcBindingToStringBindingW RpcBindingVectorFree RpcEpRegisterW RpcEpUnregister RpcImpersonateClient RpcRevertToSelf RpcRevertToSelfEx RpcServerInqBindings RpcServerRegisterAuthInfoW RpcServerRegisterIfEx RpcServerSubscribeForNotification RpcServerUnregisterIfEx RpcServerUnsubscribeForNotification RpcServerUseProtseqEpW RpcServerUseProtseqExW RpcStringBindingParseW RpcStringFreeW UuidCreate UuidFromStringW UuidToStringW - ntdll.dll:
EtwEventRegister EtwEventUnregister EtwEventWrite EtwGetTraceEnableFlags EtwGetTraceEnableLevel EtwGetTraceLoggerHandle EtwRegisterTraceGuidsW EtwTraceMessage EtwUnregisterTraceGuids NtClose NtCreateFile NtDeleteFile NtDuplicateObject NtEnumerateKey NtOpenKey NtOpenProcess NtQueryAttributesFile NtQuerySystemInformation NtQuerySystemTime NtQueryVolumeInformationFile NtReadFile NtWriteFile RtlAcquireResourceExclusive RtlAcquireResourceShared RtlAcquireSRWLockExclusive RtlAcquireSRWLockShared RtlAllocateHeap RtlAnsiStringToUnicodeString RtlCompareMemory RtlComputeCrc32 RtlCopySecurityDescriptor RtlCopyUnicodeString RtlCreateHeap RtlDeleteCriticalSection RtlDeleteElementGenericTableAvl RtlDeleteResource RtlDeleteSecurityObject RtlDosPathNameToNtPathName_U RtlEnterCriticalSection RtlEnumerateGenericTableAvl RtlEthernetAddressToStringW RtlFreeAnsiString RtlFreeAnsiString RtlFreeHeap RtlGetLastNtStatus RtlGetVersion RtlInitUnicodeString RtlInitializeCriticalSection RtlInitializeGenericTableAvl RtlInitializeResource RtlInsertElementGenericTableAvl RtlIpv4AddressToStringExW RtlIpv6AddressToStringExW RtlIpv6AddressToStringW RtlLeaveCriticalSection RtlLengthSid RtlLookupElementGenericTableAvl RtlNtStatusToDosError RtlNtStatusToDosErrorNoTeb RtlReleaseResource RtlReleaseSRWLockExclusive RtlReleaseSRWLockShared RtlRestoreLastWin32Error RtlSecondsSince1970ToTime RtlSetLastWin32ErrorAndNtStatusFromNtStatus RtlTimeToSecondsSince1970 RtlUnicodeStringToAnsiString - API-MS-WIN-Service-Core-L1-1-0.dll:
sechost!RegisterServiceCtrlHandlerExW sechost!SetServiceStatus - ADVAPI32.dll:
AccessCheck AddAce AllocateAndInitializeSid CheckTokenMembership CloseTrace ControlTraceW CopySid CreateWellKnownSid EnableTrace EnableTraceEx FlushTraceW FreeSid GetAce GetAclInformation GetLengthSid GetSecurityDescriptorControl GetSecurityDescriptorDacl GetSecurityDescriptorGroup GetSecurityDescriptorLength GetSecurityDescriptorOwner GetSecurityDescriptorSacl GetSecurityInfo GetTokenInformation InitializeAcl InitializeSecurityDescriptor IsValidAcl IsValidSecurityDescriptor IsValidSid IsWellKnownSid LookupAccountSidW MakeSelfRelativeSD MapGenericMask OpenProcessToken OpenThreadToken OpenTraceW PrivilegeCheck ProcessTrace QueryTraceW RegCloseKey RegCreateKeyExW RegDeleteKeyExW RegDeleteValueW RegEnumKeyExW RegEnumKeyW RegGetValueW RegNotifyChangeKeyValue RegOpenKeyExW RegQueryInfoKeyW RegQueryValueExW RegSetValueExW SetNamedSecurityInfoW SetSecurityDescriptorDacl SetSecurityDescriptorGroup SetSecurityDescriptorOwner SetSecurityDescriptorSacl SetThreadToken StartTraceW ntdll!EtwEventWrite - KERNEL32.dll:
AddAtomA CancelWaitableTimer CloseHandle CompareFileTime CreateDirectoryW CreateEventW CreateFileMappingW CreateFileW CreateThread CreateThreadpoolCleanupGroup CreateThreadpoolTimer CreateThreadpoolWork CreateWaitableTimerW DebugBreak DelayLoadFailureHook DeleteAtom DeleteFileW ExpandEnvironmentStringsW FileTimeToLocalFileTime FileTimeToSystemTime FindAtomA FindResourceW FlushFileBuffers FormatMessageW FreeLibrary FreeResource GetComputerNameExW GetComputerNameW GetCurrentDirectoryW GetCurrentProcess GetCurrentProcessId GetCurrentThread GetCurrentThreadId GetDateFormatW GetDiskFreeSpaceExW GetEnvironmentVariableW GetFileAttributesExW GetFileAttributesW GetFileInformationByHandle GetFileSize GetFileSizeEx GetLastError GetLocalTime GetModuleFileNameW GetModuleHandleExW GetProcAddress GetProcessHeap GetSystemDefaultLangID GetSystemInfo GetSystemTime GetSystemTimeAsFileTime GetTempFileNameW GetTempPathW GetThreadLocale GetThreadPreferredUILanguages GetThreadUILanguage GetTickCount GetTickCount64 GetTimeFormatW GetTimeZoneInformation GetVersionExW GlobalMemoryStatusEx HeapFree InitAtomTable InitializeCriticalSectionAndSpinCount InterlockedCompareExchange InterlockedDecrement InterlockedExchange InterlockedIncrement LoadLibraryExA LoadLibraryExW LoadLibraryW LoadResource LocalAlloc LocalFileTimeToFileTime LocalFree LockResource MapViewOfFile MoveFileExW MoveFileW MultiByteToWideChar OpenEventW OutputDebugStringA OutputDebugStringW PulseEvent QueryPerformanceCounter ReadFile RegisterWaitForSingleObject ResetEvent SearchPathW SetEndOfFile SetEvent SetFilePointer SetFilePointerEx SetLastError SetThreadPreferredUILanguages SetThreadUILanguage SetUnhandledExceptionFilter SetWaitableTimer SizeofResource Sleep SleepConditionVariableCS SystemTimeToFileTime SystemTimeToTzSpecificLocalTime TerminateProcess TlsAlloc TlsFree TlsGetValue TlsSetValue UnhandledExceptionFilter UnmapViewOfFile UnregisterWaitEx WaitForMultipleObjects WaitForSingleObject WideCharToMultiByte WriteFile ntdll!RtlAcquireSRWLockExclusive ntdll!RtlAcquireSRWLockShared ntdll!RtlAllocateHeap ntdll!RtlDeleteCriticalSection ntdll!RtlEnterCriticalSection ntdll!RtlInitializeConditionVariable ntdll!RtlInitializeConditionVariable ntdll!RtlInitializeCriticalSection ntdll!RtlLeaveCriticalSection ntdll!RtlReleaseSRWLockExclusive ntdll!RtlReleaseSRWLockShared ntdll!RtlWakeAllConditionVariable ntdll!TpCallbackUnloadDllOnCompletion ntdll!TpPostWork ntdll!TpReleaseCleanupGroup ntdll!TpReleaseCleanupGroupMembers ntdll!TpReleaseTimer ntdll!TpReleaseWork ntdll!TpSetTimer ntdll!TpWaitForTimer