Confronta il testo

Trova la differenza tra due file di testo

Real-time diff
Unified diff
Collapse lines
Highlight change
Syntax highlighting
Strumenti
Diffchecker Desktop icon
Diffchecker Desktop The most secure way to run Diffchecker. Get the Diffchecker Desktop app: your diffs never leave your computer!Get Desktop

Untitled diff

Created Diff never expires
125 removals
Lines
Total
Removed
Words
Total
Removed
To continue using this feature, upgrade to
Diffchecker logo
Diffchecker Pro
733 lines
121 additions
Lines
Total
Added
Words
Total
Added
To continue using this feature, upgrade to
Diffchecker logo
Diffchecker Pro
730 lines
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
<WinProcess "smss.exe" pid 368 at 0x5306908L>
<WinProcess "smss.exe" pid 520 at 0x5db0c50L>
64
64
[!!] Invalid rpcrt4 base: 0x0 vs 0x7ffec24f0000
[!!] Invalid rpcrt4 base: 0x0 vs 0x7ff868230000
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
<WinProcess "csrss.exe" pid 472 at 0x5306e48L>
<WinProcess "csrss.exe" pid 776 at 0x5db0908L>
64
64


Interfaces :
Interfaces :
Endpoints :
Endpoints :
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
<WinProcess "wininit.exe" pid 548 at 0x5306780L>
<WinProcess "wininit.exe" pid 876 at 0x5db0e48L>
64
64


Interfaces :
Interfaces :
RPC 76f226c3-ec14-4325-8a99-6a46348418ae (1.0) -- C:\windows\system32\wininit.exe
RPC 76f226c3-ec14-4325-8a99-6a46348418ae (1.0) -- C:\WINDOWS\system32\wininit.exe
0 -> I_WMsgkSendMessage
0 -> I_WMsgkSendMessage
1 -> I_WMsgkSendPSPMessage
1 -> I_WMsgkSendPSPMessage
RPC 894de0c0-0d55-11d3-a322-00c04fa321a1 (1.0) -- C:\windows\system32\wininit.exe
RPC 894de0c0-0d55-11d3-a322-00c04fa321a1 (1.0) -- C:\WINDOWS\system32\wininit.exe
0 -> s_BaseInitiateShutdown
0 -> s_BaseInitiateShutdown
1 -> s_BaseAbortShutdown
1 -> s_BaseAbortShutdown
2 -> s_BaseInitiateShutdownEx
2 -> s_BaseInitiateShutdownEx
RPC d95afe70-a6d5-4259-822e-2c84da1ddb0d (1.0) -- C:\windows\system32\wininit.exe
RPC d95afe70-a6d5-4259-822e-2c84da1ddb0d (1.0) -- C:\WINDOWS\system32\wininit.exe
0 -> s_WsdrInitiateShutdown
0 -> s_WsdrInitiateShutdown
1 -> s_WsdrAbortShutdown
1 -> s_WsdrAbortShutdown
2 -> s_WsdrCheckForHiberboot
2 -> s_WsdrCheckForHiberboot
RPC 76f226c3-ec14-4325-8a99-6a46348418af (1.0) -- C:\windows\system32\wininit.exe
RPC 76f226c3-ec14-4325-8a99-6a46348418af (1.0) -- C:\WINDOWS\system32\wininit.exe
0 -> I_WMsgSendMessage
0 -> I_WMsgSendMessage
1 -> I_WMsgSendPSPMessage
1 -> I_WMsgSendPSPMessage
2 -> I_WMsgSendNotifyMessage
2 -> I_WMsgSendNotifyMessage
3 -> I_WMsgSendReconnectionUpdateMessage
3 -> I_WMsgSendReconnectionUpdateMessage
Endpoints :
Endpoints :
ncalrpc : WMsgKRpc0551A0
ncalrpc : WMsgKRpc017ED30
ncacn_np : \PIPE\InitShutdown
ncacn_np : \PIPE\InitShutdown
ncalrpc : WindowsShutdown
ncalrpc : WindowsShutdown
ncacn_ip_tcp : 49664
ncacn_ip_tcp : 1536
--------------------------------------------------------------------------------
<WinProcess "csrss.exe" pid 564 at 0x53069e8L>
64

Interfaces :
Endpoints :
--------------------------------------------------------------------------------
<WinProcess "winlogon.exe" pid 644 at 0x5306860L>
64

Interfaces :
RPC 76f226c3-ec14-4325-8a99-6a46348418ae (1.0) -- C:\windows\system32\winlogon.exe
0 -> I_WMsgkSendMessage
1 -> I_WMsgkSendPSPMessage
RPC 76f226c3-ec14-4325-8a99-6a46348418af (1.0) -- C:\windows\system32\winlogon.exe
0 -> I_WMsgSendMessage
1 -> I_WMsgSendPSPMessage
2 -> I_WMsgSendNotifyMessage
3 -> I_WMsgSendReconnectionUpdateMessage
Endpoints :
ncalrpc : WMsgKRpc058201
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
<WinProcess "services.exe" pid 684 at 0x5306320L>
<WinProcess "services.exe" pid 948 at 0x5db0f28L>
64
64


Interfaces :
Interfaces :
RPC 367abb81-9844-35f1-ad32-98f038001003 (2.0) -- C:\windows\system32\services.exe
RPC 367abb81-9844-35f1-ad32-98f038001003 (2.0) -- C:\WINDOWS\system32\services.exe
0 -> RCloseServiceHandle
0 -> RCloseServiceHandle
1 -> RControlService
1 -> RControlService
2 -> RDeleteService
2 -> RDeleteService
3 -> RLockServiceDatabase
3 -> RLockServiceDatabase
4 -> RQueryServiceObjectSecurity
4 -> RQueryServiceObjectSecurity
5 -> RSetServiceObjectSecurity
5 -> RSetServiceObjectSecurity
6 -> RQueryServiceStatus
6 -> RQueryServiceStatus
7 -> RSetServiceStatus
7 -> RSetServiceStatus
8 -> RUnlockServiceDatabase
8 -> RUnlockServiceDatabase
9 -> RNotifyBootConfigStatus
9 -> RNotifyBootConfigStatus
10 -> RI_ScSetServiceBitsW
10 -> RI_ScSetServiceBitsW
11 -> RChangeServiceConfigW
11 -> RChangeServiceConfigW
12 -> RCreateServiceW
12 -> RCreateServiceW
13 -> REnumDependentServicesW
13 -> REnumDependentServicesW
14 -> REnumServicesStatusW
14 -> REnumServicesStatusW
15 -> ROpenSCManagerW
15 -> ROpenSCManagerW
16 -> ROpenServiceW
16 -> ROpenServiceW
17 -> RQueryServiceConfigW
17 -> RQueryServiceConfigW
18 -> RQueryServiceLockStatusW
18 -> RQueryServiceLockStatusW
19 -> RStartServiceW
19 -> RStartServiceW
20 -> RGetServiceDisplayNameW
20 -> RGetServiceDisplayNameW
21 -> RGetServiceKeyNameW
21 -> RGetServiceKeyNameW
22 -> CServiceRecord::GetStatusInternal
22 -> CServiceRecord::GetStatusInternal
23 -> RChangeServiceConfigA
23 -> RChangeServiceConfigA
24 -> RCreateServiceA
24 -> RCreateServiceA
25 -> REnumDependentServicesA
25 -> REnumDependentServicesA
26 -> REnumServicesStatusA
26 -> REnumServicesStatusA
27 -> ROpenSCManagerA
27 -> ROpenSCManagerA
28 -> ROpenServiceA
28 -> ROpenServiceA
29 -> RQueryServiceConfigA
29 -> RQueryServiceConfigA
30 -> RQueryServiceLockStatusA
30 -> RQueryServiceLockStatusA
31 -> RStartServiceA
31 -> RStartServiceA
32 -> RGetServiceDisplayNameA
32 -> RGetServiceDisplayNameA
33 -> RGetServiceKeyNameA
33 -> RGetServiceKeyNameA
34 -> CServiceRecord::GetStatusInternal
34 -> CServiceRecord::GetStatusInternal
35 -> REnumServiceGroupW
35 -> REnumServiceGroupW
36 -> RChangeServiceConfig2A
36 -> RChangeServiceConfig2A
37 -> RChangeServiceConfig2W
37 -> RChangeServiceConfig2W
38 -> RQueryServiceConfig2A
38 -> RQueryServiceConfig2A
39 -> RQueryServiceConfig2W
39 -> RQueryServiceConfig2W
40 -> RQueryServiceStatusEx
40 -> RQueryServiceStatusEx
41 -> REnumServicesStatusExA
41 -> REnumServicesStatusExA
42 -> REnumServicesStatusExW
42 -> REnumServicesStatusExW
43 -> RI_ScBroadcastServiceControlMessage
43 -> RI_ScBroadcastServiceControlMessage
44 -> RCreateServiceWOW64A
44 -> RCreateServiceWOW64A
45 -> RCreateServiceWOW64W
45 -> RCreateServiceWOW64W
46 -> RI_ScQueryServiceTagInfo
46 -> RI_ScQueryServiceTagInfo
47 -> RNotifyServiceStatusChange
47 -> RNotifyServiceStatusChange
48 -> RGetNotifyResults
48 -> RGetNotifyResults
49 -> RCloseNotifyHandle
49 -> RCloseNotifyHandle
50 -> RControlServiceExA
50 -> RControlServiceExA
51 -> RControlServiceExW
51 -> RControlServiceExW
52 -> RI_ScSendPnPMessage
52 -> RI_ScSendPnPMessage
53 -> RI_ScValidatePnPService
53 -> RI_ScValidatePnPService
54 -> RI_ScOpenServiceStatusHandle
54 -> RI_ScOpenServiceStatusHandle
55 -> RI_ScQueryServiceConfig
55 -> RI_ScQueryServiceConfig
56 -> RQueryServiceConfigEx
56 -> RQueryServiceConfigEx
57 -> RI_ScRegisterPreshutdownRestart
57 -> RI_ScRegisterPreshutdownRestart
58 -> RI_ScReparseServiceDatabase
58 -> RI_ScReparseServiceDatabase
59 -> RQueryUserServiceName
59 -> RQueryUserServiceName
60 -> RCreateWowService
60 -> RCreateWowService
61 -> RGetServiceRegistryStateKey
61 -> RGetServiceRegistryStateKey
62 -> RGetServiceDirectory
62 -> RGetServiceDirectory
63 -> RGetServiceProcessToken
RPC a2c45f7c-7d32-46ad-96f5-adafb486be74 (1.0) -- C:\WINDOWS\system32\services.exe
RPC a2c45f7c-7d32-46ad-96f5-adafb486be74 (1.0) -- C:\windows\system32\services.exe
0 -> RI_ScOpenServiceChannelHandle
0 -> RI_ScOpenServiceChannelHandle
1 -> RI_ScSendResponseReceiveControls
1 -> RI_ScSendResponseReceiveControls
2 -> RI_ScCloseServiceChannelHandle
2 -> RI_ScCloseServiceChannelHandle
RPC 93149ca2-973b-11d1-8c39-00c04fb984f9 (0.0) -- C:\windows\SYSTEM32\scesrv.dll
RPC 93149ca2-973b-11d1-8c39-00c04fb984f9 (0.0) -- C:\WINDOWS\SYSTEM32\scesrv.dll
0 -> SceSvcRpcQueryInfo
0 -> SceSvcRpcQueryInfo
1 -> SceSvcRpcSetInfo
1 -> SceSvcRpcSetInfo
2 -> SceRpcSetupUpdateObject
2 -> SceRpcSetupUpdateObject
3 -> SceRpcSetupMoveFile
3 -> SceRpcSetupMoveFile
4 -> SceRpcGenerateTemplate
4 -> SceRpcGenerateTemplate
5 -> SceRpcConfigureSystem
5 -> SceRpcConfigureSystem
6 -> SceRpcGetDatabaseInfo
6 -> SceRpcGetDatabaseInfo
7 -> SceRpcGetObjectChildren
7 -> SceRpcGetObjectChildren
8 -> SceRpcOpenDatabase
8 -> SceRpcOpenDatabase
9 -> SceRpcCloseDatabase
9 -> SceRpcCloseDatabase
10 -> SceRpcGetDatabaseDescription
10 -> SceRpcGetDatabaseDescription
11 -> SceRpcGetDBTimeStamp
11 -> SceRpcGetDBTimeStamp
12 -> SceRpcGetObjectSecurity
12 -> SceRpcGetObjectSecurity
13 -> SceRpcGetAnalysisSummary
13 -> SceRpcGetAnalysisSummary
14 -> SceRpcAnalyzeSystem
14 -> SceRpcAnalyzeSystem
15 -> SceRpcUpdateDatabaseInfo
15 -> SceRpcUpdateDatabaseInfo
16 -> SceRpcUpdateObjectInfo
16 -> SceRpcUpdateObjectInfo
17 -> SceRpcStartTransaction
17 -> SceRpcStartTransaction
18 -> SceRpcCommitTransaction
18 -> SceRpcCommitTransaction
19 -> SceRpcRollbackTransaction
19 -> SceRpcRollbackTransaction
20 -> SceRpcGetServerProductType
20 -> SceRpcGetServerProductType
21 -> SceSvcRpcUpdateInfo
21 -> SceSvcRpcUpdateInfo
22 -> SceRpcCopyObjects
22 -> SceRpcCopyObjects
23 -> SceRpcSetupResetLocalPolicy
23 -> SceRpcSetupResetLocalPolicy
24 -> SceRpcNotifySaveChangesInGP
24 -> SceRpcNotifySaveChangesInGP
25 -> SceRpcControlNotificationQProcess
25 -> SceRpcControlNotificationQProcess
26 -> SceRpcBrowseDatabaseTable
26 -> SceRpcBrowseDatabaseTable
27 -> SceRpcGetSystemSecurity
27 -> SceRpcGetSystemSecurity
28 -> SceRpcGetSystemSecurity
28 -> SceRpcGetSystemSecurity
29 -> SceRpcSetSystemSecurity
29 -> SceRpcSetSystemSecurity
30 -> SceRpcSetSystemSecurity
30 -> SceRpcSetSystemSecurity
31 -> SceRpcSetDatabaseSetting
31 -> SceRpcSetDatabaseSetting
32 -> SceRpcGetDatabaseSetting
32 -> SceRpcGetDatabaseSetting
33 -> SceRpcConfigureConvertedFileSecurityImmediately
33 -> SceRpcConfigureConvertedFileSecurityImmediately
Endpoints :
Endpoints :
ncalrpc : ntsvcs
ncalrpc : ntsvcs
ncacn_np : \pipe\ntsvcs
ncacn_np : \pipe\ntsvcs
ncacn_np : \PIPE\scerpc
ncacn_np : \PIPE\scerpc
ncacn_ip_tcp : 49677
ncacn_ip_tcp : 1543
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
<WinProcess "lsass.exe" pid 692 at 0x53062b0L>
<WinProcess "LsaIso.exe" pid 968 at 0x5db0c88L>
64
[!!] Invalid rpcrt4 base: 0x0 vs 0x7ff868230000
--------------------------------------------------------------------------------
<WinProcess "lsass.exe" pid 980 at 0x5e18358L>
64
64
['KeyIso', 'SamSs', 'VaultSvc']
['KeyIso', 'SamSs', 'VaultSvc']


Interfaces :
Interfaces :
RPC 12345778-1234-abcd-ef00-0123456789ab (0.0) -- C:\windows\system32\lsasrv.dll
RPC 12345778-1234-abcd-ef00-0123456789ab (0.0) -- C:\WINDOWS\system32\lsasrv.dll
0 -> LsarClose
0 -> LsarClose
1 -> CredrRename
1 -> CredrRename
2 -> LsarEnumeratePrivileges
2 -> LsarEnumeratePrivileges
3 -> LsarQuerySecurityObject
3 -> LsarQuerySecurityObject
4 -> LsarSetSecurityObject
4 -> LsarSetSecurityObject
5 -> LsaITestCall
5 -> LsaITestCall
6 -> LsarOpenPolicyRPC
6 -> LsarOpenPolicyRPC
7 -> LsarQueryInformationPolicy
7 -> LsarQueryInformationPolicy
8 -> LsarSetInformationPolicy
8 -> LsarSetInformationPolicy
9 -> LsaITestCall
9 -> LsaITestCall
10 -> LsarCreateAccount
10 -> LsarCreateAccount
11 -> LsarEnumerateAccounts
11 -> LsarEnumerateAccounts
12 -> LsarCreateTrustedDomain
12 -> LsarCreateTrustedDomain
13 -> LsarEnumerateTrustedDomains
13 -> LsarEnumerateTrustedDomains
14 -> LsarLookupNames
14 -> LsarLookupNames
15 -> LsarLookupSids
15 -> LsarLookupSids
16 -> LsarCreateSecret
16 -> LsarCreateSecret
17 -> LsarOpenAccount
17 -> LsarOpenAccount
18 -> LsarEnumeratePrivilegesAccount
18 -> LsarEnumeratePrivilegesAccount
19 -> LsarAddPrivilegesToAccount
19 -> LsarAddPrivilegesToAccount
20 -> LsarRemovePrivilegesFromAccount
20 -> LsarRemovePrivilegesFromAccount
21 -> LsarGetQuotasForAccount
21 -> LsarGetQuotasForAccount
22 -> LsarSetQuotasForAccount
22 -> LsarSetQuotasForAccount
23 -> LsarGetSystemAccessAccount
23 -> LsarGetSystemAccessAccount
24 -> LsarSetSystemAccessAccount
24 -> LsarSetSystemAccessAccount
25 -> LsarOpenTrustedDomain
25 -> LsarOpenTrustedDomain
26 -> LsarQueryInfoTrustedDomain
26 -> LsarQueryInfoTrustedDomain
27 -> LsarSetInformationTrustedDomain
27 -> LsarSetInformationTrustedDomain
28 -> LsarOpenSecret
28 -> LsarOpenSecret
29 -> LsarSetSecret
29 -> LsarSetSecret
30 -> LsarQuerySecret
30 -> LsarQuerySecret
31 -> LsarLookupPrivilegeValue
31 -> LsarLookupPrivilegeValue
32 -> LsarLookupPrivilegeName
32 -> LsarLookupPrivilegeName
33 -> LsarLookupPrivilegeDisplayName
33 -> LsarLookupPrivilegeDisplayName
34 -> LsarDeleteObject
34 -> LsarDeleteObject
35 -> LsarEnumerateAccountsWithUserRight
35 -> LsarEnumerateAccountsWithUserRight
36 -> LsarEnumerateAccountRights
36 -> LsarEnumerateAccountRights
37 -> LsarAddAccountRights
37 -> LsarAddAccountRights
38 -> LsarRemoveAccountRights
38 -> LsarRemoveAccountRights
39 -> LsarQueryTrustedDomainInfo
39 -> LsarQueryTrustedDomainInfo
40 -> LsarSetTrustedDomainInfo
40 -> LsarSetTrustedDomainInfo
41 -> LsarDeleteTrustedDomain
41 -> LsarDeleteTrustedDomain
42 -> LsarStorePrivateData
42 -> LsarStorePrivateData
43 -> LsarRetrievePrivateData
43 -> LsarRetrievePrivateData
44 -> LsarOpenPolicy2
44 -> LsarOpenPolicy2
45 -> LsarGetUserName
45 -> LsarGetUserName
46 -> LsarQueryInformationPolicy2
46 -> LsarQueryInformationPolicy2
47 -> LsarSetInformationPolicy2
47 -> LsarSetInformationPolicy2
48 -> LsarQueryTrustedDomainInfoByName
48 -> LsarQueryTrustedDomainInfoByName
49 -> LsarSetTrustedDomainInfoByName
49 -> LsarSetTrustedDomainInfoByName
50 -> LsarEnumerateTrustedDomainsEx
50 -> LsarEnumerateTrustedDomainsEx
51 -> LsarCreateTrustedDomainEx
51 -> LsarCreateTrustedDomainEx
52 -> LsaITestCall
52 -> LsaITestCall
53 -> LsarQueryDomainInformationPolicy
53 -> LsarQueryDomainInformationPolicy
54 -> LsarSetDomainInformationPolicy
54 -> LsarSetDomainInformationPolicy
55 -> LsarOpenTrustedDomainByName
55 -> LsarOpenTrustedDomainByName
56 -> LsaITestCall
56 -> LsaITestCall
57 -> LsarLookupSids2
57 -> LsarLookupSids2
58 -> LsarLookupNames2
58 -> LsarLookupNames2
59 -> LsarCreateTrustedDomainEx2
59 -> LsarCreateTrustedDomainEx2
60 -> CredrWrite
60 -> CredrWrite
61 -> CredrRead
61 -> CredrRead
62 -> CredrEnumerate
62 -> CredrEnumerate
63 -> CredrWriteDomainCredentials
63 -> CredrWriteDomainCredentials
64 -> CredrReadDomainCredentials
64 -> CredrReadDomainCredentials
65 -> CredrDelete
65 -> CredrDelete
66 -> CredrGetTargetInfo
66 -> CredrGetTargetInfo
67 -> CredrProfileLoaded
67 -> CredrProfileLoaded
68 -> LsarLookupNames3
68 -> LsarLookupNames3
69 -> CredrGetSessionTypes
69 -> CredrGetSessionTypes
70 -> LsarRegisterAuditEvent
70 -> LsarRegisterAuditEvent
71 -> LsarGenAuditEvent
71 -> LsarGenAuditEvent
72 -> LsarUnregisterAuditEvent
72 -> LsarUnregisterAuditEvent
73 -> LsarQueryForestTrustInformation
73 -> LsarQueryForestTrustInformation
74 -> LsarSetForestTrustInformation
74 -> LsarSetForestTrustInformation
75 -> CredrRename
75 -> CredrRename
76 -> LsarLookupSids3
76 -> LsarLookupSids3
77 -> LsarLookupNames4
77 -> LsarLookupNames4
78 -> LsarOpenPolicySce
78 -> LsarOpenPolicySce
79 -> LsarAdtRegisterSecurityEventSource
79 -> LsarAdtRegisterSecurityEventSource
80 -> LsarAdtUnregisterSecurityEventSource
80 -> LsarAdtUnregisterSecurityEventSource
81 -> LsarAdtReportSecurityEvent
81 -> LsarAdtReportSecurityEvent
82 -> CredrFindBestCredential
82 -> CredrFindBestCredential
83 -> LsarSetAuditPolicy
83 -> LsarSetAuditPolicy
84 -> LsarQueryAuditPolicy
84 -> LsarQueryAuditPolicy
85 -> LsarEnumerateAuditPolicy
85 -> LsarEnumerateAuditPolicy
86 -> LsarEnumerateAuditCategories
86 -> LsarEnumerateAuditCategories
87 -> LsarEnumerateAuditSubCategories
87 -> LsarEnumerateAuditSubCategories
88 -> LsarLookupAuditCategoryName
88 -> LsarLookupAuditCategoryName
89 -> LsarLookupAuditSubCategoryName
89 -> LsarLookupAuditSubCategoryName
90 -> LsarSetAuditSecurity
90 -> LsarSetAuditSecurity
91 -> LsarQueryAuditSecurity
91 -> LsarQueryAuditSecurity
92 -> CredrReadByTokenHandle
92 -> CredrReadByTokenHandle
93 -> CredrRestoreCredentials
93 -> CredrRestoreCredentials
94 -> CredrBackupCredentials
94 -> CredrBackupCredentials
95 -> LsarManageSidNameMapping
95 -> LsarManageSidNameMapping
96 -> CredrProfileUnloaded
96 -> CredrProfileUnloaded
97 -> CredrRename
97 -> CredrRename
98 -> CredrRename
98 -> CredrRename
99 -> CredrRename
99 -> CredrRename
100 -> CredrRename
100 -> CredrRename
101 -> CredrRename
101 -> CredrRename
102 -> LsarEfsGetSmartcardCredentials
102 -> LsarEfsGetSmartcardCredentials
103 -> LsarAuditSetGlobalSacl
103 -> LsarAuditSetGlobalSacl
104 -> LsarAuditQueryGlobalSacl
104 -> LsarAuditQueryGlobalSacl
105 -> CredrProfileLoadedEx
105 -> CredrProfileLoadedEx
106 -> LsarInteractiveSessionIsLoggedOff
106 -> LsarInteractiveSessionIsLoggedOff
107 -> LsarConfigureAutoLogonCredentials
107 -> LsarConfigureAutoLogonCredentials
108 -> LsarGetDeviceRegistrationInfo
108 -> LsarGetDeviceRegistrationInfo
109 -> LsaITestCall
109 -> LsaITestCall
110 -> LsarProfileDeleted
110 -> LsarProfileDeleted
111 -> LsaITestCall
111 -> LsaITestCall
112 -> CredrRename
112 -> LsarMakeLogonSessionsSiblings
113 -> LsarValidateProcUniqueLuid
113 -> LsarValidateProcUniqueLuid
114 -> LsarIsArsoAllowedByPolicy
114 -> LsarIsArsoAllowedByPolicy
115 -> LsarIsArsoAllowedByConsent
115 -> LsarIsArsoAllowedByConsent
116 -> LsarEnableArsoConsent
116 -> LsarEnableArsoConsent
117 -> LsarDisableArsoConsent
117 -> LsarDisableArsoConsent
118 -> LsarIsArsoAllowedByPolicy
118 -> LsarIsArsoAllowedByPolicy
119 -> LsarIsUserArsoEnabled
119 -> LsarIsUserArsoEnabled
120 -> LsarEnableUserArso
120 -> LsarEnableUserArso
121 -> LsarDisableUserArso
121 -> LsarDisableUserArso
122 -> LsarConfigureUserArso
122 -> LsarConfigureUserArso
123 -> LsarGetInprocDispatchTable
123 -> LsarGetInprocDispatchTable
124 -> LsarSetSharedUserSession
124 -> LsarSetSharedUserSession
125 -> LsarClearSharedUserSession
125 -> LsarClearSharedUserSession
126 -> LsarEnablePasswordLessCurrentUser
RPC ace1c026-8b3f-4711-8918-f345d17f5bff (1.0) -- C:\WINDOWS\system32\lsasrv.dll
127 -> LsarDisablePasswordLessCurrentUser
RPC ace1c026-8b3f-4711-8918-f345d17f5bff (1.0) -- C:\windows\system32\lsasrv.dll
0 -> S_RPC_LspUpdatePrivateData
0 -> S_RPC_LspUpdatePrivateData
1 -> S_RPC_LspReadPrivateData
1 -> S_RPC_LspReadPrivateData
RPC afc07e2e-311c-4435-808c-c483ffeec7c9 (1.0) -- C:\windows\system32\lsasrv.dll
RPC afc07e2e-311c-4435-808c-c483ffeec7c9 (1.0) -- C:\WINDOWS\system32\lsasrv.dll
0 -> LsarGetAvailableCAPIDs
0 -> LsarGetAvailableCAPIDs
1 -> LsarSetCAPs
1 -> LsarSetCAPs
2 -> LsarQueryCAPs
2 -> LsarQueryCAPs
RPC c0d930f0-b787-4124-99bc-21f0ecb642ce (0.0) -- C:\windows\system32\lsasrv.dll
RPC c0d930f0-b787-4124-99bc-21f0ecb642ce (0.0) -- C:\WINDOWS\system32\lsasrv.dll
0 -> LsarConnectLocalUser
0 -> LsarConnectLocalUser
1 -> LsarDisconnectLocalUser
1 -> LsarDisconnectLocalUser
2 -> LsarCreateConnectedUser
2 -> LsarCreateConnectedUser
3 -> LsarIsCurrentUserConnected
3 -> LsarIsCurrentUserConnected
4 -> LsarRenewCertificate
4 -> LsarRenewCertificate
5 -> LsarGetSSOAccountType
5 -> LsarGetSSOAccountType
6 -> LsarIsUserMSA
6 -> LsarIsUserMSA
RPC d25576e4-00d2-43f7-98f9-b4c0724158f9 (0.0) -- C:\windows\system32\lsasrv.dll
RPC d25576e4-00d2-43f7-98f9-b4c0724158f9 (0.0) -- C:\WINDOWS\system32\lsasrv.dll
0 -> LsarEasMarkUserControlled
0 -> LsarEasMarkUserControlled
1 -> LsarEasGetCallerPasswordComplexity
1 -> LsarEasGetCallerPasswordComplexity
2 -> LsarEasGetControlledUsersInfo
2 -> LsarEasGetControlledUsersInfo
RPC c681d488-d850-11d0-8c52-00c04fd90f7e (1.0) -- C:\windows\system32\efslsaext.dll
RPC c681d488-d850-11d0-8c52-00c04fd90f7e (1.0) -- C:\WINDOWS\system32\efslsaext.dll
0 -> EfsRpcOpenFileRaw_Downlevel
0 -> EfsRpcOpenFileRaw_Downlevel
1 -> EfsRpcReadFileRaw_Downlevel
1 -> EfsRpcReadFileRaw_Downlevel
2 -> EfsRpcWriteFileRaw_Downlevel
2 -> EfsRpcWriteFileRaw_Downlevel
3 -> EfsRpcCloseRaw_Downlevel
3 -> EfsRpcCloseRaw_Downlevel
4 -> EfsRpcEncryptFileSrv_Downlevel
4 -> EfsRpcEncryptFileSrv_Downlevel
5 -> EfsRpcDecryptFileSrv_Downlevel
5 -> EfsRpcDecryptFileSrv_Downlevel
6 -> EfsRpcQueryUsersOnFile_Downlevel
6 -> EfsRpcQueryUsersOnFile_Downlevel
7 -> EfsRpcQueryRecoveryAgents_Downlevel
7 -> EfsRpcQueryRecoveryAgents_Downlevel
8 -> EfsRpcRemoveUsersFromFile_Downlevel
8 -> EfsRpcRemoveUsersFromFile_Downlevel
9 -> EfsRpcAddUsersToFile_Downlevel
9 -> EfsRpcAddUsersToFile_Downlevel
10 -> EfsRpcFileKeyInfoEx_Downlevel
10 -> EfsRpcFileKeyInfoEx_Downlevel
11 -> EfsRpcFileKeyInfoEx_Downlevel
11 -> EfsRpcFileKeyInfoEx_Downlevel
12 -> EfsRpcFileKeyInfo_Downlevel
12 -> EfsRpcFileKeyInfo_Downlevel
13 -> EfsRpcDuplicateEncryptionInfoFile_Downlevel
13 -> EfsRpcDuplicateEncryptionInfoFile_Downlevel
14 -> EfsRpcFileKeyInfoEx_Downlevel
14 -> EfsRpcFileKeyInfoEx_Downlevel
15 -> EfsRpcAddUsersToFileEx_Downlevel
15 -> EfsRpcAddUsersToFileEx_Downlevel
16 -> EfsRpcFileKeyInfoEx_Downlevel
16 -> EfsRpcFileKeyInfoEx_Downlevel
17 -> EfsRpcFileKeyInfoEx_Downlevel
17 -> EfsRpcFileKeyInfoEx_Downlevel
18 -> EfsRpcFileKeyInfoEx_Downlevel
18 -> EfsRpcFileKeyInfoEx_Downlevel
19 -> EfsRpcFileKeyInfoEx_Downlevel
19 -> EfsRpcFileKeyInfoEx_Downlevel
20 -> EfsRpcFlushEfsCache_Downlevel
20 -> EfsRpcFlushEfsCache_Downlevel
RPC fb8a0729-2d04-4658-be93-27b4ad553fac (1.0) -- C:\windows\system32\lsass.exe
RPC fb8a0729-2d04-4658-be93-27b4ad553fac (1.0) -- C:\WINDOWS\system32\lsass.exe
0 -> LsaLookuprOpenPolicy2
0 -> LsaLookuprOpenPolicy2
1 -> LsaLookuprClose
1 -> LsaLookuprClose
2 -> LsaLookuprTranslateSids2
2 -> LsaLookuprTranslateSids2
3 -> LsaLookuprTranslateNames3
3 -> LsaLookuprTranslateNames3
4 -> LsaLookuprManageCache
4 -> LsaLookuprManageCache
5 -> LsaLookuprGetDomainInfo
5 -> LsaLookuprGetDomainInfo
6 -> LsaLookuprUserAccountType
6 -> LsaLookuprUserAccountType
RPC 4f32adc8-6052-4a04-8701-293ccf2096f0 (1.0) -- C:\windows\SYSTEM32\SspiSrv.dll
RPC 4f32adc8-6052-4a04-8701-293ccf2096f0 (1.0) -- C:\WINDOWS\SYSTEM32\SspiSrv.dll
0 -> SspirConnectRpc
0 -> SspirConnectRpc
1 -> SspirDisconnectRpc
1 -> SspirDisconnectRpc
2 -> SspirDisconnectRpc
2 -> SspirDisconnectRpc
3 -> SspirCallRpc
3 -> SspirCallRpc
4 -> SspirAcquireCredentialsHandle
4 -> SspirAcquireCredentialsHandle
5 -> SspirFreeCredentialsHandle
5 -> SspirFreeCredentialsHandle
6 -> SspirProcessSecurityContext
6 -> SspirProcessSecurityContext
7 -> SspirDeleteSecurityContext
7 -> SspirDeleteSecurityContext
8 -> SspirSslQueryCredentialsAttributes
8 -> SspirSslQueryCredentialsAttributes
9 -> SspirNegQueryContextAttributes
9 -> SspirNegQueryContextAttributes
10 -> SspirSslSetCredentialsAttributes
10 -> SspirSslSetCredentialsAttributes
11 -> SspirApplyControlToken
11 -> SspirApplyControlToken
12 -> SspirLogonUser
12 -> SspirLogonUser
13 -> SspirLookupAccountSid
13 -> SspirLookupAccountSid
14 -> SspirGetUserName
14 -> SspirGetUserName
15 -> SspirGetInprocDispatchTable
15 -> SspirGetInprocDispatchTable
RPC 11220835-5b26-4d94-ae86-c3e475a809de (1.0) -- C:\windows\system32\dpapisrv.dll
RPC 11220835-5b26-4d94-ae86-c3e475a809de (1.0) -- C:\WINDOWS\system32\dpapisrv.dll
0 -> s_SSCryptProtectData
0 -> s_SSCryptProtectData
1 -> s_SSCryptUnprotectData
1 -> s_SSCryptUnprotectData
2 -> s_SSCryptUpdateProtectedState
2 -> s_SSCryptUpdateProtectedState
RPC 5cbe92cb-f4be-45c9-9fc9-33e73e557b20 (1.0) -- C:\windows\system32\dpapisrv.dll
RPC 5cbe92cb-f4be-45c9-9fc9-33e73e557b20 (1.0) -- C:\WINDOWS\system32\dpapisrv.dll
0 -> s_SSRecoverQueryStatus
0 -> s_SSRecoverQueryStatus
1 -> s_SSRecoverImportRecoveryKey
1 -> s_SSRecoverImportRecoveryKey
2 -> s_SSRecoverPassword
2 -> s_SSRecoverPassword
RPC 7f1317a8-4dea-4fa2-a551-df5516ff8879 (1.0) -- C:\windows\system32\dpapisrv.dll
RPC 7f1317a8-4dea-4fa2-a551-df5516ff8879 (1.0) -- C:\WINDOWS\system32\dpapisrv.dll
0 -> s_LRpcSIDKeyProtect
0 -> s_LRpcSIDKeyProtect
1 -> s_LRpcSIDKeyUnprotect
1 -> s_LRpcSIDKeyUnprotect
RPC 3919286a-b10c-11d0-9ba8-00c04fd92ef5 (0.0) -- C:\windows\system32\lsasrv.dll
RPC 3919286a-b10c-11d0-9ba8-00c04fd92ef5 (0.0) -- C:\WINDOWS\system32\lsasrv.dll
0 -> DsRolerGetPrimaryDomainInformation
0 -> DsRolerGetPrimaryDomainInformation
RPC 12345778-1234-abcd-ef00-0123456789ac (1.0) -- C:\windows\SYSTEM32\samsrv.dll
RPC 12345778-1234-abcd-ef00-0123456789ac (1.0) -- C:\WINDOWS\SYSTEM32\samsrv.dll
0 -> SamrConnect
0 -> SamrConnect
1 -> SamrCloseHandle
1 -> SamrCloseHandle
2 -> SamrSetSecurityObject
2 -> SamrSetSecurityObject
3 -> SamrQuerySecurityObject
3 -> SamrQuerySecurityObject
4 -> SamrShutdownSamServer
4 -> SamrShutdownSamServer
5 -> SamrLookupDomainInSamServer
5 -> SamrLookupDomainInSamServer
6 -> SamrEnumerateDomainsInSamServer
6 -> SamrEnumerateDomainsInSamServer
7 -> SamrOpenDomain
7 -> SamrOpenDomain
8 -> SamrQueryInformationDomain
8 -> SamrQueryInformationDomain
9 -> SamrSetInformationDomain
9 -> SamrSetInformationDomain
10 -> SamrCreateGroupInDomain
10 -> SamrCreateGroupInDomain
11 -> SamrEnumerateGroupsInDomain
11 -> SamrEnumerateGroupsInDomain
12 -> SamrCreateUserInDomain
12 -> SamrCreateUserInDomain
13 -> SamrEnumerateUsersInDomain
13 -> SamrEnumerateUsersInDomain
14 -> SamrCreateAliasInDomain
14 -> SamrCreateAliasInDomain
15 -> SamrEnumerateAliasesInDomain
15 -> SamrEnumerateAliasesInDomain
16 -> SamrGetAliasMembership
16 -> SamrGetAliasMembership
17 -> SamrLookupNamesInDomain
17 -> SamrLookupNamesInDomain
18 -> SamrLookupIdsInDomain
18 -> SamrLookupIdsInDomain
19 -> SamrOpenGroup
19 -> SamrOpenGroup
20 -> SamrQueryInformationGroup
20 -> SamrQueryInformationGroup
21 -> SamrSetInformationGroup
21 -> SamrSetInformationGroup
22 -> SamrAddMemberToGroup
22 -> SamrAddMemberToGroup
23 -> SamrDeleteGroup
23 -> SamrDeleteGroup
24 -> SamrRemoveMemberFromGroup
24 -> SamrRemoveMemberFromGroup
25 -> SamrGetMembersInGroup
25 -> SamrGetMembersInGroup
26 -> SamrSetMemberAttributesOfGroup
26 -> SamrSetMemberAttributesOfGroup
27 -> SamrOpenAlias
27 -> SamrOpenAlias
28 -> SamrQueryInformationAlias
28 -> SamrQueryInformationAlias
29 -> SamrSetInformationAlias
29 -> SamrSetInformationAlias
30 -> SamrDeleteAlias
30 -> SamrDeleteAlias
31 -> SamrAddMemberToAlias
31 -> SamrAddMemberToAlias
32 -> SamrRemoveMemberFromAlias
32 -> SamrRemoveMemberFromAlias
33 -> SamrGetMembersInAlias
33 -> SamrGetMembersInAlias
34 -> SamrOpenUser
34 -> SamrOpenUser
35 -> SamrDeleteUser
35 -> SamrDeleteUser
36 -> SamrQueryInformationUser
36 -> SamrQueryInformationUser
37 -> SamrSetInformationUser
37 -> SamrSetInformationUser
38 -> SamrChangePasswordUser
38 -> SamrChangePasswordUser
39 -> SamrGetGroupsForUser
39 -> SamrGetGroupsForUser
40 -> SamrQueryDisplayInformation
40 -> SamrQueryDisplayInformation
41 -> SamrGetDisplayEnumerationIndex
41 -> SamrGetDisplayEnumerationIndex
42 -> SamrTestPrivateFunctionsDomain
42 -> SamrTestPrivateFunctionsDomain
43 -> SamrTestPrivateFunctionsUser
43 -> SamrTestPrivateFunctionsUser
44 -> SamrGetUserDomainPasswordInformation
44 -> SamrGetUserDomainPasswordInformation
45 -> SamrRemoveMemberFromForeignDomain
45 -> SamrRemoveMemberFromForeignDomain
46 -> SamrQueryInformationDomain2
46 -> SamrQueryInformationDomain2
47 -> SamrQueryInformationUser2
47 -> SamrQueryInformationUser2
48 -> SamrQueryDisplayInformation2
48 -> SamrQueryDisplayInformation2
49 -> SamrGetDisplayEnumerationIndex2
49 -> SamrGetDisplayEnumerationIndex2
50 -> SamrCreateUser2InDomain
50 -> SamrCreateUser2InDomain
51 -> SamrQueryDisplayInformation3
51 -> SamrQueryDisplayInformation3
52 -> SamrAddMultipleMembersToAlias
52 -> SamrAddMultipleMembersToAlias
53 -> SamrRemoveMultipleMembersFromAlias
53 -> SamrRemoveMultipleMembersFromAlias
54 -> SamrOemChangePasswordUser2
54 -> SamrOemChangePasswordUser2
55 -> SamrUnicodeChangePasswordUser2
55 -> SamrUnicodeChangePasswordUser2
56 -> SamrGetDomainPasswordInformation
56 -> SamrGetDomainPasswordInformation
57 -> SamrConnect2
57 -> SamrConnect2
58 -> SamrSetInformationUser2
58 -> SamrSetInformationUser2
59 -> SamrSetBootKeyInformation
59 -> SamrSetBootKeyInformation
60 -> SamrGetBootKeyInformation
60 -> SamrGetBootKeyInformation
61 -> SamrConnect3
61 -> SamrConnect3
62 -> SamrConnect4
62 -> SamrConnect4
63 -> SamrUnicodeChangePasswordUser3
63 -> SamrUnicodeChangePasswordUser3
64 -> SamrConnect5
64 -> SamrConnect5
65 -> SamrRidToSid
65 -> SamrRidToSid
66 -> SamrSetDSRMPassword
66 -> SamrSetDSRMPassword
67 -> SamrValidatePassword
67 -> SamrValidatePassword
68 -> SamrQueryLocalizableAccountsInDomain
68 -> SamrQueryLocalizableAccountsInDomain
69 -> SamrPerformGenericOperation
69 -> SamrPerformGenericOperation
70 -> SamrSyncDSRMPasswordFromAccount
70 -> SamrSyncDSRMPasswordFromAccount
71 -> SamrLookupNamesInDomain2
71 -> SamrLookupNamesInDomain2
72 -> SamrEnumerateUsersInDomain2
72 -> SamrEnumerateUsersInDomain2
RPC b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86 (2.0) -- C:\windows\system32\keyiso.dll
RPC b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86 (2.0) -- C:\WINDOWS\system32\keyiso.dll
0 -> s_SrvRpcCreateContext
0 -> s_SrvRpcCreateContext
1 -> s_SrvRpcReleaseContext
1 -> s_SrvRpcReleaseContext
2 -> s_SrvRpcCryptOpenStorageProvider
2 -> s_SrvRpcCryptOpenStorageProvider
3 -> s_SrvRpcCryptIsAlgSupported
3 -> s_SrvRpcCryptIsAlgSupported
4 -> s_SrvRpcCryptEnumAlgorithms
4 -> s_SrvRpcCryptEnumAlgorithms
5 -> s_SrvRpcCryptEnumKeys
5 -> s_SrvRpcCryptEnumKeys
6 -> s_SrvRpcCryptFreeBuffer
6 -> s_SrvRpcCryptFreeBuffer
7 -> s_SrvRpcCryptFreeProvider
7 -> s_SrvRpcCryptFreeProvider
8 -> s_SrvRpcCryptFreeKey
8 -> s_SrvRpcCryptFreeKey
9 -> s_SrvRpcCryptOpenKey
9 -> s_SrvRpcCryptOpenKey
10 -> s_SrvRpcCryptCreatePersistedKey
10 -> s_SrvRpcCryptCreatePersistedKey
11 -> s_SrvRpcCryptGetProviderProperty
11 -> s_SrvRpcCryptGetProviderProperty
12 -> s_SrvRpcCryptSetProviderProperty
12 -> s_SrvRpcCryptSetProviderProperty
13 -> s_SrvRpcCryptGetKeyProperty
13 -> s_SrvRpcCryptGetKeyProperty
14 -> s_SrvRpcCryptSetKeyProperty
14 -> s_SrvRpcCryptSetKeyProperty
15 -> s_SrvRpcCryptFinalizeKey
15 -> s_SrvRpcCryptFinalizeKey
16 -> s_SrvRpcCryptEncrypt
16 -> s_SrvRpcCryptEncrypt
17 -> s_SrvRpcCryptDecrypt
17 -> s_SrvRpcCryptDecrypt
18 -> s_SrvRpcCryptImportKey
18 -> s_SrvRpcCryptImportKey
19 -> s_SrvRpcCryptExportKey
19 -> s_SrvRpcCryptExportKey
20 -> s_SrvRpcCryptSignHash
20 -> s_SrvRpcCryptSignHash
21 -> s_SrvRpcCryptVerifySignature
21 -> s_SrvRpcCryptVerifySignature
22 -> s_SrvRpcCryptDeleteKey
22 -> s_SrvRpcCryptDeleteKey
23 -> s_SrvRpcCryptNotifyChangeKey
23 -> s_SrvRpcCryptNotifyChangeKey
24 -> s_SrvRpcCryptSecretAgreement
24 -> s_SrvRpcCryptSecretAgreement
25 -> s_SrvRpcCryptDeriveKey
25 -> s_SrvRpcCryptDeriveKey
26 -> s_SrvRpcCryptFreeSecret
26 -> s_SrvRpcCryptFreeSecret
27 -> s_SrvRpcCryptCipherEncrypt
27 -> s_SrvRpcCryptCipherEncrypt
28 -> s_SrvRpcCryptCipherDecrypt
28 -> s_SrvRpcCryptCipherDecrypt
29 -> s_SrvRpcCryptKeyDerivation
29 -> s_SrvRpcCryptKeyDerivation
30 -> s_SrvRpcCryptCreateClaim
30 -> s_SrvRpcCryptCreateClaim
31 -> s_SrvRpcCryptVerifyClaim
31 -> s_SrvRpcCryptVerifyClaim
RPC 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b (1.0) -- C:\windows\system32\keyiso.dll
RPC 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b (1.0) -- C:\WINDOWS\system32\keyiso.dll
0 -> s_GetSymmetricPopKeyTransportKey
0 -> s_GetSymmetricPopKeyTransportKey
1 -> s_GetSymmetricPopKeyTransportKeyName
1 -> s_GetSymmetricPopKeyTransportKeyName
2 -> s_DeleteSymmetricPopKeyTransportKey
2 -> s_DeleteSymmetricPopKeyTransportKey
3 -> s_ImportSymmetricPopKey
3 -> s_ImportSymmetricPopKey
4 -> s_SignWithSymmetricPopKey
4 -> s_SignWithSymmetricPopKey
5 -> s_VerifyWithSymmetricPopKey
5 -> s_VerifyWithSymmetricPopKey
6 -> s_DecryptWithSymmetricPopKey
6 -> s_DecryptWithSymmetricPopKey
7 -> s_EncryptWithSymmetricPopKey
7 -> s_EncryptWithSymmetricPopKey
8 -> s_GetKeyAttestationForContainerService
8 -> s_GetKeyAttestationForContainerService
9 -> s_RenewKeyAttestation
9 -> s_RenewKeyAttestation
10 -> s_GetPregenUserKey
10 -> s_GetPregenUserKey
11 -> s_GetPregenKeyState
11 -> s_GetPregenKeyState
RPC 51a227ae-825b-41f2-b4a9-1ac9557a1018 (1.0) -- C:\windows\system32\keyiso.dll
RPC 51a227ae-825b-41f2-b4a9-1ac9557a1018 (1.0) -- C:\WINDOWS\system32\keyiso.dll
0 -> s_TokenBindingGenerateTpmKeyFromSoftware
0 -> s_TokenBindingGenerateTpmKeyFromSoftware
RPC bb8b98e8-84dd-45e7-9f34-c3fb6155eeed (1.0) -- C:\Windows\System32\vaultsvc.dll
RPC bb8b98e8-84dd-45e7-9f34-c3fb6155eeed (1.0) -- C:\Windows\System32\vaultsvc.dll
0 -> VltCreateItemType
0 -> VltCreateItemType
1 -> VltDeleteItemType
1 -> VltDeleteItemType
2 -> VltEnumerateItemTypes
2 -> VltEnumerateItemTypes
3 -> VltAddItem
3 -> VltAddItem
4 -> VltFindItems
4 -> VltFindItems
5 -> VltEnumerateItems
5 -> VltEnumerateItems
6 -> VltGetItem
6 -> VltGetItem
7 -> VltRemoveItem
7 -> VltRemoveItem
8 -> VltGetItemType
8 -> VltGetItemType
9 -> VltOpenVault
9 -> VltOpenVault
10 -> VltCloseVault
10 -> VltCloseVault
11 -> VltGetInformation
11 -> VltGetInformation
12 -> VltEnumerateVaults
12 -> VltEnumerateVaults
13 -> VltEnumerateSettingUnits
13 -> VltEnumerateSettingUnits
14 -> VltGetSettingUnit
14 -> VltGetSettingUnit
15 -> VltApplySettingUnit
15 -> VltApplySettingUnit
16 -> VltRemoveSettingUnit
16 -> VltRemoveSettingUnit
17 -> VltTriggerSync
17 -> VltTriggerSync
18 -> VltGetSettingUnitInfo
18 -> VltGetSettingUnitInfo
Endpoints :
Endpoints :
ncacn_np : \pipe\lsass
ncacn_np : \pipe\lsass
ncalrpc : audit
ncalrpc : audit
ncalrpc : securityevent
ncalrpc : securityevent
ncalrpc : LSARPC_ENDPOINT
ncalrpc : LSARPC_ENDPOINT
ncalrpc : lsacap
ncalrpc : lsacap
ncalrpc : LSA_IDPEXT_ENDPOINT
ncalrpc : LSA_IDPEXT_ENDPOINT
ncalrpc : LSA_EAS_ENDPOINT
ncalrpc : LSA_EAS_ENDPOINT
ncalrpc : lsapolicylookup
ncalrpc : lsapolicylookup
ncalrpc : lsasspirpc
ncalrpc : lsasspirpc
ncalrpc : protected_storage
ncalrpc : protected_storage
ncalrpc : SidKey Local End Point
ncalrpc : SidKey Local End Point
ncalrpc : samss lpc
ncalrpc : samss lpc
ncacn_ip_tcp : 49678
ncacn_ip_tcp : 1635
ncalrpc : Vault
ncalrpc : Vault
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
<WinProcess "svchost.exe" pid 808 at 0x5306e10L>
<WinProcess "svchost.exe" pid 672 at 0x5e18a90L>
64
64
['PlugPlay']
['PlugPlay']


Interfaces :
Interfaces :
Endpoints :
Endpoints :
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
<WinProcess "fontdrvhost.exe" pid 832 at 0x5306ba8L>
<WinProcess "svchost.exe" pid 748 at 0x5e18d68L>
64
[!!] Invalid rpcrt4 base: 0x0 vs 0x7ffec24f0000
--------------------------------------------------------------------------------
<WinProcess "fontdrvhost.exe" pid 828 at 0x5306898L>
64
[!!] Invalid rpcrt4 base: 0x0 vs 0x7ffec24f0000
--------------------------------------------------------------------------------
<WinProcess "svchost.exe" pid 844 at 0x53064a8L>
64
64
['BrokerInfrastructure', 'DcomLaunch', 'Power', 'SystemEventsBroker']
['BrokerInfrastructure', 'DcomLaunch', 'Power', 'SystemEventsBroker']


Interfaces :
Interfaces :
RPC 6c9b7b96-45a8-4cca-9eb3-e21ccf8b5a89 (1.1) -- c:\windows\system32\umpo.dll
RPC 6c9b7b96-45a8-4cca-9eb3-e21ccf8b5a89 (1.1) -- c:\windows\system32\umpo.dll
0 -> UmpoRpcGetPowerConfiguration
0 -> UmpoRpcGetPowerConfiguration
1 -> UmpoRpcReadFromSystemPowerKey
1 -> UmpoRpcReadFromSystemPowerKey
2 -> UmpoRpcReadFromUserPowerKey
2 -> UmpoRpcReadFromUserPowerKey
3 -> UmpoRpcReadACValue
3 -> UmpoRpcReadACValue
4 -> UmpoRpcReadDCValue
4 -> UmpoRpcReadDCValue
5 -> UmpoRpcWriteToSystemPowerKey
5 -> UmpoRpcWriteToSystemPowerKey
6 -> UmpoRpcWriteToUserPowerKey
6 -> UmpoRpcWriteToUserPowerKey
7 -> UmpoRpcApplyPowerRequestOverride
7 -> UmpoRpcApplyPowerRequestOverride
8 -> UmpoRpcApplyPowerSetting
8 -> UmpoRpcApplyPowerSetting
9 -> UmpoRpcSetActiveScheme
9 -> UmpoRpcSetActiveScheme
10 -> UmpoRpcGetActiveScheme
10 -> UmpoRpcGetActiveScheme
11 -> UmpoRpcSetActiveOverlayScheme
11 -> UmpoRpcSetActiveOverlayScheme
12 -> UmpoRpcGetActualOverlayScheme
12 -> UmpoRpcGetActualOverlayScheme
13 -> UmpoRpcGetEffectiveOverlayScheme
13 -> UmpoRpcGetEffectiveOverlayScheme
14 -> UmpoRpcGetOverlaySchemes
14 -> UmpoRpcGetOverlaySchemes
15 -> UmpoRpcRestoreDefaultScheme
15 -> UmpoRpcRestoreDefaultScheme
16 -> UmpoRpcRestoreDefaultSchemesAll
16 -> UmpoRpcRestoreDefaultSchemesAll
17 -> UmpoRpcDuplicateScheme
17 -> UmpoRpcDuplicateScheme
18 -> UmpoRpcDeleteScheme
18 -> UmpoRpcDeleteScheme
19 -> UmpoRpcImportScheme
19 -> UmpoRpcImportScheme
20 -> UmpoRpcReplaceDefaultPowerSchemes
20 -> UmpoRpcReplaceDefaultPowerSchemes
21 -> UmpoRpcLegacyEventRegisterNotification
21 -> UmpoRpcLegacyEventRegisterNotification
22 -> UmpoRpcEnumerate
22 -> UmpoRpcEnumerate
23 -> UmpoRpcReadSecurityDescriptor
23 -> UmpoRpcReadSecurityDescriptor
24 -> UmpoRpcWriteSecurityDescriptor
24 -> UmpoRpcWriteSecurityDescriptor
25 -> UmpoRpcSettingAccessCheck
25 -> UmpoRpcSettingAccessCheck
26 -> UmpoRpcCreateSetting
26 -> UmpoRpcCreateSetting
27 -> UmpoRpcCreatePossibleSetting
27 -> UmpoRpcCreatePossibleSetting
28 -> UmpoRpcRemoveSetting
28 -> UmpoRpcRemoveSetting
29 -> UmpoSetExpectedUserAwayIntervals
29 -> UmpoSetExpectedUserAwayIntervals
30 -> UmpoClearExpectedUserAwayIntervals
30 -> UmpoClearExpectedUserAwayIntervals
31 -> UmpoGetMinUserAwayPredictionInterval
31 -> UmpoGetMinUserAwayPredictionInterval
32 -> UmpoRpcGetAdaptiveStandbyDiagnostics
32 -> UmpoRpcGetAdaptiveStandbyDiagnostics
RPC 9b8699ae-0e44-47b1-8e7f-86a461d7ecdc (0.0) -- c:\windows\system32\rpcss.dll
RPC 9b8699ae-0e44-47b1-8e7f-86a461d7ecdc (0.0) -- c:\windows\system32\rpcss.dll
0 -> _LaunchActivatorServer
0 -> _LaunchActivatorServer
1 -> _LaunchRunAsServer
1 -> _LaunchRunAsServer
2 -> _LaunchService
2 -> _LaunchService
3 -> _LaunchWinRTActivatorServer
3 -> LaunchWinRTActivatorServer
4 -> _LaunchWinRTRunAsServer
4 -> _LaunchWinRTRunAsServer
5 -> _LaunchWinRTService
5 -> _LaunchWinRTService
6 -> _CertifyServerIdentity
6 -> _CertifyServerIdentity
7 -> _QueryNTService
7 -> _QueryNTService
8 -> _QueryNTServiceType
8 -> _QueryNTServiceType
9 -> ControlNTService
9 -> ControlNTService
10 -> PrivTranslateShareName
10 -> PrivRunAsSetWinstaDesktop
11 -> GenericStreamBase<IMarshalingStream,AllocationWrapper>::Commit
11 -> PrivRunAsRelease
12 -> IsPortOpen
12 -> PrivRunAsInvalidateAndRelease
13 -> TickleActivationSettings
13 -> PrivTranslateShareName
14 -> QueryProcessArchitecture
14 -> GenericMarshalingStreamWithContextAttributesViaCallback<<lambda_9644d90489056d7e1fb2e547ff4245ea> >::Clone
15 -> PrivilegedNotifyWinRTActivationStoreChanged
15 -> IsPortOpen
16 -> _QueryUserSidForSession
16 -> TickleActivationSettings
17 -> PrivActivatePsmServer
17 -> QueryProcessArchitecture
18 -> _PrivGetUserTokenForSession
18 -> PrivilegedNotifyWinRTActivationStoreChanged
19 -> PrivGetBrokerToken
19 -> _QueryUserSidForSession
20 -> PrivGetDesktopWinRTBrokerToken
20 -> PrivActivatePsmServer
21 -> PrivGetPsmToken
21 -> _PrivGetUserTokenForSession
22 -> GetSessionUserTokenCacheDetails
22 -> PrivGetBrokerToken
23 -> PrivilegedNotifyComClassChangesFromDeployment
23 -> PrivGetDesktopWinRTBrokerToken
24 -> PrivGetPsmTokenWithDynamicId
24 -> PrivGetPsmToken
25 -> PrivGetInteractiveUserToken
25 -> GetSessionUserTokenCacheDetails
26 -> PrivReportUnhealthyProcess
26 -> PrivilegedNotifyComClassChangesFromDeployment
27 -> PrivNormalizePsmTokenHostId
27 -> PrivGetPsmTokenWithDynamicId
28 -> PrivGetInteractiveUserToken
29 -> PrivReportUnhealthyProcess
RPC 4bec6bb8-b5c2-4b6f-b2c1-5da5cf92d0d9 (1.0) -- c:\windows\system32\psmsrv.dll
RPC 4bec6bb8-b5c2-4b6f-b2c1-5da5cf92d0d9 (1.0) -- c:\windows\system32\psmsrv.dll
0 -> PsmSrvActivateApplication
0 -> PsmSrvActivateApplication
1 -> PsmSrvCloseActivationChannel
1 -> PsmSrvCloseActivationChannel
2 -> PsmSrvOpenActivationChannel
2 -> PsmSrvOpenActivationChannel
3 -> PsmSrvRegisterProcess
3 -> PsmSrvRegisterProcess
RPC 085b0334-e454-4d91-9b8c-4134f9e793f3 (1.0) -- c:\windows\system32\psmsrv.dll
RPC 085b0334-e454-4d91-9b8c-4134f9e793f3 (1.0) -- c:\windows\system32\psmsrv.dll
0 -> PsmSrvOpenManagementChannel
0 -> PsmSrvInitializeExtension
1 -> PsmSrvSetApplicationState
1 -> PsmSrvOpenManagementChannel
2 -> PsmSrvSetApplicationPriority
2 -> PsmSrvSetApplicationState
3 -> PsmSrvReleaseCacheEntry
3 -> PsmSrvSetApplicationPriority
4 -> PsmSrvAcquireCachedEntries
4 -> PsmSrvReleaseCacheEntry
5 -> PsmSrvQueryApplicationSwapState
5 -> PsmSrvAcquireCachedEntries
6 -> PsmSrvCloseActivationChannel
6 -> PsmSrvQueryApplicationSwapState
7 -> PsmSrvSetApplicationProperties
7 -> PsmSrvCloseActivationChannel
8 -> PsmSrvQueryApplicationProperties
8 -> PsmSrvSetApplicationProperties
9 -> PsmSrvQueryApplicationResourceUsage
9 -> PsmSrvQueryApplicationProperties
10 -> PsmSrvQueryMemoryUsage
10 -> PsmSrvQueryApplicationResourceUsage
11 -> PsmSrvResetMaxMemoryUsage
11 -> PsmSrvQueryMemoryUsage
12 -> PsmSrvQuerySharedCommit
12 -> PsmSrvResetMaxMemoryUsage
13 -> PsmSrvQuerySharedCommit
RPC 8782d3b9-ebbd-4644-a3d8-e8725381919b (1.0) -- c:\windows\system32\psmsrv.dll
RPC 8782d3b9-ebbd-4644-a3d8-e8725381919b (1.0) -- c:\windows\system32\psmsrv.dll
0 -> PsmSrvRegisterQuiesceResumeApp
0 -> PsmSrvRegisterQuiesceResumeApp
1 -> PsmSrvQuiesceCallbacksComplete
1 -> PsmSrvQuiesceCallbacksComplete
2 -> PsmSrvCloseActivationChannel
2 -> PsmSrvCloseActivationChannel
RPC 3b338d89-6cfa-44b8-847e-531531bc9992 (1.0) -- c:\windows\system32\psmsrv.dll
RPC 3b338d89-6cfa-44b8-847e-531531bc9992 (1.0) -- c:\windows\system32\psmsrv.dll
0 -> PsmSrvQueryApplicationPerformanceInformation
0 -> PsmSrvQueryApplicationPerformanceInformation
1 -> PsmSrvQueryQuotaInformation
1 -> PsmSrvQueryQuotaInformation
RPC bdaa0970-413b-4a3e-9e5d-f6dc9d7e0760 (1.0) -- c:\windows\system32\psmsrv.dll
RPC bdaa0970-413b-4a3e-9e5d-f6dc9d7e0760 (1.0) -- c:\windows\system32\psmsrv.dll
0 -> PsmSrvOpenTcChannel
0 -> PsmSrvOpenTcChannel
1 -> PsmSrvApplyTaskCompletion
1 -> PsmSrvApplyTaskCompletion
2 -> PsmSrvRegisterDynamicProcess
2 -> PsmSrvRegisterDynamicProcess
3 -> PsmSrvCloseActivationChannel
3 -> PsmSrvCloseActivationChannel
4 -> PsmSrvGetSessionInfo
4 -> PsmSrvGetSessionInfo
RPC 5824833b-3c1a-4ad2-bdfd-c31d19e23ed2 (1.0) -- c:\windows\system32\psmsrv.dll
RPC 5824833b-3c1a-4ad2-bdfd-c31d19e23ed2 (1.0) -- c:\windows\system32\psmsrv.dll
0 -> PsmSrvRegisterAppPriorityNotification
0 -> PsmSrvRegisterAppPriorityNotification
1 -> PsmSrvQueryApplicationResourceUsageForTimer
1 -> PsmSrvQueryApplicationResourceUsageForTimer
2 -> PsmSrvTimerStart
2 -> PsmSrvTimerStart
3 -> PsmSrvTimerCleanup
3 -> PsmSrvTimerCleanup
4 -> PsmSrvTimerRemainingResourceTimeGet
4 -> PsmSrvTimerRemainingResourceTimeGet
5 -> PsmSrvTimerElapsedResourceTimeGet
5 -> PsmSrvTimerElapsedResourceTimeGet
RPC 0361ae94-0316-4c6c-8ad8-c594375800e2 (1.0) -- c:\windows\system32\psmsrv.dll
RPC 0361ae94-0316-4c6c-8ad8-c594375800e2 (1.0) -- c:\windows\system32\psmsrv.dll
0 -> PsmSrvQueryCurrentApplications
0 -> PsmSrvQueryCurrentApplications
1 -> PsmSrvQueryApplicationHosts
1 -> PsmSrvQueryApplicationHosts
2 -> PsmSrvQueryApplicationHostExecutionState
2 -> PsmSrvQueryApplicationHostExecutionState
3 -> PsmSrvQueryApplicationHostJob
3 -> PsmSrvQueryApplicationHostJob
4 -> PsmSrvConnect
4 -> PsmSrvConnect
5 -> PsmSrvDisconnect
5 -> PsmSrvDisconnect
6 -> PsmSrvSubscribeToNotifications
6 -> PsmSrvSubscribeToNotifications
7 -> PsmSrvUnsubscribeFromNotifications
7 -> PsmSrvUnsubscribeFromNotifications
RPC 2d98a740-581d-41b9-aa0d-a88b9d5ce938 (1.0) -- C:\windows\SYSTEM32\bisrv.dll
RPC 2d98a740-581d-41b9-aa0d-a88b9d5ce938 (1.0) -- c:\windows\system32\bisrv.dll
0 -> RBiSrvActivateDeferredWorkItem
0 -> RBiSrvActivateDeferredWorkItem
1 -> RBiSrvActivateInBackground
1 -> RBiSrvActivateInBackground
2 -> RBiSrvActivateWorkItem
2 -> RBiSrvActivateWorkItem
3 -> RBiSrvAssociateActivationProxy
3 -> RBiSrvAssociateActivationProxy
4 -> RBiSrvAssociateApplicationExtensionClass
4 -> RBiSrvAssociateApplicationExtensionClass
5 -> RBiSrvCancelWorkItem
5 -> RBiSrvCancelWorkItem
6 -> RBiSrvCreateEvent
6 -> RBiSrvCreateEvent
7 -> RBiSrvCreateEventForPackageName
7 -> RBiSrvCreateEventForPackageName
8 -> RBiSrvDeleteEvent
8 -> RBiSrvDeleteEvent
9 -> RBiSrvDisassociateWorkItem
9 -> RBiSrvDisassociateWorkItem
10 -> RBiSrvDiscardPendingActivations
10 -> RBiSrvDiscardPendingActivations
11 -> RBiSrvEnumerateBrokeredEvents
11 -> RBiSrvEnumerateBrokeredEvents
12 -> RBiSrvEnumerateUserContexts
12 -> RBiSrvEnumerateUserContexts
13 -> RBiSrvEnumerateUserSessions
13 -> RBiSrvEnumerateUserSessions
14 -> RBiSrvEnumerateWorkItemsForPackageName
14 -> RBiSrvEnumerateWorkItemsForPackageName
15 -> RBiPtSrvGetStatusStateNameFromBrokerEventId
15 -> RBiSrvQueryBrokeredEvent
16 -> RBiSrvQueryBrokeredEvent
16 -> RBiSrvQuerySystemStateBroadcastChannels
17 -> RBiSrvQuerySystemStateBroadcastChannels
17 -> RBiSrvQueryUserContext
18 -> RBiSrvQueryUserContext
18 -> RBiSrvQueryUserSession
19 -> RBiSrvQueryUserSession
19 -> RBiSrvQueryWorkItem
20 -> RBiSrvQueryWorkItem
20 -> RBiPtSrvQueryWorkItemStatusStateName
21 -> RBiPtSrvQueryWorkItemStatusStateName
21 -> RBiSrvSignalEvent
22 -> RBiSrvSignalEvent
22 -> RBiSrvSignalMultipleEvents
23 -> RBiSrvSignalMultipleEvents
23 -> RBiSrvSignalTriggerEvent
24 -> RBiSrvSignalTriggerEvent
24 -> RBiSrvUpdateEventParameters
25 -> RBiSrvUpdateEventParameters
25 -> RBiSrvUpdateEventFlags
26 -> RBiSrvUpdateEventFlags
26 -> RBiSrvUpdateEventInformation
27 -> RBiSrvUpdateEventInformation
RPC 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a (1.0) -- c:\windows\system32\bisrv.dll
RPC 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a (1.0) -- C:\windows\SYSTEM32\bisrv.dll
0 -> RBiSrvActivateWorkItemForUser
0 -> RBiSrvActivateWorkItemForUser
1 -> RBiSrvChangeApplicationStateForPackageNameForUser
1 -> RBiSrvChangeApplicationStateForPackageNameForUser
2 -> RBiSrvChangeApplicationStateForPsmKeyForUser
2 -> RBiSrvChangeApplicationStateForPsmKeyForUser
3 -> RBiSrvChangeUserState
3 -> RBiSrvChangeUserState
4 -> RBiSrvEnumerateWorkItemsForPackageNameAndUser
4 -> RBiSrvEnumerateWorkItemsForPackageNameAndUser
5 -> RBiSrvGetActiveBackgroundTasksEventForUser
5 -> RBiSrvGetActiveBackgroundTasksEventForUser
6 -> RBiSrvGetCancellationTimeoutInMs
6 -> RBiSrvGetCancellationTimeoutInMs
7 -> RBiSrvIsApplicationTerminateSensitiveForUser
7 -> RBiSrvIsApplicationTerminateSensitiveForUser
8 -> RBiSrvNotifyEndSession
8 -> RBiSrvNotifyEndSession
9 -> RBiSrvNotifyNewSession
9 -> RBiSrvNotifyNewSession
10 -> RBiSrvNotifyNewSessionComplete
10 -> RBiSrvNotifyNewSessionComplete
11 -> RBiSrvNotifyNewUser
11 -> RBiSrvNotifyNewUser
12 -> RBiSrvQueryWorkItemForUser
12 -> RBiSrvQueryWorkItemForUser
13 -> RBiSrvResetActiveUserForPackage
13 -> RBiSrvResetActiveUserForPackage
14 -> RBiSrvSetActiveUserForPackage
14 -> RBiSrvSetActiveUserForPackage
15 -> RBiSrvTerminateApplicationHostForUser
15 -> RBiSrvTerminateApplicationHostForUser
16 -> RBiSrvUpdateBackgroundAccessApplicationsForUser
16 -> RBiSrvUpdateBackgroundAccessApplicationsForUser
RPC 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0 (1.0) -- C:\windows\SYSTEM32\bisrv.dll
RPC 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0 (1.0) -- c:\windows\system32\bisrv.dll
0 -> RBiRtSrvAddWaitableEvent
0 -> RBiRtSrvAddWaitableEvent
1 -> RBiRtSrvAssociateWorkItem
1 -> RBiRtSrvAssociateWorkItem
2 -> RBiRtSrvCreateEvent
2 -> RBiRtSrvCreateEvent
3 -> RBiRtSrvCreateEventForApp
3 -> RBiRtSrvCreateEventForApp
4 -> RBiRtSrvCreateStatusStateName
4 -> RBiRtSrvCreateStatusStateName
5 -> RBiRtSrvDeleteEvent
5 -> RBiRtSrvDeleteEvent
6 -> RBiRtSrvDisassociateWorkItem
6 -> RBiRtSrvDisassociateWorkItem
7 -> RBiRtSrvEnumerateBrokeredEvents
7 -> RBiRtSrvEnumerateBrokeredEvents
8 -> RBiRtSrvEnumerateWorkItems
8 -> RBiRtSrvEnumerateWorkItems
9 -> RBiRtSrvGetWorkItemProperties
9 -> RBiRtSrvGetWorkItemProperties
10
10 -> RBiRtSrvInitiatePause
11 -> RBiRtSrvQueryBrokerEventId
12 -> RBiRtSrvQueryBrokerEventIdFromWorkItem
13 -> RBiRtSrvRegisterWorkItem
14 -> RBiRtSrvSignalEvent
15 -> RBiRtSrvUpdateEventParameters
RPC c605f9fb-f0a3-4e2a-a073-73560f8d9e3e (1.0) -- c:\windows\system32\bisrv.dll
0 -> RBiSrvSignalEvent
RPC 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e (1.0) -- c:\windows\system32\bisrv.dll
0 -> RBiPtSrvActivateDeferredWorkItem
1 -> RBiPtSrvActivateInBackground
2 -> RBiPtSrvActivateWorkItem
3 -> RBiPtSrvAssociateActivationProxy
4 -> RBiPtSrvAssociateApplicationEntryPoint
5 -> RBiPtSrvCancelWorkItem
6 -> RBiPtSrvCreateEvent
7 -> RBiPtSrvCreateEventForApp
8 -> RBiPtSrvCreateEventForPackageName
9 -> RBiPtSrvDeleteEvent
10 -> RBiPtSrvDisableWorkItem
11 -> RBiPtSrvDisassociateWorkItem
12 -> RBiPtSrvEnableWorkItem
13 -> RBiPtSrvEnumerateBrokeredEvents
14 -> RBiPtSrvEnumerateWorkItemsF
Diff salvati