wevtsvc



¿Para qué sirve la dll wevtsvc.dll?

Servicio de registro de eventos

Dependencias de la dll wevtsvc.dll

Microsoft (R) COFF/PE Dumper Version 14.16.27034.0
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file C:\Windows\System32\wevtsvc.dll

File Type: DLL

  Image has the following dependencies:

    msvcp_win.dll
    api-ms-win-crt-string-l1-1-0.dll
    api-ms-win-crt-runtime-l1-1-0.dll
    api-ms-win-crt-private-l1-1-0.dll
    ntdll.dll
    api-ms-win-core-heap-l1-1-0.dll
    api-ms-win-eventing-classicprovider-l1-1-0.dll
    RPCRT4.dll
    api-ms-win-core-perfcounters-l1-1-0.dll
    api-ms-win-core-synch-l1-2-0.dll
    api-ms-win-security-base-l1-2-0.dll
    api-ms-win-security-sddl-l1-1-0.dll
    api-ms-win-eventing-provider-l1-1-0.dll
    api-ms-win-core-registry-l1-1-0.dll
    api-ms-win-security-base-l1-1-0.dll
    api-ms-win-core-synch-l1-1-0.dll
    api-ms-win-core-errorhandling-l1-1-0.dll
    api-ms-win-core-handle-l1-1-0.dll
    api-ms-win-service-core-l1-1-0.dll
    api-ms-win-core-heap-l2-1-0.dll
    api-ms-win-core-libraryloader-l1-2-0.dll
    api-ms-win-core-string-l1-1-0.dll
    api-ms-win-core-kernel32-legacy-l1-1-0.dll
    api-ms-win-core-file-l2-1-0.dll
    api-ms-win-core-processthreads-l1-1-0.dll
    api-ms-win-core-threadpool-l1-2-0.dll
    api-ms-win-core-sysinfo-l1-1-0.dll
    api-ms-win-core-file-l1-1-0.dll
    api-ms-win-core-memory-l1-1-0.dll
    api-ms-win-eventing-consumer-l1-1-0.dll
    api-ms-win-core-localization-l1-2-0.dll
    api-ms-win-core-file-l1-2-0.dll
    USERENV.dll
    api-ms-win-security-isolatedcontainer-l1-1-1.dll
    api-ms-win-service-core-l1-1-3.dll
    api-ms-win-core-debug-l1-1-0.dll
    api-ms-win-eventing-controller-l1-1-0.dll
    api-ms-win-core-processthreads-l1-1-3.dll
    WS2_32.dll
    api-ms-win-core-timezone-l1-1-0.dll
    api-ms-win-core-processenvironment-l1-1-0.dll
    api-ms-win-core-processthreads-l1-1-1.dll
    api-ms-win-core-profile-l1-1-0.dll
    api-ms-win-core-interlocked-l1-1-0.dll
    bcrypt.dll
    api-ms-win-core-state-helpers-l1-1-0.dll
    api-ms-win-core-version-l1-1-0.dll
    api-ms-win-core-datetime-l1-1-1.dll
    api-ms-win-service-core-l1-1-4.dll
    api-ms-win-core-sysinfo-l1-2-0.dll
    api-ms-win-core-datetime-l1-1-0.dll
    api-ms-win-core-apiquery-l1-1-0.dll
    api-ms-win-core-delayload-l1-1-1.dll
    api-ms-win-core-delayload-l1-1-0.dll

  Image has the following delay load dependencies:

    api-ms-win-security-provider-l1-1-0.dll
    api-ms-win-security-lsalookup-l1-1-0.dll
    api-ms-win-core-registry-l2-1-0.dll
    api-ms-win-power-setting-l1-1-0.dll
    ext-ms-win-devmgmt-policy-l1-1-0.dll

  Summary

       36000 .data
        1000 .didat
        C000 .pdata
       94000 .rdata
        7000 .reloc
        6000 .rsrc
       EB000 .text

Funciones que tiene la dll wevtsvc.dll

1    0 000509E0 ServiceMain
2    1 0005C190 SvchostPushServiceGlobalsEx

Información avanzada sobre funciones que tiene la dll wevtsvc.dll

Microsoft (R) COFF/PE Dumper Version 14.16.27034.0
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file C:\Windows\System32\wevtsvc.dll

File Type: DLL

  Section contains the following exports for wevtsvc.dll

    00000000 characteristics
    D85D2068 time date stamp
        0.00 version
           1 ordinal base
           2 number of functions
           2 number of names

    ordinal hint RVA      name

          1    0 000509E0 ServiceMain
          2    1 0005C190 SvchostPushServiceGlobalsEx

  Summary

       36000 .data
        1000 .didat
        C000 .pdata
       94000 .rdata
        7000 .reloc
        6000 .rsrc
       EB000 .text

Integridad de la dll wevtsvc.dll

Algorithm       Hash                                                                   Path                                                           
---------       ----                                                                   ----                                                           
SHA256          BCD010D1040BC1F3024EB4B75113C7BB683EEE3B9B7A9B45769356A82C5E2130       C:\Windows\System32\wevtsvc.dll                                

Detalles sobre el fichero dll wevtsvc.dll

PSPath            : Microsoft.PowerShell.Core\FileSystem::C:\Windows\System32\wevtsvc.dll
PSParentPath      : Microsoft.PowerShell.Core\FileSystem::C:\Windows\System32
PSChildName       : wevtsvc.dll
PSDrive           : C
PSProvider        : Microsoft.PowerShell.Core\FileSystem
PSIsContainer     : False
Mode              : -a----
VersionInfo       : File:             C:\Windows\System32\wevtsvc.dll
                    InternalName:     wevtsvc.dll
                    OriginalFilename: wevtsvc.dll.mui
                    FileVersion:      10.0.19041.561 (WinBuild.160101.0800)
                    FileDescription:  Servicio de registro de eventos
                    Product:          Sistema operativo Microsoft® Windows®
                    ProductVersion:   10.0.19041.561
                    Debug:            False
                    Patched:          False
                    PreRelease:       False
                    PrivateBuild:     False
                    SpecialBuild:     False
                    Language:         Español (España, internacional)
                    
BaseName          : wevtsvc
Target            : {C:\Windows\WinSxS\amd64_microsoft-windows-eventlog_31bf3856ad364e35_10.0.19041.388_none_ba94603271c7221f\wevtsvc.dll}
LinkType          : HardLink
Name              : wevtsvc.dll
Length            : 1876480
DirectoryName     : C:\Windows\System32
Directory         : C:\Windows\System32
IsReadOnly        : False
Exists            : True
FullName          : C:\Windows\System32\wevtsvc.dll
Extension         : .dll
CreationTime      : 18/09/2020 7:54:06
CreationTimeUtc   : 18/09/2020 5:54:06
LastAccessTime    : 03/12/2020 16:45:10
LastAccessTimeUtc : 03/12/2020 15:45:10
LastWriteTime     : 18/09/2020 7:54:07
LastWriteTimeUtc  : 18/09/2020 5:54:07
Attributes        : Archive

Procesos que utilizan la dll wevtsvc.dll