Import table
api-ms-win-core-localregistry-l1-1-0.dll
RegQueryValueExA, RegCloseKey, RegOpenKeyExA
api-ms-win-service-core-l1-1-0.dll
SetServiceStatus
api-ms-win-service-management-l1-1-0.dll
CloseServiceHandle
api-ms-win-service-winsvc-l1-1-0.dll
OpenServiceA, StartServiceA, QueryServiceStatus, RegisterServiceCtrlHandlerExA, OpenSCManagerA
kernel32.dll
GetCurrentProcess, TerminateProcess, lstrlenW, CloseThreadpoolWork, CreateThreadpoolWork, InterlockedExchange, SubmitThreadpoolWork, WaitForThreadpoolWorkCallbacks, ExpandEnvironmentStringsW, CreateDirectoryW, TryEnterCriticalSection, GetFileSizeEx, ReadFile, CreateFileA, WriteFile, ExpandEnvironmentStringsA, OpenEventW, GetCurrentProcessId, Sleep, WaitForMultipleObjects, GetOverlappedResult, CancelIoEx, LoadLibraryA, MultiByteToWideChar, DeviceIoControl, UnhandledExceptionFilter, GetModuleHandleW, InterlockedCompareExchange64, InterlockedIncrement, SetThreadPriorityBoost, GetCurrentThread, GetThreadPriority, SetThreadPriority, GetQueuedCompletionStatus, InitializeSListHead, CreateIoCompletionPort, InterlockedPushEntrySList, InterlockedFlushSList, PostQueuedCompletionStatus, QueryPerformanceCounter, LoadLibraryExA, InterlockedCompareExchange, GetProcAddress, DelayLoadFailureHook, TlsAlloc, TlsFree, CreateThread, SetLastError, TlsSetValue, CreateEventA, GetTickCount, QueryPerformanceFrequency, SetUnhandledExceptionFilter, VirtualProtect, GetSystemTimeAsFileTime, VirtualAlloc, ResetEvent, LeaveCriticalSection, GetSystemInfo, VirtualQuery, GetVersion, GetCurrentThreadId, SetEvent, WaitForSingleObjectEx, InterlockedDecrement, InterlockedExchangeAdd, GetModuleHandleExA, FreeLibrary, WaitForSingleObject, CloseHandle, HeapAlloc, HeapFree, FreeLibraryAndExitThread, TlsGetValue, SleepEx, QueueUserAPC, GetLastError, EnterCriticalSection, GetProcessHeap
msvcrt.dll
DllMain
ntdll.dll
NtDeviceIoControlFile, RtlDeleteCriticalSection, NtCreateFile, RtlInitUnicodeString, RtlNtStatusToDosError, RtlInitializeCriticalSection, RtlLeaveCriticalSection, RtlEnterCriticalSection, RtlIsCriticalSectionLockedByThread, EtwEventUnregister, EtwEventRegister, EtwEventWrite, NtOpenFile, WinSqmStartSession, WinSqmEndSession, WinSqmSetIfMaxDWORD, WinSqmSetDWORD, WinSqmAddToStream, NtQueryTimerResolution, NtSetTimerResolution, RtlFreeHeap, RtlAllocateHeap, RtlImageNtHeader, NtClose, NtWaitForSingleObject
slc.dll
SLGetWindowsInformationDWORD
traffic.dll
TcGetInterfaceList, TcCloseInterface, TcDeleteFlow, TcDeleteFilter, TcEnumerateInterfaces, TcRegisterClient, TcAddFlow, TcGetFlowNameA, TcOpenInterfaceW, TcDeregisterClient, TcQueryFlowA, TcQueryInterface, TcModifyFlow, TcSetSocketFlow
wmi.dll
WmiExecuteMethodW, WmiOpenBlock, WmiCloseBlock
ws2_32.dll
WSASend, WSAAddressToStringA, WSAStringToAddressA, WSAConnect, WSARecv, WSASocketA, WSARecvFrom, WSAIoctl, WSAGetOverlappedResult
Export table
QDLHPathDiagnostics
QDLHStartDiagnosingPath
QOSAddSocketToFlow
QOSCancel
QOSCloseHandle
QOSCreateHandle
QOSEnumerateFlows
QOSNotifyFlow
QOSQueryFlow
QOSRemoveSocketFromFlow
QOSSetFlow
QOSStartTrackingClient
QOSStopTrackingClient
ServiceMain
