EtwProcessor.dll

File Path: C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\EtwProcessor.dll
Description: Library for processing ETW events [v10.43k]

Hashes

Type	Hash
MD5	`FF93930CE87C49AFA002AA6A07652DCC`
SHA1	`AC100D5ECB086D6A8B7E2603DF4EA1AB133D3264`
SHA256	`A8DA1F48F5274B5038103B69CE1C8BC277151DA4C9996F187E5AF6195DD97447`
SHA384	`2268881EC6E9F4F73FBACF4A7AC995D02DF042B1F3476C8F719F45F6FB88F3AFE353C392BAC0EBFDEB6AD8CC03967D7F`
SHA512	`AC8D7E9D6C63FABEB943D211AA1465D0E3217D05E1B2039B83207901AA20C4B023D61CA409307A5959069D0A76995F69E20D5B18574C4026068E5E008EC0B373`
SSDEEP	`6144:eDLdXzWaxPw5E1uY4eCSEFuhMAyksKNkFTczwIF3tsdE+Bt:eXdXzDxSE1uY4eC1FuhMAHsKNkqz99ot`
IMP	`DD2B14B2F2867A48C3E4AFACAEB0AEA1`
PESHA1	`9E336D938C0839EACDCD47F082FA55EE3B9F790D`
PE256	`56EC15B3DFF6DD580DED74931DA79588A3C57EBF462B3440240FFF291DB007A1`

DLL Exports:

Function Name	Ordinal	Type
`EtwController::Flush`	26	Exported Function
`EtwController::Flush`	25	Exported Function
`EtwController::StartEtwTrace`	78	Exported Function
`Processor::EtwControllerOptions`	77	Exported Function
`EtwController::EnableProvider`	22	Exported Function
`EtwController::EnableProvider`	19	Exported Function
`EtwController::DisableProvider`	17	Exported Function
`EtwController::EnableProvider`	21	Exported Function
`EtwController::EnableProvider`	20	Exported Function
`EtwController::StopEtwTrace`	83	Exported Function
`EtwController::StartEtwTrace`	80	Exported Function
`EtwEvent::GetActivityId`	29	Exported Function
`EtwController::StopEtwTrace`	84	Exported Function
`Processor::EtwControllerOptions`	79	Exported Function
`EtwController::StartEtwTrace`	76	Exported Function
`Processor::EtwControllerOptions`	75	Exported Function
`EtwController::StartEtwTrace`	82	Exported Function
`Processor::EtwControllerOptions`	81	Exported Function
`EtwController::DisableProvider`	16	Exported Function
`CompositeWaiter::WaitAll`	86	Exported Function
`Processor::WaiterCollection`	12	Exported Function
`EtwConsumer::CloseTrace`	14	Exported Function
`CompositeWaiter::WaitAny`	87	Exported Function
`Processor::Waiter`	11	Exported Function
`EtwEvent::HasRelatedActivity`	56	Exported Function
`Processor::WaiterCollection`	9	Exported Function
`CachingWaiter::GetCachedEvent`	30	Exported Function
`Processor::EtwEvent`	10	Exported Function
`EtwRealtimeConsumer::EnableProvider`	24	Exported Function
`EtwRealtimeConsumer::EnableProvider`	23	Exported Function
`EtwEvent::FromEventRecord`	28	Exported Function
`EtwRealtimeConsumer::Flush`	27	Exported Function
`EtwRealtimeConsumer::DisableProvider`	18	Exported Function
`EtwEvent::GetPayloadProperty`	44	Exported Function
`EtwEvent::GetPayloadProperty`	43	Exported Function
`EtwEvent::GetPayloadPropertyNames`	46	Exported Function
`EtwEvent::GetPayloadPropertyNames`	45	Exported Function
`EtwEvent::GetProviderGuid`	48	Exported Function
`EtwFileConsumer::OpenTraceW`	70	Exported Function
`EtwConsumer::ProcessTrace`	73	Exported Function
`Waiter::Wait`	85	Exported Function
`EtwRealtimeConsumer::OpenTraceW`	71	Exported Function
`Processor::Waiter`	8	Exported Function
`Processor::EtwFileConsumer`	5	Exported Function
`WaiterCollection::GetLastErrorMessage`	38	Exported Function
`Processor::EtwWaiter`	7	Exported Function
`Processor::EtwRealtimeConsumer`	6	Exported Function
`WaiterCollection_Add`	146	Exported Function
`Waiter_Wait`	151	Exported Function
`WaiterCollection_Destroy`	148	Exported Function
`WaiterCollection_Create`	147	Exported Function
`Waiter_Reset`	150	Exported Function
`EtwEvent::PrintProperties`	72	Exported Function
`Waiter::Reset`	74	Exported Function
`Waiter_Destroy`	149	Exported Function
`Processor::Waiter`	13	Exported Function
`Waiter::GetLastErrorMessage`	37	Exported Function
`EtwEvent::GetEventId`	33	Exported Function
`EtwEvent::GetVersion`	55	Exported Function
`EtwEvent::GetThreadId`	53	Exported Function
`EtwEvent::GetProcessId`	47	Exported Function
`EtwEvent::GetOpCode`	41	Exported Function
`EtwEvent::GetTimeStamp`	54	Exported Function
`EtwEvent::GetRelatedActivityId`	51	Exported Function
`EtwEvent::GetLevel`	39	Exported Function
`EtwEvent::GetChannel`	31	Exported Function
`EtwEvent::GetProviderMessage`	49	Exported Function
`EtwEvent::GetOpCodeName`	42	Exported Function
`EtwEvent::GetTaskName`	52	Exported Function
`EtwEvent::GetProviderName`	50	Exported Function
`EtwEvent::GetLevelName`	40	Exported Function
`EtwEvent::GetEventMessage`	34	Exported Function
`EtwEvent::GetChannelName`	32	Exported Function
`EtwEvent::GetLastErrorMessage`	36	Exported Function
`EtwEvent::GetKeywordsName`	35	Exported Function
`WaiterCollection::WaiterCollection`	3	Exported Function
`EtwEvent_GetEventId`	113	Exported Function
`EtwEvent_GetChannelName`	112	Exported Function
`EtwEvent_GetKeywordsName`	115	Exported Function
`EtwEvent_GetEventMessage`	114	Exported Function
`EtwEvent_GetChannel`	111	Exported Function
`EtwEvent_Destroy`	108	Exported Function
`EtwController_StopEtwTrace`	107	Exported Function
`EtwEvent_GetActivityId`	110	Exported Function
`EtwEvent_FromEventRecord`	109	Exported Function
`EtwEvent_GetPayloadPropertyNames`	122	Exported Function
`EtwEvent_GetPayloadPropertyLegacy`	121	Exported Function
`EtwEvent_GetProviderGuid`	124	Exported Function
`EtwEvent_GetProcessId`	123	Exported Function
`EtwEvent_GetPayloadProperty`	120	Exported Function
`EtwEvent_GetLevelName`	117	Exported Function
`EtwEvent_GetLevel`	116	Exported Function
`EtwEvent_GetOpCodeName`	119	Exported Function
`EtwEvent_GetOpCode`	118	Exported Function
`EtwController_StartEtwTrace_2`	106	Exported Function
`EtwConsumer_CloseTrace`	94	Exported Function
`CompositeWaiter_WaitAny`	93	Exported Function
`EtwConsumer_GetEndTimeStamp`	96	Exported Function
`EtwConsumer_Destroy`	95	Exported Function
`CompositeWaiter_WaitAll`	92	Exported Function
`CachingWaiter_GetCachedEvent`	89	Exported Function
`CachingWaiter_Create`	88	Exported Function
`CompositeWaiter_CreateWithWaitAllAsDefault`	91	Exported Function
`CompositeWaiter_Create`	90	Exported Function
`EtwController_EnableProvider`	103	Exported Function
`EtwController_DisableProvider`	102	Exported Function
`EtwController_StartEtwTrace_1`	105	Exported Function
`EtwController_Flush`	104	Exported Function
`EtwConsumer_SetEventRecordCallback`	101	Exported Function
`EtwConsumer_GetTickFrequency`	98	Exported Function
`EtwConsumer_GetStartTimeStamp`	97	Exported Function
`EtwConsumer_ProcessTrace`	100	Exported Function
`EtwConsumer_GetTimerResolution`	99	Exported Function
`EtwEvent_GetProviderMessage`	125	Exported Function
`EtwFileConsumer::Initialize`	62	Exported Function
`EtwFileConsumer::Initialize`	61	Exported Function
`Processor::EtwRealtimeConsumerOptions`	64	Exported Function
`Processor::EtwRealtimeConsumerOptions`	63	Exported Function
`Processor::DefaultWaitBehavior`	60	Exported Function
`Processor::Waiter`	57	Exported Function
`PayloadProperty_GetValue`	145	Exported Function
`Processor::Waiter`	59	Exported Function
`Processor::Waiter`	58	Exported Function
`Processor::EtwEvent`	1	Exported Function
`Processor::Waiter`	15	Exported Function
`Processor::WaiterCollection`	2	Exported Function
`Processor::EtwEvent`	4	Exported Function
`Processor::Waiter`	69	Exported Function
`Processor::EtwWaiterOptions`	66	Exported Function
`Processor::EtwWaiterOptions`	65	Exported Function
`Processor::EtwWaiterOptions`	68	Exported Function
`Processor::EtwWaiterOptions`	67	Exported Function
`PayloadProperty_GetMetadata`	144	Exported Function
`EtwEvent_HasRelatedActivity`	132	Exported Function
`EtwEvent_GetVersion`	131	Exported Function
`EtwFileConsumer_Create`	134	Exported Function
`EtwEvent_PrintProperties`	133	Exported Function
`EtwEvent_GetTimeStamp`	130	Exported Function
`EtwEvent_GetRelatedActivityId`	127	Exported Function
`EtwEvent_GetProviderName`	126	Exported Function
`EtwEvent_GetThreadId`	129	Exported Function
`EtwEvent_GetTaskName`	128	Exported Function
`EtwWaiter_Create`	141	Exported Function
`EtwRealtimeConsumer_OpenTrace`	140	Exported Function
`MultiplicityWaiter_Create`	143	Exported Function
`EtwWaiter_CreateByName`	142	Exported Function
`EtwRealtimeConsumer_Flush`	139	Exported Function
`EtwRealtimeConsumer_Create`	136	Exported Function
`EtwFileConsumer_OpenTrace`	135	Exported Function
`EtwRealtimeConsumer_EnableProvider`	138	Exported Function
`EtwRealtimeConsumer_DisableProvider`	137	Exported Function

Signature

Status: Signature verified.
Serial: 33000001529B409F5056997588000000000152
Thumbprint: 711AF71DC4C4952C8ED65BB4BA06826ED3922A32
Issuer: CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

Original Filename: EtwProcessor.dll
Product Name: Test Authoring and Execution Framework
Company Name: Microsoft Corporation
File Version: 10.43.1909.04003
Product Version: 10.43.190904003-develop
Language: English (United States)
Machine Type: 64-bit

File Scan

VirusTotal Detections: Unknown

File Similarity (ssdeep match)

File	Score
C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\MinTe\EtwProcessor.dll	100
C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\x64\EtwProcessor.dll	100
C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\x64\MinTe\EtwProcessor.dll	100