Windows 11’s advapi32.dll includes interesting export functions:
And I know nothing about them… while they are obviously exported by advapi32.dll and for some unknown reason, they do not seem to be imported … by anything (no .exe, .dll import these functions, at least directly!). Plus, most of these apis’ code reference NDR functions (RPC), so unless you are really well-versed in these, it’s hard to reverse them 🙁
A quick google suggests that these are not Linux-related (refrerence to ‘ELF’), and are actually Event Log File (also ‘ELF’)-related. In a trivial pursuit of the truth, we look at the code of Elf* functions and their invocations and we can almost immediately see that f.ex. that RegisterEventSourceW is calling ElfRegisterEventSourceW internally. So… looks like either intentionally, or accidentally the MS coders exposed a lower-level interface to Event Logs.
As such, functions:
may be perhaps of interest?