WerReportCreate API

Posted on by

The API I want to talk about today is called WerReportCreate. It takes a few arguments, but the most interesting is the first one, which is the Event Name.

Looking at Windows OS binaries, we can see this API being utilized by a number of native executables and libraries, and each invocation uses unique string for the event name:

  • FaultTolerantHeap – AcLayers.dll
  • AppxDeploymentFailureBlue – AppXDeploymentServer.dll
  • CertPinning – cryptui.dll
  • D3DDRED2 – D3D12Core.dll
  • DMRCDeviceMetadataPackageFailure – DeviceMetadataRetrievalClient.dll
  • DispBrokerTimeoutEvent – DispBroker.dll
  • WWAJSE – EdgeContent.dll
  • WindowsBlackScreenDiagnosticsV1 – explorer.exe
  • ShellBrowserCancel – ExplorerFrame.dll
  • ShellViewReentered – ExplorerFrame.dll
  • FaultTolerantHeap – fthsvc.dll
  • GDIObjectLeak – gdi32full.dll
  • CompatEntityAnalysis_1 – invagent.dll
  • ScriptedDiagFailure – msdt.exe
  • WindowsNonFatalSuspectedDeadlock – netprofmsvc.dll
  • CommsNonFatalSuspectedDeadlock – PhoneProviders.dll
  • CommsNonFatalSuspectedDeadlock – PhoneService.dll
  • HamLkd – PsmServiceExtHost.dll
  • RADAR_PRE_LEAK_32 – radarrs.dll
  • RADAR_LEAK_64 – rdrleakdiag.exe
  • MemDiagV1 – RelPost.exe
  • StartupRepairOnline – RelPost.exe
  • WindowsBackupFailure – sdclt.exe
  • WindowsBackupFailure – sdengin2.dll
  • ServiceHang – services.exe
  • SystemRestore – srcore.dll
  • ShellThumbnailExtractionTimeout – thumbcache.dll
  • ShellThumbnailExtractionTimeout – ThumbnailExtractionHost.exe
  • UpdateAgentDiag – UpdateAgent.dll
  • Windows Server Backup Error – wbengine.exe
  • AppHangB1 – WerFault.exe
  • BlueScreen – WerFault.exe
  • LiveKernelEvent – WerFault.exe
  • Temp – werui.dll
  • WUDFUnhandledException – WUDFPlatform.dll