dbghelp.dll
Description: Windows Image Helper
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.1
Architecture: 64-bit
Operating System: Windows NT
SHA256: 9a02133854ff9f06c3b23a70f8c2a481
File Size: 1.8 MB
Uploaded At: April 22, 2026, 7:46 p.m.
Views: 26
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- (Ordinal: 1101, Address: 0x26a30)
- (Ordinal: 1102, Address: 0x26b70)
- (Ordinal: 1103, Address: 0x26fa0)
- (Ordinal: 1104, Address: 0x27010)
- (Ordinal: 1105, Address: 0x27b30)
- (Ordinal: 1106, Address: 0x27bf0)
- (Ordinal: 1107, Address: 0x26d50)
- (Ordinal: 1108, Address: 0x276d0)
- (Ordinal: 1109, Address: 0x27a90)
- (Ordinal: 1110, Address: 0x27b60)
- SymAllocDiaString (Ordinal: 1111, Address: 0x2c1a0)
- SymFreeDiaString (Ordinal: 1112, Address: 0x2c190)
- SymGetDiaSession (Ordinal: 1113, Address: 0x2bfe0)
- SymGetLineFromAddrEx (Ordinal: 1114, Address: 0x26d50)
- (Ordinal: 1115, Address: 0x26c40)
- (Ordinal: 1116, Address: 0x26dd0)
- (Ordinal: 1117, Address: 0x2adc0)
- (Ordinal: 1118, Address: 0x2aea0)
- (Ordinal: 1119, Address: 0x2c1c0)
- SymGetLineFromNameEx (Ordinal: 1120, Address: 0x276d0)
- SymGetLineNextEx (Ordinal: 1121, Address: 0x27a90)
- SymGetLinePrevEx (Ordinal: 1122, Address: 0x27b60)
- SymGetOmapBlockBase (Ordinal: 1123, Address: 0x29a70)
- SymSetDiaSession (Ordinal: 1124, Address: 0x2c080)
- _EFN_DumpImage (Ordinal: 1125, Address: 0x17d20)
- DbgHelpCreateUserDump (Ordinal: 1126, Address: 0x3bb90)
- DbgHelpCreateUserDumpW (Ordinal: 1127, Address: 0x3bc90)
- EnumDirTree (Ordinal: 1128, Address: 0x2f360)
- EnumDirTreeW (Ordinal: 1129, Address: 0x2f490)
- EnumerateLoadedModules (Ordinal: 1130, Address: 0x28df0)
- EnumerateLoadedModules64 (Ordinal: 1131, Address: 0x28df0)
- EnumerateLoadedModulesEx (Ordinal: 1132, Address: 0x28eb0)
- EnumerateLoadedModulesExW (Ordinal: 1133, Address: 0x28f10)
- EnumerateLoadedModulesW64 (Ordinal: 1134, Address: 0x28e50)
- ExtensionApiVersion (Ordinal: 1135, Address: 0x14350)
- FindDebugInfoFile (Ordinal: 1136, Address: 0x2df10)
- FindDebugInfoFileEx (Ordinal: 1137, Address: 0x2ecd0)
- FindDebugInfoFileExW (Ordinal: 1138, Address: 0x2ec80)
- FindExecutableImage (Ordinal: 1139, Address: 0x2cf50)
- FindExecutableImageEx (Ordinal: 1140, Address: 0x2dbb0)
- FindExecutableImageExW (Ordinal: 1141, Address: 0x2dcf0)
- FindFileInPath (Ordinal: 1142, Address: 0x2cec0)
- FindFileInSearchPath (Ordinal: 1143, Address: 0x2cf10)
- GetSymLoadError (Ordinal: 1144, Address: 0x2c3c0)
- GetTimestampForLoadedLibrary (Ordinal: 1145, Address: 0x1bfb0)
- ImageDirectoryEntryToData (Ordinal: 1146, Address: 0x1bb20)
- ImageDirectoryEntryToDataEx (Ordinal: 1147, Address: 0x1b940)
- ImageNtHeader (Ordinal: 1148, Address: 0x1b810)
- ImageRvaToSection (Ordinal: 1149, Address: 0x1bb40)
- ImageRvaToVa (Ordinal: 1150, Address: 0x1bbb0)
- ImagehlpApiVersion (Ordinal: 1151, Address: 0x2f7b0)
- ImagehlpApiVersionEx (Ordinal: 1152, Address: 0x2f7c0)
- MakeSureDirectoryPathExists (Ordinal: 1153, Address: 0x2f5c0)
- MiniDumpReadDumpStream (Ordinal: 1154, Address: 0x19fa2a)
- MiniDumpWriteDump (Ordinal: 1155, Address: 0x19fa5b)
- RangeMapAddPeImageSections (Ordinal: 1156, Address: 0x4ef00)
- RangeMapCreate (Ordinal: 1157, Address: 0x4ee10)
- RangeMapFree (Ordinal: 1158, Address: 0x4ee70)
- RangeMapRead (Ordinal: 1159, Address: 0x4f000)
- RangeMapRemove (Ordinal: 1160, Address: 0x4efb0)
- RangeMapWrite (Ordinal: 1161, Address: 0x4f060)
- RemoveInvalidModuleList (Ordinal: 1162, Address: 0x7ce0)
- ReportSymbolLoadSummary (Ordinal: 1163, Address: 0x9460)
- SearchTreeForFile (Ordinal: 1164, Address: 0x2f4e0)
- SearchTreeForFileW (Ordinal: 1165, Address: 0x2f510)
- SetCheckUserInterruptShared (Ordinal: 1166, Address: 0x7ce0)
- SetSymLoadError (Ordinal: 1167, Address: 0x2c3d0)
- StackWalk (Ordinal: 1168, Address: 0x410b0)
- StackWalk64 (Ordinal: 1169, Address: 0x410b0)
- StackWalkEx (Ordinal: 1170, Address: 0x40da0)
- SymAddSourceStream (Ordinal: 1171, Address: 0x26240)
- SymAddSourceStreamA (Ordinal: 1172, Address: 0x261d0)
- SymAddSourceStreamW (Ordinal: 1173, Address: 0x26030)
- SymAddSymbol (Ordinal: 1174, Address: 0x293a0)
- SymAddSymbolW (Ordinal: 1175, Address: 0x29290)
- SymAddrIncludeInlineTrace (Ordinal: 1176, Address: 0x2af10)
- SymCleanup (Ordinal: 1177, Address: 0x23fb0)
- SymCompareInlineTrace (Ordinal: 1178, Address: 0x2b4f0)
- SymDeleteSymbol (Ordinal: 1179, Address: 0x29570)
- SymDeleteSymbolW (Ordinal: 1180, Address: 0x29420)
- SymEnumLines (Ordinal: 1181, Address: 0x268a0)
- SymEnumLinesW (Ordinal: 1182, Address: 0x26970)
- SymEnumProcesses (Ordinal: 1183, Address: 0x24f40)
- SymEnumSourceFileTokens (Ordinal: 1184, Address: 0x26500)
- SymEnumSourceFiles (Ordinal: 1185, Address: 0x2ad90)
- SymEnumSourceFilesW (Ordinal: 1186, Address: 0x2ae70)
- SymEnumSourceLines (Ordinal: 1187, Address: 0x269e0)
- SymEnumSourceLinesW (Ordinal: 1188, Address: 0x26b20)
- SymEnumSym (Ordinal: 1189, Address: 0x2a5f0)
- SymEnumSymbols (Ordinal: 1190, Address: 0x29bf0)
- SymEnumSymbolsEx (Ordinal: 1191, Address: 0x29b50)
- SymEnumSymbolsExW (Ordinal: 1192, Address: 0x29c20)
- SymEnumSymbolsForAddr (Ordinal: 1193, Address: 0x2a350)
- SymEnumSymbolsForAddrW (Ordinal: 1194, Address: 0x2a4a0)
- SymEnumSymbolsW (Ordinal: 1195, Address: 0x29c90)
- SymEnumTypes (Ordinal: 1196, Address: 0x2a800)
- SymEnumTypesByName (Ordinal: 1197, Address: 0x2a8a0)
- SymEnumTypesByNameW (Ordinal: 1198, Address: 0x2a970)
- SymEnumTypesW (Ordinal: 1199, Address: 0x2a850)
- SymEnumerateModules (Ordinal: 1200, Address: 0x250d0)
- SymEnumerateModules64 (Ordinal: 1201, Address: 0x250d0)
- SymEnumerateModulesW64 (Ordinal: 1202, Address: 0x25110)
- SymEnumerateSymbols (Ordinal: 1203, Address: 0x252b0)
- SymEnumerateSymbols64 (Ordinal: 1204, Address: 0x252b0)
- SymEnumerateSymbolsW (Ordinal: 1205, Address: 0x25300)
- SymEnumerateSymbolsW64 (Ordinal: 1206, Address: 0x25300)
- SymFindDebugInfoFile (Ordinal: 1207, Address: 0x2eda0)
- SymFindDebugInfoFileW (Ordinal: 1208, Address: 0x2ee90)
- SymFindExecutableImage (Ordinal: 1209, Address: 0x2dd40)
- SymFindExecutableImageW (Ordinal: 1210, Address: 0x2de80)
- SymFindFileInPath (Ordinal: 1211, Address: 0x2cd10)
- SymFindFileInPathW (Ordinal: 1212, Address: 0x2ce50)
- SymFromAddr (Ordinal: 1213, Address: 0x29640)
- SymFromAddrW (Ordinal: 1214, Address: 0x296d0)
- SymFromIndex (Ordinal: 1215, Address: 0x2a140)
- SymFromIndexW (Ordinal: 1216, Address: 0x2a1b0)
- SymFromInlineContext (Ordinal: 1217, Address: 0x295e0)
- SymFromInlineContextW (Ordinal: 1218, Address: 0x29670)
- SymFromName (Ordinal: 1219, Address: 0x298c0)
- SymFromNameW (Ordinal: 1220, Address: 0x29950)
- SymFromToken (Ordinal: 1221, Address: 0x29700)
- SymFromTokenW (Ordinal: 1222, Address: 0x297b0)
- SymFunctionTableAccess (Ordinal: 1223, Address: 0x27e70)
- SymFunctionTableAccess64 (Ordinal: 1224, Address: 0x27e70)
- SymFunctionTableAccess64AccessRoutines (Ordinal: 1225, Address: 0x27e90)
- SymGetExtendedOption (Ordinal: 1226, Address: 0x24000)
- SymGetFileLineOffsets64 (Ordinal: 1227, Address: 0x1de20)
- SymGetHomeDirectory (Ordinal: 1228, Address: 0x24960)
- SymGetHomeDirectoryW (Ordinal: 1229, Address: 0x248a0)
- SymGetLineFromAddr (Ordinal: 1230, Address: 0x26d20)
- SymGetLineFromAddr64 (Ordinal: 1231, Address: 0x26d20)
- SymGetLineFromAddrW64 (Ordinal: 1232, Address: 0x26f70)
- SymGetLineFromInlineContext (Ordinal: 1233, Address: 0x26c00)
- SymGetLineFromInlineContextW (Ordinal: 1234, Address: 0x26d90)
- SymGetLineFromName (Ordinal: 1235, Address: 0x276a0)
- SymGetLineFromName64 (Ordinal: 1236, Address: 0x276a0)
- SymGetLineFromNameW64 (Ordinal: 1237, Address: 0x26fe0)
- SymGetLineNext (Ordinal: 1238, Address: 0x27a80)
- SymGetLineNext64 (Ordinal: 1239, Address: 0x27a80)
- SymGetLineNextW64 (Ordinal: 1240, Address: 0x27b10)
- SymGetLinePrev (Ordinal: 1241, Address: 0x27b50)
- SymGetLinePrev64 (Ordinal: 1242, Address: 0x27b50)
- SymGetLinePrevW64 (Ordinal: 1243, Address: 0x27bd0)
- SymGetModuleBase (Ordinal: 1244, Address: 0x285c0)
- SymGetModuleBase64 (Ordinal: 1245, Address: 0x285c0)
- SymGetModuleInfo (Ordinal: 1246, Address: 0x28250)
- SymGetModuleInfo64 (Ordinal: 1247, Address: 0x28250)
- SymGetModuleInfoW (Ordinal: 1248, Address: 0x282e0)
- SymGetModuleInfoW64 (Ordinal: 1249, Address: 0x282e0)
- SymGetOmaps (Ordinal: 1250, Address: 0x29980)
- SymGetOptions (Ordinal: 1251, Address: 0x24ba0)
- SymGetScope (Ordinal: 1252, Address: 0x29f90)
- SymGetScopeW (Ordinal: 1253, Address: 0x2a010)
- SymGetSearchPath (Ordinal: 1254, Address: 0x28900)
- SymGetSearchPathW (Ordinal: 1255, Address: 0x28990)
- SymGetSourceFile (Ordinal: 1256, Address: 0x25c30)
- SymGetSourceFileChecksum (Ordinal: 1257, Address: 0x25e70)
- SymGetSourceFileChecksumW (Ordinal: 1258, Address: 0x25f00)
- SymGetSourceFileFromToken (Ordinal: 1259, Address: 0x26250)
- SymGetSourceFileFromTokenW (Ordinal: 1260, Address: 0x26300)
- SymGetSourceFileToken (Ordinal: 1261, Address: 0x25d30)
- SymGetSourceFileTokenW (Ordinal: 1262, Address: 0x25da0)
- SymGetSourceFileW (Ordinal: 1263, Address: 0x25cb0)
- SymGetSourceVarFromToken (Ordinal: 1264, Address: 0x26380)
- SymGetSourceVarFromTokenW (Ordinal: 1265, Address: 0x26450)
- SymGetSymFromAddr (Ordinal: 1266, Address: 0x25450)
- SymGetSymFromAddr64 (Ordinal: 1267, Address: 0x25450)
- SymGetSymFromName (Ordinal: 1268, Address: 0x25680)
- SymGetSymFromName64 (Ordinal: 1269, Address: 0x25680)
- SymGetSymNext (Ordinal: 1270, Address: 0x25970)
- SymGetSymNext64 (Ordinal: 1271, Address: 0x25970)
- SymGetSymPrev (Ordinal: 1272, Address: 0x25990)
- SymGetSymPrev64 (Ordinal: 1273, Address: 0x25990)
- SymGetSymbolFile (Ordinal: 1274, Address: 0x3b550)
- SymGetSymbolFileW (Ordinal: 1275, Address: 0x3b070)
- SymGetTypeFromName (Ordinal: 1276, Address: 0x2a9d0)
- SymGetTypeFromNameW (Ordinal: 1277, Address: 0x2aaa0)
- SymGetTypeInfo (Ordinal: 1278, Address: 0x2bdf0)
- SymGetTypeInfoEx (Ordinal: 1279, Address: 0x2c230)
- SymGetUnwindInfo (Ordinal: 1280, Address: 0x280c0)
- SymInitialize (Ordinal: 1281, Address: 0x23da0)
- SymInitializeW (Ordinal: 1282, Address: 0x23ac0)
- SymLoadModule (Ordinal: 1283, Address: 0x28860)
- SymLoadModule64 (Ordinal: 1284, Address: 0x28860)
- SymLoadModuleEx (Ordinal: 1285, Address: 0x28720)
- SymLoadModuleExW (Ordinal: 1286, Address: 0x28800)
- SymMatchFileName (Ordinal: 1287, Address: 0x27c10)
- SymMatchFileNameW (Ordinal: 1288, Address: 0x27d10)
- SymMatchString (Ordinal: 1289, Address: 0x2ac00)
- SymMatchStringA (Ordinal: 1290, Address: 0x2ac40)
- SymMatchStringW (Ordinal: 1291, Address: 0x2ac50)
- SymNext (Ordinal: 1292, Address: 0x25700)
- SymNextW (Ordinal: 1293, Address: 0x257a0)
- SymPrev (Ordinal: 1294, Address: 0x257c0)
- SymPrevW (Ordinal: 1295, Address: 0x25860)
- SymQueryInlineTrace (Ordinal: 1296, Address: 0x2b150)
- SymRefreshModuleList (Ordinal: 1297, Address: 0x239d0)
- SymRegisterCallback (Ordinal: 1298, Address: 0x28f70)
- SymRegisterCallback64 (Ordinal: 1299, Address: 0x28f70)
- SymRegisterCallbackW64 (Ordinal: 1300, Address: 0x28ff0)
- SymRegisterFunctionEntryCallback (Ordinal: 1301, Address: 0x27df0)
- SymRegisterFunctionEntryCallback64 (Ordinal: 1302, Address: 0x27df0)
- SymSearch (Ordinal: 1303, Address: 0x29e50)
- SymSearchW (Ordinal: 1304, Address: 0x29f10)
- SymSetContext (Ordinal: 1305, Address: 0x24bb0)
- SymSetExtendedOption (Ordinal: 1306, Address: 0x24020)
- SymSetHomeDirectory (Ordinal: 1307, Address: 0x24800)
- SymSetHomeDirectoryW (Ordinal: 1308, Address: 0x24780)
- SymSetOptions (Ordinal: 1309, Address: 0x249e0)
- SymSetParentWindow (Ordinal: 1310, Address: 0x24050)
- SymSetScopeFromAddr (Ordinal: 1311, Address: 0x24d30)
- SymSetScopeFromIndex (Ordinal: 1312, Address: 0x24d40)
- SymSetScopeFromInlineContext (Ordinal: 1313, Address: 0x24c70)
- SymSetSearchPath (Ordinal: 1314, Address: 0x28a00)
- SymSetSearchPathW (Ordinal: 1315, Address: 0x28a50)
- SymSrvDeltaName (Ordinal: 1316, Address: 0x3a3e0)
- SymSrvDeltaNameW (Ordinal: 1317, Address: 0x3a1d0)
- SymSrvGetFileIndexInfo (Ordinal: 1318, Address: 0x3b760)
- SymSrvGetFileIndexInfoW (Ordinal: 1319, Address: 0x3b840)
- SymSrvGetFileIndexString (Ordinal: 1320, Address: 0x3aba0)
- SymSrvGetFileIndexStringW (Ordinal: 1321, Address: 0x3aa70)
- SymSrvGetFileIndexes (Ordinal: 1322, Address: 0x3aa00)
- SymSrvGetFileIndexesW (Ordinal: 1323, Address: 0x3a940)
- SymSrvGetSupplement (Ordinal: 1324, Address: 0x3a5f0)
- SymSrvGetSupplementW (Ordinal: 1325, Address: 0x3a4c0)
- SymSrvIsStore (Ordinal: 1326, Address: 0x3a180)
- SymSrvIsStoreW (Ordinal: 1327, Address: 0x3a080)
- SymSrvStoreFile (Ordinal: 1328, Address: 0x3ad30)
- SymSrvStoreFileW (Ordinal: 1329, Address: 0x3ac60)
- SymSrvStoreSupplement (Ordinal: 1330, Address: 0x3a860)
- SymSrvStoreSupplementW (Ordinal: 1331, Address: 0x3a6c0)
- SymUnDName (Ordinal: 1332, Address: 0x288a0)
- SymUnDName64 (Ordinal: 1333, Address: 0x288a0)
- SymUnloadModule (Ordinal: 1334, Address: 0x28630)
- SymUnloadModule64 (Ordinal: 1335, Address: 0x28630)
- UnDecorateSymbolName (Ordinal: 1336, Address: 0x2c280)
- UnDecorateSymbolNameW (Ordinal: 1337, Address: 0x2c310)
- WinDbgExtensionDllInit (Ordinal: 1338, Address: 0x14360)
- block (Ordinal: 1339, Address: 0x164d0)
- chksym (Ordinal: 1340, Address: 0x162e0)
- dbghelp (Ordinal: 1341, Address: 0x24ea0)
- dh (Ordinal: 1342, Address: 0x17d10)
- fptr (Ordinal: 1343, Address: 0x143b0)
- homedir (Ordinal: 1344, Address: 0x168e0)
- inlinedbg (Ordinal: 1345, Address: 0x16080)
- itoldyouso (Ordinal: 1346, Address: 0x160f0)
- lmi (Ordinal: 1347, Address: 0x14f90)
- lminfo (Ordinal: 1348, Address: 0x14c70)
- omap (Ordinal: 1349, Address: 0x166c0)
- optdbgdump (Ordinal: 1350, Address: 0x1a2e0)
- optdbgdumpaddr (Ordinal: 1351, Address: 0x1a430)
- srcfiles (Ordinal: 1352, Address: 0x16a80)
- stack_force_ebp (Ordinal: 1353, Address: 0x147b0)
- stackdbg (Ordinal: 1354, Address: 0x145e0)
- sym (Ordinal: 1355, Address: 0x14a20)
- symsrv (Ordinal: 1356, Address: 0x14ba0)
- vc7fpo (Ordinal: 1357, Address: 0x145a0)
Imported DLLs & Functions
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x103169590)
- IsDebuggerPresent (Address: 0x103169598)
- OutputDebugStringA (Address: 0x1031695a0)
- OutputDebugStringW (Address: 0x103169588)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x1031695d8)
- RaiseException (Address: 0x1031695c0)
- SetErrorMode (Address: 0x1031695d0)
- SetLastError (Address: 0x1031695b0)
- SetUnhandledExceptionFilter (Address: 0x1031695c8)
- UnhandledExceptionFilter (Address: 0x1031695b8)
api-ms-win-core-file-l1-1-0.dll
- CreateDirectoryA (Address: 0x103169648)
- CreateDirectoryW (Address: 0x103169678)
- CreateFileA (Address: 0x103169628)
- CreateFileW (Address: 0x103169680)
- DeleteFileW (Address: 0x103169608)
- FindClose (Address: 0x1031695e8)
- FindFirstFileW (Address: 0x103169630)
- FindNextFileW (Address: 0x1031695f8)
- GetFileAttributesA (Address: 0x103169690)
- GetFileAttributesW (Address: 0x103169650)
- GetFileSize (Address: 0x103169638)
- GetFileSizeEx (Address: 0x103169660)
- GetFileType (Address: 0x103169610)
- GetFullPathNameW (Address: 0x103169658)
- ReadFile (Address: 0x103169620)
- RemoveDirectoryW (Address: 0x103169688)
- SetEndOfFile (Address: 0x103169618)
- SetFileAttributesW (Address: 0x103169600)
- SetFilePointer (Address: 0x103169670)
- SetFilePointerEx (Address: 0x103169640)
- SetFileTime (Address: 0x103169668)
- WriteFile (Address: 0x1031695f0)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x1031696a0)
- DuplicateHandle (Address: 0x1031696a8)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x1031696c0)
- HeapAlloc (Address: 0x1031696b8)
- HeapFree (Address: 0x1031696d0)
- HeapReAlloc (Address: 0x1031696c8)
api-ms-win-core-interlocked-l1-1-0.dll
- InitializeSListHead (Address: 0x1031696e0)
api-ms-win-core-io-l1-1-0.dll
- DeviceIoControl (Address: 0x1031696f0)
api-ms-win-core-libraryloader-l1-1-0.dll
- FreeLibrary (Address: 0x103169700)
- GetModuleFileNameW (Address: 0x103169710)
- GetModuleHandleA (Address: 0x103169730)
- GetModuleHandleExW (Address: 0x103169720)
- GetModuleHandleW (Address: 0x103169718)
- GetProcAddress (Address: 0x103169728)
- LoadLibraryExA (Address: 0x103169738)
- LoadLibraryExW (Address: 0x103169708)
api-ms-win-core-localization-l1-1-0.dll
- LCMapStringEx (Address: 0x103169750)
- LCMapStringW (Address: 0x103169748)
api-ms-win-core-localregistry-l1-1-0.dll
- RegCloseKey (Address: 0x103169778)
- RegEnumKeyExW (Address: 0x103169760)
- RegOpenKeyExW (Address: 0x103169770)
- RegQueryInfoKeyW (Address: 0x103169768)
- RegQueryValueExW (Address: 0x103169780)
api-ms-win-core-memory-l1-1-0.dll
- CreateFileMappingW (Address: 0x1031697d0)
- MapViewOfFile (Address: 0x1031697a0)
- MapViewOfFileEx (Address: 0x1031697b0)
- ReadProcessMemory (Address: 0x103169798)
- UnmapViewOfFile (Address: 0x1031697c8)
- VirtualAlloc (Address: 0x1031697b8)
- VirtualFree (Address: 0x1031697c0)
- VirtualProtect (Address: 0x103169790)
- VirtualQuery (Address: 0x1031697a8)
api-ms-win-core-misc-l1-1-0.dll
- FormatMessageW (Address: 0x1031697e0)
- LocalAlloc (Address: 0x1031697e8)
- Sleep (Address: 0x1031697f0)
api-ms-win-core-processenvironment-l1-1-0.dll
- ExpandEnvironmentStringsW (Address: 0x103169800)
- GetEnvironmentVariableW (Address: 0x103169808)
- SetEnvironmentVariableA (Address: 0x103169810)
api-ms-win-core-processthreads-l1-1-0.dll
- GetCurrentProcess (Address: 0x103169820)
- GetCurrentProcessId (Address: 0x103169828)
- GetCurrentThread (Address: 0x103169858)
- GetCurrentThreadId (Address: 0x103169840)
- OpenThreadToken (Address: 0x103169860)
- TerminateProcess (Address: 0x103169830)
- TlsAlloc (Address: 0x103169848)
- TlsFree (Address: 0x103169838)
- TlsGetValue (Address: 0x103169868)
- TlsSetValue (Address: 0x103169850)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x103169878)
api-ms-win-core-rtlsupport-l1-1-0.dll
- RtlCaptureContext (Address: 0x103169890)
- RtlLookupFunctionEntry (Address: 0x103169898)
- RtlVirtualUnwind (Address: 0x103169888)
api-ms-win-core-string-l1-1-0.dll
- GetStringTypeW (Address: 0x1031698b8)
- MultiByteToWideChar (Address: 0x1031698a8)
- WideCharToMultiByte (Address: 0x1031698b0)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x103169900)
- DeleteCriticalSection (Address: 0x1031698c8)
- EnterCriticalSection (Address: 0x1031698f8)
- InitializeCriticalSection (Address: 0x1031698d0)
- InitializeCriticalSectionAndSpinCount (Address: 0x103169908)
- InitializeCriticalSectionEx (Address: 0x1031698e8)
- LeaveCriticalSection (Address: 0x1031698d8)
- OpenProcess (Address: 0x1031698e0)
- ReleaseSRWLockExclusive (Address: 0x1031698f0)
api-ms-win-core-synch-l1-2-0.dll
- InitOnceExecuteOnce (Address: 0x103169918)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetSystemDirectoryW (Address: 0x103169950)
- GetSystemInfo (Address: 0x103169938)
- GetSystemTime (Address: 0x103169928)
- GetSystemTimeAsFileTime (Address: 0x103169940)
- GetTickCount (Address: 0x103169930)
- GetVersionExA (Address: 0x103169958)
- GetVersionExW (Address: 0x103169948)
- SystemTimeToFileTime (Address: 0x103169960)
api-ms-win-core-util-l1-1-0.dll
- DecodePointer (Address: 0x103169970)
- EncodePointer (Address: 0x103169978)
api-ms-win-crt-locale-l1-1-0.dll
- _lock_locales (Address: 0x103169990)
- _unlock_locales (Address: 0x103169988)
api-ms-win-crt-private-l1-1-0.dll
- __C_specific_handler (Address: 0x103169c90)
- __CxxFrameHandler3 (Address: 0x103169c98)
- __uncaught_exception (Address: 0x103169bc0)
- __unDName (Address: 0x103169cc0)
- __unDNameEx (Address: 0x103169cb0)
- _CxxThrowException (Address: 0x103169bc8)
- _o____lc_codepage_func (Address: 0x103169c68)
- _o____lc_locale_name_func (Address: 0x103169c60)
- _o____mb_cur_max_func (Address: 0x103169c58)
- _o___acrt_iob_func (Address: 0x103169c50)
- _o___pctype_func (Address: 0x103169c48)
- _o___std_exception_copy (Address: 0x103169c40)
- _o___std_exception_destroy (Address: 0x103169c38)
- _o___std_type_info_destroy_list (Address: 0x103169c30)
- _o___stdio_common_vfprintf (Address: 0x103169c28)
- _o___stdio_common_vsnprintf_s (Address: 0x103169c20)
- _o___stdio_common_vsnwprintf_s (Address: 0x103169c18)
- _o___stdio_common_vsprintf_s (Address: 0x103169c10)
- _o___stdio_common_vsscanf (Address: 0x103169c08)
- _o___stdio_common_vswprintf_s (Address: 0x103169c00)
- _o__callnewh (Address: 0x103169bf8)
- _o__calloc_base (Address: 0x103169bf0)
- _o__cexit (Address: 0x103169be8)
- _o__close (Address: 0x103169be0)
- _o__configure_narrow_argv (Address: 0x103169bd8)
- _o__crt_atexit (Address: 0x103169bd0)
- _o__errno (Address: 0x1031699a0)
- _o__execute_onexit_table (Address: 0x1031699a8)
- _o__filelengthi64 (Address: 0x1031699b0)
- _o__fullpath (Address: 0x1031699b8)
- _o__initialize_narrow_environment (Address: 0x1031699c0)
- _o__initialize_onexit_table (Address: 0x1031699c8)
- _o__invalid_parameter_noinfo (Address: 0x1031699d0)
- _o__invalid_parameter_noinfo_noreturn (Address: 0x1031699d8)
- _o__itoa_s (Address: 0x1031699e0)
- _o__lseeki64 (Address: 0x1031699e8)
- _o__ltoa (Address: 0x1031699f0)
- _o__mbscmp (Address: 0x1031699f8)
- _o__memicmp (Address: 0x103169a00)
- _o__open_osfhandle (Address: 0x103169a08)
- _o__purecall (Address: 0x103169a10)
- _o__read (Address: 0x103169a18)
- _o__register_onexit_function (Address: 0x103169a20)
- _o__seh_filter_dll (Address: 0x103169a28)
- _o__splitpath_s (Address: 0x103169a30)
- _o__stricmp (Address: 0x103169a38)
- _o__strlwr (Address: 0x103169a40)
- _o__strnicmp (Address: 0x103169a48)
- _o__wcsdup (Address: 0x103169a50)
- _o__wcsicmp (Address: 0x103169a58)
- _o__wcslwr (Address: 0x103169a60)
- _o__wcsnicmp (Address: 0x103169a68)
- _o__wctime64 (Address: 0x103169a70)
- _o__wdupenv_s (Address: 0x103169a78)
- _o__wfsopen (Address: 0x103169a80)
- _o__wfullpath (Address: 0x103169a88)
- _o__wgetenv (Address: 0x103169a90)
- _o__wmakepath_s (Address: 0x103169a98)
- _o__wsplitpath_s (Address: 0x103169aa0)
- _o__wtoi (Address: 0x103169aa8)
- _o_abort (Address: 0x103169ab0)
- _o_atoi (Address: 0x103169ab8)
- _o_atol (Address: 0x103169ac0)
- _o_bsearch (Address: 0x103169ac8)
- _o_calloc (Address: 0x103169ad0)
- _o_fclose (Address: 0x103169ad8)
- _o_fflush (Address: 0x103169ae0)
- _o_fread (Address: 0x103169ae8)
- _o_free (Address: 0x103169af0)
- _o_frexp (Address: 0x103169af8)
- _o_fseek (Address: 0x103169b00)
- _o_ftell (Address: 0x103169b08)
- _o_isspace (Address: 0x103169b10)
- _o_iswprint (Address: 0x103169b18)
- _o_iswspace (Address: 0x103169b20)
- _o_iswxdigit (Address: 0x103169b28)
- _o_localeconv (Address: 0x103169b30)
- _o_malloc (Address: 0x103169b38)
- _o_qsort (Address: 0x103169b40)
- _o_realloc (Address: 0x103169b48)
- _o_setlocale (Address: 0x103169b50)
- _o_strcat_s (Address: 0x103169b58)
- _o_strcpy_s (Address: 0x103169b60)
- _o_strncat_s (Address: 0x103169b68)
- _o_strncpy_s (Address: 0x103169b70)
- _o_terminate (Address: 0x103169b78)
- _o_tolower (Address: 0x103169b80)
- _o_towlower (Address: 0x103169b88)
- _o_wcscat_s (Address: 0x103169b90)
- _o_wcscpy_s (Address: 0x103169b98)
- _o_wcsncat_s (Address: 0x103169ba0)
- _o_wcsncpy_s (Address: 0x103169ba8)
- _o_wcstoul (Address: 0x103169bb0)
- _o_wmemcpy_s (Address: 0x103169bb8)
- memcmp (Address: 0x103169ca8)
- memcpy (Address: 0x103169cd0)
- memmove (Address: 0x103169ca0)
- strchr (Address: 0x103169cc8)
- strrchr (Address: 0x103169cb8)
- strstr (Address: 0x103169c78)
- wcschr (Address: 0x103169c88)
- wcsrchr (Address: 0x103169c70)
- wcsstr (Address: 0x103169c80)
api-ms-win-crt-runtime-l1-1-0.dll
- __doserrno (Address: 0x103169cf0)
- _initterm (Address: 0x103169ce8)
- _initterm_e (Address: 0x103169ce0)
api-ms-win-crt-string-l1-1-0.dll
- memset (Address: 0x103169d28)
- strcmp (Address: 0x103169d10)
- strcspn (Address: 0x103169d20)
- strlen (Address: 0x103169d30)
- strncmp (Address: 0x103169d00)
- wcscmp (Address: 0x103169d08)
- wcsncmp (Address: 0x103169d38)
- wcsnlen (Address: 0x103169d18)
api-ms-win-crt-time-l1-1-0.dll
- _ctime64 (Address: 0x103169d48)
- _time64 (Address: 0x103169d50)
api-ms-win-downlevel-kernel32-l2-1-0.dll
- CreateFileMappingA (Address: 0x103169d60)
- LocalFree (Address: 0x103169d68)
api-ms-win-security-base-l1-1-0.dll
- AccessCheck (Address: 0x103169d88)
- GetFileSecurityW (Address: 0x103169d78)
- ImpersonateSelf (Address: 0x103169d80)
- RevertToSelf (Address: 0x103169d90)
ntdll.dll
- RtlRunOnceExecuteOnce (Address: 0x103169da0)
- RtlUTF8ToUnicodeN (Address: 0x103169da8)