radardt.dll

Description: Microsoft Windows Resource Exhaustion Detector

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.1

Architecture: 32-bit

Operating System: Windows NT

SHA256: 47d05ca5f4d158567f14cad106b86258

File Size: 89.5 KB

Uploaded At: Dec. 1, 2025, 8:03 a.m.

Views: 12

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • RdrSysprepSpecialize (Ordinal: 1, Address: 0xaa00)
  • RdrSysprepSpecializeOffline (Ordinal: 2, Address: 0xaef0)
  • WdiDiagnosticModuleMain (Ordinal: 3, Address: 0x2700)
  • WdiGetDiagnosticModuleInterfaceVersion (Ordinal: 4, Address: 0x39f0)
  • WdiHandleInstance (Ordinal: 5, Address: 0x2ae0)

Imported DLLs & Functions

ADVAPI32.dll
  • CloseServiceHandle (Address: 0x10013004)
  • CopySid (Address: 0x10013020)
  • EnumServicesStatusExW (Address: 0x1001300c)
  • EqualSid (Address: 0x10013000)
  • GetLengthSid (Address: 0x1001302c)
  • GetTokenInformation (Address: 0x10013030)
  • IsValidSid (Address: 0x10013024)
  • OpenProcessToken (Address: 0x10013028)
  • OpenSCManagerW (Address: 0x10013008)
  • OpenServiceW (Address: 0x10013014)
  • QueryServiceConfigW (Address: 0x10013010)
  • RegCloseKey (Address: 0x1001303c)
  • RegCreateKeyExW (Address: 0x1001301c)
  • RegDeleteKeyExW (Address: 0x10013040)
  • RegDeleteValueW (Address: 0x10013018)
  • RegEnumKeyExW (Address: 0x10013048)
  • RegOpenKeyExW (Address: 0x1001304c)
  • RegQueryInfoKeyW (Address: 0x10013044)
  • RegQueryValueExW (Address: 0x10013038)
  • RegSetValueExW (Address: 0x10013034)
KERNEL32.dll
  • CloseHandle (Address: 0x100130e4)
  • CreateEventW (Address: 0x100130a8)
  • CreateProcessW (Address: 0x100130d0)
  • CreateThread (Address: 0x1001305c)
  • CreateWaitableTimerExW (Address: 0x100130ac)
  • DelayLoadFailureHook (Address: 0x10013094)
  • DeleteCriticalSection (Address: 0x10013108)
  • DisableThreadLibraryCalls (Address: 0x10013104)
  • EnterCriticalSection (Address: 0x100130ec)
  • ExpandEnvironmentStringsW (Address: 0x10013118)
  • FindFirstVolumeW (Address: 0x100130c0)
  • FindNextVolumeW (Address: 0x100130d4)
  • FindVolumeClose (Address: 0x100130cc)
  • FreeLibrary (Address: 0x10013070)
  • FreeLibraryAndExitThread (Address: 0x100130a4)
  • GetCurrentProcess (Address: 0x10013088)
  • GetCurrentProcessId (Address: 0x10013054)
  • GetCurrentThreadId (Address: 0x1001307c)
  • GetDriveTypeW (Address: 0x100130d8)
  • GetFileAttributesW (Address: 0x100130c4)
  • GetLastError (Address: 0x100130fc)
  • GetModuleFileNameW (Address: 0x100130e0)
  • GetModuleHandleExW (Address: 0x10013114)
  • GetProcessHeap (Address: 0x1001310c)
  • GetProcessId (Address: 0x1001306c)
  • GetProcessTimes (Address: 0x10013060)
  • GetSystemDirectoryW (Address: 0x100130c8)
  • GetSystemTimeAsFileTime (Address: 0x100130bc)
  • GetTickCount (Address: 0x10013078)
  • HeapAlloc (Address: 0x100130e8)
  • HeapCreate (Address: 0x10013110)
  • HeapDestroy (Address: 0x10013058)
  • HeapFree (Address: 0x100130b8)
  • InitializeCriticalSection (Address: 0x100130f4)
  • IsWow64Process (Address: 0x10013064)
  • K32GetModuleFileNameExW (Address: 0x1001308c)
  • LeaveCriticalSection (Address: 0x100130f0)
  • LocalFree (Address: 0x10013068)
  • OpenProcess (Address: 0x10013098)
  • ProcessIdToSessionId (Address: 0x1001311c)
  • QueryPerformanceCounter (Address: 0x10013080)
  • ResetEvent (Address: 0x100130b4)
  • ResolveDelayLoadedAPI (Address: 0x10013090)
  • SetEvent (Address: 0x10013100)
  • SetLastError (Address: 0x10013074)
  • SetUnhandledExceptionFilter (Address: 0x10013120)
  • SetWaitableTimer (Address: 0x1001309c)
  • TerminateProcess (Address: 0x10013084)
  • TryEnterCriticalSection (Address: 0x100130b0)
  • UnhandledExceptionFilter (Address: 0x100130dc)
  • WaitForMultipleObjectsEx (Address: 0x100130a0)
  • WaitForSingleObject (Address: 0x100130f8)
KERNELBASE.dll
  • LocalAlloc (Address: 0x1001312c)
  • Sleep (Address: 0x10013128)
  • WTSGetServiceSessionId (Address: 0x10013130)
msvcrt.dll
  • _amsg_exit (Address: 0x10013158)
  • _except_handler4_common (Address: 0x10013148)
  • _initterm (Address: 0x1001314c)
  • _vsnwprintf (Address: 0x10013168)
  • _wcsicmp (Address: 0x10013160)
  • _XcptFilter (Address: 0x1001315c)
  • free (Address: 0x10013154)
  • malloc (Address: 0x10013150)
  • memset (Address: 0x1001316c)
  • qsort (Address: 0x10013164)
  • wcsrchr (Address: 0x10013144)
ntdll.dll
  • EtwEventEnabled (Address: 0x10013184)
  • EtwEventRegister (Address: 0x10013180)
  • EtwEventUnregister (Address: 0x10013190)
  • EtwEventWrite (Address: 0x100131b0)
  • EtwGetTraceEnableFlags (Address: 0x100131a0)
  • EtwGetTraceEnableLevel (Address: 0x100131a8)
  • EtwGetTraceLoggerHandle (Address: 0x100131a4)
  • EtwRegisterTraceGuidsW (Address: 0x100131ac)
  • EtwTraceMessage (Address: 0x100131b4)
  • EtwUnregisterTraceGuids (Address: 0x1001319c)
  • NtOpenEvent (Address: 0x10013174)
  • NtQueryEvent (Address: 0x10013194)
  • NtQuerySystemInformation (Address: 0x10013198)
  • RtlAllocateAndInitializeSid (Address: 0x1001318c)
  • RtlEqualUnicodeString (Address: 0x1001317c)
  • RtlFreeSid (Address: 0x10013188)
  • RtlInitUnicodeString (Address: 0x10013178)
  • RtlNtStatusToDosError (Address: 0x100131b8)
POWRPROF.dll
  • PowerSettingRegisterNotification (Address: 0x1001313c)
  • PowerSettingUnregisterNotification (Address: 0x10013138)