shsvcs.dll
Description: Windows Shell Services Dll
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.5794
Architecture: 32-bit
Operating System: Windows NT
SHA256: 01349eaf58469ca9f8fa17ad81495813
File Size: 204.5 KB
Uploaded At: Dec. 1, 2025, 8:04 a.m.
Views: 13
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: WriteProcessMemory, OpenProcess, VirtualAllocEx
Exported Functions
- (Ordinal: 1, Address: 0x2ebed)
- (Ordinal: 2, Address: 0x2ebdf)
- (Ordinal: 3, Address: 0x2eba7)
- (Ordinal: 4, Address: 0x2ebb5)
- (Ordinal: 5, Address: 0x2ebc3)
- (Ordinal: 6, Address: 0x2ebd1)
- (Ordinal: 7, Address: 0x2ebfb)
- (Ordinal: 8, Address: 0x2ec4f)
- (Ordinal: 9, Address: 0x2ec33)
- (Ordinal: 10, Address: 0x2ec25)
- (Ordinal: 11, Address: 0x2ec41)
- (Ordinal: 12, Address: 0x2ec17)
- (Ordinal: 13, Address: 0x2ec09)
- (Ordinal: 14, Address: 0x2ec5d)
- HardwareDetectionServiceMain (Ordinal: 15, Address: 0x10320)
- CreateHardwareEventMoniker (Ordinal: 16, Address: 0x5100)
Imported DLLs & Functions
api-ms-win-core-apiquery-l1-1-0.dll
- ApiSetQueryApiSetPresence (Address: 0x10031008)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x10031014)
- IsDebuggerPresent (Address: 0x10031018)
- OutputDebugStringW (Address: 0x10031010)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x10031020)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x10031028)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x10031038)
- RaiseException (Address: 0x10031034)
- SetLastError (Address: 0x10031030)
- SetUnhandledExceptionFilter (Address: 0x10031040)
- UnhandledExceptionFilter (Address: 0x1003103c)
api-ms-win-core-file-l1-1-0.dll
- CreateFileW (Address: 0x10031058)
- FindClose (Address: 0x10031060)
- FindFirstFileW (Address: 0x1003105c)
- GetFileAttributesW (Address: 0x10031048)
- GetVolumeInformationW (Address: 0x10031050)
- GetVolumePathNameW (Address: 0x10031054)
- ReadFile (Address: 0x1003104c)
api-ms-win-core-file-l1-2-0.dll
- GetVolumeNameForVolumeMountPointW (Address: 0x10031068)
- GetVolumePathNamesForVolumeNameW (Address: 0x1003106c)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x10031074)
- DuplicateHandle (Address: 0x10031078)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x10031084)
- HeapAlloc (Address: 0x1003108c)
- HeapFree (Address: 0x10031080)
- HeapReAlloc (Address: 0x10031088)
api-ms-win-core-heap-l2-1-0.dll
- LocalAlloc (Address: 0x10031094)
- LocalFree (Address: 0x10031098)
api-ms-win-core-io-l1-1-0.dll
- DeviceIoControl (Address: 0x100310a4)
- GetOverlappedResult (Address: 0x100310a0)
api-ms-win-core-io-l1-1-1.dll
- CancelIo (Address: 0x100310ac)
api-ms-win-core-libraryloader-l1-2-0.dll
- DisableThreadLibraryCalls (Address: 0x100310bc)
- FreeLibrary (Address: 0x100310c4)
- GetModuleFileNameA (Address: 0x100310b8)
- GetModuleHandleExW (Address: 0x100310c0)
- GetModuleHandleW (Address: 0x100310b4)
- GetProcAddress (Address: 0x100310c8)
- LoadLibraryExW (Address: 0x100310cc)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x100310d4)
api-ms-win-core-memory-l1-1-0.dll
- VirtualAlloc (Address: 0x100310e8)
- VirtualAllocEx (Address: 0x100310e0)
- VirtualFree (Address: 0x100310ec)
- VirtualFreeEx (Address: 0x100310e4)
- WriteProcessMemory (Address: 0x100310dc)
api-ms-win-core-path-l1-1-0.dll
- PathCchAddBackslash (Address: 0x100310f4)
api-ms-win-core-privateprofile-l1-1-0.dll
- GetPrivateProfileStringW (Address: 0x10031100)
- WritePrivateProfileStringW (Address: 0x100310fc)
api-ms-win-core-processenvironment-l1-1-0.dll
- ExpandEnvironmentStringsW (Address: 0x10031108)
api-ms-win-core-processthreads-l1-1-0.dll
- CreateThread (Address: 0x10031124)
- GetCurrentProcess (Address: 0x1003111c)
- GetCurrentProcessId (Address: 0x10031130)
- GetCurrentThread (Address: 0x10031118)
- GetCurrentThreadId (Address: 0x1003112c)
- OpenProcessToken (Address: 0x10031120)
- OpenThreadToken (Address: 0x10031114)
- ProcessIdToSessionId (Address: 0x10031128)
- QueueUserAPC (Address: 0x10031138)
- SetThreadToken (Address: 0x10031134)
- TerminateProcess (Address: 0x10031110)
api-ms-win-core-processthreads-l1-1-1.dll
- OpenProcess (Address: 0x10031140)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x10031148)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x10031154)
- RegCreateKeyExW (Address: 0x10031150)
- RegEnumValueW (Address: 0x10031168)
- RegGetValueW (Address: 0x1003115c)
- RegOpenKeyExW (Address: 0x10031164)
- RegQueryValueExW (Address: 0x10031160)
- RegSetValueExW (Address: 0x10031158)
api-ms-win-core-string-l1-1-0.dll
- CompareStringOrdinal (Address: 0x10031170)
- CompareStringW (Address: 0x10031174)
- MultiByteToWideChar (Address: 0x10031178)
api-ms-win-core-string-obsolete-l1-1-0.dll
- lstrcmpiW (Address: 0x10031184)
- lstrcmpW (Address: 0x10031180)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x100311bc)
- AcquireSRWLockShared (Address: 0x100311c4)
- CreateEventW (Address: 0x100311b0)
- CreateMutexExW (Address: 0x10031194)
- CreateSemaphoreExW (Address: 0x10031198)
- CreateWaitableTimerExW (Address: 0x100311dc)
- DeleteCriticalSection (Address: 0x100311d4)
- EnterCriticalSection (Address: 0x100311cc)
- InitializeCriticalSection (Address: 0x100311c8)
- InitializeCriticalSectionEx (Address: 0x100311d8)
- LeaveCriticalSection (Address: 0x100311d0)
- OpenEventW (Address: 0x100311b4)
- OpenSemaphoreW (Address: 0x1003118c)
- ReleaseMutex (Address: 0x1003119c)
- ReleaseSemaphore (Address: 0x100311a0)
- ReleaseSRWLockExclusive (Address: 0x100311c0)
- ReleaseSRWLockShared (Address: 0x100311e4)
- ResetEvent (Address: 0x100311e0)
- SetEvent (Address: 0x100311ac)
- SetWaitableTimer (Address: 0x100311b8)
- WaitForMultipleObjectsEx (Address: 0x100311a8)
- WaitForSingleObject (Address: 0x100311a4)
- WaitForSingleObjectEx (Address: 0x10031190)
api-ms-win-core-synch-l1-2-0.dll
- Sleep (Address: 0x100311f4)
- SleepConditionVariableSRW (Address: 0x100311ec)
- WakeAllConditionVariable (Address: 0x100311f0)
api-ms-win-core-synch-l1-2-1.dll
- WaitForMultipleObjects (Address: 0x100311fc)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetLocalTime (Address: 0x10031208)
- GetSystemDirectoryW (Address: 0x10031210)
- GetSystemTimeAsFileTime (Address: 0x10031204)
- GetTickCount (Address: 0x1003120c)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpoolTimer (Address: 0x1003121c)
- CreateThreadpoolTimer (Address: 0x10031224)
- SetThreadpoolTimer (Address: 0x10031218)
- TrySubmitThreadpoolCallback (Address: 0x10031220)
- WaitForThreadpoolTimerCallbacks (Address: 0x10031228)
api-ms-win-core-threadpool-legacy-l1-1-0.dll
- QueueUserWorkItem (Address: 0x10031230)
api-ms-win-core-timezone-l1-1-0.dll
- SystemTimeToFileTime (Address: 0x10031238)
api-ms-win-devices-config-l1-1-1.dll
- CM_Get_Device_IDW (Address: 0x10031240)
- CM_Get_Parent (Address: 0x10031248)
- CM_Register_Notification (Address: 0x1003124c)
- CM_Unregister_Notification (Address: 0x10031244)
api-ms-win-eventing-classicprovider-l1-1-0.dll
- TraceMessage (Address: 0x10031254)
api-ms-win-security-base-l1-1-0.dll
- AdjustTokenPrivileges (Address: 0x10031260)
- DuplicateTokenEx (Address: 0x10031264)
- ImpersonateLoggedOnUser (Address: 0x10031268)
- RevertToSelf (Address: 0x1003125c)
api-ms-win-service-core-l1-1-0.dll
- RegisterServiceCtrlHandlerExW (Address: 0x10031274)
- SetServiceStatus (Address: 0x10031270)
api-ms-win-service-core-l1-1-1.dll
- EnumDependentServicesW (Address: 0x1003127c)
api-ms-win-service-management-l1-1-0.dll
- CloseServiceHandle (Address: 0x1003128c)
- OpenSCManagerW (Address: 0x10031288)
- OpenServiceW (Address: 0x10031284)
api-ms-win-service-private-l1-1-0.dll
- I_ScRegisterDeviceNotification (Address: 0x10031294)
- I_ScUnregisterDeviceNotification (Address: 0x10031298)
api-ms-win-service-winsvc-l1-1-0.dll
- ControlService (Address: 0x100312a4)
- QueryServiceStatus (Address: 0x100312a0)
api-ms-win-stateseparation-helpers-l1-1-0.dll
- GetPersistedRegistryLocationW (Address: 0x100312ac)
msvcrt.dll
- __dllonexit (Address: 0x10031300)
- _amsg_exit (Address: 0x100312d8)
- _callnewh (Address: 0x10031308)
- _except_handler4_common (Address: 0x100312fc)
- _ftol2 (Address: 0x100312f0)
- _initterm (Address: 0x100312e4)
- _lock (Address: 0x100312cc)
- _onexit (Address: 0x100312ec)
- _purecall (Address: 0x100312d4)
- _unlock (Address: 0x10031304)
- _vsnwprintf (Address: 0x100312d0)
- _wcsicmp (Address: 0x100312b4)
- _wcsnicmp (Address: 0x100312bc)
- _XcptFilter (Address: 0x100312e8)
- free (Address: 0x100312dc)
- malloc (Address: 0x100312e0)
- memcmp (Address: 0x100312f4)
- memcpy (Address: 0x100312f8)
- memcpy_s (Address: 0x100312b8)
- memmove (Address: 0x1003130c)
- memmove_s (Address: 0x100312c0)
- memset (Address: 0x10031310)
- wcscat_s (Address: 0x100312c8)
- wcscpy_s (Address: 0x100312c4)
ntdll.dll
- EtwEventRegister (Address: 0x10031360)
- EtwEventUnregister (Address: 0x1003135c)
- EtwEventWriteTransfer (Address: 0x10031344)
- EtwGetTraceEnableFlags (Address: 0x10031350)
- EtwGetTraceEnableLevel (Address: 0x10031354)
- EtwGetTraceLoggerHandle (Address: 0x10031358)
- EtwRegisterTraceGuidsW (Address: 0x1003134c)
- EtwTraceMessage (Address: 0x10031320)
- EtwUnregisterTraceGuids (Address: 0x10031348)
- NtClose (Address: 0x10031328)
- NtFilterToken (Address: 0x1003132c)
- NtOpenProcessToken (Address: 0x10031330)
- NtQueryVolumeInformationFile (Address: 0x1003131c)
- RtlAllocateAndInitializeSid (Address: 0x10031334)
- RtlCompareMemory (Address: 0x10031318)
- RtlFreeSid (Address: 0x10031324)
- RtlGetActiveConsoleId (Address: 0x10031338)
- RtlNtStatusToDosError (Address: 0x1003133c)
- RtlPublishWnfStateData (Address: 0x10031340)
RPCRT4.dll
- I_RpcBindingInqLocalClientPID (Address: 0x10031000)