ttdrecord.dll
Description: Time Travel Debugging Recording Manager
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.4355
Architecture: 32-bit
Operating System: Windows NT
SHA256: 696aeadb625d570cea6f361e3ecec91a
File Size: 437.3 KB
Uploaded At: Dec. 1, 2025, 8:05 a.m.
Views: 18
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- ExecuteTTTracerCommandLine (Ordinal: 1, Address: 0x26f90)
Imported DLLs & Functions
api-ms-win-core-com-l1-1-0.dll
- CoCreateInstance (Address: 0x1004a0f0)
- CoGetApartmentType (Address: 0x1004a0ec)
- CoGetObjectContext (Address: 0x1004a0dc)
- CoInitializeEx (Address: 0x1004a0f8)
- CoTaskMemAlloc (Address: 0x1004a0e0)
- CoTaskMemFree (Address: 0x1004a0f4)
- CoUninitialize (Address: 0x1004a0e4)
- StringFromGUID2 (Address: 0x1004a0e8)
api-ms-win-core-console-l1-1-0.dll
- GetConsoleMode (Address: 0x1004a104)
- SetConsoleCtrlHandler (Address: 0x1004a100)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x1004a10c)
- IsDebuggerPresent (Address: 0x1004a110)
- OutputDebugStringA (Address: 0x1004a118)
- OutputDebugStringW (Address: 0x1004a114)
api-ms-win-core-debug-l1-1-1.dll
- DebugActiveProcessStop (Address: 0x1004a120)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x1004a128)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x1004a140)
- RaiseException (Address: 0x1004a13c)
- SetLastError (Address: 0x1004a134)
- SetUnhandledExceptionFilter (Address: 0x1004a130)
- UnhandledExceptionFilter (Address: 0x1004a138)
api-ms-win-core-fibers-l1-1-0.dll
- FlsAlloc (Address: 0x1004a154)
- FlsFree (Address: 0x1004a150)
- FlsGetValue (Address: 0x1004a14c)
- FlsSetValue (Address: 0x1004a148)
api-ms-win-core-file-l1-1-0.dll
- CreateFileW (Address: 0x1004a17c)
- DeleteFileW (Address: 0x1004a178)
- FlushFileBuffers (Address: 0x1004a168)
- GetFileAttributesW (Address: 0x1004a170)
- GetFileSizeEx (Address: 0x1004a16c)
- GetFullPathNameW (Address: 0x1004a180)
- ReadFile (Address: 0x1004a174)
- SetFilePointer (Address: 0x1004a15c)
- SetFilePointerEx (Address: 0x1004a164)
- WriteFile (Address: 0x1004a160)
api-ms-win-core-file-l2-1-0.dll
- MoveFileExW (Address: 0x1004a188)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x1004a190)
- DuplicateHandle (Address: 0x1004a194)
- GetHandleInformation (Address: 0x1004a198)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x1004a1a8)
- HeapAlloc (Address: 0x1004a1a4)
- HeapFree (Address: 0x1004a1a0)
api-ms-win-core-heap-obsolete-l1-1-0.dll
- LocalFree (Address: 0x1004a1b0)
api-ms-win-core-interlocked-l1-1-0.dll
- InitializeSListHead (Address: 0x1004a1b8)
- InterlockedFlushSList (Address: 0x1004a1bc)
api-ms-win-core-io-l1-1-0.dll
- DeviceIoControl (Address: 0x1004a1c4)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
- FindResourceW (Address: 0x1004a1dc)
- GetConsoleWindow (Address: 0x1004a1d8)
- GetSystemWow64DirectoryW (Address: 0x1004a1d4)
- LoadLibraryW (Address: 0x1004a1cc)
- WaitForMultipleObjects (Address: 0x1004a1d0)
api-ms-win-core-kernel32-legacy-l1-1-1.dll
- VerifyVersionInfoW (Address: 0x1004a1e4)
api-ms-win-core-libraryloader-l1-1-0.dll
- FreeLibrary (Address: 0x1004a200)
- GetModuleFileNameA (Address: 0x1004a1f4)
- GetModuleFileNameW (Address: 0x1004a1ec)
- GetModuleHandleExW (Address: 0x1004a1f0)
- GetModuleHandleW (Address: 0x1004a214)
- GetProcAddress (Address: 0x1004a210)
- LoadLibraryExA (Address: 0x1004a208)
- LoadLibraryExW (Address: 0x1004a20c)
- LoadResource (Address: 0x1004a1fc)
- LockResource (Address: 0x1004a204)
- SizeofResource (Address: 0x1004a1f8)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x1004a21c)
api-ms-win-core-memory-l1-1-0.dll
- CreateFileMappingW (Address: 0x1004a234)
- MapViewOfFile (Address: 0x1004a230)
- OpenFileMappingW (Address: 0x1004a22c)
- ReadProcessMemory (Address: 0x1004a224)
- UnmapViewOfFile (Address: 0x1004a228)
api-ms-win-core-processenvironment-l1-1-0.dll
- GetCurrentDirectoryW (Address: 0x1004a240)
- GetStdHandle (Address: 0x1004a23c)
api-ms-win-core-processthreads-l1-1-0.dll
- CreateProcessW (Address: 0x1004a248)
- CreateThread (Address: 0x1004a26c)
- DeleteProcThreadAttributeList (Address: 0x1004a284)
- GetCurrentProcess (Address: 0x1004a24c)
- GetCurrentProcessId (Address: 0x1004a25c)
- GetCurrentThread (Address: 0x1004a274)
- GetCurrentThreadId (Address: 0x1004a278)
- GetExitCodeProcess (Address: 0x1004a280)
- InitializeProcThreadAttributeList (Address: 0x1004a250)
- OpenProcessToken (Address: 0x1004a268)
- OpenThread (Address: 0x1004a264)
- ProcessIdToSessionId (Address: 0x1004a270)
- ResumeThread (Address: 0x1004a254)
- SetThreadPriority (Address: 0x1004a288)
- SuspendThread (Address: 0x1004a260)
- TerminateProcess (Address: 0x1004a27c)
- UpdateProcThreadAttribute (Address: 0x1004a258)
api-ms-win-core-processthreads-l1-1-1.dll
- IsProcessorFeaturePresent (Address: 0x1004a290)
- OpenProcess (Address: 0x1004a294)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x1004a29c)
api-ms-win-core-psapi-l1-1-0.dll
- K32EnumProcesses (Address: 0x1004a2a8)
- QueryFullProcessImageNameW (Address: 0x1004a2a4)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x1004a2d8)
- RegCreateKeyExW (Address: 0x1004a2dc)
- RegDeleteKeyExW (Address: 0x1004a2cc)
- RegDeleteValueW (Address: 0x1004a2b0)
- RegEnumKeyExW (Address: 0x1004a2c4)
- RegEnumValueW (Address: 0x1004a2b4)
- RegGetValueW (Address: 0x1004a2d4)
- RegOpenKeyExW (Address: 0x1004a2bc)
- RegQueryInfoKeyW (Address: 0x1004a2c8)
- RegQueryValueExW (Address: 0x1004a2d0)
- RegSetKeySecurity (Address: 0x1004a2b8)
- RegSetValueExW (Address: 0x1004a2c0)
api-ms-win-core-registry-l2-1-0.dll
- RegDeleteKeyA (Address: 0x1004a2e8)
- RegSetKeyValueW (Address: 0x1004a2e4)
api-ms-win-core-string-l1-1-0.dll
- MultiByteToWideChar (Address: 0x1004a2f4)
- WideCharToMultiByte (Address: 0x1004a2f0)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x1004a348)
- CreateEventExW (Address: 0x1004a35c)
- CreateEventW (Address: 0x1004a340)
- CreateMutexExW (Address: 0x1004a318)
- CreateMutexW (Address: 0x1004a350)
- CreateSemaphoreExW (Address: 0x1004a338)
- CreateWaitableTimerExW (Address: 0x1004a310)
- DeleteCriticalSection (Address: 0x1004a304)
- EnterCriticalSection (Address: 0x1004a308)
- InitializeCriticalSectionAndSpinCount (Address: 0x1004a330)
- InitializeCriticalSectionEx (Address: 0x1004a31c)
- InitializeSRWLock (Address: 0x1004a328)
- LeaveCriticalSection (Address: 0x1004a314)
- OpenEventW (Address: 0x1004a32c)
- OpenMutexW (Address: 0x1004a320)
- OpenSemaphoreW (Address: 0x1004a2fc)
- ReleaseMutex (Address: 0x1004a334)
- ReleaseSemaphore (Address: 0x1004a33c)
- ReleaseSRWLockExclusive (Address: 0x1004a34c)
- ResetEvent (Address: 0x1004a354)
- SetEvent (Address: 0x1004a358)
- SetWaitableTimer (Address: 0x1004a30c)
- TryAcquireSRWLockExclusive (Address: 0x1004a324)
- WaitForSingleObject (Address: 0x1004a344)
- WaitForSingleObjectEx (Address: 0x1004a300)
api-ms-win-core-synch-l1-2-0.dll
- InitializeConditionVariable (Address: 0x1004a36c)
- InitOnceExecuteOnce (Address: 0x1004a374)
- Sleep (Address: 0x1004a364)
- SleepConditionVariableCS (Address: 0x1004a378)
- SleepConditionVariableSRW (Address: 0x1004a370)
- WakeAllConditionVariable (Address: 0x1004a368)
- WakeConditionVariable (Address: 0x1004a37c)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetLocalTime (Address: 0x1004a384)
- GetSystemDirectoryW (Address: 0x1004a388)
- GetSystemTimeAsFileTime (Address: 0x1004a398)
- GetTickCount (Address: 0x1004a394)
- GetVersion (Address: 0x1004a38c)
- GetVersionExW (Address: 0x1004a390)
api-ms-win-core-sysinfo-l1-2-0.dll
- GetNativeSystemInfo (Address: 0x1004a3a0)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpoolWait (Address: 0x1004a3b8)
- CloseThreadpoolWork (Address: 0x1004a3c4)
- CreateThreadpoolWait (Address: 0x1004a3bc)
- CreateThreadpoolWork (Address: 0x1004a3b0)
- FreeLibraryWhenCallbackReturns (Address: 0x1004a3b4)
- SetThreadpoolWait (Address: 0x1004a3ac)
- SubmitThreadpoolWork (Address: 0x1004a3c0)
- WaitForThreadpoolWaitCallbacks (Address: 0x1004a3a8)
api-ms-win-core-toolhelp-l1-1-0.dll
- CreateToolhelp32Snapshot (Address: 0x1004a3cc)
- Process32FirstW (Address: 0x1004a3d0)
- Process32NextW (Address: 0x1004a3d4)
api-ms-win-core-util-l1-1-0.dll
- DecodePointer (Address: 0x1004a3e0)
- EncodePointer (Address: 0x1004a3dc)
api-ms-win-core-version-l1-1-0.dll
- GetFileVersionInfoExW (Address: 0x1004a3f0)
- GetFileVersionInfoSizeExW (Address: 0x1004a3e8)
- VerQueryValueW (Address: 0x1004a3ec)
api-ms-win-core-wow64-l1-1-0.dll
- IsWow64Process (Address: 0x1004a3f8)
api-ms-win-crt-convert-l1-1-0.dll
- wcstoul (Address: 0x1004a400)
- wcstoull (Address: 0x1004a404)
api-ms-win-crt-heap-l1-1-0.dll
- _callnewh (Address: 0x1004a410)
- _calloc_base (Address: 0x1004a41c)
- _free_base (Address: 0x1004a40c)
- calloc (Address: 0x1004a414)
- free (Address: 0x1004a420)
- malloc (Address: 0x1004a418)
api-ms-win-crt-math-l1-1-0.dll
- _fdopen (Address: 0x1004a430)
- ceil (Address: 0x1004a42c)
- log2 (Address: 0x1004a428)
api-ms-win-crt-runtime-l1-1-0.dll
- __doserrno (Address: 0x1004a458)
- _cexit (Address: 0x1004a43c)
- _configure_narrow_argv (Address: 0x1004a468)
- _crt_atexit (Address: 0x1004a448)
- _errno (Address: 0x1004a44c)
- _execute_onexit_table (Address: 0x1004a454)
- _initialize_narrow_environment (Address: 0x1004a464)
- _initialize_onexit_table (Address: 0x1004a460)
- _initterm (Address: 0x1004a474)
- _initterm_e (Address: 0x1004a470)
- _invalid_parameter_noinfo (Address: 0x1004a440)
- _invalid_parameter_noinfo_noreturn (Address: 0x1004a450)
- _register_onexit_function (Address: 0x1004a45c)
- _seh_filter_dll (Address: 0x1004a46c)
- abort (Address: 0x1004a438)
- terminate (Address: 0x1004a444)
api-ms-win-crt-stdio-l1-1-0.dll
- __acrt_iob_func (Address: 0x1004a490)
- __stdio_common_vfprintf (Address: 0x1004a484)
- __stdio_common_vfwprintf (Address: 0x1004a47c)
- __stdio_common_vfwprintf_s (Address: 0x1004a494)
- __stdio_common_vsnprintf_s (Address: 0x1004a49c)
- __stdio_common_vsprintf (Address: 0x1004a4b0)
- __stdio_common_vsprintf_s (Address: 0x1004a488)
- __stdio_common_vswprintf (Address: 0x1004a498)
- __stdio_common_vswprintf_s (Address: 0x1004a4b4)
- __stdio_common_vswscanf (Address: 0x1004a4a0)
- _close (Address: 0x1004a480)
- _flushall (Address: 0x1004a4a8)
- _open_osfhandle (Address: 0x1004a4a4)
- fclose (Address: 0x1004a48c)
- fflush (Address: 0x1004a4ac)
api-ms-win-crt-string-l1-1-0.dll
- _wcsicmp (Address: 0x1004a4d4)
- _wcslwr (Address: 0x1004a4c8)
- _wcsnicmp (Address: 0x1004a4c4)
- iswxdigit (Address: 0x1004a4bc)
- strcpy_s (Address: 0x1004a4c0)
- towlower (Address: 0x1004a4d0)
- wcscpy_s (Address: 0x1004a4cc)
api-ms-win-eventing-provider-l1-1-0.dll
- EventRegister (Address: 0x1004a4e0)
- EventWriteTransfer (Address: 0x1004a4dc)
api-ms-win-security-base-l1-1-0.dll
- AddAccessAllowedAceEx (Address: 0x1004a534)
- AddAce (Address: 0x1004a504)
- AdjustTokenPrivileges (Address: 0x1004a53c)
- AllocateAndInitializeSid (Address: 0x1004a50c)
- CheckTokenMembership (Address: 0x1004a520)
- DestroyPrivateObjectSecurity (Address: 0x1004a4f8)
- DuplicateTokenEx (Address: 0x1004a538)
- FreeSid (Address: 0x1004a510)
- GetAce (Address: 0x1004a4f4)
- GetAclInformation (Address: 0x1004a4f0)
- GetKernelObjectSecurity (Address: 0x1004a4ec)
- GetSecurityDescriptorDacl (Address: 0x1004a4e8)
- GetSecurityDescriptorSacl (Address: 0x1004a51c)
- GetTokenInformation (Address: 0x1004a4fc)
- ImpersonateLoggedOnUser (Address: 0x1004a52c)
- InitializeAcl (Address: 0x1004a518)
- InitializeSecurityDescriptor (Address: 0x1004a514)
- IsTokenRestricted (Address: 0x1004a528)
- RevertToSelf (Address: 0x1004a530)
- SetKernelObjectSecurity (Address: 0x1004a524)
- SetSecurityDescriptorDacl (Address: 0x1004a508)
- SetSecurityDescriptorSacl (Address: 0x1004a500)
api-ms-win-security-lsalookup-l2-1-0.dll
- LookupPrivilegeValueW (Address: 0x1004a544)
api-ms-win-security-provider-l1-1-0.dll
- GetNamedSecurityInfoW (Address: 0x1004a550)
- SetEntriesInAclW (Address: 0x1004a54c)
- SetNamedSecurityInfoW (Address: 0x1004a554)
api-ms-win-security-sddl-l1-1-0.dll
- ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x1004a560)
- ConvertStringSidToSidW (Address: 0x1004a55c)
api-ms-win-service-core-l1-1-1.dll
- EnumServicesStatusExW (Address: 0x1004a568)
api-ms-win-service-management-l1-1-0.dll
- CloseServiceHandle (Address: 0x1004a57c)
- CreateServiceW (Address: 0x1004a578)
- DeleteService (Address: 0x1004a580)
- OpenSCManagerW (Address: 0x1004a584)
- OpenServiceW (Address: 0x1004a574)
- StartServiceW (Address: 0x1004a570)
api-ms-win-service-management-l2-1-0.dll
- QueryServiceConfigW (Address: 0x1004a58c)
api-ms-win-service-winsvc-l1-1-0.dll
- ControlService (Address: 0x1004a594)
CRYPT32.dll
- CryptStringToBinaryW (Address: 0x1004a094)
ntdll.dll
- NtAllocateVirtualMemory (Address: 0x1004a5b4)
- NtClose (Address: 0x1004a5dc)
- NtCreateFile (Address: 0x1004a5d0)
- NtCreateSection (Address: 0x1004a5d4)
- NtDeviceIoControlFile (Address: 0x1004a5a8)
- NtFlushVirtualMemory (Address: 0x1004a5a4)
- NtFreeVirtualMemory (Address: 0x1004a5c0)
- NtMapViewOfSection (Address: 0x1004a5b0)
- NtOpenDirectoryObject (Address: 0x1004a5a0)
- NtQueryDirectoryObject (Address: 0x1004a5c4)
- NtQueryInformationProcess (Address: 0x1004a5d8)
- NtSetInformationProcess (Address: 0x1004a5ac)
- NtSystemDebugControl (Address: 0x1004a5bc)
- NtUnmapViewOfSection (Address: 0x1004a59c)
- RtlInitUnicodeString (Address: 0x1004a5cc)
- RtlUnwind (Address: 0x1004a5b8)
- VerSetConditionMask (Address: 0x1004a5c8)
OLEAUT32.dll
- BSTR_UserFree (Address: 0x1004a0a8)
- BSTR_UserMarshal (Address: 0x1004a0a0)
- BSTR_UserSize (Address: 0x1004a0ac)
- BSTR_UserUnmarshal (Address: 0x1004a0a4)
- SysFreeString (Address: 0x1004a09c)
RPCRT4.dll
- NdrClientCall2 (Address: 0x1004a0b4)
- RpcBindingFree (Address: 0x1004a0c4)
- RpcBindingFromStringBindingW (Address: 0x1004a0b8)
- RpcStringBindingComposeW (Address: 0x1004a0bc)
- RpcStringFreeW (Address: 0x1004a0c0)
- UuidCreate (Address: 0x1004a0c8)
USERENV.dll
- CreateEnvironmentBlock (Address: 0x1004a0d0)
- DestroyEnvironmentBlock (Address: 0x1004a0d4)