vdmdbg.dll

Description: VDMDBG.DLL

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.1

Architecture: 32-bit

Operating System: Windows NT

SHA256: 369115343eb9f4f8f2e65b8e3a7071a2

File Size: 17.5 KB

Uploaded At: Dec. 1, 2025, 8:05 a.m.

Views: 17

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: WriteProcessMemory, OpenProcess, CreateRemoteThread

Exported Functions

  • VDMBreakThread (Ordinal: 1, Address: 0x35a0)
  • VDMDetectWOW (Ordinal: 2, Address: 0x3760)
  • VDMEnumProcessWOW (Ordinal: 3, Address: 0x3770)
  • VDMEnumTaskWOW (Ordinal: 4, Address: 0x3a20)
  • VDMEnumTaskWOWEx (Ordinal: 5, Address: 0x3a40)
  • VDMGetAddrExpression (Ordinal: 6, Address: 0x2680)
  • VDMGetContext (Ordinal: 7, Address: 0x3090)
  • VDMGetDbgFlags (Ordinal: 8, Address: 0x3650)
  • VDMGetModuleSelector (Ordinal: 9, Address: 0x3630)
  • VDMGetPointer (Ordinal: 10, Address: 0x2ff0)
  • VDMGetSegmentInfo (Ordinal: 11, Address: 0x1a40)
  • VDMGetSegtablePointer (Ordinal: 12, Address: 0x15d0)
  • VDMGetSelectorModule (Ordinal: 13, Address: 0x3600)
  • VDMGetSymbol (Ordinal: 14, Address: 0x21c0)
  • VDMGetThreadContext (Ordinal: 15, Address: 0x3010)
  • VDMGetThreadSelectorEntry (Ordinal: 16, Address: 0x2fd0)
  • VDMGlobalFirst (Ordinal: 17, Address: 0x27b0)
  • VDMGlobalNext (Ordinal: 18, Address: 0x2850)
  • VDMIsModuleLoaded (Ordinal: 19, Address: 0x15e0)
  • VDMKillWOW (Ordinal: 20, Address: 0x3760)
  • VDMModuleFirst (Ordinal: 21, Address: 0x29b0)
  • VDMModuleNext (Ordinal: 22, Address: 0x2a70)
  • VDMProcessException (Ordinal: 23, Address: 0x35b0)
  • VDMSetContext (Ordinal: 24, Address: 0x32d0)
  • VDMSetDbgFlags (Ordinal: 25, Address: 0x36c0)
  • VDMSetThreadContext (Ordinal: 26, Address: 0x3050)
  • VDMStartTaskInWOW (Ordinal: 27, Address: 0x3b10)
  • VDMTerminateTaskWOW (Ordinal: 28, Address: 0x3a60)

Imported DLLs & Functions

KERNEL32.dll
  • _lclose (Address: 0x10006048)
  • _llseek (Address: 0x10006044)
  • _lread (Address: 0x10006040)
  • CloseHandle (Address: 0x10006020)
  • ContinueDebugEvent (Address: 0x10006058)
  • CreateRemoteThread (Address: 0x1000604c)
  • DisableThreadLibraryCalls (Address: 0x1000602c)
  • GetCurrentProcess (Address: 0x10006054)
  • GetCurrentProcessId (Address: 0x10006010)
  • GetCurrentThreadId (Address: 0x1000600c)
  • GetNextVDMCommand (Address: 0x10006068)
  • GetProcessHeap (Address: 0x10006034)
  • GetSystemTimeAsFileTime (Address: 0x10006008)
  • GetThreadContext (Address: 0x10006060)
  • GetTickCount (Address: 0x10006004)
  • GlobalAddAtomA (Address: 0x1000606c)
  • HeapAlloc (Address: 0x10006030)
  • HeapFree (Address: 0x10006038)
  • OpenFile (Address: 0x1000603c)
  • OpenProcess (Address: 0x1000601c)
  • QueryPerformanceCounter (Address: 0x10006014)
  • ReadProcessMemory (Address: 0x10006024)
  • SetThreadContext (Address: 0x10006064)
  • SetUnhandledExceptionFilter (Address: 0x10006074)
  • TerminateProcess (Address: 0x10006018)
  • TerminateThread (Address: 0x10006000)
  • UnhandledExceptionFilter (Address: 0x10006070)
  • WaitForDebugEvent (Address: 0x10006050)
  • WaitForSingleObject (Address: 0x1000605c)
  • WriteProcessMemory (Address: 0x10006028)
ntdll.dll
  • _stricmp (Address: 0x1000608c)
  • memset (Address: 0x100060a0)
  • NtOpenThread (Address: 0x1000609c)
  • strcat_s (Address: 0x10006090)
  • strcpy_s (Address: 0x10006094)
  • strncpy_s (Address: 0x10006098)
USER32.dll
  • FindWindowExA (Address: 0x1000607c)
  • GetWindowThreadProcessId (Address: 0x10006084)
  • PostMessageA (Address: 0x10006080)