ProvProvider.dll

Description: DISM Provisioning Provider

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.4355

Architecture: 32-bit

Operating System: Windows NT

SHA256: 690bdd23dab1cdd7888e9ead366e4c47

File Size: 590.9 KB

Uploaded At: Dec. 1, 2025, 8:09 a.m.

Views: 21

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • DLLGetDISMProviderCLSID (Ordinal: 1, Address: 0x1a130)
  • DllCanUnloadNow (Ordinal: 2, Address: 0x1a160)
  • DllGetClassObject (Ordinal: 3, Address: 0x1a190)
  • DllRegisterServer (Ordinal: 4, Address: 0x1a1c0)
  • DllUnregisterServer (Ordinal: 5, Address: 0x1a200)

Imported DLLs & Functions

ADVAPI32.dll
  • AdjustTokenPrivileges (Address: 0x1008b004)
  • CloseEncryptedFileRaw (Address: 0x1008b050)
  • GetAclInformation (Address: 0x1008b024)
  • GetSecurityDescriptorControl (Address: 0x1008b01c)
  • GetSecurityDescriptorDacl (Address: 0x1008b014)
  • GetSecurityDescriptorGroup (Address: 0x1008b010)
  • GetSecurityDescriptorLength (Address: 0x1008b020)
  • GetSecurityDescriptorOwner (Address: 0x1008b00c)
  • GetSecurityDescriptorSacl (Address: 0x1008b018)
  • GetSecurityInfo (Address: 0x1008b044)
  • LookupPrivilegeValueW (Address: 0x1008b000)
  • OpenEncryptedFileRawW (Address: 0x1008b048)
  • OpenProcessToken (Address: 0x1008b008)
  • ReadEncryptedFileRaw (Address: 0x1008b058)
  • RegCloseKey (Address: 0x1008b028)
  • RegCreateKeyExW (Address: 0x1008b038)
  • RegGetValueW (Address: 0x1008b03c)
  • RegOpenKeyExW (Address: 0x1008b02c)
  • RegQueryInfoKeyW (Address: 0x1008b034)
  • RegQueryValueExW (Address: 0x1008b030)
  • RegSetValueExW (Address: 0x1008b040)
  • RevertToSelf (Address: 0x1008b054)
  • WriteEncryptedFileRaw (Address: 0x1008b04c)
bcrypt.dll
  • BCryptCloseAlgorithmProvider (Address: 0x1008b2d0)
  • BCryptCreateHash (Address: 0x1008b2c4)
  • BCryptDestroyHash (Address: 0x1008b2dc)
  • BCryptFinishHash (Address: 0x1008b2d4)
  • BCryptGetProperty (Address: 0x1008b2d8)
  • BCryptHashData (Address: 0x1008b2c8)
  • BCryptOpenAlgorithmProvider (Address: 0x1008b2cc)
Cabinet.dll
  • (Address: 0x1008b068)
  • (Address: 0x1008b064)
  • (Address: 0x1008b060)
KERNEL32.dll
  • CloseHandle (Address: 0x1008b1c4)
  • CompareStringW (Address: 0x1008b0c8)
  • CopyFileExW (Address: 0x1008b1c8)
  • CopyFileW (Address: 0x1008b13c)
  • CreateDirectoryW (Address: 0x1008b1e0)
  • CreateEventW (Address: 0x1008b24c)
  • CreateFileMappingW (Address: 0x1008b140)
  • CreateFileW (Address: 0x1008b1ac)
  • CreateMutexExW (Address: 0x1008b228)
  • CreateSemaphoreExW (Address: 0x1008b18c)
  • CreateThread (Address: 0x1008b204)
  • DebugBreak (Address: 0x1008b22c)
  • DeleteCriticalSection (Address: 0x1008b0f8)
  • DeleteFileW (Address: 0x1008b1c0)
  • DeviceIoControl (Address: 0x1008b1a0)
  • DisableThreadLibraryCalls (Address: 0x1008b0e4)
  • DosDateTimeToFileTime (Address: 0x1008b174)
  • DuplicateHandle (Address: 0x1008b248)
  • EnterCriticalSection (Address: 0x1008b100)
  • ExpandEnvironmentStringsW (Address: 0x1008b1f8)
  • FindClose (Address: 0x1008b1a8)
  • FindFirstFileW (Address: 0x1008b194)
  • FindNextFileW (Address: 0x1008b19c)
  • FindResourceExW (Address: 0x1008b07c)
  • FlushFileBuffers (Address: 0x1008b1cc)
  • FormatMessageW (Address: 0x1008b1fc)
  • FreeLibrary (Address: 0x1008b1dc)
  • GetCurrentDirectoryW (Address: 0x1008b1d8)
  • GetCurrentProcess (Address: 0x1008b0ac)
  • GetCurrentProcessId (Address: 0x1008b0f0)
  • GetCurrentThread (Address: 0x1008b244)
  • GetCurrentThreadId (Address: 0x1008b0f4)
  • GetEnvironmentVariableW (Address: 0x1008b098)
  • GetFileAttributesW (Address: 0x1008b1b0)
  • GetFileInformationByHandle (Address: 0x1008b1b8)
  • GetFileInformationByHandleEx (Address: 0x1008b190)
  • GetFileSizeEx (Address: 0x1008b1d0)
  • GetFinalPathNameByHandleW (Address: 0x1008b1ec)
  • GetFullPathNameW (Address: 0x1008b1e4)
  • GetHandleInformation (Address: 0x1008b10c)
  • GetLastError (Address: 0x1008b09c)
  • GetLongPathNameW (Address: 0x1008b1e8)
  • GetModuleFileNameA (Address: 0x1008b210)
  • GetModuleFileNameW (Address: 0x1008b0ec)
  • GetModuleHandleExW (Address: 0x1008b218)
  • GetModuleHandleW (Address: 0x1008b134)
  • GetOverlappedResult (Address: 0x1008b118)
  • GetPrivateProfileSectionW (Address: 0x1008b154)
  • GetProcAddress (Address: 0x1008b144)
  • GetProcessHeap (Address: 0x1008b090)
  • GetSystemInfo (Address: 0x1008b108)
  • GetSystemTimeAsFileTime (Address: 0x1008b0b8)
  • GetTempPathW (Address: 0x1008b1a4)
  • GetThreadLocale (Address: 0x1008b0e0)
  • GetTickCount (Address: 0x1008b0bc)
  • GetVersionExW (Address: 0x1008b0d0)
  • GetVolumeInformationByHandleW (Address: 0x1008b15c)
  • GetVolumeInformationW (Address: 0x1008b124)
  • GetVolumeNameForVolumeMountPointW (Address: 0x1008b1f4)
  • GetVolumePathNamesForVolumeNameW (Address: 0x1008b184)
  • GetVolumePathNameW (Address: 0x1008b1f0)
  • HeapAlloc (Address: 0x1008b08c)
  • HeapDestroy (Address: 0x1008b094)
  • HeapFree (Address: 0x1008b088)
  • HeapReAlloc (Address: 0x1008b084)
  • HeapSize (Address: 0x1008b080)
  • InitializeCriticalSection (Address: 0x1008b0e8)
  • InitializeCriticalSectionAndSpinCount (Address: 0x1008b128)
  • IsDebuggerPresent (Address: 0x1008b230)
  • LeaveCriticalSection (Address: 0x1008b0fc)
  • LoadLibraryExW (Address: 0x1008b138)
  • LoadLibraryW (Address: 0x1008b180)
  • LoadResource (Address: 0x1008b078)
  • LocalAlloc (Address: 0x1008b240)
  • LocalFileTimeToFileTime (Address: 0x1008b178)
  • LocalFree (Address: 0x1008b20c)
  • LockFileEx (Address: 0x1008b148)
  • LockResource (Address: 0x1008b074)
  • MapViewOfFile (Address: 0x1008b0c4)
  • MultiByteToWideChar (Address: 0x1008b12c)
  • OpenProcess (Address: 0x1008b150)
  • OpenSemaphoreW (Address: 0x1008b224)
  • OutputDebugStringA (Address: 0x1008b0c0)
  • OutputDebugStringW (Address: 0x1008b104)
  • QueryPerformanceCounter (Address: 0x1008b0b4)
  • RaiseException (Address: 0x1008b0d8)
  • ReadFile (Address: 0x1008b234)
  • ReleaseMutex (Address: 0x1008b21c)
  • ReleaseSemaphore (Address: 0x1008b214)
  • RemoveDirectoryW (Address: 0x1008b23c)
  • ResetEvent (Address: 0x1008b208)
  • SearchPathW (Address: 0x1008b0d4)
  • SetEndOfFile (Address: 0x1008b114)
  • SetEvent (Address: 0x1008b200)
  • SetFileAttributesW (Address: 0x1008b1b4)
  • SetFileInformationByHandle (Address: 0x1008b1bc)
  • SetFilePointer (Address: 0x1008b11c)
  • SetFilePointerEx (Address: 0x1008b110)
  • SetFileTime (Address: 0x1008b17c)
  • SetLastError (Address: 0x1008b198)
  • SetThreadIdealProcessor (Address: 0x1008b120)
  • SetThreadLocale (Address: 0x1008b0dc)
  • SetThreadUILanguage (Address: 0x1008b130)
  • SetUnhandledExceptionFilter (Address: 0x1008b0a8)
  • SizeofResource (Address: 0x1008b070)
  • Sleep (Address: 0x1008b0a0)
  • TerminateProcess (Address: 0x1008b0b0)
  • TlsAlloc (Address: 0x1008b160)
  • TlsFree (Address: 0x1008b164)
  • TlsGetValue (Address: 0x1008b168)
  • TlsSetValue (Address: 0x1008b16c)
  • UnhandledExceptionFilter (Address: 0x1008b0a4)
  • UnlockFileEx (Address: 0x1008b14c)
  • UnmapViewOfFile (Address: 0x1008b0cc)
  • WaitForMultipleObjects (Address: 0x1008b158)
  • WaitForMultipleObjectsEx (Address: 0x1008b170)
  • WaitForSingleObject (Address: 0x1008b1d4)
  • WaitForSingleObjectEx (Address: 0x1008b220)
  • WideCharToMultiByte (Address: 0x1008b188)
  • WriteFile (Address: 0x1008b238)
msvcrt.dll
  • __CxxFrameHandler3 (Address: 0x1008b32c)
  • __dllonexit (Address: 0x1008b348)
  • __RTDynamicCast (Address: 0x1008b330)
  • _amsg_exit (Address: 0x1008b364)
  • _callnewh (Address: 0x1008b370)
  • _CxxThrowException (Address: 0x1008b36c)
  • _errno (Address: 0x1008b340)
  • _except_handler4_common (Address: 0x1008b358)
  • _initterm (Address: 0x1008b360)
  • _lock (Address: 0x1008b350)
  • _onexit (Address: 0x1008b344)
  • _purecall (Address: 0x1008b38c)
  • _strnicmp (Address: 0x1008b31c)
  • _unlock (Address: 0x1008b34c)
  • _vscwprintf (Address: 0x1008b394)
  • _vsnprintf_s (Address: 0x1008b334)
  • _vsnwprintf (Address: 0x1008b2e4)
  • _vsnwprintf_s (Address: 0x1008b338)
  • _wcsicmp (Address: 0x1008b2e8)
  • _wcslwr (Address: 0x1008b318)
  • _wcslwr_s (Address: 0x1008b378)
  • _wcsnicmp (Address: 0x1008b2f8)
  • _wcsrev (Address: 0x1008b314)
  • _wcstoi64 (Address: 0x1008b324)
  • _wtoi (Address: 0x1008b328)
  • _XcptFilter (Address: 0x1008b368)
  • ??0exception@@QAE@ABQBD@Z (Address: 0x1008b3a0)
  • ??0exception@@QAE@ABV0@@Z (Address: 0x1008b3b0)
  • ??0exception@@QAE@XZ (Address: 0x1008b398)
  • ??1exception@@UAE@XZ (Address: 0x1008b3a4)
  • ??1type_info@@UAE@XZ (Address: 0x1008b354)
  • ?terminate@@YAXXZ (Address: 0x1008b35c)
  • ?what@exception@@UBEPBDXZ (Address: 0x1008b3a8)
  • free (Address: 0x1008b3b4)
  • iswalpha (Address: 0x1008b308)
  • iswspace (Address: 0x1008b30c)
  • malloc (Address: 0x1008b37c)
  • memcmp (Address: 0x1008b2ec)
  • memcpy (Address: 0x1008b2f0)
  • memcpy_s (Address: 0x1008b3ac)
  • memmove (Address: 0x1008b33c)
  • memmove_s (Address: 0x1008b39c)
  • memset (Address: 0x1008b3cc)
  • qsort (Address: 0x1008b304)
  • strcpy_s (Address: 0x1008b300)
  • strncpy_s (Address: 0x1008b320)
  • swscanf_s (Address: 0x1008b3c8)
  • towlower (Address: 0x1008b310)
  • towupper (Address: 0x1008b2fc)
  • vswprintf_s (Address: 0x1008b390)
  • wcscat_s (Address: 0x1008b384)
  • wcschr (Address: 0x1008b2f4)
  • wcscpy_s (Address: 0x1008b388)
  • wcsncmp (Address: 0x1008b3c0)
  • wcsncpy_s (Address: 0x1008b380)
  • wcsrchr (Address: 0x1008b3c4)
  • wcsstr (Address: 0x1008b374)
  • wcstok_s (Address: 0x1008b3bc)
  • wcstoul (Address: 0x1008b3b8)
ntdll.dll
  • DbgPrintEx (Address: 0x1008b428)
  • NtClose (Address: 0x1008b3e8)
  • NtCreateFile (Address: 0x1008b3f8)
  • NtOpenFile (Address: 0x1008b3e0)
  • NtQueryDirectoryFile (Address: 0x1008b3e4)
  • NtQueryEaFile (Address: 0x1008b3f4)
  • NtQueryInformationFile (Address: 0x1008b3ec)
  • NtQueryInformationProcess (Address: 0x1008b3f0)
  • NtSetEaFile (Address: 0x1008b3fc)
  • NtSetInformationFile (Address: 0x1008b43c)
  • NtSetSecurityObject (Address: 0x1008b3d8)
  • NtYieldExecution (Address: 0x1008b424)
  • RtlAcquireResourceExclusive (Address: 0x1008b40c)
  • RtlAcquireResourceShared (Address: 0x1008b42c)
  • RtlAdjustPrivilege (Address: 0x1008b404)
  • RtlAllocateHeap (Address: 0x1008b434)
  • RtlDeleteResource (Address: 0x1008b418)
  • RtlDosPathNameToNtPathName_U (Address: 0x1008b3dc)
  • RtlFindAceByType (Address: 0x1008b3d4)
  • RtlFreeHeap (Address: 0x1008b430)
  • RtlImpersonateSelf (Address: 0x1008b400)
  • RtlInitializeResource (Address: 0x1008b408)
  • RtlNtStatusToDosError (Address: 0x1008b438)
  • RtlRaiseStatus (Address: 0x1008b420)
  • RtlReAllocateHeap (Address: 0x1008b41c)
  • RtlReleaseResource (Address: 0x1008b414)
  • RtlSetControlSecurityDescriptor (Address: 0x1008b410)
OLE32.dll
  • CoCreateGuid (Address: 0x1008b254)
  • CoCreateInstance (Address: 0x1008b25c)
  • StringFromGUID2 (Address: 0x1008b258)
OLEAUT32.dll
  • LoadRegTypeLib (Address: 0x1008b27c)
  • LoadTypeLib (Address: 0x1008b280)
  • RegisterTypeLib (Address: 0x1008b288)
  • SysAllocString (Address: 0x1008b274)
  • SysAllocStringByteLen (Address: 0x1008b26c)
  • SysAllocStringLen (Address: 0x1008b290)
  • SysFreeString (Address: 0x1008b264)
  • SysStringByteLen (Address: 0x1008b268)
  • SysStringLen (Address: 0x1008b278)
  • UnRegisterTypeLib (Address: 0x1008b284)
  • VarBstrCmp (Address: 0x1008b28c)
  • VariantClear (Address: 0x1008b270)
profapi.dll
  • (Address: 0x1008b444)
RPCRT4.dll
  • RpcStringFreeW (Address: 0x1008b29c)
  • UuidCreate (Address: 0x1008b298)
  • UuidToStringW (Address: 0x1008b2a0)
USER32.dll
  • CharLowerBuffW (Address: 0x1008b2ac)
  • CharNextW (Address: 0x1008b2b0)
  • CharUpperW (Address: 0x1008b2a8)
XmlLite.dll
  • CreateXmlReader (Address: 0x1008b2bc)
  • CreateXmlWriter (Address: 0x1008b2b8)