fthsvc.dll

Description: Microsoft Windows Fault Tolerant Heap Diagnostic Module

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.1

Architecture: 64-bit

Operating System: Windows NT

SHA256: 0b43e54341f90429f1347a96ccdc46f2

File Size: 67.5 KB

Uploaded At: Dec. 1, 2025, 7:28 a.m.

Views: 6

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • FthSysprepSpecialize (Ordinal: 1, Address: 0x8d10)
  • FthSysprepSpecializeOffline (Ordinal: 2, Address: 0x8e60)
  • WdiDiagnosticModuleMain (Ordinal: 3, Address: 0x1260)
  • WdiGetDiagnosticModuleInterfaceVersion (Ordinal: 4, Address: 0x1230)
  • WdiHandleInstance (Ordinal: 5, Address: 0x1400)

Imported DLLs & Functions

api-ms-win-core-namedpipe-l1-1-0.dll
  • ImpersonateNamedPipeClient (Address: 0x18000a2e8)
api-ms-win-core-registry-l1-1-0.dll
  • RegCloseKey (Address: 0x18000a330)
  • RegCreateKeyExW (Address: 0x18000a320)
  • RegDeleteKeyExW (Address: 0x18000a328)
  • RegDeleteValueW (Address: 0x18000a2f8)
  • RegEnumValueW (Address: 0x18000a308)
  • RegOpenKeyExW (Address: 0x18000a300)
  • RegQueryValueExW (Address: 0x18000a310)
  • RegSetValueExW (Address: 0x18000a318)
api-ms-win-security-base-l1-1-0.dll
  • RevertToSelf (Address: 0x18000a340)
api-ms-win-security-sddl-l1-1-0.dll
  • ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x18000a350)
KERNEL32.dll
  • CancelIo (Address: 0x18000a290)
  • CloseHandle (Address: 0x18000a218)
  • ConnectNamedPipe (Address: 0x18000a1c0)
  • CreateDirectoryW (Address: 0x18000a1a0)
  • CreateEventW (Address: 0x18000a230)
  • CreateFileW (Address: 0x18000a180)
  • CreateThread (Address: 0x18000a210)
  • DelayLoadFailureHook (Address: 0x18000a1c8)
  • DeleteCriticalSection (Address: 0x18000a280)
  • DeleteFileW (Address: 0x18000a1b0)
  • DisableThreadLibraryCalls (Address: 0x18000a278)
  • DisconnectNamedPipe (Address: 0x18000a240)
  • DuplicateHandle (Address: 0x18000a250)
  • EnterCriticalSection (Address: 0x18000a260)
  • GetCurrentProcess (Address: 0x18000a2a0)
  • GetCurrentProcessId (Address: 0x18000a130)
  • GetCurrentThreadId (Address: 0x18000a2c8)
  • GetLastError (Address: 0x18000a228)
  • GetNamedPipeClientProcessId (Address: 0x18000a2b8)
  • GetProcessHeap (Address: 0x18000a170)
  • GetProcessTimes (Address: 0x18000a160)
  • GetSystemTime (Address: 0x18000a1e0)
  • GetSystemTimeAsFileTime (Address: 0x18000a2d8)
  • GetTempFileNameW (Address: 0x18000a168)
  • GetTempPathW (Address: 0x18000a188)
  • GetTickCount (Address: 0x18000a248)
  • GetWindowsDirectoryW (Address: 0x18000a1a8)
  • GlobalMemoryStatusEx (Address: 0x18000a1e8)
  • HeapAlloc (Address: 0x18000a178)
  • HeapCreate (Address: 0x18000a298)
  • HeapDestroy (Address: 0x18000a200)
  • HeapFree (Address: 0x18000a198)
  • InitializeCriticalSection (Address: 0x18000a270)
  • LeaveCriticalSection (Address: 0x18000a268)
  • LocalFree (Address: 0x18000a1f8)
  • MapViewOfFile (Address: 0x18000a1d8)
  • OpenProcess (Address: 0x18000a238)
  • OutputDebugStringA (Address: 0x18000a190)
  • QueryPerformanceCounter (Address: 0x18000a138)
  • ReadFile (Address: 0x18000a288)
  • RemoveDirectoryW (Address: 0x18000a1b8)
  • ResetEvent (Address: 0x18000a208)
  • ResolveDelayLoadedAPI (Address: 0x18000a1d0)
  • ResumeThread (Address: 0x18000a2d0)
  • SetEvent (Address: 0x18000a220)
  • SetUnhandledExceptionFilter (Address: 0x18000a148)
  • Sleep (Address: 0x18000a158)
  • SystemTimeToFileTime (Address: 0x18000a1f0)
  • TerminateProcess (Address: 0x18000a140)
  • TerminateThread (Address: 0x18000a128)
  • UnhandledExceptionFilter (Address: 0x18000a150)
  • UnmapViewOfFile (Address: 0x18000a258)
  • WaitForMultipleObjects (Address: 0x18000a2b0)
  • WaitForSingleObject (Address: 0x18000a2c0)
  • WriteFile (Address: 0x18000a2a8)
msvcrt.dll
  • __C_specific_handler (Address: 0x18000a360)
  • _amsg_exit (Address: 0x18000a380)
  • _get_errno (Address: 0x18000a398)
  • _initterm (Address: 0x18000a368)
  • _set_errno (Address: 0x18000a3a0)
  • _vsnwprintf (Address: 0x18000a3d8)
  • _wcsicmp (Address: 0x18000a3c0)
  • _wcsnicmp (Address: 0x18000a3d0)
  • _XcptFilter (Address: 0x18000a388)
  • free (Address: 0x18000a378)
  • malloc (Address: 0x18000a370)
  • memset (Address: 0x18000a3e0)
  • sprintf_s (Address: 0x18000a390)
  • towlower (Address: 0x18000a3c8)
  • vsprintf_s (Address: 0x18000a3a8)
  • wcsstr (Address: 0x18000a3b0)
  • wcstoul (Address: 0x18000a3b8)
ntdll.dll
  • EtwEventRegister (Address: 0x18000a468)
  • EtwEventUnregister (Address: 0x18000a448)
  • EtwEventWrite (Address: 0x18000a450)
  • EtwGetTraceEnableFlags (Address: 0x18000a410)
  • EtwGetTraceEnableLevel (Address: 0x18000a400)
  • EtwGetTraceLoggerHandle (Address: 0x18000a408)
  • EtwRegisterTraceGuidsW (Address: 0x18000a3f8)
  • EtwTraceMessage (Address: 0x18000a440)
  • EtwUnregisterTraceGuids (Address: 0x18000a418)
  • NtCreateNamedPipeFile (Address: 0x18000a430)
  • NtQueryObject (Address: 0x18000a438)
  • RtlCaptureContext (Address: 0x18000a460)
  • RtlInitUnicodeString (Address: 0x18000a428)
  • RtlLookupFunctionEntry (Address: 0x18000a458)
  • RtlVirtualUnwind (Address: 0x18000a3f0)
  • WinSqmAddToStream (Address: 0x18000a420)
wer.dll
  • WerpGetReportConsent (Address: 0x18000a478)
  • WerpSetCallBack (Address: 0x18000a4a8)
  • WerReportAddFile (Address: 0x18000a498)
  • WerReportCloseHandle (Address: 0x18000a490)
  • WerReportCreate (Address: 0x18000a480)
  • WerReportSetParameter (Address: 0x18000a4a0)
  • WerReportSubmit (Address: 0x18000a488)
wevtapi.dll
  • EvtClose (Address: 0x18000a4b8)
  • EvtCreateRenderContext (Address: 0x18000a4c0)
  • EvtRender (Address: 0x18000a4d0)
  • EvtSubscribe (Address: 0x18000a4c8)