ToolsInjectionHelper32.dll

Description:

Authors:

Version:

Architecture: 32-bit

Operating System:

SHA256: 658c4d694f51bd2204772fe3cc1e2e0c

File Size: 671.5 KB

Uploaded At: Dec. 1, 2025, 2:54 p.m.

Views: 6

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: WriteProcessMemory, OpenProcess, VirtualAllocEx

Exported Functions

  • DetourFinishHelperProcess (Ordinal: 1, Address: 0x2b220)
  • FakeEntryPoint (Ordinal: 2, Address: 0xc980)
  • GetExportTable (Ordinal: 3, Address: 0xca70)

Imported DLLs & Functions

ADVAPI32.dll
  • InitializeSecurityDescriptor (Address: 0x10082010)
  • RegCloseKey (Address: 0x10082008)
  • RegOpenKeyExA (Address: 0x10082004)
  • RegQueryValueExA (Address: 0x10082000)
  • SetSecurityDescriptorDacl (Address: 0x1008200c)
KERNEL32.dll
  • AreFileApisANSI (Address: 0x10082180)
  • CloseHandle (Address: 0x100821d0)
  • CompareStringEx (Address: 0x10082200)
  • CompareStringW (Address: 0x10082254)
  • CreateDirectoryA (Address: 0x10082090)
  • CreateEventW (Address: 0x10082210)
  • CreateFileA (Address: 0x10082094)
  • CreateFileMappingA (Address: 0x100820f8)
  • CreateFileW (Address: 0x1008216c)
  • CreateMutexA (Address: 0x100820cc)
  • CreatePipe (Address: 0x1008201c)
  • CreateProcessW (Address: 0x10082058)
  • CreateSemaphoreA (Address: 0x100820f4)
  • CreateSemaphoreW (Address: 0x10082190)
  • CreateThread (Address: 0x10082194)
  • DecodePointer (Address: 0x100821f4)
  • DeleteCriticalSection (Address: 0x1008202c)
  • DeleteFileA (Address: 0x1008213c)
  • DuplicateHandle (Address: 0x100821cc)
  • EncodePointer (Address: 0x100821f0)
  • EnterCriticalSection (Address: 0x10082024)
  • EnumSystemLocalesW (Address: 0x10082268)
  • ExitProcess (Address: 0x10082148)
  • ExitThread (Address: 0x10082230)
  • FileTimeToSystemTime (Address: 0x10082108)
  • FindClose (Address: 0x10082098)
  • FindFirstFileA (Address: 0x1008209c)
  • FindFirstFileExW (Address: 0x10082280)
  • FindNextFileA (Address: 0x100820a0)
  • FindNextFileW (Address: 0x1008217c)
  • FlushFileBuffers (Address: 0x10082170)
  • FlushInstructionCache (Address: 0x100821e0)
  • FormatMessageA (Address: 0x100820f0)
  • FormatMessageW (Address: 0x10082178)
  • FreeEnvironmentStringsW (Address: 0x1008229c)
  • FreeLibrary (Address: 0x10082060)
  • FreeLibraryAndExitThread (Address: 0x10082234)
  • GetACP (Address: 0x10082288)
  • GetCommandLineA (Address: 0x10082290)
  • GetCommandLineW (Address: 0x10082294)
  • GetConsoleMode (Address: 0x10082270)
  • GetConsoleOutputCP (Address: 0x1008226c)
  • GetCPInfo (Address: 0x10082204)
  • GetCurrentDirectoryW (Address: 0x10082168)
  • GetCurrentProcess (Address: 0x10082034)
  • GetCurrentProcessId (Address: 0x10082038)
  • GetCurrentThread (Address: 0x10082040)
  • GetCurrentThreadId (Address: 0x10082044)
  • GetDateFormatW (Address: 0x1008224c)
  • GetEnvironmentStringsW (Address: 0x10082298)
  • GetEnvironmentVariableW (Address: 0x100821e4)
  • GetExitCodeProcess (Address: 0x1008214c)
  • GetFileAttributesW (Address: 0x100821dc)
  • GetFileSizeEx (Address: 0x100820a4)
  • GetFileType (Address: 0x10082248)
  • GetLastError (Address: 0x10082120)
  • GetLocaleInfoEx (Address: 0x100821fc)
  • GetLocaleInfoW (Address: 0x1008225c)
  • GetModuleFileNameA (Address: 0x10082084)
  • GetModuleFileNameW (Address: 0x10082088)
  • GetModuleHandleA (Address: 0x100820e8)
  • GetModuleHandleExA (Address: 0x10082100)
  • GetModuleHandleExW (Address: 0x10082238)
  • GetModuleHandleW (Address: 0x10082064)
  • GetNativeSystemInfo (Address: 0x10082164)
  • GetOEMCP (Address: 0x1008228c)
  • GetProcAddress (Address: 0x10082068)
  • GetProcessHeap (Address: 0x100821c8)
  • GetProcessId (Address: 0x1008219c)
  • GetProcessTimes (Address: 0x100820d0)
  • GetStartupInfoW (Address: 0x10082220)
  • GetStdHandle (Address: 0x10082244)
  • GetStringTypeW (Address: 0x100821e8)
  • GetSystemInfo (Address: 0x100820d8)
  • GetSystemTimeAsFileTime (Address: 0x100820fc)
  • GetTempFileNameA (Address: 0x10082144)
  • GetTempPathA (Address: 0x10082140)
  • GetThreadContext (Address: 0x10082118)
  • GetThreadId (Address: 0x1008205c)
  • GetTickCount (Address: 0x100820dc)
  • GetTimeFormatW (Address: 0x10082250)
  • GetTimeZoneInformation (Address: 0x1008227c)
  • GetUserDefaultLCID (Address: 0x10082264)
  • HeapAlloc (Address: 0x10082240)
  • HeapFree (Address: 0x1008223c)
  • HeapReAlloc (Address: 0x10082278)
  • HeapSize (Address: 0x100821bc)
  • InitializeCriticalSection (Address: 0x10082020)
  • InitializeCriticalSectionAndSpinCount (Address: 0x10082208)
  • InitializeCriticalSectionEx (Address: 0x100821ec)
  • InitializeSListHead (Address: 0x10082214)
  • InterlockedFlushSList (Address: 0x10082228)
  • InterlockedPushEntrySList (Address: 0x10082224)
  • IsDebuggerPresent (Address: 0x100821d4)
  • IsProcessorFeaturePresent (Address: 0x1008221c)
  • IsValidCodePage (Address: 0x10082284)
  • IsValidLocale (Address: 0x10082260)
  • IsWow64Process (Address: 0x10082160)
  • LCMapStringEx (Address: 0x100821f8)
  • LCMapStringW (Address: 0x10082258)
  • LeaveCriticalSection (Address: 0x10082028)
  • LoadLibraryA (Address: 0x10082074)
  • LoadLibraryExA (Address: 0x1008206c)
  • LoadLibraryExW (Address: 0x10082070)
  • LoadLibraryW (Address: 0x10082078)
  • LocalFree (Address: 0x100820ec)
  • MapViewOfFileEx (Address: 0x100820e0)
  • MultiByteToWideChar (Address: 0x10082184)
  • OpenProcess (Address: 0x10082150)
  • OutputDebugStringA (Address: 0x1008210c)
  • QueryFullProcessImageNameA (Address: 0x1008207c)
  • QueryPerformanceCounter (Address: 0x100820b8)
  • QueryPerformanceFrequency (Address: 0x100820bc)
  • RaiseException (Address: 0x1008208c)
  • ReadConsoleW (Address: 0x100821c0)
  • ReadFile (Address: 0x100821d8)
  • ReadProcessMemory (Address: 0x10082158)
  • ReleaseMutex (Address: 0x100820c4)
  • ReleaseSemaphore (Address: 0x100820c0)
  • RemoveDirectoryA (Address: 0x100820a8)
  • ResetEvent (Address: 0x100821b0)
  • ResumeThread (Address: 0x10082114)
  • RtlCaptureContext (Address: 0x10082188)
  • RtlUnwind (Address: 0x1008222c)
  • SetEndOfFile (Address: 0x100820ac)
  • SetEnvironmentVariableW (Address: 0x10082274)
  • SetEvent (Address: 0x100821ac)
  • SetFilePointer (Address: 0x100820b0)
  • SetFilePointerEx (Address: 0x10082174)
  • SetLastError (Address: 0x10082018)
  • SetNamedPipeHandleState (Address: 0x100821a0)
  • SetStdHandle (Address: 0x100821c4)
  • SetThreadContext (Address: 0x1008211c)
  • SetUnhandledExceptionFilter (Address: 0x1008218c)
  • Sleep (Address: 0x10082030)
  • SuspendThread (Address: 0x10082110)
  • SwitchToThread (Address: 0x100820d4)
  • SystemTimeToTzSpecificLocalTime (Address: 0x10082104)
  • TerminateProcess (Address: 0x1008203c)
  • TerminateThread (Address: 0x10082198)
  • TlsAlloc (Address: 0x10082048)
  • TlsFree (Address: 0x10082054)
  • TlsGetValue (Address: 0x1008204c)
  • TlsSetValue (Address: 0x10082050)
  • TransactNamedPipe (Address: 0x100821a4)
  • UnhandledExceptionFilter (Address: 0x10082218)
  • UnmapViewOfFile (Address: 0x100820e4)
  • VirtualAlloc (Address: 0x10082124)
  • VirtualAllocEx (Address: 0x10082154)
  • VirtualFree (Address: 0x1008212c)
  • VirtualProtect (Address: 0x10082128)
  • VirtualProtectEx (Address: 0x10082134)
  • VirtualQuery (Address: 0x10082130)
  • VirtualQueryEx (Address: 0x10082138)
  • WaitForMultipleObjects (Address: 0x100821b4)
  • WaitForSingleObject (Address: 0x100820c8)
  • WaitForSingleObjectEx (Address: 0x1008220c)
  • WaitNamedPipeW (Address: 0x100821a8)
  • WideCharToMultiByte (Address: 0x10082080)
  • WriteConsoleW (Address: 0x100821b8)
  • WriteFile (Address: 0x100820b4)
  • WriteProcessMemory (Address: 0x1008215c)
ole32.dll
  • CoCreateGuid (Address: 0x100822bc)
USER32.dll
  • MessageBoxA (Address: 0x100822a8)
  • RegisterClassA (Address: 0x100822a4)
  • RegisterClassExA (Address: 0x100822b0)
  • RegisterClassExW (Address: 0x100822ac)
  • RegisterClassW (Address: 0x100822b4)