_nvspserviceplugin64.dll
Description: NVIDIA ShadowPlay ServicePlugin
Authors: (C) NVIDIA Corporation. All rights reserved.
Version: 11.0.5.420
Architecture: 64-bit
Operating System: Windows
SHA256: a1420981548fa1eafa640f8318edd9cd
File Size: 1.8 MB
Uploaded At: Dec. 1, 2025, 2:54 p.m.
Views: 6
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- NvPluginGetInfo (Ordinal: 1, Address: 0x6f19)
Imported DLLs & Functions
ADVAPI32.dll
- AdjustTokenPrivileges (Address: 0x1801c0048)
- AllocateAndInitializeSid (Address: 0x1801c0060)
- CloseTrace (Address: 0x1801c00b0)
- ControlTraceW (Address: 0x1801c00e0)
- ConvertStringSidToSidW (Address: 0x1801c0020)
- CreateRestrictedToken (Address: 0x1801c0068)
- CreateWellKnownSid (Address: 0x1801c0070)
- DuplicateTokenEx (Address: 0x1801c0040)
- EnableTraceEx2 (Address: 0x1801c00e8)
- FreeSid (Address: 0x1801c0078)
- GetLengthSid (Address: 0x1801c0038)
- GetSecurityDescriptorDacl (Address: 0x1801c0080)
- GetUserNameA (Address: 0x1801c00a8)
- GetUserNameW (Address: 0x1801c0000)
- ImpersonateSelf (Address: 0x1801c0088)
- InitializeSecurityDescriptor (Address: 0x1801c0090)
- LookupPrivilegeValueW (Address: 0x1801c0028)
- OpenProcessToken (Address: 0x1801c0100)
- OpenThreadToken (Address: 0x1801c0058)
- OpenTraceW (Address: 0x1801c00f0)
- ProcessTrace (Address: 0x1801c00f8)
- RegCloseKey (Address: 0x1801c00b8)
- RegDeleteKeyValueA (Address: 0x1801c0010)
- RegGetValueA (Address: 0x1801c0008)
- RegOpenKeyExA (Address: 0x1801c00c0)
- RegQueryValueExA (Address: 0x1801c00c8)
- RegSetValueExA (Address: 0x1801c0018)
- RevertToSelf (Address: 0x1801c0098)
- SetEntriesInAclW (Address: 0x1801c00d0)
- SetSecurityDescriptorDacl (Address: 0x1801c00a0)
- SetThreadToken (Address: 0x1801c0050)
- SetTokenInformation (Address: 0x1801c0030)
- StartTraceW (Address: 0x1801c00d8)
KERNEL32.dll
- AcquireSRWLockExclusive (Address: 0x1801c0480)
- CancelWaitableTimer (Address: 0x1801c0428)
- CloseHandle (Address: 0x1801c0258)
- CloseThreadpoolTimer (Address: 0x1801c05a0)
- CloseThreadpoolWait (Address: 0x1801c05b8)
- CompareStringEx (Address: 0x1801c05d0)
- CompareStringW (Address: 0x1801c06a8)
- CopyFileW (Address: 0x1801c0370)
- CreateDirectoryW (Address: 0x1801c0328)
- CreateEventA (Address: 0x1801c01d8)
- CreateEventExW (Address: 0x1801c0558)
- CreateEventW (Address: 0x1801c0310)
- CreateFileW (Address: 0x1801c0240)
- CreateProcessA (Address: 0x1801c0270)
- CreateProcessW (Address: 0x1801c0278)
- CreateSemaphoreExW (Address: 0x1801c0560)
- CreateSemaphoreW (Address: 0x1801c0320)
- CreateSymbolicLinkW (Address: 0x1801c0418)
- CreateThread (Address: 0x1801c0438)
- CreateThreadpoolTimer (Address: 0x1801c0588)
- CreateThreadpoolWait (Address: 0x1801c05a8)
- CreateToolhelp32Snapshot (Address: 0x1801c03d0)
- CreateWaitableTimerW (Address: 0x1801c0430)
- DecodePointer (Address: 0x1801c03f0)
- DeleteCriticalSection (Address: 0x1801c02f0)
- DeleteFileW (Address: 0x1801c0330)
- EncodePointer (Address: 0x1801c0528)
- EnterCriticalSection (Address: 0x1801c02e0)
- EnumSystemLocalesW (Address: 0x1801c06d0)
- ExitProcess (Address: 0x1801c0660)
- ExitThread (Address: 0x1801c0630)
- FindClose (Address: 0x1801c0230)
- FindFirstFileExW (Address: 0x1801c0228)
- FindNextFileW (Address: 0x1801c0220)
- FlsAlloc (Address: 0x1801c0678)
- FlsFree (Address: 0x1801c0690)
- FlsGetValue (Address: 0x1801c0680)
- FlsSetValue (Address: 0x1801c0688)
- FlushFileBuffers (Address: 0x1801c01b0)
- FlushProcessWriteBuffers (Address: 0x1801c0568)
- FormatMessageA (Address: 0x1801c0508)
- FreeEnvironmentStringsW (Address: 0x1801c01e8)
- FreeLibrary (Address: 0x1801c0288)
- FreeLibraryAndExitThread (Address: 0x1801c0640)
- FreeLibraryWhenCallbackReturns (Address: 0x1801c0580)
- GetACP (Address: 0x1801c0210)
- GetCommandLineA (Address: 0x1801c0200)
- GetCommandLineW (Address: 0x1801c01f8)
- GetConsoleMode (Address: 0x1801c01c0)
- GetConsoleOutputCP (Address: 0x1801c01b8)
- GetCPInfo (Address: 0x1801c05d8)
- GetCurrentProcess (Address: 0x1801c0398)
- GetCurrentProcessId (Address: 0x1801c02d0)
- GetCurrentProcessorNumber (Address: 0x1801c0570)
- GetCurrentThread (Address: 0x1801c0358)
- GetCurrentThreadId (Address: 0x1801c0360)
- GetDateFormatW (Address: 0x1801c0698)
- GetEnvironmentStringsW (Address: 0x1801c01f0)
- GetExitCodeThread (Address: 0x1801c04f8)
- GetFileAttributesW (Address: 0x1801c0248)
- GetFileInformationByHandleEx (Address: 0x1801c05c0)
- GetFileSizeEx (Address: 0x1801c0338)
- GetFileType (Address: 0x1801c0650)
- GetFinalPathNameByHandleW (Address: 0x1801c0340)
- GetFullPathNameW (Address: 0x1801c0250)
- GetLastError (Address: 0x1801c0260)
- GetLocaleInfoEx (Address: 0x1801c0510)
- GetLocaleInfoW (Address: 0x1801c06b8)
- GetLocalTime (Address: 0x1801c0368)
- GetModuleFileNameA (Address: 0x1801c0290)
- GetModuleFileNameW (Address: 0x1801c0298)
- GetModuleHandleExW (Address: 0x1801c0388)
- GetModuleHandleW (Address: 0x1801c02a0)
- GetNativeSystemInfo (Address: 0x1801c0500)
- GetOEMCP (Address: 0x1801c0208)
- GetProcAddress (Address: 0x1801c02a8)
- GetProcessHeap (Address: 0x1801c0190)
- GetStartupInfoW (Address: 0x1801c04d0)
- GetStdHandle (Address: 0x1801c0648)
- GetStringTypeW (Address: 0x1801c05c8)
- GetSystemDirectoryW (Address: 0x1801c0280)
- GetSystemInfo (Address: 0x1801c03b8)
- GetSystemTimeAsFileTime (Address: 0x1801c04d8)
- GetTempPathW (Address: 0x1801c0548)
- GetThreadId (Address: 0x1801c0440)
- GetTickCount (Address: 0x1801c0458)
- GetTickCount64 (Address: 0x1801c0578)
- GetTimeFormatW (Address: 0x1801c06a0)
- GetTimeZoneInformation (Address: 0x1801c01a0)
- GetUserDefaultLCID (Address: 0x1801c06c8)
- HeapAlloc (Address: 0x1801c0670)
- HeapFree (Address: 0x1801c0668)
- HeapReAlloc (Address: 0x1801c0468)
- HeapSize (Address: 0x1801c0470)
- InitializeCriticalSection (Address: 0x1801c02d8)
- InitializeCriticalSectionAndSpinCount (Address: 0x1801c0608)
- InitializeCriticalSectionEx (Address: 0x1801c03f8)
- InitializeSListHead (Address: 0x1801c04e0)
- InitOnceExecuteOnce (Address: 0x1801c0550)
- InterlockedFlushSList (Address: 0x1801c0600)
- InterlockedPushEntrySList (Address: 0x1801c05f8)
- IsDebuggerPresent (Address: 0x1801c04c8)
- IsProcessorFeaturePresent (Address: 0x1801c04c0)
- IsValidCodePage (Address: 0x1801c0218)
- IsValidLocale (Address: 0x1801c06c0)
- LCMapStringEx (Address: 0x1801c0538)
- LCMapStringW (Address: 0x1801c06b0)
- LeaveCriticalSection (Address: 0x1801c02e8)
- LoadLibraryExW (Address: 0x1801c02b0)
- LocalAlloc (Address: 0x1801c02b8)
- LocalFree (Address: 0x1801c02c0)
- MoveFileExW (Address: 0x1801c0378)
- MultiByteToWideChar (Address: 0x1801c0530)
- OpenProcess (Address: 0x1801c03b0)
- OutputDebugStringW (Address: 0x1801c0350)
- Process32FirstW (Address: 0x1801c03d8)
- Process32NextW (Address: 0x1801c03e0)
- ProcessIdToSessionId (Address: 0x1801c03a8)
- QueryFullProcessImageNameW (Address: 0x1801c03c0)
- QueryPerformanceCounter (Address: 0x1801c0448)
- QueryPerformanceFrequency (Address: 0x1801c0450)
- RaiseException (Address: 0x1801c05e0)
- ReadConsoleW (Address: 0x1801c01d0)
- ReadFile (Address: 0x1801c01c8)
- ReleaseSemaphore (Address: 0x1801c0300)
- ReleaseSRWLockExclusive (Address: 0x1801c0478)
- RemoveDirectoryW (Address: 0x1801c03e8)
- ResetEvent (Address: 0x1801c0400)
- ResumeThread (Address: 0x1801c0638)
- RtlCaptureContext (Address: 0x1801c0498)
- RtlLookupFunctionEntry (Address: 0x1801c04a0)
- RtlPcToFileHeader (Address: 0x1801c05e8)
- RtlUnwind (Address: 0x1801c0408)
- RtlUnwindEx (Address: 0x1801c05f0)
- RtlVirtualUnwind (Address: 0x1801c04a8)
- SetConsoleCtrlHandler (Address: 0x1801c0460)
- SetCurrentDirectoryW (Address: 0x1801c0390)
- SetEnvironmentVariableW (Address: 0x1801c01e0)
- SetEvent (Address: 0x1801c02f8)
- SetFileInformationByHandle (Address: 0x1801c0540)
- SetFilePointerEx (Address: 0x1801c0198)
- SetLastError (Address: 0x1801c0268)
- SetStdHandle (Address: 0x1801c01a8)
- SetThreadpoolTimer (Address: 0x1801c0590)
- SetThreadpoolWait (Address: 0x1801c05b0)
- SetUnhandledExceptionFilter (Address: 0x1801c04b8)
- SetWaitableTimer (Address: 0x1801c0420)
- Sleep (Address: 0x1801c0410)
- SleepConditionVariableSRW (Address: 0x1801c0490)
- SwitchToThread (Address: 0x1801c04f0)
- TerminateProcess (Address: 0x1801c03a0)
- TlsAlloc (Address: 0x1801c0610)
- TlsFree (Address: 0x1801c0628)
- TlsGetValue (Address: 0x1801c0618)
- TlsSetValue (Address: 0x1801c0620)
- TryAcquireSRWLockExclusive (Address: 0x1801c0518)
- UnhandledExceptionFilter (Address: 0x1801c04b0)
- VerifyVersionInfoW (Address: 0x1801c02c8)
- VerSetConditionMask (Address: 0x1801c0238)
- WaitForMultipleObjects (Address: 0x1801c0318)
- WaitForSingleObject (Address: 0x1801c0308)
- WaitForSingleObjectEx (Address: 0x1801c04e8)
- WaitForThreadpoolTimerCallbacks (Address: 0x1801c0598)
- WakeAllConditionVariable (Address: 0x1801c0488)
- WakeConditionVariable (Address: 0x1801c0520)
- WideCharToMultiByte (Address: 0x1801c0380)
- WriteConsoleW (Address: 0x1801c0658)
- WriteFile (Address: 0x1801c0348)
- WTSGetActiveConsoleSessionId (Address: 0x1801c03c8)
ole32.dll
- CoCreateGuid (Address: 0x1801c0ac0)
- CoTaskMemFree (Address: 0x1801c0ac8)
SHELL32.dll
- SHGetFolderPathW (Address: 0x1801c0838)
- SHGetKnownFolderPath (Address: 0x1801c0840)
SHLWAPI.dll
- PathFileExistsW (Address: 0x1801c08a0)
USER32.dll
- PostThreadMessageW (Address: 0x1801c0918)
- RegisterDeviceNotificationW (Address: 0x1801c0908)
- UnregisterClassW (Address: 0x1801c0920)
- UnregisterDeviceNotification (Address: 0x1801c0910)
- WaitForInputIdle (Address: 0x1801c0900)
USERENV.dll
- CreateEnvironmentBlock (Address: 0x1801c0990)
- DestroyEnvironmentBlock (Address: 0x1801c0988)
VERSION.dll
- GetFileVersionInfoSizeW (Address: 0x1801c0a00)
- GetFileVersionInfoW (Address: 0x1801c09f0)
- VerQueryValueW (Address: 0x1801c09f8)
WTSAPI32.dll
- WTSQueryUserToken (Address: 0x1801c0a60)