client_extension.dll

Description: 腾讯元宝

Authors: (c) Tencent Corporation. All rights reserved.

Version: 2.43.11.614

Architecture: 64-bit

Operating System: Unknown (0x0)

SHA256: 92bfdb65ca46e8afc6361b711a172763

File Size: 719.5 KB

Uploaded At: Dec. 1, 2025, 2:55 p.m.

Views: 6

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: WriteProcessMemory, OpenProcess, VirtualAllocEx

Exported Functions

  • BuglyCaptureContext (Ordinal: 1, Address: 0x1550)
  • CreateBuglyAgent (Ordinal: 2, Address: 0x9010)
  • GetLogMessageHandler (Ordinal: 3, Address: 0x34550)
  • RegisterBuglyExtraHandler (Ordinal: 4, Address: 0x9150)
  • SetLogMessageHandler (Ordinal: 5, Address: 0x343b0)
  • UnregisterBuglyExtraHandler (Ordinal: 6, Address: 0x9300)

Imported DLLs & Functions

ADVAPI32.dll
  • BuildExplicitAccessWithNameW (Address: 0x180085028)
  • BuildSecurityDescriptorW (Address: 0x180085038)
  • ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x180085030)
  • InitializeSecurityDescriptor (Address: 0x180085020)
  • RegCloseKey (Address: 0x180085040)
  • RegCreateKeyExW (Address: 0x180085048)
  • RegDeleteValueW (Address: 0x180085060)
  • RegOpenKeyExA (Address: 0x180085010)
  • RegOpenKeyExW (Address: 0x180085058)
  • RegQueryValueExA (Address: 0x180085008)
  • RegSetValueExW (Address: 0x180085050)
  • SetSecurityDescriptorDacl (Address: 0x180085018)
  • SystemFunction036 (Address: 0x180085000)
dbghelp.dll
  • StackWalk64 (Address: 0x180085808)
  • SymFunctionTableAccess64 (Address: 0x180085818)
  • SymGetModuleBase64 (Address: 0x180085820)
  • SymInitialize (Address: 0x180085810)
KERNEL32.dll
  • AcquireSRWLockExclusive (Address: 0x180085400)
  • CancelIo (Address: 0x1800854d0)
  • CancelIoEx (Address: 0x1800854c8)
  • CancelSynchronousIo (Address: 0x180085508)
  • CloseHandle (Address: 0x180085300)
  • CompareStringW (Address: 0x1800853c0)
  • ConnectNamedPipe (Address: 0x1800854f8)
  • CreateDirectoryW (Address: 0x180085208)
  • CreateEventA (Address: 0x180085290)
  • CreateEventW (Address: 0x1800850d8)
  • CreateFileA (Address: 0x180085258)
  • CreateFileMappingW (Address: 0x180085240)
  • CreateFileW (Address: 0x1800852d8)
  • CreateIoCompletionPort (Address: 0x180085458)
  • CreateNamedPipeW (Address: 0x1800852e0)
  • CreateProcessW (Address: 0x180085140)
  • CreateSemaphoreA (Address: 0x180085450)
  • CreateThread (Address: 0x180085108)
  • CreateToolhelp32Snapshot (Address: 0x180085190)
  • DebugBreak (Address: 0x180085478)
  • DecodePointer (Address: 0x1800855e8)
  • DeleteCriticalSection (Address: 0x1800851f0)
  • DeleteFileW (Address: 0x180085218)
  • DeviceIoControl (Address: 0x180085250)
  • DuplicateHandle (Address: 0x1800851c8)
  • EncodePointer (Address: 0x1800855e0)
  • EnterCriticalSection (Address: 0x1800851d8)
  • EnumSystemLocalesW (Address: 0x1800853a0)
  • ExitProcess (Address: 0x1800852b8)
  • ExitThread (Address: 0x180085648)
  • FileTimeToSystemTime (Address: 0x1800854c0)
  • FindClose (Address: 0x180085170)
  • FindFirstFileExW (Address: 0x180085388)
  • FindNextFileW (Address: 0x180085578)
  • FlsAlloc (Address: 0x1800853e0)
  • FlsFree (Address: 0x1800853c8)
  • FlsGetValue (Address: 0x1800853d8)
  • FlsSetValue (Address: 0x1800853d0)
  • FlushFileBuffers (Address: 0x1800854f0)
  • FormatMessageA (Address: 0x180085220)
  • FormatMessageW (Address: 0x1800851f8)
  • FreeEnvironmentStringsW (Address: 0x180085490)
  • FreeLibrary (Address: 0x180085640)
  • FreeLibraryAndExitThread (Address: 0x180085650)
  • GetACP (Address: 0x180085378)
  • GetCommandLineA (Address: 0x180085368)
  • GetCommandLineW (Address: 0x180085360)
  • GetConsoleMode (Address: 0x180085470)
  • GetConsoleOutputCP (Address: 0x1800853f0)
  • GetConsoleScreenBufferInfo (Address: 0x180085548)
  • GetCPInfo (Address: 0x1800855f8)
  • GetCurrentDirectoryW (Address: 0x1800854a0)
  • GetCurrentProcess (Address: 0x1800850b8)
  • GetCurrentProcessId (Address: 0x180085320)
  • GetCurrentThread (Address: 0x1800851d0)
  • GetCurrentThreadId (Address: 0x180085330)
  • GetDriveTypeW (Address: 0x180085660)
  • GetEnvironmentStringsW (Address: 0x180085488)
  • GetErrorMode (Address: 0x180085118)
  • GetExitCodeProcess (Address: 0x180085560)
  • GetExitCodeThread (Address: 0x1800850e0)
  • GetFileAttributesW (Address: 0x180085210)
  • GetFileInformationByHandle (Address: 0x180085580)
  • GetFileSizeEx (Address: 0x1800851a0)
  • GetFileTime (Address: 0x180085350)
  • GetFileType (Address: 0x1800850a0)
  • GetFullPathNameW (Address: 0x180085588)
  • GetLastError (Address: 0x1800852c8)
  • GetLocaleInfoW (Address: 0x1800853b8)
  • GetLocalTime (Address: 0x180085200)
  • GetLongPathNameW (Address: 0x180085598)
  • GetModuleFileNameW (Address: 0x1800851c0)
  • GetModuleHandleA (Address: 0x180085188)
  • GetModuleHandleExW (Address: 0x180085658)
  • GetModuleHandleW (Address: 0x1800852b0)
  • GetNamedPipeHandleStateA (Address: 0x180085518)
  • GetNativeSystemInfo (Address: 0x180085448)
  • GetNumberOfConsoleInputEvents (Address: 0x180085528)
  • GetOEMCP (Address: 0x180085370)
  • GetProcAddress (Address: 0x180085120)
  • GetProcessHeap (Address: 0x180085138)
  • GetProcessTimes (Address: 0x180085230)
  • GetQueuedCompletionStatus (Address: 0x180085460)
  • GetStartupInfoW (Address: 0x1800855b0)
  • GetStdHandle (Address: 0x180085070)
  • GetStringTypeW (Address: 0x1800855b8)
  • GetSystemInfo (Address: 0x180085260)
  • GetSystemTimeAsFileTime (Address: 0x1800854b8)
  • GetThreadContext (Address: 0x1800852f8)
  • GetTimeZoneInformation (Address: 0x180085398)
  • GetUserDefaultLCID (Address: 0x1800853a8)
  • GetVersion (Address: 0x1800852d0)
  • HeapAlloc (Address: 0x180085110)
  • HeapFree (Address: 0x1800853e8)
  • HeapReAlloc (Address: 0x180085390)
  • HeapSize (Address: 0x180085358)
  • InitializeCriticalSection (Address: 0x180085410)
  • InitializeCriticalSectionAndSpinCount (Address: 0x1800851e0)
  • InitializeCriticalSectionEx (Address: 0x1800855d8)
  • InitializeSListHead (Address: 0x180085620)
  • InitOnceBeginInitialize (Address: 0x1800855c8)
  • InitOnceComplete (Address: 0x1800855c0)
  • InterlockedFlushSList (Address: 0x180085628)
  • IsBadReadPtr (Address: 0x1800851b0)
  • IsBadStringPtrA (Address: 0x180085340)
  • IsDebuggerPresent (Address: 0x180085150)
  • IsProcessorFeaturePresent (Address: 0x180085618)
  • IsValidCodePage (Address: 0x180085380)
  • IsValidLocale (Address: 0x1800853b0)
  • IsWow64Process (Address: 0x180085228)
  • LCMapStringEx (Address: 0x1800855f0)
  • LCMapStringW (Address: 0x180085570)
  • LeaveCriticalSection (Address: 0x1800851e8)
  • LoadLibraryExA (Address: 0x1800855a8)
  • LoadLibraryExW (Address: 0x180085318)
  • LoadLibraryW (Address: 0x180085328)
  • LocalFree (Address: 0x180085288)
  • LockFileEx (Address: 0x180085098)
  • MapViewOfFile (Address: 0x180085248)
  • Module32FirstW (Address: 0x180085198)
  • Module32NextW (Address: 0x1800851a8)
  • MultiByteToWideChar (Address: 0x180085268)
  • OpenEventA (Address: 0x1800852a8)
  • OpenProcess (Address: 0x1800850d0)
  • OpenThread (Address: 0x1800851b8)
  • OutputDebugStringA (Address: 0x180085310)
  • OutputDebugStringW (Address: 0x180085348)
  • PeekNamedPipe (Address: 0x180085500)
  • PostQueuedCompletionStatus (Address: 0x180085468)
  • QueryPerformanceCounter (Address: 0x1800854a8)
  • QueryPerformanceFrequency (Address: 0x1800854b0)
  • QueueUserWorkItem (Address: 0x180085510)
  • RaiseException (Address: 0x180085100)
  • ReadConsoleInputW (Address: 0x180085530)
  • ReadConsoleW (Address: 0x180085538)
  • ReadDirectoryChangesW (Address: 0x1800855a0)
  • ReadFile (Address: 0x1800852f0)
  • ReadProcessMemory (Address: 0x180085130)
  • RegisterWaitForSingleObject (Address: 0x1800854d8)
  • ReleaseSemaphore (Address: 0x180085420)
  • ReleaseSRWLockExclusive (Address: 0x1800853f8)
  • RemoveDirectoryW (Address: 0x180085590)
  • ResetEvent (Address: 0x180085520)
  • ResumeThread (Address: 0x180085180)
  • RtlCaptureContext (Address: 0x1800850b0)
  • RtlLookupFunctionEntry (Address: 0x180085600)
  • RtlPcToFileHeader (Address: 0x180085638)
  • RtlUnwind (Address: 0x180085280)
  • RtlUnwindEx (Address: 0x180085630)
  • RtlVirtualUnwind (Address: 0x180085608)
  • SetConsoleCtrlHandler (Address: 0x1800854e8)
  • SetConsoleCursorPosition (Address: 0x180085550)
  • SetEndOfFile (Address: 0x180085080)
  • SetEnvironmentVariableW (Address: 0x180085498)
  • SetErrorMode (Address: 0x1800850c8)
  • SetEvent (Address: 0x180085298)
  • SetFilePointerEx (Address: 0x180085090)
  • SetHandleInformation (Address: 0x180085480)
  • SetLastError (Address: 0x1800852e8)
  • SetNamedPipeHandleState (Address: 0x180085308)
  • SetStdHandle (Address: 0x180085670)
  • SetUnhandledExceptionFilter (Address: 0x180085158)
  • Sleep (Address: 0x1800850e8)
  • SleepConditionVariableSRW (Address: 0x1800855d0)
  • SleepEx (Address: 0x180085148)
  • SuspendThread (Address: 0x180085178)
  • SwitchToThread (Address: 0x180085278)
  • SystemTimeToTzSpecificLocalTime (Address: 0x180085668)
  • TerminateProcess (Address: 0x1800850c0)
  • Thread32First (Address: 0x180085168)
  • Thread32Next (Address: 0x180085160)
  • TlsAlloc (Address: 0x180085428)
  • TlsFree (Address: 0x180085440)
  • TlsGetValue (Address: 0x180085430)
  • TlsSetValue (Address: 0x180085438)
  • TransactNamedPipe (Address: 0x1800852c0)
  • TryAcquireSRWLockExclusive (Address: 0x180085408)
  • UnhandledExceptionFilter (Address: 0x180085610)
  • UnlockFileEx (Address: 0x180085088)
  • UnmapViewOfFile (Address: 0x180085238)
  • UnregisterWait (Address: 0x1800854e0)
  • UnregisterWaitEx (Address: 0x180085568)
  • VirtualAllocEx (Address: 0x180085128)
  • WaitForSingleObject (Address: 0x1800852a0)
  • WaitNamedPipeW (Address: 0x180085338)
  • WakeAllConditionVariable (Address: 0x180085418)
  • WerRegisterRuntimeExceptionModule (Address: 0x1800850f8)
  • WerUnregisterRuntimeExceptionModule (Address: 0x1800850f0)
  • WideCharToMultiByte (Address: 0x180085270)
  • WriteConsoleInputW (Address: 0x180085558)
  • WriteConsoleW (Address: 0x180085540)
  • WriteFile (Address: 0x180085078)
  • WriteProcessMemory (Address: 0x1800850a8)
ole32.dll
  • CoCreateGuid (Address: 0x180085830)
  • CoInitializeEx (Address: 0x180085838)
  • CoUninitialize (Address: 0x180085840)
SHLWAPI.dll
  • PathFileExistsW (Address: 0x180085680)
USER32.dll
  • CreateWindowExA (Address: 0x1800856b0)
  • DefWindowProcW (Address: 0x1800856a0)
  • DestroyWindow (Address: 0x1800856c0)
  • DispatchMessageA (Address: 0x1800856d8)
  • GetMessageA (Address: 0x1800856e8)
  • GetSystemMetrics (Address: 0x1800856c8)
  • GetWindowLongPtrW (Address: 0x1800856f0)
  • KillTimer (Address: 0x1800856e0)
  • MapVirtualKeyW (Address: 0x1800856d0)
  • PostMessageW (Address: 0x1800856b8)
  • RegisterClassExA (Address: 0x1800856a8)
  • SetTimer (Address: 0x180085698)
  • SetWindowLongPtrW (Address: 0x1800856f8)
  • TranslateMessage (Address: 0x180085690)
VERSION.dll
  • GetFileVersionInfoSizeW (Address: 0x180085718)
  • GetFileVersionInfoW (Address: 0x180085710)
  • VerQueryValueW (Address: 0x180085708)
WINHTTP.dll
  • WinHttpAddRequestHeaders (Address: 0x180085768)
  • WinHttpCloseHandle (Address: 0x180085748)
  • WinHttpConnect (Address: 0x180085728)
  • WinHttpCrackUrl (Address: 0x180085780)
  • WinHttpOpen (Address: 0x180085770)
  • WinHttpOpenRequest (Address: 0x180085750)
  • WinHttpQueryHeaders (Address: 0x180085760)
  • WinHttpReadData (Address: 0x180085758)
  • WinHttpReceiveResponse (Address: 0x180085778)
  • WinHttpSendRequest (Address: 0x180085738)
  • WinHttpSetTimeouts (Address: 0x180085730)
  • WinHttpWriteData (Address: 0x180085740)
WS2_32.dll
  • closesocket (Address: 0x1800857a0)
  • getsockopt (Address: 0x1800857a8)
  • htons (Address: 0x180085798)
  • select (Address: 0x1800857f0)
  • setsockopt (Address: 0x1800857b0)
  • shutdown (Address: 0x1800857d8)
  • socket (Address: 0x1800857c0)
  • WSAGetLastError (Address: 0x1800857b8)
  • WSAIoctl (Address: 0x1800857e0)
  • WSARecv (Address: 0x1800857c8)
  • WSARecvFrom (Address: 0x1800857d0)
  • WSASetLastError (Address: 0x180085790)
  • WSASocketW (Address: 0x1800857e8)
  • WSAStartup (Address: 0x1800857f8)