mscordbi.dll

Description: .NET Runtime Debugging Services

Authors: © Microsoft Corporation. All rights reserved.

Version: 8.0.1825.31117

Architecture: 64-bit

Operating System: Windows

SHA256: 337831734193ae91e54d8ac6985ddc81

File Size: 1.2 MB

Uploaded At: Dec. 1, 2025, 2:56 p.m.

Views: 6

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: WriteProcessMemory, OpenProcess

Exported Functions

  • CoreCLRCreateCordbObject (Ordinal: 1, Address: 0x1300)
  • CoreCLRCreateCordbObject3 (Ordinal: 2, Address: 0x10d0)
  • CoreCLRCreateCordbObjectEx (Ordinal: 3, Address: 0x11e0)
  • CreateCordbObject (Ordinal: 4, Address: 0x1090)
  • DllGetClassObjectInternal (Ordinal: 5, Address: 0x1420)
  • OpenVirtualProcess (Ordinal: 6, Address: 0x7160)
  • OpenVirtualProcess2 (Ordinal: 7, Address: 0x7110)
  • OpenVirtualProcessImpl (Ordinal: 8, Address: 0x6ea0)
  • OpenVirtualProcessImpl2 (Ordinal: 9, Address: 0x7070)

Imported DLLs & Functions

ADVAPI32.dll
  • AdjustTokenPrivileges (Address: 0x1800f1048)
  • GetSidSubAuthority (Address: 0x1800f1008)
  • GetSidSubAuthorityCount (Address: 0x1800f1000)
  • GetTokenInformation (Address: 0x1800f1010)
  • LookupPrivilegeValueW (Address: 0x1800f1058)
  • OpenProcessToken (Address: 0x1800f1050)
  • OpenThreadToken (Address: 0x1800f1028)
  • RegCloseKey (Address: 0x1800f1040)
  • RegOpenKeyExW (Address: 0x1800f1038)
  • RegQueryValueExW (Address: 0x1800f1030)
  • RevertToSelf (Address: 0x1800f1020)
  • SetThreadToken (Address: 0x1800f1018)
api-ms-win-crt-convert-l1-1-0.dll
  • wcstoul (Address: 0x1800f13a0)
api-ms-win-crt-heap-l1-1-0.dll
  • calloc (Address: 0x1800f13b8)
  • free (Address: 0x1800f13c0)
  • malloc (Address: 0x1800f13b0)
api-ms-win-crt-runtime-l1-1-0.dll
  • _cexit (Address: 0x1800f1408)
  • _configure_narrow_argv (Address: 0x1800f13e0)
  • _errno (Address: 0x1800f1420)
  • _execute_onexit_table (Address: 0x1800f1400)
  • _initialize_narrow_environment (Address: 0x1800f1418)
  • _initialize_onexit_table (Address: 0x1800f13f8)
  • _initterm (Address: 0x1800f1428)
  • _initterm_e (Address: 0x1800f13e8)
  • _invalid_parameter_noinfo (Address: 0x1800f13f0)
  • _seh_filter_dll (Address: 0x1800f13d8)
  • abort (Address: 0x1800f1410)
  • terminate (Address: 0x1800f13d0)
api-ms-win-crt-stdio-l1-1-0.dll
  • __stdio_common_vsnprintf_s (Address: 0x1800f1438)
api-ms-win-crt-string-l1-1-0.dll
  • _wcsicmp (Address: 0x1800f1458)
  • strcmp (Address: 0x1800f1498)
  • strcpy_s (Address: 0x1800f1490)
  • strncmp (Address: 0x1800f1480)
  • strncpy_s (Address: 0x1800f1488)
  • wcscat_s (Address: 0x1800f1448)
  • wcscpy_s (Address: 0x1800f1450)
  • wcsncat_s (Address: 0x1800f1470)
  • wcsncmp (Address: 0x1800f1468)
  • wcsncpy_s (Address: 0x1800f1478)
  • wcsnlen (Address: 0x1800f1460)
KERNEL32.dll
  • CloseHandle (Address: 0x1800f12a0)
  • ContinueDebugEvent (Address: 0x1800f1128)
  • CopyContext (Address: 0x1800f1108)
  • CreateEventW (Address: 0x1800f12b0)
  • CreateFileMappingW (Address: 0x1800f1150)
  • CreateFileW (Address: 0x1800f1078)
  • CreateProcessW (Address: 0x1800f1258)
  • CreateSemaphoreExW (Address: 0x1800f1278)
  • CreateThread (Address: 0x1800f10f8)
  • DebugActiveProcess (Address: 0x1800f1170)
  • DebugActiveProcessStop (Address: 0x1800f1178)
  • DebugBreak (Address: 0x1800f11d8)
  • DeleteCriticalSection (Address: 0x1800f1090)
  • DuplicateHandle (Address: 0x1800f12b8)
  • EncodePointer (Address: 0x1800f1310)
  • EnterCriticalSection (Address: 0x1800f1088)
  • FlushFileBuffers (Address: 0x1800f1070)
  • FlushInstructionCache (Address: 0x1800f10d8)
  • FormatMessageW (Address: 0x1800f1210)
  • FreeLibrary (Address: 0x1800f1130)
  • GetACP (Address: 0x1800f11f8)
  • GetCurrentProcess (Address: 0x1800f12d0)
  • GetCurrentProcessId (Address: 0x1800f1068)
  • GetCurrentThread (Address: 0x1800f1248)
  • GetCurrentThreadId (Address: 0x1800f10d0)
  • GetEnvironmentVariableW (Address: 0x1800f1230)
  • GetFileAttributesExW (Address: 0x1800f1238)
  • GetFileSize (Address: 0x1800f1148)
  • GetFullPathNameW (Address: 0x1800f1240)
  • GetLastError (Address: 0x1800f12a8)
  • GetModuleFileNameW (Address: 0x1800f1228)
  • GetModuleHandleW (Address: 0x1800f1140)
  • GetProcAddress (Address: 0x1800f10b0)
  • GetProcessHeap (Address: 0x1800f11d0)
  • GetSystemInfo (Address: 0x1800f1220)
  • GetSystemTimeAsFileTime (Address: 0x1800f11c0)
  • GetThreadContext (Address: 0x1800f1120)
  • HeapAlloc (Address: 0x1800f11a8)
  • HeapCreate (Address: 0x1800f11c8)
  • HeapFree (Address: 0x1800f11b0)
  • InitializeContext (Address: 0x1800f1100)
  • InitializeCriticalSection (Address: 0x1800f1098)
  • InitializeCriticalSectionAndSpinCount (Address: 0x1800f1308)
  • InitializeSListHead (Address: 0x1800f1330)
  • InterlockedFlushSList (Address: 0x1800f1318)
  • IsDebuggerPresent (Address: 0x1800f1328)
  • IsProcessorFeaturePresent (Address: 0x1800f1338)
  • IsWow64Process (Address: 0x1800f1190)
  • LCMapStringEx (Address: 0x1800f1200)
  • LeaveCriticalSection (Address: 0x1800f1080)
  • LoadLibraryExW (Address: 0x1800f10a8)
  • LocalFree (Address: 0x1800f1218)
  • MapViewOfFile (Address: 0x1800f1158)
  • MultiByteToWideChar (Address: 0x1800f1208)
  • OpenProcess (Address: 0x1800f1188)
  • OpenThread (Address: 0x1800f10e0)
  • QueryPerformanceCounter (Address: 0x1800f11b8)
  • QueryPerformanceFrequency (Address: 0x1800f12d8)
  • RaiseException (Address: 0x1800f11e8)
  • ReadFile (Address: 0x1800f12e0)
  • ReadProcessMemory (Address: 0x1800f1198)
  • ReleaseSemaphore (Address: 0x1800f1288)
  • ResetEvent (Address: 0x1800f10c8)
  • ResumeThread (Address: 0x1800f10f0)
  • RtlCaptureContext (Address: 0x1800f1360)
  • RtlLookupFunctionEntry (Address: 0x1800f1358)
  • RtlPcToFileHeader (Address: 0x1800f1298)
  • RtlUnwindEx (Address: 0x1800f1320)
  • RtlVirtualUnwind (Address: 0x1800f1350)
  • SetEvent (Address: 0x1800f10c0)
  • SetFilePointer (Address: 0x1800f1290)
  • SetLastError (Address: 0x1800f11f0)
  • SetThreadContext (Address: 0x1800f1110)
  • SetUnhandledExceptionFilter (Address: 0x1800f1340)
  • Sleep (Address: 0x1800f1168)
  • SleepEx (Address: 0x1800f1260)
  • SuspendThread (Address: 0x1800f10e8)
  • SwitchToThread (Address: 0x1800f1250)
  • TerminateProcess (Address: 0x1800f1118)
  • TlsAlloc (Address: 0x1800f1300)
  • TlsFree (Address: 0x1800f12e8)
  • TlsGetValue (Address: 0x1800f12f8)
  • TlsSetValue (Address: 0x1800f12f0)
  • UnhandledExceptionFilter (Address: 0x1800f1348)
  • UnmapViewOfFile (Address: 0x1800f1160)
  • VirtualAlloc (Address: 0x1800f1268)
  • VirtualFree (Address: 0x1800f1270)
  • VirtualQuery (Address: 0x1800f11e0)
  • VirtualQueryEx (Address: 0x1800f1138)
  • WaitForDebugEvent (Address: 0x1800f1180)
  • WaitForMultipleObjectsEx (Address: 0x1800f10b8)
  • WaitForSingleObject (Address: 0x1800f12c0)
  • WaitForSingleObjectEx (Address: 0x1800f1280)
  • WideCharToMultiByte (Address: 0x1800f10a0)
  • WriteFile (Address: 0x1800f12c8)
  • WriteProcessMemory (Address: 0x1800f11a0)
ole32.dll
  • CoCreateGuid (Address: 0x1800f14b8)
  • CoTaskMemAlloc (Address: 0x1800f14a8)
  • CoTaskMemFree (Address: 0x1800f14b0)
OLEAUT32.dll
  • CreateErrorInfo (Address: 0x1800f1370)
  • SetErrorInfo (Address: 0x1800f1378)
  • VariantInit (Address: 0x1800f1380)
USER32.dll
  • LoadStringW (Address: 0x1800f1390)