mscordbi.dll
Description: Microsoft .NET Runtime Debugging Services
Authors: © Microsoft Corporation. All rights reserved.
Version: 4.8.9310.0
Architecture: 64-bit
Operating System: Windows
SHA256: c4ace9ced09d786fe9c627e5c2de4d7d
File Size: 1.3 MB
Uploaded At: Dec. 1, 2025, 7:19 a.m.
Views: 17
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: WriteProcessMemory, OpenProcess
Exported Functions
- CreateCordbObject (Ordinal: 1, Address: 0x10d0)
- DllGetClassObjectInternal (Ordinal: 2, Address: 0x1100)
- OpenVirtualProcess (Ordinal: 3, Address: 0x16b0)
- OpenVirtualProcess2 (Ordinal: 4, Address: 0x1660)
- OpenVirtualProcessImpl (Ordinal: 5, Address: 0x1460)
Imported DLLs & Functions
ADVAPI32.dll
- AdjustTokenPrivileges (Address: 0x1800fc068)
- CopySid (Address: 0x1800fc028)
- DeregisterEventSource (Address: 0x1800fc090)
- EqualSid (Address: 0x1800fc008)
- EventWrite (Address: 0x1800fc060)
- GetKernelObjectSecurity (Address: 0x1800fc038)
- GetLengthSid (Address: 0x1800fc040)
- GetSecurityDescriptorOwner (Address: 0x1800fc030)
- GetSidSubAuthority (Address: 0x1800fc018)
- GetSidSubAuthorityCount (Address: 0x1800fc010)
- GetTokenInformation (Address: 0x1800fc098)
- LookupPrivilegeValueW (Address: 0x1800fc078)
- OpenProcessToken (Address: 0x1800fc070)
- OpenThreadToken (Address: 0x1800fc0a0)
- RegCloseKey (Address: 0x1800fc050)
- RegisterEventSourceW (Address: 0x1800fc088)
- RegOpenKeyExW (Address: 0x1800fc048)
- RegQueryValueExW (Address: 0x1800fc058)
- ReportEventW (Address: 0x1800fc080)
- RevertToSelf (Address: 0x1800fc000)
- SetThreadToken (Address: 0x1800fc020)
KERNEL32.dll
- ActivateActCtx (Address: 0x1800fc2f8)
- CloseHandle (Address: 0x1800fc478)
- ContinueDebugEvent (Address: 0x1800fc0d8)
- CreateActCtxW (Address: 0x1800fc2f0)
- CreateEventW (Address: 0x1800fc468)
- CreateFileMappingW (Address: 0x1800fc118)
- CreateFileW (Address: 0x1800fc108)
- CreateMutexW (Address: 0x1800fc2a0)
- CreateProcessW (Address: 0x1800fc4b8)
- CreateSemaphoreW (Address: 0x1800fc2c8)
- CreateThread (Address: 0x1800fc0b0)
- CreateToolhelp32Snapshot (Address: 0x1800fc138)
- DeactivateActCtx (Address: 0x1800fc308)
- DebugActiveProcess (Address: 0x1800fc170)
- DebugBreak (Address: 0x1800fc0c8)
- DeleteCriticalSection (Address: 0x1800fc498)
- DuplicateHandle (Address: 0x1800fc4b0)
- EncodePointer (Address: 0x1800fc328)
- EnterCriticalSection (Address: 0x1800fc480)
- ExitProcess (Address: 0x1800fc358)
- FindClose (Address: 0x1800fc218)
- FindFirstFileExA (Address: 0x1800fc3b0)
- FindNextFileA (Address: 0x1800fc3b8)
- FlushFileBuffers (Address: 0x1800fc388)
- FlushInstructionCache (Address: 0x1800fc438)
- FormatMessageW (Address: 0x1800fc248)
- FreeEnvironmentStringsW (Address: 0x1800fc200)
- FreeLibrary (Address: 0x1800fc0e8)
- GetACP (Address: 0x1800fc240)
- GetCommandLineA (Address: 0x1800fc3d0)
- GetCommandLineW (Address: 0x1800fc3d8)
- GetConsoleCP (Address: 0x1800fc398)
- GetConsoleMode (Address: 0x1800fc3a0)
- GetCPInfo (Address: 0x1800fc238)
- GetCurrentProcess (Address: 0x1800fc440)
- GetCurrentProcessId (Address: 0x1800fc188)
- GetCurrentThread (Address: 0x1800fc228)
- GetCurrentThreadId (Address: 0x1800fc448)
- GetEnvironmentStringsW (Address: 0x1800fc208)
- GetEnvironmentVariableW (Address: 0x1800fc1f8)
- GetFileAttributesExW (Address: 0x1800fc418)
- GetFileSize (Address: 0x1800fc110)
- GetFileType (Address: 0x1800fc378)
- GetLastError (Address: 0x1800fc458)
- GetModuleFileNameA (Address: 0x1800fc368)
- GetModuleFileNameW (Address: 0x1800fc160)
- GetModuleHandleExW (Address: 0x1800fc360)
- GetModuleHandleW (Address: 0x1800fc430)
- GetOEMCP (Address: 0x1800fc3c8)
- GetProcAddress (Address: 0x1800fc4a0)
- GetProcessHeap (Address: 0x1800fc1d0)
- GetStartupInfoW (Address: 0x1800fc350)
- GetStdHandle (Address: 0x1800fc370)
- GetStringTypeW (Address: 0x1800fc380)
- GetSystemInfo (Address: 0x1800fc1e0)
- GetSystemTimeAsFileTime (Address: 0x1800fc1b0)
- GetThreadContext (Address: 0x1800fc0b8)
- GetWindowsDirectoryW (Address: 0x1800fc310)
- HeapAlloc (Address: 0x1800fc1c8)
- HeapCreate (Address: 0x1800fc270)
- HeapDestroy (Address: 0x1800fc2c0)
- HeapFree (Address: 0x1800fc1c0)
- HeapReAlloc (Address: 0x1800fc400)
- HeapSize (Address: 0x1800fc3f8)
- HeapValidate (Address: 0x1800fc2a8)
- InitializeCriticalSection (Address: 0x1800fc470)
- InitializeCriticalSectionAndSpinCount (Address: 0x1800fc3a8)
- InitializeSListHead (Address: 0x1800fc348)
- InterlockedFlushSList (Address: 0x1800fc408)
- IsDBCSLeadByte (Address: 0x1800fc250)
- IsDebuggerPresent (Address: 0x1800fc320)
- IsProcessorFeaturePresent (Address: 0x1800fc340)
- IsValidCodePage (Address: 0x1800fc3c0)
- IsWow64Process (Address: 0x1800fc190)
- LCMapStringW (Address: 0x1800fc260)
- LeaveCriticalSection (Address: 0x1800fc488)
- LoadLibraryExW (Address: 0x1800fc0e0)
- LocalFree (Address: 0x1800fc258)
- MapViewOfFile (Address: 0x1800fc120)
- Module32FirstW (Address: 0x1800fc150)
- Module32NextW (Address: 0x1800fc158)
- MultiByteToWideChar (Address: 0x1800fc220)
- OpenFileMappingW (Address: 0x1800fc410)
- OpenProcess (Address: 0x1800fc0f0)
- OpenThread (Address: 0x1800fc180)
- OutputDebugStringW (Address: 0x1800fc1f0)
- QueryPerformanceCounter (Address: 0x1800fc1b8)
- QueryPerformanceFrequency (Address: 0x1800fc1a8)
- RaiseException (Address: 0x1800fc1d8)
- ReadFile (Address: 0x1800fc428)
- ReadProcessMemory (Address: 0x1800fc100)
- ReleaseActCtx (Address: 0x1800fc318)
- ReleaseMutex (Address: 0x1800fc0f8)
- ReleaseSemaphore (Address: 0x1800fc290)
- ResetEvent (Address: 0x1800fc450)
- ResumeThread (Address: 0x1800fc268)
- SetErrorMode (Address: 0x1800fc300)
- SetEvent (Address: 0x1800fc460)
- SetFilePointer (Address: 0x1800fc420)
- SetFilePointerEx (Address: 0x1800fc3e8)
- SetLastError (Address: 0x1800fc1a0)
- SetStdHandle (Address: 0x1800fc3e0)
- SetThreadContext (Address: 0x1800fc0d0)
- SetUnhandledExceptionFilter (Address: 0x1800fc338)
- Sleep (Address: 0x1800fc130)
- SleepEx (Address: 0x1800fc2d0)
- SuspendThread (Address: 0x1800fc2e0)
- SwitchToThread (Address: 0x1800fc230)
- TerminateProcess (Address: 0x1800fc0c0)
- Thread32First (Address: 0x1800fc140)
- Thread32Next (Address: 0x1800fc148)
- TlsAlloc (Address: 0x1800fc2b8)
- TlsFree (Address: 0x1800fc4c0)
- TlsGetValue (Address: 0x1800fc2d8)
- TlsSetValue (Address: 0x1800fc278)
- UnhandledExceptionFilter (Address: 0x1800fc330)
- UnmapViewOfFile (Address: 0x1800fc128)
- VerifyVersionInfoW (Address: 0x1800fc1e8)
- VirtualAlloc (Address: 0x1800fc298)
- VirtualFree (Address: 0x1800fc288)
- VirtualProtect (Address: 0x1800fc280)
- VirtualQuery (Address: 0x1800fc2e8)
- VirtualQueryEx (Address: 0x1800fc168)
- WaitForDebugEvent (Address: 0x1800fc178)
- WaitForMultipleObjectsEx (Address: 0x1800fc490)
- WaitForSingleObject (Address: 0x1800fc4a8)
- WaitForSingleObjectEx (Address: 0x1800fc2b0)
- WideCharToMultiByte (Address: 0x1800fc210)
- WriteConsoleW (Address: 0x1800fc3f0)
- WriteFile (Address: 0x1800fc390)
- WriteProcessMemory (Address: 0x1800fc198)
ntdll.dll
- RtlCaptureContext (Address: 0x1800fc550)
- RtlLookupFunctionEntry (Address: 0x1800fc530)
- RtlPcToFileHeader (Address: 0x1800fc540)
- RtlUnwindEx (Address: 0x1800fc548)
- RtlVirtualUnwind (Address: 0x1800fc538)
- VerSetConditionMask (Address: 0x1800fc528)
ole32.dll
- CoCreateFreeThreadedMarshaler (Address: 0x1800fc588)
- CoCreateGuid (Address: 0x1800fc570)
- CoTaskMemAlloc (Address: 0x1800fc560)
- CoTaskMemFree (Address: 0x1800fc568)
- CreateStreamOnHGlobal (Address: 0x1800fc578)
- IIDFromString (Address: 0x1800fc580)
OLEAUT32.dll
- CreateErrorInfo (Address: 0x1800fc4e0)
- SetErrorInfo (Address: 0x1800fc4d8)
- VariantInit (Address: 0x1800fc4d0)
USER32.dll
- GetProcessWindowStation (Address: 0x1800fc500)
- GetUserObjectInformationW (Address: 0x1800fc4f8)
- LoadStringW (Address: 0x1800fc4f0)
WTSAPI32.dll
- WTSEnumerateProcessesW (Address: 0x1800fc518)
- WTSFreeMemory (Address: 0x1800fc510)