dbgshim.dll

Description: Microsoft .NET Runtime Multi-CLR Debugging Helper

Authors: © Microsoft Corporation. All rights reserved.

Version: 5.0.1722.21314

Architecture: 32-bit

Operating System: Windows

SHA256: b09de31c40eee0e7c4c40b60039aa533

File Size: 103.4 KB

Uploaded At: Dec. 2, 2025, 2:43 p.m.

Views: 6

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • CLRCreateInstance (Ordinal: 1, Address: 0x2e90)
  • CloseCLREnumeration (Ordinal: 2, Address: 0x2430)
  • CloseResumeHandle (Ordinal: 3, Address: 0x1450)
  • CreateDebuggingInterfaceFromVersion2 (Ordinal: 4, Address: 0x2960)
  • CreateDebuggingInterfaceFromVersion (Ordinal: 5, Address: 0x2c50)
  • CreateDebuggingInterfaceFromVersionEx (Ordinal: 6, Address: 0x2940)
  • CreateProcessForLaunch (Ordinal: 7, Address: 0x1380)
  • CreateVersionStringFromModule (Ordinal: 8, Address: 0x25d0)
  • EnumerateCLRs (Ordinal: 9, Address: 0x2220)
  • GetStartupNotificationEvent (Ordinal: 10, Address: 0x19e0)
  • RegisterForRuntimeStartup (Ordinal: 11, Address: 0x1920)
  • RegisterForRuntimeStartupEx (Ordinal: 12, Address: 0x1940)
  • ResumeProcess (Ordinal: 13, Address: 0x1420)
  • UnregisterForRuntimeStartup (Ordinal: 14, Address: 0x19c0)

Imported DLLs & Functions

ADVAPI32.dll
  • AddAccessAllowedAce (Address: 0x10011024)
  • CopySid (Address: 0x10011004)
  • GetLengthSid (Address: 0x10011000)
  • GetSidSubAuthority (Address: 0x10011010)
  • GetSidSubAuthorityCount (Address: 0x1001100c)
  • GetTokenInformation (Address: 0x10011014)
  • InitializeAcl (Address: 0x10011028)
  • InitializeSecurityDescriptor (Address: 0x10011020)
  • OpenProcessToken (Address: 0x10011018)
  • SetSecurityDescriptorDacl (Address: 0x1001101c)
  • SetSecurityDescriptorSacl (Address: 0x10011008)
api-ms-win-crt-heap-l1-1-0.dll
  • calloc (Address: 0x10011148)
  • free (Address: 0x10011144)
  • malloc (Address: 0x1001114c)
api-ms-win-crt-runtime-l1-1-0.dll
  • _cexit (Address: 0x10011160)
  • _configure_narrow_argv (Address: 0x10011170)
  • _errno (Address: 0x10011154)
  • _execute_onexit_table (Address: 0x1001117c)
  • _initialize_narrow_environment (Address: 0x10011174)
  • _initialize_onexit_table (Address: 0x10011178)
  • _initterm (Address: 0x10011164)
  • _initterm_e (Address: 0x10011168)
  • _seh_filter_dll (Address: 0x1001116c)
  • abort (Address: 0x1001115c)
  • terminate (Address: 0x10011158)
api-ms-win-crt-stdio-l1-1-0.dll
  • __stdio_common_vsnprintf_s (Address: 0x10011190)
  • __stdio_common_vsnwprintf_s (Address: 0x10011188)
  • __stdio_common_vswprintf_s (Address: 0x1001118c)
  • __stdio_common_vswscanf (Address: 0x10011184)
api-ms-win-crt-string-l1-1-0.dll
  • _stricmp (Address: 0x100111a0)
  • _wcsicmp (Address: 0x1001119c)
  • strcpy_s (Address: 0x100111ac)
  • strncmp (Address: 0x100111a4)
  • wcscpy_s (Address: 0x100111b0)
  • wcsncmp (Address: 0x100111a8)
  • wcsncpy_s (Address: 0x10011198)
KERNEL32.dll
  • CloseHandle (Address: 0x100110c0)
  • CreateEventW (Address: 0x100110d4)
  • CreateFileMappingW (Address: 0x10011068)
  • CreateFileW (Address: 0x10011034)
  • CreateProcessW (Address: 0x100110a8)
  • CreateThread (Address: 0x100110bc)
  • DeleteCriticalSection (Address: 0x10011078)
  • DuplicateHandle (Address: 0x100110dc)
  • EncodePointer (Address: 0x100110fc)
  • EnterCriticalSection (Address: 0x1001107c)
  • FormatMessageW (Address: 0x10011058)
  • FreeLibrary (Address: 0x100110a4)
  • GetCurrentProcess (Address: 0x1001109c)
  • GetCurrentProcessId (Address: 0x100110ac)
  • GetCurrentThreadId (Address: 0x100110ec)
  • GetFileSize (Address: 0x100110b4)
  • GetFullPathNameW (Address: 0x1001106c)
  • GetLastError (Address: 0x100110c8)
  • GetProcAddress (Address: 0x100110b8)
  • GetProcessHeap (Address: 0x10011044)
  • GetSystemInfo (Address: 0x10011084)
  • GetSystemTimeAsFileTime (Address: 0x10011070)
  • HeapAlloc (Address: 0x1001103c)
  • HeapFree (Address: 0x10011040)
  • InitializeCriticalSection (Address: 0x10011074)
  • InitializeCriticalSectionAndSpinCount (Address: 0x100110f8)
  • InitializeSListHead (Address: 0x10011108)
  • InterlockedFlushSList (Address: 0x10011100)
  • IsDBCSLeadByte (Address: 0x10011054)
  • IsDebuggerPresent (Address: 0x1001108c)
  • IsProcessorFeaturePresent (Address: 0x10011110)
  • K32EnumProcessModules (Address: 0x100110a0)
  • K32GetModuleFileNameExW (Address: 0x100110f4)
  • LCMapStringEx (Address: 0x1001104c)
  • LeaveCriticalSection (Address: 0x10011080)
  • LoadLibraryExW (Address: 0x10011064)
  • LoadLibraryW (Address: 0x10011038)
  • LocalFree (Address: 0x1001105c)
  • MapViewOfFile (Address: 0x10011030)
  • MultiByteToWideChar (Address: 0x10011050)
  • OpenEventW (Address: 0x100110e8)
  • OpenProcess (Address: 0x100110d8)
  • ProcessIdToSessionId (Address: 0x100110d0)
  • QueryPerformanceCounter (Address: 0x1001110c)
  • RaiseException (Address: 0x10011048)
  • ReadProcessMemory (Address: 0x100110b0)
  • ResumeThread (Address: 0x100110e4)
  • RtlUnwind (Address: 0x10011104)
  • SetEvent (Address: 0x100110c4)
  • SetLastError (Address: 0x10011060)
  • SetUnhandledExceptionFilter (Address: 0x10011114)
  • Sleep (Address: 0x100110cc)
  • TerminateProcess (Address: 0x10011088)
  • TlsAlloc (Address: 0x10011098)
  • TlsFree (Address: 0x1001111c)
  • TlsGetValue (Address: 0x10011094)
  • TlsSetValue (Address: 0x10011090)
  • UnhandledExceptionFilter (Address: 0x10011118)
  • UnmapViewOfFile (Address: 0x100110e0)
  • WaitForSingleObject (Address: 0x100110f0)
ole32.dll
  • CoTaskMemFree (Address: 0x100111b8)
OLEAUT32.dll
  • SetErrorInfo (Address: 0x10011124)
USER32.dll
  • LoadStringW (Address: 0x1001112c)
VERSION.dll
  • GetFileVersionInfoExW (Address: 0x1001113c)
  • GetFileVersionInfoSizeExW (Address: 0x10011134)
  • VerQueryValueW (Address: 0x10011138)