mscordbi.dll

Description: Microsoft .NET Runtime Debugging Services

Authors: © Microsoft Corporation. All rights reserved.

Version: 5.0.1722.21314

Architecture: 32-bit

Operating System: Windows

SHA256: 785d392284dc4612dab5616acc53e26b

File Size: 966.9 KB

Uploaded At: Dec. 2, 2025, 2:43 p.m.

Views: 6

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: WriteProcessMemory, OpenProcess

Exported Functions

  • CoreCLRCreateCordbObject (Ordinal: 1, Address: 0x6f70)
  • CoreCLRCreateCordbObjectEx (Ordinal: 2, Address: 0x6e70)
  • CreateCordbObject (Ordinal: 3, Address: 0x6e30)
  • DllGetClassObjectInternal (Ordinal: 4, Address: 0x6f90)
  • OpenVirtualProcess2 (Ordinal: 5, Address: 0xbf70)
  • OpenVirtualProcess (Ordinal: 6, Address: 0xbfc0)
  • OpenVirtualProcessImpl2 (Ordinal: 7, Address: 0xbf20)
  • OpenVirtualProcessImpl (Ordinal: 8, Address: 0xbcd0)

Imported DLLs & Functions

ADVAPI32.dll
  • AdjustTokenPrivileges (Address: 0x100b6024)
  • GetSidSubAuthority (Address: 0x100b6004)
  • GetSidSubAuthorityCount (Address: 0x100b6000)
  • GetTokenInformation (Address: 0x100b6008)
  • LookupPrivilegeValueW (Address: 0x100b602c)
  • OpenProcessToken (Address: 0x100b6028)
  • OpenThreadToken (Address: 0x100b6014)
  • RegCloseKey (Address: 0x100b6020)
  • RegOpenKeyExW (Address: 0x100b601c)
  • RegQueryValueExW (Address: 0x100b6018)
  • RevertToSelf (Address: 0x100b6010)
  • SetThreadToken (Address: 0x100b600c)
api-ms-win-crt-convert-l1-1-0.dll
  • wcstoul (Address: 0x100b61b8)
api-ms-win-crt-filesystem-l1-1-0.dll
  • _wmakepath_s (Address: 0x100b61c0)
  • _wsplitpath_s (Address: 0x100b61c4)
api-ms-win-crt-heap-l1-1-0.dll
  • calloc (Address: 0x100b61d4)
  • free (Address: 0x100b61d0)
  • malloc (Address: 0x100b61cc)
api-ms-win-crt-runtime-l1-1-0.dll
  • _cexit (Address: 0x100b61e8)
  • _configure_narrow_argv (Address: 0x100b6200)
  • _errno (Address: 0x100b61e0)
  • _execute_onexit_table (Address: 0x100b61ec)
  • _initialize_narrow_environment (Address: 0x100b6204)
  • _initialize_onexit_table (Address: 0x100b6208)
  • _initterm (Address: 0x100b61f0)
  • _initterm_e (Address: 0x100b61f4)
  • _invalid_parameter_noinfo (Address: 0x100b61dc)
  • _seh_filter_dll (Address: 0x100b61fc)
  • abort (Address: 0x100b61e4)
  • terminate (Address: 0x100b61f8)
api-ms-win-crt-stdio-l1-1-0.dll
  • __acrt_iob_func (Address: 0x100b6214)
  • __stdio_common_vfprintf (Address: 0x100b621c)
  • __stdio_common_vsnprintf_s (Address: 0x100b6218)
  • __stdio_common_vsnwprintf_s (Address: 0x100b6210)
api-ms-win-crt-string-l1-1-0.dll
  • _wcsicmp (Address: 0x100b6228)
  • strcpy_s (Address: 0x100b6248)
  • strncmp (Address: 0x100b6224)
  • strncpy_s (Address: 0x100b6238)
  • wcscat_s (Address: 0x100b622c)
  • wcscpy_s (Address: 0x100b6230)
  • wcsncat_s (Address: 0x100b6240)
  • wcsncmp (Address: 0x100b623c)
  • wcsncpy_s (Address: 0x100b6244)
  • wcsnlen (Address: 0x100b6234)
api-ms-win-crt-utility-l1-1-0.dll
  • bsearch (Address: 0x100b6250)
  • qsort (Address: 0x100b6254)
KERNEL32.dll
  • CloseHandle (Address: 0x100b614c)
  • ContinueDebugEvent (Address: 0x100b60a0)
  • CreateEventW (Address: 0x100b606c)
  • CreateFileMappingW (Address: 0x100b6040)
  • CreateFileW (Address: 0x100b60ec)
  • CreateProcessW (Address: 0x100b6138)
  • CreateSemaphoreExW (Address: 0x100b6164)
  • CreateThread (Address: 0x100b6090)
  • DebugActiveProcess (Address: 0x100b60b4)
  • DebugActiveProcessStop (Address: 0x100b60b8)
  • DebugBreak (Address: 0x100b6118)
  • DeleteCriticalSection (Address: 0x100b6058)
  • DuplicateHandle (Address: 0x100b608c)
  • EncodePointer (Address: 0x100b617c)
  • EnterCriticalSection (Address: 0x100b6050)
  • FlushFileBuffers (Address: 0x100b6144)
  • FlushInstructionCache (Address: 0x100b607c)
  • FormatMessageW (Address: 0x100b6130)
  • FreeLibrary (Address: 0x100b60a4)
  • GetACP (Address: 0x100b6124)
  • GetCurrentProcess (Address: 0x100b6054)
  • GetCurrentProcessId (Address: 0x100b6148)
  • GetCurrentThread (Address: 0x100b6120)
  • GetCurrentThreadId (Address: 0x100b6078)
  • GetEnvironmentVariableW (Address: 0x100b60f4)
  • GetFileAttributesExW (Address: 0x100b60e8)
  • GetFileSize (Address: 0x100b603c)
  • GetFullPathNameW (Address: 0x100b60f8)
  • GetLastError (Address: 0x100b6150)
  • GetModuleFileNameW (Address: 0x100b60f0)
  • GetModuleHandleW (Address: 0x100b60ac)
  • GetProcAddress (Address: 0x100b6064)
  • GetProcessHeap (Address: 0x100b60d8)
  • GetSystemInfo (Address: 0x100b6110)
  • GetSystemTimeAsFileTime (Address: 0x100b6108)
  • GetThreadContext (Address: 0x100b6098)
  • HeapAlloc (Address: 0x100b60d0)
  • HeapCreate (Address: 0x100b60dc)
  • HeapFree (Address: 0x100b60d4)
  • InitializeCriticalSection (Address: 0x100b605c)
  • InitializeCriticalSectionAndSpinCount (Address: 0x100b6178)
  • InitializeSListHead (Address: 0x100b6188)
  • InterlockedFlushSList (Address: 0x100b6180)
  • IsDBCSLeadByte (Address: 0x100b612c)
  • IsDebuggerPresent (Address: 0x100b6114)
  • IsProcessorFeaturePresent (Address: 0x100b6190)
  • IsWow64Process (Address: 0x100b60c4)
  • LCMapStringEx (Address: 0x100b6128)
  • LeaveCriticalSection (Address: 0x100b604c)
  • LoadLibraryExW (Address: 0x100b60e4)
  • LoadLibraryW (Address: 0x100b6060)
  • LocalFree (Address: 0x100b6134)
  • MapViewOfFile (Address: 0x100b6044)
  • MultiByteToWideChar (Address: 0x100b6038)
  • OpenProcess (Address: 0x100b60c0)
  • OpenThread (Address: 0x100b6080)
  • QueryPerformanceCounter (Address: 0x100b618c)
  • RaiseException (Address: 0x100b610c)
  • ReadFile (Address: 0x100b615c)
  • ReadProcessMemory (Address: 0x100b60c8)
  • ReleaseSemaphore (Address: 0x100b6140)
  • ResetEvent (Address: 0x100b6074)
  • ResumeThread (Address: 0x100b6088)
  • RtlUnwind (Address: 0x100b6184)
  • SetEvent (Address: 0x100b6070)
  • SetFilePointer (Address: 0x100b613c)
  • SetLastError (Address: 0x100b60e0)
  • SetThreadContext (Address: 0x100b609c)
  • SetUnhandledExceptionFilter (Address: 0x100b6194)
  • Sleep (Address: 0x100b60b0)
  • SleepEx (Address: 0x100b60fc)
  • SuspendThread (Address: 0x100b6084)
  • SwitchToThread (Address: 0x100b611c)
  • TerminateProcess (Address: 0x100b6094)
  • TlsAlloc (Address: 0x100b6174)
  • TlsFree (Address: 0x100b6168)
  • TlsGetValue (Address: 0x100b6170)
  • TlsSetValue (Address: 0x100b616c)
  • UnhandledExceptionFilter (Address: 0x100b6198)
  • UnmapViewOfFile (Address: 0x100b6034)
  • VirtualAlloc (Address: 0x100b6100)
  • VirtualFree (Address: 0x100b6104)
  • VirtualQueryEx (Address: 0x100b60a8)
  • WaitForDebugEvent (Address: 0x100b60bc)
  • WaitForMultipleObjectsEx (Address: 0x100b6068)
  • WaitForSingleObject (Address: 0x100b6154)
  • WaitForSingleObjectEx (Address: 0x100b6160)
  • WideCharToMultiByte (Address: 0x100b6048)
  • WriteFile (Address: 0x100b6158)
  • WriteProcessMemory (Address: 0x100b60cc)
ole32.dll
  • CoCreateGuid (Address: 0x100b6264)
  • CoTaskMemAlloc (Address: 0x100b6268)
  • CoTaskMemFree (Address: 0x100b626c)
  • CreateStreamOnHGlobal (Address: 0x100b625c)
  • IIDFromString (Address: 0x100b6260)
OLEAUT32.dll
  • CreateErrorInfo (Address: 0x100b61a8)
  • SetErrorInfo (Address: 0x100b61a0)
  • VariantInit (Address: 0x100b61a4)
USER32.dll
  • LoadStringW (Address: 0x100b61b0)