dbghelp.dll
Description: Windows Image Helper
Authors: © Microsoft Corporation. All rights reserved.
Version: 6.3.11.3
Architecture: 32-bit
Operating System: Windows NT
SHA256: c33e7ecbf0903fa279dd7ec6b0395e33
File Size: 873.5 KB
Uploaded At: Dec. 3, 2025, 2:34 a.m.
Views: 9
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- DirTree (Ordinal: 1, Address: 0x35540)
- DbgHelpCreateUserDump (Ordinal: 2, Address: 0x41b50)
- DbgHelpCreateUserDumpW (Ordinal: 3, Address: 0x41c40)
- EnumDirTree (Ordinal: 4, Address: 0x34c20)
- EnumDirTreeW (Ordinal: 5, Address: 0x35580)
- EnumerateLoadedModules64 (Ordinal: 6, Address: 0x2fc20)
- EnumerateLoadedModules (Ordinal: 7, Address: 0x2fb60)
- ExtensionApiVersion (Ordinal: 8, Address: 0x1f980)
- FindDebugInfoFile (Ordinal: 9, Address: 0x33e70)
- FindDebugInfoFileEx (Ordinal: 10, Address: 0x34b60)
- FindExecutableImage (Ordinal: 11, Address: 0x33170)
- FindExecutableImageEx (Ordinal: 12, Address: 0x33d60)
- FindExecutableImageExW (Ordinal: 13, Address: 0x33e30)
- FindFileInPath (Ordinal: 14, Address: 0x33090)
- FindFileInSearchPath (Ordinal: 15, Address: 0x330c0)
- GetTimestampForLoadedLibrary (Ordinal: 16, Address: 0x25220)
- ImageDirectoryEntryToData (Ordinal: 17, Address: 0x24da0)
- ImageDirectoryEntryToDataEx (Ordinal: 18, Address: 0x24ca0)
- ImageNtHeader (Ordinal: 19, Address: 0x24990)
- ImageRvaToSection (Ordinal: 20, Address: 0x5e5d0)
- ImageRvaToVa (Ordinal: 21, Address: 0x24dc0)
- ImagehlpApiVersion (Ordinal: 22, Address: 0x35e60)
- ImagehlpApiVersionEx (Ordinal: 23, Address: 0x35e70)
- MakeSureDirectoryPathExists (Ordinal: 24, Address: 0x35bc0)
- MapDebugInformation (Ordinal: 25, Address: 0x32210)
- MiniDumpReadDumpStream (Ordinal: 26, Address: 0x57ad0)
- MiniDumpWriteDump (Ordinal: 27, Address: 0x578b0)
- SearchTreeForFile (Ordinal: 28, Address: 0x35a90)
- SearchTreeForFileW (Ordinal: 29, Address: 0x35ab0)
- StackWalk64 (Ordinal: 30, Address: 0x43fe0)
- StackWalk (Ordinal: 31, Address: 0x43db0)
- SymAddSymbol (Ordinal: 32, Address: 0x306c0)
- SymAddSymbolW (Ordinal: 33, Address: 0x30560)
- SymCleanup (Ordinal: 34, Address: 0x2b490)
- SymDeleteSymbol (Ordinal: 35, Address: 0x30840)
- SymDeleteSymbolW (Ordinal: 36, Address: 0x30710)
- SymEnumLines (Ordinal: 37, Address: 0x2d3c0)
- SymEnumLinesW (Ordinal: 38, Address: 0x2d450)
- SymEnumSourceFiles (Ordinal: 39, Address: 0x31be0)
- SymEnumSourceFilesW (Ordinal: 40, Address: 0x31c50)
- SymEnumSym (Ordinal: 41, Address: 0x31690)
- SymEnumSymbols (Ordinal: 42, Address: 0x30bc0)
- SymEnumSymbolsForAddr (Ordinal: 43, Address: 0x313b0)
- SymEnumSymbolsForAddrW (Ordinal: 44, Address: 0x31520)
- SymEnumSymbolsW (Ordinal: 45, Address: 0x30c30)
- SymEnumTypes (Ordinal: 46, Address: 0x31780)
- SymEnumTypesW (Ordinal: 47, Address: 0x317d0)
- SymEnumerateModules64 (Ordinal: 48, Address: 0x2c080)
- SymEnumerateModules (Ordinal: 49, Address: 0x2c040)
- SymEnumerateModulesW64 (Ordinal: 50, Address: 0x2c0c0)
- SymEnumerateSymbols64 (Ordinal: 51, Address: 0x2c370)
- SymEnumerateSymbols (Ordinal: 52, Address: 0x2c2d0)
- SymEnumerateSymbolsW64 (Ordinal: 53, Address: 0x2c3d0)
- SymEnumerateSymbolsW (Ordinal: 54, Address: 0x2c320)
- SymFindFileInPath (Ordinal: 55, Address: 0x32f90)
- SymFindFileInPathW (Ordinal: 56, Address: 0x33040)
- SymFromAddr (Ordinal: 57, Address: 0x30890)
- SymFromAddrW (Ordinal: 58, Address: 0x308f0)
- SymFromIndex (Ordinal: 59, Address: 0x31120)
- SymFromIndexW (Ordinal: 60, Address: 0x31190)
- SymFromName (Ordinal: 61, Address: 0x30b20)
- SymFromNameW (Ordinal: 62, Address: 0x30b80)
- SymFromToken (Ordinal: 63, Address: 0x30950)
- SymFromTokenW (Ordinal: 64, Address: 0x309d0)
- SymFunctionTableAccess64 (Ordinal: 65, Address: 0x2e7e0)
- SymFunctionTableAccess (Ordinal: 66, Address: 0x2e7c0)
- SymGetFileLineOffsets64 (Ordinal: 67, Address: 0x26930)
- SymGetHomeDirectory (Ordinal: 68, Address: 0x2bb10)
- SymGetHomeDirectoryW (Ordinal: 69, Address: 0x2ba60)
- SymGetLineFromAddr64 (Ordinal: 70, Address: 0x2d4a0)
- SymGetLineFromAddr (Ordinal: 71, Address: 0x2d720)
- SymGetLineFromAddrW64 (Ordinal: 72, Address: 0x2d530)
- SymGetLineFromName64 (Ordinal: 73, Address: 0x2de40)
- SymGetLineFromName (Ordinal: 74, Address: 0x2ded0)
- SymGetLineFromNameW64 (Ordinal: 75, Address: 0x2d770)
- SymGetLineNext64 (Ordinal: 76, Address: 0x2e1b0)
- SymGetLineNext (Ordinal: 77, Address: 0x2e220)
- SymGetLineNextW64 (Ordinal: 78, Address: 0x2e200)
- SymGetLinePrev64 (Ordinal: 79, Address: 0x2e280)
- SymGetLinePrev (Ordinal: 80, Address: 0x2e2f0)
- SymGetLinePrevW64 (Ordinal: 81, Address: 0x2e2d0)
- SymGetModuleBase64 (Ordinal: 82, Address: 0x2f040)
- SymGetModuleBase (Ordinal: 83, Address: 0x2f140)
- SymGetModuleInfo64 (Ordinal: 84, Address: 0x2eab0)
- SymGetModuleInfo (Ordinal: 85, Address: 0x2ef90)
- SymGetModuleInfoW64 (Ordinal: 86, Address: 0x2eb30)
- SymGetModuleInfoW (Ordinal: 87, Address: 0x2ef00)
- SymGetOptions (Ordinal: 88, Address: 0x2bd00)
- SymGetScope (Ordinal: 89, Address: 0x30f10)
- SymGetScopeW (Ordinal: 90, Address: 0x30f90)
- SymGetSearchPath (Ordinal: 91, Address: 0x2f720)
- SymGetSearchPathW (Ordinal: 92, Address: 0x2f780)
- SymGetSourceFile (Ordinal: 93, Address: 0x2cee0)
- SymGetSourceFileFromToken (Ordinal: 94, Address: 0x2d050)
- SymGetSourceFileFromTokenW (Ordinal: 95, Address: 0x2d0e0)
- SymGetSourceFileToken (Ordinal: 96, Address: 0x2cf50)
- SymGetSourceFileTokenW (Ordinal: 97, Address: 0x2cfa0)
- SymGetSourceVarFromToken (Ordinal: 98, Address: 0x2d140)
- SymGetSourceVarFromTokenW (Ordinal: 99, Address: 0x2d1e0)
- SymGetSymFromAddr64 (Ordinal: 100, Address: 0x2c570)
- SymGetSymFromAddr (Ordinal: 101, Address: 0x2c5b0)
- SymGetSymFromName64 (Ordinal: 102, Address: 0x2c910)
- SymGetSymFromName (Ordinal: 103, Address: 0x2c970)
- SymGetSymNext64 (Ordinal: 104, Address: 0x2cc10)
- SymGetSymNext (Ordinal: 105, Address: 0x2cb10)
- SymGetSymPrev64 (Ordinal: 106, Address: 0x2cca0)
- SymGetSymPrev (Ordinal: 107, Address: 0x2cc30)
- SymGetSymbolFile (Ordinal: 108, Address: 0x41860)
- SymGetSymbolFileW (Ordinal: 109, Address: 0x413c0)
- SymGetTypeFromName (Ordinal: 110, Address: 0x31820)
- SymGetTypeFromNameW (Ordinal: 111, Address: 0x318b0)
- SymGetTypeInfo (Ordinal: 112, Address: 0x31ff0)
- SymGetTypeInfoEx (Ordinal: 113, Address: 0x32030)
- SymInitialize (Ordinal: 114, Address: 0x2b2a0)
- SymInitializeW (Ordinal: 115, Address: 0x2af20)
- SymLoadModule64 (Ordinal: 116, Address: 0x2f4c0)
- SymLoadModule (Ordinal: 117, Address: 0x2f4f0)
- SymLoadModuleEx (Ordinal: 118, Address: 0x2f310)
- SymLoadModuleExW (Ordinal: 119, Address: 0x2f3f0)
- SymMatchFileName (Ordinal: 120, Address: 0x2e350)
- SymMatchFileNameW (Ordinal: 121, Address: 0x2e490)
- SymMatchString (Ordinal: 122, Address: 0x31a50)
- SymMatchStringW (Ordinal: 123, Address: 0x31a70)
- SymNext (Ordinal: 124, Address: 0x2c9d0)
- SymNextW (Ordinal: 125, Address: 0x2ca50)
- SymPrev (Ordinal: 126, Address: 0x2ca70)
- SymPrevW (Ordinal: 127, Address: 0x2caf0)
- SymRegisterCallback64 (Ordinal: 128, Address: 0x2fde0)
- SymRegisterCallback (Ordinal: 129, Address: 0x2fce0)
- SymRegisterCallbackW64 (Ordinal: 130, Address: 0x2fee0)
- SymRegisterFunctionEntryCallback64 (Ordinal: 131, Address: 0x2e6d0)
- SymRegisterFunctionEntryCallback (Ordinal: 132, Address: 0x2e5e0)
- SymSearch (Ordinal: 133, Address: 0x30e40)
- SymSearchW (Ordinal: 134, Address: 0x30eb0)
- SymSetContext (Ordinal: 135, Address: 0x2bd10)
- SymSetHomeDirectory (Ordinal: 136, Address: 0x2b9f0)
- SymSetOptions (Ordinal: 137, Address: 0x2bb70)
- SymSetParentWindow (Ordinal: 138, Address: 0x2b510)
- SymSetSearchPath (Ordinal: 139, Address: 0x2f850)
- SymSetSearchPathW (Ordinal: 140, Address: 0x2f890)
- SymSrvDeltaName (Ordinal: 141, Address: 0x40b20)
- SymSrvDeltaNameW (Ordinal: 142, Address: 0x40940)
- SymSrvGetFileIndexString (Ordinal: 143, Address: 0x410b0)
- SymSrvGetFileIndexStringW (Ordinal: 144, Address: 0x41010)
- SymSrvGetFileIndexes (Ordinal: 145, Address: 0x40fd0)
- SymSrvGetFileIndexesW (Ordinal: 146, Address: 0x40f20)
- SymSrvGetSupplement (Ordinal: 147, Address: 0x40d00)
- SymSrvGetSupplementW (Ordinal: 148, Address: 0x40bd0)
- SymSrvIsStore (Ordinal: 149, Address: 0x40900)
- SymSrvIsStoreW (Ordinal: 150, Address: 0x40830)
- SymSrvStoreFile (Ordinal: 151, Address: 0x411e0)
- SymSrvStoreFileW (Ordinal: 152, Address: 0x41140)
- SymSrvStoreSupplement (Ordinal: 153, Address: 0x40e80)
- SymSrvStoreSupplementW (Ordinal: 154, Address: 0x40d90)
- SymUnDName64 (Ordinal: 155, Address: 0x2f620)
- SymUnDName (Ordinal: 156, Address: 0x2f520)
- SymUnloadModule64 (Ordinal: 157, Address: 0x2f160)
- SymUnloadModule (Ordinal: 158, Address: 0x2f2f0)
- UnDecorateSymbolName (Ordinal: 159, Address: 0x32090)
- UnDecorateSymbolNameW (Ordinal: 160, Address: 0x32180)
- UnmapDebugInformation (Ordinal: 161, Address: 0x324c0)
- WinDbgExtensionDllInit (Ordinal: 162, Address: 0x1f990)
- dbghelp (Ordinal: 163, Address: 0x2bdb0)
- dh (Ordinal: 164, Address: 0x21d90)
- fptr (Ordinal: 165, Address: 0x1fb70)
- lmi (Ordinal: 166, Address: 0x20250)
- lminfo (Ordinal: 167, Address: 0x1ffc0)
- omap (Ordinal: 168, Address: 0x20520)
- srcfiles (Ordinal: 169, Address: 0x207e0)
- stackdbg (Ordinal: 170, Address: 0x1fc30)
- sym (Ordinal: 171, Address: 0x1fd30)
- symsrv (Ordinal: 172, Address: 0x1fe90)
- vc7fpo (Ordinal: 173, Address: 0x1fbe0)
Imported DLLs & Functions
ADVAPI32.dll
- CryptAcquireContextA (Address: 0x2801018)
- CryptGenRandom (Address: 0x2801014)
- CryptReleaseContext (Address: 0x2801010)
- RegCloseKey (Address: 0x280100c)
- RegEnumKeyExW (Address: 0x2801008)
- RegOpenKeyExA (Address: 0x2801024)
- RegOpenKeyExW (Address: 0x2801000)
- RegQueryInfoKeyW (Address: 0x2801004)
- RegQueryValueExA (Address: 0x2801020)
- RegQueryValueExW (Address: 0x280101c)
KERNEL32.dll
- CloseHandle (Address: 0x2801198)
- CopyFileA (Address: 0x280111c)
- CopyFileW (Address: 0x2801124)
- CreateDirectoryA (Address: 0x280106c)
- CreateDirectoryW (Address: 0x280103c)
- CreateFileA (Address: 0x280118c)
- CreateFileMappingA (Address: 0x2801080)
- CreateFileMappingW (Address: 0x2801108)
- CreateFileW (Address: 0x2801038)
- CreateThread (Address: 0x2801150)
- DebugBreak (Address: 0x28010a8)
- DeleteCriticalSection (Address: 0x2801178)
- DeleteFileA (Address: 0x2801140)
- DeleteFileW (Address: 0x2801034)
- DeviceIoControl (Address: 0x280110c)
- DuplicateHandle (Address: 0x2801078)
- EnterCriticalSection (Address: 0x280119c)
- ExpandEnvironmentStringsA (Address: 0x280113c)
- ExpandEnvironmentStringsW (Address: 0x2801138)
- FindClose (Address: 0x2801060)
- FindFirstFileA (Address: 0x2801068)
- FindFirstFileW (Address: 0x28011ac)
- FindNextFileA (Address: 0x2801064)
- FindNextFileW (Address: 0x28011b0)
- FlushViewOfFile (Address: 0x28010fc)
- FormatMessageA (Address: 0x2801148)
- FormatMessageW (Address: 0x2801144)
- FreeLibrary (Address: 0x28011b4)
- GetCurrentProcess (Address: 0x280104c)
- GetCurrentProcessId (Address: 0x280108c)
- GetCurrentThreadId (Address: 0x28010bc)
- GetEnvironmentVariableW (Address: 0x280102c)
- GetFileAttributesA (Address: 0x28010a4)
- GetFileAttributesW (Address: 0x2801058)
- GetFileSize (Address: 0x2801190)
- GetFileType (Address: 0x2801104)
- GetFullPathNameW (Address: 0x2801054)
- GetLastError (Address: 0x2801188)
- GetModuleFileNameW (Address: 0x2801040)
- GetModuleHandleA (Address: 0x2801084)
- GetPriorityClass (Address: 0x28010f8)
- GetProcAddress (Address: 0x2801030)
- GetSystemDirectoryW (Address: 0x28010ac)
- GetSystemInfo (Address: 0x280116c)
- GetSystemTimeAsFileTime (Address: 0x28010cc)
- GetThreadContext (Address: 0x280115c)
- GetThreadPriority (Address: 0x2801154)
- GetThreadSelectorEntry (Address: 0x280114c)
- GetThreadTimes (Address: 0x2801158)
- GetTickCount (Address: 0x28010b8)
- GetVersionExA (Address: 0x28010f0)
- GetVersionExW (Address: 0x2801168)
- HeapAlloc (Address: 0x28010dc)
- HeapCreate (Address: 0x2801174)
- HeapDestroy (Address: 0x280117c)
- HeapFree (Address: 0x28010d8)
- HeapReAlloc (Address: 0x28010e0)
- InitializeCriticalSection (Address: 0x2801170)
- InitializeCriticalSectionAndSpinCount (Address: 0x2801110)
- InterlockedDecrement (Address: 0x2801130)
- InterlockedIncrement (Address: 0x280112c)
- IsDBCSLeadByte (Address: 0x28010d4)
- LCMapStringA (Address: 0x2801118)
- LCMapStringW (Address: 0x2801114)
- LeaveCriticalSection (Address: 0x28011a0)
- LoadLibraryA (Address: 0x28011b8)
- LoadLibraryW (Address: 0x28010b0)
- LocalAlloc (Address: 0x28011a4)
- LocalFree (Address: 0x28010e8)
- MapViewOfFile (Address: 0x280107c)
- MapViewOfFileEx (Address: 0x2801100)
- MultiByteToWideChar (Address: 0x2801044)
- OpenProcess (Address: 0x2801088)
- OutputDebugStringA (Address: 0x28010d0)
- OutputDebugStringW (Address: 0x2801094)
- QueryPerformanceCounter (Address: 0x28010b4)
- ReadFile (Address: 0x2801194)
- ReadProcessMemory (Address: 0x2801098)
- ResumeThread (Address: 0x2801160)
- SetErrorMode (Address: 0x28010a0)
- SetFileAttributesA (Address: 0x2801120)
- SetFileAttributesW (Address: 0x2801128)
- SetFilePointer (Address: 0x280105c)
- SetLastError (Address: 0x28011a8)
- SetUnhandledExceptionFilter (Address: 0x28010c8)
- Sleep (Address: 0x2801134)
- SuspendThread (Address: 0x2801164)
- TerminateProcess (Address: 0x28010c0)
- TerminateThread (Address: 0x28011bc)
- TlsAlloc (Address: 0x28010ec)
- TlsFree (Address: 0x28010e4)
- TlsGetValue (Address: 0x2801180)
- TlsSetValue (Address: 0x2801184)
- UnhandledExceptionFilter (Address: 0x28010c4)
- UnmapViewOfFile (Address: 0x2801050)
- VirtualAlloc (Address: 0x2801074)
- VirtualFree (Address: 0x2801090)
- VirtualProtect (Address: 0x2801070)
- VirtualQueryEx (Address: 0x28010f4)
- WideCharToMultiByte (Address: 0x2801048)
- WriteFile (Address: 0x280109c)
msvcrt.dll
- __CxxFrameHandler (Address: 0x2801254)
- __dllonexit (Address: 0x28011d0)
- __unDName (Address: 0x280125c)
- _access (Address: 0x28012a8)
- _adjust_fdiv (Address: 0x28011d4)
- _chsize (Address: 0x28012c4)
- _close (Address: 0x280121c)
- _CxxThrowException (Address: 0x2801260)
- _except_handler3 (Address: 0x28012fc)
- _fsopen (Address: 0x28012b0)
- _fullpath (Address: 0x2801298)
- _get_osfhandle (Address: 0x28012b8)
- _initterm (Address: 0x28011d8)
- _itoa (Address: 0x28011fc)
- _lseeki64 (Address: 0x28012c0)
- _ltoa (Address: 0x2801230)
- _mbscmp (Address: 0x28012dc)
- _mbsicmp (Address: 0x28012a0)
- _memicmp (Address: 0x28012e0)
- _onexit (Address: 0x28011cc)
- _open_osfhandle (Address: 0x28012c8)
- _osver (Address: 0x280127c)
- _purecall (Address: 0x280123c)
- _read (Address: 0x28012bc)
- _snprintf (Address: 0x2801280)
- _snwprintf (Address: 0x2801268)
- _sopen (Address: 0x28012d0)
- _splitpath (Address: 0x28012a4)
- _stricmp (Address: 0x2801238)
- _strlwr (Address: 0x28012ec)
- _vsnprintf (Address: 0x2801240)
- _vsnwprintf (Address: 0x28012f8)
- _wcsdup (Address: 0x28012ac)
- _wcsicmp (Address: 0x280120c)
- _wcslwr (Address: 0x2801218)
- _wcsnicmp (Address: 0x2801234)
- _wfopen (Address: 0x2801274)
- _wfsopen (Address: 0x28012b4)
- _wfullpath (Address: 0x280129c)
- _wgetenv (Address: 0x28012d8)
- _winmajor (Address: 0x2801294)
- _winminor (Address: 0x2801290)
- _wmakepath (Address: 0x280128c)
- _wopen (Address: 0x2801220)
- _write (Address: 0x2801200)
- _wsopen (Address: 0x28012cc)
- _wsplitpath (Address: 0x2801318)
- ??1type_info@@UAE@XZ (Address: 0x28012e4)
- ??2@YAPAXI@Z (Address: 0x280131c)
- ??3@YAXPAX@Z (Address: 0x2801314)
- ?terminate@@YAXXZ (Address: 0x28012e8)
- atol (Address: 0x2801250)
- bsearch (Address: 0x2801264)
- calloc (Address: 0x28011f0)
- ctime (Address: 0x2801248)
- fclose (Address: 0x2801258)
- fopen (Address: 0x2801278)
- fread (Address: 0x280126c)
- free (Address: 0x28012f0)
- fseek (Address: 0x2801270)
- ftell (Address: 0x28012d4)
- isspace (Address: 0x2801244)
- iswprint (Address: 0x28011e4)
- iswspace (Address: 0x28011ec)
- iswxdigit (Address: 0x2801310)
- malloc (Address: 0x280124c)
- memmove (Address: 0x28011e8)
- qsort (Address: 0x2801300)
- realloc (Address: 0x28011dc)
- sprintf (Address: 0x28011e0)
- strchr (Address: 0x2801208)
- strncat (Address: 0x28011f8)
- strncmp (Address: 0x280122c)
- strncpy (Address: 0x2801204)
- strstr (Address: 0x28012f4)
- time (Address: 0x2801224)
- tolower (Address: 0x2801214)
- towlower (Address: 0x2801210)
- wcschr (Address: 0x2801304)
- wcsncat (Address: 0x28011f4)
- wcsncmp (Address: 0x280130c)
- wcsncpy (Address: 0x2801228)
- wcsrchr (Address: 0x2801288)
- wcsstr (Address: 0x2801308)
- wcstol (Address: 0x2801284)
RPCRT4.dll
- UuidCreate (Address: 0x28011c4)