mfdetours.dll

Description: Media Foundation Detours Tracing DLL

Version: 1.1.0.1

Architecture: Unknown (0x1c4)

Operating System: Windows

SHA256: f4fc972d0cfb1146d3ef8eca6bf6c98d

File Size: 569.6 KB

Uploaded At: Dec. 3, 2025, 2:36 a.m.

Views: 6

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: WriteProcessMemory, VirtualAllocEx

Exported Functions

Shutdown (Ordinal: 1, Address: 0x4c3a1)
Startup (Ordinal: 2, Address: 0x4c511)
DllGetMFDebugHlp (Ordinal: 3, Address: 0x4de31)

Imported DLLs & Functions

api-ms-win-core-com-l1-1-0.dll

CoTaskMemAlloc (Address: 0x10081020)
CoTaskMemFree (Address: 0x1008102c)
PropVariantClear (Address: 0x10081028)
StringFromGUID2 (Address: 0x10081024)

api-ms-win-core-debug-l1-1-0.dll

DebugBreak (Address: 0x10081034)

api-ms-win-core-errorhandling-l1-1-0.dll

GetLastError (Address: 0x1008103c)
RaiseException (Address: 0x10081044)
SetLastError (Address: 0x10081040)

api-ms-win-core-handle-l1-1-0.dll

CloseHandle (Address: 0x1008104c)

api-ms-win-core-heap-l1-1-0.dll

GetProcessHeap (Address: 0x10081054)
HeapAlloc (Address: 0x1008105c)
HeapDestroy (Address: 0x10081060)
HeapFree (Address: 0x10081064)
HeapReAlloc (Address: 0x10081068)
HeapSize (Address: 0x10081058)

api-ms-win-core-interlocked-l1-1-0.dll

InitializeSListHead (Address: 0x10081070)

api-ms-win-core-libraryloader-l1-2-0.dll

DisableThreadLibraryCalls (Address: 0x10081078)
FindResourceExW (Address: 0x10081084)
FreeLibrary (Address: 0x10081098)
GetModuleFileNameA (Address: 0x1008108c)
GetModuleHandleExW (Address: 0x10081080)
GetModuleHandleW (Address: 0x10081094)
GetProcAddress (Address: 0x10081088)
LoadResource (Address: 0x10081090)
LockResource (Address: 0x1008107c)
SizeofResource (Address: 0x1008109c)

api-ms-win-core-libraryloader-l1-2-1.dll

LoadLibraryA (Address: 0x100810a4)

api-ms-win-core-memory-l1-1-0.dll

ReadProcessMemory (Address: 0x100810bc)
VirtualAlloc (Address: 0x100810c0)
VirtualAllocEx (Address: 0x100810ac)
VirtualFree (Address: 0x100810c8)
VirtualProtect (Address: 0x100810c4)
VirtualProtectEx (Address: 0x100810b0)
VirtualQuery (Address: 0x100810b4)
VirtualQueryEx (Address: 0x100810cc)
WriteProcessMemory (Address: 0x100810b8)

api-ms-win-core-processenvironment-l1-1-0.dll

GetEnvironmentVariableA (Address: 0x100810d8)
GetEnvironmentVariableW (Address: 0x100810dc)
SetEnvironmentVariableW (Address: 0x100810d4)

api-ms-win-core-processthreads-l1-1-0.dll

CreateProcessA (Address: 0x100810e8)
CreateProcessW (Address: 0x100810fc)
GetCurrentProcess (Address: 0x100810f0)
GetCurrentProcessId (Address: 0x100810f4)
GetCurrentThreadId (Address: 0x100810ec)
ResumeThread (Address: 0x100810e4)
TerminateProcess (Address: 0x100810f8)

api-ms-win-core-processthreads-l1-1-1.dll

FlushInstructionCache (Address: 0x1008110c)
GetThreadContext (Address: 0x10081110)
IsProcessorFeaturePresent (Address: 0x10081104)
SetThreadContext (Address: 0x10081108)

api-ms-win-core-profile-l1-1-0.dll

QueryPerformanceCounter (Address: 0x10081118)

api-ms-win-core-registry-l1-1-0.dll

RegGetValueA (Address: 0x10081124)
RegGetValueW (Address: 0x10081120)

api-ms-win-core-string-l1-1-0.dll

MultiByteToWideChar (Address: 0x10081130)
WideCharToMultiByte (Address: 0x1008112c)

api-ms-win-core-synch-l1-1-0.dll

AcquireSRWLockExclusive (Address: 0x10081144)
AcquireSRWLockShared (Address: 0x10081158)
DeleteCriticalSection (Address: 0x10081150)
EnterCriticalSection (Address: 0x1008114c)
InitializeCriticalSection (Address: 0x10081154)
InitializeSRWLock (Address: 0x10081140)
LeaveCriticalSection (Address: 0x10081148)
ReleaseSRWLockExclusive (Address: 0x10081138)
ReleaseSRWLockShared (Address: 0x1008113c)

api-ms-win-core-sysinfo-l1-1-0.dll

GetSystemTimeAsFileTime (Address: 0x10081160)

api-ms-win-crt-private-l1-1-0.dll

__C_specific_handler (Address: 0x100811a8)
__CxxFrameHandler3 (Address: 0x100811cc)
_o___std_type_info_destroy_list (Address: 0x100811c4)
_o___stdio_common_vsprintf (Address: 0x100811bc)
_o___stdio_common_vsprintf_s (Address: 0x100811b8)
_o___stdio_common_vswprintf (Address: 0x100811b4)
_o___stdio_common_vswprintf_s (Address: 0x100811b0)
_o__callnewh (Address: 0x100811d4)
_o__cexit (Address: 0x100811d0)
_o__configure_narrow_argv (Address: 0x100811c0)
_o__crt_atexit (Address: 0x100811ac)
_o__errno (Address: 0x10081168)
_o__execute_onexit_table (Address: 0x1008116c)
_o__gcvt_s (Address: 0x10081170)
_o__initialize_narrow_environment (Address: 0x10081174)
_o__initialize_onexit_table (Address: 0x10081178)
_o__invalid_parameter_noinfo (Address: 0x1008117c)
_o__mbsinc (Address: 0x10081180)
_o__recalloc (Address: 0x10081184)
_o__register_onexit_function (Address: 0x10081188)
_o__seh_filter_dll (Address: 0x1008118c)
_o__ultoa_s (Address: 0x10081190)
_o__wtoi (Address: 0x10081194)
_o_calloc (Address: 0x10081198)
_o_free (Address: 0x1008119c)
_o_malloc (Address: 0x100811a0)
_o_wmemcpy_s (Address: 0x100811a4)
memcmp (Address: 0x100811c8)
memcpy (Address: 0x100811dc)
memmove (Address: 0x100811d8)

api-ms-win-crt-runtime-l1-1-0.dll

_initterm (Address: 0x100811e4)
_initterm_e (Address: 0x100811e8)

api-ms-win-crt-string-l1-1-0.dll

memmove_s (Address: 0x100811f4)
memset (Address: 0x100811fc)
strcmp (Address: 0x10081200)
strlen (Address: 0x100811f8)
wcslen (Address: 0x100811f0)

api-ms-win-eventing-provider-l1-1-0.dll

EventRegister (Address: 0x10081208)
EventUnregister (Address: 0x1008120c)
EventWrite (Address: 0x10081210)

dbghelp.dll

ImagehlpApiVersionEx (Address: 0x10081220)
SymCleanup (Address: 0x10081238)
SymFromName (Address: 0x10081234)
SymGetModuleInfo64 (Address: 0x10081224)
SymGetOptions (Address: 0x1008121c)
SymInitialize (Address: 0x10081228)
SymLoadModuleEx (Address: 0x1008122c)
SymRegisterCallback64 (Address: 0x10081230)
SymSetOptions (Address: 0x10081218)

MF.dll

MFCreateMediaSession (Address: 0x10081000)
MFCreateTopology (Address: 0x10081008)
MFGetService (Address: 0x10081004)

MFPlat.DLL

MFCreateAttributes (Address: 0x10081010)
MFShutdown (Address: 0x10081014)
MFStartup (Address: 0x10081018)