mfdetours.dll

Description: Media Foundation Detours Tracing DLL

Authors: (c) Microsoft. All rights reserved.

Version: 1.1.0.1

Architecture: 64-bit

Operating System: Windows

SHA256: 53089d52d941e97d8ed821364ac68783

File Size: 701.6 KB

Uploaded At: Dec. 3, 2025, 2:37 a.m.

Views: 6

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: WriteProcessMemory, VirtualAllocEx

Exported Functions

  • Shutdown (Ordinal: 1, Address: 0x61c0)
  • Startup (Ordinal: 2, Address: 0x6390)
  • DllGetMFDebugHlp (Ordinal: 3, Address: 0x8bc0)

Imported DLLs & Functions

api-ms-win-core-com-l1-1-0.dll
  • CoTaskMemAlloc (Address: 0x180046050)
  • CoTaskMemFree (Address: 0x180046040)
  • PropVariantClear (Address: 0x180046058)
  • StringFromGUID2 (Address: 0x180046048)
api-ms-win-core-debug-l1-1-0.dll
  • DebugBreak (Address: 0x180046070)
  • IsDebuggerPresent (Address: 0x180046068)
api-ms-win-core-errorhandling-l1-1-0.dll
  • GetLastError (Address: 0x180046080)
  • RaiseException (Address: 0x1800460a0)
  • SetLastError (Address: 0x180046098)
  • SetUnhandledExceptionFilter (Address: 0x180046088)
  • UnhandledExceptionFilter (Address: 0x180046090)
api-ms-win-core-handle-l1-1-0.dll
  • CloseHandle (Address: 0x1800460b0)
api-ms-win-core-heap-l1-1-0.dll
  • GetProcessHeap (Address: 0x1800460d8)
  • HeapAlloc (Address: 0x1800460d0)
  • HeapDestroy (Address: 0x1800460e0)
  • HeapFree (Address: 0x1800460c0)
  • HeapReAlloc (Address: 0x1800460e8)
  • HeapSize (Address: 0x1800460c8)
api-ms-win-core-interlocked-l1-1-0.dll
  • InitializeSListHead (Address: 0x1800460f8)
api-ms-win-core-libraryloader-l1-2-0.dll
  • DisableThreadLibraryCalls (Address: 0x180046128)
  • FindResourceExW (Address: 0x180046130)
  • FreeLibrary (Address: 0x180046138)
  • GetModuleFileNameA (Address: 0x180046110)
  • GetModuleHandleExW (Address: 0x180046140)
  • GetModuleHandleW (Address: 0x180046150)
  • GetProcAddress (Address: 0x180046108)
  • LoadResource (Address: 0x180046148)
  • LockResource (Address: 0x180046120)
  • SizeofResource (Address: 0x180046118)
api-ms-win-core-libraryloader-l1-2-1.dll
  • LoadLibraryA (Address: 0x180046160)
api-ms-win-core-memory-l1-1-0.dll
  • ReadProcessMemory (Address: 0x180046178)
  • VirtualAlloc (Address: 0x180046190)
  • VirtualAllocEx (Address: 0x180046188)
  • VirtualFree (Address: 0x180046198)
  • VirtualProtect (Address: 0x180046180)
  • VirtualProtectEx (Address: 0x1800461a0)
  • VirtualQuery (Address: 0x1800461a8)
  • VirtualQueryEx (Address: 0x180046170)
  • WriteProcessMemory (Address: 0x1800461b0)
api-ms-win-core-processenvironment-l1-1-0.dll
  • GetEnvironmentVariableA (Address: 0x1800461c8)
  • GetEnvironmentVariableW (Address: 0x1800461d0)
  • SetEnvironmentVariableW (Address: 0x1800461c0)
api-ms-win-core-processthreads-l1-1-0.dll
  • CreateProcessA (Address: 0x1800461f8)
  • CreateProcessW (Address: 0x180046210)
  • GetCurrentProcess (Address: 0x1800461e0)
  • GetCurrentProcessId (Address: 0x180046200)
  • GetCurrentThreadId (Address: 0x1800461e8)
  • ResumeThread (Address: 0x1800461f0)
  • TerminateProcess (Address: 0x180046208)
api-ms-win-core-processthreads-l1-1-1.dll
  • FlushInstructionCache (Address: 0x180046220)
  • GetThreadContext (Address: 0x180046228)
  • IsProcessorFeaturePresent (Address: 0x180046230)
  • SetThreadContext (Address: 0x180046238)
api-ms-win-core-profile-l1-1-0.dll
  • QueryPerformanceCounter (Address: 0x180046248)
api-ms-win-core-registry-l1-1-0.dll
  • RegGetValueA (Address: 0x180046260)
  • RegGetValueW (Address: 0x180046258)
api-ms-win-core-rtlsupport-l1-1-0.dll
  • RtlCaptureContext (Address: 0x180046270)
  • RtlLookupFunctionEntry (Address: 0x180046280)
  • RtlVirtualUnwind (Address: 0x180046278)
api-ms-win-core-string-l1-1-0.dll
  • MultiByteToWideChar (Address: 0x180046290)
  • WideCharToMultiByte (Address: 0x180046298)
api-ms-win-core-synch-l1-1-0.dll
  • AcquireSRWLockExclusive (Address: 0x1800462e8)
  • AcquireSRWLockShared (Address: 0x1800462e0)
  • DeleteCriticalSection (Address: 0x1800462d0)
  • EnterCriticalSection (Address: 0x1800462c8)
  • InitializeCriticalSection (Address: 0x1800462d8)
  • InitializeSRWLock (Address: 0x1800462b0)
  • LeaveCriticalSection (Address: 0x1800462c0)
  • ReleaseSRWLockExclusive (Address: 0x1800462a8)
  • ReleaseSRWLockShared (Address: 0x1800462b8)
api-ms-win-core-sysinfo-l1-1-0.dll
  • GetSystemTimeAsFileTime (Address: 0x1800462f8)
api-ms-win-crt-private-l1-1-0.dll
  • __C_specific_handler (Address: 0x180046388)
  • __CxxFrameHandler3 (Address: 0x1800463c8)
  • _o___std_type_info_destroy_list (Address: 0x1800463c0)
  • _o___stdio_common_vsprintf (Address: 0x1800463b0)
  • _o___stdio_common_vsprintf_s (Address: 0x1800463a8)
  • _o___stdio_common_vswprintf (Address: 0x1800463a0)
  • _o___stdio_common_vswprintf_s (Address: 0x180046398)
  • _o__callnewh (Address: 0x1800463d8)
  • _o__cexit (Address: 0x1800463d0)
  • _o__configure_narrow_argv (Address: 0x1800463b8)
  • _o__crt_atexit (Address: 0x180046390)
  • _o__errno (Address: 0x180046308)
  • _o__execute_onexit_table (Address: 0x180046310)
  • _o__gcvt_s (Address: 0x180046318)
  • _o__initialize_narrow_environment (Address: 0x180046320)
  • _o__initialize_onexit_table (Address: 0x180046328)
  • _o__invalid_parameter_noinfo (Address: 0x180046330)
  • _o__mbsinc (Address: 0x180046338)
  • _o__recalloc (Address: 0x180046340)
  • _o__register_onexit_function (Address: 0x180046348)
  • _o__seh_filter_dll (Address: 0x180046350)
  • _o__ultoa_s (Address: 0x180046358)
  • _o__wtoi (Address: 0x180046360)
  • _o_calloc (Address: 0x180046368)
  • _o_free (Address: 0x180046370)
  • _o_malloc (Address: 0x180046378)
  • _o_wmemcpy_s (Address: 0x180046380)
  • memcpy (Address: 0x1800463e8)
  • memmove (Address: 0x1800463e0)
api-ms-win-crt-runtime-l1-1-0.dll
  • _initterm (Address: 0x180046400)
  • _initterm_e (Address: 0x1800463f8)
api-ms-win-crt-string-l1-1-0.dll
  • memset (Address: 0x180046410)
  • strcmp (Address: 0x180046418)
api-ms-win-eventing-provider-l1-1-0.dll
  • EventRegister (Address: 0x180046428)
  • EventUnregister (Address: 0x180046430)
  • EventWrite (Address: 0x180046438)
dbghelp.dll
  • ImagehlpApiVersionEx (Address: 0x180046458)
  • SymCleanup (Address: 0x180046488)
  • SymFromName (Address: 0x180046480)
  • SymGetModuleInfo64 (Address: 0x180046460)
  • SymGetOptions (Address: 0x180046450)
  • SymInitialize (Address: 0x180046468)
  • SymLoadModuleEx (Address: 0x180046470)
  • SymRegisterCallback64 (Address: 0x180046478)
  • SymSetOptions (Address: 0x180046448)
MF.dll
  • MFCreateMediaSession (Address: 0x180046010)
  • MFCreateTopology (Address: 0x180046000)
  • MFGetService (Address: 0x180046008)
MFPlat.DLL
  • MFCreateAttributes (Address: 0x180046020)
  • MFShutdown (Address: 0x180046028)
  • MFStartup (Address: 0x180046030)