mfdetours.dll

Description: Media Foundation Detours Tracing DLL

Authors: (c) Microsoft. All rights reserved.

Version: 1.1.0.1

Architecture: 64-bit

Operating System: Windows

SHA256: a9b3e231e71f0078b98557bf004e85a4

File Size: 702.4 KB

Uploaded At: Dec. 3, 2025, 2:38 a.m.

Views: 7

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: WriteProcessMemory, VirtualAllocEx

Exported Functions

  • Shutdown (Ordinal: 1, Address: 0x31b0)
  • Startup (Ordinal: 2, Address: 0x3380)
  • DllGetMFDebugHlp (Ordinal: 3, Address: 0x7eb0)

Imported DLLs & Functions

api-ms-win-core-com-l1-1-0.dll
  • CoTaskMemAlloc (Address: 0x180044058)
  • CoTaskMemFree (Address: 0x180044048)
  • PropVariantClear (Address: 0x180044050)
  • StringFromGUID2 (Address: 0x180044040)
api-ms-win-core-debug-l1-1-0.dll
  • DebugBreak (Address: 0x180044068)
  • IsDebuggerPresent (Address: 0x180044070)
api-ms-win-core-errorhandling-l1-1-0.dll
  • GetLastError (Address: 0x180044098)
  • RaiseException (Address: 0x180044088)
  • SetLastError (Address: 0x180044090)
  • SetUnhandledExceptionFilter (Address: 0x180044080)
  • UnhandledExceptionFilter (Address: 0x1800440a0)
api-ms-win-core-handle-l1-1-0.dll
  • CloseHandle (Address: 0x1800440b0)
api-ms-win-core-heap-l1-1-0.dll
  • GetProcessHeap (Address: 0x1800440d8)
  • HeapAlloc (Address: 0x1800440e0)
  • HeapDestroy (Address: 0x1800440c0)
  • HeapFree (Address: 0x1800440e8)
  • HeapReAlloc (Address: 0x1800440c8)
  • HeapSize (Address: 0x1800440d0)
api-ms-win-core-interlocked-l1-1-0.dll
  • InitializeSListHead (Address: 0x1800440f8)
api-ms-win-core-libraryloader-l1-2-0.dll
  • DisableThreadLibraryCalls (Address: 0x180044138)
  • FindResourceExW (Address: 0x180044130)
  • FreeLibrary (Address: 0x180044108)
  • GetModuleFileNameA (Address: 0x180044110)
  • GetModuleHandleExW (Address: 0x180044128)
  • GetModuleHandleW (Address: 0x180044150)
  • GetProcAddress (Address: 0x180044148)
  • LoadResource (Address: 0x180044118)
  • LockResource (Address: 0x180044140)
  • SizeofResource (Address: 0x180044120)
api-ms-win-core-libraryloader-l1-2-1.dll
  • LoadLibraryA (Address: 0x180044160)
api-ms-win-core-memory-l1-1-0.dll
  • ReadProcessMemory (Address: 0x1800441b0)
  • VirtualAlloc (Address: 0x1800441a0)
  • VirtualAllocEx (Address: 0x180044190)
  • VirtualFree (Address: 0x180044170)
  • VirtualProtect (Address: 0x180044180)
  • VirtualProtectEx (Address: 0x180044198)
  • VirtualQuery (Address: 0x180044178)
  • VirtualQueryEx (Address: 0x180044188)
  • WriteProcessMemory (Address: 0x1800441a8)
api-ms-win-core-processenvironment-l1-1-0.dll
  • GetEnvironmentVariableA (Address: 0x1800441c0)
  • GetEnvironmentVariableW (Address: 0x1800441d0)
  • SetEnvironmentVariableW (Address: 0x1800441c8)
api-ms-win-core-processthreads-l1-1-0.dll
  • CreateProcessA (Address: 0x1800441e0)
  • CreateProcessW (Address: 0x1800441e8)
  • GetCurrentProcess (Address: 0x180044208)
  • GetCurrentProcessId (Address: 0x1800441f0)
  • GetCurrentThreadId (Address: 0x1800441f8)
  • ResumeThread (Address: 0x180044210)
  • TerminateProcess (Address: 0x180044200)
api-ms-win-core-processthreads-l1-1-1.dll
  • FlushInstructionCache (Address: 0x180044230)
  • GetThreadContext (Address: 0x180044220)
  • IsProcessorFeaturePresent (Address: 0x180044238)
  • SetThreadContext (Address: 0x180044228)
api-ms-win-core-profile-l1-1-0.dll
  • QueryPerformanceCounter (Address: 0x180044248)
api-ms-win-core-registry-l1-1-0.dll
  • RegGetValueA (Address: 0x180044260)
  • RegGetValueW (Address: 0x180044258)
api-ms-win-core-rtlsupport-l1-1-0.dll
  • RtlCaptureContext (Address: 0x180044280)
  • RtlLookupFunctionEntry (Address: 0x180044278)
  • RtlVirtualUnwind (Address: 0x180044270)
api-ms-win-core-string-l1-1-0.dll
  • MultiByteToWideChar (Address: 0x180044290)
  • WideCharToMultiByte (Address: 0x180044298)
api-ms-win-core-synch-l1-1-0.dll
  • AcquireSRWLockExclusive (Address: 0x1800442c0)
  • AcquireSRWLockShared (Address: 0x1800442b0)
  • DeleteCriticalSection (Address: 0x1800442d8)
  • EnterCriticalSection (Address: 0x1800442d0)
  • InitializeCriticalSection (Address: 0x1800442e0)
  • InitializeSRWLock (Address: 0x1800442b8)
  • LeaveCriticalSection (Address: 0x1800442c8)
  • ReleaseSRWLockExclusive (Address: 0x1800442e8)
  • ReleaseSRWLockShared (Address: 0x1800442a8)
api-ms-win-core-sysinfo-l1-1-0.dll
  • GetSystemTimeAsFileTime (Address: 0x1800442f8)
api-ms-win-core-wow64-l1-1-0.dll
  • IsWow64Process (Address: 0x180044308)
api-ms-win-crt-private-l1-1-0.dll
  • __C_specific_handler (Address: 0x180044398)
  • _o___std_type_info_destroy_list (Address: 0x1800443c8)
  • _o___stdio_common_vsprintf (Address: 0x1800443b8)
  • _o___stdio_common_vsprintf_s (Address: 0x1800443b0)
  • _o___stdio_common_vswprintf (Address: 0x1800443a8)
  • _o___stdio_common_vswprintf_s (Address: 0x1800443a0)
  • _o__callnewh (Address: 0x1800443e0)
  • _o__cexit (Address: 0x1800443d8)
  • _o__configure_narrow_argv (Address: 0x1800443d0)
  • _o__crt_atexit (Address: 0x1800443c0)
  • _o__errno (Address: 0x180044318)
  • _o__execute_onexit_table (Address: 0x180044320)
  • _o__gcvt_s (Address: 0x180044328)
  • _o__initialize_narrow_environment (Address: 0x180044330)
  • _o__initialize_onexit_table (Address: 0x180044338)
  • _o__invalid_parameter_noinfo (Address: 0x180044340)
  • _o__mbsinc (Address: 0x180044348)
  • _o__recalloc (Address: 0x180044350)
  • _o__register_onexit_function (Address: 0x180044358)
  • _o__seh_filter_dll (Address: 0x180044360)
  • _o__ultoa_s (Address: 0x180044368)
  • _o__wtoi (Address: 0x180044370)
  • _o_calloc (Address: 0x180044378)
  • _o_free (Address: 0x180044380)
  • _o_malloc (Address: 0x180044388)
  • _o_wmemcpy_s (Address: 0x180044390)
  • memcpy (Address: 0x1800443f0)
  • memmove (Address: 0x1800443e8)
api-ms-win-crt-runtime-l1-1-0.dll
  • _initterm (Address: 0x180044408)
  • _initterm_e (Address: 0x180044400)
api-ms-win-crt-string-l1-1-0.dll
  • memset (Address: 0x180044418)
api-ms-win-eventing-provider-l1-1-0.dll
  • EventRegister (Address: 0x180044430)
  • EventUnregister (Address: 0x180044428)
  • EventWrite (Address: 0x180044438)
dbghelp.dll
  • ImagehlpApiVersionEx (Address: 0x180044448)
  • SymCleanup (Address: 0x180044460)
  • SymFromName (Address: 0x180044488)
  • SymGetModuleInfo64 (Address: 0x180044468)
  • SymGetOptions (Address: 0x180044458)
  • SymInitialize (Address: 0x180044470)
  • SymLoadModuleEx (Address: 0x180044478)
  • SymRegisterCallback64 (Address: 0x180044480)
  • SymSetOptions (Address: 0x180044450)
MF.dll
  • MFCreateMediaSession (Address: 0x180044000)
  • MFCreateTopology (Address: 0x180044010)
  • MFGetService (Address: 0x180044008)
MFPlat.DLL
  • MFCreateAttributes (Address: 0x180044028)
  • MFShutdown (Address: 0x180044020)
  • MFStartup (Address: 0x180044030)