mfdetours.dll

Description: Media Foundation Detours Tracing DLL

Version: 1.1.0.1

Architecture: 32-bit

Operating System: Windows

SHA256: 970a0cb6f289fa9aba5f882864fc0ac5

File Size: 527.8 KB

Uploaded At: Dec. 3, 2025, 2:38 a.m.

Views: 6

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: WriteProcessMemory, VirtualAllocEx

Exported Functions

Shutdown (Ordinal: 1, Address: 0x49a60)
Startup (Ordinal: 2, Address: 0x49bb0)
DllGetMFDebugHlp (Ordinal: 3, Address: 0x4df50)

Imported DLLs & Functions

api-ms-win-core-com-l1-1-0.dll

CoTaskMemAlloc (Address: 0x1007802c)
CoTaskMemFree (Address: 0x10078024)
PropVariantClear (Address: 0x10078028)
StringFromGUID2 (Address: 0x10078020)

api-ms-win-core-debug-l1-1-0.dll

DebugBreak (Address: 0x10078034)
IsDebuggerPresent (Address: 0x10078038)

api-ms-win-core-errorhandling-l1-1-0.dll

GetLastError (Address: 0x1007804c)
RaiseException (Address: 0x10078044)
SetLastError (Address: 0x10078048)
SetUnhandledExceptionFilter (Address: 0x10078040)
UnhandledExceptionFilter (Address: 0x10078050)

api-ms-win-core-handle-l1-1-0.dll

CloseHandle (Address: 0x10078058)

api-ms-win-core-heap-l1-1-0.dll

GetProcessHeap (Address: 0x1007806c)
HeapAlloc (Address: 0x10078070)
HeapDestroy (Address: 0x10078060)
HeapFree (Address: 0x10078074)
HeapReAlloc (Address: 0x10078064)
HeapSize (Address: 0x10078068)

api-ms-win-core-interlocked-l1-1-0.dll

InitializeSListHead (Address: 0x1007807c)

api-ms-win-core-libraryloader-l1-2-0.dll

DisableThreadLibraryCalls (Address: 0x1007809c)
FindResourceExW (Address: 0x10078098)
FreeLibrary (Address: 0x10078084)
GetModuleFileNameA (Address: 0x10078088)
GetModuleHandleExW (Address: 0x10078094)
GetModuleHandleW (Address: 0x100780a8)
GetProcAddress (Address: 0x100780a4)
LoadResource (Address: 0x1007808c)
LockResource (Address: 0x100780a0)
SizeofResource (Address: 0x10078090)

api-ms-win-core-libraryloader-l1-2-1.dll

LoadLibraryA (Address: 0x100780b0)

api-ms-win-core-memory-l1-1-0.dll

ReadProcessMemory (Address: 0x100780d8)
VirtualAlloc (Address: 0x100780d0)
VirtualAllocEx (Address: 0x100780c8)
VirtualFree (Address: 0x100780b8)
VirtualProtect (Address: 0x100780c0)
VirtualProtectEx (Address: 0x100780cc)
VirtualQuery (Address: 0x100780bc)
VirtualQueryEx (Address: 0x100780c4)
WriteProcessMemory (Address: 0x100780d4)

api-ms-win-core-processenvironment-l1-1-0.dll

GetEnvironmentVariableA (Address: 0x100780e0)
GetEnvironmentVariableW (Address: 0x100780e8)
SetEnvironmentVariableW (Address: 0x100780e4)

api-ms-win-core-processthreads-l1-1-0.dll

CreateProcessA (Address: 0x100780f0)
CreateProcessW (Address: 0x100780f4)
GetCurrentProcess (Address: 0x10078100)
GetCurrentProcessId (Address: 0x100780f8)
GetCurrentThreadId (Address: 0x100780fc)
ResumeThread (Address: 0x10078108)
TerminateProcess (Address: 0x10078104)

api-ms-win-core-processthreads-l1-1-1.dll

FlushInstructionCache (Address: 0x10078118)
GetThreadContext (Address: 0x10078110)
IsProcessorFeaturePresent (Address: 0x1007811c)
SetThreadContext (Address: 0x10078114)

api-ms-win-core-profile-l1-1-0.dll

QueryPerformanceCounter (Address: 0x10078124)

api-ms-win-core-registry-l1-1-0.dll

RegGetValueA (Address: 0x1007812c)
RegGetValueW (Address: 0x10078130)

api-ms-win-core-string-l1-1-0.dll

MultiByteToWideChar (Address: 0x1007813c)
WideCharToMultiByte (Address: 0x10078138)

api-ms-win-core-synch-l1-1-0.dll

AcquireSRWLockExclusive (Address: 0x10078164)
AcquireSRWLockShared (Address: 0x10078144)
DeleteCriticalSection (Address: 0x1007815c)
EnterCriticalSection (Address: 0x10078158)
InitializeCriticalSection (Address: 0x10078160)
InitializeSRWLock (Address: 0x10078148)
LeaveCriticalSection (Address: 0x10078154)
ReleaseSRWLockExclusive (Address: 0x10078150)
ReleaseSRWLockShared (Address: 0x1007814c)

api-ms-win-core-sysinfo-l1-1-0.dll

GetSystemTimeAsFileTime (Address: 0x1007816c)

api-ms-win-core-wow64-l1-1-0.dll

IsWow64Process (Address: 0x10078174)

api-ms-win-crt-private-l1-1-0.dll

_except_handler4_common (Address: 0x100781c4)
_o___std_type_info_destroy_list (Address: 0x100781e8)
_o___stdio_common_vsprintf (Address: 0x100781dc)
_o___stdio_common_vsprintf_s (Address: 0x100781d8)
_o___stdio_common_vswprintf (Address: 0x100781d4)
_o___stdio_common_vswprintf_s (Address: 0x100781d0)
_o__callnewh (Address: 0x100781cc)
_o__cexit (Address: 0x100781c8)
_o__configure_narrow_argv (Address: 0x1007817c)
_o__crt_atexit (Address: 0x10078180)
_o__errno (Address: 0x10078184)
_o__execute_onexit_table (Address: 0x10078188)
_o__gcvt_s (Address: 0x1007818c)
_o__initialize_narrow_environment (Address: 0x10078190)
_o__initialize_onexit_table (Address: 0x10078194)
_o__invalid_parameter_noinfo (Address: 0x10078198)
_o__mbsinc (Address: 0x1007819c)
_o__recalloc (Address: 0x100781a0)
_o__register_onexit_function (Address: 0x100781a4)
_o__seh_filter_dll (Address: 0x100781a8)
_o__ultoa_s (Address: 0x100781ac)
_o__wtoi (Address: 0x100781b0)
_o_calloc (Address: 0x100781b4)
_o_free (Address: 0x100781b8)
_o_malloc (Address: 0x100781bc)
_o_wmemcpy_s (Address: 0x100781c0)
memcpy (Address: 0x100781e4)
memmove (Address: 0x100781e0)

api-ms-win-crt-runtime-l1-1-0.dll

_initterm (Address: 0x100781f4)
_initterm_e (Address: 0x100781f0)

api-ms-win-crt-string-l1-1-0.dll

memmove_s (Address: 0x10078200)
memset (Address: 0x100781fc)

api-ms-win-eventing-provider-l1-1-0.dll

EventRegister (Address: 0x1007820c)
EventUnregister (Address: 0x10078208)
EventWrite (Address: 0x10078210)

dbghelp.dll

ImagehlpApiVersionEx (Address: 0x10078218)
SymCleanup (Address: 0x10078224)
SymFromName (Address: 0x10078238)
SymGetModuleInfo64 (Address: 0x10078228)
SymGetOptions (Address: 0x10078220)
SymInitialize (Address: 0x1007822c)
SymLoadModuleEx (Address: 0x10078230)
SymRegisterCallback64 (Address: 0x10078234)
SymSetOptions (Address: 0x1007821c)

MF.dll

MFCreateMediaSession (Address: 0x10078000)
MFCreateTopology (Address: 0x10078008)
MFGetService (Address: 0x10078004)

MFPlat.DLL

MFCreateAttributes (Address: 0x10078014)
MFShutdown (Address: 0x10078010)
MFStartup (Address: 0x10078018)