dbgshim.dll
Description: Microsoft .NET Runtime Multi-CLR Debugging Helper
Authors: © Microsoft Corporation. All rights reserved.
Version: 6.0.2724.6912
Architecture: 64-bit
Operating System: Windows
SHA256: f26c7e46cff606bdb7877ca7f2bb308a
File Size: 137.3 KB
Uploaded At: Dec. 3, 2025, 2:41 a.m.
Views: 7
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- CLRCreateInstance (Ordinal: 1, Address: 0x3c10)
- CloseCLREnumeration (Ordinal: 2, Address: 0x2fa0)
- CloseResumeHandle (Ordinal: 3, Address: 0x15a0)
- CreateDebuggingInterfaceFromVersion (Ordinal: 4, Address: 0x3a30)
- CreateDebuggingInterfaceFromVersion2 (Ordinal: 5, Address: 0x3460)
- CreateDebuggingInterfaceFromVersionEx (Ordinal: 6, Address: 0x3450)
- CreateProcessForLaunch (Ordinal: 7, Address: 0x1470)
- CreateVersionStringFromModule (Ordinal: 8, Address: 0x31d0)
- EnumerateCLRs (Ordinal: 9, Address: 0x2ce0)
- GetStartupNotificationEvent (Ordinal: 10, Address: 0x1e10)
- RegisterForRuntimeStartup (Ordinal: 11, Address: 0x1990)
- RegisterForRuntimeStartupEx (Ordinal: 12, Address: 0x1b20)
- ResumeProcess (Ordinal: 13, Address: 0x1570)
- UnregisterForRuntimeStartup (Ordinal: 14, Address: 0x1cb0)
Imported DLLs & Functions
ADVAPI32.dll
- AddAccessAllowedAce (Address: 0x180017048)
- CopySid (Address: 0x180017008)
- GetLengthSid (Address: 0x180017000)
- GetSidSubAuthority (Address: 0x180017020)
- GetSidSubAuthorityCount (Address: 0x180017018)
- GetTokenInformation (Address: 0x180017028)
- InitializeAcl (Address: 0x180017050)
- InitializeSecurityDescriptor (Address: 0x180017040)
- OpenProcessToken (Address: 0x180017030)
- SetSecurityDescriptorDacl (Address: 0x180017038)
- SetSecurityDescriptorSacl (Address: 0x180017010)
api-ms-win-crt-heap-l1-1-0.dll
- calloc (Address: 0x1800172b0)
- free (Address: 0x1800172a0)
- malloc (Address: 0x1800172a8)
api-ms-win-crt-runtime-l1-1-0.dll
- _cexit (Address: 0x180017318)
- _configure_narrow_argv (Address: 0x1800172e8)
- _crt_atexit (Address: 0x180017310)
- _errno (Address: 0x1800172c0)
- _execute_onexit_table (Address: 0x180017308)
- _initialize_narrow_environment (Address: 0x1800172f0)
- _initialize_onexit_table (Address: 0x1800172f8)
- _initterm (Address: 0x1800172d0)
- _initterm_e (Address: 0x1800172d8)
- _register_onexit_function (Address: 0x180017300)
- _seh_filter_dll (Address: 0x1800172e0)
- abort (Address: 0x1800172c8)
- terminate (Address: 0x180017320)
api-ms-win-crt-stdio-l1-1-0.dll
- __stdio_common_vsnprintf_s (Address: 0x180017338)
- __stdio_common_vsnwprintf_s (Address: 0x180017340)
- __stdio_common_vswprintf_s (Address: 0x180017330)
- __stdio_common_vswscanf (Address: 0x180017348)
api-ms-win-crt-string-l1-1-0.dll
- _stricmp (Address: 0x180017368)
- _wcsicmp (Address: 0x180017370)
- strcpy_s (Address: 0x180017358)
- strncmp (Address: 0x180017378)
- wcscpy_s (Address: 0x180017360)
- wcsncmp (Address: 0x180017380)
- wcsncpy_s (Address: 0x180017388)
KERNEL32.dll
- CloseHandle (Address: 0x1800171c0)
- CreateEventW (Address: 0x1800171d0)
- CreateFileMappingW (Address: 0x1800170c0)
- CreateFileW (Address: 0x1800171b0)
- CreateProcessW (Address: 0x1800170a8)
- CreateThread (Address: 0x180017088)
- DebugBreak (Address: 0x1800170f8)
- DeleteCriticalSection (Address: 0x180017150)
- DuplicateHandle (Address: 0x1800171d8)
- EncodePointer (Address: 0x180017200)
- EnterCriticalSection (Address: 0x180017158)
- FormatMessageW (Address: 0x180017108)
- FreeLibrary (Address: 0x1800170b0)
- GetCurrentProcess (Address: 0x1800171e8)
- GetCurrentProcessId (Address: 0x1800171b8)
- GetCurrentThreadId (Address: 0x1800171a0)
- GetFileSize (Address: 0x180017098)
- GetFullPathNameW (Address: 0x180017130)
- GetLastError (Address: 0x1800171c8)
- GetProcAddress (Address: 0x180017090)
- GetProcessHeap (Address: 0x1800170e8)
- GetSystemInfo (Address: 0x180017168)
- GetSystemTimeAsFileTime (Address: 0x180017140)
- HeapAlloc (Address: 0x1800170d8)
- HeapFree (Address: 0x1800170e0)
- InitializeCriticalSection (Address: 0x180017148)
- InitializeCriticalSectionAndSpinCount (Address: 0x1800171f8)
- InitializeSListHead (Address: 0x180017218)
- InterlockedFlushSList (Address: 0x180017208)
- IsDebuggerPresent (Address: 0x180017178)
- IsProcessorFeaturePresent (Address: 0x180017220)
- K32EnumProcessModules (Address: 0x1800170b8)
- K32GetModuleFileNameExW (Address: 0x1800171a8)
- LeaveCriticalSection (Address: 0x180017160)
- LoadLibraryExW (Address: 0x180017120)
- LoadLibraryW (Address: 0x1800170d0)
- LocalFree (Address: 0x180017110)
- MapViewOfFile (Address: 0x1800170c8)
- MultiByteToWideChar (Address: 0x180017100)
- OpenEventW (Address: 0x180017198)
- OpenProcess (Address: 0x180017068)
- ProcessIdToSessionId (Address: 0x180017070)
- QueryPerformanceCounter (Address: 0x180017138)
- RaiseException (Address: 0x1800170f0)
- ReadProcessMemory (Address: 0x1800170a0)
- ResumeThread (Address: 0x180017128)
- RtlCaptureContext (Address: 0x180017248)
- RtlLookupFunctionEntry (Address: 0x180017240)
- RtlPcToFileHeader (Address: 0x180017250)
- RtlUnwindEx (Address: 0x180017210)
- RtlVirtualUnwind (Address: 0x180017238)
- SetEvent (Address: 0x180017080)
- SetLastError (Address: 0x180017118)
- SetUnhandledExceptionFilter (Address: 0x180017228)
- Sleep (Address: 0x180017078)
- TerminateProcess (Address: 0x180017170)
- TlsAlloc (Address: 0x1800171f0)
- TlsFree (Address: 0x180017180)
- TlsGetValue (Address: 0x180017190)
- TlsSetValue (Address: 0x180017188)
- UnhandledExceptionFilter (Address: 0x180017230)
- UnmapViewOfFile (Address: 0x180017060)
- WaitForSingleObject (Address: 0x1800171e0)
ole32.dll
- CoTaskMemFree (Address: 0x180017398)
OLEAUT32.dll
- SetErrorInfo (Address: 0x180017260)
USER32.dll
- LoadStringW (Address: 0x180017270)
VERSION.dll
- GetFileVersionInfoExW (Address: 0x180017288)
- GetFileVersionInfoSizeExW (Address: 0x180017280)
- VerQueryValueW (Address: 0x180017290)