mscordbi.dll

Description: Microsoft .NET Runtime Debugging Services

Authors: © Microsoft Corporation. All rights reserved.

Version: 6.0.2724.6912

Architecture: 64-bit

Operating System: Windows

SHA256: 062e33980db8ddddcfe14e443d1c9111

File Size: 1.2 MB

Uploaded At: Dec. 3, 2025, 2:41 a.m.

Views: 7

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: WriteProcessMemory, OpenProcess

Exported Functions

  • CoreCLRCreateCordbObject (Ordinal: 1, Address: 0x1320)
  • CoreCLRCreateCordbObject3 (Ordinal: 2, Address: 0x10f0)
  • CoreCLRCreateCordbObjectEx (Ordinal: 3, Address: 0x1200)
  • CreateCordbObject (Ordinal: 4, Address: 0x10b0)
  • DllGetClassObjectInternal (Ordinal: 5, Address: 0x1440)
  • OpenVirtualProcess (Ordinal: 6, Address: 0x70e0)
  • OpenVirtualProcess2 (Ordinal: 7, Address: 0x7090)
  • OpenVirtualProcessImpl (Ordinal: 8, Address: 0x6e40)
  • OpenVirtualProcessImpl2 (Ordinal: 9, Address: 0x7000)

Imported DLLs & Functions

ADVAPI32.dll
  • AdjustTokenPrivileges (Address: 0x1800f8048)
  • GetSidSubAuthority (Address: 0x1800f8008)
  • GetSidSubAuthorityCount (Address: 0x1800f8000)
  • GetTokenInformation (Address: 0x1800f8010)
  • LookupPrivilegeValueW (Address: 0x1800f8058)
  • OpenProcessToken (Address: 0x1800f8050)
  • OpenThreadToken (Address: 0x1800f8028)
  • RegCloseKey (Address: 0x1800f8040)
  • RegOpenKeyExW (Address: 0x1800f8038)
  • RegQueryValueExW (Address: 0x1800f8030)
  • RevertToSelf (Address: 0x1800f8020)
  • SetThreadToken (Address: 0x1800f8018)
api-ms-win-crt-convert-l1-1-0.dll
  • wcstoul (Address: 0x1800f8398)
api-ms-win-crt-heap-l1-1-0.dll
  • calloc (Address: 0x1800f83b0)
  • free (Address: 0x1800f83a8)
  • malloc (Address: 0x1800f83b8)
api-ms-win-crt-runtime-l1-1-0.dll
  • _cexit (Address: 0x1800f83d0)
  • _configure_narrow_argv (Address: 0x1800f8420)
  • _crt_atexit (Address: 0x1800f83d8)
  • _errno (Address: 0x1800f83e8)
  • _execute_onexit_table (Address: 0x1800f8430)
  • _initialize_narrow_environment (Address: 0x1800f8428)
  • _initialize_onexit_table (Address: 0x1800f83f8)
  • _initterm (Address: 0x1800f8400)
  • _initterm_e (Address: 0x1800f8408)
  • _invalid_parameter_noinfo (Address: 0x1800f83e0)
  • _register_onexit_function (Address: 0x1800f83f0)
  • _seh_filter_dll (Address: 0x1800f8418)
  • abort (Address: 0x1800f83c8)
  • terminate (Address: 0x1800f8410)
api-ms-win-crt-stdio-l1-1-0.dll
  • __stdio_common_vsnprintf_s (Address: 0x1800f8448)
  • __stdio_common_vsnwprintf_s (Address: 0x1800f8440)
api-ms-win-crt-string-l1-1-0.dll
  • _wcsicmp (Address: 0x1800f8460)
  • iswspace (Address: 0x1800f84a8)
  • strcmp (Address: 0x1800f84b0)
  • strcpy_s (Address: 0x1800f8498)
  • strncmp (Address: 0x1800f8480)
  • strncpy_s (Address: 0x1800f8490)
  • wcscat_s (Address: 0x1800f84a0)
  • wcscpy_s (Address: 0x1800f8458)
  • wcsncat_s (Address: 0x1800f8478)
  • wcsncmp (Address: 0x1800f8488)
  • wcsncpy_s (Address: 0x1800f8470)
  • wcsnlen (Address: 0x1800f8468)
KERNEL32.dll
  • CloseHandle (Address: 0x1800f82a8)
  • ContinueDebugEvent (Address: 0x1800f8118)
  • CreateEventW (Address: 0x1800f82b8)
  • CreateFileMappingW (Address: 0x1800f8140)
  • CreateFileW (Address: 0x1800f8070)
  • CreateProcessW (Address: 0x1800f8258)
  • CreateSemaphoreExW (Address: 0x1800f8278)
  • CreateThread (Address: 0x1800f80f0)
  • DebugActiveProcess (Address: 0x1800f8160)
  • DebugActiveProcessStop (Address: 0x1800f8168)
  • DebugBreak (Address: 0x1800f8100)
  • DeleteCriticalSection (Address: 0x1800f8088)
  • DuplicateHandle (Address: 0x1800f82c0)
  • EncodePointer (Address: 0x1800f8310)
  • EnterCriticalSection (Address: 0x1800f8080)
  • FlushFileBuffers (Address: 0x1800f8068)
  • FlushInstructionCache (Address: 0x1800f80d0)
  • FormatMessageW (Address: 0x1800f8200)
  • FreeLibrary (Address: 0x1800f8120)
  • GetACP (Address: 0x1800f81e8)
  • GetCurrentProcess (Address: 0x1800f82d8)
  • GetCurrentProcessId (Address: 0x1800f82a0)
  • GetCurrentThread (Address: 0x1800f8248)
  • GetCurrentThreadId (Address: 0x1800f80c8)
  • GetEnvironmentVariableW (Address: 0x1800f8238)
  • GetFileAttributesExW (Address: 0x1800f8228)
  • GetFileSize (Address: 0x1800f8138)
  • GetFullPathNameW (Address: 0x1800f8240)
  • GetLastError (Address: 0x1800f82b0)
  • GetModuleFileNameW (Address: 0x1800f8230)
  • GetModuleHandleW (Address: 0x1800f8130)
  • GetProcAddress (Address: 0x1800f80a8)
  • GetProcessHeap (Address: 0x1800f81c8)
  • GetSystemInfo (Address: 0x1800f8210)
  • GetSystemTimeAsFileTime (Address: 0x1800f81b8)
  • GetThreadContext (Address: 0x1800f8108)
  • HeapAlloc (Address: 0x1800f8198)
  • HeapCreate (Address: 0x1800f81c0)
  • HeapFree (Address: 0x1800f81a0)
  • InitializeCriticalSection (Address: 0x1800f8090)
  • InitializeCriticalSectionAndSpinCount (Address: 0x1800f8308)
  • InitializeSListHead (Address: 0x1800f8328)
  • InterlockedFlushSList (Address: 0x1800f8318)
  • IsDebuggerPresent (Address: 0x1800f8218)
  • IsProcessorFeaturePresent (Address: 0x1800f8330)
  • IsWow64Process (Address: 0x1800f8180)
  • LCMapStringEx (Address: 0x1800f81f0)
  • LeaveCriticalSection (Address: 0x1800f8078)
  • LoadLibraryExW (Address: 0x1800f8220)
  • LoadLibraryW (Address: 0x1800f80a0)
  • LocalFree (Address: 0x1800f8208)
  • MapViewOfFile (Address: 0x1800f8148)
  • MultiByteToWideChar (Address: 0x1800f81f8)
  • OpenProcess (Address: 0x1800f8178)
  • OpenThread (Address: 0x1800f80d8)
  • QueryPerformanceCounter (Address: 0x1800f81a8)
  • QueryPerformanceFrequency (Address: 0x1800f81b0)
  • RaiseException (Address: 0x1800f81d8)
  • ReadFile (Address: 0x1800f82e0)
  • ReadProcessMemory (Address: 0x1800f8188)
  • ReleaseSemaphore (Address: 0x1800f8288)
  • ResetEvent (Address: 0x1800f80c0)
  • ResumeThread (Address: 0x1800f80e8)
  • RtlCaptureContext (Address: 0x1800f8358)
  • RtlLookupFunctionEntry (Address: 0x1800f8350)
  • RtlPcToFileHeader (Address: 0x1800f8298)
  • RtlUnwindEx (Address: 0x1800f8320)
  • RtlVirtualUnwind (Address: 0x1800f8348)
  • SetEvent (Address: 0x1800f80b8)
  • SetFilePointer (Address: 0x1800f8290)
  • SetLastError (Address: 0x1800f81e0)
  • SetThreadContext (Address: 0x1800f8110)
  • SetUnhandledExceptionFilter (Address: 0x1800f8338)
  • Sleep (Address: 0x1800f8158)
  • SleepEx (Address: 0x1800f8260)
  • SuspendThread (Address: 0x1800f80e0)
  • SwitchToThread (Address: 0x1800f8250)
  • TerminateProcess (Address: 0x1800f80f8)
  • TlsAlloc (Address: 0x1800f8300)
  • TlsFree (Address: 0x1800f82e8)
  • TlsGetValue (Address: 0x1800f82f8)
  • TlsSetValue (Address: 0x1800f82f0)
  • UnhandledExceptionFilter (Address: 0x1800f8340)
  • UnmapViewOfFile (Address: 0x1800f8150)
  • VirtualAlloc (Address: 0x1800f8268)
  • VirtualFree (Address: 0x1800f8270)
  • VirtualQuery (Address: 0x1800f81d0)
  • VirtualQueryEx (Address: 0x1800f8128)
  • WaitForDebugEvent (Address: 0x1800f8170)
  • WaitForMultipleObjectsEx (Address: 0x1800f80b0)
  • WaitForSingleObject (Address: 0x1800f82c8)
  • WaitForSingleObjectEx (Address: 0x1800f8280)
  • WideCharToMultiByte (Address: 0x1800f8098)
  • WriteFile (Address: 0x1800f82d0)
  • WriteProcessMemory (Address: 0x1800f8190)
ole32.dll
  • CoCreateGuid (Address: 0x1800f84d0)
  • CoTaskMemAlloc (Address: 0x1800f84c0)
  • CoTaskMemFree (Address: 0x1800f84c8)
  • IIDFromString (Address: 0x1800f84d8)
OLEAUT32.dll
  • CreateErrorInfo (Address: 0x1800f8368)
  • SetErrorInfo (Address: 0x1800f8370)
  • VariantInit (Address: 0x1800f8378)
USER32.dll
  • LoadStringW (Address: 0x1800f8388)