KeyboardHook.dll
Description:
Authors:
Version:
Architecture: 64-bit
Operating System:
SHA256: 0f11c41dc53742d7b0c52bbccedd4f22
File Size: 65.5 KB
Uploaded At: Jan. 28, 2026, 5:44 p.m.
Views: 13
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess, WriteProcessMemory, VirtualAllocEx, CreateRemoteThread
Exported Functions
- GetHookStatus (Ordinal: 1, Address: 0x4710)
- GetLastHookError (Ordinal: 2, Address: 0x4de0)
- GetWmiLastError (Ordinal: 3, Address: 0x87c0)
- InjectIntoRdpClient (Ordinal: 4, Address: 0x4e00)
- IsHookActive (Ordinal: 5, Address: 0x52d0)
- IsWmiCaptureActive (Ordinal: 6, Address: 0x87e0)
- StartKeyboardHook (Ordinal: 7, Address: 0x5320)
- StartWmiKeyboardCapture (Ordinal: 8, Address: 0x87f0)
- StopKeyboardHook (Ordinal: 9, Address: 0x6b30)
- StopWmiKeyboardCapture (Ordinal: 10, Address: 0x8a80)
Imported DLLs & Functions
api-ms-win-crt-heap-l1-1-0.dll
- _callnewh (Address: 0x18000b340)
- free (Address: 0x18000b330)
- malloc (Address: 0x18000b338)
api-ms-win-crt-runtime-l1-1-0.dll
- _beginthreadex (Address: 0x18000b350)
- _cexit (Address: 0x18000b380)
- _configure_narrow_argv (Address: 0x18000b3a8)
- _crt_atexit (Address: 0x18000b388)
- _execute_onexit_table (Address: 0x18000b390)
- _initialize_narrow_environment (Address: 0x18000b3a0)
- _initialize_onexit_table (Address: 0x18000b370)
- _initterm (Address: 0x18000b378)
- _initterm_e (Address: 0x18000b360)
- _invoke_watson (Address: 0x18000b358)
- _register_onexit_function (Address: 0x18000b398)
- _seh_filter_dll (Address: 0x18000b3b0)
- terminate (Address: 0x18000b368)
api-ms-win-crt-string-l1-1-0.dll
- _wcsicmp (Address: 0x18000b3e0)
- strlen (Address: 0x18000b3d0)
- strncpy_s (Address: 0x18000b3d8)
- wcscat_s (Address: 0x18000b3c0)
- wcscpy_s (Address: 0x18000b3e8)
- wcslen (Address: 0x18000b3c8)
DINPUT8.dll
- DirectInput8Create (Address: 0x18000b000)
KERNEL32.dll
- AcquireSRWLockExclusive (Address: 0x18000b190)
- CloseHandle (Address: 0x18000b0b8)
- ConnectNamedPipe (Address: 0x18000b0c8)
- CopyFileW (Address: 0x18000b170)
- CreateDirectoryW (Address: 0x18000b098)
- CreateNamedPipeW (Address: 0x18000b0d8)
- CreateRemoteThread (Address: 0x18000b100)
- CreateThread (Address: 0x18000b0f8)
- CreateToolhelp32Snapshot (Address: 0x18000b178)
- DisconnectNamedPipe (Address: 0x18000b0d0)
- GetCurrentProcess (Address: 0x18000b040)
- GetCurrentProcessId (Address: 0x18000b0f0)
- GetCurrentThreadId (Address: 0x18000b010)
- GetEnvironmentVariableA (Address: 0x18000b090)
- GetFileAttributesW (Address: 0x18000b0a0)
- GetLastError (Address: 0x18000b0c0)
- GetModuleFileNameW (Address: 0x18000b148)
- GetModuleHandleA (Address: 0x18000b150)
- GetModuleHandleExW (Address: 0x18000b160)
- GetModuleHandleW (Address: 0x18000b158)
- GetProcAddress (Address: 0x18000b168)
- GetSystemTimeAsFileTime (Address: 0x18000b028)
- GetTempPathW (Address: 0x18000b0b0)
- GetTickCount (Address: 0x18000b128)
- InitializeSListHead (Address: 0x18000b020)
- IsDebuggerPresent (Address: 0x18000b060)
- IsProcessorFeaturePresent (Address: 0x18000b048)
- LocalFree (Address: 0x18000b018)
- MultiByteToWideChar (Address: 0x18000b198)
- OpenProcess (Address: 0x18000b120)
- Process32FirstW (Address: 0x18000b180)
- Process32NextW (Address: 0x18000b188)
- ProcessIdToSessionId (Address: 0x18000b118)
- QueryPerformanceCounter (Address: 0x18000b030)
- ReadFile (Address: 0x18000b0a8)
- ReleaseSRWLockExclusive (Address: 0x18000b108)
- RtlCaptureContext (Address: 0x18000b078)
- RtlLookupFunctionEntry (Address: 0x18000b070)
- RtlVirtualUnwind (Address: 0x18000b068)
- SetUnhandledExceptionFilter (Address: 0x18000b050)
- Sleep (Address: 0x18000b0e8)
- SleepConditionVariableSRW (Address: 0x18000b080)
- TerminateProcess (Address: 0x18000b038)
- TerminateThread (Address: 0x18000b110)
- UnhandledExceptionFilter (Address: 0x18000b058)
- VirtualAllocEx (Address: 0x18000b130)
- VirtualFreeEx (Address: 0x18000b140)
- WaitForSingleObject (Address: 0x18000b0e0)
- WakeAllConditionVariable (Address: 0x18000b088)
- WriteProcessMemory (Address: 0x18000b138)
MSVCP140.dll
- _Cnd_do_broadcast_at_thread_exit (Address: 0x18000b1c0)
- _Thrd_id (Address: 0x18000b1b8)
- _Thrd_join (Address: 0x18000b1b0)
- ?_Throw_Cpp_error@std@@YAXH@Z (Address: 0x18000b1c8)
- ?_Xlength_error@std@@YAXPEBD@Z (Address: 0x18000b1a8)
ole32.dll
- CoCreateInstance (Address: 0x18000b408)
- CoInitializeEx (Address: 0x18000b418)
- CoInitializeSecurity (Address: 0x18000b3f8)
- CoSetProxyBlanket (Address: 0x18000b400)
- CoUninitialize (Address: 0x18000b410)
OLEAUT32.dll
- SysAllocString (Address: 0x18000b1e8)
- SysFreeString (Address: 0x18000b1d8)
- VariantClear (Address: 0x18000b1e0)
USER32.dll
- CallNextHookEx (Address: 0x18000b260)
- CreateWindowExA (Address: 0x18000b208)
- DefWindowProcA (Address: 0x18000b288)
- DestroyWindow (Address: 0x18000b210)
- FindWindowA (Address: 0x18000b240)
- GetClassNameA (Address: 0x18000b248)
- GetDesktopWindow (Address: 0x18000b280)
- GetForegroundWindow (Address: 0x18000b230)
- GetKeyboardState (Address: 0x18000b218)
- GetRawInputData (Address: 0x18000b268)
- GetSystemMetrics (Address: 0x18000b228)
- GetWindowRect (Address: 0x18000b238)
- MapVirtualKeyA (Address: 0x18000b220)
- MapVirtualKeyW (Address: 0x18000b278)
- PostQuitMessage (Address: 0x18000b1f8)
- RegisterClassA (Address: 0x18000b200)
- RegisterRawInputDevices (Address: 0x18000b270)
- SetWindowsHookExA (Address: 0x18000b250)
- UnhookWindowsHookEx (Address: 0x18000b258)
VCRUNTIME140_1.dll
- __CxxFrameHandler4 (Address: 0x18000b308)
VCRUNTIME140.dll
- __C_specific_handler (Address: 0x18000b2f0)
- __current_exception (Address: 0x18000b2e0)
- __current_exception_context (Address: 0x18000b2c0)
- __std_exception_copy (Address: 0x18000b2a8)
- __std_exception_destroy (Address: 0x18000b2b0)
- __std_terminate (Address: 0x18000b2f8)
- __std_type_info_destroy_list (Address: 0x18000b2e8)
- _CxxThrowException (Address: 0x18000b2b8)
- memcpy (Address: 0x18000b2c8)
- memmove (Address: 0x18000b2d0)
- memset (Address: 0x18000b2d8)
- strstr (Address: 0x18000b298)
- wcsrchr (Address: 0x18000b2a0)
WTSAPI32.dll
- WTSFreeMemory (Address: 0x18000b318)
- WTSQuerySessionInformationW (Address: 0x18000b320)