PhoneService.dll
Description: The service used to manage phone calls and other telephony related functionality
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.5848
Architecture: 64-bit
Operating System: Windows NT
SHA256: fa10d52b1020747b28ce1fdf42447f37
File Size: 932.5 KB
Uploaded At: Dec. 1, 2025, 7:36 a.m.
Views: 4
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- CreateInProcPhoneService (Ordinal: 1, Address: 0x4bf0)
- ServiceMain (Ordinal: 2, Address: 0x7090)
- SvchostPushServiceGlobals (Ordinal: 3, Address: 0x7080)
Imported DLLs & Functions
api-ms-win-appmodel-runtime-l1-1-1.dll
- GetApplicationUserModelIdFromToken (Address: 0x1800c2fe8)
- ParseApplicationUserModelId (Address: 0x1800c2fe0)
api-ms-win-core-com-l1-1-0.dll
- CLSIDFromString (Address: 0x1800c3078)
- CoCreateFreeThreadedMarshaler (Address: 0x1800c3020)
- CoCreateGuid (Address: 0x1800c3060)
- CoCreateInstance (Address: 0x1800c3070)
- CoDecrementMTAUsage (Address: 0x1800c3010)
- CoFreeUnusedLibrariesEx (Address: 0x1800c3040)
- CoGetApartmentType (Address: 0x1800c3030)
- CoIncrementMTAUsage (Address: 0x1800c3018)
- CoMarshalInterface (Address: 0x1800c3000)
- CoReleaseMarshalData (Address: 0x1800c3008)
- CoTaskMemAlloc (Address: 0x1800c3058)
- CoTaskMemFree (Address: 0x1800c3048)
- CoWaitForMultipleHandles (Address: 0x1800c3028)
- CreateStreamOnHGlobal (Address: 0x1800c2ff8)
- PropVariantClear (Address: 0x1800c3038)
- StringFromCLSID (Address: 0x1800c3050)
- StringFromGUID2 (Address: 0x1800c3068)
api-ms-win-core-com-l1-1-1.dll
- RoGetAgileReference (Address: 0x1800c3088)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x1800c3098)
- IsDebuggerPresent (Address: 0x1800c30a8)
- OutputDebugStringW (Address: 0x1800c30a0)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x1800c30b8)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x1800c30c8)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x1800c30e0)
- RaiseException (Address: 0x1800c30f8)
- SetLastError (Address: 0x1800c30f0)
- SetUnhandledExceptionFilter (Address: 0x1800c30d8)
- UnhandledExceptionFilter (Address: 0x1800c30e8)
api-ms-win-core-file-l1-1-0.dll
- CompareFileTime (Address: 0x1800c3118)
- FindClose (Address: 0x1800c3108)
- FindFirstFileExW (Address: 0x1800c3110)
- FindNextFileW (Address: 0x1800c3120)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x1800c3138)
- DuplicateHandle (Address: 0x1800c3130)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x1800c3158)
- HeapAlloc (Address: 0x1800c3150)
- HeapFree (Address: 0x1800c3148)
api-ms-win-core-heap-l2-1-0.dll
- LocalAlloc (Address: 0x1800c3168)
- LocalFree (Address: 0x1800c3170)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
- RegisterWaitForSingleObject (Address: 0x1800c3180)
api-ms-win-core-libraryloader-l1-2-0.dll
- DisableThreadLibraryCalls (Address: 0x1800c31c0)
- FreeLibrary (Address: 0x1800c31b8)
- GetModuleFileNameA (Address: 0x1800c31b0)
- GetModuleHandleExW (Address: 0x1800c3198)
- GetModuleHandleW (Address: 0x1800c31a0)
- GetProcAddress (Address: 0x1800c31a8)
- LoadLibraryExW (Address: 0x1800c3190)
- LoadStringW (Address: 0x1800c31c8)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x1800c31e0)
- GetUserDefaultLangID (Address: 0x1800c31d8)
api-ms-win-core-processthreads-l1-1-0.dll
- CreateThread (Address: 0x1800c3200)
- GetCurrentProcess (Address: 0x1800c3218)
- GetCurrentProcessId (Address: 0x1800c3230)
- GetCurrentThread (Address: 0x1800c3248)
- GetCurrentThreadId (Address: 0x1800c3220)
- OpenProcessToken (Address: 0x1800c3208)
- OpenThread (Address: 0x1800c3240)
- OpenThreadToken (Address: 0x1800c3238)
- ResumeThread (Address: 0x1800c3228)
- SetThreadToken (Address: 0x1800c3210)
- SuspendThread (Address: 0x1800c31f0)
- TerminateProcess (Address: 0x1800c31f8)
api-ms-win-core-processthreads-l1-1-1.dll
- OpenProcess (Address: 0x1800c3258)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x1800c3268)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x1800c3298)
- RegCreateKeyExW (Address: 0x1800c32a8)
- RegEnumValueW (Address: 0x1800c3278)
- RegGetValueW (Address: 0x1800c3290)
- RegLoadMUIStringW (Address: 0x1800c3288)
- RegNotifyChangeKeyValue (Address: 0x1800c32b0)
- RegOpenKeyExW (Address: 0x1800c32c0)
- RegQueryInfoKeyW (Address: 0x1800c3280)
- RegQueryValueExW (Address: 0x1800c32a0)
- RegSetValueExW (Address: 0x1800c32b8)
api-ms-win-core-rtlsupport-l1-1-0.dll
- RtlCaptureContext (Address: 0x1800c32d8)
- RtlCaptureStackBackTrace (Address: 0x1800c32e8)
- RtlLookupFunctionEntry (Address: 0x1800c32d0)
- RtlVirtualUnwind (Address: 0x1800c32e0)
api-ms-win-core-shlwapi-legacy-l1-1-0.dll
- PathGetCharTypeW (Address: 0x1800c32f8)
api-ms-win-core-shlwapi-obsolete-l1-1-0.dll
- QISearch (Address: 0x1800c3308)
api-ms-win-core-string-l1-1-0.dll
- MultiByteToWideChar (Address: 0x1800c3318)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x1800c33a8)
- AcquireSRWLockShared (Address: 0x1800c33c0)
- CreateEventExW (Address: 0x1800c3358)
- CreateEventW (Address: 0x1800c3368)
- CreateMutexExW (Address: 0x1800c33c8)
- CreateSemaphoreExW (Address: 0x1800c3328)
- DeleteCriticalSection (Address: 0x1800c3398)
- EnterCriticalSection (Address: 0x1800c3378)
- InitializeCriticalSection (Address: 0x1800c33a0)
- InitializeCriticalSectionEx (Address: 0x1800c3370)
- InitializeSRWLock (Address: 0x1800c33b0)
- LeaveCriticalSection (Address: 0x1800c3380)
- OpenEventW (Address: 0x1800c3390)
- OpenSemaphoreW (Address: 0x1800c3350)
- ReleaseMutex (Address: 0x1800c3388)
- ReleaseSemaphore (Address: 0x1800c3338)
- ReleaseSRWLockExclusive (Address: 0x1800c33d0)
- ReleaseSRWLockShared (Address: 0x1800c33b8)
- ResetEvent (Address: 0x1800c3340)
- SetEvent (Address: 0x1800c3360)
- WaitForSingleObject (Address: 0x1800c3330)
- WaitForSingleObjectEx (Address: 0x1800c3348)
api-ms-win-core-synch-l1-2-0.dll
- InitOnceExecuteOnce (Address: 0x1800c3400)
- Sleep (Address: 0x1800c33e0)
- SleepConditionVariableSRW (Address: 0x1800c33f0)
- WakeAllConditionVariable (Address: 0x1800c33e8)
- WakeConditionVariable (Address: 0x1800c33f8)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetSystemTimeAsFileTime (Address: 0x1800c3410)
- GetTickCount (Address: 0x1800c3420)
- GetTickCount64 (Address: 0x1800c3418)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpoolTimer (Address: 0x1800c3460)
- CloseThreadpoolWork (Address: 0x1800c3470)
- CreateThreadpoolTimer (Address: 0x1800c3448)
- CreateThreadpoolWork (Address: 0x1800c3468)
- FreeLibraryWhenCallbackReturns (Address: 0x1800c3430)
- SetThreadpoolTimer (Address: 0x1800c3440)
- SubmitThreadpoolWork (Address: 0x1800c3450)
- WaitForThreadpoolTimerCallbacks (Address: 0x1800c3458)
- WaitForThreadpoolWorkCallbacks (Address: 0x1800c3438)
api-ms-win-core-threadpool-legacy-l1-1-0.dll
- UnregisterWaitEx (Address: 0x1800c3480)
api-ms-win-core-winrt-error-l1-1-0.dll
- GetRestrictedErrorInfo (Address: 0x1800c3498)
- RoOriginateError (Address: 0x1800c34a0)
- RoOriginateErrorW (Address: 0x1800c34b0)
- RoTransformError (Address: 0x1800c34a8)
- SetRestrictedErrorInfo (Address: 0x1800c3490)
api-ms-win-core-winrt-error-l1-1-1.dll
- IsErrorPropagationEnabled (Address: 0x1800c34c8)
- RoGetMatchingRestrictedErrorInfo (Address: 0x1800c34d0)
- RoReportFailedDelegate (Address: 0x1800c34c0)
api-ms-win-core-winrt-l1-1-0.dll
- RoActivateInstance (Address: 0x1800c34e8)
- RoGetActivationFactory (Address: 0x1800c34f0)
- RoInitialize (Address: 0x1800c34f8)
- RoUninitialize (Address: 0x1800c34e0)
api-ms-win-core-winrt-string-l1-1-0.dll
- WindowsCreateString (Address: 0x1800c3520)
- WindowsCreateStringReference (Address: 0x1800c3510)
- WindowsDeleteString (Address: 0x1800c3518)
- WindowsDuplicateString (Address: 0x1800c3528)
- WindowsGetStringRawBuffer (Address: 0x1800c3508)
api-ms-win-eventing-provider-l1-1-0.dll
- EventProviderEnabled (Address: 0x1800c3550)
- EventRegister (Address: 0x1800c3538)
- EventSetInformation (Address: 0x1800c3548)
- EventUnregister (Address: 0x1800c3540)
- EventWriteTransfer (Address: 0x1800c3558)
api-ms-win-power-setting-l1-1-0.dll
- PowerSettingRegisterNotification (Address: 0x1800c3568)
- PowerSettingUnregisterNotification (Address: 0x1800c3570)
api-ms-win-security-accesshlpr-l1-1-0.dll
- BuildSecurityDescriptorForSharingAccess (Address: 0x1800c3580)
- FreeTransientObjectSecurityDescriptor (Address: 0x1800c3590)
- QueryTransientObjectSecurityDescriptor (Address: 0x1800c3588)
api-ms-win-security-base-l1-1-0.dll
- AllocateAndInitializeSid (Address: 0x1800c35d0)
- GetSecurityDescriptorDacl (Address: 0x1800c35a0)
- GetTokenInformation (Address: 0x1800c35c8)
- MakeAbsoluteSD (Address: 0x1800c35b8)
- MakeSelfRelativeSD (Address: 0x1800c35a8)
- RevertToSelf (Address: 0x1800c35c0)
- SetSecurityDescriptorDacl (Address: 0x1800c35b0)
api-ms-win-security-capability-l1-1-0.dll
- RpcClientCapabilityCheck (Address: 0x1800c35e0)
api-ms-win-security-provider-l1-1-0.dll
- GetExplicitEntriesFromAclW (Address: 0x1800c35f0)
- SetEntriesInAclW (Address: 0x1800c35f8)
api-ms-win-security-sddl-l1-1-0.dll
- ConvertSidToStringSidW (Address: 0x1800c3610)
- ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x1800c3608)
api-ms-win-service-core-l1-1-0.dll
- RegisterServiceCtrlHandlerExW (Address: 0x1800c3620)
- SetServiceStatus (Address: 0x1800c3628)
api-ms-win-service-management-l1-1-0.dll
- CloseServiceHandle (Address: 0x1800c3648)
- OpenSCManagerW (Address: 0x1800c3640)
- OpenServiceW (Address: 0x1800c3638)
api-ms-win-shell-namespace-l1-1-0.dll
- SHCreateItemFromParsingName (Address: 0x1800c3658)
combase.dll
- (Address: 0x1800c3668)
msvcrt.dll
- __C_specific_handler (Address: 0x1800c3710)
- __CxxFrameHandler3 (Address: 0x1800c36f0)
- __dllonexit (Address: 0x1800c3690)
- _amsg_exit (Address: 0x1800c3758)
- _callnewh (Address: 0x1800c3708)
- _errno (Address: 0x1800c3740)
- _initterm (Address: 0x1800c3760)
- _itow_s (Address: 0x1800c36d8)
- _lock (Address: 0x1800c3768)
- _onexit (Address: 0x1800c36b0)
- _purecall (Address: 0x1800c3780)
- _unlock (Address: 0x1800c3770)
- _vsnprintf_s (Address: 0x1800c36a0)
- _vsnwprintf (Address: 0x1800c3778)
- _vsnwprintf_s (Address: 0x1800c3738)
- _wcsicmp (Address: 0x1800c3688)
- _wtoi (Address: 0x1800c36f8)
- _XcptFilter (Address: 0x1800c3720)
- free (Address: 0x1800c3678)
- malloc (Address: 0x1800c3680)
- memcmp (Address: 0x1800c3750)
- memcpy (Address: 0x1800c3730)
- memcpy_s (Address: 0x1800c3748)
- memmove (Address: 0x1800c3728)
- memmove_s (Address: 0x1800c36e0)
- memset (Address: 0x1800c36b8)
- pow (Address: 0x1800c3718)
- realloc (Address: 0x1800c36d0)
- swscanf_s (Address: 0x1800c36c8)
- toupper (Address: 0x1800c36a8)
- wcschr (Address: 0x1800c36e8)
- wcscmp (Address: 0x1800c3790)
- wcscpy_s (Address: 0x1800c36c0)
- wcscspn (Address: 0x1800c3700)
- wcsncmp (Address: 0x1800c3698)
- wcstok_s (Address: 0x1800c3788)
ntdll.dll
- NtQueryWnfStateData (Address: 0x1800c37a8)
- RtlGetDeviceFamilyInfoEnum (Address: 0x1800c37a0)
- RtlPublishWnfStateData (Address: 0x1800c37c0)
- RtlSubscribeWnfStateChangeNotification (Address: 0x1800c37b0)
- RtlUnsubscribeWnfNotificationWaitForCompletion (Address: 0x1800c37b8)
PhoneUtil.dll
- AsyncWorkDispatcher_CreateInstance (Address: 0x1800c2e28)
- CauseCode_IsCodeRegistered (Address: 0x1800c2ec0)
- ComparePhoneNumbers (Address: 0x1800c2f30)
- ConvertPhoneNumberToUINT64 (Address: 0x1800c2e78)
- CreateBrandingInfo (Address: 0x1800c2df8)
- CreateCellularApiLineConfig (Address: 0x1800c2e10)
- CreateDialAssist (Address: 0x1800c2e58)
- CreatePerUserSecurityPolicy (Address: 0x1800c2e98)
- CreatePerUserSecurityToken (Address: 0x1800c2eb0)
- CreatePerUserSecurityTokenForRpcClient (Address: 0x1800c2e00)
- CreateUdmDataSessionForSignedInUserContext (Address: 0x1800c2e60)
- DuplicateSidIfValid (Address: 0x1800c2ea8)
- Get3GPPInCallToneDefault (Address: 0x1800c2e18)
- Get3GPPInCallToneForTypeAndMcc (Address: 0x1800c2e30)
- Get3GPPInCallToneTypeString (Address: 0x1800c2e38)
- GetAdjustCDMACallTimeSetting (Address: 0x1800c2ed0)
- GetCchTailMin (Address: 0x1800c2e80)
- GetCountryCodeFromOperatorNum (Address: 0x1800c2e48)
- GetDialableNumber (Address: 0x1800c2f38)
- GetDialableNumberAndDTMF (Address: 0x1800c2f00)
- GetDtmfInCallToneTypeString (Address: 0x1800c2ee0)
- GetMethodFromPropId (Address: 0x1800c2e88)
- GetRpcClientUser (Address: 0x1800c2eb8)
- GetSignedInUserForAppActivation (Address: 0x1800c2ed8)
- GetTelUriFromDialString (Address: 0x1800c2e08)
- GetUserContextTokenForUser (Address: 0x1800c2e68)
- GetZerothCellularPhoneLineId (Address: 0x1800c2f28)
- ImpersonateSignedInUser (Address: 0x1800c2e90)
- IsCellularVoiceCapableDevice (Address: 0x1800c2f20)
- IsDialableCharEx (Address: 0x1800c2e70)
- IsNumberDialable (Address: 0x1800c2ea0)
- IsTTYEnabled (Address: 0x1800c2ee8)
- MaskPhoneNumber (Address: 0x1800c2f40)
- MaskString (Address: 0x1800c2e50)
- OneShotTimer_CreateInstance (Address: 0x1800c2f18)
- Phone_FmtText_GlobalFormat (Address: 0x1800c2f10)
- PhoneLineIdToString (Address: 0x1800c2e40)
- RemoveMetadataFromNumber (Address: 0x1800c2ef8)
- StringToPhoneLineId (Address: 0x1800c2f08)
- StripNonDtmfChars (Address: 0x1800c2ef0)
- UrlEscapeString (Address: 0x1800c2e20)
- ValidPhoneNumberInplaceStripInvalidCharacters (Address: 0x1800c2ec8)
PIMSTORE.dll
- FindMatchingContactEx (Address: 0x1800c2de0)
- GetActiveOutlookApp (Address: 0x1800c2de8)
RPCRT4.dll
- I_RpcBindingInqLocalClientPID (Address: 0x1800c2f50)
- NdrClientCall3 (Address: 0x1800c2f98)
- NdrServerCall2 (Address: 0x1800c2f90)
- NdrServerCallAll (Address: 0x1800c2f80)
- RpcExceptionFilter (Address: 0x1800c2fa0)
- RpcServerInterfaceGroupActivate (Address: 0x1800c2f78)
- RpcServerInterfaceGroupClose (Address: 0x1800c2f70)
- RpcServerInterfaceGroupCreateW (Address: 0x1800c2f68)
- RpcServerInterfaceGroupDeactivate (Address: 0x1800c2f88)
- RpcServerUseProtseqEpW (Address: 0x1800c2f58)
- RpcServerUseProtseqW (Address: 0x1800c2f60)
UserDataPlatformHelperUtil.dll
- ?_InitializeSecureRpcBinding@SecureRpcClient@Comms@@IEAAJPEBG0@Z (Address: 0x1800c2fd0)
- ??0SecureRpcClient@Comms@@QEAA@XZ (Address: 0x1800c2fc8)
- ??1SecureRpcClient@Comms@@UEAA@XZ (Address: 0x1800c2fb8)
- GetQueryProcessHandle (Address: 0x1800c2fb0)
- GetRpcClientThreadToken (Address: 0x1800c2fc0)