radardt.dll

Description: Microsoft Windows Resource Exhaustion Detector

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.1

Architecture: 64-bit

Operating System: Windows NT

SHA256: bd8425f42b093373fa24b98e5bfffd8e

File Size: 99.5 KB

Uploaded At: Dec. 1, 2025, 7:37 a.m.

Views: 3

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • RdrSysprepSpecialize (Ordinal: 1, Address: 0xa020)
  • RdrSysprepSpecializeOffline (Ordinal: 2, Address: 0x5180)
  • WdiDiagnosticModuleMain (Ordinal: 3, Address: 0x1100)
  • WdiGetDiagnosticModuleInterfaceVersion (Ordinal: 4, Address: 0x1060)
  • WdiHandleInstance (Ordinal: 5, Address: 0x1730)

Imported DLLs & Functions

ADVAPI32.dll
  • CloseServiceHandle (Address: 0x180013128)
  • CopySid (Address: 0x180013168)
  • EnumServicesStatusExW (Address: 0x180013138)
  • EqualSid (Address: 0x180013160)
  • GetLengthSid (Address: 0x180013180)
  • GetTokenInformation (Address: 0x180013188)
  • IsValidSid (Address: 0x180013170)
  • OpenProcessToken (Address: 0x180013178)
  • OpenSCManagerW (Address: 0x180013130)
  • OpenServiceW (Address: 0x180013148)
  • QueryServiceConfigW (Address: 0x180013140)
  • RegCloseKey (Address: 0x1800131a0)
  • RegCreateKeyExW (Address: 0x180013158)
  • RegDeleteKeyExW (Address: 0x1800131a8)
  • RegDeleteValueW (Address: 0x180013150)
  • RegEnumKeyExW (Address: 0x1800131b8)
  • RegOpenKeyExW (Address: 0x1800131c0)
  • RegQueryInfoKeyW (Address: 0x1800131b0)
  • RegQueryValueExW (Address: 0x180013198)
  • RegSetValueExW (Address: 0x180013190)
KERNEL32.dll
  • CloseHandle (Address: 0x180013280)
  • CreateEventW (Address: 0x1800132c8)
  • CreateProcessW (Address: 0x180013300)
  • CreateThread (Address: 0x180013278)
  • CreateWaitableTimerExW (Address: 0x1800132c0)
  • DelayLoadFailureHook (Address: 0x180013270)
  • DeleteCriticalSection (Address: 0x180013350)
  • DisableThreadLibraryCalls (Address: 0x180013348)
  • EnterCriticalSection (Address: 0x180013318)
  • ExpandEnvironmentStringsW (Address: 0x180013290)
  • FindFirstVolumeW (Address: 0x1800132a0)
  • FindNextVolumeW (Address: 0x180013250)
  • FindVolumeClose (Address: 0x180013258)
  • FreeLibrary (Address: 0x180013368)
  • FreeLibraryAndExitThread (Address: 0x1800132d0)
  • GetCurrentProcess (Address: 0x180013230)
  • GetCurrentProcessId (Address: 0x1800131d0)
  • GetCurrentThreadId (Address: 0x180013218)
  • GetDriveTypeW (Address: 0x180013248)
  • GetFileAttributesW (Address: 0x180013298)
  • GetLastError (Address: 0x180013338)
  • GetModuleFileNameW (Address: 0x180013200)
  • GetModuleHandleExW (Address: 0x1800132f0)
  • GetProcessHeap (Address: 0x180013358)
  • GetProcessId (Address: 0x1800131f8)
  • GetProcessTimes (Address: 0x1800131e0)
  • GetSystemDirectoryW (Address: 0x180013260)
  • GetSystemTimeAsFileTime (Address: 0x1800132a8)
  • GetTickCount (Address: 0x180013210)
  • HeapAlloc (Address: 0x180013310)
  • HeapCreate (Address: 0x180013360)
  • HeapDestroy (Address: 0x1800131d8)
  • HeapFree (Address: 0x180013308)
  • InitializeCriticalSection (Address: 0x180013328)
  • IsWow64Process (Address: 0x1800131e8)
  • K32GetModuleFileNameExW (Address: 0x1800132f8)
  • LeaveCriticalSection (Address: 0x180013320)
  • LocalFree (Address: 0x1800131f0)
  • OpenProcess (Address: 0x1800132e8)
  • ProcessIdToSessionId (Address: 0x180013288)
  • QueryPerformanceCounter (Address: 0x180013220)
  • ResetEvent (Address: 0x1800132b0)
  • ResolveDelayLoadedAPI (Address: 0x180013268)
  • SetEvent (Address: 0x180013340)
  • SetLastError (Address: 0x180013208)
  • SetUnhandledExceptionFilter (Address: 0x180013238)
  • SetWaitableTimer (Address: 0x1800132e0)
  • TerminateProcess (Address: 0x180013228)
  • TryEnterCriticalSection (Address: 0x1800132b8)
  • UnhandledExceptionFilter (Address: 0x180013240)
  • WaitForMultipleObjectsEx (Address: 0x1800132d8)
  • WaitForSingleObject (Address: 0x180013330)
KERNELBASE.dll
  • LocalAlloc (Address: 0x180013378)
  • Sleep (Address: 0x180013380)
  • WTSGetServiceSessionId (Address: 0x180013388)
msvcrt.dll
  • __C_specific_handler (Address: 0x1800133e0)
  • _amsg_exit (Address: 0x1800133c0)
  • _initterm (Address: 0x1800133d8)
  • _vsnwprintf (Address: 0x1800133f0)
  • _wcsicmp (Address: 0x1800133b0)
  • _XcptFilter (Address: 0x1800133b8)
  • free (Address: 0x1800133c8)
  • malloc (Address: 0x1800133d0)
  • memset (Address: 0x180013400)
  • qsort (Address: 0x1800133f8)
  • wcsrchr (Address: 0x1800133e8)
ntdll.dll
  • EtwEventEnabled (Address: 0x180013448)
  • EtwEventRegister (Address: 0x180013440)
  • EtwEventUnregister (Address: 0x180013460)
  • EtwEventWrite (Address: 0x1800134a0)
  • EtwGetTraceEnableFlags (Address: 0x180013480)
  • EtwGetTraceEnableLevel (Address: 0x180013490)
  • EtwGetTraceLoggerHandle (Address: 0x180013488)
  • EtwRegisterTraceGuidsW (Address: 0x180013498)
  • EtwTraceMessage (Address: 0x1800134a8)
  • EtwUnregisterTraceGuids (Address: 0x180013478)
  • NtOpenEvent (Address: 0x180013410)
  • NtQueryEvent (Address: 0x180013458)
  • NtQuerySystemInformation (Address: 0x180013470)
  • RtlAllocateAndInitializeSid (Address: 0x1800134b0)
  • RtlCaptureContext (Address: 0x180013428)
  • RtlEqualUnicodeString (Address: 0x180013438)
  • RtlFreeSid (Address: 0x180013450)
  • RtlInitUnicodeString (Address: 0x180013430)
  • RtlLookupFunctionEntry (Address: 0x180013420)
  • RtlNtStatusToDosError (Address: 0x180013468)
  • RtlVirtualUnwind (Address: 0x180013418)
POWRPROF.dll
  • PowerSettingRegisterNotification (Address: 0x180013398)
  • PowerSettingUnregisterNotification (Address: 0x1800133a0)