radarrs.dll

Description: Microsoft Windows Resource Exhaustion Resolver

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.1

Architecture: 64-bit

Operating System: Windows NT

SHA256: 32efca415eb6c90d761dcb254efbdf3d

File Size: 71.0 KB

Uploaded At: Dec. 1, 2025, 7:37 a.m.

Views: 4

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • WdiDiagnosticModuleMain (Ordinal: 1, Address: 0x3680)
  • WdiGetDiagnosticModuleInterfaceVersion (Ordinal: 2, Address: 0x3610)
  • WdiHandleInstance (Ordinal: 3, Address: 0x37a0)

Imported DLLs & Functions

ADVAPI32.dll
  • AdjustTokenPrivileges (Address: 0x18000d190)
  • CheckTokenMembership (Address: 0x18000d180)
  • CloseServiceHandle (Address: 0x18000d198)
  • DuplicateTokenEx (Address: 0x18000d160)
  • EnumServicesStatusExW (Address: 0x18000d1a8)
  • EventWrite (Address: 0x18000d170)
  • GetTraceEnableFlags (Address: 0x18000d1c0)
  • GetTraceEnableLevel (Address: 0x18000d130)
  • GetTraceLoggerHandle (Address: 0x18000d168)
  • LookupPrivilegeValueW (Address: 0x18000d188)
  • OpenProcessToken (Address: 0x18000d178)
  • OpenSCManagerW (Address: 0x18000d1a0)
  • OpenServiceW (Address: 0x18000d1b8)
  • QueryServiceConfigW (Address: 0x18000d1b0)
  • RegCloseKey (Address: 0x18000d128)
  • RegisterTraceGuidsW (Address: 0x18000d138)
  • RegOpenKeyExW (Address: 0x18000d148)
  • RegQueryValueExW (Address: 0x18000d150)
  • TraceMessage (Address: 0x18000d158)
  • UnregisterTraceGuids (Address: 0x18000d140)
COMCTL32.dll
  • (Address: 0x18000d1d0)
KERNEL32.dll
  • ActivateActCtx (Address: 0x18000d2b0)
  • CloseHandle (Address: 0x18000d1e0)
  • CompareStringW (Address: 0x18000d250)
  • CreateActCtxW (Address: 0x18000d2a8)
  • CreateDirectoryW (Address: 0x18000d248)
  • CreateFileW (Address: 0x18000d270)
  • CreateProcessW (Address: 0x18000d298)
  • DeactivateActCtx (Address: 0x18000d2c0)
  • DeleteCriticalSection (Address: 0x18000d358)
  • DeleteFileW (Address: 0x18000d340)
  • DisableThreadLibraryCalls (Address: 0x18000d228)
  • EnterCriticalSection (Address: 0x18000d210)
  • ExpandEnvironmentStringsW (Address: 0x18000d258)
  • GetCurrentProcess (Address: 0x18000d310)
  • GetCurrentProcessId (Address: 0x18000d1f0)
  • GetCurrentThreadId (Address: 0x18000d360)
  • GetLastError (Address: 0x18000d288)
  • GetModuleFileNameW (Address: 0x18000d2b8)
  • GetModuleHandleW (Address: 0x18000d2d0)
  • GetProcessHeap (Address: 0x18000d290)
  • GetProcessId (Address: 0x18000d338)
  • GetProcessTimes (Address: 0x18000d1f8)
  • GetSystemTimeAsFileTime (Address: 0x18000d2f0)
  • GetTempFileNameW (Address: 0x18000d2a0)
  • GetTempPathW (Address: 0x18000d268)
  • GetTickCount (Address: 0x18000d2f8)
  • GetVersionExW (Address: 0x18000d278)
  • HeapAlloc (Address: 0x18000d1e8)
  • HeapCreate (Address: 0x18000d208)
  • HeapDestroy (Address: 0x18000d238)
  • HeapFree (Address: 0x18000d240)
  • InitializeCriticalSection (Address: 0x18000d220)
  • IsWow64Process (Address: 0x18000d320)
  • K32GetModuleFileNameExW (Address: 0x18000d348)
  • LeaveCriticalSection (Address: 0x18000d218)
  • LocalAlloc (Address: 0x18000d330)
  • LocalFree (Address: 0x18000d328)
  • OpenProcess (Address: 0x18000d2e8)
  • ProcessIdToSessionId (Address: 0x18000d280)
  • QueryPerformanceCounter (Address: 0x18000d2e0)
  • QueryPerformanceFrequency (Address: 0x18000d230)
  • ReleaseActCtx (Address: 0x18000d2d8)
  • RemoveDirectoryW (Address: 0x18000d260)
  • SetLastError (Address: 0x18000d350)
  • SetUnhandledExceptionFilter (Address: 0x18000d308)
  • Sleep (Address: 0x18000d2c8)
  • TerminateProcess (Address: 0x18000d318)
  • TryEnterCriticalSection (Address: 0x18000d200)
  • UnhandledExceptionFilter (Address: 0x18000d300)
msvcrt.dll
  • __C_specific_handler (Address: 0x18000d4c0)
  • _amsg_exit (Address: 0x18000d4e0)
  • _initterm (Address: 0x18000d4c8)
  • _vsnwprintf (Address: 0x18000d4f8)
  • _XcptFilter (Address: 0x18000d4e8)
  • free (Address: 0x18000d4d8)
  • malloc (Address: 0x18000d4d0)
  • memset (Address: 0x18000d4b8)
  • wcsrchr (Address: 0x18000d4b0)
  • wcstoul (Address: 0x18000d4f0)
ntdll.dll
  • EtwEventRegister (Address: 0x18000d540)
  • EtwEventUnregister (Address: 0x18000d508)
  • EtwEventWrite (Address: 0x18000d568)
  • NtOpenEvent (Address: 0x18000d560)
  • NtQueryEvent (Address: 0x18000d548)
  • RtlAllocateAndInitializeSid (Address: 0x18000d510)
  • RtlCaptureContext (Address: 0x18000d520)
  • RtlEqualUnicodeString (Address: 0x18000d558)
  • RtlFreeSid (Address: 0x18000d518)
  • RtlInitUnicodeString (Address: 0x18000d550)
  • RtlLookupFunctionEntry (Address: 0x18000d528)
  • RtlNtStatusToDosError (Address: 0x18000d538)
  • RtlVirtualUnwind (Address: 0x18000d530)
ole32.dll
  • CoCreateInstance (Address: 0x18000d578)
  • CoInitialize (Address: 0x18000d588)
  • CoUninitialize (Address: 0x18000d580)
OLEAUT32.dll
  • SysAllocString (Address: 0x18000d370)
  • SysFreeString (Address: 0x18000d378)
RstrtMgr.DLL
  • RmEndSession (Address: 0x18000d3a0)
  • RmGetList (Address: 0x18000d398)
  • RmRegisterResources (Address: 0x18000d3b8)
  • RmReserveHeap (Address: 0x18000d3a8)
  • RmRestart (Address: 0x18000d390)
  • RmShutdown (Address: 0x18000d3b0)
  • RmStartSession (Address: 0x18000d388)
SHELL32.dll
  • Shell_NotifyIconW (Address: 0x18000d3c8)
SHLWAPI.dll
  • (Address: 0x18000d3d8)
  • (Address: 0x18000d3e0)
  • StrRChrW (Address: 0x18000d3e8)
USER32.dll
  • DefWindowProcW (Address: 0x18000d408)
  • DestroyIcon (Address: 0x18000d438)
  • DestroyWindow (Address: 0x18000d448)
  • DispatchMessageW (Address: 0x18000d470)
  • EnumWindows (Address: 0x18000d410)
  • GetMessageW (Address: 0x18000d400)
  • GetWindow (Address: 0x18000d418)
  • GetWindowLongW (Address: 0x18000d428)
  • GetWindowThreadProcessId (Address: 0x18000d420)
  • KillTimer (Address: 0x18000d450)
  • LoadIconW (Address: 0x18000d430)
  • LoadStringW (Address: 0x18000d440)
  • PeekMessageW (Address: 0x18000d460)
  • PostQuitMessage (Address: 0x18000d3f8)
  • SetTimer (Address: 0x18000d468)
  • TranslateMessage (Address: 0x18000d458)
VERSION.dll
  • GetFileVersionInfoExW (Address: 0x18000d490)
  • GetFileVersionInfoSizeExW (Address: 0x18000d498)
  • GetFileVersionInfoSizeW (Address: 0x18000d4a0)
  • GetFileVersionInfoW (Address: 0x18000d488)
  • VerQueryValueW (Address: 0x18000d480)
wdi.dll
  • WdiGetParameterByIndex (Address: 0x18000d5b0)
  • WdiGetParameterByName (Address: 0x18000d5a8)
  • WdiGetParameterCount (Address: 0x18000d5a0)
  • WdiGetParameterData (Address: 0x18000d598)
wer.dll
  • WerpGetReportConsent (Address: 0x18000d5e8)
  • WerpSetCallBack (Address: 0x18000d5c0)
  • WerReportAddFile (Address: 0x18000d5d0)
  • WerReportCloseHandle (Address: 0x18000d5d8)
  • WerReportCreate (Address: 0x18000d5e0)
  • WerReportSetParameter (Address: 0x18000d5c8)
  • WerReportSubmit (Address: 0x18000d5f0)