ttdrecord.dll

Description: Time Travel Debugging Recording Manager

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.4355

Architecture: 64-bit

Operating System: Windows NT

SHA256: c5c5c4a115f613d9694b9628a4cf7910

File Size: 633.5 KB

Uploaded At: Dec. 1, 2025, 7:40 a.m.

Views: 3

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • ExecuteTTTracerCommandLine (Ordinal: 1, Address: 0x3a3a0)

Imported DLLs & Functions

api-ms-win-core-com-l1-1-0.dll
  • CoCreateInstance (Address: 0x18006c788)
  • CoGetApartmentType (Address: 0x18006c778)
  • CoGetObjectContext (Address: 0x18006c798)
  • CoInitializeEx (Address: 0x18006c770)
  • CoTaskMemAlloc (Address: 0x18006c7a8)
  • CoTaskMemFree (Address: 0x18006c780)
  • CoUninitialize (Address: 0x18006c790)
  • StringFromGUID2 (Address: 0x18006c7a0)
api-ms-win-core-console-l1-1-0.dll
  • GetConsoleMode (Address: 0x18006c7b8)
  • SetConsoleCtrlHandler (Address: 0x18006c7c0)
api-ms-win-core-debug-l1-1-0.dll
  • DebugBreak (Address: 0x18006c7e0)
  • IsDebuggerPresent (Address: 0x18006c7e8)
  • OutputDebugStringA (Address: 0x18006c7d8)
  • OutputDebugStringW (Address: 0x18006c7d0)
api-ms-win-core-debug-l1-1-1.dll
  • DebugActiveProcessStop (Address: 0x18006c7f8)
api-ms-win-core-delayload-l1-1-0.dll
  • DelayLoadFailureHook (Address: 0x18006c808)
api-ms-win-core-errorhandling-l1-1-0.dll
  • GetLastError (Address: 0x18006c838)
  • RaiseException (Address: 0x18006c818)
  • SetLastError (Address: 0x18006c830)
  • SetUnhandledExceptionFilter (Address: 0x18006c828)
  • UnhandledExceptionFilter (Address: 0x18006c820)
api-ms-win-core-fibers-l1-1-0.dll
  • FlsAlloc (Address: 0x18006c858)
  • FlsFree (Address: 0x18006c848)
  • FlsGetValue (Address: 0x18006c860)
  • FlsSetValue (Address: 0x18006c850)
api-ms-win-core-file-l1-1-0.dll
  • CreateFileW (Address: 0x18006c888)
  • DeleteFileW (Address: 0x18006c898)
  • FlushFileBuffers (Address: 0x18006c878)
  • GetFileAttributesW (Address: 0x18006c880)
  • GetFileSizeEx (Address: 0x18006c8a0)
  • GetFullPathNameW (Address: 0x18006c8b0)
  • ReadFile (Address: 0x18006c8b8)
  • SetFilePointer (Address: 0x18006c890)
  • SetFilePointerEx (Address: 0x18006c8a8)
  • WriteFile (Address: 0x18006c870)
api-ms-win-core-file-l2-1-0.dll
  • MoveFileExW (Address: 0x18006c8c8)
api-ms-win-core-handle-l1-1-0.dll
  • CloseHandle (Address: 0x18006c8e0)
  • DuplicateHandle (Address: 0x18006c8e8)
  • GetHandleInformation (Address: 0x18006c8d8)
api-ms-win-core-heap-l1-1-0.dll
  • GetProcessHeap (Address: 0x18006c908)
  • HeapAlloc (Address: 0x18006c8f8)
  • HeapFree (Address: 0x18006c900)
api-ms-win-core-heap-obsolete-l1-1-0.dll
  • LocalFree (Address: 0x18006c918)
api-ms-win-core-interlocked-l1-1-0.dll
  • InitializeSListHead (Address: 0x18006c930)
  • InterlockedFlushSList (Address: 0x18006c928)
api-ms-win-core-io-l1-1-0.dll
  • DeviceIoControl (Address: 0x18006c940)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
  • FindResourceW (Address: 0x18006c970)
  • GetConsoleWindow (Address: 0x18006c968)
  • GetSystemWow64DirectoryW (Address: 0x18006c950)
  • LoadLibraryW (Address: 0x18006c960)
  • WaitForMultipleObjects (Address: 0x18006c958)
api-ms-win-core-kernel32-legacy-l1-1-1.dll
  • VerifyVersionInfoW (Address: 0x18006c980)
api-ms-win-core-libraryloader-l1-1-0.dll
  • FreeLibrary (Address: 0x18006c9c0)
  • GetModuleFileNameA (Address: 0x18006c9d0)
  • GetModuleFileNameW (Address: 0x18006c990)
  • GetModuleHandleExW (Address: 0x18006c998)
  • GetModuleHandleW (Address: 0x18006c9a0)
  • GetProcAddress (Address: 0x18006c9d8)
  • LoadLibraryExA (Address: 0x18006c9e0)
  • LoadLibraryExW (Address: 0x18006c9a8)
  • LoadResource (Address: 0x18006c9b8)
  • LockResource (Address: 0x18006c9c8)
  • SizeofResource (Address: 0x18006c9b0)
api-ms-win-core-localization-l1-2-0.dll
  • FormatMessageW (Address: 0x18006c9f0)
api-ms-win-core-memory-l1-1-0.dll
  • CreateFileMappingW (Address: 0x18006ca10)
  • MapViewOfFile (Address: 0x18006ca00)
  • OpenFileMappingW (Address: 0x18006ca08)
  • ReadProcessMemory (Address: 0x18006ca20)
  • UnmapViewOfFile (Address: 0x18006ca18)
api-ms-win-core-processenvironment-l1-1-0.dll
  • GetCurrentDirectoryW (Address: 0x18006ca30)
  • GetStdHandle (Address: 0x18006ca38)
api-ms-win-core-processthreads-l1-1-0.dll
  • CreateProcessW (Address: 0x18006ca98)
  • CreateThread (Address: 0x18006ca90)
  • DeleteProcThreadAttributeList (Address: 0x18006ca78)
  • GetCurrentProcess (Address: 0x18006ca70)
  • GetCurrentProcessId (Address: 0x18006ca60)
  • GetCurrentThread (Address: 0x18006ca88)
  • GetCurrentThreadId (Address: 0x18006cab0)
  • GetExitCodeProcess (Address: 0x18006ca80)
  • InitializeProcThreadAttributeList (Address: 0x18006ca58)
  • OpenProcessToken (Address: 0x18006ca48)
  • OpenThread (Address: 0x18006cab8)
  • ProcessIdToSessionId (Address: 0x18006caa0)
  • ResumeThread (Address: 0x18006cac8)
  • SetThreadPriority (Address: 0x18006ca68)
  • SuspendThread (Address: 0x18006ca50)
  • TerminateProcess (Address: 0x18006cac0)
  • UpdateProcThreadAttribute (Address: 0x18006caa8)
api-ms-win-core-processthreads-l1-1-1.dll
  • IsProcessorFeaturePresent (Address: 0x18006cad8)
  • OpenProcess (Address: 0x18006cae0)
api-ms-win-core-profile-l1-1-0.dll
  • QueryPerformanceCounter (Address: 0x18006caf0)
api-ms-win-core-psapi-l1-1-0.dll
  • K32EnumProcesses (Address: 0x18006cb08)
  • QueryFullProcessImageNameW (Address: 0x18006cb00)
api-ms-win-core-registry-l1-1-0.dll
  • RegCloseKey (Address: 0x18006cb20)
  • RegCreateKeyExW (Address: 0x18006cb28)
  • RegDeleteKeyExW (Address: 0x18006cb50)
  • RegDeleteValueW (Address: 0x18006cb70)
  • RegEnumKeyExW (Address: 0x18006cb58)
  • RegEnumValueW (Address: 0x18006cb68)
  • RegGetValueW (Address: 0x18006cb48)
  • RegOpenKeyExW (Address: 0x18006cb40)
  • RegQueryInfoKeyW (Address: 0x18006cb38)
  • RegQueryValueExW (Address: 0x18006cb60)
  • RegSetKeySecurity (Address: 0x18006cb18)
  • RegSetValueExW (Address: 0x18006cb30)
api-ms-win-core-registry-l2-1-0.dll
  • RegDeleteKeyA (Address: 0x18006cb88)
  • RegSetKeyValueW (Address: 0x18006cb80)
api-ms-win-core-string-l1-1-0.dll
  • MultiByteToWideChar (Address: 0x18006cba0)
  • WideCharToMultiByte (Address: 0x18006cb98)
api-ms-win-core-synch-l1-1-0.dll
  • AcquireSRWLockExclusive (Address: 0x18006cbf8)
  • CreateEventExW (Address: 0x18006cbd0)
  • CreateEventW (Address: 0x18006cc28)
  • CreateMutexExW (Address: 0x18006cc50)
  • CreateMutexW (Address: 0x18006cbe8)
  • CreateSemaphoreExW (Address: 0x18006cbf0)
  • CreateWaitableTimerExW (Address: 0x18006cbc8)
  • DeleteCriticalSection (Address: 0x18006cbb0)
  • EnterCriticalSection (Address: 0x18006cc58)
  • InitializeCriticalSectionAndSpinCount (Address: 0x18006cc60)
  • InitializeCriticalSectionEx (Address: 0x18006cbe0)
  • InitializeSRWLock (Address: 0x18006cbc0)
  • LeaveCriticalSection (Address: 0x18006cc48)
  • OpenEventW (Address: 0x18006cc40)
  • OpenMutexW (Address: 0x18006cc38)
  • OpenSemaphoreW (Address: 0x18006cc68)
  • ReleaseMutex (Address: 0x18006cc20)
  • ReleaseSemaphore (Address: 0x18006cc08)
  • ReleaseSRWLockExclusive (Address: 0x18006cbd8)
  • ResetEvent (Address: 0x18006cc00)
  • SetEvent (Address: 0x18006cc18)
  • SetWaitableTimer (Address: 0x18006cc70)
  • TryAcquireSRWLockExclusive (Address: 0x18006cbb8)
  • WaitForSingleObject (Address: 0x18006cc10)
  • WaitForSingleObjectEx (Address: 0x18006cc30)
api-ms-win-core-synch-l1-2-0.dll
  • InitializeConditionVariable (Address: 0x18006cca8)
  • InitOnceExecuteOnce (Address: 0x18006cc80)
  • Sleep (Address: 0x18006cc88)
  • SleepConditionVariableCS (Address: 0x18006cc98)
  • SleepConditionVariableSRW (Address: 0x18006ccb0)
  • WakeAllConditionVariable (Address: 0x18006cc90)
  • WakeConditionVariable (Address: 0x18006cca0)
api-ms-win-core-sysinfo-l1-1-0.dll
  • GetLocalTime (Address: 0x18006ccc8)
  • GetSystemDirectoryW (Address: 0x18006ccc0)
  • GetSystemTimeAsFileTime (Address: 0x18006cce8)
  • GetTickCount (Address: 0x18006cce0)
  • GetVersion (Address: 0x18006ccd8)
  • GetVersionExW (Address: 0x18006ccd0)
api-ms-win-core-sysinfo-l1-2-0.dll
  • GetNativeSystemInfo (Address: 0x18006ccf8)
api-ms-win-core-threadpool-l1-2-0.dll
  • CloseThreadpoolWait (Address: 0x18006cd08)
  • CloseThreadpoolWork (Address: 0x18006cd38)
  • CreateThreadpoolWait (Address: 0x18006cd20)
  • CreateThreadpoolWork (Address: 0x18006cd40)
  • FreeLibraryWhenCallbackReturns (Address: 0x18006cd28)
  • SetThreadpoolWait (Address: 0x18006cd18)
  • SubmitThreadpoolWork (Address: 0x18006cd30)
  • WaitForThreadpoolWaitCallbacks (Address: 0x18006cd10)
api-ms-win-core-toolhelp-l1-1-0.dll
  • CreateToolhelp32Snapshot (Address: 0x18006cd50)
  • Process32FirstW (Address: 0x18006cd58)
  • Process32NextW (Address: 0x18006cd60)
api-ms-win-core-util-l1-1-0.dll
  • DecodePointer (Address: 0x18006cd70)
  • EncodePointer (Address: 0x18006cd78)
api-ms-win-core-version-l1-1-0.dll
  • GetFileVersionInfoExW (Address: 0x18006cd98)
  • GetFileVersionInfoSizeExW (Address: 0x18006cd88)
  • VerQueryValueW (Address: 0x18006cd90)
api-ms-win-core-wow64-l1-1-0.dll
  • IsWow64Process (Address: 0x18006cda8)
api-ms-win-crt-convert-l1-1-0.dll
  • wcstoul (Address: 0x18006cdc0)
  • wcstoull (Address: 0x18006cdb8)
api-ms-win-crt-heap-l1-1-0.dll
  • _callnewh (Address: 0x18006cde0)
  • _calloc_base (Address: 0x18006cdd8)
  • _free_base (Address: 0x18006cdf0)
  • calloc (Address: 0x18006cde8)
  • free (Address: 0x18006cdf8)
  • malloc (Address: 0x18006cdd0)
api-ms-win-crt-math-l1-1-0.dll
  • _fdopen (Address: 0x18006ce18)
  • ceilf (Address: 0x18006ce10)
  • log2 (Address: 0x18006ce08)
api-ms-win-crt-runtime-l1-1-0.dll
  • __doserrno (Address: 0x18006ce88)
  • _cexit (Address: 0x18006ce28)
  • _configure_narrow_argv (Address: 0x18006ce78)
  • _crt_atexit (Address: 0x18006ce38)
  • _errno (Address: 0x18006ce58)
  • _execute_onexit_table (Address: 0x18006ce40)
  • _initialize_narrow_environment (Address: 0x18006ce70)
  • _initialize_onexit_table (Address: 0x18006ce68)
  • _initterm (Address: 0x18006ce98)
  • _initterm_e (Address: 0x18006ce90)
  • _invalid_parameter_noinfo (Address: 0x18006ce30)
  • _invalid_parameter_noinfo_noreturn (Address: 0x18006ce60)
  • _register_onexit_function (Address: 0x18006ce50)
  • _seh_filter_dll (Address: 0x18006ce80)
  • abort (Address: 0x18006cea0)
  • terminate (Address: 0x18006ce48)
api-ms-win-crt-stdio-l1-1-0.dll
  • __acrt_iob_func (Address: 0x18006cf08)
  • __stdio_common_vfprintf (Address: 0x18006ceb8)
  • __stdio_common_vfwprintf (Address: 0x18006ced8)
  • __stdio_common_vfwprintf_s (Address: 0x18006cf00)
  • __stdio_common_vsnprintf_s (Address: 0x18006cee0)
  • __stdio_common_vsprintf (Address: 0x18006cef0)
  • __stdio_common_vsprintf_s (Address: 0x18006cf18)
  • __stdio_common_vswprintf (Address: 0x18006ced0)
  • __stdio_common_vswprintf_s (Address: 0x18006cf20)
  • __stdio_common_vswscanf (Address: 0x18006cee8)
  • _close (Address: 0x18006cec0)
  • _flushall (Address: 0x18006ceb0)
  • _open_osfhandle (Address: 0x18006cec8)
  • fclose (Address: 0x18006cf10)
  • fflush (Address: 0x18006cef8)
api-ms-win-crt-string-l1-1-0.dll
  • _wcsicmp (Address: 0x18006cf50)
  • _wcslwr (Address: 0x18006cf60)
  • _wcsnicmp (Address: 0x18006cf48)
  • iswxdigit (Address: 0x18006cf58)
  • strcpy_s (Address: 0x18006cf40)
  • towlower (Address: 0x18006cf38)
  • wcscpy_s (Address: 0x18006cf30)
api-ms-win-eventing-provider-l1-1-0.dll
  • EventRegister (Address: 0x18006cf70)
  • EventWriteTransfer (Address: 0x18006cf78)
api-ms-win-security-base-l1-1-0.dll
  • AddAccessAllowedAceEx (Address: 0x18006d008)
  • AddAce (Address: 0x18006cfd8)
  • AdjustTokenPrivileges (Address: 0x18006cfa0)
  • AllocateAndInitializeSid (Address: 0x18006cfc8)
  • CheckTokenMembership (Address: 0x18006d010)
  • DestroyPrivateObjectSecurity (Address: 0x18006cfa8)
  • DuplicateTokenEx (Address: 0x18006d018)
  • FreeSid (Address: 0x18006cfd0)
  • GetAce (Address: 0x18006d020)
  • GetAclInformation (Address: 0x18006cf98)
  • GetKernelObjectSecurity (Address: 0x18006cff0)
  • GetSecurityDescriptorDacl (Address: 0x18006cfb0)
  • GetSecurityDescriptorSacl (Address: 0x18006cf90)
  • GetTokenInformation (Address: 0x18006cff8)
  • ImpersonateLoggedOnUser (Address: 0x18006d028)
  • InitializeAcl (Address: 0x18006cfe8)
  • InitializeSecurityDescriptor (Address: 0x18006cfe0)
  • IsTokenRestricted (Address: 0x18006cf88)
  • RevertToSelf (Address: 0x18006d030)
  • SetKernelObjectSecurity (Address: 0x18006d000)
  • SetSecurityDescriptorDacl (Address: 0x18006cfc0)
  • SetSecurityDescriptorSacl (Address: 0x18006cfb8)
api-ms-win-security-lsalookup-l2-1-0.dll
  • LookupPrivilegeValueW (Address: 0x18006d040)
api-ms-win-security-provider-l1-1-0.dll
  • GetNamedSecurityInfoW (Address: 0x18006d060)
  • SetEntriesInAclW (Address: 0x18006d050)
  • SetNamedSecurityInfoW (Address: 0x18006d058)
api-ms-win-security-sddl-l1-1-0.dll
  • ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x18006d070)
  • ConvertStringSidToSidW (Address: 0x18006d078)
api-ms-win-service-core-l1-1-1.dll
  • EnumServicesStatusExW (Address: 0x18006d088)
api-ms-win-service-management-l1-1-0.dll
  • CloseServiceHandle (Address: 0x18006d0b0)
  • CreateServiceW (Address: 0x18006d0a0)
  • DeleteService (Address: 0x18006d098)
  • OpenSCManagerW (Address: 0x18006d0a8)
  • OpenServiceW (Address: 0x18006d0c0)
  • StartServiceW (Address: 0x18006d0b8)
api-ms-win-service-management-l2-1-0.dll
  • QueryServiceConfigW (Address: 0x18006d0d0)
api-ms-win-service-winsvc-l1-1-0.dll
  • ControlService (Address: 0x18006d0e0)
CRYPT32.dll
  • CryptStringToBinaryW (Address: 0x18006c6c0)
ntdll.dll
  • NtAllocateVirtualMemory (Address: 0x18006d100)
  • NtClose (Address: 0x18006d168)
  • NtCreateFile (Address: 0x18006d108)
  • NtCreateSection (Address: 0x18006d180)
  • NtDeviceIoControlFile (Address: 0x18006d188)
  • NtFlushVirtualMemory (Address: 0x18006d170)
  • NtFreeVirtualMemory (Address: 0x18006d130)
  • NtMapViewOfSection (Address: 0x18006d110)
  • NtOpenDirectoryObject (Address: 0x18006d138)
  • NtQueryDirectoryObject (Address: 0x18006d148)
  • NtQueryInformationProcess (Address: 0x18006d120)
  • NtSetInformationProcess (Address: 0x18006d158)
  • NtSystemDebugControl (Address: 0x18006d0f0)
  • NtUnmapViewOfSection (Address: 0x18006d160)
  • RtlCaptureContext (Address: 0x18006d140)
  • RtlInitUnicodeString (Address: 0x18006d128)
  • RtlLookupFunctionEntry (Address: 0x18006d150)
  • RtlPcToFileHeader (Address: 0x18006d118)
  • RtlUnwindEx (Address: 0x18006d190)
  • RtlVirtualUnwind (Address: 0x18006d178)
  • VerSetConditionMask (Address: 0x18006d0f8)
OLEAUT32.dll
  • BSTR_UserFree (Address: 0x18006c6e0)
  • BSTR_UserFree64 (Address: 0x18006c710)
  • BSTR_UserMarshal (Address: 0x18006c700)
  • BSTR_UserMarshal64 (Address: 0x18006c6f0)
  • BSTR_UserSize (Address: 0x18006c708)
  • BSTR_UserSize64 (Address: 0x18006c6f8)
  • BSTR_UserUnmarshal (Address: 0x18006c6e8)
  • BSTR_UserUnmarshal64 (Address: 0x18006c6d8)
  • SysFreeString (Address: 0x18006c6d0)
RPCRT4.dll
  • NdrClientCall3 (Address: 0x18006c730)
  • RpcBindingFree (Address: 0x18006c740)
  • RpcBindingFromStringBindingW (Address: 0x18006c720)
  • RpcStringBindingComposeW (Address: 0x18006c728)
  • RpcStringFreeW (Address: 0x18006c738)
  • UuidCreate (Address: 0x18006c748)
USERENV.dll
  • CreateEnvironmentBlock (Address: 0x18006c760)
  • DestroyEnvironmentBlock (Address: 0x18006c758)