UserDataService.dll
Description: The endpoint for 3rd party APIs to read/write user data
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.4355
Architecture: 64-bit
Operating System: Windows NT
SHA256: b06826a7f894aba987a422315a462c8d
File Size: 1.5 MB
Uploaded At: Dec. 1, 2025, 7:41 a.m.
Views: 4
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- CleanupUDSGlobals (Ordinal: 1, Address: 0x5b690)
- CreateInprocConnectionHandle (Ordinal: 2, Address: 0x5c330)
- ServiceMain (Ordinal: 3, Address: 0x5c590)
- SvchostPushServiceGlobals (Ordinal: 4, Address: 0x5c5a0)
- TeardownInprocConnectionHandle (Ordinal: 5, Address: 0x5c5b0)
Imported DLLs & Functions
api-ms-win-core-apiquery-l1-1-0.dll
- ApiSetQueryApiSetPresence (Address: 0x18013ea60)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x18013ea80)
- IsDebuggerPresent (Address: 0x18013ea78)
- OutputDebugStringW (Address: 0x18013ea70)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x18013ea90)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x18013eaa0)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x18013eab0)
- RaiseException (Address: 0x18013eac8)
- SetLastError (Address: 0x18013ead0)
- SetUnhandledExceptionFilter (Address: 0x18013eab8)
- UnhandledExceptionFilter (Address: 0x18013eac0)
api-ms-win-core-file-l1-1-0.dll
- CompareFileTime (Address: 0x18013eb38)
- CreateFileW (Address: 0x18013eb48)
- DeleteFileW (Address: 0x18013eb30)
- FindClose (Address: 0x18013eb20)
- FindCloseChangeNotification (Address: 0x18013eaf8)
- FindFirstChangeNotificationW (Address: 0x18013eae0)
- FindFirstFileW (Address: 0x18013eb08)
- FindNextChangeNotification (Address: 0x18013eae8)
- FindNextFileW (Address: 0x18013eb40)
- GetFileAttributesExW (Address: 0x18013eaf0)
- GetFileAttributesW (Address: 0x18013eb28)
- GetFullPathNameW (Address: 0x18013eb18)
- LocalFileTimeToFileTime (Address: 0x18013eb00)
- RemoveDirectoryW (Address: 0x18013eb50)
- WriteFile (Address: 0x18013eb10)
api-ms-win-core-file-l2-1-0.dll
- GetFileInformationByHandleEx (Address: 0x18013eb68)
- MoveFileExW (Address: 0x18013eb60)
api-ms-win-core-file-l2-1-2.dll
- CopyFileW (Address: 0x18013eb78)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x18013eb88)
- DuplicateHandle (Address: 0x18013eb90)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x18013ebd0)
- HeapAlloc (Address: 0x18013eba8)
- HeapCompact (Address: 0x18013ebb0)
- HeapCreate (Address: 0x18013ebc8)
- HeapDestroy (Address: 0x18013ebe0)
- HeapFree (Address: 0x18013eba0)
- HeapReAlloc (Address: 0x18013ebb8)
- HeapSize (Address: 0x18013ebc0)
- HeapValidate (Address: 0x18013ebd8)
api-ms-win-core-heap-l2-1-0.dll
- LocalAlloc (Address: 0x18013ebf0)
- LocalFree (Address: 0x18013ebf8)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
- GetSystemPowerStatus (Address: 0x18013ec08)
- RegisterWaitForSingleObject (Address: 0x18013ec10)
api-ms-win-core-libraryloader-l1-2-0.dll
- DisableThreadLibraryCalls (Address: 0x18013ec38)
- FreeLibrary (Address: 0x18013ec50)
- FreeLibraryAndExitThread (Address: 0x18013ec60)
- GetModuleFileNameA (Address: 0x18013ec28)
- GetModuleHandleExW (Address: 0x18013ec40)
- GetModuleHandleW (Address: 0x18013ec58)
- GetProcAddress (Address: 0x18013ec20)
- LoadLibraryExW (Address: 0x18013ec48)
- LoadStringW (Address: 0x18013ec30)
api-ms-win-core-libraryloader-l1-2-1.dll
- LoadLibraryW (Address: 0x18013ec70)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x18013ec88)
- GetUserDefaultLangID (Address: 0x18013ec80)
api-ms-win-core-path-l1-1-0.dll
- PathAllocCombine (Address: 0x18013ec98)
api-ms-win-core-processthreads-l1-1-0.dll
- CreateThread (Address: 0x18013ecb8)
- GetCurrentProcess (Address: 0x18013ecb0)
- GetCurrentProcessId (Address: 0x18013ecc0)
- GetCurrentThread (Address: 0x18013ecd0)
- GetCurrentThreadId (Address: 0x18013ecc8)
- OpenProcessToken (Address: 0x18013ecd8)
- OpenThreadToken (Address: 0x18013eca8)
- SetThreadToken (Address: 0x18013ece8)
- TerminateProcess (Address: 0x18013ece0)
api-ms-win-core-processthreads-l1-1-1.dll
- OpenProcess (Address: 0x18013ecf8)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x18013ed08)
api-ms-win-core-psapi-l1-1-0.dll
- QueryFullProcessImageNameW (Address: 0x18013ed18)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x18013ed58)
- RegCreateKeyExW (Address: 0x18013ed38)
- RegDeleteValueW (Address: 0x18013ed40)
- RegGetValueW (Address: 0x18013ed28)
- RegNotifyChangeKeyValue (Address: 0x18013ed60)
- RegOpenKeyExW (Address: 0x18013ed30)
- RegQueryValueExW (Address: 0x18013ed50)
- RegSetValueExW (Address: 0x18013ed48)
api-ms-win-core-shlwapi-legacy-l1-1-0.dll
- PathFileExistsW (Address: 0x18013ed78)
- PathFindExtensionW (Address: 0x18013ed70)
api-ms-win-core-string-l1-1-0.dll
- CompareStringW (Address: 0x18013ed90)
- WideCharToMultiByte (Address: 0x18013ed88)
api-ms-win-core-string-l2-1-0.dll
- CharLowerBuffW (Address: 0x18013eda0)
api-ms-win-core-string-l2-1-1.dll
- SHLoadIndirectString (Address: 0x18013edb0)
api-ms-win-core-string-obsolete-l1-1-0.dll
- lstrcmpiW (Address: 0x18013edc0)
- lstrcmpW (Address: 0x18013edc8)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x18013ee70)
- AcquireSRWLockShared (Address: 0x18013ee80)
- CreateEventExW (Address: 0x18013ee00)
- CreateEventW (Address: 0x18013ede0)
- CreateMutexExW (Address: 0x18013ee60)
- CreateSemaphoreExW (Address: 0x18013ee68)
- DeleteCriticalSection (Address: 0x18013ee30)
- EnterCriticalSection (Address: 0x18013ee58)
- InitializeCriticalSection (Address: 0x18013ee28)
- InitializeCriticalSectionEx (Address: 0x18013ee20)
- InitializeSRWLock (Address: 0x18013edd8)
- LeaveCriticalSection (Address: 0x18013ee38)
- OpenSemaphoreW (Address: 0x18013ee08)
- ReleaseMutex (Address: 0x18013edf8)
- ReleaseSemaphore (Address: 0x18013ee50)
- ReleaseSRWLockExclusive (Address: 0x18013ee78)
- ReleaseSRWLockShared (Address: 0x18013ede8)
- ResetEvent (Address: 0x18013ee10)
- SetEvent (Address: 0x18013ee40)
- TryAcquireSRWLockShared (Address: 0x18013edf0)
- WaitForSingleObject (Address: 0x18013ee18)
- WaitForSingleObjectEx (Address: 0x18013ee48)
api-ms-win-core-synch-l1-2-0.dll
- InitOnceBeginInitialize (Address: 0x18013eea0)
- InitOnceComplete (Address: 0x18013ee90)
- InitOnceExecuteOnce (Address: 0x18013eea8)
- Sleep (Address: 0x18013ee98)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetLocalTime (Address: 0x18013eeb8)
- GetSystemTime (Address: 0x18013eec8)
- GetSystemTimeAsFileTime (Address: 0x18013eed0)
- GetTickCount (Address: 0x18013eec0)
- GetTickCount64 (Address: 0x18013eed8)
api-ms-win-core-sysinfo-l1-2-0.dll
- GetSystemTimePreciseAsFileTime (Address: 0x18013eee8)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpool (Address: 0x18013ef00)
- CloseThreadpoolCleanupGroup (Address: 0x18013ef18)
- CloseThreadpoolCleanupGroupMembers (Address: 0x18013ef20)
- CloseThreadpoolTimer (Address: 0x18013ef80)
- CloseThreadpoolWait (Address: 0x18013ef50)
- CloseThreadpoolWork (Address: 0x18013ef78)
- CreateThreadpool (Address: 0x18013ef58)
- CreateThreadpoolCleanupGroup (Address: 0x18013ef08)
- CreateThreadpoolTimer (Address: 0x18013ef10)
- CreateThreadpoolWait (Address: 0x18013ef48)
- CreateThreadpoolWork (Address: 0x18013ef60)
- FreeLibraryWhenCallbackReturns (Address: 0x18013ef68)
- IsThreadpoolTimerSet (Address: 0x18013ef30)
- SetThreadpoolThreadMaximum (Address: 0x18013ef28)
- SetThreadpoolTimer (Address: 0x18013ef88)
- SetThreadpoolWait (Address: 0x18013ef40)
- SubmitThreadpoolWork (Address: 0x18013ef70)
- WaitForThreadpoolTimerCallbacks (Address: 0x18013ef90)
- WaitForThreadpoolWaitCallbacks (Address: 0x18013ef38)
- WaitForThreadpoolWorkCallbacks (Address: 0x18013eef8)
api-ms-win-core-threadpool-legacy-l1-1-0.dll
- UnregisterWaitEx (Address: 0x18013efa0)
api-ms-win-core-timezone-l1-1-0.dll
- FileTimeToSystemTime (Address: 0x18013efb0)
- GetTimeZoneInformation (Address: 0x18013efc0)
- SystemTimeToFileTime (Address: 0x18013efb8)
api-ms-win-eventing-provider-l1-1-0.dll
- EventProviderEnabled (Address: 0x18013eff0)
- EventRegister (Address: 0x18013efe8)
- EventSetInformation (Address: 0x18013efd8)
- EventUnregister (Address: 0x18013efd0)
- EventWriteTransfer (Address: 0x18013efe0)
api-ms-win-shell-shdirectory-l1-1-0.dll
- (Address: 0x18013f000)
ESENT.dll
- JetAddColumnA (Address: 0x18013e6b8)
- JetAttachDatabaseW (Address: 0x18013e7c8)
- JetBeginSessionA (Address: 0x18013e728)
- JetBeginTransaction2 (Address: 0x18013e790)
- JetCloseDatabase (Address: 0x18013e6f8)
- JetCloseTable (Address: 0x18013e748)
- JetCommitTransaction (Address: 0x18013e6c0)
- JetCommitTransaction2 (Address: 0x18013e788)
- JetCreateDatabaseW (Address: 0x18013e708)
- JetCreateIndex2A (Address: 0x18013e738)
- JetCreateInstanceW (Address: 0x18013e750)
- JetCreateTableColumnIndexA (Address: 0x18013e740)
- JetDelete (Address: 0x18013e700)
- JetDeleteIndexA (Address: 0x18013e6e0)
- JetEndSession (Address: 0x18013e720)
- JetEnumerateColumns (Address: 0x18013e6b0)
- JetGetErrorInfoW (Address: 0x18013e710)
- JetGetSecondaryIndexBookmark (Address: 0x18013e6a8)
- JetGetTableColumnInfoA (Address: 0x18013e6e8)
- JetGetTableIndexInfoA (Address: 0x18013e730)
- JetGotoSecondaryIndexBookmark (Address: 0x18013e6d8)
- JetIndexRecordCount (Address: 0x18013e6c8)
- JetInit2 (Address: 0x18013e6a0)
- JetMakeKey (Address: 0x18013e760)
- JetMove (Address: 0x18013e718)
- JetOpenDatabaseW (Address: 0x18013e6d0)
- JetOpenTableA (Address: 0x18013e698)
- JetPrepareUpdate (Address: 0x18013e798)
- JetRetrieveColumn (Address: 0x18013e7b0)
- JetRetrieveColumns (Address: 0x18013e7a0)
- JetRollback (Address: 0x18013e780)
- JetSeek (Address: 0x18013e770)
- JetSetColumn (Address: 0x18013e7c0)
- JetSetColumns (Address: 0x18013e7b8)
- JetSetCurrentIndexA (Address: 0x18013e778)
- JetSetIndexRange (Address: 0x18013e768)
- JetSetSystemParameterW (Address: 0x18013e758)
- JetTerm2 (Address: 0x18013e6f0)
- JetUpdate (Address: 0x18013e7a8)
MessagingDataModel2.DLL
- ?DeleteTempFiles@MessagingDeferredAttachment@@YAJPEAUISmMessage@@@Z (Address: 0x18013e7f0)
- ?GetDeferredAttachmentFilePath@MessagingDeferredAttachment@@YAJPEAUISmMessage@@KPEAHPEAV?$basic_string@GU?$char_traits@G@utl@@V?$allocator@G@2@@utl@@@Z (Address: 0x18013e828)
- Messaging_ChatTransportIdToStoreId (Address: 0x18013e880)
- Messaging_FormatRecipientFromAggregate (Address: 0x18013e7d8)
- Messaging_GetFileExtensionFromContentType (Address: 0x18013e878)
- Messaging_GetMediaTempFolder (Address: 0x18013e868)
- Messaging_GetMediaTypeFromMimeTag (Address: 0x18013e860)
- Messaging_GetMessageAttachmentText (Address: 0x18013e7e8)
- Messaging_GetRecipientsString (Address: 0x18013e7e0)
- Messaging_GetSmsCharacterCount (Address: 0x18013e808)
- Messaging_GetValidSimId (Address: 0x18013e840)
- Messaging_IsCustomAppProviderId (Address: 0x18013e890)
- Messaging_IsDataRoamingRestrictionActive (Address: 0x18013e7f8)
- Messaging_IsFilterProviderId (Address: 0x18013e848)
- Messaging_IsMmsMessage (Address: 0x18013e830)
- Messaging_IsRcsEnabled (Address: 0x18013e858)
- Messaging_IsRcsMessage (Address: 0x18013e870)
- Messaging_IsSIMMessage (Address: 0x18013e838)
- Messaging_IsThreadedByRemoteConversationId (Address: 0x18013e850)
- Messaging_IsVoiceRoamingRestrictionActive (Address: 0x18013e800)
- Messaging_MessagingOMStartupShutdown (Address: 0x18013e898)
- Messaging_MessagingOMStartupStoreScan (Address: 0x18013e8c0)
- Messaging_RetryDownloadCloudServiceMessage (Address: 0x18013e820)
- Messaging_ShowToastForRcsEndUserMessage (Address: 0x18013e810)
- Messaging_ShutdownCloudServices (Address: 0x18013e8a0)
- Messaging_ShutdownMessageMaintenance (Address: 0x18013e8c8)
- Messaging_ShutdownNotification (Address: 0x18013e8b8)
- Messaging_SmEntryIdToUdmObjectId (Address: 0x18013e888)
- Messaging_StartCloudServices (Address: 0x18013e818)
- Messaging_StartMessageMaintenance (Address: 0x18013e8a8)
- Messaging_StartNotification (Address: 0x18013e8d0)
- UnInitMessagingObjectModelModule (Address: 0x18013e8b0)
msvcrt.dll
- __C_specific_handler (Address: 0x18013f150)
- __CxxFrameHandler3 (Address: 0x18013f030)
- __dllonexit (Address: 0x18013f0b0)
- _amsg_exit (Address: 0x18013f020)
- _callnewh (Address: 0x18013f038)
- _errno (Address: 0x18013f128)
- _initterm (Address: 0x18013f018)
- _lock (Address: 0x18013f010)
- _onexit (Address: 0x18013f098)
- _purecall (Address: 0x18013f158)
- _strnicmp (Address: 0x18013f050)
- _unlock (Address: 0x18013f048)
- _vsnwprintf (Address: 0x18013f168)
- _vsnwprintf_s (Address: 0x18013f130)
- _wcsicmp (Address: 0x18013f148)
- _wcsnicmp (Address: 0x18013f0f8)
- _wcstoi64 (Address: 0x18013f0a0)
- _wcstoui64 (Address: 0x18013f0b8)
- _wtoi (Address: 0x18013f120)
- _XcptFilter (Address: 0x18013f028)
- ?terminate@@YAXXZ (Address: 0x18013f110)
- free (Address: 0x18013f0e0)
- iswdigit (Address: 0x18013f070)
- iswspace (Address: 0x18013f118)
- malloc (Address: 0x18013f0e8)
- memcmp (Address: 0x18013f090)
- memcpy (Address: 0x18013f080)
- memcpy_s (Address: 0x18013f160)
- memmove (Address: 0x18013f068)
- memmove_s (Address: 0x18013f138)
- memset (Address: 0x18013f058)
- realloc (Address: 0x18013f0d8)
- strncpy_s (Address: 0x18013f040)
- tolower (Address: 0x18013f0a8)
- toupper (Address: 0x18013f100)
- towlower (Address: 0x18013f078)
- towupper (Address: 0x18013f0d0)
- wcschr (Address: 0x18013f0f0)
- wcscmp (Address: 0x18013f170)
- wcscpy_s (Address: 0x18013f060)
- wcsncmp (Address: 0x18013f140)
- wcstod (Address: 0x18013f0c8)
- wcstok_s (Address: 0x18013f108)
- wcstol (Address: 0x18013f0c0)
- wcstoul (Address: 0x18013f088)
ntdll.dll
- RtlCaptureContext (Address: 0x18013f198)
- RtlClearThreadWorkOnBehalfTicket (Address: 0x18013f1a8)
- RtlDeriveCapabilitySidsFromName (Address: 0x18013f180)
- RtlEqualSid (Address: 0x18013f1d8)
- RtlGetDeviceFamilyInfoEnum (Address: 0x18013f1b8)
- RtlLookupFunctionEntry (Address: 0x18013f190)
- RtlNtStatusToDosError (Address: 0x18013f1c0)
- RtlPublishWnfStateData (Address: 0x18013f1d0)
- RtlSetThreadWorkOnBehalfTicket (Address: 0x18013f1a0)
- RtlUnsubscribeWnfNotificationWaitForCompletion (Address: 0x18013f1b0)
- RtlVirtualUnwind (Address: 0x18013f188)
- ZwQueryWnfStateData (Address: 0x18013f1c8)
PhoneUtil.dll
- CauseCode_GetCodeFriendlyText (Address: 0x18013e9e0)
- ComparePhoneNumbers (Address: 0x18013e9c8)
- GetCchTailMin (Address: 0x18013e9c0)
- GetDialableNumberEtc (Address: 0x18013e9e8)
- GetDialStringFromTelUri (Address: 0x18013ea00)
- GetTelUriFromDialString (Address: 0x18013e9d0)
- IsCellularVoiceCapableDevice (Address: 0x18013e9d8)
- IsDialableChar (Address: 0x18013e9b8)
- IsNumberDialable (Address: 0x18013ea08)
- MaskPhoneNumber (Address: 0x18013e9f0)
- MaskPhoneUri (Address: 0x18013ea10)
- Phone_FmtText_NonDialerFormat (Address: 0x18013e9f8)
- RemoveMetadataFromNumber (Address: 0x18013ea18)
PimIndexMaintenanceClient.DLL
- CreateIndexedFilterClient (Address: 0x18013ea28)
PIMSTORE.dll
- ?Submit@AccountProviderHostJobBase@@QEAAJPEAK@Z (Address: 0x18013e958)
- ?SubmitSynchronously@AccountProviderHostJobBase@@QEAAJPEAXKPEAT_SNJobOutParams@@@Z (Address: 0x18013e920)
- ClearPreferenceAndOverride (Address: 0x18013e908)
- CreateAttendeeList (Address: 0x18013e950)
- CreateRecurrenceFromData (Address: 0x18013e8f8)
- FindAllMatchingAggregates (Address: 0x18013e8e0)
- FindAllMatchingContactsEx (Address: 0x18013e978)
- FindAllMatchingContactsEx2 (Address: 0x18013e9a8)
- FindMatchingContactEx2 (Address: 0x18013e968)
- GetContactDisplayAndSortPropertiesFromRegistry (Address: 0x18013e940)
- GetDefaultFolderFromStoreEx (Address: 0x18013e928)
- GetDefaultStoreFilter (Address: 0x18013e8e8)
- GetDefaultStoreId (Address: 0x18013e960)
- GetMeetingNotificationFromMessage (Address: 0x18013e918)
- GetPartnerGUID (Address: 0x18013e910)
- GetSortBy (Address: 0x18013e900)
- GetStartAndEndDate (Address: 0x18013e8f0)
- HandleMeetingResponseForAppointment (Address: 0x18013e9a0)
- IsDefaultStore (Address: 0x18013e930)
- IsEmptyProp (Address: 0x18013e948)
- OlObjectTypeFromOLITEMID (Address: 0x18013e970)
- PimBinaryBodyToString (Address: 0x18013e938)
- POutlookAppManager_CreateInstance (Address: 0x18013e998)
- SetDisplayBy (Address: 0x18013e988)
- SetIncludeMiddle (Address: 0x18013e980)
- SetSortBy (Address: 0x18013e990)
SystemEventsBrokerClient.dll
- SebEnumerateEventsByType (Address: 0x18013ea38)
- SebQueryEventPackage (Address: 0x18013ea50)
- SebSignalEvent (Address: 0x18013ea40)
- SebSignalSyncEvent (Address: 0x18013ea48)